+20020707
+ - (tim) [Makefile.in] use umask instead of chmod on $(PRIVSEP_PATH)
+
+20020705
+ - (tim) [configure.ac] AIX 4.2.1 has authenticate() in libs.
+ Reported by Darren Tucker <dtucker@zip.com.au>
+ - (tim) [contrib/cygwin/ssh-host-config] double slash corrction
+ from vinschen@redhat.com
+
+20020704
+ - (bal) Limit data to TTY for AIX only (Newer versions can't handle the
+ faster data rate) Bug #124
+ - (bal) glob.c defines TILDE and AIX also defines it. #undef it first.
+ bug #265
+ - (bal) One too many nulls in ports-aix.c
+
+20020703
+ - (bal) Updated contrib/cygwin/ patch by vinschen@redhat.com
+ - (bal) minor correction to utimes() replacement. Patch by
+ onoe@sm.sony.co.jp
+ - OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2002/06/27 08:49:44
+ [dh.c ssh-keyscan.c sshconnect.c]
+ more checks for NULL pointers; from grendel@zeitbombe.org; ok deraadt@
+ - deraadt@cvs.openbsd.org 2002/06/27 09:08:00
+ [monitor.c]
+ improve mm_zalloc check; markus ok
+ - deraadt@cvs.openbsd.org 2002/06/27 10:35:47
+ [auth2-none.c monitor.c sftp-client.c]
+ use xfree()
+ - stevesk@cvs.openbsd.org 2002/06/27 19:49:08
+ [ssh-keyscan.c]
+ use convtime(); ok markus@
+ - millert@cvs.openbsd.org 2002/06/28 01:49:31
+ [monitor_mm.c]
+ tree(3) wants an int return value for its compare functions and
+ the difference between two pointers is not an int. Just do the
+ safest thing and store the result in a long and then return 0,
+ -1, or 1 based on that result.
+ - deraadt@cvs.openbsd.org 2002/06/28 01:50:37
+ [monitor_wrap.c]
+ use ssize_t
+ - deraadt@cvs.openbsd.org 2002/06/28 10:08:25
+ [sshd.c]
+ range check -u option at invocation
+ - deraadt@cvs.openbsd.org 2002/06/28 23:05:06
+ [sshd.c]
+ gidset[2] -> gidset[1]; markus ok
+ - deraadt@cvs.openbsd.org 2002/06/30 21:54:16
+ [auth2.c session.c sshd.c]
+ lint asks that we use names that do not overlap
+ - deraadt@cvs.openbsd.org 2002/06/30 21:59:45
+ [auth-bsdauth.c auth-skey.c auth2-chall.c clientloop.c key.c
+ monitor_wrap.c monitor_wrap.h scard.h session.h sftp-glob.c ssh.c
+ sshconnect2.c sshd.c]
+ minor KNF
+ - deraadt@cvs.openbsd.org 2002/07/01 16:15:25
+ [msg.c]
+ %u
+ - markus@cvs.openbsd.org 2002/07/01 19:48:46
+ [sshconnect2.c]
+ for compression=yes, we fallback to no-compression if the server does
+ not support compression, vice versa for compression=no. ok mouring@
+ - markus@cvs.openbsd.org 2002/07/03 09:55:38
+ [ssh-keysign.c]
+ use RSA_blinding_on() for rsa hostkeys (suggested by Bill Sommerfeld)
+ in order to avoid a possible Kocher timing attack pointed out by Charles
+ Hannum; ok provos@
+ - markus@cvs.openbsd.org 2002/07/03 14:21:05
+ [ssh-keysign.8 ssh-keysign.c ssh.c ssh_config]
+ re-enable ssh-keysign's sbit, but make ssh-keysign read
+ /etc/ssh/ssh_config and exit if HostbasedAuthentication is disabled
+ globally. based on discussions with deraadt, itojun and sommerfeld;
+ ok itojun@
+ - (bal) Failed password attempts don't increment counter on AIX. Bug #145
+ - (bal) Missed Makefile.in change. keysign needs readconf.o
+ - (bal) Clean up aix_usrinfo(). Ignore TTY= period I guess.
+
+20020702
+ - (djm) Use PAM_MSG_MEMBER for PAM_TEXT_INFO messages, use xmalloc &
+ friends consistently. Spotted by Solar Designer <solar@openwall.com>
+
+20020629
+ - (bal) fix to auth2-pam.c to swap fatal() arguments, A bit of style
+ clean up while I'm near it.
+
+20020628
+ - (stevesk) [sshd_config] PAMAuthenticationViaKbdInt no; commented
+ options should contain default value. from solar.
+ - (bal) Cygwin uid0 fix by vinschen@redhat.com
+ - (bal) s/config.h/includes.h/ in openbsd-compat/ for *.c. Otherwise wise
+ have issues of our fixes not propogating right (ie bcopy instead of
+ memmove). OK tim
+ - (bal) FreeBSD needs <sys/types.h> to detect if mmap() is supported.
+ Bug #303
+
+200206027
+ - OpenBSD CVS Sync
+ - deraadt@cvs.openbsd.org 2002/06/26 14:49:36
+ [monitor.c]
+ correct %u
+ - deraadt@cvs.openbsd.org 2002/06/26 14:50:04
+ [monitor_fdpass.c]
+ use ssize_t for recvmsg() and sendmsg() return
+ - markus@cvs.openbsd.org 2002/06/26 14:51:33
+ [ssh-add.c]
+ fix exit code for -X/-x
+ - deraadt@cvs.openbsd.org 2002/06/26 15:00:32
+ [monitor_wrap.c]
+ more %u
+ - markus@cvs.openbsd.org 2002/06/26 22:27:32
+ [ssh-keysign.c]
+ bug #304, xfree(data) called to early; openssh@sigint.cs.purdue.edu
+
+20020626
+ - (stevesk) [monitor.c] remove duplicate proto15 dispatch entry for PAM
+ - (bal) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2002/06/23 21:34:07
+ [channels.c]
+ tcode is u_int
+ - markus@cvs.openbsd.org 2002/06/24 13:12:23
+ [ssh-agent.1]
+ the socket name contains ssh-agent's ppid; via mpech@ from form@
+ - markus@cvs.openbsd.org 2002/06/24 14:33:27
+ [channels.c channels.h clientloop.c serverloop.c]
+ move channel counter to u_int
+ - markus@cvs.openbsd.org 2002/06/24 14:55:38
+ [authfile.c kex.c ssh-agent.c]
+ cat to (void) when output from buffer_get_X is ignored
+ - itojun@cvs.openbsd.org 2002/06/24 15:49:22
+ [msg.c]
+ printf type pedant
+ - deraadt@cvs.openbsd.org 2002/06/24 17:57:20
+ [sftp-server.c sshpty.c]
+ explicit (u_int) for uid and gid
+ - markus@cvs.openbsd.org 2002/06/25 16:22:42
+ [authfd.c]
+ unnecessary cast
+ - markus@cvs.openbsd.org 2002/06/25 18:51:04
+ [sshd.c]
+ lightweight do_setusercontext after chroot()
+ - (bal) Updated AIX package build. Patch by dtucker@zip.com.au
+ - (tim) [Makefile.in] fix test on installing ssh-rand-helper.8
+ - (bal) added back in error check for mmap(). I screwed up, Pointed
+ out by stevesk@
+ - (tim) [README.privsep] UnixWare tip no longer needed.
+ - (bal) fixed NeXTStep missing munmap() issue. It defines HAVE_MMAP,
+ but it all damned lies.
+ - (stevesk) [README.privsep] more for sshd pseudo-account.
+ - (tim) [contrib/caldera/openssh.spec] add support for privsep
+ - (djm) setlogin needs pgid==pid on BSD/OS; from itojun@
+ - (djm) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2002/06/26 08:53:12
+ [bufaux.c]
+ limit size of BNs to 8KB; ok provos/deraadt
+ - markus@cvs.openbsd.org 2002/06/26 08:54:18
+ [buffer.c]
+ limit append to 1MB and buffers to 10MB
+ - markus@cvs.openbsd.org 2002/06/26 08:55:02
+ [channels.c]
+ limit # of channels to 10000
+ - markus@cvs.openbsd.org 2002/06/26 08:58:26
+ [session.c]
+ limit # of env vars to 1000; ok deraadt/djm
+ - deraadt@cvs.openbsd.org 2002/06/26 13:20:57
+ [monitor.c]
+ be careful in mm_zalloc
+ - deraadt@cvs.openbsd.org 2002/06/26 13:49:26
+ [session.c]
+ disclose less information from environment files; based on input
+ from djm, and dschultz@uclink.Berkeley.EDU
+ - markus@cvs.openbsd.org 2002/06/26 13:55:37
+ [auth2-chall.c]
+ make sure # of response matches # of queries, fixes int overflow;
+ from ISS
+ - markus@cvs.openbsd.org 2002/06/26 13:56:27
+ [version.h]
+ 3.4
+ - (djm) Require krb5 devel for RPM build w/ KrbV
+ - (djm) Improve PAMAuthenticationViaKbdInt text from Nalin Dahyabhai
+ <nalin@redhat.com>
+ - (djm) Update spec files for release
+ - (djm) Fix int overflow in auth2-pam.c, similar to one discovered by ISS
+ - (djm) Release 3.4p1
+ - (tim) [contrib/caldera/openssh.spec] remove 2 configure options I put in
+ by mistake
+
+20020625
+ - (stevesk) [INSTALL acconfig.h configure.ac defines.h] remove --with-rsh
+ - (stevesk) [README.privsep] minor updates
+ - (djm) Create privsep directory and warn if privsep user is missing
+ during make install
+ - (bal) Started list of PrivSep issues in TODO
+ - (bal) if mmap() is substandard, don't allow compression on server side.
+ Post 'event' we will add more options.
+ - (tim) [contrib/caldera/openssh.spec] Sync with Caldera
+ - (bal) moved aix_usrinfo() and noted not setting real TTY. Patch by
+ dtucker@zip.com.au
+ - (tim) [acconfig.h configure.ac sshd.c] BROKEN_FD_PASSING fix from Markus
+ for Cygwin, Cray, & SCO
+
+20020624
+ - OpenBSD CVS Sync
+ - deraadt@cvs.openbsd.org 2002/06/23 03:25:50
+ [tildexpand.c]
+ KNF
+ - deraadt@cvs.openbsd.org 2002/06/23 03:26:19
+ [cipher.c key.c]
+ KNF
+ - deraadt@cvs.openbsd.org 2002/06/23 03:30:58
+ [scard.c ssh-dss.c ssh-rsa.c sshconnect.c sshconnect2.c sshd.c sshlogin.c
+ sshpty.c]
+ various KNF and %d for unsigned
+ - deraadt@cvs.openbsd.org 2002/06/23 09:30:14
+ [sftp-client.c sftp-client.h sftp-common.c sftp-int.c sftp-server.c
+ sftp.c]
+ bunch of u_int vs int stuff
+ - deraadt@cvs.openbsd.org 2002/06/23 09:39:55
+ [ssh-keygen.c]
+ u_int stuff
+ - deraadt@cvs.openbsd.org 2002/06/23 09:46:51
+ [bufaux.c servconf.c]
+ minor KNF. things the fingers do while you read
+ - deraadt@cvs.openbsd.org 2002/06/23 10:29:52
+ [ssh-agent.c sshd.c]
+ some minor KNF and %u
+ - deraadt@cvs.openbsd.org 2002/06/23 20:39:45
+ [session.c]
+ compression_level is u_int
+ - deraadt@cvs.openbsd.org 2002/06/23 21:06:13
+ [sshpty.c]
+ KNF
+ - deraadt@cvs.openbsd.org 2002/06/23 21:06:41
+ [channels.c channels.h session.c session.h]
+ display, screen, row, col, xpixel, ypixel are u_int; markus ok
+ - deraadt@cvs.openbsd.org 2002/06/23 21:10:02
+ [packet.c]
+ packet_get_int() returns unsigned for reason & seqnr
+ - (bal) Also fixed IPADDR_IN_DISPLAY case where display, screen, row, col,
+ xpixel are u_int.
+
+