+20081111
+ - (dtucker) OpenBSD CVS Sync
+ - jmc@cvs.openbsd.org 2008/11/05 11:22:54
+ [servconf.c]
+ passord -> password;
+ fixes user/5975 from Rene Maroufi
+ - stevesk@cvs.openbsd.org 2008/11/07 00:42:12
+ [ssh-keygen.c]
+ spelling/typo in comment
+
+20081105
+ - OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2008/11/03 08:59:41
+ [servconf.c]
+ include MaxSessions in sshd -T output; patch from imorgan AT nas.nasa.gov
+ - djm@cvs.openbsd.org 2008/11/04 07:58:09
+ [auth.c]
+ need unistd.h for close() prototype
+ (ID sync only)
+ - djm@cvs.openbsd.org 2008/11/04 08:22:13
+ [auth.h auth2.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h]
+ [readconf.c readconf.h servconf.c servconf.h ssh2.h ssh_config.5]
+ [sshconnect2.c sshd_config.5 jpake.c jpake.h schnorr.c auth2-jpake.c]
+ [Makefile.in]
+ Add support for an experimental zero-knowledge password authentication
+ method using the J-PAKE protocol described in F. Hao, P. Ryan,
+ "Password Authenticated Key Exchange by Juggling", 16th Workshop on
+ Security Protocols, Cambridge, April 2008.
+
+ This method allows password-based authentication without exposing
+ the password to the server. Instead, the client and server exchange
+ cryptographic proofs to demonstrate of knowledge of the password while
+ revealing nothing useful to an attacker or compromised endpoint.
+
+ This is experimental, work-in-progress code and is presently
+ compiled-time disabled (turn on -DJPAKE in Makefile.inc).
+
+ "just commit it. It isn't too intrusive." deraadt@
+ - stevesk@cvs.openbsd.org 2008/11/04 19:18:00
+ [readconf.c]
+ because parse_forward() is now used to parse all forward types (DLR),
+ and it malloc's space for host variables, we don't need to malloc
+ here. fixes small memory leaks.
+
+ previously dynamic forwards were not parsed in parse_forward() and
+ space was not malloc'd in that case.
+
+ ok djm@
+ - stevesk@cvs.openbsd.org 2008/11/05 03:23:09
+ [clientloop.c ssh.1]
+ add dynamic forward escape command line; ok djm@
+
20081103
- OpenBSD CVS Sync
- sthen@cvs.openbsd.org 2008/07/24 23:55:30
Add -y option to force logging via syslog rather than stderr.
Useful for daemonised ssh connection (ssh -f). Patch originally from
and ok'd by markus@
+ - djm@cvs.openbsd.org 2008/10/09 03:50:54
+ [servconf.c sshd_config.5]
+ support setting PermitEmptyPasswords in a Match block
+ requested in PR3891; ok dtucker@
+ - jmc@cvs.openbsd.org 2008/10/09 06:54:22
+ [ssh.c]
+ add -y to usage();
+ - stevesk@cvs.openbsd.org 2008/10/10 04:55:16
+ [scp.c]
+ spelling in comment; ok djm@
+ - stevesk@cvs.openbsd.org 2008/10/10 05:00:12
+ [key.c]
+ typo in error message; ok djm@
+ - stevesk@cvs.openbsd.org 2008/10/10 16:43:27
+ [ssh_config.5]
+ use 'Privileged ports can be forwarded only when logging in as root on
+ the remote machine.' for RemoteForward just like ssh.1 -R.
+ ok djm@ jmc@
+ - stevesk@cvs.openbsd.org 2008/10/14 18:11:33
+ [sshconnect.c]
+ use #define ROQUIET here; no binary change. ok dtucker@
+ - stevesk@cvs.openbsd.org 2008/10/17 18:36:24
+ [ssh_config.5]
+ correct and clarify VisualHostKey; ok jmc@
+ - stevesk@cvs.openbsd.org 2008/10/30 19:31:16
+ [clientloop.c sshd.c]
+ don't need to #include "monitor_fdpass.h"
+ - stevesk@cvs.openbsd.org 2008/10/31 15:05:34
+ [dispatch.c]
+ remove unused #define DISPATCH_MIN; ok markus@
+ - djm@cvs.openbsd.org 2008/11/01 04:50:08
+ [sshconnect2.c]
+ sprinkle ARGSUSED on dispatch handlers
+ nuke stale unusued prototype
+ - stevesk@cvs.openbsd.org 2008/11/01 06:43:33
+ [channels.c]
+ fix some typos in log messages; ok djm@
+ - sobrado@cvs.openbsd.org 2008/11/01 11:14:36
+ [ssh-keyscan.1 ssh-keyscan.c]
+ the ellipsis is not an optional argument; while here, improve spacing.
+ - stevesk@cvs.openbsd.org 2008/11/01 17:40:33
+ [clientloop.c readconf.c readconf.h ssh.c]
+ merge dynamic forward parsing into parse_forward();
+ 'i think this is OK' djm@
+ - stevesk@cvs.openbsd.org 2008/11/02 00:16:16
+ [ttymodes.c]
+ protocol 2 tty modes support is now 7.5 years old so remove these
+ debug3()s; ok deraadt@
+ - stevesk@cvs.openbsd.org 2008/11/03 01:07:02
+ [readconf.c]
+ remove valueless comment
+ - stevesk@cvs.openbsd.org 2008/11/03 02:44:41
+ [readconf.c]
+ fix comment
+ - (djm) [contrib/caldera/ssh-host-keygen contrib/suse/rc.sshd]
+ Make example scripts generate keys with default sizes rather than fixed,
+ non-default 1024 bits; patch from imorgan AT nas.nasa.gov
+ - (djm) [contrib/sshd.pam.generic contrib/caldera/sshd.pam]
+ [contrib/redhat/sshd.pam] Move pam_nologin to account group from
+ incorrect auth group in example files;
+ patch from imorgan AT nas.nasa.gov
20080906
- (dtucker) [config.guess config.sub] Update to latest versions from