+20000430
+ - Merge HP-UX fixes and TCB support from Ged Lodder <lodder@yacc.com.au>
+ -
+
+20000429
+ - Merge big update to OpenSSH-2.0 from OpenBSD CVS
+ [README.openssh2]
+ - interop w/ F-secure windows client
+ - sync documentation
+ - ssh_host_dsa_key not ssh_dsa_key
+ [auth-rsa.c]
+ - missing fclose
+ [auth.c authfile.c compat.c dsa.c dsa.h hostfile.c key.c key.h radix.c]
+ [readconf.c readconf.h ssh-add.c ssh-keygen.c ssh.c ssh.h sshconnect.c]
+ [sshd.c uuencode.c uuencode.h authfile.h]
+ - add DSA pubkey auth and other SSH2 fixes. use ssh-keygen -[xX]
+ for trading keys with the real and the original SSH, directly from the
+ people who invented the SSH protocol.
+ [auth.c auth.h authfile.c sshconnect.c auth1.c auth2.c sshconnect.h]
+ [sshconnect1.c sshconnect2.c]
+ - split auth/sshconnect in one file per protocol version
+ [sshconnect2.c]
+ - remove debug
+ [uuencode.c]
+ - add trailing =
+ [version.h]
+ - OpenSSH-2.0
+ [ssh-keygen.1 ssh-keygen.c]
+ - add -R flag: exit code indicates if RSA is alive
+ [sshd.c]
+ - remove unused
+ silent if -Q is specified
+ [ssh.h]
+ - host key becomes /etc/ssh_host_dsa_key
+ [readconf.c servconf.c ]
+ - ssh/sshd default to proto 1 and 2
+ [uuencode.c]
+ - remove debug
+ [auth2.c ssh-keygen.c sshconnect2.c sshd.c]
+ - xfree DSA blobs
+ [auth2.c serverloop.c session.c]
+ - cleanup logging for sshd/2, respect PasswordAuth no
+ [sshconnect2.c]
+ - less debug, respect .ssh/config
+ [README.openssh2 channels.c channels.h]
+ - clientloop.c session.c ssh.c
+ - support for x11-fwding, client+server
+
+20000421
+ - Merge fix from OpenBSD CVS
+ [ssh-agent.c]
+ - Fix memory leak per connection. Report from Andy Spiegl <Andy@Spiegl.de>
+ via Debian bug #59926
+ - Define __progname in session.c if libc doesn't
+ - Remove indentation on autoconf #include statements to avoid bug in
+ DEC Tru64 compiler. Report and fix from David Del Piero
+ <David.DelPiero@qed.qld.gov.au>
+
+20000420
+ - Make fixpaths work with perl4, patch from Andre Lucas
+ <andre.lucas@dial.pipex.com>
+ - Sync with OpenBSD CVS:
+ [clientloop.c login.c serverloop.c ssh-agent.c ssh.h sshconnect.c sshd.c]
+ - pid_t
+ [session.c]
+ - remove bogus chan_read_failed. this could cause data
+ corruption (missing data) at end of a SSH2 session.
+ - Merge fixes from Debian patch from Phil Hands <phil@hands.com>
+ - Allow setting of PAM service name through CFLAGS (SSHD_PAM_SERVICE)
+ - Use vhangup to clean up Linux ttys
+ - Force posix getopt processing on GNU libc systems
+ - Debian bug #55910 - remove references to ssl(8) manpages
+ - Debian bug #58031 - ssh_config lies about default cipher
+
+20000419
+ - OpenBSD CVS updates
+ [channels.c]
+ - fix pr 1196, listen_port and port_to_connect interchanged
+ [scp.c]
+ - after completion, replace the progress bar ETA counter with a final
+ elapsed time; my idea, aaron wrote the patch
+ [ssh_config sshd_config]
+ - show 'Protocol' as an example, ok markus@
+ [sshd.c]
+ - missing xfree()
+ - Add missing header to bsd-misc.c
+
+20000416
+ - Reduce diff against OpenBSD source
+ - All OpenSSL includes are now unconditionally referenced as
+ openssl/foo.h
+ - Pick up formatting changes
+ - Other minor changed (typecasts, etc) that I missed
+
+20000415
+ - OpenBSD CVS updates.
+ [ssh.1 ssh.c]
+ - ssh -2
+ [auth.c channels.c clientloop.c packet.c packet.h serverloop.c]
+ [session.c sshconnect.c]
+ - check payload for (illegal) extra data
+ [ALL]
+ whitespace cleanup
+
+20000413
+ - INSTALL doc updates
+ - Merged OpenBSD updates to include paths.
+
+20000412
+ - OpenBSD CVS updates:
+ - [channels.c]
+ repair x11-fwd
+ - [sshconnect.c]
+ fix passwd prompt for ssh2, less debugging output.
+ - [clientloop.c compat.c dsa.c kex.c sshd.c]
+ less debugging output
+ - [kex.c kex.h sshconnect.c sshd.c]
+ check for reasonable public DH values
+ - [README.openssh2 cipher.c cipher.h compat.c compat.h readconf.c]
+ [readconf.h servconf.c servconf.h ssh.c ssh.h sshconnect.c sshd.c]
+ add Cipher and Protocol options to ssh/sshd, e.g.:
+ ssh -o 'Protocol 1,2' if you prefer proto 1, ssh -o 'Ciphers
+ arcfour,3des-cbc'
+ - [sshd.c]
+ print 1.99 only if server supports both
+
+20000408
+ - Avoid some compiler warnings in fake-get*.c
+ - Add IPTOS macros for systems which lack them
+ - Only set define entropy collection macros if they are found
+ - More large OpenBSD CVS updates:
+ - [auth.c auth.h servconf.c servconf.h serverloop.c session.c]
+ [session.h ssh.h sshd.c README.openssh2]
+ ssh2 server side, see README.openssh2; enable with 'sshd -2'
+ - [channels.c]
+ no adjust after close
+ - [sshd.c compat.c ]
+ interop w/ latest ssh.com windows client.
+
+20000406
+ - OpenBSD CVS update:
+ - [channels.c]
+ close efd on eof
+ - [clientloop.c compat.c ssh.c sshconnect.c myproposal.h]
+ ssh2 client implementation, interops w/ ssh.com and lsh servers.
+ - [sshconnect.c]
+ missing free.
+ - [authfile.c cipher.c cipher.h packet.c sshconnect.c sshd.c]
+ remove unused argument, split cipher_mask()
+ - [clientloop.c]
+ re-order: group ssh1 vs. ssh2
+ - Make Redhat spec require openssl >= 0.9.5a
+
+20000404
+ - Add tests for RAND_add function when searching for OpenSSL
+ - OpenBSD CVS update:
+ - [packet.h packet.c]
+ ssh2 packet format
+ - [packet.h packet.c nchan2.ms nchan.h compat.h compat.c]
+ [channels.h channels.c]
+ channel layer support for ssh2
+ - [kex.h kex.c hmac.h hmac.c dsa.c dsa.h]
+ DSA, keyexchange, algorithm agreement for ssh2
+ - Generate manpages before make install not at the end of make all
+ - Don't seed the rng quite so often
+ - Always reseed rng when requested
+
+20000403
+ - Wrote entropy collection routines for systems that lack /dev/random
+ and EGD
+ - Disable tests and typedefs for 64 bit types. They are currently unused.
+
+20000401
+ - Big OpenBSD CVS update (mainly beginnings of SSH2 infrastructure)
+ - [auth.c session.c sshd.c auth.h]
+ split sshd.c -> auth.c session.c sshd.c plus cleanup and goto-removal
+ - [bufaux.c bufaux.h]
+ support ssh2 bignums
+ - [channels.c channels.h clientloop.c sshd.c nchan.c nchan.h packet.c]
+ [readconf.c ssh.c ssh.h serverloop.c]
+ replace big switch() with function tables (prepare for ssh2)
+ - [ssh2.h]
+ ssh2 message type codes
+ - [sshd.8]
+ reorder Xr to avoid cutting
+ - [serverloop.c]
+ close(fdin) if fdin != fdout, shutdown otherwise, ok theo@
+ - [channels.c]
+ missing close
+ allow bigger packets
+ - [cipher.c cipher.h]
+ support ssh2 ciphers
+ - [compress.c]
+ cleanup, less code
+ - [dispatch.c dispatch.h]
+ function tables for different message types
+ - [log-server.c]
+ do not log() if debuggin to stderr
+ rename a cpp symbol, to avoid param.h collision
+ - [mpaux.c]
+ KNF
+ - [nchan.c]
+ sync w/ channels.c
+
+20000326
+ - Better tests for OpenSSL w/ RSAref
+ - Added replacement setenv() function from OpenBSD libc. Suggested by
+ Ben Lindstrom <mouring@pconline.com>
+ - OpenBSD CVS update
+ - [auth-krb4.c]
+ -Wall
+ - [auth-rh-rsa.c auth-rsa.c hostfile.c hostfile.h key.c key.h match.c]
+ [match.h ssh.c ssh.h sshconnect.c sshd.c]
+ initial support for DSA keys. ok deraadt@, niels@
+ - [cipher.c cipher.h]
+ remove unused cipher_attack_detected code
+ - [scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
+ Fix some formatting problems I missed before.
+ - [ssh.1 sshd.8]
+ fix spelling errors, From: FreeBSD
+ - [ssh.c]
+ switch to raw mode only if he _get_ a pty (not if we _want_ a pty).
+
+20000324
+ - Released 1.2.3
+
+20000317
+ - Clarified --with-default-path option.
+ - Added -blibpath handling for AIX to work around stupid runtime linking.
+ Problem elucidated by gshapiro@SENDMAIL.ORG by way of Jim Knoble
+ <jmknoble@pobox.com>
+ - Checks for 64 bit int types. Problem report from Mats Fredholm
+ <matsf@init.se>
+ - OpenBSD CVS updates:
+ - [atomicio.c auth-krb4.c bufaux.c channels.c compress.c fingerprint.c]
+ [packet.h radix.c rsa.c scp.c ssh-agent.c ssh-keygen.c sshconnect.c]
+ [sshd.c]
+ pedantic: signed vs. unsigned, void*-arithm, etc
+ - [ssh.1 sshd.8]
+ Various cleanups and standardizations.
+ - Runtime error fix for HPUX from Otmar Stahl
+ <O.Stahl@lsw.uni-heidelberg.de>
+
+20000316
+ - Fixed configure not passing LDFLAGS to Solaris. Report from David G.
+ Hesprich <dghespri@sprintparanet.com>
+ - Propogate LD through to Makefile
+ - Doc cleanups
+ - Added blurb about "scp: command not found" errors to UPGRADING
+
+20000315
+ - Fix broken CFLAGS handling during search for OpenSSL. Fixes va_list
+ problems with gcc/Solaris.
+ - Don't free argument to putenv() after use (in setenv() replacement).
+ Report from Seigo Tanimura <tanimura@r.dl.itc.u-tokyo.ac.jp>
+ - Created contrib/ subdirectory. Included helpers from Phil Hands'
+ Debian package, README file and chroot patch from Ricardo Cerqueira
+ <rmcc@clix.pt>
+ - Moved gnome-ssh-askpass.c to contrib directory and removed config
+ option.
+ - Slight cleanup to doc files
+ - Configure fix from Bratislav ILICH <bilic@zepter.ru>
+
+20000314
+ - Include macro for IN6_IS_ADDR_V4MAPPED. Report from
+ peter@frontierflying.com
+ - Include /usr/local/include and /usr/local/lib for systems that don't
+ do it themselves
+ - -R/usr/local/lib for Solaris
+ - Fix RSAref detection
+ - Fix IN6_IS_ADDR_V4MAPPED macro
+
+20000311
+ - Detect RSAref
+ - OpenBSD CVS change
+ [sshd.c]
+ - disallow guessing of root password
+ - More configure fixes
+ - IPv6 workarounds from Hideaki YOSHIFUJI <yoshfuji@ecei.tohoku.ac.jp>
+
+20000309
+ - OpenBSD CVS updates to v1.2.3
+ [ssh.h atomicio.c]
+ - int atomicio -> ssize_t (for alpha). ok deraadt@
+ [auth-rsa.c]
+ - delay MD5 computation until client sends response, free() early, cleanup.
+ [cipher.c]
+ - void* -> unsigned char*, ok niels@
+ [hostfile.c]
+ - remove unused variable 'len'. fix comments.
+ - remove unused variable
+ [log-client.c log-server.c]
+ - rename a cpp symbol, to avoid param.h collision
+ [packet.c]
+ - missing xfree()
+ - getsockname() requires initialized tolen; andy@guildsoftware.com
+ - use getpeername() in packet_connection_is_on_socket(), fixes sshd -i;
+ from Holger.Trapp@Informatik.TU-Chemnitz.DE
+ [pty.c pty.h]
+ - register cleanup for pty earlier. move code for pty-owner handling to
+ pty.c ok provos@, dugsong@
+ [readconf.c]
+ - turn off x11-fwd for the client, too.
+ [rsa.c]
+ - PKCS#1 padding
+ [scp.c]
+ - allow '.' in usernames; from jedgar@fxp.org
+ [servconf.c]
+ - typo: ignore_user_known_hosts int->flag; naddy@mips.rhein-neckar.de
+ - sync with sshd_config
+ [ssh-keygen.c]
+ - enable ssh-keygen -l -f ~/.ssh/known_hosts, ok deraadt@
+ [ssh.1]
+ - Change invalid 'CHAT' loglevel to 'VERBOSE'
+ [ssh.c]
+ - suppress AAAA query host when '-4' is used; from shin@nd.net.fujitsu.co.jp
+ - turn off x11-fwd for the client, too.
+ [sshconnect.c]
+ - missing xfree()
+ - retry rresvport_af(), too. from sumikawa@ebina.hitachi.co.jp.
+ - read error vs. "Connection closed by remote host"
+ [sshd.8]
+ - ie. -> i.e.,
+ - do not link to a commercial page..
+ - sync with sshd_config
+ [sshd.c]
+ - no need for poll.h; from bright@wintelcom.net
+ - log with level log() not fatal() if peer behaves badly.
+ - don't panic if client behaves strange. ok deraadt@
+ - make no-port-forwarding for RSA keys deny both -L and -R style fwding
+ - delay close() of pty until the pty has been chowned back to root
+ - oops, fix comment, too.
+ - missing xfree()
+ - move XAUTHORITY to subdir. ok dugsong@. fixes debian bug #57907, too.
+ (http://cgi.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=57907)
+ - register cleanup for pty earlier. move code for pty-owner handling to
+ pty.c ok provos@, dugsong@
+ - create x11 cookie file
+ - fix pr 1113, fclose() -> pclose(), todo: remote popen()
+ - version 1.2.3
+ - Cleaned up
+ - Removed warning workaround for Linux and devpts filesystems (no longer
+ required after OpenBSD updates)
+
+20000308
+ - Configure fix from Hiroshi Takekawa <takekawa@sr3.t.u-tokyo.ac.jp>
+
+20000307
+ - Released 1.2.2p1
+
+20000305
+ - Fix DEC compile fix
+ - Explicitly seed OpenSSL's PRNG before checking rsa_alive()
+ - Check for getpagesize in libucb.a if not found in libc. Fix for old
+ Solaris from Andre Lucas <andre.lucas@dial.pipex.com>
+ - Check for libwrap if --with-tcp-wrappers option specified. Suggestion
+ Mate Wierdl <mw@moni.msci.memphis.edu>
+
+20000303
+ - Added "make host-key" target, Suggestion from Dominik Brettnacher
+ <domi@saargate.de>
+ - Don't permanently fail on bind() if getaddrinfo has more choices left for
+ us. Needed to work around messy IPv6 on Linux. Patch from Arkadiusz
+ Miskiewicz <misiek@pld.org.pl>
+ - DEC Unix compile fix from David Del Piero <David.DelPiero@qed.qld.gov.au>
+ - Manpage fix from David Del Piero <David.DelPiero@qed.qld.gov.au>
+
+20000302
+ - Big cleanup of autoconf code
+ - Rearranged to be a little more logical
+ - Added -R option for Solaris
+ - Rewrote OpenSSL detection code. Now uses AC_TRY_RUN with a test program
+ to detect library and header location _and_ ensure library has proper
+ RSA support built in (this is a problem with OpenSSL 0.9.5).
+ - Applied pty cleanup patch from markus.friedl@informatik.uni-erlangen.de
+ - Avoid warning message with Unix98 ptys
+ - Warning was valid - possible race condition on PTYs. Avoided using
+ platform-specific code.
+ - Document some common problems
+ - Allow root access to any key. Patch from
+ markus.friedl@informatik.uni-erlangen.de
+
+20000207
+ - Removed SOCKS code. Will support through a ProxyCommand.
+
+20000203
+ - Fixed SEGVs in authloop, fix from vbzoli@hbrt.hu
+ - Add --with-ssl-dir option
+
+20000202
+ - Fix lastlog code for directory based lastlogs. Fix from Josh Durham
+ <jmd@aoe.vt.edu>
+ - Documentation fixes from HARUYAMA Seigo <haruyama@nt.phys.s.u-tokyo.ac.jp>
+ - Added URLs to Japanese translations of documents by HARUYAMA Seigo
+ <haruyama@nt.phys.s.u-tokyo.ac.jp>
+
+20000201
+ - Use socket pairs by default (instead of pipes). Prevents race condition
+ on several (buggy) OSs. Report and fix from tridge@linuxcare.com
+
+20000127
+ - Seed OpenSSL's random number generator before generating RSA keypairs
+ - Split random collector into seperate file
+ - Compile fix from Andre Lucas <andre.lucas@dial.pipex.com>
+
+20000126
+ - Released 1.2.2 stable
+
+ - NeXT keeps it lastlog in /usr/adm. Report from
+ mouring@newton.pconline.com
+ - Added note in UPGRADING re interop with commercial SSH using idea.
+ Report from Jim Knoble <jmknoble@pobox.com>
+ - Fix linking order for Kerberos/AFS. Fix from Holget Trapp
+ <Holger.Trapp@Informatik.TU-Chemnitz.DE>
+
+20000125
+ - Fix NULL pointer dereference in login.c. Fix from Andre Lucas
+ <andre.lucas@dial.pipex.com>
+ - Reorder PAM initialisation so it does not mess up lastlog. Reported
+ by Andre Lucas <andre.lucas@dial.pipex.com>
+ - Use preformatted manpages on SCO, report from Gary E. Miller
+ <gem@rellim.com>
+ - New URL for x11-ssh-askpass.
+ - Fixpaths was missing /etc/ssh_known_hosts. Report from Jim Knoble
+ <jmknoble@pobox.com>
+ - Added 'DESTDIR' option to Makefile to ease package building. Patch from
+ Jim Knoble <jmknoble@pobox.com>
+ - Updated RPM spec files to use DESTDIR
+
+20000124
+ - Pick up version 1.2.2 from OpenBSD CVS (no changes, just version number
+ increment)
+
+20000123
+ - OpenBSD CVS:
+ - [packet.c]
+ getsockname() requires initialized tolen; andy@guildsoftware.com
+ - AIX patch from Matt Richards <v2matt@btv.ibm.com> and David Rankin
+ <drankin@bohemians.lexington.ky.us>
+ - Fix lastlog support, patch from Andre Lucas <andre.lucas@dial.pipex.com>
+
20000122
- Fix compilation of bsd-snprintf.c on Solaris, fix from Ben Taylor
<bent@clark.net>
- Merge preformatted manpage patch from Andre Lucas
<andre.lucas@dial.pipex.com>
+ - Make IPv4 use the default in RPM packages
+ - Irix uses preformatted manpages
+ - Missing htons() in bsd-bindresvport.c, fix from Holger Trapp
+ <Holger.Trapp@Informatik.TU-Chemnitz.DE>
+ - OpenBSD CVS updates:
+ - [packet.c]
+ use getpeername() in packet_connection_is_on_socket(), fixes sshd -i;
+ from Holger.Trapp@Informatik.TU-Chemnitz.DE
+ - [sshd.c]
+ log with level log() not fatal() if peer behaves badly.
+ - [readpass.c]
+ instead of blocking SIGINT, catch it ourselves, so that we can clean
+ the tty modes up and kill ourselves -- instead of our process group
+ leader (scp, cvs, ...) going away and leaving us in noecho mode.
+ people with cbreak shells never even noticed..
+ - [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
+ ie. -> i.e.,
20000120
- Don't use getaddrinfo on AIX