+20060106
+ - (djm) OpenBSD CVS Sync
+ - jmc@cvs.openbsd.org 2006/01/03 16:31:10
+ [ssh.1]
+ move FILES to a -compact list, and make each files an item in that list.
+ this avoids nastly line wrap when we have long pathnames, and treats
+ each file as a separate item;
+ remove the .Pa too, since it is useless.
+ - jmc@cvs.openbsd.org 2006/01/03 16:35:30
+ [ssh.1]
+ use a larger width for the ENVIRONMENT list;
+ - jmc@cvs.openbsd.org 2006/01/03 16:52:36
+ [ssh.1]
+ put FILES in some sort of order: sort by pathname
+ - jmc@cvs.openbsd.org 2006/01/03 16:55:18
+ [ssh.1]
+ tweak the description of ~/.ssh/environment
+ - jmc@cvs.openbsd.org 2006/01/04 18:42:46
+ [ssh.1]
+ chop out some duplication in the .{r,s}hosts/{h,sh}osts.equiv FILES
+ entries;
+ ok markus
+ - jmc@cvs.openbsd.org 2006/01/04 18:45:01
+ [ssh.1]
+ remove .Xr's to rsh(1) and telnet(1): they are hardly needed;
+ - jmc@cvs.openbsd.org 2006/01/04 19:40:24
+ [ssh.1]
+ +.Xr ssh-keyscan 1 ,
+ - jmc@cvs.openbsd.org 2006/01/04 19:50:09
+ [ssh.1]
+ -.Xr gzip 1 ,
+ - djm@cvs.openbsd.org 2006/01/05 23:43:53
+ [misc.c]
+ check that stdio file descriptors are actually closed before clobbering
+ them in sanitise_stdfd(). problems occurred when a lower numbered fd was
+ closed, but higher ones weren't. spotted by, and patch tested by
+ Frédéric Olivié
+
+20060103
+ - (djm) [channels.c] clean up harmless merge error, from reyk@
+
+20060103
+ - (djm) OpenBSD CVS Sync
+ - jmc@cvs.openbsd.org 2006/01/02 17:09:49
+ [ssh_config.5 sshd_config.5]
+ some corrections from michael knudsen;
+
+20060102
+ - (djm) [README.tun] Add README.tun, missed during sync of tun(4) support
+ - (djm) OpenBSD CVS Sync
+ - jmc@cvs.openbsd.org 2005/12/31 10:46:17
+ [ssh.1]
+ merge the "LOGIN SESSION AND REMOTE EXECUTION" and "SERVER
+ AUTHENTICATION" sections into "AUTHENTICATION";
+ some rewording done to make the text read better, plus some
+ improvements from djm;
+ ok djm
+ - jmc@cvs.openbsd.org 2005/12/31 13:44:04
+ [ssh.1]
+ clean up ENVIRONMENT a little;
+ - jmc@cvs.openbsd.org 2005/12/31 13:45:19
+ [ssh.1]
+ .Nm does not require an argument;
+ - stevesk@cvs.openbsd.org 2006/01/01 08:59:27
+ [includes.h misc.c]
+ move <net/if.h>; ok djm@
+ - stevesk@cvs.openbsd.org 2006/01/01 10:08:48
+ [misc.c]
+ no trailing "\n" for debug()
+ - djm@cvs.openbsd.org 2006/01/02 01:20:31
+ [sftp-client.c sftp-common.h sftp-server.c]
+ use a common max. packet length, no binary change
+ - reyk@cvs.openbsd.org 2006/01/02 07:53:44
+ [misc.c]
+ clarify tun(4) opening - set the mode and bring the interface up. also
+ (re)sets the tun(4) layer 2 LINK0 flag for existing tunnel interfaces.
+ suggested and ok by djm@
+ - jmc@cvs.openbsd.org 2006/01/02 12:31:06
+ [ssh.1]
+ start to cut some duplicate info from FILES;
+ help/ok djm
+
+20060101
+ - (djm) [Makefile.in configure.ac includes.h misc.c]
+ [openbsd-compat/port-tun.c openbsd-compat/port-tun.h] Add support
+ for tunnel forwarding for FreeBSD and NetBSD. NetBSD's support is
+ limited to IPv4 tunnels only, and most versions don't support the
+ tap(4) device at all.
+ - (djm) [configure.ac] Fix linux/if_tun.h test
+ - (djm) [openbsd-compat/port-tun.c] Linux needs linux/if.h too
+
+20051229
+ - (djm) OpenBSD CVS Sync
+ - stevesk@cvs.openbsd.org 2005/12/28 22:46:06
+ [canohost.c channels.c clientloop.c]
+ use 'break-in' for consistency; ok deraadt@ ok and input jmc@
+ - reyk@cvs.openbsd.org 2005/12/30 15:56:37
+ [channels.c channels.h clientloop.c]
+ add channel output filter interface.
+ ok djm@, suggested by markus@
+ - jmc@cvs.openbsd.org 2005/12/30 16:59:00
+ [sftp.1]
+ do not suggest that interactive authentication will work
+ with the -b flag;
+ based on a diff from john l. scarfone;
+ ok djm
+ - stevesk@cvs.openbsd.org 2005/12/31 01:38:45
+ [ssh.1]
+ document -MM; ok djm@
+ - (djm) [openbsd-compat/port-tun.c openbsd-compat/port-tun.h configure.ac]
+ [serverloop.c ssh.c openbsd-compat/Makefile.in]
+ [openbsd-compat/openbsd-compat.h] Implement tun(4) forwarding
+ compatability support for Linux, diff from reyk@
+ - (djm) [configure.ac] Disable Linux tun(4) compat code if linux/tun.h does
+ not exist
+ - (djm) [configure.ac] oops, make that linux/if_tun.h
+
+20051229
+ - (tim) [buildpkg.sh.in] grep for $SSHDUID instead of $SSHDGID on /etc/passwd
+
+20051224
+ - (djm) OpenBSD CVS Sync
+ - jmc@cvs.openbsd.org 2005/12/20 21:59:43
+ [ssh.1]
+ merge the sections on protocols 1 and 2 into one section on
+ authentication;
+ feedback djm dtucker
+ ok deraadt markus dtucker
+ - jmc@cvs.openbsd.org 2005/12/20 22:02:50
+ [ssh.1]
+ .Ss -> .Sh: subsections have not made this page more readable
+ - jmc@cvs.openbsd.org 2005/12/20 22:09:41
+ [ssh.1]
+ move info on ssh return values and config files up into the main
+ description;
+ - jmc@cvs.openbsd.org 2005/12/21 11:48:16
+ [ssh.1]
+ -L and -R descriptions are now above, not below, ~C description;
+ - jmc@cvs.openbsd.org 2005/12/21 11:57:25
+ [ssh.1]
+ options now described `above', rather than `later';
+ - jmc@cvs.openbsd.org 2005/12/21 12:53:31
+ [ssh.1]
+ -Y does X11 forwarding too;
+ ok markus
+ - stevesk@cvs.openbsd.org 2005/12/21 22:44:26
+ [sshd.8]
+ clarify precedence of -p, Port, ListenAddress; ok and help jmc@
+ - jmc@cvs.openbsd.org 2005/12/22 10:31:40
+ [ssh_config.5]
+ put the description of "UsePrivilegedPort" in the correct place;
+ - jmc@cvs.openbsd.org 2005/12/22 11:23:42
+ [ssh.1]
+ expand the description of -w somewhat;
+ help/ok reyk
+ - jmc@cvs.openbsd.org 2005/12/23 14:55:53
+ [ssh.1]
+ - sync the description of -e w/ synopsis
+ - simplify the description of -I
+ - note that -I is only available if support compiled in, and that it
+ isn't by default
+ feedback/ok djm@
+ - jmc@cvs.openbsd.org 2005/12/23 23:46:23
+ [ssh.1]
+ less mark up for -c;
+ - djm@cvs.openbsd.org 2005/12/24 02:27:41
+ [session.c sshd.c]
+ eliminate some code duplicated in privsep and non-privsep paths, and
+ explicitly clear SIGALRM handler; "groovy" deraadt@
+
+20051220
+ - (dtucker) OpenBSD CVS Sync
+ - reyk@cvs.openbsd.org 2005/12/13 15:03:02
+ [serverloop.c]
+ if forced_tun_device is not set, it is -1 and not SSH_TUNID_ANY
+ - jmc@cvs.openbsd.org 2005/12/16 18:07:08
+ [ssh.1]
+ move the option descriptions up the page: start of a restructure;
+ ok markus deraadt
+ - jmc@cvs.openbsd.org 2005/12/16 18:08:53
+ [ssh.1]
+ simplify a sentence;
+ - jmc@cvs.openbsd.org 2005/12/16 18:12:22
+ [ssh.1]
+ make the description of -c a little nicer;
+ - jmc@cvs.openbsd.org 2005/12/16 18:14:40
+ [ssh.1]
+ signpost the protocol sections;
+ - stevesk@cvs.openbsd.org 2005/12/17 21:13:05
+ [ssh_config.5 session.c]
+ spelling: fowarding, fowarded
+ - stevesk@cvs.openbsd.org 2005/12/17 21:36:42
+ [ssh_config.5]
+ spelling: intented -> intended
+ - dtucker@cvs.openbsd.org 2005/12/20 04:41:07
+ [ssh.c]
+ exit(255) on error to match description in ssh(1); bz #1137; ok deraadt@
+
+20051219
+ - (dtucker) [cipher-aes.c cipher-ctr.c cipher.c configure.ac
+ openbsd-compat/openssl-compat.h] Check for and work around broken AES
+ ciphers >128bit on (some) Solaris 10 systems. ok djm@
+
+20051217
+ - (dtucker) [defines.h] HP-UX system headers define "YES" and "NO" which
+ scp.c also uses, so undef them here.
+ - (dtucker) [configure.ac openbsd-compat/bsd-snprintf.c] Bug #1133: Our
+ snprintf replacement can have a conflicting declaration in HP-UX's system
+ headers (const vs. no const) so we now check for and work around it. Patch
+ from the dynamic duo of David Leonard and Ted Percival.
+
+20051214
+ - (dtucker) OpenBSD CVS Sync (regress/)
+ - dtucker@cvs.openbsd.org 2005/12/30 04:36:39
+ [regress/scp-ssh-wrapper.sh]
+ Fix assumption about how many args scp will pass; ok djm@
+
20051213
- (djm) OpenBSD CVS Sync
- jmc@cvs.openbsd.org 2005/11/30 11:18:27
[ssh.1]
timezone -> time zone
+ - jmc@cvs.openbsd.org 2005/11/30 11:45:20
+ [ssh.1]
+ avoid ambiguities in describing TZ;
+ ok djm@
+ - reyk@cvs.openbsd.org 2005/12/06 22:38:28
+ [auth-options.c auth-options.h channels.c channels.h clientloop.c]
+ [misc.c misc.h readconf.c readconf.h scp.c servconf.c servconf.h]
+ [serverloop.c sftp.c ssh.1 ssh.c ssh_config ssh_config.5 sshconnect.c]
+ [sshconnect.h sshd.8 sshd_config sshd_config.5]
+ Add support for tun(4) forwarding over OpenSSH, based on an idea and
+ initial channel code bits by markus@. This is a simple and easy way to
+ use OpenSSH for ad hoc virtual private network connections, e.g.
+ administrative tunnels or secure wireless access. It's based on a new
+ ssh channel and works similar to the existing TCP forwarding support,
+ except that it depends on the tun(4) network interface on both ends of
+ the connection for layer 2 or layer 3 tunneling. This diff also adds
+ support for LocalCommand in the ssh(1) client.
+ ok djm@, markus@, jmc@ (manpages), tested and discussed with others
+ - djm@cvs.openbsd.org 2005/12/07 03:52:22
+ [clientloop.c]
+ reyk forgot to compile with -Werror (missing header)
+ - jmc@cvs.openbsd.org 2005/12/07 10:52:13
+ [ssh.1]
+ - avoid line split in SYNOPSIS
+ - add args to -w
+ - kill trailing whitespace
+ - jmc@cvs.openbsd.org 2005/12/08 14:59:44
+ [ssh.1 ssh_config.5]
+ make `!command' a little clearer;
+ ok reyk
+ - jmc@cvs.openbsd.org 2005/12/08 15:06:29
+ [ssh_config.5]
+ keep options in order;
+ - reyk@cvs.openbsd.org 2005/12/08 18:34:11
+ [auth-options.c includes.h misc.c misc.h readconf.c servconf.c]
+ [serverloop.c ssh.c ssh_config.5 sshd_config.5 configure.ac]
+ two changes to the new ssh tunnel support. this breaks compatibility
+ with the initial commit but is required for a portable approach.
+ - make the tunnel id u_int and platform friendly, use predefined types.
+ - support configuration of layer 2 (ethernet) or layer 3
+ (point-to-point, default) modes. configuration is done using the
+ Tunnel (yes|point-to-point|ethernet|no) option is ssh_config(5) and
+ restricted by the PermitTunnel (yes|point-to-point|ethernet|no) option
+ in sshd_config(5).
+ ok djm@, man page bits by jmc@
+ - jmc@cvs.openbsd.org 2005/12/08 21:37:50
+ [ssh_config.5]
+ new sentence, new line;
+ - markus@cvs.openbsd.org 2005/12/12 13:46:18
+ [channels.c channels.h session.c]
+ make sure protocol messages for internal channels are ignored.
+ allow adjust messages for non-open channels; with and ok djm@
+ - (djm) [misc.c] Disable tunnel code for non-OpenBSD (for now), enable
+ again by providing a sys_tun_open() function for your platform and
+ setting the CUSTOM_SYS_TUN_OPEN define. More work is required to match
+ OpenBSD's tunnel protocol, which prepends the address family to the
+ packet
20051201
- (djm) [envpass.sh] Remove regress script that was accidentally committed