+20020321
+ - (bal) OpenBSD CVS Sync
+ - itojun@cvs.openbsd.org 2002/03/08 06:10:16
+ [sftp-client.c]
+ printf type mismatch
+ - itojun@cvs.openbsd.org 2002/03/11 03:18:49
+ [sftp-client.c]
+ correct type mismatches (u_int64_t != unsigned long long)
+ - itojun@cvs.openbsd.org 2002/03/11 03:19:53
+ [sftp-client.c]
+ indent
+ - markus@cvs.openbsd.org 2002/03/14 15:24:27
+ [sshconnect1.c]
+ don't trust size sent by (rogue) server; noted by s.esser@e-matters.de
+ - markus@cvs.openbsd.org 2002/03/14 16:38:26
+ [sshd.c]
+ split out ssh1 session key decryption; ok provos@
+ - markus@cvs.openbsd.org 2002/03/14 16:56:33
+ [auth-rh-rsa.c auth-rsa.c auth.h]
+ split auth_rsa() for better readability and privsep; ok provos@
+ - itojun@cvs.openbsd.org 2002/03/15 11:00:38
+ [auth.c]
+ fix file type checking (use S_ISREG). ok by markus
+ - markus@cvs.openbsd.org 2002/03/16 11:24:53
+ [compress.c]
+ skip inflateEnd if inflate fails; ok provos@
+ - markus@cvs.openbsd.org 2002/03/16 17:22:09
+ [auth-rh-rsa.c auth.h]
+ split auth_rhosts_rsa(), ok provos@
+ - stevesk@cvs.openbsd.org 2002/03/16 17:41:25
+ [auth-krb5.c]
+ BSD license. from Daniel Kouril via Dug Song. ok markus@
+ - provos@cvs.openbsd.org 2002/03/17 20:25:56
+ [auth.c auth.h auth1.c auth2.c]
+ getpwnamallow returns struct passwd * only if user valid; okay markus@
+ - provos@cvs.openbsd.org 2002/03/18 01:12:14
+ [auth.h auth1.c auth2.c sshd.c]
+ have the authentication functions return the authentication context
+ and then do_authenticated; okay millert@
+ - dugsong@cvs.openbsd.org 2002/03/18 01:30:10
+ [auth-krb4.c]
+ set client to NULL after xfree(), from Rolf Braun
+ <rbraun+ssh@andrew.cmu.edu>
+ - provos@cvs.openbsd.org 2002/03/18 03:41:08
+ [auth.c session.c]
+ move auth_approval into getpwnamallow with help from millert@
+ - markus@cvs.openbsd.org 2002/03/18 17:13:15
+ [cipher.c cipher.h]
+ export/import cipher states; needed by ssh-privsep
+ - markus@cvs.openbsd.org 2002/03/18 17:16:38
+ [packet.c packet.h]
+ export/import cipher state, iv and ssh2 seqnr; needed by ssh-privsep
+ - markus@cvs.openbsd.org 2002/03/18 17:23:31
+ [key.c key.h]
+ add key_demote() for ssh-privsep
+ - provos@cvs.openbsd.org 2002/03/18 17:25:29
+ [bufaux.c bufaux.h]
+ buffer_skip_string and extra sanity checking; needed by ssh-privsep
+ - provos@cvs.openbsd.org 2002/03/18 17:31:54
+ [compress.c]
+ export compression streams for ssh-privsep
+ - provos@cvs.openbsd.org 2002/03/18 17:50:31
+ [auth-bsdauth.c auth-options.c auth-rh-rsa.c auth-rsa.c auth-skey.c auth.h
+ auth1.c auth2-chall.c auth2.c kex.c kex.h kexdh.c kexgex.c servconf.c
+ session.h servconf.h serverloop.c session.c sshd.c]
+ integrate privilege separated openssh; its turned off by default for now.
+ work done by me and markus@
+ - provos@cvs.openbsd.org 2002/03/18 17:53:08
+ [sshd.8]
+ credits for privsep
+ - provos@cvs.openbsd.org 2002/03/18 17:59:09
+ [sshd.8]
+ document UsePrivilegeSeparation
+ - stevesk@cvs.openbsd.org 2002/03/18 23:52:51
+ [servconf.c]
+ UnprivUser/UnprivGroup usable now--specify numeric user/group; ok
+ provos@
+ - stevesk@cvs.openbsd.org 2002/03/19 03:03:43
+ [pathnames.h servconf.c servconf.h sshd.c]
+ _PATH_PRIVSEP_CHROOT_DIR; ok provos@
+ - stevesk@cvs.openbsd.org 2002/03/19 05:23:08
+ [sshd.8]
+ Banner has no default.
+ - mpech@cvs.openbsd.org 2002/03/19 06:32:56
+ [sftp-int.c]
+ use xfree() after xstrdup().
+
+ markus@ ok
+ - markus@cvs.openbsd.org 2002/03/19 10:35:39
+ [auth-options.c auth.h session.c session.h sshd.c]
+ clean up prototypes
+ - markus@cvs.openbsd.org 2002/03/19 10:49:35
+ [auth-krb5.c auth-rh-rsa.c auth.c cipher.c key.c misc.h packet.c session.c
+ sftp-client.c sftp-glob.h sftp.c ssh-add.c ssh.c sshconnect2.c sshd.c
+ ttymodes.c]
+ KNF whitespace
+ - markus@cvs.openbsd.org 2002/03/19 14:27:39
+ [auth.c auth1.c auth2.c]
+ make getpwnamallow() allways call pwcopy()
+ - markus@cvs.openbsd.org 2002/03/19 15:31:47
+ [auth.c]
+ check for NULL; from provos@
+ - stevesk@cvs.openbsd.org 2002/03/20 19:12:25
+ [servconf.c servconf.h ssh.h sshd.c]
+ for unprivileged user, group do:
+ pw=getpwnam(SSH_PRIVSEP_USER); do_setusercontext(pw). ok provos@
+ - stevesk@cvs.openbsd.org 2002/03/20 21:08:08
+ [sshd.c]
+ strerror() on chdir() fail; ok provos@
+ - markus@cvs.openbsd.org 2002/03/21 10:21:20
+ [ssh-add.c]
+ ignore errors for nonexisting default keys in ssh-add,
+ fixes http://bugzilla.mindrot.org/show_bug.cgi?id=158
+ - jakob@cvs.openbsd.org 2002/03/21 15:17:26
+ [clientloop.c ssh.1]
+ add built-in command line for adding new port forwardings on the fly.
+ based on a patch from brian wellington. ok markus@.
+ - markus@cvs.openbsd.org 2002/03/21 16:38:06
+ [scard.c]
+ make compile w/ openssl 0.9.7
+
+20020317
+ - (tim) [configure.ac] Assume path given with --with-pid-dir=PATH is wanted,
+ warn if directory does not exist. Put system directories in front of
+ PATH for finding entorpy commands.
+ - (tim) [contrib/aix/buildbff.sh contrib/aix/inventory.sh] AIX package
+ build fixes. Patch by Darren Tucker <dtucker@zip.com.au>
+ [contrib/solaris/buildpkg.sh] add missing dirs to SYSTEM_DIR. Have
+ postinstall check for $piddir and add if necessary.
+
+20020311
+ - (tim) [contrib/solaris/buildpkg.sh, contrib/solaris/README] Updated to
+ build on all platforms that support SVR4 style package tools. Now runs
+ from build dir. Parts are based on patches from Antonio Navarro, and
+ Darren Tucker.
+
+20020308
+ - (djm) Revert bits of Markus' OpenSSL compat patch which was
+ accidentally committed.
+ - (djm) Add Markus' patch for compat wih OpenSSL < 0.9.6.
+ Known issue: Blowfish for SSH1 does not work
+ - (stevesk) entropy.c: typo in debug message
+ - (djm) ssh-keygen -i needs seeded RNG; report from markus@
+
+20020307
+ - (djm) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2002/03/06 00:20:54
+ [compat.c dh.c]
+ compat.c
+ - markus@cvs.openbsd.org 2002/03/06 00:23:27
+ [compat.c dh.c]
+ undo
+ - markus@cvs.openbsd.org 2002/03/06 00:24:39
+ [compat.c]
+ compat.c
+ - markus@cvs.openbsd.org 2002/03/06 00:25:55
+ [version.h]
+ OpenSSH_3.1
+ - (djm) Update RPM spec files with new version number
+ - (bal) Updated INSTALL to reflect 0.9.6 OpenSSL requirement
+ - (bal) Add in check for rpc/types.h since it is needed on
+ some platforms for INADDR_LOOPBACK. We should retest
+ SCO 3 to see if this fixes their problem also.
+ - (bal) Test for IRIX JOBS support at runtime. Patch provided
+ by David Kaelbling <drk@sgi.com>
+
+20020305
+ - stevesk@cvs.openbsd.org 2002/03/02 09:34:42
+ [LICENCE]
+ correct copyright dates for scp license; ok markus@
+
+20020304
+ - OpenBSD CVS Sync
+ - deraadt@cvs.openbsd.org 2002/02/26 18:52:32
+ [sftp.1]
+ Ic cannot have that many arguments; spotted by mouring@etoh.eviladmin.org
+ - mouring@cvs.openbsd.org 2002/02/26 19:04:37
+ [sftp.1]
+ > Ic cannot have that many arguments; spotted by mouring@etoh.eviladmin.org
+ Last Ic on the first line should not have a space between it and the final
+ comma.
+ - deraadt@cvs.openbsd.org 2002/02/26 19:06:43
+ [sftp.1]
+ no, look closely. the comma was highlighted. split .Ic even more
+ - stevesk@cvs.openbsd.org 2002/02/26 20:03:51
+ [misc.c]
+ use socklen_t
+ - stevesk@cvs.openbsd.org 2002/02/27 21:23:13
+ [canohost.c channels.c packet.c sshd.c]
+ remove unneeded casts in [gs]etsockopt(); ok markus@
+ - markus@cvs.openbsd.org 2002/02/28 15:46:33
+ [authfile.c kex.c kexdh.c kexgex.c key.c ssh-dss.c]
+ add some const EVP_MD for openssl-0.9.7
+ - stevesk@cvs.openbsd.org 2002/02/28 19:36:28
+ [auth.c match.c match.h]
+ delay hostname lookup until we see a ``@'' in DenyUsers and AllowUsers
+ for sshd -u0; ok markus@
+ - stevesk@cvs.openbsd.org 2002/02/28 20:36:42
+ [sshd.8]
+ DenyUsers allows user@host pattern also
+ - stevesk@cvs.openbsd.org 2002/02/28 20:46:10
+ [sshd.8]
+ -u0 DNS for user@host
+ - stevesk@cvs.openbsd.org 2002/02/28 20:56:00
+ [auth.c]
+ log user not allowed details, from dwd@bell-labs.com; ok markus@
+ - markus@cvs.openbsd.org 2002/03/01 13:12:10
+ [auth.c match.c match.h]
+ undo the 'delay hostname lookup' change
+ match.c must not use compress.c (via canonhost.c/packet.c)
+ thanks to wilfried@
+ - markus@cvs.openbsd.org 2002/03/04 12:43:06
+ [auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
+ - markus@cvs.openbsd.org 2002/03/04 13:10:46
+ [misc.c]
+ error-> debug, because O_NONBLOCK for /dev/null causes too many different
+ errnos; ok stevesk@, deraadt@
+ unused include
+ - stevesk@cvs.openbsd.org 2002/03/04 17:27:39
+ [auth-krb5.c auth-options.h auth.h authfd.h authfile.h bufaux.h buffer.h
+ channels.h cipher.h compat.h compress.h crc32.h deattack.c getput.h
+ groupaccess.c misc.c mpaux.h packet.h readconf.h rsa.h scard.h
+ servconf.h ssh-agent.c ssh.h ssh2.h sshpty.h sshtty.c ttymodes.h
+ uuencode.c xmalloc.h]
+ $OpenBSD$ and RCSID() cleanup: don't use RCSID() in .h files; add
+ missing RCSID() to .c files and remove dup /*$OpenBSD$*/ from .c
+ files. ok markus@
+ - stevesk@cvs.openbsd.org 2002/03/04 18:30:23
+ [ssh-keyscan.c]
+ handle connection close during read of protocol version string.
+ fixes erroneous "bad greeting". ok markus@
+ - markus@cvs.openbsd.org 2002/03/04 19:37:58
+ [channels.c]
+ off by one; thanks to joost@pine.nl
+ - (bal) Added contrib/aix/ to support BFF package generation provided
+ by Darren Tucker <dtucker@zip.com.au>
+20020226
+ - (tim) Bug 12 [configure.ac] add sys/bitypes.h to int64_t tests
+ based on patch by mooney@dogbert.cc.ndsu.nodak.edu (Tim Mooney)
+ Bug 45 [configure.ac] modify skey test to work around conflict with autoconf
+ reported by nolan@naic.edu (Michael Nolan)
+ patch by Pekka Savola <pekkas@netcore.fi>
+ Bug 74 [configure.ac defines.h] add sig_atomic_t test
+ reported by dwd@bell-labs.com (Dave Dykstra)
+ Bug 102 [defines.h] UNICOS fixes. patch by wendyp@cray.com
+ [configure.ac Makefile.in] link libwrap only with sshd
+ based on patch by Maciej W. Rozycki <macro@ds2.pg.gda.pl>
+ Bug 123 link libpam only with sshd
+ reported by peak@argo.troja.mff.cuni.cz (Pavel Kankovsky)
+ [configure.ac defines.h] modify previous SCO3 fix to not break Solaris 7
+ [acconfig.h] remove unused HAVE_REGCOMP
+ [configure.ac] put back in search for prngd-socket
+ - (stevesk) openbsd-compat/base64.h: typo in comment
+ - (bal) Update sshd_config CVSID
+ - (bal) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2002/02/15 23:54:10
+ [auth-krb5.c]
+ krb5_get_err_text() does not like context==NULL; he@nordu.net via google;
+ ok provos@
+ - markus@cvs.openbsd.org 2002/02/22 12:20:34
+ [log.c log.h ssh-keyscan.c]
+ overwrite fatal() in ssh-keyscan.c; fixes pr 2354; ok provos@
+ - markus@cvs.openbsd.org 2002/02/23 17:59:02
+ [kex.c kexdh.c kexgex.c]
+ don't allow garbage after payload.
+ - stevesk@cvs.openbsd.org 2002/02/24 16:09:52
+ [sshd.c]
+ use u_char* here; ok markus@
+ - markus@cvs.openbsd.org 2002/02/24 16:57:19
+ [sftp-client.c]
+ early close(), missing free; ok stevesk@
+ - markus@cvs.openbsd.org 2002/02/24 16:58:32
+ [packet.c]
+ make 'cp' unsigned and merge with 'ucp'; ok stevesk@
+ - markus@cvs.openbsd.org 2002/02/24 18:31:09
+ [uuencode.c]
+ typo in comment
+ - markus@cvs.openbsd.org 2002/02/24 19:14:59
+ [auth2.c authfd.c authfd.h authfile.c kexdh.c kexgex.c key.c key.h
+ ssh-dss.c ssh-dss.h ssh-keygen.c ssh-rsa.c ssh-rsa.h sshconnect2.c]
+ signed vs. unsigned: make size arguments u_int, ok stevesk@
+ - stevesk@cvs.openbsd.org 2002/02/24 19:59:42
+ [channels.c misc.c]
+ disable Nagle in connect_to() and channel_post_port_listener() (port
+ forwarding endpoints). the intention is to preserve the on-the-wire
+ appearance to applications at either end; the applications can then
+ enable TCP_NODELAY according to their requirements. ok markus@
+ - markus@cvs.openbsd.org 2002/02/25 16:33:27
+ [ssh-keygen.c sshconnect2.c uuencode.c uuencode.h]
+ more u_* fixes
+ - (bal) Imported missing fatal.c and fixed up Makefile.in
+ - (tim) [configure.ac] correction to Bug 123 fix
+ [configure.ac] correction to sig_atomic_t test
+
+20020225
+ - (bal) Last AIX patch. Moved aix_usrinfo() outside of do_setuserconext()
+ since we need more session information than provided by that function.
+
+20020224
+ - (bal) Drop Session *s usage in ports-aix.[ch] and pass just what we
+ need to do the jobs (AIX still does not fully compile, but that is
+ coming).
+ - (bal) Part two.. Drop unused AIX header, fix up missing char *cp. All
+ that is left is handling aix_usrinfo().
+ - (tim) [loginrec.c session.c sshlogin.c sshlogin.h] Bug 84
+ patch by wknox@mitre.org (William Knox).
+ [sshlogin.h] declare record_utmp_only for session.c
+
+20020221
+ - (bal) Minor session.c fixup for cygwin. mispelt 'is_winnt' variable.
+
20020219
- (djm) OpenBSD CVS Sync
- mpech@cvs.openbsd.org 2002/02/13 08:33:47
- deraadt@cvs.openbsd.org 2002/02/19 02:50:59
[sshd_config]
stategy is not an english word
+ - (bal) Migrated IRIX jobs/projects/audit/etc code to
+ openbsd-compat/port-irix.[ch] to improve readiblity of do_child()
+ - (bal) Migrated AIX getuserattr and usrinfo code to
+ openbsd-compat/port-aix.[c] to improve readilbity of do_child() and
+ simplify our diffs against upstream source.
+ - (bal) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2002/02/15 23:11:26
+ [session.c]
+ split do_child(), ok mouring@
+ - markus@cvs.openbsd.org 2002/02/16 00:51:44
+ [session.c]
+ typo
+ - (bal) CVS ID sync since the last two patches were merged mistakenly
20020218
- (tim) newer config.guess from ftp://ftp.gnu.org/gnu/config/config.guess