+20041107
+ - (dtucker) OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2004/11/05 12:19:56
+ [sftp.c]
+ command editing and history support via libedit; ok markus@
+ thanks to hshoexer@ and many testers on tech@ too
+ - djm@cvs.openbsd.org 2004/11/07 00:01:46
+ [clientloop.c clientloop.h ssh.1 ssh.c]
+ add basic control of a running multiplex master connection; including the
+ ability to check its status and request it to exit; ok markus@
+
+20041105
+ - (dtucker) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2004/08/30 09:18:08
+ [LICENCE]
+ s/keygen/keyscan/
+ - jmc@cvs.openbsd.org 2004/08/30 21:22:49
+ [ssh-add.1 ssh.1]
+ .Xsession -> .xsession;
+ originally from a pr from f at obiit dot org, but missed by myself;
+ ok markus@ matthieu@
+ - djm@cvs.openbsd.org 2004/09/07 23:41:30
+ [clientloop.c ssh.c]
+ cleanup multiplex control socket on SIGHUP too, spotted by sturm@
+ ok markus@ deraadt@
+ - deraadt@cvs.openbsd.org 2004/09/15 00:46:01
+ [ssh.c]
+ /* fallthrough */ is something a programmer understands. But
+ /* FALLTHROUGH */ is also understood by lint, so that is better.
+ - jaredy@cvs.openbsd.org 2004/09/15 03:25:41
+ [sshd_config.5]
+ mention PrintLastLog only prints last login time for interactive
+ sessions, like PrintMotd mentions.
+ From Michael Knudsen, with wording changed slightly to match the
+ PrintMotd description.
+ ok djm
+ - mickey@cvs.openbsd.org 2004/09/15 18:42:27
+ [sshd.c]
+ use less doubles in daemons; markus@ ok
+ - deraadt@cvs.openbsd.org 2004/09/15 18:46:04
+ [scp.c]
+ scratch that do { } while (0) wrapper in this case
+ - djm@cvs.openbsd.org 2004/09/23 13:00:04
+ [ssh.c]
+ correctly honour -n in multiplex client mode; spotted by sturm@ ok markus@
+ - djm@cvs.openbsd.org 2004/09/25 03:45:14
+ [sshd.c]
+ these printf args are no longer double; ok deraadt@ markus@
+ - djm@cvs.openbsd.org 2004/10/07 10:10:24
+ [scp.1 sftp.1 ssh.1 ssh_config.5]
+ document KbdInteractiveDevices; ok markus@
+ - djm@cvs.openbsd.org 2004/10/07 10:12:36
+ [ssh-agent.c]
+ don't unlink agent socket when bind() fails, spotted by rich AT
+ rich-paul.net, ok markus@
+ - markus@cvs.openbsd.org 2004/10/20 11:48:53
+ [packet.c ssh1.h]
+ disconnect for invalid (out of range) message types.
+ - djm@cvs.openbsd.org 2004/10/29 21:47:15
+ [channels.c channels.h clientloop.c]
+ fix some window size change bugs for multiplexed connections: windows sizes
+ were not being updated if they had changed after ~^Z suspends and SIGWINCH
+ was not being processed unless the first connection had requested a tty;
+ ok markus
+ - djm@cvs.openbsd.org 2004/10/29 22:53:56
+ [clientloop.c misc.h readpass.c ssh-agent.c]
+ factor out common permission-asking code to separate function; ok markus@
+ - djm@cvs.openbsd.org 2004/10/29 23:56:17
+ [bufaux.c bufaux.h buffer.c buffer.h]
+ introduce a new buffer API that returns an error rather than fatal()ing
+ when presented with bad data; ok markus@
+ - djm@cvs.openbsd.org 2004/10/29 23:57:05
+ [key.c]
+ use new buffer API to avoid fatal errors on corrupt keys in authorized_keys
+ files; ok markus@
+
+20041102
+ - (dtucker) [configure.ac includes.h] Bug #947: Fix compile error on HP-UX
+ 10.x by testing for conflicts in shadow.h and undef'ing _INCLUDE__STDC__
+ only if a conflict is detected.
+
+20041019
+ - (dtucker) [uidswap.c] Don't test dropping of gids for the root user or
+ on Cygwin. Cygwin parts from vinschen at redhat com; ok djm@
+
+20041016
+ - (djm) [auth-pam.c] snprintf->strl*, fix server message length calculations;
+ ok dtucker@
+
+20041006
+ - (dtucker) [README.privsep] Bug #939: update info about HP-UX Trusted Mode
+ and other PAM platforms.
+ - (dtucker) [monitor_mm.c openbsd-compat/xmmap.c] Bug #940: cast constants
+ to void * to appease picky compilers (eg Tru64's "cc -std1").
+
+20040930
+ - (dtucker) [configure.ac] Set AC_PACKAGE_NAME. ok djm@
+
+20040923
+ - (dtucker) [openbsd-compat/bsd-snprintf.c] Previous change was off by one,
+ which could have caused the justification to be wrong. ok djm@
+
+20040921
+ - (dtucker) [openbsd-compat/bsd-snprintf.c] Check for max length too.
+ ok djm@
+ - (dtucker) [contrib/cygwin/ssh-host-config] Update to match current Cygwin
+ install process. Patch from vinschen at redhat.com.
+
+20040912
+ - (djm) [loginrec.c] Start KNF and tidy up of this long-neglected file.
+ No change in resultant binary
+ - (djm) [loginrec.c] __func__ifiy
+ - (djm) [loginrec.c] xmalloc
+ - (djm) [ssh.c sshd.c version.h] Don't divulge portable version in protocol
+ banner. Suggested by deraadt@, ok mouring@, dtucker@
+ - (dtucker) [configure.ac] Fix incorrect quoting and tests for cross-compile.
+ Partly by & ok djm@.
+
+20040911
+ - (djm) [ssh-agent.c] unifdef some cygwin code; ok dtucker@
+ - (dtucker) [auth-pam.c auth-pam.h session.c] Bug #890: Send output from
+ failing PAM session modules to user then exit, similar to the way
+ /etc/nologin is handled. ok djm@
+ - (dtucker) [auth-pam.c] Relocate sshpam_store_conv(), no code change.
+ - (djm) [auth2-kbdint.c auth2-none.c auth2-passwd.c auth2-pubkey.c]
+ Make cygwin code more consistent with that which surrounds it
+ - (dtucker) [auth-pam.c auth.h auth2-none.c auth2.c monitor.c monitor_wrap.c]
+ Bug #892: Send messages from failing PAM account modules to the client via
+ SSH2_MSG_USERAUTH_BANNER messages. Note that this will not happen with
+ SSH2 kbdint authentication, which need to be dealt with separately. ok djm@
+ - (dtucker) [session.c] Bug #927: make .hushlogin silent again. ok djm@
+ - (dtucker) [configure.ac] Bug #321: Add cross-compile support to configure.
+ Parts by chua at ayrnetworks.com, astrand at lysator.liu.se and me. ok djm@
+ - (dtucker) [auth-krb5.c] Bug #922: Pass KRB5CCNAME to PAM. From deengert
+ at anl.gov, ok djm@
+
+20040830
+ - (dtucker) [session.c openbsd-compat/bsd-cygwin_util.{c,h}] Bug #915: only
+ copy required environment variables on Cygwin. Patch from vinschen at
+ redhat.com, ok djm@
+ - (dtucker) [regress/Makefile] Clean scp-ssh-wrapper.scp too. Patch from
+ vinschen at redhat.com.
+ - (dtucker) [Makefile.in contrib/ssh-copy-id] Bug #894: Improve portability
+ of shell constructs. Patch from cjwatson at debian.org.
+
+20040829
+ - (dtucker) [openbsd-compat/getrrsetbyname.c] Prevent getrrsetbyname from
+ failing with NOMEMORY if no sigs are returned and malloc(0) returns NULL.
+ From Martin.Kraemer at Fujitsu-Siemens.com; ok djm@
+ - (dtucker) OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2004/08/23 11:48:09
+ [authfile.c]
+ fix error path, spotted by Martin.Kraemer AT Fujitsu-Siemens.com; ok markus
+ - djm@cvs.openbsd.org 2004/08/23 11:48:47
+ [channels.c]
+ typo, spotted by Martin.Kraemer AT Fujitsu-Siemens.com; ok markus
+ - dtucker@cvs.openbsd.org 2004/08/23 14:26:38
+ [ssh-keysign.c ssh.c]
+ Use permanently_set_uid() in ssh and ssh-keysign for consistency, matches
+ change in Portable; ok markus@ (CVS ID sync only)
+ - dtucker@cvs.openbsd.org 2004/08/23 14:29:23
+ [ssh-keysign.c]
+ Remove duplicate getuid(), suggested by & ok markus@
+ - markus@cvs.openbsd.org 2004/08/26 16:00:55
+ [ssh.1 sshd.8]
+ get rid of references to rhosts authentication; with jmc@
+ - djm@cvs.openbsd.org 2004/08/28 01:01:48
+ [sshd.c]
+ don't erroneously close stdin for !reexec case, from Dave Johnson;
+ ok markus@
+ - (dtucker) [configure.ac] Include sys/stream.h in sys/ptms.h header check,
+ fixes configure warning on Solaris reported by wknox at mitre.org.
+ - (dtucker) [regress/multiplex.sh] Skip test on platforms that do not
+ support FD passing since multiplex requires it. Noted by tim@
+ - (dtucker) [regress/dynamic-forward.sh] Allow time for connections to be torn
+ down, needed on some platforms, should be harmless on others. Patch from
+ jason at devrandom.org.
+ - (dtucker) [regress/scp.sh] Make this work on Cygwin too, which doesn't like
+ files ending in .exe that aren't binaries; patch from vinschen at redhat.com.
+ - (dtucker) [Makefile.in] Get regress/Makefile symlink right for out-of-tree
+ builds too, from vinschen at redhat.com.
+ - (dtucker) [regress/agent-ptrace.sh] Skip ptrace test on OSF1/DUnix/Tru64
+ too; patch from cmadams at hiwaay.net.
+ - (dtucker) [configure.ac] Replace non-portable echo \n with extra echo.
+ - (dtucker) [openbsd-compat/port-aix.c] Bug #712: Explicitly check for
+ accounts with authentication configs that sshd can't support (ie
+ SYSTEM=NONE and AUTH1=something).
+
+20040828
+ - (dtucker) [openbsd-compat/mktemp.c] Remove superfluous Cygwin #ifdef; from
+ vinschen at redhat.com.
+
+20040823
+ - (djm) [ssh-rand-helper.c] Typo. Found by
+ Martin.Kraemer AT Fujitsu-Siemens.com
+ - (djm) [loginrec.c] Typo and bad args in error messages; Spotted by
+ Martin.Kraemer AT Fujitsu-Siemens.com
+
+20040817
+ - (dtucker) [regress/README.regress] Note compatibility issues with GNU head.
+ - (djm) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2004/08/16 08:17:01
+ [version.h]
+ 3.9
+ - (djm) Crank RPM spec version numbers
+ - (djm) Release 3.9p1
+
+20040816
+ - (dtucker) [acconfig.h auth-pam.c configure.ac] Set real uid to non-root
+ to convince Solaris PAM to honour password complexity rules. ok djm@
+
+20040815
+ - (dtucker) [Makefile.in ssh-keysign.c ssh.c] Use permanently_set_uid() since
+ it does the right thing on all platforms. ok djm@
+ - (djm) [acconfig.h configure.ac openbsd-compat/Makefile.in
+ openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-misc.c
+ openbsd-compat/bsd-misc.h openbsd-compat/openbsd-compat.h] Use smarter
+ closefrom() replacement from sudo; ok dtucker@
+ - (djm) [loginrec.c] Check that seek succeeded here too; ok dtucker
+ - (dtucker) [Makefile.in] Fix typo.
+
+20040814
+ - (dtucker) [auth-krb5.c gss-serv-krb5.c openbsd-compat/xmmap.c]
+ Explicitly set umask for mkstemp; ok djm@
+ - (dtucker) [includes.h] Undef _INCLUDE__STDC__ on HP-UX, otherwise
+ prot.h and shadow.h provide conflicting declarations of getspnam. ok djm@
+ - (dtucker) [loginrec.c openbsd-compat/port-aix.c openbsd-compat/port-aix.h]
+ Plug AIX login recording into login_write so logins will be recorded for
+ all auth types.
+
+20040813
+ - (dtucker) [openbsd-compat/bsd-misc.c] Typo in #ifdef; from vinschen at
+ redhat.com
+- (dtucker) OpenBSD CVS Sync
+ - avsm@cvs.openbsd.org 2004/08/11 21:43:05
+ [channels.c channels.h clientloop.c misc.c misc.h serverloop.c ssh-agent.c]
+ some signed/unsigned int comparison cleanups; markus@ ok
+ - avsm@cvs.openbsd.org 2004/08/11 21:44:32
+ [authfd.c scp.c ssh-keyscan.c]
+ use atomicio instead of homegrown equivalents or read/write.
+ markus@ ok
+ - djm@cvs.openbsd.org 2004/08/12 09:18:24
+ [sshlogin.c]
+ typo in error message, spotted by moritz AT jodeit.org (Id sync only)
+ - jakob@cvs.openbsd.org 2004/08/12 21:41:13
+ [ssh-keygen.1 ssh.1]
+ improve SSHFP documentation; ok deraadt@
+ - jmc@cvs.openbsd.org 2004/08/13 00:01:43
+ [ssh-keygen.1]
+ kill whitespace at eol;
+ - djm@cvs.openbsd.org 2004/08/13 02:51:48
+ [monitor_fdpass.c]
+ extra check for no message case; ok markus, deraadt, hshoexer, henning
+ - dtucker@cvs.openbsd.org 2004/08/13 11:09:24
+ [servconf.c]
+ Fix line numbers off-by-one in error messages, from tortay at cc.in2p3.fr
+ ok markus@, djm@
+
+20040812
+ - (dtucker) [sshd.c] Remove duplicate variable imported during sync.
+ - (dtucker) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2004/07/28 08:56:22
+ [sshd.c]
+ call setsid() _before_ re-exec
+ - markus@cvs.openbsd.org 2004/07/28 09:40:29
+ [auth.c auth1.c auth2.c cipher.c cipher.h key.c session.c ssh.c
+ sshconnect1.c]
+ more s/illegal/invalid/
+ - djm@cvs.openbsd.org 2004/08/04 10:37:52
+ [dh.c]
+ return group14 when no primes found - fixes hang on empty /etc/moduli;
+ ok markus@
+ - dtucker@cvs.openbsd.org 2004/08/11 11:09:54
+ [servconf.c]
+ Fix minor leak; "looks right" deraadt@
+ - dtucker@cvs.openbsd.org 2004/08/11 11:50:09
+ [sshd.c]
+ Don't try to close startup_pipe if it's not open; ok djm@
+ - djm@cvs.openbsd.org 2004/08/11 11:59:22
+ [sshlogin.c]
+ check that lseek went were we told it to; ok markus@
+ (Id sync only, but similar changes are needed in loginrec.c)
+ - djm@cvs.openbsd.org 2004/08/11 12:01:16
+ [sshlogin.c]
+ make store_lastlog_message() static to appease -Wall; ok markus
+ - (dtucker) [sshd.c] Clear loginmsg in postauth monitor, prevents doubling
+ messages generated before the postauth privsep split.
+
20040720
- (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2004/07/21 08:56:12
- djm@cvs.openbsd.org 2004/07/21 10:36:23
[gss-serv-krb5.c]
fix function declaration
+ - djm@cvs.openbsd.org 2004/07/21 11:51:29
+ [canohost.c]
+ bz#902: cache remote port so we don't fatal() in auth_log when remote
+ connection goes away quickly. from peak AT argo.troja.mff.cuni.cz;
+ ok markus@
- (djm) [auth-pam.c] Portable parts of bz#899: Don't display invalid
usernames in setproctitle from peak AT argo.troja.mff.cuni.cz;