+
+20001229
+ - (bal) Fixed spelling of 'authorized_keys' in ssh-copy-id.1 by Christian
+ Kurz <shorty@debain.org>
+ - (bal) OpenBSD CVS Update
+ - markus@cvs.openbsd.org 2000/12/28 14:25:51
+ [auth.h auth2.c]
+ count authentication failures only
+ - markus@cvs.openbsd.org 2000/12/28 14:25:03
+ [sshconnect.c]
+ fingerprint for MITM attacks, too.
+ - markus@cvs.openbsd.org 2000/12/28 12:03:57
+ [sshd.8 sshd.c]
+ document -D
+ - markus@cvs.openbsd.org 2000/12/27 14:19:21
+ [serverloop.c]
+ less chatty
+ - markus@cvs.openbsd.org 2000/12/27 12:34
+ [auth1.c sshconnect2.c sshd.c]
+ typo
+ - markus@cvs.openbsd.org 2000/12/27 12:30:19
+ [readconf.c readconf.h ssh.1 sshconnect.c]
+ new option: HostKeyAlias: allow the user to record the host key
+ under a different name. This is useful for ssh tunneling over
+ forwarded connections or if you run multiple sshd's on different
+ ports on the same machine.
+ - markus@cvs.openbsd.org 2000/12/27 11:51:53
+ [ssh.1 ssh.c]
+ multiple -t force pty allocation, document ORIGINAL_COMMAND
+ - markus@cvs.openbsd.org 2000/12/27 11:41:31
+ [sshd.8]
+ update for ssh-2
+
+20001228
+ - (bal) Patch to add libutil.h to loginrec.c only if the platform has
+ libutil.h. Suggested by Pekka Savola <pekka@netcore.fi>
+ - (djm) Update to new x11-askpass in RPM spec
+ - (bal) SCO patch to not include <sys/queue.h> since it's unrelated
+ header. Patch by Tim Rice <tim@multitalents.net>
+ - Updated TODO w/ known HP/UX issue
+ - (bal) removed extra <netdb.h> noticed by Kevin Steves and removed the
+ bad reference to 'NeXT including it else were' on the #ifdef version.
+
+20001227
+ - (bal) Typo in configure.in: entut?ent should be endut?ent. Suggested by
+ Takumi Yamane <yamtak@b-session.com>
+ - (bal) Checks for getrlimit(), sysconf(), and setdtablesize(). Patch
+ by Corinna Vinschen <vinschen@redhat.com>
+ - (djm) Fix catman-do target for non-bash
+ - (bal) Typo in configure.in: entut?ent should be endut?ent. Suggested by
+ Takumi Yamane <yamtak@b-session.com>
+ - (bal) Checks for getrlimit(), sysconf(), and setdtablesize(). Patch
+ by Corinna Vinschen <vinschen@redhat.com>
+ - (djm) Fix catman-do target for non-bash
+ - (bal) Fixed NeXT's lack of CPPFLAGS honoring.
+ - (bal) ssh-keyscan.c: NeXT (and older BSDs) don't support getrlimit() w/
+ 'RLIMIT_NOFILE'
+ - (djm) Remove *.Ylonen files. They are no longer in the OpenBSD tree,
+ the info in COPYING.Ylonen has been moved to the start of each
+ SSH1-derived file and README.Ylonen is well out of date.
+
+20001223
+ - (bal) Fixed Makefile.in to support recompile of all ssh and sshd objects
+ if a change to config.h has occurred. Suggested by Gert Doering
+ <gert@greenie.muc.de>
+ - (bal) OpenBSD CVS Update:
+ - markus@cvs.openbsd.org 2000/12/22 16:49:40
+ [ssh-keygen.c]
+ fix ssh-keygen -x -t type > file; from Roumen.Petrov@skalasoft.com
+
+20001222
+ - Updated RCSID for pty.c
+ - (bal) OpenBSD CVS Updates:
+ - markus@cvs.openbsd.org 2000/12/21 15:10:16
+ [auth-rh-rsa.c hostfile.c hostfile.h sshconnect.c]
+ print keyfile:line for changed hostkeys, for deraadt@, ok deraadt@
+ - markus@cvs.openbsd.org 2000/12/20 19:26:56
+ [authfile.c]
+ allow ssh -i userkey for root
+ - markus@cvs.openbsd.org 2000/12/20 19:37:21
+ [authfd.c authfd.h kex.c sshconnect2.c sshd.c uidswap.c uidswap.h]
+ fix prototypes; from stevesk@pobox.com
+ - markus@cvs.openbsd.org 2000/12/20 19:32:08
+ [sshd.c]
+ init pointer to NULL; report from Jan.Ivan@cern.ch
+ - markus@cvs.openbsd.org 2000/12/19 23:17:54
+ [auth-krb4.c auth-options.c auth-options.h auth-rhosts.c auth-rsa.c
+ auth1.c auth2-skey.c auth2.c authfd.c authfd.h authfile.c bufaux.c
+ bufaux.h buffer.c canohost.c channels.c clientloop.c compress.c
+ crc32.c deattack.c getput.h hmac.c hmac.h hostfile.c kex.c kex.h
+ key.c key.h log.c login.c match.c match.h mpaux.c mpaux.h packet.c
+ packet.h radix.c readconf.c rsa.c scp.c servconf.c servconf.h
+ serverloop.c session.c sftp-server.c ssh-agent.c ssh-dss.c ssh-dss.h
+ ssh-keygen.c ssh-keyscan.c ssh-rsa.c ssh-rsa.h ssh.c ssh.h uuencode.c
+ uuencode.h sshconnect1.c sshconnect2.c sshd.c tildexpand.c]
+ replace 'unsigned bla' with 'u_bla' everywhere. also replace 'char
+ unsigned' with u_char.
+
+20001221
+ - (stevesk) OpenBSD CVS updates:
+ - markus@cvs.openbsd.org 2000/12/19 15:43:45
+ [authfile.c channels.c sftp-server.c ssh-agent.c]
+ remove() -> unlink() for consistency
+ - markus@cvs.openbsd.org 2000/12/19 15:48:09
+ [ssh-keyscan.c]
+ replace <ssl/x.h> with <openssl/x.h>
+ - markus@cvs.openbsd.org 2000/12/17 02:33:40
+ [uidswap.c]
+ typo; from wsanchez@apple.com
+
+20001220
+ - (djm) Workaround PAM inconsistencies between Solaris derived PAM code
+ and Linux-PAM. Based on report and fix from Andrew Morgan
+ <morgan@transmeta.com>
+
+20001218
+ - (stevesk) rsa.c: entropy.h not needed.
+ - (bal) split CFLAGS into CFLAGS and CPPFLAGS in configure.in and Makefile.
+ Suggested by Wilfredo Sanchez <wsanchez@apple.com>
+
+20001216
+ - (stevesk) OpenBSD CVS updates:
+ - markus@cvs.openbsd.org 2000/12/16 02:53:57
+ [scp.c]
+ allow + in usernames; request from Florian.Weimer@RUS.Uni-Stuttgart.DE
+ - markus@cvs.openbsd.org 2000/12/16 02:39:57
+ [scp.c]
+ unused; from stevesk@pobox.com
+
+20001215
+ - (stevesk) Old OpenBSD patch wasn't completely applied:
+ - markus@cvs.openbsd.org 2000/01/24 22:11:20
+ [scp.c]
+ allow '.' in usernames; from jedgar@fxp.org
+ - (stevesk) OpenBSD CVS updates:
+ - markus@cvs.openbsd.org 2000/12/13 16:26:53
+ [ssh-keyscan.c]
+ fatal already adds \n; from stevesk@pobox.com
+ - markus@cvs.openbsd.org 2000/12/13 16:25:44
+ [ssh-agent.c]
+ remove redundant spaces; from stevesk@pobox.com
+ - ho@cvs.openbsd.org 2000/12/12 15:50:21
+ [pty.c]
+ When failing to set tty owner and mode on a read-only filesystem, don't
+ abort if the tty already has correct owner and reasonably sane modes.
+ Example; permit 'root' to login to a firewall with read-only root fs.
+ (markus@ ok)
+ - deraadt@cvs.openbsd.org 2000/12/13 06:36:05
+ [pty.c]
+ KNF
+ - markus@cvs.openbsd.org 2000/12/12 14:45:21
+ [sshd.c]
+ source port < 1024 is no longer required for rhosts-rsa since it
+ adds no additional security.
+ - markus@cvs.openbsd.org 2000/12/12 16:11:49
+ [ssh.1 ssh.c]
+ rhosts-rsa is no longer automagically disabled if ssh is not privileged.
+ UsePrivilegedPort=no disables rhosts-rsa _only_ for old servers.
+ these changes should not change the visible default behaviour of the ssh client.
+ - deraadt@cvs.openbsd.org 2000/12/11 10:27:33
+ [scp.c]
+ when copying 0-sized files, do not re-print ETA time at completion
+ - provos@cvs.openbsd.org 2000/12/15 10:30:15
+ [kex.c kex.h sshconnect2.c sshd.c]
+ compute diffie-hellman in parallel between server and client. okay markus@
+
+20001213
+ - (djm) Make sure we reset the SIGPIPE disposition after we fork. Report
+ from Andreas M. Kirchwitz <amk@krell.zikzak.de>
+ - (stevesk) OpenBSD CVS update:
+ - markus@cvs.openbsd.org 2000/12/12 15:30:02
+ [ssh-keyscan.c ssh.c sshd.c]
+ consistently use __progname; from stevesk@pobox.com
+
+20001211
+ - (bal) Applied patch to include ssh-keyscan into Redhat's package, and
+ patch to install ssh-keyscan manpage. Patch by Pekka Savola
+ <pekka@netcore.fi>
+ - (bal) OpenbSD CVS update
+ - markus@cvs.openbsd.org 2000/12/10 17:01:53
+ [sshconnect1.c]
+ always request new challenge for skey/tis-auth, fixes interop with
+ other implementations; report from roth@feep.net
+
+20001210
+ - (bal) OpenBSD CVS updates
+ - markus@cvs.openbsd.org 2000/12/09 13:41:51
+ [cipher.c cipher.h rijndael.c rijndael.h rijndael_boxes.h]
+ undo rijndael changes
+ - markus@cvs.openbsd.org 2000/12/09 13:48:31
+ [rijndael.c]
+ fix byte order bug w/o introducing new implementation
+ - markus@cvs.openbsd.org 2000/12/09 14:08:27
+ [sftp-server.c]
+ "" -> "." for realpath; from vinschen@redhat.com
+ - markus@cvs.openbsd.org 2000/12/09 14:06:54
+ [ssh-agent.c]
+ extern int optind; from stevesk@sweden.hp.com
+ - provos@cvs.openbsd.org 2000/12/09 23:51:11
+ [compat.c]
+ remove unnecessary '\n'
+
+20001209
+ - (bal) OpenBSD CVS updates:
+ - djm@cvs.openbsd.org 2000/12/07 4:24:59
+ [ssh.1]
+ Typo fix from Wilfredo Sanchez <wsanchez@apple.com>; ok theo
+
+20001207
+ - (bal) OpenBSD CVS updates:
+ - markus@cvs.openbsd.org 2000/12/06 22:58:14
+ [compat.c compat.h packet.c]
+ disable debug messages for ssh.com/f-secure 2.0.1x, 2.1.0
+ - markus@cvs.openbsd.org 2000/12/06 23:10:39
+ [rijndael.c]
+ unexpand(1)
+ - markus@cvs.openbsd.org 2000/12/06 23:05:43
+ [cipher.c cipher.h rijndael.c rijndael.h rijndael_boxes.h]
+ new rijndael implementation. fixes endian bugs
+
+20001206
+ - (bal) OpenBSD CVS updates:
+ - markus@cvs.openbsd.org 2000/12/05 20:34:09
+ [channels.c channels.h clientloop.c serverloop.c]
+ async connects for -R/-L; ok deraadt@
+ - todd@cvs.openssh.org 2000/12/05 16:47:28
+ [sshd.c]
+ tweak comment to reflect real location of pid file; ok provos@
+ - (stevesk) Import <sys/queue.h> from OpenBSD for systems that don't
+ have it (used in ssh-keyscan).
+ - (stevesk) OpenBSD CVS update:
+ - markus@cvs.openbsd.org 2000/12/06 19:57:48
+ [ssh-keyscan.c]
+ err(3) -> internal error(), from stevesk@sweden.hp.com
+
+20001205
+ - (bal) OpenBSD CVS updates:
+ - markus@cvs.openbsd.org 2000/12/04 19:24:02
+ [ssh-keyscan.c ssh-keyscan.1]
+ David Maziere's ssh-keyscan, ok niels@
+ - (bal) Updated Makefile.in to include ssh-keyscan that was just added
+ to the recent OpenBSD source tree.
+ - (stevesk) fix typos in contrib/hpux/README
+
+20001204
+ - (bal) More C functions defined in NeXT that are unaccessable without
+ defining -POSIX.
+ - (bal) OpenBSD CVS updates:
+ - markus@cvs.openbsd.org 2000/12/03 11:29:04
+ [compat.c]
+ remove fallback to SSH_BUG_HMAC now that the drafts are updated
+ - markus@cvs.openbsd.org 2000/12/03 11:27:55
+ [compat.c]
+ correctly match "2.1.0.pl2 SSH" etc; from
+ pekkas@netcore.fi/bugzilla.redhat
+ - markus@cvs.openbsd.org 2000/12/03 11:15:03
+ [auth2.c compat.c compat.h sshconnect2.c]
+ support f-secure/ssh.com 2.0.12; ok niels@
+
+20001203
+ - (bal) OpenBSD CVS updates:
+ - markus@cvs.openbsd.org 2000/11/30 22:54:31
+ [channels.c]
+ debug->warn if tried to do -R style fwd w/o client requesting this;
+ ok neils@
+ - markus@cvs.openbsd.org 2000/11/29 20:39:17
+ [cipher.c]
+ des_cbc_encrypt -> des_ncbc_encrypt since it already updates the IV
+ - markus@cvs.openbsd.org 2000/11/30 18:33:05
+ [ssh-agent.c]
+ agents must not dump core, ok niels@
+ - markus@cvs.openbsd.org 2000/11/30 07:04:02
+ [ssh.1]
+ T is for both protocols
+ - markus@cvs.openbsd.org 2000/12/01 00:00:51
+ [ssh.1]
+ typo; from green@FreeBSD.org
+ - markus@cvs.openbsd.org 2000/11/30 07:02:35
+ [ssh.c]
+ check -T before isatty()
+ - provos@cvs.openbsd.org 2000/11/29 13:51:27
+ [sshconnect.c]
+ show IP address and hostname when new key is encountered. okay markus@
+ - markus@cvs.openbsd.org 2000/11/30 22:53:35
+ [sshconnect.c]
+ disable agent/x11/port fwding if hostkey has changed; ok niels@
+ - marksu@cvs.openbsd.org 2000/11/29 21:11:59
+ [sshd.c]
+ sshd -D, startup w/o deamon(), for monitoring scripts or inittab;
+ from handler@sub-rosa.com and eric@urbanrange.com; ok niels@
+ - (djm) Added patch from Nalin Dahyabhai <nalin@redhat.com> to enable
+ PAM authentication using KbdInteractive.
+ - (djm) Added another TODO
+
+20001202
+ - (bal) Backed out of part of Alain St-Denis' loginrec.c patch.
+ - (bal) Irix need some sort of mansubdir, patch by Michael Stone
+ <mstone@cs.loyola.edu>
+
+20001129
+ - (djm) Back out all the serverloop.c hacks. sshd will now hang again
+ if there are background children with open fds.
+ - (djm) bsd-rresvport.c bzero -> memset
+ - (djm) Don't fail in defines.h on absence of 64 bit types (we will
+ still fail during compilation of sftp-server).
+ - (djm) Fail if ar is not found during configure
+ - (djm) OpenBSD CVS updates:
+ - provos@cvs.openbsd.org 2000/11/22 08:38:31
+ [sshd.8]
+ talk about /etc/primes, okay markus@
+ - markus@cvs.openbsd.org 2000/11/23 14:03:48
+ [ssh.c sshconnect1.c sshconnect2.c]
+ complain about invalid ciphers for ssh1/ssh2, fall back to reasonable
+ defaults
+ - markus@cvs.openbsd.org 2000/11/25 09:42:53
+ [sshconnect1.c]
+ reorder check for illegal ciphers, bugreport from espie@
+ - markus@cvs.openbsd.org 2000/11/25 10:19:34
+ [ssh-keygen.c ssh.h]
+ print keytype when generating a key.
+ reasonable defaults for RSA1/RSA/DSA keys.
+ - (djm) Patch from Pekka Savola <Pekka.Savola@netcore.fi> to include a few
+ more manpage paths in fixpaths calls
+ - (djm) Also add xauth path at Pekka's suggestion.
+ - (djm) Add Redhat RPM patch for AUTHPRIV SyslogFacility
+
20001125
- (djm) Give up privs when reading seed file
20001117
- (bal) Changed from 'primes' to 'primes.out' for consistancy sake. It
has no affect the output. Patch by Corinna Vinschen <vinschen@redhat.com>
- - (stevek) Reworked progname support.
+ - (stevesk) Reworked progname support.
- (bal) Misplaced #include "includes.h" in bsd-setproctitle.c. Patch by
Shinichi Maruyama <marya@st.jip.co.jp>