+20051224
+ - (djm) OpenBSD CVS Sync
+ - jmc@cvs.openbsd.org 2005/12/20 21:59:43
+ [ssh.1]
+ merge the sections on protocols 1 and 2 into one section on
+ authentication;
+ feedback djm dtucker
+ ok deraadt markus dtucker
+ - jmc@cvs.openbsd.org 2005/12/20 22:02:50
+ [ssh.1]
+ .Ss -> .Sh: subsections have not made this page more readable
+ - jmc@cvs.openbsd.org 2005/12/20 22:09:41
+ [ssh.1]
+ move info on ssh return values and config files up into the main
+ description;
+ - jmc@cvs.openbsd.org 2005/12/21 11:48:16
+ [ssh.1]
+ -L and -R descriptions are now above, not below, ~C description;
+
+20051220
+ - (dtucker) OpenBSD CVS Sync
+ - reyk@cvs.openbsd.org 2005/12/13 15:03:02
+ [serverloop.c]
+ if forced_tun_device is not set, it is -1 and not SSH_TUNID_ANY
+ - jmc@cvs.openbsd.org 2005/12/16 18:07:08
+ [ssh.1]
+ move the option descriptions up the page: start of a restructure;
+ ok markus deraadt
+ - jmc@cvs.openbsd.org 2005/12/16 18:08:53
+ [ssh.1]
+ simplify a sentence;
+ - jmc@cvs.openbsd.org 2005/12/16 18:12:22
+ [ssh.1]
+ make the description of -c a little nicer;
+ - jmc@cvs.openbsd.org 2005/12/16 18:14:40
+ [ssh.1]
+ signpost the protocol sections;
+ - stevesk@cvs.openbsd.org 2005/12/17 21:13:05
+ [ssh_config.5 session.c]
+ spelling: fowarding, fowarded
+ - stevesk@cvs.openbsd.org 2005/12/17 21:36:42
+ [ssh_config.5]
+ spelling: intented -> intended
+ - dtucker@cvs.openbsd.org 2005/12/20 04:41:07
+ [ssh.c]
+ exit(255) on error to match description in ssh(1); bz #1137; ok deraadt@
+
+20051219
+ - (dtucker) [cipher-aes.c cipher-ctr.c cipher.c configure.ac
+ openbsd-compat/openssl-compat.h] Check for and work around broken AES
+ ciphers >128bit on (some) Solaris 10 systems. ok djm@
+
+20051217
+ - (dtucker) [defines.h] HP-UX system headers define "YES" and "NO" which
+ scp.c also uses, so undef them here.
+ - (dtucker) [configure.ac openbsd-compat/bsd-snprintf.c] Bug #1133: Our
+ snprintf replacement can have a conflicting declaration in HP-UX's system
+ headers (const vs. no const) so we now check for and work around it. Patch
+ from the dynamic duo of David Leonard and Ted Percival.
+
+20051214
+ - (dtucker) OpenBSD CVS Sync (regress/)
+ - dtucker@cvs.openbsd.org 2005/12/30 04:36:39
+ [regress/scp-ssh-wrapper.sh]
+ Fix assumption about how many args scp will pass; ok djm@
+
+20051213
+ - (djm) OpenBSD CVS Sync
+ - jmc@cvs.openbsd.org 2005/11/30 11:18:27
+ [ssh.1]
+ timezone -> time zone
+ - jmc@cvs.openbsd.org 2005/11/30 11:45:20
+ [ssh.1]
+ avoid ambiguities in describing TZ;
+ ok djm@
+ - reyk@cvs.openbsd.org 2005/12/06 22:38:28
+ [auth-options.c auth-options.h channels.c channels.h clientloop.c]
+ [misc.c misc.h readconf.c readconf.h scp.c servconf.c servconf.h]
+ [serverloop.c sftp.c ssh.1 ssh.c ssh_config ssh_config.5 sshconnect.c]
+ [sshconnect.h sshd.8 sshd_config sshd_config.5]
+ Add support for tun(4) forwarding over OpenSSH, based on an idea and
+ initial channel code bits by markus@. This is a simple and easy way to
+ use OpenSSH for ad hoc virtual private network connections, e.g.
+ administrative tunnels or secure wireless access. It's based on a new
+ ssh channel and works similar to the existing TCP forwarding support,
+ except that it depends on the tun(4) network interface on both ends of
+ the connection for layer 2 or layer 3 tunneling. This diff also adds
+ support for LocalCommand in the ssh(1) client.
+ ok djm@, markus@, jmc@ (manpages), tested and discussed with others
+ - djm@cvs.openbsd.org 2005/12/07 03:52:22
+ [clientloop.c]
+ reyk forgot to compile with -Werror (missing header)
+ - jmc@cvs.openbsd.org 2005/12/07 10:52:13
+ [ssh.1]
+ - avoid line split in SYNOPSIS
+ - add args to -w
+ - kill trailing whitespace
+ - jmc@cvs.openbsd.org 2005/12/08 14:59:44
+ [ssh.1 ssh_config.5]
+ make `!command' a little clearer;
+ ok reyk
+ - jmc@cvs.openbsd.org 2005/12/08 15:06:29
+ [ssh_config.5]
+ keep options in order;
+ - reyk@cvs.openbsd.org 2005/12/08 18:34:11
+ [auth-options.c includes.h misc.c misc.h readconf.c servconf.c]
+ [serverloop.c ssh.c ssh_config.5 sshd_config.5 configure.ac]
+ two changes to the new ssh tunnel support. this breaks compatibility
+ with the initial commit but is required for a portable approach.
+ - make the tunnel id u_int and platform friendly, use predefined types.
+ - support configuration of layer 2 (ethernet) or layer 3
+ (point-to-point, default) modes. configuration is done using the
+ Tunnel (yes|point-to-point|ethernet|no) option is ssh_config(5) and
+ restricted by the PermitTunnel (yes|point-to-point|ethernet|no) option
+ in sshd_config(5).
+ ok djm@, man page bits by jmc@
+ - jmc@cvs.openbsd.org 2005/12/08 21:37:50
+ [ssh_config.5]
+ new sentence, new line;
+ - markus@cvs.openbsd.org 2005/12/12 13:46:18
+ [channels.c channels.h session.c]
+ make sure protocol messages for internal channels are ignored.
+ allow adjust messages for non-open channels; with and ok djm@
+ - (djm) [misc.c] Disable tunnel code for non-OpenBSD (for now), enable
+ again by providing a sys_tun_open() function for your platform and
+ setting the CUSTOM_SYS_TUN_OPEN define. More work is required to match
+ OpenBSD's tunnel protocol, which prepends the address family to the
+ packet
+
+20051201
+ - (djm) [envpass.sh] Remove regress script that was accidentally committed
+ in top level directory and not noticed for over a year :)
+
+20051129
+ - (tim) [ssh-keygen.c] Move DSA length test after setting default when
+ bits == 0.
+ - (dtucker) OpenBSD CVS Sync
+ - dtucker@cvs.openbsd.org 2005/11/29 02:04:55
+ [ssh-keygen.c]
+ Populate default key sizes before checking them; from & ok tim@
+ - (tim) [configure.ac sshd.8] Enable locked account check (a "*LK*" string)
+ for UnixWare.
+
+20051128
+ - (dtucker) [regress/yes-head.sh] Work around breakage caused by some
+ versions of GNU head. Based on patch from zappaman at buraphalinux.org
+ - (dtucker) [includes.h] Bug #1122: __USE_GNU is a glibc internal macro, use
+ _GNU_SOURCE instead. Patch from t8m at centrum.cz.
+ - (dtucker) OpenBSD CVS Sync
+ - dtucker@cvs.openbsd.org 2005/11/28 05:16:53
+ [ssh-keygen.1 ssh-keygen.c]
+ Enforce DSA key length of exactly 1024 bits to comply with FIPS-186-2,
+ increase minumum RSA key size to 768 bits and update man page to reflect
+ these. Patch originally bz#1119 (senthilkumar_sen at hotpop.com),
+ ok djm@, grudging ok deraadt@.
+ - dtucker@cvs.openbsd.org 2005/11/28 06:02:56
+ [ssh-agent.1]
+ Update agent socket path templates to reflect reality, correct xref for
+ time formats. bz#1121, patch from openssh at roumenpetrov.info, ok djm@
+
+20051126
+ - (dtucker) [configure.ac] Bug #1126: AIX 5.2 and 5.3 (and presumably newer,
+ when they're available) need the real UID set otherwise pam_chauthtok will
+ set ADMCHG after changing the password, forcing the user to change it
+ again immediately.
+
+20051125
+ - (dtucker) [configure.ac] Apply tim's fix for older systems where the
+ resolver state in resolv.h is "state" not "__res_state". With slight
+ modification by me to also work on old AIXes. ok djm@
+ - (dtucker) [progressmeter.c scp.c sftp-server.c] Use correct casts for
+ snprintf formats, fixes warnings on some 64 bit platforms. Patch from
+ shaw at vranix.com, ok djm@
+
+20051124
+ - (djm) [configure.ac openbsd-compat/Makefile.in openbsd-compat/bsd-asprintf.c
+ openbsd-compat/bsd-snprintf.c openbsd-compat/openbsd-compat.h] Add an
+ asprintf() implementation, after syncing our {v,}snprintf() implementation
+ with some extra fixes from Samba's version. With help and debugging from
+ dtucker and tim; ok dtucker@
+ - (dtucker) [configure.ac] Fix typos in comments and AC_SEARCH_LIB argument
+ order in Reliant Unix block. Patch from johane at lysator.liu.se.
+ - (dtucker) [regress/test-exec.sh] Use 1024 bit keys since we generate so
+ many and use them only once. Speeds up testing on older/slower hardware.
+
+20051122
+ - (dtucker) OpenBSD CVS Sync
+ - deraadt@cvs.openbsd.org 2005/11/12 18:37:59
+ [ssh-add.c]
+ space
+ - deraadt@cvs.openbsd.org 2005/11/12 18:38:15
+ [scp.c]
+ avoid close(-1), as in rcp; ok cloder
+ - millert@cvs.openbsd.org 2005/11/15 11:59:54
+ [includes.h]
+ Include sys/queue.h explicitly instead of assuming some other header
+ will pull it in. At the moment it gets pulled in by sys/select.h
+ (which ssh has no business including) via event.h. OK markus@
+ (ID sync only in -portable)
+ - dtucker@cvs.openbsd.org 2005/11/21 09:42:10
+ [auth-krb5.c]
+ Perform Kerberos calls even for invalid users to prevent leaking
+ information about account validity. bz #975, patch originally from
+ Senthil Kumar, sanity checked by Simon Wilkinson, tested by djm@, biorn@,
+ ok markus@
+ - dtucker@cvs.openbsd.org 2005/11/22 03:36:03
+ [hostfile.c]
+ Correct format/arguments to debug call; spotted by shaw at vranix.com
+ ok djm@
+ - (dtucker) [loginrec.c] Add casts to prevent compiler warnings, patch
+ from shaw at vranix.com.
+
+20051120
+ - (dtucker) [openbsd-compat/openssl-compat.h] Add comment explaining what
+ is going on.
+
+20051112
+ - (dtucker) [openbsd-compat/getrrsetbyname.c] Restore Portable-specific
+ ifdef lost during sync. Spotted by tim@.
+ - (dtucker) [openbsd-compat/{realpath.c,stroll.c,rresvport.c}] $OpenBSD tag.
+ - (dtucker) [configure.ac] Use "$AWK" instead of "awk" in gcc version test.
+ - (dtucker) [configure.ac] Remove duplicate utimes() check. ok djm@
+ - (dtucker) [regress/reconfigure.sh] Fix potential race in the reconfigure
+ test: if sshd takes too long to reconfigure the subsequent connection will
+ fail. Zap pidfile before HUPing sshd which will rewrite it when it's ready.
+
+20051110
+ - (dtucker) [openbsd-compat/setenv.c] Merge changes for __findenv from
+ OpenBSD getenv.c revs 1.4 - 1.8 (ANSIfication of arguments, removal of
+ "register").
+ - (dtucker) [openbsd-compat/setenv.c] Make __findenv static, remove
+ unnecessary prototype.
+ - (dtucker) [openbsd-compat/setenv.c] Sync changes from OpenBSD setenv.c
+ revs 1.7 - 1.9.
+ - (dtucker) [auth-krb5.c] Fix -Wsign-compare warning in non-Heimdal path.
+ Patch from djm@.
+ - (dtucker) [configure.ac] Disable pointer-sign warnings on gcc 4.0+
+ since they're not useful right now. Patch from djm@.
+ - (dtucker) [openbsd-compat/getgrouplist.c] Sync OpenBSD revs 1.10 - 1.2 (ANSI
+ prototypes, removal of "register").
+ - (dtucker) [openbsd-compat/strlcat.c] Sync OpenBSD revs 1.11 - 1.12 (removal
+ of "register").
+ - (dtucker) [openbsd-compat/{LOTS}] Move the "OPENBSD ORIGINAL" markers to
+ after the copyright notices. Having them at the top next to the CVSIDs
+ guarantees a conflict for each and every sync.
+ - (dtucker) [openbsd-compat/strlcpy.c] Update from OpenBSD 1.8 -> 1.10.
+ - (dtucker) [openbsd-compat/sigact.h] Add "OPENBSD ORIGINAL" marker.
+ - (dtucker) [openbsd-compat/strmode.c] Update from OpenBSD 1.5 -> 1.7.
+ Removal of rcsid, "whiteout" inode type.
+ - (dtucker) [openbsd-compat/basename.c] Update from OpenBSD 1.11 -> 1.14.
+ Removal of rcsid, will no longer strlcpy parts of the string.
+ - (dtucker) [openbsd-compat/strtoll.c] Update from OpenBSD 1.4 -> 1.5.
+ - (dtucker) [openbsd-compat/strtoul.c] Update from OpenBSD 1.5 -> 1.7.
+ - (dtucker) [openbsd-compat/readpassphrase.c] Update from OpenBSD 1.16 -> 1.18.
+ - (dtucker) [openbsd-compat/readpassphrase.h] Update from OpenBSD 1.3 -> 1.5.
+ - (dtucker) [openbsd-compat/glob.c] Update from OpenBSD 1.22 -> 1.25.
+ - (dtucker) [openbsd-compat/glob.h] Update from OpenBSD 1.8 -> 1.9.
+ - (dtucker) [openbsd-compat/getcwd.c] Update from OpenBSD 1.9 -> 1.14.
+ - (dtucker) [openbsd-compat/getcwd.c] Replace lstat with fstat to match up
+ with OpenBSD code since we don't support platforms without fstat any more.
+ - (dtucker) [openbsd-compat/inet_aton.c] Update from OpenBSD 1.7 -> 1.9.
+ - (dtucker) [openbsd-compat/inet_ntoa.c] Update from OpenBSD 1.4 -> 1.6.
+ - (dtucker) [openbsd-compat/inet_ntop.c] Update from OpenBSD 1.5 -> 1.7.
+ - (dtucker) [openbsd-compat/daemon.c] Update from OpenBSD 1.5 -> 1.6.
+ - (dtucker) [openbsd-compat/strsep.c] Update from OpenBSD 1.5 -> 1.6.
+ - (dtucker) [openbsd-compat/daemon.c] Update from OpenBSD 1.10 -> 1.13.
+ - (dtucker) [openbsd-compat/mktemp.c] Update from OpenBSD 1.17 -> 1.19.
+ - (dtucker) [openbsd-compat/rresvport.c] Update from OpenBSD 1.6 -> 1.8.
+ - (dtucker) [openbsd-compat/bindresvport.c] Add "OPENBSD ORIGINAL" marker.
+ - (dtucker) [openbsd-compat/bindresvport.c] Update from OpenBSD 1.16 -> 1.17.
+ - (dtucker) [openbsd-compat/sigact.c] Update from OpenBSD 1.3 -> 1.4.
+ Id and copyright sync only, there were no substantial changes we need.
+ - (dtucker) [openbsd-compat/bsd-closefrom.c openbsd-compat/base64.c]
+ -Wsign-compare fixes from djm.
+ - (dtucker) [openbsd-compat/sigact.h] Update from OpenBSD 1.2 -> 1.3.
+ Id and copyright sync only, there were no substantial changes we need.
+ - (dtucker) [configure.ac] Try to get the gcc version number in a way that
+ doesn't change between versions, and use a safer default.
+
+20051105
+ - (djm) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2005/10/07 11:13:57
+ [ssh-keygen.c]
+ change DSA default back to 1024, as it's defined for 1024 bits only
+ and this causes interop problems with other clients. moreover,
+ in order to improve the security of DSA you need to change more
+ components of DSA key generation (e.g. the internal SHA1 hash);
+ ok deraadt
+ - djm@cvs.openbsd.org 2005/10/10 10:23:08
+ [channels.c channels.h clientloop.c serverloop.c session.c]
+ fix regression I introduced in 4.2: X11 forwardings initiated after
+ a session has exited (e.g. "(sleep 5; xterm) &") would not start.
+ bz #1086 reported by t8m AT centrum.cz; ok markus@ dtucker@
+ - djm@cvs.openbsd.org 2005/10/11 23:37:37
+ [channels.c]
+ bz #1076 set SO_REUSEADDR on X11 forwarding listner sockets, preventing
+ bind() failure when a previous connection's listeners are in TIME_WAIT,
+ reported by plattner AT inf.ethz.ch; ok dtucker@
+ - stevesk@cvs.openbsd.org 2005/10/13 14:03:01
+ [auth2-gss.c gss-genr.c gss-serv.c]
+ remove unneeded #includes; ok markus@
+ - stevesk@cvs.openbsd.org 2005/10/13 14:20:37
+ [gss-serv.c]
+ spelling in comments
+ - stevesk@cvs.openbsd.org 2005/10/13 19:08:08
+ [gss-serv-krb5.c gss-serv.c]
+ unused declarations; ok deraadt@
+ (id sync only for gss-serv-krb5.c)
+ - stevesk@cvs.openbsd.org 2005/10/13 19:13:41
+ [dns.c]
+ unneeded #include, unused declaration, little knf; ok deraadt@
+ - stevesk@cvs.openbsd.org 2005/10/13 22:24:31
+ [auth2-gss.c gss-genr.c gss-serv.c monitor.c]
+ KNF; ok djm@
+ - stevesk@cvs.openbsd.org 2005/10/14 02:17:59
+ [ssh-keygen.c ssh.c sshconnect2.c]
+ no trailing "\n" for log functions; ok djm@
+ - stevesk@cvs.openbsd.org 2005/10/14 02:29:37
+ [channels.c clientloop.c]
+ free()->xfree(); ok djm@
+ - stevesk@cvs.openbsd.org 2005/10/15 15:28:12
+ [sshconnect.c]
+ make external definition static; ok deraadt@
+ - stevesk@cvs.openbsd.org 2005/10/17 13:45:05
+ [dns.c]
+ fix memory leaks from 2 sources:
+ 1) key_fingerprint_raw()
+ 2) malloc in dns_read_rdata()
+ ok jakob@
+ - stevesk@cvs.openbsd.org 2005/10/17 14:01:28
+ [dns.c]
+ remove #ifdef LWRES; ok jakob@
+ - stevesk@cvs.openbsd.org 2005/10/17 14:13:35
+ [dns.c dns.h]
+ more cleanups; ok jakob@
+ - djm@cvs.openbsd.org 2005/10/30 01:23:19
+ [ssh_config.5]
+ mention control socket fallback behaviour, reported by
+ tryponraj AT gmail.com
+ - djm@cvs.openbsd.org 2005/10/30 04:01:03
+ [ssh-keyscan.c]
+ make ssh-keygen discard junk from server before SSH- ident, spotted by
+ dave AT cirt.net; ok dtucker@
+ - djm@cvs.openbsd.org 2005/10/30 04:03:24
+ [ssh.c]
+ fix misleading debug message; ok dtucker@
+ - dtucker@cvs.openbsd.org 2005/10/30 08:29:29
+ [canohost.c sshd.c]
+ Check for connections with IP options earlier and drop silently. ok djm@
+ - jmc@cvs.openbsd.org 2005/10/30 08:43:47
+ [ssh_config.5]
+ remove trailing whitespace;
+ - djm@cvs.openbsd.org 2005/10/30 08:52:18
+ [clientloop.c packet.c serverloop.c session.c ssh-agent.c ssh-keygen.c]
+ [ssh.c sshconnect.c sshconnect1.c sshd.c]
+ no need to escape single quotes in comments, no binary change
+ - dtucker@cvs.openbsd.org 2005/10/31 06:15:04
+ [sftp.c]
+ Fix sorting with "ls -1" command. From Robert Tsai, "looks right" deraadt@
+ - djm@cvs.openbsd.org 2005/10/31 11:12:49
+ [ssh-keygen.1 ssh-keygen.c]
+ generate a protocol 2 RSA key by default
+ - djm@cvs.openbsd.org 2005/10/31 11:48:29
+ [serverloop.c]
+ make sure we clean up wtmp, etc. file when we receive a SIGTERM,
+ SIGINT or SIGQUIT when running without privilege separation (the
+ normal privsep case is already OK). Patch mainly by dtucker@ and
+ senthilkumar_sen AT hotpop.com; ok dtucker@
+ - jmc@cvs.openbsd.org 2005/10/31 19:55:25
+ [ssh-keygen.1]
+ grammar;
+ - dtucker@cvs.openbsd.org 2005/11/03 13:38:29
+ [canohost.c]
+ Cache reverse lookups with and without DNS separately; ok markus@
+ - djm@cvs.openbsd.org 2005/11/04 05:15:59
+ [kex.c kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c]
+ remove hardcoded hash lengths in key exchange code, allowing
+ implementation of KEX methods with different hashes (e.g. SHA-256);
+ ok markus@ dtucker@ stevesk@
+ - djm@cvs.openbsd.org 2005/11/05 05:01:15
+ [bufaux.c]
+ Fix leaks in error paths, bz #1109 and #1110 reported by kremenek AT
+ cs.stanford.edu; ok dtucker@
+ - (dtucker) [README.platform] Add PAM section.
+ - (djm) [openbsd-compat/getrrsetbyname.c] Sync to latest OpenBSD version,
+ resolving memory leak bz#1111 reported by kremenek AT cs.stanford.edu;
+ ok dtucker@
+
+20051102
+ - (dtucker) [openbsd-compat/bsd-misc.c] Bug #1108: fix broken strdup().
+ Reported by olavi at ipunplugged.com and antoine.brodin at laposte.net
+ via FreeBSD.
+
+20051030
+ - (djm) [contrib/suse/openssh.spec contrib/suse/rc.
+ sshd contrib/suse/sysconfig.ssh] Bug #1106: Updated SuSE spec and init
+ files from imorgan AT nas.nasa.gov
+ - (dtucker) [session.c] Bug #1045do not check /etc/nologin when PAM is
+ enabled, instead allow PAM to handle it. Note that on platforms using PAM,
+ the pam_nologin module should be added to sshd's session stack in order to
+ maintain exising behaviour. Based on patch and discussion from t8m at
+ centrum.cz, ok djm@
+
+20051025
+ - (dtucker) [configure.ac] Relocate LLONG_MAX calculation to after the
+ sizeof(long long) checks, to make fixing bug #1104 easier (no changes
+ yet).
+ - (dtucker) [configure.ac] Bug #1104: Tru64's printf family doesn't
+ understand "%lld", even though the compiler has "long long", so handle
+ it as a special case. Patch tested by mcaskill.scott at epa.gov.
+ - (dtucker) [contrib/cygwin/ssh-user-config] Remove duplicate yes/no
+ prompt. Patch from vinschen at redhat.com.
+
+20051017
+ - (dtucker) [configure.ac] Bug #1097: Fix configure for cross-compiling.
+ /etc/default/login report and testing from aabaker at iee.org, corrections
+ from tim@.
+
+20051009
+ - (dtucker) [configure.ac defines.h openbsd-compat/vis.{c,h}] Sync current
+ versions from OpenBSD. ok djm@
+
+20051008
+ - (dtucker) [configure.ac] Bug #1098: define $MAIL for HP-UX; report from
+ brian.smith at agilent com.
+ - (djm) [configure.ac] missing 'test' call for -with-Werror test
+
+20051005
+ - (dtucker) [configure.ac sshd.8] Enable locked account check (a prepended
+ "*LOCKED*" string) for FreeBSD. Patch jeremie at le-hen.org and
+ senthilkumar_sen at hotpop.com.
+
+20051003
+ - (dtucker) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2005/09/07 08:53:53
+ [channels.c]
+ enforce chanid != NULL; ok djm
+ - markus@cvs.openbsd.org 2005/09/09 19:18:05
+ [clientloop.c]
+ typo; from mark at mcs.vuw.ac.nz, bug #1082
+ - djm@cvs.openbsd.org 2005/09/13 23:40:07
+ [sshd.c ssh.c misc.h sftp.c ssh-keygen.c ssh-keysign.c sftp-server.c
+ scp.c misc.c ssh-keyscan.c ssh-add.c ssh-agent.c]
+ ensure that stdio fds are attached; ok deraadt@
+ - djm@cvs.openbsd.org 2005/09/19 11:37:34
+ [ssh_config.5 ssh.1]
+ mention ability to specify bind_address for DynamicForward and -D options;
+ bz#1077 spotted by Haruyama Seigo
+ - djm@cvs.openbsd.org 2005/09/19 11:47:09
+ [sshd.c]
+ stop connection abort on rekey with delayed compression enabled when
+ post-auth privsep is disabled (e.g. when root is logged in); ok dtucker@
+ - djm@cvs.openbsd.org 2005/09/19 11:48:10
+ [gss-serv.c]
+ typo
+ - jmc@cvs.openbsd.org 2005/09/19 15:38:27
+ [ssh.1]
+ some more .Bk/.Ek to avoid ugly line split;
+ - jmc@cvs.openbsd.org 2005/09/19 15:42:44
+ [ssh.c]
+ update -D usage here too;
+ - djm@cvs.openbsd.org 2005/09/19 23:31:31
+ [ssh.1]
+ spelling nit from stevesk@
+ - djm@cvs.openbsd.org 2005/09/21 23:36:54
+ [sshd_config.5]
+ aquire -> acquire, from stevesk@
+ - djm@cvs.openbsd.org 2005/09/21 23:37:11
+ [sshd.c]
+ change label at markus@'s request
+ - jaredy@cvs.openbsd.org 2005/09/30 20:34:26
+ [ssh-keyscan.1]
+ deploy .An -nosplit; ok jmc
+ - dtucker@cvs.openbsd.org 2005/10/03 07:44:42
+ [canohost.c]
+ Relocate check_ip_options call to prevent logging of garbage for
+ connections with IP options set. bz#1092 from David Leonard,
+ "looks good" deraadt@
+ - (dtucker) [regress/README.regress] Bug #989: Document limitation that scp
+ is required in the system path for the multiplex test to work.
+
+20050930
+ - (dtucker) [openbsd-compat/openbsd-compat.h] Bug #1096: Add prototype
+ for strtoll. Patch from o.flebbe at science-computing.de.
+ - (dtucker) [monitor.c] Bug #1087: Send loginmsg to preauth privsep
+ child during PAM account check without clearing it. This restores the
+ post-login warnings such as LDAP password expiry. Patch from Tomas Mraz
+ with help from several others.
+
+20050929
+ - (dtucker) [monitor_wrap.c] Remove duplicate definition of loginmsg
+ introduced during sync.
+
+20050928
+ - (dtucker) [entropy.c] Use u_char for receiving RNG seed for consistency.
+ - (dtucker) [auth-pam.c] Bug #1028: send final non-query messages from
+ PAM via keyboard-interactive. Patch tested by the folks at Vintela.
+
+20050927
+ - (dtucker) [entropy.c] Remove unnecessary tests for getuid and geteuid
+ calls, since they can't possibly fail. ok djm@
+ - (dtucker) [entropy.c entropy.h sshd.c] Pass RNG seed to the reexec'ed
+ process when sshd relies on ssh-random-helper. Should result in faster
+ logins on systems without a real random device or prngd. ok djm@
+
+20050924
+ - (dtucker) [auth2.c] Move start_pam() calls out of if-else block to remove
+ duplicate call. ok djm@
+
+20050922
+ - (dtucker) [configure.ac] Use -R linker flag for libedit too; patch from
+ skeleten at shillest.net.
+ - (dtucker) [configure.ac] Fix help for --with-opensc; patch from skeleten at
+ shillest.net.
+
+20050919
+ - (tim) [aclocal.m4 configure.ac] Delete acconfig.h and add templates to
+ AC_DEFINE and AC_DEFINE_UNQUOTED to quiet autoconf 2.59 warning messages.
+ ok dtucker@
+
+20050912
+ - (tim) [configure.ac] Bug 1078. Fix --without-kerberos5. Reported by
+ Mike Frysinger.
+
+20050908
+ - (tim) [defines.h openbsd-compat/port-uw.c] Add long password support to
+ OpenServer 6 and add osr5bigcrypt support so when someone migrates
+ passwords between UnixWare and OpenServer they will still work. OK dtucker@
+
+20050901
+ - (djm) Update RPM spec file versions
+
+20050831
+ - (djm) OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2005/08/30 22:08:05
+ [gss-serv.c sshconnect2.c]
+ destroy credentials if krb5_kuserok() call fails. Stops credentials being
+ delegated to users who are not authorised for GSSAPIAuthentication when
+ GSSAPIDeletegateCredentials=yes and another authentication mechanism
+ succeeds; bz#1073 reported by paul.moore AT centrify.com, fix by
+ simon AT sxw.org.uk, tested todd@ biorn@ jakob@; ok deraadt@
+ - markus@cvs.openbsd.org 2005/08/31 09:28:42
+ [version.h]
+ 4.2
+ - (dtucker) [README] Update release note URL to 4.2
+ - (tim) [configure.ac auth.c defines.h session.c openbsd-compat/port-uw.c
+ openbsd-compat/port-uw.h openbsd-compat/xcrypt.c] libiaf cleanup. Disable
+ libiaf bits for OpenServer6. Free memory allocated by ia_get_logpwd().
+ Feedback and OK dtucker@
+
+20050830
+ - (tim) [configure.ac] Back out last change. It needs to be done differently.
+
+20050829
+ - (tim) [configure.ac] ia_openinfo() seems broken on OSR6. Limit UW long
+ password support to 7.x for now.
+
+20050826
+ - (tim) [CREDITS LICENCE auth.c configure.ac defines.h includes.h session.c
+ openbsd-compat/Makefile.in openbsd-compat/openbsd-compat.h
+ openbsd-compat/xcrypt.c] New files [openssh/openbsd-compat/port-uw.c
+ openssh/openbsd-compat/port-uw.h] Support long passwords (> 8-char)
+ on UnixWare 7 from Dhiraj Gulati and Ahsan Rashid. Cleanup and testing
+ by tim@. Feedback and OK dtucker@
+
+20050823
+ - (dtucker) [regress/test-exec.sh] Do not prepend an extra "/" to a fully-
+ qualified sshd pathname since some systems (eg Cygwin) may consider "/foo"
+ and "//foo" to be different. Spotted by vinschen at redhat.com.
+ - (tim) [configure.ac] Not all gcc's support -Wsign-compare. Enhancements
+ and OK dtucker@
+ - (tim) [defines.h] PATH_MAX bits for OpenServer OK dtucker@
+
+20050821
+ - (dtucker) [configure.ac defines.h includes.h sftp.c] Add support for
+ LynxOS, patch from Olli Savia (ops at iki.fi). ok djm@
+
+20050816
+ - (djm) [ttymodes.c] bugzilla #1025: Fix encoding of _POSIX_VDISABLE,
+ from Jacob Nevins; ok dtucker@
+
+20050815
+ - (tim) [sftp.c] wrap el_end() in #ifdef USE_LIBEDIT
+ - (tim) [configure.ac] corrections to libedit tests. Report and patches
+ by skeleten AT shillest.net
+
+20050812
+ - (djm) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2005/07/28 17:36:22
+ [packet.c]
+ missing packet_init_compression(); from solar
+ - djm@cvs.openbsd.org 2005/07/30 01:26:16
+ [ssh.c]
+ fix -D listen_host initialisation, so it picks up gateway_ports setting
+ correctly
+ - djm@cvs.openbsd.org 2005/07/30 02:03:47
+ [readconf.c]
+ listen_hosts initialisation here too; spotted greg AT y2005.nest.cx
+ - dtucker@cvs.openbsd.org 2005/08/06 10:03:12
+ [servconf.c]
+ Unbreak sshd ListenAddress for bare IPv6 addresses.
+ Report from Janusz Mucka; ok djm@
+ - jaredy@cvs.openbsd.org 2005/08/08 13:22:48
+ [sftp.c]
+ sftp prompt enhancements:
+ - in non-interactive mode, do not print an empty prompt at the end
+ before finishing
+ - print newline after EOF in editline mode
+ - call el_end() in editline mode
+ ok dtucker djm
+
+20050810
+ - (dtucker) [configure.ac] Test libedit library and headers for compatibility.
+ Report from skeleten AT shillest.net, ok djm@
+ - (dtucker) [LICENCE configure.ac defines.h openbsd-compat/realpath.c]
+ Sync current (thread-safe) version of realpath.c from OpenBSD (which is
+ in turn based on FreeBSD's). ok djm@
+
+20050809
+ - (tim) [configure.ac] Allow --with-audit=no. OK dtucker@
+ Report by skeleten AT shillest.net
+
+20050803
+ - (dtucker) [openbsd-compat/fake-rfc2553.h] Check for EAI_* defines
+ individually and use a value less likely to collide with real values from
+ netdb.h. Fixes compile warnings on FreeBSD 5.3. ok djm@
+ - (dtucker) [openbsd-compat/fake-rfc2553.h] MAX_INT -> INT_MAX since the
+ latter is specified in the standard.
+
20050802
- (dtucker) OpenBSD CVS Sync
- dtucker@cvs.openbsd.org 2005/07/27 10:39:03