+20030514
+ - (djm) Bug #117: Don't lie to PAM about username
+ - (djm) RCSID sync w/ OpenBSD
+
+20030512
+ - (djm) Redhat spec: Don't install profile.d scripts when not
+ building with GNOME/GTK askpass (patch from bet@rahul.net)
+
+20030510
+ - (dtucker) Bug #318: Create ssh_prng_cmds.out during "make" rather than
+ "make install". Patch by roth@feep.net.
+ - (dtucker) Bug #536: Test for and work around openpty/controlling tty
+ problem on Linux (fixes "could not set controlling tty" errors).
+ - (djm) Merge FreeBSD PAM code: replaces PAM password auth kludge with
+ proper challenge-response module
+ - (djm) 2-clause license on loginrec.c, with permission from
+ andre@ae-35.com
+
+20030504
+ - (dtucker) Bug #497: Move #include of bsd-cygwin_util.h to openbsd-compat.h.
+ Patch from vinschen@redhat.com.
+
+20030503
+ - (dtucker) Add missing "void" to record_failed_login in bsd-cray.c. Noted
+ by wendyp@cray.com.
+
+20030502
+ - (dtucker) Bug #544: ignore invalid cmsg_type on Linux 2.0 kernels,
+ privsep should now work.
+ - (dtucker) Move handling of bad password authentications into a platform
+ specific record_failed_login() function (affects AIX & Unicos). ok mouring@
+
+20030429
+ - (djm) Add back radix.o (used by AFS support), after it went missing from
+ Makefile many moons ago
+ - (djm) Apply "owl-always-auth" patch from Openwall/Solar Designer
+ - (djm) Fix blibpath specification for AIX/gcc
+ - (djm) Some systems have basename in -lgen. Fix from ayamura@ayamura.org
+
+20030428
+ - (bal) [defines.h progressmeter.c scp.c] Some more culling of non 64bit
+ hacked code.
+
+20030427
+ - (bal) Bug #541: return; was dropped by mistake. Reported by
+ furrier@iglou.com
+ - (bal) Since we don't support platforms lacking u_int_64. We may
+ as well clean out some of those evil #ifdefs
+ - (bal) auth1.c minor resync while looking at the code.
+ - (bal) auth2.c same changed as above.
+
+20030409
+ - (djm) Bug #539: Specify creation mode with O_CREAT for lastlog. Report
+ from matth@eecs.berkeley.edu
+ - (djm) Make the spec work with Redhat 9.0 (which renames sharutils)
+ - (djm) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2003/04/02 09:48:07
+ [clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
+ [readconf.h serverloop.c sshconnect2.c]
+ reapply rekeying chage, tested by henning@, ok djm@
+ - markus@cvs.openbsd.org 2003/04/02 14:36:26
+ [ssh-keysign.c]
+ potential segfault if KEY_UNSPEC; cjwatson@debian.org; bug #526
+ - itojun@cvs.openbsd.org 2003/04/03 07:25:27
+ [progressmeter.c]
+ $OpenBSD$
+ - itojun@cvs.openbsd.org 2003/04/03 10:17:35
+ [progressmeter.c]
+ remove $OpenBSD$, as other *.c does not have it.
+ - markus@cvs.openbsd.org 2003/04/07 08:29:57
+ [monitor_wrap.c]
+ typo: get correct counters; introduced during rekeying change.
+ - millert@cvs.openbsd.org 2003/04/07 21:58:05
+ [progressmeter.c]
+ The UCB copyright here is incorrect. This code did not originate
+ at UCB, it was written by Luke Mewburn. Updated the copyright at
+ the author's request. markus@ OK
+ - itojun@cvs.openbsd.org 2003/04/08 20:21:29
+ [*.c *.h]
+ rename log() into logit() to avoid name conflict. markus ok, from
+ netbsd
+ - (djm) XXX - Performed locally using:
+ "perl -p -i -e 's/(\s|^)log\(/$1logit\(/g' *.c *.h"
+ - hin@cvs.openbsd.org 2003/04/09 08:23:52
+ [servconf.c]
+ Don't include <krb.h> when compiling with Kerberos 5 support
+ - (djm) Fix up missing include for packet.c
+ - (djm) Fix missed log => logit occurance (reference by function pointer)
+
+20030402
+ - (bal) if IP_TOS is not found or broken don't try to compile in
+ packet_set_tos() function call. bug #527
+
+20030401
+ - (djm) OpenBSD CVS Sync
+ - jmc@cvs.openbsd.org 2003/03/28 10:11:43
+ [scp.1 sftp.1 ssh.1 ssh-add.1 ssh-agent.1 ssh_config.5 sshd_config.5]
+ [ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8]
+ - killed whitespace
+ - new sentence new line
+ - .Bk for arguments
+ ok markus@
+ - markus@cvs.openbsd.org 2003/04/01 10:10:23
+ [clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
+ [readconf.h serverloop.c sshconnect2.c]
+ rekeying bugfixes and automatic rekeying:
+ * both client and server rekey _automatically_
+ (a) after 2^31 packets, because after 2^32 packets
+ the sequence number for packets wraps
+ (b) after 2^(blocksize_in_bits/4) blocks
+ (see: draft-ietf-secsh-newmodes-00.txt)
+ (a) and (b) are _enabled_ by default, and only disabled for known
+ openssh versions, that don't support rekeying properly.
+ * client option 'RekeyLimit'
+ * do not reply to requests during rekeying
+ - markus@cvs.openbsd.org 2003/04/01 10:22:21
+ [clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
+ [readconf.h serverloop.c sshconnect2.c]
+ backout rekeying changes (for 3.6.1)
+ - markus@cvs.openbsd.org 2003/04/01 10:31:26
+ [compat.c compat.h kex.c]
+ bugfix causes stalled connections for ssh.com < 3.0; noticed by ho@;
+ tested by ho@ and myself
+ - markus@cvs.openbsd.org 2003/04/01 10:56:46
+ [version.h]
+ 3.6.1
+ - (djm) Crank spec file versions
+ - (djm) Release 3.6.1p1
+
+20030326
+ - (djm) OpenBSD CVS Sync
+ - deraadt@cvs.openbsd.org 2003/03/26 04:02:51
+ [sftp-server.c]
+ one last fix to the tree: race fix broke stuff; pr 3169;
+ srp@srparish.net, help from djm
+
+20030325
+ - (djm) Fix getpeerid support for 64 bit BE systems. From
+ Arnd Bergmann <arndb@de.ibm.com>
+
+20030324
+ - (djm) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2003/03/23 19:02:00
+ [monitor.c]
+ unbreak rekeying for privsep; ok millert@
+ - Release 3.6p1
+ - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
+ Report from murple@murple.net, diagnosis from dtucker@zip.com.au
+
+20030320
+ - (djm) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2003/03/17 10:38:38
+ [progressmeter.c]
+ don't print \n if backgrounded; from ho@
+ - markus@cvs.openbsd.org 2003/03/17 11:43:47
+ [version.h]
+ enter 3.6
+ - (bal) The days of lack of int64_t support are over. Sorry kids.
+ - (bal) scp.c 'limit' conflicts with Cray. Rename to 'limitbw'
+ - (bal) Collection of Cray patches (bsd-cray.h fix for CRAYT3E and improved
+ guessing rules)
+ - (bal) Disable Privsep for Tru64 after pre-authentication due to issues
+ with SIA. Also, clean up of tru64 support patch by Chris Adams
+ <cmadams@hiwaay.net>
+ - (tim) [contrib/caldera/openssh.spec] workaround RPM quirk. Fix %files
+
+20030318
+ - (tim) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h]
+ add nanosleep(). testing/corrections by Darren Tucker <dtucker@zip.com.au>
+
+20030317
+ - (djm) Fix return value checks for RAND_bytes. Report from
+ Steve G <linux_4ever@yahoo.com>
+
+20030315
+ - (djm) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2003/03/13 11:42:19
+ [authfile.c ssh-keysign.c]
+ move RSA_blinding_on to generic key load method
+ - markus@cvs.openbsd.org 2003/03/13 11:44:50
+ [ssh-agent.c]
+ ssh-agent is similar to ssh-keysign (allows other processes to use
+ private rsa keys). however, it gets key over socket and not from
+ a file, so we have to do blinding here as well.
+
+20030310
+- (djm) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2003/03/05 22:33:43
+ [channels.c monitor.c scp.c session.c sftp-client.c sftp-int.c]
+ [sftp-server.c ssh-add.c sshconnect2.c]
+ fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
+ - (djm) One more portable-specific one from dlheine@suif.Stanford.EDU/
+ CLOUSEAU
+ - (djm) Bug #245: TTY problems on Solaris. Fix by stevesk@ and
+ dtucker@zip.com.au
+ - (djm) AIX package builder update from dtucker@zip.com.au
+
+20030225
+ - (djm) Fix some compile errors spotted by dtucker and his fabulous
+ tinderbox
+
20030224
- (djm) Tweak gnome-ssh-askpass2:
- Retry kb and mouse grab a couple of times, so passphrase dialog doesn't
[kex.c]
add support for key exchange guesses; based on work by
avraham.fraenkel@commatch.com; fixes bug #148; ok deraadt@
+ - markus@cvs.openbsd.org 2003/02/03 08:56:16
+ [sshpty.c]
+ don't call error() for readonly /dev; from soekris list; ok mcbride,
+ henning, deraadt.
+ - markus@cvs.openbsd.org 2003/02/04 09:32:08
+ [key.c]
+ better debug3 message
+ - markus@cvs.openbsd.org 2003/02/04 09:33:22
+ [monitor.c monitor_wrap.c]
+ skey/bsdauth: use 0 to indicate failure instead of -1, because
+ the buffer API only supports unsigned ints.
+ - markus@cvs.openbsd.org 2003/02/05 09:02:28
+ [readconf.c]
+ simplify ProxyCommand parsing, remove strcat/xrealloc; ok henning@, djm@
+ - markus@cvs.openbsd.org 2003/02/06 09:26:23
+ [session.c]
+ missing call to setproctitle() after authentication; ok provos@
+ - markus@cvs.openbsd.org 2003/02/06 09:27:29
+ [ssh.c ssh_config.5]
+ support 'ProxyCommand none'; bugzilla #433; binder@arago.de; ok djm@
+ - markus@cvs.openbsd.org 2003/02/06 09:29:18
+ [sftp-server.c]
+ fix races in rename/symlink; from Tony Finch; ok djm@
+ - markus@cvs.openbsd.org 2003/02/06 21:22:43
+ [auth1.c auth2.c]
+ undo broken fix for #387, fixes #486
+ - markus@cvs.openbsd.org 2003/02/10 11:51:47
+ [ssh-add.1]
+ xref sshd_config.5 (not sshd.8); mark@summersault.com; bug #490
+ - markus@cvs.openbsd.org 2003/02/12 09:33:04
+ [key.c key.h ssh-dss.c ssh-rsa.c]
+ merge ssh-dss.h ssh-rsa.h into key.h; ok deraadt@
+ - markus@cvs.openbsd.org 2003/02/12 21:39:50
+ [crc32.c crc32.h]
+ replace crc32.c with a BSD licensed version; noted by David Turner
+ - markus@cvs.openbsd.org 2003/02/16 17:09:57
+ [kex.c kexdh.c kexgex.c kex.h sshconnect2.c sshd.c ssh-keyscan.c]
+ split kex into client and server code, no need to link
+ server code into the client; ok provos@
+ - markus@cvs.openbsd.org 2003/02/16 17:30:33
+ [monitor.c monitor_wrap.c]
+ fix permitrootlogin forced-commands-only for privsep; bux #387;
+ ok provos@
+ - markus@cvs.openbsd.org 2003/02/21 09:05:53
+ [servconf.c]
+ print sshd_config filename in debug2 mode.
+ - mpech@cvs.openbsd.org 2003/02/21 10:34:48
+ [auth-krb4.c]
+ ...sizeof(&adat.session) is not good here.
+ henning@, deraadt@, millert@
+ - (djm) Add new object files to Makefile and reorder
+ - (djm) Bug #501: gai_strerror should return char*;
+ fix from dtucker@zip.com.au
+ - (djm) Most of Bug #499: Cygwin compile fixes for new progressmeter;
+ From vinschen@redhat.com
+ - (djm) Rest of Bug #499: Import a basename() function from OpenBSD libc
+ - (djm) Bug #494: Allow multiple accounts on Windows 9x/Me;
+ From vinschen@redhat.com
+ - (djm) Bug #456: Support for NEC SX6 with Unicos; from wendyp@cray.com
20030211
- (djm) Cygwin needs libcrypt too. Patch from vinschen@redhat.com
Based on fix from yoshfuji@linux-ipv6.org
- (djm) Bug #442: Check for and deny access to accounts with locked
passwords. Patch from dtucker@zip.com.au
- - (djm) Bug #26: Use local mkstemp() rather than glibc's silly one. Fixes
+ - (djm) Bug #44: Use local mkstemp() rather than glibc's silly one. Fixes
Can't pass KRB4 TGT passing. Fix from: jan.iven@cern.ch
- (djm) Fix Bug #442 for PAM case
- (djm) Bug #110: bogus error messages in lastlog_get_entry(). Fix based