+20021222
+ - (bal) OpenBSD CVS Sync
+ - fgsch@cvs.openbsd.org 2002/11/15 10:03:09
+ [authfile.c]
+ lseek(2) may return -1 when getting the public/private key lenght.
+ Simplify the code and check for errors using fstat(2).
+
+ Problem reported by Mauricio Sanchez, markus@ ok.
+ - markus@cvs.openbsd.org 2002/11/18 16:43:44
+ [clientloop.c]
+ don't overwrite SIG{INT,QUIT,TERM} handler if set to SIG_IGN;
+ e.g. if ssh is used for backup; report Joerg Schilling; ok millert@
+ - markus@cvs.openbsd.org 2002/11/21 22:22:50
+ [dh.c]
+ debug->debug2
+ - markus@cvs.openbsd.org 2002/11/21 22:45:31
+ [cipher.c kex.c packet.c sshconnect.c sshconnect2.c]
+ debug->debug2, unify debug messages
+ - deraadt@cvs.openbsd.org 2002/11/21 23:03:51
+ [auth-krb5.c auth1.c hostfile.h monitor_wrap.c sftp-client.c sftp-int.c ssh-add.c ssh-rsa.c
+ sshconnect.c]
+ KNF
+ - markus@cvs.openbsd.org 2002/11/21 23:04:33
+ [ssh.c]
+ debug->debug2
+ - stevesk@cvs.openbsd.org 2002/11/24 21:46:24
+ [ssh-keysign.8]
+ typo: "the the"
+
+20021205
+ - (djm) PERL-free fixpaths from stuge-openssh-unix-dev@cdy.org
+
+20021122
+ - (tim) [configure.ac] fix STDPATH test for IRIX. First reported by
+ advax@triumf.ca. This type of solution tested by <herb@sgi.com>
+
+20021113
+ - (tim) [configure.ac] remove unused variables no_libsocket and no_libnsl
+
+20021111
+ - (tim) [contrib/solaris/opensshd.in] add umask 022 so sshd.pid is
+ not world writable.
+
+20021109
+ - (bal) OpenBSD CVS Sync
+ - itojun@cvs.openbsd.org 2002/10/16 14:31:48
+ [sftp-common.c]
+ 64bit pedant. %llu is "unsigned long long". markus ok
+ - markus@cvs.openbsd.org 2002/10/23 10:32:13
+ [packet.c]
+ use %u for u_int
+ - markus@cvs.openbsd.org 2002/10/23 10:40:16
+ [bufaux.c]
+ %u for u_int
+ - markus@cvs.openbsd.org 2002/11/04 10:07:53
+ [auth.c]
+ don't compare against pw_home if realpath fails for pw_home (seen
+ on AFS); ok djm@
+ - markus@cvs.openbsd.org 2002/11/04 10:09:51
+ [packet.c]
+ log before send disconnect; ok djm@
+ - markus@cvs.openbsd.org 2002/11/05 19:45:20
+ [monitor.c]
+ handle overflows for size_t larger than u_int; siw@goneko.de, bug #425
+ - markus@cvs.openbsd.org 2002/11/05 20:10:37
+ [sftp-client.c]
+ typo; GaryF@livevault.com
+ - markus@cvs.openbsd.org 2002/11/07 16:28:47
+ [sshd.c]
+ log to stderr if -ie is given, bug #414, prj@po.cwru.edu
+ - markus@cvs.openbsd.org 2002/11/07 22:08:07
+ [readconf.c readconf.h ssh-keysign.8 ssh-keysign.c]
+ we cannot use HostbasedAuthentication for enabling ssh-keysign(8),
+ because HostbasedAuthentication might be enabled based on the
+ target host and ssh-keysign(8) does not know the remote hostname
+ and not trust ssh(1) about the hostname, so we add a new option
+ EnableSSHKeysign; ok djm@, report from zierke@informatik.uni-hamburg.de
+ - markus@cvs.openbsd.org 2002/11/07 22:35:38
+ [scp.c]
+ check exit status from ssh, and exit(1) if ssh fails; bug#369;
+ binder@arago.de
+ - (bal) Update ssh-host-config and minor rewrite of bsd-cygwin_util.c
+ ntsec now default if cygwin version beginning w/ version 56. Patch
+ by Corinna Vinschen <vinschen@redhat.com>
+ - (bal) AIX does not log login attempts for unknown users (bug #432).
+ patch by dtucker@zip.com.au
+
+20021021
+ - (djm) Bug #400: Kill ssh-rand-helper children on timeout, patch from
+ dtucker@zip.com.au
+ - (djm) Bug #317: FreeBSD needs libutil.h for openpty() Report from
+ dirk.meyer@dinoex.sub.org
+
+20021015
+ - (bal) Fix bug id 383 and only call loginrestrict for AIX if not root.
+ - (bal) More advanced strsep test by Darren Tucker <dtucker@zip.com.au>
+
+20021015
+ - (tim) [contrib/caldera/openssh.spec] make ssh-agent setgid nobody
+
+20021004
+ - (bal) Disable post-authentication Privsep for OSF/1. It conflicts with
+ SIA.
+
+20021003
+ - (djm) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2002/10/01 20:34:12
+ [ssh-agent.c]
+ allow root to access the agent, since there is no protection from root.
+ - markus@cvs.openbsd.org 2002/10/01 13:24:50
+ [version.h]
+ OpenSSH 3.5
+ - (djm) Bump RPM spec version numbers
+ - (djm) Bug #406: s/msg_send/ssh_msg_send/ for Mac OS X 1.2
+
+20020930
+ - (djm) Tidy contrib/, add Makefile for GNOME passphrase dialogs,
+ tweak README
+ - (djm) OpenBSD CVS Sync
+ - mickey@cvs.openbsd.org 2002/09/27 10:42:09
+ [compat.c compat.h sshd.c]
+ add a generic match for a prober, such as sie big brother;
+ idea from stevesk@; markus@ ok
+ - stevesk@cvs.openbsd.org 2002/09/27 15:46:21
+ [ssh.1]
+ clarify compression level protocol 1 only; ok markus@ deraadt@
+
+20020927
+ - (djm) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2002/09/25 11:17:16
+ [sshd_config]
+ sync LoginGraceTime with default
+ - markus@cvs.openbsd.org 2002/09/25 15:19:02
+ [sshd.c]
+ typo; pilot@monkey.org
+ - markus@cvs.openbsd.org 2002/09/26 11:38:43
+ [auth1.c auth.h auth-krb4.c monitor.c monitor.h monitor_wrap.c]
+ [monitor_wrap.h]
+ krb4 + privsep; ok dugsong@, deraadt@
+
+20020925
+ - (bal) Fix issue where successfull login does not clear failure counts
+ in AIX. Patch by dtucker@zip.com.au ok by djm
+ - (tim) Cray fixes (bug 367) based on patch from Wendy Palm @ cray.
+ This does not include the deattack.c fixes.
+
+20020923
+ - (djm) OpenBSD CVS Sync
+ - stevesk@cvs.openbsd.org 2002/09/23 20:46:27
+ [canohost.c]
+ change get_peer_ipaddr() and get_local_ipaddr() to not return NULL for
+ non-sockets; fixes a problem passing NULL to snprintf(). ok markus@
+ - markus@cvs.openbsd.org 2002/09/23 22:11:05
+ [monitor.c]
+ only call auth_krb5 if kerberos is enabled; ok deraadt@
+ - markus@cvs.openbsd.org 2002/09/24 08:46:04
+ [monitor.c]
+ only call kerberos code for authctxt->valid
+ - todd@cvs.openbsd.org 2002/09/24 20:59:44
+ [sshd.8]
+ tweak the example $HOME/.ssh/rc script to not show on any cmdline the
+ sensitive data it handles. This fixes bug # 402 as reported by
+ kolya@mit.edu (Nickolai Zeldovich).
+ ok markus@ and stevesk@
+
+20020923
+ - (tim) [configure.ac] s/return/exit/ patch by dtucker@zip.com.au
+
+20020922
+ - (djm) OpenBSD CVS Sync
+ - stevesk@cvs.openbsd.org 2002/09/19 14:53:14
+ [compat.c]
+ - markus@cvs.openbsd.org 2002/09/19 15:51:23
+ [ssh-add.c]
+ typo; cd@kalkatraz.de
+ - stevesk@cvs.openbsd.org 2002/09/19 16:03:15
+ [serverloop.c]
+ log IP address also; ok markus@
+ - stevesk@cvs.openbsd.org 2002/09/20 18:41:29
+ [auth.c]
+ log illegal user here for missing privsep case (ssh2).
+ this is executed in the monitor. ok markus@
+
20020919
- (djm) OpenBSD CVS Sync
- stevesk@cvs.openbsd.org 2002/09/12 19:11:52
[channels.c sshconnect.c sshd.c]
remove use of SO_LINGER, it should not be needed. error check
SO_REUSEADDR. fixup comments. ok markus@
+ - stevesk@cvs.openbsd.org 2002/09/16 19:55:33
+ [session.c]
+ log when _PATH_NOLOGIN exists; ok markus@
+ - stevesk@cvs.openbsd.org 2002/09/16 20:12:11
+ [sshd_config.5]
+ more details on X11Forwarding security issues and threats; ok markus@
+ - stevesk@cvs.openbsd.org 2002/09/16 22:03:13
+ [sshd.8]
+ reference moduli(5) in FILES /etc/moduli.
+ - itojun@cvs.openbsd.org 2002/09/17 07:47:02
+ [channels.c]
+ don't quit while creating X11 listening socket.
+ http://mail-index.netbsd.org/current-users/2002/09/16/0005.html
+ got from portable. markus ok
+ - djm@cvs.openbsd.org 2002/09/19 01:58:18
+ [ssh.c sshconnect.c]
+ bugzilla.mindrot.org #223 - ProxyCommands don't exit.
+ Patch from dtucker@zip.com.au; ok markus@
20020912
- (djm) Made GNOME askpass programs return non-zero if cancel button is