1 files changed, 1897 insertions, 0 deletions

diff --git a/other/openssh-2.1.1p4/ChangeLog b/other/openssh-2.1.1p4/ChangeLog
new file mode 100644
index 0000000..ed89d88
--- /dev/null
+++ b/other/openssh-2.1.1p4/ChangeLog
@@ -0,0 +1,1897 @@
+20000716
+ - Release 2.1.1p4
+
+20000715
+ - (djm) OpenBSD CVS updates
+   - provos@cvs.openbsd.org  2000/07/13 16:53:22
+     [aux.c readconf.c servconf.c ssh.h]
+     allow multiple whitespace but only one '=' between tokens, bug report from
+     Ralf S. Engelschall <rse@engelschall.com> but different fix. okay deraadt@
+   - provos@cvs.openbsd.org  2000/07/13 17:14:09
+     [clientloop.c]
+     typo; todd@fries.net
+   - provos@cvs.openbsd.org  2000/07/13 17:19:31
+     [scp.c]
+     close can fail on AFS, report error; from Greg Hudson <ghudson@mit.edu>
+   - markus@cvs.openbsd.org  2000/07/14 16:59:46
+     [readconf.c servconf.c]
+     allow leading whitespace. ok niels
+   - djm@cvs.openbsd.org     2000/07/14 22:01:38
+     [ssh-keygen.c ssh.c]
+     Always create ~/.ssh with mode 700; ok Markus
+ - Fixes for SunOS 4.1.4 from Gordon Atwood <gordon@cs.ualberta.ca>
+   - Include floatingpoint.h for entropy.c
+   - strerror replacement
+
+20000712
+ - (djm) Remove -lresolve for Reliant Unix
+ - (djm) OpenBSD CVS Updates:
+   - deraadt@cvs.openbsd.org 2000/07/11 02:11:34
+     [session.c sshd.c ]
+     make MaxStartups code still work with -d; djm
+   - deraadt@cvs.openbsd.org 2000/07/11 13:17:45
+     [readconf.c ssh_config]
+     disable FallBackToRsh by default
+ - (djm) Replace in_addr_t with u_int32_t in bsd-inet_aton.c. Report from
+   Ben Lindstrom <mouring@pconline.com>
+ - (djm) Make building of X11-Askpass and GNOME-Askpass optional in RPM
+   spec file.
+ - (djm) Released 2.1.1p3
+
+20000711
+ - (djm) Fixup for AIX getuserattr() support from Tom Bertelson
+   <tbert@abac.com>
+ - (djm) ReliantUNIX support from Udo Schweigert <ust@cert.siemens.de>
+ - (djm) NeXT: dirent structures to get scp working from Ben Lindstrom 
+   <mouring@pconline.com>
+ - (djm) Fix broken inet_ntoa check and ut_user/ut_name confusion, report 
+   from Jim Watt <jimw@peisj.pebio.com>
+ - (djm) Replaced bsd-snprintf.c with one from Mutt source tree, it is known
+   to compile on more platforms (incl NeXT).
+ - (djm) Added bsd-inet_aton and configure support for NeXT
+ - (djm) Misc NeXT fixes from Ben Lindstrom <mouring@pconline.com>
+ - (djm) OpenBSD CVS updates:
+   - markus@cvs.openbsd.org  2000/06/26 03:22:29
+     [authfd.c]
+     cleanup, less cut&paste
+   - markus@cvs.openbsd.org  2000/06/26 15:59:19
+     [servconf.c servconf.h session.c sshd.8 sshd.c]
+     MaxStartups: limit number of unauthenticated connections, work by 
+     theo and me
+   - deraadt@cvs.openbsd.org 2000/07/05 14:18:07
+     [session.c]
+     use no_x11_forwarding_flag correctly; provos ok
+   - provos@cvs.openbsd.org  2000/07/05 15:35:57
+     [sshd.c]
+     typo
+   - aaron@cvs.openbsd.org   2000/07/05 22:06:58
+     [scp.1 ssh-agent.1 ssh-keygen.1 sshd.8]
+     Insert more missing .El directives. Our troff really should identify 
+     these and spit out a warning.
+   - todd@cvs.openbsd.org    2000/07/06 21:55:04
+     [auth-rsa.c auth2.c ssh-keygen.c]
+     clean code is good code
+   - deraadt@cvs.openbsd.org 2000/07/07 02:14:29
+     [serverloop.c]
+     sense of port forwarding flag test was backwards
+   - provos@cvs.openbsd.org  2000/07/08 17:17:31
+     [compat.c readconf.c]
+     replace strtok with strsep; from David Young <dyoung@onthejob.net>
+   - deraadt@cvs.openbsd.org 2000/07/08 19:21:15
+     [auth.h]
+     KNF
+   - ho@cvs.openbsd.org      2000/07/08 19:27:33
+     [compat.c readconf.c]
+     Better conditions for strsep() ending.
+   - ho@cvs.openbsd.org      2000/07/10 10:27:05
+     [readconf.c]
+     Get the correct message on errors. (niels@ ok)
+   - ho@cvs.openbsd.org      2000/07/10 10:30:25
+     [cipher.c kex.c servconf.c]
+     strtok() --> strsep(). (niels@ ok)
+ - (djm) Fix problem with debug mode and MaxStartups
+ - (djm) Don't generate host keys when $(DESTDIR) is set (e.g. during RPM
+   builds)
+ - (djm) Add strsep function from OpenBSD libc for systems that lack it
+
+20000709
+ - (djm) Only enable PAM_TTY kludge for Linux. Problem report from
+   Kevin Steves <stevesk@sweden.hp.com>
+ - (djm) Match prototype and function declaration for rresvport_af.
+   Problem report from Niklas Edmundsson <nikke@ing.umu.se>
+ - (djm) Missing $(DESTDIR) on host-key target causing problems with RPM 
+   builds. Problem report from Gregory Leblanc <GLeblanc@cu-portland.edu>
+ - (djm) Replace ut_name with ut_user. Patch from Jim Watt
+   <jimw@peisj.pebio.com>
+ - (djm) Fix pam sprintf fix
+ - (djm) Cleanup entropy collection code a little more. Split initialisation
+   from seeding, perform intialisation immediatly at start, be careful with
+   uids. Based on problem report from Jim Watt <jimw@peisj.pebio.com>
+ - (djm) More NeXT compatibility from Ben Lindstrom <mouring@pconline.com>
+   Including sigaction() et al. replacements
+ - (djm) AIX getuserattr() session initialisation from Tom Bertelson 
+   <tbert@abac.com>
+
+20000708
+ - (djm) Fix bad fprintf format handling in auth-pam.c. Patch from 
+   Aaron Hopkins <aaron@die.net>
+ - (djm) Fix incorrect configure handling of --with-rsh-path option. Fix from
+   Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
+ - (djm) Fixed undefined variables for OSF SIA. Report from 
+   Baars, Henk <Hendrik.Baars@nl.origin-it.com>
+ - (djm) Handle EWOULDBLOCK returns from read() and write() in atomicio.c 
+   Fix from Marquess, Steve Mr JMLFDC <Steve.Marquess@DET.AMEDD.ARMY.MIL>
+ - (djm) Don't use inet_addr. 
+
+20000702
+ - (djm) Fix brace mismatch from Corinna Vinschen <vinschen@cygnus.com>
+ - (djm) Stop shadow expiry checking from preventing logins with NIS. Based
+   on fix from HARUYAMA Seigo <haruyama@nt.phys.s.u-tokyo.ac.jp>
+ - (djm) Use standard OpenSSL functions in auth-skey.c. Patch from
+   Chris, the Young One <cky@pobox.com>
+ - (djm) Fix scp progress meter on really wide terminals. Based on patch 
+   from James H. Cloos Jr. <cloos@jhcloos.com>
+
+20000701
+ - (djm) Fix Tru64 SIA problems reported by John P Speno <speno@isc.upenn.edu>
+ - (djm) Login fixes from Tom Bertelson <tbert@abac.com>
+ - (djm) Replace "/bin/sh" with _PATH_BSHELL. Report from Corinna Vinschen
+   <vinschen@cygnus.com>
+ - (djm) Replace "/usr/bin/login" with LOGIN_PROGRAM
+ - (djm) Added check for broken snprintf() functions which do not correctly
+   terminate output string and attempt to use replacement.
+ - (djm) Released 2.1.1p2
+
+20000628
+ - (djm) Fixes to lastlog code for Irix
+ - (djm) Use atomicio in loginrec
+ - (djm) Patch from Michael Stone <mstone@cs.loyola.edu> to add support for
+   Irix 6.x array sessions, project id's, and system audit trail id.
+ - (djm) Added 'distprep' make target to simplify packaging
+ - (djm) Added patch from Chris Adams <cmadams@hiwaay.net> to add OSF SIA 
+   support. Enable using "USE_SIA=1 ./configure [options]"
+   
+20000627
+ - (djm) Fixes to login code - not setting li->uid, cleanups
+ - (djm) Formatting
+
+20000626
+ - (djm) Better fix to aclocal tests from Garrick James <garrick@james.net>
+ - (djm) Account expiry support from Andreas Steinmetz <ast@domdv.de>
+ - (djm) Added password expiry checking (no password change support)
+ - (djm) Make EGD failures non-fatal if OpenSSL's entropy pool is still OK
+   based on patch from Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
+ - (djm) Fix fixed EGD code.
+ - OpenBSD CVS update
+   - provos@cvs.openbsd.org  2000/06/25 14:17:58
+     [channels.c]
+     correct check for bad channel ids; from Wei Dai <weidai@eskimo.com>
+
+20000623
+ - (djm) Use sa_family_t in prototype for rresvport_af. Patch from 
+   Svante Signell <svante.signell@telia.com>
+ - (djm) Autoconf logic to define sa_family_t if it is missing
+ - OpenBSD CVS Updates:
+   - markus@cvs.openbsd.org  2000/06/22 10:32:27
+     [sshd.c]
+     missing atomicio; report from Steve.Marquess@DET.AMEDD.ARMY.MIL
+   - djm@cvs.openbsd.org     2000/06/22 17:55:00
+     [auth-krb4.c key.c radix.c uuencode.c]
+     Missing CVS idents; ok markus
+
+20000622
+ - (djm) Automatically generate host key during "make install". Suggested
+   by Gary E. Miller <gem@rellim.com>
+ - (djm) Paranoia before kill() system call
+ - OpenBSD CVS Updates:
+   - markus@cvs.openbsd.org  2000/06/18 18:50:11
+     [auth2.c compat.c compat.h sshconnect2.c]
+     make userauth+pubkey interop with ssh.com-2.2.0
+   - markus@cvs.openbsd.org  2000/06/18 20:56:17
+     [dsa.c]
+     mem leak + be more paranoid in dsa_verify.
+   - markus@cvs.openbsd.org  2000/06/18 21:29:50
+     [key.c]
+     cleanup fingerprinting, less hardcoded sizes
+   - markus@cvs.openbsd.org  2000/06/19 19:39:45
+     [atomicio.c auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
+     [auth-rsa.c auth-skey.c authfd.c authfd.h authfile.c bufaux.c bufaux.h]
+     [buffer.c buffer.h canohost.c channels.c channels.h cipher.c cipher.h] 
+     [clientloop.c compat.c compat.h compress.c compress.h crc32.c crc32.h]
+     [deattack.c dispatch.c dsa.c fingerprint.c fingerprint.h getput.h hmac.c]
+     [kex.c log-client.c log-server.c login.c match.c mpaux.c mpaux.h nchan.c] 
+     [nchan.h packet.c packet.h pty.c pty.h readconf.c readconf.h readpass.c] 
+     [rsa.c rsa.h scp.c servconf.c servconf.h ssh-add.c ssh-keygen.c ssh.c]
+     [ssh.h tildexpand.c ttymodes.c ttymodes.h uidswap.c xmalloc.c xmalloc.h]
+     OpenBSD tag
+   - markus@cvs.openbsd.org  2000/06/21 10:46:10
+     sshconnect2.c missing free; nuke old comment
+
+20000620
+ - (djm) Replace use of '-o' and '-a' logical operators in configure tests
+   with '||' and '&&'. As suggested by Jim Knoble <jmknoble@pint-stowp.cx> 
+   to fix SCO Unixware problem reported by Gary E. Miller <gem@rellim.com>
+ - (djm) Typo in loginrec.c
+
+20000618
+ - (djm) Add summary of configure options to end of ./configure run
+ - (djm) Not all systems define RUSAGE_SELF & RUSAGE_CHILDREN. Report from 
+   Michael Stone <mstone@cs.loyola.edu>
+ - (djm) rusage is a privileged operation on some Unices (incl. 
+   Solaris 2.5.1). Report from Paul D. Smith <pausmith@nortelnetworks.com>
+ - (djm) Avoid PAM failures when running without a TTY. Report from 
+   Martin Petrak <petrak@spsknm.schools.sk>
+ - (djm) Include sys/types.h when including netinet/in.h in configure tests.
+   Patch from Jun-ichiro itojun Hagino <itojun@iijlab.net>
+ - (djm) Started merge of Ben Lindstrom's <mouring@pconline.com> NeXT support
+ - OpenBSD CVS updates:
+   - deraadt@cvs.openbsd.org 2000/06/17 09:58:46
+     [channels.c]
+     everyone says "nix it" (remove protocol 2 debugging message)
+   - markus@cvs.openbsd.org  2000/06/17 13:24:34
+     [sshconnect.c]
+     allow extended server banners
+   - markus@cvs.openbsd.org  2000/06/17 14:30:10
+     [sshconnect.c]
+     missing atomicio, typo
+   - jakob@cvs.openbsd.org   2000/06/17 16:52:34
+     [servconf.c servconf.h session.c sshd.8 sshd_config]
+     add support for ssh v2 subsystems. ok markus@.
+   - deraadt@cvs.openbsd.org 2000/06/17 18:57:48
+     [readconf.c servconf.c]
+     include = in WHITESPACE; markus ok
+   - markus@cvs.openbsd.org  2000/06/17 19:09:10
+     [auth2.c]
+     implement bug compatibility with ssh-2.0.13 pubkey, server side
+   - markus@cvs.openbsd.org  2000/06/17 21:00:28
+     [compat.c]
+     initial support for ssh.com's 2.2.0
+   - markus@cvs.openbsd.org  2000/06/17 21:16:09
+     [scp.c]
+     typo
+   - markus@cvs.openbsd.org  2000/06/17 22:05:02
+     [auth-rsa.c auth2.c serverloop.c session.c auth-options.c auth-options.h]
+     split auth-rsa option parsing into auth-options
+     add options support to authorized_keys2
+   - markus@cvs.openbsd.org  2000/06/17 22:42:54
+     [session.c]
+     typo
+
+20000613
+ - (djm) Fixes from Andrew McGill <andrewm@datrix.co.za>:
+  - Platform define for SCO 3.x which breaks on /dev/ptmx
+  - Detect and try to fix missing MAXPATHLEN
+ - (djm) Fix short copy in loginrec.c (based on patch from Phill Camp
+   <P.S.S.Camp@ukc.ac.uk>
+
+20000612
+ - (djm) Glob manpages in RPM spec files to catch compressed files
+ - (djm) Full license in auth-pam.c
+ - (djm) Configure fixes from SAKAI Kiyotaka <ksakai@kso.netwk.ntt-at.co.jp>
+ - (andre) AIX, lastlog, configure fixes from Tom Bertelson <tbert@abac.com>:
+  - Don't try to retrieve lastlog from wtmp/wtmpx if DISABLE_LASTLOG is
+     def'd
+  - Set AIX to use preformatted manpages
+   
+20000610
+ - (djm) Minor doc tweaks
+ - (djm) Fix for configure on bash2 from Jim Knoble <jmknoble@jmknoble.cx>
+
+20000609
+ - (djm) Patch from Kenji Miyake <kenji@miyake.org> to disable utmp usage
+   (in favour of utmpx) on Solaris 8
+
+20000606
+ - (djm) Cleanup of entropy.c. Reorganised code, removed second pass through
+   list of commands (by default). Removed verbose debugging (by default).
+ - (djm) Increased command entropy estimates and default entropy collection 
+   timeout
+ - (djm) Remove duplicate headers from loginrec.c
+ - (djm) Don't add /usr/local/lib to library search path on Irix
+ - (djm) Fix rsh path in RPMs. Report from Jason L Tibbitts III 
+   <tibbs@math.uh.edu>
+ - (djm) Warn user if grabs fail in GNOME askpass. Patch from Zack Weinberg
+   <zack@wolery.cumb.org>
+ - (djm) OpenBSD CVS updates:
+  - todd@cvs.openbsd.org
+    [sshconnect2.c]
+    teach protocol v2 to count login failures properly and also enable an
+    explanation of why the password prompt comes up again like v1; this is NOT
+    crypto
+  - markus@cvs.openbsd.org  
+    [readconf.c readconf.h servconf.c servconf.h session.c ssh.1 ssh.c sshd.8]
+    xauth_location support; pr 1234
+    [readconf.c sshconnect2.c]
+    typo, unused
+    [session.c]
+    allow use_login only for login sessions, otherwise remote commands are
+    execed with uid==0
+    [sshd.8]
+    document UseLogin better
+    [version.h]
+    OpenSSH 2.1.1
+    [auth-rsa.c]
+    fix match_hostname() logic for auth-rsa: deny access if we have a 
+    negative match or no match at all
+    [channels.c hostfile.c match.c]
+    don't panic if mkdtemp fails for authfwd; jkb@yahoo-inc.com via 
+    kris@FreeBSD.org
+
+20000606
+ - (djm) Added --with-cflags, --with-ldflags and --with-libs options to 
+   configure.
+
+20000604
+ - Configure tweaking for new login code on Irix 5.3
+ - (andre) login code changes based on djm feedback
+
+20000603
+ - (andre) New login code
+    - Remove bsd-login.[ch] and all the OpenBSD-derived code in login.c
+    - Add loginrec.[ch], logintest.c and autoconf code
+   
+20000531
+ - Cleanup of auth.c, login.c and fake-*
+ - Cleanup of auth-pam.c, save and print "account expired" error messages
+ - Fix EGD read bug by IWAMURO Motonori <iwa@mmp.fujitsu.co.jp>
+ - Rewrote bsd-login to use proper utmp API if available. Major cleanup
+   of fallback DIY code.
+
+20000530
+ - Define atexit for old Solaris
+ - Fix buffer overrun in login.c for systems which use syslen in utmpx.
+   patch from YOSHIFUJI Hideaki <yoshfuji@cerberus.nemoto.ecei.tohoku.ac.jp>
+ - OpenBSD CVS updates:
+  - markus@cvs.openbsd.org
+    [session.c]
+    make x11-fwd work w/ localhost (xauth add host/unix:11)
+    [cipher.c compat.c readconf.c servconf.c]
+    check strtok() != NULL; ok niels@
+    [key.c]
+    fix key_read() for uuencoded keys w/o '='
+    [serverloop.c]
+    group ssh1 vs. ssh2 in serverloop
+    [kex.c kex.h myproposal.h sshconnect2.c sshd.c]
+    split kexinit/kexdh, factor out common code
+    [readconf.c ssh.1 ssh.c]
+    forwardagent defaults to no, add ssh -A
+  - theo@cvs.openbsd.org
+    [session.c]
+    just some line shortening
+ - Released 2.1.0p3
+
+20000520
+ - Xauth fix from Markus Friedl <markus.friedl@informatik.uni-erlangen.de>
+ - Don't touch utmp if USE_UTMPX defined
+ - SunOS 4.x support from Todd C. Miller <Todd.Miller@courtesan.com>
+ - SIGCHLD fix for AIX and HPUX from Tom Bertelson <tbert@abac.com>
+ - HPUX and Configure fixes from Lutz Jaenicke 
+   <Lutz.Jaenicke@aet.TU-Cottbus.DE>
+ - Use mkinstalldirs script to make directories instead of non-portable 
+   "install -d". Suggested by Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
+ - Doc cleanup
+
+20000518
+ - Include Andre Lucas' fixprogs script. Forgot to "cvs add" it yesterday
+ - OpenBSD CVS updates:
+  - markus@cvs.openbsd.org
+    [sshconnect.c]
+    copy only ai_addrlen bytes; misiek@pld.org.pl
+    [auth.c]
+    accept an empty shell in authentication; bug reported by 
+    chris@tinker.ucr.edu
+    [serverloop.c]
+    we don't have stderr for interactive terminal sessions (fcntl errors)
+
+20000517
+ - Fix from Andre Lucas <andre.lucas@dial.pipex.com>
+  - Fixes command line printing segfaults (spotter: Bladt Norbert)
+  - Fixes erroneous printing of debug messages to syslog
+  - Fixes utmp for MacOS X (spotter: Aristedes Maniatis)
+  - Gives useful error message if PRNG initialisation fails
+  - Reduced ssh startup delay
+  - Measures cumulative command time rather than the time between reads
+    after select()
+  - 'fixprogs' perl script to eliminate non-working entropy commands, and
+    optionally run 'ent' to measure command entropy
+ - Applied Tom Bertelson's <tbert@abac.com> AIX authentication fix
+ - Avoid WCOREDUMP complation errors for systems that lack it
+ - Avoid SIGCHLD warnings from entropy commands 
+ - Fix HAVE_PAM_GETENVLIST setting from Simon Wilkinson <sxw@dcs.ed.ac.uk>
+ - OpenBSD CVS update:
+  - markus@cvs.openbsd.org 
+    [ssh.c]
+    fix usage()
+    [ssh2.h]
+    draft-ietf-secsh-architecture-05.txt
+    [ssh.1]
+    document ssh -T -N (ssh2 only)
+    [channels.c serverloop.c ssh.h sshconnect.c sshd.c aux.c]
+    enable nonblocking IO for sshd w/ proto 1, too; split out common code
+    [aux.c]
+    missing include
+ - Several patches from SAKAI Kiyotaka <ksakai@kso.netwk.ntt-at.co.jp>
+  - INSTALL typo and URL fix
+  - Makefile fix
+  - Solaris fixes
+ - Checking for ssize_t and memmove. Based on patch from SAKAI Kiyotaka 
+   <ksakai@kso.netwk.ntt-at.co.jp>
+ - RSAless operation patch from kevin_oconnor@standardandpoors.com
+ - Detect OpenSSL seperatly from RSA
+ - Better test for RSA (more compatible with RSAref). Based on work by 
+   Ed Eden <ede370@stl.rural.usda.gov>
+
+20000513
+ - Fix for non-recognised DSA keys from Arkadiusz Miskiewicz 
+   <misiek@pld.org.pl>
+
+20000511
+ - Fix for prng_seed permissions checking from Lutz Jaenicke 
+   <Lutz.Jaenicke@aet.TU-Cottbus.DE>
+ - "make host-key" fix for Irix
+
+20000509
+ - OpenBSD CVS update
+  - markus@cvs.openbsd.org
+    [cipher.h myproposal.h readconf.c readconf.h servconf.c ssh.1 ssh.c]
+    [ssh.h sshconnect1.c sshconnect2.c sshd.8]
+    - complain about invalid ciphers in SSH1 (e.g. arcfour is SSH2 only)
+  - hugh@cvs.openbsd.org
+    [ssh.1]
+    - zap typo
+    [ssh-keygen.1]
+    - One last nit fix. (markus approved)
+    [sshd.8]
+    - some markus certified spelling adjustments
+  - markus@cvs.openbsd.org
+    [auth2.c channels.c clientloop.c compat compat.h dsa.c kex.c]
+    [sshconnect2.c ]
+    - bug compat w/ ssh-2.0.13 x11, split out bugs
+    [nchan.c]
+    - no drain if ibuf_empty, fixes x11fwd problems; tests by fries@
+    [ssh-keygen.c]
+    - handle escapes in real and original key format, ok millert@
+    [version.h]
+    - OpenSSH-2.1
+ - Moved all the bsd-* and fake-* stuff into new libopenbsd-compat.a
+ - Doc updates
+ - Cleanup of bsd-base64 headers, bugfix definitions of __b64_*. Reported 
+   by Andre Lucas <andre.lucas@dial.pipex.com>
+
+20000508
+ - Makefile and RPM spec fixes
+ - Generate DSA host keys during "make key" or RPM installs
+ - OpenBSD CVS update
+  - markus@cvs.openbsd.org
+    [clientloop.c sshconnect2.c]
+    - make x11-fwd interop w/ ssh-2.0.13
+    [README.openssh2]
+    - interop w/ SecureFX
+ - Release 2.0.0beta2
+
+ - Configure caching and cleanup patch from Andre Lucas' 
+   <andre.lucas@dial.pipex.com>
+
+20000507
+ - Remove references to SSLeay.
+ - Big OpenBSD CVS update
+  - markus@cvs.openbsd.org
+    [clientloop.c]
+    - typo
+    [session.c]
+    - update proctitle on pty alloc/dealloc, e.g. w/ windows client
+    [session.c]
+    - update proctitle for proto 1, too
+    [channels.h nchan.c serverloop.c session.c sshd.c]
+    - use c-style comments
+  - deraadt@cvs.openbsd.org
+    [scp.c]
+    - more atomicio
+  - markus@cvs.openbsd.org 
+    [channels.c]
+    - set O_NONBLOCK
+    [ssh.1]
+    - update AUTHOR
+    [readconf.c ssh-keygen.c ssh.h]
+    - default DSA key file ~/.ssh/id_dsa
+    [clientloop.c]
+    - typo, rm verbose debug
+  - deraadt@cvs.openbsd.org
+    [ssh-keygen.1]
+    - document DSA use of ssh-keygen
+    [sshd.8]
+    - a start at describing what i understand of the DSA side
+    [ssh-keygen.1]
+    - document -X and -x
+    [ssh-keygen.c]
+    - simplify usage
+  - markus@cvs.openbsd.org 
+    [sshd.8]
+    - there is no rhosts_dsa
+    [ssh-keygen.1]
+    - document -y, update -X,-x
+    [nchan.c]
+    - fix close for non-open ssh1 channels
+    [servconf.c servconf.h ssh.h sshd.8 sshd.c ]
+    - s/DsaKey/HostDSAKey/, document option
+    [sshconnect2.c]
+    - respect number_of_password_prompts
+    [channels.c channels.h servconf.c servconf.h session.c sshd.8]
+    - GatewayPorts for sshd, ok deraadt@
+    [ssh-add.1 ssh-agent.1 ssh.1]
+    - more doc on: DSA, id_dsa, known_hosts2, authorized_keys2
+    [ssh.1]
+    - more info on proto 2
+    [sshd.8]
+    - sync AUTHOR w/ ssh.1
+    [key.c key.h sshconnect.c]
+    - print key type when talking about host keys
+    [packet.c]
+    - clear padding in ssh2
+    [dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h]
+    - replace broken uuencode w/ libc b64_ntop
+    [auth2.c]
+    - log failure before sending the reply
+    [key.c radix.c uuencode.c]
+    - remote trailing comments before calling __b64_pton
+    [auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1]
+    [sshconnect2.c sshd.8]
+    - add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8
+ - Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch])
+
+20000502
+ - OpenBSD CVS update
+   [channels.c]
+   - init all fds, close all fds.
+   [sshconnect2.c]
+   - check whether file exists before asking for passphrase
+   [servconf.c servconf.h sshd.8 sshd.c]
+   - PidFile, pr 1210
+   [channels.c]
+   - EINTR
+   [channels.c]
+   - unbreak, ok niels@
+   [sshd.c]
+   - unlink pid file, ok niels@
+   [auth2.c]
+   - Add missing #ifdefs; ok - markus
+ - Add Andre Lucas' <andre.lucas@dial.pipex.com> patch to read entropy 
+   gathering commands from a text file
+ - Release 2.0.0beta1
+
+20000501
+ - OpenBSD CVS update
+   [packet.c]
+   - send debug messages in SSH2 format
+   [scp.c]
+   - fix very rare EAGAIN/EINTR issues; based on work by djm
+   [packet.c]
+   - less debug, rm unused
+   [auth2.c]
+   - disable kerb,s/key in ssh2
+   [sshd.8]
+   - Minor tweaks and typo fixes.
+   [ssh-keygen.c]
+   - Put -d into usage and reorder. markus ok.
+ - Include missing headers for OpenSSL tests. Fix from Phil Karn 
+   <karn@ka9q.ampr.org>
+ - Fixed __progname symbol collisions reported by Andre Lucas 
+   <andre.lucas@dial.pipex.com>
+ - Merged bsd-login ttyslot and AIX utmp patch from Gert Doering
+   <gd@hilb1.medat.de>
+ - Add some missing ifdefs to auth2.c
+ - Deprecate perl-tk askpass.
+ - Irix portability fixes - don't include netinet headers more than once
+ - Make sure we don't save PRNG seed more than once
+
+20000430
+ - Merge HP-UX fixes and TCB support from Ged Lodder <lodder@yacc.com.au>
+ - Integrate Andre Lucas' <andre.lucas@dial.pipex.com> entropy collection
+   patch.
+   - Adds timeout to entropy collection
+   - Disables slow entropy sources
+   - Load and save seed file
+ - Changed entropy seed code to user per-user seeds only (server seed is 
+   saved in root's .ssh directory)
+ - Use atexit() and fatal cleanups to save seed on exit
+ - More OpenBSD updates:
+   [session.c]
+   - don't call chan_write_failed() if we are not writing
+   [auth-rsa.c auth1.c authfd.c hostfile.c ssh-agent.c]
+   - keysize warnings error() -> log()
+
+20000429
+ - Merge big update to OpenSSH-2.0 from OpenBSD CVS
+   [README.openssh2]
+   - interop w/ F-secure windows client
+   - sync documentation
+   - ssh_host_dsa_key not ssh_dsa_key
+   [auth-rsa.c]
+   - missing fclose
+   [auth.c authfile.c compat.c dsa.c dsa.h hostfile.c key.c key.h radix.c]
+   [readconf.c readconf.h ssh-add.c ssh-keygen.c ssh.c ssh.h sshconnect.c]
+   [sshd.c uuencode.c uuencode.h authfile.h]
+   - add DSA pubkey auth and other SSH2 fixes.  use ssh-keygen -[xX]
+     for trading keys with the real and the original SSH, directly from the
+     people who invented the SSH protocol.
+   [auth.c auth.h authfile.c sshconnect.c auth1.c auth2.c sshconnect.h]
+   [sshconnect1.c sshconnect2.c]
+   - split auth/sshconnect in one file per protocol version
+   [sshconnect2.c]
+   - remove debug
+   [uuencode.c]
+   - add trailing =
+   [version.h]
+   - OpenSSH-2.0
+   [ssh-keygen.1 ssh-keygen.c]
+   - add -R flag: exit code indicates if RSA is alive
+   [sshd.c]
+   - remove unused
+     silent if -Q is specified
+   [ssh.h]
+   - host key becomes /etc/ssh_host_dsa_key
+   [readconf.c servconf.c ]
+   - ssh/sshd default to proto 1 and 2
+   [uuencode.c]
+   - remove debug
+   [auth2.c ssh-keygen.c sshconnect2.c sshd.c]
+   - xfree DSA blobs
+   [auth2.c serverloop.c session.c]
+   - cleanup logging for sshd/2, respect PasswordAuth no
+   [sshconnect2.c]
+   - less debug, respect .ssh/config
+   [README.openssh2 channels.c channels.h]
+   - clientloop.c session.c ssh.c 
+   - support for x11-fwding, client+server
+
+20000421
+ - Merge fix from OpenBSD CVS
+  [ssh-agent.c]
+  - Fix memory leak per connection. Report from Andy Spiegl <Andy@Spiegl.de>
+    via Debian bug #59926
+ - Define __progname in session.c if libc doesn't
+ - Remove indentation on autoconf #include statements to avoid bug in
+   DEC Tru64 compiler. Report and fix from David Del Piero 
+   <David.DelPiero@qed.qld.gov.au>
+
+20000420
+ - Make fixpaths work with perl4, patch from Andre Lucas 
+   <andre.lucas@dial.pipex.com>
+ - Sync with OpenBSD CVS:
+  [clientloop.c login.c serverloop.c ssh-agent.c ssh.h sshconnect.c sshd.c]
+  - pid_t
+  [session.c]
+  - remove bogus chan_read_failed. this could cause data
+    corruption (missing data) at end of a SSH2 session.
+ - Merge fixes from Debian patch from Phil Hands <phil@hands.com>
+  - Allow setting of PAM service name through CFLAGS (SSHD_PAM_SERVICE)
+  - Use vhangup to clean up Linux ttys
+  - Force posix getopt processing on GNU libc systems
+ - Debian bug #55910 - remove references to ssl(8) manpages
+ - Debian bug #58031 - ssh_config lies about default cipher
+
+20000419
+ - OpenBSD CVS updates
+   [channels.c]
+   - fix pr 1196, listen_port and port_to_connect interchanged
+   [scp.c]
+   - after completion, replace the progress bar ETA counter with a final 
+     elapsed time; my idea, aaron wrote the patch
+   [ssh_config sshd_config]
+   - show 'Protocol' as an example, ok markus@
+   [sshd.c]
+   - missing xfree()
+ - Add missing header to bsd-misc.c
+
+20000416
+ - Reduce diff against OpenBSD source
+   - All OpenSSL includes are now unconditionally referenced as 
+     openssl/foo.h
+   - Pick up formatting changes
+   - Other minor changed (typecasts, etc) that I missed
+
+20000415
+ - OpenBSD CVS updates.
+   [ssh.1 ssh.c]
+   - ssh -2
+   [auth.c channels.c clientloop.c packet.c packet.h serverloop.c]
+   [session.c sshconnect.c]
+   - check payload for (illegal) extra data
+   [ALL]
+   whitespace cleanup
+
+20000413
+ - INSTALL doc updates
+ - Merged OpenBSD updates to include paths.
+ 
+20000412
+ - OpenBSD CVS updates:
+   - [channels.c]
+     repair x11-fwd
+   - [sshconnect.c]
+     fix passwd prompt for ssh2, less debugging output.
+   - [clientloop.c compat.c dsa.c kex.c sshd.c]
+     less debugging output
+   - [kex.c kex.h sshconnect.c sshd.c]
+     check for reasonable public DH values
+   - [README.openssh2 cipher.c cipher.h compat.c compat.h readconf.c]
+     [readconf.h servconf.c servconf.h ssh.c ssh.h sshconnect.c sshd.c]
+     add Cipher and Protocol options to ssh/sshd, e.g.:
+     ssh -o 'Protocol 1,2' if you prefer proto 1, ssh -o 'Ciphers
+     arcfour,3des-cbc'
+   - [sshd.c]
+     print 1.99 only if server supports both
+
+20000408
+ - Avoid some compiler warnings in fake-get*.c
+ - Add IPTOS macros for systems which lack them
+ - Only set define entropy collection macros if they are found
+ - More large OpenBSD CVS updates:
+   - [auth.c auth.h servconf.c servconf.h serverloop.c session.c]
+     [session.h ssh.h sshd.c README.openssh2]
+     ssh2 server side, see README.openssh2; enable with 'sshd -2'
+   - [channels.c]
+     no adjust after close
+   - [sshd.c compat.c ]
+     interop w/ latest ssh.com windows client.
+  
+20000406
+ - OpenBSD CVS update:
+   - [channels.c]
+     close efd on eof
+   - [clientloop.c compat.c ssh.c sshconnect.c myproposal.h]
+     ssh2 client implementation, interops w/ ssh.com and lsh servers.
+   - [sshconnect.c]
+     missing free.
+   - [authfile.c cipher.c cipher.h packet.c sshconnect.c sshd.c]
+     remove unused argument, split cipher_mask()
+   - [clientloop.c]
+     re-order: group ssh1 vs. ssh2
+ - Make Redhat spec require openssl >= 0.9.5a
+
+20000404
+ - Add tests for RAND_add function when searching for OpenSSL
+ - OpenBSD CVS update:
+   - [packet.h packet.c]
+     ssh2 packet format
+   - [packet.h packet.c nchan2.ms nchan.h compat.h compat.c]
+     [channels.h channels.c]
+     channel layer support for ssh2
+   - [kex.h kex.c hmac.h hmac.c dsa.c dsa.h]
+     DSA, keyexchange, algorithm agreement for ssh2
+ - Generate manpages before make install not at the end of make all
+ - Don't seed the rng quite so often
+ - Always reseed rng when requested
+
+20000403
+ - Wrote entropy collection routines for systems that lack /dev/random
+   and EGD
+ - Disable tests and typedefs for 64 bit types. They are currently unused.
+
+20000401
+ - Big OpenBSD CVS update (mainly beginnings of SSH2 infrastructure)
+   - [auth.c session.c sshd.c auth.h]
+     split sshd.c -> auth.c session.c sshd.c plus cleanup and goto-removal
+   - [bufaux.c bufaux.h]
+     support ssh2 bignums
+   - [channels.c channels.h clientloop.c sshd.c nchan.c nchan.h packet.c]
+     [readconf.c ssh.c ssh.h serverloop.c]
+     replace big switch() with function tables (prepare for ssh2)
+   - [ssh2.h]
+     ssh2 message type codes
+   - [sshd.8]
+     reorder Xr to avoid cutting
+   - [serverloop.c]
+     close(fdin) if fdin != fdout, shutdown otherwise, ok theo@
+   - [channels.c]
+     missing close
+     allow bigger packets
+   - [cipher.c cipher.h]
+     support ssh2 ciphers
+   - [compress.c]
+     cleanup, less code
+   - [dispatch.c dispatch.h]
+     function tables for different message types
+   - [log-server.c]
+     do not log() if debuggin to stderr
+     rename a cpp symbol, to avoid param.h collision
+   - [mpaux.c]
+     KNF
+   - [nchan.c]
+     sync w/ channels.c
+
+20000326
+ - Better tests for OpenSSL w/ RSAref
+ - Added replacement setenv() function from OpenBSD libc. Suggested by 
+   Ben Lindstrom <mouring@pconline.com>
+ - OpenBSD CVS update
+   - [auth-krb4.c]
+     -Wall
+   - [auth-rh-rsa.c auth-rsa.c hostfile.c hostfile.h key.c key.h match.c]
+     [match.h ssh.c ssh.h sshconnect.c sshd.c]
+     initial support for DSA keys. ok deraadt@, niels@
+   - [cipher.c cipher.h]
+     remove unused cipher_attack_detected code
+   - [scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
+     Fix some formatting problems I missed before.
+   - [ssh.1 sshd.8]
+     fix spelling errors, From: FreeBSD
+   - [ssh.c]
+     switch to raw mode only if he _get_ a pty (not if we _want_ a pty).
+
+20000324
+ - Released 1.2.3
+
+20000317
+ - Clarified --with-default-path option.
+ - Added -blibpath handling for AIX to work around stupid runtime linking.
+   Problem elucidated by gshapiro@SENDMAIL.ORG by way of Jim Knoble
+   <jmknoble@pobox.com>
+ - Checks for 64 bit int types. Problem report from Mats Fredholm
+   <matsf@init.se>
+ - OpenBSD CVS updates:
+   - [atomicio.c auth-krb4.c bufaux.c channels.c compress.c fingerprint.c] 
+     [packet.h radix.c rsa.c scp.c ssh-agent.c ssh-keygen.c sshconnect.c]
+     [sshd.c]
+     pedantic: signed vs. unsigned, void*-arithm, etc
+   - [ssh.1 sshd.8]
+     Various cleanups and standardizations.
+ - Runtime error fix for HPUX from Otmar Stahl 
+   <O.Stahl@lsw.uni-heidelberg.de>
+
+20000316
+ - Fixed configure not passing LDFLAGS to Solaris. Report from David G. 
+   Hesprich <dghespri@sprintparanet.com>
+ - Propogate LD through to Makefile
+ - Doc cleanups
+ - Added blurb about "scp: command not found" errors to UPGRADING
+
+20000315
+ - Fix broken CFLAGS handling during search for OpenSSL. Fixes va_list
+   problems with gcc/Solaris.
+ - Don't free argument to putenv() after use (in setenv() replacement). 
+   Report from Seigo Tanimura <tanimura@r.dl.itc.u-tokyo.ac.jp>
+ - Created contrib/ subdirectory. Included helpers from Phil Hands' 
+   Debian package, README file and chroot patch from Ricardo Cerqueira
+   <rmcc@clix.pt>
+ - Moved gnome-ssh-askpass.c to contrib directory and removed config 
+   option.
+ - Slight cleanup to doc files
+ - Configure fix from Bratislav ILICH <bilic@zepter.ru>
+
+20000314
+ - Include macro for IN6_IS_ADDR_V4MAPPED. Report from 
+   peter@frontierflying.com
+ - Include /usr/local/include and /usr/local/lib for systems that don't
+   do it themselves
+ - -R/usr/local/lib for Solaris
+ - Fix RSAref detection
+ - Fix IN6_IS_ADDR_V4MAPPED macro
+
+20000311
+ - Detect RSAref
+ - OpenBSD CVS change
+   [sshd.c]
+    - disallow guessing of root password
+ - More configure fixes
+ - IPv6 workarounds from Hideaki YOSHIFUJI <yoshfuji@ecei.tohoku.ac.jp>
+
+20000309
+ - OpenBSD CVS updates to v1.2.3
+   [ssh.h atomicio.c]
+    - int atomicio -> ssize_t (for alpha). ok deraadt@
+   [auth-rsa.c]
+    - delay MD5 computation until client sends response, free() early, cleanup.
+   [cipher.c]
+    - void* -> unsigned char*, ok niels@
+   [hostfile.c]
+    - remove unused variable 'len'. fix comments.
+    - remove unused variable
+   [log-client.c log-server.c]
+    - rename a cpp symbol, to avoid param.h collision
+   [packet.c]
+    - missing xfree()
+    - getsockname() requires initialized tolen; andy@guildsoftware.com
+    - use getpeername() in packet_connection_is_on_socket(), fixes sshd -i;
+   from Holger.Trapp@Informatik.TU-Chemnitz.DE
+   [pty.c pty.h]
+    - register cleanup for pty earlier. move code for pty-owner handling to 
+      pty.c ok provos@, dugsong@
+   [readconf.c]
+    - turn off x11-fwd for the client, too.
+   [rsa.c]
+    - PKCS#1 padding
+   [scp.c]
+    - allow '.' in usernames; from jedgar@fxp.org
+   [servconf.c]
+    - typo: ignore_user_known_hosts int->flag; naddy@mips.rhein-neckar.de
+    - sync with sshd_config
+   [ssh-keygen.c]
+    - enable ssh-keygen -l -f ~/.ssh/known_hosts, ok deraadt@
+   [ssh.1]
+    - Change invalid 'CHAT' loglevel to 'VERBOSE'
+   [ssh.c]
+    - suppress AAAA query host when '-4' is used; from shin@nd.net.fujitsu.co.jp
+    - turn off x11-fwd for the client, too.
+   [sshconnect.c]
+    - missing xfree()
+    - retry rresvport_af(), too. from sumikawa@ebina.hitachi.co.jp.
+    - read error vs. "Connection closed by remote host"
+   [sshd.8]
+    - ie. -> i.e.,
+    - do not link to a commercial page..
+    - sync with sshd_config
+   [sshd.c]
+    - no need for poll.h; from bright@wintelcom.net
+    - log with level log() not fatal() if peer behaves badly.
+    - don't panic if client behaves strange. ok deraadt@
+    - make no-port-forwarding for RSA keys deny both -L and -R style fwding
+    - delay close() of pty until the pty has been chowned back to root
+    - oops, fix comment, too.
+    - missing xfree()
+    - move XAUTHORITY to subdir. ok dugsong@. fixes debian bug #57907, too.
+      (http://cgi.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=57907)
+    - register cleanup for pty earlier. move code for pty-owner handling to 
+      pty.c ok provos@, dugsong@
+    - create x11 cookie file
+    - fix pr 1113, fclose() -> pclose(), todo: remote popen()
+    - version 1.2.3
+ - Cleaned up
+ - Removed warning workaround for Linux and devpts filesystems (no longer 
+   required after OpenBSD updates)
+
+20000308
+ - Configure fix from Hiroshi Takekawa <takekawa@sr3.t.u-tokyo.ac.jp>
+
+20000307
+ - Released 1.2.2p1
+
+20000305
+ - Fix DEC compile fix
+ - Explicitly seed OpenSSL's PRNG before checking rsa_alive()
+ - Check for getpagesize in libucb.a if not found in libc. Fix for old
+   Solaris from Andre Lucas <andre.lucas@dial.pipex.com>
+ - Check for libwrap if --with-tcp-wrappers option specified. Suggestion 
+   Mate Wierdl <mw@moni.msci.memphis.edu>
+
+20000303
+ - Added "make host-key" target, Suggestion from Dominik Brettnacher
+ <domi@saargate.de>
+ - Don't permanently fail on bind() if getaddrinfo has more choices left for 
+   us. Needed to work around messy IPv6 on Linux. Patch from Arkadiusz
+   Miskiewicz <misiek@pld.org.pl>
+ - DEC Unix compile fix from David Del Piero <David.DelPiero@qed.qld.gov.au>
+ - Manpage fix from David Del Piero <David.DelPiero@qed.qld.gov.au>
+
+20000302
+ - Big cleanup of autoconf code
+   - Rearranged to be a little more logical
+   - Added -R option for Solaris
+   - Rewrote OpenSSL detection code. Now uses AC_TRY_RUN with a test program
+     to detect library and header location _and_ ensure library has proper
+     RSA support built in (this is a problem with OpenSSL 0.9.5).
+ - Applied pty cleanup patch from markus.friedl@informatik.uni-erlangen.de
+ - Avoid warning message with Unix98 ptys
+ - Warning was valid - possible race condition on PTYs. Avoided using 
+   platform-specific code.
+ - Document some common problems
+ - Allow root access to any key. Patch from 
+   markus.friedl@informatik.uni-erlangen.de
+
+20000207
+ - Removed SOCKS code. Will support through a ProxyCommand.
+
+20000203
+ - Fixed SEGVs in authloop, fix from vbzoli@hbrt.hu
+ - Add --with-ssl-dir option
+
+20000202
+ - Fix lastlog code for directory based lastlogs. Fix from Josh Durham 
+   <jmd@aoe.vt.edu>
+ - Documentation fixes from HARUYAMA Seigo <haruyama@nt.phys.s.u-tokyo.ac.jp>
+ - Added URLs to Japanese translations of documents by HARUYAMA Seigo 
+   <haruyama@nt.phys.s.u-tokyo.ac.jp>
+
+20000201
+ - Use socket pairs by default (instead of pipes). Prevents race condition
+   on several (buggy) OSs. Report and fix from tridge@linuxcare.com
+
+20000127
+ - Seed OpenSSL's random number generator before generating RSA keypairs
+ - Split random collector into seperate file
+ - Compile fix from Andre Lucas <andre.lucas@dial.pipex.com>
+
+20000126
+ - Released 1.2.2 stable
+
+ - NeXT keeps it lastlog in /usr/adm. Report from 
+   mouring@newton.pconline.com
+ - Added note in UPGRADING re interop with commercial SSH using idea. 
+   Report from Jim Knoble <jmknoble@pobox.com>
+ - Fix linking order for Kerberos/AFS. Fix from Holget Trapp
+   <Holger.Trapp@Informatik.TU-Chemnitz.DE>
+
+20000125
+ - Fix NULL pointer dereference in login.c. Fix from Andre Lucas 
+   <andre.lucas@dial.pipex.com>
+ - Reorder PAM initialisation so it does not mess up lastlog. Reported
+   by Andre Lucas <andre.lucas@dial.pipex.com>
+ - Use preformatted manpages on SCO, report from Gary E. Miller 
+   <gem@rellim.com>
+ - New URL for x11-ssh-askpass.
+ - Fixpaths was missing /etc/ssh_known_hosts. Report from Jim Knoble 
+   <jmknoble@pobox.com>
+ - Added 'DESTDIR' option to Makefile to ease package building. Patch from 
+   Jim Knoble <jmknoble@pobox.com>
+ - Updated RPM spec files to use DESTDIR
+
+20000124
+ - Pick up version 1.2.2 from OpenBSD CVS (no changes, just version number
+   increment)
+
+20000123
+ - OpenBSD CVS:
+   - [packet.c]
+     getsockname() requires initialized tolen; andy@guildsoftware.com
+ - AIX patch from Matt Richards <v2matt@btv.ibm.com> and David Rankin 
+   <drankin@bohemians.lexington.ky.us>
+ - Fix lastlog support, patch from Andre Lucas <andre.lucas@dial.pipex.com>
+
+20000122
+ - Fix compilation of bsd-snprintf.c on Solaris, fix from Ben Taylor
+   <bent@clark.net>
+ - Merge preformatted manpage patch from Andre Lucas
+   <andre.lucas@dial.pipex.com>
+ - Make IPv4 use the default in RPM packages
+ - Irix uses preformatted manpages
+ - Missing htons() in bsd-bindresvport.c, fix from Holger Trapp
+   <Holger.Trapp@Informatik.TU-Chemnitz.DE>
+ - OpenBSD CVS updates:
+   - [packet.c]
+     use getpeername() in packet_connection_is_on_socket(), fixes sshd -i;
+     from Holger.Trapp@Informatik.TU-Chemnitz.DE
+   - [sshd.c]
+     log with level log() not fatal() if peer behaves badly.
+   - [readpass.c]
+     instead of blocking SIGINT, catch it ourselves, so that we can clean 
+     the tty modes up and kill ourselves -- instead of our process group 
+     leader (scp, cvs, ...) going away and leaving us in noecho mode.  
+     people with cbreak shells never even noticed..
+   - [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
+     ie. -> i.e.,
+
+20000120
+ - Don't use getaddrinfo on AIX
+ - Update to latest OpenBSD CVS:
+   - [auth-rsa.c]
+     - fix user/1056, sshd keeps restrictions; dbt@meat.net
+   - [sshconnect.c]
+     - disable agent fwding for proto 1.3, remove abuse of auth-rsa flags.
+     - destroy keys earlier
+     - split key exchange (kex) and user authentication (user-auth), 
+       ok: provos@
+   - [sshd.c]
+     - no need for poll.h; from bright@wintelcom.net
+     - disable agent fwding for proto 1.3, remove abuse of auth-rsa flags.
+     - split key exchange (kex) and user authentication (user-auth), 
+       ok: provos@
+ - Big manpage and config file cleanup from Andre Lucas
+   <andre.lucas@dial.pipex.com>
+   - Re-added latest (unmodified) OpenBSD manpages
+ - Doc updates
+ - NetBSD patch from David Rankin <drankin@bohemians.lexington.ky.us> and
+   Christos Zoulas <christos@netbsd.org>
+
+20000119
+ - SCO compile fixes from Gary E. Miller <gem@rellim.com>
+ - Compile fix from Darren_Hall@progressive.com
+ - Linux/glibc-2.1.2 takes a *long* time to look up names for AF_UNSPEC
+   addresses using getaddrinfo(). Added a configure switch to make the
+   default lookup mode AF_INET
+
+20000118
+ - Fixed --with-pid-dir option
+ - Makefile fix from Gary E. Miller <gem@rellim.com>
+ - Compile fix for HPUX and Solaris from Andre Lucas    
+   <andre.lucas@dial.pipex.com>
+
+20000117
+ - Clean up bsd-bindresvport.c. Use arc4random() for picking initial
+   port, ignore EINVAL errors (Linux) when searching for free port.
+ - Revert __snprintf -> snprintf aliasing. Apparently Solaris 
+   __snprintf isn't. Report from Theo de Raadt <theo@cvs.openbsd.org>
+ - Document location of Redhat PAM file in INSTALL.
+ - Fixed X11 forwarding bug on Linux. libc advertises AF_INET6 
+   INADDR_ANY_INIT addresses via getaddrinfo, but may not be able to 
+   deliver (no IPv6 kernel support)
+ - Released 1.2.1pre27
+
+ - Fix rresvport_af failure errors (logic error in bsd-bindresvport.c)
+ - Fix --with-ipaddr-display option test. Fix from Jarno Huuskonen 
+   <jhuuskon@hytti.uku.fi>
+ - Fix hang on logout if processes are still using the pty. Needs 
+   further testing.
+ - Patch from Christos Zoulas <christos@zoulas.com>
+   - Try $prefix first when looking for OpenSSL.
+   - Include sys/types.h when including sys/socket.h in test programs
+ - Substitute PID directory in sshd.8. Suggestion from Andrew 
+   Stribblehill <a.d.stribblehill@durham.ac.uk>
+
+20000116
+ - Renamed --with-xauth-path to --with-xauth
+ - Added --with-pid-dir option
+ - Released 1.2.1pre26
+
+ - Compilation fix from Kiyokazu SUTO <suto@ks-and-ks.ne.jp>
+ - Fixed broken bugfix for /dev/ptmx on Linux systems which lack 
+   openpty(). Report from Kiyokazu SUTO <suto@ks-and-ks.ne.jp>
+
+20000115
+ - Add --with-xauth-path configure directive and explicit test for
+   /usr/openwin/bin/xauth for Solaris systems. Report from Anders 
+   Nordby <anders@fix.no>
+ - Fix incorrect detection of /dev/ptmx on Linux systems that lack 
+   openpty. Report from John Seifarth <john@waw.be>
+ - Look for intXX_t and u_intXX_t in sys/bitypes.h if they are not in
+   sys/types.h. Fixes problems on SCO, report from Gary E. Miller 
+   <gem@rellim.com>
+ - Use __snprintf and __vnsprintf if they are found where snprintf and
+   vnsprintf are lacking. Suggested by Ben Taylor <bent@shell.clark.net>
+   and others.
+
+20000114
+ - Merged OpenBSD IPv6 patch:
+   - [sshd.c sshd.8 sshconnect.c ssh.h ssh.c servconf.h servconf.c scp.1]
+     [scp.c packet.h packet.c login.c log.c canohost.c channels.c]
+     [hostfile.c sshd_config]
+     ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new
+     features: sshd allows multiple ListenAddress and Port options. note 
+     that libwrap is not IPv6-ready. (based on patches from 
+     fujiwara@rcac.tdi.co.jp)
+   - [ssh.c canohost.c]
+     more hints (hints.ai_socktype=SOCK_STREAM) for getaddrinfo, 
+     from itojun@
+   - [channels.c]
+     listen on _all_ interfaces for X11-Fwd (hints.ai_flags = AI_PASSIVE)
+   - [packet.h]
+     allow auth-kerberos for IPv4 only
+   - [scp.1 sshd.8 servconf.h scp.c]
+     document -4, -6, and 'ssh -L 2022/::1/22'
+   - [ssh.c]
+     'ssh @host' is illegal (null user name), from 
+     karsten@gedankenpolizei.de
+   - [sshconnect.c]
+     better error message
+   - [sshd.c]
+     allow auth-kerberos for IPv4 only
+ - Big IPv6 merge:
+   - Cleanup overrun in sockaddr copying on RHL 6.1
+   - Replacements for getaddrinfo, getnameinfo, etc based on versions
+     from patch from KIKUCHI Takahiro <kick@kyoto.wide.ad.jp>
+   - Replacement for missing structures on systems that lack IPv6
+   - record_login needed to know about AF_INET6 addresses
+   - Borrowed more code from OpenBSD: rresvport_af and requisites
+
+20000110
+ - Fixes to auth-skey to enable it to use the standard OpenSSL libraries
+
+20000107
+ - New config.sub and config.guess to fix problems on SCO. Supplied
+   by Gary E. Miller <gem@rellim.com>
+ - SCO build fix from Gary E. Miller <gem@rellim.com>
+ - Released 1.2.1pre25
+
+20000106
+ - Documentation update & cleanup
+ - Better KrbIV / AFS detection, based on patch from:
+   Holger Trapp <Holger.Trapp@Informatik.TU-Chemnitz.DE>
+
+20000105
+ - Fixed annoying DES corruption problem. libcrypt has been 
+   overriding symbols in libcrypto. Removed libcrypt and crypt.h
+   altogether (libcrypto includes its own crypt(1) replacement)
+ - Added platform-specific rules for Irix 6.x. Included warning that
+   they are untested.
+
+20000103
+ - Add explicit make rules for files proccessed by fixpaths.
+ - Fix "make install" in RPM spec files. Report from Tenkou N. Hattori  
+   <tnh@kondara.org>
+ - Removed "nullok" directive from default PAM configuration files. 
+   Added information on enabling EmptyPasswords on openssh+PAM in 
+   UPGRADING file.
+ - OpenBSD CVS updates
+   - [ssh-agent.c]
+     cleanup_exit() for SIGTERM/SIGHUP, too. from fgsch@ and 
+     dgaudet@arctic.org
+   - [sshconnect.c]
+     compare correct version for 1.3 compat mode
+
+20000102
+ - Prevent multiple inclusion of config.h and defines.h. Suggested
+   by Andre Lucas <andre.lucas@dial.pipex.com>
+ - Properly clean up on exit of ssh-agent. Patch from Dean Gaudet
+   <dgaudet@arctic.org>
+
+19991231
+ - Fix password support on systems with a mixture of shadowed and 
+   non-shadowed passwords (e.g. NIS). Report and fix from 
+   HARUYAMA Seigo <haruyama@nt.phys.s.u-tokyo.ac.jp>
+ - Fix broken autoconf typedef detection. Report from Marc G. 
+   Fournier <marc.fournier@acadiau.ca>
+ - Fix occasional crash on LinuxPPC. Patch from Franz Sirl
+   <Franz.Sirl-kernel@lauterbach.com>
+ - Prevent typedefs from being compiled more than once. Report from 
+   Marc G. Fournier <marc.fournier@acadiau.ca>
+ - Fill in ut_utaddr utmp field. Report from Benjamin Charron
+   <iretd@bigfoot.com>
+ - Really fix broken default path. Fix from Jim Knoble 
+   <jmknoble@pobox.com>
+ - Remove test for quad_t. No longer needed.
+ - Released 1.2.1pre24
+
+ - Added support for directory-based lastlogs
+ - Really fix typedefs, patch from Ben Taylor <bent@clark.net>
+
+19991230
+ - OpenBSD CVS updates:
+   - [auth-passwd.c]
+     check for NULL 1st
+ - Removed most of the pam code into its own file auth-pam.[ch]. This 
+   cleaned up sshd.c up significantly.
+ - PAM authentication was incorrectly interpreting 
+   "PermitRootLogin without-password". Report from Matthias Andree
+   <ma@dt.e-technik.uni-dortmund.de
+ - Several other cleanups
+ - Merged Dante SOCKS support patch from David Rankin
+  <drankin@bohemians.lexington.ky.us>
+ - Updated documentation with ./configure options
+ - Released 1.2.1pre23
+
+19991229
+ - Applied another NetBSD portability patch from David Rankin 
+   <drankin@bohemians.lexington.ky.us>
+ - Fix --with-default-path option.
+ - Autodetect perl, patch from David Rankin 
+   <drankin@bohemians.lexington.ky.us>
+ - Print whether OpenSSH was compiled with RSARef, patch from 
+   Nalin Dahyabhai <nalin@thermo.stat.ncsu.edu>
+ - Calls to pam_setcred, patch from Nalin Dahyabhai 
+   <nalin@thermo.stat.ncsu.edu>
+ - Detect missing size_t and typedef it.
+ - Rename helper.[ch] to (more appropriate) bsd-misc.[ch]
+ - Minor Makefile cleaning
+
+19991228
+ - Replacement for getpagesize() for systems which lack it
+ - NetBSD login.c compile fix from David Rankin 
+  <drankin@bohemians.lexington.ky.us>
+ - Fully set ut_tv if present in utmp or utmpx
+ - Portability fixes for Irix 5.3 (now compiles OK!)
+ - autoconf and other misc cleanups
+ - Merged AIX patch from Darren Hall <dhall@virage.org>
+ - Cleaned up defines.h
+ - Released 1.2.1pre22
+
+19991227
+ - Automatically correct paths in manpages and configuration files. Patch
+   and script from Andre Lucas <andre.lucas@dial.pipex.com>
+ - Removed credits from README to CREDITS file, updated.
+ - Added --with-default-path to specify custom path for server
+ - Removed #ifdef trickery from acconfig.h into defines.h
+ - PAM bugfix. PermitEmptyPassword was being ignored.
+ - Fixed PAM config files to allow empty passwords if server does.
+ - Explained spurious PAM auth warning workaround in UPGRADING
+ - Use last few chars of tty line as ut_id
+ - New SuSE RPM spec file from Chris Saia <csaia@wtower.com>
+ - OpenBSD CVS updates:
+   - [packet.h auth-rhosts.c]
+     check format string for packet_disconnect and packet_send_debug, too
+   - [channels.c]
+     use packet_get_maxsize for channels. consistence.
+
+19991226
+ - Enabled utmpx support by default for Solaris
+ - Cleanup sshd.c PAM a little more
+ - Revised RPM package to include Jim Knoble's <jmknoble@pobox.com>
+   X11 ssh-askpass program.
+ - Disable logging of PAM success and failures, PAM is verbose enough.
+   Unfortunatly there is currently no way to disable auth failure 
+   messages. Mention this in UPGRADING file and sent message to PAM 
+   developers
+ - OpenBSD CVS update:
+   - [ssh-keygen.1 ssh.1]
+     remove ref to .ssh/random_seed, mention .ssh/environment in 
+     .Sh FILES, too
+ - Released 1.2.1pre21
+ - Fixed implicit '.' in default path, report from Jim Knoble 
+   <jmknoble@pobox.com>
+ - Redhat RPM spec fixes from Jim Knoble <jmknoble@pobox.com>
+
+19991225
+ - More fixes from Andre Lucas <andre.lucas@dial.pipex.com>
+ - Cleanup of auth-passwd.c for shadow and MD5 passwords
+ - Cleanup and bugfix of PAM authentication code
+ - Released 1.2.1pre20
+
+ - Merged fixes from Ben Taylor <bent@clark.net>
+ - Fixed configure support for PAM. Reported by Naz <96na@eng.cam.ac.uk>
+ - Disabled logging of PAM password authentication failures when password
+   is empty. (e.g start of authentication loop). Reported by Naz
+   <96na@eng.cam.ac.uk>)
+
+19991223
+ - Merged later HPUX patch from Andre Lucas 
+   <andre.lucas@dial.pipex.com>
+ - Above patch included better utmpx support from Ben Taylor
+   <bent@clark.net>
+
+19991222
+ - Fix undefined fd_set type in ssh.h from Povl H. Pedersen 
+   <pope@netguide.dk>
+ - Fix login.c breakage on systems which lack ut_host in struct
+   utmp. Reported by Willard Dawson <willard.dawson@sbs.siemens.com>
+
+19991221
+ - Integration of large HPUX patch from Andre Lucas 
+   <andre.lucas@dial.pipex.com>. Integrating it had a few other 
+   benefits:
+   - Ability to disable shadow passwords at configure time
+   - Ability to disable lastlog support at configure time
+   - Support for IP address in $DISPLAY
+ - OpenBSD CVS update:
+   - [sshconnect.c]
+   say "REMOTE HOST IDENTIFICATION HAS CHANGED"
+ - Fix DISABLE_SHADOW support
+ - Allow MD5 passwords even if shadow passwords are disabled
+ - Release 1.2.1pre19
+
+19991218
+ - Redhat init script patch from Chun-Chung Chen 
+   <cjj@u.washington.edu>
+ - Avoid breakage on systems without IPv6 headers
+
+19991216
+ - Makefile changes for Solaris from Peter Kocks 
+   <peter.kocks@baygate.com>
+ - Minor updates to docs
+ - Merged OpenBSD CVS changes:
+   - [authfd.c ssh-agent.c]
+     keysize warnings talk about identity files
+   - [packet.c]
+     "Connection closed by x.x.x.x": fatal() -> log()
+ - Correctly handle empty passwords in shadow file. Patch from: 
+   "Chris, the Young One" <cky@pobox.com>
+ - Released 1.2.1pre18
+
+19991215
+ - Integrated patchs from Juergen Keil <jk@tools.de>
+   - Avoid void* pointer arithmatic
+   - Use LDFLAGS correctly
+   - Fix SIGIO error in scp
+   - Simplify status line printing in scp
+ - Added better test for inline functions compiler support from  
+   Darren_Hall@progressive.com
+
+19991214
+ - OpenBSD CVS Changes
+   - [canohost.c]
+     fix get_remote_port() and friends for sshd -i; 
+     Holger.Trapp@Informatik.TU-Chemnitz.DE
+   - [mpaux.c]
+     make code simpler. no need for memcpy. niels@ ok
+   - [pty.c]
+     namebuflen not sizeof namebuflen; bnd@ep-ag.com via djm@mindrot.org
+     fix proto; markus
+   - [ssh.1]
+      typo; mark.baushke@solipsa.com
+   - [channels.c ssh.c ssh.h sshd.c]
+     type conflict for 'extern Type *options' in channels.c; dot@dotat.at
+   - [sshconnect.c]
+     move checking of hostkey into own function.
+   - [version.h]
+     OpenSSH-1.2.1
+ - Clean up broken includes in pty.c
+ - Some older systems don't have poll.h, they use sys/poll.h instead
+ - Doc updates
+
+19991211
+ - Fix compilation on systems with AFS. Reported by 
+   aloomis@glue.umd.edu
+ - Fix installation on Solaris. Reported by 
+   Gordon Rowell <gordonr@gormand.com.au>
+ - Fix gccisms (__attribute__ and inline). Report by edgy@us.ibm.com,
+   patch from Markus Friedl <markus.friedl@informatik.uni-erlangen.de>
+ - Auto-locate xauth. Patch from David Agraz <dagraz@jahoopa.com>
+ - Compile fix from David Agraz <dagraz@jahoopa.com>
+ - Avoid compiler warning in bsd-snprintf.c
+ - Added pam_limits.so to default PAM config. Suggested by 
+   Jim Knoble <jmknoble@pobox.com>
+
+19991209
+ - Import of patch from Ben Taylor <bent@clark.net>:
+   - Improved PAM support
+   - "uninstall" rule for Makefile
+   - utmpx support
+   - Should fix PAM problems on Solaris
+ - OpenBSD CVS updates:
+   - [readpass.c]
+     avoid stdio; based on work by markus, millert, and I
+   - [sshd.c]
+     make sure the client selects a supported cipher
+   - [sshd.c]
+     fix sighup handling.  accept would just restart and daemon handled 
+     sighup only after the next connection was accepted. use poll on 
+     listen sock now.
+   - [sshd.c]
+     make that a fatal
+ - Applied patch from David Rankin <drankin@bohemians.lexington.ky.us>
+   to fix libwrap support on NetBSD
+ - Released 1.2pre17
+
+19991208
+ - Compile fix for Solaris with /dev/ptmx from 
+   David Agraz <dagraz@jahoopa.com>
+
+19991207
+ - sshd Redhat init script patch from Jim Knoble <jmknoble@pobox.com>
+   fixes compatability with 4.x and 5.x
+ - Fixed default SSH_ASKPASS
+ - Fix PAM account and session being called multiple times. Problem 
+   reported by Adrian Baugh <adrian@merlin.keble.ox.ac.uk>
+ - Merged more OpenBSD changes:
+   - [atomicio.c authfd.c scp.c serverloop.c ssh.h sshconnect.c sshd.c]
+     move atomicio into it's own file.  wrap all socket write()s which 
+     were doing write(sock, buf, len) != len, with atomicio() calls.
+   - [auth-skey.c]
+     fd leak
+   - [authfile.c]
+     properly name fd variable
+   - [channels.c]
+     display great hatred towards strcpy
+   - [pty.c pty.h sshd.c]
+     use openpty() if it exists (it does on BSD4_4)
+   - [tildexpand.c]
+     check for ~ expansion past MAXPATHLEN
+ - Modified helper.c to use new atomicio function.
+ - Reformat Makefile a little
+ - Moved RC4 routines from rc4.[ch] into helper.c
+ - Added autoconf code to detect /dev/ptmx (Solaris) and /dev/ptc (AIX)
+ - Updated SuSE spec from Chris Saia <csaia@wtower.com>
+ - Tweaked Redhat spec
+ - Clean up bad imports of a few files (forgot -kb)
+ - Released 1.2pre16
+
+19991204
+ - Small cleanup of PAM code in sshd.c
+ - Merged OpenBSD CVS changes:
+   - [auth-krb4.c auth-passwd.c auth-skey.c ssh.h]
+     move skey-auth from auth-passwd.c to auth-skey.c, same for krb4
+   - [auth-rsa.c]
+     warn only about mismatch if key is _used_
+     warn about keysize-mismatch with log() not error()
+     channels.c readconf.c readconf.h ssh.c ssh.h sshconnect.c
+     ports are u_short
+   - [hostfile.c]
+     indent, shorter warning
+   - [nchan.c]
+     use error() for internal errors
+   - [packet.c]
+     set loglevel for SSH_MSG_DISCONNECT to log(), not fatal()
+     serverloop.c
+     indent
+   - [ssh-add.1 ssh-add.c ssh.h]
+     document $SSH_ASKPASS, reasonable default
+   - [ssh.1]
+     CheckHostIP is not available for connects via proxy command
+   - [sshconnect.c]
+     typo
+     easier to read client code for passwd and skey auth
+     turn of checkhostip for proxy connects, since we don't know the remote ip
+
+19991126
+ - Add definition for __P()
+ - Added [v]snprintf() replacement for systems that lack it
+
+19991125
+ - More reformatting merged from OpenBSD CVS
+ - Merged OpenBSD CVS changes:
+   - [channels.c]
+     fix packet_integrity_check() for !have_hostname_in_open.
+     report from mrwizard@psu.edu via djm@ibs.com.au
+   - [channels.c]
+     set SO_REUSEADDR and SO_LINGER for forwarded ports.
+     chip@valinux.com via damien@ibs.com.au
+   - [nchan.c]
+     it's not an error() if shutdown_write failes in nchan.
+   - [readconf.c]
+     remove dead #ifdef-0-code
+   - [readconf.c servconf.c]
+     strcasecmp instead of tolower
+   - [scp.c]
+     progress meter overflow fix from damien@ibs.com.au
+   - [ssh-add.1 ssh-add.c]
+     SSH_ASKPASS support
+   - [ssh.1 ssh.c]
+     postpone fork_after_authentication until command execution,
+     request/patch from jahakala@cc.jyu.fi via damien@ibs.com.au
+     plus: use daemon() for backgrounding
+ - Added BSD compatible install program and autoconf test, thanks to
+   Niels Kristian Bech Jensen <nkbj@image.dk>
+ - Solaris fixing, thanks to Ben Taylor <bent@clark.net>
+ - Merged beginnings of AIX support from Tor-Ake Fransson <torake@hotmail.com>
+ - Release 1.2pre15
+
+19991124
+ - Merged very large OpenBSD source code reformat
+ - OpenBSD CVS updates
+   - [channels.c cipher.c compat.c log-client.c scp.c serverloop.c]
+     [ssh.h sshd.8 sshd.c]
+     syslog changes:
+     * Unified Logmessage for all auth-types, for success and for failed
+     * Standard connections get only ONE line in the LOG when level==LOG:
+       Auth-attempts are logged only, if authentication is:
+          a) successfull or
+          b) with passwd or
+          c) we had more than AUTH_FAIL_LOG failues
+     * many log() became verbose()
+     * old behaviour with level=VERBOSE
+   - [readconf.c readconf.h ssh.1 ssh.h sshconnect.c sshd.c]
+     tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE
+     messages. allows use of s/key in windows (ttssh, securecrt) and
+     ssh-1.2.27 clients without 'ssh -v', ok: niels@
+   - [sshd.8]
+     -V, for fallback to openssh in SSH2 compatibility mode
+   - [sshd.c]
+     fix sigchld race; cjc5@po.cwru.edu
+
+19991123
+ - Added SuSE package files from Chris Saia <csaia@wtower.com>
+ - Restructured package-related files under packages/*
+ - Added generic PAM config
+ - Numerous little Solaris fixes
+ - Add recommendation to use GNU make to INSTALL document
+
+19991122
+ - Make <enter> close gnome-ssh-askpass (Debian bug #50299)
+ - OpenBSD CVS Changes
+   - [ssh-keygen.c] 
+     don't create ~/.ssh only if the user wants to store the private 
+     key there. show fingerprint instead of public-key after 
+     keygeneration. ok niels@
+ - Added OpenBSD bsd-strlcat.c, created bsd-strlcat.h
+ - Added timersub() macro
+ - Tidy RCSIDs of bsd-*.c
+ - Added autoconf test and macro to deal with old PAM libraries 
+   pam_strerror definition (one arg vs two).
+ - Fix EGD problems (Thanks to Ben Taylor <bent@clark.net>)
+ - Retry /dev/urandom reads interrupted by signal (report from 
+   Robert Hardy <rhardy@webcon.net>)
+ - Added a setenv replacement for systems which lack it
+ - Only display public key comment when presenting ssh-askpass dialog
+ - Released 1.2pre14
+
+ - Configure, Make and changelog corrections from Tudor Bosman 
+   <tudorb@jm.nu> and Niels Kristian Bech Jensen <nkbj@image.dk>
+
+19991121
+ - OpenBSD CVS Changes:
+   - [channels.c]
+     make this compile, bad markus
+   - [log.c readconf.c servconf.c ssh.h]
+     bugfix: loglevels are per host in clientconfig,
+     factor out common log-level parsing code.
+   - [servconf.c]
+     remove unused index (-Wall)
+   - [ssh-agent.c]
+     only one 'extern char *__progname'
+   - [sshd.8]
+     document SIGHUP, -Q to synopsis
+   - [sshconnect.c serverloop.c sshd.c packet.c packet.h]
+     [channels.c clientloop.c]
+     SSH_CMSG_MAX_PACKET_SIZE, some clients use this, some need this, niels@
+     [hope this time my ISP stays alive during commit]
+   - [OVERVIEW README] typos; green@freebsd
+   - [ssh-keygen.c]
+     replace xstrdup+strcat with strlcat+fixed buffer, fixes OF (bad me)
+     exit if writing the key fails (no infinit loop)
+     print usage() everytime we get bad options
+   - [ssh-keygen.c] overflow, djm@mindrot.org
+   - [sshd.c] fix sigchld race; cjc5@po.cwru.edu
+     
+19991120
+ - Merged more Solaris support from Marc G. Fournier 
+   <marc.fournier@acadiau.ca>
+ - Wrote autoconf tests for integer bit-types
+ - Fixed enabling kerberos support
+ - Fix segfault in ssh-keygen caused by buffer overrun in filename 
+   handling.
+
+19991119
+ - Merged PAM buffer overrun patch from Chip Salzenberg <chip@valinux.com>
+ - Merged OpenBSD CVS changes
+   - [auth-rhosts.c auth-rsa.c ssh-agent.c sshconnect.c sshd.c]
+     more %d vs. %s in fmt-strings
+   - [authfd.c]
+     Integers should not be printed with %s
+ - EGD uses a socket, not a named pipe. Duh.
+ - Fix includes in fingerprint.c
+ - Fix scp progress bar bug again.
+ - Move ssh-askpass from ${libdir}/ssh to ${libexecdir}/ssh at request of 
+   David Rankin <drankin@bohemians.lexington.ky.us>
+ - Added autoconf option to enable Kerberos 4 support (untested)
+ - Added autoconf option to enable AFS support (untested)
+ - Added autoconf option to enable S/Key support (untested)
+ - Added autoconf option to enable TCP wrappers support (compiles OK)
+ - Renamed BSD helper function files to bsd-*
+ - Added tests for login and daemon and enable OpenBSD replacements for 
+   when they are absent.
+ - Added non-PAM MD5 password support patch from Tudor Bosman <tudorb@jm.nu>
+
+19991118
+ - Merged OpenBSD CVS changes
+   - [scp.c] foregroundproc() in scp
+   - [sshconnect.h] include fingerprint.h
+   - [sshd.c] bugfix: the log() for passwd-auth escaped during logging 
+     changes.
+   - [ssh.1] Spell my name right.
+ - Added openssh.com info to README
+
+19991117
+ - Merged OpenBSD CVS changes
+   - [ChangeLog.Ylonen] noone needs this anymore
+   - [authfd.c] close-on-exec for auth-socket, ok deraadt
+   - [hostfile.c] 
+     in known_hosts key lookup the entry for the bits does not need 
+     to match, all the information is contained in n and e. This 
+     solves the problem with buggy servers announcing the wrong 
+     modulus length.  markus and me.
+   - [serverloop.c] 
+     bugfix: check for space if child has terminated, from: 
+     iedowse@maths.tcd.ie
+   - [ssh-add.1 ssh-add.c ssh-keygen.1 ssh-keygen.c sshconnect.c]
+     [fingerprint.c fingerprint.h]
+     rsa key fingerprints, idea from Bjoern Groenvall <bg@sics.se>
+   - [ssh-agent.1] typo
+   - [ssh.1] add OpenSSH information to AUTHOR section. okay markus@
+   - [sshd.c] 
+     force logging to stderr while loading private key file
+     (lost while converting to new log-levels)
+
+19991116
+ - Fix some Linux libc5 problems reported by Miles Wilson <mw@mctitle.com>
+ - Merged OpenBSD CVS changes:
+   - [auth-rh-rsa.c auth-rsa.c authfd.c authfd.h hostfile.c mpaux.c]
+     [mpaux.h ssh-add.c ssh-agent.c ssh.h ssh.c sshd.c]
+     the keysize of rsa-parameter 'n' is passed implizit,
+     a few more checks and warnings about 'pretended' keysizes.
+   - [cipher.c cipher.h packet.c packet.h sshd.c]
+     remove support for cipher RC4
+   - [ssh.c]
+     a note for legay systems about secuity issues with permanently_set_uid(),
+     the private hostkey and ptrace()
+   - [sshconnect.c]
+     more detailed messages about adding and checking hostkeys
+
+19991115
+ - Merged OpenBSD CVS changes:
+   - [ssh-add.c] change passphrase loop logic and remove ref to 
+     $DISPLAY, ok niels
+ - Changed to ssh-add.c broke askpass support. Revised it to be a little more
+   modular. 
+ - Revised autoconf support for enabling/disabling askpass support.
+ - Merged more OpenBSD CVS changes:
+   [auth-krb4.c]
+     - disconnect if getpeername() fails
+     - missing xfree(*client)
+   [canohost.c]
+     - disconnect if getpeername() fails
+     - fix comment: we _do_ disconnect if ip-options are set
+   [sshd.c]
+     - disconnect if getpeername() fails
+     - move checking of remote port to central place
+   [auth-rhosts.c] move checking of remote port to central place
+   [log-server.c] avoid extra fd per sshd, from millert@
+   [readconf.c] print _all_ bad config-options in ssh(1), too
+   [readconf.h] print _all_ bad config-options in ssh(1), too
+   [ssh.c] print _all_ bad config-options in ssh(1), too
+   [sshconnect.c] disconnect if getpeername() fails
+ - OpenBSD's changes to sshd.c broke the PAM stuff, re-merged it.
+ - Various small cleanups to bring diff (against OpenBSD) size down.
+ - Merged more Solaris compability from Marc G. Fournier
+   <marc.fournier@acadiau.ca>
+ - Wrote autoconf tests for __progname symbol
+ - RPM spec file fixes from Jim Knoble <jmknoble@pobox.com>
+ - Released 1.2pre12
+
+ - Another OpenBSD CVS update:
+   - [ssh-keygen.1] fix .Xr
+
+19991114
+ - Solaris compilation fixes (still imcomplete)
+
+19991113
+ - Build patch from Niels Kristian Bech Jensen <nkbj@image.dk>
+   - Don't install config files if they already exist
+   - Fix inclusion of additional preprocessor directives from acconfig.h
+ - Removed redundant inclusions of config.h
+ - Added 'Obsoletes' lines to RPM spec file
+ - Merged OpenBSD CVS changes:
+   - [bufaux.c] save a view malloc/memcpy/memset/free's, ok niels
+   - [scp.c] fix overflow reported by damien@ibs.com.au: off_t 
+     totalsize, ok niels,aaron
+ - Delay fork (-f option) in ssh until after port forwarded connections 
+   have been initialised. Patch from Jani Hakala <jahakala@cc.jyu.fi>
+ - Added shadow password patch from Thomas Neumann <tom@smart.ruhr.de>
+ - Added ifdefs to auth-passwd.c to exclude it when PAM is enabled
+ - Tidied default config file some more
+ - Revised Redhat initscript to fix bug: sshd (re)start would fail
+   if executed from inside a ssh login.
+
+19991112
+ - Merged changes from OpenBSD CVS
+   - [sshd.c] session_key_int may be zero
+   - [auth-rh-rsa.c servconf.c servconf.h ssh.h sshd.8 sshd.c sshd_config]
+     IgnoreUserKnownHosts(default=no), used for RhostRSAAuth, ok 
+     deraadt,millert
+ - Brought default sshd_config more in line with OpenBSD's
+ - Grab server in gnome-ssh-askpass (Debian bug #49872)
+ - Released 1.2pre10
+
+ - Added INSTALL documentation
+ - Merged yet more changes from OpenBSD CVS
+   - [auth-rh-rsa.c auth-rhosts.c auth-rsa.c channels.c clientloop.c]
+     [ssh.c ssh.h sshconnect.c sshd.c]
+     make all access to options via 'extern Options options'
+     and 'extern ServerOptions options' respectively;
+     options are no longer passed as arguments:
+      * make options handling more consistent
+      * remove #include "readconf.h" from ssh.h
+      * readconf.h is only included if necessary
+   - [mpaux.c] clear temp buffer
+   - [servconf.c] print _all_ bad options found in configfile
+ - Make ssh-askpass support optional through autoconf
+ - Fix nasty division-by-zero error in scp.c
+ - Released 1.2pre11
+
+19991111
+ - Added (untested) Entropy Gathering Daemon (EGD) support
+ - Fixed /dev/urandom fd leak (Debian bug #49722)
+ - Merged OpenBSD CVS changes:
+   - [auth-rh-rsa.c] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
+   - [ssh.1] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
+   - [sshd.8] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
+ - Fix integer overflow which was messing up scp's progress bar for large 
+   file transfers. Fix submitted to OpenBSD developers. Report and fix
+   from Kees Cook <cook@cpoint.net>
+ - Merged more OpenBSD CVS changes:
+   - [auth-krb4.c auth-passwd.c] remove x11- and krb-cleanup from fatal() 
+     + krb-cleanup cleanup
+   - [clientloop.c log-client.c log-server.c ]
+     [readconf.c readconf.h servconf.c servconf.h ]
+     [ssh.1 ssh.c ssh.h sshd.8]
+     add LogLevel {QUIET, FATAL, ERROR, INFO, CHAT, DEBUG} to ssh/sshd,
+     obsoletes QuietMode and FascistLogging in sshd.
+   - [sshd.c] fix fatal/assert() bug reported by damien@ibs.com.au:
+     allow session_key_int != sizeof(session_key)
+     [this should fix the pre-assert-removal-core-files]
+ - Updated default config file to use new LogLevel option and to improve
+   readability
+
+19991110
+ - Merged several minor fixes:
+   - ssh-agent commandline parsing
+   - RPM spec file now installs ssh setuid root
+   - Makefile creates libdir
+   - Merged beginnings of Solaris compability from Marc G. Fournier
+     <marc.fournier@acadiau.ca>
+
+19991109
+ - Autodetection of SSL/Crypto library location via autoconf
+ - Fixed location of ssh-askpass to follow autoconf
+ - Integrated Makefile patch from Niels Kristian Bech Jensen <nkbj@image.dk>
+ - Autodetection of RSAref library for US users
+ - Minor doc updates
+ - Merged OpenBSD CVS changes:
+   - [rsa.c] bugfix: use correct size for memset()
+   - [sshconnect.c] warn if announced size of modulus 'n' != real size
+ - Added GNOME passphrase requestor (use --with-gnome-askpass)
+ - RPM build now creates subpackages
+ - Released 1.2pre9
+
+19991108
+ - Removed debian/ directory. This is now being maintained separately.
+ - Added symlinks for slogin in RPM spec file
+ - Fixed permissions on manpages in RPM spec file
+ - Added references to required libraries in README file
+ - Removed config.h.in from CVS
+ - Removed pwdb support (better pluggable auth is provided by glibc)
+ - Made PAM and requisite libdl optional
+ - Removed lots of unnecessary checks from autoconf
+ - Added support and autoconf test for openpty() function (Unix98 pty support)
+ - Fix for scp not finding ssh if not installed as /usr/bin/ssh
+ - Added TODO file
+ - Merged parts of Debian patch From Phil Hands <phil@hands.com>:
+   - Added ssh-askpass program
+   - Added ssh-askpass support to ssh-add.c
+   - Create symlinks for slogin on install
+   - Fix "distclean" target in makefile
+   - Added example for ssh-agent to manpage
+   - Added support for PAM_TEXT_INFO messages
+   - Disable internal /etc/nologin support if PAM enabled
+ - Merged latest OpenBSD CVS changes:
+   - [all] replace assert() with error, fatal or packet_disconnect
+   - [sshd.c] don't send fail-msg but disconnect if too many authentication
+     failures
+   - [sshd.c] remove unused argument. ok dugsong
+   - [sshd.c] typo
+   - [rsa.c] clear buffers used for encryption. ok: niels
+   - [rsa.c] replace assert() with error, fatal or packet_disconnect
+   - [auth-krb4.c] remove unused argument. ok dugsong
+ - Fixed coredump after merge of OpenBSD rsa.c patch
+ - Released 1.2pre8
+
+19991102
+ - Merged change from OpenBSD CVS
+  - One-line cleanup in sshd.c
+
+19991030
+ - Integrated debian package support from Dan Brosemer <odin@linuxfreak.com>
+ - Merged latest updates for OpenBSD CVS:
+   - channels.[ch] - remove broken x11 fix and document istate/ostate
+   - ssh-agent.c - call setsid() regardless of argv[]
+   - ssh.c - save a few lines when disabling rhosts-{rsa-}auth
+ - Documentation cleanups
+ - Renamed README -> README.Ylonen
+ - Renamed README.openssh ->README
+
+19991029
+ - Renamed openssh* back to ssh* at request of Theo de Raadt
+ - Incorporated latest changes from OpenBSD's CVS
+ - Integrated Makefile patch from  Niels Kristian Bech Jensen <nkbj@image.dk>
+ - Integrated PAM env patch from Nalin Dahyabhai <nalin.dahyabhai@pobox.com>
+ - Make distclean now removed configure script
+ - Improved PAM logging
+ - Added some debug() calls for PAM
+ - Removed redundant subdirectories
+ - Integrated part of a patch from Dan Brosemer <odin@linuxfreak.com> for 
+   building on Debian.
+ - Fixed off-by-one error in PAM env patch
+ - Released 1.2pre6
+
+19991028
+ - Further PAM enhancements.
+   - Much cleaner
+   - Now uses account and session modules for all logins.
+ - Integrated patch from Dan Brosemer <odin@linuxfreak.com>
+   - Build fixes
+   - Autoconf
+   - Change binary names to open*
+ - Fixed autoconf script to detect PAM on RH6.1
+ - Added tests for libpwdb, and OpenBSD functions to autoconf
+ - Released 1.2pre4
+
+ - Imported latest OpenBSD CVS code
+ - Updated README.openssh
+ - Released 1.2pre5
+
+19991027
+ - Adapted PAM patch.
+ - Released 1.0pre2
+
+ - Excised my buggy replacements for strlcpy and mkdtemp
+ - Imported correct OpenBSD strlcpy and mkdtemp routines.
+ - Reduced arc4random_stir entropy read to 32 bytes (256 bits)
+ - Picked up correct version number from OpenBSD
+ - Added sshd.pam PAM configuration file
+ - Added sshd.init Redhat init script
+ - Added openssh.spec RPM spec file
+ - Released 1.2pre3
+
+19991026
+ - Fixed include paths of OpenSSL functions
+ - Use OpenSSL MD5 routines
+ - Imported RC4 code from nanocrypt
+ - Wrote replacements for OpenBSD arc4random* functions
+ - Wrote replacements for strlcpy and mkdtemp
+ - Released 1.0pre1