1 files changed, 5288 insertions, 0 deletions

diff --git a/other/ssharp/ChangeLog b/other/ssharp/ChangeLog
new file mode 100644
index 0000000..ccc3980
--- /dev/null
+++ b/other/ssharp/ChangeLog
@@ -0,0 +1,5288 @@
+Stealth:
+
+- version 0.4
+  Now MiM also works the ssh-dss<->ssh-rsa way. New hack!
+
+- version 0.33
+  tagged it to ensure it works. I tested it and it worked ;-)
+  Some minor code cleanups.
+
+- version 0.31 works with passwd-MiM.
+  c/r MiM wont work with protocol translation.
+  versions > 0.31 are experimental.
+
+20010429
+ - (bal) Updated INSTALL.  PCRE moved to a new place.
+ - (djm) Add Theo Schlossnagle's <jesus@omniti.com> SecurID patch to contrib/
+ - (djm) Release 2.9p1
+
+20010427
+ - (bal) Fixed uidswap.c so it should work on non-posix complient systems.
+   patch based on 2.5.2 version by djm.
+ - (bal) Build manpages and config files once unless changed.  Patch by
+   Carson Gaspar <carson@taltos.org>
+ - (bal) arpa/nameser.h does not exist on Cygwin.  Patch by Corinna 
+   Vinschen <vinschen@redhat.com>
+ - (bal) Add /etc/sysconfig/sshd support to redhat's sshd.init. Patch by
+   Pekka Savola <pekkas@netcore.fi>
+ - (bal) Cygwin lacks setgroups() API.  Patch by Corinna Vinschen 
+   <vinschen@redhat.com>
+ - (bal) version.h synced, RPM specs updated for 2.9
+ - (tim) update contrib/caldera files with what Caldera is using.
+   <sps@caldera.de>
+
+20010425
+ - OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/04/23 21:57:07
+     [ssh-keygen.1 ssh-keygen.c]
+     allow public key for -e, too
+   - markus@cvs.openbsd.org 2001/04/23 22:14:13
+     [ssh-keygen.c]
+     remove debug
+ - (bal) Whitespace resync w/ OpenBSD for uidswap.c
+ - (djm) Add new server configuration directive 'PAMAuthenticationViaKbdInt'
+   (default: off), implies KbdInteractiveAuthentication. Suggestion from 
+   markus@
+ - (djm) Include crypt.h if available in auth-passwd.c
+ - tim@mindrot.org 2001/04/25 21:38:01 [configure.in]
+   man page detection fixes for SCO
+
+20010424
+ - OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/04/22 23:58:36
+     [ssh-keygen.1 ssh.1 sshd.8]
+     document hostbased and other cleanup
+ - (stevesk) start_pam() doesn't use DNS now for sshd -u0.
+ - (stevesk) auth-pam.c: use PERMIT_NO_PASSWD
+ - (bal) sys/queue.h is bogus for NCR platform.  Patch by Daniel Carroll 
+   <dan@mesastate.edu>
+ - (bal) Fixed contrib/postinstall.in.  Patch by wsanders@wsanders.net
+
+20010422
+ - OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/04/20 16:32:22
+     [uidswap.c]
+     set non-privileged gid before uid; tholo@ and deraadt@
+   - mouring@cvs.openbsd.org 2001/04/21 00:55:57
+     [sftp.1]
+     Spelling
+   - djm@cvs.openbsd.org 2001/04/22 08:13:30
+     [ssh.1]
+     typos spotted by stevesk@; ok deraadt@
+   - markus@cvs.openbsd.org 2001/04/22 12:34:05
+     [scp.c]
+     scp > 2GB; niles@scyld.com; ok deraadt@, djm@
+   - markus@cvs.openbsd.org 2001/04/22 13:25:37
+     [ssh-keygen.1 ssh-keygen.c]
+     rename arguments -x -> -e (export key), -X -> -i (import key)
+     xref draft-ietf-secsh-publickeyfile-01.txt
+   - markus@cvs.openbsd.org 2001/04/22 13:32:27
+     [sftp-server.8 sftp.1 ssh.1 sshd.8]
+     xref draft-ietf-secsh-*
+   - markus@cvs.openbsd.org 2001/04/22 13:41:02
+     [ssh-keygen.1 ssh-keygen.c]
+     style, noted by stevesk; sort flags in usage
+
+20010421
+ - OpenBSD CVS Sync
+   - djm@cvs.openbsd.org 2001/04/20 07:17:51
+     [clientloop.c ssh.1]
+     Split out and improve escape character documentation, mention ~R in
+     ~? help text; ok markus@
+ - Update RPM spec files for CVS version.h
+ - (stevesk) set the default PAM service name to __progname instead
+   of the hard-coded value "sshd"; from Mark D. Roth <roth@feep.net>
+ - (stevesk) document PAM service name change in INSTALL
+ - tim@mindrot.org 2001/04/21 14:25:57 [Makefile.in configure.in]
+   fix perl test, fix nroff test, fix Makefile to build outside source tree
+
+20010420
+ - OpenBSD CVS Sync
+   - ian@cvs.openbsd.org 2001/04/18 16:21:05
+     [ssh-keyscan.1]                        
+     Fix typo reported in PR/1779           
+   - markus@cvs.openbsd.org 2001/04/18 21:57:42                            
+     [readpass.c ssh-add.c]                                                
+     call askpass from ssh, too, based on work by roth@feep.net, ok deraadt
+   - markus@cvs.openbsd.org 2001/04/18 22:03:45                           
+     [auth2.c sshconnect2.c]                                              
+     use FDQN with trailing dot in the hostbased auth packets, ok deraadt@
+   - markus@cvs.openbsd.org 2001/04/18 22:48:26
+     [auth2.c]                                 
+     no longer const                           
+   - markus@cvs.openbsd.org 2001/04/18 23:43:26                          
+     [auth2.c compat.c sshconnect2.c]                                    
+     more ssh v2 hostbased-auth interop: ssh.com >= 2.1.0 works now      
+     (however the 2.1.0 server seems to work only if debug is enabled...)
+   - markus@cvs.openbsd.org 2001/04/18 23:44:51
+     [authfile.c] 
+     error->debug; noted by fries@ 
+   - markus@cvs.openbsd.org 2001/04/19 00:05:11       
+     [auth2.c]                                        
+     use local variable, no function call needed.     
+     (btw, hostbased works now with ssh.com >= 2.0.13)
+  - (bal) Put scp-common.h back into scp.c (it exists in the upstream
+    tree) pointed out by Tom Holroyd <tomh@po.crl.go.jp>
+
+20010418
+  - OpenBSD CVS Sync                            
+   - markus@cvs.openbsd.org 2001/04/17 19:34:25
+     [session.c]
+     move auth_approval to do_authenticated().
+     do_child(): nuke hostkeys from memory
+     don't source .ssh/rc for subsystems.
+   - markus@cvs.openbsd.org 2001/04/18 14:15:00
+     [canohost.c]
+     debug->debug3
+  - (bal) renabled 'catman-do:' and fixed it.  So now catman pages should
+    be working again.
+  - (bal) Makfile day... Cleaned up multiple mantype support (Patch by
+    Mark D. Roth <roth+openssh@feep.net>), and fixed PIDDIR support.
+
+20010417
+  - (bal) Add perl5 check for HP/UX, Removed GNUness from Makefile.in
+    and temporary commented out 'catman-do:' since it is broken.  Patches
+    for the first two by Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
+  - OpenBSD CVS Sync
+   - deraadt@cvs.openbsd.org 2001/04/16 08:26:04
+     [key.c]
+     better safe than sorry in later mods; yongari@kt-is.co.kr
+   - markus@cvs.openbsd.org 2001/04/17 08:14:01
+     [sshconnect1.c]
+     check for key!=NULL, thanks to costa
+   - markus@cvs.openbsd.org 2001/04/17 09:52:48
+     [clientloop.c]
+     handle EINTR/EAGAIN on read; ok deraadt@
+   - markus@cvs.openbsd.org 2001/04/17 10:53:26
+     [key.c key.h readconf.c readconf.h ssh.1 sshconnect2.c]
+     add HostKeyAlgorithms; based on patch from res@shore.net; ok provos@
+   - markus@cvs.openbsd.org 2001/04/17 12:55:04
+     [channels.c ssh.c]
+     undo socks5 and https support since they are not really used and
+     only bloat ssh.  remove -D from usage(), since '-D' is experimental.
+
+20010416
+  - OpenBSD CVS Sync
+   - stevesk@cvs.openbsd.org 2001/04/15 01:35:22
+     [ttymodes.c]
+     fix comments
+   - markus@cvs.openbsd.org 2001/04/15 08:43:47
+     [dh.c sftp-glob.c sftp-glob.h sftp-int.c sshconnect2.c sshd.c]
+     some unused variable and typos; from tomh@po.crl.go.jp
+   - markus@cvs.openbsd.org 2001/04/15 16:58:03
+     [authfile.c ssh-keygen.c sshd.c]
+     don't use errno for key_{load,save}_private; discussion w/ solar@openwall
+   - markus@cvs.openbsd.org 2001/04/15 17:16:00
+     [clientloop.c]
+     set stdin/out/err to nonblocking in SSH proto 1, too. suggested by ho@
+     should fix some of the blocking problems for rsync over SSH-1
+   - stevesk@cvs.openbsd.org 2001/04/15 19:41:21
+     [sshd.8]
+     some ClientAlive cleanup; ok markus@
+   - stevesk@cvs.openbsd.org 2001/04/15 21:28:35
+     [readconf.c servconf.c]
+     use fatal() or error() vs. fprintf(); ok markus@
+ - (djm) Convert mandoc manpages to man automatically. Patch from Mark D.
+   Roth <roth+openssh@feep.net>
+ - (bal) CVS ID fix up and slight manpage fix from OpenBSD tree.
+  - (djm) OpenBSD CVS Sync
+   - mouring@cvs.openbsd.org 2001/04/16 02:31:44
+     [scp.c sftp.c]
+     IPv6 support for sftp (which I bungled in my last patch) which is
+     borrowed from scp.c.  Thanks to Markus@ for pointing it out.
+   - deraadt@cvs.openbsd.org 2001/04/16 08:05:34
+     [xmalloc.c]
+     xrealloc dealing with ptr == nULL; mouring
+   - djm@cvs.openbsd.org 2001/04/16 08:19:31
+     [session.c]
+     Split motd and hushlogin checks into seperate functions, helps for 
+     portable. From Chris Adams <cmadams@hiwaay.net>; ok markus@
+ - Fix OSF SIA support displaying too much information for quiet 
+   logins and logins where access was denied by SIA. Patch from Chris Adams 
+   <cmadams@hiwaay.net>
+
+20010415
+ - OpenBSD CVS Sync
+   - deraadt@cvs.openbsd.org 2001/04/14 04:31:01
+     [ssh-add.c]
+     do not double free
+   - markus@cvs.openbsd.org 2001/04/14 16:17:14
+     [channels.c]
+     remove some channels that are not appropriate for keepalive.
+   - markus@cvs.openbsd.org 2001/04/14 16:27:57
+     [ssh-add.c]
+     use clear_pass instead of xfree()
+   - stevesk@cvs.openbsd.org 2001/04/14 16:33:20
+     [clientloop.c packet.h session.c ssh.c ttymodes.c ttymodes.h]
+     protocol 2 tty modes support; ok markus@
+   - stevesk@cvs.openbsd.org 2001/04/14 17:04:42
+     [scp.c]
+     'T' handling rcp/scp sync; ok markus@
+ - Missed sshtty.[ch] in Sync.
+
+20010414
+ - Sync with OpenBSD glob.c, strlcat.c and vis.c changes
+ - Cygwin sftp/sftp-server binary mode patch from Corinna Vinschen 
+   <vinschen@redhat.com>
+ - OpenBSD CVS Sync
+   - beck@cvs.openbsd.org 2001/04/13 22:46:54
+     [channels.c channels.h servconf.c servconf.h serverloop.c sshd.8]
+     Add options ClientAliveInterval and ClientAliveCountMax to sshd.
+     This gives the ability to do a "keepalive" via the encrypted channel
+     which can't be spoofed (unlike TCP keepalives). Useful for when you want
+     to use ssh connections to authenticate people for something, and know
+     relatively quickly when they are no longer authenticated. Disabled
+     by default (of course). ok markus@
+
+20010413
+ - OpenBSD CVS Sync                                                           
+   - markus@cvs.openbsd.org 2001/04/12 14:29:09 
+     [ssh.c]                                                
+     show debug output during option processing, report from 
+     pekkas@netcore.fi
+   - markus@cvs.openbsd.org 2001/04/12 19:15:26
+     [auth-rhosts.c auth.h auth2.c buffer.c canohost.c canohost.h 
+      compat.c compat.h hostfile.c pathnames.h readconf.c readconf.h 
+      servconf.c servconf.h ssh.c sshconnect.c sshconnect.h sshconnect1.c 
+      sshconnect2.c sshd_config]
+     implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2)
+     similar to RhostRSAAuthentication unless you enable (the experimental)
+     HostbasedUsesNameFromPacketOnly option.  please test. :)
+   - markus@cvs.openbsd.org 2001/04/12 19:39:27
+     [readconf.c]
+     typo
+   - stevesk@cvs.openbsd.org 2001/04/12 20:09:38
+     [misc.c misc.h readconf.c servconf.c ssh.c sshd.c]
+     robust port validation; ok markus@ jakob@
+   - mouring@cvs.openbsd.org 2001/04/12 23:17:54
+     [sftp-int.c sftp-int.h sftp.1 sftp.c]
+     Add support for:
+        sftp [user@]host[:file [file]]  - Fetch remote file(s)
+        sftp [user@]host[:dir[/]]       - Start in remote dir/
+     OK deraadt@
+   - stevesk@cvs.openbsd.org 2001/04/13 01:26:17
+     [ssh.c]
+     missing \n in error message
+ - (bal) Added openbsd-compat/inet_ntop.[ch] since HP/UX (and others)
+   lack it.
+
+20010412
+ - OpenBSD CVS Sync                            
+   - markus@cvs.openbsd.org 2001/04/10 07:46:58
+     [channels.c]                              
+     cleanup socks4 handling                   
+   - itojun@cvs.openbsd.org 2001/04/10 09:13:22       
+     [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
+     document id_rsa{.pub,}.  markus ok               
+   - markus@cvs.openbsd.org 2001/04/10 12:15:23
+     [channels.c]                              
+     debug cleanup                             
+   - djm@cvs.openbsd.org 2001/04/11 07:06:22
+     [sftp-int.c]
+     'mget' and 'mput' aliases; ok markus@
+   - markus@cvs.openbsd.org 2001/04/11 10:59:01
+     [ssh.c]
+     use strtol() for ports, thanks jakob@
+   - markus@cvs.openbsd.org 2001/04/11 13:56:13
+     [channels.c ssh.c]
+     https-connect and socks5 support. i feel so bad.
+   - lebel@cvs.openbsd.org 2001/04/11 16:25:30
+     [sshd.8 sshd.c]
+     implement the -e option into sshd:
+      -e      When this option is specified, sshd will send the output to the
+              standard error instead of the system log.
+     markus@ OK.
+
+20010410
+ - OpenBSD CVS Sync
+   - deraadt@cvs.openbsd.org 2001/04/08 20:52:55
+     [sftp.c]
+     do not modify an actual argv[] entry
+   - stevesk@cvs.openbsd.org 2001/04/08 23:28:27
+     [sshd.8]
+     spelling
+   - stevesk@cvs.openbsd.org 2001/04/09 00:42:05
+     [sftp.1]
+     spelling
+   - markus@cvs.openbsd.org 2001/04/09 15:12:23
+     [ssh-add.c]
+     passphrase caching: ssh-add tries last passphrase, clears passphrase if
+     not successful and after last try.
+     based on discussions with espie@, jakob@, ... and code from jakob@ and
+     wolfgang@wsrcc.com
+   - markus@cvs.openbsd.org 2001/04/09 15:19:49
+     [ssh-add.1]
+     ssh-add retries the last passphrase...
+   - stevesk@cvs.openbsd.org 2001/04/09 18:00:15
+     [sshd.8]
+     ListenAddress mandoc from aaron@
+
+20010409
+ - (stevesk) use setresgid() for setegid() if needed
+ - (stevesk) configure.in: typo
+ - OpenBSD CVS Sync
+   - stevesk@cvs.openbsd.org 2001/04/08 16:01:36
+     [sshd.8]
+     document ListenAddress addr:port
+   - markus@cvs.openbsd.org 2001/04/08 13:03:00
+     [ssh-add.c]
+     init pointers with NULL, thanks to danimal@danimal.org
+   - markus@cvs.openbsd.org 2001/04/08 11:27:33
+     [clientloop.c]
+     leave_raw_mode if ssh2 "session" is closed
+   - markus@cvs.openbsd.org 2001/04/06 21:00:17
+     [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth2.c channels.c session.c
+      ssh.c sshconnect.c sshconnect.h uidswap.c uidswap.h]
+     do gid/groups-swap in addition to uid-swap, should help if /home/group
+     is chmod 750 + chgrp grp /home/group/, work be deraadt and me, thanks
+     to olar@openwall.com is comments.  we had many requests for this.
+   - markus@cvs.openbsd.org 2001/04/07 08:55:18
+     [buffer.c channels.c channels.h readconf.c ssh.c]
+     allow the ssh client act as a SOCKS4 proxy (dynamic local 
+     portforwarding).  work by Dan Kaminsky <dankamin@cisco.com> and me. 
+     thanks to Dan for this great patch: use 'ssh -D 1080 host' and make 
+     netscape use localhost:1080 as a socks proxy.
+   - markus@cvs.openbsd.org 2001/04/08 11:24:33
+     [uidswap.c]
+     KNF
+
+20010408
+ - OpenBSD CVS Sync
+   - stevesk@cvs.openbsd.org 2001/04/06 22:12:47
+     [hostfile.c]
+     unused; typo in comment
+   - stevesk@cvs.openbsd.org 2001/04/06 22:25:25
+     [servconf.c]
+     in addition to:
+     ListenAddress host|ipv4_addr|ipv6_addr
+     permit:
+     ListenAddress [host|ipv4_addr|ipv6_addr]:port
+     ListenAddress host|ipv4_addr:port
+     sshd.8 updates coming.  ok markus@
+
+20010407
+ - (bal) CVS ID Resync of version.h
+ - OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/04/05 23:39:20
+     [serverloop.c]
+     keep the ssh session even if there is no active channel.
+     this is more in line with the protocol spec and makes
+        ssh -N -L 1234:server:110 host
+     more useful.
+     based on discussion with <mats@mindbright.se> long time ago
+     and recent mail from <res@shore.net>
+   - deraadt@cvs.openbsd.org 2001/04/06 16:46:59
+     [scp.c]
+     remove trailing / from source paths; fixes pr#1756
+ 
+20010406
+ - (stevesk) logintest.c: fix for systems without __progname
+ - (stevesk) Makefile.in: log.o is in libssh.a
+ - OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/04/05 10:00:06
+     [compat.c]
+     2.3.x does old  GEX, too; report jakob@
+   - markus@cvs.openbsd.org 2001/04/05 10:39:03
+     [compress.c compress.h packet.c]
+     reset compress state per direction when rekeying.
+   - markus@cvs.openbsd.org 2001/04/05 10:39:48
+     [version.h]
+     temporary version 2.5.4 (supports rekeying).
+     this is not an official release.
+   - markus@cvs.openbsd.org 2001/04/05 10:42:57
+     [auth-chall.c authfd.c channels.c clientloop.c kex.c kexgex.c key.c 
+      mac.c packet.c serverloop.c sftp-client.c sftp-client.h sftp-glob.c 
+      sftp-glob.h sftp-int.c sftp-server.c sftp.c ssh-keygen.c sshconnect.c 
+      sshconnect2.c sshd.c]
+     fix whitespace: unexpand + trailing spaces.
+   - markus@cvs.openbsd.org 2001/04/05 11:09:17
+     [clientloop.c compat.c compat.h]
+     add SSH_BUG_NOREKEY and detect broken (=all old) openssh versions.
+   - markus@cvs.openbsd.org 2001/04/05 15:45:43
+     [ssh.1]
+     ssh defaults to protocol v2; from quisar@quisar.ambre.net
+   - stevesk@cvs.openbsd.org 2001/04/05 15:48:18
+     [canohost.c canohost.h session.c]
+     move get_remote_name_or_ip() to canohost.[ch]; for portable.  ok markus@
+   - markus@cvs.openbsd.org 2001/04/05 20:01:10
+     [clientloop.c]
+     for ~R print message if server does not support rekeying. (and fix ~R).
+   - markus@cvs.openbsd.org 2001/04/05 21:02:46
+     [buffer.c]
+     better error message
+   - markus@cvs.openbsd.org 2001/04/05 21:05:24
+     [clientloop.c ssh.c]
+     don't request a session for 'ssh -N', pointed out slade@shore.net
+
+20010405
+ - OpenBSD CVS Sync                                              
+   - markus@cvs.openbsd.org 2001/04/04 09:48:35                  
+     [kex.c kex.h kexdh.c kexgex.c packet.c sshconnect2.c sshd.c]
+     don't sent multiple kexinit-requests.                       
+     send newkeys, block while waiting for newkeys.              
+     fix comments.                                               
+   - markus@cvs.openbsd.org 2001/04/04 14:34:58                         
+     [clientloop.c kex.c kex.h serverloop.c sshconnect2.c sshd.c]       
+     enable server side rekeying + some rekey related clientup.         
+     todo: we should not send any non-KEX messages after we send KEXINIT
+   - markus@cvs.openbsd.org 2001/04/04 15:50:55
+     [compat.c]
+     f-secure 1.3.2 does not handle IGNORE; from milliondl@ornl.gov
+   - markus@cvs.openbsd.org 2001/04/04 20:25:38
+     [channels.c channels.h clientloop.c kex.c kex.h serverloop.c 
+      sshconnect2.c sshd.c]
+     more robust rekeying
+     don't send channel data after rekeying is started.
+   - markus@cvs.openbsd.org 2001/04/04 20:32:56
+     [auth2.c]
+     we don't care about missing bannerfiles; from tsoome@ut.ee, ok deraadt@
+   - markus@cvs.openbsd.org 2001/04/04 22:04:35
+     [kex.c kexgex.c serverloop.c]
+     parse full kexinit packet.
+     make server-side more robust, too.
+   - markus@cvs.openbsd.org 2001/04/04 23:09:18
+     [dh.c kex.c packet.c]
+     clear+free keys,iv for rekeying.
+     + fix DH mem leaks. ok niels@
+ - (stevesk) don't use vhangup() if defined(HAVE_DEV_PTMX); also removes
+    BROKEN_VHANGUP
+
+20010404
+ - OpenBSD CVS Sync
+   - deraadt@cvs.openbsd.org 2001/04/02 17:32:23
+     [ssh-agent.1]
+     grammar; slade@shore.net
+   - stevesk@cvs.openbsd.org 2001/04/03 13:56:11
+     [sftp-glob.c ssh-agent.c ssh-keygen.c]
+     free() -> xfree()
+   - markus@cvs.openbsd.org 2001/04/03 19:53:29
+     [dh.c dh.h kex.c kex.h sshconnect2.c sshd.c]
+     move kex to kex*.c, used dispatch_set() callbacks for kex. should
+     make rekeying easier.
+   - todd@cvs.openbsd.org 2001/04/03 21:19:38
+     [ssh_config]
+     id_rsa1/2 -> id_rsa; ok markus@
+   - markus@cvs.openbsd.org 2001/04/03 23:32:12
+     [kex.c kex.h packet.c sshconnect2.c sshd.c]
+     undo parts of recent my changes: main part of keyexchange does not
+     need dispatch-callbacks, since application data is delayed until
+     the keyexchange completes (if i understand the drafts correctly).
+     add some infrastructure for re-keying.
+   - markus@cvs.openbsd.org 2001/04/04 00:06:54
+     [clientloop.c sshconnect2.c]
+     enable client rekeying
+        (1) force rekeying with ~R, or
+        (2) if the server requests rekeying.
+     works against ssh-2.0.12/2.0.13/2.1.0/2.2.0/2.3.0/2.3.1/2.4.0
+ - (bal) Oops.. Missed including kexdh.c and kexgex.c in OpenBSD sync.
+
+20010403
+ - OpenBSD CVS Sync
+   - stevesk@cvs.openbsd.org 2001/04/02 14:15:31
+     [sshd.8]
+     typo; ok markus@
+   - stevesk@cvs.openbsd.org 2001/04/02 14:20:23
+     [readconf.c servconf.c]
+     correct comment; ok markus@
+ - (stevesk) nchan.c: remove ostate checks and add EINVAL to
+    shutdown(SHUT_RD) error() bypass for HP-UX.
+
+20010402
+ - (stevesk) log.c openbsd sync; missing newlines
+ - (stevesk) sshpty.h openbsd sync; PTY_H -> SSHPTY_H
+
+20010330
+ - (djm) Another openbsd-compat/glob.c sync
+ - (djm) OpenBSD CVS Sync
+   - provos@cvs.openbsd.org 2001/03/28 21:59:41
+     [kex.c kex.h sshconnect2.c sshd.c]
+     forgot to include min and max params in hash, okay markus@
+   - provos@cvs.openbsd.org 2001/03/28 22:04:57
+     [dh.c]
+     more sanity checking on primes file
+   - markus@cvs.openbsd.org 2001/03/28 22:43:31
+     [auth.h auth2.c auth2-chall.c]
+     check auth_root_allowed for kbd-int auth, too.
+   - provos@cvs.openbsd.org 2001/03/29 14:24:59
+     [sshconnect2.c]
+     use recommended defaults
+   - stevesk@cvs.openbsd.org 2001/03/29 21:06:21
+     [sshconnect2.c sshd.c]
+     need to set both STOC and CTOS for SSH_BUG_BIGENDIANAES; ok markus@
+   - markus@cvs.openbsd.org 2001/03/29 21:17:40
+     [dh.c dh.h kex.c kex.h]
+     prepare for rekeying: move DH code to dh.c
+   - djm@cvs.openbsd.org 2001/03/29 23:42:01
+     [sshd.c]
+     Protocol 1 key regeneration log => verbose, some KNF; ok markus@
+
+20010329
+ - OpenBSD CVS Sync
+   - stevesk@cvs.openbsd.org 2001/03/26 15:47:59
+     [ssh.1]
+     document more defaults; misc. cleanup.  ok markus@
+   - markus@cvs.openbsd.org 2001/03/26 23:12:42
+     [authfile.c]
+     KNF
+   - markus@cvs.openbsd.org 2001/03/26 23:23:24
+     [rsa.c rsa.h ssh-agent.c ssh-keygen.c]
+     try to read private f-secure ssh v2 rsa keys.
+   - markus@cvs.openbsd.org 2001/03/27 10:34:08
+     [ssh-rsa.c sshd.c]
+     use EVP_get_digestbynid, reorder some calls and fix missing free.
+   - markus@cvs.openbsd.org 2001/03/27 10:57:00
+     [compat.c compat.h ssh-rsa.c]
+     some older systems use NID_md5 instead of NID_sha1 for RSASSA-PKCS1-v1_5
+     signatures in SSH protocol 2, ok djm@
+   - provos@cvs.openbsd.org 2001/03/27 17:46:50
+     [compat.c compat.h dh.c dh.h ssh2.h sshconnect2.c sshd.c version.h]
+     make dh group exchange more flexible, allow min and max group size,
+     okay markus@, deraadt@
+   - stevesk@cvs.openbsd.org 2001/03/28 19:56:23
+     [scp.c]
+     start to sync scp closer to rcp; ok markus@
+   - stevesk@cvs.openbsd.org 2001/03/28 20:04:38
+     [scp.c]
+     usage more like rcp and add missing -B to usage; ok markus@
+   - markus@cvs.openbsd.org 2001/03/28 20:50:45
+     [sshd.c]
+     call refuse() before close(); from olemx@ans.pl
+
+20010328
+ - (djm) Reorder tests and library inclusion for Krb4/AFS to try to 
+   resolve linking conflicts with libcrypto. Report and suggested fix 
+   from Holger Trapp <Holger.Trapp@Informatik.TU-Chemnitz.DE>
+ - (djm) Work around Solaris' broken struct dirent. Diagnosis and suggested
+   fix from Philippe Levan <levan@epix.net>
+ - (djm) Rework krbIV tests to get us closer to building on Redhat. Still
+   doesn't work because of conflicts between krbIV's and OpenSSL's des.h
+ - (djm) Sync openbsd-compat/glob.c
+
+20010327
+ - Attempt sync with sshlogin.c w/ OpenBSD (mainly CVS ID)
+ - Fix pointer issues in waitpid() and wait() replaces.  Patch by Lutz 
+   Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
+ - OpenBSD CVS Sync
+   - djm@cvs.openbsd.org 2001/03/25 00:01:34
+     [session.c]
+     shorten; ok markus@
+   - stevesk@cvs.openbsd.org 2001/03/25 13:16:11
+     [servconf.c servconf.h session.c sshd.8 sshd_config]
+     PrintLastLog option; from chip@valinux.com with some minor
+     changes by me.  ok markus@
+   - markus@cvs.openbsd.org 2001/03/26 08:07:09
+     [authfile.c authfile.h ssh-add.c ssh-keygen.c ssh.c sshconnect.c 
+      sshconnect.h sshconnect1.c sshconnect2.c sshd.c]
+     simpler key load/save interface, see authfile.h
+ - (djm) Reestablish PAM credentials (which can be supplemental group 
+   memberships) after initgroups() blows them away. Report and suggested
+   fix from Nalin Dahyabhai <nalin@redhat.com>
+
+20010324
+ - Fixed permissions ssh-keyscan.  Thanks to Christopher Linn <celinn@mtu.edu>.
+ - OpenBSD CVS Sync
+   - djm@cvs.openbsd.org 2001/03/23 11:04:07
+     [compat.c compat.h sshconnect2.c sshd.c]
+     Compat for OpenSSH with broken Rijndael/AES. ok markus@
+   - markus@cvs.openbsd.org 2001/03/23 12:02:49
+     [auth1.c]
+     authctxt is now passed to do_authenticated
+   - markus@cvs.openbsd.org 2001/03/23 13:10:57
+     [sftp-int.c]
+     fix put, upload to _absolute_ path, ok djm@
+   - markus@cvs.openbsd.org 2001/03/23 14:28:32
+     [session.c sshd.c]
+     ignore SIGPIPE, restore in child, fixes x11-fwd crashes; with djm@
+ - (djm) Pull out our own SIGPIPE hacks
+
+20010323
+ - OpenBSD CVS Sync                             
+   - deraadt@cvs.openbsd.org 2001/03/22 20:22:55
+     [sshd.c]                                   
+     do not place linefeeds in buffer           
+
+20010322
+ - (djm) Better AIX no tty fix, spotted by Gert Doering <gert@greenie.muc.de>
+ - (bal) version.c CVS ID resync
+ - (bal) auth-chall.c auth-passwd.c auth.h auth1.c auth2.c session.c CVS ID
+   resync
+ - (bal) scp.c CVS ID resync
+ - OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/03/20 19:10:16
+     [readconf.c]
+     default to SSH protocol version 2
+   - markus@cvs.openbsd.org 2001/03/20 19:21:21
+     [session.c]
+     remove unused arg
+   - markus@cvs.openbsd.org 2001/03/20 19:21:21
+     [session.c]
+     remove unused arg
+   - markus@cvs.openbsd.org 2001/03/21 11:43:45
+     [auth1.c auth2.c session.c session.h]
+     merge common ssh v1/2 code
+   - jakob@cvs.openbsd.org 2001/03/21 14:20:45
+     [ssh-keygen.c]
+     add -B flag to usage
+   - markus@cvs.openbsd.org 2001/03/21 21:06:30
+     [session.c]
+     missing init; from mib@unimelb.edu.au
+
+20010321
+ - (djm) Fix ttyname breakage for AIX and Tru64. Patch from Steve 
+   VanDevender <stevev@darkwing.uoregon.edu>
+ - (djm) Make sure pam_retval is initialised on call to pam_end. Patch
+   from Solar Designer <solar@openwall.com>
+ - (djm) Don't loop forever when changing password via PAM. Patch
+   from Solar Designer <solar@openwall.com>
+ - (djm) Generate config files before build
+ - (djm) Correctly handle SIA and AIX when no tty present. Spotted and
+   suggested fix from Mike Battersby <mib@unimelb.edu.au>
+
+20010320
+ - (bal) glob.c update to added GLOB_LIMITS (OpenBSD CVS).
+ - (bal) glob.c update to set gl_pathv to NULL (OpenBSD CVS).
+ - (bal) Oops.  Missed globc.h change (OpenBSD CVS).
+ - (djm) OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/03/19 17:07:23
+     [auth.c readconf.c]
+     undo /etc/shell and proto 2,1 change for openssh-2.5.2
+   - markus@cvs.openbsd.org 2001/03/19 17:12:10
+     [version.h]
+     version 2.5.2
+ - (djm) Update RPM spec version
+ - (djm) Release 2.5.2p1
+- tim@mindrot.org 2001/03/19 18:33:47 [defines.h]
+  change S_ISLNK macro to work for UnixWare 2.03
+- tim@mindrot.org 2001/03/19 20:45:11 [openbsd-compat/glob.c]
+  add get_arg_max(). Use sysconf() if ARG_MAX is not defined
+
+20010319
+ - (djm) Seed PRNG at startup, rather than waiting for arc4random calls to 
+   do it implicitly.
+ - (djm) Add getusershell() functions from OpenBSD CVS
+ - OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/03/18 12:07:52
+     [auth-options.c]
+     ignore permitopen="host:port" if AllowTcpForwarding==no
+ - (djm) Make scp work on systems without 64-bit ints
+ - tim@mindrot.org 2001/03/18 18:28:39 [defines.h]
+   move HAVE_LONG_LONG_INT where it works
+ - (bal) Use 'NGROUPS' for NeXT Since 'MAX_NGROUPS' is wrapped up in -lposix
+   stuff.  Change suggested by Mark Miller <markm@swoon.net>
+ - (bal) Small fix to scp.  %lu vs %ld
+ - (bal) NeXTStep lacks S_ISLNK.  Plus split up S_IS* 
+ - (djm) OpenBSD CVS Sync
+   - djm@cvs.openbsd.org     2001/03/19 03:52:51
+     [sftp-client.c]
+     Report ssh connection closing correctly; ok deraadt@
+   - deraadt@cvs.openbsd.org 2001/03/18 23:30:55
+     [compat.c compat.h sshd.c]
+     specifically version match on ssh scanners.  do not log scan 
+     information to the console
+   - djm@cvs.openbsd.org      2001/03/19 12:10:17
+     [sshd.8]
+     Document permitopen authorized_keys option; ok markus@
+   - djm@cvs.openbsd.org     2001/03/19 05:49:52
+     [ssh.1]
+     document PreferredAuthentications option; ok markus@
+ - (bal) Minor NeXT fixed.  Forgot to #undef NGROUPS_MAX
+
+20010318
+ - (bal) Fixed scp type casing issue which causes "scp: protocol error: 
+   size not delimited" fatal errors when tranfering.
+ - OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/03/17 17:27:59
+     [auth.c]
+     check /etc/shells, too
+ - tim@mindrot.org 2001/03/17 18:45:25 [compat.c]
+     openbsd-compat/fake-regex.h
+
+20010317
+ - Support usrinfo() on AIX. Based on patch from Gert Doering 
+   <gert@greenie.muc.de>
+ - OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/03/15 15:05:59
+     [scp.c]
+     use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi
+   - markus@cvs.openbsd.org 2001/03/15 22:07:08
+     [session.c]
+     pass Session to do_child + KNF
+   - djm@cvs.openbsd.org 2001/03/16 08:16:18
+     [sftp-client.c sftp-client.h sftp-glob.c sftp-int.c]
+     Revise globbing for get/put to be more shell-like. In particular,
+     "get/put file* directory/" now works. ok markus@
+   - markus@cvs.openbsd.org 2001/03/16 09:55:53
+     [sftp-int.c]
+     fix memset and whitespace
+   - markus@cvs.openbsd.org 2001/03/16 13:44:24
+     [sftp-int.c]
+     discourage strcat/strcpy
+   - markus@cvs.openbsd.org 2001/03/16 19:06:30
+     [auth-options.c channels.c channels.h serverloop.c session.c]
+     implement "permitopen" key option, restricts -L style forwarding to
+     to specified host:port pairs. based on work by harlan@genua.de
+ - Check for gl_matchc support in glob_t and fall back to the 
+   openbsd-compat/glob.[ch] support if it does not exist.
+
+20010315
+ - OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/03/14 08:57:14
+     [sftp-client.c]
+     Wall
+   - markus@cvs.openbsd.org 2001/03/14 15:15:58
+     [sftp-int.c]
+     add version command
+   - deraadt@cvs.openbsd.org 2001/03/14 22:50:25
+     [sftp-server.c]
+     note no getopt()
+ - (stevesk) ssh-keyscan.c: specify "openbsd-compat/fake-queue.h"
+ - (bal) Cygwin README change by Corinna Vinschen <vinschen@redhat.com> 
+
+20010314
+ - OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/03/13 17:34:42
+     [auth-options.c]
+     missing xfree, deny key on parse error; ok stevesk@
+   - djm@cvs.openbsd.org 2001/03/13 22:42:54
+     [sftp-client.c sftp-client.h sftp-glob.c sftp-glob.h sftp-int.c]
+     sftp client filename globbing for get, put, ch{mod,grp,own}. ok markus@
+ - (bal) Fix strerror() in bsd-misc.c
+ - (djm) Add replacement glob() from OpenBSD libc if the system glob is
+   missing or lacks the GLOB_ALTDIRFUNC extension
+ - (djm) Remove -I$(srcdir)/openbsd-compat from CFLAGS, refer to headers 
+   relatively. Avoids conflict between glob.h and /usr/include/glob.h
+
+20010313
+ - OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/03/12 22:02:02
+     [key.c key.h ssh-add.c ssh-keygen.c sshconnect.c sshconnect2.c]
+     remove old key_fingerprint interface, s/_ex//
+
+20010312
+ - OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/03/11 13:25:36
+     [auth2.c key.c]
+     debug
+   - jakob@cvs.openbsd.org 2001/03/11 15:03:16
+     [key.c key.h]
+     add improved fingerprint functions. based on work by Carsten
+     Raskgaard <cara@int.tele.dk> and modified by me. ok markus@.
+   - jakob@cvs.openbsd.org 2001/03/11 15:04:16
+     [ssh-keygen.1 ssh-keygen.c]
+     print both md5, sha1 and bubblebabble fingerprints when using
+     ssh-keygen -l -v. ok markus@.
+   - jakob@cvs.openbsd.org 2001/03/11 15:13:09
+     [key.c]
+     cleanup & shorten some var names key_fingerprint_bubblebabble.
+   - deraadt@cvs.openbsd.org 2001/03/11 16:39:03
+     [ssh-keygen.c]
+     KNF, and SHA1 binary output is just creeping featurism
+ - tim@mindrot.org 2001/03/11 17:29:32 [configure.in]
+   test if snprintf() supports %ll
+   add /dev to search path for PRNGD/EGD socket
+   fix my mistake in USER_PATH test program
+ - OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/03/11 18:29:51
+     [key.c]
+     style+cleanup
+   - markus@cvs.openbsd.org 2001/03/11 22:33:24
+     [ssh-keygen.1 ssh-keygen.c]
+     remove -v again. use -B instead for bubblebabble. make -B consistent
+     with -l and make -B work with /path/to/known_hosts. ok deraadt@
+ - (djm) Bump portable version number for generating test RPMs
+ - (djm) Add "static_openssl" RPM build option, remove rsh build dependency
+ - (bal) Reorder includes in Makefile. 
+
+20010311
+ - OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/03/10 12:48:27
+     [sshconnect2.c]
+     ignore nonexisting private keys; report rjmooney@mediaone.net
+   - deraadt@cvs.openbsd.org 2001/03/10 12:53:51
+     [readconf.c ssh_config]
+     default to SSH2, now that m68k runs fast
+   - stevesk@cvs.openbsd.org 2001/03/10 15:02:05
+     [ttymodes.c ttymodes.h]
+     remove unused sgtty macros; ok markus@
+   - deraadt@cvs.openbsd.org 2001/03/10 15:31:00
+     [compat.c compat.h sshconnect.c]
+     all known netscreen ssh versions, and older versions of OSU ssh cannot
+     handle password padding (newer OSU is fixed)
+ - tim@mindrot.org 2001/03/10 16:33:42 [configure.in Makefile.in sshd_config]
+   make sure $bindir is in USER_PATH so scp will work
+ - OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/03/10 17:51:04
+     [kex.c match.c match.h readconf.c readconf.h sshconnect2.c]
+     add PreferredAuthentications
+
+20010310
+ - OpenBSD CVS Sync
+   - deraadt@cvs.openbsd.org 2001/03/09 03:14:39
+     [ssh-keygen.c]
+     create *.pub files with umask 0644, so that you can mv them to 
+     authorized_keys
+   - deraadt@cvs.openbsd.org 2001/03/09 12:30:29
+     [sshd.c]
+     typo; slade@shore.net
+ - Removed log.o from sftp client.  Not needed.
+
+20010309
+ - OpenBSD CVS Sync
+   - stevesk@cvs.openbsd.org 2001/03/08 18:47:12
+     [auth1.c]
+     unused; ok markus@
+   - stevesk@cvs.openbsd.org 2001/03/08 20:44:48
+     [sftp.1]
+     spelling, cleanup; ok deraadt@
+   - markus@cvs.openbsd.org 2001/03/08 21:42:33
+     [compat.c compat.h readconf.h ssh.c sshconnect1.c sshconnect2.c]
+     implement client side of SSH2_MSG_USERAUTH_PK_OK (test public key ->
+     no need to do enter passphrase or do expensive sign operations if the
+     server does not accept key).
+
+20010308
+ - OpenBSD CVS Sync
+   - djm@cvs.openbsd.org 2001/03/07 10:11:23
+     [sftp-client.c sftp-client.h sftp-int.c sftp-server.c sftp.1 sftp.c sftp.h]
+     Support for new draft (draft-ietf-secsh-filexfer-01). New symlink handling
+     functions and small protocol change.
+   - markus@cvs.openbsd.org 2001/03/08 00:15:48
+     [readconf.c ssh.1]
+     turn off useprivilegedports by default. only rhost-auth needs
+     this. older sshd's may need this, too.
+ - (stevesk) Reliant Unix (SNI) needs HAVE_BOGUS_SYS_QUEUE_H;
+   Dirk Markwardt <D.Markwardt@tu-bs.de>
+
+20010307
+ - (bal) OpenBSD CVS Sync
+   - deraadt@cvs.openbsd.org 2001/03/06 06:11:18
+     [ssh-keyscan.c]
+     appease gcc
+   - deraadt@cvs.openbsd.org 2001/03/06 06:11:44
+     [sftp-int.c sftp.1 sftp.c]
+     sftp -b batchfile; mouring@etoh.eviladmin.org
+   - deraadt@cvs.openbsd.org 2001/03/06 15:10:42
+     [sftp.1]
+     order things
+   - deraadt@cvs.openbsd.org 2001/03/07 01:19:06
+     [ssh.1 sshd.8]
+     the name "secure shell" is boring, noone ever uses it
+   - deraadt@cvs.openbsd.org 2001/03/07 04:05:58
+     [ssh.1]
+     removed dated comment
+ - Cygwin contrib improvements from Corinna Vinschen <vinschen@redhat.com>
+
+20010306
+ - (bal) OpenBSD CVS Sync
+   - deraadt@cvs.openbsd.org 2001/03/05 14:28:47
+     [sshd.8]
+     alpha order; jcs@rt.fm
+   - stevesk@cvs.openbsd.org 2001/03/05 15:44:51
+     [servconf.c]
+     sync error message; ok markus@
+   - deraadt@cvs.openbsd.org 2001/03/05 15:56:16
+     [myproposal.h ssh.1]
+     switch to aes128-cbc/hmac-md5 by default in SSH2 -- faster;
+     provos & markus ok
+   - deraadt@cvs.openbsd.org 2001/03/05 16:07:15
+     [sshd.8]
+     detail default hmac setup too
+   - markus@cvs.openbsd.org 2001/03/05 17:17:21
+     [kex.c kex.h sshconnect2.c sshd.c]
+     generate a 2*need size (~300 instead of 1024/2048) random private
+     exponent during the DH key agreement. according to Niels (the great
+     german advisor) this is safe since /etc/primes contains strong
+     primes only.
+
+     References:
+             P. C. van Oorschot and M. J. Wiener, On Diffie-Hellman key
+             agreement with short exponents, In Advances in Cryptology
+             - EUROCRYPT'96, LNCS 1070, Springer-Verlag, 1996, pp.332-343.
+   - stevesk@cvs.openbsd.org 2001/03/05 17:40:48
+     [ssh.1]
+     more ssh_known_hosts2 documentation; ok markus@
+   - stevesk@cvs.openbsd.org 2001/03/05 17:58:22
+     [dh.c]
+     spelling
+   - deraadt@cvs.openbsd.org 2001/03/06 00:33:04
+     [authfd.c cli.c ssh-agent.c]
+     EINTR/EAGAIN handling is required in more cases
+   - millert@cvs.openbsd.org 2001/03/06 01:06:03
+     [ssh-keyscan.c]
+     Don't assume we wil get the version string all in one read().
+     deraadt@ OK'd
+   - millert@cvs.openbsd.org 2001/03/06 01:08:27
+     [clientloop.c]
+     If read() fails with EINTR deal with it the same way we treat EAGAIN
+
+20010305
+ - (bal) CVS ID touch up on sshpty.[ch] and sshlogin.[ch]
+ - (bal) CVS ID touch up on sftp-int.c 
+ - (bal) CVS ID touch up on uuencode.c
+ - (bal) CVS ID touch up on auth2.c, serverloop.c, session.c & sshd.c
+ - (bal) OpenBSD CVS Sync
+   - deraadt@cvs.openbsd.org 2001/02/17 23:48:48
+     [sshd.8]
+     it's the OpenSSH one
+   - deraadt@cvs.openbsd.org 2001/02/21 07:37:04
+     [ssh-keyscan.c]
+     inline -> __inline__, and some indent
+   - deraadt@cvs.openbsd.org 2001/02/21 09:05:54
+     [authfile.c]
+     improve fd handling
+   - deraadt@cvs.openbsd.org 2001/02/21 09:12:56
+     [sftp-server.c]
+     careful with & and &&; markus ok
+   - stevesk@cvs.openbsd.org 2001/02/21 21:14:04
+     [ssh.c]
+     -i supports DSA identities now; ok markus@
+   - deraadt@cvs.openbsd.org 2001/02/22 04:29:37
+     [servconf.c]
+     grammar; slade@shore.net
+   - deraadt@cvs.openbsd.org 2001/02/22 06:43:55
+     [ssh-keygen.1 ssh-keygen.c]
+     document -d, and -t defaults to rsa1
+   - deraadt@cvs.openbsd.org 2001/02/22 08:03:51
+     [ssh-keygen.1 ssh-keygen.c]
+     bye bye -d
+   - deraadt@cvs.openbsd.org 2001/02/22 18:09:06
+     [sshd_config]
+     activate RSA 2 key
+   - markus@cvs.openbsd.org 2001/02/22 21:57:27
+     [ssh.1 sshd.8]
+     typos/grammar from matt@anzen.com
+   - markus@cvs.openbsd.org 2001/02/22 21:59:44
+     [auth.c auth.h auth1.c auth2.c misc.c misc.h ssh.c]
+     use pwcopy in ssh.c, too
+   - markus@cvs.openbsd.org 2001/02/23 15:34:53
+     [serverloop.c]
+     debug2->3
+   - markus@cvs.openbsd.org 2001/02/23 18:15:13
+     [sshd.c]
+     the random session key depends now on the session_key_int
+     sent by the 'attacker'
+             dig1 = md5(cookie|session_key_int);
+             dig2 = md5(dig1|cookie|session_key_int);
+             fake_session_key = dig1|dig2;
+     this change is caused by a mail from anakin@pobox.com
+     patch based on discussions with my german advisor niels@openbsd.org
+   - deraadt@cvs.openbsd.org 2001/02/24 10:37:55
+     [readconf.c]
+     look for id_rsa by default, before id_dsa
+   - deraadt@cvs.openbsd.org 2001/02/24 10:37:26
+     [sshd_config]
+     ssh2 rsa key before dsa key
+   - markus@cvs.openbsd.org 2001/02/27 10:35:27
+     [packet.c]
+     fix random padding
+   - markus@cvs.openbsd.org 2001/02/27 11:00:11
+     [compat.c]
+     support SSH-2.0-2.1 ; from Christophe_Moret@hp.com
+   - deraadt@cvs.openbsd.org 2001/02/28 05:34:28
+     [misc.c]
+     pull in protos
+   - deraadt@cvs.openbsd.org 2001/02/28 05:36:28
+     [sftp.c]
+     do not kill the subprocess on termination (we will see if this helps
+     things or hurts things)
+   - markus@cvs.openbsd.org 2001/02/28 08:45:39
+     [clientloop.c]
+     fix byte counts for ssh protocol v1
+   - markus@cvs.openbsd.org 2001/02/28 08:54:55
+     [channels.c nchan.c nchan.h]
+     make sure remote stderr does not get truncated.
+     remove closed fd's from the select mask.
+   - markus@cvs.openbsd.org 2001/02/28 09:57:07
+     [packet.c packet.h sshconnect2.c]
+     in ssh protocol v2 use ignore messages for padding (instead of
+     trailing \0).
+   - markus@cvs.openbsd.org 2001/02/28 12:55:07
+     [channels.c]
+     unify debug messages
+   - deraadt@cvs.openbsd.org 2001/02/28 17:52:54
+     [misc.c]
+     for completeness, copy pw_gecos too
+   - markus@cvs.openbsd.org 2001/02/28 21:21:41
+     [sshd.c]
+     generate a fake session id, too
+   - markus@cvs.openbsd.org 2001/02/28 21:27:48
+     [channels.c packet.c packet.h serverloop.c]
+     use ignore message to simulate a SSH2_MSG_CHANNEL_DATA message
+     use random content in ignore messages.
+   - markus@cvs.openbsd.org 2001/02/28 21:31:32
+     [channels.c]
+     typo
+   - deraadt@cvs.openbsd.org 2001/03/01 02:11:25
+     [authfd.c]
+     split line so that p will have an easier time next time around
+   - deraadt@cvs.openbsd.org 2001/03/01 02:29:04
+     [ssh.c]
+     shorten usage by a line
+   - deraadt@cvs.openbsd.org 2001/03/01 02:45:10
+     [auth-rsa.c auth2.c deattack.c packet.c]
+     KNF
+   - deraadt@cvs.openbsd.org 2001/03/01 03:38:33
+     [cli.c cli.h rijndael.h ssh-keyscan.1]
+     copyright notices on all source files
+   - markus@cvs.openbsd.org 2001/03/01 22:46:37
+     [ssh.c]
+     don't truncate remote ssh-2 commands; from mkubita@securities.cz
+     use min, not max for logging, fixes overflow.
+   - deraadt@cvs.openbsd.org 2001/03/02 06:21:01
+     [sshd.8]
+     explain SIGHUP better
+   - deraadt@cvs.openbsd.org 2001/03/02 09:42:49
+     [sshd.8]
+     doc the dsa/rsa key pair files
+   - deraadt@cvs.openbsd.org 2001/03/02 18:54:31
+     [atomicio.c atomicio.h auth-chall.c auth.c auth2-chall.c crc32.h
+      scp.c serverloop.c session.c sftp-server.8 sftp.1 ssh-add.1 ssh-add.c
+      ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh.1 sshd.8]
+     make copyright lines the same format
+   - deraadt@cvs.openbsd.org 2001/03/03 06:53:12
+     [ssh-keyscan.c]
+     standard theo sweep
+   - millert@cvs.openbsd.org 2001/03/03 21:19:41
+     [ssh-keyscan.c]
+     Dynamically allocate read_wait and its copies.  Since maxfd is
+     based on resource limits it is often (usually?) larger than FD_SETSIZE.
+   - millert@cvs.openbsd.org 2001/03/03 21:40:30
+     [sftp-server.c]
+     Dynamically allocate fd_set; deraadt@ OK
+   - millert@cvs.openbsd.org 2001/03/03 21:41:07
+     [packet.c]
+     Dynamically allocate fd_set; deraadt@ OK
+   - deraadt@cvs.openbsd.org 2001/03/03 22:07:50
+     [sftp-server.c]
+     KNF
+   - markus@cvs.openbsd.org 2001/03/03 23:52:22
+     [sftp.c]
+     clean up arg processing. based on work by Christophe_Moret@hp.com
+   - markus@cvs.openbsd.org 2001/03/03 23:59:34
+     [log.c ssh.c]
+     log*.c -> log.c
+   - markus@cvs.openbsd.org 2001/03/04 00:03:59
+     [channels.c]
+     debug1->2
+   - stevesk@cvs.openbsd.org 2001/03/04 10:57:53
+     [ssh.c]
+     add -m to usage; ok markus@
+   - stevesk@cvs.openbsd.org 2001/03/04 11:04:41
+     [sshd.8]
+     small cleanup and clarify for PermitRootLogin; ok markus@
+   - stevesk@cvs.openbsd.org 2001/03/04 11:16:06
+     [servconf.c sshd.8]
+     kill obsolete RandomSeed; ok markus@ deraadt@
+   - stevesk@cvs.openbsd.org 2001/03/04 12:54:04
+     [sshd.8]
+     spelling
+   - millert@cvs.openbsd.org 2001/03/04 17:42:28
+     [authfd.c channels.c dh.c log.c readconf.c servconf.c sftp-int.c
+      ssh.c sshconnect.c sshd.c]
+     log functions should not be passed strings that end in newline as they
+     get passed on to syslog() and when logging to stderr, do_log() appends
+     its own newline.
+   - deraadt@cvs.openbsd.org 2001/03/04 18:21:28
+     [sshd.8]
+     list SSH2 ciphers
+ - (bal) Put HAVE_PW_CLASS_IN_PASSWD back into pwcopy()
+ - (bal) Fix up logging since it changed.  removed log-*.c
+ - (djm) Fix up LOG_AUTHPRIV for systems that have it
+ - (stevesk) OpenBSD sync:
+   - deraadt@cvs.openbsd.org 2001/03/05 08:37:27
+     [ssh-keyscan.c]
+     skip inlining, why bother
+ - (stevesk) sftp.c: handle __progname
+
+20010304
+ - (bal) Remove make-ssh-known-hosts.1 since it's no longer valid.
+ - (bal) Updated contrib/README to remove 'make-ssh-known-hosts' and
+   give Mark Roth credit for mdoc2man.pl
+
+20010303
+ - (djm) Remove make-ssh-known-hosts.pl, ssh-keyscan is better.
+ - (djm) Document PAM ChallengeResponseAuthentication in sshd.8
+ - (djm) Disable and comment ChallengeResponseAuthentication in sshd_config
+ - (djm) Allow PRNGd entropy collection from localhost TCP socket. Replace
+   "--with-egd-pool" configure option with "--with-prngd-socket" and 
+   "--with-prngd-port" options. Debugged and improved by Lutz Jaenicke
+   <Lutz.Jaenicke@aet.TU-Cottbus.DE>
+
+20010301
+ - (djm) Properly add -lcrypt if needed. 
+ - (djm) Force standard PAM conversation function in a few more places.
+   Patch from Redhat 2.5.1p1-2 RPM, probably Nalin Dahyabhai 
+   <nalin@redhat.com>
+ - (djm) Cygwin needs pw->pw_gecos copied too. Patch from Corinna Vinschen 
+   <vinschen@redhat.com>
+ - (djm) Released 2.5.1p2
+
+20010228
+ - (djm) Detect endianness in configure and use it in rijndael.c. Fixes
+   "Bad packet length" bugs.
+ - (djm) Fully revert PAM session patch (again). All PAM session init is 
+   now done before the final fork().
+ - (djm) EGD detection patch from Tim Rice <tim@multitalents.net>
+ - (djm) Remove /tmp from EGD socket search list
+
+20010227
+ - (bal) Applied shutdown() patch for sftp.c by  Corinna Vinschen 
+   <vinschen@redhat.com>
+ - (bal) OpenBSD Sync
+   - markus@cvs.openbsd.org 2001/02/23 15:37:45
+     [session.c]
+     handle SSH_PROTOFLAG_SCREEN_NUMBER for buggy clients
+ - (bal) sshd.init support for all Redhat release.  Patch by Jim Knoble 
+   <jmknoble@jmknoble.cx>
+ - (djm) Fix up POSIX saved uid support. Report from Mark Miller 
+   <markm@swoon.net>
+ - (djm) Search for -lcrypt on FreeBSD too
+ - (djm) fatal() on OpenSSL version mismatch
+ - (djm) Move PAM init to after fork for non-Solaris derived PAMs
+ - (djm) Warning fix on entropy.c saved uid stuff. Patch from Mark Miller
+   <markm@swoon.net>
+ - (djm) Fix PAM fix
+ - (djm) Remove 'noreplace' flag from sshd_config in RPM spec files. This
+   change is being made as 2.5.x configfiles are not back-compatible with
+   2.3.x.
+ - (djm) Avoid warnings for missing broken IP_TOS. Patch from Mark Miller
+   <markm@swoon.net>
+ - (djm) Open Server 5 doesn't need BROKEN_SAVED_UIDS. Patch from Tim Rice 
+   <tim@multitalents.net>
+ - (djm) Avoid multiple definition of _PATH_LS. Patch from Tim Rice 
+   <tim@multitalents.net>
+
+20010226
+ - (bal) Fixed bsd-snprinf.c so it now honors 'BROKEN_SNPRINTF' again.
+ - (djm) Some systems (SCO3, NeXT) have weird saved uid semantics. 
+   Based on patch from Tim Rice <tim@multitalents.net>
+
+20010225
+ - (djm) Use %{_libexecdir} rather than hardcoded path in RPM specfile
+   Patch from Adrian Ho <lexfiend@usa.net>
+ - (bal) Replace 'unsigned long long' to 'u_int64_t' since not every
+   platform defines u_int64_t as being that.
+
+20010224
+ - (bal) Missed part of the UNIX sockets patch.  Patch by Corinna 
+   Vinschen <vinschen@redhat.com>
+ - (bal) Reorder where 'strftime' is detected to resolve linking
+   issues on SCO.  Patch by Tim Rice <tim@multitalents.net>
+
+20010224
+ - (bal) pam_stack fix to correctly detect between RH7 and older RHs.
+   Patch by Pekka Savola <pekkas@netcore.fi>
+ - (bal) Renamed sigaction.[ch] to sigact.[ch].  Causes problems with
+   some platforms.
+ - (bal) Generalize lack of UNIX sockets since this also effects Cray
+   not just Cygwin.  Based on patch by Wendy Palm <wendyp@cray.com>
+
+20010223
+ - (bal) Fix --define rh7 in openssh.spec file.  Patch by Steve Tell
+   <tell@telltronics.org>
+ - (bal) Patch to force OpenSSH rpm to require the same version of OpenSSL
+   that it was compiled against.  Patch by Pekka Savola <pekkas@netcore.fi>
+ - (bal) Double -I for OpenSSL on SCO.  Patch by Tim Rice 
+   <tim@multitalents.net>
+
+20010222                                                             
+ - (bal) Corrected SCO luid patch by svaughan <svaughan@asterion.com>
+ - (bal) Added mdoc2man.pl from Mark Roth <roth@feep.net>
+ - (bal) Removed reference to liblogin from contrib/README.  It was
+   integrated into OpenSSH a long while ago.
+ - (stevesk) remove erroneous #ifdef sgi code.
+   Michael Stone <mstone@cs.loyola.edu>
+
+20010221
+ - (bal) Removed -L/usr/ucblib -R/usr/ucblib for Solaris platform.
+ - (bal) Fixed OpenSSL rework to use $saved_*.  Patch by Tim Rice 
+   <tim@multitalents.net>
+ - (bal) Reverted out of 2001/02/15 patch by djm below because it
+   breaks Solaris.
+        - (djm) Move PAM session setup back to before setuid to user.
+          fixes problems on Solaris-drived PAMs.
+ - (stevesk) session.c: back out to where we were before:
+    - (djm) Move PAM session initialisation until after fork in sshd. Patch 
+      from Nalin Dahyabhai <nalin@redhat.com>
+
+20010220
+ - (bal) Fix mixed up params to memmove() from Jan 5th in setenv.c and
+   getcwd.c.
+ - (bal) OpenBSD CVS Sync:
+   - deraadt@cvs.openbsd.org 2001/02/19 23:09:05
+     [sshd.c]
+     clarify message to make it not mention "ident"
+
+20010219
+ - (bal) Markus' blessing to rename login.[ch] -> sshlogin.[ch] and
+   pty.[ch] -> sshpty.[ch]
+ - (djm) Rework search for OpenSSL location. Skip directories which don't
+   exist, don't add -L$ssldir/lib if it doesn't exist. Should help SCO
+   with its limit of 6 -L options.
+ - OpenBSD CVS Sync:
+   - reinhard@cvs.openbsd.org        2001/02/17 08:24:40
+     [sftp.1]
+     typo
+   - deraadt@cvs.openbsd.org 2001/02/17 16:28:58
+     [ssh.c]
+     cleanup -V output; noted by millert
+   - deraadt@cvs.openbsd.org 2001/02/17 16:48:48
+     [sshd.8]
+     it's the OpenSSH one
+   - markus@cvs.openbsd.org  2001/02/18 11:33:54
+     [dispatch.c]
+     typo, SSH2_MSG_KEXINIT, from aspa@kronodoc.fi
+   - markus@cvs.openbsd.org  2001/02/19 02:53:32
+     [compat.c compat.h serverloop.c]
+     ssh-1.2.{18-22} has broken handling of ignore messages; report from
+     itojun@
+   - markus@cvs.openbsd.org  2001/02/19 03:35:23
+     [version.h]
+     OpenSSH_2.5.1 adds bug compat with 1.2.{18-22}
+   - deraadt@cvs.openbsd.org 2001/02/19 03:36:25
+     [scp.c]
+     np is changed by recursion; vinschen@redhat.com
+ - Update versions in RPM spec files
+ - Release 2.5.1p1
+
+20010218
+ - (bal) Patch for fix FCHMOD reference in ftp-client.c by Tim Rice 
+   <tim@multitalents.net> 
+ - (Bal) Patch for lack of RA_RESTART in misc.c for mysignal by
+   stevesk
+ - (djm) Fix my breaking of cygwin builds, Patch from Corinna Vinschen 
+   <vinschen@redhat.com> and myself.
+ - (djm) Close listen_sock on bind() failures. Patch from Arkadiusz
+   Miskiewicz <misiek@pld.ORG.PL>
+ - (djm) Robustify EGD/PRNGd code in face of socket closures. Patch from
+   Todd C. Miller <Todd.Miller@courtesan.com>
+ - (djm) Use ttyname() to determine name of tty returned by openpty() 
+   rather then risking overflow. Patch from Marek Michalkiewicz 
+   <marekm@amelek.gda.pl>
+ - (djm) Swapped tests for no_libsocket and no_libnsl in configure.in. 
+   Patch from Marek Michalkiewicz <marekm@amelek.gda.pl>
+ - (djm) Doc fixes from Pekka Savola <pekkas@netcore.fi>
+ - (djm) Use SA_INTERRUPT along SA_RESTART if present (equivalent for 
+   SunOS)
+ - (djm) SCO needs librpc for libwrap. Patch from Tim Rice 
+   <tim@multitalents.net>
+ - (stevesk) misc.c: cpp rework of SA_(INTERRUPT|RESTART) handling.
+ - (stevesk) scp.c: use mysignal() for updateprogressmeter() handler.
+ - (djm) SA_INTERRUPT is the converse of SA_RESTART, apply it only for 
+   SIGALRM.
+ - (djm) Move entropy.c over to mysignal()
+ - (djm) SunOS 4.x also needs to define HAVE_BOGUS_SYS_QUEUE_H as it has 
+   a <sys/queue.h> that lacks the TAILQ_* macros. Patch from Todd C. 
+   Miller <Todd.Miller@courtesan.com>
+ - (djm) Update RPM spec files for 2.5.0p1
+ - (djm) Merge BSD_AUTH support from Markus Friedl and David J. MacKenzie
+   enable with --with-bsd-auth.
+ - (stevesk) entropy.c: typo; should be SIGPIPE
+
+20010217
+ - (bal) OpenBSD Sync:
+   - markus@cvs.openbsd.org 2001/02/16 13:38:18
+     [channel.c]                               
+     remove debug                              
+   - markus@cvs.openbsd.org 2001/02/16 14:03:43
+     [session.c]
+     proper payload-length check for x11 w/o screen-number
+
+20010216
+ - (bal) added '--with-prce'  to allow overriding of system regex when
+   required (tested by David Dulek <ddulek@fastenal.com>)
+ - (bal) Added DG/UX case and set that they have a broken IPTOS.
+ - (djm) Mini-configure reorder patch from Tim Rice <tim@multitalents.net>
+   Fixes linking on SCO.
+ - (djm) Make gnome-ssh-askpass handle multi-line prompts. Patch from 
+   Nalin Dahyabhai <nalin@redhat.com>
+ - (djm) BSD license for gnome-ssh-askpass (was X11)
+ - (djm) KNF on gnome-ssh-askpass
+ - (djm) USE_PIPES for a few more sysv platforms
+ - (djm) Cleanup configure.in a little
+ - (djm) Ask users to check config.log when we can't find necessary libs
+ - (djm) Set "login ID" on systems with setluid. Only enabled for SCO
+   OpenServer for now. Based on patch from svaughan <svaughan@asterion.com>
+ - (djm) OpenBSD CVS:
+   - markus@cvs.openbsd.org  2001/02/15 16:19:59
+     [channels.c channels.h serverloop.c sshconnect.c sshconnect.h]
+     [sshconnect1.c sshconnect2.c]
+     genericize password padding function for SSH1 and SSH2.
+     add stylized echo to 2, too.
+ - (djm) Add roundup() macro to defines.h
+ - (stevesk) set SA_RESTART flag in mysignal() for SIGCHLD;
+   needed on Unixware 2.x.
+
+20010215
+ - (djm) Move PAM session setup back to before setuid to user. Fixes 
+   problems on Solaris-derived PAMs.
+ - (djm) Clean up PAM namespace. Suggested by Darren Moffat
+   <Darren.Moffat@eng.sun.com>
+ - (bal) Sync w/ OpenSSH for new release
+   - markus@cvs.openbsd.org 2001/02/12 12:45:06
+     [sshconnect1.c]
+     fix xmalloc(0), ok dugsong@
+   - markus@cvs.openbsd.org 2001/02/11 12:59:25
+     [Makefile.in sshd.8 sshconnect2.c readconf.h readconf.c packet.c
+      sshd.c ssh.c ssh.1 servconf.h servconf.c myproposal.h kex.h kex.c]
+     1) clean up the MAC support for SSH-2
+     2) allow you to specify the MAC with 'ssh -m'
+     3) or the 'MACs' keyword in ssh(d)_config
+     4) add hmac-{md5,sha1}-96
+             ok stevesk@, provos@
+   - markus@cvs.openbsd.org 2001/02/12 16:16:23
+     [auth-passwd.c auth.c auth.h auth1.c auth2.c servconf.c servconf.h
+      ssh-keygen.c sshd.8]
+     PermitRootLogin={yes,without-password,forced-commands-only,no}
+     (before this change, root could login even if PermitRootLogin==no)
+   - deraadt@cvs.openbsd.org 2001/02/12 22:56:09
+     [clientloop.c packet.c ssh-keyscan.c]
+     deal with EAGAIN/EINTR selects which were skipped
+   - markus@cvs.openssh.org 2001/02/13 22:49:40
+     [auth1.c auth2.c]
+     setproctitle(user) only if getpwnam succeeds
+   - markus@cvs.openbsd.org 2001/02/12 23:26:20
+     [sshd.c]
+     missing memset; from solar@openwall.com
+   - stevesk@cvs.openbsd.org 2001/02/12 20:53:33
+     [sftp-int.c]
+     lumask now works with 1 numeric arg; ok markus@, djm@
+   - djm@cvs.openbsd.org 2001/02/14 9:46:03
+     [sftp-client.c sftp-int.c sftp.1]
+     Fix and document 'preserve modes & times' option ('-p' flag in sftp);
+     ok markus@
+ - (bal) replaced PATH_MAX in sftp-int.c w/ MAXPATHLEN.
+ - (djm) Move to Jim's 1.2.0 X11 askpass program
+ - (stevesk) OpenBSD sync:
+   - deraadt@cvs.openbsd.org 2001/02/15 01:38:04
+     [serverloop.c]
+     indent
+
+20010214
+ - (djm) Don't try to close PAM session or delete credentials if the
+   session has not been open or credentials not set. Based on patch from 
+   Andrew Bartlett <abartlet@pcug.org.au>
+ - (djm) Move PAM session initialisation until after fork in sshd. Patch 
+   from Nalin Dahyabhai <nalin@redhat.com>
+ - (bal) Missing function prototype in bsd-snprintf.c patch by
+   Mark Miller <markm@swoon.net>
+ - (djm) Split out and improve OSF SIA auth code. Patch from Chris Adams
+   <cmadams@hiwaay.net> with a little modification and KNF.
+ - (stevesk) fix for SIA patch, misplaced session_setup_sia()
+
+20010213
+ - (djm) Only test -S potential EGD sockets if they exist and are readable.
+ - (bal) Cleaned out bsd-snprintf.c.  VARARGS have been banished and
+   I did a base KNF over the whe whole file to make it more acceptable.
+   (backed out of original patch and removed it from ChangeLog)
+ - (bal) Use chown() if fchown() does not exist in ftp-server.c patch by
+   Tim Rice <tim@multitalents.net>
+ - (stevesk) auth1.c: fix PAM passwordless check.
+
+20010212
+ - (djm) Update Redhat specfile to allow --define "skip_x11_askpass 1", 
+   --define "skip_gnome_askpass 1", --define "rh7 1" and make the 
+   implicit rpm-3.0.5 dependancy explicit. Patch and suggestions from 
+   Pekka Savola <pekkas@netcore.fi>
+ - (djm) Clean up PCRE text in INSTALL
+ - (djm) Fix OSF SIA auth NULL pointer deref. Report from Mike Battersby 
+   <mib@unimelb.edu.au>
+ - (bal) NCR SVR4 compatiblity provide by Don Bragg <thewizarddon@yahoo.com>
+ - (stevesk) session.c: remove debugging code.
+
+20010211
+ - (bal) OpenBSD Sync
+   - markus@cvs.openbsd.org 2001/02/07 22:35:46
+     [auth1.c auth2.c sshd.c]
+     move k_setpag() to a central place; ok dugsong@
+   - markus@cvs.openbsd.org 2001/02/10 12:52:02
+     [auth2.c]
+     offer passwd before s/key
+   - markus@cvs.openbsd.org 2001/02/8 22:37:10
+     [canohost.c]
+     remove last call to sprintf; ok deraadt@
+   - markus@cvs.openbsd.org 2001/02/10 1:33:32
+     [canohost.c]
+     add debug message, since sshd blocks here if DNS is not available
+   - markus@cvs.openbsd.org 2001/02/10 12:44:02
+     [cli.c]
+     don't call vis() for \r
+   - danh@cvs.openbsd.org 2001/02/10 0:12:43
+     [scp.c]
+     revert a small change to allow -r option to work again; ok deraadt@
+   - danh@cvs.openbsd.org 2001/02/10 15:14:11
+     [scp.c]
+     fix memory leak; ok markus@
+   - djm@cvs.openbsd.org 2001/02/10 0:45:52
+     [scp.1]
+     Mention that you can quote pathnames with spaces in them
+   - markus@cvs.openbsd.org 2001/02/10 1:46:28
+     [ssh.c]
+     remove mapping of argv[0] -> hostname
+   - markus@cvs.openbsd.org 2001/02/06 22:26:17
+     [sshconnect2.c]
+     do not ask for passphrase in batch mode; report from ejb@ql.org
+   - itojun@cvs.opebsd.org 2001/02/08 10:47:05
+     [sshconnect.c sshconnect1.c sshconnect2.c]
+     %.30s is too short for IPv6 numeric address.  use %.128s for now.  
+     markus ok
+   - markus@cvs.openbsd.org 2001/02/09 12:28:35
+     [sshconnect2.c]
+     do not free twice, thanks to /etc/malloc.conf
+   - markus@cvs.openbsd.org 2001/02/09 17:10:53
+     [sshconnect2.c]
+     partial success: debug->log; "Permission denied" if no more auth methods
+   - markus@cvs.openbsd.org 2001/02/10 12:09:21
+     [sshconnect2.c]
+     remove some lines
+   - markus@cvs.openbsd.org 2001/02/09 13:38:07
+     [auth-options.c]
+     reset options if no option is given; from han.holl@prismant.nl
+   - markus@cvs.openbsd.org 2001/02/08 21:58:28
+     [channels.c]
+     nuke sprintf, ok deraadt@
+   - markus@cvs.openbsd.org 2001/02/08 21:58:28
+     [channels.c]
+     nuke sprintf, ok deraadt@
+   - markus@cvs.openbsd.org 2001/02/06 22:43:02
+     [clientloop.h]
+     remove confusing callback code
+   - deraadt@cvs.openbsd.org 2001/02/08 14:39:36
+     [readconf.c]
+     snprintf
+   - itojun@cvs.openbsd.org 2001/02/08 19:30:52
+     sync with netbsd tree changes.
+     - more strict prototypes, include necessary headers
+     - use paths.h/pathnames.h decls
+     - size_t typecase to int -> u_long
+   - itojun@cvs.openbsd.org 2001/02/07 18:04:50
+     [ssh-keyscan.c]
+     fix size_t -> int cast (use u_long).  markus ok
+   - markus@cvs.openbsd.org 2001/02/07 22:43:16
+     [ssh-keyscan.c]
+     s/getline/Linebuf_getline/; from roumen.petrov@skalasoft.com
+   - itojun@cvs.openbsd.org 2001/02/09 9:04:59
+     [ssh-keyscan.c]
+     do not assume malloc() returns zero-filled region.  found by 
+     malloc.conf=AJ.
+   - markus@cvs.openbsd.org 2001/02/08 22:35:30
+     [sshconnect.c]
+     don't connect if batch_mode is true and stricthostkeychecking set to 
+    'ask'
+   - djm@cvs.openbsd.org 2001/02/04 21:26:07
+     [sshd_config]
+     type: ok markus@
+   - deraadt@cvs.openbsd.org 2001/02/06 22:07:50
+     [sshd_config]
+     enable sftp-server by default
+   - deraadt 2001/02/07 8:57:26
+     [xmalloc.c]
+     deal with new ANSI malloc stuff
+   - markus@cvs.openbsd.org 2001/02/07 16:46:08
+     [xmalloc.c]
+     typo in fatal()
+   - itojun@cvs.openbsd.org 2001/02/07 18:04:50
+     [xmalloc.c]
+     fix size_t -> int cast (use u_long).  markus ok
+   - 1.47 Thu Feb 8 23:11:42 GMT 2001 by dugsong
+     [serverloop.c sshconnect1.c]
+     mitigate SSH1 traffic analysis - from Solar Designer 
+     <solar@openwall.com>, ok provos@
+ - (bal) fixed sftp-client.c.  Return 'status' instead of '0'  
+   (from the OpenBSD tree)
+ - (bal) Synced ssh.1, ssh-add.1 and sshd.8 w/ OpenBSD
+ - (bal) sftp-sever.c  '%8lld' to '%8llu' (OpenBSD Sync)
+ - (bal) uuencode.c resync w/ OpenBSD tree, plus whitespace.
+ - (bal) A bit more whitespace cleanup
+ - (djm) Set PAM_RHOST earlier, patch from Andrew Bartlett 
+   <abartlet@pcug.org.au>
+ - (stevesk) misc.c: ssh.h not needed.
+ - (stevesk) compat.c: more friendly cpp error
+ - (stevesk) OpenBSD sync:
+   - stevesk@cvs.openbsd.org 2001/02/11 06:15:57
+     [LICENSE]
+     typos and small cleanup; ok deraadt@
+
+20010210
+ - (djm) Sync sftp and scp stuff from OpenBSD:
+   - djm@cvs.openbsd.org     2001/02/07 03:55:13
+     [sftp-client.c]
+     Don't free handles before we are done with them. Based on work from
+     Corinna Vinschen <vinschen@redhat.com>. ok markus@
+   - djm@cvs.openbsd.org     2001/02/06 22:32:53
+     [sftp.1]
+     Punctuation fix from Pekka Savola <pekkas@netcore.fi>
+   - deraadt@cvs.openbsd.org 2001/02/07 04:07:29
+     [sftp.1]
+     pretty up significantly
+   - itojun@cvs.openbsd.org  2001/02/07 06:49:42
+     [sftp.1]
+     .Bl-.El mismatch.  markus ok
+   - djm@cvs.openbsd.org     2001/02/07 06:12:30
+     [sftp-int.c]
+     Check that target is a directory before doing ls; ok markus@
+   - itojun@cvs.openbsd.org  2001/02/07 11:01:18
+     [scp.c sftp-client.c sftp-server.c]
+     unsigned long long -> %llu, not %qu.  markus ok
+   - stevesk@cvs.openbsd.org 2001/02/07 11:10:39
+     [sftp.1 sftp-int.c]
+     more man page cleanup and sync of help text with man page; ok markus@
+   - markus@cvs.openbsd.org  2001/02/07 14:58:34
+     [sftp-client.c]
+     older servers reply with SSH2_FXP_NAME + count==0 instead of EOF
+   - djm@cvs.openbsd.org     2001/02/07 15:27:19
+     [sftp.c]
+     Don't forward agent and X11 in sftp. Suggestion from Roumen Petrov
+     <roumen.petrov@skalasoft.com>
+   - stevesk@cvs.openbsd.org 2001/02/07 15:36:04
+     [sftp-int.c]
+     portable; ok markus@
+   - stevesk@cvs.openbsd.org 2001/02/07 15:55:47
+     [sftp-int.c]
+     lowercase cmds[].c also; ok markus@
+   - markus@cvs.openbsd.org  2001/02/07 17:04:52
+     [pathnames.h sftp.c]
+     allow sftp over ssh protocol 1; ok djm@
+   - deraadt@cvs.openbsd.org 2001/02/08 07:38:55
+     [scp.c]
+     memory leak fix, and snprintf throughout
+   - deraadt@cvs.openbsd.org 2001/02/08 08:02:02
+     [sftp-int.c]
+     plug a memory leak
+   - stevesk@cvs.openbsd.org 2001/02/08 10:11:23
+     [session.c sftp-client.c]
+     %i -> %d
+   - stevesk@cvs.openbsd.org 2001/02/08 10:57:59
+     [sftp-int.c]
+     typo
+   - stevesk@cvs.openbsd.org 2001/02/08 15:28:07
+     [sftp-int.c pathnames.h]
+     _PATH_LS; ok markus@
+   - djm@cvs.openbsd.org     2001/02/09 04:46:25
+     [sftp-int.c]
+     Check for NULL attribs for chown, chmod & chgrp operations, only send
+     relevant attribs back to server; ok markus@
+   - djm@cvs.openbsd.org     2001/02/06 15:05:25
+     [sftp.c]
+     Use getopt to process commandline arguments
+   - djm@cvs.openbsd.org     2001/02/06 15:06:21
+     [sftp.c ]
+     Wait for ssh subprocess at exit
+   - djm@cvs.openbsd.org     2001/02/06 15:18:16
+     [sftp-int.c]
+     stat target for remote chdir before doing chdir
+   - djm@cvs.openbsd.org     2001/02/06 15:32:54
+     [sftp.1]
+     Punctuation fix from Pekka Savola <pekkas@netcore.fi>
+   - provos@cvs.openbsd.org  2001/02/05 22:22:02
+     [sftp-int.c]
+     cleanup get_pathname, fix pwd after failed cd. okay djm@
+ - (djm) Update makefile.in for _PATH_SFTP_SERVER
+ - (bal) sftp-client.c replace NULL w/ 0 in do_ls() (pending in OpenBSD tree)
+
+20010209
+ - (bal) patch to vis.c to deal with HAVE_VIS right by Robert Mooney 
+   <rjmooney@mediaone.net>
+ - (bal) .c.o rule in openbsd-compat/Makefile.in did not make it to the
+   main tree while porting forward.  Pointed out by Lutz Jaenicke 
+   <Lutz.Jaenicke@aet.TU-Cottbus.DE>
+ - (bal) double entry in configure.in.  Pointed out by Lutz Jaenicke
+   <Lutz.Jaenicke@aet.TU-Cottbus.DE>
+ - (stevesk) OpenBSD sync:
+   - markus@cvs.openbsd.org  2001/02/08 11:20:01
+     [auth2.c]
+     strict checking
+   - markus@cvs.openbsd.org  2001/02/08 11:15:22
+     [version.h]
+     update to 2.3.2
+   - markus@cvs.openbsd.org  2001/02/08 11:12:30
+     [auth2.c]
+     fix typo
+ - (djm) Update spec files
+ - (bal) OpenBSD sync:
+   - deraadt@cvs.openbsd.org 2001/02/08 14:38:54
+     [scp.c]
+     memory leak fix, and snprintf throughout
+   - markus@cvs.openbsd.org 2001/02/06 22:43:02
+     [clientloop.c]
+     remove confusing callback code
+ - (djm) Add CVS Id's to files that we have missed
+ - (bal) OpenBSD Sync (more):
+   - itojun@cvs.openbsd.org 2001/02/08 19:30:52
+     sync with netbsd tree changes.
+     - more strict prototypes, include necessary headers
+     - use paths.h/pathnames.h decls
+     - size_t typecase to int -> u_long
+   - markus@cvs.openbsd.org 2001/02/06 22:07:42
+     [ssh.c]
+     fatal() if subsystem fails
+   - markus@cvs.openbsd.org 2001/02/06 22:43:02
+     [ssh.c]
+     remove confusing callback code
+   - jakob@cvs.openbsd.org 2001/02/06 23:03:24
+     [ssh.c]
+     add -1 option (force protocol version 1). ok markus@
+   - jakob@cvs.openbsd.org 2001/02/06 23:06:21
+     [ssh.c]
+     reorder -{1,2,4,6} options. ok markus@
+ - (bal) Missing 'const' in readpass.h
+ - (bal) OpenBSD Sync (so at least the thing compiles for 2.3.2 =)
+   - djm@cvs.openbsd.org 2001/02/06 23:30:28
+     [sftp-client.c]
+     replace arc4random with counter for request ids; ok markus@
+ - (djm) Define _PATH_TTY for systems that don't. Report from Lutz 
+   Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
+
+20010208
+ - (djm) Don't delete external askpass program in make uninstall target.
+   Report and fix from Roumen Petrov <roumen.petrov@skalasoft.com>
+ - (djm) Fix linking of sftp, don't need arc4random any more.
+ - (djm) Try to use shell that supports "test -S" for EGD socket search.
+   Based on patch from Tim Rice <tim@multitalents.net>
+
+20010207
+ - (bal) Save the whole path to AR in configure.  Some Solaris 2.7 installs
+   seem lose track of it while in openbsd-compat/  (two confirmed reports)
+ - (djm) Much KNF on PAM code
+ - (djm) Revise auth-pam.c conversation function to be a little more
+   readable.
+ - (djm) Revise kbd-int PAM conversation function to fold all text messages
+   to before first prompt. Fixes hangs if last pam_message did not require
+   a reply.
+ - (djm) Fix password changing when using PAM kbd-int authentication
+
+20010205
+ - (bal) Disable groupaccess by setting NGROUPS_MAX to 0 for platforms
+   that don't have NGROUPS_MAX.
+ - (bal) AIX patch for auth1.c by William L. Jones <jones@hpc.utexas.edu>
+ - (stevesk) OpenBSD sync:
+   - stevesk@cvs.openbsd.org 2001/02/04 08:32:27
+     [many files; did this manually to our top-level source dir]
+     unexpand and remove end-of-line whitespace; ok markus@
+   - stevesk@cvs.openbsd.org 2001/02/04 15:21:19
+     [sftp-server.c]
+     SSH2_FILEXFER_ATTR_UIDGID support; ok markus@
+   - deraadt@cvs.openbsd.org 2001/02/04 17:02:32
+     [sftp-int.c]
+     ? == help
+   - deraadt@cvs.openbsd.org 2001/02/04 16:47:46
+     [sftp-int.c]
+     sort commands, so that abbreviations work as expected
+   - stevesk@cvs.openbsd.org 2001/02/04 15:17:52
+     [sftp-int.c]
+     debugging sftp: precedence and missing break.  chmod, chown, chgrp
+     seem to be working now.
+   - markus@cvs.openbsd.org 2001/02/04 14:41:21
+     [sftp-int.c]
+     use base 8 for umask/chmod
+   - markus@cvs.openbsd.org 2001/02/04 11:11:54
+     [sftp-int.c]
+     fix LCD
+   - markus@cvs.openbsd.org  2001/02/04 08:10:44
+     [ssh.1]
+     typo; dpo@club-internet.fr
+   - stevesk@cvs.openbsd.org 2001/02/04 06:30:12
+     [auth2.c authfd.c packet.c]
+     remove duplicate #include's; ok markus@
+   - deraadt@cvs.openbsd.org 2001/02/04 16:56:23
+     [scp.c sshd.c]
+     alpha happiness
+   - stevesk@cvs.openbsd.org 2001/02/04 15:12:17
+     [sshd.c]
+     precedence; ok markus@
+   - deraadt@cvs.openbsd.org 2001/02/04 08:14:15
+     [ssh.c sshd.c]
+     make the alpha happy
+   - markus@cvs.openbsd.org  2001/01/31 13:37:24
+     [channels.c channels.h serverloop.c ssh.c]
+     do not disconnect if local port forwarding fails, e.g. if port is 
+     already in use
+   - markus@cvs.openbsd.org  2001/02/01 14:58:09
+     [channels.c]
+     use ipaddr in channel messages, ietf-secsh wants this
+   - markus@cvs.openbsd.org  2001/01/31 12:26:20
+     [channels.c]
+     ssh.com-2.0.1x does not send additional info in CHANNEL_OPEN_FAILURE 
+     messages; bug report from edmundo@rano.org
+   - markus@cvs.openbsd.org  2001/01/31 13:48:09
+     [sshconnect2.c]
+     unused
+   - deraadt@cvs.openbsd.org 2001/02/04 08:23:08
+     [sftp-client.c sftp-server.c]
+     make gcc on the alpha even happier
+
+20010204
+ - (bal) I think this is the last of the bsd-*.h that don't belong.
+ - (bal) Minor Makefile fix
+ - (bal) openbsd-compat/Makefile minor fix.  Ensure dependancies are done
+   right.
+ - (bal) Changed order of LIB="" in -with-skey due to library resolving.
+ - (bal) next-posix.h changed to bsd-nextstep.h
+ - (djm) OpenBSD CVS sync:
+   - markus@cvs.openbsd.org  2001/02/03 03:08:38
+     [auth-options.c auth-rh-rsa.c auth-rhosts.c auth.c canohost.c]
+     [canohost.h servconf.c servconf.h session.c sshconnect1.c sshd.8]
+     [sshd_config]
+     make ReverseMappingCheck optional in sshd_config; ok djm@,dugsong@
+   - markus@cvs.openbsd.org  2001/02/03 03:19:51
+     [ssh.1 sshd.8 sshd_config]
+     Skey is now called ChallengeResponse
+   - markus@cvs.openbsd.org  2001/02/03 03:43:09
+     [sshd.8]
+     use no-pty option in .ssh/authorized_keys* if you need a 8-bit clean
+     channel. note from Erik.Anggard@cygate.se (pr/1659)
+   - stevesk@cvs.openbsd.org 2001/02/03 10:03:06
+     [ssh.1]
+     typos; ok markus@
+   - djm@cvs.openbsd.org     2001/02/04 04:11:56
+     [scp.1 sftp-server.c ssh.1 sshd.8 sftp-client.c sftp-client.h]
+     [sftp-common.c sftp-common.h sftp-int.c sftp-int.h sftp.1 sftp.c]
+     Basic interactive sftp client; ok theo@
+ - (djm) Update RPM specs for new sftp binary
+ - (djm) Update several bits for new optional reverse lookup stuff. I 
+   think I got them all.
+ - (djm) Makefile.in fixes
+ - (stevesk) add mysignal() wrapper and use it for the protocol 2
+   SIGCHLD handler.
+ - (djm) Use setvbuf() instead of setlinebuf(). Suggest from stevesk@
+
+20010203
+ - (bal) Cygwin clean up by Corinna Vinschen <vinschen@redhat.com>
+ - (bal) renamed queue.h to fake-queue.h (even if it's an OpenBSD
+   based file) to ensure #include space does not get confused.
+ - (bal) Minor Makefile.in tweak.  dirname may not exist on some
+   platforms so builds fail.  (NeXT being a well known one)
+
+20010202
+ - (bal) Makefile fix where sourcedir != builddir by Corinna Vinschen
+   <vinschen@redhat.com>
+ - (bal) Makefile fix to use $(MAKE) instead of 'make'  for platforms
+   that use 'gmake'.   Patch by Tim Rice <tim@multitalents.net>
+
+20010201
+ - (bal) Minor fix to Makefile to stop rebuilding executables if no
+   changes have occured to any of the supporting code.  Patch by
+   Roumen Petrov <roumen.petrov@skalasoft.com>
+
+20010131
+ - (djm) OpenBSD CVS Sync:
+   - djm@cvs.openbsd.org     2001/01/30 15:48:53
+     [sshconnect.c]
+     Make warning message a little more consistent. ok markus@
+ - (djm) Fix autoconf logic for --with-lastlog=no Report and diagnosis from
+   Philipp Buehler <lists@fips.de> and Kevin Steves <stevesk@sweden.hp.com>
+   respectively.
+ - (djm) Don't log SSH2 PAM KbdInt responses to debug, they may contain
+   passwords.
+ - (bal) Reorder.  Move all bsd-*, fake-*, next-*, and cygwin* stuff to
+   openbsd-compat/.  And resolve all ./configure and Makefile.in issues
+   assocated.
+
+20010130
+ - (djm) OpenBSD CVS Sync:
+   - markus@cvs.openbsd.org  2001/01/29 09:55:37
+     [channels.c channels.h clientloop.c serverloop.c]
+     fix select overflow; ok deraadt@ and stevesk@
+   - markus@cvs.openbsd.org  2001/01/29 12:42:35
+     [canohost.c canohost.h channels.c clientloop.c]
+     add get_peer_ipaddr(socket), x11-fwd in ssh2 requires ipaddr, not DNS
+   - markus@cvs.openbsd.org  2001/01/29 12:47:32
+     [rsa.c rsa.h ssh-agent.c sshconnect1.c sshd.c]
+     handle rsa_private_decrypt failures; helps against the Bleichenbacher
+     pkcs#1 attack
+   - djm@cvs.openbsd.org     2001/01/29 05:36:11
+     [ssh.1 ssh.c]
+     Allow invocation of sybsystem by commandline (-s); ok markus@
+ - (stevesk) configure.in: remove duplicate PROG_LS
+
+20010129
+ - (stevesk) sftp-server.c: use %lld vs. %qd
+
+20010128
+ - (bal) Put USE_PIPES back into sco3.2v5
+ - (bal) OpenBSD Sync
+   - markus@cvs.openbsd.org 2001/01/28 10:15:34
+     [dispatch.c]
+     re-keying is not supported; ok deraadt@
+   - markus@cvs.openbsd.org 2001/01/28 10:24:04
+     [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
+     cleanup AUTHORS sections
+   - markus@cvs.openbsd.org 2001/01/28 10:37:26
+     [sshd.c sshd.8]
+     remove -Q, no longer needed
+   - stevesk@cvs.openbsd.org 2001/01/28 20:36:16
+     [readconf.c ssh.1]
+     ``StrictHostKeyChecking ask'' documentation and small cleanup.
+     ok markus@
+   - stevesk@cvs.openbsd.org 2001/01/28 20:43:25
+     [sshd.8]
+     spelling.  ok markus@
+   - stevesk@cvs.openbsd.org 2001/01/28 20:53:21
+     [xmalloc.c]
+     use size_t for strlen() return.  ok markus@
+   - stevesk@cvs.openbsd.org 2001/01/28 22:27:05
+     [authfile.c]
+     spelling.  use sizeof vs. strlen().  ok markus@
+   - niklas@cvs.openbsd.org 2001/01/29 1:59:14
+     [atomicio.h canohost.h clientloop.h deattack.h dh.h dispatch.h
+      groupaccess.c groupaccess.h hmac.h hostfile.h includes.h kex.h
+      key.h log.h login.h match.h misc.h myproposal.h nchan.ms pathnames.h
+      radix.h readpass.h rijndael.h serverloop.h session.h sftp.h ssh-add.1
+      ssh-dss.h ssh-keygen.1 ssh-keyscan.1 ssh-rsa.h ssh1.h ssh_config
+      sshconnect.h sshd_config tildexpand.h uidswap.h uuencode.h]
+     $OpenBSD$
+  - (bal) Minor auth2.c resync.  Whitespace and moving of an #include.
+
+20010126
+ - (bal) SSH_PROGRAM vs _PATH_SSH_PROGRAM fix pointed out by Roumen
+   Petrov <roumen.petrov@skalasoft.com>
+ - (bal) OpenBSD Sync
+   - deraadt@cvs.openbsd.org 2001/01/25 8:06:33
+     [ssh-agent.c]
+     call _exit() in signal handler
+
+20010125
+ - (djm) Sync bsd-* support files:
+   - deraadt@cvs.openbsd.org 2000/01/26 03:43:20
+     [rresvport.c bindresvport.c]
+     new bindresvport() semantics that itojun, shin, jean-luc and i have
+     agreed on, which will be happy for the future. bindresvport_sa() for
+     sockaddr *, too.  docs later..
+   - deraadt@cvs.openbsd.org 2000/01/24 02:24:21
+     [bindresvport.c]
+     in bindresvport(), if sin is non-NULL, example sin->sin_family for
+     the actual family being processed
+ - (djm) Mention PRNGd in documentation, it is nicer than EGD
+ - (djm) Automatically search for "well-known" EGD/PRNGd sockets in autoconf
+ - (bal) AC_FUNC_STRFTIME added to autoconf
+ - (bal) OpenBSD Resync
+   - stevesk@cvs.openbsd.org 2001/01/24 21:03:50
+     [channels.c]
+     missing freeaddrinfo(); ok markus@
+
+20010124
+ - (bal) OpenBSD Resync
+   - markus@cvs.openbsd.org 2001/01/23 10:45:10
+     [ssh.h]
+     nuke comment
+ - (bal) no 64bit support patch from Tim Rice <tim@multitalents.net>
+ - (bal) #ifdef around S_IFSOCK if platform does not support it.
+   patch by Tim Rice <tim@multitalents.net>
+ - (bal) fake-regex.h cleanup based on Tim Rice's patch.
+ - (stevesk) sftp-server.c: fix chmod() mode mask
+
+20010123
+ - (bal) regexp.h typo in configure.in.  Should have been regex.h
+ - (bal) SSH_USER_DIR to _PATH_SSH_USER_DIR patch by stevesk@
+ - (bal) SSH_ASKPASS_DEFAULT to _PATH_SSH_ASKPASS_DEFAULT
+ - (bal) OpenBSD Resync
+   - markus@cvs.openbsd.org 2001/01/22 8:15:00
+     [auth-krb4.c sshconnect1.c]
+     only AFS needs radix.[ch]
+   - markus@cvs.openbsd.org 2001/01/22 8:32:53
+     [auth2.c]
+     no need to include; from mouring@etoh.eviladmin.org
+   - stevesk@cvs.openbsd.org 2001/01/22 16:55:21
+     [key.c]
+     free() -> xfree(); ok markus@
+   - stevesk@cvs.openbsd.org 2001/01/22 17:22:28
+     [sshconnect2.c sshd.c]
+     fix memory leaks in SSH2 key exchange; ok markus@
+   - markus@cvs.openbsd.org 2001/01/22 23:06:39
+     [auth1.c auth2.c readconf.c readconf.h servconf.c servconf.h
+      sshconnect1.c sshconnect2.c sshd.c]
+     rename skey -> challenge response.
+     auto-enable kbd-interactive for ssh2 if challenge-reponse is enabled.
+
+
+20010122
+ - (bal) OpenBSD Resync
+   - markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus
+     [servconf.c ssh.h sshd.c]
+     only auth-chall.c needs #ifdef SKEY
+   - markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus
+     [auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
+      auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c
+      packet.c pathname.h readconf.c scp.c servconf.c serverloop.c
+      session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h
+      ssh1.h sshconnect1.c sshd.c ttymodes.c]
+     move ssh1 definitions to ssh1.h, pathnames to pathnames.h
+   - markus@cvs.openbsd.org 2001/01/19 16:48:14
+     [sshd.8]
+     fix typo; from stevesk@
+   - markus@cvs.openbsd.org 2001/01/19 16:50:58
+     [ssh-dss.c]
+     clear and free digest, make consistent with other code (use dlen); from
+     stevesk@
+   - markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus
+     [auth-options.c auth-options.h auth-rsa.c auth2.c]
+     pass the filename to auth_parse_options()
+   - markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001
+     [readconf.c]
+     fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com
+   - stevesk@cvs.openbsd.org 2001/01/20 18:20:29
+     [sshconnect2.c]
+     dh_new_group() does not return NULL.  ok markus@
+   - markus@cvs.openbsd.org 2001/01/20 21:33:42
+     [ssh-add.c]
+     do not loop forever if askpass does not exist; from
+     andrew@pimlott.ne.mediaone.net
+   - djm@cvs.openbsd.org 2001/01/20 23:00:56
+     [servconf.c]
+     Check for NULL return from strdelim; ok markus
+   - djm@cvs.openbsd.org 2001/01/20 23:02:07
+     [readconf.c]
+     KNF; ok markus
+   - jakob@cvs.openbsd.org 2001/01/21 9:00:33
+     [ssh-keygen.1]
+     remove -R flag; ok markus@
+   - markus@cvs.openbsd.org 2001/01/21 19:05:40
+     [atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c
+      auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
+      auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c
+      bufaux.c  bufaux.h buffer.c canahost.c canahost.h channels.c
+      cipher.c cli.c clientloop.c clientloop.h compat.c compress.c
+      deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c
+      key.c key.h log-client.c log-server.c log.c log.h login.c login.h
+      match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c
+      readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h
+      session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c
+      ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h
+      sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h
+      ttysmodes.c uidswap.c xmalloc.c]
+     split ssh.h and try to cleanup the #include mess. remove unnecessary
+     #includes.  rename util.[ch] -> misc.[ch]
+ - (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree
+ - (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve
+   conflict when compiling for non-kerb install
+ - (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes
+   on 1/19.
+
+20010120
+ - (bal) OpenBSD Resync
+   - markus@cvs.openbsd.org 2001/01/19 12:45:26
+     [ssh-chall.c servconf.c servconf.h ssh.h sshd.c]
+     only auth-chall.c needs #ifdef SKEY
+ - (bal) Slight auth2-pam.c clean up.
+ - (bal) Includes a fake-regexp.h to be only used if regcomp() is found,
+   but no 'regexp.h' found (SCO OpenServer 3 lacks the header).
+
+20010119
+ - (djm) Update versions in RPM specfiles
+ - (bal) OpenBSD Resync
+   - markus@cvs.openbsd.org 2001/01/18 16:20:21
+     [log-client.c log-server.c log.c readconf.c servconf.c ssh.1 ssh.h
+      sshd.8 sshd.c]
+     log() is at pri=LOG_INFO, since LOG_NOTICE goes to /dev/console on many
+     systems
+   - markus@cvs.openbsd.org 2001/01/18 16:59:59
+     [auth-passwd.c auth.c auth.h auth1.c auth2.c serverloop.c session.c
+      session.h sshconnect1.c]
+     1) removes fake skey from sshd, since this will be much
+        harder with /usr/libexec/auth/login_XXX
+     2) share/unify code used in ssh-1 and ssh-2 authentication (server side)
+     3) make addition of BSD_AUTH and other challenge reponse methods
+        easier.
+   - markus@cvs.openbsd.org 2001/01/18 17:12:43
+     [auth-chall.c auth2-chall.c]
+     rename *-skey.c *-chall.c since the files are not skey specific
+ - (djm) Merge patch from Tim Waugh (via Nalin Dahyabhai <nalin@redhat.com>)
+   to fix NULL pointer deref and fake authloop breakage in PAM code.
+ - (bal) Updated contrib/cygwin/ by Corinna Vinschen <vinschen@redhat.com>
+ - (bal) Minor cygwin patch to auth1.c.  Suggested by djm.
+
+20010118
+ - (bal) Super Sized OpenBSD Resync
+   - markus@cvs.openbsd.org 2001/01/11 22:14:20 GMT 2001 by markus
+     [sshd.c]
+     maxfd+1
+   - markus@cvs.openbsd.org 2001/01/13 17:59:18
+     [ssh-keygen.1]
+     small ssh-keygen manpage cleanup; stevesk@pobox.com
+   - markus@cvs.openbsd.org 2001/01/13 18:03:07
+     [scp.c ssh-keygen.c sshd.c]
+     getopt() returns -1 not EOF; stevesk@pobox.com
+   - markus@cvs.openbsd.org 2001/01/13 18:06:54
+     [ssh-keyscan.c]
+     use SSH_DEFAULT_PORT; from stevesk@pobox.com
+   - markus@cvs.openbsd.org 2001/01/13 18:12:47
+     [ssh-keyscan.c]
+     free() -> xfree(); fix memory leak; from stevesk@pobox.com
+   - markus@cvs.openbsd.org 2001/01/13 18:14:13
+     [ssh-add.c]
+     typo, from stevesk@sweden.hp.com
+   - markus@cvs.openbsd.org 2001/01/13 18:32:50
+     [packet.c session.c ssh.c sshconnect.c sshd.c]
+     split out keepalive from packet_interactive (from dale@accentre.com)
+     set IPTOS_LOWDELAY TCP_NODELAY IPTOS_THROUGHPUT for ssh2, too.
+   - markus@cvs.openbsd.org 2001/01/13 18:36:45
+     [packet.c packet.h]
+     reorder, typo
+   - markus@cvs.openbsd.org 2001/01/13 18:38:00
+     [auth-options.c]
+     fix comment
+   - markus@cvs.openbsd.org 2001/01/13 18:43:31
+     [session.c]
+     Wall
+   - markus@cvs.openbsd.org 2001/01/13 19:14:08
+     [clientloop.h clientloop.c ssh.c]
+     move callback to headerfile
+   - markus@cvs.openbsd.org 2001/01/15 21:40:10
+     [ssh.c]
+     use log() instead of stderr
+   - markus@cvs.openbsd.org 2001/01/15 21:43:51
+     [dh.c]
+     use error() not stderr!
+   - markus@cvs.openbsd.org 2001/01/15 21:45:29
+     [sftp-server.c]
+     rename must fail if newpath exists, debug off by default
+   - markus@cvs.openbsd.org 2001/01/15 21:46:38
+     [sftp-server.c]
+     readable long listing for sftp-server, ok deraadt@
+   - markus@cvs.openbsd.org 2001/01/16 19:20:06
+     [key.c ssh-rsa.c]
+     make "ssh-rsa" key format for ssh2 confirm to the ietf-drafts; from
+     galb@vandyke.com.  note that you have to delete older ssh2-rsa keys,
+     since they are in the wrong format, too. they must be removed from
+     .ssh/authorized_keys2 and .ssh/known_hosts2, etc.
+     (cd; grep -v ssh-rsa .ssh/authorized_keys2 > TMP && mv TMP
+     .ssh/authorized_keys2) additionally, we now check that
+     BN_num_bits(rsa->n) >= 768.
+   - markus@cvs.openbsd.org 2001/01/16 20:54:27
+     [sftp-server.c]
+     remove some statics. simpler handles; idea from nisse@lysator.liu.se
+   - deraadt@cvs.openbsd.org 2001/01/16 23:58:08
+     [bufaux.c radix.c sshconnect.h sshconnect1.c]
+     indent
+ - (bal) Added bsd-strmode.[ch] since some non-OpenBSD platforms may
+   be missing such feature.
+
+
+20010117
+ - (djm) Only write random seed file at exit
+ - (djm) Make PAM support optional, enable with --with-pam
+ - (djm) Try to use libcrypt on Linux, but link it after OpenSSL (which
+   provides a crypt() of its own)
+ - (djm) Avoid a warning in bsd-bindresvport.c
+ - (djm) Try to avoid adding -I/usr/include to CPPFLAGS during SSL tests. This
+   can cause weird segfaults errors on Solaris
+ - (djm) Avoid warning in PAM code by making read_passphrase arguments const
+ - (djm) Add --with-pam to RPM spec files
+
+20010115
+ - (bal) sftp-server.c change to use chmod() if fchmod() does not exist.
+ - (bal) utimes() support via utime() interface on machine that lack utimes().
+
+20010114
+ - (stevesk) initial work for OpenBSD "support supplementary group in
+   {Allow,Deny}Groups" patch:
+   - import getgrouplist.c from OpenBSD (bsd-getgrouplist.c)
+   - add bsd-getgrouplist.h
+   - new files groupaccess.[ch]
+   - build but don't use yet (need to merge auth.c changes)
+ - (stevesk) complete:
+   - markus@cvs.openbsd.org  2001/01/13 11:56:48
+     [auth.c sshd.8]
+     support supplementary group in {Allow,Deny}Groups
+     from stevesk@pobox.com
+
+20010112
+ - (bal) OpenBSD Sync
+   - markus@cvs.openbsd.org 2001/01/10 22:56:22
+     [bufaux.h bufaux.c sftp-server.c sftp.h getput.h]
+     cleanup sftp-server implementation:
+     add buffer_get_int64, buffer_put_int64, GET_64BIT, PUT_64BIT
+     parse SSH2_FILEXFER_ATTR_EXTENDED
+     send SSH2_FX_EOF if readdir returns no more entries
+     reply to SSH2_FXP_EXTENDED message
+     use #defines from the draft
+     move #definations to sftp.h
+     more info:
+     http://www.ietf.org/internet-drafts/draft-ietf-secsh-filexfer-00.txt
+   - markus@cvs.openbsd.org 2001/01/10 19:43:20
+     [sshd.c]
+     XXX - generate_empheral_server_key() is not safe against races,
+     because it calls log()
+   - markus@cvs.openbsd.org 2001/01/09 21:19:50
+     [packet.c]
+     allow TCP_NDELAY for ipv6; from netbsd via itojun@
+
+20010110
+ - (djm) SNI/Reliant Unix needs USE_PIPES and $DISPLAY hack. Report from
+   Bladt Norbert <Norbert.Bladt@adi.ch>
+
+20010109
+ - (bal) Resync CVS ID of cli.c
+ - (stevesk) auth1.c: free should be after WITH_AIXAUTHENTICATE
+   code.
+ - (bal) OpenBSD Sync
+   - markus@cvs.openbsd.org 2001/01/08 22:29:05
+     [auth2.c compat.c compat.h servconf.c servconf.h sshd.8
+      sshd_config version.h]
+     implement option 'Banner /etc/issue.net' for ssh2, move version to
+     2.3.1 (needed for bugcompat detection, 2.3.0 would fail if Banner
+     is enabled).
+   - markus@cvs.openbsd.org 2001/01/08 22:03:23
+     [channels.c ssh-keyscan.c]
+     O_NDELAY -> O_NONBLOCK; thanks stevesk@pobox.com
+   - markus@cvs.openbsd.org 2001/01/08 21:55:41
+     [sshconnect1.c]
+     more cleanups and fixes from stevesk@pobox.com:
+     1) try_agent_authentication() for loop will overwrite key just
+        allocated with key_new(); don't alloc
+     2) call ssh_close_authentication_connection() before exit
+        try_agent_authentication()
+     3) free mem on bad passphrase in try_rsa_authentication()
+   - markus@cvs.openbsd.org 2001/01/08 21:48:17
+     [kex.c]
+     missing free; thanks stevesk@pobox.com
+  - (bal) Detect if clock_t structure exists, if not define it.
+  - (bal) Detect if O_NONBLOCK exists, if not define it.
+  - (bal) removed news4-posix.h (now empty)
+  - (bal) changed bsd-bindresvport.c and bsd-rresvport.c to use 'socklen_t'
+    instead of 'int'
+ - (stevesk) sshd_config: sync
+ - (stevesk) defines.h: remove spurious ``;''
+
+20010108
+ - (bal) Fixed another typo in cli.c
+ - (bal) OpenBSD Sync
+   - markus@cvs.openbsd.org 2001/01/07 21:26:55
+     [cli.c]
+     typo
+   - markus@cvs.openbsd.org 2001/01/07 21:26:55
+     [cli.c]
+     missing free, stevesk@pobox.com
+   - markus@cvs.openbsd.org 2001/01/07 19:06:25
+     [auth1.c]
+     missing free, stevesk@pobox.com
+   - markus@cvs.openbsd.org 2001/01/07 11:28:04
+     [log-client.c log-server.c log.c readconf.c servconf.c ssh.1
+      ssh.h sshd.8 sshd.c]
+     rename SYSLOG_LEVEL_INFO->SYSLOG_LEVEL_NOTICE
+     syslog priority changes:
+             fatal() LOG_ERR  -> LOG_CRIT
+             log()   LOG_INFO -> LOG_NOTICE
+ - Updated TODO
+
+20010107
+ - (bal) OpenBSD Sync
+   - markus@cvs.openbsd.org 2001/01/06 11:23:27
+     [ssh-rsa.c]
+     remove unused
+   - itojun@cvs.openbsd.org 2001/01/05 08:23:29
+     [ssh-keyscan.1]
+     missing .El
+   - markus@cvs.openbsd.org 2001/01/04 22:41:03
+     [session.c sshconnect.c]
+     consistent use of _PATH_BSHELL; from stevesk@pobox.com
+   - djm@cvs.openbsd.org 2001/01/04 22:35:32
+     [ssh.1 sshd.8]
+     Mention AES as available SSH2 Cipher; ok markus
+   - markus@cvs.openbsd.org 2001/01/04 22:25:58
+     [sshd.c]
+     sync usage()/man with defaults; from stevesk@pobox.com
+   - markus@cvs.openbsd.org 2001/01/04 22:21:26
+     [sshconnect2.c]
+     handle SSH2_MSG_USERAUTH_BANNER; fixes bug when connecting to a server
+     that prints a banner (e.g. /etc/issue.net)
+
+20010105
+ - (bal) contrib/caldera/ provided by Tim Rice <tim@multitalents.net>
+ - (bal) bsd-getcwd.c and bsd-setenv.c changed from bcopy() to memmove()
+
+20010104
+ - (djm) Fix memory leak on systems with BROKEN_GETADDRINFO. Based on
+   work by Chris Vaughan <vaughan99@yahoo.com>
+
+20010103
+ - (bal) fixed up sshconnect.c so it was closer inline with the OpenBSD
+   tree (mainly positioning)
+ - (bal) OpenSSH CVS Update
+   - markus@cvs.openbsd.org 2001/01/02 20:41:02
+     [packet.c]
+     log remote ip on disconnect; PR 1600 from jcs@rt.fm
+   - markus@cvs.openbsd.org 2001/01/02 20:50:56
+     [sshconnect.c]
+     strict_host_key_checking for host_status != HOST_CHANGED &&
+     ip_status == HOST_CHANGED
+ - (bal) authfile.c: Synced CVS ID tag
+ - (bal) UnixWare 2.0 fixes by Tim Rice <tim@multitalents.net>
+ - (bal) Disable sftp-server if no 64bit int support exists.  Based on
+   patch by Tim Rice <tim@multitalents.net>
+ - (bal) Makefile.in changes to uninstall: target to remove sftp-server
+   and sftp-server.8 manpage.
+
+20010102
+ - (bal) OpenBSD CVS Update
+   - markus@cvs.openbsd.org 2001/01/01 14:52:49
+     [scp.c]
+     use shared fatal(); from stevesk@pobox.com
+
+20001231
+ - (bal) Reverted out of MAXHOSTNAMELEN.  This should be set per OS.
+   for multiple reasons.
+ - (bal) Reverted out of a partial NeXT patch.
+
+20001230
+ - (bal) OpenBSD CVS Update
+   - markus@cvs.openbsd.org 2000/12/28 18:58:30
+     [ssh-keygen.c]
+     enable 'ssh-keygen -l -f ~/.ssh/{authorized_keys,known_hosts}{,2}
+   - markus@cvs.openbsd.org 2000/12/29 22:19:13
+     [channels.c]
+     missing xfree; from vaughan99@yahoo.com
+ - (bal) Resynced CVS ID with OpenBSD for channel.c and uidswap.c
+ - (bal) if no MAXHOSTNAMELEN is defined.  Default to 64 character defination.
+   Suggested by Christian Kurz <shorty@debian.org>
+ - (bal) Add in '.c.o' section to Makefile.in to address make programs that
+    don't honor CPPFLAGS by default.  Suggested by Lutz Jaenicke
+    <Lutz.Jaenicke@aet.TU-Cottbus.DE>
+
+20001229
+ - (bal) Fixed spelling of 'authorized_keys' in ssh-copy-id.1 by Christian
+   Kurz <shorty@debian.org>
+ - (bal) OpenBSD CVS Update
+   - markus@cvs.openbsd.org 2000/12/28 14:25:51
+     [auth.h auth2.c]
+     count authentication failures only
+   - markus@cvs.openbsd.org 2000/12/28 14:25:03
+     [sshconnect.c]
+     fingerprint for MITM attacks, too.
+   - markus@cvs.openbsd.org 2000/12/28 12:03:57
+     [sshd.8 sshd.c]
+     document -D
+   - markus@cvs.openbsd.org 2000/12/27 14:19:21
+     [serverloop.c]
+     less chatty
+   - markus@cvs.openbsd.org 2000/12/27 12:34
+     [auth1.c sshconnect2.c sshd.c]
+     typo
+   - markus@cvs.openbsd.org 2000/12/27 12:30:19
+     [readconf.c readconf.h ssh.1 sshconnect.c]
+     new option: HostKeyAlias: allow the user to record the host key
+     under a different name. This is useful for ssh tunneling over
+     forwarded connections or if you run multiple sshd's on different
+     ports on the same machine.
+   - markus@cvs.openbsd.org 2000/12/27 11:51:53
+     [ssh.1 ssh.c]
+     multiple -t force pty allocation, document ORIGINAL_COMMAND
+   - markus@cvs.openbsd.org 2000/12/27 11:41:31
+     [sshd.8]
+     update for ssh-2
+ - (stevesk) compress.[ch] sync with openbsd; missed in prototype
+   fix merge.
+
+20001228
+ - (bal) Patch to add libutil.h to loginrec.c only if the platform has
+   libutil.h.  Suggested by Pekka Savola <pekka@netcore.fi>
+ - (djm) Update to new x11-askpass in RPM spec
+ - (bal) SCO patch to not include <sys/queue.h> since it's unrelated
+   header.  Patch by Tim Rice <tim@multitalents.net>
+ - Updated TODO w/ known HP/UX issue
+ - (bal) removed extra <netdb.h> noticed by Kevin Steves and removed the
+   bad reference to 'NeXT including it else were' on the #ifdef version.
+
+20001227
+ - (bal) Typo in configure.in: entut?ent should be endut?ent.  Suggested by
+   Takumi Yamane <yamtak@b-session.com>
+ - (bal) Checks for getrlimit(), sysconf(), and setdtablesize().  Patch
+   by Corinna Vinschen <vinschen@redhat.com>
+ - (djm) Fix catman-do target for non-bash
+ - (bal) Typo in configure.in: entut?ent should be endut?ent.  Suggested by
+   Takumi Yamane <yamtak@b-session.com>
+ - (bal) Checks for getrlimit(), sysconf(), and setdtablesize().  Patch
+   by Corinna Vinschen <vinschen@redhat.com>
+ - (djm) Fix catman-do target for non-bash
+ - (bal) Fixed NeXT's lack of CPPFLAGS honoring.
+ - (bal) ssh-keyscan.c: NeXT (and older BSDs) don't support getrlimit() w/
+   'RLIMIT_NOFILE'
+ - (djm) Remove *.Ylonen files. They are no longer in the OpenBSD tree,
+   the info in COPYING.Ylonen has been moved to the start of each
+   SSH1-derived file and README.Ylonen is well out of date.
+
+20001223
+ - (bal) Fixed Makefile.in to support recompile of all ssh and sshd objects
+   if a change to config.h has occurred.  Suggested by Gert Doering
+   <gert@greenie.muc.de>
+ - (bal) OpenBSD CVS Update:
+   - markus@cvs.openbsd.org 2000/12/22 16:49:40
+     [ssh-keygen.c]
+     fix ssh-keygen -x -t type > file; from Roumen.Petrov@skalasoft.com
+
+20001222
+ - Updated RCSID for pty.c
+ - (bal) OpenBSD CVS Updates:
+  - markus@cvs.openbsd.org 2000/12/21 15:10:16
+    [auth-rh-rsa.c hostfile.c hostfile.h sshconnect.c]
+    print keyfile:line for changed hostkeys, for deraadt@, ok deraadt@
+  - markus@cvs.openbsd.org 2000/12/20 19:26:56
+    [authfile.c]
+    allow ssh -i userkey for root
+  - markus@cvs.openbsd.org 2000/12/20 19:37:21
+    [authfd.c authfd.h kex.c sshconnect2.c sshd.c uidswap.c uidswap.h]
+    fix prototypes; from stevesk@pobox.com
+  - markus@cvs.openbsd.org 2000/12/20 19:32:08
+    [sshd.c]
+    init pointer to NULL; report from Jan.Ivan@cern.ch
+  - markus@cvs.openbsd.org 2000/12/19 23:17:54
+    [auth-krb4.c auth-options.c auth-options.h auth-rhosts.c auth-rsa.c
+     auth1.c auth2-skey.c auth2.c authfd.c authfd.h authfile.c bufaux.c
+     bufaux.h buffer.c canohost.c channels.c clientloop.c compress.c
+     crc32.c deattack.c getput.h hmac.c hmac.h hostfile.c kex.c kex.h
+     key.c key.h log.c login.c match.c match.h mpaux.c mpaux.h packet.c
+     packet.h radix.c readconf.c rsa.c scp.c servconf.c servconf.h
+     serverloop.c session.c sftp-server.c ssh-agent.c ssh-dss.c ssh-dss.h
+     ssh-keygen.c ssh-keyscan.c ssh-rsa.c ssh-rsa.h ssh.c ssh.h  uuencode.c
+     uuencode.h sshconnect1.c sshconnect2.c sshd.c tildexpand.c]
+    replace 'unsigned bla' with 'u_bla' everywhere. also replace 'char
+    unsigned' with u_char.
+
+20001221
+ - (stevesk) OpenBSD CVS updates:
+   - markus@cvs.openbsd.org 2000/12/19 15:43:45
+     [authfile.c channels.c sftp-server.c ssh-agent.c]
+     remove() -> unlink() for consistency
+   - markus@cvs.openbsd.org 2000/12/19 15:48:09
+     [ssh-keyscan.c]
+     replace <ssl/x.h> with <openssl/x.h>
+   - markus@cvs.openbsd.org 2000/12/17 02:33:40
+     [uidswap.c]
+     typo; from wsanchez@apple.com
+
+20001220
+ - (djm) Workaround PAM inconsistencies between Solaris derived PAM code
+   and Linux-PAM. Based on report and fix from Andrew Morgan
+   <morgan@transmeta.com>
+
+20001218
+ - (stevesk) rsa.c: entropy.h not needed.
+ - (bal) split CFLAGS into CFLAGS and CPPFLAGS in configure.in and Makefile.
+   Suggested by Wilfredo Sanchez <wsanchez@apple.com>
+
+20001216
+ - (stevesk) OpenBSD CVS updates:
+   - markus@cvs.openbsd.org 2000/12/16 02:53:57
+     [scp.c]
+     allow + in usernames; request from Florian.Weimer@RUS.Uni-Stuttgart.DE
+   - markus@cvs.openbsd.org 2000/12/16 02:39:57
+     [scp.c]
+     unused; from stevesk@pobox.com
+
+20001215
+ - (stevesk) Old OpenBSD patch wasn't completely applied:
+   - markus@cvs.openbsd.org 2000/01/24 22:11:20
+     [scp.c]
+     allow '.' in usernames; from jedgar@fxp.org
+ - (stevesk) OpenBSD CVS updates:
+   - markus@cvs.openbsd.org 2000/12/13 16:26:53
+     [ssh-keyscan.c]
+     fatal already adds \n; from stevesk@pobox.com
+   - markus@cvs.openbsd.org 2000/12/13 16:25:44
+     [ssh-agent.c]
+     remove redundant spaces; from stevesk@pobox.com
+   - ho@cvs.openbsd.org 2000/12/12 15:50:21
+     [pty.c]
+     When failing to set tty owner and mode on a read-only filesystem, don't
+     abort if the tty already has correct owner and reasonably sane modes.
+     Example; permit 'root' to login to a firewall with read-only root fs.
+     (markus@ ok)
+   - deraadt@cvs.openbsd.org 2000/12/13 06:36:05
+     [pty.c]
+     KNF
+   - markus@cvs.openbsd.org 2000/12/12 14:45:21
+     [sshd.c]
+     source port < 1024 is no longer required for rhosts-rsa since it
+     adds no additional security.
+   - markus@cvs.openbsd.org 2000/12/12 16:11:49
+     [ssh.1 ssh.c]
+     rhosts-rsa is no longer automagically disabled if ssh is not privileged.
+     UsePrivilegedPort=no disables rhosts-rsa _only_ for old servers.
+     these changes should not change the visible default behaviour of the ssh client.
+   - deraadt@cvs.openbsd.org 2000/12/11 10:27:33
+     [scp.c]
+     when copying 0-sized files, do not re-print ETA time at completion
+   - provos@cvs.openbsd.org 2000/12/15 10:30:15
+     [kex.c kex.h sshconnect2.c sshd.c]
+     compute diffie-hellman in parallel between server and client. okay markus@
+
+20001213
+ - (djm) Make sure we reset the SIGPIPE disposition after we fork. Report
+   from Andreas M. Kirchwitz <amk@krell.zikzak.de>
+ - (stevesk) OpenBSD CVS update:
+   - markus@cvs.openbsd.org 2000/12/12 15:30:02
+     [ssh-keyscan.c ssh.c sshd.c]
+     consistently use __progname; from stevesk@pobox.com
+
+20001211
+ - (bal) Applied patch to include ssh-keyscan into Redhat's package, and
+   patch to install ssh-keyscan manpage.  Patch by Pekka Savola
+   <pekka@netcore.fi>
+ - (bal) OpenbSD CVS update
+   - markus@cvs.openbsd.org 2000/12/10 17:01:53
+     [sshconnect1.c]
+     always request new challenge for skey/tis-auth, fixes interop with
+     other implementations; report from roth@feep.net
+
+20001210
+ - (bal) OpenBSD CVS updates
+   - markus@cvs.openbsd.org 2000/12/09 13:41:51
+     [cipher.c cipher.h rijndael.c rijndael.h rijndael_boxes.h]
+     undo rijndael changes
+   - markus@cvs.openbsd.org 2000/12/09 13:48:31
+     [rijndael.c]
+     fix byte order bug w/o introducing new implementation
+   - markus@cvs.openbsd.org 2000/12/09 14:08:27
+     [sftp-server.c]
+     "" -> "." for realpath; from vinschen@redhat.com
+   - markus@cvs.openbsd.org 2000/12/09 14:06:54
+     [ssh-agent.c]
+     extern int optind; from stevesk@sweden.hp.com
+   - provos@cvs.openbsd.org 2000/12/09 23:51:11
+     [compat.c]
+     remove unnecessary '\n'
+
+20001209
+ - (bal) OpenBSD CVS updates:
+   - djm@cvs.openbsd.org 2000/12/07 4:24:59
+     [ssh.1]
+     Typo fix from Wilfredo Sanchez <wsanchez@apple.com>; ok theo
+
+20001207
+ - (bal) OpenBSD CVS updates:
+   - markus@cvs.openbsd.org 2000/12/06 22:58:14
+     [compat.c compat.h packet.c]
+     disable debug messages for ssh.com/f-secure 2.0.1x, 2.1.0
+   - markus@cvs.openbsd.org 2000/12/06 23:10:39
+     [rijndael.c]
+     unexpand(1)
+   - markus@cvs.openbsd.org 2000/12/06 23:05:43
+     [cipher.c cipher.h rijndael.c rijndael.h rijndael_boxes.h]
+     new rijndael implementation. fixes endian bugs
+
+20001206
+ - (bal) OpenBSD CVS updates:
+   - markus@cvs.openbsd.org 2000/12/05 20:34:09
+     [channels.c channels.h clientloop.c serverloop.c]
+     async connects for -R/-L; ok deraadt@
+   - todd@cvs.openssh.org 2000/12/05 16:47:28
+     [sshd.c]
+     tweak comment to reflect real location of pid file; ok provos@
+ - (stevesk) Import <sys/queue.h> from OpenBSD for systems that don't
+   have it (used in ssh-keyscan).
+ - (stevesk) OpenBSD CVS update:
+   - markus@cvs.openbsd.org 2000/12/06 19:57:48
+     [ssh-keyscan.c]
+     err(3) -> internal error(), from stevesk@sweden.hp.com
+
+20001205
+ - (bal) OpenBSD CVS updates:
+   - markus@cvs.openbsd.org 2000/12/04 19:24:02
+     [ssh-keyscan.c ssh-keyscan.1]
+     David Maziere's ssh-keyscan, ok niels@
+ - (bal) Updated Makefile.in to include ssh-keyscan that was just added
+   to the recent OpenBSD source tree.
+ - (stevesk) fix typos in contrib/hpux/README
+
+20001204
+ - (bal) More C functions defined in NeXT that are unaccessable without
+   defining -POSIX.
+ - (bal) OpenBSD CVS updates:
+   - markus@cvs.openbsd.org 2000/12/03 11:29:04
+     [compat.c]
+     remove fallback to SSH_BUG_HMAC now that the drafts are updated
+   - markus@cvs.openbsd.org 2000/12/03 11:27:55
+     [compat.c]
+     correctly match "2.1.0.pl2 SSH" etc; from
+     pekkas@netcore.fi/bugzilla.redhat
+   - markus@cvs.openbsd.org 2000/12/03 11:15:03
+     [auth2.c compat.c compat.h sshconnect2.c]
+     support f-secure/ssh.com 2.0.12; ok niels@
+
+20001203
+ - (bal) OpenBSD CVS updates:
+  - markus@cvs.openbsd.org 2000/11/30 22:54:31
+    [channels.c]
+    debug->warn if tried to do -R style fwd w/o client requesting this;
+    ok neils@
+  - markus@cvs.openbsd.org 2000/11/29 20:39:17
+    [cipher.c]
+    des_cbc_encrypt -> des_ncbc_encrypt since it already updates the IV
+  - markus@cvs.openbsd.org 2000/11/30 18:33:05
+    [ssh-agent.c]
+    agents must not dump core, ok niels@
+  - markus@cvs.openbsd.org 2000/11/30 07:04:02
+    [ssh.1]
+    T is for both protocols
+  - markus@cvs.openbsd.org 2000/12/01 00:00:51
+    [ssh.1]
+    typo; from green@FreeBSD.org
+  - markus@cvs.openbsd.org 2000/11/30 07:02:35
+    [ssh.c]
+    check -T before isatty()
+  - provos@cvs.openbsd.org 2000/11/29 13:51:27
+    [sshconnect.c]
+    show IP address and hostname when new key is encountered. okay markus@
+  - markus@cvs.openbsd.org 2000/11/30 22:53:35
+    [sshconnect.c]
+    disable agent/x11/port fwding if hostkey has changed; ok niels@
+  - marksu@cvs.openbsd.org 2000/11/29 21:11:59
+    [sshd.c]
+    sshd -D, startup w/o deamon(), for monitoring scripts or inittab;
+    from handler@sub-rosa.com and eric@urbanrange.com; ok niels@
+ - (djm) Added patch from Nalin Dahyabhai <nalin@redhat.com> to enable
+   PAM authentication using KbdInteractive.
+ - (djm) Added another TODO
+
+20001202
+ - (bal) Backed out of part of Alain St-Denis' loginrec.c patch.
+ - (bal) Irix need some sort of mansubdir, patch by Michael Stone
+   <mstone@cs.loyola.edu>
+
+20001129
+ - (djm) Back out all the serverloop.c hacks. sshd will now hang again
+   if there are background children with open fds.
+ - (djm) bsd-rresvport.c bzero -> memset
+ - (djm) Don't fail in defines.h on absence of 64 bit types (we will
+   still fail during compilation of sftp-server).
+ - (djm) Fail if ar is not found during configure
+ - (djm) OpenBSD CVS updates:
+   - provos@cvs.openbsd.org  2000/11/22 08:38:31
+     [sshd.8]
+     talk about /etc/primes, okay markus@
+   - markus@cvs.openbsd.org  2000/11/23 14:03:48
+     [ssh.c sshconnect1.c sshconnect2.c]
+     complain about invalid ciphers for ssh1/ssh2, fall back to reasonable
+     defaults
+   - markus@cvs.openbsd.org  2000/11/25 09:42:53
+     [sshconnect1.c]
+     reorder check for illegal ciphers, bugreport from espie@
+   - markus@cvs.openbsd.org  2000/11/25 10:19:34
+     [ssh-keygen.c ssh.h]
+     print keytype when generating a key.
+     reasonable defaults for RSA1/RSA/DSA keys.
+ - (djm) Patch from Pekka Savola <Pekka.Savola@netcore.fi> to include a few
+   more manpage paths in fixpaths calls
+ - (djm) Also add xauth path at Pekka's suggestion.
+ - (djm) Add Redhat RPM patch for AUTHPRIV SyslogFacility
+
+20001125
+ - (djm) Give up privs when reading seed file
+
+20001123
+ - (bal) Merge OpenBSD changes:
+   - markus@cvs.openbsd.org  2000/11/15 22:31:36
+     [auth-options.c]
+     case insensitive key options; from stevesk@sweeden.hp.com
+   - markus@cvs.openbsd.org  2000/11/16 17:55:43
+     [dh.c]
+     do not use perror() in sshd, after child is forked()
+   - markus@cvs.openbsd.org  2000/11/14 23:42:40
+     [auth-rsa.c]
+     parse option only if key matches; fix some confusing seen by the client
+   - markus@cvs.openbsd.org  2000/11/14 23:44:19
+     [session.c]
+     check no_agent_forward_flag for ssh-2, too
+   - markus@cvs.openbsd.org  2000/11/15
+     [ssh-agent.1]
+     reorder SYNOPSIS; typo, use .It
+   - markus@cvs.openbsd.org  2000/11/14 23:48:55
+     [ssh-agent.c]
+     do not reorder keys if a key is removed
+   - markus@cvs.openbsd.org  2000/11/15 19:58:08
+     [ssh.c]
+     just ignore non existing user keys
+   - millert@cvs.openbsd.org  200/11/15 20:24:43
+     [ssh-keygen.c]
+     Add missing \n at end of error message.
+
+20001122
+ - (bal) Minor patch to ensure platforms lacking IRIX job limit supports
+   are compilable.
+ - (bal) Updated TODO as of 11/18/2000 with known things to resolve.
+
+20001117
+ - (bal) Changed from 'primes' to 'primes.out' for consistancy sake.  It
+   has no affect the output.  Patch by Corinna Vinschen <vinschen@redhat.com>
+ - (stevesk) Reworked progname support.
+ - (bal) Misplaced #include "includes.h" in bsd-setproctitle.c.  Patch by
+   Shinichi Maruyama <marya@st.jip.co.jp>
+
+20001116
+ - (bal) Added in MAXSYMLINK test in bsd-realpath.c.  Required for some SCO
+   releases.
+ - (bal) Make builds work outside of source tree.  Patch by Mark D. Roth
+   <roth@feep.net>
+
+20001113
+ - (djm) Add pointer to http://www.imasy.or.jp/~gotoh/connect.c to
+   contrib/README
+ - (djm) Merge OpenBSD changes:
+   - markus@cvs.openbsd.org  2000/11/06 16:04:56
+     [channels.c channels.h clientloop.c nchan.c serverloop.c]
+     [session.c ssh.c]
+     agent forwarding and -R for ssh2, based on work from
+     jhuuskon@messi.uku.fi
+   - markus@cvs.openbsd.org  2000/11/06 16:13:27
+     [ssh.c sshconnect.c sshd.c]
+     do not disabled rhosts(rsa) if server port > 1024; from
+     pekkas@netcore.fi
+   - markus@cvs.openbsd.org  2000/11/06 16:16:35
+     [sshconnect.c]
+     downgrade client to 1.3 if server is 1.4; help from mdb@juniper.net
+   - markus@cvs.openbsd.org  2000/11/09 18:04:40
+     [auth1.c]
+     typo; from mouring@pconline.com
+   - markus@cvs.openbsd.org  2000/11/12 12:03:28
+     [ssh-agent.c]
+     off-by-one when removing a key from the agent
+   - markus@cvs.openbsd.org  2000/11/12 12:50:39
+     [auth-rh-rsa.c auth2.c authfd.c authfd.h]
+     [authfile.c hostfile.c kex.c kex.h key.c key.h myproposal.h]
+     [readconf.c readconf.h rsa.c rsa.h servconf.c servconf.h ssh-add.c]
+     [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config]
+     [sshconnect1.c sshconnect2.c sshd.8 sshd.c sshd_config ssh-dss.c]
+     [ssh-dss.h ssh-rsa.c ssh-rsa.h dsa.c dsa.h]
+     add support for RSA to SSH2.  please test.
+     there are now 3 types of keys: RSA1 is used by ssh-1 only,
+     RSA and DSA are used by SSH2.
+     you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA
+     keys for SSH2 and use the RSA keys for hostkeys or for user keys.
+     SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before.
+ - (djm) Fix up Makefile and Redhat init script to create RSA host keys
+ - (djm) Change to interim version
+ - (djm) Fix RPM spec file stupidity
+ - (djm) fixpaths to DSA and RSA keys too
+
+20001112
+ - (bal) SCO Patch to add needed libraries for configure.in.  Patch by
+   Phillips Porch <root@theporch.com>
+ - (bal) IRIX patch to adding Job Limits.  Patch by Denis Parker
+   <dcp@sgi.com>
+ - (stevesk) pty.c: HP-UX 10 and 11 don't define TIOCSCTTY.  Add error() to
+   failed ioctl(TIOCSCTTY) call.
+
+20001111
+ - (djm) Added /etc/primes for kex DH group neg, fixup Makefile.in and
+   packaging files
+ - (djm) Fix new Makefile.in warnings
+ - (djm) Fix vsprintf("%h") in bsd-snprintf.c, short int va_args are
+   promoted to type int. Report and fix from Dan Astoorian
+   <djast@cs.toronto.edu>
+ - (djm) Hardwire sysconfdir in RPM spec files as some RPM versions get
+   it wrong. Report from Bennett Todd <bet@rahul.net>
+
+20001110
+ - (bal) Fixed dropped answer from skey_keyinfo() in auth1.c
+ - (bal) Changed from --with-skey to --with-skey=PATH in configure.in
+ - (bal) Added in check to verify S/Key library is being detected in
+   configure.in
+ - (bal) next-posix.h - added another prototype wrapped in POSIX ifdef/endif.
+   Patch by Mark Miller <markm@swoon.net>
+ - (bal) Added 'util.h' header to loginrec.c only if HAVE_UTIL_H is defined
+   to remove warnings under MacOS X.  Patch by Mark Miller <markm@swoon.net>
+ - (bal) Fixed LDFLAG mispelling in configure.in for --with-afs
+
+20001107
+ - (bal) acconfig.in - removed the double "USE_PIPES" entry. Patch by
+   Mark Miller <markm@swoon.net>
+ - (bal) sshd.init files corrected to assign $? to RETVAL.  Patch by
+   Jarno Huuskonen <jhuuskon@messi.uku.fi>
+ - (bal) fixpaths fixed to stop it from quitely failing. Patch by
+   Mark D. Roth <roth@feep.net>
+
+20001106
+ - (djm) Use Jim's new 1.0.3 askpass in Redhat RPMs
+ - (djm) Manually fix up missed diff hunks (mainly RCS idents)
+ - (djm) Remove UPGRADING document in favour of a link to the better
+   maintained FAQ on www.openssh.com
+ - (djm) Fix multiple dependancy on gnome-libs from Pekka Savola
+   <pekkas@netcore.fi>
+ - (djm) Don't need X11-askpass in RPM spec file if building without it
+   from Pekka Savola <pekkas@netcore.fi>
+ - (djm) Release 2.3.0p1
+ - (bal) typo in configure.in in regards to --with-ldflags from Marko
+   Asplund <aspa@kronodoc.fi>
+ - (bal) fixed next-posix.h.  Forgot prototype of getppid().
+
+20001105
+ - (bal) Sync with OpenBSD:
+   - markus@cvs.openbsd.org 2000/10/31 9:31:58
+     [compat.c]
+     handle all old openssh versions
+   - markus@cvs.openbsd.org 2000/10/31 13:1853
+     [deattack.c]
+     so that large packets do not wrap "n"; from netbsd
+ - (bal) rijndel.c - fix up RCSID to match OpenBSD tree
+ - (bal) auth2-skey.c - Checked in.  Missing from portable tree.
+ - (bal) Reworked NEWS-OS and NeXT ports to extract waitpid() and
+   setsid() into more common files
+ - (stevesk) pty.c: use __hpux to identify HP-UX.
+ - (bal) Missed auth-skey.o in Makefile.in and minor correction to
+   bsd-waitpid.c
+
+20001029
+ - (stevesk) Fix typo in auth.c: USE_PAM not PAM
+ - (stevesk) Create contrib/cygwin/ directory; patch from
+   Corinna Vinschen <vinschen@redhat.com>
+ - (bal) Resolved more $xno and $xyes issues in configure.in
+ - (bal) next-posix.h - spelling and forgot a prototype
+
+20001028
+ - (djm) fix select hack in serverloop.c from Philippe WILLEM
+   <Philippe.WILLEM@urssaf.fr>
+ - (djm) Fix mangled AIXAUTHENTICATE code
+ - (djm) authctxt->pw may be NULL. Fix from Markus Friedl
+   <markus.friedl@informatik.uni-erlangen.de>
+ - (djm) Sync with OpenBSD:
+   - markus@cvs.openbsd.org  2000/10/16 15:46:32
+     [ssh.1]
+     fixes from pekkas@netcore.fi
+   - markus@cvs.openbsd.org  2000/10/17 14:28:11
+     [atomicio.c]
+     return number of characters processed; ok deraadt@
+   - markus@cvs.openbsd.org  2000/10/18 12:04:02
+     [atomicio.c]
+     undo
+   - markus@cvs.openbsd.org  2000/10/18 12:23:02
+     [scp.c]
+     replace atomicio(read,...) with read(); ok deraadt@
+   - markus@cvs.openbsd.org  2000/10/18 12:42:00
+     [session.c]
+     restore old record login behaviour
+   - deraadt@cvs.openbsd.org 2000/10/19 10:41:13
+     [auth-skey.c]
+     fmt string problem in unused code
+   - provos@cvs.openbsd.org  2000/10/19 10:45:16
+     [sshconnect2.c]
+     don't reference freed memory. okay deraadt@
+   - markus@cvs.openbsd.org  2000/10/21 11:04:23
+     [canohost.c]
+     typo, eramore@era-t.ericsson.se; ok niels@
+   - markus@cvs.openbsd.org  2000/10/23 13:31:55
+     [cipher.c]
+     non-alignment dependent swap_bytes(); from
+     simonb@wasabisystems.com/netbsd
+   - markus@cvs.openbsd.org  2000/10/26 12:38:28
+     [compat.c]
+     add older vandyke products
+   - markus@cvs.openbsd.org  2000/10/27 01:32:19
+     [channels.c channels.h clientloop.c serverloop.c session.c]
+     [ssh.c util.c]
+     enable non-blocking IO on channels, and tty's (except for the
+     client ttys).
+
+20001027
+ - (djm) Increase REKEY_BYTES to 2^24 for arc4random
+
+20001025
+ - (djm) Added WARNING.RNG file and modified configure to ask users of the
+   builtin entropy code to read it.
+ - (djm) Prefer builtin regex to PCRE.
+ - (bal) Added USE_PIPS defined to NeXT configure.in since scp hangs randomly.
+ - (bal) Apply fixes to configure.in pointed out by Pavel Roskin
+   <proski@gnu.org>
+
+20001020
+ - (djm) Don't define _REENTRANT for SNI/Reliant Unix
+ - (bal) Imported NEWS-OS waitpid() macros into NeXT.  Since implementation
+   is more correct then current version.
+
+20001018
+ - (stevesk) Add initial support for setproctitle().  Current
+   support is for the HP-UX pstat(PSTAT_SETCMD, ...) method.
+ - (stevesk) Add egd startup scripts to contrib/hpux/
+
+20001017
+ - (djm) Add -lregex to cywin libs from Corinna Vinschen
+   <vinschen@cygnus.com>
+ - (djm) Don't rely on atomicio's retval to determine length of askpass
+   supplied passphrase. Problem report from Lutz Jaenicke
+   <Lutz.Jaenicke@aet.TU-Cottbus.DE>
+ - (bal) Changed from GNU rx to PCRE on suggestion from djm.
+ - (bal) Integrated Sony NEWS-OS patches from NAKAJI Hirouyuki
+   <nakaji@tutrp.tut.ac.jp>
+
+20001016
+ - (djm) Sync with OpenBSD:
+   - markus@cvs.openbsd.org  2000/10/14 04:01:15
+     [cipher.c]
+     debug3
+   - markus@cvs.openbsd.org  2000/10/14 04:07:23
+     [scp.c]
+     remove spaces from arguments; from djm@mindrot.org
+   - markus@cvs.openbsd.org  2000/10/14 06:09:46
+     [ssh.1]
+     Cipher is for SSH-1 only
+   - markus@cvs.openbsd.org  2000/10/14 06:12:09
+     [servconf.c servconf.h serverloop.c session.c sshd.8]
+     AllowTcpForwarding; from naddy@
+   - markus@cvs.openbsd.org  2000/10/14 06:16:56
+     [auth2.c compat.c compat.h sshconnect2.c version.h]
+     OpenSSH_2.3; note that is is not complete, but the version number
+     needs to be changed for interoperability reasons
+   - markus@cvs.openbsd.org  2000/10/14 06:19:45
+     [auth-rsa.c]
+     do not send RSA challenge if key is not allowed by key-options; from
+     eivind@ThinkSec.com
+   - markus@cvs.openbsd.org  2000/10/15 08:14:01
+     [rijndael.c session.c]
+     typos; from stevesk@sweden.hp.com
+   - markus@cvs.openbsd.org  2000/10/15 08:18:31
+     [rijndael.c]
+     typo
+ - (djm) Copy manpages back over from OpenBSD - too tedious to wade
+   through diffs
+ - (djm) Added condrestart to Redhat init script. Patch from Pekka Savola
+   <pekkas@netcore.fi>
+ - (djm) Update version in Redhat spec file
+ - (djm) Merge some of Nalin Dahyabhai <nalin@redhat.com> changes from the
+   Redhat 7.0 spec file
+ - (djm) Make inability to read/write PRNG seedfile non-fatal
+
+
+20001015
+ - (djm) Fix ssh2 hang on background processes at logout.
+
+20001014
+ - (bal) Add support for realpath and getcwd for platforms with broken
+   or missing realpath implementations for sftp-server.
+ - (bal) Corrected mistake in INSTALL in regards to GNU rx library
+ - (bal) Add support for GNU rx library for those lacking regexp support
+ - (djm) Don't accept PAM_PROMPT_ECHO_ON messages during initial auth
+ - (djm) Revert SSH2 serverloop hack, will find a better way.
+ - (djm) Add workaround for Linux 2.4's gratuitious errno change. Patch
+   from Martin Johansson <fatbob@acc.umu.se>
+ - (djm) Big OpenBSD sync:
+   - markus@cvs.openbsd.org  2000/09/30 10:27:44
+     [log.c]
+     allow loglevel debug
+   - markus@cvs.openbsd.org  2000/10/03 11:59:57
+     [packet.c]
+     hmac->mac
+   - markus@cvs.openbsd.org  2000/10/03 12:03:03
+     [auth-krb4.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth1.c]
+     move fake-auth from auth1.c to individual auth methods, disables s/key in
+     debug-msg
+   - markus@cvs.openbsd.org  2000/10/03 12:16:48
+     ssh.c
+     do not resolve canonname, i have no idea why this was added oin ossh
+   - markus@cvs.openbsd.org  2000/10/09 15:30:44
+     ssh-keygen.1 ssh-keygen.c
+     -X now reads private ssh.com DSA keys, too.
+   - markus@cvs.openbsd.org  2000/10/09 15:32:34
+     auth-options.c
+     clear options on every call.
+   - markus@cvs.openbsd.org  2000/10/09 15:51:00
+     authfd.c authfd.h
+     interop with ssh-agent2, from <res@shore.net>
+   - markus@cvs.openbsd.org  2000/10/10 14:20:45
+     compat.c
+     use rexexp for version string matching
+   - provos@cvs.openbsd.org  2000/10/10 22:02:18
+     [kex.c kex.h myproposal.h ssh.h ssh2.h sshconnect2.c sshd.c dh.c dh.h]
+     First rough implementation of the diffie-hellman group exchange.  The
+     client can ask the server for bigger groups to perform the diffie-hellman
+     in, thus increasing the attack complexity when using ciphers with longer
+     keys.  University of Windsor provided network, T the company.
+   - markus@cvs.openbsd.org  2000/10/11 13:59:52
+     [auth-rsa.c auth2.c]
+     clear auth options unless auth sucessfull
+   - markus@cvs.openbsd.org  2000/10/11 14:00:27
+     [auth-options.h]
+     clear auth options unless auth sucessfull
+   - markus@cvs.openbsd.org  2000/10/11 14:03:27
+     [scp.1 scp.c]
+     support 'scp -o' with help from mouring@pconline.com
+   - markus@cvs.openbsd.org  2000/10/11 14:11:35
+     [dh.c]
+     Wall
+   - markus@cvs.openbsd.org  2000/10/11 14:14:40
+     [auth.h auth2.c readconf.c readconf.h readpass.c servconf.c servconf.h]
+     [ssh.h sshconnect2.c sshd_config auth2-skey.c cli.c cli.h]
+     add support for s/key (kbd-interactive) to ssh2, based on work by
+     mkiernan@avantgo.com and me
+   - markus@cvs.openbsd.org  2000/10/11 14:27:24
+     [auth.c auth1.c auth2.c authfile.c cipher.c cipher.h kex.c kex.h]
+     [myproposal.h packet.c readconf.c session.c ssh.c ssh.h sshconnect1.c]
+     [sshconnect2.c sshd.c]
+     new cipher framework
+   - markus@cvs.openbsd.org  2000/10/11 14:45:21
+     [cipher.c]
+     remove DES
+   - markus@cvs.openbsd.org  2000/10/12 03:59:20
+     [cipher.c cipher.h sshconnect1.c sshconnect2.c sshd.c]
+     enable DES in SSH-1 clients only
+   - markus@cvs.openbsd.org  2000/10/12 08:21:13
+     [kex.h packet.c]
+     remove unused
+   - markus@cvs.openbsd.org  2000/10/13 12:34:46
+     [sshd.c]
+     Kludge for F-Secure Macintosh < 1.0.2; appro@fy.chalmers.se
+   - markus@cvs.openbsd.org  2000/10/13 12:59:15
+     [cipher.c cipher.h myproposal.h  rijndael.c rijndael.h]
+     rijndael/aes support
+   - markus@cvs.openbsd.org  2000/10/13 13:10:54
+     [sshd.8]
+     more info about -V
+   - markus@cvs.openbsd.org  2000/10/13 13:12:02
+     [myproposal.h]
+     prefer no compression
+ - (djm) Fix scp user@host handling
+ - (djm) Don't clobber ssh_prng_cmds on install
+ - (stevesk) Include config.h in rijndael.c so we define intXX_t and
+   u_intXX_t types on all platforms.
+ - (stevesk) rijndael.c: cleanup missing declaration warnings.
+ - (stevesk) ~/.hushlogin shouldn't cause required password change to
+   be bypassed.
+ - (stevesk) Display correct path to ssh-askpass in configure output.
+   Report from Lutz Jaenicke.
+
+20001007
+ - (stevesk) Print PAM return value in PAM log messages to aid
+   with debugging.
+ - (stevesk) Fix detection of pw_class struct member in configure;
+   patch from KAMAHARA Junzo <kamahara@cc.kshosen.ac.jp>
+
+20001002
+ - (djm) Fix USER_PATH, report from Kevin Steves <stevesk@sweden.hp.com>
+ - (djm) Add host system and CC to end-of-configure report. Suggested by
+   Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
+
+20000931
+ - (djm) Cygwin fixes from Corinna Vinschen <vinschen@cygnus.com>
+
+20000930
+ - (djm) Irix ssh_prng_cmds path fix from Pekka Savola <pekkas@netcore.fi>
+ - (djm) Support in bsd-snprintf.c for long long conversions from
+   Ben Lindstrom <mouring@pconline.com>
+ - (djm) Cleanup NeXT support from Ben Lindstrom <mouring@pconline.com>
+ - (djm) Ignore SIGPIPEs from serverloop to child. Fixes crashes with
+   very short lived X connections. Bug report from Tobias Oetiker
+   <oetiker@ee.ethz.ch>. Fix from Markus Friedl <markus@cvs.openbsd.org>
+ - (djm) Add recent InitScripts as a RPM dependancy for openssh-server
+   patch from Pekka Savola <pekkas@netcore.fi>
+ - (djm) Forgot to cvs add LICENSE file
+ - (djm) Add LICENSE to RPM spec files
+ - (djm) CVS OpenBSD sync:
+   - markus@cvs.openbsd.org  2000/09/26 13:59:59
+     [clientloop.c]
+     use debug2
+   - markus@cvs.openbsd.org  2000/09/27 15:41:34
+     [auth2.c sshconnect2.c]
+     use key_type()
+   - markus@cvs.openbsd.org  2000/09/28 12:03:18
+     [channels.c]
+     debug -> debug2 cleanup
+ - (djm) Irix strips "/dev/tty" from [uw]tmp entries (other systems only
+   strip "/dev/"). Fix loginrec.c based on patch from Alain St-Denis
+   <Alain.St-Denis@ec.gc.ca>
+ - (djm) Fix 9 character passphrase failure with gnome-ssh-askpass.
+   Problem was caused by interrupted read in ssh-add. Report from Donald
+   J. Barry <don@astro.cornell.edu>
+
+20000929
+ - (djm) Fix SSH2 not terminating until all background tasks done problem.
+ - (djm) Another off-by-one fix from Pavel Kankovsky
+   <peak@argo.troja.mff.cuni.cz>
+ - (djm) Clean up. Strip some unnecessary differences with OpenBSD's code,
+   tidy necessary differences. Use Markus' new debugN() in entropy.c
+ - (djm) Merged big SCO portability patch from Tim Rice
+   <tim@multitalents.net>
+
+20000926
+ - (djm) Update X11-askpass to 1.0.2 in RPM spec file
+ - (djm) Define _REENTRANT to pickup strtok_r() on HP/UX
+ - (djm) Security: fix off-by-one buffer overrun in fake-getnameinfo.c.
+   Report and fix from Pavel Kankovsky <peak@argo.troja.mff.cuni.cz>
+
+20000924
+ - (djm) Merged cleanup patch from Mark Miller <markm@swoon.net>
+ - (djm) A bit more cleanup - created cygwin_util.h
+ - (djm) Include strtok_r() from OpenBSD libc. Fixes report from Mark Miller
+   <markm@swoon.net>
+
+20000923
+ - (djm) Fix address logging in utmp from Kevin Steves
+   <stevesk@sweden.hp.com>
+ - (djm) Redhat spec and manpage fixes from Pekka Savola <pekkas@netcore.fi>
+ - (djm) Seperate tests for int64_t and u_int64_t types
+ - (djm) Tweak password expiry checking at suggestion of Kevin Steves
+   <stevesk@sweden.hp.com>
+ - (djm) NeXT patch from Ben Lindstrom <mouring@pconline.com>
+ - (djm) Use printf %lld instead of %qd in sftp-server.c. Fix from
+   Michael Stone <mstone@cs.loyola.edu>
+ - (djm) OpenBSD CVS sync:
+   - markus@cvs.openbsd.org  2000/09/17 09:38:59
+     [sshconnect2.c sshd.c]
+     fix DEBUG_KEXDH
+   - markus@cvs.openbsd.org  2000/09/17 09:52:51
+     [sshconnect.c]
+     yes no; ok niels@
+   - markus@cvs.openbsd.org  2000/09/21 04:55:11
+     [sshd.8]
+     typo
+   - markus@cvs.openbsd.org  2000/09/21 05:03:54
+     [serverloop.c]
+     typo
+   - markus@cvs.openbsd.org  2000/09/21 05:11:42
+     scp.c
+     utime() to utimes(); mouring@pconline.com
+   - markus@cvs.openbsd.org  2000/09/21 05:25:08
+     sshconnect2.c
+     change login logic in ssh2, allows plugin of other auth methods
+   - markus@cvs.openbsd.org  2000/09/21 05:25:35
+     [auth2.c channels.c channels.h clientloop.c dispatch.c dispatch.h]
+     [serverloop.c]
+     add context to dispatch_run
+   - markus@cvs.openbsd.org  2000/09/21 05:07:52
+     authfd.c authfd.h ssh-agent.c
+     bug compat for old ssh.com software
+
+20000920
+ - (djm) Fix bad path substitution. Report from Andrew Miner
+   <asminer@cs.iastate.edu>
+
+20000916
+ - (djm) Fix SSL search order from Lutz Jaenicke
+   <Lutz.Jaenicke@aet.TU-Cottbus.DE>
+ - (djm) New SuSE spec from Corinna Vinschen <corinna@vinschen.de>
+ - (djm) Update CygWin support from Corinna Vinschen <vinschen@cygnus.com>
+ - (djm) Use a real struct sockaddr inside the fake struct sockaddr_storage.
+   Patch from Larry Jones <larry.jones@sdrc.com>
+ - (djm) Add Steve VanDevender's <stevev@darkwing.uoregon.edu> PAM
+   password change patch.
+ - (djm) Bring licenses on my stuff in line with OpenBSD's
+ - (djm) Cleanup auth-passwd.c and unify HP/UX authentication. Patch from
+   Kevin Steves <stevesk@sweden.hp.com>
+ - (djm) Shadow expiry check fix from Pavel Troller <patrol@omni.sinus.cz>
+ - (djm) Re-enable int64_t types - we need them for sftp
+ - (djm) Use libexecdir from configure , rather than libexecdir/ssh
+ - (djm) Update Redhat SPEC file accordingly
+ - (djm) Add Kevin Steves <stevesk@sweden.hp.com> HP/UX contrib files
+ - (djm) Add Charles Levert <charles@comm.polymtl.ca> getpgrp patch
+ - (djm) Fix password auth on HP/UX 10.20. Patch from Dirk De Wachter
+   <Dirk.DeWachter@rug.ac.be>
+ - (djm) Fixprogs and entropy list fixes from Larry Jones
+   <larry.jones@sdrc.com>
+ - (djm) Fix for SuSE spec file from Takashi YOSHIDA
+   <tyoshida@gemini.rc.kyushu-u.ac.jp>
+ - (djm) Merge OpenBSD changes:
+   - markus@cvs.openbsd.org  2000/09/05 02:59:57
+     [session.c]
+     print hostname (not hushlogin)
+   - markus@cvs.openbsd.org  2000/09/05 13:18:48
+     [authfile.c ssh-add.c]
+     enable ssh-add -d for DSA keys
+   - markus@cvs.openbsd.org  2000/09/05 13:20:49
+     [sftp-server.c]
+     cleanup
+   - markus@cvs.openbsd.org  2000/09/06 03:46:41
+     [authfile.h]
+     prototype
+   - deraadt@cvs.openbsd.org 2000/09/07 14:27:56
+     [ALL]
+     cleanup copyright notices on all files.  I have attempted to be
+     accurate with the details.  everything is now under Tatu's licence
+     (which I copied from his readme), and/or the core-sdi bsd-ish thing
+     for deattack, or various openbsd developers under a 2-term bsd
+     licence.  We're not changing any rules, just being accurate.
+   - markus@cvs.openbsd.org  2000/09/07 14:40:30
+     [channels.c channels.h clientloop.c serverloop.c ssh.c]
+     cleanup window and packet sizes for ssh2 flow control; ok niels
+   - markus@cvs.openbsd.org  2000/09/07 14:53:00
+     [scp.c]
+     typo
+   - markus@cvs.openbsd.org  2000/09/07 15:13:37
+     [auth-options.c auth-options.h auth-rh-rsa.c auth-rsa.c auth.c]
+     [authfile.h canohost.c channels.h compat.c hostfile.h log.c match.h]
+     [pty.c readconf.c]
+     some more Copyright fixes
+   - markus@cvs.openbsd.org  2000/09/08 03:02:51
+     [README.openssh2]
+     bye bye
+   - deraadt@cvs.openbsd.org 2000/09/11 18:38:33
+     [LICENCE cipher.c]
+     a few more comments about it being ARC4 not RC4
+   - markus@cvs.openbsd.org  2000/09/12 14:53:11
+     [log-client.c log-server.c log.c ssh.1 ssh.c ssh.h sshd.8 sshd.c]
+     multiple debug levels
+   - markus@cvs.openbsd.org  2000/09/14 14:25:15
+     [clientloop.c]
+     typo
+   - deraadt@cvs.openbsd.org 2000/09/15 01:13:51
+     [ssh-agent.c]
+     check return value for setenv(3) for failure, and deal appropriately
+
+20000913
+ - (djm) Fix server not exiting with jobs in background.
+
+20000905
+ - (djm) Import OpenBSD CVS changes
+   - markus@cvs.openbsd.org  2000/08/31 15:52:24
+     [Makefile sshd.8 sshd_config sftp-server.8 sftp-server.c]
+     implement a SFTP server. interops with sftp2, scp2 and the windows
+     client from ssh.com
+   - markus@cvs.openbsd.org  2000/08/31 15:56:03
+     [README.openssh2]
+     sync
+   - markus@cvs.openbsd.org  2000/08/31 16:05:42
+     [session.c]
+     Wall
+   - markus@cvs.openbsd.org  2000/08/31 16:09:34
+     [authfd.c ssh-agent.c]
+     add a flag to SSH2_AGENTC_SIGN_REQUEST for future extensions
+   - deraadt@cvs.openbsd.org 2000/09/01 09:25:13
+     [scp.1 scp.c]
+     cleanup and fix -S support; stevesk@sweden.hp.com
+   - markus@cvs.openbsd.org  2000/09/01 16:29:32
+     [sftp-server.c]
+     portability fixes
+   - markus@cvs.openbsd.org  2000/09/01 16:32:41
+     [sftp-server.c]
+     fix cast; mouring@pconline.com
+   - itojun@cvs.openbsd.org  2000/09/03 09:23:28
+     [ssh-add.1 ssh.1]
+     add missing .El against .Bl.
+   - markus@cvs.openbsd.org  2000/09/04 13:03:41
+     [session.c]
+     missing close; ok theo
+   - markus@cvs.openbsd.org  2000/09/04 13:07:21
+     [session.c]
+     fix get_last_login_time order; from andre@van-veen.de
+   - markus@cvs.openbsd.org  2000/09/04 13:10:09
+     [sftp-server.c]
+     more cast fixes; from mouring@pconline.com
+   - markus@cvs.openbsd.org  2000/09/04 13:06:04
+     [session.c]
+     set SSH_ORIGINAL_COMMAND; from Leakin@dfw.nostrum.com, bet@rahul.net
+ - (djm) Cleanup after import. Fix sftp-server compilation, Makefile
+ - (djm) Merge cygwin support from Corinna Vinschen <vinschen@cygnus.com>
+
+20000903
+ - (djm) Fix Redhat init script
+
+20000901
+ - (djm) Pick up Jim's new X11-askpass
+ - (djm) Release 2.2.0p1
+
+20000831
+ - (djm) Workaround SIGPIPE problems on SCO. Fix from Aran Cox
+   <acox@cv.telegroup.com>
+ - (djm) Pick up new version (2.2.0) from OpenBSD CVS
+
+20000830
+ - (djm) Compile warning fixes from Mark Miller <markm@swoon.net>
+ - (djm) Periodically rekey arc4random
+ - (djm) Clean up diff against OpenBSD.
+ - (djm) HPUX 11 needs USE_PIPES as well: Kevin Steves
+   <stevesk@sweden.hp.com>
+ - (djm) Quieten the pam delete credentials error message
+ - (djm) Fix printing of $DISPLAY hack if set by system type. Report from
+   Kevin Steves <stevesk@sweden.hp.com>
+ - (djm) NeXT patch from Ben Lindstrom <mouring@pconline.com>
+ - (djm) Fix doh in bsd-arc4random.c
+
+20000829
+ - (djm) Fix ^C ignored issue on Solaris. Diagnosis from Gert
+   Doering <gert@greenie.muc.de>, John Horne <J.Horne@plymouth.ac.uk> and
+   Garrick James <garrick@james.net>
+ - (djm) Check for SCO pty naming style (ptyp%d/ttyp%d). Based on fix from
+   Bastian Trompetter <btrompetter@firemail.de>
+ - (djm) NeXT tweaks from Ben Lindstrom <mouring@pconline.com>
+ - More OpenBSD updates:
+   - deraadt@cvs.openbsd.org 2000/08/24 15:46:59
+     [scp.c]
+     off_t in sink, to fix files > 2GB, i think, test is still running ;-)
+   - deraadt@cvs.openbsd.org 2000/08/25 10:10:06
+     [session.c]
+     Wall
+   - markus@cvs.openbsd.org  2000/08/26 04:33:43
+     [compat.c]
+     ssh.com-2.3.0
+   - markus@cvs.openbsd.org  2000/08/27 12:18:05
+     [compat.c]
+     compatibility with future ssh.com versions
+   - deraadt@cvs.openbsd.org 2000/08/27 21:50:55
+     [auth-krb4.c session.c ssh-add.c sshconnect.c uidswap.c]
+     print uid/gid as unsigned
+   - markus@cvs.openbsd.org  2000/08/28 13:51:00
+     [ssh.c]
+     enable -n and -f for ssh2
+   - markus@cvs.openbsd.org  2000/08/28 14:19:53
+     [ssh.c]
+     allow combination of -N and -f
+   - markus@cvs.openbsd.org  2000/08/28 14:20:56
+     [util.c]
+     util.c
+   - markus@cvs.openbsd.org  2000/08/28 14:22:02
+     [util.c]
+     undo
+   - markus@cvs.openbsd.org  2000/08/28 14:23:38
+     [util.c]
+     don't complain if setting NONBLOCK fails with ENODEV
+
+20000823
+ - (djm) Define USE_PIPES to avoid socketpair problems on HPUX 10 and SunOS 4
+   Avoids "scp never exits" problem. Reports from Lutz Jaenicke
+   <Lutz.Jaenicke@aet.TU-Cottbus.DE> and Tamito KAJIYAMA
+   <kajiyama@grad.sccs.chukyo-u.ac.jp>
+ - (djm) Pick up LOGIN_PROGRAM from environment or PATH if not set by headers
+ - (djm) Add local version to version.h
+ - (djm) Don't reseed arc4random everytime it is used
+ - (djm) OpenBSD CVS updates:
+   - deraadt@cvs.openbsd.org 2000/08/18 20:07:23
+     [ssh.c]
+     accept remsh as a valid name as well; roman@buildpoint.com
+   - deraadt@cvs.openbsd.org 2000/08/18 20:17:13
+     [deattack.c crc32.c packet.c]
+     rename crc32() to ssh_crc32() to avoid zlib name clash.  do not move to
+     libz crc32 function yet, because it has ugly "long"'s in it;
+     oneill@cs.sfu.ca
+   - deraadt@cvs.openbsd.org 2000/08/18 20:26:08
+     [scp.1 scp.c]
+     -S prog support; tv@debian.org
+   - deraadt@cvs.openbsd.org 2000/08/18 20:50:07
+     [scp.c]
+     knf
+   - deraadt@cvs.openbsd.org 2000/08/18 20:57:33
+     [log-client.c]
+     shorten
+   - markus@cvs.openbsd.org  2000/08/19 12:48:11
+     [channels.c channels.h clientloop.c ssh.c ssh.h]
+     support for ~. in ssh2
+   - deraadt@cvs.openbsd.org 2000/08/19 15:29:40
+     [crc32.h]
+     proper prototype
+   - markus@cvs.openbsd.org  2000/08/19 15:34:44
+     [authfd.c authfd.h key.c key.h ssh-add.1 ssh-add.c ssh-agent.1]
+     [ssh-agent.c ssh-keygen.c sshconnect1.c sshconnect2.c Makefile]
+     [fingerprint.c fingerprint.h]
+     add SSH2/DSA support to the agent and some other DSA related cleanups.
+     (note that we cannot talk to ssh.com's ssh2 agents)
+   - markus@cvs.openbsd.org  2000/08/19 15:55:52
+     [channels.c channels.h clientloop.c]
+     more ~ support for ssh2
+   - markus@cvs.openbsd.org  2000/08/19 16:21:19
+     [clientloop.c]
+     oops
+   - millert@cvs.openbsd.org 2000/08/20 12:25:53
+     [session.c]
+     We have to stash the result of get_remote_name_or_ip() before we
+     close our socket or getpeername() will get EBADF and the process
+     will exit.  Only a problem for "UseLogin yes".
+   - millert@cvs.openbsd.org 2000/08/20 12:30:59
+     [session.c]
+     Only check /etc/nologin if "UseLogin no" since login(1) may have its
+     own policy on determining who is allowed to login when /etc/nologin
+     is present.  Also use the _PATH_NOLOGIN define.
+   - millert@cvs.openbsd.org 2000/08/20 12:42:43
+     [auth1.c auth2.c session.c ssh.c]
+     Add calls to setusercontext() and login_get*().  We basically call
+     setusercontext() in most places where previously we did a setlogin().
+     Add default login.conf file and put root in the "daemon" login class.
+   - millert@cvs.openbsd.org 2000/08/21 10:23:31
+     [session.c]
+     Fix incorrect PATH setting; noted by Markus.
+
+20000818
+ - (djm) OpenBSD CVS changes:
+   - markus@cvs.openbsd.org  2000/07/22 03:14:37
+     [servconf.c servconf.h sshd.8 sshd.c sshd_config]
+     random early drop; ok theo, niels
+   - deraadt@cvs.openbsd.org 2000/07/26 11:46:51
+     [ssh.1]
+     typo
+   - deraadt@cvs.openbsd.org 2000/08/01 11:46:11
+     [sshd.8]
+     many fixes from pepper@mail.reppep.com
+   - provos@cvs.openbsd.org  2000/08/01 13:01:42
+     [Makefile.in util.c aux.c]
+     rename aux.c to util.c to help with cygwin port
+   - deraadt@cvs.openbsd.org 2000/08/02 00:23:31
+     [authfd.c]
+     correct sun_len; Alexander@Leidinger.net
+   - provos@cvs.openbsd.org  2000/08/02 10:27:17
+     [readconf.c sshd.8]
+     disable kerberos authentication by default
+   - provos@cvs.openbsd.org  2000/08/02 11:27:05
+     [sshd.8 readconf.c auth-krb4.c]
+     disallow kerberos authentication if we can't verify the TGT; from
+     dugsong@
+     kerberos authentication is on by default only if you have a srvtab.
+   - markus@cvs.openbsd.org  2000/08/04 14:30:07
+     [auth.c]
+     unused
+   - markus@cvs.openbsd.org  2000/08/04 14:30:35
+     [sshd_config]
+     MaxStartups
+   - markus@cvs.openbsd.org  2000/08/15 13:20:46
+     [authfd.c]
+     cleanup; ok niels@
+   - markus@cvs.openbsd.org  2000/08/17 14:05:10
+     [session.c]
+     cleanup login(1)-like jobs, no duplicate utmp entries
+   - markus@cvs.openbsd.org  2000/08/17 14:06:34
+     [session.c sshd.8 sshd.c]
+      sshd -u len, similar to telnetd
+ - (djm) Lastlog was not getting closed after writing login entry
+ - (djm) Add Solaris package support from Rip Loomis <loomisg@cist.saic.com>
+
+20000816
+ - (djm) Replacement for inet_ntoa for Irix (which breaks on gcc)
+ - (djm) Fix strerror replacement for old SunOS. Based on patch from
+   Charles Levert <charles@comm.polymtl.ca>
+ - (djm) Seperate arc4random into seperate file and use OpenSSL's RC4
+   implementation.
+ - (djm) SUN_LEN macro for systems which lack it
+
+20000815
+ - (djm) More SunOS 4.1.x fixes from Nate Itkin <nitkin@europa.com>
+ - (djm) Avoid failures on Irix when ssh is not setuid. Fix from
+   Michael Stone <mstone@cs.loyola.edu>
+ - (djm) Don't seek in directory based lastlogs
+ - (djm) Fix --with-ipaddr-display configure option test. Patch from
+   Jarno Huuskonen <jhuuskon@messi.uku.fi>
+ - (djm) Fix AIX limits from Alexandre Oliva <oliva@lsd.ic.unicamp.br>
+
+20000813
+ - (djm) Add $(srcdir) to includes when compiling (for VPATH). Report from
+   Fabrice bacchella <fabrice.bacchella@marchfirst.fr>
+
+20000809
+ - (djm) Define AIX hard limits if headers don't. Report from
+   Bill Painter <william.t.painter@lmco.com>
+ - (djm) utmp direct write & SunOS 4 patch from Charles Levert
+   <charles@comm.polymtl.ca>
+
+20000808
+ - (djm) Cleanup Redhat RPMs. Generate keys at runtime rather than install
+   time, spec file cleanup.
+
+20000807
+ - (djm) Set 0755 on binaries during install. Report from Lutz Jaenicke
+ - (djm) Suppress error messages on channel close shutdown() failurs
+   works around Linux bug. Patch from Zack Weinberg <zack@wolery.cumb.org>
+ - (djm) Add some more entropy collection commands from Lutz Jaenicke
+
+20000725
+ - (djm) Fix autoconf typo: HAVE_BINRESVPORT_AF -> HAVE_BINDRESVPORT_AF
+
+20000721
+ - (djm) OpenBSD CVS updates:
+   - markus@cvs.openbsd.org  2000/07/16 02:27:22
+     [authfd.c authfd.h channels.c clientloop.c ssh-add.c ssh-agent.c ssh.c]
+     [sshconnect1.c sshconnect2.c]
+     make ssh-add accept dsa keys (the agent does not)
+   - djm@cvs.openbsd.org     2000/07/17 19:25:02
+     [sshd.c]
+     Another closing of stdin; ok deraadt
+   - markus@cvs.openbsd.org  2000/07/19 18:33:12
+     [dsa.c]
+     missing free, reorder
+   - markus@cvs.openbsd.org  2000/07/20 16:23:14
+     [ssh-keygen.1]
+     document input and output files
+
+20000720
+ - (djm) Spec file fix from Petr Novotny <Petr.Novotny@antek.cz>
+
+20000716
+ - (djm) Release 2.1.1p4
+
+20000715
+ - (djm) OpenBSD CVS updates
+   - provos@cvs.openbsd.org  2000/07/13 16:53:22
+     [aux.c readconf.c servconf.c ssh.h]
+     allow multiple whitespace but only one '=' between tokens, bug report from
+     Ralf S. Engelschall <rse@engelschall.com> but different fix. okay deraadt@
+   - provos@cvs.openbsd.org  2000/07/13 17:14:09
+     [clientloop.c]
+     typo; todd@fries.net
+   - provos@cvs.openbsd.org  2000/07/13 17:19:31
+     [scp.c]
+     close can fail on AFS, report error; from Greg Hudson <ghudson@mit.edu>
+   - markus@cvs.openbsd.org  2000/07/14 16:59:46
+     [readconf.c servconf.c]
+     allow leading whitespace. ok niels
+   - djm@cvs.openbsd.org     2000/07/14 22:01:38
+     [ssh-keygen.c ssh.c]
+     Always create ~/.ssh with mode 700; ok Markus
+ - Fixes for SunOS 4.1.4 from Gordon Atwood <gordon@cs.ualberta.ca>
+   - Include floatingpoint.h for entropy.c
+   - strerror replacement
+
+20000712
+ - (djm) Remove -lresolve for Reliant Unix
+ - (djm) OpenBSD CVS Updates:
+   - deraadt@cvs.openbsd.org 2000/07/11 02:11:34
+     [session.c sshd.c ]
+     make MaxStartups code still work with -d; djm
+   - deraadt@cvs.openbsd.org 2000/07/11 13:17:45
+     [readconf.c ssh_config]
+     disable FallBackToRsh by default
+ - (djm) Replace in_addr_t with u_int32_t in bsd-inet_aton.c. Report from
+   Ben Lindstrom <mouring@pconline.com>
+ - (djm) Make building of X11-Askpass and GNOME-Askpass optional in RPM
+   spec file.
+ - (djm) Released 2.1.1p3
+
+20000711
+ - (djm) Fixup for AIX getuserattr() support from Tom Bertelson
+   <tbert@abac.com>
+ - (djm) ReliantUNIX support from Udo Schweigert <ust@cert.siemens.de>
+ - (djm) NeXT: dirent structures to get scp working from Ben Lindstrom
+   <mouring@pconline.com>
+ - (djm) Fix broken inet_ntoa check and ut_user/ut_name confusion, report
+   from Jim Watt <jimw@peisj.pebio.com>
+ - (djm) Replaced bsd-snprintf.c with one from Mutt source tree, it is known
+   to compile on more platforms (incl NeXT).
+ - (djm) Added bsd-inet_aton and configure support for NeXT
+ - (djm) Misc NeXT fixes from Ben Lindstrom <mouring@pconline.com>
+ - (djm) OpenBSD CVS updates:
+   - markus@cvs.openbsd.org  2000/06/26 03:22:29
+     [authfd.c]
+     cleanup, less cut&paste
+   - markus@cvs.openbsd.org  2000/06/26 15:59:19
+     [servconf.c servconf.h session.c sshd.8 sshd.c]
+     MaxStartups: limit number of unauthenticated connections, work by
+     theo and me
+   - deraadt@cvs.openbsd.org 2000/07/05 14:18:07
+     [session.c]
+     use no_x11_forwarding_flag correctly; provos ok
+   - provos@cvs.openbsd.org  2000/07/05 15:35:57
+     [sshd.c]
+     typo
+   - aaron@cvs.openbsd.org   2000/07/05 22:06:58
+     [scp.1 ssh-agent.1 ssh-keygen.1 sshd.8]
+     Insert more missing .El directives. Our troff really should identify
+     these and spit out a warning.
+   - todd@cvs.openbsd.org    2000/07/06 21:55:04
+     [auth-rsa.c auth2.c ssh-keygen.c]
+     clean code is good code
+   - deraadt@cvs.openbsd.org 2000/07/07 02:14:29
+     [serverloop.c]
+     sense of port forwarding flag test was backwards
+   - provos@cvs.openbsd.org  2000/07/08 17:17:31
+     [compat.c readconf.c]
+     replace strtok with strsep; from David Young <dyoung@onthejob.net>
+   - deraadt@cvs.openbsd.org 2000/07/08 19:21:15
+     [auth.h]
+     KNF
+   - ho@cvs.openbsd.org      2000/07/08 19:27:33
+     [compat.c readconf.c]
+     Better conditions for strsep() ending.
+   - ho@cvs.openbsd.org      2000/07/10 10:27:05
+     [readconf.c]
+     Get the correct message on errors. (niels@ ok)
+   - ho@cvs.openbsd.org      2000/07/10 10:30:25
+     [cipher.c kex.c servconf.c]
+     strtok() --> strsep(). (niels@ ok)
+ - (djm) Fix problem with debug mode and MaxStartups
+ - (djm) Don't generate host keys when $(DESTDIR) is set (e.g. during RPM
+   builds)
+ - (djm) Add strsep function from OpenBSD libc for systems that lack it
+
+20000709
+ - (djm) Only enable PAM_TTY kludge for Linux. Problem report from
+   Kevin Steves <stevesk@sweden.hp.com>
+ - (djm) Match prototype and function declaration for rresvport_af.
+   Problem report from Niklas Edmundsson <nikke@ing.umu.se>
+ - (djm) Missing $(DESTDIR) on host-key target causing problems with RPM
+   builds. Problem report from Gregory Leblanc <GLeblanc@cu-portland.edu>
+ - (djm) Replace ut_name with ut_user. Patch from Jim Watt
+   <jimw@peisj.pebio.com>
+ - (djm) Fix pam sprintf fix
+ - (djm) Cleanup entropy collection code a little more. Split initialisation
+   from seeding, perform intialisation immediatly at start, be careful with
+   uids. Based on problem report from Jim Watt <jimw@peisj.pebio.com>
+ - (djm) More NeXT compatibility from Ben Lindstrom <mouring@pconline.com>
+   Including sigaction() et al. replacements
+ - (djm) AIX getuserattr() session initialisation from Tom Bertelson
+   <tbert@abac.com>
+
+20000708
+ - (djm) Fix bad fprintf format handling in auth-pam.c. Patch from
+   Aaron Hopkins <aaron@die.net>
+ - (djm) Fix incorrect configure handling of --with-rsh-path option. Fix from
+   Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
+ - (djm) Fixed undefined variables for OSF SIA. Report from
+   Baars, Henk <Hendrik.Baars@nl.origin-it.com>
+ - (djm) Handle EWOULDBLOCK returns from read() and write() in atomicio.c
+   Fix from Marquess, Steve Mr JMLFDC <Steve.Marquess@DET.AMEDD.ARMY.MIL>
+ - (djm) Don't use inet_addr.
+
+20000702
+ - (djm) Fix brace mismatch from Corinna Vinschen <vinschen@cygnus.com>
+ - (djm) Stop shadow expiry checking from preventing logins with NIS. Based
+   on fix from HARUYAMA Seigo <haruyama@nt.phys.s.u-tokyo.ac.jp>
+ - (djm) Use standard OpenSSL functions in auth-skey.c. Patch from
+   Chris, the Young One <cky@pobox.com>
+ - (djm) Fix scp progress meter on really wide terminals. Based on patch
+   from James H. Cloos Jr. <cloos@jhcloos.com>
+
+20000701
+ - (djm) Fix Tru64 SIA problems reported by John P Speno <speno@isc.upenn.edu>
+ - (djm) Login fixes from Tom Bertelson <tbert@abac.com>
+ - (djm) Replace "/bin/sh" with _PATH_BSHELL. Report from Corinna Vinschen
+   <vinschen@cygnus.com>
+ - (djm) Replace "/usr/bin/login" with LOGIN_PROGRAM
+ - (djm) Added check for broken snprintf() functions which do not correctly
+   terminate output string and attempt to use replacement.
+ - (djm) Released 2.1.1p2
+
+20000628
+ - (djm) Fixes to lastlog code for Irix
+ - (djm) Use atomicio in loginrec
+ - (djm) Patch from Michael Stone <mstone@cs.loyola.edu> to add support for
+   Irix 6.x array sessions, project id's, and system audit trail id.
+ - (djm) Added 'distprep' make target to simplify packaging
+ - (djm) Added patch from Chris Adams <cmadams@hiwaay.net> to add OSF SIA
+   support. Enable using "USE_SIA=1 ./configure [options]"
+
+20000627
+ - (djm) Fixes to login code - not setting li->uid, cleanups
+ - (djm) Formatting
+
+20000626
+ - (djm) Better fix to aclocal tests from Garrick James <garrick@james.net>
+ - (djm) Account expiry support from Andreas Steinmetz <ast@domdv.de>
+ - (djm) Added password expiry checking (no password change support)
+ - (djm) Make EGD failures non-fatal if OpenSSL's entropy pool is still OK
+   based on patch from Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
+ - (djm) Fix fixed EGD code.
+ - OpenBSD CVS update
+   - provos@cvs.openbsd.org  2000/06/25 14:17:58
+     [channels.c]
+     correct check for bad channel ids; from Wei Dai <weidai@eskimo.com>
+
+20000623
+ - (djm) Use sa_family_t in prototype for rresvport_af. Patch from
+   Svante Signell <svante.signell@telia.com>
+ - (djm) Autoconf logic to define sa_family_t if it is missing
+ - OpenBSD CVS Updates:
+   - markus@cvs.openbsd.org  2000/06/22 10:32:27
+     [sshd.c]
+     missing atomicio; report from Steve.Marquess@DET.AMEDD.ARMY.MIL
+   - djm@cvs.openbsd.org     2000/06/22 17:55:00
+     [auth-krb4.c key.c radix.c uuencode.c]
+     Missing CVS idents; ok markus
+
+20000622
+ - (djm) Automatically generate host key during "make install". Suggested
+   by Gary E. Miller <gem@rellim.com>
+ - (djm) Paranoia before kill() system call
+ - OpenBSD CVS Updates:
+   - markus@cvs.openbsd.org  2000/06/18 18:50:11
+     [auth2.c compat.c compat.h sshconnect2.c]
+     make userauth+pubkey interop with ssh.com-2.2.0
+   - markus@cvs.openbsd.org  2000/06/18 20:56:17
+     [dsa.c]
+     mem leak + be more paranoid in dsa_verify.
+   - markus@cvs.openbsd.org  2000/06/18 21:29:50
+     [key.c]
+     cleanup fingerprinting, less hardcoded sizes
+   - markus@cvs.openbsd.org  2000/06/19 19:39:45
+     [atomicio.c auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
+     [auth-rsa.c auth-skey.c authfd.c authfd.h authfile.c bufaux.c bufaux.h]
+     [buffer.c buffer.h canohost.c channels.c channels.h cipher.c cipher.h]
+     [clientloop.c compat.c compat.h compress.c compress.h crc32.c crc32.h]
+     [deattack.c dispatch.c dsa.c fingerprint.c fingerprint.h getput.h hmac.c]
+     [kex.c log-client.c log-server.c login.c match.c mpaux.c mpaux.h nchan.c]
+     [nchan.h packet.c packet.h pty.c pty.h readconf.c readconf.h readpass.c]
+     [rsa.c rsa.h scp.c servconf.c servconf.h ssh-add.c ssh-keygen.c ssh.c]
+     [ssh.h tildexpand.c ttymodes.c ttymodes.h uidswap.c xmalloc.c xmalloc.h]
+     OpenBSD tag
+   - markus@cvs.openbsd.org  2000/06/21 10:46:10
+     sshconnect2.c missing free; nuke old comment
+
+20000620
+ - (djm) Replace use of '-o' and '-a' logical operators in configure tests
+   with '||' and '&&'. As suggested by Jim Knoble <jmknoble@jmknoble.cx>
+   to fix SCO Unixware problem reported by Gary E. Miller <gem@rellim.com>
+ - (djm) Typo in loginrec.c
+
+20000618
+ - (djm) Add summary of configure options to end of ./configure run
+ - (djm) Not all systems define RUSAGE_SELF & RUSAGE_CHILDREN. Report from
+   Michael Stone <mstone@cs.loyola.edu>
+ - (djm) rusage is a privileged operation on some Unices (incl.
+   Solaris 2.5.1). Report from Paul D. Smith <pausmith@nortelnetworks.com>
+ - (djm) Avoid PAM failures when running without a TTY. Report from
+   Martin Petrak <petrak@spsknm.schools.sk>
+ - (djm) Include sys/types.h when including netinet/in.h in configure tests.
+   Patch from Jun-ichiro itojun Hagino <itojun@iijlab.net>
+ - (djm) Started merge of Ben Lindstrom's <mouring@pconline.com> NeXT support
+ - OpenBSD CVS updates:
+   - deraadt@cvs.openbsd.org 2000/06/17 09:58:46
+     [channels.c]
+     everyone says "nix it" (remove protocol 2 debugging message)
+   - markus@cvs.openbsd.org  2000/06/17 13:24:34
+     [sshconnect.c]
+     allow extended server banners
+   - markus@cvs.openbsd.org  2000/06/17 14:30:10
+     [sshconnect.c]
+     missing atomicio, typo
+   - jakob@cvs.openbsd.org   2000/06/17 16:52:34
+     [servconf.c servconf.h session.c sshd.8 sshd_config]
+     add support for ssh v2 subsystems. ok markus@.
+   - deraadt@cvs.openbsd.org 2000/06/17 18:57:48
+     [readconf.c servconf.c]
+     include = in WHITESPACE; markus ok
+   - markus@cvs.openbsd.org  2000/06/17 19:09:10
+     [auth2.c]
+     implement bug compatibility with ssh-2.0.13 pubkey, server side
+   - markus@cvs.openbsd.org  2000/06/17 21:00:28
+     [compat.c]
+     initial support for ssh.com's 2.2.0
+   - markus@cvs.openbsd.org  2000/06/17 21:16:09
+     [scp.c]
+     typo
+   - markus@cvs.openbsd.org  2000/06/17 22:05:02
+     [auth-rsa.c auth2.c serverloop.c session.c auth-options.c auth-options.h]
+     split auth-rsa option parsing into auth-options
+     add options support to authorized_keys2
+   - markus@cvs.openbsd.org  2000/06/17 22:42:54
+     [session.c]
+     typo
+
+20000613
+ - (djm) Fixes from Andrew McGill <andrewm@datrix.co.za>:
+  - Platform define for SCO 3.x which breaks on /dev/ptmx
+  - Detect and try to fix missing MAXPATHLEN
+ - (djm) Fix short copy in loginrec.c (based on patch from Phill Camp
+   <P.S.S.Camp@ukc.ac.uk>
+
+20000612
+ - (djm) Glob manpages in RPM spec files to catch compressed files
+ - (djm) Full license in auth-pam.c
+ - (djm) Configure fixes from SAKAI Kiyotaka <ksakai@kso.netwk.ntt-at.co.jp>
+ - (andre) AIX, lastlog, configure fixes from Tom Bertelson <tbert@abac.com>:
+  - Don't try to retrieve lastlog from wtmp/wtmpx if DISABLE_LASTLOG is
+     def'd
+  - Set AIX to use preformatted manpages
+
+20000610
+ - (djm) Minor doc tweaks
+ - (djm) Fix for configure on bash2 from Jim Knoble <jmknoble@jmknoble.cx>
+
+20000609
+ - (djm) Patch from Kenji Miyake <kenji@miyake.org> to disable utmp usage
+   (in favour of utmpx) on Solaris 8
+
+20000606
+ - (djm) Cleanup of entropy.c. Reorganised code, removed second pass through
+   list of commands (by default). Removed verbose debugging (by default).
+ - (djm) Increased command entropy estimates and default entropy collection
+   timeout
+ - (djm) Remove duplicate headers from loginrec.c
+ - (djm) Don't add /usr/local/lib to library search path on Irix
+ - (djm) Fix rsh path in RPMs. Report from Jason L Tibbitts III
+   <tibbs@math.uh.edu>
+ - (djm) Warn user if grabs fail in GNOME askpass. Patch from Zack Weinberg
+   <zack@wolery.cumb.org>
+ - (djm) OpenBSD CVS updates:
+  - todd@cvs.openbsd.org
+    [sshconnect2.c]
+    teach protocol v2 to count login failures properly and also enable an
+    explanation of why the password prompt comes up again like v1; this is NOT
+    crypto
+  - markus@cvs.openbsd.org
+    [readconf.c readconf.h servconf.c servconf.h session.c ssh.1 ssh.c sshd.8]
+    xauth_location support; pr 1234
+    [readconf.c sshconnect2.c]
+    typo, unused
+    [session.c]
+    allow use_login only for login sessions, otherwise remote commands are
+    execed with uid==0
+    [sshd.8]
+    document UseLogin better
+    [version.h]
+    OpenSSH 2.1.1
+    [auth-rsa.c]
+    fix match_hostname() logic for auth-rsa: deny access if we have a
+    negative match or no match at all
+    [channels.c hostfile.c match.c]
+    don't panic if mkdtemp fails for authfwd; jkb@yahoo-inc.com via
+    kris@FreeBSD.org
+
+20000606
+ - (djm) Added --with-cflags, --with-ldflags and --with-libs options to
+   configure.
+
+20000604
+ - Configure tweaking for new login code on Irix 5.3
+ - (andre) login code changes based on djm feedback
+
+20000603
+ - (andre) New login code
+    - Remove bsd-login.[ch] and all the OpenBSD-derived code in login.c
+    - Add loginrec.[ch], logintest.c and autoconf code
+
+20000531
+ - Cleanup of auth.c, login.c and fake-*
+ - Cleanup of auth-pam.c, save and print "account expired" error messages
+ - Fix EGD read bug by IWAMURO Motonori <iwa@mmp.fujitsu.co.jp>
+ - Rewrote bsd-login to use proper utmp API if available. Major cleanup
+   of fallback DIY code.
+
+20000530
+ - Define atexit for old Solaris
+ - Fix buffer overrun in login.c for systems which use syslen in utmpx.
+   patch from YOSHIFUJI Hideaki <yoshfuji@cerberus.nemoto.ecei.tohoku.ac.jp>
+ - OpenBSD CVS updates:
+  - markus@cvs.openbsd.org
+    [session.c]
+    make x11-fwd work w/ localhost (xauth add host/unix:11)
+    [cipher.c compat.c readconf.c servconf.c]
+    check strtok() != NULL; ok niels@
+    [key.c]
+    fix key_read() for uuencoded keys w/o '='
+    [serverloop.c]
+    group ssh1 vs. ssh2 in serverloop
+    [kex.c kex.h myproposal.h sshconnect2.c sshd.c]
+    split kexinit/kexdh, factor out common code
+    [readconf.c ssh.1 ssh.c]
+    forwardagent defaults to no, add ssh -A
+  - theo@cvs.openbsd.org
+    [session.c]
+    just some line shortening
+ - Released 2.1.0p3
+
+20000520
+ - Xauth fix from Markus Friedl <markus.friedl@informatik.uni-erlangen.de>
+ - Don't touch utmp if USE_UTMPX defined
+ - SunOS 4.x support from Todd C. Miller <Todd.Miller@courtesan.com>
+ - SIGCHLD fix for AIX and HPUX from Tom Bertelson <tbert@abac.com>
+ - HPUX and Configure fixes from Lutz Jaenicke
+   <Lutz.Jaenicke@aet.TU-Cottbus.DE>
+ - Use mkinstalldirs script to make directories instead of non-portable
+   "install -d". Suggested by Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
+ - Doc cleanup
+
+20000518
+ - Include Andre Lucas' fixprogs script. Forgot to "cvs add" it yesterday
+ - OpenBSD CVS updates:
+  - markus@cvs.openbsd.org
+    [sshconnect.c]
+    copy only ai_addrlen bytes; misiek@pld.org.pl
+    [auth.c]
+    accept an empty shell in authentication; bug reported by
+    chris@tinker.ucr.edu
+    [serverloop.c]
+    we don't have stderr for interactive terminal sessions (fcntl errors)
+
+20000517
+ - Fix from Andre Lucas <andre.lucas@dial.pipex.com>
+  - Fixes command line printing segfaults (spotter: Bladt Norbert)
+  - Fixes erroneous printing of debug messages to syslog
+  - Fixes utmp for MacOS X (spotter: Aristedes Maniatis)
+  - Gives useful error message if PRNG initialisation fails
+  - Reduced ssh startup delay
+  - Measures cumulative command time rather than the time between reads
+    after select()
+  - 'fixprogs' perl script to eliminate non-working entropy commands, and
+    optionally run 'ent' to measure command entropy
+ - Applied Tom Bertelson's <tbert@abac.com> AIX authentication fix
+ - Avoid WCOREDUMP complation errors for systems that lack it
+ - Avoid SIGCHLD warnings from entropy commands
+ - Fix HAVE_PAM_GETENVLIST setting from Simon Wilkinson <sxw@dcs.ed.ac.uk>
+ - OpenBSD CVS update:
+  - markus@cvs.openbsd.org
+    [ssh.c]
+    fix usage()
+    [ssh2.h]
+    draft-ietf-secsh-architecture-05.txt
+    [ssh.1]
+    document ssh -T -N (ssh2 only)
+    [channels.c serverloop.c ssh.h sshconnect.c sshd.c aux.c]
+    enable nonblocking IO for sshd w/ proto 1, too; split out common code
+    [aux.c]
+    missing include
+ - Several patches from SAKAI Kiyotaka <ksakai@kso.netwk.ntt-at.co.jp>
+  - INSTALL typo and URL fix
+  - Makefile fix
+  - Solaris fixes
+ - Checking for ssize_t and memmove. Based on patch from SAKAI Kiyotaka
+   <ksakai@kso.netwk.ntt-at.co.jp>
+ - RSAless operation patch from kevin_oconnor@standardandpoors.com
+ - Detect OpenSSL seperatly from RSA
+ - Better test for RSA (more compatible with RSAref). Based on work by
+   Ed Eden <ede370@stl.rural.usda.gov>
+
+20000513
+ - Fix for non-recognised DSA keys from Arkadiusz Miskiewicz
+   <misiek@pld.org.pl>
+
+20000511
+ - Fix for prng_seed permissions checking from Lutz Jaenicke
+   <Lutz.Jaenicke@aet.TU-Cottbus.DE>
+ - "make host-key" fix for Irix
+
+20000509
+ - OpenBSD CVS update
+  - markus@cvs.openbsd.org
+    [cipher.h myproposal.h readconf.c readconf.h servconf.c ssh.1 ssh.c]
+    [ssh.h sshconnect1.c sshconnect2.c sshd.8]
+    - complain about invalid ciphers in SSH1 (e.g. arcfour is SSH2 only)
+  - hugh@cvs.openbsd.org
+    [ssh.1]
+    - zap typo
+    [ssh-keygen.1]
+    - One last nit fix. (markus approved)
+    [sshd.8]
+    - some markus certified spelling adjustments
+  - markus@cvs.openbsd.org
+    [auth2.c channels.c clientloop.c compat compat.h dsa.c kex.c]
+    [sshconnect2.c ]
+    - bug compat w/ ssh-2.0.13 x11, split out bugs
+    [nchan.c]
+    - no drain if ibuf_empty, fixes x11fwd problems; tests by fries@
+    [ssh-keygen.c]
+    - handle escapes in real and original key format, ok millert@
+    [version.h]
+    - OpenSSH-2.1
+ - Moved all the bsd-* and fake-* stuff into new libopenbsd-compat.a
+ - Doc updates
+ - Cleanup of bsd-base64 headers, bugfix definitions of __b64_*. Reported
+   by Andre Lucas <andre.lucas@dial.pipex.com>
+
+20000508
+ - Makefile and RPM spec fixes
+ - Generate DSA host keys during "make key" or RPM installs
+ - OpenBSD CVS update
+  - markus@cvs.openbsd.org
+    [clientloop.c sshconnect2.c]
+    - make x11-fwd interop w/ ssh-2.0.13
+    [README.openssh2]
+    - interop w/ SecureFX
+ - Release 2.0.0beta2
+
+ - Configure caching and cleanup patch from Andre Lucas'
+   <andre.lucas@dial.pipex.com>
+
+20000507
+ - Remove references to SSLeay.
+ - Big OpenBSD CVS update
+  - markus@cvs.openbsd.org
+    [clientloop.c]
+    - typo
+    [session.c]
+    - update proctitle on pty alloc/dealloc, e.g. w/ windows client
+    [session.c]
+    - update proctitle for proto 1, too
+    [channels.h nchan.c serverloop.c session.c sshd.c]
+    - use c-style comments
+  - deraadt@cvs.openbsd.org
+    [scp.c]
+    - more atomicio
+  - markus@cvs.openbsd.org
+    [channels.c]
+    - set O_NONBLOCK
+    [ssh.1]
+    - update AUTHOR
+    [readconf.c ssh-keygen.c ssh.h]
+    - default DSA key file ~/.ssh/id_dsa
+    [clientloop.c]
+    - typo, rm verbose debug
+  - deraadt@cvs.openbsd.org
+    [ssh-keygen.1]
+    - document DSA use of ssh-keygen
+    [sshd.8]
+    - a start at describing what i understand of the DSA side
+    [ssh-keygen.1]
+    - document -X and -x
+    [ssh-keygen.c]
+    - simplify usage
+  - markus@cvs.openbsd.org
+    [sshd.8]
+    - there is no rhosts_dsa
+    [ssh-keygen.1]
+    - document -y, update -X,-x
+    [nchan.c]
+    - fix close for non-open ssh1 channels
+    [servconf.c servconf.h ssh.h sshd.8 sshd.c ]
+    - s/DsaKey/HostDSAKey/, document option
+    [sshconnect2.c]
+    - respect number_of_password_prompts
+    [channels.c channels.h servconf.c servconf.h session.c sshd.8]
+    - GatewayPorts for sshd, ok deraadt@
+    [ssh-add.1 ssh-agent.1 ssh.1]
+    - more doc on: DSA, id_dsa, known_hosts2, authorized_keys2
+    [ssh.1]
+    - more info on proto 2
+    [sshd.8]
+    - sync AUTHOR w/ ssh.1
+    [key.c key.h sshconnect.c]
+    - print key type when talking about host keys
+    [packet.c]
+    - clear padding in ssh2
+    [dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h]
+    - replace broken uuencode w/ libc b64_ntop
+    [auth2.c]
+    - log failure before sending the reply
+    [key.c radix.c uuencode.c]
+    - remote trailing comments before calling __b64_pton
+    [auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1]
+    [sshconnect2.c sshd.8]
+    - add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8
+ - Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch])
+
+20000502
+ - OpenBSD CVS update
+   [channels.c]
+   - init all fds, close all fds.
+   [sshconnect2.c]
+   - check whether file exists before asking for passphrase
+   [servconf.c servconf.h sshd.8 sshd.c]
+   - PidFile, pr 1210
+   [channels.c]
+   - EINTR
+   [channels.c]
+   - unbreak, ok niels@
+   [sshd.c]
+   - unlink pid file, ok niels@
+   [auth2.c]
+   - Add missing #ifdefs; ok - markus
+ - Add Andre Lucas' <andre.lucas@dial.pipex.com> patch to read entropy
+   gathering commands from a text file
+ - Release 2.0.0beta1
+
+20000501
+ - OpenBSD CVS update
+   [packet.c]
+   - send debug messages in SSH2 format
+   [scp.c]
+   - fix very rare EAGAIN/EINTR issues; based on work by djm
+   [packet.c]
+   - less debug, rm unused
+   [auth2.c]
+   - disable kerb,s/key in ssh2
+   [sshd.8]
+   - Minor tweaks and typo fixes.
+   [ssh-keygen.c]
+   - Put -d into usage and reorder. markus ok.
+ - Include missing headers for OpenSSL tests. Fix from Phil Karn
+   <karn@ka9q.ampr.org>
+ - Fixed __progname symbol collisions reported by Andre Lucas
+   <andre.lucas@dial.pipex.com>
+ - Merged bsd-login ttyslot and AIX utmp patch from Gert Doering
+   <gd@hilb1.medat.de>
+ - Add some missing ifdefs to auth2.c
+ - Deprecate perl-tk askpass.
+ - Irix portability fixes - don't include netinet headers more than once
+ - Make sure we don't save PRNG seed more than once
+
+20000430
+ - Merge HP-UX fixes and TCB support from Ged Lodder <lodder@yacc.com.au>
+ - Integrate Andre Lucas' <andre.lucas@dial.pipex.com> entropy collection
+   patch.
+   - Adds timeout to entropy collection
+   - Disables slow entropy sources
+   - Load and save seed file
+ - Changed entropy seed code to user per-user seeds only (server seed is
+   saved in root's .ssh directory)
+ - Use atexit() and fatal cleanups to save seed on exit
+ - More OpenBSD updates:
+   [session.c]
+   - don't call chan_write_failed() if we are not writing
+   [auth-rsa.c auth1.c authfd.c hostfile.c ssh-agent.c]
+   - keysize warnings error() -> log()
+
+20000429
+ - Merge big update to OpenSSH-2.0 from OpenBSD CVS
+   [README.openssh2]
+   - interop w/ F-secure windows client
+   - sync documentation
+   - ssh_host_dsa_key not ssh_dsa_key
+   [auth-rsa.c]
+   - missing fclose
+   [auth.c authfile.c compat.c dsa.c dsa.h hostfile.c key.c key.h radix.c]
+   [readconf.c readconf.h ssh-add.c ssh-keygen.c ssh.c ssh.h sshconnect.c]
+   [sshd.c uuencode.c uuencode.h authfile.h]
+   - add DSA pubkey auth and other SSH2 fixes.  use ssh-keygen -[xX]
+     for trading keys with the real and the original SSH, directly from the
+     people who invented the SSH protocol.
+   [auth.c auth.h authfile.c sshconnect.c auth1.c auth2.c sshconnect.h]
+   [sshconnect1.c sshconnect2.c]
+   - split auth/sshconnect in one file per protocol version
+   [sshconnect2.c]
+   - remove debug
+   [uuencode.c]
+   - add trailing =
+   [version.h]
+   - OpenSSH-2.0
+   [ssh-keygen.1 ssh-keygen.c]
+   - add -R flag: exit code indicates if RSA is alive
+   [sshd.c]
+   - remove unused
+     silent if -Q is specified
+   [ssh.h]
+   - host key becomes /etc/ssh_host_dsa_key
+   [readconf.c servconf.c ]
+   - ssh/sshd default to proto 1 and 2
+   [uuencode.c]
+   - remove debug
+   [auth2.c ssh-keygen.c sshconnect2.c sshd.c]
+   - xfree DSA blobs
+   [auth2.c serverloop.c session.c]
+   - cleanup logging for sshd/2, respect PasswordAuth no
+   [sshconnect2.c]
+   - less debug, respect .ssh/config
+   [README.openssh2 channels.c channels.h]
+   - clientloop.c session.c ssh.c
+   - support for x11-fwding, client+server
+
+20000421
+ - Merge fix from OpenBSD CVS
+  [ssh-agent.c]
+  - Fix memory leak per connection. Report from Andy Spiegl <Andy@Spiegl.de>
+    via Debian bug #59926
+ - Define __progname in session.c if libc doesn't
+ - Remove indentation on autoconf #include statements to avoid bug in
+   DEC Tru64 compiler. Report and fix from David Del Piero
+   <David.DelPiero@qed.qld.gov.au>
+
+20000420
+ - Make fixpaths work with perl4, patch from Andre Lucas
+   <andre.lucas@dial.pipex.com>
+ - Sync with OpenBSD CVS:
+  [clientloop.c login.c serverloop.c ssh-agent.c ssh.h sshconnect.c sshd.c]
+  - pid_t
+  [session.c]
+  - remove bogus chan_read_failed. this could cause data
+    corruption (missing data) at end of a SSH2 session.
+ - Merge fixes from Debian patch from Phil Hands <phil@hands.com>
+  - Allow setting of PAM service name through CFLAGS (SSHD_PAM_SERVICE)
+  - Use vhangup to clean up Linux ttys
+  - Force posix getopt processing on GNU libc systems
+ - Debian bug #55910 - remove references to ssl(8) manpages
+ - Debian bug #58031 - ssh_config lies about default cipher
+
+20000419
+ - OpenBSD CVS updates
+   [channels.c]
+   - fix pr 1196, listen_port and port_to_connect interchanged
+   [scp.c]
+   - after completion, replace the progress bar ETA counter with a final
+     elapsed time; my idea, aaron wrote the patch
+   [ssh_config sshd_config]
+   - show 'Protocol' as an example, ok markus@
+   [sshd.c]
+   - missing xfree()
+ - Add missing header to bsd-misc.c
+
+20000416
+ - Reduce diff against OpenBSD source
+   - All OpenSSL includes are now unconditionally referenced as
+     openssl/foo.h
+   - Pick up formatting changes
+   - Other minor changed (typecasts, etc) that I missed
+
+20000415
+ - OpenBSD CVS updates.
+   [ssh.1 ssh.c]
+   - ssh -2
+   [auth.c channels.c clientloop.c packet.c packet.h serverloop.c]
+   [session.c sshconnect.c]
+   - check payload for (illegal) extra data
+   [ALL]
+   whitespace cleanup
+
+20000413
+ - INSTALL doc updates
+ - Merged OpenBSD updates to include paths.
+
+20000412
+ - OpenBSD CVS updates:
+   - [channels.c]
+     repair x11-fwd
+   - [sshconnect.c]
+     fix passwd prompt for ssh2, less debugging output.
+   - [clientloop.c compat.c dsa.c kex.c sshd.c]
+     less debugging output
+   - [kex.c kex.h sshconnect.c sshd.c]
+     check for reasonable public DH values
+   - [README.openssh2 cipher.c cipher.h compat.c compat.h readconf.c]
+     [readconf.h servconf.c servconf.h ssh.c ssh.h sshconnect.c sshd.c]
+     add Cipher and Protocol options to ssh/sshd, e.g.:
+     ssh -o 'Protocol 1,2' if you prefer proto 1, ssh -o 'Ciphers
+     arcfour,3des-cbc'
+   - [sshd.c]
+     print 1.99 only if server supports both
+
+20000408
+ - Avoid some compiler warnings in fake-get*.c
+ - Add IPTOS macros for systems which lack them
+ - Only set define entropy collection macros if they are found
+ - More large OpenBSD CVS updates:
+   - [auth.c auth.h servconf.c servconf.h serverloop.c session.c]
+     [session.h ssh.h sshd.c README.openssh2]
+     ssh2 server side, see README.openssh2; enable with 'sshd -2'
+   - [channels.c]
+     no adjust after close
+   - [sshd.c compat.c ]
+     interop w/ latest ssh.com windows client.
+
+20000406
+ - OpenBSD CVS update:
+   - [channels.c]
+     close efd on eof
+   - [clientloop.c compat.c ssh.c sshconnect.c myproposal.h]
+     ssh2 client implementation, interops w/ ssh.com and lsh servers.
+   - [sshconnect.c]
+     missing free.
+   - [authfile.c cipher.c cipher.h packet.c sshconnect.c sshd.c]
+     remove unused argument, split cipher_mask()
+   - [clientloop.c]
+     re-order: group ssh1 vs. ssh2
+ - Make Redhat spec require openssl >= 0.9.5a
+
+20000404
+ - Add tests for RAND_add function when searching for OpenSSL
+ - OpenBSD CVS update:
+   - [packet.h packet.c]
+     ssh2 packet format
+   - [packet.h packet.c nchan2.ms nchan.h compat.h compat.c]
+     [channels.h channels.c]
+     channel layer support for ssh2
+   - [kex.h kex.c hmac.h hmac.c dsa.c dsa.h]
+     DSA, keyexchange, algorithm agreement for ssh2
+ - Generate manpages before make install not at the end of make all
+ - Don't seed the rng quite so often
+ - Always reseed rng when requested
+
+20000403
+ - Wrote entropy collection routines for systems that lack /dev/random
+   and EGD
+ - Disable tests and typedefs for 64 bit types. They are currently unused.
+
+20000401
+ - Big OpenBSD CVS update (mainly beginnings of SSH2 infrastructure)
+   - [auth.c session.c sshd.c auth.h]
+     split sshd.c -> auth.c session.c sshd.c plus cleanup and goto-removal
+   - [bufaux.c bufaux.h]
+     support ssh2 bignums
+   - [channels.c channels.h clientloop.c sshd.c nchan.c nchan.h packet.c]
+     [readconf.c ssh.c ssh.h serverloop.c]
+     replace big switch() with function tables (prepare for ssh2)
+   - [ssh2.h]
+     ssh2 message type codes
+   - [sshd.8]
+     reorder Xr to avoid cutting
+   - [serverloop.c]
+     close(fdin) if fdin != fdout, shutdown otherwise, ok theo@
+   - [channels.c]
+     missing close
+     allow bigger packets
+   - [cipher.c cipher.h]
+     support ssh2 ciphers
+   - [compress.c]
+     cleanup, less code
+   - [dispatch.c dispatch.h]
+     function tables for different message types
+   - [log-server.c]
+     do not log() if debuggin to stderr
+     rename a cpp symbol, to avoid param.h collision
+   - [mpaux.c]
+     KNF
+   - [nchan.c]
+     sync w/ channels.c
+
+20000326
+ - Better tests for OpenSSL w/ RSAref
+ - Added replacement setenv() function from OpenBSD libc. Suggested by
+   Ben Lindstrom <mouring@pconline.com>
+ - OpenBSD CVS update
+   - [auth-krb4.c]
+     -Wall
+   - [auth-rh-rsa.c auth-rsa.c hostfile.c hostfile.h key.c key.h match.c]
+     [match.h ssh.c ssh.h sshconnect.c sshd.c]
+     initial support for DSA keys. ok deraadt@, niels@
+   - [cipher.c cipher.h]
+     remove unused cipher_attack_detected code
+   - [scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
+     Fix some formatting problems I missed before.
+   - [ssh.1 sshd.8]
+     fix spelling errors, From: FreeBSD
+   - [ssh.c]
+     switch to raw mode only if he _get_ a pty (not if we _want_ a pty).
+
+20000324
+ - Released 1.2.3
+
+20000317
+ - Clarified --with-default-path option.
+ - Added -blibpath handling for AIX to work around stupid runtime linking.
+   Problem elucidated by gshapiro@SENDMAIL.ORG by way of Jim Knoble
+   <jmknoble@jmknoble.cx>
+ - Checks for 64 bit int types. Problem report from Mats Fredholm
+   <matsf@init.se>
+ - OpenBSD CVS updates:
+   - [atomicio.c auth-krb4.c bufaux.c channels.c compress.c fingerprint.c]
+     [packet.h radix.c rsa.c scp.c ssh-agent.c ssh-keygen.c sshconnect.c]
+     [sshd.c]
+     pedantic: signed vs. unsigned, void*-arithm, etc
+   - [ssh.1 sshd.8]
+     Various cleanups and standardizations.
+ - Runtime error fix for HPUX from Otmar Stahl
+   <O.Stahl@lsw.uni-heidelberg.de>
+
+20000316
+ - Fixed configure not passing LDFLAGS to Solaris. Report from David G.
+   Hesprich <dghespri@sprintparanet.com>
+ - Propogate LD through to Makefile
+ - Doc cleanups
+ - Added blurb about "scp: command not found" errors to UPGRADING
+
+20000315
+ - Fix broken CFLAGS handling during search for OpenSSL. Fixes va_list
+   problems with gcc/Solaris.
+ - Don't free argument to putenv() after use (in setenv() replacement).
+   Report from Seigo Tanimura <tanimura@r.dl.itc.u-tokyo.ac.jp>
+ - Created contrib/ subdirectory. Included helpers from Phil Hands'
+   Debian package, README file and chroot patch from Ricardo Cerqueira
+   <rmcc@clix.pt>
+ - Moved gnome-ssh-askpass.c to contrib directory and removed config
+   option.
+ - Slight cleanup to doc files
+ - Configure fix from Bratislav ILICH <bilic@zepter.ru>
+
+20000314
+ - Include macro for IN6_IS_ADDR_V4MAPPED. Report from
+   peter@frontierflying.com
+ - Include /usr/local/include and /usr/local/lib for systems that don't
+   do it themselves
+ - -R/usr/local/lib for Solaris
+ - Fix RSAref detection
+ - Fix IN6_IS_ADDR_V4MAPPED macro
+
+20000311
+ - Detect RSAref
+ - OpenBSD CVS change
+   [sshd.c]
+    - disallow guessing of root password
+ - More configure fixes
+ - IPv6 workarounds from Hideaki YOSHIFUJI <yoshfuji@ecei.tohoku.ac.jp>
+
+20000309
+ - OpenBSD CVS updates to v1.2.3
+   [ssh.h atomicio.c]
+    - int atomicio -> ssize_t (for alpha). ok deraadt@
+   [auth-rsa.c]
+    - delay MD5 computation until client sends response, free() early, cleanup.
+   [cipher.c]
+    - void* -> unsigned char*, ok niels@
+   [hostfile.c]
+    - remove unused variable 'len'. fix comments.
+    - remove unused variable
+   [log-client.c log-server.c]
+    - rename a cpp symbol, to avoid param.h collision
+   [packet.c]
+    - missing xfree()
+    - getsockname() requires initialized tolen; andy@guildsoftware.com
+    - use getpeername() in packet_connection_is_on_socket(), fixes sshd -i;
+   from Holger.Trapp@Informatik.TU-Chemnitz.DE
+   [pty.c pty.h]
+    - register cleanup for pty earlier. move code for pty-owner handling to
+      pty.c ok provos@, dugsong@
+   [readconf.c]
+    - turn off x11-fwd for the client, too.
+   [rsa.c]
+    - PKCS#1 padding
+   [scp.c]
+    - allow '.' in usernames; from jedgar@fxp.org
+   [servconf.c]
+    - typo: ignore_user_known_hosts int->flag; naddy@mips.rhein-neckar.de
+    - sync with sshd_config
+   [ssh-keygen.c]
+    - enable ssh-keygen -l -f ~/.ssh/known_hosts, ok deraadt@
+   [ssh.1]
+    - Change invalid 'CHAT' loglevel to 'VERBOSE'
+   [ssh.c]
+    - suppress AAAA query host when '-4' is used; from shin@nd.net.fujitsu.co.jp
+    - turn off x11-fwd for the client, too.
+   [sshconnect.c]
+    - missing xfree()
+    - retry rresvport_af(), too. from sumikawa@ebina.hitachi.co.jp.
+    - read error vs. "Connection closed by remote host"
+   [sshd.8]
+    - ie. -> i.e.,
+    - do not link to a commercial page..
+    - sync with sshd_config
+   [sshd.c]
+    - no need for poll.h; from bright@wintelcom.net
+    - log with level log() not fatal() if peer behaves badly.
+    - don't panic if client behaves strange. ok deraadt@
+    - make no-port-forwarding for RSA keys deny both -L and -R style fwding
+    - delay close() of pty until the pty has been chowned back to root
+    - oops, fix comment, too.
+    - missing xfree()
+    - move XAUTHORITY to subdir. ok dugsong@. fixes debian bug #57907, too.
+      (http://cgi.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=57907)
+    - register cleanup for pty earlier. move code for pty-owner handling to
+      pty.c ok provos@, dugsong@
+    - create x11 cookie file
+    - fix pr 1113, fclose() -> pclose(), todo: remote popen()
+    - version 1.2.3
+ - Cleaned up
+ - Removed warning workaround for Linux and devpts filesystems (no longer
+   required after OpenBSD updates)
+
+20000308
+ - Configure fix from Hiroshi Takekawa <takekawa@sr3.t.u-tokyo.ac.jp>
+
+20000307
+ - Released 1.2.2p1
+
+20000305
+ - Fix DEC compile fix
+ - Explicitly seed OpenSSL's PRNG before checking rsa_alive()
+ - Check for getpagesize in libucb.a if not found in libc. Fix for old
+   Solaris from Andre Lucas <andre.lucas@dial.pipex.com>
+ - Check for libwrap if --with-tcp-wrappers option specified. Suggestion
+   Mate Wierdl <mw@moni.msci.memphis.edu>
+
+20000303
+ - Added "make host-key" target, Suggestion from Dominik Brettnacher
+ <domi@saargate.de>
+ - Don't permanently fail on bind() if getaddrinfo has more choices left for
+   us. Needed to work around messy IPv6 on Linux. Patch from Arkadiusz
+   Miskiewicz <misiek@pld.org.pl>
+ - DEC Unix compile fix from David Del Piero <David.DelPiero@qed.qld.gov.au>
+ - Manpage fix from David Del Piero <David.DelPiero@qed.qld.gov.au>
+
+20000302
+ - Big cleanup of autoconf code
+   - Rearranged to be a little more logical
+   - Added -R option for Solaris
+   - Rewrote OpenSSL detection code. Now uses AC_TRY_RUN with a test program
+     to detect library and header location _and_ ensure library has proper
+     RSA support built in (this is a problem with OpenSSL 0.9.5).
+ - Applied pty cleanup patch from markus.friedl@informatik.uni-erlangen.de
+ - Avoid warning message with Unix98 ptys
+ - Warning was valid - possible race condition on PTYs. Avoided using
+   platform-specific code.
+ - Document some common problems
+ - Allow root access to any key. Patch from
+   markus.friedl@informatik.uni-erlangen.de
+
+20000207
+ - Removed SOCKS code. Will support through a ProxyCommand.
+
+20000203
+ - Fixed SEGVs in authloop, fix from vbzoli@hbrt.hu
+ - Add --with-ssl-dir option
+
+20000202
+ - Fix lastlog code for directory based lastlogs. Fix from Josh Durham
+   <jmd@aoe.vt.edu>
+ - Documentation fixes from HARUYAMA Seigo <haruyama@nt.phys.s.u-tokyo.ac.jp>
+ - Added URLs to Japanese translations of documents by HARUYAMA Seigo
+   <haruyama@nt.phys.s.u-tokyo.ac.jp>
+
+20000201
+ - Use socket pairs by default (instead of pipes). Prevents race condition
+   on several (buggy) OSs. Report and fix from tridge@linuxcare.com
+
+20000127
+ - Seed OpenSSL's random number generator before generating RSA keypairs
+ - Split random collector into seperate file
+ - Compile fix from Andre Lucas <andre.lucas@dial.pipex.com>
+
+20000126
+ - Released 1.2.2 stable
+
+ - NeXT keeps it lastlog in /usr/adm. Report from
+   mouring@newton.pconline.com
+ - Added note in UPGRADING re interop with commercial SSH using idea.
+   Report from Jim Knoble <jmknoble@jmknoble.cx>
+ - Fix linking order for Kerberos/AFS. Fix from Holget Trapp
+   <Holger.Trapp@Informatik.TU-Chemnitz.DE>
+
+20000125
+ - Fix NULL pointer dereference in login.c. Fix from Andre Lucas
+   <andre.lucas@dial.pipex.com>
+ - Reorder PAM initialisation so it does not mess up lastlog. Reported
+   by Andre Lucas <andre.lucas@dial.pipex.com>
+ - Use preformatted manpages on SCO, report from Gary E. Miller
+   <gem@rellim.com>
+ - New URL for x11-ssh-askpass.
+ - Fixpaths was missing /etc/ssh_known_hosts. Report from Jim Knoble
+   <jmknoble@jmknoble.cx>
+ - Added 'DESTDIR' option to Makefile to ease package building. Patch from
+   Jim Knoble <jmknoble@jmknoble.cx>
+ - Updated RPM spec files to use DESTDIR
+
+20000124
+ - Pick up version 1.2.2 from OpenBSD CVS (no changes, just version number
+   increment)
+
+20000123
+ - OpenBSD CVS:
+   - [packet.c]
+     getsockname() requires initialized tolen; andy@guildsoftware.com
+ - AIX patch from Matt Richards <v2matt@btv.ibm.com> and David Rankin
+   <drankin@bohemians.lexington.ky.us>
+ - Fix lastlog support, patch from Andre Lucas <andre.lucas@dial.pipex.com>
+
+20000122
+ - Fix compilation of bsd-snprintf.c on Solaris, fix from Ben Taylor
+   <bent@clark.net>
+ - Merge preformatted manpage patch from Andre Lucas
+   <andre.lucas@dial.pipex.com>
+ - Make IPv4 use the default in RPM packages
+ - Irix uses preformatted manpages
+ - Missing htons() in bsd-bindresvport.c, fix from Holger Trapp
+   <Holger.Trapp@Informatik.TU-Chemnitz.DE>
+ - OpenBSD CVS updates:
+   - [packet.c]
+     use getpeername() in packet_connection_is_on_socket(), fixes sshd -i;
+     from Holger.Trapp@Informatik.TU-Chemnitz.DE
+   - [sshd.c]
+     log with level log() not fatal() if peer behaves badly.
+   - [readpass.c]
+     instead of blocking SIGINT, catch it ourselves, so that we can clean
+     the tty modes up and kill ourselves -- instead of our process group
+     leader (scp, cvs, ...) going away and leaving us in noecho mode.
+     people with cbreak shells never even noticed..
+   - [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
+     ie. -> i.e.,
+
+20000120
+ - Don't use getaddrinfo on AIX
+ - Update to latest OpenBSD CVS:
+   - [auth-rsa.c]
+     - fix user/1056, sshd keeps restrictions; dbt@meat.net
+   - [sshconnect.c]
+     - disable agent fwding for proto 1.3, remove abuse of auth-rsa flags.
+     - destroy keys earlier
+     - split key exchange (kex) and user authentication (user-auth),
+       ok: provos@
+   - [sshd.c]
+     - no need for poll.h; from bright@wintelcom.net
+     - disable agent fwding for proto 1.3, remove abuse of auth-rsa flags.
+     - split key exchange (kex) and user authentication (user-auth),
+       ok: provos@
+ - Big manpage and config file cleanup from Andre Lucas
+   <andre.lucas@dial.pipex.com>
+   - Re-added latest (unmodified) OpenBSD manpages
+ - Doc updates
+ - NetBSD patch from David Rankin <drankin@bohemians.lexington.ky.us> and
+   Christos Zoulas <christos@netbsd.org>
+
+20000119
+ - SCO compile fixes from Gary E. Miller <gem@rellim.com>
+ - Compile fix from Darren_Hall@progressive.com
+ - Linux/glibc-2.1.2 takes a *long* time to look up names for AF_UNSPEC
+   addresses using getaddrinfo(). Added a configure switch to make the
+   default lookup mode AF_INET
+
+20000118
+ - Fixed --with-pid-dir option
+ - Makefile fix from Gary E. Miller <gem@rellim.com>
+ - Compile fix for HPUX and Solaris from Andre Lucas
+   <andre.lucas@dial.pipex.com>
+
+20000117
+ - Clean up bsd-bindresvport.c. Use arc4random() for picking initial
+   port, ignore EINVAL errors (Linux) when searching for free port.
+ - Revert __snprintf -> snprintf aliasing. Apparently Solaris
+   __snprintf isn't. Report from Theo de Raadt <theo@cvs.openbsd.org>
+ - Document location of Redhat PAM file in INSTALL.
+ - Fixed X11 forwarding bug on Linux. libc advertises AF_INET6
+   INADDR_ANY_INIT addresses via getaddrinfo, but may not be able to
+   deliver (no IPv6 kernel support)
+ - Released 1.2.1pre27
+
+ - Fix rresvport_af failure errors (logic error in bsd-bindresvport.c)
+ - Fix --with-ipaddr-display option test. Fix from Jarno Huuskonen
+   <jhuuskon@hytti.uku.fi>
+ - Fix hang on logout if processes are still using the pty. Needs
+   further testing.
+ - Patch from Christos Zoulas <christos@zoulas.com>
+   - Try $prefix first when looking for OpenSSL.
+   - Include sys/types.h when including sys/socket.h in test programs
+ - Substitute PID directory in sshd.8. Suggestion from Andrew
+   Stribblehill <a.d.stribblehill@durham.ac.uk>
+
+20000116
+ - Renamed --with-xauth-path to --with-xauth
+ - Added --with-pid-dir option
+ - Released 1.2.1pre26
+
+ - Compilation fix from Kiyokazu SUTO <suto@ks-and-ks.ne.jp>
+ - Fixed broken bugfix for /dev/ptmx on Linux systems which lack
+   openpty(). Report from Kiyokazu SUTO <suto@ks-and-ks.ne.jp>
+
+20000115
+ - Add --with-xauth-path configure directive and explicit test for
+   /usr/openwin/bin/xauth for Solaris systems. Report from Anders
+   Nordby <anders@fix.no>
+ - Fix incorrect detection of /dev/ptmx on Linux systems that lack
+   openpty. Report from John Seifarth <john@waw.be>
+ - Look for intXX_t and u_intXX_t in sys/bitypes.h if they are not in
+   sys/types.h. Fixes problems on SCO, report from Gary E. Miller
+   <gem@rellim.com>
+ - Use __snprintf and __vnsprintf if they are found where snprintf and
+   vnsprintf are lacking. Suggested by Ben Taylor <bent@shell.clark.net>
+   and others.
+
+20000114
+ - Merged OpenBSD IPv6 patch:
+   - [sshd.c sshd.8 sshconnect.c ssh.h ssh.c servconf.h servconf.c scp.1]
+     [scp.c packet.h packet.c login.c log.c canohost.c channels.c]
+     [hostfile.c sshd_config]
+     ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new
+     features: sshd allows multiple ListenAddress and Port options. note
+     that libwrap is not IPv6-ready. (based on patches from
+     fujiwara@rcac.tdi.co.jp)
+   - [ssh.c canohost.c]
+     more hints (hints.ai_socktype=SOCK_STREAM) for getaddrinfo,
+     from itojun@
+   - [channels.c]
+     listen on _all_ interfaces for X11-Fwd (hints.ai_flags = AI_PASSIVE)
+   - [packet.h]
+     allow auth-kerberos for IPv4 only
+   - [scp.1 sshd.8 servconf.h scp.c]
+     document -4, -6, and 'ssh -L 2022/::1/22'
+   - [ssh.c]
+     'ssh @host' is illegal (null user name), from
+     karsten@gedankenpolizei.de
+   - [sshconnect.c]
+     better error message
+   - [sshd.c]
+     allow auth-kerberos for IPv4 only
+ - Big IPv6 merge:
+   - Cleanup overrun in sockaddr copying on RHL 6.1
+   - Replacements for getaddrinfo, getnameinfo, etc based on versions
+     from patch from KIKUCHI Takahiro <kick@kyoto.wide.ad.jp>
+   - Replacement for missing structures on systems that lack IPv6
+   - record_login needed to know about AF_INET6 addresses
+   - Borrowed more code from OpenBSD: rresvport_af and requisites
+
+20000110
+ - Fixes to auth-skey to enable it to use the standard OpenSSL libraries
+
+20000107
+ - New config.sub and config.guess to fix problems on SCO. Supplied
+   by Gary E. Miller <gem@rellim.com>
+ - SCO build fix from Gary E. Miller <gem@rellim.com>
+ - Released 1.2.1pre25
+
+20000106
+ - Documentation update & cleanup
+ - Better KrbIV / AFS detection, based on patch from:
+   Holger Trapp <Holger.Trapp@Informatik.TU-Chemnitz.DE>
+
+20000105
+ - Fixed annoying DES corruption problem. libcrypt has been
+   overriding symbols in libcrypto. Removed libcrypt and crypt.h
+   altogether (libcrypto includes its own crypt(1) replacement)
+ - Added platform-specific rules for Irix 6.x. Included warning that
+   they are untested.
+
+20000103
+ - Add explicit make rules for files proccessed by fixpaths.
+ - Fix "make install" in RPM spec files. Report from Tenkou N. Hattori
+   <tnh@kondara.org>
+ - Removed "nullok" directive from default PAM configuration files.
+   Added information on enabling EmptyPasswords on openssh+PAM in
+   UPGRADING file.
+ - OpenBSD CVS updates
+   - [ssh-agent.c]
+     cleanup_exit() for SIGTERM/SIGHUP, too. from fgsch@ and
+     dgaudet@arctic.org
+   - [sshconnect.c]
+     compare correct version for 1.3 compat mode
+
+20000102
+ - Prevent multiple inclusion of config.h and defines.h. Suggested
+   by Andre Lucas <andre.lucas@dial.pipex.com>
+ - Properly clean up on exit of ssh-agent. Patch from Dean Gaudet
+   <dgaudet@arctic.org>
+
+19991231
+ - Fix password support on systems with a mixture of shadowed and
+   non-shadowed passwords (e.g. NIS). Report and fix from
+   HARUYAMA Seigo <haruyama@nt.phys.s.u-tokyo.ac.jp>
+ - Fix broken autoconf typedef detection. Report from Marc G.
+   Fournier <marc.fournier@acadiau.ca>
+ - Fix occasional crash on LinuxPPC. Patch from Franz Sirl
+   <Franz.Sirl-kernel@lauterbach.com>
+ - Prevent typedefs from being compiled more than once. Report from
+   Marc G. Fournier <marc.fournier@acadiau.ca>
+ - Fill in ut_utaddr utmp field. Report from Benjamin Charron
+   <iretd@bigfoot.com>
+ - Really fix broken default path. Fix from Jim Knoble
+   <jmknoble@jmknoble.cx>
+ - Remove test for quad_t. No longer needed.
+ - Released 1.2.1pre24
+
+ - Added support for directory-based lastlogs
+ - Really fix typedefs, patch from Ben Taylor <bent@clark.net>
+
+19991230
+ - OpenBSD CVS updates:
+   - [auth-passwd.c]
+     check for NULL 1st
+ - Removed most of the pam code into its own file auth-pam.[ch]. This
+   cleaned up sshd.c up significantly.
+ - PAM authentication was incorrectly interpreting
+   "PermitRootLogin without-password". Report from Matthias Andree
+   <ma@dt.e-technik.uni-dortmund.de
+ - Several other cleanups
+ - Merged Dante SOCKS support patch from David Rankin
+  <drankin@bohemians.lexington.ky.us>
+ - Updated documentation with ./configure options
+ - Released 1.2.1pre23
+
+19991229
+ - Applied another NetBSD portability patch from David Rankin
+   <drankin@bohemians.lexington.ky.us>
+ - Fix --with-default-path option.
+ - Autodetect perl, patch from David Rankin
+   <drankin@bohemians.lexington.ky.us>
+ - Print whether OpenSSH was compiled with RSARef, patch from
+   Nalin Dahyabhai <nalin@thermo.stat.ncsu.edu>
+ - Calls to pam_setcred, patch from Nalin Dahyabhai
+   <nalin@thermo.stat.ncsu.edu>
+ - Detect missing size_t and typedef it.
+ - Rename helper.[ch] to (more appropriate) bsd-misc.[ch]
+ - Minor Makefile cleaning
+
+19991228
+ - Replacement for getpagesize() for systems which lack it
+ - NetBSD login.c compile fix from David Rankin
+  <drankin@bohemians.lexington.ky.us>
+ - Fully set ut_tv if present in utmp or utmpx
+ - Portability fixes for Irix 5.3 (now compiles OK!)
+ - autoconf and other misc cleanups
+ - Merged AIX patch from Darren Hall <dhall@virage.org>
+ - Cleaned up defines.h
+ - Released 1.2.1pre22
+
+19991227
+ - Automatically correct paths in manpages and configuration files. Patch
+   and script from Andre Lucas <andre.lucas@dial.pipex.com>
+ - Removed credits from README to CREDITS file, updated.
+ - Added --with-default-path to specify custom path for server
+ - Removed #ifdef trickery from acconfig.h into defines.h
+ - PAM bugfix. PermitEmptyPassword was being ignored.
+ - Fixed PAM config files to allow empty passwords if server does.
+ - Explained spurious PAM auth warning workaround in UPGRADING
+ - Use last few chars of tty line as ut_id
+ - New SuSE RPM spec file from Chris Saia <csaia@wtower.com>
+ - OpenBSD CVS updates:
+   - [packet.h auth-rhosts.c]
+     check format string for packet_disconnect and packet_send_debug, too
+   - [channels.c]
+     use packet_get_maxsize for channels. consistence.
+
+19991226
+ - Enabled utmpx support by default for Solaris
+ - Cleanup sshd.c PAM a little more
+ - Revised RPM package to include Jim Knoble's <jmknoble@jmknoble.cx>
+   X11 ssh-askpass program.
+ - Disable logging of PAM success and failures, PAM is verbose enough.
+   Unfortunatly there is currently no way to disable auth failure
+   messages. Mention this in UPGRADING file and sent message to PAM
+   developers
+ - OpenBSD CVS update:
+   - [ssh-keygen.1 ssh.1]
+     remove ref to .ssh/random_seed, mention .ssh/environment in
+     .Sh FILES, too
+ - Released 1.2.1pre21
+ - Fixed implicit '.' in default path, report from Jim Knoble
+   <jmknoble@jmknoble.cx>
+ - Redhat RPM spec fixes from Jim Knoble <jmknoble@jmknoble.cx>
+
+19991225
+ - More fixes from Andre Lucas <andre.lucas@dial.pipex.com>
+ - Cleanup of auth-passwd.c for shadow and MD5 passwords
+ - Cleanup and bugfix of PAM authentication code
+ - Released 1.2.1pre20
+
+ - Merged fixes from Ben Taylor <bent@clark.net>
+ - Fixed configure support for PAM. Reported by Naz <96na@eng.cam.ac.uk>
+ - Disabled logging of PAM password authentication failures when password
+   is empty. (e.g start of authentication loop). Reported by Naz
+   <96na@eng.cam.ac.uk>)
+
+19991223
+ - Merged later HPUX patch from Andre Lucas
+   <andre.lucas@dial.pipex.com>
+ - Above patch included better utmpx support from Ben Taylor
+   <bent@clark.net>
+
+19991222
+ - Fix undefined fd_set type in ssh.h from Povl H. Pedersen
+   <pope@netguide.dk>
+ - Fix login.c breakage on systems which lack ut_host in struct
+   utmp. Reported by Willard Dawson <willard.dawson@sbs.siemens.com>
+
+19991221
+ - Integration of large HPUX patch from Andre Lucas
+   <andre.lucas@dial.pipex.com>. Integrating it had a few other
+   benefits:
+   - Ability to disable shadow passwords at configure time
+   - Ability to disable lastlog support at configure time
+   - Support for IP address in $DISPLAY
+ - OpenBSD CVS update:
+   - [sshconnect.c]
+   say "REMOTE HOST IDENTIFICATION HAS CHANGED"
+ - Fix DISABLE_SHADOW support
+ - Allow MD5 passwords even if shadow passwords are disabled
+ - Release 1.2.1pre19
+
+19991218
+ - Redhat init script patch from Chun-Chung Chen
+   <cjj@u.washington.edu>
+ - Avoid breakage on systems without IPv6 headers
+
+19991216
+ - Makefile changes for Solaris from Peter Kocks
+   <peter.kocks@baygate.com>
+ - Minor updates to docs
+ - Merged OpenBSD CVS changes:
+   - [authfd.c ssh-agent.c]
+     keysize warnings talk about identity files
+   - [packet.c]
+     "Connection closed by x.x.x.x": fatal() -> log()
+ - Correctly handle empty passwords in shadow file. Patch from:
+   "Chris, the Young One" <cky@pobox.com>
+ - Released 1.2.1pre18
+
+19991215
+ - Integrated patchs from Juergen Keil <jk@tools.de>
+   - Avoid void* pointer arithmatic
+   - Use LDFLAGS correctly
+   - Fix SIGIO error in scp
+   - Simplify status line printing in scp
+ - Added better test for inline functions compiler support from
+   Darren_Hall@progressive.com
+
+19991214
+ - OpenBSD CVS Changes
+   - [canohost.c]
+     fix get_remote_port() and friends for sshd -i;
+     Holger.Trapp@Informatik.TU-Chemnitz.DE
+   - [mpaux.c]
+     make code simpler. no need for memcpy. niels@ ok
+   - [pty.c]
+     namebuflen not sizeof namebuflen; bnd@ep-ag.com via djm@mindrot.org
+     fix proto; markus
+   - [ssh.1]
+      typo; mark.baushke@solipsa.com
+   - [channels.c ssh.c ssh.h sshd.c]
+     type conflict for 'extern Type *options' in channels.c; dot@dotat.at
+   - [sshconnect.c]
+     move checking of hostkey into own function.
+   - [version.h]
+     OpenSSH-1.2.1
+ - Clean up broken includes in pty.c
+ - Some older systems don't have poll.h, they use sys/poll.h instead
+ - Doc updates
+
+19991211
+ - Fix compilation on systems with AFS. Reported by
+   aloomis@glue.umd.edu
+ - Fix installation on Solaris. Reported by
+   Gordon Rowell <gordonr@gormand.com.au>
+ - Fix gccisms (__attribute__ and inline). Report by edgy@us.ibm.com,
+   patch from Markus Friedl <markus.friedl@informatik.uni-erlangen.de>
+ - Auto-locate xauth. Patch from David Agraz <dagraz@jahoopa.com>
+ - Compile fix from David Agraz <dagraz@jahoopa.com>
+ - Avoid compiler warning in bsd-snprintf.c
+ - Added pam_limits.so to default PAM config. Suggested by
+   Jim Knoble <jmknoble@jmknoble.cx>
+
+19991209
+ - Import of patch from Ben Taylor <bent@clark.net>:
+   - Improved PAM support
+   - "uninstall" rule for Makefile
+   - utmpx support
+   - Should fix PAM problems on Solaris
+ - OpenBSD CVS updates:
+   - [readpass.c]
+     avoid stdio; based on work by markus, millert, and I
+   - [sshd.c]
+     make sure the client selects a supported cipher
+   - [sshd.c]
+     fix sighup handling.  accept would just restart and daemon handled
+     sighup only after the next connection was accepted. use poll on
+     listen sock now.
+   - [sshd.c]
+     make that a fatal
+ - Applied patch from David Rankin <drankin@bohemians.lexington.ky.us>
+   to fix libwrap support on NetBSD
+ - Released 1.2pre17
+
+19991208
+ - Compile fix for Solaris with /dev/ptmx from
+   David Agraz <dagraz@jahoopa.com>
+
+19991207
+ - sshd Redhat init script patch from Jim Knoble <jmknoble@jmknoble.cx>
+   fixes compatability with 4.x and 5.x
+ - Fixed default SSH_ASKPASS
+ - Fix PAM account and session being called multiple times. Problem
+   reported by Adrian Baugh <adrian@merlin.keble.ox.ac.uk>
+ - Merged more OpenBSD changes:
+   - [atomicio.c authfd.c scp.c serverloop.c ssh.h sshconnect.c sshd.c]
+     move atomicio into it's own file.  wrap all socket write()s which
+     were doing write(sock, buf, len) != len, with atomicio() calls.
+   - [auth-skey.c]
+     fd leak
+   - [authfile.c]
+     properly name fd variable
+   - [channels.c]
+     display great hatred towards strcpy
+   - [pty.c pty.h sshd.c]
+     use openpty() if it exists (it does on BSD4_4)
+   - [tildexpand.c]
+     check for ~ expansion past MAXPATHLEN
+ - Modified helper.c to use new atomicio function.
+ - Reformat Makefile a little
+ - Moved RC4 routines from rc4.[ch] into helper.c
+ - Added autoconf code to detect /dev/ptmx (Solaris) and /dev/ptc (AIX)
+ - Updated SuSE spec from Chris Saia <csaia@wtower.com>
+ - Tweaked Redhat spec
+ - Clean up bad imports of a few files (forgot -kb)
+ - Released 1.2pre16
+
+19991204
+ - Small cleanup of PAM code in sshd.c
+ - Merged OpenBSD CVS changes:
+   - [auth-krb4.c auth-passwd.c auth-skey.c ssh.h]
+     move skey-auth from auth-passwd.c to auth-skey.c, same for krb4
+   - [auth-rsa.c]
+     warn only about mismatch if key is _used_
+     warn about keysize-mismatch with log() not error()
+     channels.c readconf.c readconf.h ssh.c ssh.h sshconnect.c
+     ports are u_short
+   - [hostfile.c]
+     indent, shorter warning
+   - [nchan.c]
+     use error() for internal errors
+   - [packet.c]
+     set loglevel for SSH_MSG_DISCONNECT to log(), not fatal()
+     serverloop.c
+     indent
+   - [ssh-add.1 ssh-add.c ssh.h]
+     document $SSH_ASKPASS, reasonable default
+   - [ssh.1]
+     CheckHostIP is not available for connects via proxy command
+   - [sshconnect.c]
+     typo
+     easier to read client code for passwd and skey auth
+     turn of checkhostip for proxy connects, since we don't know the remote ip
+
+19991126
+ - Add definition for __P()
+ - Added [v]snprintf() replacement for systems that lack it
+
+19991125
+ - More reformatting merged from OpenBSD CVS
+ - Merged OpenBSD CVS changes:
+   - [channels.c]
+     fix packet_integrity_check() for !have_hostname_in_open.
+     report from mrwizard@psu.edu via djm@ibs.com.au
+   - [channels.c]
+     set SO_REUSEADDR and SO_LINGER for forwarded ports.
+     chip@valinux.com via damien@ibs.com.au
+   - [nchan.c]
+     it's not an error() if shutdown_write failes in nchan.
+   - [readconf.c]
+     remove dead #ifdef-0-code
+   - [readconf.c servconf.c]
+     strcasecmp instead of tolower
+   - [scp.c]
+     progress meter overflow fix from damien@ibs.com.au
+   - [ssh-add.1 ssh-add.c]
+     SSH_ASKPASS support
+   - [ssh.1 ssh.c]
+     postpone fork_after_authentication until command execution,
+     request/patch from jahakala@cc.jyu.fi via damien@ibs.com.au
+     plus: use daemon() for backgrounding
+ - Added BSD compatible install program and autoconf test, thanks to
+   Niels Kristian Bech Jensen <nkbj@image.dk>
+ - Solaris fixing, thanks to Ben Taylor <bent@clark.net>
+ - Merged beginnings of AIX support from Tor-Ake Fransson <torake@hotmail.com>
+ - Release 1.2pre15
+
+19991124
+ - Merged very large OpenBSD source code reformat
+ - OpenBSD CVS updates
+   - [channels.c cipher.c compat.c log-client.c scp.c serverloop.c]
+     [ssh.h sshd.8 sshd.c]
+     syslog changes:
+     * Unified Logmessage for all auth-types, for success and for failed
+     * Standard connections get only ONE line in the LOG when level==LOG:
+       Auth-attempts are logged only, if authentication is:
+          a) successfull or
+          b) with passwd or
+          c) we had more than AUTH_FAIL_LOG failues
+     * many log() became verbose()
+     * old behaviour with level=VERBOSE
+   - [readconf.c readconf.h ssh.1 ssh.h sshconnect.c sshd.c]
+     tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE
+     messages. allows use of s/key in windows (ttssh, securecrt) and
+     ssh-1.2.27 clients without 'ssh -v', ok: niels@
+   - [sshd.8]
+     -V, for fallback to openssh in SSH2 compatibility mode
+   - [sshd.c]
+     fix sigchld race; cjc5@po.cwru.edu
+
+19991123
+ - Added SuSE package files from Chris Saia <csaia@wtower.com>
+ - Restructured package-related files under packages/*
+ - Added generic PAM config
+ - Numerous little Solaris fixes
+ - Add recommendation to use GNU make to INSTALL document
+
+19991122
+ - Make <enter> close gnome-ssh-askpass (Debian bug #50299)
+ - OpenBSD CVS Changes
+   - [ssh-keygen.c]
+     don't create ~/.ssh only if the user wants to store the private
+     key there. show fingerprint instead of public-key after
+     keygeneration. ok niels@
+ - Added OpenBSD bsd-strlcat.c, created bsd-strlcat.h
+ - Added timersub() macro
+ - Tidy RCSIDs of bsd-*.c
+ - Added autoconf test and macro to deal with old PAM libraries
+   pam_strerror definition (one arg vs two).
+ - Fix EGD problems (Thanks to Ben Taylor <bent@clark.net>)
+ - Retry /dev/urandom reads interrupted by signal (report from
+   Robert Hardy <rhardy@webcon.net>)
+ - Added a setenv replacement for systems which lack it
+ - Only display public key comment when presenting ssh-askpass dialog
+ - Released 1.2pre14
+
+ - Configure, Make and changelog corrections from Tudor Bosman
+   <tudorb@jm.nu> and Niels Kristian Bech Jensen <nkbj@image.dk>
+
+19991121
+ - OpenBSD CVS Changes:
+   - [channels.c]
+     make this compile, bad markus
+   - [log.c readconf.c servconf.c ssh.h]
+     bugfix: loglevels are per host in clientconfig,
+     factor out common log-level parsing code.
+   - [servconf.c]
+     remove unused index (-Wall)
+   - [ssh-agent.c]
+     only one 'extern char *__progname'
+   - [sshd.8]
+     document SIGHUP, -Q to synopsis
+   - [sshconnect.c serverloop.c sshd.c packet.c packet.h]
+     [channels.c clientloop.c]
+     SSH_CMSG_MAX_PACKET_SIZE, some clients use this, some need this, niels@
+     [hope this time my ISP stays alive during commit]
+   - [OVERVIEW README] typos; green@freebsd
+   - [ssh-keygen.c]
+     replace xstrdup+strcat with strlcat+fixed buffer, fixes OF (bad me)
+     exit if writing the key fails (no infinit loop)
+     print usage() everytime we get bad options
+   - [ssh-keygen.c] overflow, djm@mindrot.org
+   - [sshd.c] fix sigchld race; cjc5@po.cwru.edu
+
+19991120
+ - Merged more Solaris support from Marc G. Fournier
+   <marc.fournier@acadiau.ca>
+ - Wrote autoconf tests for integer bit-types
+ - Fixed enabling kerberos support
+ - Fix segfault in ssh-keygen caused by buffer overrun in filename
+   handling.
+
+19991119
+ - Merged PAM buffer overrun patch from Chip Salzenberg <chip@valinux.com>
+ - Merged OpenBSD CVS changes
+   - [auth-rhosts.c auth-rsa.c ssh-agent.c sshconnect.c sshd.c]
+     more %d vs. %s in fmt-strings
+   - [authfd.c]
+     Integers should not be printed with %s
+ - EGD uses a socket, not a named pipe. Duh.
+ - Fix includes in fingerprint.c
+ - Fix scp progress bar bug again.
+ - Move ssh-askpass from ${libdir}/ssh to ${libexecdir}/ssh at request of
+   David Rankin <drankin@bohemians.lexington.ky.us>
+ - Added autoconf option to enable Kerberos 4 support (untested)
+ - Added autoconf option to enable AFS support (untested)
+ - Added autoconf option to enable S/Key support (untested)
+ - Added autoconf option to enable TCP wrappers support (compiles OK)
+ - Renamed BSD helper function files to bsd-*
+ - Added tests for login and daemon and enable OpenBSD replacements for
+   when they are absent.
+ - Added non-PAM MD5 password support patch from Tudor Bosman <tudorb@jm.nu>
+
+19991118
+ - Merged OpenBSD CVS changes
+   - [scp.c] foregroundproc() in scp
+   - [sshconnect.h] include fingerprint.h
+   - [sshd.c] bugfix: the log() for passwd-auth escaped during logging
+     changes.
+   - [ssh.1] Spell my name right.
+ - Added openssh.com info to README
+
+19991117
+ - Merged OpenBSD CVS changes
+   - [ChangeLog.Ylonen] noone needs this anymore
+   - [authfd.c] close-on-exec for auth-socket, ok deraadt
+   - [hostfile.c]
+     in known_hosts key lookup the entry for the bits does not need
+     to match, all the information is contained in n and e. This
+     solves the problem with buggy servers announcing the wrong
+     modulus length.  markus and me.
+   - [serverloop.c]
+     bugfix: check for space if child has terminated, from:
+     iedowse@maths.tcd.ie
+   - [ssh-add.1 ssh-add.c ssh-keygen.1 ssh-keygen.c sshconnect.c]
+     [fingerprint.c fingerprint.h]
+     rsa key fingerprints, idea from Bjoern Groenvall <bg@sics.se>
+   - [ssh-agent.1] typo
+   - [ssh.1] add OpenSSH information to AUTHOR section. okay markus@
+   - [sshd.c]
+     force logging to stderr while loading private key file
+     (lost while converting to new log-levels)
+
+19991116
+ - Fix some Linux libc5 problems reported by Miles Wilson <mw@mctitle.com>
+ - Merged OpenBSD CVS changes:
+   - [auth-rh-rsa.c auth-rsa.c authfd.c authfd.h hostfile.c mpaux.c]
+     [mpaux.h ssh-add.c ssh-agent.c ssh.h ssh.c sshd.c]
+     the keysize of rsa-parameter 'n' is passed implizit,
+     a few more checks and warnings about 'pretended' keysizes.
+   - [cipher.c cipher.h packet.c packet.h sshd.c]
+     remove support for cipher RC4
+   - [ssh.c]
+     a note for legay systems about secuity issues with permanently_set_uid(),
+     the private hostkey and ptrace()
+   - [sshconnect.c]
+     more detailed messages about adding and checking hostkeys
+
+19991115
+ - Merged OpenBSD CVS changes:
+   - [ssh-add.c] change passphrase loop logic and remove ref to
+     $DISPLAY, ok niels
+ - Changed to ssh-add.c broke askpass support. Revised it to be a little more
+   modular.
+ - Revised autoconf support for enabling/disabling askpass support.
+ - Merged more OpenBSD CVS changes:
+   [auth-krb4.c]
+     - disconnect if getpeername() fails
+     - missing xfree(*client)
+   [canohost.c]
+     - disconnect if getpeername() fails
+     - fix comment: we _do_ disconnect if ip-options are set
+   [sshd.c]
+     - disconnect if getpeername() fails
+     - move checking of remote port to central place
+   [auth-rhosts.c] move checking of remote port to central place
+   [log-server.c] avoid extra fd per sshd, from millert@
+   [readconf.c] print _all_ bad config-options in ssh(1), too
+   [readconf.h] print _all_ bad config-options in ssh(1), too
+   [ssh.c] print _all_ bad config-options in ssh(1), too
+   [sshconnect.c] disconnect if getpeername() fails
+ - OpenBSD's changes to sshd.c broke the PAM stuff, re-merged it.
+ - Various small cleanups to bring diff (against OpenBSD) size down.
+ - Merged more Solaris compability from Marc G. Fournier
+   <marc.fournier@acadiau.ca>
+ - Wrote autoconf tests for __progname symbol
+ - RPM spec file fixes from Jim Knoble <jmknoble@jmknoble.cx>
+ - Released 1.2pre12
+
+ - Another OpenBSD CVS update:
+   - [ssh-keygen.1] fix .Xr
+
+19991114
+ - Solaris compilation fixes (still imcomplete)
+
+19991113
+ - Build patch from Niels Kristian Bech Jensen <nkbj@image.dk>
+   - Don't install config files if they already exist
+   - Fix inclusion of additional preprocessor directives from acconfig.h
+ - Removed redundant inclusions of config.h
+ - Added 'Obsoletes' lines to RPM spec file
+ - Merged OpenBSD CVS changes:
+   - [bufaux.c] save a view malloc/memcpy/memset/free's, ok niels
+   - [scp.c] fix overflow reported by damien@ibs.com.au: off_t
+     totalsize, ok niels,aaron
+ - Delay fork (-f option) in ssh until after port forwarded connections
+   have been initialised. Patch from Jani Hakala <jahakala@cc.jyu.fi>
+ - Added shadow password patch from Thomas Neumann <tom@smart.ruhr.de>
+ - Added ifdefs to auth-passwd.c to exclude it when PAM is enabled
+ - Tidied default config file some more
+ - Revised Redhat initscript to fix bug: sshd (re)start would fail
+   if executed from inside a ssh login.
+
+19991112
+ - Merged changes from OpenBSD CVS
+   - [sshd.c] session_key_int may be zero
+   - [auth-rh-rsa.c servconf.c servconf.h ssh.h sshd.8 sshd.c sshd_config]
+     IgnoreUserKnownHosts(default=no), used for RhostRSAAuth, ok
+     deraadt,millert
+ - Brought default sshd_config more in line with OpenBSD's
+ - Grab server in gnome-ssh-askpass (Debian bug #49872)
+ - Released 1.2pre10
+
+ - Added INSTALL documentation
+ - Merged yet more changes from OpenBSD CVS
+   - [auth-rh-rsa.c auth-rhosts.c auth-rsa.c channels.c clientloop.c]
+     [ssh.c ssh.h sshconnect.c sshd.c]
+     make all access to options via 'extern Options options'
+     and 'extern ServerOptions options' respectively;
+     options are no longer passed as arguments:
+      * make options handling more consistent
+      * remove #include "readconf.h" from ssh.h
+      * readconf.h is only included if necessary
+   - [mpaux.c] clear temp buffer
+   - [servconf.c] print _all_ bad options found in configfile
+ - Make ssh-askpass support optional through autoconf
+ - Fix nasty division-by-zero error in scp.c
+ - Released 1.2pre11
+
+19991111
+ - Added (untested) Entropy Gathering Daemon (EGD) support
+ - Fixed /dev/urandom fd leak (Debian bug #49722)
+ - Merged OpenBSD CVS changes:
+   - [auth-rh-rsa.c] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
+   - [ssh.1] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
+   - [sshd.8] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
+ - Fix integer overflow which was messing up scp's progress bar for large
+   file transfers. Fix submitted to OpenBSD developers. Report and fix
+   from Kees Cook <cook@cpoint.net>
+ - Merged more OpenBSD CVS changes:
+   - [auth-krb4.c auth-passwd.c] remove x11- and krb-cleanup from fatal()
+     + krb-cleanup cleanup
+   - [clientloop.c log-client.c log-server.c ]
+     [readconf.c readconf.h servconf.c servconf.h ]
+     [ssh.1 ssh.c ssh.h sshd.8]
+     add LogLevel {QUIET, FATAL, ERROR, INFO, CHAT, DEBUG} to ssh/sshd,
+     obsoletes QuietMode and FascistLogging in sshd.
+   - [sshd.c] fix fatal/assert() bug reported by damien@ibs.com.au:
+     allow session_key_int != sizeof(session_key)
+     [this should fix the pre-assert-removal-core-files]
+ - Updated default config file to use new LogLevel option and to improve
+   readability
+
+19991110
+ - Merged several minor fixes:
+   - ssh-agent commandline parsing
+   - RPM spec file now installs ssh setuid root
+   - Makefile creates libdir
+   - Merged beginnings of Solaris compability from Marc G. Fournier
+     <marc.fournier@acadiau.ca>
+
+19991109
+ - Autodetection of SSL/Crypto library location via autoconf
+ - Fixed location of ssh-askpass to follow autoconf
+ - Integrated Makefile patch from Niels Kristian Bech Jensen <nkbj@image.dk>
+ - Autodetection of RSAref library for US users
+ - Minor doc updates
+ - Merged OpenBSD CVS changes:
+   - [rsa.c] bugfix: use correct size for memset()
+   - [sshconnect.c] warn if announced size of modulus 'n' != real size
+ - Added GNOME passphrase requestor (use --with-gnome-askpass)
+ - RPM build now creates subpackages
+ - Released 1.2pre9
+
+19991108
+ - Removed debian/ directory. This is now being maintained separately.
+ - Added symlinks for slogin in RPM spec file
+ - Fixed permissions on manpages in RPM spec file
+ - Added references to required libraries in README file
+ - Removed config.h.in from CVS
+ - Removed pwdb support (better pluggable auth is provided by glibc)
+ - Made PAM and requisite libdl optional
+ - Removed lots of unnecessary checks from autoconf
+ - Added support and autoconf test for openpty() function (Unix98 pty support)
+ - Fix for scp not finding ssh if not installed as /usr/bin/ssh
+ - Added TODO file
+ - Merged parts of Debian patch From Phil Hands <phil@hands.com>:
+   - Added ssh-askpass program
+   - Added ssh-askpass support to ssh-add.c
+   - Create symlinks for slogin on install
+   - Fix "distclean" target in makefile
+   - Added example for ssh-agent to manpage
+   - Added support for PAM_TEXT_INFO messages
+   - Disable internal /etc/nologin support if PAM enabled
+ - Merged latest OpenBSD CVS changes:
+   - [all] replace assert() with error, fatal or packet_disconnect
+   - [sshd.c] don't send fail-msg but disconnect if too many authentication
+     failures
+   - [sshd.c] remove unused argument. ok dugsong
+   - [sshd.c] typo
+   - [rsa.c] clear buffers used for encryption. ok: niels
+   - [rsa.c] replace assert() with error, fatal or packet_disconnect
+   - [auth-krb4.c] remove unused argument. ok dugsong
+ - Fixed coredump after merge of OpenBSD rsa.c patch
+ - Released 1.2pre8
+
+19991102
+ - Merged change from OpenBSD CVS
+  - One-line cleanup in sshd.c
+
+19991030
+ - Integrated debian package support from Dan Brosemer <odin@linuxfreak.com>
+ - Merged latest updates for OpenBSD CVS:
+   - channels.[ch] - remove broken x11 fix and document istate/ostate
+   - ssh-agent.c - call setsid() regardless of argv[]
+   - ssh.c - save a few lines when disabling rhosts-{rsa-}auth
+ - Documentation cleanups
+ - Renamed README -> README.Ylonen
+ - Renamed README.openssh ->README
+
+19991029
+ - Renamed openssh* back to ssh* at request of Theo de Raadt
+ - Incorporated latest changes from OpenBSD's CVS
+ - Integrated Makefile patch from  Niels Kristian Bech Jensen <nkbj@image.dk>
+ - Integrated PAM env patch from Nalin Dahyabhai <nalin.dahyabhai@pobox.com>
+ - Make distclean now removed configure script
+ - Improved PAM logging
+ - Added some debug() calls for PAM
+ - Removed redundant subdirectories
+ - Integrated part of a patch from Dan Brosemer <odin@linuxfreak.com> for
+   building on Debian.
+ - Fixed off-by-one error in PAM env patch
+ - Released 1.2pre6
+
+19991028
+ - Further PAM enhancements.
+   - Much cleaner
+   - Now uses account and session modules for all logins.
+ - Integrated patch from Dan Brosemer <odin@linuxfreak.com>
+   - Build fixes
+   - Autoconf
+   - Change binary names to open*
+ - Fixed autoconf script to detect PAM on RH6.1
+ - Added tests for libpwdb, and OpenBSD functions to autoconf
+ - Released 1.2pre4
+
+ - Imported latest OpenBSD CVS code
+ - Updated README.openssh
+ - Released 1.2pre5
+
+19991027
+ - Adapted PAM patch.
+ - Released 1.0pre2
+
+ - Excised my buggy replacements for strlcpy and mkdtemp
+ - Imported correct OpenBSD strlcpy and mkdtemp routines.
+ - Reduced arc4random_stir entropy read to 32 bytes (256 bits)
+ - Picked up correct version number from OpenBSD
+ - Added sshd.pam PAM configuration file
+ - Added sshd.init Redhat init script
+ - Added openssh.spec RPM spec file
+ - Released 1.2pre3
+
+19991026
+ - Fixed include paths of OpenSSL functions
+ - Use OpenSSL MD5 routines
+ - Imported RC4 code from nanocrypt
+ - Wrote replacements for OpenBSD arc4random* functions
+ - Wrote replacements for strlcpy and mkdtemp
+ - Released 1.0pre1
+
+$Id: ChangeLog,v 1.3 2002/05/10 22:24:35 stealth Exp $