OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=16

openssh-4.7p1-addrlist.dif

@@ -1,87 +0,0 @@
---- sshd.c
-+++ sshd.c
-@@ -253,6 +253,62 @@
- 
- static void do_ssh1_kex(void);
- static void do_ssh2_kex(void);
-+char * isaddr(struct addrinfo *addr, char *name);
-+void remove_duplicities(struct addrinfo *addr, char *port);
-+
-+/*
-+ * returns port if addr equals name
-+ */
-+
-+char*
-+isaddr(struct addrinfo *addr, char *name)
-+{
-+    char ntop[NI_MAXHOST];
-+    char *strport;
-+    
-+    strport = (char*) malloc(NI_MAXSERV+1);
-+    if (getnameinfo(addr->ai_addr, addr->ai_addrlen,
-+        ntop, sizeof(ntop), strport, sizeof(strport), 
-+        NI_NUMERICHOST|NI_NUMERICSERV) != 0) {
-+            error("getnameinfo failed");
-+            free(strport);
-+            return NULL;
-+    }
-+    if (!strcmp(ntop,name))
-+        return strport;
-+    else{
-+        free(strport);
-+        return NULL;
-+    }
-+
-+}
-+
-+/*
-+ * it removes all "0.0.0.0" elements with given port
-+ * from the list
-+ */
-+
-+void
-+remove_duplicities(struct addrinfo *ai_start, char *port)
-+{
-+    struct addrinfo *ai, *ai1, *aiprev, *ainext;
-+    char *port1;
-+
-+    aiprev=ai_start;
-+    for (ai = ai_start->ai_next; ai; ai = ainext) {
-+        ainext = ai->ai_next;
-+        port1 = isaddr(ai, "0.0.0.0");
-+        if (port1 && !strcmp(port,port1)){
-+            aiprev->ai_next = ainext;
-+            free(ai);
-+            free(port1);
-+        } else {
-+            if (port1)
-+                free(port1);
-+            aiprev = ai;
-+        }
-+    }
-+}
- 
- /*
-  * Close all listening sockets
-@@ -942,6 +998,7 @@
- 	int ret, listen_sock, on = 1;
- 	struct addrinfo *ai;
- 	char ntop[NI_MAXHOST], strport[NI_MAXSERV];
-+	char *port;
- 
- 	for (ai = options.listen_addrs; ai; ai = ai->ai_next) {
- 		if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
-@@ -987,6 +1044,13 @@
- 			continue;
- 		}
- 		listen_socks[num_listen_socks] = listen_sock;
-+
-+		port = isaddr(ai,"::");
-+		if (port) {
-+			remove_duplicities(ai, port);
-+			free(port);
-+		}
-+
- 		num_listen_socks++;
- 
- 		/* Start listening on the port. */

openssh-4.7p1-pam_session_close.diff

@@ -1,129 +0,0 @@
---- auth-pam.c
-+++ auth-pam.c
-@@ -598,15 +598,17 @@
- void
- sshpam_cleanup(void)
- {
--	debug("PAM: cleanup");
--	if (sshpam_handle == NULL)
-+	if (sshpam_handle == NULL || (use_privsep && !mm_is_monitor()))
- 		return;
-+	debug("PAM: cleanup");
- 	pam_set_item(sshpam_handle, PAM_CONV, (const void *)&null_conv);
- 	if (sshpam_cred_established) {
-+		debug("PAM: deleting credentials");
- 		pam_setcred(sshpam_handle, PAM_DELETE_CRED);
- 		sshpam_cred_established = 0;
- 	}
- 	if (sshpam_session_open) {
-+		debug("PAM: closing session");
- 		pam_close_session(sshpam_handle, PAM_SILENT);
- 		sshpam_session_open = 0;
- 	}
---- monitor.c
-+++ monitor.c
-@@ -1546,6 +1546,11 @@
- 	/* The child is terminating */
- 	session_destroy_all(&mm_session_close);
- 
-+#ifdef USE_PAM
-+	if (options.use_pam)
-+		sshpam_cleanup();
-+#endif
-+
- 	while (waitpid(pmonitor->m_pid, &status, 0) == -1)
- 		if (errno != EINTR)
- 			exit(1);
---- session.c
-+++ session.c
-@@ -422,11 +422,6 @@
- 
- 	session_proctitle(s);
- 
--#if defined(USE_PAM)
--	if (options.use_pam && !use_privsep)
--		do_pam_setcred(1);
--#endif /* USE_PAM */
--
- 	/* Fork the child. */
- 	if ((pid = fork()) == 0) {
- 		is_child = 1;
-@@ -557,14 +552,6 @@
- 	ptyfd = s->ptyfd;
- 	ttyfd = s->ttyfd;
- 
--#if defined(USE_PAM)
--	if (options.use_pam) {
--		do_pam_set_tty(s->tty);
--		if (!use_privsep)
--			do_pam_setcred(1);
--	}
--#endif
--
- 	/* Fork the child. */
- 	if ((pid = fork()) == 0) {
- 		is_child = 1;
-@@ -1310,16 +1297,8 @@
- # ifdef __bsdi__
- 		setpgid(0, 0);
- # endif
--#ifdef GSSAPI
--		if (options.gss_authentication) {
--			temporarily_use_uid(pw);
--			ssh_gssapi_storecreds();
--			restore_uid();
--		}
--#endif
- # ifdef USE_PAM
- 		if (options.use_pam) {
--			do_pam_session();
- 			do_pam_setcred(use_privsep);
- 		}
- # endif /* USE_PAM */
-@@ -1347,13 +1326,6 @@
- 			exit(1);
- 		}
- 		endgrent();
--#ifdef GSSAPI
--		if (options.gss_authentication) {
--			temporarily_use_uid(pw);
--			ssh_gssapi_storecreds();
--			restore_uid();
--		}
--#endif
- # ifdef USE_PAM
- 		/*
- 		 * PAM credentials may take the form of supplementary groups.
-@@ -1361,7 +1333,6 @@
- 		 * Reestablish them here.
- 		 */
- 		if (options.use_pam) {
--			do_pam_session();
- 			do_pam_setcred(use_privsep);
- 		}
- # endif /* USE_PAM */
---- sshd.c
-+++ sshd.c
-@@ -1899,7 +1899,21 @@
- 	audit_event(SSH_AUTH_SUCCESS);
- #endif
- 
--	/*
-+#ifdef GSSAPI
-+	if (options.gss_authentication) {
-+		temporarily_use_uid(authctxt->pw);
-+		ssh_gssapi_storecreds();
-+		restore_uid();
-+	}
-+#endif
-+#ifdef USE_PAM
-+	if (options.use_pam) {
-+		do_pam_setcred(1);
-+		do_pam_session();
-+	}
-+#endif
-+
-+ 	/*
- 	 * In privilege separation, we fork another child and prepare
- 	 * file descriptor passing.
- 	 */

openssh-4.7p1-strict-aliasing-fix.diff

@@ -1,71 +0,0 @@
---- readconf.c
-+++ readconf.c
-@@ -328,6 +328,7 @@
- 	int opcode, *intptr, value, value2, scale;
- 	long long orig, val64;
- 	size_t len;
-+	LogLevel *loglevelptr;
- 	Forward fwd;
- 
- 	/* Strip trailing whitespace */
-@@ -692,14 +693,14 @@
- 		break;
- 
- 	case oLogLevel:
--		intptr = (int *) &options->log_level;
-+		loglevelptr = &options->log_level;
- 		arg = strdelim(&s);
- 		value = log_level_number(arg);
- 		if (value == SYSLOG_LEVEL_NOT_SET)
- 			fatal("%.200s line %d: unsupported log level '%s'",
- 			    filename, linenum, arg ? arg : "<NONE>");
--		if (*activep && (LogLevel) *intptr == SYSLOG_LEVEL_NOT_SET)
--			*intptr = (LogLevel) value;
-+		if (*activep && *loglevelptr == SYSLOG_LEVEL_NOT_SET)
-+			*loglevelptr = (LogLevel) value;
- 		break;
- 
- 	case oLocalForward:
---- servconf.c
-+++ servconf.c
-@@ -622,6 +622,8 @@
- {
- 	char *cp, **charptr, *arg, *p;
- 	int cmdline = 0, *intptr, value, n;
-+	LogLevel *loglevelptr;
-+	SyslogFacility *syslogfacilityptr;
- 	ServerOpCodes opcode;
- 	u_short port;
- 	u_int i, flags = 0;
-@@ -977,25 +979,25 @@
- 		goto parse_flag;
- 
- 	case sLogFacility:
--		intptr = (int *) &options->log_facility;
-+		syslogfacilityptr = &options->log_facility;
- 		arg = strdelim(&cp);
- 		value = log_facility_number(arg);
- 		if (value == SYSLOG_FACILITY_NOT_SET)
- 			fatal("%.200s line %d: unsupported log facility '%s'",
- 			    filename, linenum, arg ? arg : "<NONE>");
--		if (*intptr == -1)
--			*intptr = (SyslogFacility) value;
-+		if (*syslogfacilityptr == -1)
-+			*syslogfacilityptr = (SyslogFacility) value;
- 		break;
- 
- 	case sLogLevel:
--		intptr = (int *) &options->log_level;
-+		loglevelptr = &options->log_level;
- 		arg = strdelim(&cp);
- 		value = log_level_number(arg);
- 		if (value == SYSLOG_LEVEL_NOT_SET)
- 			fatal("%.200s line %d: unsupported log level '%s'",
- 			    filename, linenum, arg ? arg : "<NONE>");
--		if (*intptr == -1)
--			*intptr = (LogLevel) value;
-+		if (*loglevelptr == -1)
-+			*loglevelptr = (LogLevel) value;
- 		break;
- 
- 	case sAllowTcpForwarding:

openssh-4.7p1.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:8263902702790d82d0e34006d7b3849d57e8fbd1d31278f9598798bd1765e237
-size 796599

openssh-5.0p1-engines.diff

@@ -1,14 +1,14 @@
---- openssh-4.6p1/ssh-add.c
+--- openssh-4.9p1/ssh-add.c
-+++ openssh-4.6p1/ssh-add.c
++++ openssh-4.9p1/ssh-add.c
-@@ -42,6 +42,7 @@
+@@ -43,6 +43,7 @@
- #include <sys/param.h>
  
  #include <openssl/evp.h>
+ #include "openbsd-compat/openssl-compat.h"
 +#include <openssl/engine.h>
  
  #include <fcntl.h>
  #include <pwd.h>
-@@ -343,6 +344,10 @@
+@@ -344,6 +345,10 @@
  
  	SSLeay_add_all_algorithms();
  
@@ -19,17 +19,17 @@
  	/* At first, get a connection to the authentication agent. */
  	ac = ssh_get_authentication_connection();
  	if (ac == NULL) {
---- openssh-4.6p1/ssh-agent.c
+--- openssh-4.9p1/ssh-agent.c
-+++ openssh-4.6p1/ssh-agent.c
++++ openssh-4.9p1/ssh-agent.c
-@@ -51,6 +51,7 @@
+@@ -52,6 +52,7 @@
- 
  #include <openssl/evp.h>
  #include <openssl/md5.h>
+ #include "openbsd-compat/openssl-compat.h"
 +#include <openssl/engine.h>
  
  #include <errno.h>
  #include <fcntl.h>
-@@ -1043,6 +1044,10 @@
+@@ -1063,6 +1064,10 @@
  
  	SSLeay_add_all_algorithms();
  
@@ -40,17 +40,17 @@
  	__progname = ssh_get_progname(av[0]);
  	init_rng();
  	seed_rng();
---- openssh-4.6p1/ssh-keygen.c
+--- openssh-4.9p1/ssh-keygen.c
-+++ openssh-4.6p1/ssh-keygen.c
++++ openssh-4.9p1/ssh-keygen.c
-@@ -21,6 +21,7 @@
+@@ -22,6 +22,7 @@
- 
  #include <openssl/evp.h>
  #include <openssl/pem.h>
+ #include "openbsd-compat/openssl-compat.h"
 +#include <openssl/engine.h>
  
  #include <errno.h>
  #include <fcntl.h>
-@@ -1073,6 +1074,11 @@
+@@ -1072,6 +1073,11 @@
  	__progname = ssh_get_progname(argv[0]);
  
  	SSLeay_add_all_algorithms();
@@ -62,8 +62,8 @@
  	log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1);
  
  	init_rng();
---- openssh-4.6p1/ssh-keysign.c
+--- openssh-4.9p1/ssh-keysign.c
-+++ openssh-4.6p1/ssh-keysign.c
++++ openssh-4.9p1/ssh-keysign.c
 @@ -38,6 +38,7 @@
  #include <openssl/evp.h>
  #include <openssl/rand.h>
@@ -84,17 +84,17 @@
  	for (i = 0; i < 256; i++)
  		rnd[i] = arc4random();
  	RAND_seed(rnd, sizeof(rnd));
---- openssh-4.6p1/ssh.c
+--- openssh-4.9p1/ssh.c
-+++ openssh-4.6p1/ssh.c
++++ openssh-4.9p1/ssh.c
-@@ -72,6 +72,7 @@
+@@ -73,6 +73,7 @@
- 
  #include <openssl/evp.h>
  #include <openssl/err.h>
+ #include "openbsd-compat/openssl-compat.h"
 +#include <openssl/engine.h>
  
  #include "xmalloc.h"
  #include "ssh.h"
-@@ -556,6 +557,10 @@
+@@ -561,6 +562,10 @@
  	SSLeay_add_all_algorithms();
  	ERR_load_crypto_strings();
  
@@ -105,17 +105,17 @@
  	/* Initialize the command to execute on remote host. */
  	buffer_init(&command);
  
---- openssh-4.6p1/sshd.c
+--- openssh-4.9p1/sshd.c
-+++ openssh-4.6p1/sshd.c
++++ openssh-4.9p1/sshd.c
-@@ -75,6 +75,7 @@
+@@ -76,6 +76,7 @@
- #include <openssl/bn.h>
  #include <openssl/md5.h>
  #include <openssl/rand.h>
+ #include "openbsd-compat/openssl-compat.h"
 +#include <openssl/engine.h>
+ 
  #ifdef HAVE_SECUREWARE
  #include <sys/security.h>
- #include <prot.h>
+@@ -1465,6 +1466,10 @@
-@@ -1445,6 +1446,10 @@
  
  	SSLeay_add_all_algorithms();
  

openssh-5.0p1-gssapimitm.patch

@@ -96,7 +96,7 @@ Index: auth2-gss.c
  
  	case oBatchMode:
  		intptr = &options->batch_mode;
-@@ -1012,6 +1018,7 @@
+@@ -1011,6 +1017,7 @@
  	options->challenge_response_authentication = -1;
  	options->gss_authentication = -1;
  	options->gss_deleg_creds = -1;
@@ -104,7 +104,7 @@ Index: auth2-gss.c
  	options->password_authentication = -1;
  	options->kbd_interactive_authentication = -1;
  	options->kbd_interactive_devices = NULL;
-@@ -1102,6 +1109,8 @@
+@@ -1101,6 +1108,8 @@
  		options->gss_authentication = 0;
  	if (options->gss_deleg_creds == -1)
  		options->gss_deleg_creds = 0;
@@ -133,7 +133,7 @@ Index: auth2-gss.c
  	options->password_authentication = -1;
  	options->kbd_interactive_authentication = -1;
  	options->challenge_response_authentication = -1;
-@@ -206,6 +207,8 @@
+@@ -207,6 +208,8 @@
  		options->gss_authentication = 0;
  	if (options->gss_cleanup_creds == -1)
  		options->gss_cleanup_creds = 1;
@@ -142,16 +142,16 @@ Index: auth2-gss.c
  	if (options->password_authentication == -1)
  		options->password_authentication = 1;
  	if (options->kbd_interactive_authentication == -1)
-@@ -290,7 +293,7 @@
+@@ -291,7 +294,7 @@
  	sBanner, sUseDNS, sHostbasedAuthentication,
  	sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
  	sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
 -	sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
 +	sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, sGssEnableMITM,
- 	sMatch, sPermitOpen, sForceCommand,
+ 	sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
  	sUsePrivilegeSeparation,
  	sDeprecated, sUnsupported
-@@ -351,9 +354,11 @@
+@@ -352,9 +355,11 @@
  #ifdef GSSAPI
  	{ "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
  	{ "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
@@ -163,7 +163,7 @@ Index: auth2-gss.c
  #endif
  	{ "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
  	{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
-@@ -877,6 +882,10 @@
+@@ -878,6 +883,10 @@
  	case sGssCleanupCreds:
  		intptr = &options->gss_cleanup_creds;
  		goto parse_flag;
@@ -176,7 +176,7 @@ Index: auth2-gss.c
  		intptr = &options->password_authentication;
 --- servconf.h
 +++ servconf.h
-@@ -88,6 +88,7 @@
+@@ -91,6 +91,7 @@
  						 * authenticated with Kerberos. */
  	int     gss_authentication;	/* If true, permit GSSAPI authentication */
  	int     gss_cleanup_creds;	/* If true, destroy cred cache on logout */
@@ -186,7 +186,7 @@ Index: auth2-gss.c
  	int     kbd_interactive_authentication;	/* If true, permit */
 --- ssh_config
 +++ ssh_config
-@@ -53,3 +53,13 @@
+@@ -54,3 +54,13 @@
  #   Tunnel no
  #   TunnelDevice any:any
  #   PermitLocalCommand no
@@ -202,7 +202,7 @@ Index: auth2-gss.c
 +>>>>>>>
 --- sshconnect2.c
 +++ sshconnect2.c
-@@ -242,6 +242,10 @@
+@@ -243,6 +243,10 @@
  		userauth_gssapi,
  		&options.gss_authentication,
  		NULL},
@@ -213,7 +213,7 @@ Index: auth2-gss.c
  #endif
  	{"hostbased",
  		userauth_hostbased,
-@@ -576,7 +580,9 @@
+@@ -577,7 +581,9 @@
  
  	if (status == GSS_S_COMPLETE) {
  		/* send either complete or MIC, depending on mechanism */
@@ -226,7 +226,7 @@ Index: auth2-gss.c
  		} else {
 --- sshd_config
 +++ sshd_config
-@@ -69,6 +69,13 @@
+@@ -73,6 +73,13 @@
  #GSSAPIAuthentication no
  #GSSAPICleanupCredentials yes
  

openssh-5.0p1-xauthlocalhostname.diff

@@ -1,6 +1,6 @@
 --- session.c
 +++ session.c
-@@ -996,7 +996,7 @@
+@@ -997,7 +997,7 @@
  }
  
  static char **
@@ -9,7 +9,7 @@
  {
  	char buf[256];
  	u_int i, envsize;
-@@ -1183,6 +1183,8 @@
+@@ -1184,6 +1184,8 @@
  		for (i = 0; env[i]; i++)
  			fprintf(stderr, "  %.200s\n", env[i]);
  	}
@@ -18,7 +18,7 @@
  	return env;
  }
  
-@@ -1191,7 +1193,7 @@
+@@ -1192,7 +1194,7 @@
   * first in this order).
   */
  static void
@@ -27,7 +27,7 @@
  {
  	FILE *f = NULL;
  	char cmd[1024];
-@@ -1244,12 +1246,20 @@
+@@ -1246,12 +1248,20 @@
  		    options.xauth_location);
  		f = popen(cmd, "w");
  		if (f) {
@@ -48,15 +48,15 @@
  		} else {
  			fprintf(stderr, "Could not run %s\n",
  			    cmd);
-@@ -1469,6 +1479,7 @@
+@@ -1537,6 +1547,7 @@
  {
  	extern char **environ;
  	char **env;
 +	int env_size;
- 	char *argv[10];
+ 	char *argv[ARGV_MAX];
  	const char *shell, *shell0, *hostname = NULL;
  	struct passwd *pw = s->pw;
-@@ -1534,7 +1545,7 @@
+@@ -1602,7 +1613,7 @@
  	 * Make sure $SHELL points to the shell from the password file,
  	 * even if shell is overridden from login.conf
  	 */
@@ -65,8 +65,8 @@
  
  #ifdef HAVE_LOGIN_CAP
  	shell = login_getcapstr(lc, "shell", (char *)shell, (char *)shell);
-@@ -1596,7 +1607,7 @@
+@@ -1666,7 +1677,7 @@
- 	}
+ 	closefrom(STDERR_FILENO + 1);
  
  	if (!options.use_login)
 -		do_rc_files(s, shell);

openssh-5.0p1.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:fafd3e0fe129d372340f17906bcdee4150823c2435fe8e85208b23df27ee3d4b
+size 810512

openssh-askpass-gnome.changes

@@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Wed Apr  9 14:35:42 CEST 2008 - anicka@suse.cz
+
+- update to 5.0p1 
+
+-------------------------------------------------------------------
+Wed Apr  2 15:06:01 CEST 2008 - anicka@suse.cz
+
+- update to 4.9p1 
+
 -------------------------------------------------------------------
 Wed Dec  5 10:56:07 CET 2007 - anicka@suse.cz
 

openssh-askpass-gnome.spec

@@ -1,5 +1,5 @@
 #
-# spec file for package openssh-askpass-gnome (Version 4.7p1)
+# spec file for package openssh-askpass-gnome (Version 5.0p1)
 #
 # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
 # This file and all modifications and additions to the pristine
@@ -10,12 +10,13 @@
 
 # norootforbuild
 
+
 Name:           openssh-askpass-gnome
 BuildRequires:  gtk2-devel krb5-devel opensc-devel openssh openssl-devel pam-devel tcpd-devel update-desktop-files
 License:        BSD 3-Clause
 Group:          Productivity/Networking/SSH
-Version:        4.7p1
+Version:        5.0p1
-Release:        12
+Release:        1
 Requires:       openssh = %{version} openssh-askpass = %{version}
 AutoReqProv:    on
 Summary:        A GNOME-Based Passphrase Dialog for OpenSSH
@@ -24,7 +25,6 @@ Url:            http://www.openssh.com/
 Source:         %{_name}-%{version}.tar.bz2
 Patch:          %{_name}-%{version}.dif
 Patch15:        %{_name}-%{version}-pam-fix2.diff
-Patch17:        %{_name}-%{version}-strict-aliasing-fix.diff
 Patch18:        %{_name}-%{version}-saveargv-fix.diff
 Patch19:        %{_name}-%{version}-pam-fix3.diff
 Patch21:        %{_name}-%{version}-gssapimitm.patch
@@ -68,7 +68,6 @@ Authors:
 %setup -q -n %{_name}-%{version}
 %patch 
 %patch15
-%patch17
 %patch18
 %patch19
 %patch21
@@ -112,7 +111,11 @@ rm -rf $RPM_BUILD_ROOT
 %attr(0755,root,root) /usr/%_lib/ssh/gnome-ssh-askpass
 
 %changelog
-* Wed Dec 05 2007 - anicka@suse.cz
+* Wed Apr 09 2008 anicka@suse.cz
+- update to 5.0p1
+* Wed Apr 02 2008 anicka@suse.cz
+- update to 4.9p1
+* Wed Dec 05 2007 anicka@suse.cz
 - - update to 4.7p1
   * Add "-K" flag for ssh to set GSSAPIAuthentication=yes and
   GSSAPIDelegateCredentials=yes. This is symmetric with -k
@@ -121,7 +124,7 @@ rm -rf $RPM_BUILD_ROOT
   * increase default channel windows
   * put the MAC list into a display
   * many bugfixes
-* Tue Dec 12 2006 - anicka@suse.cz
+* Tue Dec 12 2006 anicka@suse.cz
 - update to 4.5p1
   * Use privsep_pw if we have it, but only require it if we
   absolutely need it.
@@ -133,7 +136,7 @@ rm -rf $RPM_BUILD_ROOT
   be already full (of alive requests)
   * include signal.h, errno.h, sys/in.h
   * some more bugfixes
-* Wed Oct 04 2006 - postadal@suse.cz
+* Wed Oct 04 2006 postadal@suse.cz
 - updated to version 4.4p1 [#208662]
   * fixed pre-authentication DoS, that would cause sshd(8) to spin
   until the login grace time expired
@@ -155,23 +158,23 @@ rm -rf $RPM_BUILD_ROOT
   * extended sshd_config(5) "SubSystem" declarations to allow the
   specification of command-line arguments
 - removed obsoleted patches: autoconf-fix.patch
-* Tue Jul 25 2006 - schwab@suse.de
+* Tue Jul 25 2006 schwab@suse.de
 - Fix syntax error in configure script.
-* Wed Jan 25 2006 - mls@suse.de
+* Wed Jan 25 2006 mls@suse.de
 - converted neededforbuild to BuildRequires
-* Tue Jan 03 2006 - postadal@suse.cz
+* Tue Jan 03 2006 postadal@suse.cz
 - updated to version 4.2p1
 - removed obsoleted patches: upstream_fixes.diff, gssapi-secfix.patch
-* Thu Sep 08 2005 - postadal@suse.cz
+* Thu Sep 08 2005 postadal@suse.cz
 - don't strip
-* Thu Aug 04 2005 - uli@suse.de
+* Thu Aug 04 2005 uli@suse.de
 - parallelize build
-* Fri Jun 10 2005 - postadal@suse.cz
+* Fri Jun 10 2005 postadal@suse.cz
 - updated to version 4.1p1
 - removed obsoleted patches: restore_terminal, pam-returnfromsession,
   timing-attacks-fix, krb5ccname, gssapi-pam, logdenysource,
   sendenv-fix, documentation-fix
-* Wed Jan 19 2005 - postadal@suse.cz
+* Wed Jan 19 2005 postadal@suse.cz
 - renamed askpass-gnome package to openssh-askpass-gnome
-* Wed Jan 19 2005 - postadal@suse.cz
+* Wed Jan 19 2005 postadal@suse.cz
 - splited spec file to decreas number of build dependencies

openssh.changes

@@ -1,3 +1,72 @@
+-------------------------------------------------------------------
+Wed Apr  9 14:37:57 CEST 2008 - anicka@suse.cz
+
+- update to 5.0p1
+ * CVE-2008-1483: Avoid possible hijacking of X11-forwarded 
+   connections by refusing to listen on a port unless all address 
+   families bind successfully.
+- remove CVE-2008-1483 patch
+
+-------------------------------------------------------------------
+Wed Apr  2 14:57:26 CEST 2008 - anicka@suse.cz
+
+- update to 4.9p1 
+  * Disable execution of ~/.ssh/rc for sessions where a command has been
+    forced by the sshd_config ForceCommand directive. Users who had
+    write access to this file could use it to execute abritrary commands.
+    This behaviour was documented, but was an unsafe default and an extra
+    hassle for administrators.
+  * Added chroot(2) support for sshd(8), controlled by a new option
+    "ChrootDirectory". Please refer to sshd_config(5) for details, and
+    please use this feature carefully. (bz#177 bz#1352)
+  * Linked sftp-server(8) into sshd(8). The internal sftp server is
+    used when the command "internal-sftp" is specified in a Subsystem
+    or ForceCommand declaration. When used with ChrootDirectory, the
+    internal sftp server requires no special configuration of files
+    inside the chroot environment. Please refer to sshd_config(5) for
+    more information.
+  * Added a "no-user-rc" option for authorized_keys to disable execution
+    of ~/.ssh/rc
+  * Added a protocol extension method "posix-rename@openssh.com" for
+    sftp-server(8) to perform POSIX atomic rename() operations.
+    (bz#1400)
+  * Removed the fixed limit of 100 file handles in sftp-server(8). The
+    server will now dynamically allocate handles up to the number of
+    available file descriptors. (bz#1397)
+  * ssh(8) will now skip generation of SSH protocol 1 ephemeral server
+    keys when in inetd mode and protocol 2 connections are negotiated.
+    This speeds up protocol 2 connections to inetd-mode servers that
+    also allow Protocol 1 (bz#440)
+  * Accept the PermitRootLogin directive in a sshd_config(5) Match
+    block. Allows for, e.g. permitting root only from the local
+    network.
+  * Reworked sftp(1) argument splitting and escaping to be more
+    internally consistent (i.e. between sftp commands) and more
+    consistent with sh(1). Please note that this will change the
+    interpretation of some quoted strings, especially those with
+    embedded backslash escape sequences. (bz#778)
+  * Support "Banner=none" in sshd_config(5) to disable sending of a
+    pre-login banner (e.g. in a Match block).
+  * ssh(1) ProxyCommands are now executed with $SHELL rather than
+    /bin/sh.
+  * ssh(1)'s ConnectTimeout option is now applied to both the TCP
+    connection and the SSH banner exchange (previously it just covered
+    the TCP connection). This allows callers of ssh(1) to better detect
+    and deal with stuck servers that accept a TCP connection but don't
+    progress the protocol, and also makes ConnectTimeout useful for
+    connections via a ProxyCommand.
+  * Many new regression tests, including interop tests against PuTTY's
+    plink.
+  * Support BSM auditing on Mac OS X
+  * bugfixes
+- remove addrlist, pam_session_close, strict-aliasing-fix patches 
+  (not needed anymore)
+
+-------------------------------------------------------------------
+Tue Mar 25 11:10:14 CET 2008 - anicka@suse.cz
+
+- fix CVE-2008-1483 (bnc#373527) 
+
 -------------------------------------------------------------------
 Fri Jan  4 11:11:52 CET 2008 - anicka@suse.cz
 

openssh.spec

@@ -1,5 +1,5 @@
 #
-# spec file for package openssh (Version 4.7p1)
+# spec file for package openssh (Version 5.0p1)
 #
 # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
 # This file and all modifications and additions to the pristine
@@ -10,6 +10,7 @@
 
 # norootforbuild
 
+
 Name:           openssh
 %define _fwdefdir /etc/sysconfig/SuSEfirewall2.d/services
 %define _prefix %(xft-config --prefix)
@@ -28,8 +29,8 @@ Requires:       /bin/netstat
 PreReq:         /usr/sbin/groupadd /usr/sbin/useradd %insserv_prereq  %fillup_prereq /bin/mkdir /bin/cat permissions
 Conflicts:      nonfreessh
 AutoReqProv:    on
-Version:        4.7p1
+Version:        5.0p1
-Release:        11
+Release:        1
 %define xversion 1.2.4.1
 Summary:        Secure Shell Client and Server (Remote Login Program)
 Url:            http://www.openssh.com/
@@ -44,10 +45,8 @@ Source7:        ssh.reg
 Source8:        ssh-askpass
 Source9:        sshd.fw
 Patch:          %{name}-%{version}.dif
-Patch1:         %{name}-%{version}-addrlist.dif
 Patch12:        %{name}-%{version}-askpass-fix.diff
 Patch15:        %{name}-%{version}-pam-fix2.diff
-Patch17:        %{name}-%{version}-strict-aliasing-fix.diff
 Patch18:        %{name}-%{version}-saveargv-fix.diff
 Patch19:        %{name}-%{version}-pam-fix3.diff
 Patch21:        %{name}-%{version}-gssapimitm.patch
@@ -62,10 +61,10 @@ Patch41:        %{name}-%{version}-gcc-fix.patch
 Patch42:        %{name}-gssapi_krb5-fix.patch
 Patch43:        %{name}-%{version}-default-protocol.diff
 Patch44:        %{name}-%{version}-audit.patch
-Patch45:        %{name}-%{version}-pam_session_close.diff
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %package      askpass
+License:        BSD 3-Clause; X11/MIT
 Summary:        A passphrase dialog for OpenSSH and the X Window System
 Requires:       openssh = %{version}
 Provides:       openssh:/usr/%_lib/ssh/ssh-askpass
@@ -136,9 +135,7 @@ Authors:
 %prep
 %setup -q -b 3 -a 1 -a 5
 %patch 
-%patch1
 %patch15
-%patch17
 %patch18
 %patch19
 %patch21
@@ -153,7 +150,6 @@ Authors:
 %patch42
 %patch43
 %patch44 -p1
-%patch45
 cp -v %{SOURCE4} .
 cp -v %{SOURCE6} .
 cd ../x11-ssh-askpass-%{xversion}
@@ -296,14 +292,74 @@ rm -rf $RPM_BUILD_ROOT
 %config %_appdefdir/SshAskpass
 
 %changelog
-* Fri Jan 04 2008 - anicka@suse.cz
+* Wed Apr 09 2008 anicka@suse.cz
+- update to 5.0p1
+  * CVE-2008-1483: Avoid possible hijacking of X11-forwarded
+  connections by refusing to listen on a port unless all address
+  families bind successfully.
+- remove CVE-2008-1483 patch
+* Wed Apr 02 2008 anicka@suse.cz
+- update to 4.9p1
+  * Disable execution of ~/.ssh/rc for sessions where a command has been
+  forced by the sshd_config ForceCommand directive. Users who had
+  write access to this file could use it to execute abritrary commands.
+  This behaviour was documented, but was an unsafe default and an extra
+  hassle for administrators.
+  * Added chroot(2) support for sshd(8), controlled by a new option
+  "ChrootDirectory". Please refer to sshd_config(5) for details, and
+  please use this feature carefully. (bz#177 bz#1352)
+  * Linked sftp-server(8) into sshd(8). The internal sftp server is
+  used when the command "internal-sftp" is specified in a Subsystem
+  or ForceCommand declaration. When used with ChrootDirectory, the
+  internal sftp server requires no special configuration of files
+  inside the chroot environment. Please refer to sshd_config(5) for
+  more information.
+  * Added a "no-user-rc" option for authorized_keys to disable execution
+  of ~/.ssh/rc
+  * Added a protocol extension method "posix-rename@openssh.com" for
+  sftp-server(8) to perform POSIX atomic rename() operations.
+  (bz#1400)
+  * Removed the fixed limit of 100 file handles in sftp-server(8). The
+  server will now dynamically allocate handles up to the number of
+  available file descriptors. (bz#1397)
+  * ssh(8) will now skip generation of SSH protocol 1 ephemeral server
+  keys when in inetd mode and protocol 2 connections are negotiated.
+  This speeds up protocol 2 connections to inetd-mode servers that
+  also allow Protocol 1 (bz#440)
+  * Accept the PermitRootLogin directive in a sshd_config(5) Match
+  block. Allows for, e.g. permitting root only from the local
+  network.
+  * Reworked sftp(1) argument splitting and escaping to be more
+  internally consistent (i.e. between sftp commands) and more
+  consistent with sh(1). Please note that this will change the
+  interpretation of some quoted strings, especially those with
+  embedded backslash escape sequences. (bz#778)
+  * Support "Banner=none" in sshd_config(5) to disable sending of a
+  pre-login banner (e.g. in a Match block).
+  * ssh(1) ProxyCommands are now executed with $SHELL rather than
+  /bin/sh.
+  * ssh(1)'s ConnectTimeout option is now applied to both the TCP
+  connection and the SSH banner exchange (previously it just covered
+  the TCP connection). This allows callers of ssh(1) to better detect
+  and deal with stuck servers that accept a TCP connection but don't
+  progress the protocol, and also makes ConnectTimeout useful for
+  connections via a ProxyCommand.
+  * Many new regression tests, including interop tests against PuTTY's
+  plink.
+  * Support BSM auditing on Mac OS X
+  * bugfixes
+- remove addrlist, pam_session_close, strict-aliasing-fix patches
+  (not needed anymore)
+* Tue Mar 25 2008 anicka@suse.cz
+- fix CVE-2008-1483 (bnc#373527)
+* Fri Jan 04 2008 anicka@suse.cz
 - fix privileges of a firewall definition file [#351193]
-* Sat Dec 15 2007 - anicka@suse.cz
+* Sat Dec 15 2007 anicka@suse.cz
 - add patch calling pam with root privileges [#334559]
 - drop pwname-home patch [#104773]
-* Fri Dec 07 2007 - anicka@suse.cz
+* Sat Dec 08 2007 anicka@suse.cz
 - fix race condition in xauth patch
-* Wed Dec 05 2007 - anicka@suse.cz
+* Wed Dec 05 2007 anicka@suse.cz
 - update to 4.7p1
   * Add "-K" flag for ssh to set GSSAPIAuthentication=yes and
   GSSAPIDelegateCredentials=yes. This is symmetric with -k
@@ -312,21 +368,21 @@ rm -rf $RPM_BUILD_ROOT
   * increase default channel windows
   * put the MAC list into a display
   * many bugfixes
-* Mon Oct 08 2007 - anicka@suse.cz
+* Mon Oct 08 2007 anicka@suse.cz
 - block SIGALRM only during calling syslog() [#331032]
-* Thu Sep 13 2007 - nadvornik@suse.cz
+* Thu Sep 13 2007 nadvornik@suse.cz
 - fixed checking of an untrusted cookie, CVE-2007-4752 [#308521]
-* Tue Aug 28 2007 - anicka@suse.cz
+* Tue Aug 28 2007 anicka@suse.cz
 - fix blocksigalrm patch to set old signal mask after
   writing the log in every case [#304819]
-* Tue Aug 21 2007 - anicka@suse.cz
+* Tue Aug 21 2007 anicka@suse.cz
 - avoid generating ssh keys when a non-standard location
   is configured [#281228]
-* Wed Jul 25 2007 - anicka@suse.cz
+* Wed Jul 25 2007 anicka@suse.cz
 - fixed typo in sshd.fw [#293764]
-* Mon Mar 19 2007 - nadvornik@suse.cz
+* Mon Mar 19 2007 nadvornik@suse.cz
 - fixed default for ChallengeResponseAuthentication [#255374]
-* Mon Mar 12 2007 - anicka@suse.cz
+* Mon Mar 12 2007 anicka@suse.cz
 - update to 4.6p1
   * sshd now allows the enabling and disabling of authentication
   methods on a per user, group, host and network basis via the
@@ -339,16 +395,16 @@ rm -rf $RPM_BUILD_ROOT
   * hang on exit" when background processes are running at the
   time of exit on a ttyful/login session
   * some more bugfixes
-* Mon Mar 05 2007 - anicka@suse.cz
+* Mon Mar 05 2007 anicka@suse.cz
 - fix path for firewall definition
-* Thu Mar 01 2007 - anicka@suse.cz
+* Thu Mar 01 2007 anicka@suse.cz
 - add support for Linux audit (FATE #120269)
-* Wed Feb 21 2007 - anicka@suse.cz
+* Wed Feb 21 2007 anicka@suse.cz
 - add firewall definition [#246921], FATE #300687,
   source: sshd.fw
-* Sat Jan 06 2007 - anicka@suse.cz
+* Sat Jan 06 2007 anicka@suse.cz
 - disable SSHv1 protocol in default configuration [#231808]
-* Tue Dec 12 2006 - anicka@suse.cz
+* Tue Dec 12 2006 anicka@suse.cz
 - update to 4.5p1
   * Use privsep_pw if we have it, but only require it if we
   absolutely need it.
@@ -360,18 +416,18 @@ rm -rf $RPM_BUILD_ROOT
   be already full (of alive requests)
   * include signal.h, errno.h, sys/in.h
   * some more bugfixes
-* Wed Nov 22 2006 - anicka@suse.cz
+* Wed Nov 22 2006 anicka@suse.cz
 - fixed README.SuSE [#223025]
-* Thu Nov 09 2006 - anicka@suse.cz
+* Thu Nov 09 2006 anicka@suse.cz
 - backport security fixes from openssh 4.5 (#219115)
-* Tue Nov 07 2006 - ro@suse.de
+* Tue Nov 07 2006 ro@suse.de
 - fix manpage permissions
-* Tue Oct 31 2006 - anicka@suse.cz
+* Tue Oct 31 2006 anicka@suse.cz
 - fix gssapi_krb5-fix patch [#215615]
 - fix xauth patch
-* Tue Oct 10 2006 - postadal@suse.cz
+* Tue Oct 10 2006 postadal@suse.cz
 - fixed building openssh from src.rpm [#176528] (gssapi_krb5-fix.patch)
-* Tue Oct 03 2006 - postadal@suse.cz
+* Tue Oct 03 2006 postadal@suse.cz
 - updated to version 4.4p1 [#208662]
   * fixed pre-authentication DoS, that would cause sshd(8) to spin
   until the login grace time expired
@@ -394,138 +450,138 @@ rm -rf $RPM_BUILD_ROOT
   specification of command-line arguments
 - removed obsoleted patches: autoconf-fix.patch, dos-fix.patch
 - fixed gcc issues (gcc-fix.patch)
-* Wed Sep 20 2006 - postadal@suse.cz
+* Wed Sep 20 2006 postadal@suse.cz
 - fixed DoS by CRC compensation attack detector [#206917] (dos-fix.patch)
 - fixed client NULL deref on protocol error
 - cosmetic fix in init script [#203826]
-* Fri Sep 01 2006 - kukuk@suse.de
+* Fri Sep 01 2006 kukuk@suse.de
 - sshd.pamd: Add pam_loginuid, move pam_nologin to a better position
-* Fri Aug 25 2006 - postadal@suse.cz
+* Fri Aug 25 2006 postadal@suse.cz
 - fixed path for xauth [#198676]
-* Thu Aug 03 2006 - postadal@suse.cz
+* Thu Aug 03 2006 postadal@suse.cz
 - fixed build with X11R7
-* Thu Jul 20 2006 - postadal@suse.cz
+* Thu Jul 20 2006 postadal@suse.cz
 - updated to version 4.3p2
   * experimental support for tunneling network packets via tun(4)
 - removed obsoleted patches: pam-error.patch, CVE-2006-0225.patch,
   scp.patch, sigalarm.patch
-* Mon Feb 13 2006 - postadal@suse.cz
+* Mon Feb 13 2006 postadal@suse.cz
 - upstream fixes
   - fixed "scp a b c", when c is not directory (scp.patch)
   - eliminate some code duplicated in privsep and non-privsep paths, and
   explicitly clear SIGALRM handler (sigalarm.patch)
-* Fri Feb 03 2006 - postadal@suse.cz
+* Fri Feb 03 2006 postadal@suse.cz
 - fixed local arbitrary command execution vulnerability [#143435]
   (CVE-2006-0225.patch)
-* Thu Feb 02 2006 - postadal@suse.cz
+* Thu Feb 02 2006 postadal@suse.cz
 - fixed xauth.diff for disabled UsePrivilegeSeparation mode [#145809]
 - build on s390 without Smart card support (opensc) [#147383]
-* Mon Jan 30 2006 - postadal@suse.cz
+* Mon Jan 30 2006 postadal@suse.cz
 - fixed patch xauth.diff [#145809]
 - fixed comments [#142989]
-* Wed Jan 25 2006 - mls@suse.de
+* Wed Jan 25 2006 mls@suse.de
 - converted neededforbuild to BuildRequires
-* Mon Jan 16 2006 - meissner@suse.de
+* Mon Jan 16 2006 meissner@suse.de
 - added -fstack-protector.
-* Tue Jan 03 2006 - postadal@suse.cz
+* Tue Jan 03 2006 postadal@suse.cz
 - updated to version 4.2p1
 - removed obsoleted patches: upstream_fixes.diff, gssapi-secfix.patch
-* Tue Nov 15 2005 - postadal@suse.cz
+* Tue Nov 15 2005 postadal@suse.cz
 - do not delegate GSSAPI credentials to log in with a different method
   than GSSAPI [#128928] (CAN-2005-2798, gssapi-secfix.patch)
-* Sun Oct 23 2005 - postadal@suse.cz
+* Sun Oct 23 2005 postadal@suse.cz
 - fixed PAM to send authentication failing mesaage to client [#130043]
   (pam-error.patch)
-* Wed Sep 14 2005 - postadal@suse.cz
+* Wed Sep 14 2005 postadal@suse.cz
 - fixed uninitialized variable in patch xauth.diff [#98815]
-* Thu Sep 08 2005 - postadal@suse.cz
+* Thu Sep 08 2005 postadal@suse.cz
 - don't strip
-* Mon Sep 05 2005 - postadal@suse.cz
+* Mon Sep 05 2005 postadal@suse.cz
 - added patch xauth.diff prevent from polluting xauthority file [#98815]
-* Mon Aug 22 2005 - postadal@suse.cz
+* Mon Aug 22 2005 postadal@suse.cz
 - fixed problem when multiple accounts have same UID [#104773]
   (pwname-home.diff)
 - added fixes from upstream (upstream_fixes.diff)
-* Thu Aug 18 2005 - postadal@suse.cz
+* Thu Aug 18 2005 postadal@suse.cz
 - added patch tmpdir.diff for using $TMPDIR by ssh-agent [#95731]
-* Thu Aug 04 2005 - uli@suse.de
+* Thu Aug 04 2005 uli@suse.de
 - parallelize build
-* Mon Aug 01 2005 - postadal@suse.cz
+* Mon Aug 01 2005 postadal@suse.cz
 - added patch resolving problems with hostname changes [#98627]
   (xauthlocalhostname.diff)
-* Wed Jun 22 2005 - kukuk@suse.de
+* Wed Jun 22 2005 kukuk@suse.de
 - Compile/link with -fpie/-pie
-* Wed Jun 15 2005 - meissner@suse.de
+* Wed Jun 15 2005 meissner@suse.de
 - build x11-ask-pass with RPM_OPT_FLAGS.
-* Fri Jun 10 2005 - postadal@suse.cz
+* Fri Jun 10 2005 postadal@suse.cz
 - updated to version 4.1p1
 - removed obsoleted patches: restore_terminal, pam-returnfromsession,
   timing-attacks-fix, krb5ccname, gssapi-pam, logdenysource,
   sendenv-fix, documentation-fix
-* Thu Mar 10 2005 - postadal@suse.cz
+* Thu Mar 10 2005 postadal@suse.cz
 - fixed SendEnv config parsing bug
 - documented timeout on untrusted x11 forwarding sessions (openssh#849)
 - mentioned ForwardX11Trusted in ssh.1 (openssh#987)
-* Thu Mar 03 2005 - postadal@suse.cz
+* Thu Mar 03 2005 postadal@suse.cz
 - enabled accepting and sending locale environment variables in protocol 2
   [#65747, #50091]
-* Thu Feb 24 2005 - postadal@suse.cz
+* Thu Feb 24 2005 postadal@suse.cz
 - added patches from cvs: gssapi-pam (openssh#918),
   krb5ccname (openssh#445), logdenysource (openssh#909)
-* Thu Feb 03 2005 - postadal@suse.cz
+* Thu Feb 03 2005 postadal@suse.cz
 - fixed keyboard-interactive/pam/Kerberos leaks info about user existence
   [#48329] (openssh#971, CAN-2003-0190)
-* Wed Jan 19 2005 - postadal@suse.cz
+* Wed Jan 19 2005 postadal@suse.cz
 - splited spec file to decreas number of build dependencies
 - fixed restoring terminal setting after Ctrl+C during password prompt in scp/sftp [#43309]
 - allowed users to see output from failing PAM session modules (openssh #890,
   pam-returnfromsession.patch)
-* Mon Nov 08 2004 - kukuk@suse.de
+* Mon Nov 08 2004 kukuk@suse.de
 - Use common-* PAM config files for sshd PAM configuration
-* Mon Oct 25 2004 - postadal@suse.cz
+* Mon Oct 25 2004 postadal@suse.cz
 - switched heimdal-* to kerberos-devel-packages in #needforbuild
-* Fri Sep 03 2004 - ro@suse.de
+* Fri Sep 03 2004 ro@suse.de
 - fix lib64 issue
-* Tue Aug 31 2004 - postadal@suse.cz
+* Tue Aug 31 2004 postadal@suse.cz
 - updated to version 3.9p1
 - removed obsoleted patches: scp-fix.diff and window_change-fix.diff
-* Thu Aug 26 2004 - postadal@suse.cz
+* Thu Aug 26 2004 postadal@suse.cz
 - added openssh-askpass-gnome subpackage
 - added ssh-askpass script for choosing askpass depending on windowmanager
   (by Robert Love <rml@novell.com>)
 - build with Smart card support (opensc) [#44289]
-* Tue Aug 17 2004 - postadal@suse.cz
+* Tue Aug 17 2004 postadal@suse.cz
 - removed old implementation of "Update Messages" [#36059]
-* Thu Aug 12 2004 - postadal@suse.cz
+* Thu Aug 12 2004 postadal@suse.cz
 - updated to version 3.8p1
 - removed obsoleted patches: sftp-progress-fix and pam-fix4
-* Mon Jun 28 2004 - meissner@suse.de
+* Mon Jun 28 2004 meissner@suse.de
 - block sigalarm during syslog output or we might deadlock
   on recursively entering syslog(). (LTC#9523, SUSE#42354)
-* Wed May 26 2004 - postadal@suse.cz
+* Wed May 26 2004 postadal@suse.cz
 - fixed commented default value for GSSAPI
-* Thu May 20 2004 - mludvig@suse.cz
+* Thu May 20 2004 mludvig@suse.cz
 - Load drivers for available hardware crypto accelerators.
-* Fri Apr 30 2004 - postadal@suse.cz
+* Fri Apr 30 2004 postadal@suse.cz
 - updated README.kerberos (GSSAPICleanupCreds renamed to GSSAPICleanupCredentials)
-* Mon Apr 19 2004 - postadal@suse.cz
+* Mon Apr 19 2004 postadal@suse.cz
 - updated README.SuSE (GSSAPICleanupCreds renamed to GSSAPICleanupCredentials)
   [#39010]
-* Fri Mar 26 2004 - postadal@suse.cz
+* Fri Mar 26 2004 postadal@suse.cz
 - fixed sshd(8) and sshd_config(5) man pages (EAL3)
 - fixed spelling errors in README.SuSE [#37086]
-* Thu Mar 25 2004 - postadal@suse.cz
+* Thu Mar 25 2004 postadal@suse.cz
 - fixed change window request [#33177]
-* Mon Mar 22 2004 - postadal@suse.cz
+* Mon Mar 22 2004 postadal@suse.cz
 - updated README.SuSE
 - removed %%verify from /usr/bin/ssh in specfile
-* Thu Mar 18 2004 - postadal@suse.cz
+* Thu Mar 18 2004 postadal@suse.cz
 - fixed previous fix of security bug in scp [#35443] (CAN-2004-0175)
   (was too restrictive)
 - fixed permission of /usr/bin/ssh
-* Mon Mar 15 2004 - postadal@suse.cz
+* Mon Mar 15 2004 postadal@suse.cz
 - fixed comments in sshd_config and ssh_config
-* Mon Mar 15 2004 - postadal@suse.cz
+* Mon Mar 15 2004 postadal@suse.cz
 - enabled privilege separation mode (new version fixes a lot of problematic PAM
   calling [#30328])
 - fixed security bug in scp [#35443] (CAN-2004-0175)
@@ -533,10 +589,10 @@ rm -rf $RPM_BUILD_ROOT
   (set ForwardX11Trusted to 'yes' by default)
 - updated README.SuSE
 - fixed pam code (pam-fix4.diff, backported from openssh-SNAP-20040311)
-* Fri Mar 05 2004 - postadal@suse.cz
+* Fri Mar 05 2004 postadal@suse.cz
 - updated README.SuSE (Remote x11 clients are now untrusted by default) [#35368]
 - added gssapimitm patch (support for old GSSAPI)
-* Mon Mar 01 2004 - postadal@suse.cz
+* Mon Mar 01 2004 postadal@suse.cz
 - updated to version 3.8p1
   * The "gssapi" support has been replaced with the "gssapi-with-mic"
   to fix possible MITM attacks. These two versions are not compatible.
@@ -544,33 +600,33 @@ rm -rf $RPM_BUILD_ROOT
   pam-end-fix.diff
 - used process forking instead pthreads
   (developers fixed bugs in pam calling and they recommended to don't use threads)
-* Tue Feb 24 2004 - postadal@suse.cz
+* Tue Feb 24 2004 postadal@suse.cz
 - fixed the problem with save_argv in sshd.c re-apeared again in version 3.7.1p2
   (it caused bad behaviour after receiving SIGHUP - used by reload of init script)
   [#34845]
-* Wed Feb 18 2004 - kukuk@suse.de
+* Wed Feb 18 2004 kukuk@suse.de
 - Real strict-aliasing patch
-* Wed Feb 18 2004 - postadal@suse.cz
+* Wed Feb 18 2004 postadal@suse.cz
 - fixed strict-aliasing patch [#34551]
-* Sat Feb 14 2004 - adrian@suse.de
+* Sat Feb 14 2004 adrian@suse.de
 - provide SLP registration file /etc/slp.reg.d/ssh.reg
-* Tue Feb 03 2004 - postadal@suse.cz
+* Tue Feb 03 2004 postadal@suse.cz
 - used patch from pam-end-fix.diff [#33132]
 - fixed instalation openssh without documentation [#33937]
 - fixed auth-pam.c which breaks strict aliasing
-* Mon Jan 19 2004 - meissner@suse.de
+* Mon Jan 19 2004 meissner@suse.de
 - Added a ; to ssh-key-converter.c to fix gcc 3.4 build.
-* Fri Jan 16 2004 - kukuk@suse.de
+* Fri Jan 16 2004 kukuk@suse.de
 - Add pam-devel to neededforbuild
-* Thu Nov 06 2003 - postadal@suse.cz
+* Thu Nov 06 2003 postadal@suse.cz
 - added /usr/bin/slogin explicitly to %%file list [#32921]
-* Sun Nov 02 2003 - adrian@suse.de
+* Sun Nov 02 2003 adrian@suse.de
 - add %%run_permissions to fix build
-* Tue Oct 14 2003 - postadal@suse.cz
+* Tue Oct 14 2003 postadal@suse.cz
 - reverted value UsePAM to "yes" and set PasswordAuthentication to "no"
   in file /etc/ssh/sshd_config (the version 3.7.1p2 disabled PAM support
   by default) [#31749]
-* Tue Sep 23 2003 - draht@suse.de
+* Tue Sep 23 2003 draht@suse.de
 - New version 3.7.1p2; signature from 86FF9C48 Damien Miller
   verified for source tarball. Bugs fixed with this version:
   [#31637] (CAN-2003-0786, CAN-2003-0786). Briefly:
@@ -580,132 +636,132 @@ rm -rf $RPM_BUILD_ROOT
   to the **resp parameter as an array of pointers rather than
   as a pointer to an array of struct pam_responses.
   At least security bug 1) is exploitable.
-* Fri Sep 19 2003 - postadal@suse.cz
+* Fri Sep 19 2003 postadal@suse.cz
 - use pthreads instead process forking (it needs by pam modules)
 - fixed bug in calling pam_setcred [#31025]
   (pam-fix.diff - string "FILE:" added to begin of KRB5CCNAME)
 - updated README.SuSE
 - reverted ChallengeResponseAuthentication option to default value yes
   (necessary for pam authentication) [#31432]
-* Thu Sep 18 2003 - postadal@suse.cz
+* Thu Sep 18 2003 postadal@suse.cz
 - updated to version 3.7.1p1 (with security patches)
 - removed obsoleted patches: chauthtok.patch, krb-include-fix.diff,
   gssapi-fix.diff, saveargv-fix.diff, gssapi-20030430.diff, racecondition-fix
 - updated README.kerberos
-* Tue Sep 16 2003 - postadal@suse.cz
+* Tue Sep 16 2003 postadal@suse.cz
 - fixed race condition in allocating memory [#31025] (CAN-2003-0693)
-* Mon Sep 15 2003 - postadal@suse.cz
+* Mon Sep 15 2003 postadal@suse.cz
 - disabled privilege separation, which caused some problems [#30328]
   (updated README.SuSE)
-* Thu Sep 04 2003 - postadal@suse.cz
+* Thu Sep 04 2003 postadal@suse.cz
 - fixed bug in x11-ssh-askpass dialog [#25846] (askpass-fix.diff is workaround for gcc bug)
-* Fri Aug 29 2003 - kukuk@suse.de
+* Fri Aug 29 2003 kukuk@suse.de
 - Call useradd -r for system account [Bug #29611]
-* Mon Aug 25 2003 - postadal@suse.cz
+* Mon Aug 25 2003 postadal@suse.cz
 - use new stop_on_removal/restart_on_upate macros
 - fixed lib64 problem in /etc/ssh/sshd_config [#28766]
-* Tue Aug 19 2003 - mmj@suse.de
+* Tue Aug 19 2003 mmj@suse.de
 - Add sysconfig metadata [#28943]
-* Fri Aug 01 2003 - ro@suse.de
+* Fri Aug 01 2003 ro@suse.de
 - add e2fsprogs-devel to neededforbuild
-* Thu Jul 24 2003 - postadal@suse.cz
+* Thu Jul 24 2003 postadal@suse.cz
 - updated to version 3.6.1p2
 - added the new version of patch for GSSAPI (gssapi-20030430.diff),
   the older one was removed (gssapi.patch)
 - added README.kerberos to filelist
-* Tue Jun 03 2003 - mmj@suse.de
+* Tue Jun 03 2003 mmj@suse.de
 - Remove files we don't package
-* Wed Apr 02 2003 - postadal@suse.cz
+* Wed Apr 02 2003 postadal@suse.cz
 - fixed bad behaviour after receiving SIGHUP (this bug caused not working reload of init script)
-* Tue Mar 18 2003 - postadal@suse.cz
+* Tue Mar 18 2003 postadal@suse.cz
 - added $remote_fs to init.d script (needed if /usr is on remote fs [#25577])
-* Thu Mar 13 2003 - postadal@suse.cz
+* Thu Mar 13 2003 postadal@suse.cz
 - fixed segfault while using GSSAPI for authentication when connecting to localhost (took care about error value of ssh_gssapi_import_name() in function ssh_gssapi_client_ctx())
-* Mon Mar 10 2003 - kukuk@suse.de
+* Mon Mar 10 2003 kukuk@suse.de
 - Remove extra "/" from pid file path.
-* Mon Mar 03 2003 - postadal@suse.cz
+* Mon Mar 03 2003 postadal@suse.cz
 - modified init.d script (now checking sshd.init.pid instead of port 22) [#24263]
-* Mon Mar 03 2003 - okir@suse.de
+* Mon Mar 03 2003 okir@suse.de
 - added comment to /etc/pam.d/ssh on how to enable
   support for resmgr (#24363).
-* Fri Feb 21 2003 - postadal@suse.cz
+* Fri Feb 21 2003 postadal@suse.cz
 - added ssh-copy-id shell script [#23745]
-* Fri Feb 14 2003 - postadal@suse.cz
+* Fri Feb 14 2003 postadal@suse.cz
 - given back gssapi and dns-lookups patches
-* Wed Jan 22 2003 - postadal@suse.cz
+* Thu Jan 23 2003 postadal@suse.cz
 - updated to version 3.5p1
 - removed obsolete patches: owl-mm, forced-commands-only, krb
 - added patch krb5 (for heimdal)
 - temporarily removed gssapi patch and dns-lookups (needs rewriting)
 - fix sysconfig metadata
-* Thu Dec 05 2002 - okir@suse.de
+* Thu Dec 05 2002 okir@suse.de
 - avoid Kerberos DNS lookups in the default config (#20395)
 - added README.kerberos
-* Thu Sep 19 2002 - postadal@suse.cz
+* Thu Sep 19 2002 postadal@suse.cz
 - added info about changes in the new version of openssh
   to README.SuSE [#19757]
-* Mon Sep 02 2002 - okir@suse.de
+* Mon Sep 02 2002 okir@suse.de
 - privsep directory now /var/lib/empty, which is provided by
   filesystem package (#17556)
-* Wed Aug 28 2002 - nashif@suse.de
+* Wed Aug 28 2002 nashif@suse.de
 - Added insserv & co to PreReq
-* Mon Aug 26 2002 - okir@suse.de
+* Mon Aug 26 2002 okir@suse.de
 - applied patch that adds GSSAPI support in protocol version 2 (#18239)
-* Thu Aug 22 2002 - postadal@suse.cz
+* Thu Aug 22 2002 postadal@suse.cz
 - added the patch to fix malfunction of PermitRootLogin seted to
   forced-commands-only [#17149]
-* Fri Aug 09 2002 - okir@suse.de
+* Fri Aug 09 2002 okir@suse.de
 - syslog now reports kerberos auth method when logging in via
   kerberos (#17469)
-* Tue Jul 23 2002 - okir@suse.de
+* Tue Jul 23 2002 okir@suse.de
 - enabled kerberos support
 - added patch to support kerberos 5 authentication in privsep mode.
 - added missing section 5 manpages
 - added missing ssh-keysign to files list (new for privsep)
-* Mon Jul 22 2002 - okir@suse.de
+* Mon Jul 22 2002 okir@suse.de
 - fixed handling of expired passwords in privsep mode
-* Tue Jul 09 2002 - mmj@suse.de
+* Tue Jul 09 2002 mmj@suse.de
 - Don't source rc.config
-* Wed Jul 03 2002 - draht@suse.de
+* Wed Jul 03 2002 draht@suse.de
 - ssh-keygen must be told to explicitly create type rsa1 keys
   in the start script.
-* Tue Jul 02 2002 - ro@suse.de
+* Tue Jul 02 2002 ro@suse.de
 - useradd/groupadd in preinstall to standardize
-* Sat Jun 29 2002 - ro@suse.de
+* Sat Jun 29 2002 ro@suse.de
 - updated patch from solar: zero out bytes for no longer used pages
   in mmap-fallback solution
-* Thu Jun 27 2002 - ro@suse.de
+* Thu Jun 27 2002 ro@suse.de
 - updated owl-fallback.diff from solar
-* Thu Jun 27 2002 - ro@suse.de
+* Thu Jun 27 2002 ro@suse.de
 - update to 3.4p1
   o privilege separation support
   o overflow fix from ISS
 - unsplit openssh-server and openssh-client
-* Tue Jun 18 2002 - mmj@suse.de
+* Tue Jun 18 2002 mmj@suse.de
 - Update to 3.2.3p1 which fixed following compared to 3.2.2p1
   o a defect in the BSD_AUTH access control handling for
   o login/tty problems on Solaris (bug #245)
   o build problems on Cygwin systems
 - Split the package to openssh, openssh-server, openssh-client and
   openssh-askpass
-* Sun May 19 2002 - mmj@suse.de
+* Sun May 19 2002 mmj@suse.de
 - Updated to 3.2.2p which includes security and several bugfixes.
-* Fri Mar 15 2002 - ro@suse.de
+* Fri Mar 15 2002 ro@suse.de
 - added "Obsoletes: ssh"
-* Tue Mar 05 2002 - draht@suse.de
+* Tue Mar 05 2002 draht@suse.de
 - security fix for bug in channels.c (channelbug.dif)
-* Fri Mar 01 2002 - bk@suse.de
+* Fri Mar 01 2002 bk@suse.de
 - fix ssh-agent example to use eval `ssh-agent -s` and a typo.
 - add sentence on use of ssh-agent with startx
-* Tue Feb 26 2002 - bk@suse.de
+* Tue Feb 26 2002 bk@suse.de
 - update README.SuSE to improve documentation on protocol version
-* Wed Feb 13 2002 - cihlar@suse.cz
+* Wed Feb 13 2002 cihlar@suse.cz
 - rewritten addrlist patch - "0.0.0.0" is removed from list
   after "::" is successful [#8951]
-* Mon Feb 11 2002 - cihlar@suse.cz
+* Mon Feb 11 2002 cihlar@suse.cz
 - added info about the change of the default protocol version
   to README.SuSE
-* Thu Feb 07 2002 - cihlar@suse.cz
+* Thu Feb 07 2002 cihlar@suse.cz
 - removed addrlist patch which fixed bug [#8951] as it breaks
   functionality on machines with kernel without IPv6 support,
   bug reopened, new solution will be find
@@ -713,18 +769,18 @@ rm -rf $RPM_BUILD_ROOT
 - added ssh-keyconvert (thanks Olaf Kirch <okir@suse.de>)
 - removed static linking against libcrypto, as crypt() was removed
   from it [#5333]
-* Tue Jan 22 2002 - kukuk@suse.de
+* Tue Jan 22 2002 kukuk@suse.de
 - Add pam_nologin to account management (else it will not be
   called if user does not do password authentification)
-* Tue Jan 15 2002 - egmont@suselinux.hu
+* Tue Jan 15 2002 egmont@suselinux.hu
 - removed colon from shutdown message
-* Thu Jan 10 2002 - cihlar@suse.cz
+* Thu Jan 10 2002 cihlar@suse.cz
 - use %%{_lib}
-* Thu Dec 13 2001 - ro@suse.de
+* Thu Dec 13 2001 ro@suse.de
 - moved rc.config.d -> sysconfig
-* Mon Dec 10 2001 - cihlar@suse.cz
+* Mon Dec 10 2001 cihlar@suse.cz
 - removed START_SSHD
-* Fri Dec 07 2001 - cihlar@suse.cz
+* Fri Dec 07 2001 cihlar@suse.cz
 - update to version 3.0.2p1:
   * CheckMail option in sshd_config is deprecated
   * X11 cookies are now stored in $HOME
@@ -735,14 +791,14 @@ rm -rf $RPM_BUILD_ROOT
 - update x11-ssh-askpass to version 1.2.4.1:
   * fixed Imakefile.in
 - fixed bug in adresses "::" and "0.0.0.0" [#8951]
-* Fri Oct 05 2001 - cihlar@suse.cz
+* Fri Oct 05 2001 cihlar@suse.cz
 - update to version 2.9.9p2
 - removed obsolete clientloop and command patches
 - uncommented "HostKey /etc/ssh/ssh_host_rsa_key" in sshd_config
 - added German translation of e-mail to sysadmin
 - init script fixed to work when more listening sshd runs
 - added /bin/netstat to requires
-* Mon Sep 24 2001 - cihlar@suse.cz
+* Mon Sep 24 2001 cihlar@suse.cz
 - fixed security problem with sftp & bypassing
   keypair auth restrictions - patch based on CVS
 - fixed status part of init script - it returned
@@ -750,45 +806,45 @@ rm -rf $RPM_BUILD_ROOT
   and no listening sshd [#11220]
 - fixed stop part of init script - when there was no
   /var/run/sshd.pid, all sshd were killed
-* Thu Sep 06 2001 - nadvornik@suse.cz
+* Thu Sep 06 2001 nadvornik@suse.cz
 - added patch for correct buffer flushing from CVS [bug #6450]
-* Fri Jul 27 2001 - cihlar@suse.cz
+* Fri Jul 27 2001 cihlar@suse.cz
 - update x11-ssh-askpass to version 1.2.2
-* Thu Jul 26 2001 - cihlar@suse.cz
+* Thu Jul 26 2001 cihlar@suse.cz
 - update to version 2.9p2
 - removed obsolete "cookies" patch
-* Mon Jun 11 2001 - cihlar@suse.cz
+* Mon Jun 11 2001 cihlar@suse.cz
 - fixed to compile with new xmkmf
-* Thu Jun 07 2001 - cihlar@suse.cz
+* Thu Jun 07 2001 cihlar@suse.cz
 - fixed security bug when any file "cookies" could
   be removed by anybody
-* Tue Jun 05 2001 - bjacke@suse.de
+* Tue Jun 05 2001 bjacke@suse.de
 - generate rsa host key in init script
-* Tue Jun 05 2001 - cihlar@suse.cz
+* Tue Jun 05 2001 cihlar@suse.cz
 - removed complete path from PAM modules
-* Thu May 03 2001 - cihlar@suse.cz
+* Thu May 03 2001 cihlar@suse.cz
 - update to version 2.9p1
 - removed obsolete --with-openssl
 - removed obsolete man patch
-* Mon Apr 30 2001 - cihlar@suse.cz
+* Mon Apr 30 2001 cihlar@suse.cz
 - enable PAM support
-* Fri Apr 13 2001 - ro@suse.de
+* Fri Apr 13 2001 ro@suse.de
 - fixed specfile for extra README.SuSE
-* Fri Apr 13 2001 - cihlar@suse.cz
+* Fri Apr 13 2001 cihlar@suse.cz
 - fixed init script by new skeleton
-* Thu Mar 22 2001 - cihlar@suse.cz
+* Thu Mar 22 2001 cihlar@suse.cz
 - update to version 2.5.2p2
-* Wed Mar 14 2001 - cihlar@suse.cz
+* Wed Mar 14 2001 cihlar@suse.cz
 - fixed ssh man page
-* Mon Mar 12 2001 - cihlar@suse.cz
+* Mon Mar 12 2001 cihlar@suse.cz
 - update to version 2.5.1p2
 - added xf86 to neededforbuild
-* Fri Mar 09 2001 - schwab@suse.de
+* Fri Mar 09 2001 schwab@suse.de
 - Fix missing crypt declaration.
-* Fri Feb 23 2001 - cihlar@suse.cz
+* Fri Feb 23 2001 cihlar@suse.cz
 - update to version 2.5.1p1
 - update x11-ssh-askpass to version 1.2.0
-* Tue Feb 20 2001 - cihlar@suse.cz
+* Tue Feb 20 2001 cihlar@suse.cz
 - modified README.SuSE [#4365]
 - fixed start script to agree with skeleton
 - fixed start script so "stop" kills only sshd
@@ -797,78 +853,78 @@ rm -rf $RPM_BUILD_ROOT
 - "ListenAddress 0.0.0.0" in sshd_config commented out -
   listen on both ipv4 and ipv6
 - fixed var/adm/notify/messages/openssh_update [#6406]
-* Thu Jan 25 2001 - smid@suse.cz
+* Thu Jan 25 2001 smid@suse.cz
 - startup script fixed [#5559]
-* Tue Jan 16 2001 - nadvornik@suse.cz
+* Tue Jan 16 2001 nadvornik@suse.cz
 - libcrypto linked static [#5333]
-* Thu Jan 11 2001 - cihlar@suse.cz
+* Thu Jan 11 2001 cihlar@suse.cz
 - uncomment sftp-server part in sshd_config
 - added /usr/X11R6/lib/X11/app-defaults/SshAskpass to %%files
-* Thu Jan 11 2001 - cihlar@suse.cz
+* Thu Jan 11 2001 cihlar@suse.cz
 - fixed %%files [#5230]
 - fixed installation of x11-ssh-askpass to BuildRoot
 - added man pages of x11-ssh-askpass
-* Wed Jan 10 2001 - smid@suse.cz
+* Wed Jan 10 2001 smid@suse.cz
 - notice about how to enable ipv6 added to mail
 - for administrator [#5297]
-* Wed Dec 13 2000 - smid@suse.cz
+* Wed Dec 13 2000 smid@suse.cz
 - default ipv6 listennig disabled (problems with libc2.2) [#4588]
-* Tue Dec 05 2000 - smid@suse.cz
+* Tue Dec 05 2000 smid@suse.cz
 - notify message changed
-* Mon Dec 04 2000 - lmuelle@suse.de
+* Mon Dec 04 2000 lmuelle@suse.de
 - fixed provides/ conflicts to ssh
-* Thu Nov 30 2000 - smid@suse.cz
+* Thu Nov 30 2000 smid@suse.cz
 - path to ssh-askpass fixed
 - stop in %%preun removed
 - new init style
-* Sun Nov 26 2000 - schwab@suse.de
+* Mon Nov 27 2000 schwab@suse.de
 - Restore rcsshd link.
-* Sun Nov 26 2000 - kukuk@suse.de
+* Sun Nov 26 2000 kukuk@suse.de
 - Add openssl-devel to neededforbuild
-* Mon Nov 20 2000 - smid@suse.cz
+* Mon Nov 20 2000 smid@suse.cz
 - New version 2.3.0
-* Wed Sep 06 2000 - smid@suse.cz
+* Wed Sep 06 2000 smid@suse.cz
 - remove --with-ipv4-default option
-* Wed Jul 05 2000 - garloff@suse.de
+* Wed Jul 05 2000 garloff@suse.de
 - ... and tell the sysadmin and user more about what they can do
   about it (schwab).
-* Wed Jul 05 2000 - garloff@suse.de
+* Wed Jul 05 2000 garloff@suse.de
 - Inform the user (admin) about the fact that the default behaviour
   with respect to X11-forwarding has been changed to be disabled.
-* Wed Jun 28 2000 - smid@suse.cz
+* Wed Jun 28 2000 smid@suse.cz
 - warning that generating DSA key can an take a long time.
   (bugzilla 3015)
 - writing to wtmp and lastlog fixed (bugzilla 3024)
 - reading config file (parameter Protocol) fixed
-* Fri Jun 16 2000 - garloff@suse.de
+* Fri Jun 16 2000 garloff@suse.de
 - Added generation of ssh_host_dsa_key
-* Tue Jun 13 2000 - nadvornik@suse.cz
+* Tue Jun 13 2000 nadvornik@suse.cz
 - update to 2.1.1p1
-* Thu Jun 08 2000 - cihlar@suse.cz
+* Thu Jun 08 2000 cihlar@suse.cz
 - uncommented %%clean
-* Fri May 05 2000 - smid@suse.cz
+* Fri May 05 2000 smid@suse.cz
 - buildroot added
 - upgrade to 1.2.3
-* Tue Mar 21 2000 - kukuk@suse.de
+* Tue Mar 21 2000 kukuk@suse.de
 - Update to 1.2.2p1
-* Mon Mar 06 2000 - kukuk@suse.de
+* Mon Mar 06 2000 kukuk@suse.de
 - Fix the diff.
-* Sun Mar 05 2000 - kukuk@suse.de
+* Sun Mar 05 2000 kukuk@suse.de
 - Add a README.SuSE with a short description how to use ssh-add
-* Tue Feb 29 2000 - schwab@suse.de
+* Tue Feb 29 2000 schwab@suse.de
 - Update config.{guess,sub}.
-* Fri Feb 25 2000 - kukuk@suse.de
+* Fri Feb 25 2000 kukuk@suse.de
 - Fix need for build, add group tag.
-* Wed Feb 02 2000 - kukuk@suse.de
+* Wed Feb 02 2000 kukuk@suse.de
 - Change new defaults back to old one
-* Sun Jan 30 2000 - kukuk@suse.de
+* Sun Jan 30 2000 kukuk@suse.de
 - Add x11-ssh-askpass to filelist
-* Fri Jan 28 2000 - kukuk@suse.de
+* Fri Jan 28 2000 kukuk@suse.de
 - Update to OpenSSH 1.2.2
 - Add x11-ssh-askpass-1.0
-* Tue Jan 25 2000 - kukuk@suse.de
+* Tue Jan 25 2000 kukuk@suse.de
 - Add reload and status to /sbin/init.d/sshd [Bug 1747]
-* Thu Jan 20 2000 - kukuk@suse.de
+* Thu Jan 20 2000 kukuk@suse.de
 - Update to 1.2.1pre27 with IPv6 support
-* Fri Dec 31 1999 - kukuk@suse.de
+* Fri Dec 31 1999 kukuk@suse.de
 - Initial version