svn commit: r323124 - in stable/10: crypto/openssh crypto/openssh/contrib crypto/openssh/contrib/cygwin crypto/openssh/contrib/redhat crypto/openssh/contrib/suse crypto/openssh/openbsd-compat crypt...
Xin LI
delphij at gmail.com
Fri Sep 1 23:01:56 UTC 2017
Thanks!
On Fri, Sep 1, 2017 at 3:52 PM, Dag-Erling Smørgrav <des at freebsd.org> wrote:
> Author: des
> Date: Fri Sep 1 22:52:18 2017
> New Revision: 323124
> URL: https://svnweb.freebsd.org/changeset/base/323124
>
> Log:
> Upgrade OpenSSH to 7.3p1.
>
> This is the last version of OpenSSH which does not break compatibility
> more than we can live with in a stable branch. Further commits will
> follow to backport some bug fixes from newer versions.
>
> The sshd breakage in the previous attempt was due to an upstream bug
> (a 0 was changed to a 1 while refactoring send_rexec_state() in sshd.c)
> which only manifested itself when sshd was built with SSH 1 support.
>
> Approved by: re@
>
> Added:
> stable/10/crypto/openssh/.skipped-commit-ids
> - copied unchanged from r323120, stable/10/crypto/openssh/.skipped-commit-ids
> stable/10/crypto/openssh/openbsd-compat/bsd-err.c
> - copied unchanged from r323120, stable/10/crypto/openssh/openbsd-compat/bsd-err.c
> stable/10/crypto/openssh/platform-tracing.c
> - copied unchanged from r323120, stable/10/crypto/openssh/platform-tracing.c
> stable/10/crypto/openssh/regress/cfginclude.sh
> - copied unchanged from r323120, stable/10/crypto/openssh/regress/cfginclude.sh
> stable/10/crypto/openssh/regress/misc/
> - copied from r323120, stable/10/crypto/openssh/regress/misc/
> stable/10/crypto/openssh/regress/sshcfgparse.sh
> - copied unchanged from r323120, stable/10/crypto/openssh/regress/sshcfgparse.sh
> stable/10/crypto/openssh/regress/unittests/utf8/
> - copied from r323120, stable/10/crypto/openssh/regress/unittests/utf8/
> stable/10/crypto/openssh/utf8.c
> - copied unchanged from r323120, stable/10/crypto/openssh/utf8.c
> stable/10/crypto/openssh/utf8.h
> - copied unchanged from r323120, stable/10/crypto/openssh/utf8.h
> Deleted:
> stable/10/crypto/openssh/.cvsignore
> stable/10/crypto/openssh/openbsd-compat/.cvsignore
> stable/10/crypto/openssh/openbsd-compat/regress/.cvsignore
> stable/10/crypto/openssh/regress/.cvsignore
> stable/10/crypto/openssh/roaming.h
> stable/10/crypto/openssh/scard/
> Modified:
> stable/10/crypto/openssh/ChangeLog
> stable/10/crypto/openssh/INSTALL
> stable/10/crypto/openssh/Makefile.in
> stable/10/crypto/openssh/PROTOCOL
> stable/10/crypto/openssh/PROTOCOL.agent
> stable/10/crypto/openssh/PROTOCOL.certkeys
> stable/10/crypto/openssh/PROTOCOL.chacha20poly1305
> stable/10/crypto/openssh/README
> stable/10/crypto/openssh/audit-linux.c
> stable/10/crypto/openssh/auth-krb5.c
> stable/10/crypto/openssh/auth-options.c
> stable/10/crypto/openssh/auth-pam.c
> stable/10/crypto/openssh/auth-pam.h
> stable/10/crypto/openssh/auth-passwd.c
> stable/10/crypto/openssh/auth-rh-rsa.c
> stable/10/crypto/openssh/auth-rhosts.c
> stable/10/crypto/openssh/auth.c
> stable/10/crypto/openssh/auth.h
> stable/10/crypto/openssh/auth2-chall.c
> stable/10/crypto/openssh/auth2-hostbased.c
> stable/10/crypto/openssh/auth2.c
> stable/10/crypto/openssh/authfile.c
> stable/10/crypto/openssh/canohost.c
> stable/10/crypto/openssh/canohost.h
> stable/10/crypto/openssh/channels.c
> stable/10/crypto/openssh/cipher-bf1.c
> stable/10/crypto/openssh/cipher.c
> stable/10/crypto/openssh/clientloop.c
> stable/10/crypto/openssh/compat.c
> stable/10/crypto/openssh/config.h
> stable/10/crypto/openssh/configure.ac
> stable/10/crypto/openssh/contrib/cygwin/README
> stable/10/crypto/openssh/contrib/redhat/openssh.spec
> stable/10/crypto/openssh/contrib/ssh-copy-id
> stable/10/crypto/openssh/contrib/suse/openssh.spec
> stable/10/crypto/openssh/defines.h
> stable/10/crypto/openssh/dh.c
> stable/10/crypto/openssh/dh.h
> stable/10/crypto/openssh/freebsd-configure.sh
> stable/10/crypto/openssh/kex.c
> stable/10/crypto/openssh/kex.h
> stable/10/crypto/openssh/kexc25519.c
> stable/10/crypto/openssh/kexdh.c
> stable/10/crypto/openssh/kexdhc.c
> stable/10/crypto/openssh/kexdhs.c
> stable/10/crypto/openssh/kexgexs.c
> stable/10/crypto/openssh/key.c
> stable/10/crypto/openssh/log.c
> stable/10/crypto/openssh/log.h
> stable/10/crypto/openssh/mac.c
> stable/10/crypto/openssh/mac.h
> stable/10/crypto/openssh/misc.c
> stable/10/crypto/openssh/misc.h
> stable/10/crypto/openssh/moduli
> stable/10/crypto/openssh/monitor.c
> stable/10/crypto/openssh/monitor_fdpass.c
> stable/10/crypto/openssh/monitor_wrap.c
> stable/10/crypto/openssh/monitor_wrap.h
> stable/10/crypto/openssh/mux.c
> stable/10/crypto/openssh/myproposal.h
> stable/10/crypto/openssh/opacket.h
> stable/10/crypto/openssh/openbsd-compat/Makefile.in
> stable/10/crypto/openssh/openbsd-compat/arc4random.c
> stable/10/crypto/openssh/openbsd-compat/bindresvport.c
> stable/10/crypto/openssh/openbsd-compat/bsd-asprintf.c
> stable/10/crypto/openssh/openbsd-compat/bsd-misc.c
> stable/10/crypto/openssh/openbsd-compat/bsd-misc.h
> stable/10/crypto/openssh/openbsd-compat/bsd-snprintf.c
> stable/10/crypto/openssh/openbsd-compat/inet_aton.c
> stable/10/crypto/openssh/openbsd-compat/openbsd-compat.h
> stable/10/crypto/openssh/openbsd-compat/port-solaris.h
> stable/10/crypto/openssh/openbsd-compat/vis.c
> stable/10/crypto/openssh/openbsd-compat/vis.h
> stable/10/crypto/openssh/openbsd-compat/xcrypt.c
> stable/10/crypto/openssh/packet.c
> stable/10/crypto/openssh/packet.h
> stable/10/crypto/openssh/pathnames.h
> stable/10/crypto/openssh/platform.c
> stable/10/crypto/openssh/platform.h
> stable/10/crypto/openssh/progressmeter.c
> stable/10/crypto/openssh/readconf.c
> stable/10/crypto/openssh/readconf.h
> stable/10/crypto/openssh/regress/Makefile
> stable/10/crypto/openssh/regress/agent-getpeereid.sh
> stable/10/crypto/openssh/regress/cert-hostkey.sh
> stable/10/crypto/openssh/regress/cert-userkey.sh
> stable/10/crypto/openssh/regress/cfgparse.sh
> stable/10/crypto/openssh/regress/connect-privsep.sh
> stable/10/crypto/openssh/regress/forwarding.sh
> stable/10/crypto/openssh/regress/integrity.sh
> stable/10/crypto/openssh/regress/modpipe.c
> stable/10/crypto/openssh/regress/netcat.c
> stable/10/crypto/openssh/regress/test-exec.sh
> stable/10/crypto/openssh/regress/unittests/Makefile
> stable/10/crypto/openssh/regress/unittests/sshbuf/test_sshbuf_misc.c
> stable/10/crypto/openssh/regress/unittests/sshkey/test_sshkey.c
> stable/10/crypto/openssh/regress/unittests/test_helper/Makefile
> stable/10/crypto/openssh/sandbox-seccomp-filter.c
> stable/10/crypto/openssh/scp.1
> stable/10/crypto/openssh/scp.c
> stable/10/crypto/openssh/servconf.c
> stable/10/crypto/openssh/serverloop.c
> stable/10/crypto/openssh/session.c
> stable/10/crypto/openssh/session.h
> stable/10/crypto/openssh/sftp-client.c
> stable/10/crypto/openssh/sftp-server.c
> stable/10/crypto/openssh/sftp.1
> stable/10/crypto/openssh/sftp.c
> stable/10/crypto/openssh/ssh-agent.1
> stable/10/crypto/openssh/ssh-agent.c
> stable/10/crypto/openssh/ssh-dss.c
> stable/10/crypto/openssh/ssh-ecdsa.c
> stable/10/crypto/openssh/ssh-ed25519.c
> stable/10/crypto/openssh/ssh-keygen.1
> stable/10/crypto/openssh/ssh-keygen.c
> stable/10/crypto/openssh/ssh-keyscan.c
> stable/10/crypto/openssh/ssh-rsa.c
> stable/10/crypto/openssh/ssh.1
> stable/10/crypto/openssh/ssh.c
> stable/10/crypto/openssh/ssh1.h
> stable/10/crypto/openssh/ssh2.h
> stable/10/crypto/openssh/ssh_api.c
> stable/10/crypto/openssh/ssh_config
> stable/10/crypto/openssh/ssh_config.5
> stable/10/crypto/openssh/ssh_namespace.h
> stable/10/crypto/openssh/sshbuf-getput-basic.c
> stable/10/crypto/openssh/sshbuf-misc.c
> stable/10/crypto/openssh/sshbuf.h
> stable/10/crypto/openssh/sshconnect2.c
> stable/10/crypto/openssh/sshd.c
> stable/10/crypto/openssh/sshd_config
> stable/10/crypto/openssh/sshd_config.5
> stable/10/crypto/openssh/sshkey.c
> stable/10/crypto/openssh/sshkey.h
> stable/10/crypto/openssh/ttymodes.c
> stable/10/crypto/openssh/ttymodes.h
> stable/10/crypto/openssh/version.h
> stable/10/secure/lib/libssh/Makefile
>
> Copied: stable/10/crypto/openssh/.skipped-commit-ids (from r323120, stable/10/crypto/openssh/.skipped-commit-ids)
> ==============================================================================
> --- /dev/null 00:00:00 1970 (empty, because file is newly added)
> +++ stable/10/crypto/openssh/.skipped-commit-ids Fri Sep 1 22:52:18 2017 (r323124, copy of r323120, stable/10/crypto/openssh/.skipped-commit-ids)
> @@ -0,0 +1,11 @@
> +321065a95a7ccebdd5fd08482a1e19afbf524e35 Update DH groups
> +d4f699a421504df35254cf1c6f1a7c304fb907ca Remove 1k bit groups
> +aafe246655b53b52bc32c8a24002bc262f4230f7 Remove intermediate moduli
> +8fa9cd1dee3c3339ae329cf20fb591db6d605120 put back SSH1 for 6.9
> +f31327a48dd4103333cc53315ec53fe65ed8a17a Generate new moduli
> +edbfde98c40007b7752a4ac106095e060c25c1ef Regen moduli
> +052fd565e3ff2d8cec3bc957d1788f50c827f8e2 Switch to tame-based sandbox
> +7cf73737f357492776223da1c09179fa6ba74660 Remove moduli <2k
> +180d84674be1344e45a63990d60349988187c1ae Update moduli
> +f6ae971186ba68d066cd102e57d5b0b2c211a5ee systrace is dead.
> +96c5054e3e1f170c6276902d5bc65bb3b87a2603 remove DEBUGLIBS from Makefile
>
> Modified: stable/10/crypto/openssh/ChangeLog
> ==============================================================================
> --- stable/10/crypto/openssh/ChangeLog Fri Sep 1 22:37:49 2017 (r323123)
> +++ stable/10/crypto/openssh/ChangeLog Fri Sep 1 22:52:18 2017 (r323124)
> @@ -1,17 +1,1848 @@
> -commit 5c35450a0c901d9375fb23343a8dc82397da5f75
> +commit 99522ba7ec6963a05c04a156bf20e3ba3605987c
> Author: Damien Miller <djm at mindrot.org>
> -Date: Thu Mar 10 05:04:48 2016 +1100
> +Date: Thu Jul 28 08:54:27 2016 +1000
>
> - update versions for release
> + define _OPENBSD_SOURCE for reallocarray on NetBSD
> +
> + Report by and debugged with Hisashi T Fujinaka, dtucker nailed
> + the problem (lack of prototype causing return type confusion).
>
> -commit 9d47b8d3f50c3a6282896df8274147e3b9a38c56
> +commit 3e1e076550c27c6bbdddf36d8f42bd79fbaaa187
> Author: Damien Miller <djm at mindrot.org>
> -Date: Thu Mar 10 05:03:39 2016 +1100
> +Date: Wed Jul 27 08:25:42 2016 +1000
>
> - sanitise characters destined for xauth(1)
> + KNF
> +
> +commit d99ee9c4e5e217e7d05eeec84e9ce641f4675331
> +Author: Damien Miller <djm at mindrot.org>
> +Date: Wed Jul 27 08:25:23 2016 +1000
> +
> + Linux auditing also needs packet.h
> +
> +commit 393bd381a45884b589baa9aed4394f1d250255ca
> +Author: Damien Miller <djm at mindrot.org>
> +Date: Wed Jul 27 08:18:05 2016 +1000
> +
> + fix auditing on Linux
>
> - reported by github.com/tintinweb
> + get_remote_ipaddr() was replaced with ssh_remote_ipaddr()
>
> +commit 80e766fb089de4f3c92b1600eb99e9495e37c992
> +Author: Damien Miller <djm at mindrot.org>
> +Date: Sun Jul 24 21:50:13 2016 +1000
> +
> + crank version numbers
> +
> +commit b1a478792d458f2e938a302e64bab2b520edc1b3
> +Author: djm at openbsd.org <djm at openbsd.org>
> +Date: Sun Jul 24 11:45:36 2016 +0000
> +
> + upstream commit
> +
> + openssh-7.3
> +
> + Upstream-ID: af106a7eb665f642648cf1993e162c899f358718
> +
> +commit 353766e0881f069aeca30275ab706cd60a1a8fdd
> +Author: Darren Tucker <dtucker at zip.com.au>
> +Date: Sat Jul 23 16:14:42 2016 +1000
> +
> + Move Cygwin IPPORT_RESERVED overrride to defines.h
> +
> + Patch from vinschen at redhat.com.
> +
> +commit 368dd977ae07afb93f4ecea23615128c95ab2b32
> +Author: djm at openbsd.org <djm at openbsd.org>
> +Date: Sat Jul 23 02:54:08 2016 +0000
> +
> + upstream commit
> +
> + fix pledge violation with ssh -f; reported by Valentin
> + Kozamernik ok dtucker@
> +
> + Upstream-ID: a61db7988db88d9dac3c4dd70e18876a8edf84aa
> +
> +commit f00211e3c6d24d6ea2b64b4b1209f671f6c1d42e
> +Author: djm at openbsd.org <djm at openbsd.org>
> +Date: Fri Jul 22 07:00:46 2016 +0000
> +
> + upstream commit
> +
> + improve wording; suggested by jmc@
> +
> + Upstream-ID: 55cb0a24c8e0618b3ceec80998dc82c85db2d2f8
> +
> +commit 83cbca693c3b0719270e6a0f2efe3f9ee93a65b8
> +Author: dtucker at openbsd.org <dtucker at openbsd.org>
> +Date: Fri Jul 22 05:46:11 2016 +0000
> +
> + upstream commit
> +
> + Lower loglevel for "Authenticated with partial success"
> + message similar to other similar level. bz#2599, patch from cgallek at
> + gmail.com, ok markus@
> +
> + Upstream-ID: 3faab814e947dc7b2e292edede23e94c608cb4dd
> +
> +commit 10358abd087ab228b7ce2048efc4f3854a9ab9a6
> +Author: Damien Miller <djm at mindrot.org>
> +Date: Fri Jul 22 14:06:36 2016 +1000
> +
> + retry waitpid on EINTR failure
> +
> + patch from Jakub Jelen on bz#2581; ok dtucker@
> +
> +commit da88a70a89c800e74ea8e5661ffa127a3cc79a92
> +Author: djm at openbsd.org <djm at openbsd.org>
> +Date: Fri Jul 22 03:47:36 2016 +0000
> +
> + upstream commit
> +
> + constify a few functions' arguments; patch from Jakub
> + Jelen bz#2581
> +
> + Upstream-ID: f2043f51454ea37830ff6ad60c8b32b4220f448d
> +
> +commit c36d91bd4ebf767f310f7cea88d61d1c15f53ddf
> +Author: djm at openbsd.org <djm at openbsd.org>
> +Date: Fri Jul 22 03:39:13 2016 +0000
> +
> + upstream commit
> +
> + move debug("%p", key) to before key is free'd; probable
> + undefined behaviour on strict compilers; reported by Jakub Jelen bz#2581
> +
> + Upstream-ID: 767f323e1f5819508a0e35e388ec241bac2f953a
> +
> +commit 286f5a77c3bfec1e8892ca268087ac885ac871bf
> +Author: djm at openbsd.org <djm at openbsd.org>
> +Date: Fri Jul 22 03:35:11 2016 +0000
> +
> + upstream commit
> +
> + reverse the order in which -J/JumpHost proxies are visited to
> + be more intuitive and document
> +
> + reported by and manpage bits naddy@
> +
> + Upstream-ID: 3a68fd6a841fd6cf8cedf6552a9607ba99df179a
> +
> +commit fcd135c9df440bcd2d5870405ad3311743d78d97
> +Author: dtucker at openbsd.org <dtucker at openbsd.org>
> +Date: Thu Jul 21 01:39:35 2016 +0000
> +
> + upstream commit
> +
> + Skip passwords longer than 1k in length so clients can't
> + easily DoS sshd by sending very long passwords, causing it to spend CPU
> + hashing them. feedback djm@, ok markus at .
> +
> + Brought to our attention by tomas.kuthan at oracle.com, shilei-c at
> + 360.cn and coredump at autistici.org
> +
> + Upstream-ID: d0af7d4a2190b63ba1d38eec502bc4be0be9e333
> +
> +commit 324583e8fb3935690be58790425793df619c6d4d
> +Author: naddy at openbsd.org <naddy at openbsd.org>
> +Date: Wed Jul 20 10:45:27 2016 +0000
> +
> + upstream commit
> +
> + Do not clobber the global jump_host variables when
> + parsing an inactive configuration. ok djm@
> +
> + Upstream-ID: 5362210944d91417d5976346d41ac0b244350d31
> +
> +commit 32d921c323b989d28405e78d0a8923d12913d737
> +Author: jmc at openbsd.org <jmc at openbsd.org>
> +Date: Tue Jul 19 12:59:16 2016 +0000
> +
> + upstream commit
> +
> + tweak previous;
> +
> + Upstream-ID: f3c1a5b3f05dff366f60c028728a2b43f15ff534
> +
> +commit d7eabc86fa049a12ba2c3fb198bd1d51b37f7025
> +Author: dtucker at openbsd.org <dtucker at openbsd.org>
> +Date: Tue Jul 19 11:38:53 2016 +0000
> +
> + upstream commit
> +
> + Allow wildcard for PermitOpen hosts as well as ports.
> + bz#2582, patch from openssh at mzpqnxow.com and jjelen at redhat.com. ok
> + markus@
> +
> + Upstream-ID: af0294e9b9394c4e16e991424ca0a47a7cc605f2
> +
> +commit b98a2a8348e907b3d71caafd80f0be8fdd075943
> +Author: markus at openbsd.org <markus at openbsd.org>
> +Date: Mon Jul 18 11:35:33 2016 +0000
> +
> + upstream commit
> +
> + Reduce timing attack against obsolete CBC modes by always
> + computing the MAC over a fixed size of data. Reported by Jean Paul
> + Degabriele, Kenny Paterson, Torben Hansen and Martin Albrecht. ok djm@
> +
> + Upstream-ID: f20a13279b00ba0afbacbcc1f04e62e9d41c2912
> +
> +commit dbf788b4d9d9490a5fff08a7b09888272bb10fcc
> +Author: Darren Tucker <dtucker at zip.com.au>
> +Date: Thu Jul 21 14:17:31 2016 +1000
> +
> + Search users for one with a valid salt.
> +
> + If the root account is locked (eg password "!!" or "*LK*") keep looking
> + until we find a user with a valid salt to use for crypting passwords of
> + invalid users. ok djm@
> +
> +commit e8b58f48fbb1b524fb4f0d4865fa0005d6a4b782
> +Author: Darren Tucker <dtucker at zip.com.au>
> +Date: Mon Jul 18 17:22:49 2016 +1000
> +
> + Explicitly specify source files for regress tools.
> +
> + Since adding $(REGRESSLIBS), $? is wrong because it includes only the
> + changed source files. $< seems like it'd be right however it doesn't
> + seem to work on some non-GNU makes, so do what works everywhere.
> +
> +commit eac1bbd06872c273f16ac0f9976b0aef026b701b
> +Author: Darren Tucker <dtucker at zip.com.au>
> +Date: Mon Jul 18 17:12:22 2016 +1000
> +
> + Conditionally include err.h.
> +
> +commit 0a454147568746c503f669e1ba861f76a2e7a585
> +Author: Darren Tucker <dtucker at zip.com.au>
> +Date: Mon Jul 18 16:26:26 2016 +1000
> +
> + Remove local implementation of err, errx.
> +
> + We now have a shared implementation in libopenbsd-compat.
> +
> +commit eb999a4590846ba4d56ddc90bd07c23abfbab7b1
> +Author: djm at openbsd.org <djm at openbsd.org>
> +Date: Mon Jul 18 06:08:01 2016 +0000
> +
> + upstream commit
> +
> + Add some unsigned overflow checks for extra_pad. None of
> + these are reachable with the amount of padding that we use internally.
> + bz#2566, pointed out by Torben Hansen. ok markus@
> +
> + Upstream-ID: 4d4be8450ab2fc1b852d5884339f8e8c31c3fd76
> +
> +commit c71ba790c304545464bb494de974cdf0f4b5cf1e
> +Author: Darren Tucker <dtucker at zip.com.au>
> +Date: Mon Jul 18 15:43:25 2016 +1000
> +
> + Add dependency on libs for unit tests.
> +
> + Makes "./configure && make tests" work again. ok djm@
> +
> +commit 8199d0311aea3e6fd0284c9025e7a83f4ece79e8
> +Author: Darren Tucker <dtucker at zip.com.au>
> +Date: Mon Jul 18 13:47:39 2016 +1000
> +
> + Correct location for kexfuzz in clean target.
> +
> +commit 01558b7b07af43da774d3a11a5c51fa9c310849d
> +Author: Darren Tucker <dtucker at zip.com.au>
> +Date: Mon Jul 18 09:33:25 2016 +1000
> +
> + Handle PAM_MAXTRIES from modules.
> +
> + bz#2249: handle the case where PAM returns PAM_MAXTRIES by ceasing to offer
> + password and keyboard-interative authentication methods. Should prevent
> + "sshd ignoring max retries" warnings in the log. ok djm@
> +
> + It probably won't trigger with keyboard-interactive in the default
> + configuration because the retry counter is stored in module-private
> + storage which goes away with the sshd PAM process (see bz#688). On the
> + other hand, those cases probably won't log a warning either.
> +
> +commit 65c6c6b567ab5ab12945a5ad8e0ab3a8c26119cc
> +Author: djm at openbsd.org <djm at openbsd.org>
> +Date: Sun Jul 17 04:20:16 2016 +0000
> +
> + upstream commit
> +
> + support UTF-8 characters in ssh(1) banners using
> + schwarze@'s safe fmprintf printer; bz#2058
> +
> + feedback schwarze@ ok dtucker@
> +
> + Upstream-ID: a72ce4e3644c957643c9524eea2959e41b91eea7
> +
> +commit e4eb7d910976fbfc7ce3e90c95c11b07b483d0d7
> +Author: jmc at openbsd.org <jmc at openbsd.org>
> +Date: Sat Jul 16 06:57:55 2016 +0000
> +
> + upstream commit
> +
> + - add proxyjump to the options list - formatting fixes -
> + update usage()
> +
> + ok djm
> +
> + Upstream-ID: 43d318e14ce677a2eec8f21ef5ba2f9f68a59457
> +
> +commit af1f084857621f14bd9391aba8033d35886c2455
> +Author: dtucker at openbsd.org <dtucker at openbsd.org>
> +Date: Fri Jul 15 05:01:58 2016 +0000
> +
> + upstream commit
> +
> + Reduce the syslog level of some relatively common protocol
> + events from LOG_CRIT by replacing fatal() calls with logdie(). Part of
> + bz#2585, ok djm@
> +
> + Upstream-ID: 9005805227c94edf6ac02a160f0e199638d288e5
> +
> +commit bd5f2b78b69cf38d6049a0de445a79c8595e4a1f
> +Author: Damien Miller <djm at mindrot.org>
> +Date: Fri Jul 15 19:14:48 2016 +1000
> +
> + missing openssl/dh.h
> +
> +commit 4a984fd342effe5f0aad874a0d538c4322d973c0
> +Author: Damien Miller <djm at mindrot.org>
> +Date: Fri Jul 15 18:47:07 2016 +1000
> +
> + cast to avoid type warning in error message
> +
> +commit 5abfb15ced985c340359ae7fb65a625ed3692b3e
> +Author: Darren Tucker <dtucker at zip.com.au>
> +Date: Fri Jul 15 14:48:30 2016 +1000
> +
> + Move VA_COPY macro into compat header.
> +
> + Some AIX compilers unconditionally undefine va_copy but don't set it back
> + to an internal function, causing link errors. In some compat code we
> + already use VA_COPY instead so move the two existing instances into the
> + shared header and use for sshbuf-getput-basic.c too. Should fix building
> + with at lease some versions of AIX's compiler. bz#2589, ok djm@
> +
> +commit 832b7443b7a8e181c95898bc5d73497b7190decd
> +Author: Damien Miller <djm at mindrot.org>
> +Date: Fri Jul 15 14:45:34 2016 +1000
> +
> + disable ciphers not supported by OpenSSL
> +
> + bz#2466 ok dtucker@
> +
> +commit 5fbe93fc6fbb2fe211e035703dec759d095e3dd8
> +Author: Damien Miller <djm at mindrot.org>
> +Date: Fri Jul 15 13:54:31 2016 +1000
> +
> + add a --disable-pkcs11 knob
> +
> +commit 679ce88ec2a8e2fe6515261c489e8c1449bb9da9
> +Author: Damien Miller <djm at mindrot.org>
> +Date: Fri Jul 15 13:44:38 2016 +1000
> +
> + fix newline escaping for unsupported_algorithms
> +
> + The hmac-ripemd160 was incorrect and could lead to broken
> + Makefiles on systems that lacked support for it, but I made
> + all the others consistent too.
> +
> +commit ed877ef653847d056bb433975d731b7a1132a979
> +Author: djm at openbsd.org <djm at openbsd.org>
> +Date: Fri Jul 15 00:24:30 2016 +0000
> +
> + upstream commit
> +
> + Add a ProxyJump ssh_config(5) option and corresponding -J
> + ssh(1) command-line flag to allow simplified indirection through a SSH
> + bastion or "jump host".
> +
> + These options construct a proxy command that connects to the
> + specified jump host(s) (more than one may be specified) and uses
> + port-forwarding to establish a connection to the next destination.
> +
> + This codifies the safest way of indirecting connections through SSH
> + servers and makes it easy to use.
> +
> + ok markus@
> +
> + Upstream-ID: fa899cb8b26d889da8f142eb9774c1ea36b04397
> +
> +commit 5c02dd126206a26785379e80f2d3848e4470b711
> +Author: Darren Tucker <dtucker at zip.com.au>
> +Date: Fri Jul 15 12:56:39 2016 +1000
> +
> + Map umac_ctx struct name too.
> +
> + Prevents size mismatch linker warnings on Solaris 11.
> +
> +commit 283b97ff33ea2c641161950849931bd578de6946
> +Author: Darren Tucker <dtucker at zip.com.au>
> +Date: Fri Jul 15 13:49:44 2016 +1000
> +
> + Mitigate timing of disallowed users PAM logins.
> +
> + When sshd decides to not allow a login (eg PermitRootLogin=no) and
> + it's using PAM, it sends a fake password to PAM so that the timing for
> + the failure is not noticeably different whether or not the password
> + is correct. This behaviour can be detected by sending a very long
> + password string which is slower to hash than the fake password.
> +
> + Mitigate by constructing an invalid password that is the same length
> + as the one from the client and thus takes the same time to hash.
> + Diff from djm@
> +
> +commit 9286875a73b2de7736b5e50692739d314cd8d9dc
> +Author: Darren Tucker <dtucker at zip.com.au>
> +Date: Fri Jul 15 13:32:45 2016 +1000
> +
> + Determine appropriate salt for invalid users.
> +
> + When sshd is processing a non-PAM login for a non-existent user it uses
> + the string from the fakepw structure as the salt for crypt(3)ing the
> + password supplied by the client. That string has a Blowfish prefix, so on
> + systems that don't understand that crypt will fail fast due to an invalid
> + salt, and even on those that do it may have significantly different timing
> + from the hash methods used for real accounts (eg sha512). This allows
> + user enumeration by, eg, sending large password strings. This was noted
> + by EddieEzra.Harari at verint.com (CVE-2016-6210).
> +
> + To mitigate, use the same hash algorithm that root uses for hashing
> + passwords for users that do not exist on the system. ok djm@
> +
> +commit a162dd5e58ca5b224d7500abe35e1ef32b5de071
> +Author: Darren Tucker <dtucker at zip.com.au>
> +Date: Thu Jul 14 21:19:59 2016 +1000
> +
> + OpenSSL 1.1.x not currently supported.
> +
> +commit 7df91b01fc558a33941c5c5f31abbcdc53a729fb
> +Author: Darren Tucker <dtucker at zip.com.au>
> +Date: Thu Jul 14 12:25:24 2016 +1000
> +
> + Check for VIS_ALL.
> +
> + If we don't have it, set BROKEN_STRNVIS to activate the compat replacement.
> +
> +commit ee67716f61f1042d5e67f91c23707cca5dcdd7d0
> +Author: dtucker at openbsd.org <dtucker at openbsd.org>
> +Date: Thu Jul 14 01:24:21 2016 +0000
> +
> + upstream commit
> +
> + Correct equal in test.
> +
> + Upstream-Regress-ID: 4e32f7a5c57a619c4e8766cb193be2a1327ec37a
> +
> +commit 372807c2065c8572fdc6478b25cc5ac363743073
> +Author: tb at openbsd.org <tb at openbsd.org>
> +Date: Mon Jul 11 21:38:13 2016 +0000
> +
> + upstream commit
> +
> + Add missing "recvfd" pledge promise: Raf Czlonka reported
> + ssh coredumps when Control* keywords were set in ssh_config. This patch also
> + fixes similar problems with scp and sftp.
> +
> + ok deraadt, looks good to millert
> +
> + Upstream-ID: ca2099eade1ef3e87a79614fefa26a0297ad8a3b
> +
> +commit e0453f3df64bf485c61c7eb6bd12893eee9fe2cd
> +Author: tedu at openbsd.org <tedu at openbsd.org>
> +Date: Mon Jul 11 03:19:44 2016 +0000
> +
> + upstream commit
> +
> + obsolete note about fascistloggin is obsolete. ok djm
> + dtucker
> +
> + Upstream-ID: dae60df23b2bb0e89f42661ddd96a7b0d1b7215a
> +
> +commit a2333584170a565adf4f209586772ef8053b10b8
> +Author: Darren Tucker <dtucker at zip.com.au>
> +Date: Thu Jul 14 10:59:09 2016 +1000
> +
> + Add compat code for missing wcwidth.
> +
> + If we don't have wcwidth force fallback implementations of nl_langinfo
> + and mbtowc. Based on advice from Ingo Schwarze.
> +
> +commit 8aaec7050614494014c47510b7e94daf6e644c62
> +Author: Damien Miller <djm at mindrot.org>
> +Date: Thu Jul 14 09:48:48 2016 +1000
> +
> + fix missing include for systems with err.h
> +
> +commit 6310ef27a2567cda66d6cf0c1ad290ee1167f243
> +Author: Darren Tucker <dtucker at zip.com.au>
> +Date: Wed Jul 13 14:42:35 2016 +1000
> +
> + Move err.h replacements into compat lib.
> +
> + Move implementations of err.h replacement functions into their own file
> + in the libopenbsd-compat so we can use them in kexfuzz.c too. ok djm@
> +
> +commit f3f2cc8386868f51440c45210098f65f9787449a
> +Author: Darren Tucker <dtucker at zip.com.au>
> +Date: Mon Jul 11 17:23:38 2016 +1000
> +
> + Check for wchar.h and langinfo.h
> +
> + Wrap includes in the appropriate #ifdefs.
> +
> +commit b9c50614eba9d90939b2b119b6e1b7e03b462278
> +Author: Damien Miller <djm at mindrot.org>
> +Date: Fri Jul 8 13:59:13 2016 +1000
> +
> + whitelist more architectures for seccomp-bpf
> +
> + bz#2590 - testing and patch from Jakub Jelen
> +
> +commit 18813a32b6fd964037e0f5e1893cb4468ac6a758
> +Author: guenther at openbsd.org <guenther at openbsd.org>
> +Date: Mon Jul 4 18:01:44 2016 +0000
> +
> + upstream commit
> +
> + DEBUGLIBS has been broken since the gcc4 switch, so delete
> + it. CFLAGS contains -g by default anyway
> +
> + problem noted by Edgar Pettijohn (edgar (at) pettijohn-web.com)
> + ok millert@ kettenis@ deraadt@
> +
> + Upstream-Regress-ID: 4a0bb72f95c63f2ae9daa8a040ac23914bddb542
> +
> +commit 6d31193d0baa3da339c196ac49625b7ba1c2ecc7
> +Author: djm at openbsd.org <djm at openbsd.org>
> +Date: Fri Jul 8 03:44:42 2016 +0000
> +
> + upstream commit
> +
> + Improve crypto ordering for Encrypt-then-MAC (EtM) mode
> + MAC algorithms.
> +
> + Previously we were computing the MAC, decrypting the packet and then
> + checking the MAC. This gave rise to the possibility of creating a
> + side-channel oracle in the decryption step, though no such oracle has
> + been identified.
> +
> + This adds a mac_check() function that computes and checks the MAC in
> + one pass, and uses it to advance MAC checking for EtM algorithms to
> + before payload decryption.
> +
> + Reported by Jean Paul Degabriele, Kenny Paterson, Torben Hansen and
> + Martin Albrecht. feedback and ok markus@
> +
> + Upstream-ID: 1999bb67cab47dda5b10b80d8155fe83d4a1867b
> +
> +commit 71f5598f06941f645a451948c4a5125c83828e1c
> +Author: guenther at openbsd.org <guenther at openbsd.org>
> +Date: Mon Jul 4 18:01:44 2016 +0000
> +
> + upstream commit
> +
> + DEBUGLIBS has been broken since the gcc4 switch, so
> + delete it. CFLAGS contains -g by default anyway
> +
> + problem noted by Edgar Pettijohn (edgar (at) pettijohn-web.com)
> + ok millert@ kettenis@ deraadt@
> +
> + Upstream-ID: 96c5054e3e1f170c6276902d5bc65bb3b87a2603
> +
> +commit e683fc6f1c8c7295648dbda679df8307786ec1ce
> +Author: dtucker at openbsd.org <dtucker at openbsd.org>
> +Date: Thu Jun 30 05:17:05 2016 +0000
> +
> + upstream commit
> +
> + Explicitly check for 100% completion to avoid potential
> + floating point rounding error, which could cause progressmeter to report 99%
> + on completion. While there invert the test so the 100% case is clearer. with
> + & ok djm@
> +
> + Upstream-ID: a166870c5878e422f3c71ff802e2ccd7032f715d
> +
> +commit 772e6cec0ed740fc7db618dc30b4134f5a358b43
> +Author: jmc at openbsd.org <jmc at openbsd.org>
> +Date: Wed Jun 29 17:14:28 2016 +0000
> +
> + upstream commit
> +
> + sort the -o list;
> +
> + Upstream-ID: 1a97465ede8790b4d47cb618269978e07f41f8ac
> +
> +commit 46ecd19e554ccca15a7309cd1b6b44bc8e6b84af
> +Author: djm at openbsd.org <djm at openbsd.org>
> +Date: Thu Jun 23 05:17:51 2016 +0000
> +
> + upstream commit
> +
> + fix AuthenticationMethods during configuration re-parse;
> + reported by Juan Francisco Cantero Hurtado
> +
> + Upstream-ID: 8ffa1dac25c7577eca8238e825317ab20848f9b4
> +
> +commit 3147e7595d0f2f842a666c844ac53e6c7a253d7e
> +Author: djm at openbsd.org <djm at openbsd.org>
> +Date: Sun Jun 19 07:48:02 2016 +0000
> +
> + upstream commit
> +
> + revert 1.34; causes problems loading public keys
> +
> + reported by semarie@
> +
> + Upstream-ID: b393794f8935c8b15d98a407fe7721c62d2ed179
> +
> +commit ad23a75509f4320d43f628c50f0817e3ad12bfa7
> +Author: jmc at openbsd.org <jmc at openbsd.org>
> +Date: Fri Jun 17 06:33:30 2016 +0000
> +
> + upstream commit
> +
> + grammar fix;
> +
> + Upstream-ID: 5d5b21c80f1e81db367333ce0bb3e5874fb3e463
> +
> +commit 5e28b1a2a3757548b40018cc2493540a17c82e27
> +Author: djm at openbsd.org <djm at openbsd.org>
> +Date: Fri Jun 17 05:06:23 2016 +0000
> +
> + upstream commit
> +
> + translate OpenSSL error codes to something more
> + meaninful; bz#2522 reported by Jakub Jelen, ok dtucker@
> +
> + Upstream-ID: 4cb0795a366381724314e6515d57790c5930ffe5
> +
> +commit b64faeb5eda7eff8210c754d00464f9fe9d23de5
> +Author: djm at openbsd.org <djm at openbsd.org>
> +Date: Fri Jun 17 05:03:40 2016 +0000
> +
> + upstream commit
> +
> + ban AuthenticationMethods="" and accept
> + AuthenticationMethods=any for the default behaviour of not requiring multiple
> + authentication
> +
> + bz#2398 from Jakub Jelen; ok dtucker@
> +
> + Upstream-ID: fabd7f44d59e4518d241d0d01e226435cc23cf27
> +
> +commit 9816fc5daee5ca924dd5c4781825afbaab728877
> +Author: dtucker at openbsd.org <dtucker at openbsd.org>
> +Date: Thu Jun 16 11:00:17 2016 +0000
> +
> + upstream commit
> +
> + Include stdarg.h for va_copy as per man page.
> +
> + Upstream-ID: 105d6b2f1af2fbd9d91c893c436ab121434470bd
> +
> +commit b6cf84b51bc0f5889db48bf29a0c771954ade283
> +Author: jmc at openbsd.org <jmc at openbsd.org>
> +Date: Thu Jun 16 06:10:45 2016 +0000
> +
> + upstream commit
> +
> + keys stored in openssh format can have comments too; diff
> + from yonas yanfa, tweaked a bit;
> +
> + ok djm
> +
> + Upstream-ID: 03d48536da6e51510d73ade6fcd44ace731ceb27
> +
> +commit aa37768f17d01974b6bfa481e5e83841b6c76f86
> +Author: Darren Tucker <dtucker at zip.com.au>
> +Date: Mon Jun 20 15:55:34 2016 +1000
> +
> + get_remote_name_or_ip inside LOGIN_NEEDS_UTMPX
> +
> + Apply the same get_remote_name_or_ip -> session_get_remote_name_or_ip
> + change as commit 95767262 to the code inside #ifdef LOGIN_NEEDS_UTMPX.
> + Fixes build on AIX.
> +
> +commit 009891afc8df37bc2101e15d1e0b6433cfb90549
> +Author: Darren Tucker <dtucker at zip.com.au>
> +Date: Fri Jun 17 14:34:09 2016 +1000
> +
> + Remove duplicate code from PAM. ok djm@
> +
> +commit e690fe85750e93fca1fb7c7c8587d4130a4f7aba
> +Author: dtucker at openbsd.org <dtucker at openbsd.org>
> +Date: Wed Jun 15 00:40:40 2016 +0000
> +
> + upstream commit
> +
> + Remove "POSSIBLE BREAK-IN ATTEMPT!" from log message
> + about forward and reverse DNS not matching. We haven't supported IP-based
> + auth methods for a very long time so it's now misleading. part of bz#2585,
> + ok markus@
> +
> + Upstream-ID: 5565ef0ee0599b27f0bd1d3bb1f8a323d8274e29
> +
> +commit 57b4ee04cad0d3e0fec1194753b0c4d31e39a1cd
> +Author: Darren Tucker <dtucker at zip.com.au>
> +Date: Wed Jun 15 11:22:38 2016 +1000
> +
> + Move platform_disable_tracing into its own file.
> +
> + Prevents link errors resolving the extern "options" when platform.o
> + gets linked into ssh-agent when building --with-pam.
> +
> +commit 78dc8e3724e30ee3e1983ce013e80277dc6ca070
> +Author: Darren Tucker <dtucker at zip.com.au>
> +Date: Tue Jun 14 13:55:12 2016 +1000
> +
> + Track skipped upstream commit IDs.
> +
> + There are a small number of "upstream" commits that do not correspond to
> + a file in -portable. This file tracks those so that we can reconcile
> + OpenBSD and Portable to ensure that no commits are accidentally missed.
> +
> + If you add something to .skipped-commit-ids please also add an upstream
> + ID line in the following format when you commit it.
> +
> + Upstream-ID: 321065a95a7ccebdd5fd08482a1e19afbf524e35
> + Upstream-ID: d4f699a421504df35254cf1c6f1a7c304fb907ca
> + Upstream-ID: aafe246655b53b52bc32c8a24002bc262f4230f7
> + Upstream-ID: 8fa9cd1dee3c3339ae329cf20fb591db6d605120
> + Upstream-ID: f31327a48dd4103333cc53315ec53fe65ed8a17a
> + Upstream-ID: edbfde98c40007b7752a4ac106095e060c25c1ef
> + Upstream-ID: 052fd565e3ff2d8cec3bc957d1788f50c827f8e2
> + Upstream-ID: 7cf73737f357492776223da1c09179fa6ba74660
> + Upstream-ID: 180d84674be1344e45a63990d60349988187c1ae
> + Upstream-ID: f6ae971186ba68d066cd102e57d5b0b2c211a5ee
> +
> +commit 9f919d1a3219d476d6a662d18df058e1c4f36a6f
> +Author: Darren Tucker <dtucker at zip.com.au>
> +Date: Tue Jun 14 13:51:01 2016 +1000
> +
> + Remove now-defunct .cvsignore files. ok djm
> +
> +commit 68777faf271efb2713960605c748f6c8a4b26d55
> +Author: dtucker at openbsd.org <dtucker at openbsd.org>
> +Date: Wed Jun 8 02:13:01 2016 +0000
> +
> + upstream commit
> +
> + Back out rev 1.28 "Check min and max sizes sent by the
> + client" change. It caused "key_verify failed for server_host_key" in clients
> + that send a DH-GEX min value less that DH_GRP_MIN, eg old OpenSSH and PuTTY.
> + ok djm@
> +
> + Upstream-ID: 452979d3ca5c1e9dff063287ea0a5314dd091f65
> +
> +commit a86ec4d0737ac5879223e7cd9d68c448df46e169
> +Author: Darren Tucker <dtucker at zip.com.au>
> +Date: Tue Jun 14 10:48:27 2016 +1000
> +
> + Use Solaris setpflags(__PROC_PROTECT, ...).
> +
> + Where possible, use Solaris setpflags to disable process tracing on
> + ssh-agent and sftp-server. bz#2584, based on a patch from huieying.lee
> + at oracle.com, ok djm.
> +
> +commit 0f916d39b039fdc0b5baf9b5ab0754c0f11ec573
> +Author: Darren Tucker <dtucker at zip.com.au>
> +Date: Tue Jun 14 10:43:53 2016 +1000
> +
> + Shorten prctl code a tiny bit.
> +
> +commit 0fb7f5985351fbbcd2613d8485482c538e5123be
> +Author: Darren Tucker <dtucker at zip.com.au>
> +Date: Thu Jun 9 16:23:07 2016 +1000
> +
> + Move prctl PR_SET_DUMPABLE into platform.c.
> +
> + This should make it easier to add additional platform support such as
> + Solaris (bz#2584).
> +
> +commit e6508898c3cd838324ecfe1abd0eb8cf802e7106
> +Author: dtucker at openbsd.org <dtucker at openbsd.org>
> +Date: Fri Jun 3 04:10:41 2016 +0000
> +
> + upstream commit
> +
> + Add a test for ssh(1)'s config file parsing.
> +
> + Upstream-Regress-ID: 558b7f4dc45cc3761cc3d3e889b9f3c5bc91e601
> +
> +commit ab0a536066dfa32def0bd7272c096ebb5eb25b11
> +Author: dtucker at openbsd.org <dtucker at openbsd.org>
> +Date: Fri Jun 3 03:47:59 2016 +0000
> +
> + upstream commit
> +
> + Add 'sshd' to the test ID as I'm about to add a similar
> + set for ssh.
> +
> + Upstream-Regress-ID: aea7a9c3bac638530165c801ce836875b228ae7a
> +
> +commit a5577c1ed3ecdfe4b7b1107c526cae886fc91afb
> +Author: schwarze at openbsd.org <schwarze at openbsd.org>
> +Date: Mon May 30 12:14:08 2016 +0000
> +
> + upstream commit
> +
> + stricter malloc.conf(5) options for utf8 tests
> +
> + Upstream-Regress-ID: 111efe20a0fb692fa1a987f6e823310f9b25abf6
> +
> +commit 75f0844b4f29d62ec3a5e166d2ee94b02df819fc
> +Author: schwarze at openbsd.org <schwarze at openbsd.org>
> +Date: Mon May 30 12:05:56 2016 +0000
> +
> + upstream commit
> +
> + Fix two rare edge cases: 1. If vasprintf() returns < 0,
> + do not access a NULL pointer in snmprintf(), and do not free() the pointer
> + returned from vasprintf() because on some systems other than OpenBSD, it
> + might be a bogus pointer. 2. If vasprintf() returns == 0, return 0 and ""
> + rather than -1 and NULL.
> +
> + Besides, free(dst) is pointless after failure (not a bug).
> +
> + One half OK martijn@, the other half OK deraadt@;
> + committing quickly before people get hurt.
> +
> + Upstream-Regress-ID: b164f20923812c9bac69856dbc1385eb1522cba4
> +
> +commit 016881eb33a7948028848c90f4c7ac42e3af0e87
> +Author: schwarze at openbsd.org <schwarze at openbsd.org>
> +Date: Thu May 26 19:14:25 2016 +0000
> +
> + upstream commit
> +
> + test the new utf8 module
> +
> + Upstream-Regress-ID: c923d05a20e84e4ef152cbec947fdc4ce6eabbe3
> +
> +commit d4219028bdef448e089376f3afe81ef6079da264
> +Author: dtucker at openbsd.org <dtucker at openbsd.org>
> +Date: Tue May 3 15:30:46 2016 +0000
> +
> + upstream commit
> +
> + Set umask to prevent "Bad owner or permissions" errors.
> +
> + Upstream-Regress-ID: 8fdf2fc4eb595ccd80c443f474d639f851145417
> +
> +commit 07d5608bb237e9b3fe86a2aeaa429392230faebf
> +Author: djm at openbsd.org <djm at openbsd.org>
> +Date: Tue May 3 14:41:04 2016 +0000
> +
> + upstream commit
> +
> + support doas
> +
> + Upstream-Regress-ID: 8d5572b27ea810394eeda432d8b4e9e1064a7c38
> +
> +commit 01cabf10adc7676cba5f40536a34d3b246edb73f
> +Author: djm at openbsd.org <djm at openbsd.org>
> +Date: Tue May 3 13:48:33 2016 +0000
> +
> + upstream commit
> +
> + unit tests for sshbuf_dup_string()
> +
> + Upstream-Regress-ID: 7521ff150dc7f20511d1c2c48fd3318e5850a96d
> +
> +commit 6915f1698e3d1dd4e22eac20f435e1dfc1d46372
> +Author: jmc at openbsd.org <jmc at openbsd.org>
> +Date: Fri Jun 3 06:44:12 2016 +0000
> +
> + upstream commit
> +
> + tweak previous;
> +
> + Upstream-ID: 92979f1a0b63e041a0e5b08c9ed0ba9b683a3698
> +
> +commit 0cb2f4c2494b115d0f346ed2d8b603ab3ba643f4
> +Author: dtucker at openbsd.org <dtucker at openbsd.org>
> +Date: Fri Jun 3 04:09:38 2016 +0000
> +
> + upstream commit
> +
> + Allow ExitOnForwardFailure and ClearAllForwardings to be
> + overridden when using ssh -W (but still default to yes in that case).
> + bz#2577, ok djm at .
> +
> + Upstream-ID: 4b20c419e93ca11a861c81c284090cfabc8c54d4
> +
> +commit 8543ff3f5020fe659839b15f05b8c522bde6cee5
> +Author: dtucker at openbsd.org <dtucker at openbsd.org>
> +Date: Fri Jun 3 03:14:41 2016 +0000
> +
> + upstream commit
> +
> + Move the host and port used by ssh -W into the Options
> + struct. This will make future changes a bit easier. ok djm@
> +
> + Upstream-ID: 151bce5ecab2fbedf0d836250a27968d30389382
> +
> +commit 6b87311d3acdc460f926b2c40f4c4f3fd345f368
> +Author: dtucker at openbsd.org <dtucker at openbsd.org>
> +Date: Wed Jun 1 04:19:49 2016 +0000
> +
> + upstream commit
> +
> + Check min and max sizes sent by the client against what
> + we support before passing them to the monitor. ok djm@
> +
> + Upstream-ID: 750627e8117084215412bff00a25b1586ab17ece
> +
> +commit 564cd2a8926ccb1dca43a535073540935b5e0373
> +Author: dtucker at openbsd.org <dtucker at openbsd.org>
> +Date: Tue May 31 23:46:14 2016 +0000
> +
> + upstream commit
> +
> + Ensure that the client's proposed DH-GEX max value is at
> + least as big as the minimum the server will accept. ok djm@
> +
> + Upstream-ID: b4b84fa04aab2de7e79a6fee4a6e1c189c0fe775
> +
> +commit df820722e40309c9b3f360ea4ed47a584ed74333
> +Author: Darren Tucker <dtucker at zip.com.au>
> +Date: Mon Jun 6 11:36:13 2016 +1000
> +
> + Add compat bits to utf8.c.
> +
> +commit 05c6574652571becfe9d924226c967a3f4b3f879
> +Author: Darren Tucker <dtucker at zip.com.au>
> +Date: Mon Jun 6 11:33:43 2016 +1000
> +
> + Fix utf->utf8 typo.
> +
> +commit 6c1717190b4d5ddd729cd9e24e8ed71ed4f087ce
> +Author: schwarze at openbsd.org <schwarze at openbsd.org>
> +Date: Mon May 30 18:34:41 2016 +0000
> +
> + upstream commit
> +
> + Backout rev. 1.43 for now.
> +
> + The function update_progress_meter() calls refresh_progress_meter()
> + which calls snmprintf() which calls malloc(); but update_progress_meter()
> + acts as the SIGALRM signal handler.
> +
> + "malloc(): error: recursive call" reported by sobrado at .
> +
> + Upstream-ID: aaae57989431e5239c101f8310f74ccc83aeb93e
> +
> +commit cd9e1eabeb4137182200035ab6fa4522f8d24044
> +Author: schwarze at openbsd.org <schwarze at openbsd.org>
> +Date: Mon May 30 12:57:21 2016 +0000
> +
> + upstream commit
> +
> + Even when only writing an unescaped character, the dst
> + buffer may need to grow, or it would be overrun; issue found by tb@ with
> + malloc.conf(5) 'C'.
> +
> + While here, reserve an additional byte for the terminating NUL
> + up front such that we don't have to realloc() later just for that.
> +
> + OK tb@
> +
> + Upstream-ID: 30ebcc0c097c4571b16f0a78b44969f170db0cff
> +
> +commit ac284a355f8065eaef2a16f446f3c44cdd17371d
> +Author: schwarze at openbsd.org <schwarze at openbsd.org>
> +Date: Mon May 30 12:05:56 2016 +0000
> +
> + upstream commit
> +
> + Fix two rare edge cases: 1. If vasprintf() returns < 0,
> + do not access a NULL pointer in snmprintf(), and do not free() the pointer
> + returned from vasprintf() because on some systems other than OpenBSD, it
> + might be a bogus pointer. 2. If vasprintf() returns == 0, return 0 and ""
> + rather than -1 and NULL.
> +
> + Besides, free(dst) is pointless after failure (not a bug).
> +
> + One half OK martijn@, the other half OK deraadt@;
> + committing quickly before people get hurt.
> +
> + Upstream-ID: b7bcd2e82fc168a8eff94e41f5db336ed986fed0
> +
> +commit 0e059cdf5fd86297546c63fa8607c24059118832
> +Author: schwarze at openbsd.org <schwarze at openbsd.org>
> +Date: Wed May 25 23:48:45 2016 +0000
> +
>
> *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
>
More information about the svn-src-all
mailing list