svn commit: r333389 - in head: crypto/openssh crypto/openssh/contrib crypto/openssh/contrib/aix crypto/openssh/contrib/redhat crypto/openssh/contrib/suse crypto/openssh/openbsd-compat crypto/openss...
Dag-Erling Smørgrav
des at FreeBSD.org
Tue May 8 23:13:13 UTC 2018
Author: des
Date: Tue May 8 23:13:11 2018
New Revision: 333389
URL: https://svnweb.freebsd.org/changeset/base/333389
Log:
Upgrade to OpenSSH 7.6p1. This will be followed shortly by 7.7p1.
This completely removes client-side support for the SSH 1 protocol,
which was already disabled in 12 but is still enabled in 11. For that
reason, we will not be able to merge 7.6p1 or newer back to 11.
Added:
head/crypto/openssh/.gitignore
- copied unchanged from r333296, vendor-crypto/openssh/dist/.gitignore
head/crypto/openssh/freebsd-namespace.sh (contents, props changed)
head/crypto/openssh/openbsd-compat/bsd-getpagesize.c
- copied unchanged from r333296, vendor-crypto/openssh/dist/openbsd-compat/bsd-getpagesize.c
head/crypto/openssh/openbsd-compat/bsd-malloc.c
- copied unchanged from r333296, vendor-crypto/openssh/dist/openbsd-compat/bsd-malloc.c
head/crypto/openssh/openbsd-compat/freezero.c
- copied unchanged from r333296, vendor-crypto/openssh/dist/openbsd-compat/freezero.c
head/crypto/openssh/openbsd-compat/recallocarray.c
- copied unchanged from r333296, vendor-crypto/openssh/dist/openbsd-compat/recallocarray.c
head/crypto/openssh/platform-misc.c
- copied unchanged from r333296, vendor-crypto/openssh/dist/platform-misc.c
head/crypto/openssh/regress/authinfo.sh
- copied unchanged from r333296, vendor-crypto/openssh/dist/regress/authinfo.sh
head/crypto/openssh/regress/misc/fuzz-harness/
- copied from r333296, vendor-crypto/openssh/dist/regress/misc/fuzz-harness/
Deleted:
head/crypto/openssh/cipher-3des1.c
head/crypto/openssh/cipher-bf1.c
head/crypto/openssh/deattack.c
head/crypto/openssh/deattack.h
head/crypto/openssh/md-sha256.c
head/crypto/openssh/rsa.c
head/crypto/openssh/rsa.h
head/crypto/openssh/ssh1.h
head/crypto/openssh/sshconnect1.c
Modified:
head/crypto/openssh/.skipped-commit-ids
head/crypto/openssh/ChangeLog
head/crypto/openssh/FREEBSD-upgrade
head/crypto/openssh/INSTALL
head/crypto/openssh/LICENCE
head/crypto/openssh/Makefile.in
head/crypto/openssh/PROTOCOL
head/crypto/openssh/PROTOCOL.agent
head/crypto/openssh/PROTOCOL.certkeys
head/crypto/openssh/README
head/crypto/openssh/auth-options.c
head/crypto/openssh/auth-options.h
head/crypto/openssh/auth-pam.c
head/crypto/openssh/auth.c
head/crypto/openssh/auth.h
head/crypto/openssh/auth2-chall.c
head/crypto/openssh/auth2-gss.c
head/crypto/openssh/auth2-hostbased.c
head/crypto/openssh/auth2-kbdint.c
head/crypto/openssh/auth2-none.c
head/crypto/openssh/auth2-passwd.c
head/crypto/openssh/auth2-pubkey.c
head/crypto/openssh/auth2.c
head/crypto/openssh/authfd.c
head/crypto/openssh/authfd.h
head/crypto/openssh/authfile.c
head/crypto/openssh/bitmap.c
head/crypto/openssh/bufbn.c
head/crypto/openssh/buffer.h
head/crypto/openssh/channels.c
head/crypto/openssh/channels.h
head/crypto/openssh/cipher.c
head/crypto/openssh/cipher.h
head/crypto/openssh/clientloop.c
head/crypto/openssh/clientloop.h
head/crypto/openssh/compat.c
head/crypto/openssh/compat.h
head/crypto/openssh/config.h
head/crypto/openssh/configure.ac
head/crypto/openssh/contrib/aix/README
head/crypto/openssh/contrib/redhat/openssh.spec
head/crypto/openssh/contrib/ssh-copy-id
head/crypto/openssh/contrib/suse/openssh.spec
head/crypto/openssh/defines.h
head/crypto/openssh/digest-libc.c
head/crypto/openssh/digest-openssl.c
head/crypto/openssh/digest.h
head/crypto/openssh/dispatch.c
head/crypto/openssh/dispatch.h
head/crypto/openssh/dns.c
head/crypto/openssh/dns.h
head/crypto/openssh/gss-serv.c
head/crypto/openssh/hostfile.c
head/crypto/openssh/includes.h
head/crypto/openssh/kex.c
head/crypto/openssh/kex.h
head/crypto/openssh/kexc25519c.c
head/crypto/openssh/kexc25519s.c
head/crypto/openssh/kexdhc.c
head/crypto/openssh/kexdhs.c
head/crypto/openssh/kexecdhc.c
head/crypto/openssh/kexecdhs.c
head/crypto/openssh/kexgexc.c
head/crypto/openssh/kexgexs.c
head/crypto/openssh/key.c
head/crypto/openssh/key.h
head/crypto/openssh/krl.c
head/crypto/openssh/log.c
head/crypto/openssh/log.h
head/crypto/openssh/mac.c
head/crypto/openssh/misc.c
head/crypto/openssh/misc.h
head/crypto/openssh/monitor.c
head/crypto/openssh/monitor_wrap.c
head/crypto/openssh/monitor_wrap.h
head/crypto/openssh/mux.c
head/crypto/openssh/myproposal.h
head/crypto/openssh/nchan.c
head/crypto/openssh/opacket.c
head/crypto/openssh/opacket.h
head/crypto/openssh/openbsd-compat/Makefile.in
head/crypto/openssh/openbsd-compat/bsd-err.c
head/crypto/openssh/openbsd-compat/bsd-misc.c
head/crypto/openssh/openbsd-compat/bsd-misc.h
head/crypto/openssh/openbsd-compat/explicit_bzero.c
head/crypto/openssh/openbsd-compat/fmt_scaled.c
head/crypto/openssh/openbsd-compat/openbsd-compat.h
head/crypto/openssh/openbsd-compat/port-tun.c
head/crypto/openssh/openbsd-compat/port-tun.h
head/crypto/openssh/packet.c
head/crypto/openssh/packet.h
head/crypto/openssh/pathnames.h
head/crypto/openssh/platform.c
head/crypto/openssh/readconf.c
head/crypto/openssh/readconf.h
head/crypto/openssh/regress/Makefile
head/crypto/openssh/regress/agent-getpeereid.sh
head/crypto/openssh/regress/agent-pkcs11.sh
head/crypto/openssh/regress/agent.sh
head/crypto/openssh/regress/banner.sh
head/crypto/openssh/regress/broken-pipe.sh
head/crypto/openssh/regress/brokenkeys.sh
head/crypto/openssh/regress/cert-file.sh
head/crypto/openssh/regress/cert-hostkey.sh
head/crypto/openssh/regress/cert-userkey.sh
head/crypto/openssh/regress/cfgmatch.sh
head/crypto/openssh/regress/cipher-speed.sh
head/crypto/openssh/regress/connect-privsep.sh
head/crypto/openssh/regress/connect.sh
head/crypto/openssh/regress/dhgex.sh
head/crypto/openssh/regress/dynamic-forward.sh
head/crypto/openssh/regress/exit-status.sh
head/crypto/openssh/regress/forcecommand.sh
head/crypto/openssh/regress/forward-control.sh
head/crypto/openssh/regress/forwarding.sh
head/crypto/openssh/regress/host-expand.sh
head/crypto/openssh/regress/hostkey-agent.sh
head/crypto/openssh/regress/integrity.sh
head/crypto/openssh/regress/key-options.sh
head/crypto/openssh/regress/keygen-change.sh
head/crypto/openssh/regress/keyscan.sh
head/crypto/openssh/regress/keytype.sh
head/crypto/openssh/regress/localcommand.sh
head/crypto/openssh/regress/login-timeout.sh
head/crypto/openssh/regress/misc/kexfuzz/Makefile
head/crypto/openssh/regress/misc/kexfuzz/kexfuzz.c
head/crypto/openssh/regress/multiplex.sh
head/crypto/openssh/regress/principals-command.sh
head/crypto/openssh/regress/proto-mismatch.sh
head/crypto/openssh/regress/proto-version.sh
head/crypto/openssh/regress/proxy-connect.sh
head/crypto/openssh/regress/putty-ciphers.sh
head/crypto/openssh/regress/putty-transfer.sh
head/crypto/openssh/regress/reconfigure.sh
head/crypto/openssh/regress/reexec.sh
head/crypto/openssh/regress/ssh-com.sh
head/crypto/openssh/regress/stderr-after-eof.sh
head/crypto/openssh/regress/stderr-data.sh
head/crypto/openssh/regress/test-exec.sh
head/crypto/openssh/regress/transfer.sh
head/crypto/openssh/regress/try-ciphers.sh
head/crypto/openssh/regress/unittests/Makefile.inc
head/crypto/openssh/regress/unittests/hostkeys/mktestdata.sh
head/crypto/openssh/regress/unittests/hostkeys/test_iterate.c
head/crypto/openssh/regress/unittests/hostkeys/testdata/known_hosts
head/crypto/openssh/regress/unittests/sshkey/mktestdata.sh
head/crypto/openssh/regress/unittests/sshkey/test_file.c
head/crypto/openssh/regress/unittests/sshkey/test_fuzz.c
head/crypto/openssh/regress/unittests/sshkey/test_sshkey.c
head/crypto/openssh/regress/yes-head.sh
head/crypto/openssh/sandbox-seccomp-filter.c
head/crypto/openssh/sandbox-solaris.c
head/crypto/openssh/scp.1
head/crypto/openssh/scp.c
head/crypto/openssh/servconf.c
head/crypto/openssh/servconf.h
head/crypto/openssh/serverloop.c
head/crypto/openssh/serverloop.h
head/crypto/openssh/session.c
head/crypto/openssh/session.h
head/crypto/openssh/sftp-client.c
head/crypto/openssh/sftp-common.c
head/crypto/openssh/sftp-server.c
head/crypto/openssh/sftp.1
head/crypto/openssh/sftp.c
head/crypto/openssh/ssh-add.1
head/crypto/openssh/ssh-add.c
head/crypto/openssh/ssh-agent.c
head/crypto/openssh/ssh-gss.h
head/crypto/openssh/ssh-keygen.1
head/crypto/openssh/ssh-keygen.c
head/crypto/openssh/ssh-keyscan.1
head/crypto/openssh/ssh-keyscan.c
head/crypto/openssh/ssh-pkcs11-client.c
head/crypto/openssh/ssh-pkcs11-helper.c
head/crypto/openssh/ssh-pkcs11.c
head/crypto/openssh/ssh-rsa.c
head/crypto/openssh/ssh.1
head/crypto/openssh/ssh.c
head/crypto/openssh/ssh.h
head/crypto/openssh/ssh_api.c
head/crypto/openssh/ssh_config
head/crypto/openssh/ssh_config.5
head/crypto/openssh/ssh_namespace.h (contents, props changed)
head/crypto/openssh/sshbuf-getput-basic.c
head/crypto/openssh/sshbuf.c
head/crypto/openssh/sshbuf.h
head/crypto/openssh/sshconnect.c
head/crypto/openssh/sshconnect.h
head/crypto/openssh/sshconnect2.c
head/crypto/openssh/sshd.8
head/crypto/openssh/sshd.c
head/crypto/openssh/sshd_config
head/crypto/openssh/sshd_config.5
head/crypto/openssh/ssherr.c
head/crypto/openssh/ssherr.h
head/crypto/openssh/sshkey.c
head/crypto/openssh/sshkey.h
head/crypto/openssh/ttymodes.c
head/crypto/openssh/ttymodes.h
head/crypto/openssh/umac.c
head/crypto/openssh/utf8.c
head/crypto/openssh/version.h
head/crypto/openssh/xmalloc.c
head/crypto/openssh/xmalloc.h
head/secure/lib/libssh/Makefile
head/secure/usr.bin/ssh/Makefile
Directory Properties:
head/crypto/openssh/ (props changed)
Copied: head/crypto/openssh/.gitignore (from r333296, vendor-crypto/openssh/dist/.gitignore)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/crypto/openssh/.gitignore Tue May 8 23:13:11 2018 (r333389, copy of r333296, vendor-crypto/openssh/dist/.gitignore)
@@ -0,0 +1,28 @@
+Makefile
+buildpkg.sh
+config.h
+config.h.in
+config.status
+configure
+openbsd-compat/Makefile
+openbsd-compat/regress/Makefile
+openssh.xml
+opensshd.init
+survey.sh
+**/*.0
+**/*.o
+**/*.out
+**/*.a
+autom4te.cache/
+scp
+sftp
+sftp-server
+ssh
+ssh-add
+ssh-agent
+ssh-keygen
+ssh-keyscan
+ssh-keysign
+ssh-pkcs11-helper
+sshd
+!regress/misc/fuzz-harness/Makefile
Modified: head/crypto/openssh/.skipped-commit-ids
==============================================================================
--- head/crypto/openssh/.skipped-commit-ids Tue May 8 21:14:29 2018 (r333388)
+++ head/crypto/openssh/.skipped-commit-ids Tue May 8 23:13:11 2018 (r333389)
@@ -11,3 +11,13 @@ f6ae971186ba68d066cd102e57d5b0b2c211a5ee systrace is d
96c5054e3e1f170c6276902d5bc65bb3b87a2603 remove DEBUGLIBS from Makefile
6da9a37f74aef9f9cc639004345ad893cad582d8 Update moduli file
77bcb50e47b68c7209c7f0a5a020d73761e5143b unset REGRESS_FAIL_EARLY
+38c2133817cbcae75c88c63599ac54228f0fa384 Change COMPILER_VERSION tests
+30c20180c87cbc99fa1020489fe7fd8245b6420c resync integrity.sh shell
+1e6b51ddf767cbad0a4e63eb08026c127e654308 integrity.sh reliability
+fe5b31f69a60d47171836911f144acff77810217 Makefile.inc bits
+5781670c0578fe89663c9085ed3ba477cf7e7913 Delete sshconnect1.c
+ea80f445e819719ccdcb237022cacfac990fdc5c Makefile.inc warning flags
+b92c93266d8234d493857bb822260dacf4366157 moduli-gen.sh tweak
+b25bf747544265b39af74fe0716dc8d9f5b63b95 Updated moduli
+1bd41cba06a7752de4df304305a8153ebfb6b0ac rsa.[ch] already removed
+e39b3902fe1d6c4a7ba6a3c58e072219f3c1e604 Makefile changes
Modified: head/crypto/openssh/ChangeLog
==============================================================================
--- head/crypto/openssh/ChangeLog Tue May 8 21:14:29 2018 (r333388)
+++ head/crypto/openssh/ChangeLog Tue May 8 23:13:11 2018 (r333389)
@@ -1,3 +1,2514 @@
+commit 66bf74a92131b7effe49fb0eefe5225151869dc5
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Mon Oct 2 19:33:20 2017 +0000
+
+ upstream commit
+
+ Fix PermitOpen crash; spotted by benno@, ok dtucker@ deraadt@
+
+ Upstream-ID: c2cc84ffac070d2e1ff76182c70ca230a387983c
+
+commit d63b38160a59039708fd952adc75a0b3da141560
+Author: Damien Miller <djm at mindrot.org>
+Date: Sun Oct 1 10:32:25 2017 +1100
+
+ update URL again
+
+ I spotted a typo in the draft so uploaded a new version...
+
+commit 6f64f596430cd3576c529f07acaaf2800aa17d58
+Author: Damien Miller <djm at mindrot.org>
+Date: Sun Oct 1 10:01:56 2017 +1100
+
+ sync release notes URL
+
+commit 35ff70a04dd71663a5ac1e73b90d16d270a06e0d
+Author: Damien Miller <djm at mindrot.org>
+Date: Sun Oct 1 10:01:25 2017 +1100
+
+ sync contrib/ssh-copy-id with upstream
+
+commit 290843b8ede85f8b30bf29cd7dceb805c3ea5b66
+Author: Damien Miller <djm at mindrot.org>
+Date: Sun Oct 1 09:59:19 2017 +1100
+
+ update version in RPM spec files
+
+commit 4e4e0bb223c5be88d87d5798c75cc6b0d4fef31d
+Author: Damien Miller <djm at mindrot.org>
+Date: Sun Oct 1 09:58:24 2017 +1100
+
+ update agent draft URL
+
+commit e4a798f001d2ecd8bf025c1d07658079f27cc604
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Sat Sep 30 22:26:33 2017 +0000
+
+ upstream commit
+
+ openssh-7.6; ok deraadt@
+
+ Upstream-ID: a39c3a5b63a1baae109ae1ae4c7c34c2a59acde0
+
+commit 5fa1407e16e7e5fda9769d53b626ce39d5588d4d
+Author: jmc at openbsd.org <jmc at openbsd.org>
+Date: Wed Sep 27 06:45:53 2017 +0000
+
+ upstream commit
+
+ tweak EposeAuthinfo; diff from lars nooden
+
+ tweaked by sthen; ok djm dtucker
+
+ Upstream-ID: 8f2ea5d2065184363e8be7a0ba24d98a3b259748
+
+commit bba69c246f0331f657fd6ec97724df99fc1ad174
+Author: Damien Miller <djm at mindrot.org>
+Date: Thu Sep 28 16:06:21 2017 -0700
+
+ don't fatal ./configure for LibreSSL
+
+commit 04dc070e8b4507d9d829f910b29be7e3b2414913
+Author: Damien Miller <djm at mindrot.org>
+Date: Thu Sep 28 14:54:34 2017 -0700
+
+ abort in configure when only openssl-1.1.x found
+
+ We don't support openssl-1.1.x yet (see multiple threads on the
+ openssh-unix-dev@ mailing list for the reason), but previously
+ ./configure would accept it and the compilation would subsequently
+ fail. This makes ./configure display an explicit error message and
+ abort.
+
+ ok dtucker@
+
+commit 74c1c3660acf996d9dc329e819179418dc115f2c
+Author: Darren Tucker <dtucker at zip.com.au>
+Date: Wed Sep 27 07:44:41 2017 +1000
+
+ Check for and handle calloc(p, 0) = NULL.
+
+ On some platforms (AIX, maybe others) allocating zero bytes of memory
+ via the various *alloc functions returns NULL, which is permitted
+ by the standards. Autoconf has some macros for detecting this (with
+ the exception of calloc for some reason) so use these and if necessary
+ activate shims for them. ok djm@
+
+commit 6a9481258a77b0b54b2a313d1761c87360c5f1f5
+Author: markus at openbsd.org <markus at openbsd.org>
+Date: Thu Sep 21 19:18:12 2017 +0000
+
+ upstream commit
+
+ test reverse dynamic forwarding with SOCKS
+
+ Upstream-Regress-ID: 95cf290470f7e5e2f691e4bc6ba19b91eced2f79
+
+commit 1b9f321605733754df60fac8c1d3283c89b74455
+Author: Damien Miller <djm at mindrot.org>
+Date: Tue Sep 26 16:55:55 2017 +1000
+
+ sync missing changes in dynamic-forward.sh
+
+commit 44fc334c7a9ebdd08addb6d5fa005369897fddeb
+Author: Darren Tucker <dtucker at zip.com.au>
+Date: Mon Sep 25 09:48:10 2017 +1000
+
+ Add minimal strsignal for platforms without it.
+
+commit 218e6f98df566fb9bd363f6aa47018cb65ede196
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Sun Sep 24 13:45:34 2017 +0000
+
+ upstream commit
+
+ fix inverted test on channel open failure path that
+ "upgraded" a transient failure into a fatal error; reported by sthen and also
+ seen by benno@; ok sthen@
+
+ Upstream-ID: b58b3fbb79ba224599c6cd6b60c934fc46c68472
+
+commit c704f641f7b8777497dc82e81f2ac89afec7e401
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Sun Sep 24 09:50:01 2017 +0000
+
+ upstream commit
+
+ write the correct buffer when tunnel forwarding; doesn't
+ matter on OpenBSD (they are the same) but does matter on portable where we
+ use an output filter to translate os-specific tun/tap headers
+
+ Upstream-ID: f1ca94eff48404827b12e1d12f6139ee99a72284
+
+commit 55486f5cef117354f0c64f991895835077b7c7f7
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Sat Sep 23 22:04:07 2017 +0000
+
+ upstream commit
+
+ fix tunnel forwarding problem introduced in refactor;
+ reported by stsp@ ok markus@
+
+ Upstream-ID: 81a731cdae1122c8522134095d1a8b60fa9dcd04
+
+commit 609d7a66ce578abf259da2d5f6f68795c2bda731
+Author: markus at openbsd.org <markus at openbsd.org>
+Date: Thu Sep 21 19:16:53 2017 +0000
+
+ upstream commit
+
+ Add 'reverse' dynamic forwarding which combines dynamic
+ forwarding (-D) with remote forwarding (-R) where the remote-forwarded port
+ expects SOCKS-requests.
+
+ The SSH server code is unchanged and the parsing happens at the SSH
+ clients side. Thus the full SOCKS-request is sent over the forwarded
+ channel and the client parses c->output. Parsing happens in
+ channel_before_prepare_select(), _before_ the select bitmask is
+ computed in the pre[] handlers, but after network input processing
+ in the post[] handlers.
+
+ help and ok djm@
+
+ Upstream-ID: aa25a6a3851064f34fe719e0bf15656ad5a64b89
+
+commit 36945fa103176c00b39731e1fc1919a0d0808b81
+Author: dtucker at openbsd.org <dtucker at openbsd.org>
+Date: Wed Sep 20 05:19:00 2017 +0000
+
+ upstream commit
+
+ Use strsignal in debug message instead of casting for the
+ benefit of portable where sig_atomic_t might not be int. "much nicer"
+ deraadt@
+
+ Upstream-ID: 2dac6c1e40511c700bd90664cd263ed2299dcf79
+
+commit 3e8d185af326bf183b6f78597d5e3d2eeb2dc40e
+Author: millert at openbsd.org <millert at openbsd.org>
+Date: Tue Sep 19 12:10:30 2017 +0000
+
+ upstream commit
+
+ Use explicit_bzero() instead of bzero() before free() to
+ prevent the compiler from optimizing away the bzero() call. OK djm@
+
+ Upstream-ID: cdc6197e64c9684c7250e23d60863ee1b53cef1d
+
+commit 5b8da1f53854c0923ec6e927e86709e4d72737b6
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Tue Sep 19 04:24:22 2017 +0000
+
+ upstream commit
+
+ fix use-after-free in ~^Z escape handler path, introduced
+ in channels.c refactor; spotted by millert@ "makes sense" deraadt@
+
+ Upstream-ID: 8fa2cdc65c23ad6420c1e59444b0c955b0589b22
+
+commit a3839d8d2b89ff1a80cadd4dd654336710de2c9e
+Author: dtucker at openbsd.org <dtucker at openbsd.org>
+Date: Mon Sep 18 12:03:24 2017 +0000
+
+ upstream commit
+
+ Prevent type mismatch warning in debug on platforms where
+ sig_atomic_t != int. ok djm@
+
+ Upstream-ID: 306e2375eb0364a4c68e48f091739bea4f4892ed
+
+commit 30484e5e5f0b63d2c6ba32c6b85f06b6c6fa55fc
+Author: dtucker at openbsd.org <dtucker at openbsd.org>
+Date: Mon Sep 18 09:41:52 2017 +0000
+
+ upstream commit
+
+ Add braces missing after channels refactor. ok markus@
+
+ Upstream-ID: 72ab325c84e010680dbc88f226e2aa96b11a3980
+
+commit b79569190b9b76dfacc6d996faa482f16e8fc026
+Author: Damien Miller <djm at mindrot.org>
+Date: Tue Sep 19 12:29:23 2017 +1000
+
+ add freezero(3) replacement
+
+ ok dtucker@
+
+commit 161af8f5ec0961b10cc032efb5cc1b44ced5a92e
+Author: Damien Miller <djm at mindrot.org>
+Date: Tue Sep 19 10:18:56 2017 +1000
+
+ move FORTIFY_SOURCE into hardening options group
+
+ It's still on by default, but now it's possible to turn it off using
+ --without-hardening. This is useful since it's known to cause problems
+ with some -fsanitize options. ok dtucker@
+
+commit 09eacf856e0fe1a6e3fe597ec8032b7046292914
+Author: bluhm at openbsd.org <bluhm at openbsd.org>
+Date: Wed Sep 13 14:58:26 2017 +0000
+
+ upstream commit
+
+ Print SKIPPED if sudo and doas configuration is missing.
+ Prevents that running the regression test with wrong environment is reported
+ as failure. Keep the fatal there to avoid interfering with other setups for
+ portable ssh. OK dtucker@
+
+ Upstream-Regress-ID: f0dc60023caef496ded341ac5aade2a606fa234e
+
+commit cdede10899892f25f1ccdccd7a3fe5e5ef0aa49a
+Author: dtucker at openbsd.org <dtucker at openbsd.org>
+Date: Mon Aug 7 03:52:55 2017 +0000
+
+ upstream commit
+
+ Remove obsolete privsep=no fallback test.
+
+ Upstream-Regress-ID: 7d6e1baa1678ac6be50c2a1555662eb1047638df
+
+commit ec218c105daa9f5b192f7aa890fdb2d4fdc4e9d8
+Author: dtucker at openbsd.org <dtucker at openbsd.org>
+Date: Mon Aug 7 00:53:51 2017 +0000
+
+ upstream commit
+
+ Remove non-privsep test since disabling privsep is now
+ deprecated.
+
+ Upstream-Regress-ID: 77ad3f3d8d52e87f514a80f285c6c1229b108ce8
+
+commit 239c57d5bc2253e27e3e6ad7ac52ec8c377ee24e
+Author: dtucker at openbsd.org <dtucker at openbsd.org>
+Date: Fri Jul 28 10:32:08 2017 +0000
+
+ upstream commit
+
+ Don't call fatal from stop_sshd since it calls cleanup
+ which calls stop_sshd which will probably fail in the same way. Instead,
+ just bail. Differentiate between sshd dying without cleanup and not shutting
+ down.
+
+ Upstream-Regress-ID: f97315f538618b349e2b0bea02d6b0c9196c6bc4
+
+commit aea59a0d9f120f2a87c7f494a0d9c51eaa79b8ba
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Thu Sep 14 04:32:21 2017 +0000
+
+ upstream commit
+
+ Revert commitid: gJtIN6rRTS3CHy9b.
+
+ -------------
+ identify the case where SSHFP records are missing but other DNS RR
+ types are present and display a more useful error message for this
+ case; patch by Thordur Bjornsson; bz#2501; ok dtucker@
+ -------------
+
+ This caused unexpected failures when VerifyHostKeyDNS=yes, SSHFP results
+ are missing but the user already has the key in known_hosts
+
+ Spotted by dtucker@
+
+ Upstream-ID: 97e31742fddaf72046f6ffef091ec0d823299920
+
+commit 871f1e4374420b07550041b329627c474abc3010
+Author: Damien Miller <djm at mindrot.org>
+Date: Tue Sep 12 18:01:35 2017 +1000
+
+ adapt portable to channels API changes
+
+commit 4ec0bb9f9ad7b4eb0af110fa8eddf8fa199e46bb
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Tue Sep 12 07:55:48 2017 +0000
+
+ upstream commit
+
+ unused variable
+
+ Upstream-ID: 2f9ba09f2708993d35eac5aa71df910dcc52bac1
+
+commit 9145a73ce2ba30c82bbf91d7205bfd112529449f
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Tue Sep 12 07:32:04 2017 +0000
+
+ upstream commit
+
+ fix tun/tap forwarding case in previous
+
+ Upstream-ID: 43ebe37a930320e24bca6900dccc39857840bc53
+
+commit 9f53229c2ac97dbc6f5a03657de08a1150a9ac7e
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Tue Sep 12 06:35:31 2017 +0000
+
+ upstream commit
+
+ Make remote channel ID a u_int
+
+ Previously we tracked the remote channel IDs in an int, but this is
+ strictly incorrect: the wire protocol uses uint32 and there is nothing
+ in-principle stopping a SSH implementation from sending, say, 0xffff0000.
+
+ In practice everyone numbers their channels sequentially, so this has
+ never been a problem.
+
+ ok markus@
+
+ Upstream-ID: b9f4cd3dc53155b4a5c995c0adba7da760d03e73
+
+commit dbee4119b502e3f8b6cd3282c69c537fd01d8e16
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Tue Sep 12 06:32:07 2017 +0000
+
+ upstream commit
+
+ refactor channels.c
+
+ Move static state to a "struct ssh_channels" that is allocated at
+ runtime and tracked as a member of struct ssh.
+
+ Explicitly pass "struct ssh" to all channels functions.
+
+ Replace use of the legacy packet APIs in channels.c.
+
+ Rework sshd_config PermitOpen handling: previously the configuration
+ parser would call directly into the channels layer. After the refactor
+ this is not possible, as the channels structures are allocated at
+ connection time and aren't available when the configuration is parsed.
+ The server config parser now tracks PermitOpen itself and explicitly
+ configures the channels code later.
+
+ ok markus@
+
+ Upstream-ID: 11828f161656b965cc306576422613614bea2d8f
+
+commit abd59663df37a42152e37980113ccaa405b9a282
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Thu Sep 7 23:48:09 2017 +0000
+
+ upstream commit
+
+ typo in comment
+
+ Upstream-ID: a93b1e6f30f1f9b854b5b964b9fd092d0c422c47
+
+commit 149a8cd24ce9dd47c36f571738681df5f31a326c
+Author: jmc at openbsd.org <jmc at openbsd.org>
+Date: Mon Sep 4 06:34:43 2017 +0000
+
+ upstream commit
+
+ tweak previous;
+
+ Upstream-ID: bb8cc40b61b15f6a13d81da465ac5bfc65cbfc4b
+
+commit ec9d22cc251cc5acfe7b2bcef9cc7a1fe0e949d8
+Author: Damien Miller <djm at mindrot.org>
+Date: Fri Sep 8 12:44:13 2017 +1000
+
+ Fuzzer harnesses for sig verify and pubkey parsing
+
+ These are some basic clang libfuzzer harnesses for signature
+ verification and public key parsing. Some assembly (metaphorical)
+ required.
+
+commit de35c382894964a896a63ecd5607d3a3b93af75d
+Author: Damien Miller <djm at mindrot.org>
+Date: Fri Sep 8 12:38:31 2017 +1000
+
+ Give configure ability to set CFLAGS/LDFLAGS later
+
+ Some CFLAGS/LDFLAGS may disrupt the configure script's operation,
+ in particular santization and fuzzer options that break assumptions
+ about memory and file descriptor dispositions.
+
+ This adds two flags to configure --with-cflags-after and
+ --with-ldflags-after that allow specifying additional compiler and
+ linker options that are added to the resultant Makefiles but not
+ used in the configure run itself.
+
+ E.g.
+
+ env CC=clang-3.9 ./configure \
+ --with-cflags-after=-fsantize=address \
+ --with-ldflags-after="-g -fsanitize=address"
+
+commit 22376d27a349f62c502fec3396dfe0fdcb2a40b7
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Sun Sep 3 23:33:13 2017 +0000
+
+ upstream commit
+
+ Expand ssh_config's StrictModes option with two new
+ settings:
+
+ StrictModes=accept-new will automatically accept hitherto-unseen keys
+ but will refuse connections for changed or invalid hostkeys.
+
+ StrictModes=off is the same as StrictModes=no
+
+ Motivation:
+
+ StrictModes=no combines two behaviours for host key processing:
+ automatically learning new hostkeys and continuing to connect to hosts
+ with invalid/changed hostkeys. The latter behaviour is quite dangerous
+ since it removes most of the protections the SSH protocol is supposed to
+ provide.
+
+ Quite a few users want to automatically learn hostkeys however, so
+ this makes that feature available with less danger.
+
+ At some point in the future, StrictModes=no will change to be a synonym
+ for accept-new, with its current behaviour remaining available via
+ StrictModes=off.
+
+ bz#2400, suggested by Michael Samuel; ok markus
+
+ Upstream-ID: 0f55502bf75fc93a74fb9853264a8276b9680b64
+
+commit ff3c42384033514e248ba5d7376aa033f4a2b99a
+Author: jmc at openbsd.org <jmc at openbsd.org>
+Date: Fri Sep 1 15:41:26 2017 +0000
+
+ upstream commit
+
+ remove blank line;
+
+ Upstream-ID: 2f46b51a0ddb3730020791719e94d3e418e9f423
+
+commit b828605d51f57851316d7ba402b4ae06cf37c55d
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Fri Sep 1 05:53:56 2017 +0000
+
+ upstream commit
+
+ identify the case where SSHFP records are missing but
+ other DNS RR types are present and display a more useful error message for
+ this case; patch by Thordur Bjornsson; bz#2501; ok dtucker@
+
+ Upstream-ID: 8f7a5a8344f684823d8317a9708b63e75be2c244
+
+commit 8042bad97e2789a50e8f742c3bcd665ebf0add32
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Fri Sep 1 05:50:48 2017 +0000
+
+ upstream commit
+
+ document available AuthenticationMethods; bz#2453 ok
+ dtucker@
+
+ Upstream-ID: 2c70576f237bb699aff59889dbf2acba4276d3d0
+
+commit 71e5a536ec815d542b199f2ae6d646c0db9f1b58
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Wed Aug 30 03:59:08 2017 +0000
+
+ upstream commit
+
+ pass packet state down to some of the channels function
+ (more to come...); ok markus@
+
+ Upstream-ID: d8ce7a94f4059d7ac1e01fb0eb01de0c4b36c81b
+
+commit 6227fe5b362239c872b91bbdee4bf63cf85aebc5
+Author: jmc at openbsd.org <jmc at openbsd.org>
+Date: Tue Aug 29 13:05:58 2017 +0000
+
+ upstream commit
+
+ sort options;
+
+ Upstream-ID: cf21d68cf54e81968bca629aaeddc87f0c684f3c
+
+commit 530591a5795a02d01c78877d58604723918aac87
+Author: dlg at openbsd.org <dlg at openbsd.org>
+Date: Tue Aug 29 09:42:29 2017 +0000
+
+ upstream commit
+
+ add a -q option to ssh-add to make it quiet on success.
+
+ if you want to silence ssh-add without this you generally redirect
+ the output to /dev/null, but that can hide error output which you
+ should see.
+
+ ok djm@
+
+ Upstream-ID: 2f31b9b13f99dcf587e9a8ba443458e6c0d8997c
+
+commit a54eb27dd64b5eca3ba94e15cec3535124bd5029
+Author: dtucker at openbsd.org <dtucker at openbsd.org>
+Date: Sun Aug 27 00:38:41 2017 +0000
+
+ upstream commit
+
+ Increase the buffer sizes for user prompts to ensure that
+ they won't be truncated by snprintf. Based on patch from cjwatson at
+ debian.org via bz#2768, ok djm@
+
+ Upstream-ID: 6ffacf1abec8f40b469de5b94bfb29997d96af3e
+
+commit dd9d9b3381a4597b840d480b043823112039327e
+Author: Darren Tucker <dtucker at zip.com.au>
+Date: Mon Aug 28 16:48:27 2017 +1000
+
+ Switch Capsicum header to sys/capsicum.h.
+
+ FreeBSD's <sys/capability.h> was renamed to <sys/capsicum.h> in 2014 to
+ avoid future conflicts with POSIX capabilities (the last release that
+ didn't have it was 9.3) so switch to that. Patch from des at des.no.
+
+commit f5e917ab105af5dd6429348d9bc463e52b263f92
+Author: Darren Tucker <dtucker at zip.com.au>
+Date: Sun Aug 27 08:55:40 2017 +1000
+
+ Add missing includes for bsd-err.c.
+
+ Patch from cjwatson at debian.org via bz#2767.
+
+commit 878e029797cfc9754771d6f6ea17f8c89e11d225
+Author: Damien Miller <djm at mindrot.org>
+Date: Fri Aug 25 13:25:01 2017 +1000
+
+ Split platform_sys_dir_uid into its own file
+
+ platform.o is too heavy for libssh.a use; it calls into the server on
+ many platforms. Move just the function needed by misc.c into its own
+ file.
+
+commit 07949bfe9133234eddd01715592aa0dde67745f0
+Author: Damien Miller <djm at mindrot.org>
+Date: Wed Aug 23 20:13:18 2017 +1000
+
+ misc.c needs functions from platform.c now
+
+commit b074c3c3f820000a21953441cea7699c4b17d72f
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Fri Aug 18 05:48:04 2017 +0000
+
+ upstream commit
+
+ add a "quiet" flag to exited_cleanly() that supresses
+ errors about exit status (failure due to signal is still reported)
+
+ Upstream-ID: db85c39c3aa08e6ff67fc1fb4ffa89f807a9d2f0
+
+commit de4ae07f12dabf8815ecede54235fce5d22e3f63
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Fri Aug 18 05:36:45 2017 +0000
+
+ upstream commit
+
+ Move several subprocess-related functions from various
+ locations to misc.c. Extend subprocess() to offer a little more control over
+ stdio disposition.
+
+ feedback & ok dtucker@
+
+ Upstream-ID: 3573dd7109d13ef9bd3bed93a3deb170fbfce049
+
+commit 643c2ad82910691b2240551ea8b14472f60b5078
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Sat Aug 12 06:46:01 2017 +0000
+
+ upstream commit
+
+ make "--" before the hostname terminate command-line
+ option processing completely; previous behaviour would not prevent further
+ options appearing after the hostname (ssh has a supported options after the
+ hostname for >20 years, so that's too late to change).
+
+ ok deraadt@
+
+ Upstream-ID: ef5ee50571b98ad94dcdf8282204e877ec88ad89
+
+commit 0f3455356bc284d7c6f4d3c1614d31161bd5dcc2
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Sat Aug 12 06:42:52 2017 +0000
+
+ upstream commit
+
+ Switch from aes256-cbc to aes256-ctr for encrypting
+ new-style private keys. The latter having the advantage of being supported
+ for no-OpenSSL builds; bz#2754 ok markus@
+
+ Upstream-ID: 54179a2afd28f93470471030567ac40431e56909
+
+commit c4972d0a9bd6f898462906b4827e09b7caea2d9b
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Fri Aug 11 04:47:12 2017 +0000
+
+ upstream commit
+
+ refuse to a private keys when its corresponding .pub key
+ does not match. bz#2737 ok dtucker@
+
+ Upstream-ID: 54ff5e2db00037f9db8d61690f26ef8f16e0d913
+
+commit 4b3ecbb663c919132dddb3758e17a23089413519
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Fri Aug 11 04:41:08 2017 +0000
+
+ upstream commit
+
+ don't print verbose error message when ssh disconnects
+ under sftp; bz#2750; ok dtucker@
+
+ Upstream-ID: 6d83708aed77b933c47cf155a87dc753ec01f370
+
+commit 42a8f8bc288ef8cac504c5c73f09ed610bc74a34
+Author: dtucker at openbsd.org <dtucker at openbsd.org>
+Date: Fri Aug 11 04:16:35 2017 +0000
+
+ upstream commit
+
+ Tweak previous keepalive commit: if last_time + keepalive
+ <= now instead of just "<" so client_alive_check will fire if the select
+ happens to return on exact second of the timeout. ok djm@
+
+ Upstream-ID: e02756bd6038d11bb8522bfd75a4761c3a684fcc
+
+commit b60ff20051ef96dfb207b6bfa45c0ad6c34a542a
+Author: dtucker at openbsd.org <dtucker at openbsd.org>
+Date: Fri Aug 11 03:58:36 2017 +0000
+
+ upstream commit
+
+ Keep track of the last time we actually heard from the
+ client and use this to also schedule a client_alive_check(). Prevents
+ activity on a forwarded port from indefinitely preventing the select timeout
+ so that client_alive_check() will eventually (although not optimally) be
+ called.
+
+ Analysis by willchan at google com via bz#2756, feedback & ok djm@
+
+ Upstream-ID: c08721e0bbda55c6d18e2760f3fe1b17fb71169e
+
+commit 94bc1e7ffba3cbdea8c7dcdab8376bf29283128f
+Author: Damien Miller <djm at mindrot.org>
+Date: Fri Jul 28 14:50:59 2017 +1000
+
+ Expose list of completed auth methods to PAM
+
+ bz#2408; ok dtucker@
+
+commit c78e6eec78c88acf8d51db90ae05a3e39458603d
+Author: Damien Miller <djm at mindrot.org>
+Date: Fri Jul 21 14:38:16 2017 +1000
+
+ fix problems in tunnel forwarding portability code
+
+ This fixes a few problems in the tun forwarding code, mostly to do
+ with host/network byte order confusion.
+
+ Based on a report and patch by stepe AT centaurus.uberspace.de;
+ bz#2735; ok dtucker@
+
+commit 2985d4062ebf4204bbd373456a810d558698f9f5
+Author: dtucker at openbsd.org <dtucker at openbsd.org>
+Date: Tue Jul 25 09:22:25 2017 +0000
+
+ upstream commit
+
+ Make WinSCP patterns for SSH_OLD_DHGEX more specific to
+ exclude WinSCP 5.10.x and up. bz#2748, from martin at winscp.net, ok djm@
+
+ Upstream-ID: 6fd7c32e99af3952db007aa180e73142ddbc741a
+
+commit 9f0e44e1a0439ff4646495d5735baa61138930a9
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Mon Jul 24 04:34:28 2017 +0000
+
+ upstream commit
+
+ g/c unused variable; make a little more portable
+
+ Upstream-ID: 3f5980481551cb823c6fb2858900f93fa9217dea
+
+commit 51676ec61491ec6d7cbd06082034e29b377b3bf6
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Sun Jul 23 23:37:02 2017 +0000
+
+ upstream commit
+
+ Allow IPQoS=none in ssh/sshd to not set an explicit
+ ToS/DSCP value and just use the operating system default; ok dtucker@
+
+ Upstream-ID: 77906ff8c7b660b02ba7cb1e47b17d66f54f1f7e
+
+commit 6c1fbd5a50d8d2415f06c920dd3b1279b741072d
+Author: Damien Miller <djm at mindrot.org>
+Date: Fri Jul 21 14:24:26 2017 +1000
+
+ mention libedit
+
+commit dc2bd308768386b02c7337120203ca477e67ba62
+Author: markus at openbsd.org <markus at openbsd.org>
+Date: Wed Jul 19 08:30:41 2017 +0000
+
+ upstream commit
+
+ fix support for unknown key types; ok djm@
+
+ Upstream-ID: 53fb29394ed04d616d65b3748dee5aa06b07ab48
+
+commit fd0e8fa5f89d21290b1fb5f9d110ca4f113d81d9
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Wed Jul 19 01:15:02 2017 +0000
+
+ upstream commit
+
+ switch from select() to poll() for the ssh-agent
+ mainloop; ok markus
+
+ Upstream-ID: 4a94888ee67b3fd948fd10693973beb12f802448
+
+commit b1e72df2b813ecc15bd0152167bf4af5f91c36d3
+Author: dtucker at openbsd.org <dtucker at openbsd.org>
+Date: Fri Jul 14 03:18:21 2017 +0000
+
+ upstream commit
+
+ Make ""Killed by signal 1" LogLevel verbose so it's not
+ shown at the default level. Prevents it from appearing during ssh -J and
+ equivalent ProxyCommand configs. bz#1906, bz#2744, feedback&ok markus@
+
+ Upstream-ID: debfaa7e859b272246c2f2633335d288d2e2ae28
+
+commit 1f3d202770a08ee6752ed2a234b7ca6f180eb498
+Author: jmc at openbsd.org <jmc at openbsd.org>
+Date: Thu Jul 13 19:16:33 2017 +0000
+
+ upstream commit
+
+ man pages with pseudo synopses which list filenames end
+ up creating very ugly output in man -k; after some discussion with ingo, we
+ feel the simplest fix is to remove such SYNOPSIS sections: the info is hardly
+ helpful at page top, is contained already in FILES, and there are
+ sufficiently few that just zapping them is simple;
+
+ ok schwarze, who also helpfully ran things through a build to check
+ output;
+
+ Upstream-ID: 3e211b99457e2f4c925c5927d608e6f97431336c
+
+commit 7f13a4827fb28957161de4249bd6d71954f1f2ed
+Author: espie at openbsd.org <espie at openbsd.org>
+Date: Mon Jul 10 14:09:59 2017 +0000
+
+ upstream commit
+
+ zap redundant Makefile variables. okay djm@
+
+ Upstream-ID: e39b3902fe1d6c4a7ba6a3c58e072219f3c1e604
+
+commit dc44dd3a9e2c9795394e6a7e1e71c929cbc70ce0
+Author: jmc at openbsd.org <jmc at openbsd.org>
+Date: Sat Jul 8 18:32:54 2017 +0000
+
+ upstream commit
+
+ slightly rework previous, to avoid an article issue;
+
+ Upstream-ID: 15a315f0460ddd3d4e2ade1f16d6c640a8c41b30
+
+commit 853edbe057a84ebd0024c8003e4da21bf2b469f7
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Fri Jul 7 03:53:12 2017 +0000
+
+ upstream commit
+
+ When generating all hostkeys (ssh-keygen -A), clobber
+ existing keys if they exist but are zero length. zero-length keys could
+ previously be made if ssh-keygen failed part way through generating them, so
+ avoid that case too. bz#2561 reported by Krzysztof Cieplucha; ok dtucker@
+
+ Upstream-ID: f662201c28ab8e1f086b5d43c59cddab5ade4044
+
+commit 43616876ba68a2ffaece6a6c792def4b039f2d6e
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Sat Jul 1 22:55:44 2017 +0000
+
+ upstream commit
+
+ actually remove these files
+
+ Upstream-ID: 1bd41cba06a7752de4df304305a8153ebfb6b0ac
+
+commit 83fa3a044891887369ce8b487ce88d713a04df48
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Sat Jul 1 13:50:45 2017 +0000
+
+ upstream commit
+
+ remove post-SSHv1 removal dead code from rsa.c and merge
+ the remaining bit that it still used into ssh-rsa.c; ok markus
+
+ Upstream-ID: ac8a048d24dcd89594b0052ea5e3404b473bfa2f
+
+commit 738c73dca2c99ee78c531b4cbeefc2008fe438f0
+Author: Damien Miller <djm at mindrot.org>
+Date: Fri Jul 14 14:26:36 2017 +1000
+
+ make explicit_bzero/memset safe for sz=0
+
+commit 8433d51e067e0829f5521c0c646b6fd3fe17e732
+Author: Tim Rice <tim at multitalents.net>
+Date: Tue Jul 11 18:47:56 2017 -0700
+
+ modified: configure.ac
+ UnixWare needs BROKEN_TCGETATTR_ICANON like Solaris
+ Analysis by Robbie Zhang
+
+commit ff3507aea9c7d30cd098e7801e156c68faff7cc7
+Author: Damien Miller <djm at mindrot.org>
+Date: Fri Jul 7 11:21:27 2017 +1000
+
+ typo
+
+commit d79bceb9311a9c137d268f5bc481705db4151810
+Author: dtucker at openbsd.org <dtucker at openbsd.org>
+Date: Fri Jun 30 04:17:23 2017 +0000
+
+ upstream commit
+
+ Only call close once in confree(). ssh_packet_close will
+ close the FD so only explicitly close non-SSH channels. bz#2734, from
+ bagajjal at microsoft.com, ok djm@
+
+ Upstream-ID: a81ce0c8b023527167739fccf1732b154718ab02
+
+commit 197dc9728f062e23ce374f44c95a2b5f9ffa4075
+Author: Darren Tucker <dtucker at zip.com.au>
+Date: Thu Jun 29 15:40:25 2017 +1000
+
+ Update link for my patches.
+
+commit a98339edbc1fc21342a390f345179a9c3031bef7
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Wed Jun 28 01:09:22 2017 +0000
+
+ upstream commit
+
+ Allow ssh-keygen to use a key held in ssh-agent as a CA when
+ signing certificates. bz#2377 ok markus
+
+ Upstream-ID: fb42e920b592edcbb5b50465739a867c09329c8f
+
+commit c9cdef35524bd59007e17d5bd2502dade69e2dfb
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Sat Jun 24 06:35:24 2017 +0000
+
+ upstream commit
+
+ regress test for ExposeAuthInfo
+
+ Upstream-Regress-ID: 190e5b6866376f4061c411ab157ca4d4e7ae86fd
+
+commit f17ee61cad25d210edab69d04ed447ad55fe80c1
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Sat Jun 24 07:08:57 2017 +0000
+
+ upstream commit
+
+ correct env var name
+
+ Upstream-ID: 721e761c2b1d6a4dcf700179f16fd53a1dadb313
+
+commit 40962198e3b132cecdb32e9350acd4294e6a1082
+Author: jmc at openbsd.org <jmc at openbsd.org>
+Date: Sat Jun 24 06:57:04 2017 +0000
+
+ upstream commit
+
+ spelling;
+
+ Upstream-ID: 606f933c8e2d0be902ea663946bc15e3eee40b25
+
+commit 33f86265d7e8a0e88d3a81745d746efbdd397370
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Sat Jun 24 06:38:11 2017 +0000
+
+ upstream commit
+
+ don't pass pointer to struct sshcipher between privsep
+ processes, just redo the lookup in each using the already-passed cipher name.
+ bz#2704 based on patch from Brooks Davis; ok markus dtucker
+
+ Upstream-ID: 2eab434c09bdf549dafd7da3e32a0d2d540adbe0
+
+commit 8f574959272ac7fe9239c4f5d10fd913f8920ab0
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Sat Jun 24 06:34:38 2017 +0000
+
+ upstream commit
+
+ refactor authentication logging
+
+ optionally record successful auth methods and public credentials
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-src-all
mailing list