svn commit: r343774 - in vendor-crypto/openssh/dist: . contrib/redhat contrib/suse openbsd-compat regress regress/misc/fuzz-harness regress/unittests/sshkey regress/unittests/sshkey/testdata regres...
Dag-Erling Smørgrav
des at FreeBSD.org
Tue Feb 5 15:03:55 UTC 2019
Author: des
Date: Tue Feb 5 15:03:53 2019
New Revision: 343774
URL: https://svnweb.freebsd.org/changeset/base/343774
Log:
Vendor import of OpenSSH 7.9p1.
Added:
vendor-crypto/openssh/dist/regress/misc/fuzz-harness/authopt_fuzz.cc
vendor-crypto/openssh/dist/regress/unittests/sshkey/testdata/rsa_1_sha1
vendor-crypto/openssh/dist/regress/unittests/sshkey/testdata/rsa_1_sha1-cert.pub
vendor-crypto/openssh/dist/regress/unittests/sshkey/testdata/rsa_1_sha1.pub
vendor-crypto/openssh/dist/regress/unittests/sshkey/testdata/rsa_1_sha512
vendor-crypto/openssh/dist/regress/unittests/sshkey/testdata/rsa_1_sha512-cert.pub
vendor-crypto/openssh/dist/regress/unittests/sshkey/testdata/rsa_1_sha512.pub
Modified:
vendor-crypto/openssh/dist/.depend
vendor-crypto/openssh/dist/.skipped-commit-ids
vendor-crypto/openssh/dist/ChangeLog
vendor-crypto/openssh/dist/Makefile.in
vendor-crypto/openssh/dist/PROTOCOL
vendor-crypto/openssh/dist/PROTOCOL.krl
vendor-crypto/openssh/dist/PROTOCOL.mux
vendor-crypto/openssh/dist/README
vendor-crypto/openssh/dist/auth-options.c
vendor-crypto/openssh/dist/auth-passwd.c
vendor-crypto/openssh/dist/auth.c
vendor-crypto/openssh/dist/auth2-hostbased.c
vendor-crypto/openssh/dist/auth2-pubkey.c
vendor-crypto/openssh/dist/authfile.c
vendor-crypto/openssh/dist/channels.c
vendor-crypto/openssh/dist/channels.h
vendor-crypto/openssh/dist/clientloop.c
vendor-crypto/openssh/dist/config.h.in
vendor-crypto/openssh/dist/configure
vendor-crypto/openssh/dist/configure.ac
vendor-crypto/openssh/dist/contrib/redhat/openssh.spec
vendor-crypto/openssh/dist/contrib/suse/openssh.spec
vendor-crypto/openssh/dist/dh.c
vendor-crypto/openssh/dist/groupaccess.c
vendor-crypto/openssh/dist/kexgexs.c
vendor-crypto/openssh/dist/krl.c
vendor-crypto/openssh/dist/krl.h
vendor-crypto/openssh/dist/misc.c
vendor-crypto/openssh/dist/misc.h
vendor-crypto/openssh/dist/moduli
vendor-crypto/openssh/dist/mux.c
vendor-crypto/openssh/dist/myproposal.h
vendor-crypto/openssh/dist/nchan.c
vendor-crypto/openssh/dist/openbsd-compat/bsd-asprintf.c
vendor-crypto/openssh/dist/openbsd-compat/bsd-misc.c
vendor-crypto/openssh/dist/openbsd-compat/openssl-compat.c
vendor-crypto/openssh/dist/openbsd-compat/port-linux.c
vendor-crypto/openssh/dist/openbsd-compat/port-uw.c
vendor-crypto/openssh/dist/openbsd-compat/setproctitle.c
vendor-crypto/openssh/dist/openbsd-compat/xcrypt.c
vendor-crypto/openssh/dist/readconf.c
vendor-crypto/openssh/dist/readconf.h
vendor-crypto/openssh/dist/regress/README.regress
vendor-crypto/openssh/dist/regress/krl.sh
vendor-crypto/openssh/dist/regress/misc/fuzz-harness/Makefile
vendor-crypto/openssh/dist/regress/unittests/sshkey/common.c
vendor-crypto/openssh/dist/regress/unittests/sshkey/mktestdata.sh
vendor-crypto/openssh/dist/regress/unittests/sshkey/test_file.c
vendor-crypto/openssh/dist/regress/unittests/sshkey/test_sshkey.c
vendor-crypto/openssh/dist/regress/unittests/test_helper/fuzz.c
vendor-crypto/openssh/dist/regress/unittests/test_helper/test_helper.c
vendor-crypto/openssh/dist/sandbox-seccomp-filter.c
vendor-crypto/openssh/dist/scp.0
vendor-crypto/openssh/dist/scp.1
vendor-crypto/openssh/dist/scp.c
vendor-crypto/openssh/dist/servconf.c
vendor-crypto/openssh/dist/servconf.h
vendor-crypto/openssh/dist/session.c
vendor-crypto/openssh/dist/session.h
vendor-crypto/openssh/dist/sftp-common.c
vendor-crypto/openssh/dist/sftp.0
vendor-crypto/openssh/dist/sftp.1
vendor-crypto/openssh/dist/sftp.c
vendor-crypto/openssh/dist/ssh-add.c
vendor-crypto/openssh/dist/ssh-keygen.0
vendor-crypto/openssh/dist/ssh-keygen.1
vendor-crypto/openssh/dist/ssh-keygen.c
vendor-crypto/openssh/dist/ssh.0
vendor-crypto/openssh/dist/ssh.1
vendor-crypto/openssh/dist/ssh.c
vendor-crypto/openssh/dist/ssh_config.0
vendor-crypto/openssh/dist/ssh_config.5
vendor-crypto/openssh/dist/sshconnect.c
vendor-crypto/openssh/dist/sshconnect2.c
vendor-crypto/openssh/dist/sshd.c
vendor-crypto/openssh/dist/sshd_config.0
vendor-crypto/openssh/dist/sshd_config.5
vendor-crypto/openssh/dist/sshkey.c
vendor-crypto/openssh/dist/sshkey.h
vendor-crypto/openssh/dist/version.h
Modified: vendor-crypto/openssh/dist/.depend
==============================================================================
--- vendor-crypto/openssh/dist/.depend Tue Feb 5 13:48:26 2019 (r343773)
+++ vendor-crypto/openssh/dist/.depend Tue Feb 5 15:03:53 2019 (r343774)
@@ -83,8 +83,8 @@ match.o: includes.h config.h defines.h platform.h open
md5crypt.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h misc.h log.h ssh.h sshbuf.h ssherr.h
moduli.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-monitor.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h atomicio.h xmalloc.h ssh.h sshkey.h sshbuf.h hostfile.h auth.h auth-pam.h audit.h loginrec.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h
-monitor.o: rijndael.h kex.h mac.h dh.h packet.h dispatch.h opacket.h auth-options.h sshpty.h channels.h session.h sshlogin.h canohost.h log.h misc.h servconf.h monitor.h monitor_wrap.h monitor_fdpass.h compat.h ssh2.h authfd.h match.h ssherr.h
+monitor.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h openbsd-compat/openssl-compat.h atomicio.h xmalloc.h ssh.h sshkey.h sshbuf.h hostfile.h auth.h auth-pam.h audit.h loginrec.h cipher.h cipher-chachapoly.h
+monitor.o: chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h dh.h packet.h dispatch.h opacket.h auth-options.h sshpty.h channels.h session.h sshlogin.h canohost.h log.h misc.h servconf.h monitor.h monitor_wrap.h monitor_fdpass.h compat.h ssh2.h authfd.h match.h ssherr.h
monitor_fdpass.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h monitor_fdpass.h
monitor_wrap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
monitor_wrap.o: auth-options.h packet.h dispatch.h opacket.h log.h monitor.h monitor_wrap.h atomicio.h monitor_fdpass.h misc.h channels.h session.h servconf.h ssherr.h
@@ -156,7 +156,7 @@ sshd.o: includes.h config.h defines.h platform.h openb
sshd.o: poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h kex.h mac.h myproposal.h authfile.h pathnames.h atomicio.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h authfd.h msg.h channels.h session.h monitor.h monitor_wrap.h ssh-sandbox.h auth-options.h version.h ssherr.h
ssherr.o: ssherr.h
sshkey-xmss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-sshkey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h ssh2.h ssherr.h misc.h sshbuf.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h sshkey-xmss.h match.h xmss_fast.h
+sshkey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h ssh2.h ssherr.h misc.h sshbuf.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h sshkey-xmss.h match.h xmss_fast.h openbsd-compat/openssl-compat.h
sshlogin.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshlogin.h ssherr.h loginrec.h log.h sshbuf.h misc.h servconf.h
sshpty.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshpty.h log.h misc.h
sshtty.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshpty.h
Modified: vendor-crypto/openssh/dist/.skipped-commit-ids
==============================================================================
--- vendor-crypto/openssh/dist/.skipped-commit-ids Tue Feb 5 13:48:26 2019 (r343773)
+++ vendor-crypto/openssh/dist/.skipped-commit-ids Tue Feb 5 15:03:53 2019 (r343774)
@@ -4,6 +4,7 @@ f2c9feb26963615c4fece921906cf72e248b61ee more Makefile
fa728823ba21c4b45212750e1d3a4b2086fd1a62 more Makefile refactoring
1de0e85522051eb2ffa00437e1885e9d7b3e0c2e moduli update
814b2f670df75759e1581ecef530980b2b3d7e0f remove redundant make defs
+04431e8e7872f49a2129bf080a6b73c19d576d40 moduli update
Old upstream tree:
Modified: vendor-crypto/openssh/dist/ChangeLog
==============================================================================
--- vendor-crypto/openssh/dist/ChangeLog Tue Feb 5 13:48:26 2019 (r343773)
+++ vendor-crypto/openssh/dist/ChangeLog Tue Feb 5 15:03:53 2019 (r343774)
@@ -1,3 +1,827 @@
+commit aede1c34243a6f7feae2fb2cb686ade5f9be6f3d
+Author: Damien Miller <djm at mindrot.org>
+Date: Wed Oct 17 11:01:20 2018 +1100
+
+ Require OpenSSL 1.1.x series 1.1.0g or greater
+
+ Previous versions have a bug with EVP_CipherInit() when passed a
+ NULL EVP_CIPHER, per https://github.com/openssl/openssl/pull/4613
+
+ ok dtucker@
+
+commit 08300c211409c212e010fe2e2f2883e573a04ce2
+Author: Damien Miller <djm at mindrot.org>
+Date: Wed Oct 17 08:12:02 2018 +1100
+
+ unbreak compilation with --with-ssl-engine
+
+ Missing last argument to OPENSSL_init_crypto()
+
+commit 1673274aee67ce0eb6f00578b6f3d2bcbd58f937
+Author: Darren Tucker <dtucker at dtucker.net>
+Date: Tue Oct 16 14:45:57 2018 +1100
+
+ Remove gcc spectre mitigation flags.
+
+ Current impementions of the gcc spectre mitigation flags cause
+ miscompilations when combined with other flags and do not provide much
+ protection. Found by fweimer at redhat.com, ok djm@
+
+commit 4e23deefd7959ef83c73ed9cce574423438f6133
+Author: Damien Miller <djm at mindrot.org>
+Date: Tue Oct 16 10:51:52 2018 +1100
+
+ Avoid deprecated OPENSSL_config when using 1.1.x
+
+ OpenSSL 1.1.x soft-deprecated OPENSSL_config in favour of
+ OPENSSL_init_crypto; pointed out by Jakub Jelen
+
+commit 797cdd9c8468ed1125ce60d590ae3f1397866af4
+Author: Darren Tucker <dtucker at dtucker.net>
+Date: Fri Oct 12 16:58:47 2018 +1100
+
+ Don't avoid our *sprintf replacements.
+
+ Don't let systems with broken printf(3) avoid our replacements
+ via asprintf(3)/vasprintf(3) calling libc internally. From djm@
+
+commit e526127cbd2f8ad88fb41229df0c9b850c722830
+Author: Darren Tucker <dtucker at dtucker.net>
+Date: Fri Oct 12 16:43:35 2018 +1100
+
+ Check if snprintf understands %zu.
+
+ If the platforms snprintf and friends don't understand %zu, use the
+ compat replacement. Prevents segfaults on those platforms.
+
+commit cf39f875191708c5f2f1a3c1c9019f106e74aea3
+Author: Damien Miller <djm at mindrot.org>
+Date: Fri Oct 12 09:48:05 2018 +1100
+
+ remove stale link, tweak
+
+commit a7205e68decf7de2005810853b4ce6b222b65e2a
+Author: Damien Miller <djm at mindrot.org>
+Date: Fri Oct 12 09:47:20 2018 +1100
+
+ update version numbers ahead of release
+
+commit 1a4a9cf80f5b92b9d1dadd0bfa8867c04d195391
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Thu Oct 11 03:48:04 2018 +0000
+
+ upstream: don't send new-style rsa-sha2-*-cert-v01 at openssh.com names to
+
+ older OpenSSH that can't handle them. spotted by Adam Eijdenberg; ok dtucker
+
+ OpenBSD-Commit-ID: 662bbc402e3d7c9b6c322806269698106a6ae631
+
+commit dc8ddcdf1a95e011c263486c25869bb5bf4e30ec
+Author: Damien Miller <djm at mindrot.org>
+Date: Thu Oct 11 13:08:59 2018 +1100
+
+ update depends
+
+commit 26841ac265603fd2253e6832e03602823dbb4022
+Author: Damien Miller <djm at mindrot.org>
+Date: Thu Oct 11 13:02:11 2018 +1100
+
+ some more duplicated key algorithm lines
+
+ From Adam Eijdenberg
+
+commit 5d9d17603bfbb620195a4581025052832b4c4adc
+Author: Damien Miller <djm at mindrot.org>
+Date: Thu Oct 11 11:56:36 2018 +1100
+
+ fix duplicated algorithm specification lines
+
+ Spotted by Adam Eijdenberg
+
+commit ebfafd9c7a5b2a7fb515ee95dbe0e44e11d0a663
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Thu Oct 11 00:52:46 2018 +0000
+
+ upstream: typo in plain RSA algorithm counterpart names for
+
+ certificates; spotted by Adam Eijdenberg; ok dtucker@
+
+ OpenBSD-Commit-ID: bfcdeb6f4fc9e7607f5096574c8f118f2e709e00
+
+commit c29b111e7d87c2324ff71c80653dd8da168c13b9
+Author: Damien Miller <djm at mindrot.org>
+Date: Thu Oct 11 11:29:35 2018 +1100
+
+ check pw_passwd != NULL here too
+
+ Again, for systems with broken NIS implementations.
+
+ Prompted by coolbugcheckers AT gmail.com
+
+commit fe8e8f349a553ef4c567acd418aac769a82b7729
+Author: Damien Miller <djm at mindrot.org>
+Date: Thu Oct 11 11:03:15 2018 +1100
+
+ check for NULL return from shadow_pw()
+
+ probably unreachable on this platform; pointed out by
+ coolbugcheckers AT gmail.com
+
+commit acc59cbe7a1fb169e1c3caba65a39bd74d6e030d
+Author: deraadt at openbsd.org <deraadt at openbsd.org>
+Date: Wed Oct 10 16:43:49 2018 +0000
+
+ upstream: introducing openssh 7.9
+
+ OpenBSD-Commit-ID: 42d526a9fe01a40dd299ac58014d3349adf40e25
+
+commit 12731158c75c8760a8bea06350eeb3e763fe1a07
+Author: Damien Miller <djm at mindrot.org>
+Date: Thu Oct 11 10:29:29 2018 +1100
+
+ supply callback to PEM_read_bio_PrivateKey
+
+ OpenSSL 1.1.0i has changed the behaviour of their PEM APIs,
+ so that empty passphrases are interpreted differently. This
+ probabalistically breaks loading some keys, because the PEM format
+ is terrible and doesn't include a proper MAC.
+
+ Avoid this by providing a basic callback to avoid passing empty
+ passphrases to OpenSSL in cases where one is required.
+
+ Based on patch from Jakub Jelen in bz#2913; ok dtucker@
+
+commit d1d301a1dd5d6cc3a9ed93ab7ab09dda4cb456e0
+Author: Damien Miller <djm at mindrot.org>
+Date: Wed Oct 10 14:57:00 2018 +1100
+
+ in pick_salt() avoid dereference of NULL passwords
+
+ Apparently some NIS implementations can leave pw->pw_passwd (or the
+ shadow equivalent) NULL.
+
+ bz#2909; based on patch from Todd Eigenschink
+
+commit edbb6febccee084d212fdc0cb05b40cb1c646ab1
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Tue Oct 9 05:42:23 2018 +0000
+
+ upstream: Treat all PEM_read_bio_PrivateKey() errors when a passphrase
+
+ is specified as "incorrect passphrase" instead of trying to choose between
+ that and "invalid format".
+
+ libcrypto can return ASN1 parsing errors rather than the expected
+ decrypt error in certain infrequent cases when trying to decrypt/parse
+ PEM private keys when supplied with an invalid passphrase.
+
+ Report and repro recipe from Thomas Deutschmann in bz#2901
+
+ ok markus@
+
+ OpenBSD-Commit-ID: b1d4cd92395f9743f81c0d23aab2524109580870
+
+commit 2581333d564d8697837729b3d07d45738eaf5a54
+Author: naddy at openbsd.org <naddy at openbsd.org>
+Date: Fri Oct 5 14:26:09 2018 +0000
+
+ upstream: Support using service names for port numbers.
+
+ * Try to resolve a port specification with getservbyname(3) if a
+ numeric conversion fails.
+ * Make the "Port" option in ssh_config handle its argument as a
+ port rather than a plain integer.
+
+ ok dtucker@ deraadt@
+
+ OpenBSD-Commit-ID: e7f03633133205ab3dfbc67f9df7475fabae660d
+
+commit e0d6501e86734c48c8c503f81e1c0926e98c5c4c
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Thu Oct 4 07:47:35 2018 +0000
+
+ upstream: when the peer sends a channel-close message, make sure we
+
+ close the local extended read fd (stderr) along with the regular read fd
+ (stdout). Avoids weird stuck processed in multiplexing mode.
+
+ Report and analysis by Nelson Elhage and Geoffrey Thomas in bz#2863
+
+ ok dtucker@ markus@
+
+ OpenBSD-Commit-ID: a48a2467fe938de4de69d2e7193d5fa701f12ae9
+
+commit 6f1aabb128246f445e33b8844fad3de9cb1d18cb
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Thu Oct 4 01:04:52 2018 +0000
+
+ upstream: factor out channel status formatting from
+
+ channel_open_message() so we can use it in other debug messages
+
+ OpenBSD-Commit-ID: 9c3903ca28fcabad57f566c9d0045b41ab7d52ba
+
+commit f1dd179e122bdfdb7ca3072d9603607740efda05
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Thu Oct 4 00:10:11 2018 +0000
+
+ upstream: include a little more information about the status and
+
+ disposition of channel's extended (stderr) fd; makes debugging some things a
+ bit easier. No behaviour change.
+
+ OpenBSD-Commit-ID: 483eb6467dc7d5dbca8eb109c453e7a43075f7ce
+
+commit 2d1428b11c8b6f616f070f2ecedce12328526944
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Thu Oct 4 00:04:41 2018 +0000
+
+ upstream: explicit_bzero here to be consistent with other kex*.c;
+
+ report from coolbugcheckers AT gmail.com
+
+ OpenBSD-Commit-ID: a90f146c5b5f5b1408700395e394f70b440856cb
+
+commit 5eff5b858e717e901e6af6596306a114de9f79f2
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Wed Oct 3 06:38:35 2018 +0000
+
+ upstream: Allow ssh_config IdentityAgent directive to accept
+
+ environment variable names as well as explicit paths. ok dtucker@
+
+ OpenBSD-Commit-ID: 2f0996e103876c53d8c9dd51dcce9889d700767b
+
+commit a46ac4d86b25414d78b632e8173578b37e5f8a83
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Tue Oct 2 12:51:58 2018 +0000
+
+ upstream: mention INFO at openssh.com for sending SIGINFO
+
+ OpenBSD-Commit-ID: 132471eeb0df658210afd27852fe65131b26e900
+
+commit ff3a411cae0b484274b7900ef52ff4dad3e12876
+Author: Damien Miller <djm at mindrot.org>
+Date: Tue Oct 2 22:49:40 2018 +1000
+
+ only support SIGINFO on systems with SIGINFO
+
+commit cd98925c6405e972dc9f211afc7e75e838abe81c
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Tue Oct 2 12:40:07 2018 +0000
+
+ upstream: Add server support for signalling sessions via the SSH
+
+ channel/ session protocol. Signalling is only supported to sesssions that are
+ not subsystems and were not started with a forced command.
+
+ Long requested in bz#1424
+
+ Based on a patch from markus@ and reworked by dtucker@;
+ ok markus@ dtucker@
+
+ OpenBSD-Commit-ID: 4bea826f575862eaac569c4bedd1056a268be1c3
+
+commit dba50258333f2604a87848762af07ba2cc40407a
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Wed Sep 26 07:32:44 2018 +0000
+
+ upstream: remove big ugly TODO comment from start of file. Some of
+
+ the mentioned tasks are obsolete and, of the remainder, most are already
+ captured in PROTOCOL.mux where they better belong
+
+ OpenBSD-Commit-ID: 16d9d76dee42a5bb651c9d6740f7f0ef68aeb407
+
+commit 92b61a38ee9b765f5049f03cd1143e13f3878905
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Wed Sep 26 07:30:05 2018 +0000
+
+ upstream: Document mux proxy mode; added by Markus in openssh-7.4
+
+ Also add a little bit of information about the overall packet format
+
+ OpenBSD-Commit-ID: bdb6f6ea8580ef96792e270cae7857786ad84a95
+
+commit 9d883a1ce4f89b175fd77405ff32674620703fb2
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Wed Sep 26 01:48:57 2018 +0000
+
+ upstream: s/process_mux_master/mux_master_process/ in mux master
+
+ function names,
+
+ Gives better symmetry with the existing mux_client_*() names and makes
+ it more obvious when a message comes from the master vs client (they
+ are interleved in ControlMaster=auto mode).
+
+ no functional change beyond prefixing a could of log messages with
+ __func__ where they were previously lacking.
+
+ OpenBSD-Commit-ID: b01f7c3fdf92692e1713a822a89dc499333daf75
+
+commit c2fa53cd6462da82d3a851dc3a4a3f6b920337c8
+Author: Darren Tucker <dtucker at dtucker.net>
+Date: Sat Sep 22 14:41:24 2018 +1000
+
+ Remove unused variable in _ssh_compat_fflush.
+
+commit d1b3540c21212624af907488960d703c7d987b42
+Author: Darren Tucker <dtucker at dtucker.net>
+Date: Thu Sep 20 18:08:43 2018 +1000
+
+ Import updated moduli.
+
+commit b5e412a8993ad17b9e1141c78408df15d3d987e1
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Fri Sep 21 12:46:22 2018 +0000
+
+ upstream: Allow ssh_config ForwardX11Timeout=0 to disable the
+
+ timeout and allow X11 connections in untrusted mode indefinitely. ok dtucker@
+
+ OpenBSD-Commit-ID: ea1ceed3f540b48e5803f933e59a03b20db10c69
+
+commit cb24d9fcc901429d77211f274031653476864ec6
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Fri Sep 21 12:23:17 2018 +0000
+
+ upstream: when compiled with GSSAPI support, cache supported method
+
+ OIDs by calling ssh_gssapi_prepare_supported_oids() regardless of whether
+ GSSAPI authentication is enabled in the main config.
+
+ This avoids sandbox violations for configurations that enable GSSAPI
+ auth later, e.g.
+
+ Match user djm
+ GSSAPIAuthentication yes
+
+ bz#2107; ok dtucker@
+
+ OpenBSD-Commit-ID: a5dd42d87c74e27cfb712b15b0f97ab20e0afd1d
+
+commit bbc8af72ba68da014d4de6e21a85eb5123384226
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Fri Sep 21 12:20:12 2018 +0000
+
+ upstream: In sshkey_in_file(), ignore keys that are considered for
+
+ being too short (i.e. SSH_ERR_KEY_LENGTH). These keys will not be considered
+ to be "in the file". This allows key revocation lists to contain short keys
+ without the entire revocation list being considered invalid.
+
+ bz#2897; ok dtucker
+
+ OpenBSD-Commit-ID: d9f3d857d07194a42ad7e62889a74dc3f9d9924b
+
+commit 383a33d160cefbfd1b40fef81f72eadbf9303a66
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Fri Sep 21 03:11:36 2018 +0000
+
+ upstream: Treat connections with ProxyJump specified the same as ones
+
+ with a ProxyCommand set with regards to hostname canonicalisation (i.e. don't
+ try to canonicalise the hostname unless CanonicalizeHostname is set to
+ 'always').
+
+ Patch from Sven Wegener via bz#2896
+
+ OpenBSD-Commit-ID: 527ff501cf98bf65fb4b29ed0cb847dda10f4d37
+
+commit 0cbed248ed81584129b67c348dbb801660f25a6a
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Thu Sep 20 23:40:16 2018 +0000
+
+ upstream: actually make CASignatureAlgorithms available as a config
+
+ option
+
+ OpenBSD-Commit-ID: 93fa7ff58314ed7b1ab7744090a6a91232e6ae52
+
+commit 62528870c0ec48cd86a37dd7320fb85886c3e6ee
+Author: dtucker at openbsd.org <dtucker at openbsd.org>
+Date: Thu Sep 20 08:07:03 2018 +0000
+
+ upstream: Import updated moduli.
+
+ OpenBSD-Commit-ID: 04431e8e7872f49a2129bf080a6b73c19d576d40
+
+commit e6933a2ffa0659d57f3c7b7c457b2c62b2a84613
+Author: jmc at openbsd.org <jmc at openbsd.org>
+Date: Thu Sep 20 06:58:48 2018 +0000
+
+ upstream: reorder CASignatureAlgorithms, and add them to the
+
+ various -o lists; ok djm
+
+ OpenBSD-Commit-ID: ecb88baecc3c54988b4d1654446ea033da359288
+
+commit aa083aa9624ea7b764d5a81c4c676719a1a3e42b
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Thu Sep 20 03:31:49 2018 +0000
+
+ upstream: fix "ssh -Q sig" to show correct signature algorithm list
+
+ (it was erroneously showing certificate algorithms); prompted by markus@
+
+ OpenBSD-Commit-ID: 1cdee002f2f0c21456979deeb887fc889afb154d
+
+commit ecac7e1f7add6b28874959a11f2238d149dc2c07
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Thu Sep 20 03:30:44 2018 +0000
+
+ upstream: add CASignatureAlgorithms option for the client, allowing
+
+ it to specify which signature algorithms may be used by CAs when signing
+ certificates. Useful if you want to ban RSA/SHA1; ok markus@
+
+ OpenBSD-Commit-ID: 9159e5e9f67504829bf53ff222057307a6e3230f
+
+commit 86e5737c39153af134158f24d0cab5827cbd5852
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Thu Sep 20 03:28:06 2018 +0000
+
+ upstream: Add sshd_config CASignatureAlgorithms option to allow
+
+ control over which signature algorithms a CA may use when signing
+ certificates. In particular, this allows a sshd to ban certificates signed
+ with RSA/SHA1.
+
+ ok markus@
+
+ OpenBSD-Commit-ID: b05c86ef8b52b913ed48d54a9b9c1a7714d96bac
+
+commit f80e68ea7d62e2dfafc12f1a60ab544ae4033a0f
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Wed Sep 19 02:03:02 2018 +0000
+
+ upstream: Make "ssh-add -q" do what it says on the tin: silence
+
+ output from successful operations.
+
+ Based on patch from Thijs van Dijk; ok dtucker@ deraadt@
+
+ OpenBSD-Commit-ID: c4f754ecc055c10af166116ce7515104aa8522e1
+
+commit 5e532320e9e51de720d5f3cc2596e95d29f6e98f
+Author: millert at openbsd.org <millert at openbsd.org>
+Date: Mon Sep 17 15:40:14 2018 +0000
+
+ upstream: When choosing a prime from the moduli file, avoid
+
+ re-using the linenum variable for something that is not a line number to
+ avoid the confusion that resulted in the bug in rev. 1.64. This also lets us
+ pass the actual linenum to parse_prime() so the error messages include the
+ correct line number. OK markus@ some time ago.
+
+ OpenBSD-Commit-ID: 4d8e5d3e924d6e8eb70053e3defa23c151a00084
+
+commit cce8cbe0ed7d1ba3a575310e0b63c193326ae616
+Author: Darren Tucker <dtucker at dtucker.net>
+Date: Sat Sep 15 19:44:06 2018 +1000
+
+ Fix openssl-1.1 fallout for --without-openssl.
+
+ ok djm@
+
+commit 149519b9f201dac755f3cba4789f4d76fecf0ee1
+Author: Damien Miller <djm at mindrot.org>
+Date: Sat Sep 15 19:37:48 2018 +1000
+
+ add futex(2) syscall to seccomp sandbox
+
+ Apparently needed for some glibc/openssl combinations.
+
+ Patch from Arkadiusz Miśkiewicz
+
+commit 4488ae1a6940af704c4dbf70f55bf2f756a16536
+Author: Damien Miller <djm at mindrot.org>
+Date: Sat Sep 15 19:36:55 2018 +1000
+
+ really add source for authopt_fuzz this time
+
+commit 9201784b4a257c8345fbd740bcbdd70054885707
+Author: Damien Miller <djm at mindrot.org>
+Date: Sat Sep 15 19:35:40 2018 +1000
+
+ remove accidentally checked-in authopt_fuzz binary
+
+commit beb9e522dc7717df08179f9e59f36b361bfa14ab
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Fri Sep 14 05:26:27 2018 +0000
+
+ upstream: second try, deals properly with missing and private-only
+
+ Use consistent format in debug log for keys readied, offered and
+ received during public key authentication.
+
+ This makes it a little easier to see what is going on, as each message
+ now contains (where available) the key filename, its type and fingerprint,
+ and whether the key is hosted in an agent or a token.
+
+ OpenBSD-Commit-ID: f1c6a8e9cfc4e108c359db77f24f9a40e1e25ea7
+
+commit 6bc5a24ac867bfdc3ed615589d69ac640f51674b
+Author: Damien Miller <djm at mindrot.org>
+Date: Fri Sep 14 15:16:34 2018 +1000
+
+ fuzzer harness for authorized_keys option parsing
+
+commit 6c8b82fc6929b6a9a3f645151b6ec26c5507d9ef
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Fri Sep 14 04:44:04 2018 +0000
+
+ upstream: revert following; deals badly with agent keys
+
+ revision 1.285
+ date: 2018/09/14 04:17:12; author: djm; state: Exp; lines: +47 -26; commitid: lflGFcNb2X2HebaK;
+ Use consistent format in debug log for keys readied, offered and
+ received during public key authentication.
+
+ This makes it a little easier to see what is going on, as each message
+ now contains the key filename, its type and fingerprint, and whether
+ the key is hosted in an agent or a token.
+
+ OpenBSD-Commit-ID: e496bd004e452d4b051f33ed9ae6a54ab918f56d
+
+commit 6da046f9c3374ce7e269ded15d8ff8bc45017301
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Fri Sep 14 04:17:44 2018 +0000
+
+ upstream: garbage-collect moribund ssh_new_private() API.
+
+ OpenBSD-Commit-ID: 7c05bf13b094093dfa01848a9306c82eb6e95f6c
+
+commit 1f24ac5fc05252ceb1c1d0e8cab6a283b883c780
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Fri Sep 14 04:17:12 2018 +0000
+
+ upstream: Use consistent format in debug log for keys readied,
+
+ offered and received during public key authentication.
+
+ This makes it a little easier to see what is going on, as each message
+ now contains the key filename, its type and fingerprint, and whether
+ the key is hosted in an agent or a token.
+
+ OpenBSD-Commit-ID: 2a01d59285a8a7e01185bb0a43316084b4f06a1f
+
+commit 488c9325bb7233e975dbfbf89fa055edc3d3eddc
+Author: millert at openbsd.org <millert at openbsd.org>
+Date: Thu Sep 13 15:23:32 2018 +0000
+
+ upstream: Fix warnings caused by user_from_uid() and group_from_gid()
+
+ now returning const char *.
+
+ OpenBSD-Commit-ID: b5fe571ea77cfa7b9035062829ab05eb87d7cc6f
+
+commit 0aa1f230846ebce698e52051a107f3127024a05a
+Author: Damien Miller <djm at mindrot.org>
+Date: Fri Sep 14 10:31:47 2018 +1000
+
+ allow SIGUSR1 as synonym for SIGINFO
+
+ Lets users on those unfortunate operating systems that lack SIGINFO
+ still be able to obtain progress information from unit tests :)
+
+commit d64e78526596f098096113fcf148216798c327ff
+Author: Damien Miller <djm at mindrot.org>
+Date: Thu Sep 13 19:05:48 2018 +1000
+
+ add compat header
+
+commit a3fd8074e2e2f06602e25618721f9556c731312c
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Thu Sep 13 09:03:20 2018 +0000
+
+ upstream: missed a bit of openssl-1.0.x API in this unittest
+
+ OpenBSD-Regress-ID: a73a54d7f7381856a3f3a2d25947bee7a9a5dbc9
+
+commit 86e0a9f3d249d5580390daf58e015e68b01cef10
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Thu Sep 13 05:06:51 2018 +0000
+
+ upstream: use only openssl-1.1.x API here too
+
+ OpenBSD-Regress-ID: ae877064597c349954b1b443769723563cecbc8f
+
+commit 48f54b9d12c1c79fba333bc86d455d8f4cda8cfc
+Author: Damien Miller <djm at mindrot.org>
+Date: Thu Sep 13 12:13:50 2018 +1000
+
+ adapt -portable to OpenSSL 1.1x API
+
+ Polyfill missing API with replacement functions extracted from LibreSSL
+
+commit 86112951d63d48839f035b5795be62635a463f99
+Author: Damien Miller <djm at mindrot.org>
+Date: Thu Sep 13 12:12:42 2018 +1000
+
+ forgot to stage these test files in commit d70d061
+
+commit 482d23bcacdd3664f21cc82a5135f66fc598275f
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Thu Sep 13 02:08:33 2018 +0000
+
+ upstream: hold our collective noses and use the openssl-1.1.x API in
+
+ OpenSSH; feedback and ok tb@ jsing@ markus@
+
+ OpenBSD-Commit-ID: cacbcac87ce5da0d3ca7ef1b38a6f7fb349e4417
+
+commit d70d061828730a56636ab6f1f24fe4a8ccefcfc1
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Wed Sep 12 01:36:45 2018 +0000
+
+ upstream: Include certs with multiple RSA signature variants in
+
+ test data Ensure that cert->signature_key is populated correctly
+
+ OpenBSD-Regress-ID: 56e68f70fe46cb3a193ca207385bdb301fd6603a
+
+commit f803b2682992cfededd40c91818b653b5d923ef5
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Wed Sep 12 01:23:48 2018 +0000
+
+ upstream: test revocation by explicit hash and by fingerprint
+
+ OpenBSD-Regress-ID: 079c18a9ab9663f4af419327c759fc1e2bc78fd8
+
+commit 2de78bc7da70e1338b32feeefcc6045cf49efcd4
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Wed Sep 12 01:22:43 2018 +0000
+
+ upstream: s/sshkey_demote/sshkey_from_private/g
+
+ OpenBSD-Regress-ID: 782bde7407d94a87aa8d1db7c23750e09d4443c4
+
+commit 41c115a5ea1cb79a6a3182773c58a23f760e8076
+Author: Damien Miller <djm at mindrot.org>
+Date: Wed Sep 12 16:50:01 2018 +1000
+
+ delete the correct thing; kexfuzz binary
+
+commit f0fcd7e65087db8c2496f13ed39d772f8e38b088
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Wed Sep 12 06:18:59 2018 +0000
+
+ upstream: fix edit mistake; spotted by jmc@
+
+ OpenBSD-Commit-ID: dd724e1c52c9d6084f4cd260ec7e1b2b138261c6
+
+commit 4cc259bac699f4d2a5c52b92230f9e488c88a223
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Wed Sep 12 01:34:02 2018 +0000
+
+ upstream: add SSH_ALLOWED_CA_SIGALGS - the default list of
+
+ signature algorithms that are allowed for CA signatures. Notably excludes
+ ssh-dsa.
+
+ ok markus@
+
+ OpenBSD-Commit-ID: 1628e4181dc8ab71909378eafe5d06159a22deb4
+
+commit ba9e788315b1f6a350f910cb2a9e95b2ce584e89
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Wed Sep 12 01:32:54 2018 +0000
+
+ upstream: add sshkey_check_cert_sigtype() that checks a
+
+ cert->signature_type against a supplied whitelist; ok markus
+
+ OpenBSD-Commit-ID: caadb8073292ed7a9535e5adc067d11d356d9302
+
+commit a70fd4ad7bd9f2ed223ff635a3d41e483057f23b
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Wed Sep 12 01:31:30 2018 +0000
+
+ upstream: add cert->signature_type field and keep it in sync with
+
+ certificate signature wrt loading and certification operations; ok markus@
+
+ OpenBSD-Commit-ID: e8b8b9f76b66707a0cd926109c4383db8f664df3
+
+commit 357128ac48630a9970e3af0e6ff820300a28da47
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Wed Sep 12 01:30:10 2018 +0000
+
+ upstream: Add "ssh -Q sig" to allow listing supported signature
+
+ algorithms ok markus@
+
+ OpenBSD-Commit-ID: 7a8c6eb6c249dc37823ba5081fce64876d10fe2b
+
+commit 9405c6214f667be604a820c6823b27d0ea77937d
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Wed Sep 12 01:21:34 2018 +0000
+
+ upstream: allow key revocation by SHA256 hash and allow ssh-keygen
+
+ to create KRLs using SHA256/base64 key fingerprints; ok markus@
+
+ OpenBSD-Commit-ID: a0590fd34e7f1141f2873ab3acc57442560e6a94
+
+commit 50e2687ee0941c0ea216d6ffea370ffd2c1f14b9
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Wed Sep 12 01:19:12 2018 +0000
+
+ upstream: log certificate fingerprint in authentication
+
+ success/failure message (previously we logged only key ID and CA key
+ fingerprint).
+
+ ok markus@
+
+ OpenBSD-Commit-ID: a8ef2d172b7f1ddbcce26d6434b2de6d94f6c05d
+
+commit de37ca909487d23e5844aca289b3f5e75d3f1e1f
+Author: dtucker at openbsd.org <dtucker at openbsd.org>
+Date: Fri Sep 7 04:26:56 2018 +0000
+
+ upstream: Add FALLTHROUGH comments where appropriate. Patch from
+
+ jjelen at redhat via bz#2687.
+
+ OpenBSD-Commit-ID: c48eb457be697a19d6d2950c6d0879f3ccc851d3
+
+commit 247766cd3111d5d8c6ea39833a3257ca8fb820f2
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Fri Sep 7 01:42:54 2018 +0000
+
+ upstream: ssh -MM requires confirmation for all operations that
+
+ change the multiplexing state, not just new sessions.
+
+ mention that confirmation is checked via ssh-askpass
+
+ OpenBSD-Commit-ID: 0f1b45551ebb9cc5c9a4fe54ad3b23ce90f1f5c2
+
+commit db8bb80e3ac1bcb3e1305d846cd98c6b869bf03f
+Author: mestre at openbsd.org <mestre at openbsd.org>
+Date: Tue Aug 28 12:25:53 2018 +0000
+
+ upstream: fix misplaced parenthesis inside if-clause. it's harmless
+
+ and the only issue is showing an unknown error (since it's not defined)
+ during fatal(), if it ever an error occurs inside that condition.
+
+ OK deraadt@ markus@ djm@
+
+ OpenBSD-Commit-ID: acb0a8e6936bfbe590504752d01d1d251a7101d8
+
+commit 086cc614f550b7d4f100c95e472a6b6b823938ab
+Author: mestre at openbsd.org <mestre at openbsd.org>
+Date: Tue Aug 28 12:17:45 2018 +0000
+
+ upstream: fix build with DEBUG_PK enabled
+
+ OK dtucker@
+
+ OpenBSD-Commit-ID: ec1568cf27726e9638a0415481c20c406e7b441c
+
+commit 2678833013e97f8b18f09779b7f70bcbf5eb2ab2
+Author: Darren Tucker <dtucker at dtucker.net>
+Date: Fri Sep 7 14:41:53 2018 +1000
+
+ Handle ngroups>_SC_NGROUPS_MAX.
+
+ Based on github pull request #99 from Darren Maffat at Oracle: Solaris'
+ getgrouplist considers _SC_NGROUPS_MAX more of a guideline and can return
+ a larger number of groups. In this case, retry getgrouplist with a
+ larger array and defer allocating groups_byname. ok djm@
+
+commit 039bf2a81797b8f3af6058d34005a4896a363221
+Author: Darren Tucker <dtucker at dtucker.net>
+Date: Fri Sep 7 14:06:57 2018 +1000
+
+ Initial len for the fmt=NULL case.
+
+ Patch from jjelen at redhat via bz#2687. (OpenSSH never calls
+ setproctitle with a null format so len is always initialized).
+
+commit ea9c06e11d2e8fb2f4d5e02f8a41e23d2bd31ca9
+Author: Darren Tucker <dtucker at dtucker.net>
+Date: Fri Sep 7 14:01:39 2018 +1000
+
+ Include stdlib.h.
+
+ Patch from jjelen at redhat via bz#2687.
+
+commit 9617816dbe73ec4d65075f4d897443f63a97c87f
+Author: Damien Miller <djm at mindrot.org>
+Date: Mon Aug 27 13:08:01 2018 +1000
+
+ document some more regress control env variables
+
+ Specifically SKIP_UNIT, USE_VALGRING and LTESTS. Sort the list of
+ environment variables.
+
+ Based on patch from Jakub Jelen
+
commit 71508e06fab14bc415a79a08f5535ad7bffa93d9
Author: Damien Miller <djm at mindrot.org>
Date: Thu Aug 23 15:41:42 2018 +1000
@@ -8880,862 +9704,3 @@ Date: Thu Oct 20 03:42:09 2016 +1100
Remote channels .orig and .rej files.
These files were incorrectly added during an OpenBSD sync.
-
-commit 246aa842a4ad368d8ce030495e657ef3a0e1f95c
-Author: dtucker at openbsd.org <dtucker at openbsd.org>
-Date: Tue Oct 18 17:32:54 2016 +0000
-
- upstream commit
-
- Remove channel_input_port_forward_request(); the only caller
- was the recently-removed SSH1 server code so it's now dead code. ok markus@
-
- Upstream-ID: 05453983230a1f439562535fec2818f63f297af9
-
-commit 2c6697c443d2c9c908260eed73eb9143223e3ec9
-Author: millert at openbsd.org <millert at openbsd.org>
-Date: Tue Oct 18 12:41:22 2016 +0000
-
- upstream commit
-
- Install a signal handler for tty-generated signals and
- wait for the ssh child to suspend before suspending sftp. This lets ssh
- restore the terminal mode as needed when it is suspended at the password
- prompt. OK dtucker@
-
- Upstream-ID: a31c1f42aa3e2985dcc91e46e6a17bd22e372d69
-
-commit fd2a8f1033fa2316fff719fd5176968277560158
-Author: jmc at openbsd.org <jmc at openbsd.org>
-Date: Sat Oct 15 19:56:25 2016 +0000
-
- upstream commit
-
- various formatting fixes, specifically removing Dq;
-
- Upstream-ID: 81e85df2b8e474f5f93d66e61d9a4419ce87347c
-
-commit 8f866d8a57b9a2dc5dd04504e27f593b551618e3
-Author: Darren Tucker <dtucker at zip.com.au>
-Date: Wed Oct 19 03:26:09 2016 +1100
-
- Import readpassphrase.c rev 1.26.
-
- Author: miller at openbsd.org:
- Avoid generate SIGTTOU when restoring the terminal mode. If we get
- SIGTTOU it means the process is not in the foreground process group
- which, in most cases, means that the shell has taken control of the tty.
- Requiring the user the fg the process in this case doesn't make sense
- and can result in both SIGTSTP and SIGTTOU being sent which can lead to
- the process being suspended again immediately after being brought into
- the foreground.
-
-commit f901440cc844062c9bab0183d133f7ccc58ac3a5
-Author: Darren Tucker <dtucker at zip.com.au>
-Date: Wed Oct 19 03:23:16 2016 +1100
-
- Import readpassphrase.c rev 1.25.
-
- Wrap <readpassphrase.h> so internal calls go direct and
- readpassphrase is weak.
-
- (DEF_WEAK is a no-op in portable.)
-
-commit 032147b69527e5448a511049b2d43dbcae582624
-Author: Darren Tucker <dtucker at zip.com.au>
-Date: Sat Oct 15 05:51:12 2016 +1100
-
- Move DEF_WEAK into defines.h.
-
- As well pull in more recent changes from OpenBSD these will start to
- arrive so put it where the definition is shared.
-
-commit e0259a82ddd950cfb109ddee86fcebbc09c6bd04
-Author: Darren Tucker <dtucker at zip.com.au>
-Date: Sat Oct 15 04:34:46 2016 +1100
-
- Remove do_pam_set_tty which is dead code.
-
- The callers of do_pam_set_tty were removed in 2008, so this is now dead
- code. bz#2604, pointed out by jjelen at redhat.com.
-
-commit ca04de83f210959ad2ed870a30ba1732c3ae00e3
-Author: Damien Miller <djm at mindrot.org>
-Date: Thu Oct 13 18:53:43 2016 +1100
-
- unbreak principals-command test
-
- Undo inconsistetly updated variable name.
-
-commit 1723ec92eb485ce06b4cbf49712d21975d873909
-Author: djm at openbsd.org <djm at openbsd.org>
-Date: Tue Oct 11 21:49:54 2016 +0000
-
- upstream commit
-
- fix the KEX fuzzer - the previous method of obtaining the
- packet contents was broken. This now uses the new per-packet input hook, so
- it sees exact post-decrypt packets and doesn't have to pass packet integrity
- checks. ok markus@
-
- Upstream-Regress-ID: 402fb6ffabd97de590e8e57b25788949dce8d2fd
-
-commit 09f997893f109799cddbfce6d7e67f787045cbb2
-Author: natano at openbsd.org <natano at openbsd.org>
-Date: Thu Oct 6 09:31:38 2016 +0000
-
- upstream commit
-
- Move USER out of the way to unbreak the BUILDUSER
- mechanism. ok tb
-
- Upstream-Regress-ID: 74ab9687417dd071d62316eaadd20ddad1d5af3c
-
-commit 3049a012c482a7016f674db168f23fd524edce27
-Author: bluhm at openbsd.org <bluhm at openbsd.org>
-Date: Fri Sep 30 11:55:20 2016 +0000
-
- upstream commit
-
- In ssh tests set REGRESS_FAIL_EARLY with ?= so that the
- environment can change it. OK djm@
-
- Upstream-Regress-ID: 77bcb50e47b68c7209c7f0a5a020d73761e5143b
-
-commit 39af7b444db28c1cb01b7ea468a4f574a44f375b
-Author: djm at openbsd.org <djm at openbsd.org>
-Date: Tue Oct 11 21:47:45 2016 +0000
-
- upstream commit
-
- Add a per-packet input hook that is called with the
- decrypted packet contents. This will be used for fuzzing; ok markus@
-
- Upstream-ID: a3221cee6b1725dd4ae1dd2c13841b4784cb75dc
-
-commit ec165c392ca54317dbe3064a8c200de6531e89ad
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-src-all
mailing list