From owner-svn-src-vendor@freebsd.org Sun May 6 12:24:47 2018 Return-Path: Delivered-To: svn-src-vendor@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CDB8BFB8880; Sun, 6 May 2018 12:24:46 +0000 (UTC) (envelope-from des@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 6D30D87BB0; Sun, 6 May 2018 12:24:46 +0000 (UTC) (envelope-from des@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 63A0B4BC5; Sun, 6 May 2018 12:24:46 +0000 (UTC) (envelope-from des@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w46COkqF035973; Sun, 6 May 2018 12:24:46 GMT (envelope-from des@FreeBSD.org) Received: (from des@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w46COj3G035969; Sun, 6 May 2018 12:24:45 GMT (envelope-from des@FreeBSD.org) Message-Id: <201805061224.w46COj3G035969@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: des set sender to des@FreeBSD.org using -f From: =?UTF-8?Q?Dag-Erling_Sm=c3=b8rgrav?= Date: Sun, 6 May 2018 12:24:45 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: svn commit: r333296 - in vendor-crypto/openssh/dist: . contrib contrib/aix contrib/redhat contrib/suse openbsd-compat regress regress/misc/fuzz-harness regress/misc/kexfuzz regress/unittests regres... X-SVN-Group: vendor-crypto X-SVN-Commit-Author: des X-SVN-Commit-Paths: in vendor-crypto/openssh/dist: . contrib contrib/aix contrib/redhat contrib/suse openbsd-compat regress regress/misc/fuzz-harness regress/misc/kexfuzz regress/unittests regress/unittests/hostkeys regr... X-SVN-Commit-Revision: 333296 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 06 May 2018 12:24:47 -0000 Author: des Date: Sun May 6 12:24:45 2018 New Revision: 333296 URL: https://svnweb.freebsd.org/changeset/base/333296 Log: Vendor import of OpenSSH 7.6p1. Added: vendor-crypto/openssh/dist/.gitignore vendor-crypto/openssh/dist/openbsd-compat/bsd-getpagesize.c vendor-crypto/openssh/dist/openbsd-compat/bsd-malloc.c vendor-crypto/openssh/dist/openbsd-compat/freezero.c vendor-crypto/openssh/dist/openbsd-compat/recallocarray.c vendor-crypto/openssh/dist/platform-misc.c vendor-crypto/openssh/dist/regress/authinfo.sh vendor-crypto/openssh/dist/regress/misc/fuzz-harness/ vendor-crypto/openssh/dist/regress/misc/fuzz-harness/Makefile vendor-crypto/openssh/dist/regress/misc/fuzz-harness/README vendor-crypto/openssh/dist/regress/misc/fuzz-harness/pubkey_fuzz.cc vendor-crypto/openssh/dist/regress/misc/fuzz-harness/sig_fuzz.cc Deleted: vendor-crypto/openssh/dist/cipher-3des1.c vendor-crypto/openssh/dist/cipher-bf1.c vendor-crypto/openssh/dist/deattack.c vendor-crypto/openssh/dist/deattack.h vendor-crypto/openssh/dist/md-sha256.c vendor-crypto/openssh/dist/rsa.c vendor-crypto/openssh/dist/rsa.h vendor-crypto/openssh/dist/ssh1.h vendor-crypto/openssh/dist/sshconnect1.c Modified: vendor-crypto/openssh/dist/.skipped-commit-ids vendor-crypto/openssh/dist/ChangeLog vendor-crypto/openssh/dist/INSTALL vendor-crypto/openssh/dist/LICENCE vendor-crypto/openssh/dist/Makefile.in vendor-crypto/openssh/dist/PROTOCOL vendor-crypto/openssh/dist/PROTOCOL.agent vendor-crypto/openssh/dist/PROTOCOL.certkeys vendor-crypto/openssh/dist/README vendor-crypto/openssh/dist/auth-options.c vendor-crypto/openssh/dist/auth-options.h vendor-crypto/openssh/dist/auth-pam.c vendor-crypto/openssh/dist/auth.c vendor-crypto/openssh/dist/auth.h vendor-crypto/openssh/dist/auth2-chall.c vendor-crypto/openssh/dist/auth2-gss.c vendor-crypto/openssh/dist/auth2-hostbased.c vendor-crypto/openssh/dist/auth2-kbdint.c vendor-crypto/openssh/dist/auth2-none.c vendor-crypto/openssh/dist/auth2-passwd.c vendor-crypto/openssh/dist/auth2-pubkey.c vendor-crypto/openssh/dist/auth2.c vendor-crypto/openssh/dist/authfd.c vendor-crypto/openssh/dist/authfd.h vendor-crypto/openssh/dist/authfile.c vendor-crypto/openssh/dist/bitmap.c vendor-crypto/openssh/dist/bufbn.c vendor-crypto/openssh/dist/buffer.h vendor-crypto/openssh/dist/channels.c vendor-crypto/openssh/dist/channels.h vendor-crypto/openssh/dist/cipher.c vendor-crypto/openssh/dist/cipher.h vendor-crypto/openssh/dist/clientloop.c vendor-crypto/openssh/dist/clientloop.h vendor-crypto/openssh/dist/compat.c vendor-crypto/openssh/dist/compat.h vendor-crypto/openssh/dist/config.h.in vendor-crypto/openssh/dist/configure vendor-crypto/openssh/dist/configure.ac vendor-crypto/openssh/dist/contrib/aix/README vendor-crypto/openssh/dist/contrib/redhat/openssh.spec vendor-crypto/openssh/dist/contrib/ssh-copy-id vendor-crypto/openssh/dist/contrib/suse/openssh.spec vendor-crypto/openssh/dist/defines.h vendor-crypto/openssh/dist/digest-libc.c vendor-crypto/openssh/dist/digest-openssl.c vendor-crypto/openssh/dist/digest.h vendor-crypto/openssh/dist/dispatch.c vendor-crypto/openssh/dist/dispatch.h vendor-crypto/openssh/dist/dns.c vendor-crypto/openssh/dist/dns.h vendor-crypto/openssh/dist/gss-serv.c vendor-crypto/openssh/dist/hostfile.c vendor-crypto/openssh/dist/includes.h vendor-crypto/openssh/dist/kex.c vendor-crypto/openssh/dist/kex.h vendor-crypto/openssh/dist/kexc25519c.c vendor-crypto/openssh/dist/kexc25519s.c vendor-crypto/openssh/dist/kexdhc.c vendor-crypto/openssh/dist/kexdhs.c vendor-crypto/openssh/dist/kexecdhc.c vendor-crypto/openssh/dist/kexecdhs.c vendor-crypto/openssh/dist/kexgexc.c vendor-crypto/openssh/dist/kexgexs.c vendor-crypto/openssh/dist/key.c vendor-crypto/openssh/dist/key.h vendor-crypto/openssh/dist/krl.c vendor-crypto/openssh/dist/log.c vendor-crypto/openssh/dist/log.h vendor-crypto/openssh/dist/mac.c vendor-crypto/openssh/dist/misc.c vendor-crypto/openssh/dist/misc.h vendor-crypto/openssh/dist/moduli.0 vendor-crypto/openssh/dist/monitor.c vendor-crypto/openssh/dist/monitor_wrap.c vendor-crypto/openssh/dist/monitor_wrap.h vendor-crypto/openssh/dist/mux.c vendor-crypto/openssh/dist/myproposal.h vendor-crypto/openssh/dist/nchan.c vendor-crypto/openssh/dist/opacket.c vendor-crypto/openssh/dist/opacket.h vendor-crypto/openssh/dist/openbsd-compat/Makefile.in vendor-crypto/openssh/dist/openbsd-compat/bsd-err.c vendor-crypto/openssh/dist/openbsd-compat/bsd-misc.c vendor-crypto/openssh/dist/openbsd-compat/bsd-misc.h vendor-crypto/openssh/dist/openbsd-compat/explicit_bzero.c vendor-crypto/openssh/dist/openbsd-compat/fmt_scaled.c vendor-crypto/openssh/dist/openbsd-compat/openbsd-compat.h vendor-crypto/openssh/dist/openbsd-compat/port-tun.c vendor-crypto/openssh/dist/openbsd-compat/port-tun.h vendor-crypto/openssh/dist/packet.c vendor-crypto/openssh/dist/packet.h vendor-crypto/openssh/dist/pathnames.h vendor-crypto/openssh/dist/platform.c vendor-crypto/openssh/dist/readconf.c vendor-crypto/openssh/dist/readconf.h vendor-crypto/openssh/dist/regress/Makefile vendor-crypto/openssh/dist/regress/agent-getpeereid.sh vendor-crypto/openssh/dist/regress/agent-pkcs11.sh vendor-crypto/openssh/dist/regress/agent.sh vendor-crypto/openssh/dist/regress/banner.sh vendor-crypto/openssh/dist/regress/broken-pipe.sh vendor-crypto/openssh/dist/regress/brokenkeys.sh vendor-crypto/openssh/dist/regress/cert-file.sh vendor-crypto/openssh/dist/regress/cert-hostkey.sh vendor-crypto/openssh/dist/regress/cert-userkey.sh vendor-crypto/openssh/dist/regress/cfgmatch.sh vendor-crypto/openssh/dist/regress/cipher-speed.sh vendor-crypto/openssh/dist/regress/connect-privsep.sh vendor-crypto/openssh/dist/regress/connect.sh vendor-crypto/openssh/dist/regress/dhgex.sh vendor-crypto/openssh/dist/regress/dynamic-forward.sh vendor-crypto/openssh/dist/regress/exit-status.sh vendor-crypto/openssh/dist/regress/forcecommand.sh vendor-crypto/openssh/dist/regress/forward-control.sh vendor-crypto/openssh/dist/regress/forwarding.sh vendor-crypto/openssh/dist/regress/host-expand.sh vendor-crypto/openssh/dist/regress/hostkey-agent.sh vendor-crypto/openssh/dist/regress/integrity.sh vendor-crypto/openssh/dist/regress/key-options.sh vendor-crypto/openssh/dist/regress/keygen-change.sh vendor-crypto/openssh/dist/regress/keyscan.sh vendor-crypto/openssh/dist/regress/keytype.sh vendor-crypto/openssh/dist/regress/localcommand.sh vendor-crypto/openssh/dist/regress/login-timeout.sh vendor-crypto/openssh/dist/regress/misc/kexfuzz/Makefile vendor-crypto/openssh/dist/regress/misc/kexfuzz/kexfuzz.c vendor-crypto/openssh/dist/regress/multiplex.sh vendor-crypto/openssh/dist/regress/principals-command.sh vendor-crypto/openssh/dist/regress/proto-mismatch.sh vendor-crypto/openssh/dist/regress/proto-version.sh vendor-crypto/openssh/dist/regress/proxy-connect.sh vendor-crypto/openssh/dist/regress/putty-ciphers.sh vendor-crypto/openssh/dist/regress/putty-transfer.sh vendor-crypto/openssh/dist/regress/reconfigure.sh vendor-crypto/openssh/dist/regress/reexec.sh vendor-crypto/openssh/dist/regress/ssh-com.sh vendor-crypto/openssh/dist/regress/stderr-after-eof.sh vendor-crypto/openssh/dist/regress/stderr-data.sh vendor-crypto/openssh/dist/regress/test-exec.sh vendor-crypto/openssh/dist/regress/transfer.sh vendor-crypto/openssh/dist/regress/try-ciphers.sh vendor-crypto/openssh/dist/regress/unittests/Makefile.inc vendor-crypto/openssh/dist/regress/unittests/hostkeys/mktestdata.sh vendor-crypto/openssh/dist/regress/unittests/hostkeys/test_iterate.c vendor-crypto/openssh/dist/regress/unittests/hostkeys/testdata/known_hosts vendor-crypto/openssh/dist/regress/unittests/sshkey/mktestdata.sh vendor-crypto/openssh/dist/regress/unittests/sshkey/test_file.c vendor-crypto/openssh/dist/regress/unittests/sshkey/test_fuzz.c vendor-crypto/openssh/dist/regress/unittests/sshkey/test_sshkey.c vendor-crypto/openssh/dist/regress/yes-head.sh vendor-crypto/openssh/dist/sandbox-capsicum.c vendor-crypto/openssh/dist/sandbox-seccomp-filter.c vendor-crypto/openssh/dist/sandbox-solaris.c vendor-crypto/openssh/dist/scp.0 vendor-crypto/openssh/dist/scp.1 vendor-crypto/openssh/dist/scp.c vendor-crypto/openssh/dist/servconf.c vendor-crypto/openssh/dist/servconf.h vendor-crypto/openssh/dist/serverloop.c vendor-crypto/openssh/dist/serverloop.h vendor-crypto/openssh/dist/session.c vendor-crypto/openssh/dist/session.h vendor-crypto/openssh/dist/sftp-client.c vendor-crypto/openssh/dist/sftp-common.c vendor-crypto/openssh/dist/sftp-server.0 vendor-crypto/openssh/dist/sftp-server.c vendor-crypto/openssh/dist/sftp.0 vendor-crypto/openssh/dist/sftp.1 vendor-crypto/openssh/dist/sftp.c vendor-crypto/openssh/dist/ssh-add.0 vendor-crypto/openssh/dist/ssh-add.1 vendor-crypto/openssh/dist/ssh-add.c vendor-crypto/openssh/dist/ssh-agent.0 vendor-crypto/openssh/dist/ssh-agent.c vendor-crypto/openssh/dist/ssh-gss.h vendor-crypto/openssh/dist/ssh-keygen.0 vendor-crypto/openssh/dist/ssh-keygen.1 vendor-crypto/openssh/dist/ssh-keygen.c vendor-crypto/openssh/dist/ssh-keyscan.0 vendor-crypto/openssh/dist/ssh-keyscan.1 vendor-crypto/openssh/dist/ssh-keyscan.c vendor-crypto/openssh/dist/ssh-keysign.0 vendor-crypto/openssh/dist/ssh-pkcs11-client.c vendor-crypto/openssh/dist/ssh-pkcs11-helper.0 vendor-crypto/openssh/dist/ssh-pkcs11-helper.c vendor-crypto/openssh/dist/ssh-pkcs11.c vendor-crypto/openssh/dist/ssh-rsa.c vendor-crypto/openssh/dist/ssh.0 vendor-crypto/openssh/dist/ssh.1 vendor-crypto/openssh/dist/ssh.c vendor-crypto/openssh/dist/ssh.h vendor-crypto/openssh/dist/ssh_api.c vendor-crypto/openssh/dist/ssh_config vendor-crypto/openssh/dist/ssh_config.0 vendor-crypto/openssh/dist/ssh_config.5 vendor-crypto/openssh/dist/sshbuf-getput-basic.c vendor-crypto/openssh/dist/sshbuf.c vendor-crypto/openssh/dist/sshbuf.h vendor-crypto/openssh/dist/sshconnect.c vendor-crypto/openssh/dist/sshconnect.h vendor-crypto/openssh/dist/sshconnect2.c vendor-crypto/openssh/dist/sshd.0 vendor-crypto/openssh/dist/sshd.8 vendor-crypto/openssh/dist/sshd.c vendor-crypto/openssh/dist/sshd_config.0 vendor-crypto/openssh/dist/sshd_config.5 vendor-crypto/openssh/dist/ssherr.c vendor-crypto/openssh/dist/ssherr.h vendor-crypto/openssh/dist/sshkey.c vendor-crypto/openssh/dist/sshkey.h vendor-crypto/openssh/dist/ttymodes.c vendor-crypto/openssh/dist/ttymodes.h vendor-crypto/openssh/dist/umac.c vendor-crypto/openssh/dist/utf8.c vendor-crypto/openssh/dist/version.h vendor-crypto/openssh/dist/xmalloc.c vendor-crypto/openssh/dist/xmalloc.h Added: vendor-crypto/openssh/dist/.gitignore ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ vendor-crypto/openssh/dist/.gitignore Sun May 6 12:24:45 2018 (r333296) @@ -0,0 +1,28 @@ +Makefile +buildpkg.sh +config.h +config.h.in +config.status +configure +openbsd-compat/Makefile +openbsd-compat/regress/Makefile +openssh.xml +opensshd.init +survey.sh +**/*.0 +**/*.o +**/*.out +**/*.a +autom4te.cache/ +scp +sftp +sftp-server +ssh +ssh-add +ssh-agent +ssh-keygen +ssh-keyscan +ssh-keysign +ssh-pkcs11-helper +sshd +!regress/misc/fuzz-harness/Makefile Modified: vendor-crypto/openssh/dist/.skipped-commit-ids ============================================================================== --- vendor-crypto/openssh/dist/.skipped-commit-ids Sun May 6 11:58:01 2018 (r333295) +++ vendor-crypto/openssh/dist/.skipped-commit-ids Sun May 6 12:24:45 2018 (r333296) @@ -11,3 +11,13 @@ f6ae971186ba68d066cd102e57d5b0b2c211a5ee systrace is d 96c5054e3e1f170c6276902d5bc65bb3b87a2603 remove DEBUGLIBS from Makefile 6da9a37f74aef9f9cc639004345ad893cad582d8 Update moduli file 77bcb50e47b68c7209c7f0a5a020d73761e5143b unset REGRESS_FAIL_EARLY +38c2133817cbcae75c88c63599ac54228f0fa384 Change COMPILER_VERSION tests +30c20180c87cbc99fa1020489fe7fd8245b6420c resync integrity.sh shell +1e6b51ddf767cbad0a4e63eb08026c127e654308 integrity.sh reliability +fe5b31f69a60d47171836911f144acff77810217 Makefile.inc bits +5781670c0578fe89663c9085ed3ba477cf7e7913 Delete sshconnect1.c +ea80f445e819719ccdcb237022cacfac990fdc5c Makefile.inc warning flags +b92c93266d8234d493857bb822260dacf4366157 moduli-gen.sh tweak +b25bf747544265b39af74fe0716dc8d9f5b63b95 Updated moduli +1bd41cba06a7752de4df304305a8153ebfb6b0ac rsa.[ch] already removed +e39b3902fe1d6c4a7ba6a3c58e072219f3c1e604 Makefile changes Modified: vendor-crypto/openssh/dist/ChangeLog ============================================================================== --- vendor-crypto/openssh/dist/ChangeLog Sun May 6 11:58:01 2018 (r333295) +++ vendor-crypto/openssh/dist/ChangeLog Sun May 6 12:24:45 2018 (r333296) @@ -1,3 +1,2514 @@ +commit 66bf74a92131b7effe49fb0eefe5225151869dc5 +Author: djm@openbsd.org +Date: Mon Oct 2 19:33:20 2017 +0000 + + upstream commit + + Fix PermitOpen crash; spotted by benno@, ok dtucker@ deraadt@ + + Upstream-ID: c2cc84ffac070d2e1ff76182c70ca230a387983c + +commit d63b38160a59039708fd952adc75a0b3da141560 +Author: Damien Miller +Date: Sun Oct 1 10:32:25 2017 +1100 + + update URL again + + I spotted a typo in the draft so uploaded a new version... + +commit 6f64f596430cd3576c529f07acaaf2800aa17d58 +Author: Damien Miller +Date: Sun Oct 1 10:01:56 2017 +1100 + + sync release notes URL + +commit 35ff70a04dd71663a5ac1e73b90d16d270a06e0d +Author: Damien Miller +Date: Sun Oct 1 10:01:25 2017 +1100 + + sync contrib/ssh-copy-id with upstream + +commit 290843b8ede85f8b30bf29cd7dceb805c3ea5b66 +Author: Damien Miller +Date: Sun Oct 1 09:59:19 2017 +1100 + + update version in RPM spec files + +commit 4e4e0bb223c5be88d87d5798c75cc6b0d4fef31d +Author: Damien Miller +Date: Sun Oct 1 09:58:24 2017 +1100 + + update agent draft URL + +commit e4a798f001d2ecd8bf025c1d07658079f27cc604 +Author: djm@openbsd.org +Date: Sat Sep 30 22:26:33 2017 +0000 + + upstream commit + + openssh-7.6; ok deraadt@ + + Upstream-ID: a39c3a5b63a1baae109ae1ae4c7c34c2a59acde0 + +commit 5fa1407e16e7e5fda9769d53b626ce39d5588d4d +Author: jmc@openbsd.org +Date: Wed Sep 27 06:45:53 2017 +0000 + + upstream commit + + tweak EposeAuthinfo; diff from lars nooden + + tweaked by sthen; ok djm dtucker + + Upstream-ID: 8f2ea5d2065184363e8be7a0ba24d98a3b259748 + +commit bba69c246f0331f657fd6ec97724df99fc1ad174 +Author: Damien Miller +Date: Thu Sep 28 16:06:21 2017 -0700 + + don't fatal ./configure for LibreSSL + +commit 04dc070e8b4507d9d829f910b29be7e3b2414913 +Author: Damien Miller +Date: Thu Sep 28 14:54:34 2017 -0700 + + abort in configure when only openssl-1.1.x found + + We don't support openssl-1.1.x yet (see multiple threads on the + openssh-unix-dev@ mailing list for the reason), but previously + ./configure would accept it and the compilation would subsequently + fail. This makes ./configure display an explicit error message and + abort. + + ok dtucker@ + +commit 74c1c3660acf996d9dc329e819179418dc115f2c +Author: Darren Tucker +Date: Wed Sep 27 07:44:41 2017 +1000 + + Check for and handle calloc(p, 0) = NULL. + + On some platforms (AIX, maybe others) allocating zero bytes of memory + via the various *alloc functions returns NULL, which is permitted + by the standards. Autoconf has some macros for detecting this (with + the exception of calloc for some reason) so use these and if necessary + activate shims for them. ok djm@ + +commit 6a9481258a77b0b54b2a313d1761c87360c5f1f5 +Author: markus@openbsd.org +Date: Thu Sep 21 19:18:12 2017 +0000 + + upstream commit + + test reverse dynamic forwarding with SOCKS + + Upstream-Regress-ID: 95cf290470f7e5e2f691e4bc6ba19b91eced2f79 + +commit 1b9f321605733754df60fac8c1d3283c89b74455 +Author: Damien Miller +Date: Tue Sep 26 16:55:55 2017 +1000 + + sync missing changes in dynamic-forward.sh + +commit 44fc334c7a9ebdd08addb6d5fa005369897fddeb +Author: Darren Tucker +Date: Mon Sep 25 09:48:10 2017 +1000 + + Add minimal strsignal for platforms without it. + +commit 218e6f98df566fb9bd363f6aa47018cb65ede196 +Author: djm@openbsd.org +Date: Sun Sep 24 13:45:34 2017 +0000 + + upstream commit + + fix inverted test on channel open failure path that + "upgraded" a transient failure into a fatal error; reported by sthen and also + seen by benno@; ok sthen@ + + Upstream-ID: b58b3fbb79ba224599c6cd6b60c934fc46c68472 + +commit c704f641f7b8777497dc82e81f2ac89afec7e401 +Author: djm@openbsd.org +Date: Sun Sep 24 09:50:01 2017 +0000 + + upstream commit + + write the correct buffer when tunnel forwarding; doesn't + matter on OpenBSD (they are the same) but does matter on portable where we + use an output filter to translate os-specific tun/tap headers + + Upstream-ID: f1ca94eff48404827b12e1d12f6139ee99a72284 + +commit 55486f5cef117354f0c64f991895835077b7c7f7 +Author: djm@openbsd.org +Date: Sat Sep 23 22:04:07 2017 +0000 + + upstream commit + + fix tunnel forwarding problem introduced in refactor; + reported by stsp@ ok markus@ + + Upstream-ID: 81a731cdae1122c8522134095d1a8b60fa9dcd04 + +commit 609d7a66ce578abf259da2d5f6f68795c2bda731 +Author: markus@openbsd.org +Date: Thu Sep 21 19:16:53 2017 +0000 + + upstream commit + + Add 'reverse' dynamic forwarding which combines dynamic + forwarding (-D) with remote forwarding (-R) where the remote-forwarded port + expects SOCKS-requests. + + The SSH server code is unchanged and the parsing happens at the SSH + clients side. Thus the full SOCKS-request is sent over the forwarded + channel and the client parses c->output. Parsing happens in + channel_before_prepare_select(), _before_ the select bitmask is + computed in the pre[] handlers, but after network input processing + in the post[] handlers. + + help and ok djm@ + + Upstream-ID: aa25a6a3851064f34fe719e0bf15656ad5a64b89 + +commit 36945fa103176c00b39731e1fc1919a0d0808b81 +Author: dtucker@openbsd.org +Date: Wed Sep 20 05:19:00 2017 +0000 + + upstream commit + + Use strsignal in debug message instead of casting for the + benefit of portable where sig_atomic_t might not be int. "much nicer" + deraadt@ + + Upstream-ID: 2dac6c1e40511c700bd90664cd263ed2299dcf79 + +commit 3e8d185af326bf183b6f78597d5e3d2eeb2dc40e +Author: millert@openbsd.org +Date: Tue Sep 19 12:10:30 2017 +0000 + + upstream commit + + Use explicit_bzero() instead of bzero() before free() to + prevent the compiler from optimizing away the bzero() call. OK djm@ + + Upstream-ID: cdc6197e64c9684c7250e23d60863ee1b53cef1d + +commit 5b8da1f53854c0923ec6e927e86709e4d72737b6 +Author: djm@openbsd.org +Date: Tue Sep 19 04:24:22 2017 +0000 + + upstream commit + + fix use-after-free in ~^Z escape handler path, introduced + in channels.c refactor; spotted by millert@ "makes sense" deraadt@ + + Upstream-ID: 8fa2cdc65c23ad6420c1e59444b0c955b0589b22 + +commit a3839d8d2b89ff1a80cadd4dd654336710de2c9e +Author: dtucker@openbsd.org +Date: Mon Sep 18 12:03:24 2017 +0000 + + upstream commit + + Prevent type mismatch warning in debug on platforms where + sig_atomic_t != int. ok djm@ + + Upstream-ID: 306e2375eb0364a4c68e48f091739bea4f4892ed + +commit 30484e5e5f0b63d2c6ba32c6b85f06b6c6fa55fc +Author: dtucker@openbsd.org +Date: Mon Sep 18 09:41:52 2017 +0000 + + upstream commit + + Add braces missing after channels refactor. ok markus@ + + Upstream-ID: 72ab325c84e010680dbc88f226e2aa96b11a3980 + +commit b79569190b9b76dfacc6d996faa482f16e8fc026 +Author: Damien Miller +Date: Tue Sep 19 12:29:23 2017 +1000 + + add freezero(3) replacement + + ok dtucker@ + +commit 161af8f5ec0961b10cc032efb5cc1b44ced5a92e +Author: Damien Miller +Date: Tue Sep 19 10:18:56 2017 +1000 + + move FORTIFY_SOURCE into hardening options group + + It's still on by default, but now it's possible to turn it off using + --without-hardening. This is useful since it's known to cause problems + with some -fsanitize options. ok dtucker@ + +commit 09eacf856e0fe1a6e3fe597ec8032b7046292914 +Author: bluhm@openbsd.org +Date: Wed Sep 13 14:58:26 2017 +0000 + + upstream commit + + Print SKIPPED if sudo and doas configuration is missing. + Prevents that running the regression test with wrong environment is reported + as failure. Keep the fatal there to avoid interfering with other setups for + portable ssh. OK dtucker@ + + Upstream-Regress-ID: f0dc60023caef496ded341ac5aade2a606fa234e + +commit cdede10899892f25f1ccdccd7a3fe5e5ef0aa49a +Author: dtucker@openbsd.org +Date: Mon Aug 7 03:52:55 2017 +0000 + + upstream commit + + Remove obsolete privsep=no fallback test. + + Upstream-Regress-ID: 7d6e1baa1678ac6be50c2a1555662eb1047638df + +commit ec218c105daa9f5b192f7aa890fdb2d4fdc4e9d8 +Author: dtucker@openbsd.org +Date: Mon Aug 7 00:53:51 2017 +0000 + + upstream commit + + Remove non-privsep test since disabling privsep is now + deprecated. + + Upstream-Regress-ID: 77ad3f3d8d52e87f514a80f285c6c1229b108ce8 + +commit 239c57d5bc2253e27e3e6ad7ac52ec8c377ee24e +Author: dtucker@openbsd.org +Date: Fri Jul 28 10:32:08 2017 +0000 + + upstream commit + + Don't call fatal from stop_sshd since it calls cleanup + which calls stop_sshd which will probably fail in the same way. Instead, + just bail. Differentiate between sshd dying without cleanup and not shutting + down. + + Upstream-Regress-ID: f97315f538618b349e2b0bea02d6b0c9196c6bc4 + +commit aea59a0d9f120f2a87c7f494a0d9c51eaa79b8ba +Author: djm@openbsd.org +Date: Thu Sep 14 04:32:21 2017 +0000 + + upstream commit + + Revert commitid: gJtIN6rRTS3CHy9b. + + ------------- + identify the case where SSHFP records are missing but other DNS RR + types are present and display a more useful error message for this + case; patch by Thordur Bjornsson; bz#2501; ok dtucker@ + ------------- + + This caused unexpected failures when VerifyHostKeyDNS=yes, SSHFP results + are missing but the user already has the key in known_hosts + + Spotted by dtucker@ + + Upstream-ID: 97e31742fddaf72046f6ffef091ec0d823299920 + +commit 871f1e4374420b07550041b329627c474abc3010 +Author: Damien Miller +Date: Tue Sep 12 18:01:35 2017 +1000 + + adapt portable to channels API changes + +commit 4ec0bb9f9ad7b4eb0af110fa8eddf8fa199e46bb +Author: djm@openbsd.org +Date: Tue Sep 12 07:55:48 2017 +0000 + + upstream commit + + unused variable + + Upstream-ID: 2f9ba09f2708993d35eac5aa71df910dcc52bac1 + +commit 9145a73ce2ba30c82bbf91d7205bfd112529449f +Author: djm@openbsd.org +Date: Tue Sep 12 07:32:04 2017 +0000 + + upstream commit + + fix tun/tap forwarding case in previous + + Upstream-ID: 43ebe37a930320e24bca6900dccc39857840bc53 + +commit 9f53229c2ac97dbc6f5a03657de08a1150a9ac7e +Author: djm@openbsd.org +Date: Tue Sep 12 06:35:31 2017 +0000 + + upstream commit + + Make remote channel ID a u_int + + Previously we tracked the remote channel IDs in an int, but this is + strictly incorrect: the wire protocol uses uint32 and there is nothing + in-principle stopping a SSH implementation from sending, say, 0xffff0000. + + In practice everyone numbers their channels sequentially, so this has + never been a problem. + + ok markus@ + + Upstream-ID: b9f4cd3dc53155b4a5c995c0adba7da760d03e73 + +commit dbee4119b502e3f8b6cd3282c69c537fd01d8e16 +Author: djm@openbsd.org +Date: Tue Sep 12 06:32:07 2017 +0000 + + upstream commit + + refactor channels.c + + Move static state to a "struct ssh_channels" that is allocated at + runtime and tracked as a member of struct ssh. + + Explicitly pass "struct ssh" to all channels functions. + + Replace use of the legacy packet APIs in channels.c. + + Rework sshd_config PermitOpen handling: previously the configuration + parser would call directly into the channels layer. After the refactor + this is not possible, as the channels structures are allocated at + connection time and aren't available when the configuration is parsed. + The server config parser now tracks PermitOpen itself and explicitly + configures the channels code later. + + ok markus@ + + Upstream-ID: 11828f161656b965cc306576422613614bea2d8f + +commit abd59663df37a42152e37980113ccaa405b9a282 +Author: djm@openbsd.org +Date: Thu Sep 7 23:48:09 2017 +0000 + + upstream commit + + typo in comment + + Upstream-ID: a93b1e6f30f1f9b854b5b964b9fd092d0c422c47 + +commit 149a8cd24ce9dd47c36f571738681df5f31a326c +Author: jmc@openbsd.org +Date: Mon Sep 4 06:34:43 2017 +0000 + + upstream commit + + tweak previous; + + Upstream-ID: bb8cc40b61b15f6a13d81da465ac5bfc65cbfc4b + +commit ec9d22cc251cc5acfe7b2bcef9cc7a1fe0e949d8 +Author: Damien Miller +Date: Fri Sep 8 12:44:13 2017 +1000 + + Fuzzer harnesses for sig verify and pubkey parsing + + These are some basic clang libfuzzer harnesses for signature + verification and public key parsing. Some assembly (metaphorical) + required. + +commit de35c382894964a896a63ecd5607d3a3b93af75d +Author: Damien Miller +Date: Fri Sep 8 12:38:31 2017 +1000 + + Give configure ability to set CFLAGS/LDFLAGS later + + Some CFLAGS/LDFLAGS may disrupt the configure script's operation, + in particular santization and fuzzer options that break assumptions + about memory and file descriptor dispositions. + + This adds two flags to configure --with-cflags-after and + --with-ldflags-after that allow specifying additional compiler and + linker options that are added to the resultant Makefiles but not + used in the configure run itself. + + E.g. + + env CC=clang-3.9 ./configure \ + --with-cflags-after=-fsantize=address \ + --with-ldflags-after="-g -fsanitize=address" + +commit 22376d27a349f62c502fec3396dfe0fdcb2a40b7 +Author: djm@openbsd.org +Date: Sun Sep 3 23:33:13 2017 +0000 + + upstream commit + + Expand ssh_config's StrictModes option with two new + settings: + + StrictModes=accept-new will automatically accept hitherto-unseen keys + but will refuse connections for changed or invalid hostkeys. + + StrictModes=off is the same as StrictModes=no + + Motivation: + + StrictModes=no combines two behaviours for host key processing: + automatically learning new hostkeys and continuing to connect to hosts + with invalid/changed hostkeys. The latter behaviour is quite dangerous + since it removes most of the protections the SSH protocol is supposed to + provide. + + Quite a few users want to automatically learn hostkeys however, so + this makes that feature available with less danger. + + At some point in the future, StrictModes=no will change to be a synonym + for accept-new, with its current behaviour remaining available via + StrictModes=off. + + bz#2400, suggested by Michael Samuel; ok markus + + Upstream-ID: 0f55502bf75fc93a74fb9853264a8276b9680b64 + +commit ff3c42384033514e248ba5d7376aa033f4a2b99a +Author: jmc@openbsd.org +Date: Fri Sep 1 15:41:26 2017 +0000 + + upstream commit + + remove blank line; + + Upstream-ID: 2f46b51a0ddb3730020791719e94d3e418e9f423 + +commit b828605d51f57851316d7ba402b4ae06cf37c55d +Author: djm@openbsd.org +Date: Fri Sep 1 05:53:56 2017 +0000 + + upstream commit + + identify the case where SSHFP records are missing but + other DNS RR types are present and display a more useful error message for + this case; patch by Thordur Bjornsson; bz#2501; ok dtucker@ + + Upstream-ID: 8f7a5a8344f684823d8317a9708b63e75be2c244 + +commit 8042bad97e2789a50e8f742c3bcd665ebf0add32 +Author: djm@openbsd.org +Date: Fri Sep 1 05:50:48 2017 +0000 + + upstream commit + + document available AuthenticationMethods; bz#2453 ok + dtucker@ + + Upstream-ID: 2c70576f237bb699aff59889dbf2acba4276d3d0 + +commit 71e5a536ec815d542b199f2ae6d646c0db9f1b58 +Author: djm@openbsd.org +Date: Wed Aug 30 03:59:08 2017 +0000 + + upstream commit + + pass packet state down to some of the channels function + (more to come...); ok markus@ + + Upstream-ID: d8ce7a94f4059d7ac1e01fb0eb01de0c4b36c81b + +commit 6227fe5b362239c872b91bbdee4bf63cf85aebc5 +Author: jmc@openbsd.org +Date: Tue Aug 29 13:05:58 2017 +0000 + + upstream commit + + sort options; + + Upstream-ID: cf21d68cf54e81968bca629aaeddc87f0c684f3c + +commit 530591a5795a02d01c78877d58604723918aac87 +Author: dlg@openbsd.org +Date: Tue Aug 29 09:42:29 2017 +0000 + + upstream commit + + add a -q option to ssh-add to make it quiet on success. + + if you want to silence ssh-add without this you generally redirect + the output to /dev/null, but that can hide error output which you + should see. + + ok djm@ + + Upstream-ID: 2f31b9b13f99dcf587e9a8ba443458e6c0d8997c + +commit a54eb27dd64b5eca3ba94e15cec3535124bd5029 +Author: dtucker@openbsd.org +Date: Sun Aug 27 00:38:41 2017 +0000 + + upstream commit + + Increase the buffer sizes for user prompts to ensure that + they won't be truncated by snprintf. Based on patch from cjwatson at + debian.org via bz#2768, ok djm@ + + Upstream-ID: 6ffacf1abec8f40b469de5b94bfb29997d96af3e + +commit dd9d9b3381a4597b840d480b043823112039327e +Author: Darren Tucker +Date: Mon Aug 28 16:48:27 2017 +1000 + + Switch Capsicum header to sys/capsicum.h. + + FreeBSD's was renamed to in 2014 to + avoid future conflicts with POSIX capabilities (the last release that + didn't have it was 9.3) so switch to that. Patch from des at des.no. + +commit f5e917ab105af5dd6429348d9bc463e52b263f92 +Author: Darren Tucker +Date: Sun Aug 27 08:55:40 2017 +1000 + + Add missing includes for bsd-err.c. + + Patch from cjwatson at debian.org via bz#2767. + +commit 878e029797cfc9754771d6f6ea17f8c89e11d225 +Author: Damien Miller +Date: Fri Aug 25 13:25:01 2017 +1000 + + Split platform_sys_dir_uid into its own file + + platform.o is too heavy for libssh.a use; it calls into the server on + many platforms. Move just the function needed by misc.c into its own + file. + +commit 07949bfe9133234eddd01715592aa0dde67745f0 +Author: Damien Miller +Date: Wed Aug 23 20:13:18 2017 +1000 + + misc.c needs functions from platform.c now + +commit b074c3c3f820000a21953441cea7699c4b17d72f +Author: djm@openbsd.org +Date: Fri Aug 18 05:48:04 2017 +0000 + + upstream commit + + add a "quiet" flag to exited_cleanly() that supresses + errors about exit status (failure due to signal is still reported) + + Upstream-ID: db85c39c3aa08e6ff67fc1fb4ffa89f807a9d2f0 + +commit de4ae07f12dabf8815ecede54235fce5d22e3f63 +Author: djm@openbsd.org +Date: Fri Aug 18 05:36:45 2017 +0000 + + upstream commit + + Move several subprocess-related functions from various + locations to misc.c. Extend subprocess() to offer a little more control over + stdio disposition. + + feedback & ok dtucker@ + + Upstream-ID: 3573dd7109d13ef9bd3bed93a3deb170fbfce049 + +commit 643c2ad82910691b2240551ea8b14472f60b5078 +Author: djm@openbsd.org +Date: Sat Aug 12 06:46:01 2017 +0000 + + upstream commit + + make "--" before the hostname terminate command-line + option processing completely; previous behaviour would not prevent further + options appearing after the hostname (ssh has a supported options after the + hostname for >20 years, so that's too late to change). + + ok deraadt@ + + Upstream-ID: ef5ee50571b98ad94dcdf8282204e877ec88ad89 + +commit 0f3455356bc284d7c6f4d3c1614d31161bd5dcc2 +Author: djm@openbsd.org +Date: Sat Aug 12 06:42:52 2017 +0000 + + upstream commit + + Switch from aes256-cbc to aes256-ctr for encrypting + new-style private keys. The latter having the advantage of being supported + for no-OpenSSL builds; bz#2754 ok markus@ + + Upstream-ID: 54179a2afd28f93470471030567ac40431e56909 + +commit c4972d0a9bd6f898462906b4827e09b7caea2d9b +Author: djm@openbsd.org +Date: Fri Aug 11 04:47:12 2017 +0000 + + upstream commit + + refuse to a private keys when its corresponding .pub key + does not match. bz#2737 ok dtucker@ + + Upstream-ID: 54ff5e2db00037f9db8d61690f26ef8f16e0d913 + +commit 4b3ecbb663c919132dddb3758e17a23089413519 +Author: djm@openbsd.org +Date: Fri Aug 11 04:41:08 2017 +0000 + + upstream commit + + don't print verbose error message when ssh disconnects + under sftp; bz#2750; ok dtucker@ + + Upstream-ID: 6d83708aed77b933c47cf155a87dc753ec01f370 + +commit 42a8f8bc288ef8cac504c5c73f09ed610bc74a34 +Author: dtucker@openbsd.org +Date: Fri Aug 11 04:16:35 2017 +0000 + + upstream commit + + Tweak previous keepalive commit: if last_time + keepalive + <= now instead of just "<" so client_alive_check will fire if the select + happens to return on exact second of the timeout. ok djm@ + + Upstream-ID: e02756bd6038d11bb8522bfd75a4761c3a684fcc + +commit b60ff20051ef96dfb207b6bfa45c0ad6c34a542a +Author: dtucker@openbsd.org +Date: Fri Aug 11 03:58:36 2017 +0000 + + upstream commit + + Keep track of the last time we actually heard from the + client and use this to also schedule a client_alive_check(). Prevents + activity on a forwarded port from indefinitely preventing the select timeout + so that client_alive_check() will eventually (although not optimally) be + called. + + Analysis by willchan at google com via bz#2756, feedback & ok djm@ + + Upstream-ID: c08721e0bbda55c6d18e2760f3fe1b17fb71169e + +commit 94bc1e7ffba3cbdea8c7dcdab8376bf29283128f +Author: Damien Miller +Date: Fri Jul 28 14:50:59 2017 +1000 + + Expose list of completed auth methods to PAM + + bz#2408; ok dtucker@ + +commit c78e6eec78c88acf8d51db90ae05a3e39458603d +Author: Damien Miller +Date: Fri Jul 21 14:38:16 2017 +1000 + + fix problems in tunnel forwarding portability code + + This fixes a few problems in the tun forwarding code, mostly to do + with host/network byte order confusion. + + Based on a report and patch by stepe AT centaurus.uberspace.de; + bz#2735; ok dtucker@ + +commit 2985d4062ebf4204bbd373456a810d558698f9f5 +Author: dtucker@openbsd.org +Date: Tue Jul 25 09:22:25 2017 +0000 + + upstream commit + + Make WinSCP patterns for SSH_OLD_DHGEX more specific to + exclude WinSCP 5.10.x and up. bz#2748, from martin at winscp.net, ok djm@ + + Upstream-ID: 6fd7c32e99af3952db007aa180e73142ddbc741a + +commit 9f0e44e1a0439ff4646495d5735baa61138930a9 +Author: djm@openbsd.org +Date: Mon Jul 24 04:34:28 2017 +0000 + + upstream commit + + g/c unused variable; make a little more portable + + Upstream-ID: 3f5980481551cb823c6fb2858900f93fa9217dea + +commit 51676ec61491ec6d7cbd06082034e29b377b3bf6 +Author: djm@openbsd.org +Date: Sun Jul 23 23:37:02 2017 +0000 + + upstream commit + + Allow IPQoS=none in ssh/sshd to not set an explicit + ToS/DSCP value and just use the operating system default; ok dtucker@ + + Upstream-ID: 77906ff8c7b660b02ba7cb1e47b17d66f54f1f7e + +commit 6c1fbd5a50d8d2415f06c920dd3b1279b741072d +Author: Damien Miller +Date: Fri Jul 21 14:24:26 2017 +1000 + + mention libedit + +commit dc2bd308768386b02c7337120203ca477e67ba62 +Author: markus@openbsd.org +Date: Wed Jul 19 08:30:41 2017 +0000 + + upstream commit + + fix support for unknown key types; ok djm@ + + Upstream-ID: 53fb29394ed04d616d65b3748dee5aa06b07ab48 + +commit fd0e8fa5f89d21290b1fb5f9d110ca4f113d81d9 +Author: djm@openbsd.org +Date: Wed Jul 19 01:15:02 2017 +0000 + + upstream commit + + switch from select() to poll() for the ssh-agent + mainloop; ok markus + + Upstream-ID: 4a94888ee67b3fd948fd10693973beb12f802448 + +commit b1e72df2b813ecc15bd0152167bf4af5f91c36d3 +Author: dtucker@openbsd.org +Date: Fri Jul 14 03:18:21 2017 +0000 + + upstream commit + + Make ""Killed by signal 1" LogLevel verbose so it's not + shown at the default level. Prevents it from appearing during ssh -J and + equivalent ProxyCommand configs. bz#1906, bz#2744, feedback&ok markus@ + + Upstream-ID: debfaa7e859b272246c2f2633335d288d2e2ae28 + +commit 1f3d202770a08ee6752ed2a234b7ca6f180eb498 +Author: jmc@openbsd.org +Date: Thu Jul 13 19:16:33 2017 +0000 + + upstream commit + + man pages with pseudo synopses which list filenames end + up creating very ugly output in man -k; after some discussion with ingo, we + feel the simplest fix is to remove such SYNOPSIS sections: the info is hardly + helpful at page top, is contained already in FILES, and there are + sufficiently few that just zapping them is simple; + + ok schwarze, who also helpfully ran things through a build to check + output; + + Upstream-ID: 3e211b99457e2f4c925c5927d608e6f97431336c + +commit 7f13a4827fb28957161de4249bd6d71954f1f2ed +Author: espie@openbsd.org +Date: Mon Jul 10 14:09:59 2017 +0000 + + upstream commit + + zap redundant Makefile variables. okay djm@ + + Upstream-ID: e39b3902fe1d6c4a7ba6a3c58e072219f3c1e604 + +commit dc44dd3a9e2c9795394e6a7e1e71c929cbc70ce0 +Author: jmc@openbsd.org +Date: Sat Jul 8 18:32:54 2017 +0000 + + upstream commit + + slightly rework previous, to avoid an article issue; + + Upstream-ID: 15a315f0460ddd3d4e2ade1f16d6c640a8c41b30 + +commit 853edbe057a84ebd0024c8003e4da21bf2b469f7 +Author: djm@openbsd.org +Date: Fri Jul 7 03:53:12 2017 +0000 + + upstream commit + + When generating all hostkeys (ssh-keygen -A), clobber + existing keys if they exist but are zero length. zero-length keys could + previously be made if ssh-keygen failed part way through generating them, so + avoid that case too. bz#2561 reported by Krzysztof Cieplucha; ok dtucker@ + + Upstream-ID: f662201c28ab8e1f086b5d43c59cddab5ade4044 + +commit 43616876ba68a2ffaece6a6c792def4b039f2d6e +Author: djm@openbsd.org +Date: Sat Jul 1 22:55:44 2017 +0000 + + upstream commit + + actually remove these files + + Upstream-ID: 1bd41cba06a7752de4df304305a8153ebfb6b0ac + +commit 83fa3a044891887369ce8b487ce88d713a04df48 +Author: djm@openbsd.org +Date: Sat Jul 1 13:50:45 2017 +0000 + + upstream commit + + remove post-SSHv1 removal dead code from rsa.c and merge + the remaining bit that it still used into ssh-rsa.c; ok markus + + Upstream-ID: ac8a048d24dcd89594b0052ea5e3404b473bfa2f + +commit 738c73dca2c99ee78c531b4cbeefc2008fe438f0 +Author: Damien Miller +Date: Fri Jul 14 14:26:36 2017 +1000 + + make explicit_bzero/memset safe for sz=0 + +commit 8433d51e067e0829f5521c0c646b6fd3fe17e732 +Author: Tim Rice +Date: Tue Jul 11 18:47:56 2017 -0700 + + modified: configure.ac + UnixWare needs BROKEN_TCGETATTR_ICANON like Solaris + Analysis by Robbie Zhang + +commit ff3507aea9c7d30cd098e7801e156c68faff7cc7 +Author: Damien Miller +Date: Fri Jul 7 11:21:27 2017 +1000 + + typo + +commit d79bceb9311a9c137d268f5bc481705db4151810 +Author: dtucker@openbsd.org +Date: Fri Jun 30 04:17:23 2017 +0000 + + upstream commit + + Only call close once in confree(). ssh_packet_close will + close the FD so only explicitly close non-SSH channels. bz#2734, from + bagajjal at microsoft.com, ok djm@ + + Upstream-ID: a81ce0c8b023527167739fccf1732b154718ab02 + +commit 197dc9728f062e23ce374f44c95a2b5f9ffa4075 +Author: Darren Tucker +Date: Thu Jun 29 15:40:25 2017 +1000 + + Update link for my patches. + +commit a98339edbc1fc21342a390f345179a9c3031bef7 +Author: djm@openbsd.org +Date: Wed Jun 28 01:09:22 2017 +0000 + + upstream commit + + Allow ssh-keygen to use a key held in ssh-agent as a CA when + signing certificates. bz#2377 ok markus + + Upstream-ID: fb42e920b592edcbb5b50465739a867c09329c8f + +commit c9cdef35524bd59007e17d5bd2502dade69e2dfb +Author: djm@openbsd.org +Date: Sat Jun 24 06:35:24 2017 +0000 + + upstream commit + + regress test for ExposeAuthInfo + + Upstream-Regress-ID: 190e5b6866376f4061c411ab157ca4d4e7ae86fd + +commit f17ee61cad25d210edab69d04ed447ad55fe80c1 +Author: djm@openbsd.org +Date: Sat Jun 24 07:08:57 2017 +0000 + + upstream commit + + correct env var name + + Upstream-ID: 721e761c2b1d6a4dcf700179f16fd53a1dadb313 + +commit 40962198e3b132cecdb32e9350acd4294e6a1082 +Author: jmc@openbsd.org +Date: Sat Jun 24 06:57:04 2017 +0000 + + upstream commit + + spelling; + + Upstream-ID: 606f933c8e2d0be902ea663946bc15e3eee40b25 + +commit 33f86265d7e8a0e88d3a81745d746efbdd397370 +Author: djm@openbsd.org +Date: Sat Jun 24 06:38:11 2017 +0000 + + upstream commit + + don't pass pointer to struct sshcipher between privsep + processes, just redo the lookup in each using the already-passed cipher name. + bz#2704 based on patch from Brooks Davis; ok markus dtucker + + Upstream-ID: 2eab434c09bdf549dafd7da3e32a0d2d540adbe0 + +commit 8f574959272ac7fe9239c4f5d10fd913f8920ab0 +Author: djm@openbsd.org +Date: Sat Jun 24 06:34:38 2017 +0000 + + upstream commit + + refactor authentication logging + + optionally record successful auth methods and public credentials *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***