From nobody Thu Feb 20 17:56:59 2025 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YzLYm5JNZz5pCk4; Thu, 20 Feb 2025 17:57:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YzLYm1J5Zz49L2; Thu, 20 Feb 2025 17:57:00 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740074220; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=eTBoQqvHlcX9SEdB3KBNlTwSgQmS4fySEidtMCEEUsA=; b=T81aUyIN+Dc8bzadk7fuGbLpyB6FfK0P1uoiH5SE51SqMg8cHQ6d139B8PzrWjWU2o3YB/ R4YbKxKF6b93LJIQtXoWBXsU2dBlWXlkZ3noFK0TOdxlTPs8pijWk/wkUshL3pSFQca0tu V+ayliYlTbaBJECta1rMko+5RK/1sTOx45yS0V/3lAkMqVlJEvwbzDiD6RYyuNRUWqQ2Ga lgIRVSZUhuubzkCN+zXk/sksUpLzTM6rmul/z3M8wI430Me2l+OjfrzMoWbC5rXfyqjtKX OCWZGsRUuMu9Z2UReIguwGpTGbIxbZa/YWa3rwSiC2aslqYwxY5VpipB0SxwaA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1740074220; a=rsa-sha256; cv=none; b=HUgsukbcUDTzfaZ06XpqIZrBZ+Mv3F16zyoN7qfwYmDBqmvZsaUYilewKq3nT5agq2R5lC ap+h2n17pVzlBd1ocPqFDNRr9MLiIvgXitxdsYgPp6H7QNkJAF38hrZIby0RAUQt6QlaGl IRqjeFrtyFMM0gLNz9v99lRB5sMtyDj65I8VNgEvMz0Ta0dsdcYZZbIgUGLHFRzDYoZ2VI rl1H/+8a1jsBf2qJfmrFU8e2wNTlMmHADlJ7x5UrmAJiFIx9OQX/J78FTUzLhwteUFl89I N/nBkE8h3t3hhPsicM+/C8x/505jww3MAxhu3EuJo7PkU9KDi7y2oC85+sgPGg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1740074220; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=eTBoQqvHlcX9SEdB3KBNlTwSgQmS4fySEidtMCEEUsA=; b=d2UO3QN+0mf/STnDvrcfFXkxde/mm/PiBPUavyIL5t97umOv6mLiy66457hFH+yptUOlgB 9AE8L9AGZWuEbprIeIR2tVMtun0G8cPW85WTQNVe9u1B87uu9Y8zf/UrjBI20ht8r2ZIYR Qjjr/Cim4HAT4WHv2h2UUFNxNJ5ZeFYCX1aLAQkRMT9Z+4EDgx/ZQ9VJdcB4urSqw129Zm cG0C9IhDkIBQa4UcuheIp+DAT+rV6Yc6T2LWtciyuqZ/smcCpsSVEAVNPxBaOXDYQ4c2RR zUOdMumUyCtUg3KTVQ6aavdq+HgITLAxGGQsa1YyXgFsIKZNdjJ/lhwUPAhqIw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YzLYm0tfGz12hT; Thu, 20 Feb 2025 17:57:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51KHv0WV068089; Thu, 20 Feb 2025 17:57:00 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51KHuxuK068076; Thu, 20 Feb 2025 17:56:59 GMT (envelope-from git) Date: Thu, 20 Feb 2025 17:56:59 GMT Message-Id: <202502201756.51KHuxuK068076@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: c845ae475579 - stable/13 - openssh: Update to 9.8p1 List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: c845ae475579d9b38cd1e3061f3896b44d1cb172 Auto-Submitted: auto-generated The branch stable/13 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=c845ae475579d9b38cd1e3061f3896b44d1cb172 commit c845ae475579d9b38cd1e3061f3896b44d1cb172 Author: Ed Maste AuthorDate: 2025-02-19 17:20:44 +0000 Commit: Ed Maste CommitDate: 2025-02-20 17:56:23 +0000 openssh: Update to 9.8p1 Highlights from the release notes are reproduced below. Some security and bug fixes were previously merged into FreeBSD and have been elided. See the upstream release notes for full details (https://www.openssh.com/releasenotes.html). --- Future deprecation notice ========================= OpenSSH plans to remove support for the DSA signature algorithm in early 2025. Potentially-incompatible changes -------------------------------- * sshd(8): the server will now block client addresses that repeatedly fail authentication, repeatedly connect without ever completing authentication or that crash the server. See the discussion of PerSourcePenalties below for more information. Operators of servers that accept connections from many users, or servers that accept connections from addresses behind NAT or proxies may need to consider these settings. * sshd(8): the server has been split into a listener binary, sshd(8), and a per-session binary "sshd-session". This allows for a much smaller listener binary, as it no longer needs to support the SSH protocol. As part of this work, support for disabling privilege separation (which previously required code changes to disable) and disabling re-execution of sshd(8) has been removed. Further separation of sshd-session into additional, minimal binaries is planned for the future. * sshd(8): several log messages have changed. In particular, some log messages will be tagged with as originating from a process named "sshd-session" rather than "sshd". * ssh-keyscan(1): this tool previously emitted comment lines containing the hostname and SSH protocol banner to standard error. This release now emits them to standard output, but adds a new "-q" flag to silence them altogether. * sshd(8): (portable OpenSSH only) sshd will no longer use argv[0] as the PAM service name. A new "PAMServiceName" sshd_config(5) directive allows selecting the service name at runtime. This defaults to "sshd". bz2101 New features ------------ * sshd(8): sshd(8) will now penalise client addresses that, for various reasons, do not successfully complete authentication. This feature is controlled by a new sshd_config(5) PerSourcePenalties option and is on by default. * ssh(8): allow the HostkeyAlgorithms directive to disable the implicit fallback from certificate host key to plain host keys. Portability ----------- * sshd(8): expose SSH_AUTH_INFO_0 always to PAM auth modules unconditionally. The previous behaviour was to expose it only when particular authentication methods were in use. * ssh(1), ssh-agent(8): allow the presence of the WAYLAND_DISPLAY environment variable to enable SSH_ASKPASS, similarly to the X11 DISPLAY environment variable. GHPR479 --- Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D48914 (cherry picked from commit 0fdf8fae8b569bf9fff3b5171e669dcd7cf9c79e) (cherry picked from commit b4bb480ae9294d7e4b375f0ead9ae57517c79ef3) (cherry picked from commit e95979047aec384852102cf8bb1d55278ea77eeb) (cherry picked from commit dcb4ae528d357f34e4a4b4882c2757c67c98e395) Approved by: re (accelerated MFC) (cherry picked from commit ff2fd01609cc10bcdc87ebe4de42efaf7ffe2ee9) --- crypto/openssh/.depend | 19 +- crypto/openssh/.git_allowed_signers | 2 + crypto/openssh/.git_allowed_signers.asc | 26 +- crypto/openssh/.github/ci-status.md | 10 +- crypto/openssh/.github/configs | 3 +- crypto/openssh/.github/run_test.sh | 1 + crypto/openssh/.github/workflows/c-cpp.yml | 16 +- crypto/openssh/.github/workflows/cifuzz.yml | 4 +- crypto/openssh/.github/workflows/selfhosted.yml | 55 +- crypto/openssh/.github/workflows/upstream.yml | 18 +- crypto/openssh/.gitignore | 5 +- crypto/openssh/.skipped-commit-ids | 8 + crypto/openssh/ChangeLog | 11260 ++++++++++--------- crypto/openssh/Makefile.in | 25 +- crypto/openssh/PROTOCOL.agent | 5 +- crypto/openssh/PROTOCOL.key | 4 +- crypto/openssh/README | 2 +- crypto/openssh/addr.c | 12 +- crypto/openssh/auth-pam.c | 54 +- crypto/openssh/auth-pam.h | 2 +- crypto/openssh/auth-rhosts.c | 3 +- crypto/openssh/auth.c | 108 +- crypto/openssh/auth.h | 15 +- crypto/openssh/auth2-gss.c | 41 +- crypto/openssh/auth2-hostbased.c | 15 +- crypto/openssh/auth2-kbdint.c | 7 +- crypto/openssh/auth2-methods.c | 134 + crypto/openssh/auth2-none.c | 12 +- crypto/openssh/auth2-passwd.c | 9 +- crypto/openssh/auth2-pubkey.c | 15 +- crypto/openssh/auth2.c | 91 +- crypto/openssh/channels.c | 22 +- crypto/openssh/channels.h | 4 +- crypto/openssh/cipher.c | 4 +- crypto/openssh/clientloop.c | 73 +- crypto/openssh/clientloop.h | 3 +- crypto/openssh/config.h | 21 +- crypto/openssh/configure.ac | 40 +- crypto/openssh/contrib/redhat/openssh.spec | 3 +- crypto/openssh/contrib/suse/openssh.spec | 3 +- crypto/openssh/ed25519.sh | 4 +- crypto/openssh/kex-names.c | 330 + crypto/openssh/kex.c | 270 +- crypto/openssh/kex.h | 9 +- crypto/openssh/kexgexs.c | 4 +- crypto/openssh/log.c | 17 +- crypto/openssh/log.h | 9 +- crypto/openssh/m4/openssh.m4 | 3 + crypto/openssh/misc.c | 100 +- crypto/openssh/misc.h | 11 +- crypto/openssh/moduli | 922 +- crypto/openssh/monitor.c | 57 +- crypto/openssh/monitor.h | 6 +- crypto/openssh/monitor_wrap.c | 234 +- crypto/openssh/monitor_wrap.h | 17 +- crypto/openssh/msg.c | 5 +- crypto/openssh/openbsd-compat/getrrsetbyname.c | 24 +- crypto/openssh/openbsd-compat/port-linux.c | 98 +- crypto/openssh/openbsd-compat/port-linux.h | 5 + crypto/openssh/packet.c | 92 + crypto/openssh/packet.h | 5 +- crypto/openssh/pathnames.h | 7 +- crypto/openssh/platform-listen.c | 84 + crypto/openssh/platform.c | 49 +- crypto/openssh/platform.h | 1 + crypto/openssh/readconf.c | 4 +- crypto/openssh/readpass.c | 9 +- crypto/openssh/regress/Makefile | 6 +- crypto/openssh/regress/cfgmatchlisten.sh | 2 +- crypto/openssh/regress/dropbear-ciphers.sh | 15 +- crypto/openssh/regress/dropbear-kex.sh | 14 +- crypto/openssh/regress/key-options.sh | 2 +- .../regress/misc/fuzz-harness/agent_fuzz_helper.c | 1 - .../openssh/regress/misc/fuzz-harness/kex_fuzz.cc | 8 +- .../openssh/regress/misc/fuzz-harness/sig_fuzz.cc | 8 +- crypto/openssh/regress/penalty-expire.sh | 35 + crypto/openssh/regress/penalty.sh | 52 + crypto/openssh/regress/percent.sh | 5 - crypto/openssh/regress/rekey.sh | 4 +- crypto/openssh/regress/sftp-cmds.sh | 29 +- crypto/openssh/regress/test-exec.sh | 96 +- crypto/openssh/regress/unittests/kex/Makefile | 3 +- crypto/openssh/regress/unittests/kex/test_kex.c | 6 +- crypto/openssh/regress/yes-head.sh | 2 +- crypto/openssh/scp.c | 4 +- crypto/openssh/servconf.c | 283 +- crypto/openssh/servconf.h | 34 +- crypto/openssh/serverloop.c | 50 +- crypto/openssh/session.c | 51 +- crypto/openssh/sftp-client.c | 4 +- crypto/openssh/sftp-server.c | 10 +- crypto/openssh/sftp.c | 8 +- crypto/openssh/srclimit.c | 396 +- crypto/openssh/srclimit.h | 22 +- crypto/openssh/ssh-add.1 | 12 +- crypto/openssh/ssh-gss.h | 3 +- crypto/openssh/ssh-keygen.1 | 20 +- crypto/openssh/ssh-keyscan.1 | 21 +- crypto/openssh/ssh-keyscan.c | 76 +- crypto/openssh/ssh-keysign.8 | 6 +- crypto/openssh/ssh-keysign.c | 4 +- crypto/openssh/ssh-pkcs11.c | 27 +- crypto/openssh/ssh.1 | 25 +- crypto/openssh/ssh_api.c | 17 +- crypto/openssh/ssh_config.5 | 20 +- crypto/openssh/ssh_namespace.h | 27 +- crypto/openssh/sshconnect.c | 34 +- crypto/openssh/sshconnect.h | 6 +- crypto/openssh/sshconnect2.c | 4 +- crypto/openssh/sshd-session.c | 1505 +++ crypto/openssh/sshd.8 | 9 +- crypto/openssh/sshd.c | 1711 +-- crypto/openssh/sshd_config.5 | 110 +- crypto/openssh/sshkey.h | 3 +- crypto/openssh/version.h | 4 +- secure/lib/libssh/Makefile | 2 +- secure/libexec/Makefile | 2 +- secure/libexec/sshd-session/Makefile | 62 + secure/usr.sbin/sshd/Makefile | 42 +- 119 files changed, 10907 insertions(+), 8525 deletions(-) diff --git a/crypto/openssh/.depend b/crypto/openssh/.depend index 4897698ab74a..1d7d0606c657 100644 --- a/crypto/openssh/.depend +++ b/crypto/openssh/.depend @@ -23,6 +23,7 @@ auth2-gss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-com auth2-hostbased.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h kex.h mac.h crypto_api.h sshbuf.h log.h ssherr.h misc.h servconf.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h canohost.h auth2-hostbased.o: monitor_wrap.h pathnames.h match.h auth2-kbdint.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h hostfile.h auth.h auth-pam.h audit.h loginrec.h log.h ssherr.h misc.h servconf.h +auth2-methods.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h misc.h servconf.h openbsd-compat/sys-queue.h xmalloc.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth2-none.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h xmalloc.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h ssherr.h misc.h servconf.h ssh2.h monitor_wrap.h auth2-passwd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h ssherr.h log.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h monitor_wrap.h misc.h servconf.h auth2-pubkey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h kex.h mac.h crypto_api.h sshbuf.h log.h ssherr.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h @@ -60,6 +61,7 @@ gss-serv.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-comp hash.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h hmac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshbuf.h digest.h hmac.h hostfile.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h sshkey.h hostfile.h log.h ssherr.h misc.h pathnames.h digest.h hmac.h sshbuf.h +kex-names.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h kex.h mac.h crypto_api.h log.h ssherr.h match.h digest.h misc.h xmalloc.h kex.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh.h ssh2.h atomicio.h version.h packet.h openbsd-compat/sys-queue.h dispatch.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h log.h ssherr.h kex.o: match.h misc.h monitor.h myproposal.h sshbuf.h digest.h xmalloc.h kexc25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h kex.h mac.h crypto_api.h sshbuf.h digest.h ssherr.h ssh2.h @@ -82,12 +84,13 @@ monitor.o: chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api monitor.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h openbsd-compat/openssl-compat.h atomicio.h xmalloc.h ssh.h sshkey.h sshbuf.h hostfile.h auth.h auth-pam.h audit.h loginrec.h cipher.h cipher-chachapoly.h monitor_fdpass.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h monitor_fdpass.h monitor_wrap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h hostfile.h auth.h auth-pam.h audit.h -monitor_wrap.o: loginrec.h auth-options.h packet.h dispatch.h log.h ssherr.h monitor.h monitor_wrap.h atomicio.h monitor_fdpass.h misc.h channels.h session.h servconf.h +monitor_wrap.o: loginrec.h auth-options.h packet.h dispatch.h log.h ssherr.h monitor.h atomicio.h monitor_fdpass.h misc.h channels.h session.h servconf.h monitor_wrap.h srclimit.h msg.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshbuf.h ssherr.h log.h atomicio.h msg.h misc.h mux.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h log.h ssherr.h ssh.h ssh2.h pathnames.h misc.h match.h sshbuf.h channels.h msg.h packet.h dispatch.h monitor_fdpass.h sshpty.h sshkey.h readconf.h clientloop.h nchan.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h ssh2.h sshbuf.h ssherr.h packet.h dispatch.h channels.h compat.h log.h packet.o: channels.h ssh.h packet.h dispatch.h sshbuf.h packet.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h compat.h ssh2.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h digest.h log.h ssherr.h canohost.h misc.h +platform-listen.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h misc.h platform-misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h platform-pledge.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h platform-tracing.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h @@ -123,7 +126,7 @@ sftp-usergroup.o: includes.h config.h defines.h platform.h openbsd-compat/openbs sftp.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h ssherr.h pathnames.h misc.h utf8.h sftp.h sshbuf.h sftp-common.h sftp-client.h openbsd-compat/glob.h sftp-usergroup.h sk-usbhid.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sntrup761.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h -srclimit.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h addr.h canohost.h log.h ssherr.h misc.h srclimit.h xmalloc.h +srclimit.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h addr.h canohost.h log.h ssherr.h misc.h srclimit.h xmalloc.h servconf.h openbsd-compat/sys-queue.h match.h ssh-add.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h log.h ssherr.h sshkey.h sshbuf.h authfd.h authfile.h pathnames.h misc.h digest.h ssh-sk.h sk-api.h hostfile.h ssh-agent.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshbuf.h sshkey.h authfd.h log.h ssherr.h misc.h digest.h match.h msg.h pathnames.h ssh-pkcs11.h sk-api.h myproposal.h ssh-dss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h @@ -146,19 +149,21 @@ ssh-sk.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat ssh-xmss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/openssl-compat.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h canohost.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h packet.h dispatch.h sshbuf.h channels .h ssh.o: sshkey.h authfd.h authfile.h pathnames.h clientloop.h log.h ssherr.h misc.h readconf.h sshconnect.h kex.h mac.h crypto_api.h sshpty.h match.h msg.h version.h myproposal.h utf8.h -ssh_api.o: authfile.h misc.h version.h myproposal.h sshbuf.h openbsd-compat/openssl-compat.h +ssh_api.o: authfile.h dh.h misc.h version.h myproposal.h sshbuf.h openbsd-compat/openssl-compat.h ssh_api.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh_api.h openbsd-compat/sys-queue.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h ssh.h ssh2.h packet.h dispatch.h compat.h log.h ssherr.h sshbuf-getput-basic.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h sshbuf-getput-crypto.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshbuf-io.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h atomicio.h sshbuf-misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h sshbuf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h misc.h -sshconnect.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h hostfile.h ssh.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h sshkey.h sshconnect.h log.h ssherr.h misc.h readconf.h atomicio.h dns.h monitor_fdpass.h ssh2.h version.h authfile.h authfd.h -sshconnect.o: kex.h mac.h crypto_api.h +sshconnect.o: authfd.h kex.h mac.h crypto_api.h +sshconnect.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h hostfile.h ssh.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h sshkey.h sshconnect.h log.h ssherr.h match.h misc.h readconf.h atomicio.h dns.h monitor_fdpass.h ssh2.h version.h authfile.h sshconnect2.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshbuf.h packet.h dispatch.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h sshconnect2.o: sshconnect.h authfile.h dh.h authfd.h log.h ssherr.h misc.h readconf.h match.h canohost.h msg.h pathnames.h uidswap.h hostfile.h utf8.h ssh-sk.h sk-api.h -sshd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshpty.h packet.h dispatch.h log.h ssherr.h sshbuf.h misc.h match.h servconf.h uidswap.h compat.h cipher.h cipher-chachapoly.h chacha.h -sshd.o: poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h kex.h mac.h crypto_api.h authfile.h pathnames.h atomicio.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h authfd.h msg.h channels.h session.h monitor.h monitor_wrap.h ssh-sandbox.h auth-options.h version.h sk-api.h srclimit.h dh.h +sshd-session.o: chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h kex.h mac.h crypto_api.h authfile.h pathnames.h atomicio.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h authfd.h msg.h channels.h session.h monitor.h monitor_wrap.h ssh-sandbox.h auth-options.h version.h sk-api.h srclimit.h dh.h +sshd-session.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshpty.h packet.h dispatch.h log.h ssherr.h sshbuf.h misc.h match.h servconf.h uidswap.h compat.h cipher.h cipher-chachapoly.h +sshd.o: audit.h loginrec.h authfd.h msg.h version.h sk-api.h addr.h srclimit.h +sshd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshpty.h log.h ssherr.h sshbuf.h misc.h servconf.h compat.h digest.h sshkey.h authfile.h pathnames.h canohost.h hostfile.h auth.h auth-pam.h ssherr.o: ssherr.h sshkey-xmss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h ssh2.h ssherr.h misc.h sshbuf.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h match.h ssh-sk.h openbsd-compat/openssl-compat.h diff --git a/crypto/openssh/.git_allowed_signers b/crypto/openssh/.git_allowed_signers index 0313c1ecd17f..2a5fdc67c6ed 100644 --- a/crypto/openssh/.git_allowed_signers +++ b/crypto/openssh/.git_allowed_signers @@ -1,4 +1,6 @@ dtucker@dtucker.net ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKecyjh9aNmD4rb8WblA8v91JjRb0Cd2JtkzqxcggGeG +dtucker@dtucker.net sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBDV81zWQ1+XVfWH5z4L4klDQ/z/6l2GLphfSTX/Rmq6kL5H8mkfzUlryxLlkN8cD9srtVJBAmwJWfJBNsCo958YAAAAEc3NoOg== + djm@mindrot.org sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBLnJo3ZVDENYZGXm5uO9lU7b0iDFq5gHpTu1MaHPWTEfPdvw+AjFQQ/q5YizuMJkXGsMdYmblJEJZYHpm9IS7ZkAAAAEc3NoOg== djm@mindrot.org sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBJoAXBTQalfg+kC5wy1vE7HkIHtVnmV6AUuuIo9KQ1P+70juHwvsFKpsGaqQbrHJkTVgYDGVP02XHj8+Fb18yBIAAAAEc3NoOg== djm@mindrot.org sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBH+z1I48s6ydOhP5SJmI02zVCLf0K15B+UMHgoTIKVfUIv5oDoVX7e9f+7QiRmTeEOdZfQydiaVqsfi7qPSve+0AAAAEc3NoOg== diff --git a/crypto/openssh/.git_allowed_signers.asc b/crypto/openssh/.git_allowed_signers.asc index 5fc6118ca9a6..1a8401b838a3 100644 --- a/crypto/openssh/.git_allowed_signers.asc +++ b/crypto/openssh/.git_allowed_signers.asc @@ -1,16 +1,16 @@ -----BEGIN PGP SIGNATURE----- -iQIzBAABCgAdFiEEcWi5g4FaXu9ZpK39Kj9BTnNgYLoFAmMMMiIACgkQKj9BTnNg -YLpyGhAAhZ1RxmD62JnT0gnor1aD0inq1fGPRadaFvXH2OScPcxXMIZWx+otnyZ/ -H9s0bIti42dPHqurgh92KS2mDGVIW8Y8MvxFUr678+hdem1U7Xvjoo0uaveNhJhe -GxuQDOvXKRmmfL2c6w3wnFChFA1o3K+JNshjCHhWz7u6+UmY0Q9yIxqbSi+vmEPP -NfWPfGdu4h8r7q11UgTxRSUQkfZXMqpBtb367B9BLduGuKRFKEJNyi6WpjBrqy38 -BvEbAaL52KX8hEp3TKMjo38RbOK+veSoPV5zlLui0WlEwwasgljal3f4RkqCAJob -hqpFJRogM5XNnA2e68TDTf3buJ3wRRjuK39/CusOJz5v4i6+VCdte+BET1Y4gD6y -v8KV4pRyumcdbN3khFUkmaQsjo+fyQjWNrgOvv60J2xUWZdchn8lxHOxrfRVKnOi -BD4bdks7tPQY/XsS5GNJIp21Ji9HGyBajjHo0BlesLodw7FEOf6YE18A3n9qzosR -RliuP4Hs/Z4sCUuDTbpKtQiUVs40kBbkhEL8kS8FsXz3VO89hAWaUqNUYom8AkKv -nfDjrZDBLXuVj1Mi8qNPXxqrB/1Cza2/W4U7SK4TlMFXfoXXWxxhefN5vIdMhAJB -u9Mdz1pY9mowKbd0c0dR+3fauvjM133dzKuyeDHMqDa5JPyd59o= -=kgnS +iQIzBAABCgAdFiEEcWi5g4FaXu9ZpK39Kj9BTnNgYLoFAmYHnZ8ACgkQKj9BTnNg +YLquuQ/6A8E6P2jcgn3wmbbCTXP7kmxoh3nmw/e6PC8CEua1512oT3GHOKVD5cGK +cgYRObpWvjOjg7L1HRABftq7a9M2zfsGnY/WNe3/fbetfkyY8hG8c31vA1ePIOt2 +AjBLCWFblH0CtyH/MssoQ19JCLtXK/GmekB1Q0JzyOog7w/0r3CKuUnZ0juCYR1R +4FBePl5l3nFSZEcFEdptGlNGeuolS5XBCqB9Y91TCzkVkH5eXUUW+shgjNhWCEhT +pZvkxfhsmOEnwNofyPdgKVfDBVkHmvuC67EU395mJVN4c2NZ8pOztb9hOt3xr980 +q44I4kT2NpaApCx1dWIGhMy/37LJ8heI0W1B+ofTA5n34/RU8UXH3SCkj2AK6Ao5 +H2u8vbmuWKUCiECmrw35EeKGmtuK/bWJzx3KBP7fx5J9S3mWUgT4W4xlWNN9RWoU +sSvH1ppie5ARINVaAWl5k44fk60ahTf80DbQBIOZBmQn7myZZka+yGcQbAiZZ1Gc +0l8+Nf5Ao1ckmuyY5o8FyWdsyDeK3+MqjPn5Rr1CqbKCn2VnqrVWbI33Eyu8c96U +bxVgU5H1BDhNjJC8UrT3LFPvJMO8p3a0IJ3eHydjk2jVOhOdBZmA0yoqUTrhPpXq +ymIHESjDJR8TDe4TCfb46o9oEC3cdbDwgnzPqdg0n+0uIsJLYiU= +=gl+l -----END PGP SIGNATURE----- diff --git a/crypto/openssh/.github/ci-status.md b/crypto/openssh/.github/ci-status.md index 8d4cea10dba4..fbf7c5fd6117 100644 --- a/crypto/openssh/.github/ci-status.md +++ b/crypto/openssh/.github/ci-status.md @@ -6,10 +6,6 @@ master : [![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/openssh.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:openssh) [![Coverity Status](https://scan.coverity.com/projects/21341/badge.svg)](https://scan.coverity.com/projects/openssh-portable) -9.4 : -[![C/C++ CI](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg?branch=V_9_4)](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:V_9_4) -[![C/C++ CI self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml/badge.svg?branch=V_9_4)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_9_4) - -9.3 : -[![C/C++ CI](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg?branch=V_9_3)](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:V_9_3) -[![C/C++ CI self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml/badge.svg?branch=V_9_3)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_9_3) +9.7 : +[![C/C++ CI](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg?branch=V_9_7)](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:V_9_7) +[![C/C++ CI self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml/badge.svg?branch=V_9_7)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_9_7) diff --git a/crypto/openssh/.github/configs b/crypto/openssh/.github/configs index 370fe29a3ee4..6134cb6ed5e9 100755 --- a/crypto/openssh/.github/configs +++ b/crypto/openssh/.github/configs @@ -208,6 +208,7 @@ case "$config" in # and hostbased (since valgrind won't let ssh exec keysign). # Slow ones are run separately to increase parallelism. SKIP_LTESTS="agent-timeout connection-timeout hostbased" + SKIP_LTESTS="$SKIP_LTESTS penalty-expire" SKIP_LTESTS="$SKIP_LTESTS ${tests2} ${tests3} ${tests4} ${tests5}" ;; valgrind-2) @@ -289,7 +290,7 @@ case "${TARGET_HOST}" in hostkey-agent key-options keyscan knownhosts-command login-timeout reconfigure reexec rekey scp scp-uri scp3 sftp sftp-badcmds sftp-batch sftp-cmds sftp-glob sftp-perm sftp-uri stderr-data - transfer" + transfer penalty penalty-expire" SKIP_LTESTS="$(echo $T)" TEST_TARGET=t-exec SUDO="" diff --git a/crypto/openssh/.github/run_test.sh b/crypto/openssh/.github/run_test.sh index d5fd487d9009..17c1731ff860 100755 --- a/crypto/openssh/.github/run_test.sh +++ b/crypto/openssh/.github/run_test.sh @@ -9,6 +9,7 @@ set -ex # If we want to test hostbased auth, set up the host for it. if [ ! -z "$SUDO" ] && [ ! -z "$TEST_SSH_HOSTBASED_AUTH" ]; then sshconf=/usr/local/etc + $SUDO mkdir -p "${sshconf}" hostname | $SUDO tee $sshconf/shosts.equiv >/dev/null echo "EnableSSHKeysign yes" | $SUDO tee $sshconf/ssh_config >/dev/null $SUDO mkdir -p $sshconf diff --git a/crypto/openssh/.github/workflows/c-cpp.yml b/crypto/openssh/.github/workflows/c-cpp.yml index edb88f23c0fb..609028703f80 100644 --- a/crypto/openssh/.github/workflows/c-cpp.yml +++ b/crypto/openssh/.github/workflows/c-cpp.yml @@ -2,12 +2,13 @@ name: C/C++ CI on: push: - paths: [ '**.c', '**.h', '**.m4', '**.sh', '.github/**', '**/Makefile.in', 'configure.ac' ] + paths: [ '**.c', '**.h', '**.m4', '**.sh', '**/Makefile.in', 'configure.ac', '.github/configs', '.github/workflows/c-cpp.yaml' ] pull_request: - paths: [ '**.c', '**.h', '**.m4', '**.sh', '.github/**', '**/Makefile.in', 'configure.ac' ] + paths: [ '**.c', '**.h', '**.m4', '**.sh', '**/Makefile.in', 'configure.ac', '.github/configs', '.github/workflows/c-cpp.yaml' ] jobs: ci: + name: "${{ matrix.target }} ${{ matrix.config }}" if: github.repository != 'openssh/openssh-portable-selfhosted' strategy: fail-fast: false @@ -16,9 +17,9 @@ jobs: target: - ubuntu-20.04 - ubuntu-22.04 - - macos-11 - macos-12 - macos-13 + - macos-14 - windows-2019 - windows-2022 config: [default] @@ -62,8 +63,8 @@ jobs: - { target: ubuntu-latest, config: libressl-3.5.3 } - { target: ubuntu-latest, config: libressl-3.6.1 } - { target: ubuntu-latest, config: libressl-3.7.2 } - - { target: ubuntu-latest, config: libressl-3.8.3 } - - { target: ubuntu-latest, config: libressl-3.9.0 } + - { target: ubuntu-latest, config: libressl-3.8.4 } + - { target: ubuntu-latest, config: libressl-3.9.1 } - { target: ubuntu-latest, config: openssl-master } - { target: ubuntu-latest, config: openssl-noec } - { target: ubuntu-latest, config: openssl-1.1.1 } @@ -74,9 +75,12 @@ jobs: - { target: ubuntu-latest, config: openssl-3.1.0 } - { target: ubuntu-latest, config: openssl-3.1.5 } - { target: ubuntu-latest, config: openssl-3.2.1 } + - { target: ubuntu-latest, config: openssl-3.3.0 } - { target: ubuntu-latest, config: openssl-1.1.1_stable } - { target: ubuntu-latest, config: openssl-3.0 } # stable branch + - { target: ubuntu-latest, config: openssl-3.1 } # stable branch - { target: ubuntu-latest, config: openssl-3.2 } # stable branch + - { target: ubuntu-latest, config: openssl-3.3 } # stable branch - { target: ubuntu-latest, config: putty-0.71 } - { target: ubuntu-latest, config: putty-0.72 } - { target: ubuntu-latest, config: putty-0.73 } @@ -97,9 +101,9 @@ jobs: - { target: ubuntu-22.04, config: selinux } - { target: ubuntu-22.04, config: kitchensink } - { target: ubuntu-22.04, config: without-openssl } - - { target: macos-11, config: pam } - { target: macos-12, config: pam } - { target: macos-13, config: pam } + - { target: macos-14, config: pam } runs-on: ${{ matrix.target }} steps: - name: set cygwin git params diff --git a/crypto/openssh/.github/workflows/cifuzz.yml b/crypto/openssh/.github/workflows/cifuzz.yml index 7ca8c4719b61..ab8b1c6e0971 100644 --- a/crypto/openssh/.github/workflows/cifuzz.yml +++ b/crypto/openssh/.github/workflows/cifuzz.yml @@ -1,9 +1,9 @@ name: CIFuzz on: push: - paths: [ '**.c', '**.h', '**.m4', '**.sh', '.github/**', '**/Makefile.in', 'configure.ac' ] + paths: [ '**.c', '**.h', '**.m4', '**.sh', '**/Makefile.in', 'configure.ac', '.github/configs', '.github/workflows/cifuzz.yml' ] pull_request: - paths: [ '**.c', '**.h', '**.m4', '**.sh', '.github/**', '**/Makefile.in', 'configure.ac' ] + paths: [ '**.c', '**.h', '**.m4', '**.sh', '**/Makefile.in', 'configure.ac', '.github/configs', '.github/workflows/cifuzz.yml' ] jobs: Fuzzing: diff --git a/crypto/openssh/.github/workflows/selfhosted.yml b/crypto/openssh/.github/workflows/selfhosted.yml index 4f1c587a5779..167297359383 100644 --- a/crypto/openssh/.github/workflows/selfhosted.yml +++ b/crypto/openssh/.github/workflows/selfhosted.yml @@ -2,17 +2,25 @@ name: C/C++ CI self-hosted on: push: - paths: [ '**.c', '**.h', '**.m4', '**.sh', '.github/**', '**/Makefile.in', 'configure.ac' ] + paths: [ '**.c', '**.h', '**.m4', '**.sh', '**/Makefile.in', 'configure.ac', '.github/configs', '.github/workflows/selfhosted.yml' ] jobs: selfhosted: + name: "${{ matrix.target }} ${{ matrix.config }}" if: github.repository == 'openssh/openssh-portable-selfhosted' runs-on: ${{ matrix.host }} timeout-minutes: 600 env: + DEBUG_ACTIONS: false HOST: ${{ matrix.host }} TARGET_HOST: ${{ matrix.target }} TARGET_CONFIG: ${{ matrix.config }} + TARGET_DOMAIN: ${{ startsWith(matrix.host, 'libvirt') && format('{0}-{1}-{2}', matrix.target, matrix.config, github.run_id) || matrix.target }} + EPHEMERAL: ${{ startsWith(matrix.host, 'libvirt') }} + PERSISTENT: ${{ startsWith(matrix.host, 'persist') }} + REMOTE: ${{ startsWith(matrix.host, 'remote') }} + VM: ${{ startsWith(matrix.host, 'libvirt') || startsWith(matrix.host, 'persist') }} + SSHFS: ${{ startsWith(matrix.host, 'libvirt') || startsWith(matrix.host, 'persist') || startsWith(matrix.host, 'remote') }} strategy: fail-fast: false # We use a matrix in two parts: firstly all of the VMs are tested with the @@ -74,34 +82,46 @@ jobs: - { target: nbsd8, config: pam, host: libvirt } - { target: nbsd9, config: pam, host: libvirt } - { target: nbsd10, config: pam, host: libvirt } + # ARM64 VMs + - { target: obsd-arm64, config: default, host: libvirt-arm64 } # VMs with persistent disks that have their own runner. - - { target: win10, config: default, host: win10 } - - { target: win10, config: cygwin-release, host: win10 } - # Physical hosts, with either native runners or remote via ssh. + - { target: win10, config: default, host: persist-win10 } + - { target: win10, config: cygwin-release, host: persist-win10 } + # Physical hosts with native runners. - { target: ARM, config: default, host: ARM } - { target: ARM64, config: default, host: ARM64 } - { target: ARM64, config: pam, host: ARM64 } - - { target: debian-riscv64, config: default, host: debian-riscv64 } - - { target: obsd-arm64, config: default, host: obsd-arm64 } - - { target: openwrt-mips, config: default, host: openwrt-mips } - - { target: openwrt-mipsel, config: default, host: openwrt-mipsel } + # Physical hosts with remote runners. + - { target: debian-riscv64, config: default, host: remote-debian-riscv64 } + + - { target: openwrt-mips, config: default, host: remote-openwrt-mips } + - { target: openwrt-mipsel, config: default, host: remote-openwrt-mipsel } steps: + - name: unmount stale workspace + if: env.SSHFS == 'true' + run: fusermount -u ${GITHUB_WORKSPACE} || true + working-directory: ${{ runner.temp }} - name: shutdown VM if running + if: env.VM == 'true' run: vmshutdown - working-directory: ${{ runner.temp }} - uses: actions/checkout@main - name: autoreconf run: autoreconf - name: startup VM + if: env.VM == 'true' run: vmstartup working-directory: ${{ runner.temp }} + - name: copy and mount workspace + if: env.SSHFS == 'true' + run: sshfs_mount + working-directory: ${{ runner.temp }} - name: configure run: vmrun ./.github/configure.sh ${{ matrix.config }} - - name: save config - uses: actions/upload-artifact@main - with: - name: ${{ matrix.target }}-${{ matrix.config }}-config - path: config.h +# - name: save config +# uses: actions/upload-artifact@main +# with: +# name: ${{ matrix.target }}-${{ matrix.config }}-config +# path: config.h - name: make clean run: vmrun make clean - name: make @@ -120,7 +140,10 @@ jobs: regress/*.log regress/log/* regress/valgrind-out/ + - name: unmount workspace + if: always() && env.SSHFS == 'true' + run: fusermount -u ${GITHUB_WORKSPACE} || true + working-directory: ${{ runner.temp }} - name: shutdown VM - if: always() + if: always() && env.VM == 'true' run: vmshutdown - working-directory: ${{ runner.temp }} diff --git a/crypto/openssh/.github/workflows/upstream.yml b/crypto/openssh/.github/workflows/upstream.yml index b280793d31f3..e25adb423917 100644 --- a/crypto/openssh/.github/workflows/upstream.yml +++ b/crypto/openssh/.github/workflows/upstream.yml @@ -3,22 +3,29 @@ name: Upstream self-hosted on: push: branches: [ master ] - paths: [ '**.c', '**.h', '.github/**' ] + paths: [ '**.c', '**.h', '**.sh', '.github/configs', '.github/workflows/upstream.yml' ] jobs: selfhosted: + name: "upstream ${{ matrix.target }} ${{ matrix.config }}" if: github.repository == 'openssh/openssh-portable-selfhosted' runs-on: 'libvirt' env: + DEBUG_ACTIONS: true + EPHEMERAL: true HOST: 'libvirt' TARGET_HOST: ${{ matrix.target }} TARGET_CONFIG: ${{ matrix.config }} + TARGET_DOMAIN: ${{ format('{0}-{1}-{2}', matrix.target, matrix.config, github.run_id) || matrix.target }} strategy: fail-fast: false matrix: target: [ obsdsnap, obsdsnap-i386 ] config: [ default, without-openssl, ubsan ] steps: + - name: unmount stale workspace + run: fusermount -u ${GITHUB_WORKSPACE} || true + working-directory: ${{ runner.temp }} - name: shutdown VM if running run: vmshutdown working-directory: ${{ runner.temp }} @@ -26,6 +33,9 @@ jobs: - name: startup VM run: vmstartup working-directory: ${{ runner.temp }} + - name: copy and mount workspace + run: sshfs_mount + working-directory: ${{ runner.temp }} - name: update source run: vmrun "cd /usr/src && cvs up -dPA usr.bin/ssh regress/usr.bin/ssh" - name: make clean @@ -33,7 +43,7 @@ jobs: - name: make run: vmrun "cd /usr/src/usr.bin/ssh && case ${{ matrix.config }} in without-openssl) make OPENSSL=no;; ubsan) make DEBUG='-fsanitize-minimal-runtime -fsanitize=undefined';; *) make; esac" - name: make install - run: vmrun "cd /usr/src/usr.bin/ssh && sudo make install" + run: vmrun "cd /usr/src/usr.bin/ssh && sudo make install && sudo /etc/rc.d/sshd -f restart" - name: make tests` run: vmrun "cd /usr/src/regress/usr.bin/ssh && case ${{ matrix.config }} in without-openssl) make OPENSSL=no;; ubsan) make DEBUG='-fsanitize-minimal-runtime -fsanitize=undefined';; *) make; esac" env: @@ -47,6 +57,10 @@ jobs: path: | /usr/obj/regress/usr.bin/ssh/obj/*.log /usr/obj/regress/usr.bin/ssh/obj/log/* + - name: unmount workspace + if: always() + run: fusermount -u ${GITHUB_WORKSPACE} || true + working-directory: ${{ runner.temp }} - name: shutdown VM if: always() run: vmshutdown diff --git a/crypto/openssh/.gitignore b/crypto/openssh/.gitignore index 7fccc6fe3dc3..41d505c46dde 100644 --- a/crypto/openssh/.gitignore +++ b/crypto/openssh/.gitignore @@ -1,18 +1,14 @@ Makefile buildpkg.sh config.h -config.h.in config.h.in~ config.log config.status -configure -aclocal.m4 openbsd-compat/Makefile openbsd-compat/regress/Makefile openssh.xml opensshd.init survey.sh -**/*.0 **/*.o **/*.lo **/*.so @@ -36,3 +32,4 @@ sshd !regress/misc/fuzz-harness/Makefile !regress/unittests/sshsig/Makefile tags + diff --git a/crypto/openssh/.skipped-commit-ids b/crypto/openssh/.skipped-commit-ids index 06303955c566..ec7831e5ff53 100644 --- a/crypto/openssh/.skipped-commit-ids +++ b/crypto/openssh/.skipped-commit-ids @@ -29,6 +29,14 @@ f9a0726d957cf10692a231996a1f34e7f9cdfeb0 moduli update 1e0a2692b7e20b126dda60bf04999d1d30d959d8 sshd relinking makefile changes e1dc11143f83082e3154d6094f9136d0dc2637ad more relinking makefile tweaks 5a636f6ca7f25bfe775df4952f7aac90a7fcbbee moduli update +ef9341d5a50f0d33e3a6fbe995e92964bc7ef2d3 Makefile relinking changes +2fe8d707ae35ba23c7916adcb818bb5b66837ba0 ssh-agent relink kit +866cfcc1955aef8f3fc32da0b70c353a1b859f2e ssh-agent relink changes +8b3820adb4da4e139c4b3cffbcc0bde9f08bf0c6 sshd-session relink kit +6d2ded4cd91d4d727c2b26e099b91ea935bed504 relink kit +fb39324748824cb0387e9d67c41d1bef945c54ea Makefile change +5f378c38ad8976d507786dc4db9283a879ec8cd0 Makefile change +112aacedd3b61cc5c34b1fa6d9fb759214179172 Makefile change Old upstream tree: diff --git a/crypto/openssh/ChangeLog b/crypto/openssh/ChangeLog index 3bbccf5ea3eb..a1a52651718e 100644 --- a/crypto/openssh/ChangeLog +++ b/crypto/openssh/ChangeLog @@ -1,8300 +1,8666 @@ -commit 86bdd3853f4d32c85e295e6216a2fe0953ad93f0 +commit fa41f6592ff1b6ead4a652ac75af31eabb05b912 Author: Damien Miller -Date: Mon Mar 11 16:20:49 2024 +1100 +Date: Mon Jul 1 14:33:26 2024 +1000 - version number in README + version numbers -commit 282721418e6465bc39ccfd39bb0133e670ee4423 -Author: Damien Miller -Date: Mon Mar 11 16:20:08 2024 +1100 +commit bfebb8a5130a792c5356bd06e1ddef72a0a0449f +Author: djm@openbsd.org +Date: Mon Jul 1 04:31:59 2024 +0000 - crank RPM spec versions + upstream: openssh-9.8 + + OpenBSD-Commit-ID: 5f8b89e38a4c5f7c6d52ffa19f796d49f36fab19 -commit 3876a3bbd2ca84d23ba20f8b69ba83270c04ce3a +commit 146c420d29d055cc75c8606327a1cf8439fe3a08 Author: djm@openbsd.org -Date: Mon Mar 11 04:59:47 2024 +0000 +Date: Mon Jul 1 04:31:17 2024 +0000 - upstream: openssh-9.7 + upstream: when sending ObscureKeystrokeTiming chaff packets, we - OpenBSD-Commit-ID: 618ececf58b8cdae016b149787af06240f7b0cbc + can't rely on channel_did_enqueue to tell that there is data to send. This + flag indicates that the channels code enqueued a packet on _this_ ppoll() + iteration, not that data was enqueued in _any_ ppoll() iteration in the + timeslice. ok markus@ + + OpenBSD-Commit-ID: 009b74fd2769b36b5284a0188ade182f00564136 -commit 8fc109cc614954a8eb2738c48c0db36a62af9a06 -Author: Darren Tucker -Date: Mon Mar 11 12:59:26 2024 +1100 +commit 637e4dfea4ed81264e264b6200172ce319c64ead +Author: djm@openbsd.org +Date: Mon Jul 1 03:10:19 2024 +0000 - Test against current OpenSSL and LibreSSL releases. + upstream: use "lcd" to change directory before "lls" rather then "cd", - Add LibreSSL 3.9.0, bump older branches to their respective current - releases. + since the directory we're trying to list is local. Spotted by Corinna + Vinschen + + OpenBSD-Regress-ID: 821feca4a4bebe491944e624c8f7f2990b891415 -commit 26b09b45fec7b88ba09042c09be4157e58e231e2 -Author: Damien Miller -Date: Sun Mar 10 16:24:57 2024 +1100 +commit c8cfe258cee0b8466ea84597bf15e1fcff3bc328 +Author: djm@openbsd.org +Date: Thu Jun 27 23:01:15 2024 +0000 - quote regexes used to test for algorithm support + upstream: delete obsolete comment - Fixes test failures on Solaris 8 reported by Tom G. Christensen + OpenBSD-Commit-ID: 5fb04f298ed155053f3fbfdf0c6fe7cdf84bbfa2 -commit a6a740a4948d10a622b505135bb485c10f21db5e +commit 94b9d37100f6fa536aaa1d1a0e4926fe44fbf04d Author: djm@openbsd.org -Date: Sat Mar 9 05:12:13 2024 +0000 +Date: Thu Jun 27 22:36:44 2024 +0000 - upstream: avoid logging in signal handler by converting mainloop to + upstream: retire unused API - ppoll() bz3670, reported by Ben Hamilton; ok dtucker@ + OpenBSD-Commit-ID: 3e30d7b0615e2707f6bbe70f61b1c2f72f78161b + +commit 268c3a7f5783e731ed60f4e28da66ee3743581d3 +Author: jmc@openbsd.org +Date: Thu Jun 27 21:02:16 2024 +0000 + + upstream: ssl(8) no longer contains a HISTORY section; - OpenBSD-Commit-ID: e58f18042b86425405ca09e6e9d7dfa1df9f5f7f + OpenBSD-Commit-ID: 83b7ff34433d79595e9c2a5d2a561a6660251245 -commit cd82f7526e0481720567ae41db7849ab1c27e27b +commit 12b6cc09ce6c430681f03af2a8069e37a664690b Author: djm@openbsd.org -Date: Fri Mar 8 22:16:32 2024 +0000 +Date: Wed Jun 26 23:47:46 2024 +0000 - upstream: skip more whitespace, fixes find-principals on + upstream: move child process waitpid() loop out of SIGCHLD handler; - allowed_signers files with blank lines; reported by Wiktor Kwapisiewicz + ok deraadt - OpenBSD-Commit-ID: b3a22a2afd753d70766f34bc7f309c03706b5298 + OpenBSD-Commit-ID: 65815a39564e431414aed7c5ace8076f4e9ca741 -commit 2f9d2af5cb19905d87f37d1e11c9f035ac5daf3b -Author: dtucker@openbsd.org -Date: Fri Mar 8 11:34:10 2024 +0000 +commit d6bcd13297c2ab8b528df5a6898f994734849031 +Author: deraadt@openbsd.org +Date: Wed Jun 26 23:16:52 2024 +0000 - upstream: Invoke ProxyCommand that uses stderr redirection via + upstream: Instead of using possibly complex ssh_signal(), write all - $TEST_SHELL. Fixes test when run by a user whose login shell is tcsh. - Found by vinschen at redhat.com. + the parts of the grace_alarm_handler() using the exact things allowed by the + signal-safe rules. This is a good rule of thumb: Handlers should be written + to either set a global volatile sig_atomic_t inspected from outside, and/or + directly perform only safe operations listed in our sigaction(2) manual page. + ok djm markus - OpenBSD-Regress-ID: f68d79e7f00caa8d216ebe00ee5f0adbb944062a + OpenBSD-Commit-ID: 14168ae8368aab76e4ed79e17a667cb46f404ecd -commit 9b3f0beb4007a7e01dfedabb429097fb593deae6 -Author: Darren Tucker -Date: Thu Mar 7 17:18:14 2024 +1100 +commit b8793e2b0851f7d71b97554fa5260b23796d6277 +Author: deraadt@openbsd.org +Date: Wed Jun 26 23:14:14 2024 +0000 - Prefer openssl binary from --with-ssl-dir directory. + upstream: save_errno wrappers inside two small signal handlers that - Use openssl in the directory specified by --with-ssl-dir as long - as it's functional. Reported by The Doctor. + perform system calls, for systems with libc that do perform libc sigtramps. + ok djm markus + + OpenBSD-Commit-ID: 7749b56419a7c9dcfe4c6c04811e429813346c62 -commit c47e1c9c7911f38b2fc2fb01b1f6ae3a3121a838 -Author: djm@openbsd.org -Date: Wed Mar 6 02:59:59 2024 +0000 +commit f23e9332c4c8df37465c4a4f38275ea98980ed7e +Author: jmc@openbsd.org +Date: Mon Jun 24 06:59:39 2024 +0000 - upstream: fix memory leak in mux proxy mode when requesting forwarding. + upstream: - uppercase start of sentence - correct sentence grammar - found by RASU JSC, reported by Maks Mishin in GHPR#467 + ok djm - OpenBSD-Commit-ID: 97d96a166b1ad4b8d229864a553e3e56d3116860 + OpenBSD-Commit-ID: 1ec4b0fdb633a43667f2c8fff1d600bd647dde25 -commit 242742827fea4508e68097c128e802edc79addb5 +commit 1839e3eb71a759aa795602c1e4196300f4ac2615 Author: djm@openbsd.org -Date: Wed Mar 6 00:31:04 2024 +0000 +Date: Mon Jun 24 04:05:11 2024 +0000 - upstream: wrap a few PKCS#11-specific bits in ENABLE_PKCS11 + upstream: mention SshdSessionPath option - OpenBSD-Commit-ID: 463e4a69eef3426a43a2b922c4e7b2011885d923 + OpenBSD-Commit-ID: c29734d36c21003973b15c1c9965c35f36cef30c -commit d52b6509210e2043f33e5a1de58dd4a0d5d48c2a -Author: Damien Miller -Date: Wed Mar 6 11:31:36 2024 +1100 +commit 603193e32aef5db7d60c58066d5de89806e79312 +Author: Darren Tucker +Date: Thu Jun 20 18:45:14 2024 +1000 - disable RSA tests when algorithm is not supported + Rerun upstream tests on .sh file changes too. + +commit dbbf9337c19381786a8e5a8a49152fe6b80c780d +Author: dtucker@openbsd.org +Date: Thu Jun 20 08:23:18 2024 +0000 + + upstream: Work around dbclient cipher/mac query bug. - Unbreaks "make test" when compiled --without-openssl. + Unlike earlier versions, recent Dropbear (at least v2024.85) requires + a host arg when querying supported ciphers and macs via "-c/-m + help". Earlier versions accept but do not require it, so always + provide it. If these queries fail, skip the test with a warning. - Similar treatment to how we do DSA and ECDSA. + OpenBSD-Regress-ID: 98eb863a3f0363416922efb273885e6b3c7f68d4 -commit 668d270a6c77e8b5a1da26ecad2e6de9f62c8fe4 -Author: Damien Miller -Date: Wed Mar 6 10:33:20 2024 +1100 +commit 8de2c8cebc46bbdb94b7a2c120fcadfb66a3cccc +Author: dtucker@openbsd.org +Date: Thu Jun 20 08:18:34 2024 +0000 - add a --without-retpoline configure option + upstream: Remove dropbear key types not supported - discussed with deraadt and dtucker a while ago + by current OpenSSH. Allows subsequent test runs to work if OpenSSH is + rebuilt w/out OpenSSL. + + OpenBSD-Regress-ID: e0129eb2b1d31771105903a8055216fbba20a770 -commit 3deb501f86fc47e175ef6a3eaba9b9846a80d444 +commit e9b6471c59b21e5d9ef1b3832d4bf727338add85 Author: djm@openbsd.org -Date: Mon Mar 4 04:13:18 2024 +0000 +Date: Thu Jun 20 00:18:05 2024 +0000 - upstream: fix leak of CanonicalizePermittedCNAMEs on error path; - - spotted by Coverity (CID 438039) + upstream: stricter check for overfull tables in penalty record path - OpenBSD-Commit-ID: 208839699939721f452a4418afc028a9f9d3d8af + OpenBSD-Commit-ID: 7df01e648a0723418c554e64a9f2b6d38db060a6 -commit 65a44a8a4f7d902a64d4e60eda84384b2e2a24a2 +commit d9336d344eb2a1e898c5e66147b3f108c7214694 Author: djm@openbsd.org -Date: Mon Mar 4 02:16:11 2024 +0000 +Date: Wed Jun 19 23:24:47 2024 +0000 - upstream: Separate parsing of string array options from applying them - - to the active configuration. This fixes the config parser from erroneously - rejecting cases like: + upstream: put back reaping of preauth child process when writes - AuthenticationMethods password - Match User ivy - AuthenticationMethods any + from the monitor fail. Not sure how this got lost in the avalanche of + patches. - bz3657 ok markus@ + OpenBSD-Commit-ID: eb7eb36371e1ac01050b32b70fb2b3e5d98e72f5 + +commit 579d9adb70ec0206a788eb5c63804c31a67e9310 +Author: naddy@openbsd.org +Date: Mon Jun 17 13:50:18 2024 +0000 + + upstream: remove one more mention of DSA - OpenBSD-Commit-ID: 7f196cba634c2a3dba115f3fac3c4635a2199491 + OpenBSD-Commit-ID: 8515f55a15f02836ba657df341415f63c60526ca -commit 6886e1b1f55c90942e4e6deed930f8ac32e0f938 +commit 7089b5f8436ef0b8d3d3ad9ce01045fb9e7aab15 Author: Darren Tucker -Date: Thu Feb 22 17:59:35 2024 +1100 +Date: Wed Jun 19 23:09:05 2024 +1000 - Add nbsd10 test target. + Move -f to the place needed to restart sshd. -commit d86bf8a3f6ea4fa7887406c2aa9959db71fa41be -Author: Damien Miller -Date: Thu Feb 22 12:06:10 2024 +1100 +commit d5f83cfd852b14a25f347f082ab539a9454702ad +Author: Darren Tucker +Date: Wed Jun 19 21:04:01 2024 +1000 - more descriptive configure test name + Need to supply "-f" to restart sshd. -commit 9ee335aacc9f5bdc4cc2c19fafb45e27be7d234e -Author: djm@openbsd.org -Date: Wed Feb 21 06:17:29 2024 +0000 +commit fad34b4ca25c0ef31e5aa841d461b6f21da5b8c1 +Author: dtucker@openbsd.org +Date: Wed Jun 19 10:15:51 2024 +0000 - upstream: explain arguments of internal-sftp GHPR#454 from Niklas + upstream: Provide defaults for ciphers and macs - Hambüchen - MIME-Version: 1.0 - Content-Type: text/plain; charset=UTF-8 - Content-Transfer-Encoding: 8bit + if querying for them fails since on some versions of Dropbear (at least + v2024.85) "-m help" doesn't seem to work. Enable all supported pubkey + algorithms in the server. - OpenBSD-Commit-ID: 0335d641ae6b5b6201b9ffd5dd06345ebbd0a3f3 + OpenBSD-Regress-ID: 4f95556a49ee9f621789f25217c367a33d2745ca -commit d1164cb1001dd208fee88aaa9b43d5e6fd917274 -Author: djm@openbsd.org -Date: Wed Feb 21 06:06:43 2024 +0000 +commit 5521060e35ada9f957cecdddc06d0524e75409ef +Author: dtucker@openbsd.org +Date: Wed Jun 19 10:10:46 2024 +0000 *** 25859 LINES SKIPPED ***