From owner-svn-src-stable@freebsd.org  Sun Feb  7 11:38:56 2016
Return-Path: <owner-svn-src-stable@freebsd.org>
Delivered-To: svn-src-stable@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id A4060AA1E40;
 Sun,  7 Feb 2016 11:38:56 +0000 (UTC) (envelope-from des@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 3CC3D136B;
 Sun,  7 Feb 2016 11:38:56 +0000 (UTC) (envelope-from des@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u17BctPZ038783;
 Sun, 7 Feb 2016 11:38:55 GMT (envelope-from des@FreeBSD.org)
Received: (from des@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id u17Bctwi038780;
 Sun, 7 Feb 2016 11:38:55 GMT (envelope-from des@FreeBSD.org)
Message-Id: <201602071138.u17Bctwi038780@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: des set sender to des@FreeBSD.org
 using -f
From: =?UTF-8?Q?Dag-Erling_Sm=c3=b8rgrav?= <des@FreeBSD.org>
Date: Sun, 7 Feb 2016 11:38:55 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org
Subject: svn commit: r295367 - in stable/10: crypto/openssh
 crypto/openssh/contrib crypto/openssh/contrib/caldera
 crypto/openssh/contrib/cygwin crypto/openssh/contrib/redhat
 crypto/openssh/contrib/suse cryp...
X-SVN-Group: stable-10
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-stable@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: SVN commit messages for all the -stable branches of the src tree
 <svn-src-stable.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-stable>, 
 <mailto:svn-src-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-stable/>
List-Post: <mailto:svn-src-stable@freebsd.org>
List-Help: <mailto:svn-src-stable-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-stable>,
 <mailto:svn-src-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 07 Feb 2016 11:38:56 -0000

Author: des
Date: Sun Feb  7 11:38:54 2016
New Revision: 295367
URL: https://svnweb.freebsd.org/changeset/base/295367

Log:
  MFH (r265214, r294333, r294407, r294467): misc prop fixes
  MFH (r285975, r287143): register mergeinfo for security fixes
  MFH (r294497, r294498, r295139): internal documentation
  MFH (r294328): upgrade to openssh 6.7p1, re-add libwrap
  MFH (r294332): upgrade to openssh 6.8p1
  MFH (r294367): update pam_ssh for api changes
  MFH (r294909): switch usedns back on
  MFH (r294336): upgrade to openssh 6.9p1
  MFH (r294495): re-enable dsa keys
  MFH (r294464): upgrade to openssh 7.0p1
  MFH (r294496): upgrade to openssh 7.1p2
  
  Approved by:	re (gjb)
  Relnotes:	yes

Added:
  stable/10/crypto/openssh/.cvsignore
     - copied unchanged from r294332, head/crypto/openssh/.cvsignore
  stable/10/crypto/openssh/bitmap.c   (contents, props changed)
     - copied, changed from r294332, head/crypto/openssh/bitmap.c
     - copied unchanged from r294332, head/crypto/openssh/bitmap.h
  stable/10/crypto/openssh/cipher-aesctr.c
     - copied, changed from r294328, head/crypto/openssh/cipher-aesctr.c
  stable/10/crypto/openssh/cipher-aesctr.h
     - copied unchanged from r294328, head/crypto/openssh/cipher-aesctr.h
     - copied unchanged from r294332, head/crypto/openssh/opacket.c
     - copied unchanged from r294332, head/crypto/openssh/opacket.h
  stable/10/crypto/openssh/openbsd-compat/.cvsignore
     - copied unchanged from r294332, head/crypto/openssh/openbsd-compat/.cvsignore
  stable/10/crypto/openssh/openbsd-compat/kludge-fd_set.c
     - copied unchanged from r294328, head/crypto/openssh/openbsd-compat/kludge-fd_set.c
     - copied unchanged from r294332, head/crypto/openssh/openbsd-compat/md5.c
     - copied unchanged from r294332, head/crypto/openssh/openbsd-compat/md5.h
     - copied unchanged from r294332, head/crypto/openssh/openbsd-compat/reallocarray.c
  stable/10/crypto/openssh/openbsd-compat/regress/.cvsignore
     - copied unchanged from r294332, head/crypto/openssh/openbsd-compat/regress/.cvsignore
  stable/10/crypto/openssh/openbsd-compat/regress/opensslvertest.c
     - copied unchanged from r294328, head/crypto/openssh/openbsd-compat/regress/opensslvertest.c
  stable/10/crypto/openssh/openbsd-compat/rmd160.c   (contents, props changed)
     - copied, changed from r294332, head/crypto/openssh/openbsd-compat/rmd160.c
     - copied unchanged from r294332, head/crypto/openssh/openbsd-compat/rmd160.h
     - copied unchanged from r294332, head/crypto/openssh/openbsd-compat/sha1.c
     - copied unchanged from r294332, head/crypto/openssh/openbsd-compat/sha1.h
  stable/10/crypto/openssh/regress/.cvsignore
     - copied unchanged from r294332, head/crypto/openssh/regress/.cvsignore
     - copied unchanged from r294336, head/crypto/openssh/regress/cfgparse.sh
  stable/10/crypto/openssh/regress/hostkey-agent.sh   (contents, props changed)
     - copied, changed from r294332, head/crypto/openssh/regress/hostkey-agent.sh
  stable/10/crypto/openssh/regress/hostkey-rotate.sh   (contents, props changed)
     - copied, changed from r294332, head/crypto/openssh/regress/hostkey-rotate.sh
  stable/10/crypto/openssh/regress/keygen-knownhosts.sh   (contents, props changed)
     - copied, changed from r294332, head/crypto/openssh/regress/keygen-knownhosts.sh
     - copied unchanged from r294332, head/crypto/openssh/regress/limit-keytype.sh
     - copied unchanged from r294332, head/crypto/openssh/regress/multipubkey.sh
  stable/10/crypto/openssh/regress/netcat.c   (contents, props changed)
     - copied, changed from r294332, head/crypto/openssh/regress/netcat.c
  stable/10/crypto/openssh/regress/principals-command.sh   (contents, props changed)
     - copied, changed from r294336, head/crypto/openssh/regress/principals-command.sh
  stable/10/crypto/openssh/regress/t11.ok
     - copied unchanged from r294332, head/crypto/openssh/regress/t11.ok
  stable/10/crypto/openssh/regress/unittests/
     - copied from r294328, head/crypto/openssh/regress/unittests/
  stable/10/crypto/openssh/regress/unittests/bitmap/
     - copied from r294332, head/crypto/openssh/regress/unittests/bitmap/
  stable/10/crypto/openssh/regress/unittests/hostkeys/
     - copied from r294332, head/crypto/openssh/regress/unittests/hostkeys/
  stable/10/crypto/openssh/regress/unittests/kex/
     - copied from r294332, head/crypto/openssh/regress/unittests/kex/
     - copied unchanged from r294332, head/crypto/openssh/regress/valgrind-unit.sh
  stable/10/crypto/openssh/scard/.cvsignore
     - copied unchanged from r294332, head/crypto/openssh/scard/.cvsignore
     - copied unchanged from r294332, head/crypto/openssh/ssh_api.c
     - copied unchanged from r294332, head/crypto/openssh/ssh_api.h
  stable/10/crypto/openssh/sshbuf-getput-basic.c
     - copied, changed from r294328, head/crypto/openssh/sshbuf-getput-basic.c
  stable/10/crypto/openssh/sshbuf-getput-crypto.c
     - copied, changed from r294328, head/crypto/openssh/sshbuf-getput-crypto.c
  stable/10/crypto/openssh/sshbuf-misc.c
     - copied, changed from r294328, head/crypto/openssh/sshbuf-misc.c
  stable/10/crypto/openssh/sshbuf.c
     - copied, changed from r294328, head/crypto/openssh/sshbuf.c
  stable/10/crypto/openssh/sshbuf.h
     - copied, changed from r294328, head/crypto/openssh/sshbuf.h
  stable/10/crypto/openssh/ssherr.c
     - copied, changed from r294328, head/crypto/openssh/ssherr.c
  stable/10/crypto/openssh/ssherr.h
     - copied, changed from r294328, head/crypto/openssh/ssherr.h
  stable/10/crypto/openssh/sshkey.c
     - copied, changed from r294328, head/crypto/openssh/sshkey.c
  stable/10/crypto/openssh/sshkey.h
     - copied, changed from r294328, head/crypto/openssh/sshkey.h
Directory Properties:
  stable/10/crypto/openssh/bitmap.h   (props changed)
  stable/10/crypto/openssh/opacket.c   (props changed)
  stable/10/crypto/openssh/opacket.h   (props changed)
  stable/10/crypto/openssh/openbsd-compat/md5.c   (props changed)
  stable/10/crypto/openssh/openbsd-compat/md5.h   (props changed)
  stable/10/crypto/openssh/openbsd-compat/reallocarray.c   (props changed)
  stable/10/crypto/openssh/openbsd-compat/rmd160.h   (props changed)
  stable/10/crypto/openssh/openbsd-compat/sha1.c   (props changed)
  stable/10/crypto/openssh/openbsd-compat/sha1.h   (props changed)
  stable/10/crypto/openssh/regress/cfgparse.sh   (props changed)
  stable/10/crypto/openssh/regress/limit-keytype.sh   (props changed)
  stable/10/crypto/openssh/regress/multipubkey.sh   (props changed)
  stable/10/crypto/openssh/regress/valgrind-unit.sh   (props changed)
  stable/10/crypto/openssh/ssh_api.c   (props changed)
  stable/10/crypto/openssh/ssh_api.h   (props changed)
Deleted:
  stable/10/crypto/openssh/compress.c
  stable/10/crypto/openssh/compress.h
  stable/10/crypto/openssh/contrib/caldera/
  stable/10/crypto/openssh/moduli.0
  stable/10/crypto/openssh/scp.0
  stable/10/crypto/openssh/sftp-server.0
  stable/10/crypto/openssh/sftp.0
  stable/10/crypto/openssh/ssh-add.0
  stable/10/crypto/openssh/ssh-agent.0
  stable/10/crypto/openssh/ssh-keygen.0
  stable/10/crypto/openssh/ssh-keyscan.0
  stable/10/crypto/openssh/ssh-keysign.0
  stable/10/crypto/openssh/ssh-pkcs11-helper.0
  stable/10/crypto/openssh/ssh.0
  stable/10/crypto/openssh/ssh_config.0
  stable/10/crypto/openssh/sshd.0
  stable/10/crypto/openssh/sshd_config.0
Modified:
  stable/10/crypto/openssh/ChangeLog
  stable/10/crypto/openssh/FREEBSD-upgrade
  stable/10/crypto/openssh/INSTALL
  stable/10/crypto/openssh/Makefile.in
  stable/10/crypto/openssh/OVERVIEW
  stable/10/crypto/openssh/PROTOCOL
  stable/10/crypto/openssh/PROTOCOL.agent
  stable/10/crypto/openssh/PROTOCOL.krl
  stable/10/crypto/openssh/PROTOCOL.mux
  stable/10/crypto/openssh/README
  stable/10/crypto/openssh/addrmatch.c
  stable/10/crypto/openssh/atomicio.c
  stable/10/crypto/openssh/auth-bsdauth.c
  stable/10/crypto/openssh/auth-chall.c
  stable/10/crypto/openssh/auth-krb5.c   (contents, props changed)
  stable/10/crypto/openssh/auth-options.c
  stable/10/crypto/openssh/auth-options.h
  stable/10/crypto/openssh/auth-pam.c
  stable/10/crypto/openssh/auth-passwd.c
  stable/10/crypto/openssh/auth-rh-rsa.c
  stable/10/crypto/openssh/auth-rhosts.c
  stable/10/crypto/openssh/auth-rsa.c
  stable/10/crypto/openssh/auth.c
  stable/10/crypto/openssh/auth.h
  stable/10/crypto/openssh/auth1.c
  stable/10/crypto/openssh/auth2-chall.c
  stable/10/crypto/openssh/auth2-gss.c
  stable/10/crypto/openssh/auth2-hostbased.c
  stable/10/crypto/openssh/auth2-kbdint.c
  stable/10/crypto/openssh/auth2-none.c
  stable/10/crypto/openssh/auth2-passwd.c
  stable/10/crypto/openssh/auth2-pubkey.c
  stable/10/crypto/openssh/auth2.c
  stable/10/crypto/openssh/authfd.c
  stable/10/crypto/openssh/authfd.h
  stable/10/crypto/openssh/authfile.c
  stable/10/crypto/openssh/authfile.h
  stable/10/crypto/openssh/bufaux.c
  stable/10/crypto/openssh/bufbn.c
  stable/10/crypto/openssh/bufec.c
  stable/10/crypto/openssh/buffer.c
  stable/10/crypto/openssh/buffer.h
  stable/10/crypto/openssh/canohost.c
  stable/10/crypto/openssh/chacha.h
  stable/10/crypto/openssh/channels.c
  stable/10/crypto/openssh/channels.h
  stable/10/crypto/openssh/cipher-3des1.c
  stable/10/crypto/openssh/cipher-bf1.c
  stable/10/crypto/openssh/cipher-chachapoly.c
  stable/10/crypto/openssh/cipher-chachapoly.h
  stable/10/crypto/openssh/cipher-ctr.c
  stable/10/crypto/openssh/cipher.c
  stable/10/crypto/openssh/cipher.h
  stable/10/crypto/openssh/clientloop.c
  stable/10/crypto/openssh/compat.c
  stable/10/crypto/openssh/compat.h
  stable/10/crypto/openssh/config.guess
  stable/10/crypto/openssh/config.h
  stable/10/crypto/openssh/configure.ac
  stable/10/crypto/openssh/contrib/Makefile
  stable/10/crypto/openssh/contrib/README
  stable/10/crypto/openssh/contrib/cygwin/README
  stable/10/crypto/openssh/contrib/cygwin/ssh-host-config
  stable/10/crypto/openssh/contrib/cygwin/ssh-user-config
  stable/10/crypto/openssh/contrib/redhat/openssh.spec
  stable/10/crypto/openssh/contrib/suse/openssh.spec
  stable/10/crypto/openssh/deattack.c
  stable/10/crypto/openssh/deattack.h
  stable/10/crypto/openssh/defines.h
  stable/10/crypto/openssh/dh.c
  stable/10/crypto/openssh/dh.h
  stable/10/crypto/openssh/digest-libc.c
  stable/10/crypto/openssh/digest-openssl.c
  stable/10/crypto/openssh/digest.h
  stable/10/crypto/openssh/dispatch.c
  stable/10/crypto/openssh/dispatch.h
  stable/10/crypto/openssh/dns.c
  stable/10/crypto/openssh/dns.h
  stable/10/crypto/openssh/entropy.c
  stable/10/crypto/openssh/ge25519.h
  stable/10/crypto/openssh/groupaccess.c
  stable/10/crypto/openssh/gss-genr.c
  stable/10/crypto/openssh/gss-serv-krb5.c
  stable/10/crypto/openssh/gss-serv.c
  stable/10/crypto/openssh/hmac.c
  stable/10/crypto/openssh/hmac.h
  stable/10/crypto/openssh/hostfile.c
  stable/10/crypto/openssh/hostfile.h
  stable/10/crypto/openssh/includes.h
  stable/10/crypto/openssh/kex.c
  stable/10/crypto/openssh/kex.h
  stable/10/crypto/openssh/kexc25519.c
  stable/10/crypto/openssh/kexc25519c.c
  stable/10/crypto/openssh/kexc25519s.c
  stable/10/crypto/openssh/kexdh.c
  stable/10/crypto/openssh/kexdhc.c
  stable/10/crypto/openssh/kexdhs.c
  stable/10/crypto/openssh/kexecdh.c
  stable/10/crypto/openssh/kexecdhc.c
  stable/10/crypto/openssh/kexecdhs.c
  stable/10/crypto/openssh/kexgex.c
  stable/10/crypto/openssh/kexgexc.c
  stable/10/crypto/openssh/kexgexs.c
  stable/10/crypto/openssh/key.c
  stable/10/crypto/openssh/key.h
  stable/10/crypto/openssh/krl.c
  stable/10/crypto/openssh/krl.h
  stable/10/crypto/openssh/log.c
  stable/10/crypto/openssh/loginrec.c
  stable/10/crypto/openssh/mac.c
  stable/10/crypto/openssh/mac.h
  stable/10/crypto/openssh/match.c
  stable/10/crypto/openssh/match.h
  stable/10/crypto/openssh/misc.c
  stable/10/crypto/openssh/misc.h
  stable/10/crypto/openssh/moduli
  stable/10/crypto/openssh/moduli.c
  stable/10/crypto/openssh/monitor.c
  stable/10/crypto/openssh/monitor.h
  stable/10/crypto/openssh/monitor_fdpass.c
  stable/10/crypto/openssh/monitor_mm.c
  stable/10/crypto/openssh/monitor_wrap.c
  stable/10/crypto/openssh/monitor_wrap.h
  stable/10/crypto/openssh/msg.c
  stable/10/crypto/openssh/msg.h
  stable/10/crypto/openssh/mux.c
  stable/10/crypto/openssh/myproposal.h
  stable/10/crypto/openssh/openbsd-compat/Makefile.in
  stable/10/crypto/openssh/openbsd-compat/arc4random.c
  stable/10/crypto/openssh/openbsd-compat/bcrypt_pbkdf.c
  stable/10/crypto/openssh/openbsd-compat/bsd-cygwin_util.c
  stable/10/crypto/openssh/openbsd-compat/bsd-cygwin_util.h
  stable/10/crypto/openssh/openbsd-compat/bsd-misc.c
  stable/10/crypto/openssh/openbsd-compat/bsd-misc.h
  stable/10/crypto/openssh/openbsd-compat/bsd-snprintf.c
  stable/10/crypto/openssh/openbsd-compat/explicit_bzero.c
  stable/10/crypto/openssh/openbsd-compat/fake-rfc2553.h
  stable/10/crypto/openssh/openbsd-compat/getrrsetbyname-ldns.c
  stable/10/crypto/openssh/openbsd-compat/openbsd-compat.h
  stable/10/crypto/openssh/openbsd-compat/openssl-compat.c
  stable/10/crypto/openssh/openbsd-compat/openssl-compat.h
  stable/10/crypto/openssh/openbsd-compat/port-linux.c
  stable/10/crypto/openssh/openbsd-compat/port-tun.c
  stable/10/crypto/openssh/openbsd-compat/port-uw.c
  stable/10/crypto/openssh/openbsd-compat/readpassphrase.c
  stable/10/crypto/openssh/openbsd-compat/realpath.c
  stable/10/crypto/openssh/openbsd-compat/regress/Makefile.in
  stable/10/crypto/openssh/openbsd-compat/sha2.c
  stable/10/crypto/openssh/openbsd-compat/sha2.h
  stable/10/crypto/openssh/openbsd-compat/xcrypt.c
  stable/10/crypto/openssh/opensshd.init.in
  stable/10/crypto/openssh/packet.c
  stable/10/crypto/openssh/packet.h
  stable/10/crypto/openssh/platform.c
  stable/10/crypto/openssh/poly1305.h
  stable/10/crypto/openssh/progressmeter.c
  stable/10/crypto/openssh/progressmeter.h
  stable/10/crypto/openssh/readconf.c
  stable/10/crypto/openssh/readconf.h
  stable/10/crypto/openssh/regress/Makefile
  stable/10/crypto/openssh/regress/README.regress
  stable/10/crypto/openssh/regress/agent-pkcs11.sh
  stable/10/crypto/openssh/regress/agent-timeout.sh
  stable/10/crypto/openssh/regress/agent.sh
  stable/10/crypto/openssh/regress/broken-pipe.sh
  stable/10/crypto/openssh/regress/cert-hostkey.sh
  stable/10/crypto/openssh/regress/cert-userkey.sh
  stable/10/crypto/openssh/regress/cfgmatch.sh
  stable/10/crypto/openssh/regress/cipher-speed.sh
  stable/10/crypto/openssh/regress/connect-privsep.sh
  stable/10/crypto/openssh/regress/connect.sh
  stable/10/crypto/openssh/regress/dhgex.sh
  stable/10/crypto/openssh/regress/dynamic-forward.sh
  stable/10/crypto/openssh/regress/exit-status.sh
  stable/10/crypto/openssh/regress/forcecommand.sh
  stable/10/crypto/openssh/regress/forward-control.sh
  stable/10/crypto/openssh/regress/forwarding.sh
  stable/10/crypto/openssh/regress/host-expand.sh
  stable/10/crypto/openssh/regress/integrity.sh
  stable/10/crypto/openssh/regress/kextype.sh
  stable/10/crypto/openssh/regress/key-options.sh
  stable/10/crypto/openssh/regress/keygen-change.sh
  stable/10/crypto/openssh/regress/keys-command.sh
  stable/10/crypto/openssh/regress/keyscan.sh
  stable/10/crypto/openssh/regress/keytype.sh
  stable/10/crypto/openssh/regress/krl.sh
  stable/10/crypto/openssh/regress/localcommand.sh
  stable/10/crypto/openssh/regress/login-timeout.sh
  stable/10/crypto/openssh/regress/multiplex.sh
  stable/10/crypto/openssh/regress/proto-mismatch.sh
  stable/10/crypto/openssh/regress/proto-version.sh
  stable/10/crypto/openssh/regress/proxy-connect.sh
  stable/10/crypto/openssh/regress/reconfigure.sh
  stable/10/crypto/openssh/regress/reexec.sh
  stable/10/crypto/openssh/regress/rekey.sh
  stable/10/crypto/openssh/regress/ssh-com.sh
  stable/10/crypto/openssh/regress/ssh2putty.sh
  stable/10/crypto/openssh/regress/sshd-log-wrapper.sh
  stable/10/crypto/openssh/regress/stderr-data.sh
  stable/10/crypto/openssh/regress/t4.ok
  stable/10/crypto/openssh/regress/test-exec.sh
  stable/10/crypto/openssh/regress/transfer.sh
  stable/10/crypto/openssh/regress/try-ciphers.sh
  stable/10/crypto/openssh/regress/unittests/Makefile
  stable/10/crypto/openssh/regress/unittests/Makefile.inc
  stable/10/crypto/openssh/regress/unittests/hostkeys/test_iterate.c   (contents, props changed)
  stable/10/crypto/openssh/regress/unittests/kex/test_kex.c   (contents, props changed)
  stable/10/crypto/openssh/regress/unittests/sshbuf/test_sshbuf_getput_crypto.c
  stable/10/crypto/openssh/regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c
  stable/10/crypto/openssh/regress/unittests/sshkey/common.c
  stable/10/crypto/openssh/regress/unittests/sshkey/mktestdata.sh
  stable/10/crypto/openssh/regress/unittests/sshkey/test_file.c
  stable/10/crypto/openssh/regress/unittests/sshkey/test_fuzz.c
  stable/10/crypto/openssh/regress/unittests/sshkey/test_sshkey.c
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/dsa_1
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/dsa_1-cert.fp
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/dsa_1-cert.pub   (contents, props changed)
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/dsa_1.fp
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/dsa_1.fp.bb
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/dsa_1.param.g
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/dsa_1.param.priv
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/dsa_1.param.pub   (contents, props changed)
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/dsa_1.pub   (contents, props changed)
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/dsa_1_pw
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/dsa_2
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/dsa_2.fp
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/dsa_2.fp.bb
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/dsa_2.pub   (contents, props changed)
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/dsa_n
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/dsa_n_pw
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_1
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_1-cert.fp
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_1-cert.pub   (contents, props changed)
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_1.fp
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_1.fp.bb
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_1.param.priv
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_1.param.pub   (contents, props changed)
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_1.pub   (contents, props changed)
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_1_pw
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_2
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_2.fp
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_2.fp.bb
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_2.param.priv
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_2.param.pub   (contents, props changed)
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_2.pub   (contents, props changed)
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_n
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_n_pw
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ed25519_1
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ed25519_1-cert.fp
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ed25519_1-cert.pub   (contents, props changed)
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ed25519_1.fp
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ed25519_1.fp.bb
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ed25519_1.pub   (contents, props changed)
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ed25519_1_pw
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ed25519_2
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ed25519_2.fp
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ed25519_2.fp.bb
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ed25519_2.pub   (contents, props changed)
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa1_1
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa1_1.fp
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa1_1.fp.bb
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa1_1.param.n
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa1_1.pub   (contents, props changed)
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa1_1_pw
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa1_2
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa1_2.fp
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa1_2.fp.bb
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa1_2.param.n
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa1_2.pub   (contents, props changed)
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa_1
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa_1-cert.fp
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa_1-cert.pub   (contents, props changed)
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa_1.fp
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa_1.fp.bb
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa_1.param.n
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa_1.param.p
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa_1.param.q
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa_1.pub   (contents, props changed)
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa_1_pw
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa_2
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa_2.fp
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa_2.fp.bb
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa_2.param.n
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa_2.param.p
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa_2.param.q
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa_2.pub   (contents, props changed)
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa_n
  stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa_n_pw
  stable/10/crypto/openssh/regress/unittests/test_helper/Makefile
  stable/10/crypto/openssh/regress/unittests/test_helper/fuzz.c
  stable/10/crypto/openssh/regress/unittests/test_helper/test_helper.c
  stable/10/crypto/openssh/regress/unittests/test_helper/test_helper.h
  stable/10/crypto/openssh/regress/yes-head.sh
  stable/10/crypto/openssh/rijndael.c
  stable/10/crypto/openssh/rijndael.h
  stable/10/crypto/openssh/roaming_client.c
  stable/10/crypto/openssh/roaming_common.c
  stable/10/crypto/openssh/roaming_dummy.c
  stable/10/crypto/openssh/rsa.c
  stable/10/crypto/openssh/rsa.h
  stable/10/crypto/openssh/sandbox-seccomp-filter.c
  stable/10/crypto/openssh/sandbox-systrace.c
  stable/10/crypto/openssh/scp.1
  stable/10/crypto/openssh/scp.c
  stable/10/crypto/openssh/servconf.c
  stable/10/crypto/openssh/servconf.h
  stable/10/crypto/openssh/serverloop.c
  stable/10/crypto/openssh/session.c
  stable/10/crypto/openssh/sftp-client.c
  stable/10/crypto/openssh/sftp-client.h
  stable/10/crypto/openssh/sftp-common.c
  stable/10/crypto/openssh/sftp-common.h
  stable/10/crypto/openssh/sftp-glob.c
  stable/10/crypto/openssh/sftp-server.8
  stable/10/crypto/openssh/sftp-server.c
  stable/10/crypto/openssh/sftp.1
  stable/10/crypto/openssh/sftp.c
  stable/10/crypto/openssh/ssh-add.1
  stable/10/crypto/openssh/ssh-add.c
  stable/10/crypto/openssh/ssh-agent.1
  stable/10/crypto/openssh/ssh-agent.c
  stable/10/crypto/openssh/ssh-dss.c
  stable/10/crypto/openssh/ssh-ecdsa.c
  stable/10/crypto/openssh/ssh-ed25519.c
  stable/10/crypto/openssh/ssh-keygen.1
  stable/10/crypto/openssh/ssh-keygen.c
  stable/10/crypto/openssh/ssh-keyscan.1
  stable/10/crypto/openssh/ssh-keyscan.c
  stable/10/crypto/openssh/ssh-keysign.c
  stable/10/crypto/openssh/ssh-pkcs11-client.c
  stable/10/crypto/openssh/ssh-pkcs11-helper.c
  stable/10/crypto/openssh/ssh-pkcs11.c
  stable/10/crypto/openssh/ssh-pkcs11.h
  stable/10/crypto/openssh/ssh-rsa.c
  stable/10/crypto/openssh/ssh.1
  stable/10/crypto/openssh/ssh.c
  stable/10/crypto/openssh/ssh.h
  stable/10/crypto/openssh/ssh_config
  stable/10/crypto/openssh/ssh_config.5
  stable/10/crypto/openssh/ssh_namespace.h
  stable/10/crypto/openssh/sshconnect.c
  stable/10/crypto/openssh/sshconnect1.c
  stable/10/crypto/openssh/sshconnect2.c
  stable/10/crypto/openssh/sshd.8
  stable/10/crypto/openssh/sshd.c
  stable/10/crypto/openssh/sshd_config
  stable/10/crypto/openssh/sshd_config.5
  stable/10/crypto/openssh/sshlogin.c
  stable/10/crypto/openssh/sshpty.c
  stable/10/crypto/openssh/uidswap.c
  stable/10/crypto/openssh/umac.c
  stable/10/crypto/openssh/uuencode.c
  stable/10/crypto/openssh/version.h
  stable/10/crypto/openssh/xmalloc.c
  stable/10/crypto/openssh/xmalloc.h
  stable/10/lib/libpam/modules/pam_ssh/pam_ssh.c
  stable/10/secure/lib/libssh/Makefile
  stable/10/secure/usr.sbin/sshd/Makefile
Directory Properties:
  stable/10/   (props changed)
  stable/10/crypto/openssh/   (props changed)
  stable/10/crypto/openssh/openbsd-compat/   (props changed)
  stable/10/crypto/openssh/openbsd-compat/regress/   (props changed)
  stable/10/crypto/openssh/regress/unittests/bitmap/Makefile   (props changed)
  stable/10/crypto/openssh/regress/unittests/bitmap/tests.c   (props changed)
  stable/10/crypto/openssh/regress/unittests/hostkeys/Makefile   (props changed)
  stable/10/crypto/openssh/regress/unittests/hostkeys/mktestdata.sh   (props changed)
  stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/dsa_1.pub   (props changed)
  stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/dsa_2.pub   (props changed)
  stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/dsa_3.pub   (props changed)
  stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/dsa_4.pub   (props changed)
  stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/dsa_5.pub   (props changed)
  stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/dsa_6.pub   (props changed)
  stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/ecdsa_1.pub   (props changed)
  stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/ecdsa_2.pub   (props changed)
  stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/ecdsa_3.pub   (props changed)
  stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/ecdsa_4.pub   (props changed)
  stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/ecdsa_5.pub   (props changed)
  stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/ecdsa_6.pub   (props changed)
  stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/ed25519_1.pub   (props changed)
  stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/ed25519_2.pub   (props changed)
  stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/ed25519_3.pub   (props changed)
  stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/ed25519_4.pub   (props changed)
  stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/ed25519_5.pub   (props changed)
  stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/ed25519_6.pub   (props changed)
  stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/rsa1_1.pub   (props changed)
  stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/rsa1_2.pub   (props changed)
  stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/rsa1_3.pub   (props changed)
  stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/rsa1_4.pub   (props changed)
  stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/rsa1_5.pub   (props changed)
  stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/rsa1_6.pub   (props changed)
  stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/rsa_1.pub   (props changed)
  stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/rsa_2.pub   (props changed)
  stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/rsa_3.pub   (props changed)
  stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/rsa_4.pub   (props changed)
  stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/rsa_5.pub   (props changed)
  stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/rsa_6.pub   (props changed)
  stable/10/crypto/openssh/regress/unittests/hostkeys/tests.c   (props changed)
  stable/10/crypto/openssh/regress/unittests/kex/Makefile   (props changed)
  stable/10/crypto/openssh/regress/unittests/kex/tests.c   (props changed)

Copied: stable/10/crypto/openssh/.cvsignore (from r294332, head/crypto/openssh/.cvsignore)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ stable/10/crypto/openssh/.cvsignore	Sun Feb  7 11:38:54 2016	(r295367, copy of r294332, head/crypto/openssh/.cvsignore)
@@ -0,0 +1,28 @@
+*.0
+*.out
+Makefile
+autom4te.cache
+buildit.sh
+buildpkg.sh
+config.cache
+config.h
+config.h.in
+config.log
+config.status
+configure
+openssh.xml
+opensshd.init
+scp
+sftp
+sftp-server
+ssh
+ssh-add
+ssh-agent
+ssh-keygen
+ssh-keyscan
+ssh-keysign
+ssh-pkcs11-helper
+sshd
+stamp-h.in
+survey
+survey.sh

Modified: stable/10/crypto/openssh/ChangeLog
==============================================================================
--- stable/10/crypto/openssh/ChangeLog	Sun Feb  7 09:51:22 2016	(r295366)
+++ stable/10/crypto/openssh/ChangeLog	Sun Feb  7 11:38:54 2016	(r295367)
@@ -1,2887 +1,7615 @@
-20140313
- - (djm) Release OpenSSH 6.6
-
-20140304
- - OpenBSD CVS Sync
-   - djm@cvs.openbsd.org 2014/03/03 22:22:30
-     [session.c]
-     ignore enviornment variables with embedded '=' or '\0' characters;
-     spotted by Jann Horn; ok deraadt@
-
-20140301
- - (djm) [regress/Makefile] Disable dhgex regress test; it breaks when
-   no moduli file exists at the expected location.
-
-20140228
- - OpenBSD CVS Sync
-   - djm@cvs.openbsd.org 2014/02/27 00:41:49
-     [bufbn.c]
-     fix unsigned overflow that could lead to reading a short ssh protocol
-     1 bignum value; found by Ben Hawkes; ok deraadt@
-   - djm@cvs.openbsd.org 2014/02/27 08:25:09
-     [bufbn.c]
-     off by one in range check
-   - djm@cvs.openbsd.org 2014/02/27 22:47:07
-     [sshd_config.5]
-     bz#2184 clarify behaviour of a keyword that appears in multiple
-     matching Match blocks; ok dtucker@
-   - djm@cvs.openbsd.org 2014/02/27 22:57:40
-     [version.h]
-     openssh-6.6
-   - dtucker@cvs.openbsd.org 2014/01/19 23:43:02
-     [regress/sftp-chroot.sh]
-     Don't use -q on sftp as it suppresses logging, instead redirect the
-     output to the regress logfile.
-   - dtucker@cvs.openbsd.org 2014/01/20 00:00:30
-     [sregress/ftp-chroot.sh]
-     append to rather than truncating the log file
-   - dtucker@cvs.openbsd.org 2014/01/25 04:35:32
-     [regress/Makefile regress/dhgex.sh]
-     Add a test for DH GEX sizes
-   - djm@cvs.openbsd.org 2014/01/26 10:22:10
-     [regress/cert-hostkey.sh]
-     automatically generate revoked keys from listed keys rather than
-     manually specifying each type; from portable
-     (Id sync only)
-   - djm@cvs.openbsd.org 2014/01/26 10:49:17
-     [scp-ssh-wrapper.sh scp.sh]
-     make sure $SCP is tested on the remote end rather than whichever one
-     happens to be in $PATH; from portable
-     (Id sync only)
-   - djm@cvs.openbsd.org 2014/02/27 20:04:16
-     [login-timeout.sh]
-     remove any existing LoginGraceTime from sshd_config before adding
-     a specific one for the test back in
-   - djm@cvs.openbsd.org 2014/02/27 21:21:25
-     [agent-ptrace.sh agent.sh]
-     keep return values that are printed in error messages;
-     from portable
-     (Id sync only)
- - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
-   [contrib/suse/openssh.spec] Crank version numbers
- - (djm) [regress/host-expand.sh] Add RCS Id
-
-20140227
- - OpenBSD CVS Sync
-   - djm@cvs.openbsd.org 2014/02/26 20:18:37
-     [ssh.c]
-     bz#2205: avoid early hostname lookups unless canonicalisation is enabled;
-     ok dtucker@ markus@
-   - djm@cvs.openbsd.org 2014/02/26 20:28:44
-     [auth2-gss.c gss-serv.c ssh-gss.h sshd.c]
-     bz#2107 - cache OIDs of supported GSSAPI mechanisms before privsep
-     sandboxing, as running this code in the sandbox can cause violations;
-     ok markus@
-   - djm@cvs.openbsd.org 2014/02/26 20:29:29
-     [channels.c]
-     don't assume that the socks4 username is \0 terminated;
-     spotted by Ben Hawkes; ok markus@
-   - markus@cvs.openbsd.org 2014/02/26 21:53:37
-     [sshd.c]
-     ssh_gssapi_prepare_supported_oids needs GSSAPI
-
-20140224
- - OpenBSD CVS Sync
-   - djm@cvs.openbsd.org 2014/02/07 06:55:54
-     [cipher.c mac.c]
-     remove some logging that makes ssh debugging output very verbose;
-     ok markus
-   - djm@cvs.openbsd.org 2014/02/15 23:05:36
-     [channels.c]
-     avoid spurious "getsockname failed: Bad file descriptor" errors in ssh -W;
-     bz#2200, debian#738692 via Colin Watson; ok dtucker@
-   - djm@cvs.openbsd.org 2014/02/22 01:32:19
-     [readconf.c]
-     when processing Match blocks, skip 'exec' clauses if previous predicates
-     failed to match; ok markus@
-   - djm@cvs.openbsd.org 2014/02/23 20:03:42
-     [ssh-ed25519.c]
-     check for unsigned overflow; not reachable in OpenSSH but others might
-     copy our code...
-   - djm@cvs.openbsd.org 2014/02/23 20:11:36
-     [readconf.c readconf.h ssh.c ssh_config.5]
-     reparse ssh_config and ~/.ssh/config if hostname canonicalisation changes
-     the hostname. This allows users to write configurations that always
-     refer to canonical hostnames, e.g.
-     
-     CanonicalizeHostname yes
-     CanonicalDomains int.example.org example.org
-     CanonicalizeFallbackLocal no
-     
-     Host *.int.example.org
-         Compression off
-     Host *.example.org
-         User djm
-     
-     ok markus@
+commit c88ac102f0eb89f2eaa314cb2e2e0ca3c890c443
+Author: Damien Miller <djm@mindrot.org>
+Date:   Thu Jan 14 11:08:19 2016 +1100
+
+    bump version numbers
+
+commit 302bc21e6fadacb04b665868cd69b625ef69df90
+Author: Damien Miller <djm@mindrot.org>
+Date:   Thu Jan 14 11:04:04 2016 +1100
+
+    openssh-7.1p2
+
+commit 6b33763242c063e4e0593877e835eeb1fd1b60aa
+Author: Damien Miller <djm@mindrot.org>
+Date:   Thu Jan 14 11:02:58 2016 +1100
+
+    forcibly disable roaming support in the client
+
+commit 34d364f0d2e1e30a444009f0e04299bb7c94ba13
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Mon Oct 5 17:11:21 2015 +0000
+
+    upstream commit
+    
+    some more bzero->explicit_bzero, from Michael McConville
+    
+    Upstream-ID: 17f19545685c33327db2efdc357c1c9225ff00d0
+
+commit 8f5b93026797b9f7fba90d0c717570421ccebbd3
+Author: guenther@openbsd.org <guenther@openbsd.org>
+Date:   Fri Sep 11 08:50:04 2015 +0000
+
+    upstream commit
+    
+    Use explicit_bzero() when zeroing before free()
+    
+    from Michael McConville (mmcconv1 (at) sccs.swarthmore.edu)
+    ok millert@ djm@
+    
+    Upstream-ID: 2e3337db046c3fe70c7369ee31515ac73ec00f50
+
+commit d77148e3a3ef6c29b26ec74331455394581aa257
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Sun Nov 8 21:59:11 2015 +0000
+
+    upstream commit
+    
+    fix OOB read in packet code caused by missing return
+     statement found by Ben Hawkes; ok markus@ deraadt@
+    
+    Upstream-ID: a3e3a85434ebfa0690d4879091959591f30efc62
+
+commit 076d849e17ab12603627f87b301e2dca71bae518
+Author: Damien Miller <djm@mindrot.org>
+Date:   Sat Nov 14 18:44:49 2015 +1100
+
+    read back from libcrypto RAND when privdropping
+    
+    makes certain libcrypto implementations cache a /dev/urandom fd
+    in preparation of sandboxing. Based on patch by Greg Hartman.
+
+commit f72adc0150011a28f177617a8456e1f83733099d
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Sun Dec 13 22:42:23 2015 +0000
+
+    upstream commit
+    
+    unbreak connections with peers that set
+     first_kex_follows; fix from Matt Johnston va bz#2515
+    
+    Upstream-ID: decc88ec4fc7515594fdb42b04aa03189a44184b
+
+commit 04bd8d019ccd906cac1a2b362517b8505f3759e6
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Tue Jan 12 23:42:54 2016 +0000
+
+    upstream commit
+    
+    use explicit_bzero() more liberally in the buffer code; ok
+     deraadt
+    
+    Upstream-ID: 0ece37069fd66bc6e4f55eb1321f93df372b65bf
+
+commit e91346dc2bbf460246df2ab591b7613908c1b0ad
+Author: Damien Miller <djm@mindrot.org>
+Date:   Fri Aug 21 14:49:03 2015 +1000
+
+    we don't use Github for issues/pull-requests
+
+commit a4f5b507c708cc3dc2c8dd2d02e4416d7514dc23
+Author: Damien Miller <djm@mindrot.org>
+Date:   Fri Aug 21 14:43:55 2015 +1000
+
+    fix URL for connect.c
+
+commit d026a8d3da0f8186598442997c7d0a28e7275414
+Author: Damien Miller <djm@mindrot.org>
+Date:   Fri Aug 21 13:47:10 2015 +1000
+
+    update version numbers for 7.1
+
+commit 78f8f589f0ca1c9f41e5a9bae3cda5ce8a6b42ed
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Aug 21 03:45:26 2015 +0000
+
+    upstream commit
+    
+    openssh-7.1
+    
+    Upstream-ID: ff7b1ef4b06caddfb45e08ba998128c88be3d73f
+
+commit 32a181980c62fce94f7f9ffaf6a79d90f0c309cf
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Aug 21 03:42:19 2015 +0000
+
+    upstream commit
+    
+    fix inverted logic that broke PermitRootLogin; reported
+     by Mantas Mikulenas; ok markus@
+    
+    Upstream-ID: 260dd6a904c1bb7e43267e394b1c9cf70bdd5ea5
+
+commit ce445b0ed927e45bd5bdce8f836eb353998dd65c
+Author: deraadt@openbsd.org <deraadt@openbsd.org>
+Date:   Thu Aug 20 22:32:42 2015 +0000
+
+    upstream commit
+    
+    Do not cast result of malloc/calloc/realloc* if stdlib.h
+     is in scope ok krw millert
+    
+    Upstream-ID: 5e50ded78cadf3841556649a16cc4b1cb6c58667
+
+commit 05291e5288704d1a98bacda269eb5a0153599146
+Author: naddy@openbsd.org <naddy@openbsd.org>
+Date:   Thu Aug 20 19:20:06 2015 +0000
+
+    upstream commit
+    
+    In the certificates section, be consistent about using
+     "host_key" and "user_key" for the respective key types.  ok sthen@ deraadt@
+    
+    Upstream-ID: 9e037ea3b15577b238604c5533e082a3947f13cb
+
+commit 8543d4ef6f2e9f98c3e6b77c894ceec30c5e4ae4
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Wed Aug 19 23:21:42 2015 +0000
+
+    upstream commit
+    
+    Better compat matching for WinSCP, add compat matching
+     for FuTTY (fork of PuTTY); ok markus@ deraadt@
+    
+    Upstream-ID: 24001d1ac115fa3260fbdc329a4b9aeb283c5389
+
+commit ec6eda16ebab771aa3dfc90629b41953b999cb1e
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Wed Aug 19 23:19:01 2015 +0000
+
+    upstream commit
+    
+    fix double-free() in error path of DSA key generation
+     reported by Mateusz Kocielski; ok markus@
+    
+    Upstream-ID: 4735d8f888b10599a935fa1b374787089116713c
+
+commit 45b0eb752c94954a6de046bfaaf129e518ad4b5b
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Wed Aug 19 23:18:26 2015 +0000
+
+    upstream commit
+    
+    fix free() of uninitialised pointer reported by Mateusz
+     Kocielski; ok markus@
+    
+    Upstream-ID: 519552b050618501a06b7b023de5cb104e2c5663
+
+commit c837643b93509a3ef538cb6624b678c5fe32ff79
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Wed Aug 19 23:17:51 2015 +0000
+
+    upstream commit
+    
+    fixed unlink([uninitialised memory]) reported by Mateusz
+     Kocielski; ok markus@
+    
+    Upstream-ID: 14a0c4e7d891f5a8dabc4b89d4f6b7c0d5a20109
+
+commit 1f8d3d629cd553031021068eb9c646a5f1e50994
+Author: jmc@openbsd.org <jmc@openbsd.org>
+Date:   Fri Aug 14 15:32:41 2015 +0000
+
+    upstream commit
+    
+    match myproposal.h order; from brian conway (i snuck in a
+     tweak while here)
+    
+    ok dtucker
+    
+    Upstream-ID: 35174a19b5237ea36aa3798f042bf5933b772c67
+
+commit 1dc8d93ce69d6565747eb44446ed117187621b26
+Author: deraadt@openbsd.org <deraadt@openbsd.org>
+Date:   Thu Aug 6 14:53:21 2015 +0000
+
+    upstream commit
+    
+    add prohibit-password as a synonymn for without-password,
+     since the without-password is causing too many questions.  Harden it to ban
+     all but pubkey, hostbased, and GSSAPI auth (when the latter is enabled) from
+     djm, ok markus
+    
+    Upstream-ID: d53317d7b28942153e6236d3fd6e12ceb482db7a
+
+commit 90a95a4745a531b62b81ce3b025e892bdc434de5
+Author: Damien Miller <djm@mindrot.org>
+Date:   Tue Aug 11 13:53:41 2015 +1000
+
+    update version in README
+
+commit 318c37743534b58124f1bab37a8a0087a3a9bd2f
+Author: Damien Miller <djm@mindrot.org>
+Date:   Tue Aug 11 13:53:09 2015 +1000
+
+    update versions in *.spec
+
+commit 5e75f5198769056089fb06c4d738ab0e5abc66f7
+Author: Damien Miller <djm@mindrot.org>
+Date:   Tue Aug 11 13:34:12 2015 +1000
+
+    set sshpam_ctxt to NULL after free
+    
+    Avoids use-after-free in monitor when privsep child is compromised.
+    Reported by Moritz Jodeit; ok dtucker@
+
+commit d4697fe9a28dab7255c60433e4dd23cf7fce8a8b
+Author: Damien Miller <djm@mindrot.org>
+Date:   Tue Aug 11 13:33:24 2015 +1000
+
+    Don't resend username to PAM; it already has it.
+    
+    Pointed out by Moritz Jodeit; ok dtucker@
+
+commit 88763a6c893bf3dfe951ba9271bf09715e8d91ca
+Author: Darren Tucker <dtucker@zip.com.au>
+Date:   Mon Jul 27 12:14:25 2015 +1000
+
+    Import updated moduli file from OpenBSD.
+
+commit 55b263fb7cfeacb81aaf1c2036e0394c881637da
+Author: Damien Miller <djm@mindrot.org>
+Date:   Mon Aug 10 11:13:44 2015 +1000
+
+    let principals-command.sh work for noexec /var/run
+
+commit 2651e34cd11b1aac3a0fe23b86d8c2ff35c07897
+Author: Damien Miller <djm@mindrot.org>
+Date:   Thu Aug 6 11:43:42 2015 +1000
+
+    work around echo -n / sed behaviour in tests
+
+commit d85dad81778c1aa8106acd46930b25fdf0d15b2a
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Wed Aug 5 05:27:33 2015 +0000
+
+    upstream commit
+    
+    adjust for RSA minimum modulus switch; ok deraadt@
+    
+    Upstream-Regress-ID: 5a72c83431b96224d583c573ca281cd3a3ebfdae
+
+commit 57e8e229bad5fe6056b5f1199665f5f7008192c6
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Tue Aug 4 05:23:06 2015 +0000
+
+    upstream commit
+    
+    backout SSH_RSA_MINIMUM_MODULUS_SIZE increase for this
+     release; problems spotted by sthen@ ok deraadt@ markus@
+    
+    Upstream-ID: d0bd60dde9e8c3cd7030007680371894c1499822
+
+commit f097d0ea1e0889ca0fa2e53a00214e43ab7fa22a
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Sun Aug 2 09:56:42 2015 +0000
+
+    upstream commit
+    
+    openssh 7.0; ok deraadt@
+    
+    Upstream-ID: c63afdef537f57f28ae84145c5a8e29e9250221f
+
+commit 3d5728a0f6874ce4efb16913a12963595070f3a9
+Author: chris@openbsd.org <chris@openbsd.org>
+Date:   Fri Jul 31 15:38:09 2015 +0000
+
+    upstream commit
+    
+    Allow PermitRootLogin to be overridden by config
+    
+    ok markus@ deeradt@
+    
+    Upstream-ID: 5cf3e26ed702888de84e2dc9d0054ccf4d9125b4
+
+commit 6f941396b6835ad18018845f515b0c4fe20be21a
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Thu Jul 30 23:09:15 2015 +0000
+
+    upstream commit
+    
+    fix pty permissions; patch from Nikolay Edigaryev; ok
+     deraadt
+    
+    Upstream-ID: 40ff076d2878b916fbfd8e4f45dbe5bec019e550
+
+commit f4373ed1e8fbc7c8ce3fc4ea97d0ba2e0c1d7ef0
+Author: deraadt@openbsd.org <deraadt@openbsd.org>
+Date:   Thu Jul 30 19:23:02 2015 +0000
+
+    upstream commit
+    
+    change default: PermitRootLogin without-password matching
+     install script changes coming as well ok djm markus
+    
+    Upstream-ID: 0e2a6c4441daf5498b47a61767382bead5eb8ea6
+
+commit 0c30ba91f87fcda7e975e6ff8a057f624e87ea1c
+Author: Damien Miller <djm@mindrot.org>
+Date:   Thu Jul 30 12:31:39 2015 +1000
+
+    downgrade OOM adjustment logging: verbose -> debug
+
+commit f9eca249d4961f28ae4b09186d7dc91de74b5895
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Thu Jul 30 00:01:34 2015 +0000
+
+    upstream commit
+    
+    Allow ssh_config and sshd_config kex parameters options be
+     prefixed by a '+' to indicate that the specified items be appended to the
+     default rather than replacing it.
+    
+    approach suggested by dtucker@, feedback dlg@, ok markus@
+    
+    Upstream-ID: 0f901137298fc17095d5756ff1561a7028e8882a
+
+commit 5cefe769105a2a2e3ca7479d28d9a325d5ef0163
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Wed Jul 29 08:34:54 2015 +0000
+
+    upstream commit
+    
+    fix bug in previous; was printing incorrect string for
+     failed host key algorithms negotiation
+    
+    Upstream-ID: 22c0dc6bc61930513065d92e11f0753adc4c6e6e
+
+commit f319912b0d0e1675b8bb051ed8213792c788bcb2
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Wed Jul 29 04:43:06 2015 +0000
+
+    upstream commit
+    
+    include the peer's offer when logging a failure to
+     negotiate a mutual set of algorithms (kex, pubkey, ciphers, etc.) ok markus@
+    
+    Upstream-ID: bbb8caabf5c01790bb845f5ce135565248d7c796
+
+commit b6ea0e573042eb85d84defb19227c89eb74cf05a
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Tue Jul 28 23:20:42 2015 +0000
+
+    upstream commit
+    
+    add Cisco to the list of clients that choke on the
+     hostkeys update extension. Pointed out by Howard Kash
+    
+    Upstream-ID: c9eadde28ecec056c73d09ee10ba4570dfba7e84
+
+commit 3f628c7b537291c1019ce86af90756fb4e66d0fd
+Author: guenther@openbsd.org <guenther@openbsd.org>
+Date:   Mon Jul 27 16:29:23 2015 +0000
+
+    upstream commit
+    
+    Permit kbind(2) use in the sandbox now, to ease testing
+     of ld.so work using it
+    
+    reminded by miod@, ok deraadt@
+    
+    Upstream-ID: 523922e4d1ba7a091e3824e77a8a3c818ee97413
+
+commit ebe27ebe520098bbc0fe58945a87ce8490121edb
+Author: millert@openbsd.org <millert@openbsd.org>
+Date:   Mon Jul 20 18:44:12 2015 +0000
+
+    upstream commit
+    
+    Move .Pp before .Bl, not after to quiet mandoc -Tlint.
+     Noticed by jmc@
+    
+    Upstream-ID: 59fadbf8407cec4e6931e50c53cfa0214a848e23
+
+commit d5d91d0da819611167782c66ab629159169d94d4
+Author: millert@openbsd.org <millert@openbsd.org>
+Date:   Mon Jul 20 18:42:35 2015 +0000
+
+    upstream commit
+    
+    Sync usage with SYNOPSIS
+    
+    Upstream-ID: 7a321a170181a54f6450deabaccb6ef60cf3f0b7
+
+commit 79ec2142fbc68dd2ed9688608da355fc0b1ed743
+Author: millert@openbsd.org <millert@openbsd.org>
+Date:   Mon Jul 20 15:39:52 2015 +0000
+
+    upstream commit
+    
+    Better desciption of Unix domain socket forwarding.
+     bz#2423; ok jmc@
+    
+    Upstream-ID: 85e28874726897e3f26ae50dfa2e8d2de683805d
+
+commit d56fd1828074a4031b18b8faa0bf949669eb18a0
+Author: Damien Miller <djm@mindrot.org>
+Date:   Mon Jul 20 11:19:51 2015 +1000
+
+    make realpath.c compile -Wsign-compare clean
+
+commit c63c9a691dca26bb7648827f5a13668832948929
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Mon Jul 20 00:30:01 2015 +0000
+
+    upstream commit
+    
+    mention that the default of UseDNS=no implies that
+     hostnames cannot be used for host matching in sshd_config and
+     authorized_keys; bz#2045, ok dtucker@
+    
+    Upstream-ID: 0812705d5f2dfa59aab01f2764ee800b1741c4e1
+
+commit 63ebcd0005e9894fcd6871b7b80aeea1fec0ff76
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Sat Jul 18 08:02:17 2015 +0000
+
+    upstream commit
+    
+    don't ignore PKCS#11 hosted keys that return empty
+     CKA_ID; patch by Jakub Jelen via bz#2429; ok markus
+    
+    Upstream-ID: 2f7c94744eb0342f8ee8bf97b2351d4e00116485
+
+commit b15fd989c8c62074397160147a8d5bc34b3f3c63
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Sat Jul 18 08:00:21 2015 +0000
+
+    upstream commit
+    
+    skip uninitialised PKCS#11 slots; patch from Jakub Jelen
+     in bz#2427 ok markus@
+    
+    Upstream-ID: 744c1e7796e237ad32992d0d02148e8a18f27d29
+
+commit 5b64f85bb811246c59ebab70aed331f26ba37b18
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Sat Jul 18 07:57:14 2015 +0000
+
+    upstream commit
+    
+    only query each keyboard-interactive device once per
+     authentication request regardless of how many times it is listed; ok markus@
+    
+    Upstream-ID: d73fafba6e86030436ff673656ec1f33d9ffeda1
+
+commit cd7324d0667794eb5c236d8a4e0f236251babc2d
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Jul 17 03:34:27 2015 +0000
+
+    upstream commit
+    
+    remove -u flag to diff (only used for error output) to make
+     things easier for -portable
+    
+    Upstream-Regress-ID: a5d6777d2909540d87afec3039d9bb2414ade548
+
+commit deb8d99ecba70b67f4af7880b11ca8768df9ec3a
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Jul 17 03:09:19 2015 +0000
+
+    upstream commit
+    
+    direct-streamlocal@openssh.com Unix domain foward
+     messages do not contain a "reserved for future use" field and in fact,
+     serverloop.c checks that there isn't one. Remove erroneous mention from
+     PROTOCOL description. bz#2421 from Daniel Black
+    
+    Upstream-ID: 3d51a19e64f72f764682f1b08f35a8aa810a43ac
+
+commit 356b61f365405b5257f5b2ab446e5d7bd33a7b52
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Jul 17 03:04:27 2015 +0000
+
+    upstream commit
+    
+    describe magic for setting up Unix domain socket fowards
+     via the mux channel; bz#2422 patch from Daniel Black
+    
+    Upstream-ID: 943080fe3864715c423bdeb7c920bb30c4eee861
+
+commit d3e2aee41487d55b8d7d40f538b84ff1db7989bc
+Author: Darren Tucker <dtucker@zip.com.au>
+Date:   Fri Jul 17 12:52:34 2015 +1000
+
+    Check if realpath works on nonexistent files.
+    
+    On some platforms the native realpath doesn't work with non-existent
+    files (this is actually specified in some versions of POSIX), however
+    the sftp spec says its realpath with "canonicalize any given path name".
+    On those platforms, use realpath from the compat library.
+    
+    In addition, when compiling with -DFORTIFY_SOURCE, glibc redefines
+    the realpath symbol to the checked version, so redefine ours to
+    something else so we pick up the compat version we want.
+    
+    bz#2428, ok djm@
+
+commit 25b14610dab655646a109db5ef8cb4c4bf2a48a0
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Jul 17 02:47:45 2015 +0000
+
+    upstream commit
+    
+    fix incorrect test for SSH1 keys when compiled without SSH1
+     support
+    
+    Upstream-ID: 6004d720345b8e481c405e8ad05ce2271726e451
+
+commit df56a8035d429b2184ee94aaa7e580c1ff67f73a
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Wed Jul 15 08:00:11 2015 +0000
+
+    upstream commit
+    
+    fix NULL-deref when SSH1 reenabled
+    
+    Upstream-ID: f22fd805288c92b3e9646782d15b48894b2d5295
+
+commit 41e38c4d49dd60908484e6703316651333f16b93
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Wed Jul 15 07:19:50 2015 +0000
+
+    upstream commit
+    
+    regen RSA1 test keys; the last batch was missing their
+     private parts
+    
+    Upstream-Regress-ID: 7ccf437305dd63ff0b48dd50c5fd0f4d4230c10a
+
+commit 5bf0933184cb622ca3f96d224bf3299fd2285acc
+Author: markus@openbsd.org <markus@openbsd.org>
+Date:   Fri Jul 10 06:23:25 2015 +0000
+
+    upstream commit
+    
+    Adapt tests, now that DSA if off by default; use
+     PubkeyAcceptedKeyTypes and PubkeyAcceptedKeyTypes to test DSA.
+    
+    Upstream-Regress-ID: 0ff2a3ff5ac1ce5f92321d27aa07b98656efcc5c
+
+commit 7a6e3fd7b41dbd3756b6bf9acd67954c0b1564cc
+Author: markus@openbsd.org <markus@openbsd.org>
+Date:   Tue Jul 7 14:54:16 2015 +0000
+
+    upstream commit
+    
+    regen test data after mktestdata.sh changes
+    
+    Upstream-Regress-ID: 3495ecb082b9a7c048a2d7c5c845d3bf181d25a4
+
+commit 7c8c174c69f681d4910fa41c37646763692b28e2
+Author: markus@openbsd.org <markus@openbsd.org>
+Date:   Tue Jul 7 14:53:30 2015 +0000
+
+    upstream commit
+    
+    adapt tests to new minimum RSA size and default FP format
+    
+    Upstream-Regress-ID: a4b30afd174ce82b96df14eb49fb0b81398ffd0e
+
+commit 6a977a4b68747ade189e43d302f33403fd4a47ac
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Jul 3 04:39:23 2015 +0000
+
+    upstream commit
+    
+    legacy v00 certificates are gone; adapt and don't try to
+     test them; "sure" markus@ dtucker@
+    
+    Upstream-Regress-ID: c57321e69b3cd4a3b3396dfcc43f0803d047da12
+
+commit 0c4123ad5e93fb90fee9c6635b13a6cdabaac385
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Wed Jul 1 23:11:18 2015 +0000
+
+    upstream commit
+    
+    don't expect SSH v.1 in unittests
+    
+    Upstream-Regress-ID: f8812b16668ba78e6a698646b2a652b90b653397
+
+commit 3c099845798a817cdde513c39074ec2063781f18
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Mon Jun 15 06:38:50 2015 +0000
+
+    upstream commit
+    
+    turn SSH1 back on to match src/usr.bin/ssh being tested
+    
+    Upstream-Regress-ID: 6c4f763a2f0cc6893bf33983919e9030ae638333
+
+commit b1dc2b33689668c75e95f873a42d5aea1f4af1db
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Mon Jul 13 04:57:14 2015 +0000
+
+    upstream commit
+    
+    Add "PuTTY_Local:" to the clients to which we do not
+     offer DH-GEX. This was the string that was used for development versions
+     prior to September 2014 and they don't do RFC4419 DH-GEX, but unfortunately
+     there are some extant products based on those versions.  bx2424 from Jay
+     Rouman, ok markus@ djm@
+    
+    Upstream-ID: be34d41e18b966832fe09ca243d275b81882e1d5
+
+commit 3a1638dda19bbc73d0ae02b4c251ce08e564b4b9
+Author: markus@openbsd.org <markus@openbsd.org>
+Date:   Fri Jul 10 06:21:53 2015 +0000
+
+    upstream commit
+    
+    Turn off DSA by default; add HostKeyAlgorithms to the
+     server and PubkeyAcceptedKeyTypes to the client side, so it still can be
+     tested or turned back on; feedback and ok djm@
+    
+    Upstream-ID: 8450a9e6d83f80c9bfed864ff061dfc9323cec21
+
+commit 16db0a7ee9a87945cc594d13863cfcb86038db59
+Author: markus@openbsd.org <markus@openbsd.org>
+Date:   Thu Jul 9 09:49:46 2015 +0000
+
+    upstream commit
+    
+    re-enable ed25519-certs if compiled w/o openssl; ok djm
+    
+    Upstream-ID: e10c90808b001fd2c7a93778418e9b318f5c4c49
+
+commit c355bf306ac33de6545ce9dac22b84a194601e2f
+Author: markus@openbsd.org <markus@openbsd.org>
+Date:   Wed Jul 8 20:24:02 2015 +0000
+
+    upstream commit
+    
+    no need to include the old buffer/key API
+    
+    Upstream-ID: fb13c9f7c0bba2545f3eb0a0e69cb0030819f52b
+
+commit a3cc48cdf9853f1e832d78cb29bedfab7adce1ee
+Author: markus@openbsd.org <markus@openbsd.org>
+Date:   Wed Jul 8 19:09:25 2015 +0000
+
+    upstream commit
+    
+    typedefs for Cipher&CipherContext are unused
+    
+    Upstream-ID: 50e6a18ee92221d23ad173a96d5b6c42207cf9a7
+
+commit a635bd06b5c427a57c3ae760d3a2730bb2c863c0
+Author: markus@openbsd.org <markus@openbsd.org>
+Date:   Wed Jul 8 19:04:21 2015 +0000
+
+    upstream commit
+    
+    xmalloc.h is unused
+    
+    Upstream-ID: afb532355b7fa7135a60d944ca1e644d1d63cb58
+
+commit 2521cf0e36c7f3f6b19f206da0af134f535e4a31
+Author: markus@openbsd.org <markus@openbsd.org>
+Date:   Wed Jul 8 19:01:15 2015 +0000
+
+    upstream commit
+    
+    compress.c is gone
+    
+    Upstream-ID: 174fa7faa9b9643cba06164b5e498591356fbced
+
+commit c65a7aa6c43aa7a308ee1ab8a96f216169ae9615
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Jul 3 04:05:54 2015 +0000
+
+    upstream commit
+    
+    another SSH_RSA_MINIMUM_MODULUS_SIZE that needed
+     cranking
+    
+    Upstream-ID: 9d8826cafe96aab4ae8e2f6fd22800874b7ffef1
+
+commit b1f383da5cd3cb921fc7776f17a14f44b8a31757
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Jul 3 03:56:25 2015 +0000
+
+    upstream commit
+    
+    add an XXX reminder for getting correct key paths from
+     sshd_config
+    
+    Upstream-ID: feae52b209d7782ad742df04a4260e9fe41741db
+
+commit 933935ce8d093996c34d7efa4d59113163080680
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Jul 3 03:49:45 2015 +0000
+
+    upstream commit
+    
+    refuse to generate or accept RSA keys smaller than 1024
+     bits; feedback and ok dtucker@
+    
+    Upstream-ID: 7ea3d31271366ba264f06e34a3539bf1ac30f0ba
+
+commit bdfd29f60b74f3e678297269dc6247a5699583c1
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Jul 3 03:47:00 2015 +0000
+
+    upstream commit
+    
+    turn off 1024 bit diffie-hellman-group1-sha1 key
+     exchange method (already off in server, this turns it off in the client by
+     default too) ok dtucker@
+    
+    Upstream-ID: f59b88f449210ab7acf7d9d88f20f1daee97a4fa
+
+commit c28fc62d789d860c75e23a9fa9fb250eb2beca57
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Jul 3 03:43:18 2015 +0000
+
+    upstream commit
+    
+    delete support for legacy v00 certificates; "sure"
+     markus@ dtucker@
+    
+    Upstream-ID: b5b9bb5f9202d09e88f912989d74928601b6636f
+
+commit 564d63e1b4a9637a209d42a9d49646781fc9caef
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Wed Jul 1 23:10:47 2015 +0000
+
+    upstream commit
+    
+    Compile-time disable SSH v.1 again
+    
+    Upstream-ID: 1d4b513a3a06232f02650b73bad25100d1b800af
+
+commit 868109b650504dd9bcccdb1f51d0906f967c20ff
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Wed Jul 1 02:39:06 2015 +0000
+
+    upstream commit
+    
+    twiddle PermitRootLogin back
+    
+    Upstream-ID: 2bd23976305d0512e9f84d054e1fc23cd70b89f2
+
+commit 7de4b03a6e4071d454b72927ffaf52949fa34545
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Wed Jul 1 02:32:17 2015 +0000
+
+    upstream commit
+    
+    twiddle; (this commit marks the openssh-6.9 release)
+    
+    Upstream-ID: 78500582819f61dd8adee36ec5cc9b9ac9351234
+
+commit 1bf477d3cdf1a864646d59820878783d42357a1d
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Wed Jul 1 02:26:31 2015 +0000
+
+    upstream commit
+    
+    better refuse ForwardX11Trusted=no connections attempted
+     after ForwardX11Timeout expires; reported by Jann Horn
+    
+    Upstream-ID: bf0fddadc1b46a0334e26c080038313b4b6dea21
+
+commit 47aa7a0f8551b471fcae0447c1d78464f6dba869
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Wed Jul 1 01:56:13 2015 +0000
+
+    upstream commit
+    
+    put back default PermitRootLogin=no
+    
+    Upstream-ID: 7bdedd5cead99c57ed5571f3b6b7840922d5f728
+
+commit 984b064fe2a23733733262f88d2e1b2a1a501662
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Wed Jul 1 01:55:13 2015 +0000
+
+    upstream commit
+    
+    openssh-6.9
+    
+    Upstream-ID: 6cfe8e1904812531080e6ab6e752d7001b5b2d45
+
+commit d921082ed670f516652eeba50705e1e9f6325346
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Wed Jul 1 01:55:00 2015 +0000
+
+    upstream commit
+    
+    reset default PermitRootLogin to 'yes' (momentarily, for
+     release)
+    
+    Upstream-ID: cad8513527066e65dd7a1c16363d6903e8cefa24
+
+commit 66295e0e1ba860e527f191b6325d2d77dec4dbce
+Author: Damien Miller <djm@mindrot.org>
+Date:   Wed Jul 1 11:49:12 2015 +1000
+
+    crank version numbers for release
+
+commit 37035c07d4f26bb1fbe000d2acf78efdb008681d
+Author: Damien Miller <djm@mindrot.org>
+Date:   Wed Jul 1 10:49:37 2015 +1000
+
+    s/--with-ssh1/--without-ssh1/
+
+commit 629df770dbadc2accfbe1c81b3f31f876d0acd84
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Tue Jun 30 05:25:07 2015 +0000
+
+    upstream commit
+    
+    fatal() when a remote window update causes the window
+     value to overflow. Reported by Georg Wicherski, ok markus@
+    
+    Upstream-ID: ead397a9aceb3bf74ebfa5fcaf259d72e569f351
+
+commit f715afebe735d61df3fd30ad72d9ac1c8bd3b5f2
+Author: djm@openbsd.org <djm@openbsd.org>

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***