Author: des
Date: Tue Feb  5 15:03:53 2019
New Revision: 343774
URL: https://svnweb.freebsd.org/changeset/base/343774

Log:
  Vendor import of OpenSSH 7.9p1.

Added:
  vendor-crypto/openssh/dist/regress/misc/fuzz-harness/authopt_fuzz.cc
  vendor-crypto/openssh/dist/regress/unittests/sshkey/testdata/rsa_1_sha1
  
vendor-crypto/openssh/dist/regress/unittests/sshkey/testdata/rsa_1_sha1-cert.pub
  vendor-crypto/openssh/dist/regress/unittests/sshkey/testdata/rsa_1_sha1.pub
  vendor-crypto/openssh/dist/regress/unittests/sshkey/testdata/rsa_1_sha512
  
vendor-crypto/openssh/dist/regress/unittests/sshkey/testdata/rsa_1_sha512-cert.pub
  vendor-crypto/openssh/dist/regress/unittests/sshkey/testdata/rsa_1_sha512.pub
Modified:
  vendor-crypto/openssh/dist/.depend
  vendor-crypto/openssh/dist/.skipped-commit-ids
  vendor-crypto/openssh/dist/ChangeLog
  vendor-crypto/openssh/dist/Makefile.in
  vendor-crypto/openssh/dist/PROTOCOL
  vendor-crypto/openssh/dist/PROTOCOL.krl
  vendor-crypto/openssh/dist/PROTOCOL.mux
  vendor-crypto/openssh/dist/README
  vendor-crypto/openssh/dist/auth-options.c
  vendor-crypto/openssh/dist/auth-passwd.c
  vendor-crypto/openssh/dist/auth.c
  vendor-crypto/openssh/dist/auth2-hostbased.c
  vendor-crypto/openssh/dist/auth2-pubkey.c
  vendor-crypto/openssh/dist/authfile.c
  vendor-crypto/openssh/dist/channels.c
  vendor-crypto/openssh/dist/channels.h
  vendor-crypto/openssh/dist/clientloop.c
  vendor-crypto/openssh/dist/config.h.in
  vendor-crypto/openssh/dist/configure
  vendor-crypto/openssh/dist/configure.ac
  vendor-crypto/openssh/dist/contrib/redhat/openssh.spec
  vendor-crypto/openssh/dist/contrib/suse/openssh.spec
  vendor-crypto/openssh/dist/dh.c
  vendor-crypto/openssh/dist/groupaccess.c
  vendor-crypto/openssh/dist/kexgexs.c
  vendor-crypto/openssh/dist/krl.c
  vendor-crypto/openssh/dist/krl.h
  vendor-crypto/openssh/dist/misc.c
  vendor-crypto/openssh/dist/misc.h
  vendor-crypto/openssh/dist/moduli
  vendor-crypto/openssh/dist/mux.c
  vendor-crypto/openssh/dist/myproposal.h
  vendor-crypto/openssh/dist/nchan.c
  vendor-crypto/openssh/dist/openbsd-compat/bsd-asprintf.c
  vendor-crypto/openssh/dist/openbsd-compat/bsd-misc.c
  vendor-crypto/openssh/dist/openbsd-compat/openssl-compat.c
  vendor-crypto/openssh/dist/openbsd-compat/port-linux.c
  vendor-crypto/openssh/dist/openbsd-compat/port-uw.c
  vendor-crypto/openssh/dist/openbsd-compat/setproctitle.c
  vendor-crypto/openssh/dist/openbsd-compat/xcrypt.c
  vendor-crypto/openssh/dist/readconf.c
  vendor-crypto/openssh/dist/readconf.h
  vendor-crypto/openssh/dist/regress/README.regress
  vendor-crypto/openssh/dist/regress/krl.sh
  vendor-crypto/openssh/dist/regress/misc/fuzz-harness/Makefile
  vendor-crypto/openssh/dist/regress/unittests/sshkey/common.c
  vendor-crypto/openssh/dist/regress/unittests/sshkey/mktestdata.sh
  vendor-crypto/openssh/dist/regress/unittests/sshkey/test_file.c
  vendor-crypto/openssh/dist/regress/unittests/sshkey/test_sshkey.c
  vendor-crypto/openssh/dist/regress/unittests/test_helper/fuzz.c
  vendor-crypto/openssh/dist/regress/unittests/test_helper/test_helper.c
  vendor-crypto/openssh/dist/sandbox-seccomp-filter.c
  vendor-crypto/openssh/dist/scp.0
  vendor-crypto/openssh/dist/scp.1
  vendor-crypto/openssh/dist/scp.c
  vendor-crypto/openssh/dist/servconf.c
  vendor-crypto/openssh/dist/servconf.h
  vendor-crypto/openssh/dist/session.c
  vendor-crypto/openssh/dist/session.h
  vendor-crypto/openssh/dist/sftp-common.c
  vendor-crypto/openssh/dist/sftp.0
  vendor-crypto/openssh/dist/sftp.1
  vendor-crypto/openssh/dist/sftp.c
  vendor-crypto/openssh/dist/ssh-add.c
  vendor-crypto/openssh/dist/ssh-keygen.0
  vendor-crypto/openssh/dist/ssh-keygen.1
  vendor-crypto/openssh/dist/ssh-keygen.c
  vendor-crypto/openssh/dist/ssh.0
  vendor-crypto/openssh/dist/ssh.1
  vendor-crypto/openssh/dist/ssh.c
  vendor-crypto/openssh/dist/ssh_config.0
  vendor-crypto/openssh/dist/ssh_config.5
  vendor-crypto/openssh/dist/sshconnect.c
  vendor-crypto/openssh/dist/sshconnect2.c
  vendor-crypto/openssh/dist/sshd.c
  vendor-crypto/openssh/dist/sshd_config.0
  vendor-crypto/openssh/dist/sshd_config.5
  vendor-crypto/openssh/dist/sshkey.c
  vendor-crypto/openssh/dist/sshkey.h
  vendor-crypto/openssh/dist/version.h

Modified: vendor-crypto/openssh/dist/.depend
==============================================================================
--- vendor-crypto/openssh/dist/.depend  Tue Feb  5 13:48:26 2019        
(r343773)
+++ vendor-crypto/openssh/dist/.depend  Tue Feb  5 15:03:53 2019        
(r343774)
@@ -83,8 +83,8 @@ match.o: includes.h config.h defines.h platform.h open
 md5crypt.o: includes.h config.h defines.h platform.h 
openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h 
openbsd-compat/readpassphrase.h openbsd-compat/vis.h 
openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h 
openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h 
openbsd-compat/getopt.h openbsd-compat/bsd-misc.h 
openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h 
openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h 
openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h 
openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h 
openbsd-compat/port-irix.h openbsd-compat/port-linux.h 
openbsd-compat/port-solaris.h openbsd-compat/port-net.h 
openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
 misc.o: includes.h config.h defines.h platform.h 
openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h 
openbsd-compat/readpassphrase.h openbsd-compat/vis.h 
openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h 
openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h 
openbsd-compat/getopt.h openbsd-compat/bsd-misc.h 
openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h 
openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h 
openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h 
openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h 
openbsd-compat/port-irix.h openbsd-compat/port-linux.h 
openbsd-compat/port-solaris.h openbsd-compat/port-net.h 
openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h 
misc.h log.h ssh.h sshbuf.h ssherr.h
 moduli.o: includes.h config.h defines.h platform.h 
openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h 
openbsd-compat/readpassphrase.h openbsd-compat/vis.h 
openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h 
openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h 
openbsd-compat/getopt.h openbsd-compat/bsd-misc.h 
openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h 
openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h 
openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h 
openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h 
openbsd-compat/port-irix.h openbsd-compat/port-linux.h 
openbsd-compat/port-solaris.h openbsd-compat/port-net.h 
openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-monitor.o: includes.h config.h defines.h platform.h 
openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h 
openbsd-compat/readpassphrase.h openbsd-compat/vis.h 
openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h 
openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h 
openbsd-compat/getopt.h openbsd-compat/bsd-misc.h 
openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h 
openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h 
openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h 
openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h 
openbsd-compat/port-irix.h openbsd-compat/port-linux.h 
openbsd-compat/port-solaris.h openbsd-compat/port-net.h 
openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h 
./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h atomicio.h xmalloc.h 
ssh.h sshkey.h sshbuf.h hostfile.h auth.h auth-pam.h audit.h loginrec.h 
cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h
-monitor.o: rijndael.h kex.h mac.h dh.h packet.h dispatch.h opacket.h 
auth-options.h sshpty.h channels.h session.h sshlogin.h canohost.h log.h misc.h 
servconf.h monitor.h monitor_wrap.h monitor_fdpass.h compat.h ssh2.h authfd.h 
match.h ssherr.h
+monitor.o: includes.h config.h defines.h platform.h 
openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h 
openbsd-compat/readpassphrase.h openbsd-compat/vis.h 
openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h 
openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h 
openbsd-compat/getopt.h openbsd-compat/bsd-misc.h 
openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h 
openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h 
openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h 
openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h 
openbsd-compat/port-irix.h openbsd-compat/port-linux.h 
openbsd-compat/port-solaris.h openbsd-compat/port-net.h 
openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h 
./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h 
openbsd-compat/openssl-compat.h atomicio.h xmalloc.h ssh.h sshkey.h sshbuf.h 
hostfile.h auth.h auth-pam.h audit.h loginrec.h cipher.h cipher-chachapoly.h
+monitor.o: chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h dh.h 
packet.h dispatch.h opacket.h auth-options.h sshpty.h channels.h session.h 
sshlogin.h canohost.h log.h misc.h servconf.h monitor.h monitor_wrap.h 
monitor_fdpass.h compat.h ssh2.h authfd.h match.h ssherr.h
 monitor_fdpass.o: includes.h config.h defines.h platform.h 
openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h 
openbsd-compat/readpassphrase.h openbsd-compat/vis.h 
openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h 
openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h 
openbsd-compat/getopt.h openbsd-compat/bsd-misc.h 
openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h 
openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h 
openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h 
openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h 
openbsd-compat/port-irix.h openbsd-compat/port-linux.h 
openbsd-compat/port-solaris.h openbsd-compat/port-net.h 
openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h 
monitor_fdpass.h
 monitor_wrap.o: includes.h config.h defines.h platform.h 
openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h 
openbsd-compat/readpassphrase.h openbsd-compat/vis.h 
openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h 
openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h 
openbsd-compat/getopt.h openbsd-compat/bsd-misc.h 
openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h 
openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h 
openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h 
openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h 
openbsd-compat/port-irix.h openbsd-compat/port-linux.h 
openbsd-compat/port-solaris.h openbsd-compat/port-net.h 
openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h 
openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h cipher.h 
cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h 
hostfile.h auth.h auth-pam.h audit.h loginrec.h
 monitor_wrap.o: auth-options.h packet.h dispatch.h opacket.h log.h monitor.h 
monitor_wrap.h atomicio.h monitor_fdpass.h misc.h channels.h session.h 
servconf.h ssherr.h
@@ -156,7 +156,7 @@ sshd.o: includes.h config.h defines.h platform.h openb
 sshd.o: poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h kex.h mac.h 
myproposal.h authfile.h pathnames.h atomicio.h canohost.h hostfile.h auth.h 
auth-pam.h audit.h loginrec.h authfd.h msg.h channels.h session.h monitor.h 
monitor_wrap.h ssh-sandbox.h auth-options.h version.h ssherr.h
 ssherr.o: ssherr.h
 sshkey-xmss.o: includes.h config.h defines.h platform.h 
openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h 
openbsd-compat/readpassphrase.h openbsd-compat/vis.h 
openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h 
openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h 
openbsd-compat/getopt.h openbsd-compat/bsd-misc.h 
openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h 
openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h 
openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h 
openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h 
openbsd-compat/port-irix.h openbsd-compat/port-linux.h 
openbsd-compat/port-solaris.h openbsd-compat/port-net.h 
openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-sshkey.o: includes.h config.h defines.h platform.h 
openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h 
openbsd-compat/readpassphrase.h openbsd-compat/vis.h 
openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h 
openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h 
openbsd-compat/getopt.h openbsd-compat/bsd-misc.h 
openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h 
openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h 
openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h 
openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h 
openbsd-compat/port-irix.h openbsd-compat/port-linux.h 
openbsd-compat/port-solaris.h openbsd-compat/port-net.h 
openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h 
ssh2.h ssherr.h misc.h sshbuf.h cipher.h cipher-chachapoly.h chacha.h 
poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h sshkey-xmss.h match.h 
xmss_fast.h
+sshkey.o: includes.h config.h defines.h platform.h 
openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h 
openbsd-compat/readpassphrase.h openbsd-compat/vis.h 
openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h 
openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h 
openbsd-compat/getopt.h openbsd-compat/bsd-misc.h 
openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h 
openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h 
openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h 
openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h 
openbsd-compat/port-irix.h openbsd-compat/port-linux.h 
openbsd-compat/port-solaris.h openbsd-compat/port-net.h 
openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h 
ssh2.h ssherr.h misc.h sshbuf.h cipher.h cipher-chachapoly.h chacha.h 
poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h sshkey-xmss.h match.h 
xmss_fast.h openbsd-compat/openssl-compat.h
 sshlogin.o: includes.h config.h defines.h platform.h 
openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h 
openbsd-compat/readpassphrase.h openbsd-compat/vis.h 
openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h 
openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h 
openbsd-compat/getopt.h openbsd-compat/bsd-misc.h 
openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h 
openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h 
openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h 
openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h 
openbsd-compat/port-irix.h openbsd-compat/port-linux.h 
openbsd-compat/port-solaris.h openbsd-compat/port-net.h 
openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshlogin.h 
ssherr.h loginrec.h log.h sshbuf.h misc.h servconf.h
 sshpty.o: includes.h config.h defines.h platform.h 
openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h 
openbsd-compat/readpassphrase.h openbsd-compat/vis.h 
openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h 
openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h 
openbsd-compat/getopt.h openbsd-compat/bsd-misc.h 
openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h 
openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h 
openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h 
openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h 
openbsd-compat/port-irix.h openbsd-compat/port-linux.h 
openbsd-compat/port-solaris.h openbsd-compat/port-net.h 
openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshpty.h log.h 
misc.h
 sshtty.o: includes.h config.h defines.h platform.h 
openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h 
openbsd-compat/readpassphrase.h openbsd-compat/vis.h 
openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h 
openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h 
openbsd-compat/getopt.h openbsd-compat/bsd-misc.h 
openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h 
openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h 
openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h 
openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h 
openbsd-compat/port-irix.h openbsd-compat/port-linux.h 
openbsd-compat/port-solaris.h openbsd-compat/port-net.h 
openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshpty.h

Modified: vendor-crypto/openssh/dist/.skipped-commit-ids
==============================================================================
--- vendor-crypto/openssh/dist/.skipped-commit-ids      Tue Feb  5 13:48:26 
2019        (r343773)
+++ vendor-crypto/openssh/dist/.skipped-commit-ids      Tue Feb  5 15:03:53 
2019        (r343774)
@@ -4,6 +4,7 @@ f2c9feb26963615c4fece921906cf72e248b61ee        more Makefile
 fa728823ba21c4b45212750e1d3a4b2086fd1a62       more Makefile refactoring
 1de0e85522051eb2ffa00437e1885e9d7b3e0c2e       moduli update
 814b2f670df75759e1581ecef530980b2b3d7e0f       remove redundant make defs
+04431e8e7872f49a2129bf080a6b73c19d576d40       moduli update
 
 Old upstream tree:
 

Modified: vendor-crypto/openssh/dist/ChangeLog
==============================================================================
--- vendor-crypto/openssh/dist/ChangeLog        Tue Feb  5 13:48:26 2019        
(r343773)
+++ vendor-crypto/openssh/dist/ChangeLog        Tue Feb  5 15:03:53 2019        
(r343774)
@@ -1,3 +1,827 @@
+commit aede1c34243a6f7feae2fb2cb686ade5f9be6f3d
+Author: Damien Miller <d...@mindrot.org>
+Date:   Wed Oct 17 11:01:20 2018 +1100
+
+    Require OpenSSL 1.1.x series 1.1.0g or greater
+    
+    Previous versions have a bug with EVP_CipherInit() when passed a
+    NULL EVP_CIPHER, per https://github.com/openssl/openssl/pull/4613
+    
+    ok dtucker@
+
+commit 08300c211409c212e010fe2e2f2883e573a04ce2
+Author: Damien Miller <d...@mindrot.org>
+Date:   Wed Oct 17 08:12:02 2018 +1100
+
+    unbreak compilation with --with-ssl-engine
+    
+    Missing last argument to OPENSSL_init_crypto()
+
+commit 1673274aee67ce0eb6f00578b6f3d2bcbd58f937
+Author: Darren Tucker <dtuc...@dtucker.net>
+Date:   Tue Oct 16 14:45:57 2018 +1100
+
+    Remove gcc spectre mitigation flags.
+    
+    Current impementions of the gcc spectre mitigation flags cause
+    miscompilations when combined with other flags and do not provide much
+    protection.  Found by fweimer at redhat.com, ok djm@
+
+commit 4e23deefd7959ef83c73ed9cce574423438f6133
+Author: Damien Miller <d...@mindrot.org>
+Date:   Tue Oct 16 10:51:52 2018 +1100
+
+    Avoid deprecated OPENSSL_config when using 1.1.x
+    
+    OpenSSL 1.1.x soft-deprecated OPENSSL_config in favour of
+    OPENSSL_init_crypto; pointed out by Jakub Jelen
+
+commit 797cdd9c8468ed1125ce60d590ae3f1397866af4
+Author: Darren Tucker <dtuc...@dtucker.net>
+Date:   Fri Oct 12 16:58:47 2018 +1100
+
+    Don't avoid our *sprintf replacements.
+    
+    Don't let systems with broken printf(3) avoid our replacements
+    via asprintf(3)/vasprintf(3) calling libc internally.  From djm@
+
+commit e526127cbd2f8ad88fb41229df0c9b850c722830
+Author: Darren Tucker <dtuc...@dtucker.net>
+Date:   Fri Oct 12 16:43:35 2018 +1100
+
+    Check if snprintf understands %zu.
+    
+    If the platforms snprintf and friends don't understand %zu, use the
+    compat replacement.  Prevents segfaults on those platforms.
+
+commit cf39f875191708c5f2f1a3c1c9019f106e74aea3
+Author: Damien Miller <d...@mindrot.org>
+Date:   Fri Oct 12 09:48:05 2018 +1100
+
+    remove stale link, tweak
+
+commit a7205e68decf7de2005810853b4ce6b222b65e2a
+Author: Damien Miller <d...@mindrot.org>
+Date:   Fri Oct 12 09:47:20 2018 +1100
+
+    update version numbers ahead of release
+
+commit 1a4a9cf80f5b92b9d1dadd0bfa8867c04d195391
+Author: d...@openbsd.org <d...@openbsd.org>
+Date:   Thu Oct 11 03:48:04 2018 +0000
+
+    upstream: don't send new-style rsa-sha2-*-cert-...@openssh.com names to
+    
+    older OpenSSH that can't handle them. spotted by Adam Eijdenberg; ok 
dtucker
+    
+    OpenBSD-Commit-ID: 662bbc402e3d7c9b6c322806269698106a6ae631
+
+commit dc8ddcdf1a95e011c263486c25869bb5bf4e30ec
+Author: Damien Miller <d...@mindrot.org>
+Date:   Thu Oct 11 13:08:59 2018 +1100
+
+    update depends
+
+commit 26841ac265603fd2253e6832e03602823dbb4022
+Author: Damien Miller <d...@mindrot.org>
+Date:   Thu Oct 11 13:02:11 2018 +1100
+
+    some more duplicated key algorithm lines
+    
+    From Adam Eijdenberg
+
+commit 5d9d17603bfbb620195a4581025052832b4c4adc
+Author: Damien Miller <d...@mindrot.org>
+Date:   Thu Oct 11 11:56:36 2018 +1100
+
+    fix duplicated algorithm specification lines
+    
+    Spotted by Adam Eijdenberg
+
+commit ebfafd9c7a5b2a7fb515ee95dbe0e44e11d0a663
+Author: d...@openbsd.org <d...@openbsd.org>
+Date:   Thu Oct 11 00:52:46 2018 +0000
+
+    upstream: typo in plain RSA algorithm counterpart names for
+    
+    certificates; spotted by Adam Eijdenberg; ok dtucker@
+    
+    OpenBSD-Commit-ID: bfcdeb6f4fc9e7607f5096574c8f118f2e709e00
+
+commit c29b111e7d87c2324ff71c80653dd8da168c13b9
+Author: Damien Miller <d...@mindrot.org>
+Date:   Thu Oct 11 11:29:35 2018 +1100
+
+    check pw_passwd != NULL here too
+    
+    Again, for systems with broken NIS implementations.
+    
+    Prompted by coolbugcheckers AT gmail.com
+
+commit fe8e8f349a553ef4c567acd418aac769a82b7729
+Author: Damien Miller <d...@mindrot.org>
+Date:   Thu Oct 11 11:03:15 2018 +1100
+
+    check for NULL return from shadow_pw()
+    
+    probably unreachable on this platform; pointed out by
+    coolbugcheckers AT gmail.com
+
+commit acc59cbe7a1fb169e1c3caba65a39bd74d6e030d
+Author: dera...@openbsd.org <dera...@openbsd.org>
+Date:   Wed Oct 10 16:43:49 2018 +0000
+
+    upstream: introducing openssh 7.9
+    
+    OpenBSD-Commit-ID: 42d526a9fe01a40dd299ac58014d3349adf40e25
+
+commit 12731158c75c8760a8bea06350eeb3e763fe1a07
+Author: Damien Miller <d...@mindrot.org>
+Date:   Thu Oct 11 10:29:29 2018 +1100
+
+    supply callback to PEM_read_bio_PrivateKey
+    
+    OpenSSL 1.1.0i has changed the behaviour of their PEM APIs,
+    so that empty passphrases are interpreted differently. This
+    probabalistically breaks loading some keys, because the PEM format
+    is terrible and doesn't include a proper MAC.
+    
+    Avoid this by providing a basic callback to avoid passing empty
+    passphrases to OpenSSL in cases where one is required.
+    
+    Based on patch from Jakub Jelen in bz#2913; ok dtucker@
+
+commit d1d301a1dd5d6cc3a9ed93ab7ab09dda4cb456e0
+Author: Damien Miller <d...@mindrot.org>
+Date:   Wed Oct 10 14:57:00 2018 +1100
+
+    in pick_salt() avoid dereference of NULL passwords
+    
+    Apparently some NIS implementations can leave pw->pw_passwd (or the
+    shadow equivalent) NULL.
+    
+    bz#2909; based on patch from Todd Eigenschink
+
+commit edbb6febccee084d212fdc0cb05b40cb1c646ab1
+Author: d...@openbsd.org <d...@openbsd.org>
+Date:   Tue Oct 9 05:42:23 2018 +0000
+
+    upstream: Treat all PEM_read_bio_PrivateKey() errors when a passphrase
+    
+    is specified as "incorrect passphrase" instead of trying to choose between
+    that and "invalid format".
+    
+    libcrypto can return ASN1 parsing errors rather than the expected
+    decrypt error in certain infrequent cases when trying to decrypt/parse
+    PEM private keys when supplied with an invalid passphrase.
+    
+    Report and repro recipe from Thomas Deutschmann in bz#2901
+    
+    ok markus@
+    
+    OpenBSD-Commit-ID: b1d4cd92395f9743f81c0d23aab2524109580870
+
+commit 2581333d564d8697837729b3d07d45738eaf5a54
+Author: na...@openbsd.org <na...@openbsd.org>
+Date:   Fri Oct 5 14:26:09 2018 +0000
+
+    upstream: Support using service names for port numbers.
+    
+    * Try to resolve a port specification with getservbyname(3) if a
+     numeric conversion fails.
+    * Make the "Port" option in ssh_config handle its argument as a
+     port rather than a plain integer.
+    
+    ok dtucker@ deraadt@
+    
+    OpenBSD-Commit-ID: e7f03633133205ab3dfbc67f9df7475fabae660d
+
+commit e0d6501e86734c48c8c503f81e1c0926e98c5c4c
+Author: d...@openbsd.org <d...@openbsd.org>
+Date:   Thu Oct 4 07:47:35 2018 +0000
+
+    upstream: when the peer sends a channel-close message, make sure we
+    
+    close the local extended read fd (stderr) along with the regular read fd
+    (stdout). Avoids weird stuck processed in multiplexing mode.
+    
+    Report and analysis by Nelson Elhage and Geoffrey Thomas in bz#2863
+    
+    ok dtucker@ markus@
+    
+    OpenBSD-Commit-ID: a48a2467fe938de4de69d2e7193d5fa701f12ae9
+
+commit 6f1aabb128246f445e33b8844fad3de9cb1d18cb
+Author: d...@openbsd.org <d...@openbsd.org>
+Date:   Thu Oct 4 01:04:52 2018 +0000
+
+    upstream: factor out channel status formatting from
+    
+    channel_open_message() so we can use it in other debug messages
+    
+    OpenBSD-Commit-ID: 9c3903ca28fcabad57f566c9d0045b41ab7d52ba
+
+commit f1dd179e122bdfdb7ca3072d9603607740efda05
+Author: d...@openbsd.org <d...@openbsd.org>
+Date:   Thu Oct 4 00:10:11 2018 +0000
+
+    upstream: include a little more information about the status and
+    
+    disposition of channel's extended (stderr) fd; makes debugging some things 
a
+    bit easier. No behaviour change.
+    
+    OpenBSD-Commit-ID: 483eb6467dc7d5dbca8eb109c453e7a43075f7ce
+
+commit 2d1428b11c8b6f616f070f2ecedce12328526944
+Author: d...@openbsd.org <d...@openbsd.org>
+Date:   Thu Oct 4 00:04:41 2018 +0000
+
+    upstream: explicit_bzero here to be consistent with other kex*.c;
+    
+    report from coolbugcheckers AT gmail.com
+    
+    OpenBSD-Commit-ID: a90f146c5b5f5b1408700395e394f70b440856cb
+
+commit 5eff5b858e717e901e6af6596306a114de9f79f2
+Author: d...@openbsd.org <d...@openbsd.org>
+Date:   Wed Oct 3 06:38:35 2018 +0000
+
+    upstream: Allow ssh_config IdentityAgent directive to accept
+    
+    environment variable names as well as explicit paths. ok dtucker@
+    
+    OpenBSD-Commit-ID: 2f0996e103876c53d8c9dd51dcce9889d700767b
+
+commit a46ac4d86b25414d78b632e8173578b37e5f8a83
+Author: d...@openbsd.org <d...@openbsd.org>
+Date:   Tue Oct 2 12:51:58 2018 +0000
+
+    upstream: mention i...@openssh.com for sending SIGINFO
+    
+    OpenBSD-Commit-ID: 132471eeb0df658210afd27852fe65131b26e900
+
+commit ff3a411cae0b484274b7900ef52ff4dad3e12876
+Author: Damien Miller <d...@mindrot.org>
+Date:   Tue Oct 2 22:49:40 2018 +1000
+
+    only support SIGINFO on systems with SIGINFO
+
+commit cd98925c6405e972dc9f211afc7e75e838abe81c
+Author: d...@openbsd.org <d...@openbsd.org>
+Date:   Tue Oct 2 12:40:07 2018 +0000
+
+    upstream: Add server support for signalling sessions via the SSH
+    
+    channel/ session protocol. Signalling is only supported to sesssions that 
are
+    not subsystems and were not started with a forced command.
+    
+    Long requested in bz#1424
+    
+    Based on a patch from markus@ and reworked by dtucker@;
+    ok markus@ dtucker@
+    
+    OpenBSD-Commit-ID: 4bea826f575862eaac569c4bedd1056a268be1c3
+
+commit dba50258333f2604a87848762af07ba2cc40407a
+Author: d...@openbsd.org <d...@openbsd.org>
+Date:   Wed Sep 26 07:32:44 2018 +0000
+
+    upstream: remove big ugly TODO comment from start of file. Some of
+    
+    the mentioned tasks are obsolete and, of the remainder, most are already
+    captured in PROTOCOL.mux where they better belong
+    
+    OpenBSD-Commit-ID: 16d9d76dee42a5bb651c9d6740f7f0ef68aeb407
+
+commit 92b61a38ee9b765f5049f03cd1143e13f3878905
+Author: d...@openbsd.org <d...@openbsd.org>
+Date:   Wed Sep 26 07:30:05 2018 +0000
+
+    upstream: Document mux proxy mode; added by Markus in openssh-7.4
+    
+    Also add a little bit of information about the overall packet format
+    
+    OpenBSD-Commit-ID: bdb6f6ea8580ef96792e270cae7857786ad84a95
+
+commit 9d883a1ce4f89b175fd77405ff32674620703fb2
+Author: d...@openbsd.org <d...@openbsd.org>
+Date:   Wed Sep 26 01:48:57 2018 +0000
+
+    upstream: s/process_mux_master/mux_master_process/ in mux master
+    
+    function names,
+    
+    Gives better symmetry with the existing mux_client_*() names and makes
+    it more obvious when a message comes from the master vs client (they
+    are interleved in ControlMaster=auto mode).
+    
+    no functional change beyond prefixing a could of log messages with
+    __func__ where they were previously lacking.
+    
+    OpenBSD-Commit-ID: b01f7c3fdf92692e1713a822a89dc499333daf75
+
+commit c2fa53cd6462da82d3a851dc3a4a3f6b920337c8
+Author: Darren Tucker <dtuc...@dtucker.net>
+Date:   Sat Sep 22 14:41:24 2018 +1000
+
+    Remove unused variable in _ssh_compat_fflush.
+
+commit d1b3540c21212624af907488960d703c7d987b42
+Author: Darren Tucker <dtuc...@dtucker.net>
+Date:   Thu Sep 20 18:08:43 2018 +1000
+
+    Import updated moduli.
+
+commit b5e412a8993ad17b9e1141c78408df15d3d987e1
+Author: d...@openbsd.org <d...@openbsd.org>
+Date:   Fri Sep 21 12:46:22 2018 +0000
+
+    upstream: Allow ssh_config ForwardX11Timeout=0 to disable the
+    
+    timeout and allow X11 connections in untrusted mode indefinitely. ok 
dtucker@
+    
+    OpenBSD-Commit-ID: ea1ceed3f540b48e5803f933e59a03b20db10c69
+
+commit cb24d9fcc901429d77211f274031653476864ec6
+Author: d...@openbsd.org <d...@openbsd.org>
+Date:   Fri Sep 21 12:23:17 2018 +0000
+
+    upstream: when compiled with GSSAPI support, cache supported method
+    
+    OIDs by calling ssh_gssapi_prepare_supported_oids() regardless of whether
+    GSSAPI authentication is enabled in the main config.
+    
+    This avoids sandbox violations for configurations that enable GSSAPI
+    auth later, e.g.
+    
+    Match user djm
+            GSSAPIAuthentication yes
+    
+    bz#2107; ok dtucker@
+    
+    OpenBSD-Commit-ID: a5dd42d87c74e27cfb712b15b0f97ab20e0afd1d
+
+commit bbc8af72ba68da014d4de6e21a85eb5123384226
+Author: d...@openbsd.org <d...@openbsd.org>
+Date:   Fri Sep 21 12:20:12 2018 +0000
+
+    upstream: In sshkey_in_file(), ignore keys that are considered for
+    
+    being too short (i.e. SSH_ERR_KEY_LENGTH). These keys will not be 
considered
+    to be "in the file". This allows key revocation lists to contain short keys
+    without the entire revocation list being considered invalid.
+    
+    bz#2897; ok dtucker
+    
+    OpenBSD-Commit-ID: d9f3d857d07194a42ad7e62889a74dc3f9d9924b
+
+commit 383a33d160cefbfd1b40fef81f72eadbf9303a66
+Author: d...@openbsd.org <d...@openbsd.org>
+Date:   Fri Sep 21 03:11:36 2018 +0000
+
+    upstream: Treat connections with ProxyJump specified the same as ones
+    
+    with a ProxyCommand set with regards to hostname canonicalisation (i.e. 
don't
+    try to canonicalise the hostname unless CanonicalizeHostname is set to
+    'always').
+    
+    Patch from Sven Wegener via bz#2896
+    
+    OpenBSD-Commit-ID: 527ff501cf98bf65fb4b29ed0cb847dda10f4d37
+
+commit 0cbed248ed81584129b67c348dbb801660f25a6a
+Author: d...@openbsd.org <d...@openbsd.org>
+Date:   Thu Sep 20 23:40:16 2018 +0000
+
+    upstream: actually make CASignatureAlgorithms available as a config
+    
+    option
+    
+    OpenBSD-Commit-ID: 93fa7ff58314ed7b1ab7744090a6a91232e6ae52
+
+commit 62528870c0ec48cd86a37dd7320fb85886c3e6ee
+Author: dtuc...@openbsd.org <dtuc...@openbsd.org>
+Date:   Thu Sep 20 08:07:03 2018 +0000
+
+    upstream: Import updated moduli.
+    
+    OpenBSD-Commit-ID: 04431e8e7872f49a2129bf080a6b73c19d576d40
+
+commit e6933a2ffa0659d57f3c7b7c457b2c62b2a84613
+Author: j...@openbsd.org <j...@openbsd.org>
+Date:   Thu Sep 20 06:58:48 2018 +0000
+
+    upstream: reorder CASignatureAlgorithms, and add them to the
+    
+    various -o lists; ok djm
+    
+    OpenBSD-Commit-ID: ecb88baecc3c54988b4d1654446ea033da359288
+
+commit aa083aa9624ea7b764d5a81c4c676719a1a3e42b
+Author: d...@openbsd.org <d...@openbsd.org>
+Date:   Thu Sep 20 03:31:49 2018 +0000
+
+    upstream: fix "ssh -Q sig" to show correct signature algorithm list
+    
+    (it was erroneously showing certificate algorithms); prompted by markus@
+    
+    OpenBSD-Commit-ID: 1cdee002f2f0c21456979deeb887fc889afb154d
+
+commit ecac7e1f7add6b28874959a11f2238d149dc2c07
+Author: d...@openbsd.org <d...@openbsd.org>
+Date:   Thu Sep 20 03:30:44 2018 +0000
+
+    upstream: add CASignatureAlgorithms option for the client, allowing
+    
+    it to specify which signature algorithms may be used by CAs when signing
+    certificates. Useful if you want to ban RSA/SHA1; ok markus@
+    
+    OpenBSD-Commit-ID: 9159e5e9f67504829bf53ff222057307a6e3230f
+
+commit 86e5737c39153af134158f24d0cab5827cbd5852
+Author: d...@openbsd.org <d...@openbsd.org>
+Date:   Thu Sep 20 03:28:06 2018 +0000
+
+    upstream: Add sshd_config CASignatureAlgorithms option to allow
+    
+    control over which signature algorithms a CA may use when signing
+    certificates. In particular, this allows a sshd to ban certificates signed
+    with RSA/SHA1.
+    
+    ok markus@
+    
+    OpenBSD-Commit-ID: b05c86ef8b52b913ed48d54a9b9c1a7714d96bac
+
+commit f80e68ea7d62e2dfafc12f1a60ab544ae4033a0f
+Author: d...@openbsd.org <d...@openbsd.org>
+Date:   Wed Sep 19 02:03:02 2018 +0000
+
+    upstream: Make "ssh-add -q" do what it says on the tin: silence
+    
+    output from successful operations.
+    
+    Based on patch from Thijs van Dijk; ok dtucker@ deraadt@
+    
+    OpenBSD-Commit-ID: c4f754ecc055c10af166116ce7515104aa8522e1
+
+commit 5e532320e9e51de720d5f3cc2596e95d29f6e98f
+Author: mill...@openbsd.org <mill...@openbsd.org>
+Date:   Mon Sep 17 15:40:14 2018 +0000
+
+    upstream: When choosing a prime from the moduli file, avoid
+    
+    re-using the linenum variable for something that is not a line number to
+    avoid the confusion that resulted in the bug in rev. 1.64.  This also lets 
us
+    pass the actual linenum to parse_prime() so the error messages include the
+    correct line number.  OK markus@ some time ago.
+    
+    OpenBSD-Commit-ID: 4d8e5d3e924d6e8eb70053e3defa23c151a00084
+
+commit cce8cbe0ed7d1ba3a575310e0b63c193326ae616
+Author: Darren Tucker <dtuc...@dtucker.net>
+Date:   Sat Sep 15 19:44:06 2018 +1000
+
+    Fix openssl-1.1 fallout for --without-openssl.
+    
+    ok djm@
+
+commit 149519b9f201dac755f3cba4789f4d76fecf0ee1
+Author: Damien Miller <d...@mindrot.org>
+Date:   Sat Sep 15 19:37:48 2018 +1000
+
+    add futex(2) syscall to seccomp sandbox
+    
+    Apparently needed for some glibc/openssl combinations.
+    
+    Patch from Arkadiusz Miśkiewicz
+
+commit 4488ae1a6940af704c4dbf70f55bf2f756a16536
+Author: Damien Miller <d...@mindrot.org>
+Date:   Sat Sep 15 19:36:55 2018 +1000
+
+    really add source for authopt_fuzz this time
+
+commit 9201784b4a257c8345fbd740bcbdd70054885707
+Author: Damien Miller <d...@mindrot.org>
+Date:   Sat Sep 15 19:35:40 2018 +1000
+
+    remove accidentally checked-in authopt_fuzz binary
+
+commit beb9e522dc7717df08179f9e59f36b361bfa14ab
+Author: d...@openbsd.org <d...@openbsd.org>
+Date:   Fri Sep 14 05:26:27 2018 +0000
+
+    upstream: second try, deals properly with missing and private-only
+    
+    Use consistent format in debug log for keys readied, offered and
+    received during public key authentication.
+    
+    This makes it a little easier to see what is going on, as each message
+    now contains (where available) the key filename, its type and fingerprint,
+    and whether the key is hosted in an agent or a token.
+    
+    OpenBSD-Commit-ID: f1c6a8e9cfc4e108c359db77f24f9a40e1e25ea7
+
+commit 6bc5a24ac867bfdc3ed615589d69ac640f51674b
+Author: Damien Miller <d...@mindrot.org>
+Date:   Fri Sep 14 15:16:34 2018 +1000
+
+    fuzzer harness for authorized_keys option parsing
+
+commit 6c8b82fc6929b6a9a3f645151b6ec26c5507d9ef
+Author: d...@openbsd.org <d...@openbsd.org>
+Date:   Fri Sep 14 04:44:04 2018 +0000
+
+    upstream: revert following; deals badly with agent keys
+    
+    revision 1.285
+    date: 2018/09/14 04:17:12;  author: djm;  state: Exp;  lines: +47 -26;  
commitid: lflGFcNb2X2HebaK;
+    Use consistent format in debug log for keys readied, offered and
+    received during public key authentication.
+    
+    This makes it a little easier to see what is going on, as each message
+    now contains the key filename, its type and fingerprint, and whether
+    the key is hosted in an agent or a token.
+    
+    OpenBSD-Commit-ID: e496bd004e452d4b051f33ed9ae6a54ab918f56d
+
+commit 6da046f9c3374ce7e269ded15d8ff8bc45017301
+Author: d...@openbsd.org <d...@openbsd.org>
+Date:   Fri Sep 14 04:17:44 2018 +0000
+
+    upstream: garbage-collect moribund ssh_new_private() API.
+    
+    OpenBSD-Commit-ID: 7c05bf13b094093dfa01848a9306c82eb6e95f6c
+
+commit 1f24ac5fc05252ceb1c1d0e8cab6a283b883c780
+Author: d...@openbsd.org <d...@openbsd.org>
+Date:   Fri Sep 14 04:17:12 2018 +0000
+
+    upstream: Use consistent format in debug log for keys readied,
+    
+    offered and received during public key authentication.
+    
+    This makes it a little easier to see what is going on, as each message
+    now contains the key filename, its type and fingerprint, and whether
+    the key is hosted in an agent or a token.
+    
+    OpenBSD-Commit-ID: 2a01d59285a8a7e01185bb0a43316084b4f06a1f
+
+commit 488c9325bb7233e975dbfbf89fa055edc3d3eddc
+Author: mill...@openbsd.org <mill...@openbsd.org>
+Date:   Thu Sep 13 15:23:32 2018 +0000
+
+    upstream: Fix warnings caused by user_from_uid() and group_from_gid()
+    
+    now returning const char *.
+    
+    OpenBSD-Commit-ID: b5fe571ea77cfa7b9035062829ab05eb87d7cc6f
+
+commit 0aa1f230846ebce698e52051a107f3127024a05a
+Author: Damien Miller <d...@mindrot.org>
+Date:   Fri Sep 14 10:31:47 2018 +1000
+
+    allow SIGUSR1 as synonym for SIGINFO
+    
+    Lets users on those unfortunate operating systems that lack SIGINFO
+    still be able to obtain progress information from unit tests :)
+
+commit d64e78526596f098096113fcf148216798c327ff
+Author: Damien Miller <d...@mindrot.org>
+Date:   Thu Sep 13 19:05:48 2018 +1000
+
+    add compat header
+
+commit a3fd8074e2e2f06602e25618721f9556c731312c
+Author: d...@openbsd.org <d...@openbsd.org>
+Date:   Thu Sep 13 09:03:20 2018 +0000
+
+    upstream: missed a bit of openssl-1.0.x API in this unittest
+    
+    OpenBSD-Regress-ID: a73a54d7f7381856a3f3a2d25947bee7a9a5dbc9
+
+commit 86e0a9f3d249d5580390daf58e015e68b01cef10
+Author: d...@openbsd.org <d...@openbsd.org>
+Date:   Thu Sep 13 05:06:51 2018 +0000
+
+    upstream: use only openssl-1.1.x API here too
+    
+    OpenBSD-Regress-ID: ae877064597c349954b1b443769723563cecbc8f
+
+commit 48f54b9d12c1c79fba333bc86d455d8f4cda8cfc
+Author: Damien Miller <d...@mindrot.org>
+Date:   Thu Sep 13 12:13:50 2018 +1000
+
+    adapt -portable to OpenSSL 1.1x API
+    
+    Polyfill missing API with replacement functions extracted from LibreSSL
+
+commit 86112951d63d48839f035b5795be62635a463f99
+Author: Damien Miller <d...@mindrot.org>
+Date:   Thu Sep 13 12:12:42 2018 +1000
+
+    forgot to stage these test files in commit d70d061
+
+commit 482d23bcacdd3664f21cc82a5135f66fc598275f
+Author: d...@openbsd.org <d...@openbsd.org>
+Date:   Thu Sep 13 02:08:33 2018 +0000
+
+    upstream: hold our collective noses and use the openssl-1.1.x API in
+    
+    OpenSSH; feedback and ok tb@ jsing@ markus@
+    
+    OpenBSD-Commit-ID: cacbcac87ce5da0d3ca7ef1b38a6f7fb349e4417
+
+commit d70d061828730a56636ab6f1f24fe4a8ccefcfc1
+Author: d...@openbsd.org <d...@openbsd.org>
+Date:   Wed Sep 12 01:36:45 2018 +0000
+
+    upstream: Include certs with multiple RSA signature variants in
+    
+    test data Ensure that cert->signature_key is populated correctly
+    
+    OpenBSD-Regress-ID: 56e68f70fe46cb3a193ca207385bdb301fd6603a
+
+commit f803b2682992cfededd40c91818b653b5d923ef5
+Author: d...@openbsd.org <d...@openbsd.org>
+Date:   Wed Sep 12 01:23:48 2018 +0000
+
+    upstream: test revocation by explicit hash and by fingerprint
+    
+    OpenBSD-Regress-ID: 079c18a9ab9663f4af419327c759fc1e2bc78fd8
+
+commit 2de78bc7da70e1338b32feeefcc6045cf49efcd4
+Author: d...@openbsd.org <d...@openbsd.org>
+Date:   Wed Sep 12 01:22:43 2018 +0000
+
+    upstream: s/sshkey_demote/sshkey_from_private/g
+    
+    OpenBSD-Regress-ID: 782bde7407d94a87aa8d1db7c23750e09d4443c4
+
+commit 41c115a5ea1cb79a6a3182773c58a23f760e8076
+Author: Damien Miller <d...@mindrot.org>
+Date:   Wed Sep 12 16:50:01 2018 +1000
+
+    delete the correct thing; kexfuzz binary
+
+commit f0fcd7e65087db8c2496f13ed39d772f8e38b088
+Author: d...@openbsd.org <d...@openbsd.org>
+Date:   Wed Sep 12 06:18:59 2018 +0000
+
+    upstream: fix edit mistake; spotted by jmc@
+    
+    OpenBSD-Commit-ID: dd724e1c52c9d6084f4cd260ec7e1b2b138261c6
+
+commit 4cc259bac699f4d2a5c52b92230f9e488c88a223
+Author: d...@openbsd.org <d...@openbsd.org>
+Date:   Wed Sep 12 01:34:02 2018 +0000
+
+    upstream: add SSH_ALLOWED_CA_SIGALGS - the default list of
+    
+    signature algorithms that are allowed for CA signatures. Notably excludes
+    ssh-dsa.
+    
+    ok markus@
+    
+    OpenBSD-Commit-ID: 1628e4181dc8ab71909378eafe5d06159a22deb4
+
+commit ba9e788315b1f6a350f910cb2a9e95b2ce584e89
+Author: d...@openbsd.org <d...@openbsd.org>
+Date:   Wed Sep 12 01:32:54 2018 +0000
+
+    upstream: add sshkey_check_cert_sigtype() that checks a
+    
+    cert->signature_type against a supplied whitelist; ok markus
+    
+    OpenBSD-Commit-ID: caadb8073292ed7a9535e5adc067d11d356d9302
+
+commit a70fd4ad7bd9f2ed223ff635a3d41e483057f23b
+Author: d...@openbsd.org <d...@openbsd.org>
+Date:   Wed Sep 12 01:31:30 2018 +0000
+
+    upstream: add cert->signature_type field and keep it in sync with
+    
+    certificate signature wrt loading and certification operations; ok markus@
+    
+    OpenBSD-Commit-ID: e8b8b9f76b66707a0cd926109c4383db8f664df3
+
+commit 357128ac48630a9970e3af0e6ff820300a28da47
+Author: d...@openbsd.org <d...@openbsd.org>
+Date:   Wed Sep 12 01:30:10 2018 +0000
+
+    upstream: Add "ssh -Q sig" to allow listing supported signature
+    
+    algorithms ok markus@
+    
+    OpenBSD-Commit-ID: 7a8c6eb6c249dc37823ba5081fce64876d10fe2b
+
+commit 9405c6214f667be604a820c6823b27d0ea77937d
+Author: d...@openbsd.org <d...@openbsd.org>
+Date:   Wed Sep 12 01:21:34 2018 +0000
+
+    upstream: allow key revocation by SHA256 hash and allow ssh-keygen
+    
+    to create KRLs using SHA256/base64 key fingerprints; ok markus@
+    
+    OpenBSD-Commit-ID: a0590fd34e7f1141f2873ab3acc57442560e6a94
+
+commit 50e2687ee0941c0ea216d6ffea370ffd2c1f14b9
+Author: d...@openbsd.org <d...@openbsd.org>
+Date:   Wed Sep 12 01:19:12 2018 +0000
+
+    upstream: log certificate fingerprint in authentication
+    
+    success/failure message (previously we logged only key ID and CA key
+    fingerprint).
+    
+    ok markus@
+    
+    OpenBSD-Commit-ID: a8ef2d172b7f1ddbcce26d6434b2de6d94f6c05d
+
+commit de37ca909487d23e5844aca289b3f5e75d3f1e1f
+Author: dtuc...@openbsd.org <dtuc...@openbsd.org>
+Date:   Fri Sep 7 04:26:56 2018 +0000
+
+    upstream: Add FALLTHROUGH comments where appropriate. Patch from
+    
+    jjelen at redhat via bz#2687.
+    
+    OpenBSD-Commit-ID: c48eb457be697a19d6d2950c6d0879f3ccc851d3
+
+commit 247766cd3111d5d8c6ea39833a3257ca8fb820f2
+Author: d...@openbsd.org <d...@openbsd.org>
+Date:   Fri Sep 7 01:42:54 2018 +0000
+
+    upstream: ssh -MM requires confirmation for all operations that
+    
+    change the multiplexing state, not just new sessions.
+    
+    mention that confirmation is checked via ssh-askpass
+    
+    OpenBSD-Commit-ID: 0f1b45551ebb9cc5c9a4fe54ad3b23ce90f1f5c2
+
+commit db8bb80e3ac1bcb3e1305d846cd98c6b869bf03f
+Author: mes...@openbsd.org <mes...@openbsd.org>
+Date:   Tue Aug 28 12:25:53 2018 +0000
+
+    upstream: fix misplaced parenthesis inside if-clause. it's harmless
+    
+    and the only issue is showing an unknown error (since it's not defined)
+    during fatal(), if it ever an error occurs inside that condition.
+    
+    OK deraadt@ markus@ djm@
+    
+    OpenBSD-Commit-ID: acb0a8e6936bfbe590504752d01d1d251a7101d8
+
+commit 086cc614f550b7d4f100c95e472a6b6b823938ab
+Author: mes...@openbsd.org <mes...@openbsd.org>
+Date:   Tue Aug 28 12:17:45 2018 +0000
+
+    upstream: fix build with DEBUG_PK enabled
+    
+    OK dtucker@
+    
+    OpenBSD-Commit-ID: ec1568cf27726e9638a0415481c20c406e7b441c
+
+commit 2678833013e97f8b18f09779b7f70bcbf5eb2ab2
+Author: Darren Tucker <dtuc...@dtucker.net>
+Date:   Fri Sep 7 14:41:53 2018 +1000
+
+    Handle ngroups>_SC_NGROUPS_MAX.
+    
+    Based on github pull request #99 from Darren Maffat at Oracle: Solaris'
+    getgrouplist considers _SC_NGROUPS_MAX more of a guideline and can return
+    a larger number of groups.  In this case, retry getgrouplist with a
+    larger array and defer allocating groups_byname.  ok djm@
+
+commit 039bf2a81797b8f3af6058d34005a4896a363221
+Author: Darren Tucker <dtuc...@dtucker.net>
+Date:   Fri Sep 7 14:06:57 2018 +1000
+
+    Initial len for the fmt=NULL case.
+    
+    Patch from jjelen at redhat via bz#2687.  (OpenSSH never calls
+    setproctitle with a null format so len is always initialized).
+
+commit ea9c06e11d2e8fb2f4d5e02f8a41e23d2bd31ca9
+Author: Darren Tucker <dtuc...@dtucker.net>
+Date:   Fri Sep 7 14:01:39 2018 +1000
+
+    Include stdlib.h.
+    
+    Patch from jjelen at redhat via bz#2687.
+
+commit 9617816dbe73ec4d65075f4d897443f63a97c87f
+Author: Damien Miller <d...@mindrot.org>
+Date:   Mon Aug 27 13:08:01 2018 +1000
+
+    document some more regress control env variables
+    
+    Specifically SKIP_UNIT, USE_VALGRING and LTESTS. Sort the list of
+    environment variables.
+    
+    Based on patch from Jakub Jelen
+
 commit 71508e06fab14bc415a79a08f5535ad7bffa93d9
 Author: Damien Miller <d...@mindrot.org>
 Date:   Thu Aug 23 15:41:42 2018 +1000
@@ -8880,862 +9704,3 @@ Date:   Thu Oct 20 03:42:09 2016 +1100
     Remote channels .orig and .rej files.
     
     These files were incorrectly added during an OpenBSD sync.
-
-commit 246aa842a4ad368d8ce030495e657ef3a0e1f95c
-Author: dtuc...@openbsd.org <dtuc...@openbsd.org>
-Date:   Tue Oct 18 17:32:54 2016 +0000
-
-    upstream commit
-    
-    Remove channel_input_port_forward_request(); the only caller
-    was the recently-removed SSH1 server code so it's now dead code.  ok 
markus@
-    
-    Upstream-ID: 05453983230a1f439562535fec2818f63f297af9
-
-commit 2c6697c443d2c9c908260eed73eb9143223e3ec9
-Author: mill...@openbsd.org <mill...@openbsd.org>
-Date:   Tue Oct 18 12:41:22 2016 +0000
-
-    upstream commit
-    
-    Install a signal handler for tty-generated signals and
-    wait for the ssh child to suspend before suspending sftp.  This lets ssh
-    restore the terminal mode as needed when it is suspended at the password
-    prompt.  OK dtucker@
-    
-    Upstream-ID: a31c1f42aa3e2985dcc91e46e6a17bd22e372d69
-
-commit fd2a8f1033fa2316fff719fd5176968277560158
-Author: j...@openbsd.org <j...@openbsd.org>
-Date:   Sat Oct 15 19:56:25 2016 +0000
-
-    upstream commit
-    
-    various formatting fixes, specifically removing Dq;
-    
-    Upstream-ID: 81e85df2b8e474f5f93d66e61d9a4419ce87347c
-
-commit 8f866d8a57b9a2dc5dd04504e27f593b551618e3
-Author: Darren Tucker <dtuc...@zip.com.au>
-Date:   Wed Oct 19 03:26:09 2016 +1100
-
-    Import readpassphrase.c rev 1.26.
-    
-    Author: mil...@openbsd.org:
-    Avoid generate SIGTTOU when restoring the terminal mode.  If we get
-    SIGTTOU it means the process is not in the foreground process group
-    which, in most cases, means that the shell has taken control of the tty.
-    Requiring the user the fg the process in this case doesn't make sense
-    and can result in both SIGTSTP and SIGTTOU being sent which can lead to
-    the process being suspended again immediately after being brought into
-    the foreground.
-
-commit f901440cc844062c9bab0183d133f7ccc58ac3a5
-Author: Darren Tucker <dtuc...@zip.com.au>
-Date:   Wed Oct 19 03:23:16 2016 +1100
-
-    Import readpassphrase.c rev 1.25.
-    
-    Wrap <readpassphrase.h> so internal calls go direct and
-    readpassphrase is weak.
-    
-    (DEF_WEAK is a no-op in portable.)
-
-commit 032147b69527e5448a511049b2d43dbcae582624
-Author: Darren Tucker <dtuc...@zip.com.au>
-Date:   Sat Oct 15 05:51:12 2016 +1100
-
-    Move DEF_WEAK into defines.h.
-    
-    As well pull in more recent changes from OpenBSD these will start to
-    arrive so put it where the definition is shared.
-
-commit e0259a82ddd950cfb109ddee86fcebbc09c6bd04
-Author: Darren Tucker <dtuc...@zip.com.au>
-Date:   Sat Oct 15 04:34:46 2016 +1100
-
-    Remove do_pam_set_tty which is dead code.
-    
-    The callers of do_pam_set_tty were removed in 2008, so this is now dead
-    code.  bz#2604, pointed out by jjelen at redhat.com.
-
-commit ca04de83f210959ad2ed870a30ba1732c3ae00e3
-Author: Damien Miller <d...@mindrot.org>
-Date:   Thu Oct 13 18:53:43 2016 +1100
-
-    unbreak principals-command test
-    
-    Undo inconsistetly updated variable name.
-
-commit 1723ec92eb485ce06b4cbf49712d21975d873909
-Author: d...@openbsd.org <d...@openbsd.org>
-Date:   Tue Oct 11 21:49:54 2016 +0000
-
-    upstream commit
-    
-    fix the KEX fuzzer - the previous method of obtaining the
-    packet contents was broken. This now uses the new per-packet input hook, so
-    it sees exact post-decrypt packets and doesn't have to pass packet 
integrity
-    checks. ok markus@
-    
-    Upstream-Regress-ID: 402fb6ffabd97de590e8e57b25788949dce8d2fd
-
-commit 09f997893f109799cddbfce6d7e67f787045cbb2
-Author: nat...@openbsd.org <nat...@openbsd.org>
-Date:   Thu Oct 6 09:31:38 2016 +0000
-
-    upstream commit
-    
-    Move USER out of the way to unbreak the BUILDUSER
-    mechanism. ok tb
-    
-    Upstream-Regress-ID: 74ab9687417dd071d62316eaadd20ddad1d5af3c
-
-commit 3049a012c482a7016f674db168f23fd524edce27
-Author: bl...@openbsd.org <bl...@openbsd.org>
-Date:   Fri Sep 30 11:55:20 2016 +0000
-
-    upstream commit
-    
-    In ssh tests set REGRESS_FAIL_EARLY with ?= so that the
-    environment can change it. OK djm@
-    
-    Upstream-Regress-ID: 77bcb50e47b68c7209c7f0a5a020d73761e5143b
-
-commit 39af7b444db28c1cb01b7ea468a4f574a44f375b
-Author: d...@openbsd.org <d...@openbsd.org>
-Date:   Tue Oct 11 21:47:45 2016 +0000
-
-    upstream commit
-    
-    Add a per-packet input hook that is called with the
-    decrypted packet contents. This will be used for fuzzing; ok markus@
-    
-    Upstream-ID: a3221cee6b1725dd4ae1dd2c13841b4784cb75dc
-
-commit ec165c392ca54317dbe3064a8c200de6531e89ad

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Reply via email to