commit 99522ba7ec6963a05c04a156bf20e3ba3605987c
Author: Damien Miller <djm@mindrot.org>
Date:   Thu Jul 28 08:54:27 2016 +1000

    define _OPENBSD_SOURCE for reallocarray on NetBSD
    
    Report by and debugged with Hisashi T Fujinaka, dtucker nailed
    the problem (lack of prototype causing return type confusion).

commit 3e1e076550c27c6bbdddf36d8f42bd79fbaaa187
Author: Damien Miller <djm@mindrot.org>
Date:   Wed Jul 27 08:25:42 2016 +1000

    KNF

commit d99ee9c4e5e217e7d05eeec84e9ce641f4675331
Author: Damien Miller <djm@mindrot.org>
Date:   Wed Jul 27 08:25:23 2016 +1000

    Linux auditing also needs packet.h

commit 393bd381a45884b589baa9aed4394f1d250255ca
Author: Damien Miller <djm@mindrot.org>
Date:   Wed Jul 27 08:18:05 2016 +1000

    fix auditing on Linux
    
    get_remote_ipaddr() was replaced with ssh_remote_ipaddr()

commit 80e766fb089de4f3c92b1600eb99e9495e37c992
Author: Damien Miller <djm@mindrot.org>
Date:   Sun Jul 24 21:50:13 2016 +1000

    crank version numbers

commit b1a478792d458f2e938a302e64bab2b520edc1b3
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Sun Jul 24 11:45:36 2016 +0000

    upstream commit
    
    openssh-7.3
    
    Upstream-ID: af106a7eb665f642648cf1993e162c899f358718

commit 353766e0881f069aeca30275ab706cd60a1a8fdd
Author: Darren Tucker <dtucker@zip.com.au>
Date:   Sat Jul 23 16:14:42 2016 +1000

    Move Cygwin IPPORT_RESERVED overrride to defines.h
    
    Patch from vinschen at redhat.com.

commit 368dd977ae07afb93f4ecea23615128c95ab2b32
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Sat Jul 23 02:54:08 2016 +0000

    upstream commit
    
    fix pledge violation with ssh -f; reported by Valentin
    Kozamernik ok dtucker@
    
    Upstream-ID: a61db7988db88d9dac3c4dd70e18876a8edf84aa

commit f00211e3c6d24d6ea2b64b4b1209f671f6c1d42e
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Jul 22 07:00:46 2016 +0000

    upstream commit
    
    improve wording; suggested by jmc@
    
    Upstream-ID: 55cb0a24c8e0618b3ceec80998dc82c85db2d2f8

commit 83cbca693c3b0719270e6a0f2efe3f9ee93a65b8
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Fri Jul 22 05:46:11 2016 +0000

    upstream commit
    
    Lower loglevel for "Authenticated with partial success"
    message similar to other similar level.  bz#2599, patch from cgallek at
    gmail.com, ok markus@
    
    Upstream-ID: 3faab814e947dc7b2e292edede23e94c608cb4dd

commit 10358abd087ab228b7ce2048efc4f3854a9ab9a6
Author: Damien Miller <djm@mindrot.org>
Date:   Fri Jul 22 14:06:36 2016 +1000

    retry waitpid on EINTR failure
    
    patch from Jakub Jelen on bz#2581; ok dtucker@

commit da88a70a89c800e74ea8e5661ffa127a3cc79a92
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Jul 22 03:47:36 2016 +0000

    upstream commit
    
    constify a few functions' arguments; patch from Jakub
    Jelen bz#2581
    
    Upstream-ID: f2043f51454ea37830ff6ad60c8b32b4220f448d

commit c36d91bd4ebf767f310f7cea88d61d1c15f53ddf
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Jul 22 03:39:13 2016 +0000

    upstream commit
    
    move debug("%p", key) to before key is free'd; probable
    undefined behaviour on strict compilers; reported by Jakub Jelen bz#2581
    
    Upstream-ID: 767f323e1f5819508a0e35e388ec241bac2f953a

commit 286f5a77c3bfec1e8892ca268087ac885ac871bf
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Jul 22 03:35:11 2016 +0000

    upstream commit
    
    reverse the order in which -J/JumpHost proxies are visited to
    be more intuitive and document
    
    reported by and manpage bits naddy@
    
    Upstream-ID: 3a68fd6a841fd6cf8cedf6552a9607ba99df179a

commit fcd135c9df440bcd2d5870405ad3311743d78d97
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Thu Jul 21 01:39:35 2016 +0000

    upstream commit
    
    Skip passwords longer than 1k in length so clients can't
    easily DoS sshd by sending very long passwords, causing it to spend CPU
    hashing them. feedback djm@, ok markus@.
    
    Brought to our attention by tomas.kuthan at oracle.com, shilei-c at
    360.cn and coredump at autistici.org
    
    Upstream-ID: d0af7d4a2190b63ba1d38eec502bc4be0be9e333

commit 324583e8fb3935690be58790425793df619c6d4d
Author: naddy@openbsd.org <naddy@openbsd.org>
Date:   Wed Jul 20 10:45:27 2016 +0000

    upstream commit
    
    Do not clobber the global jump_host variables when
    parsing an inactive configuration.  ok djm@
    
    Upstream-ID: 5362210944d91417d5976346d41ac0b244350d31

commit 32d921c323b989d28405e78d0a8923d12913d737
Author: jmc@openbsd.org <jmc@openbsd.org>
Date:   Tue Jul 19 12:59:16 2016 +0000

    upstream commit
    
    tweak previous;
    
    Upstream-ID: f3c1a5b3f05dff366f60c028728a2b43f15ff534

commit d7eabc86fa049a12ba2c3fb198bd1d51b37f7025
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Tue Jul 19 11:38:53 2016 +0000

    upstream commit
    
    Allow wildcard for PermitOpen hosts as well as ports.
    bz#2582, patch from openssh at mzpqnxow.com and jjelen at redhat.com.  ok
    markus@
    
    Upstream-ID: af0294e9b9394c4e16e991424ca0a47a7cc605f2

commit b98a2a8348e907b3d71caafd80f0be8fdd075943
Author: markus@openbsd.org <markus@openbsd.org>
Date:   Mon Jul 18 11:35:33 2016 +0000

    upstream commit
    
    Reduce timing attack against obsolete CBC modes by always
    computing the MAC over a fixed size of data. Reported by Jean Paul
    Degabriele, Kenny Paterson, Torben Hansen and Martin Albrecht. ok djm@
    
    Upstream-ID: f20a13279b00ba0afbacbcc1f04e62e9d41c2912

commit dbf788b4d9d9490a5fff08a7b09888272bb10fcc
Author: Darren Tucker <dtucker@zip.com.au>
Date:   Thu Jul 21 14:17:31 2016 +1000

    Search users for one with a valid salt.
    
    If the root account is locked (eg password "!!" or "*LK*") keep looking
    until we find a user with a valid salt to use for crypting passwords of
    invalid users.  ok djm@

commit e8b58f48fbb1b524fb4f0d4865fa0005d6a4b782
Author: Darren Tucker <dtucker@zip.com.au>
Date:   Mon Jul 18 17:22:49 2016 +1000

    Explicitly specify source files for regress tools.
    
    Since adding $(REGRESSLIBS), $? is wrong because it includes only the
    changed source files.  $< seems like it'd be right however it doesn't
    seem to work on some non-GNU makes, so do what works everywhere.

commit eac1bbd06872c273f16ac0f9976b0aef026b701b
Author: Darren Tucker <dtucker@zip.com.au>
Date:   Mon Jul 18 17:12:22 2016 +1000

    Conditionally include err.h.

commit 0a454147568746c503f669e1ba861f76a2e7a585
Author: Darren Tucker <dtucker@zip.com.au>
Date:   Mon Jul 18 16:26:26 2016 +1000

    Remove local implementation of err, errx.
    
    We now have a shared implementation in libopenbsd-compat.

commit eb999a4590846ba4d56ddc90bd07c23abfbab7b1
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Mon Jul 18 06:08:01 2016 +0000

    upstream commit
    
    Add some unsigned overflow checks for extra_pad. None of
    these are reachable with the amount of padding that we use internally.
    bz#2566, pointed out by Torben Hansen. ok markus@
    
    Upstream-ID: 4d4be8450ab2fc1b852d5884339f8e8c31c3fd76

commit c71ba790c304545464bb494de974cdf0f4b5cf1e
Author: Darren Tucker <dtucker@zip.com.au>
Date:   Mon Jul 18 15:43:25 2016 +1000

    Add dependency on libs for unit tests.
    
    Makes "./configure && make tests" work again.  ok djm@

commit 8199d0311aea3e6fd0284c9025e7a83f4ece79e8
Author: Darren Tucker <dtucker@zip.com.au>
Date:   Mon Jul 18 13:47:39 2016 +1000

    Correct location for kexfuzz in clean target.

commit 01558b7b07af43da774d3a11a5c51fa9c310849d
Author: Darren Tucker <dtucker@zip.com.au>
Date:   Mon Jul 18 09:33:25 2016 +1000

    Handle PAM_MAXTRIES from modules.
    
    bz#2249: handle the case where PAM returns PAM_MAXTRIES by ceasing to offer
    password and keyboard-interative authentication methods.  Should prevent
    "sshd ignoring max retries" warnings in the log.  ok djm@
    
    It probably won't trigger with keyboard-interactive in the default
    configuration because the retry counter is stored in module-private
    storage which goes away with the sshd PAM process (see bz#688).  On the
    other hand, those cases probably won't log a warning either.

commit 65c6c6b567ab5ab12945a5ad8e0ab3a8c26119cc
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Sun Jul 17 04:20:16 2016 +0000

    upstream commit
    
    support UTF-8 characters in ssh(1) banners using
    schwarze@'s safe fmprintf printer; bz#2058
    
    feedback schwarze@ ok dtucker@
    
    Upstream-ID: a72ce4e3644c957643c9524eea2959e41b91eea7

commit e4eb7d910976fbfc7ce3e90c95c11b07b483d0d7
Author: jmc@openbsd.org <jmc@openbsd.org>
Date:   Sat Jul 16 06:57:55 2016 +0000

    upstream commit
    
    - add proxyjump to the options list - formatting fixes -
    update usage()
    
    ok djm
    
    Upstream-ID: 43d318e14ce677a2eec8f21ef5ba2f9f68a59457

commit af1f084857621f14bd9391aba8033d35886c2455
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Fri Jul 15 05:01:58 2016 +0000

    upstream commit
    
    Reduce the syslog level of some relatively common protocol
    events from LOG_CRIT by replacing fatal() calls with logdie().  Part of
    bz#2585, ok djm@
    
    Upstream-ID: 9005805227c94edf6ac02a160f0e199638d288e5

commit bd5f2b78b69cf38d6049a0de445a79c8595e4a1f
Author: Damien Miller <djm@mindrot.org>
Date:   Fri Jul 15 19:14:48 2016 +1000

    missing openssl/dh.h

commit 4a984fd342effe5f0aad874a0d538c4322d973c0
Author: Damien Miller <djm@mindrot.org>
Date:   Fri Jul 15 18:47:07 2016 +1000

    cast to avoid type warning in error message

commit 5abfb15ced985c340359ae7fb65a625ed3692b3e
Author: Darren Tucker <dtucker@zip.com.au>
Date:   Fri Jul 15 14:48:30 2016 +1000

    Move VA_COPY macro into compat header.
    
    Some AIX compilers unconditionally undefine va_copy but don't set it back
    to an internal function, causing link errors.  In some compat code we
    already use VA_COPY instead so move the two existing instances into the
    shared header and use for sshbuf-getput-basic.c too.  Should fix building
    with at lease some versions of AIX's compiler.  bz#2589, ok djm@

commit 832b7443b7a8e181c95898bc5d73497b7190decd
Author: Damien Miller <djm@mindrot.org>
Date:   Fri Jul 15 14:45:34 2016 +1000

    disable ciphers not supported by OpenSSL
    
    bz#2466 ok dtucker@

commit 5fbe93fc6fbb2fe211e035703dec759d095e3dd8
Author: Damien Miller <djm@mindrot.org>
Date:   Fri Jul 15 13:54:31 2016 +1000

    add a --disable-pkcs11 knob

commit 679ce88ec2a8e2fe6515261c489e8c1449bb9da9
Author: Damien Miller <djm@mindrot.org>
Date:   Fri Jul 15 13:44:38 2016 +1000

    fix newline escaping for unsupported_algorithms
    
    The hmac-ripemd160 was incorrect and could lead to broken
    Makefiles on systems that lacked support for it, but I made
    all the others consistent too.

commit ed877ef653847d056bb433975d731b7a1132a979
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Jul 15 00:24:30 2016 +0000

    upstream commit
    
    Add a ProxyJump ssh_config(5) option and corresponding -J
    ssh(1) command-line flag to allow simplified indirection through a SSH
    bastion or "jump host".
    
    These options construct a proxy command that connects to the
    specified jump host(s) (more than one may be specified) and uses
    port-forwarding to establish a connection to the next destination.
    
    This codifies the safest way of indirecting connections through SSH
    servers and makes it easy to use.
    
    ok markus@
    
    Upstream-ID: fa899cb8b26d889da8f142eb9774c1ea36b04397

commit 5c02dd126206a26785379e80f2d3848e4470b711
Author: Darren Tucker <dtucker@zip.com.au>
Date:   Fri Jul 15 12:56:39 2016 +1000

    Map umac_ctx struct name too.
    
    Prevents size mismatch linker warnings on Solaris 11.

commit 283b97ff33ea2c641161950849931bd578de6946
Author: Darren Tucker <dtucker@zip.com.au>
Date:   Fri Jul 15 13:49:44 2016 +1000

    Mitigate timing of disallowed users PAM logins.
    
    When sshd decides to not allow a login (eg PermitRootLogin=no) and
    it's using PAM, it sends a fake password to PAM so that the timing for
    the failure is not noticeably different whether or not the password
    is correct.  This behaviour can be detected by sending a very long
    password string which is slower to hash than the fake password.
    
    Mitigate by constructing an invalid password that is the same length
    as the one from the client and thus takes the same time to hash.
    Diff from djm@

commit 9286875a73b2de7736b5e50692739d314cd8d9dc
Author: Darren Tucker <dtucker@zip.com.au>
Date:   Fri Jul 15 13:32:45 2016 +1000

    Determine appropriate salt for invalid users.
    
    When sshd is processing a non-PAM login for a non-existent user it uses
    the string from the fakepw structure as the salt for crypt(3)ing the
    password supplied by the client.  That string has a Blowfish prefix, so on
    systems that don't understand that crypt will fail fast due to an invalid
    salt, and even on those that do it may have significantly different timing
    from the hash methods used for real accounts (eg sha512).  This allows
    user enumeration by, eg, sending large password strings.  This was noted
    by EddieEzra.Harari at verint.com (CVE-2016-6210).
    
    To mitigate, use the same hash algorithm that root uses for hashing
    passwords for users that do not exist on the system.  ok djm@

commit a162dd5e58ca5b224d7500abe35e1ef32b5de071
Author: Darren Tucker <dtucker@zip.com.au>
Date:   Thu Jul 14 21:19:59 2016 +1000

    OpenSSL 1.1.x not currently supported.

commit 7df91b01fc558a33941c5c5f31abbcdc53a729fb
Author: Darren Tucker <dtucker@zip.com.au>
Date:   Thu Jul 14 12:25:24 2016 +1000

    Check for VIS_ALL.
    
    If we don't have it, set BROKEN_STRNVIS to activate the compat replacement.

commit ee67716f61f1042d5e67f91c23707cca5dcdd7d0
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Thu Jul 14 01:24:21 2016 +0000

    upstream commit
    
    Correct equal in test.
    
    Upstream-Regress-ID: 4e32f7a5c57a619c4e8766cb193be2a1327ec37a

commit 372807c2065c8572fdc6478b25cc5ac363743073
Author: tb@openbsd.org <tb@openbsd.org>
Date:   Mon Jul 11 21:38:13 2016 +0000

    upstream commit
    
    Add missing "recvfd" pledge promise: Raf Czlonka reported
    ssh coredumps when Control* keywords were set in ssh_config. This patch also
    fixes similar problems with scp and sftp.
    
    ok deraadt, looks good to millert
    
    Upstream-ID: ca2099eade1ef3e87a79614fefa26a0297ad8a3b

commit e0453f3df64bf485c61c7eb6bd12893eee9fe2cd
Author: tedu@openbsd.org <tedu@openbsd.org>
Date:   Mon Jul 11 03:19:44 2016 +0000

    upstream commit
    
    obsolete note about fascistloggin is obsolete. ok djm
    dtucker
    
    Upstream-ID: dae60df23b2bb0e89f42661ddd96a7b0d1b7215a

commit a2333584170a565adf4f209586772ef8053b10b8
Author: Darren Tucker <dtucker@zip.com.au>
Date:   Thu Jul 14 10:59:09 2016 +1000

    Add compat code for missing wcwidth.
    
    If we don't have wcwidth force fallback implementations of nl_langinfo
    and mbtowc.  Based on advice from Ingo Schwarze.

commit 8aaec7050614494014c47510b7e94daf6e644c62
Author: Damien Miller <djm@mindrot.org>
Date:   Thu Jul 14 09:48:48 2016 +1000

    fix missing include for systems with err.h

commit 6310ef27a2567cda66d6cf0c1ad290ee1167f243
Author: Darren Tucker <dtucker@zip.com.au>
Date:   Wed Jul 13 14:42:35 2016 +1000

    Move err.h replacements into compat lib.
    
    Move implementations of err.h replacement functions into their own file
    in the libopenbsd-compat so we can use them in kexfuzz.c too.  ok djm@

commit f3f2cc8386868f51440c45210098f65f9787449a
Author: Darren Tucker <dtucker@zip.com.au>
Date:   Mon Jul 11 17:23:38 2016 +1000

    Check for wchar.h and langinfo.h
    
    Wrap includes in the appropriate #ifdefs.

commit b9c50614eba9d90939b2b119b6e1b7e03b462278
Author: Damien Miller <djm@mindrot.org>
Date:   Fri Jul 8 13:59:13 2016 +1000

    whitelist more architectures for seccomp-bpf
    
    bz#2590 - testing and patch from Jakub Jelen

commit 18813a32b6fd964037e0f5e1893cb4468ac6a758
Author: guenther@openbsd.org <guenther@openbsd.org>
Date:   Mon Jul 4 18:01:44 2016 +0000

    upstream commit
    
    DEBUGLIBS has been broken since the gcc4 switch, so delete
    it.  CFLAGS contains -g by default anyway
    
    problem noted by Edgar Pettijohn (edgar (at) pettijohn-web.com)
    ok millert@ kettenis@ deraadt@
    
    Upstream-Regress-ID: 4a0bb72f95c63f2ae9daa8a040ac23914bddb542

commit 6d31193d0baa3da339c196ac49625b7ba1c2ecc7
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Jul 8 03:44:42 2016 +0000

    upstream commit
    
    Improve crypto ordering for Encrypt-then-MAC (EtM) mode
    MAC algorithms.
    
    Previously we were computing the MAC, decrypting the packet and then
    checking the MAC. This gave rise to the possibility of creating a
    side-channel oracle in the decryption step, though no such oracle has
    been identified.
    
    This adds a mac_check() function that computes and checks the MAC in
    one pass, and uses it to advance MAC checking for EtM algorithms to
    before payload decryption.
    
    Reported by Jean Paul Degabriele, Kenny Paterson, Torben Hansen and
    Martin Albrecht. feedback and ok markus@
    
    Upstream-ID: 1999bb67cab47dda5b10b80d8155fe83d4a1867b

commit 71f5598f06941f645a451948c4a5125c83828e1c
Author: guenther@openbsd.org <guenther@openbsd.org>
Date:   Mon Jul 4 18:01:44 2016 +0000

    upstream commit
    
    DEBUGLIBS has been broken since the gcc4 switch, so
    delete it.  CFLAGS contains -g by default anyway
    
    problem noted by Edgar Pettijohn (edgar (at) pettijohn-web.com)
    ok millert@ kettenis@ deraadt@
    
    Upstream-ID: 96c5054e3e1f170c6276902d5bc65bb3b87a2603

commit e683fc6f1c8c7295648dbda679df8307786ec1ce
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Thu Jun 30 05:17:05 2016 +0000

    upstream commit
    
    Explicitly check for 100% completion to avoid potential
    floating point rounding error, which could cause progressmeter to report 99%
    on completion. While there invert the test so the 100% case is clearer.  with
    & ok djm@
    
    Upstream-ID: a166870c5878e422f3c71ff802e2ccd7032f715d

commit 772e6cec0ed740fc7db618dc30b4134f5a358b43
Author: jmc@openbsd.org <jmc@openbsd.org>
Date:   Wed Jun 29 17:14:28 2016 +0000

    upstream commit
    
    sort the -o list;
    
    Upstream-ID: 1a97465ede8790b4d47cb618269978e07f41f8ac

commit 46ecd19e554ccca15a7309cd1b6b44bc8e6b84af
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Thu Jun 23 05:17:51 2016 +0000

    upstream commit
    
    fix AuthenticationMethods during configuration re-parse;
    reported by Juan Francisco Cantero Hurtado
    
    Upstream-ID: 8ffa1dac25c7577eca8238e825317ab20848f9b4

commit 3147e7595d0f2f842a666c844ac53e6c7a253d7e
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Sun Jun 19 07:48:02 2016 +0000

    upstream commit
    
    revert 1.34; causes problems loading public keys
    
    reported by semarie@
    
    Upstream-ID: b393794f8935c8b15d98a407fe7721c62d2ed179

commit ad23a75509f4320d43f628c50f0817e3ad12bfa7
Author: jmc@openbsd.org <jmc@openbsd.org>
Date:   Fri Jun 17 06:33:30 2016 +0000

    upstream commit
    
    grammar fix;
    
    Upstream-ID: 5d5b21c80f1e81db367333ce0bb3e5874fb3e463

commit 5e28b1a2a3757548b40018cc2493540a17c82e27
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Jun 17 05:06:23 2016 +0000

    upstream commit
    
    translate OpenSSL error codes to something more
    meaninful; bz#2522 reported by Jakub Jelen, ok dtucker@
    
    Upstream-ID: 4cb0795a366381724314e6515d57790c5930ffe5

commit b64faeb5eda7eff8210c754d00464f9fe9d23de5
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Jun 17 05:03:40 2016 +0000

    upstream commit
    
    ban AuthenticationMethods="" and accept
    AuthenticationMethods=any for the default behaviour of not requiring multiple
    authentication
    
    bz#2398 from Jakub Jelen; ok dtucker@
    
    Upstream-ID: fabd7f44d59e4518d241d0d01e226435cc23cf27

commit 9816fc5daee5ca924dd5c4781825afbaab728877
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Thu Jun 16 11:00:17 2016 +0000

    upstream commit
    
    Include stdarg.h for va_copy as per man page.
    
    Upstream-ID: 105d6b2f1af2fbd9d91c893c436ab121434470bd

commit b6cf84b51bc0f5889db48bf29a0c771954ade283
Author: jmc@openbsd.org <jmc@openbsd.org>
Date:   Thu Jun 16 06:10:45 2016 +0000

    upstream commit
    
    keys stored in openssh format can have comments too; diff
    from yonas yanfa, tweaked a bit;
    
    ok djm
    
    Upstream-ID: 03d48536da6e51510d73ade6fcd44ace731ceb27

commit aa37768f17d01974b6bfa481e5e83841b6c76f86
Author: Darren Tucker <dtucker@zip.com.au>
Date:   Mon Jun 20 15:55:34 2016 +1000

    get_remote_name_or_ip inside LOGIN_NEEDS_UTMPX
    
    Apply the same get_remote_name_or_ip -> session_get_remote_name_or_ip
    change as commit 95767262 to the code inside #ifdef LOGIN_NEEDS_UTMPX.
    Fixes build on AIX.

commit 009891afc8df37bc2101e15d1e0b6433cfb90549
Author: Darren Tucker <dtucker@zip.com.au>
Date:   Fri Jun 17 14:34:09 2016 +1000

    Remove duplicate code from PAM.  ok djm@

commit e690fe85750e93fca1fb7c7c8587d4130a4f7aba
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Wed Jun 15 00:40:40 2016 +0000

    upstream commit
    
    Remove "POSSIBLE BREAK-IN ATTEMPT!" from log message
    about forward and reverse DNS not matching.  We haven't supported IP-based
    auth methods for a very long time so it's now misleading.  part of bz#2585,
    ok markus@
    
    Upstream-ID: 5565ef0ee0599b27f0bd1d3bb1f8a323d8274e29

commit 57b4ee04cad0d3e0fec1194753b0c4d31e39a1cd
Author: Darren Tucker <dtucker@zip.com.au>
Date:   Wed Jun 15 11:22:38 2016 +1000

    Move platform_disable_tracing into its own file.
    
    Prevents link errors resolving the extern "options" when platform.o
    gets linked into ssh-agent when building --with-pam.

commit 78dc8e3724e30ee3e1983ce013e80277dc6ca070
Author: Darren Tucker <dtucker@zip.com.au>
Date:   Tue Jun 14 13:55:12 2016 +1000

    Track skipped upstream commit IDs.
    
    There are a small number of "upstream" commits that do not correspond to
    a file in -portable.  This file tracks those so that we can reconcile
    OpenBSD and Portable to ensure that no commits are accidentally missed.
    
    If you add something to .skipped-commit-ids please also add an upstream
    ID line in the following format when you commit it.
    
        Upstream-ID: 321065a95a7ccebdd5fd08482a1e19afbf524e35
        Upstream-ID: d4f699a421504df35254cf1c6f1a7c304fb907ca
        Upstream-ID: aafe246655b53b52bc32c8a24002bc262f4230f7
        Upstream-ID: 8fa9cd1dee3c3339ae329cf20fb591db6d605120
        Upstream-ID: f31327a48dd4103333cc53315ec53fe65ed8a17a
        Upstream-ID: edbfde98c40007b7752a4ac106095e060c25c1ef
        Upstream-ID: 052fd565e3ff2d8cec3bc957d1788f50c827f8e2
        Upstream-ID: 7cf73737f357492776223da1c09179fa6ba74660
        Upstream-ID: 180d84674be1344e45a63990d60349988187c1ae
        Upstream-ID: f6ae971186ba68d066cd102e57d5b0b2c211a5ee

commit 9f919d1a3219d476d6a662d18df058e1c4f36a6f
Author: Darren Tucker <dtucker@zip.com.au>
Date:   Tue Jun 14 13:51:01 2016 +1000

    Remove now-defunct .cvsignore files. ok djm

commit 68777faf271efb2713960605c748f6c8a4b26d55
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Wed Jun 8 02:13:01 2016 +0000

    upstream commit
    
    Back out rev 1.28 "Check min and max sizes sent by the
    client" change. It caused "key_verify failed for server_host_key" in clients
    that send a DH-GEX min value less that DH_GRP_MIN, eg old OpenSSH and PuTTY.
    ok djm@
    
    Upstream-ID: 452979d3ca5c1e9dff063287ea0a5314dd091f65

commit a86ec4d0737ac5879223e7cd9d68c448df46e169
Author: Darren Tucker <dtucker@zip.com.au>
Date:   Tue Jun 14 10:48:27 2016 +1000

    Use Solaris setpflags(__PROC_PROTECT, ...).
    
    Where possible, use Solaris setpflags to disable process tracing on
    ssh-agent and sftp-server.  bz#2584, based on a patch from huieying.lee
    at oracle.com, ok djm.

commit 0f916d39b039fdc0b5baf9b5ab0754c0f11ec573
Author: Darren Tucker <dtucker@zip.com.au>
Date:   Tue Jun 14 10:43:53 2016 +1000

    Shorten prctl code a tiny bit.

commit 0fb7f5985351fbbcd2613d8485482c538e5123be
Author: Darren Tucker <dtucker@zip.com.au>
Date:   Thu Jun 9 16:23:07 2016 +1000

    Move prctl PR_SET_DUMPABLE into platform.c.
    
    This should make it easier to add additional platform support such as
    Solaris (bz#2584).

commit e6508898c3cd838324ecfe1abd0eb8cf802e7106
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Fri Jun 3 04:10:41 2016 +0000

    upstream commit
    
    Add a test for ssh(1)'s config file parsing.
    
    Upstream-Regress-ID: 558b7f4dc45cc3761cc3d3e889b9f3c5bc91e601

commit ab0a536066dfa32def0bd7272c096ebb5eb25b11
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Fri Jun 3 03:47:59 2016 +0000

    upstream commit
    
    Add 'sshd' to the test ID as I'm about to add a similar
     set for ssh.
    
    Upstream-Regress-ID: aea7a9c3bac638530165c801ce836875b228ae7a

commit a5577c1ed3ecdfe4b7b1107c526cae886fc91afb
Author: schwarze@openbsd.org <schwarze@openbsd.org>
Date:   Mon May 30 12:14:08 2016 +0000

    upstream commit
    
    stricter malloc.conf(5) options for utf8 tests
    
    Upstream-Regress-ID: 111efe20a0fb692fa1a987f6e823310f9b25abf6

commit 75f0844b4f29d62ec3a5e166d2ee94b02df819fc
Author: schwarze@openbsd.org <schwarze@openbsd.org>
Date:   Mon May 30 12:05:56 2016 +0000

    upstream commit
    
    Fix two rare edge cases: 1. If vasprintf() returns < 0,
     do not access a NULL pointer in snmprintf(), and do not free() the pointer
     returned from vasprintf() because on some systems other than OpenBSD, it
     might be a bogus pointer. 2. If vasprintf() returns == 0, return 0 and ""
     rather than -1 and NULL.
    
    Besides, free(dst) is pointless after failure (not a bug).
    
    One half OK martijn@, the other half OK deraadt@;
    committing quickly before people get hurt.
    
    Upstream-Regress-ID: b164f20923812c9bac69856dbc1385eb1522cba4

commit 016881eb33a7948028848c90f4c7ac42e3af0e87
Author: schwarze@openbsd.org <schwarze@openbsd.org>
Date:   Thu May 26 19:14:25 2016 +0000

    upstream commit
    
    test the new utf8 module
    
    Upstream-Regress-ID: c923d05a20e84e4ef152cbec947fdc4ce6eabbe3

commit d4219028bdef448e089376f3afe81ef6079da264
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Tue May 3 15:30:46 2016 +0000

    upstream commit
    
    Set umask to prevent "Bad owner or permissions" errors.
    
    Upstream-Regress-ID: 8fdf2fc4eb595ccd80c443f474d639f851145417

commit 07d5608bb237e9b3fe86a2aeaa429392230faebf
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Tue May 3 14:41:04 2016 +0000

    upstream commit
    
    support doas
    
    Upstream-Regress-ID: 8d5572b27ea810394eeda432d8b4e9e1064a7c38

commit 01cabf10adc7676cba5f40536a34d3b246edb73f
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Tue May 3 13:48:33 2016 +0000

    upstream commit
    
    unit tests for sshbuf_dup_string()
    
    Upstream-Regress-ID: 7521ff150dc7f20511d1c2c48fd3318e5850a96d

commit 6915f1698e3d1dd4e22eac20f435e1dfc1d46372
Author: jmc@openbsd.org <jmc@openbsd.org>
Date:   Fri Jun 3 06:44:12 2016 +0000

    upstream commit
    
    tweak previous;
    
    Upstream-ID: 92979f1a0b63e041a0e5b08c9ed0ba9b683a3698

commit 0cb2f4c2494b115d0f346ed2d8b603ab3ba643f4
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Fri Jun 3 04:09:38 2016 +0000

    upstream commit
    
    Allow ExitOnForwardFailure and ClearAllForwardings to be
     overridden when using ssh -W (but still default to yes in that case).
     bz#2577, ok djm@.
    
    Upstream-ID: 4b20c419e93ca11a861c81c284090cfabc8c54d4

commit 8543ff3f5020fe659839b15f05b8c522bde6cee5
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Fri Jun 3 03:14:41 2016 +0000

    upstream commit
    
    Move the host and port used by ssh -W into the Options
     struct. This will make future changes a bit easier.  ok djm@
    
    Upstream-ID: 151bce5ecab2fbedf0d836250a27968d30389382

commit 6b87311d3acdc460f926b2c40f4c4f3fd345f368
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Wed Jun 1 04:19:49 2016 +0000

    upstream commit
    
    Check min and max sizes sent by the client against what
     we support before passing them to the monitor.  ok djm@
    
    Upstream-ID: 750627e8117084215412bff00a25b1586ab17ece

commit 564cd2a8926ccb1dca43a535073540935b5e0373
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Tue May 31 23:46:14 2016 +0000

    upstream commit
    
    Ensure that the client's proposed DH-GEX max value is at
     least as big as the minimum the server will accept.  ok djm@
    
    Upstream-ID: b4b84fa04aab2de7e79a6fee4a6e1c189c0fe775

commit df820722e40309c9b3f360ea4ed47a584ed74333
Author: Darren Tucker <dtucker@zip.com.au>
Date:   Mon Jun 6 11:36:13 2016 +1000

    Add compat bits to utf8.c.

commit 05c6574652571becfe9d924226c967a3f4b3f879
Author: Darren Tucker <dtucker@zip.com.au>
Date:   Mon Jun 6 11:33:43 2016 +1000

    Fix utf->utf8 typo.

commit 6c1717190b4d5ddd729cd9e24e8ed71ed4f087ce
Author: schwarze@openbsd.org <schwarze@openbsd.org>
Date:   Mon May 30 18:34:41 2016 +0000

    upstream commit
    
    Backout rev. 1.43 for now.
    
    The function update_progress_meter() calls refresh_progress_meter()
    which calls snmprintf() which calls malloc(); but update_progress_meter()
    acts as the SIGALRM signal handler.
    
    "malloc(): error: recursive call" reported by sobrado@.
    
    Upstream-ID: aaae57989431e5239c101f8310f74ccc83aeb93e

commit cd9e1eabeb4137182200035ab6fa4522f8d24044
Author: schwarze@openbsd.org <schwarze@openbsd.org>
Date:   Mon May 30 12:57:21 2016 +0000

    upstream commit
    
    Even when only writing an unescaped character, the dst
     buffer may need to grow, or it would be overrun; issue found by tb@ with
     malloc.conf(5) 'C'.
    
    While here, reserve an additional byte for the terminating NUL
    up front such that we don't have to realloc() later just for that.
    
    OK tb@
    
    Upstream-ID: 30ebcc0c097c4571b16f0a78b44969f170db0cff

commit ac284a355f8065eaef2a16f446f3c44cdd17371d
Author: schwarze@openbsd.org <schwarze@openbsd.org>
Date:   Mon May 30 12:05:56 2016 +0000

    upstream commit
    
    Fix two rare edge cases: 1. If vasprintf() returns < 0,
     do not access a NULL pointer in snmprintf(), and do not free() the pointer
     returned from vasprintf() because on some systems other than OpenBSD, it
     might be a bogus pointer. 2. If vasprintf() returns == 0, return 0 and ""
     rather than -1 and NULL.
    
    Besides, free(dst) is pointless after failure (not a bug).
    
    One half OK martijn@, the other half OK deraadt@;
    committing quickly before people get hurt.
    
    Upstream-ID: b7bcd2e82fc168a8eff94e41f5db336ed986fed0

commit 0e059cdf5fd86297546c63fa8607c24059118832
Author: schwarze@openbsd.org <schwarze@openbsd.org>
Date:   Wed May 25 23:48:45 2016 +0000

    upstream commit
    
    To prevent screwing up terminal settings when printing to
     the terminal, for ASCII and UTF-8, escape bytes not forming characters and
     bytes forming non-printable characters with vis(3) VIS_OCTAL. For other
     character sets, abort printing of the current string in these cases.  In
     particular, * let scp(1) respect the local user's LC_CTYPE locale(1); *
     sanitize data received from the remote host; * sanitize filenames, usernames,
     and similar data even locally; * take character display widths into account
     for the progressmeter.
    
    This is believed to be sufficient to keep the local terminal safe
    on OpenBSD, but bad things can still happen on other systems with
    state-dependent locales because many places in the code print
    unencoded ASCII characters into the output stream.
    
    Using feedback from djm@ and martijn@,
    various aspects discussed with many others.
    
    deraadt@ says it should go in now, i probably already hesitated too long
    
    Upstream-ID: e66afbc94ee396ddcaffd433b9a3b80f387647e0

commit 8c02e3639acefe1e447e293dbe23a0917abd3734
[--snip--]
