commit a0349a1cc4a18967ad1dbff5389bcdf9da098814
Author: Damien Miller <djm@mindrot.org>
Date:   Mon Apr 2 15:38:28 2018 +1000

    update versions in .spec files

commit 816ad38f79792f5617e3913be306ddb27e91091c
Author: Damien Miller <djm@mindrot.org>
Date:   Mon Apr 2 15:38:20 2018 +1000

    update version number

commit 2c71ca1dd1efe458cb7dee3f8a1a566f913182c2
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Fri Mar 30 18:23:07 2018 +1100

    Disable native strndup and strnlen on AIX.
    
    On at least some revisions of AIX, strndup returns unterminated strings
    under some conditions, apparently because strnlen returns incorrect
    values in those cases.  Disable both on AIX and use the replacements
    from openbsd-compat.  Fixes problem with ECDSA keys there, ok djm.

commit 6b5a17bc14e896e3904dc58d889b58934cfacd24
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Mon Mar 26 13:12:44 2018 +1100

    Include ssh_api.h for struct ssh.
    
    struct ssh is needed by implementations of sys_auth_passwd() that were
    converted in commit bba02a50.  Needed to fix build on AIX, I assume for
    the other platforms too (although it should be harmless if not needed).

commit bc3f80e4d191b8e48650045dfa8a682cd3aabd4d
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Mon Mar 26 12:58:09 2018 +1100

    Remove UNICOS code missed during removal.
    
    Fixes compile error on AIX.

commit 9d57762c24882e2f000a21a0ffc8c5908a1fa738
Author: markus@openbsd.org <markus@openbsd.org>
Date:   Sat Mar 24 19:29:03 2018 +0000

    upstream: openssh-7.7
    
    OpenBSD-Commit-ID: 274e614352460b9802c905f38fb5ea7ed5db3d41

commit 4b7d8acdbbceef247dc035e611e577174ed8a87e
Author: Damien Miller <djm@mindrot.org>
Date:   Mon Mar 26 09:37:02 2018 +1100

    Remove authinfo.sh test dependency on printenv
    
    Some platforms lack printenv in the default $PATH.
    Reported by Tom G. Christensen

commit 4afeaf3dcb7dc70efd98fcfcb0ed28a6b40b820e
Author: Tim Rice <tim@multitalents.net>
Date:   Sun Mar 25 10:00:21 2018 -0700

            Use libiaf on all sysv5 systems

commit bba02a5094b3db228ceac41cb4bfca165d0735f3
Author: Tim Rice <tim@multitalents.net>
Date:   Sun Mar 25 09:17:33 2018 -0700

            modified:   auth-sia.c
            modified:   openbsd-compat/port-aix.c
            modified:   openbsd-compat/port-uw.c
    
            propogate changes to auth-passwd.c in commit
            7c856857607112a3dfe6414696bf4c7ab7fb0cb3 to other providers
            of sys_auth_passwd()

commit d7a7a39168bdfe273587bf85d779d60569100a3f
Author: markus@openbsd.org <markus@openbsd.org>
Date:   Sat Mar 24 19:29:03 2018 +0000

    upstream: openssh-7.7
    
    OpenBSD-Commit-ID: 274e614352460b9802c905f38fb5ea7ed5db3d41

commit 9efcaaac314c611c6c0326e8bac5b486c424bbd2
Author: markus@openbsd.org <markus@openbsd.org>
Date:   Sat Mar 24 19:28:43 2018 +0000

    upstream: fix bogus warning when signing cert keys using agent;
    
    from djm; ok deraadt dtucker
    
    OpenBSD-Commit-ID: 12e50836ba2040042383a8b71e12d7ea06e9633d

commit 393436024d2e4b4c7a01f9cfa5854e7437896d11
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Sun Mar 25 09:40:46 2018 +1100

    Replace /dev/stdin with "-".
    
    For some reason sftp -b doesn't work with /dev/stdin on Cygwin, as noted
    and suggested by vinschen at redhat.com.

commit b5974de1a1d419e316ffb6524b1b277dda2f3b49
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Fri Mar 23 13:21:14 2018 +1100

    Provide $OBJ to paths in PuTTY interop tests.

commit dc31e79454e9b9140b33ad380565fdb59b9c4f33
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Fri Mar 16 09:06:31 2018 +0000

    upstream: Tell puttygen to use /dev/urandom instead of /dev/random. On
    
    OpenBSD they are both non-blocking, but on many other -portable platforms it
    blocks, stalling tests.
    
    OpenBSD-Regress-ID: 397d0d4c719c353f24d79f5b14775e0cfdf0e1cc

commit cb1f94431ef319cd48618b8b771b58739a8210cf
Author: markus@openbsd.org <markus@openbsd.org>
Date:   Thu Mar 22 07:06:11 2018 +0000

    upstream: ssh/xmss: fix build; ok djm@
    
    OpenBSD-Commit-ID: c9374ca41d4497f1c673ab681cc33f6e7c5dd186

commit 27979da9e4074322611355598f69175b9ff10d39
Author: markus@openbsd.org <markus@openbsd.org>
Date:   Thu Mar 22 07:05:48 2018 +0000

    upstream: ssh/xmss: fix deserialize for certs; ok djm@
    
    OpenBSD-Commit-ID: f44c41636c16ec83502039828beaf521c057dddc

commit c6cb2565c9285eb54fa9dfbb3890f5464aff410f
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Thu Mar 22 17:00:28 2018 +1100

    Save $? before case statement.
    
    In some shells (FreeBSD 9, ash) the case statement resets $?, so save
    for later testing.

commit 4c4e7f783b43b264c247233acb887ee10ed4ce4d
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Wed Mar 14 05:35:40 2018 +0000

    upstream: rename recently-added "valid-before" key restriction to
    
    "expiry-time" as the former is confusing wrt similar terminology in X.509;
    pointed out by jsing@
    
    OpenBSD-Regress-ID: ac8b41dbfd90cffd525d58350c327195b0937793

commit 500396b204c58e78ad9d081516a365a9f28dc3fd
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Mon Mar 12 00:56:03 2018 +0000

    upstream: check valid-before option in authorized_keys
    
    OpenBSD-Regress-ID: 7e1e4a84f7f099a290e5a4cbf4196f90ff2d7e11

commit a76b5d26c2a51d7dd7a5164e683ab3f4419be215
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Mon Mar 12 00:54:04 2018 +0000

    upstream: explicitly specify RSA/SHA-2 keytype here too
    
    OpenBSD-Regress-ID: 74d7b24e8c72c27af6b481198344eb077e993a62

commit 3a43297ce29d37c64e37c7e21282cb219e28d3d1
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Mon Mar 12 00:52:57 2018 +0000

    upstream: exlicitly include RSA/SHA-2 keytypes in
    
    PubkeyAcceptedKeyTypes here
    
    OpenBSD-Regress-ID: 954d19e0032a74e31697fb1dc7e7d3d1b2d65fe9

commit 037fdc1dc2d68e1d43f9c9e2586c02cabc8f7cc8
Author: jmc@openbsd.org <jmc@openbsd.org>
Date:   Wed Mar 14 06:56:20 2018 +0000

    upstream: sort expiry-time;
    
    OpenBSD-Commit-ID: 8c7d82ee1e63e26ceb2b3d3a16514019f984f6bf

commit abc0fa38c9bc136871f28e452c3465c3051fc785
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Wed Mar 14 05:35:40 2018 +0000

    upstream: rename recently-added "valid-before" key restriction to
    
    "expiry-time" as the former is confusing wrt similar terminology in X.509;
    pointed out by jsing@
    
    OpenBSD-Commit-ID: 376939466a1f562f3950a22314bc6505733aaae6

commit bf0fbf2b11a44f06a64b620af7d01ff171c28e13
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Mon Mar 12 00:52:01 2018 +0000

    upstream: add valid-before="[time]" authorized_keys option. A
    
    simple way of giving a key an expiry date. ok markus@
    
    OpenBSD-Commit-ID: 1793b4dd5184fa87f42ed33c7b0f4f02bc877947

commit fbd733ab7adc907118a6cf56c08ed90c7000043f
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Mon Mar 12 19:17:26 2018 +1100

    Add AC_LANG_PROGRAM to AC_COMPILE_IFELSE.
    
    The recently added MIPS ABI tests need AC_LANG_PROGRAM to prevent
    warnings from autoconf.  Pointed out by klausz at haus-gisela.de.

commit c7c458e8261b04d161763cd333d74e7a5842e917
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Wed Mar 7 23:53:08 2018 +0000

    upstream: revert recent strdelim() change, it causes problems with
    
    some configs.
    
    revision 1.124
    date: 2018/03/02 03:02:11;  author: djm;  state: Exp;  lines: +19 -8;  commitid: nNRsCijZiGG6SUTT;
    Allow escaped quotes \" and \' in ssh_config and sshd_config quotes
    option strings. bz#1596 ok markus@
    
    OpenBSD-Commit-ID: 59c40b1b81206d713c06b49d8477402c86babda5

commit 0bcd871ccdf3baf2b642509ba4773d5be067cfa2
Author: jmc@openbsd.org <jmc@openbsd.org>
Date:   Mon Mar 5 07:03:18 2018 +0000

    upstream: move the input format details to -f; remove the output
    
    format details and point to sshd(8), where it is documented;
    
    ok dtucker
    
    OpenBSD-Commit-ID: 95f17e47dae02a6ac7329708c8c893d4cad0004a

commit 45011511a09e03493568506ce32f4891a174a3bd
Author: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Date:   Tue Jun 20 16:42:28 2017 +0100

    configure.ac: properly set seccomp_audit_arch for MIPS64
    
    Currently seccomp_audit_arch is set to AUDIT_ARCH_MIPS64 or
    AUDIT_ARCH_MIPSEL64 (depending on the endinness) when openssh is built
    for MIPS64. However, that's only valid for n64 ABI. The right macros for
    n32 ABI defined in seccomp.h are AUDIT_ARCH_MIPS64N32 and
    AUDIT_ARCH_MIPSEL64N32, for big and little endian respectively.
    
    Because of that an sshd built for MIPS64 n32 rejects connection attempts
    and the output of strace reveals that the problem is related to seccomp
    audit:
    
    [pid   194] prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, {len=57,
    filter=0x555d5da0}) = 0
    [pid   194] write(7, "\0\0\0]\0\0\0\5\0\0\0Ulist_hostkey_types: "..., 97) = ?
    [pid   193] <... poll resumed> )        = 2 ([{fd=5, revents=POLLIN|POLLHUP},
    {fd=6, revents=POLLHUP}])
    [pid   194] +++ killed by SIGSYS +++
    
    This patch fixes that problem by setting the right value to
    seccomp_audit_arch taking into account the MIPS64 ABI.
    
    Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>

commit 580086704c31de91dc7ba040a28e416bf1fefbca
Author: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Date:   Tue Jun 20 16:42:11 2017 +0100

    configure.ac: detect MIPS ABI
    
    Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>

commit cd4e937aa701f70366cd5b5969af525dff6fdf15
Author: Alan Yee <alyee@ucsd.edu>
Date:   Wed Mar 7 15:12:14 2018 -0800

    Use https URLs for links that support it.

commit c0a0c3fc4a76b682db22146b28ddc46566db1ce9
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Mon Mar 5 20:03:07 2018 +1100

    Disable UTMPX on SunOS4.

commit 58fd4c5c0140f6636227ca7acbb149ab0c2509b9
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Mon Mar 5 19:28:08 2018 +1100

    Check for and work around buggy fflush(NULL).
    
    Some really old platforms (eg SunOS4) segfault on fflush(NULL) so check
    for and work around.  With klausz at haus-gisela.de.

commit 71e48bc7945f867029e50e06c665c66aed6d3c64
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Mon Mar 5 10:22:32 2018 +1100

    Remove extra XMSS #endif
    
    Extra #endif breaks compile with -DWITH_XMSS.  Pointed out by Jack
    Schmidt via github.

commit 055e09e2212ff52067786bf6d794ca9512ff7f0c
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Sat Mar 3 06:37:53 2018 +0000

    upstream: Update RSA minimum modulus size to 1024. sshkey.h rev 1.18
    
    bumped the minimum from 768 to 1024, update man page accordingly.
    
    OpenBSD-Commit-ID: 27563ab4e866cd2aac40a5247876f6787c08a338

commit 7e4fadd3248d6bb7d39d6688c76a613d35d2efc1
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Sun Mar 4 01:46:48 2018 +0000

    upstream: for the pty control tests, just check that the PTY path
    
    points to something in /dev (rather than checking the device node itself);
    makes life easier for portable, where systems with dynamic ptys can delete
    nodes before we get around to testing their existence.
    
    OpenBSD-Regress-ID: b1e455b821e62572bccd98102f8dd9d09bb94994

commit 13ef4cf53f24753fe920832b990b25c9c9cd0530
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Sat Mar 3 16:21:20 2018 +1100

    Update PAM password change to new opts API.

commit 33561e68e0b27366cb769295a077aabc6a49d2a1
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Sat Mar 3 14:56:09 2018 +1100

    Add strndup for platforms that need it.
    
    Some platforms don't have strndup, which includes Solaris 10, NetBSD 3
    and FreeBSD 6.

commit e8a17feba95eef424303fb94441008f6c5347aaf
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Sat Mar 3 14:49:07 2018 +1100

    Flatten and alphabetize object file lists.
    
    This will make maintenance and changes easier.  "no objection" tim@

commit de1920d743d295f50e6905e5957c4172c038e8eb
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Sat Mar 3 03:16:17 2018 +0000

    upstream: unit tests for new authorized_keys options API
    
    OpenBSD-Regress-ID: 820f9ec9c6301f6ca330ad4052d85f0e67d0bdc1

commit dc3e92df17556dc5b0ab19cee8dcb2a6ba348717
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Mar 2 02:53:27 2018 +0000

    upstream: fix testing of pty option, include positive test and
    
    testing of restrict keyword
    
    OpenBSD-Regress-ID: 4268f27c2706a0a95e725d9518c5bcbec9814c6d

commit 3d1edd1ebbc0aabea8bbe61903060f37137f7c61
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Mar 2 02:51:55 2018 +0000

    upstream: better testing for port-forwarding and restrict flags in
    
    authorized_keys
    
    OpenBSD-Regress-ID: ee771df8955f2735df54746872c6228aff381daa

commit 7c856857607112a3dfe6414696bf4c7ab7fb0cb3
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Sat Mar 3 03:15:51 2018 +0000

    upstream: switch over to the new authorized_keys options API and
    
    remove the legacy one.
    
    Includes a fairly big refactor of auth2-pubkey.c to retain less state
    between key file lines.
    
    feedback and ok markus@
    
    OpenBSD-Commit-ID: dece6cae0f47751b9892080eb13d6625599573df

commit 90c4bec8b5f9ec4c003ae4abdf13fc7766f00c8b
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Sat Mar 3 03:06:02 2018 +0000

    upstream: Introduce a new API for handling authorized_keys options.
    
    This API parses options to a dedicated structure rather than the old API's
    approach of setting global state. It also includes support for merging
    options, e.g. from authorized_keys, authorized_principals and/or
    certificates.
    
    feedback and ok markus@
    
    OpenBSD-Commit-ID: 98badda102cd575210d7802943e93a34232c80a2

commit 26074380767e639ef89321610e146ae11016b385
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Sat Mar 3 03:01:50 2018 +0000

    upstream: warn when the agent returns a signature type that was
    
    different to what was requested. This might happen when an old/non-OpenSSH
    agent is asked to make a rsa-sha2-256/512 signature but only supports
    ssh-rsa. bz#2799 feedback and ok markus@
    
    OpenBSD-Commit-ID: 760c0f9438c5c58abc16b5f98008ff2d95cb13ce

commit f493d2b0b66fb003ed29f31dd66ff1aeb64be1fc
Author: jmc@openbsd.org <jmc@openbsd.org>
Date:   Fri Mar 2 21:40:15 2018 +0000

    upstream: apply a lick of paint; tweaks/ok dtucker
    
    OpenBSD-Commit-ID: 518a6736338045e0037f503c21027d958d05e703

commit 713d9cb510e0e7759398716cbe6dcf43e574be71
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Mar 2 03:02:11 2018 +0000

    upstream: Allow escaped quotes \" and \' in ssh_config and
    
    sshd_config quotes option strings. bz#1596 ok markus@
    
    OpenBSD-Commit-ID: dd3a29fc2dc905e8780198e5a6a30b096de1a1cb

commit 94b4e2d29afaaaef89a95289b16c18bf5627f7cd
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Mar 2 02:08:03 2018 +0000

    upstream: refactor sshkey_read() to make it a little more, err,
    
    readable. ok markus
    
    OpenBSD-Commit-ID: 2e9247b5762fdac3b6335dc606d3822121714c28

commit 5886b92968b360623491699247caddfb77a74d80
Author: markus@openbsd.org <markus@openbsd.org>
Date:   Thu Mar 1 20:32:16 2018 +0000

    upstream: missing #ifdef for _PATH_HOST_XMSS_KEY_FILE; report by
    
    jmc@
    
    OpenBSD-Commit-ID: 9039cb69a3f9886bfef096891a9e7fcbd620280b

commit 3b36bed3d26f17f6a2b7e036e01777770fe1bcd4
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Mon Feb 26 12:14:53 2018 +0000

    upstream: Remove unneeded (local) include. ok markus@
    
    OpenBSD-Commit-ID: 132812dd2296b1caa8cb07d2408afc28e4e60f93

commit 27b9f3950e0289e225b57b7b880a8f1859dcd70b
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Mon Feb 26 03:56:44 2018 +0000

    upstream: Add $OpenBSD$ markers to xmss files to help keep synced
    
    with portable. ok djm@.
    
    OpenBSD-Commit-ID: 5233a27aafd1dfadad4b957225f95ae51eb365c1

commit afd830847a82ebbd5aeab05bad6d2c8ce74df1cd
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Mon Feb 26 03:03:05 2018 +0000

    upstream: Add newline at end of file to prevent compiler warnings.
    
    OpenBSD-Commit-ID: 52f247d4eafe840c7c14c8befa71a760a8eeb063

commit 941e0d3e9bb8d5e4eb70cc694441445faf037c84
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Wed Feb 28 19:59:35 2018 +1100

    Add WITH_XMSS, move to prevent conflicts.
    
    Add #ifdef WITH_XMSS to ssh-xmss.c, move it in the other files to after
    includes.h so it's less likely to conflict and will pick up WITH_XMSS if
    added to config.h.

commit a10d8552d0d2438da4ed539275abcbf557d1e7a8
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Tue Feb 27 14:45:17 2018 +1100

    Conditionally compile XMSS code.
    
    The XMSS code is currently experimental and, unlike the rest of OpenSSH
    cannot currently be compiled with a c89 compiler.

commit 146c3bd28c8dbee9c4b06465d9c9facab96b1e9b
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Mon Feb 26 12:51:29 2018 +1100

    Check dlopen has RTLD_NOW before enabling pkcs11.

commit 1323f120d06a26074c4d154fcbe7f49bcad3d741
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Tue Feb 27 08:41:25 2018 +1100

    Check for attributes on prototype args.
    
    Some compilers (gcc 2.9.53, 3.0 and probably others, see gcc bug #3481)
    do not accept __attribute__ on function pointer prototype args.  Check for
    this and hide them if they're not accepted.

commit f0b245b0439e600fab782d19e97980e9f2c2533c
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Mon Feb 26 11:43:48 2018 +1100

    Check if HAVE_DECL_BZERO correctly.

commit c7ef4a399155e1621a532cc5e08e6fa773658dd4
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Mon Feb 26 17:42:56 2018 +1100

    Wrap <stdint.h> in #ifdef HAVE_STDINT_H.

commit ac53ce46cf8165cbda7f57ee045f9f32e1e92b31
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Mon Feb 26 16:24:23 2018 +1100

    Replace $(CURDIR) with $(PWD).
    
    The former doesn't work on Solaris or BSDs.

commit 534b2680a15d14e7e60274d5b29b812d44cc5a44
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Mon Feb 26 14:51:59 2018 +1100

    Comment out hexdump().
    
    Nothing currently uses them but they cause conflicts on at least
    FreeBSD, possibly others.  ok djm@

commit 5aea4aa522f61bb2f34c3055a7de203909dfae77
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Mon Feb 26 14:39:14 2018 +1100

    typo: missing ;

commit cd3ab57f9b388f8b1abf601dc4d78ff82d83b75e
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Mon Feb 26 14:37:06 2018 +1100

    Hook up flock() compat code.
    
    Also a couple of minor changes: fail if we can't lock instead of
    silently succeeding, and apply a couple of minor style fixes.

commit b087998d1ba90dd1ddb6bfdb17873dc3e7392798
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Mon Feb 26 14:27:02 2018 +1100

    Import flock() compat from NetBSD.
    
    From NetBSD's src/trunk/tools/compat/flock.c, no OpenSSH changes yet.

commit 89212533dde6798324e835b1499084658df4579e
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Mon Feb 26 12:32:14 2018 +1100

    Fix breakage when REGRESSTMP not set.
    
    BUILDDIR is not set where used for REGRESSTMP, use make's CURDIR
    instead.  Pointed out by djm@.

commit f885474137df4b89498c0b8834c2ac72c47aa4bd
Author: Damien Miller <djm@mindrot.org>
Date:   Mon Feb 26 12:18:14 2018 +1100

    XMSS-related files get includes.h

commit 612faa34c72e421cdc9e63f624526bae62d557cc
Author: Damien Miller <djm@mindrot.org>
Date:   Mon Feb 26 12:17:55 2018 +1100

    object files end with .o - not .c

commit bda709b8e13d3eef19e69c2d1684139e3af728f5
Author: Damien Miller <djm@mindrot.org>
Date:   Mon Feb 26 12:17:22 2018 +1100

    avoid inclusion of deprecated selinux/flask.h
    
    Use string_to_security_class() instead.

commit 2e396439365c4ca352cac222717d09b14f8a0dfd
Author: Damien Miller <djm@mindrot.org>
Date:   Mon Feb 26 11:48:27 2018 +1100

    updatedepend

commit 1b11ea7c58cd5c59838b5fa574cd456d6047b2d4
Author: markus@openbsd.org <markus@openbsd.org>
Date:   Fri Feb 23 15:58:37 2018 +0000

    upstream: Add experimental support for PQC XMSS keys (Extended
    
    Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS
    in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See
    https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok
    djm@
    
    OpenBSD-Commit-ID: ef3eccb96762a5d6f135d7daeef608df7776a7ac

commit 7d330a1ac02076de98cfc8fda05353d57b603755
Author: jmc@openbsd.org <jmc@openbsd.org>
Date:   Fri Feb 23 07:38:09 2018 +0000

    upstream: some cleanup for BindInterface and ssh-keyscan;
    
    OpenBSD-Commit-ID: 1a719ebeae22a166adf05bea5009add7075acc8c

commit c7b5a47e3b9db9a0f0198f9c90c705f6307afc2b
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Sun Feb 25 23:55:41 2018 +1100

    Invert sense of getpgrp test.
    
    AC_FUNC_GETPGRP tests if getpgrp(0) works, which it does if it's not
    declared.  Instead, test if the zero-arg version we want to use works.

commit b39593a6de5290650a01adf8699c6460570403c2
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Sun Feb 25 13:25:15 2018 +1100

    Add no-op getsid implmentation.

commit 11057564eb6ab8fd987de50c3d7f394c6f6632b7
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Sun Feb 25 11:22:57 2018 +1100

    bsd-statvfs: include sys/vfs.h, check for f_flags.

commit e9dede06e5bc582a4aeb5b1cd5a7a640d7de3609
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Sun Feb 25 10:20:31 2018 +1100

    Handle calloc(0,x) where different from malloc.
    
    Configure assumes that if malloc(0) returns null then calloc(0,n)
    also does.  On some old platforms (SunOS4) malloc behaves as expected
    (as determined by AC_FUNC_MALLOC) but calloc doesn't.  Test for this
    at configure time and activate the replacement function if found, plus
    handle this case in rpl_calloc.

commit 2eb4041493fd2635ffdc64a852d02b38c4955e0b
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Sat Feb 24 21:06:48 2018 +1100

    Add prototype for readv if needed.

commit 6c8c9a615b6d31db8a87bc25033f053d5b0a831e
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Sat Feb 24 20:46:37 2018 +1100

    Check for raise and supply if needed.

commit a9004425a032d7a7141a5437cfabfd02431e2a74
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Sat Feb 24 20:25:22 2018 +1100

    Check for bzero and supply if needed.
    
    Since explicit_bzero uses it via an indirect it needs to be a function
    not just a macro.

commit 1a348359e4d2876203b5255941bae348557f4f54
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Feb 23 05:14:05 2018 +0000

    upstream: Add ssh-keyscan -D option to make it print its results in
    
    SSHFP format bz#2821, ok dtucker@
    
    OpenBSD-Commit-ID: 831446b582e0f298ca15c9d99c415c899e392221

commit 3e19fb976a47b44b3d7c4f8355269f7f2c5dd82c
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Fri Feb 23 04:18:46 2018 +0000

    upstream: Add missing braces.
    
    Caught by the tinderbox's -Werror=misleading-indentation,  ok djm@
    
    OpenBSD-Commit-ID: d44656af594c3b2366eb87d6abcef83e1c88a6ca

commit b59162da99399d89bd57f71c170c0003c55b1583
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Fri Feb 23 15:20:42 2018 +1100

    Check for ifaddrs.h for BindInterface.
    
    BindInterface required getifaddr and friends so disable if not available
    (eg Solaris 10).  We should be able to add support for some systems with
    a bit more work but this gets the building again.

commit a8dd6fe0aa10b6866830b4688a73ef966f0aed88
Author: Damien Miller <djm@mindrot.org>
Date:   Fri Feb 23 14:19:11 2018 +1100

    space before tab in previous

commit b5e9263c7704247f9624c8f5c458e9181fcdbc09
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Fri Feb 9 03:40:22 2018 +0000

    upstream: Replace fatal with exit in the case that we do not have
    
    $SUDO set. Prevents test failures when neither sudo nor doas are configured.
    
    OpenBSD-Regress-ID: 6a0464decc4f8ac7d6eded556a032b0fc521bc7b

commit 3e9d3192ad43758ef761c5b0aa3ac5ccf8121ef2
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Fri Feb 23 14:10:53 2018 +1100

    Use portable syntax for REGRESSTMP.

commit 73282b61187883a2b2bb48e087fdda1d751d6059
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Feb 23 03:03:00 2018 +0000

    upstream: unbreak interop test after SSHv1 purge; patch from Colin
    
    Watson via bz#2823
    
    OpenBSD-Regress-ID: 807d30a597756ed6612bdf46dfebca74f49cb31a

commit f8985dde5f46aedade0373365cbf86ed3f1aead2
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Fri Feb 9 03:42:57 2018 +0000

    upstream: Skip sftp-chroot test when SUDO not set instead of
    
    fatal().
    
    OpenBSD-Regress-ID: cd4b5f1109b0dc09af4e5ea7d4968c43fbcbde88

commit df88551c02d4e3445c44ff67ba8757cff718609a
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Fri Feb 9 03:40:22 2018 +0000

    upstream: Replace fatal with exit in the case that we do not have
    
    $SUDO set. Prevents test failures when neither sudo nor doas are configured.
    
    OpenBSD-Regress-ID: 6a0464decc4f8ac7d6eded556a032b0fc521bc7b

commit 3b252c20b19f093e87363de197f1100b79705dd3
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Thu Feb 8 08:46:20 2018 +0000

    upstream: some helpers to check verbose/quiet mode
    
    OpenBSD-Regress-ID: e736aac39e563f5360a0935080a71d5fdcb976de

commit ac2e3026bbee1367e4cda34765d1106099be3287
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Feb 23 02:34:33 2018 +0000

    upstream: Add BindInterface ssh_config directive and -B
    
    command-line argument to ssh(1) that directs it to bind its outgoing
    connection to the address of the specified network interface.
    
    BindInterface prefers to use addresses that aren't loopback or link-
    local, but will fall back to those if no other addresses of the
    required family are available on that interface.
    
    Based on patch by Mike Manning in bz#2820, ok dtucker@
    
    OpenBSD-Commit-ID: c5064d285c2851f773dd736a2c342aa384fbf713

commit fcdb9d777839a3fa034b3bc3067ba8c1f6886679
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Mon Feb 19 00:55:02 2018 +0000

    upstream: emphasise that the hostkey rotation may send key types
    
    that the client may not support, and that the client should simply disregard
    such keys (this is what ssh does already).
    
    OpenBSD-Commit-ID: 65f8ffbc32ac8d12be8f913d7c0ea55bef8622bf

commit ce066f688dc166506c082dac41ca686066e3de5f
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Thu Feb 22 20:45:09 2018 +1100

    Add headers for sys/audit.h.
    
    On some older platforms (at least sunos4, probably others) sys/audit.h
    requires some other headers.  Patch from klausz at haus-gisela.de.

commit 3fd2d2291a695c96a54269deae079bacce6e3fb9
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Mon Feb 19 18:37:40 2018 +1100

    Add REGRESSTMP make var override.
    
    Defaults to original location ($srcdir/regress) but allows overriding
    if desired, eg a directory in /tmp.

commit f8338428588f3ecb5243c86336eccaa28809f97e
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Sun Feb 18 15:53:15 2018 +1100

    Remove now-unused check for getrusage.
    
    getrusage was used in ssh-rand-helper but that's now long gone.
    Patch from klauszh at haus-gisela.de.

commit 8570177195f6a4b3173c0a25484a83641ee3faa6
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Fri Feb 16 04:43:11 2018 +0000

    upstream: Don't send IUTF8 to servers that don't like them.
    
    Some SSH servers eg "ConfD" drop the connection if the client sends the
    new IUTF8 (RFC8160) terminal mode even if it's not set.  Add a bug bit
    for such servers and avoid sending IUTF8 to them.  ok djm@
    
    OpenBSD-Commit-ID: 26425855402d870c3c0a90491e72e2a8a342ceda

commit f6dc2ba3c9d12be53057b9371f5109ec553a399f
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Fri Feb 16 17:32:28 2018 +1100

    freezero should check for NULL.

commit 680321f3eb46773883111e234b3c262142ff7c5b
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Feb 16 02:40:45 2018 +0000

    upstream: Mention recent DH KEX methods:
    
    diffie-hellman-group14-sha256
    diffie-hellman-group16-sha512
    diffie-hellman-group18-sha512
    
    From Jakub Jelen via bz#2826
    
    OpenBSD-Commit-ID: 51bf769f06e55447f4bfa7306949e62d2401907a

commit 88c50a5ae20902715f0fca306bb9c38514f71679
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Feb 16 02:32:40 2018 +0000

    upstream: stop loading DSA keys by default, remove sshd_config
    
    stanza and manpage bits; from Colin Watson via bz#2662, ok dtucker@
    
    OpenBSD-Commit-ID: d33a849f481684ff655c140f5eb1b4acda8c5c09

commit d2b3db2860c962927def39a52f67f1c23f7b201a
Author: jsing@openbsd.org <jsing@openbsd.org>
Date:   Wed Feb 14 16:27:24 2018 +0000

    upstream: Ensure that D mod (P-1) and D mod (Q-1) are calculated in
    
    constant time.
    
    This avoids a potential side channel timing leak.
    
    ok djm@ markus@
    
    OpenBSD-Commit-ID: 71ff3c16be03290e63d8edab8fac053d8a82968c

commit 4270efad7048535b4f250f493d70f9acfb201593
Author: jsing@openbsd.org <jsing@openbsd.org>
Date:   Wed Feb 14 16:03:32 2018 +0000

    upstream: Some obvious freezero() conversions.
    
    This also zeros an ed25519_pk when it was not being zeroed previously.
    
    ok djm@ dtucker@
    
    OpenBSD-Commit-ID: 5c196a3c85c23ac0bd9b11bcadaedd90b7a2ce82

commit affa6ba67ffccc30b85d6e98f36eb5afd9386882
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Thu Feb 15 22:32:04 2018 +1100

    Remove execute bit from modpipe.c.

commit 9879dca438526ae6dfd656fecb26b0558c29c731
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Thu Feb 15 22:26:16 2018 +1100

    Update prngd link to point to sourceforge.

commit b6973fa5152b1a0bafd2417b7c3ad96f6e87d014
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Thu Feb 15 22:22:38 2018 +1100

    Remove references to UNICOS.

commit f1ca487940449f0b64f38f1da575078257609966
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Thu Feb 15 22:18:37 2018 +1100

    Remove extra newline.

commit 6d4e980f3cf27f409489cf89cd46c21501b13731
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Thu Feb 15 22:16:54 2018 +1100

    OpenSSH's builtin entropy gathering is long gone.

commit 389125b25d1a1d7f22e907463b7e8eca74af79ea
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Thu Feb 15 21:43:01 2018 +1100

    Replace remaining mysignal() with signal().
    
    These seem to have been missed during the replacement of mysignal
    with #define signal in commit 5ade9ab.  Both include the requisite
    headers to pick up the #define.

commit 265d88d4e61e352de6791733c8b29fa3d7d0c26d
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Thu Feb 15 20:06:19 2018 +1100

    Remove remaining now-obsolete cvs $Ids.

commit 015749e9b1d2f6e14733466d19ba72f014d0845c
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Thu Feb 15 17:01:54 2018 +1100

    Regenerate dependencies after UNICOS removal.

commit ddc0f3814881ea279a6b6d4d98e03afc60ae1ed7
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Tue Feb 13 09:10:46 2018 +1100

    Remove UNICOS support.
    
    The code required to support it is quite invasive to the mainline
    code that is synced with upstream and is an ongoing maintenance burden.
    Both the hardware and software are literal museum pieces these days and
    we could not find anyone still running OpenSSH on one.

commit 174bed686968494723e6db881208cc4dac0d020f
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Tue Feb 13 18:12:47 2018 +1100

    Retpoline linker flag only needed for linking.

commit 075e258c2cc41e1d7f3ea2d292c5342091728d40
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Tue Feb 13 17:36:43 2018 +1100

    Default PidFile is sshd.pid not ssh.pid.

commit 49f3c0ec47730ea264e2bd1e6ece11167d6384df
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Tue Feb 13 16:27:09 2018 +1100

    Remove assigned-to-but-never-used variable.
    
    'p' was removed in previous change but I neglected to remove the
    otherwise-unused assignment to it.

commit b8bbff3b3fc823bf80c5ab226c94f13cb887d5b1
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Tue Feb 13 03:36:56 2018 +0000

    upstream: remove space before tab
    
    OpenBSD-Commit-ID: 674edd214d0a7332dd4623c9cf8117301b012890

commit 05046d907c211cb9b4cd21b8eff9e7a46cd6c5ab
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Sun Feb 11 21:16:56 2018 +0000

    upstream Don't reset signal handlers inside handlers.
    
