commit e1a596186c81e65a34ce13076449712d3bf97eb4
Author: Damien Miller <djm@mindrot.org>
Date:   Fri Aug 20 14:03:49 2021 +1000

    depend

commit 5450606c8f7f7a0d70211cea78bc2dab74ab35d1
Author: Damien Miller <djm@mindrot.org>
Date:   Fri Aug 20 13:59:43 2021 +1000

    update version numbers

commit feee2384ab8d694c770b7750cfa76a512bdf8246
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Aug 20 03:22:55 2021 +0000

    upstream: openssh-8.7
    
    OpenBSD-Commit-ID: 8769dff0fd76ae3193d77bf83b439adee0f300cd

commit 9a2ed62173cc551b2b5f479460bb015b19499de8
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Fri Aug 20 10:48:13 2021 +1000

    Also check pid in pselect_notify_setup.
    
    Spotted by djm@.

commit deaadcb93ca15d4f38aa38fb340156077792ce87
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Fri Aug 20 08:39:33 2021 +1000

    Prefix pselect functions to clarify debug messages

commit 10e45654cff221ca60fd35ee069df67208fcf415
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Fri Aug 20 08:30:42 2021 +1000

    Fix race in pselect replacement code.
    
    On the second and subsequent calls to pselect the notify_pipe was not
    added to the select readset, opening up a race that om G. Christensen
    discovered on multiprocessor Solaris <=9 systems.
    
    Also reinitialize notify_pipe if the pid changes.  This will prevent a
    parent and child from using the same FD, although this is not an issue
    in the current structure it might be in future.

commit 464ba22f1e38d25402e5ec79a9b8d34a32df5a3f
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Wed Aug 18 12:51:30 2021 +1000

    Check compiler for c99 declarations after code.
    
    The sntrup761 reference code contains c99-style declarations after code
    so don't try to build that if the compiler doesn't support it.

commit 7d878679a4b155a359d32104ff473f789501748d
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Tue Aug 17 15:12:04 2021 +1000

    Remove trailing backslash on regress-unit-binaries

commit b71b2508f17c68c5d9dbbe537686d81cedb9a781
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Tue Aug 17 07:59:27 2021 +1000

    Put stdint.h inside HAVE_STDINT_H.
    
    From Tom G. Christensen.

commit 6a24567a29bd7b4ab64e1afad859ea845cbc6b8c
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Mon Aug 16 14:13:02 2021 +1000

    Improve github test driver script.
    
     - use a trap to always output any failed regress logs (since the script
       sets -e, the existing log output is never invoked).
     - pass LTESTS and SKIP_LTESTS when re-running with sshd options (eg.
       UsePAM).

commit b467cf13705f59ed348b620722ac098fe31879b7
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Mon Aug 16 11:32:23 2021 +1000

    Remove deprecated ubuntu-16.04 test targets.
    
    Github has deprecated ubuntu-16.04 and it will be removed on 20
    September.

commit 20e6eefcdf78394f05e453d456c1212ffaa6b6a4
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Sun Aug 15 23:25:26 2021 +1000

    Skip agent ptrace test on hurd.

commit 7c9115bbbf958fbf85259a061c1122e2d046aabf
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Sun Aug 15 19:37:22 2021 +1000

    Add hurd test target.

commit 7909a566f6c6a78fcd30708dc49f4e4f9bb80ce3
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Sun Aug 15 12:45:10 2021 +1000

    Skip scp3 tests on all dfly58 and 60 configs.

commit e65198e52cb03534e8c846d1bca74c310b1526de
Author: Tim Rice <tim@multitalents.net>
Date:   Sat Aug 14 13:08:07 2021 -0700

    openbsd-compat/openbsd-compat.h: put bsd-signal.h before bsd-misc.h
    to get sigset_t from signal.h needed for the pselect replacement.

commit e50635640f79920d9375e0155cb3f4adb870eee5
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Fri Aug 13 13:21:00 2021 +1000

    Test OpenSSH from OpenBSD head on 6.8 and 6.9.

commit e0ba38861c490c680117b7fe0a1d61a181cd00e7
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Fri Aug 13 13:00:14 2021 +1000

    Skip scp3 test on dragonfly 58 and 60.
    
    The tests hang, so skip until we figure them out.

commit dcce2a2bcf007bf817a2fb0dce3db83fa9201e92
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Thu Aug 12 23:59:25 2021 +0000

    upstream: mention that CASignatureAlgorithms accepts +/- similarly to
    
    the other algorithm list directives; ok jmc bz#3335
    
    OpenBSD-Commit-ID: 0d46b53995817052c78e2dce9dbd133963b073d9

commit 090a82486e5d7a8f7f16613d67e66a673a40367f
Author: schwarze@openbsd.org <schwarze@openbsd.org>
Date:   Thu Aug 12 09:59:00 2021 +0000

    upstream: In the editline(3) branch of the sftp(1) event loop,
    
    handle SIGINT rather than ignoring it, such that the user can use Ctrl-C to
    discard the currently edited command line and get a fresh prompt, just like
    in ftp(1), bc(1), and in shells.
    
    It is critical to not use ssl_signal() for this particular case
    because that function unconditionally sets SA_RESTART, but here we
    need the signal to interrupt the read(2) in the el_gets(3) event loop.
    
    OK dtucker@ deraadt@
    
    OpenBSD-Commit-ID: 8025115a773f52e9bb562eaab37ea2e021cc7299

commit e1371e4f58404d6411d9f95eb774b444cea06a26
Author: naddy@openbsd.org <naddy@openbsd.org>
Date:   Wed Aug 11 14:07:54 2021 +0000

    upstream: scp: tweak man page and error message for -3 by default
    
    Now that the -3 option is enabled by default, flip the documentation
    and error message logic from "requires -3" to "blocked by -R".
    
    ok djm@
    
    OpenBSD-Commit-ID: a872592118444fb3acda5267b2a8c3d4c4252020

commit 49f46f6d77328a3d10a758522b670a3e8c2235e7
Author: naddy@openbsd.org <naddy@openbsd.org>
Date:   Wed Aug 11 14:05:19 2021 +0000

    upstream: scp: do not spawn ssh with two -s flags for
    
    remote-to-remote copies
    
    Do not add another "-s" to the argument vector every time an SFTP
    connection is initiated.  Instead, introduce a subsystem flag to
    do_cmd() and add "-s" when the flag is set.
    
    ok djm@
    
    OpenBSD-Commit-ID: 25df69759f323661d31b2e1e790faa22e27966c1

commit 2a2cd00783e1da45ee730b7f453408af1358ef5b
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Wed Aug 11 08:55:04 2021 +0000

    upstream: test -Oprint-pubkey
    
    OpenBSD-Regress-ID: 3d51afb6d1f287975fb6fddd7a2c00a3bc5094e0

commit b9f4635ea5bc33ed5ebbacf332d79bae463b0f54
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Wed Aug 11 08:54:17 2021 +0000

    upstream: when verifying sshsig signatures, support an option
    
    (-Oprint-pubkey) to dump the full public key to stdout; based on patch from
    Fabian Stelzer; ok markus@
    
    OpenBSD-Commit-ID: 0598000e5b9adfb45d42afa76ff80daaa12fc3e2

commit 750c1a45ba4e8ad63793d49418a0780e77947b9b
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Wed Aug 11 05:21:32 2021 +0000

    upstream: oops, missed one more %p
    
    OpenBSD-Commit-ID: e7e62818d1564cc5cd9086eaf7a51cbd1a9701eb

commit b5aa27b69ab2e1c13ac2b5ad3f8f7d389bad7489
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Wed Aug 11 05:20:17 2021 +0000

    upstream: remove a bunch of %p in format strings; leftovers of
    
    debuggings past. prompted by Michael Forney, ok dtucker@
    
    OpenBSD-Commit-ID: 4853a0d6c9cecaba9ecfcc19066e52d3a8dcb2ac

commit 419aa01123db5ff5dbc68b2376ef23b222862338
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Wed Aug 11 09:21:09 2021 +1000

    Add includes.h to compat tests.
    
    On platforms where closefrom returns void (eg glibc>=2.34) the prototype
    for closefrom in its compat tests would cause compile errors.  Remove
    this and have the tests pull in the compat headers in the same way as
    the main code.  bz#3336.

commit 931f592f26239154eea3eb35a086585897b1a185
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Tue Aug 10 03:35:45 2021 +0000

    upstream: adapt to scp -M flag change; make scp3.sh test SFTP mode too
    
    OpenBSD-Regress-ID: 43fea26704a0f0b962b53c1fabcb68179638f9c0

commit 391ca67fb978252c48d20c910553f803f988bd37
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Tue Aug 10 03:33:34 2021 +0000

    upstream: Prepare for a future where scp(1) uses the SFTP protocol by
    
    default. Replace recently added -M option to select the protocol with -O
    (olde) and -s (SFTP) flags, and label the -s flag with a clear warning that
    it will be removed in the near future (so no, don't use it in scripts!).
    
    prompted by/feedback from deraadt@
    
    OpenBSD-Commit-ID: 92ad72cc6f0023c9be9e316d8b30eb6d8d749cfc

commit bfdd4b722f124a4fa9173d20dd64dd0fc69856be
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Mon Aug 9 23:56:36 2021 +0000

    upstream: make scp -3 the default for remote-to-remote copies. It
    
    provides a much better and more intuitive user experience and doesn't require
    exposing credentials to the source host.
    
    thanks naddy@ for catching the missing argument in usage()
    
    "Yes please!" - markus@
    "makes a lot of sense" - deraadt@
    "the right thing to do" - dtucker@
    
    OpenBSD-Commit-ID: d0d2af5f0965c5192ba5b2fa461c9f9b130e5dd9

commit 2f7a3b51cef689ad9e93d0c6c17db5a194eb5555
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Mon Aug 9 23:49:31 2021 +0000

    upstream: make scp in SFTP mode try to use relative paths as much
    
    as possible. Previosuly, it would try to make relative and ~/-rooted paths
    absolute before requesting transfers.
    
    prompted by and much discussion deraadt@
    ok markus@
    
    OpenBSD-Commit-ID: 46639d382ea99546a4914b545fa7b00fa1be5566

commit 2ab864010e0a93c5dd95116fb5ceaf430e2fc23c
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Mon Aug 9 23:47:44 2021 +0000

    upstream: SFTP protocol extension to allow the server to expand
    
    ~-prefixed paths, in particular ~user ones. Allows scp in sftp mode to accept
    these paths, like scp in rcp mode does.
    
    prompted by and much discussion deraadt@
    ok markus@
    
    OpenBSD-Commit-ID: 7d794def9e4de348e1e777f6030fc9bafdfff392

commit 41b019ac067f1d1f7d99914d0ffee4d2a547c3d8
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Mon Aug 9 23:44:32 2021 +0000

    upstream: when scp is in SFTP mode, try to deal better with ~
    
    prefixed paths. ~user paths aren't supported, but ~/ paths will be accepted
    and prefixed with the SFTP server starting directory (more to come)
    
    prompted by and discussed with deraadt@
    ok markus@
    
    OpenBSD-Commit-ID: 263a071f14555c045fd03132a8fb6cbd983df00d

commit b4b3f3da6cdceb3fd168b5fab69d11fba73bd0ae
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Mon Aug 9 07:21:01 2021 +0000

    upstream: on fatal errors, make scp wait for ssh connection before
    
    exiting avoids LogLevel=verbose (or greater) messages from ssh appearing
    after scp has returned exited and control has returned to the shell; ok
    markus@
    
    (this was originally committed as r1.223 along with unrelated stuff that
    I rolled back in r1.224)
    
    OpenBSD-Commit-ID: 1261fd667ad918484889ed3d7aec074f3956a74b

commit 2ae7771749e0b4cecb107f9d4860bec16c3f4245
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Mon Aug 9 07:19:12 2021 +0000

    upstream: rever r1.223 - I accidentally committed unrelated changes
    
    OpenBSD-Commit-ID: fb73f3865b2647a27dd94db73d6589506a9625f9

commit 986abe94d481a1e82a01747360bd767b96b41eda
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Mon Aug 9 07:16:09 2021 +0000

    upstream: show only the final path component in the progress meter;
    
    more useful with long paths (that may truncate) and better matches
    traditional scp behaviour; spotted by naddy@ ok deraadt@
    
    OpenBSD-Commit-ID: 26b544d0074f03ebb8a3ebce42317d8d7ee291a3

commit 2b67932bb3176dee4fd447af4368789e04a82b93
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Mon Aug 9 07:13:54 2021 +0000

    upstream: on fatal errors, make scp wait for ssh connection before
    
    exiting avoids LogLevel=verbose (or greater) messages from ssh appearing
    after scp has returned exited and control has returned to the shell; ok
    markus@
    
    OpenBSD-Commit-ID: ef9dab5ef5ae54a6a4c3b15d380568e94263456c

commit 724eb900ace30661d45db2ba01d0f924d95ecccb
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Sun Aug 8 08:49:09 2021 +0000

    upstream: xstrdup environment variable used by ForwardAgent. bz#3328
    
    from goetze at dovetail.com, ok djm@ deraadt@
    
    OpenBSD-Commit-ID: 760320dac1c3b26904284ba417a7d63fccc5e742

commit 86b4cb3a884846b358305aad17a6ef53045fa41f
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Sun Aug 8 08:27:28 2021 +0000

    upstream: Although it's POSIX, not all shells used in Portable support
    
    the implicit 'in "$@"' after 'for i'.
    
    OpenBSD-Regress-ID: 3c9aec6bca4868f85d2742b6ba5223fce110bdbc

commit f2ccf6c9f395923695f22345e626dfd691227aaf
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Sun Aug 8 17:39:56 2021 +1000

    Move portable specific settings down.
    
    This brings the top hunk of the file back in sync with OpenBSD
    so patches to the CVS Id should apply instead of always being
    rejected.

commit 71b0eb997e220b0fc9331635af409ad84979f2af
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Sun Aug 8 07:27:52 2021 +0000

    upstream: Move setting of USER further down the startup In portable
    
    we have to change this and having it in the same hunk as the CVS Id string
    means applying changes fails every. single. time.
    
    OpenBSD-Regress-ID: 87cd603eb6db58c9b430bf90adacb7f90864429b

commit f0aca2706c710a0da1a4be705f825a807cd15400
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Sun Aug 8 06:38:33 2021 +0000

    upstream: Drop -q in ssh-log-wrapper.sh to preserve logs.
    
    scp and sftp like to add -q to the command line passed to ssh which
    overrides the LogLevel we set in the config files and suppresses output
    to the debug logs so drop any "-q" from the invoked ssh.  In the one
    case where we actually want to use -q in the banner test, call the ssh
    binary directly bypassing the logging wrapper.
    
    OpenBSD-Regress-ID: e2c97d3c964bda33a751374c56f65cdb29755b75

commit cf27810a649c5cfae60f8ce66eeb25caa53b13bc
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Sat Aug 7 01:57:08 2021 +0000

    upstream: Fix prototype mismatch for do_cmd. ok djm@
    
    OpenBSD-Commit-ID: 1c1598bb5237a7ae0be99152f185e0071163714d

commit 85de69f64665245786e28c81ab01fe18b0e2a149
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Sat Aug 7 01:55:01 2021 +0000

    upstream: sftp-client.c needs poll.h
    
    remove unused variable
    
    OpenBSD-Commit-ID: 233ac6c012cd23af62f237167a661db391055a16

commit 397c4d72e50023af5fe3aee5cc2ad407a6eb1073
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Sat Aug 7 11:30:57 2021 +1000

    Include poll.h and friends for struct pollfd.

commit a9e2c533195f28627f205682482d9da384c4c52e
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Sat Aug 7 00:14:17 2021 +0000

    upstream: do_upload() used a near-identical structure for
    
    tracking expected status replies from the server to what do_download() was
    using.
    
    Refactor it to use the same structure and factor out some common
    code into helper functions.
    
    OpenBSD-Commit-ID: 0c167df8ab6df4a5292c32421922b0cf379e9054

commit 7b1cbcb7599d9f6a3bbad79d412604aa1203b5ee
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Sat Aug 7 00:12:09 2021 +0000

    upstream: make scp(1) in SFTP mode follow symlinks like
    
    traditional scp(1) ok markus@
    
    OpenBSD-Commit-ID: 97255e55be37e8e26605e4ba1e69f9781765d231

commit 133b44e500422df68c9c25c3b6de35c0263132f1
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Sat Aug 7 00:10:49 2021 +0000

    upstream: fix incorrect directory permissions on scp -3
    
    transfers; ok markus@
    
    OpenBSD-Commit-ID: 64b2abaa5635a2be65ee2e77688ad9bcebf576c2

commit 98b59244ca10e62ff67a420856770cb700164f59
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Sat Aug 7 00:09:57 2021 +0000

    upstream: a bit more debugging of file attributes being
    
    sent/received over the wire
    
    OpenBSD-Commit-ID: f68c4e207b08ef95200a8b2de499d422808e089b

commit c677e65365d6f460c084e41e0c4807bb8a9cf601
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Sat Aug 7 00:08:52 2021 +0000

    upstream: make scp(1) in SFTP mode output better match original
    
    scp(1) by suppressing "Retrieving [path]" lines that were emitted to support
    the interactive sftp(1) client. ok markus@
    
    OpenBSD-Commit-ID: 06be293df5f156a18f366079be2f33fa68001acc

commit 48cd39b7a4e5e7c25101c6d1179f98fe544835cd
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Sat Aug 7 00:07:18 2021 +0000

    upstream: factor out a structure duplicated between downloading
    
    and crossloading; ok markus@
    
    OpenBSD-Commit-ID: 96eede24d520569232086a129febe342e4765d39

commit 318c06bb04ee21a0cfa6b6022a201eacaa53f388
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Sat Aug 7 00:06:30 2021 +0000

    upstream: use sftp_client crossloading to implement scp -3
    
    feedback/ok markus@
    
    OpenBSD-Commit-ID: 7db4c0086cfc12afc9cfb71d4c2fd3c7e9416ee9

commit de7115b373ba0be3861c65de9b606a3e0e9d29a3
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Sat Aug 7 00:02:41 2021 +0000

    upstream: support for "cross"-loading files/directories, i.e.
    
    downloading from one SFTP server while simultaneously uploading to another.
    
    feedback & ok markus@
    
    OpenBSD-Commit-ID: 3982878e29d8df0fa4ddc502f5ff6126ac714235

commit a50bd0367ff2063bbc70a387740a2aa6914de094
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Sat Aug 7 00:01:29 2021 +0000

    upstream: factor our SSH2_FXP_OPEN calls into their own function;
    
    "looks fine" markus@
    
    OpenBSD-Commit-ID: d3dea2153f08855c6d9dacc01973248944adeffb

commit e3c0ba05873cf3d3f7d19d595667a251026b2d84
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Sat Aug 7 00:00:33 2021 +0000

    upstream: prepare for scp -3 implemented via sftp
    
    OpenBSD-Commit-ID: 194aac0dd87cb175334b71c2a30623a5ad55bb44

commit 395d8fbdb094497211e1461cf0e2f80af5617e0a
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Fri Aug 6 09:00:18 2021 +0000

    upstream: Make diff invocation more portable.
    
    POSIX does not require diff to have -N, so compare in both directions
    with just -r, which should catch missing files in either directory.
    
    OpenBSD-Regress-ID: 0e2ec8594556a6f369ed5a0a90c6806419b845f7

commit d247a73ce27b460138599648d9c637c6f2b77605
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Wed Aug 4 21:28:00 2021 +0000

    upstream: regression test for scp -3
    
    OpenBSD-Regress-ID: b44375d125c827754a1f722ec6b6b75b634de05d

commit 35c8e41a6f6d8ad76f8d1cd81ac2ea23d0d993b2
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Fri Aug 6 05:04:42 2021 +0000

    upstream: Document "ProxyJump none". bz#3334.
    
    OpenBSD-Commit-ID: f78cc6f55731f2cd35c3a41d5352ac1ee419eba7

commit 911ec6411821bda535d09778df7503b92f0eafab
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Wed Aug 4 01:34:55 2021 +0000

    upstream: Allow for different (but POSIX compliant) behaviour of
    
    basename(3) and prevent a use-after-free in that case in the new sftp-compat
    code.
    
    POSIX allows basename(3) to either return a pointer to static storage
    or modify the passed string and return a pointer to that.  OpenBSD does
    the former and works as is, but on other platforms "filename" points
    into "tmp" which was just freed.  This makes the freeing of tmp
    consistent with the other variable in the loop.
    
    Pinpointed by the -portable Valgrind regress test.  ok djm@ deraadt@
    
    OpenBSD-Commit-ID: 750f3c19bd4440e4210e30dd5d7367386e833374

commit 6df1fecb5d3e51f3a8027a74885c3a44f6cbfcbd
Author: Damien Miller <djm@mindrot.org>
Date:   Wed Aug 4 11:05:11 2021 +1000

    use openbsd-compat glob.h is required

commit 9ebd1828881dfc9014a344587934a5ce7db6fa1b
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Tue Aug 3 21:03:23 2021 +1000

    Missing space between macro arg and punctuation.
    
    From jmc@

commit 0fd3f62eddc7cf54dcc9053be6f58998f3eb926a
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Tue Aug 3 21:02:33 2021 +1000

    Avoid lines >80 chars.  From jmc@

commit af5d8094d8b755e1daaf2e20ff1dc252800b4c9b
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Tue Aug 3 01:05:24 2021 +0000

    upstream: regression tests for scp SFTP protocol support; mostly by
    
    Jakub Jelen in GHPR#194 ok markus
    
    OpenBSD-Regress-ID: 36f1458525bcb111741ec8547eaf58b13cddc715

commit e4673b7f67ae7740131a4ecea29a846593049a91
Author: anton@openbsd.org <anton@openbsd.org>
Date:   Thu Jul 29 15:34:09 2021 +0000

    upstream: Treat doas with arguments as a valid SUDO variable.
    
    Allows one to specify SUDO="doas -n" which I do while running make regress.
    
    ok dtucker@
    
    OpenBSD-Regress-ID: 4fe5814b5010dbf0885500d703bea06048d11005

commit 197e29f1cca190d767c4b2b63a662f9a9e5da0b3
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Mon Aug 2 23:38:27 2021 +0000

    upstream: support for using the SFTP protocol for file transfers in
    
    scp, via a new "-M sftp" option. Marked as experimental for now.
    
    Some corner-cases exist, in particular there is no attempt to
    provide bug-compatibility with scp's weird "double shell" quoting
    rules.
    
    Mostly by Jakub Jelen in GHPR#194 with some tweaks by me. ok markus@
    Thanks jmc@ for improving the scp.1 bits.
    
    OpenBSD-Commit-ID: 6ce4c9157ff17b650ace571c9f7793d92874051c

commit dd533c7ab79d61a7796b77b64bd81b098e0d7f9f
Author: jmc@openbsd.org <jmc@openbsd.org>
Date:   Fri Jul 30 14:28:13 2021 +0000

    upstream: fix a formatting error and add some Xr; from debian at
    
    helgefjell de
    
    removed references to rlogin etc. as no longer relevant;
    suggested by djm
    
    ok djm dtucker
    
    OpenBSD-Commit-ID: 3c431c303068d3aec5bb18573a0bd5e0cd77c5ae

commit c7cd347a8823819411222c1e10a0d26747d0fd5c
Author: jmc@openbsd.org <jmc@openbsd.org>
Date:   Fri Jul 30 14:25:01 2021 +0000

    upstream: fix a formatting error and mark up known_hosts
    
    consistently; issues reported by debian at helgefjell de
    
    ok djm dtucker
    
    OpenBSD-Commit-ID: a1fd8d21dc77f507685443832df0c9700481b0ce

commit 4455aec2e4fc90f64ae4fc47e78ebc9c18721738
Author: jmc@openbsd.org <jmc@openbsd.org>
Date:   Wed Jul 28 05:57:42 2021 +0000

    upstream: no need to talk about version 2 with the -Q option, so
    
    rewrite the text to read better;
    
    issue reported by debian at helgefjell de
    ok djm dtucker
    
    OpenBSD-Commit-ID: 59fe2e8219c37906740ad062e0fdaea487dbe9cf

commit bec429338e9b30d2c7668060e82608286a8a4777
Author: jmc@openbsd.org <jmc@openbsd.org>
Date:   Tue Jul 27 14:28:46 2021 +0000

    upstream: word fix; reported by debian at helgefjell de
    
    OpenBSD-Commit-ID: 0c6fd22142422a25343c5bd1a618f31618f41ece

commit efad4deb5a1f1cf79ebefd63c6625059060bfbe1
Author: jmc@openbsd.org <jmc@openbsd.org>
Date:   Tue Jul 27 14:14:25 2021 +0000

    upstream: standardise the grammar in the options list; issue
    
    reported by debian at helgefjell de
    
    ok dtucker djm
    
    OpenBSD-Commit-ID: 7ac15575045d82f4b205a42cc7d5207fe4c3f8e6

commit 1e11fb24066f3fc259ee30db3dbb2a3127e05956
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Mon Aug 2 18:56:29 2021 +1000

    Check for RLIMIT_NOFILE before trying to use it.

commit 0f494236b49fb48c1ef33669f14822ca4f3ce2f4
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Tue Jul 27 17:45:34 2021 +1000

    lastenv is only used in setenv.
    
    Prevents an unused variable warning on platforms that have setenv but
    not unsetenv.

commit a1f78e08bdb3eaa88603ba3c6e01de7c8671e28a
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Mon Jul 26 12:45:30 2021 +1000

    Move SUDO to "make test" command line.
    
    Environment variables don't get passed by vmrun, so move to command
    line.

commit 02e624273b9c78a49a01239159b8c09b8409b1a0
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Sun Jul 25 23:26:36 2021 +1000

    Set SUDO for tests and cleanup.

commit 460ae5d93051bab70239ad823dd784822d58baad
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Sun Jul 25 22:37:55 2021 +1000

    Pass OPENSSL=no to make tests too.

commit b398f499c68d74ebe3298b73757cf3f36e14e0cb
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Sun Jul 25 12:27:37 2021 +0000

    upstream: Skip unit and makefile-based key conversion tests when
    
    we're building with OPENSSL=no.
    
    OpenBSD-Regress-ID: 20455ed9a977c93f846059d1fcb48e29e2c8d732

commit 727ce36c8c5941bde99216d27109405907caae4f
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Sun Jul 25 12:13:03 2021 +0000

    upstream: Replace OPENSSL as the variable that points to the
    
    openssl binary with OPENSSL_BIN.  This will allow us to use the OPENSSL
    variable from mk.conf or the make(1) command line indicating if we're
    building with our without OpenSSL, and ultimately get the regress tests
    working in the OPENSSL=no configuration.
    
    OpenBSD-Regress-ID: 2d788fade3264d7803e5b54cae8875963f688c4e

commit 55e17101a9075f6a63af724261c5744809dcb95c
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Sat Jul 24 02:57:28 2021 +0000

    upstream: Skip RFC4716 format import and export tests when built
    
    without OpenSSL.
    
    OpenBSD-Regress-ID: d2c2d5d38c1acc2b88cc99cfe00a2eb8bb39dfa4

commit f5ccb5895d39cd627ad9e7b2c671d2587616100d
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Sat Jul 24 02:51:14 2021 +0000

    upstream: Don't omit ssh-keygen -y from usage when built without
    
    OpenSSL.  It is actually available, albeit only for ed25519 keys.
    
    OpenBSD-Commit-ID: 7a254c33d0e6a55c30c6b016a8d298d3cb7a7674

commit 819d57ac23469f1f03baa8feb38ddefbada90fdc
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Sat Jul 24 02:08:13 2021 +0000

    upstream: Exclude key conversion options from usage when built
    
    without OpenSSL since those are not available, similar to what we currently
    do with the moduli screening options.  We can also use this to skip the
    conversion regression tests in this case.
    
    OpenBSD-Commit-ID: 3c82caa398cf99cd4518c23bba5a2fc66b16bafe

commit b6673b1d2ee90b4690ee84f634efe40225423c38
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Sat Jul 24 13:02:51 2021 +1000

    Test OpenBSD upstream with and without OpenSSL.

commit 9d38074b5453c1abbdf888e80828c278d3b886ac
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Sat Jul 24 01:54:23 2021 +0000

    upstream: test for first-match-wins in authorized_keys environment=
    
    options
    
    OpenBSD-Regress-ID: 1517c90276fe84b5dc5821c59f88877fcc34c0e8

commit 2b76f1dd19787e784711ea297ad8fc938b4484fd
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Fri Jul 23 05:53:02 2021 +0000

    upstream: Simplify keygen-convert by using $SSH_KEYTYPES directly.
    
    OpenBSD-Regress-ID: cdbe408ec3671ea9ee9b55651ee551370d2a4108

commit 7d64a9fb587ba9592f027f7a2264226c713d6579
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Sat Jul 24 01:55:19 2021 +0000

    upstream: don't leak environment= variable when it is not the first
    
    match
    
    OpenBSD-Commit-ID: 7fbdc3dfe0032deaf003fd937eeb4d434ee4efe0

commit db2130e2340bf923e41c791aa9cd27b9e926042c
Author: jmc@openbsd.org <jmc@openbsd.org>
Date:   Fri Jul 23 06:01:17 2021 +0000

    upstream: punctuation;
    
    OpenBSD-Commit-ID: 64be152e378c45975073ab1c07e0db7eddd15806

commit 03190d10980c6fc9124e988cb2df13101f266507
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Jul 23 05:56:47 2021 +0000

    upstream: mention in comment that read_passphrase(..., RP_ALLOW_STDIN)
    
    will try to use askpass first. bz3314
    
    convert a couple of debug() -> debug_f() while here
    
    OpenBSD-Commit-ID: c7e812aebc28fcc5db06d4710e0f73613dee545c

commit 1653ece6832b2b304d46866b262d5f69880a9ec7
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Fri Jul 23 05:07:16 2021 +0000

    upstream: Test conversion of ed25519 and ecdsa keys too.
    
    OpenBSD-Regress-ID: 3676d2d00e58e0d6d37f2878f108cc2b83bbe4bb

commit 8b7af02dcf9d2b738787efd27da7ffda9859bed2
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Fri Jul 23 04:56:21 2021 +0000

    upstream: Add test for exporting pubkey from a passphrase-protected
    
    private key.
    
    OpenBSD-Regress-ID: da99d93e7b235fbd5b5aaa01efc411225e6ba8ac

commit 441095d4a3e5048fe3c87a6c5db5bc3383d767fb
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Jul 23 03:54:55 2021 +0000

    upstream: regression test for time-limited signature keys
    
    OpenBSD-Regress-ID: 2a6f3bd900dbee0a3c96f1ff23e032c93ab392bc

commit 9e1882ef6489a7dd16b6d7794af96629cae61a53
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Jul 23 05:24:02 2021 +0000

    upstream: note successful authentication method in final "Authenticated
    
    to ..." message and partial auth success messages (all at LogLevel=verbose)
    ok dtucker@
    
    OpenBSD-Commit-ID: 06834b89ceb89f8f16c5321d368a66c08f441984

commit a917e973a1b90b40ff1e950df083364b48fc6c78
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Jul 23 04:04:52 2021 +0000

    upstream: Add a ForkAfterAuthentication ssh_config(5) counterpart
    
    to the ssh(1) -f flag. Last part of GHPR231 from Volker Diels-Grabsch. ok
    dtucker
    
    OpenBSD-Commit-ID: b18aeda12efdebe2093d55263c90fe4ea0bce0d3

commit e0c5088f1c96a145eb6ea1dee438010da78f9ef5
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Jul 23 04:00:59 2021 +0000

    upstream: Add a StdinNull directive to ssh_config(5) that allows
    
    the config file to do the same thing as -n does on the ssh(1) commandline.
    Patch from Volker Diels-Grabsch via GHPR231; ok dtucker
    
    OpenBSD-Commit-ID: 66ddf3f15c76796d4dcd22ff464aed1edd62468e

commit e3957e21ffdc119d6d04c0b1686f8e2fe052f5ea
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Jul 23 03:57:20 2021 +0000

    upstream: make authorized_keys environment="..." directives
    
    first-match-wins and more strictly limit their maximum number; prompted by
    OOM reported by OSS-fuzz (35470).
    
    feedback and ok dtucker@
    
    OpenBSD-Commit-ID: 01f63fc10dcd995e7aed9c378ad879161af83121

commit d0bb1ce731762c55acb95817df4d5fab526c7ecd
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Jul 23 03:37:52 2021 +0000

    upstream: Let allowed signers files used by ssh-keygen(1)
    
    signatures support key lifetimes, and allow the verification mode to specify
    a signature time to check at. This is intended for use by git to support
    signing objects using ssh keys. ok dtucker@
    
    OpenBSD-Commit-ID: 3e2c67b7dcd94f0610194d1e8e4907829a40cf31

commit 44142068dc7ef783d135e91ff954e754d2ed432e
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Mon Jul 19 08:48:33 2021 +0000

    upstream: Use SUDO when setting up hostkey.
    
    OpenBSD-Regress-ID: 990cf4481cab8dad62e90818a9b4b36c533851a7

commit 6b67f3f1d1d187597e54a139cc7785c0acebd9a2
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Mon Jul 19 05:08:54 2021 +0000

    upstream: Increase time margin for rekey tests. Should help
    
    reliability on very heavily loaded hosts.
    
    OpenBSD-Regress-ID: 4c28a0fce3ea89ebde441d7091464176e9730533

commit 7953e1bfce9e76bec41c1331a29bc6cff9d416b8
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Mon Jul 19 13:47:51 2021 +1000

    Add sshfp-connect.sh file missed in previous.

commit b75a80fa8369864916d4c93a50576155cad4df03
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Mon Jul 19 03:13:28 2021 +0000

    upstream: Ensure that all returned SSHFP records for the specified host
    
    name and hostkey type match instead of only one.  While there, simplify the
    code somewhat and add some debugging.  Based on discussion in bz#3322, ok
    djm@.
    
    OpenBSD-Commit-ID: 0a6a0a476eb7f9dfe8fe2c05a1a395e3e9b22ee4

commit 1cc1fd095393663cd72ddac927d82c6384c622ba
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Mon Jul 19 02:21:50 2021 +0000

    upstream: Id sync only, -portable already has this.
    
    Put dh_set_moduli_file call inside ifdef WITH_OPENSSL. Fixes
    build with OPENSSL=no.
    
    OpenBSD-Commit-ID: af54abbebfb12bcde6219a44d544e18204defb15

commit 33abbe2f4153f5ca5c874582f6a7cc91ae167485
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Mon Jul 19 02:46:34 2021 +0000

    upstream: Add test for host key verification via SSHFP records. This
    
    requires some external setup to operate so is disabled by default (see
    comments in sshfp-connect.sh).
    
    OpenBSD-Regress-ID: c52c461bd1df3a803d17498917d156ef64512fd9

commit f0cd000d8e3afeb0416dce1c711c3d7c28d89bdd
Author: dtucker@openbsd.org <dtucker@openbsd.org>
