commit 0ffb46f2ee2ffcc4daf45ee679e484da8fcf338c
Author: Damien Miller <djm@mindrot.org>
Date:   Tue Oct 4 01:51:42 2022 +1100

    update .depend

commit 657e676ff696c7bb787bffb0e249ea1be3b474e1
Author: Damien Miller <djm@mindrot.org>
Date:   Tue Oct 4 01:45:52 2022 +1100

    update release notes URL

commit f059da2b29840c0f048448809c317ce2ae014da7
Author: Damien Miller <djm@mindrot.org>
Date:   Tue Oct 4 01:45:41 2022 +1100

    crank versions in RPM spec files

commit b51f3f172d87cbdb80ca4eb7b2149e56a7647557
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Mon Sep 26 22:18:40 2022 +0000

    upstream: openssh-9.1
    
    OpenBSD-Commit-ID: 5a467b2ee81da01a86adf1ad93b62b1728494e56

commit 4cf8d0c0f3030f594a238bab21a0695735515487
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Wed Sep 21 22:26:50 2022 +0000

    upstream: Fix typo. From AlexanderStohr via github PR#343.
    
    OpenBSD-Commit-ID: a134c9b4039e48803fc6a87f955b0f4a03181497

commit 8179fed3264d5919899900ed8881d5f9bb57ca33
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Mon Sep 19 21:39:16 2022 +0000

    upstream: add RequiredRSASize to the list of keywords accepted by
    
    -o; spotted by jmc@
    
    OpenBSD-Commit-ID: fe871408cf6f9d3699afeda876f8adbac86a035e

commit 5f954929e9f173dd1e279e07d0e8b14fa845814d
Author: Damien Miller <djm@mindrot.org>
Date:   Mon Sep 19 20:59:34 2022 +1000

    no need for glob.h here
    
    it also causes portability problems

commit 03d94a47207d58b3db37eba4f87eb6ae5a63168a
Author: Damien Miller <djm@mindrot.org>
Date:   Mon Sep 19 20:59:04 2022 +1000

    avoid Wuninitialized false positive in gcc-12ish

commit 9d952529113831fb3071ab6e408d2726fd72e771
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Mon Sep 19 10:46:00 2022 +0000

    upstream: use users-groups-by-id@openssh.com sftp-server extension
    
    (when available) to fill in user/group names for directory listings.
    Implement a client-side cache of see uid/gid=>user/group names. ok markus@
    
    OpenBSD-Commit-ID: f239aeeadfa925a37ceee36ee8b256b8ccf4466e

commit 8ff680368b0bccf88ae85d4c99de69387fbad7a6
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Mon Sep 19 10:43:12 2022 +0000

    upstream: sftp client library support for
    
    users-groups-by-id@openssh.com; ok markus@
    
    OpenBSD-Commit-ID: ddb2f33a2da6349a9a89a8b5bcb9ca7c999394de

commit 488f6e1c582212c2374a4bf8cd1b703d2e70fb8b
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Mon Sep 19 10:41:58 2022 +0000

    upstream: extend sftp-common.c:extend ls_file() to support supplied
    
    user/group names; ok markus@
    
    OpenBSD-Commit-ID: c70c70498b1fdcf158531117e405b6245863bfb0

commit 74b77f7497dba3a58315c8f308883de448078057
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Mon Sep 19 10:40:52 2022 +0000

    upstream: sftp-server(8): add a "users-groups-by-id@openssh.com"
    
    extension request that allows the client to obtain user/group names that
    correspond to a set of uids/gids.
    
    Will be used to make directory listings more useful and consistent
    in sftp(1).
    
    ok markus@
    
    OpenBSD-Commit-ID: 7ebabde0bcb95ef949c4840fe89e697e30df47d3

commit 231a346c0c67cc7ca098360f9a554fa7d4f1eddb
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Mon Sep 19 08:49:50 2022 +0000

    upstream: better debugging for connect_next()
    
    OpenBSD-Commit-ID: d16a307a0711499c971807f324484ed3a6036640

commit 1875042c52a3b950ae5963c9ca3774a4cc7f0380
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Sat Sep 17 10:34:29 2022 +0000

    upstream: Add RequiredRSASize for sshd(8); RSA keys that fall
    
    beneath this limit will be ignored for user and host-based authentication.
    
    Feedback deraadt@ ok markus@
    
    OpenBSD-Commit-ID: 187931dfc19d51873df5930a04f2d972adf1f7f1

commit 54b333d12e55e6560b328c737d514ff3511f1afd
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Sat Sep 17 10:33:18 2022 +0000

    upstream: add a RequiredRSASize for checking RSA key length in
    
    ssh(1). User authentication keys that fall beneath this limit will be
    ignored. If a host presents a host key beneath this limit then the connection
    will be terminated (unfortunately there are no fallbacks in the protocol for
    host authentication).
    
    feedback deraadt, Dmitry Belyavskiy; ok markus@
    
    OpenBSD-Commit-ID: 430e339b2a79fa9ecc63f2837b06fdd88a7da13a

commit 07d8771bacfefbcfb37fa8a6dc6103bcc097e0ab
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Sat Sep 17 10:30:45 2022 +0000

    upstream: Add a sshkey_check_rsa_length() call for checking the
    
    length of an RSA key; ok markus@
    
    OpenBSD-Commit-ID: de77cd5b11594297eda82edc594b0d32b8535134

commit 3991a0cf947cf3ae0f0373bcec5a90e86a7152f5
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Sat Sep 17 10:11:29 2022 +0000

    upstream: actually hook up restrict_websafe; the command-line flag
    
    was never actually used. Spotted by Matthew Garrett
    
    OpenBSD-Commit-ID: 0b363518ac4c2819dbaa3dfad4028633ab9cdff1

commit 30b2a7e4291fb9e357f80a237931ff008d686d3b
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Sep 16 06:55:37 2022 +0000

    upstream: correct error value
    
    OpenBSD-Commit-ID: 780efcbad76281f11f14b2a5ff04eb6db3dfdad4

commit ac1ec9545947d9f9657259f55d04cb49d3a94c8a
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Sep 16 03:33:14 2022 +0000

    upstream: sftp: Be a bit more clever about completions
    
    There are commands (e.g. "get" or "put") that accept two
    arguments, a local path and a remote path. However, the way
    current completion is written doesn't take this distinction into
    account and always completes remote or local paths.
    
    By expanding CMD struct and "cmds" array this distinction can be
    reflected and with small adjustment to completer code the correct
    path can be completed.
    
    By Michal Privoznik, ok dtucker@
    
    OpenBSD-Commit-ID: 1396d921c4eb1befd531f5c4a8ab47e7a74b610b

commit 590db83384f9d99fc51c84505792d26d1ef60df9
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Sep 16 03:13:34 2022 +0000

    upstream: sftp: Don't attempt to complete arguments for
    
    non-existent commands
    
    If user entered a non-existent command (e.g. because they made a
    typo) there is no point in trying to complete its arguments. Skip
    calling complete_match() if that's the case.
    
    From Michal Privoznik
    
    OpenBSD-Commit-ID: cf39c811a68cde2aeb98fc85addea4000ef6b07a

commit ff9809fdfd1d9a91067bb14a77d176002edb153c
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Wed Sep 14 00:14:37 2022 +0000

    upstream: sk_enroll: never drop SSH_SK_USER_VERIFICATION_REQD flag
    
    from response
    
    Now that all FIDO signing calls attempt first without PIN and then
    fall back to trying PIN only if that attempt fails, we can remove the
    hack^wtrick that removed the UV flag from the keys returned during
    enroll.
    
    By Corinna Vinschen
    
    OpenBSD-Commit-ID: 684517608c8491503bf80cd175425f0178d91d7f

commit 940dc10729cb5a95b7ee82c10184e2b9621c8a1d
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Wed Sep 14 00:13:13 2022 +0000

    upstream: a little extra debugging
    
    OpenBSD-Commit-ID: edf1601c1d0905f6da4c713f4d9cecc7d1c0295a

commit 4b5f91cb959358141181b934156513fcb8a6c1e3
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Wed Sep 14 00:02:03 2022 +0000

    upstream: ssh-agent: attempt FIDO key signing without PIN and use
    
    the error to determine whether a PIN is required and prompt only if
    necessary. from Corinna Vinschen
    
    OpenBSD-Commit-ID: dd6be6a0b7148608e834ee737c3479b3270b00dd

commit 113523bf0bc33600b07ebb083572c8c346b6fdf4
Author: jmc@openbsd.org <jmc@openbsd.org>
Date:   Sun Sep 11 06:38:11 2022 +0000

    upstream: .Li -> .Vt where appropriate; from josiah frentsos,
    
    tweaked by schwarze
    
    ok schwarze
    
    OpenBSD-Commit-ID: 565046e3ce68b46c2f440a93d67c2a92726de8ed

commit 86af013b56cecb5ee58ae0bd9d495cd586fc5918
Author: jsg@openbsd.org <jsg@openbsd.org>
Date:   Sat Sep 10 08:50:53 2022 +0000

    upstream: fix repeated words ok miod@ jmc@
    
    OpenBSD-Commit-ID: 6765daefe26a6b648cc15cadbbe337596af709b7

commit 0ba39b93b326a7d5dfab776cc9b9d326161a9b16
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Sep 9 03:31:42 2022 +0000

    upstream: notifier_complete(NULL, ...) is a noop, so no need to test
    
    that ctx!=NULL; from Corinna Vinschen
    
    OpenBSD-Commit-ID: ade2f2e9cc519d01a586800c25621d910bce384a

commit be197635329feb839865fdc738e34e24afd1fca8
Author: Sam James <sam@gentoo.org>
Date:   Thu Sep 8 02:49:29 2022 +0100

    openbsd-compat/bsd-asprintf: add <stdio.h> include for vsnprintf
    
    Fixes the following build failure with Clang 15 on musl:
    ```
    bsd-asprintf.c:51:8: error: call to undeclared library function 'vsnprintf' with type 'int (char *, unsigned long, const char *, struct __va_list_tag *)'; ISO C99 and laterclang -O2 -pipe -fdiagnostics-color=always -frecord-gcc-switches -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wmisleading-indentation -Wbitwise-instead-of-logical -fno-strict-aliasing -mretpoline  -ftrapv -fzero-call-used-regs=all -fno-builtin-memset -fstack-protector-strong -fPIE   -I. -I.  -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -DSSHDIR=\"/etc/ssh\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/lib/misc/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/lib/misc/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/lib/misc/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/lib/misc/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/lib/misc/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c cipher-aes.c -o cipher-aes.o
     do not support
          implicit function declarations [-Wimplicit-function-declaration]
            ret = vsnprintf(string, INIT_SZ, fmt, ap2);
                  ^
    bsd-asprintf.c:51:8: note: include the header <stdio.h> or explicitly provide a declaration for 'vsnprintf'
    1 error generated.
    ```

commit 6cb6f660bb35f77a0456dd2581ddf39c29398a5e
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Fri Sep 2 16:43:27 2022 +1000

    Remove DEF_WEAK, it's already in defines.h.

commit ce39e7d8b70c4726defde5d3bc4cb7d40d131153
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Fri Sep 2 14:28:14 2022 +1000

    Resync arc4random with OpenBSD.
    
    This brings us up to current, including djm's random-reseeding change,
    as prompted by logan at cyberstorm.mu in bz#3467.  It brings the
    platform-specific hooks from LibreSSL Portable, simplified to match our
    use case.  ok djm@.

commit beaddde26f30e2195b8aa4f3193970e140e17305
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Fri Sep 2 14:20:04 2022 +1000

    Move OPENBSD ORIGINAL marker.
    
    Putting this after the copyright statement (which doesn't change)
    instead of before the version identifier (which does) prevents merge
    conflicts when resyncing changes.

commit c83e467ead67a8cb48ef4bec8085d6fb880a2ff4
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Fri Sep 2 14:17:28 2022 +1000

    Remove arc4random_uniform from arc4random.c
    
    This was previously moved into its own file (matching OpenBSD) which
    prematurely committed in commit 73541f2.

commit 5f45c2395c60865e59fa44152ff1d003a128c5bc
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Sep 2 04:20:02 2022 +0000

    upstream: sk-usbhid: fix key_lookup() on tokens with built-in UV
    
    explicitly test whether the token performs built-in UV (e.g. biometric
    tokens) and enable UV in that case. From Pedro Martelletto via GHPR#388
    
    OpenBSD-Commit-ID: 007eb7e387d27cf3029ab06b88224e03eca62ccd

commit 03277a4aa49b80af541a3e691f264c0c0d8f9cec
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Wed Aug 31 20:26:30 2022 +1000

    Move sftp from valgrind-2 to 3 to rebalance.

commit fcf5365da69c516817321ba89c3a91df98d098df
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Wed Aug 31 02:56:40 2022 +0000

    upstream: whitespace
    
    OpenBSD-Commit-ID: c2bcbf93610d3d62ed206cdf9bf9ff98c6aaf232

commit e60136a3d7a223dd8e84ba8a6895bc3142360993
Author: Damien Miller <djm@mindrot.org>
Date:   Mon Aug 29 13:27:45 2022 +1000

    additional keys

commit 2b02dcb505288c462d1b5dd1ac04e603d01340eb
Author: Damien Miller <djm@mindrot.org>
Date:   Mon Aug 29 13:23:43 2022 +1000

    cross-sign allowed_signers with PGP key
    
    Provides continuity of trust from legacy PGP release key to
    the SSHSIG signing keys that we will use henceforth for git
    signing.

commit 51b345f177ae981b8755f6bdf8358b1cc5e83d67
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Sat Aug 27 21:49:27 2022 +1000

    Add libcrypt-devel to cygwin-release deps.
    
    Based on feedback from vinschen at redhat.com.

commit 9f81736cf16dd8dda1c8942f1973a5f80b8cd78c
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Sat Aug 27 09:37:40 2022 +1000

    Add Windows 2022 test targets.

commit 85e1a69243f12be8520438ad6a3cfdc0b7fcbb2d
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Fri Aug 26 16:26:06 2022 +1000

    Add cygwin-release test target.
    
    This also moves the cygwin package install from the workflow file to
    setup_ci.sh so that we can install different sets of Cygwin packages
    for different test configs.

commit 92382dbe8bf9ea1225b16858f9b9b208c15c7e8d
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Aug 26 08:16:27 2022 +0000

    upstream: whitespace
    
    OpenBSD-Commit-ID: a5d015efbfd228dc598ffdef612d2da3a579e5d8

commit 70a5de0a50e84d7250eb4e4537f765599f64c4af
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Aug 26 08:12:56 2022 +0000

    upstream: whitespace
    
    OpenBSD-Commit-ID: d297e4387935d4aef091c5e9432578c2e513f538

commit 3a683a19fd116ea15ebf8aa13d02646cceb302a9
Author: Damien Miller <djm@mindrot.org>
Date:   Fri Aug 26 14:23:55 2022 +1000

    initial list of allowed signers

commit 6851f4b8c3fc1b3e1114c56106e4dc31369c8513
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Fri Aug 19 17:22:18 2022 +1000

    Install Cygwin packages based on OS not config.

commit f96480906893ed93665df8cdf9065865c51c1475
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Aug 19 06:07:47 2022 +0000

    upstream: attemp FIDO key signing without PIN and use the error
    
    code returned to fall back only if necessary. Avoids PIN prompts for FIDO
    tokens that don't require them; part of GHPR#302
    
    OpenBSD-Commit-ID: 4f752aaf9f2e7c28bcaaf3d4f8fc290131bd038e

commit 5453333b5d28e313284cb9aae82899704103f98d
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Aug 19 05:53:28 2022 +0000

    upstream: remove incorrect check that can break enrolling a
    
    resident key (introduced in r1.40)
    
    OpenBSD-Commit-ID: 4cab364d518470e29e624af3d3f9ffa9c92b6f01

commit ff89b1bed80721295555bd083b173247a9c0484e
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Fri Aug 19 04:02:46 2022 +0000

    upstream: Strictly enforce the maximum allowed SSH2 banner size in
    
    ssh-keyscan and prevent a one-byte buffer overflow.  Patch from Qualys, ok
    djm@
    
    OpenBSD-Commit-ID: 6ae664f9f4db6e8a0589425f74cd0bbf3aeef4e4

commit 1b470b9036639cef4f32fb303bb35ea0b711178d
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Fri Aug 19 15:18:09 2022 +1000

    Fix cygwin conditional steps.

commit fd6ee741ab16714b7035d60aca924123ba28135a
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Fri Aug 19 15:12:57 2022 +1000

    Add a bit more debug output.

commit a9305c4c739f4d91a3d3a92c0b6d4949404a36c5
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Fri Aug 12 15:08:47 2022 +1000

    Add Cygwin (on windows-2019) test target.
    
    In addition to installing the requisite Cygwin packages, we also need to
    explicitly invoke "sh" for steps that run other scripts since the runner
    environment doesn't understand #! paths.

commit 5062ad48814b06162511c4f5924a33d97b6b2566
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Aug 19 03:06:30 2022 +0000

    upstream: double free() in error path; from Eusgor via GHPR333
    
    OpenBSD-Commit-ID: 39f35e16ba878c8d02b4d01d8826d9b321be26d4

commit 5a5c580b48fc6006bdfa731fc2f6d4945c2c0e4e
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Thu Aug 18 21:36:39 2022 +1000

    Check for perms to run agent-getpeereid test.
    
    Ubuntu 22.04 defaults to private home dirs which prevents "nobody"
    running ssh-add during the agent-getpeereid test.  Check for this and
    add the necessary permissions.

commit cd06a76b7ccc706e2bb4f1cc4aa9e9796a28a812
Author: Damien Miller <djm@mindrot.org>
Date:   Wed Aug 17 16:04:16 2022 +1000

    on Cygwin, prefer WinHello FIDO device
    
    If no FIDO device was explictly specified, then prefer the
    windows://hello FIDO device. An exception to this is when
    probing resident FIDO keys, in which case hardware FIDO
    devices are preferred.

commit 47f72f534ac5cc2cd3027675a3df7b00a8f77575
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Wed Aug 17 06:01:57 2022 +0000

    upstream: add an extra flag to sk_probe() to indicate whether we're
    
    probing for a FIDO resident key or not. Unused here, but will make like
    easier for portable
    
    OpenBSD-Commit-ID: 432c8ff70e270378df9dbceb9bdeaa5b43b5a832

commit edb0bcb3c79b16031dc87a8e57aecc3c4a3414f0
Author: jmc@openbsd.org <jmc@openbsd.org>
Date:   Tue Aug 16 20:24:08 2022 +0000

    upstream: use .Cm for "sign"; from josiah frentsos
    
    OpenBSD-Commit-ID: 7f80a53d54857ac6ae49ea6ad93c5bd12231d1e4

commit cccb011e130cbbac538b1689d10e4a067298df8b
Author: Corinna Vinschen <vinschen@redhat.com>
Date:   Thu Aug 11 20:19:35 2022 +0200

    Revert "check_sk_options: add temporary WinHello workaround"
    
    Cygwin now comes with libfido2 1.11.0, so this workaround
    isn't required anymore.
    
    This reverts commit 242c044ab111a37aad3b0775727c36a4c5f0102c.
    
    Signed-off-by: Corinna Vinschen <vinschen@redhat.com>

commit 9468cd7cf9d989dfa2ac20e2a0268ba6e93bfa5a
Author: Corinna Vinschen <vinschen@redhat.com>
Date:   Thu Aug 11 20:18:17 2022 +0200

    fido_dev_is_winhello: return 0, not "false"
    
    "false" is not used anywhere in OpenSSH, so return 0 like
    everywhere else.
    
    Signed-off-by: Corinna Vinschen <vinschen@redhat.com>

commit 730a80609472ee0451c99482d75c9c41f3ebc42d
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Aug 12 05:20:28 2022 +0000

    upstream: sftp-server: support home-directory request
    
    Add support to the sftp-server for the home-directory extension defined
    in draft-ietf-secsh-filexfer-extensions-00. This overlaps a bit with the
    existing expand-path@openssh.com, but uses a more official protocol name,
    and so is a bit more likely to be implemented by non-OpenSSH clients.
    
    From Mike Frysinger, ok dtucker@
    
    OpenBSD-Commit-ID: bfc580d05cc0c817831ae7ecbac4a481c23566ab

commit 5e820bf79ce3ce99ef7e98b0ab642b0a0a4f396c
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Fri Aug 12 14:56:55 2022 +1000

    Replace deprecated ubuntu-18.04 runners with 22.04

commit 87b0d9c1b789d3ff958ec45df2ac912e24461bae
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Thu Aug 11 22:48:23 2022 +1000

    Add a timegm implementation from Heimdal via Samba.
    
    Fixes build on (at least Solaris 10).

commit d0c4fa58594577994921b593f10037c5282597ca
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Thu Aug 11 14:23:58 2022 +1000

    Rerun tests if any .github config file changes.

commit 113fe6c77ab43769fc61e953d07cb619fd7ea54b
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Thu Aug 11 13:33:51 2022 +1000

    Skip hostbased during Valgrind tests.
    
    Valgrind doesn't let ssh exec ssh-keysign (because it's setuid) so skip
    it during the Valgrind based tests.
    
    See https://bugs.kde.org/show_bug.cgi?id=119404 for a discussion of this
    (ironically there the problematic binary was ssh(1) back when it could
    still be setuid).

commit b98a42afb69d60891eb0488935990df6ee571c4d
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Thu Aug 11 01:57:50 2022 +0000

    upstream: add some tests for parse_absolute_time(), including cases
    
    where it is forced to the UTC timezone. bz3468 ok dtucker
    
    OpenBSD-Regress-ID: ea07ca31c2f3847a38df028ca632763ae44e8759

commit ec1ddb72a146fd66d18df9cd423517453a5d8044
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Thu Aug 11 01:56:51 2022 +0000

    upstream: allow certificate validity intervals, sshsig verification
    
    times and authorized_keys expiry-time options to accept dates in the UTC time
    zone in addition to the default of interpreting them in the system time zone.
    YYYYMMDD and YYMMDDHHMM[SS] dates/times will be interpreted as UTC if
    suffixed with a 'Z' character.
    
    Also allow certificate validity intervals to be specified in raw
    seconds-since-epoch as hex value, e.g. -V 0x1234:0x4567890. This
    is intended for use by regress tests and other tools that call
    ssh-keygen as part of a CA workflow.
    
    bz3468 ok dtucker
    
    OpenBSD-Commit-ID: 454db1cdffa9fa346aea5211223a2ce0588dfe13

commit 4df246ec75751da7eb925e1880498300d8bda187
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Thu Aug 11 10:23:55 2022 +1000

    Fix conditional for running hostbased tests.

commit 2580916e48721802220c61ce9e0df1297c00bc07
Author: Damien Miller <djm@mindrot.org>
Date:   Thu Aug 11 08:58:28 2022 +1000

    fix SANDBOX_SECCOMP_FILTER_DEBUG

commit fdbd5bf507fc271ff813714fab8a72ff2c6cb5ca
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Wed Aug 10 17:35:52 2022 +1000

    Test hostbased auth on github runners.

commit 7e2f51940ba48a1c0fae1107801ea643fa83c971
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Wed Aug 10 17:25:24 2022 +1000

    Rename our getentropy to prevent possible loops.
    
    Since arc4random seeds from getentropy, and we use OpenSSL for that
    if enabled, there's the possibility that if we build on a system that
    does not have getentropy then run on a system that does have it, then
    OpenSSL could end up calling our getentropy and getting stuck in a loop.
    Pointed out by deraadt@, ok djm@

commit 7a01f61be8d0aca0e975e7417f26371495fe7674
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Mon Aug 8 12:17:04 2022 +1000

    Actually put HAVE_STDINT_H around the stdint.h.

commit 73541f29f0b50480da6c20dceb7a7191bd8ea7d3
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Mon Aug 8 10:30:34 2022 +1000

    Give unused param a name.
    
    Fixes builds on platforms that do have fido2 but don't have
    fido_dev_is_winhello.

commit 2a108c0ea960381bd9b14ee0d84e818a23df4482
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Aug 5 05:01:40 2022 +0000

    upstream: don't prompt for FIDO passphrase before attempting to enroll
    
    the credential, just let the enroll operating fail and we'll attempt to get a
    PIN anyway. Might avoid some unneccessary PIN prompts.
    
    Part of GHPR#302 from Corinna Vinschen; ok dtucker@
    
    OpenBSD-Commit-ID: bd5342ffc353ee37d39617906867c305564d1ce2

commit 2886975c0ad9244e60dc5e4be34fde3aa573a4b5
Author: Corinna Vinschen <vinschen@redhat.com>
Date:   Fri Feb 11 14:33:41 2022 +0100

    sk_sign: set FIDO2 uv attribute explicitely for WinHello
    
    WinHello via libfido2 performs user verification by default.
    However, if we stick to that, there's no way to differentiate
    between keys created with or without "-O  verify-required".
    Set FIDO2 uv attribute explicitely to FIDO_OPT_FALSE, then check
    if user verification has been requested.
    
    Signed-off-by: Corinna Vinschen <vinschen@redhat.com>

commit 242c044ab111a37aad3b0775727c36a4c5f0102c
Author: Corinna Vinschen <vinschen@redhat.com>
Date:   Tue Feb 15 11:28:08 2022 +0100

    check_sk_options: add temporary WinHello workaround
    
    Up to libfido 1.10.0, WinHello advertises "clientPin" rather
    than "uv" capability.  This is fixed in 1.11.0.  For the time
    being, workaround it here.
    
    Signed-off-by: Corinna Vinschen <vinschen@redhat.com>

commit 78774c08cc4b4997382975b0f414a86e06b6780c
Author: Corinna Vinschen <vinschen@redhat.com>
Date:   Thu Feb 10 18:19:29 2022 +0100

    compat code for fido_dev_is_winhello()
    
    Signed-off-by: Corinna Vinschen <vinschen@redhat.com>

commit 3d3a932a019aedfb891e0779bb4990cd5008a390
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Fri Aug 5 13:12:27 2022 +1000

    Factor out getrnd() and rename to getentropy().
    
    Factor out the arc4random seeding into its own file and change the
    interface to match getentropy.  Use native getentropy if available.
    This will make it easier to resync OpenBSD changes to arc4random.
    Prompted by bz#3467, ok djm@.

commit 9385d277b787403be9dfcb229cf372202496d2f3
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Thu Aug 4 18:55:48 2022 +1000

    Include CHANNEL and FIDO2 libs in configure output

commit 141535b904b6fba01724444f38193a8599201f82
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Mon Aug 1 11:09:26 2022 +0000

    upstream: avoid double-free in error path introduced in r1.70; report
    
    and fix based on GHPR#332 by v-rzh ok dtucker@
    
    OpenBSD-Commit-ID: 3d21aa127b1f37cfc5bdc21461db369a663a951f

commit dba7099ffcba3ca07b3946f017ba6a4c3158d9b1
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Wed Jul 27 18:40:12 2022 +1000

    Remove deprecated MacOS 10.15 runners.

commit 722a56439aa5972c830e4a9a724cf52aff4a950a
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Wed Jul 27 18:31:14 2022 +1000

    Move stale-configure check as early as possible.
    
    We added a check in Makefile to catch the case where configure needs to
    be rebuilt, however this did not happen until a build was attempted in
    which case all of the work done by configure was wasted.  Move this check
     to the start of configure to catch it as early as possible.  ok djm@

commit 099d6b56288b421ba38531d26dc1bd6bb685e311
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Fri Jul 22 10:47:19 2022 +1000

    Move libcrypto into CHANNELLIBS.
    
    This will result in sftp, sftp-server and scp no longer being linked
    against libcrypto.  ok djm@

commit 1bdf86725b77733bb5f17c54888b88a10b2f6538
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Fri Jul 22 10:45:47 2022 +1000

    Remove seed_rng calls from scp, sftp, sftp-server.
    
    These binaries don't use OpenSSL's random functions.  The next step
    will be to stop linking them against libcrypto.  ok djm@

commit d73f77b8cb9b422f1ac4facee7890aa10ff2bc21
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Fri Jul 22 09:51:51 2022 +1000

    Group libcrypto and PRNGD checks together.
    
    They're related more than the libcrypt or libiaf checks which are
    currently between them.  ok djm@

commit f117e372b3f42f2fbdb0a578d063b2609ab58e1f
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Fri Jul 22 09:24:45 2022 +1000

    Do not link scp, sftp and sftp-server w/ zlib.
    
    Some of our binaries (eg sftp, sftp-server, scp) do not interact with
    the channels code and thus do use libraries such as zlib and libcrypto
    although they are linked with them.  This adds a CHANNELLIBS and starts
    by moving zlib into it, which means the aformentioned binaries are no
    longer linked against zlib.  ok djm@

commit 800c2483e68db38bd1566ff69677124be974aceb
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Mon Jul 25 21:49:04 2022 +1000

    Remove workarounds for OpenSSL missing AES-CTR.
    
    We have some compatibility hacks that were added to support OpenSSL
    versions that do not support AES CTR mode.  Since that time, however,
    the minimum OpenSSL version that we support has moved to 1.0.1 which
    *does* have CTR, so this is no longer needed.  ok djm@

commit b7c56b65c12f51fe0dbae798d19c8f58224a5d95
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Mon Jul 25 21:43:00 2022 +1000

    Remove workarounds for OpenSSL missing AES-GCM.
    
    We have some compatibility hacks that were added to support OpenSSL
    versions that do not support AES GCM mode.  Since that time, however,
    the minimum OpenSSL version that we support has moved to 1.0.1 which
    *does* have GCM, so this is no longer needed.  ok djm@

commit 5a4a9f7a968fbf92cc1eac519c65638e79ae9f1f
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Mon Jul 25 07:12:45 2022 +0000

    upstream: Restore missing "!" in TEST_SSH_ELAPSED_TIMES test.
    
    OpenBSD-Regress-ID: 38783f9676ec348c5a792caecee9a16e354b37b0

commit 0ff886be132299386cc29d87c2aa16ff68a1aa08
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Sun Jul 24 23:29:10 2022 +0000

    upstream: Test TEST_SSH_ELAPSED_TIMES for empty string not
    
    executable.  No-op on most platforms but should prevent warnings in -portable
    on systems that don't have 'date %s'.
    
    OpenBSD-Regress-ID: e39d79867b8065e33d0c5926fa1a31f85659d2a4

commit f69319ad8ad1dd50f90bbcf5912e11cc8ed3e037
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Sat Jul 23 14:38:22 2022 +1000

    Convert "have_prog" function into "which".
    
    "which" and its behaviour is not standardized, so convert the existing
    have_prog function into "which" so we can rely on it being available
    and what its semantics are.  Add a have_prog wrapper that maintains the
    existing behaviour.

commit ea7ecc2c3ae39fdf5c6ad97b7bc0b47a98847f43
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Sat Jul 23 14:36:38 2022 +1000

    Skip scp3 test if there's no scp on remote path.
    
    scp -3 ends up using the scp that's in the remote path and will fail if
    one is not available.  Based on a patch from rapier at psc.edu.

commit c46f6fed419167c1671e4227459e108036c760f8
Author: Damien Miller <djm@mindrot.org>
Date:   Wed Jul 20 13:39:14 2022 +1000

    crank SSH_SK_VERSION_MAJOR in sk-dummy.so

commit f208e3b9ffb5ee76cf9c95df7ff967adc7f51c7d
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Wed Jul 20 03:33:22 2022 +0000

    upstream: ssh-keygen: fix touch prompt, pin retries;
    
    part of GHPR329 from Pedro Martelletto
    
    OpenBSD-Commit-ID: 75d1005bd2ef8f29fa834c90d2684e73556fffe8

commit 8638a2ce7e90c8a51d9af3143404282126c524f8
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Wed Jul 20 03:31:42 2022 +0000

    upstream: sk-usbhid: preserve error code returned by key_lookup()
    
    it conveys useful information, such as the supplied pin being wrong.
    
    Part of GHPR329 from Pedro Martelletto
    
    OpenBSD-Commit-ID: c0647eb9290f793add363d81378439b273756c1b

commit 9ab929ca2d820520327b41929372bcb9e261534c
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Wed Jul 20 03:29:14 2022 +0000

    upstream: when enrolling a resident key on a security token, check
    
    if a credential with matching application and user ID strings already exists.
    if so, prompt the user for confirmation before overwriting the credential.
    
    patch from Pedro Martelletto via GHPR329
    
    NB. cranks SSH_SK_VERSION_MAJOR, so any third-party FIDO middleware
    implementations will need to adjust
    
    OpenBSD-Commit-ID: e45e9f1bf2b2f32d9850669e7a8dbd64acc5fca4

commit 5bcfc788b38d5b64e4c347bdc04bd9a01bbc36da
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Wed Jul 20 03:13:04 2022 +0000

    upstream: pull passphrase reading and confirmation into a separate
    
    function so it can be used for FIDO2 PINs; no functional change
    
    OpenBSD-Commit-ID: bf34f76b8283cc1d3f54633e0d4f13613d87bb2f

commit eb679e2959bdb15454eb94751930eb4c9110da94
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Fri Jul 15 21:31:48 2022 +1000

    Move vmshutdown to first step.
    
    If a previous run on a physical runner has failed to clean up, the next
    run will fail because it'll try to check out the code to a broken
    directory mount.  Make cleanup the first step.

commit 46b91b70ff3cb9c147e2875ef5dc609fd64c0c96
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Fri Jul 15 20:25:27 2022 +1000

    Rename bbone test target to ARM.

commit 751d22cdeffed9fe921db78eedc32a29f9e80510
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Fri Jul 15 13:37:29 2022 +1000

    Add AUDIT_ARCH_PPC to supported seccomp arches.
    
    Patch from dries.deschout at dodeco.eu.

commit a061792a6e8d235fc40a9b5d4c22a1762bb75a7b
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Thu Jul 14 19:20:24 2022 +1000

    Remove unintended changes.
    
    I inadvertently included a couple of local changes with the OpenSSL
    3.0.4 change.  Revert, anything that should be there will be committed
    separately.

commit 527cb43fa1b4e55df661feabbac51b8e608b6519
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Thu Jul 14 11:22:08 2022 +1000

    Return ERANGE from getcwd() if buffer size is 1.
    
    If getcwd() is supplied a buffer size of exactly 1 and a path of "/", it
    could result in a nul byte being written out of array bounds.  POSIX says
    it should return ERANGE if the path will not fit in the available buffer
    (with terminating nul). 1 byte cannot fit any possible path with its nul,
    so immediately return ERANGE in that case.
    
    OpenSSH never uses getcwd() with this buffer size, and all current
    (and even quite old) platforms that we are currently known to work
    on have a native getcwd() so this code is not used on those anyway.
    Reported by Qualys, ok djm@

commit 36857fefd8849c4b0e877cfd9d1eb22f79b76650
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Thu Jul 14 10:02:35 2022 +1000

    Split README.platform into its own line.
    
    README.platform has general platform-specific information, having it
    following text about FIDO2 on the same line could imply that it only
    has information about FIDO2.

commit 00a496c6c14f2d41f2a9365714d494dd5f3aac9f
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Thu Jul 14 09:56:01 2022 +1000

    Clarify README.md text.
    
    Clarify the text about the implications of building without OpenSSL, and
    prefix the "configure --help" example command with a "./" so it's likely
    to work as-is in more shells.  From bz#3461.

commit f40b52f21fbc52eb513279168a49d3285c65256c
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Tue Jul 12 19:48:44 2022 +1000

    Remove special casing of crypt().
    
    Configure goes to some lengths to pick crypt() from either libcrypt
    or OpenSSL's libcrypto because they can more or less featureful (eg
    supporting md5-style passwords).
    
    OpenSSL removed its crypt() interface in 2002:
    https://github.com/openssl/openssl/commit/69deec58 so these hijinks
    should no longer be necessary.  This also only links sshd with libcrypt
    which is the only thing that needs it.  ok djm@

commit 76f4e48631d7b09fb243b47d7b393d100d3741b7
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Wed Jul 13 13:17:47 2022 +1000

    Only refuse to use OpenSSL 3.0.4 on x86_64.
