commit fa41f6592ff1b6ead4a652ac75af31eabb05b912
Author: Damien Miller <djm@mindrot.org>
Date:   Mon Jul 1 14:33:26 2024 +1000

    version numbers

commit bfebb8a5130a792c5356bd06e1ddef72a0a0449f
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Mon Jul 1 04:31:59 2024 +0000

    upstream: openssh-9.8
    
    OpenBSD-Commit-ID: 5f8b89e38a4c5f7c6d52ffa19f796d49f36fab19

commit 146c420d29d055cc75c8606327a1cf8439fe3a08
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Mon Jul 1 04:31:17 2024 +0000

    upstream: when sending ObscureKeystrokeTiming chaff packets, we
    
    can't rely on channel_did_enqueue to tell that there is data to send. This
    flag indicates that the channels code enqueued a packet on _this_ ppoll()
    iteration, not that data was enqueued in _any_ ppoll() iteration in the
    timeslice. ok markus@
    
    OpenBSD-Commit-ID: 009b74fd2769b36b5284a0188ade182f00564136

commit 637e4dfea4ed81264e264b6200172ce319c64ead
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Mon Jul 1 03:10:19 2024 +0000

    upstream: use "lcd" to change directory before "lls" rather then "cd",
    
    since the directory we're trying to list is local. Spotted by Corinna
    Vinschen
    
    OpenBSD-Regress-ID: 821feca4a4bebe491944e624c8f7f2990b891415

commit c8cfe258cee0b8466ea84597bf15e1fcff3bc328
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Thu Jun 27 23:01:15 2024 +0000

    upstream: delete obsolete comment
    
    OpenBSD-Commit-ID: 5fb04f298ed155053f3fbfdf0c6fe7cdf84bbfa2

commit 94b9d37100f6fa536aaa1d1a0e4926fe44fbf04d
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Thu Jun 27 22:36:44 2024 +0000

    upstream: retire unused API
    
    OpenBSD-Commit-ID: 3e30d7b0615e2707f6bbe70f61b1c2f72f78161b

commit 268c3a7f5783e731ed60f4e28da66ee3743581d3
Author: jmc@openbsd.org <jmc@openbsd.org>
Date:   Thu Jun 27 21:02:16 2024 +0000

    upstream: ssl(8) no longer contains a HISTORY section;
    
    OpenBSD-Commit-ID: 83b7ff34433d79595e9c2a5d2a561a6660251245

commit 12b6cc09ce6c430681f03af2a8069e37a664690b
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Wed Jun 26 23:47:46 2024 +0000

    upstream: move child process waitpid() loop out of SIGCHLD handler;
    
    ok deraadt
    
    OpenBSD-Commit-ID: 65815a39564e431414aed7c5ace8076f4e9ca741

commit d6bcd13297c2ab8b528df5a6898f994734849031
Author: deraadt@openbsd.org <deraadt@openbsd.org>
Date:   Wed Jun 26 23:16:52 2024 +0000

    upstream: Instead of using possibly complex ssh_signal(), write all
    
    the parts of the grace_alarm_handler() using the exact things allowed by the
    signal-safe rules.  This is a good rule of thumb: Handlers should be written
    to either set a global volatile sig_atomic_t inspected from outside, and/or
    directly perform only safe operations listed in our sigaction(2) manual page.
    ok djm markus
    
    OpenBSD-Commit-ID: 14168ae8368aab76e4ed79e17a667cb46f404ecd

commit b8793e2b0851f7d71b97554fa5260b23796d6277
Author: deraadt@openbsd.org <deraadt@openbsd.org>
Date:   Wed Jun 26 23:14:14 2024 +0000

    upstream: save_errno wrappers inside two small signal handlers that
    
    perform system calls, for systems with libc that do perform libc sigtramps.
    ok djm markus
    
    OpenBSD-Commit-ID: 7749b56419a7c9dcfe4c6c04811e429813346c62

commit f23e9332c4c8df37465c4a4f38275ea98980ed7e
Author: jmc@openbsd.org <jmc@openbsd.org>
Date:   Mon Jun 24 06:59:39 2024 +0000

    upstream: - uppercase start of sentence - correct sentence grammar
    
    ok djm
    
    OpenBSD-Commit-ID: 1ec4b0fdb633a43667f2c8fff1d600bd647dde25

commit 1839e3eb71a759aa795602c1e4196300f4ac2615
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Mon Jun 24 04:05:11 2024 +0000

    upstream: mention SshdSessionPath option
    
    OpenBSD-Commit-ID: c29734d36c21003973b15c1c9965c35f36cef30c

commit 603193e32aef5db7d60c58066d5de89806e79312
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Thu Jun 20 18:45:14 2024 +1000

    Rerun upstream tests on .sh file changes too.

commit dbbf9337c19381786a8e5a8a49152fe6b80c780d
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Thu Jun 20 08:23:18 2024 +0000

    upstream: Work around dbclient cipher/mac query bug.
    
    Unlike earlier versions, recent Dropbear (at least v2024.85) requires
    a host arg when querying supported ciphers and macs via "-c/-m
    help".  Earlier versions accept but do not require it, so always
    provide it.  If these queries fail, skip the test with a warning.
    
    OpenBSD-Regress-ID: 98eb863a3f0363416922efb273885e6b3c7f68d4

commit 8de2c8cebc46bbdb94b7a2c120fcadfb66a3cccc
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Thu Jun 20 08:18:34 2024 +0000

    upstream: Remove dropbear key types not supported
    
    by current OpenSSH. Allows subsequent test runs to work if OpenSSH is
    rebuilt w/out OpenSSL.
    
    OpenBSD-Regress-ID: e0129eb2b1d31771105903a8055216fbba20a770

commit e9b6471c59b21e5d9ef1b3832d4bf727338add85
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Thu Jun 20 00:18:05 2024 +0000

    upstream: stricter check for overfull tables in penalty record path
    
    OpenBSD-Commit-ID: 7df01e648a0723418c554e64a9f2b6d38db060a6

commit d9336d344eb2a1e898c5e66147b3f108c7214694
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Wed Jun 19 23:24:47 2024 +0000

    upstream: put back reaping of preauth child process when writes
    
    from the monitor fail. Not sure how this got lost in the avalanche of
    patches.
    
    OpenBSD-Commit-ID: eb7eb36371e1ac01050b32b70fb2b3e5d98e72f5

commit 579d9adb70ec0206a788eb5c63804c31a67e9310
Author: naddy@openbsd.org <naddy@openbsd.org>
Date:   Mon Jun 17 13:50:18 2024 +0000

    upstream: remove one more mention of DSA
    
    OpenBSD-Commit-ID: 8515f55a15f02836ba657df341415f63c60526ca

commit 7089b5f8436ef0b8d3d3ad9ce01045fb9e7aab15
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Wed Jun 19 23:09:05 2024 +1000

    Move -f to the place needed to restart sshd.

commit d5f83cfd852b14a25f347f082ab539a9454702ad
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Wed Jun 19 21:04:01 2024 +1000

    Need to supply "-f" to restart sshd.

commit fad34b4ca25c0ef31e5aa841d461b6f21da5b8c1
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Wed Jun 19 10:15:51 2024 +0000

    upstream: Provide defaults for ciphers and macs
    
    if querying for them fails since on some versions of Dropbear (at least
    v2024.85) "-m help" doesn't seem to work.  Enable all supported pubkey
    algorithms in the server.
    
    OpenBSD-Regress-ID: 4f95556a49ee9f621789f25217c367a33d2745ca

commit 5521060e35ada9f957cecdddc06d0524e75409ef
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Wed Jun 19 10:10:46 2024 +0000

    upstream: Use ed25519 keys for kex tests
    
    since that's supported by OpenSSH even when built without OpenSSL.
    Only test diffie-hellman kex if OpenSSH is compiled with support for it.
    
    OpenBSD-Regress-ID: a5d09ef9bbd171f9e4ec73ed0d9eeb49a8878e97

commit dbd3b833f6e3815e58f2dc6e14f61a51bcd4d6bd
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Wed Jun 19 10:08:34 2024 +0000

    upstream: Rework dropbear key setup
    
    to always generate ed25519 keys, other types only if OpenSSH has support
    for the corresponding key type.
    
    OpenBSD-Regress-ID: 8f91f12604cddb9f8d93aa34f3f93a3f6074395d

commit d6218504e11ae9148adf410fc69b0710a052be36
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Wed Jun 19 20:20:24 2024 +1000

    Restart sshd after installing it for testing.
    
    When installing an sshd built without OpenSSL the mismatch between
    the running sshd and newly installed sshd-session will cause the
    remainder of the test to fail.

commit 786a4465b6bb702daf4fb17b7c3bcb42b52f0b46
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Tue Jun 18 19:59:59 2024 +1000

    Remove macos-11 runner.
    
    Github is retiring them soon.

commit df1c72a55edbebac14363b57de66ac6a147ecc67
Author: Damien Miller <djm@mindrot.org>
Date:   Wed Jun 19 09:34:34 2024 +1000

    PAMServiceName may appear in a Match block

commit de1c2e70e5a5dc3c8d2fe04b24cc93d8ef6930e7
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Tue Jun 18 08:11:48 2024 +0000

    upstream: Re-enable ssh-dss tests
    
    ... if ssh is compiled with DSA support
    
    OpenBSD-Regress-ID: bbfaf8c17f2b50a2d46ac35cb97af99b990c990d

commit dabc2c7cf3c141e8e5d5a1a60d6c1d2d2422cf43
Author: anton@openbsd.org <anton@openbsd.org>
Date:   Tue Jun 18 06:14:27 2024 +0000

    upstream: Stop using DSA in dropbear interop tests.
    
    OpenBSD-Regress-ID: abfd4457d99d8cc1417fd22ca2c570270f74c1cf

commit 761438012710169445acc179e3870c53c862bda0
Author: Damien Miller <djm@mindrot.org>
Date:   Tue Jun 18 12:29:45 2024 +1000

    missed a bit of DSA in the fuzzer

commit 3f9cc47da588e8de520720e59f98438043fdaf93
Author: Damien Miller <djm@mindrot.org>
Date:   Tue Jun 18 09:35:53 2024 +1000

    DSA support is disabled, so remove from fuzzers

commit 00eb95957dea5484b2c7c043f7d2bbc87301bef2
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Mon Jun 17 08:30:29 2024 +0000

    upstream: disable the DSA signature algorithm by default; ok
    
    markus@
    
    (yes, I know this expands to "the Digitial Signature Algorithm
    signature algorithm)
    
    OpenBSD-Commit-ID: 961ef594e46dd2dcade8dd5721fa565cee79ffed

commit 5603befe11c9464ea26fe77cbacc95a7cc0b1ea7
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Mon Jun 17 08:28:31 2024 +0000

    upstream: promote connection-closed messages from verbose to info
    
    log level; they could be the only record of the connection terminating if the
    client doesn't send a SSH2_MSG_DISCONNECT message. ok dtucker@
    
    OpenBSD-Commit-ID: 0c8bfaf5e9fdff945cee09ac21e641f6c5d65d3c

commit b00331402fe5c60d577f3ffcc35e49286cdc6b47
Author: Damien Miller <djm@mindrot.org>
Date:   Mon Jun 17 17:02:18 2024 +1000

    propagate PAM crashes to PerSourcePenalties
    
    If the PAM subprocess crashes, exit with a crash status that will be
    picked up by the sshd(8) listener process where it can be used by
    PerSourcePenalties to block the client. This is similar handling to
    the privsep preauth process.

commit 1c207f456ace38987deda047758d13fbf857f948
Author: Damien Miller <djm@mindrot.org>
Date:   Mon Jun 17 15:06:01 2024 +1000

    minix doesn't have loopback, so skip penalty tests
    
    pointed out by dtucker@

commit 48443d202eaec52d4d39defdd709a4499a7140c6
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Sun Jun 16 11:54:49 2024 +0000

    upstream: same treatment for this test
    
    OpenBSD-Regress-ID: d0cc9efca7833e673ea7b0cb3a679a3acee8d4c7

commit 45562a95ea11d328c22d97bf39401cd29684fb1f
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Sun Jun 16 08:18:06 2024 +0000

    upstream: penalty test is still a bit racy
    
    OpenBSD-Regress-ID: 90c9ac224db454637baf1ebee5857e007321e824

commit 8d0f7eb147ef72d18acb16c0b18672d44941a8ca
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Sat Jun 15 03:59:10 2024 +0000

    upstream: crank up penalty timeouts so this should work on even the
    
    slowest of test builders
    
    OpenBSD-Regress-ID: 70bda39c83e3fc9d0f3c1fad4542ed33e173d468

commit 93c75471a1202ab3e29db6938648d4e2602c0475
Author: jmc@openbsd.org <jmc@openbsd.org>
Date:   Fri Jun 14 05:20:34 2024 +0000

    upstream: sort -q in the options list;
    
    OpenBSD-Commit-ID: 6839b38378f38f754de638a5e988c13b4164cc7c

commit dd7807bbe80a93ffb4616f2bd5cf83ad5a5595fb
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Jun 14 05:01:22 2024 +0000

    upstream: clarify KEXAlgorithms supported vs available. Inspired by
    
    bz3701 from Colin Watson.
    
    OpenBSD-Commit-ID: e698e69bea19bd52971d253f2b1094490c4701f7

commit d172ad56df85b68316dbadbedad16761a1265874
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Jun 14 05:00:42 2024 +0000

    upstream: ssh-keyscan -q man bits
    
    OpenBSD-Commit-ID: ba28d0e1ac609a4c99c453e57e86560c79079db1

commit 092e4ff9ccaacbe035f286feb1b56ed499604743
Author: Damien Miller <djm@mindrot.org>
Date:   Fri Jun 14 14:46:35 2024 +1000

    skip penalty-expire test in valgrind test env

commit 2866ad08a9c50d7b67ce9424ca990532b806a21a
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Jun 14 04:43:11 2024 +0000

    upstream: split the PerSourcePenalties test in two: one tests penalty
    
    enforcement but not penalty expiry, the other tests penalty expiry.
    
    This lets us disable the expiry testing in certain CI test environments.
    
    OpenBSD-Regress-ID: f56811064f3e3cb52ee73a206b8c2a06af1c8791

commit b2c64bc170d75823622a37cab3ca1804ca87ad16
Author: Damien Miller <djm@mindrot.org>
Date:   Fri Jun 14 14:19:23 2024 +1000

    add a sshd_config PamServiceName option
    
    Allows selecting which PAM service name to use when UsePAM is
    enabled. Defaults to "sshd" unless overridden at compile time
    by defining SSHD_PAM_SERVICE.
    
    bz2102, ok dtucker@

commit 9f032a4dd17bf0ae6066223d82aa5e784285d987
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Jun 14 00:26:12 2024 +0000

    upstream: don't redirect stderr for ssh-keyscan we expect to succeed
    
    OpenBSD-Regress-ID: 8878b8eb4e070ed2e343166d3eb86db4a08a216c

commit 1e84d0cf40e94ae3a77d6a7ca8c036d8e3d55a40
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Jun 14 00:25:25 2024 +0000

    upstream: make host/banner comments go to stderr instead of stdout,
    
    so they are useful as comments without extra shell redirection and so they
    don't clutter actual errors on stderr.
    
    Add a -q flag to shut them up.
    
    ok dtucker@
    
    OpenBSD-Commit-ID: bec813de56a71adb5c1a76adcf49621130d24264

commit 3e806d011855d6bd648ec95b9df630ebbd11c3bf
Author: naddy@openbsd.org <naddy@openbsd.org>
Date:   Thu Jun 13 15:06:33 2024 +0000

    upstream: separate keywords with comma
    
    OpenBSD-Commit-ID: d65a99666202a8188c4991c18d14374a229f7be5

commit abfd1f7a3cbd0a92581a0febba254b2f6649c0d9
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Jun 14 00:23:55 2024 +0000

    upstream: specify an algorithm for ssh-keyscan, otherwise it will make
    
    multiple attempts simultaneously and confuse the test
    
    OpenBSD-Regress-ID: 6e910f3315c4345053db1bf5cbf61826b194d0b9

commit a8fbe2f7d0d96d299ee8e69769e3b51067978748
Author: Damien Miller <djm@mindrot.org>
Date:   Thu Jun 13 16:41:29 2024 +1000

    sshd: don't use argv[0] as PAM service name
    
    sshd would implicitly use argv[0] as the PAM service name to
    allow people to select different PAM service names by making
    differently-named copies/links to the sshd binary.
    
    Splitting sshd into sshd/sshd-session broke this, as the process
    that starts PAM is always sshd-session and the user has no control
    over this.
    
    Hardcode "sshd" as the default PAM service name unless/until we
    figure out a better way. Should unbreak OSX integration tests.

commit bf204bd05c3ae650f87e2b96527688579f59774c
Author: Damien Miller <djm@mindrot.org>
Date:   Thu Jun 13 15:00:28 2024 +1000

    prepare for checking in autogenerated files
    
    We plan to check in automatically generated files (config.h.in, etc) on
    release branches. These files are normally ignored by .gitignore, but
    this shuffles the contents of this file to make it easy to un-ignore
    them.

commit 425f79a837489904c343b349ef00e09aeaa4e752
Author: Damien Miller <djm@mindrot.org>
Date:   Thu Jun 13 14:41:33 2024 +1000

    typo in comment

commit afe10313c1fa8d478af399ee7d54c8f85503013b
Author: Damien Miller <djm@mindrot.org>
Date:   Thu Jun 13 14:35:25 2024 +1000

    fix PTY allocation on Cygwin, broken by sshd split
    
    Cygwin doesn't support FD passing and so used to disable post-auth
    privilege separation entirely because privsep requires PTY allocation
    to happen in the privileged monitor process with the PTY file
    descriptors being passed back to the unprivileged process.
    
    This brings back a minimal version of the previous special treatment
    for Cygwin (and any other platform that sets DISABLE_FD_PASSING):
    privilege separation remains enabled, but PTY allocation happens in
    the post-auth user process rather than the monitor.
    
    This either requires PTY allocation to not need privilege to begin
    with (this appears to be the case on Cygwin), or the post-auth
    privsep process retain privilege (other platforms that set the
    DISABLE_FD_PASSING option).
    
    Keeping privileges here is bad, but the non-Cygwin systems that set
    DISABLE_FD_PASSING are so deeply legacy that this is likely to be the
    least of their problems.

commit f66d4df5749551380a8c4ae642347675a0b6a2e9
Author: Damien Miller <djm@mindrot.org>
Date:   Thu Jun 13 11:33:09 2024 +1000

    delay lookup of privsep user until config loaded
    
    sshd-session attempting to use options.kerberos_authentication to
    decide whether it needed to lookup the privsep user before the
    configuration was loaded. This caused it to get a placeholder value
    that caused it always to try to lookup the privsep user, breaking at
    least one test environment.

commit f1c42858b94f5d9b58867b34dce3afb39c6b56a8
Author: Damien Miller <djm@mindrot.org>
Date:   Thu Jun 13 11:16:57 2024 +1000

    missing file for PerSourcePenalties regress test

commit 4de80ff4e6fab5a6bb0028e7d57c6c23d1485adb
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Wed Jun 12 22:36:00 2024 +0000

    upstream: split PerSourcePenalties address tracking. Previously it
    
    used one shared table and overflow policy for IPv4 and IPv6 addresses, now it
    will use separate tables and optionally different overflow policies.
    
    This prevents misbehaviour from IPv6 addresses (which are vastly easier
    to obtain many of) from affecting IPv4 connections and may allow for
    stricter overflow policies.
    
    ok deraadt@
    
    OpenBSD-Commit-ID: 12637ed0aa4d5f1f3e702da42ea967cbd8bfdfd9

commit 06ab4c6931b0aaa4334db2faaa7e1069e76d0df6
Author: jmc@openbsd.org <jmc@openbsd.org>
Date:   Tue Jun 11 05:24:39 2024 +0000

    upstream: do not mark up "(default: 20ms)";
    
    OpenBSD-Commit-ID: 54151ecdecfa1b67dcdda4fd24826ef6e2148ad4

commit cfe243cd9fde148ed060637876e27bb55ac78be9
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Tue Jun 11 02:54:51 2024 +0000

    upstream: reap preauth net child if it hangs up during privsep message
    
    send, not just message receive
    
    OpenBSD-Commit-ID: 02a093f4ab4f8f83f0cd1ea2bb35b9ca420448f0

commit b0a711c00b9c64afd1c9d6fb538275c6604a2676
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Tue Jun 11 01:58:27 2024 +0000

    upstream: fix PIDFILE handling, broken for SUDO=doas in last commit
    
    here
    
    OpenBSD-Regress-ID: 96fec579af228f87a036e94801eb294af9074625

commit 90fb801e2d9241be50a2a7ff79428386442a041f
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Tue Jun 11 02:00:30 2024 +0000

    upstream: reap the pre-auth [net] child if it hangs up during privsep
    
    message sending, not just receiving
    
    OpenBSD-Commit-ID: f7341605bf08c4c15830910446e6775323f2f8cb

commit ef878d58798f6688c7f4d4e417dc0c29023ea831
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Tue Jun 11 01:23:25 2024 +0000

    upstream: a little more RB_TREE paranoia
    
    OpenBSD-Commit-ID: 8dc2fd21eebd8830c4a4d25461ac4fe228e11156

commit fc4e96b2174d6a894d2033421699d091679baced
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Tue Jun 11 01:22:25 2024 +0000

    upstream: fix off-by-one comparison for PerSourcePenalty
    
    OpenBSD-Commit-ID: af4f5d01c41ef870b23e55655bfbf73474a6c02b

commit 82c836df4ff41145553cd7adb11c5b985aeaa06f
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Tue Jun 11 01:21:41 2024 +0000

    upstream: move tree init before possible early return
    
    OpenBSD-Commit-ID: 72e2c5b69f151c08a7c5bf5ad929b97a92c273df

commit a2300f015cc4939c4d9c564b58b74e71202dc978
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Tue Jun 11 01:07:35 2024 +0000

    upstream: update to mention that PerSourcePenalties default to
    
    being enabled and document the default values for each parameter.
    
    OpenBSD-Commit-ID: b981288bddfb097aad269f62df4081c688ce0034

commit 41987efd356d3fc30139aeab4b09374acf8f91a0
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Tue Jun 11 00:44:52 2024 +0000

    upstream: reap the [net] child if it hangs up while writing privsep
    
    message payloads, not just the message header
    
    OpenBSD-Commit-ID: 24dbd400aa381ac96be7ed2dd49018487dfef6ce

commit 6211aa085fa91155a24922e5329576ac9a8f3175
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Tue Jun 11 00:40:21 2024 +0000

    upstream: log waitpid() status for abnormal exits
    
    OpenBSD-Commit-ID: b317930e06b51819c1a2bc6a4359764fecfb1c2d

commit a59634c7adb9ae988748d99963dfafb3070d8d41
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Tue Jun 11 00:36:20 2024 +0000

    upstream: correct error message
    
    OpenBSD-Commit-ID: 581f60f73099083392887206860229ab104620ed

commit fa7d7a667f2ee031e72873e36de2d2a36bca973b
Author: deraadt@openbsd.org <deraadt@openbsd.org>
Date:   Fri Jun 7 13:23:30 2024 +0000

    upstream: avoid shadowing issues which some compilers won't accept
    
    ok djm
    
    OpenBSD-Commit-ID: 1e89572397dda83433d58c4fa6333a08f51170d4

commit 3ad4cd9eeca5c9bc6706db44b6de88e2e4513fd6
Author: jmc@openbsd.org <jmc@openbsd.org>
Date:   Thu Jun 6 21:14:49 2024 +0000

    upstream: escape the final dot at eol in "e.g." to avoid double
    
    spacing;
    
    OpenBSD-Commit-ID: 0a9fb10bc9f7d577afe2da3f498a08bc431115b9

commit 0e0c69761a4c33ccd4a256560f522784a753d1a8
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Thu Jun 6 20:25:48 2024 +0000

    upstream: enable PerSourcePenalties by default.
    
    ok markus
    
    NB. if you run a sshd that accepts connections from behind large NAT
    blocks, proxies or anything else that aggregates many possible users
    behind few IP addresses, then this change may cause legitimate traffic
    to be denied.
    
    Please read the PerSourcePenalties, PerSourcePenaltyExemptList and
    PerSourceNetBlockSize options in sshd_config(5) for how to tune your
    sshd(8) for your specific circumstances.
    
    OpenBSD-Commit-ID: 24a0e5c23d37e5a63e16d2c6da3920a51078f6ce

commit bd1f74741daabeaf20939a85cd8cec08c76d0bec
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Thu Jun 6 20:20:42 2024 +0000

    upstream: mention that PerSourcePenalties don't affect concurrent
    
    in-progress connections.
    
    OpenBSD-Commit-ID: 20389da6264f2c97ac3463edfaa1182c212d420c

commit 9774b938578327d88a651f4c63c504809717590a
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Thu Jun 6 19:49:25 2024 +0000

    upstream: regress test for PerSourcePenalties
    
    OpenBSD-Regress-ID: a1af13d411b25a727742644459d26480b9a1b0f1

commit b8ebd86cefe9812204a10c028dc90de29918667d
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Thu Jun 6 19:48:40 2024 +0000

    upstream: make sure logs are saved from sshd run via start_sshd
    
    OpenBSD-Regress-ID: de4ef0e32e3ab85ff3a6c36eb08d1909c0dd1b4a

commit d7b2070bdaa4ebbfafb9975c1d5a62b73289d31f
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Thu Jun 6 19:47:48 2024 +0000

    upstream: simplify
    
    OpenBSD-Regress-ID: 50316e0d1ae0c0a057a45af042253e54ce23d11c

commit e6ea3d224513b6bfb93818809d4c7397f5995ba2
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Thu Jun 6 18:48:13 2024 +0000

    upstream: prepare for PerSourcePenalties being enabled by default
    
    in future
    
    OpenBSD-Regress-ID: 5236c6d1c823997aac5a35e2915da30f1903bec7

commit c0cb3b8c837761816a60a3cdb54062668df09652
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Thu Jun 6 19:50:01 2024 +0000

    upstream: disable stderr redirection before closing fds
    
    OpenBSD-Commit-ID: d42cb895ee4542098050367fc35321c9303f003a

commit 81c1099d22b81ebfd20a334ce986c4f753b0db29
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Thu Jun 6 17:15:25 2024 +0000

    upstream: Add a facility to sshd(8) to penalise particular
    
    problematic client behaviours, controlled by two new sshd_config(5) options:
    PerSourcePenalties and PerSourcePenaltyExemptList.
    
    When PerSourcePenalties are enabled, sshd(8) will monitor the exit
    status of its child pre-auth session processes. Through the exit
    status, it can observe situations where the session did not
    authenticate as expected. These conditions include when the client
    repeatedly attempted authentication unsucessfully (possibly indicating
    an attack against one or more accounts, e.g. password guessing), or
    when client behaviour caused sshd to crash (possibly indicating
    attempts to exploit sshd).
    
    When such a condition is observed, sshd will record a penalty of some
    duration (e.g. 30 seconds) against the client's address. If this time
    is above a minimum threshold specified by the PerSourcePenalties, then
    connections from the client address will be refused (along with any
    others in the same PerSourceNetBlockSize CIDR range).
    
    Repeated offenses by the same client address will accrue greater
    penalties, up to a configurable maximum. A PerSourcePenaltyExemptList
    option allows certain address ranges to be exempt from all penalties.
    
    We hope these options will make it significantly more difficult for
    attackers to find accounts with weak/guessable passwords or exploit
    bugs in sshd(8) itself.
    
    PerSourcePenalties is off by default, but we expect to enable it
    automatically in the near future.
    
    much feedback markus@ and others, ok markus@
    
    OpenBSD-Commit-ID: 89ded70eccb2b4926ef0366a4d58a693de366cca

commit 916b0b6174e203cf2c5ec9bcf409472eb7ffbf43
Author: Damien Miller <djm@mindrot.org>
Date:   Fri Jun 7 03:31:02 2024 +1000

    whitespace

commit 49b55e44182b8294419aa580cbf043d5b9e3d953
Author: deraadt@openbsd.org <deraadt@openbsd.org>
Date:   Tue Jun 4 15:14:45 2024 +0000

    upstream: enable -fret-clean on amd64, for libc libcrypto ld.so
    
    kernel, and all the ssh tools.  The dynamic objects are entirely ret-clean,
    static binaries will contain a blend of cleaning and non-cleaning callers.
    
    OpenBSD-Commit-ID: 112aacedd3b61cc5c34b1fa6d9fb759214179172

commit cc80d51d034bcb24fd0f2564a4bdf1612000a2a2
Author: Damien Miller <djm@mindrot.org>
Date:   Wed Jun 5 02:21:30 2024 +1000

    remove PRIVSEP macros for osx

commit 8785491123d4d722b310c20f383570be758f8263
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Sat Jun 1 07:03:37 2024 +0000

    upstream: be really strict with fds reserved for communication with the
    
    separate sshd-session process - reserve them early and fatal if we can't
    dup2(2) them later. The pre-split fallback to re-reading the configuration
    files is not possible, so sshd-session absolutely requires the fd the
    configuration is passed over to be in order.
    
    ok deraadt@
    
    OpenBSD-Commit-ID: 308a98ef3c8a6665ebf92c7c9a0fc9600ccd7065

commit f1c8918cb98459910fb159373baea053ba4108c0
Author: Damien Miller <djm@mindrot.org>
Date:   Fri May 31 19:12:26 2024 +1000

    depend

commit 94b4866cb1f4b0ed29a9f367047b30f81002316f
Author: Damien Miller <djm@mindrot.org>
Date:   Fri May 31 19:11:14 2024 +1000

    rename need_privsep to need_chroot
    
    privsep is mandatory, chroot is optional (disabled when running
    sshd as non-root)

commit e68a95142e5024b144f8eeccd5ffdee42c34f44c
Author: Damien Miller <djm@mindrot.org>
Date:   Fri May 31 19:05:34 2024 +1000

    remove remaining use_privsep mention

commit b21d271f651d2536dca819cc6d74032fe98634db
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri May 31 09:01:08 2024 +0000

    upstream: warn when -r (deprecated option to disable re-exec) is
    
    passed
    
    OpenBSD-Commit-ID: 73145ef5150edbe3ce7889f0844ed8fa6155f551

commit a4b5bc246cbca476deeeb4462aa31746a56e3021
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri May 31 08:49:35 2024 +0000

    upstream: typos
    
    OpenBSD-Commit-ID: edfa72eb06bfa65da30fabf7d2fe76d2d33f77bf

commit 8054b906983ceaed01fabd8188d3dac24c05ba39
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Mon May 27 01:52:26 2024 +0000

    upstream: don't need sys/queue.h here
    
    OpenBSD-Commit-ID: dd137396828171eb19e4911581812ca58de6c578

commit 210d4239733da6180ce853538aeb9413d5c62ad5
Author: naddy@openbsd.org <naddy@openbsd.org>
Date:   Sun May 26 20:35:12 2024 +0000

    upstream: remove references to SSH1 and DSA server keys
    
    OpenBSD-Commit-ID: 57cc1c98d4f998981473734f144b904af7d178a2

commit f0b9261d7fdd0ef86806b49fe76344bd16770cd0
Author: jsg@openbsd.org <jsg@openbsd.org>
Date:   Thu May 23 23:47:16 2024 +0000

    upstream: remove unused struct fwd_perm_list, no decl with complete
    
    type ok djm@
    
    OpenBSD-Commit-ID: 416fb3970b7e73c76d2963c4f00cf96f2b2ee2fb

commit 2477a98c3ef78e63b11a1393656e00288f52ae97
Author: naddy@openbsd.org <naddy@openbsd.org>
Date:   Wed May 22 15:24:55 2024 +0000

    upstream: Do not pass -Werror twice when building with clang.
    
    OpenBSD-Commit-ID: 5f378c38ad8976d507786dc4db9283a879ec8cd0

commit 435844f5675245b4271f8581f15e6d1f34fde3bc
Author: miod@openbsd.org <miod@openbsd.org>
Date:   Wed May 22 11:49:36 2024 +0000

    upstream: Do not pass -Werror if building with gcc 3, for asn1.h
    
    and bio.h cause (admittedly bogus) warnings with gcc 3.
    
    OpenBSD-Commit-ID: fb39324748824cb0387e9d67c41d1bef945c54ea

commit fc5dc092830de23767c6ef67baa18310a64ee533
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Wed May 22 04:20:00 2024 +0000

    upstream: this test has been broken since 2014, and has been
    
    testing the same key exchange algorithm repeatedly instead of testing all of
    them. Spotted by nreilly AT blackberry.com in bz3692
    
    Who broke the test? me.
    
    OpenBSD-Regress-ID: 48f4f5946276f975667141957d25441b3c9a50e2

commit fd4816791beaed2fdae7eea3e1494d1972b2a39d
Author: anton@openbsd.org <anton@openbsd.org>
Date:   Sun May 19 19:10:01 2024 +0000

    upstream: Add missing kex-names.c source file required since the
    
    ssh split.
    
    OpenBSD-Regress-ID: ca666223f828fc4b069cb9016bff1eb50faf9fbb

commit beccb7319c5449f6454889013403c336446d622e
Author: naddy@openbsd.org <naddy@openbsd.org>
Date:   Fri May 17 14:42:00 2024 +0000

    upstream: remove duplicate copy of relink kit for sshd-session
    
    OpenBSD-Commit-ID: 6d2ded4cd91d4d727c2b26e099b91ea935bed504

commit dcd79fa141311c287e0595ede684b7116122fae0
Author: jsg@openbsd.org <jsg@openbsd.org>
Date:   Fri May 17 06:42:04 2024 +0000

    upstream: remove prototypes with no matching function; ok djm@
    
    OpenBSD-Commit-ID: 6d9065dadea5f14a01bece0dbfe2fba1be31c693

commit 6454a05e7c6574d70adf17efe505a8581a86ca4f
Author: jsg@openbsd.org <jsg@openbsd.org>
Date:   Fri May 17 06:38:00 2024 +0000

    upstream: remove externs for removed vars; ok djm@
    
    OpenBSD-Commit-ID: f51ea791d45c15d4927eb4ae7d877ccc1e5a2aab

commit f3e4db4601ef7d2feb1d6f7447e432aaf353a616
Author: deraadt@openbsd.org <deraadt@openbsd.org>
Date:   Fri May 17 06:11:17 2024 +0000

    upstream: -Werror was turned on (probably just for development),
    
    and this is a simple way to satisfy older gcc.
    
    OpenBSD-Commit-ID: 7f698df54384b437ce33ab7405f0b86c87019e86

commit 24a1f3e5ad6f4a49377d4c74c36637e9a239efd0
Author: Damien Miller <djm@mindrot.org>
Date:   Fri May 17 14:50:43 2024 +1000

    attempt at updating RPM specs for sshd-session

commit 17b566eeb7a0c6acc9c48b35c08885901186f861
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri May 17 04:42:13 2024 +0000

    upstream: g/c unused variable
    
    OpenBSD-Commit-ID: aa6ef0778a1f1bde0d73efba72a777c48d2bd010

commit 01fb82eb2aa0a4eaf5c394ea8bb37ea4c26f8a3f
Author: jsg@openbsd.org <jsg@openbsd.org>
Date:   Fri May 17 02:39:11 2024 +0000

    upstream: spelling; ok djm@
    
    OpenBSD-Commit-ID: bdea29bb3ed2a5a7782999c4c663b219d2270483

commit b88b690e99145a021fc1a1a116a11e0bce0594e7
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri May 17 01:45:22 2024 +0000

    upstream: allow overriding the sshd-session binary path
    
    OpenBSD-Regress-ID: 5058cd1c4b6ca1a15474e33546142931d9f964da

commit a68f80f2511f0e0c5cef737a8284cc2dfabad818
Author: anton@openbsd.org <anton@openbsd.org>
Date:   Wed Apr 3 06:01:11 2024 +0000

    upstream: Since ssh-agent(1) is only readable by root by now, use
    
    ssh(1) while generating data in tests.
    
    OpenBSD-Regress-ID: 24eb40de2e6b0ace185caaba35e2d470331ffe68

commit 92e55890314ce2b0be21a43ebcbc043b4abc232f
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri May 17 01:17:40 2024 +0000

    upstream: fix incorrect debug option name introduce in previous
    
    commit
    
    OpenBSD-Commit-ID: 66d69e22b1c072c694a7267c847f212284614ed3

commit 4ad72878af7b6ec28da6e230e36a91650ebe84c1
Author: deraadt@openbsd.org <deraadt@openbsd.org>
Date:   Fri May 17 00:33:25 2024 +0000

    upstream: construct and install a relink-kit for sshd-session ok
    
    djm
    
    OpenBSD-Commit-ID: 8b3820adb4da4e139c4b3cffbcc0bde9f08bf0c6

commit 02e679a2cb3f6df8e9dbb1519ed578226485157f
Author: Damien Miller <djm@mindrot.org>
