git: 20bcfc33d3f2 - releng/13.2 - ssh: Update to OpenSSH 9.3p2

From: Mark Johnston <markj_at_FreeBSD.org>
Date: Tue, 01 Aug 2023 20:04:18 UTC
The branch releng/13.2 has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=20bcfc33d3f2549e121f34b3839e33e176a313fc

commit 20bcfc33d3f2549e121f34b3839e33e176a313fc
Author:     Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2023-08-01 14:38:11 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2023-08-01 19:50:47 +0000

    ssh: Update to OpenSSH 9.3p2
    
    Approved by:    so
    Security:       FreeBSD-SA-23:08.ssh
    Security:       CVE-2023-38408
---
 crypto/openssh/ChangeLog                   | 1867 +---------------------------
 crypto/openssh/README                      |    2 +-
 crypto/openssh/contrib/redhat/openssh.spec |    2 +-
 crypto/openssh/contrib/suse/openssh.spec   |    2 +-
 crypto/openssh/ssh-agent.1                 |   22 +-
 crypto/openssh/ssh-agent.c                 |   21 +-
 crypto/openssh/ssh-pkcs11.c                |    6 +-
 crypto/openssh/sshd_config                 |    2 +-
 crypto/openssh/sshd_config.5               |    2 +-
 crypto/openssh/version.h                   |    4 +-
 10 files changed, 82 insertions(+), 1848 deletions(-)

diff --git a/crypto/openssh/ChangeLog b/crypto/openssh/ChangeLog
index f1d1b37d583c..40ca976a61b3 100644
--- a/crypto/openssh/ChangeLog
+++ b/crypto/openssh/ChangeLog
@@ -1,3 +1,36 @@
+commit 9795c4016ae35162072144df032c8b262433b462
+Author: Damien Miller <djm@mindrot.org>
+Date:   Wed Jul 19 16:27:12 2023 +1000
+
+    OpenSSH 9.3p2
+
+commit bde3635f3c9324bad132cf9ed917813d6abb599e
+Author: Damien Miller <djm@mindrot.org>
+Date:   Wed Jul 19 16:31:09 2023 +1000
+
+    update version in README
+
+commit f673f2f3e5f67099018fc281a6b5fb918142472e
+Author: Damien Miller <djm@mindrot.org>
+Date:   Wed Jul 19 16:31:00 2023 +1000
+
+    update RPM spec versions
+
+commit d7790cdce72a1b6982795baa2b4d6f0bdbb0100d
+Author: Damien Miller <djm@mindrot.org>
+Date:   Fri Jul 7 13:30:15 2023 +1000
+
+    disallow remote addition of FIDO/PKCS11 keys
+    
+    Depends on the local client performing the session-bind@openssh.com
+    operation, so non-OpenSSH local client may circumvent this.
+
+commit b23fe83f06ee7e721033769cfa03ae840476d280
+Author: Damien Miller <djm@mindrot.org>
+Date:   Thu Jul 13 12:09:34 2023 +1000
+
+    terminate pkcs11 process for bad libraries
+
 commit cb30fbdbee869f1ce11f06aa97e1cb8717a0b645
 Author: Damien Miller <djm@mindrot.org>
 Date:   Thu Mar 16 08:28:19 2023 +1100
@@ -9402,1837 +9435,3 @@ Date:   Mon Jul 19 05:08:54 2021 +0000
     reliability on very heavily loaded hosts.
     
     OpenBSD-Regress-ID: 4c28a0fce3ea89ebde441d7091464176e9730533
-
-commit 7953e1bfce9e76bec41c1331a29bc6cff9d416b8
-Author: Darren Tucker <dtucker@dtucker.net>
-Date:   Mon Jul 19 13:47:51 2021 +1000
-
-    Add sshfp-connect.sh file missed in previous.
-
-commit b75a80fa8369864916d4c93a50576155cad4df03
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Mon Jul 19 03:13:28 2021 +0000
-
-    upstream: Ensure that all returned SSHFP records for the specified host
-    
-    name and hostkey type match instead of only one.  While there, simplify the
-    code somewhat and add some debugging.  Based on discussion in bz#3322, ok
-    djm@.
-    
-    OpenBSD-Commit-ID: 0a6a0a476eb7f9dfe8fe2c05a1a395e3e9b22ee4
-
-commit 1cc1fd095393663cd72ddac927d82c6384c622ba
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Mon Jul 19 02:21:50 2021 +0000
-
-    upstream: Id sync only, -portable already has this.
-    
-    Put dh_set_moduli_file call inside ifdef WITH_OPENSSL. Fixes
-    build with OPENSSL=no.
-    
-    OpenBSD-Commit-ID: af54abbebfb12bcde6219a44d544e18204defb15
-
-commit 33abbe2f4153f5ca5c874582f6a7cc91ae167485
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Mon Jul 19 02:46:34 2021 +0000
-
-    upstream: Add test for host key verification via SSHFP records. This
-    
-    requires some external setup to operate so is disabled by default (see
-    comments in sshfp-connect.sh).
-    
-    OpenBSD-Regress-ID: c52c461bd1df3a803d17498917d156ef64512fd9
-
-commit f0cd000d8e3afeb0416dce1c711c3d7c28d89bdd
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Mon Jul 19 02:29:28 2021 +0000
-
-    upstream: Add ed25519 key and test SSHFP export of it. Only test
-    
-    RSA SSHFP export if we have RSA functionality compiled in.
-    
-    OpenBSD-Regress-ID: b4ff5181b8c9a5862e7f0ecdd96108622333a9af
-
-commit 0075511e27e5394faa28edca02bfbf13b9a6693e
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Mon Jul 19 00:16:26 2021 +0000
-
-    upstream: Group keygen tests together.
-    
-    OpenBSD-Regress-ID: 07e2d25c527bb44f03b7c329d893a1f2d6c5c40c
-
-commit 034828820c7e62652e7c48f9ee6b67fb7ba6fa26
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Sun Jul 18 23:10:10 2021 +0000
-
-    upstream: Add test for ssh-keygen printing of SSHFP records.
-    
-    OpenBSD-Regress-ID: fde9566b56eeb980e149bbe157a884838507c46b
-
-commit 52c3b6985ef1d5dadb4c4fe212f8b3a78ca96812
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Sat Jul 17 00:38:11 2021 +0000
-
-    upstream: wrap some long lines
-    
-    OpenBSD-Commit-ID: 4f5186b1466656762dae37d3e569438d900c350d
-
-commit 43ec991a782791d0b3f42898cd789f99a07bfaa4
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Sat Jul 17 00:36:53 2021 +0000
-
-    upstream: fix sftp on ControlPersist connections, broken by recent
-    
-    SessionType change; spotted by sthen@
-    
-    OpenBSD-Commit-ID: 4c5ddc5698790ae6ff50d2a4f8f832f0eeeaa234
-
-commit 073f45c236550f158c9a94003e4611c07dea5279
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Fri Jul 16 09:00:23 2021 +0000
-
-    upstream: Explicitly check for and start time-based rekeying in the
-    
-    client and server mainloops.
-    
-    Previously the rekey timeout could expire but rekeying would not start
-    until a packet was sent or received. This could cause us to spin in
-    select() on the rekey timeout if the connection was quiet.
-    
-    ok markus@
-    
-    OpenBSD-Commit-ID: 4356cf50d7900f3df0a8f2117d9e07c91b9ff987
-
-commit ef7c4e52d5d840607f9ca3a302a4cbb81053eccf
-Author: jmc@openbsd.org <jmc@openbsd.org>
-Date:   Wed Jul 14 06:46:38 2021 +0000
-
-    upstream: reorder SessionType; ok djm
-    
-    OpenBSD-Commit-ID: c7dd0b39e942b1caf4976a0b1cf0fed33d05418c
-
-commit 8aa2f9aeb56506dca996d68ab90ab9c0bebd7ec3
-Author: Darren Tucker <dtucker@dtucker.net>
-Date:   Wed Jul 14 11:26:50 2021 +1000
-
-    Make whitespace consistent.
-
-commit 4f4297ee9b8a39f4dfd243a74c5f51f9e7a05723
-Author: Darren Tucker <dtucker@dtucker.net>
-Date:   Wed Jul 14 11:26:12 2021 +1000
-
-    Add ARM64 Linux self-hosted runner.
-
-commit eda8909d1b0a85b9c3804a04d03ec6738fd9dc7f
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Tue Jul 13 23:48:36 2021 +0000
-
-    upstream: add a SessionType directive to ssh_config, allowing the
-    
-    configuration file to offer equivalent control to the -N (no session) and -s
-    (subsystem) command-line flags.
-    
-    Part of GHPR#231 by Volker Diels-Grabsch with some minor tweaks;
-    feedback and ok dtucker@
-    
-    OpenBSD-Commit-ID: 726ee931dd4c5cc7f1d7a187b26f41257f9a2d12
-
-commit 7ae69f2628e338ba6e0eae7ee8a63bcf8fea7538
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Mon Jul 12 02:12:22 2021 +0000
-
-    upstream: fix some broken tests; clean up output
-    
-    OpenBSD-Regress-ID: 1d5038edb511dc4ce1622344c1e724626a253566
-
-commit f5fc6a4c3404bbf65c21ca6361853b33d78aa87e
-Author: Darren Tucker <dtucker@dtucker.net>
-Date:   Mon Jul 12 18:00:05 2021 +1000
-
-    Add configure-time detection for SSH_TIME_T_MAX.
-    
-    Should fix printing cert times exceeding INT_MAX (bz#3329) on platforms
-    were time_t is a long long.  The limit used is for the signed type, so if
-    some system has a 32bit unsigned time_t then the lower limit will still
-    be imposed and we would need to add some way to detect this.  Anyone using
-    an unsigned 64bit can let us know when it starts being a problem.
-
-commit fd2d06ae4442820429d634c0a8bae11c8e40c174
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Mon Jul 12 06:22:57 2021 +0000
-
-    upstream: Make limit for time_t test unconditional in the
-    
-    format_absolute_time fix for bz#3329 that allows printing of timestamps past
-    INT_MAX. This was incorrectly included with the previous commit.   Based on
-    discussion with djm@.
-    
-    OpenBSD-Commit-ID: 835936f6837c86504b07cabb596b613600cf0f6e
-
-commit 6c29b387cd64a57b0ec8ae7d2c8d02789d88fcc3
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Mon Jul 12 06:08:57 2021 +0000
-
-    upstream: Use existing format_absolute_time() function when
-    
-    printing cert validity instead of doing it inline.  Part of bz#3329.
-    
-    OpenBSD-Commit-ID: a13d4e3c4f59644c23745eb02a09b2a4e717c00c
-
-commit 99981d5f8bfa383791afea03f6bce8454e96e323
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Fri Jul 9 09:55:56 2021 +0000
-
-    upstream: silence redundant error message; reported by Fabian Stelzer
-    
-    OpenBSD-Commit-ID: 9349a703016579a60557dafd03af2fe1d44e6aa2
-
-commit e86097813419b49d5bff5c4b51d1c3a5d4d2d804
-Author: John Ericson <John.Ericson@Obsidian.Systems>
-Date:   Sat Dec 26 11:40:49 2020 -0500
-
-    Re-indent krb5 section after pkg-config addition.
-
-commit 32dd2daa56c294e40ff7efea482c9eac536d8cbb
-Author: John Ericson <John.Ericson@Obsidian.Systems>
-Date:   Sat Dec 26 11:40:49 2020 -0500
-
-    Support finding Kerberos via pkg-config
-    
-    This makes cross compilation easier.
-
-commit def7a72234d7e4f684d72d33a0f7229f9eee0aa4
-Author: Darren Tucker <dtucker@dtucker.net>
-Date:   Fri Jul 9 14:34:06 2021 +1000
-
-    Update comments about EGD to include prngd.
-
-commit b5d23150b4e3368f4983fd169d432c07afeee45a
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Mon Jul 5 01:21:07 2021 +0000
-
-    upstream: Fix a couple of whitespace things. Portable already has
-    
-    these so this removes two diffs between the two.
-    
-    OpenBSD-Commit-ID: 769f017ebafd8e741e337b3e9e89eb5ac73c9c56
-
-commit 8f57be9f279b8e905f9883066aa633c7e67b31cf
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Mon Jul 5 01:16:46 2021 +0000
-
-    upstream: Order includes as per style(9). Portable already has
-    
-    these so this removes a handful of diffs between the two.
-    
-    OpenBSD-Commit-ID: 8bd7452d809b199c19bfc49511a798f414eb4a77
-
-commit b75624f8733b3ed9e240f86cac5d4a39dae11848
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Mon Jul 5 00:50:25 2021 +0000
-
-    upstream: Remove comment referencing now-removed
-    
-    RhostsRSAAuthentication.  ok djm@
-    
-    OpenBSD-Commit-ID: 3d864bfbd99a1d4429a58e301688f3be464827a9
-
-commit b67eb12f013c5441bb4f0893a97533582ad4eb13
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Mon Jul 5 00:25:42 2021 +0000
-
-    upstream: allow spaces to appear in usernames for local to remote,
-    
-    and scp -3 remote to remote copies. with & ok dtucker bz#1164
-    
-    OpenBSD-Commit-ID: e9b550f3a85ffbb079b6720833da31317901d6dd
-
-commit 8c4ef0943e574f614fc7c6c7e427fd81ee64ab87
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Fri Jul 2 07:20:44 2021 +0000
-
-    upstream: Remove obsolete comments about SSHv1 auth methods. ok
-    
-    djm@
-    
-    OpenBSD-Commit-ID: 6060f70966f362d8eb4bec3da2f6c4712fbfb98f
-
-commit 88908c9b61bcb99f16e8d398fc41e2b3b4be2003
-Author: Darren Tucker <dtucker@dtucker.net>
-Date:   Sat Jul 3 23:00:19 2021 +1000
-
-    Remove reference to ChallengeResponse.
-    
-    challenge_response_authentication was removed from the struct, keeping
-    kbd_interactive_authentication.
-
-commit 321874416d610ad2158ce6112f094a4862c2e37f
-Author: Darren Tucker <dtucker@dtucker.net>
-Date:   Sat Jul 3 20:38:09 2021 +1000
-
-    Move signal.h up include order to match upstream.
-
-commit 4fa83e2d0e32c2dd758653e0359984bbf1334f32
-Author: Darren Tucker <dtucker@dtucker.net>
-Date:   Sat Jul 3 20:36:06 2021 +1000
-
-    Remove old OpenBSD version marker.
-    
-    Looks like an accidental leftover from a sync.
-
-commit 9d5e31f55d5f3899b72645bac41a932d298ad73b
-Author: Darren Tucker <dtucker@dtucker.net>
-Date:   Sat Jul 3 20:34:19 2021 +1000
-
-    Remove duplicate error on error path.
-    
-    There's an extra error() call on the listen error path, it looks like
-    its removal was missed during an upstream sync.
-
-commit 888c459925c7478ce22ff206c9ac1fb812a40caf
-Author: Darren Tucker <dtucker@dtucker.net>
-Date:   Sat Jul 3 20:32:46 2021 +1000
-
-    Remove some whitespace not in upstream.
-    
-    Reduces diff vs OpenBSD by a small amount.
-
-commit 4d2d4d47a18d93f3e0a91a241a6fdb545bbf7dc2
-Author: Darren Tucker <dtucker@dtucker.net>
-Date:   Sat Jul 3 19:27:43 2021 +1000
-
-    Replace remaining references to ChallengeResponse.
-    
-    Portable had a few additional references to ChallengeResponse related to
-    UsePAM, replaces these with equivalent keyboard-interactive ones.
-
-commit 53237ac789183946dac6dcb8838bc3b6b9b43be1
-Author: Darren Tucker <dtucker@dtucker.net>
-Date:   Sat Jul 3 19:23:28 2021 +1000
-
-    Sync remaining ChallengeResponse removal.
-    
-    These were omitted from commit 88868fd131.
-
-commit 2c9e4b319f7e98744b188b0f58859d431def343b
-Author: Darren Tucker <dtucker@dtucker.net>
-Date:   Sat Jul 3 19:17:31 2021 +1000
-
-    Disable rocky84 to figure out why agent test fails
-
-commit bfe19197a92b7916f64a121fbd3c179abf15e218
-Author: Darren Tucker <dtucker@dtucker.net>
-Date:   Fri Jul 2 15:43:28 2021 +1000
-
-    Remove now-unused SSHv1 enums.
-    
-    sRhostsRSAAuthentication and sRSAAuthentication are protocol 1 options
-    and are no longer used.
-
-commit c73b02d92d72458a5312bd098f32ce88868fd131
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Fri Jul 2 05:11:20 2021 +0000
-
-    upstream: Remove references to ChallengeResponseAuthentication in
-    
-    favour of KbdInteractiveAuthentication.  The former is what was in SSHv1, the
-    latter is what is in SSHv2 (RFC4256) and they were treated as somewhat but
-    not entirely equivalent.  We retain the old name as deprecated alias so
-    config files continue to work and a reference in the man page for people
-    looking for it.
-    
-    Prompted by bz#3303 which pointed out the discrepancy between the two
-    when used with Match.  Man page help & ok jmc@, with & ok djm@
-    
-    OpenBSD-Commit-ID: 2c1bff8e5c9852cfcdab1f3ea94dfef5a22f3b7e
-
-commit f841fc9c8c7568a3b5d84a4cc0cefacb7dbc16b9
-Author: Darren Tucker <dtucker@dtucker.net>
-Date:   Fri Jul 2 15:20:32 2021 +1000
-
-    Fix ifdefs around get_random_bytes_prngd.
-    
-    get_random_bytes_prngd() is used if either of PRNGD_PORT or PRNGD_SOCKET
-    are defined, so adjust ifdef accordingly.
-
-commit 0767627cf66574484b9c0834500b42ea04fe528a
-Author: Damien Miller <djm@mindrot.org>
-Date:   Fri Jul 2 14:30:23 2021 +1000
-
-    wrap get_random_bytes_prngd() in ifdef
-    
-    avoid unused static function warning
-
-commit f93fdc4de158386efe1116bd44c5b3f4a7a82c25
-Author: Darren Tucker <dtucker@dtucker.net>
-Date:   Mon Jun 28 13:06:37 2021 +1000
-
-    Add rocky84 test target.
-
-commit d443006c0ddfa7f6a5bd9c0ae92036f3d5f2fa3b
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Fri Jun 25 06:30:22 2021 +0000
-
-    upstream: fix decoding of X.509 subject name; from Leif Thuresson
-    
-    via bz3327 ok markus@
-    
-    OpenBSD-Commit-ID: 0ea2e28f39750dd388b7e317bc43dd997a217ae8
-
-commit 2a5704ec142202d387fda2d6872fd4715ab81347
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Fri Jun 25 06:20:39 2021 +0000
-
-    upstream: Use better language to refer to the user. From l1ving
-    
-    via github PR#250, ok jmc@
-    
-    OpenBSD-Commit-ID: 07ca3526626996613e128aeddf7748c93c4d6bbf
-
-commit 4bdf7a04797a0ea1c431a9d54588417c29177d19
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Fri Jun 25 03:38:17 2021 +0000
-
-    upstream: Replace SIGCHLD/notify_pipe kludge with pselect.
-    
-    Previously sshd's SIGCHLD handler would wake up select() by writing a
-    byte to notify_pipe.  We can remove this by blocking SIGCHLD, checking
-    for child terminations then passing the original signal mask through
-    to pselect.  This ensures that the pselect will immediately wake up if
-    a child terminates between wait()ing on them and the pselect.
-    
-    In -portable, for platforms that do not have pselect the kludge is still
-    there but is hidden behind a pselect interface.
-    
-    Based on other changes for bz#2158, ok djm@
-    
-    OpenBSD-Commit-ID: 202c85de0b3bdf1744fe53529a05404c5480d813
-
-commit c9f7bba2e6f70b7ac1f5ea190d890cb5162ce127
-Author: Darren Tucker <dtucker@dtucker.net>
-Date:   Fri Jun 25 15:08:18 2021 +1000
-
-    Move closefrom() to before first malloc.
-    
-    When built against tcmalloc, tcmalloc allocates a descriptor for its
-    internal use, so calling closefrom() afterward causes the descriptor
-    number to be reused resulting in a corrupted connection.  Moving the
-    closefrom a little earlier should resolve this.  From kircherlike at
-    outlook.com via bz#3321, ok djm@
-
-commit 7ebfe4e439853b88997c9cfc2ff703408a1cca92
-Author: Darren Tucker <dtucker@dtucker.net>
-Date:   Fri Jun 18 20:41:45 2021 +1000
-
-    Put second -lssh in link line for sftp-server.
-    
-    When building --without-openssl the recent port-prngd.c change adds
-    a dependency on atomicio, but since nothing else in sftp-server uses
-    it, the linker may not find it.  Add a second -lssh similar to other
-    binaries.
-
-commit e409d7966785cfd9f5970e66a820685c42169717
-Author: Darren Tucker <dtucker@dtucker.net>
-Date:   Fri Jun 18 18:34:08 2021 +1000
-
-    Try EGD/PRNGD if random device fails.
-    
-    When built --without-openssl, try EGD/PRGGD (if configured) as a last
-    resort before failing.
-
-commit e43a898043faa3a965dbaa1193cc60e0b479033d
-Author: Darren Tucker <dtucker@dtucker.net>
-Date:   Fri Jun 18 18:32:51 2021 +1000
-
-    Split EGD/PRNGD interface into its own file.
-    
-    This will allow us to use it when building --without-openssl.
-
-commit acb2887a769a1b1912cfd7067f3ce04fad240260
-Author: Darren Tucker <dtucker@dtucker.net>
-Date:   Thu Jun 17 21:03:19 2021 +1000
-
-    Handle GIDs > 2^31 in getgrouplist.
-    
-    When compiled in 32bit mode, the getgrouplist implementation may fail
-    for GIDs greater than LONG_MAX.  Analysis and change from ralf.winkel
-    at tui.com.
-
-commit 31fac20c941126281b527605b73bff30a8f02edd
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Thu Jun 10 09:46:28 2021 +0000
-
-    upstream: Use $SUDO when reading sshd's pidfile here too.
-    
-    OpenBSD-Regress-ID: 6bfb0d455d493f24839034a629c5306f84dbd409
-
-commit a3a58acffc8cc527f8fc6729486d34e4c3d27643
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Thu Jun 10 09:43:51 2021 +0000
-
-    upstream: Use $SUDO when reading sshd's pidfile in case it was
-    
-    created with a very restrictive umask.  This resyncs with -portable.
-    
-    OpenBSD-Regress-ID: 07fd2af06df759d4f64b82c59094accca1076a5d
-
-commit 249ad4ae51cd3bc235e75a4846eccdf8b1416611
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Thu Jun 10 09:37:59 2021 +0000
-
-    upstream: Set umask when creating hostkeys to prevent excessive
-    
-    permissions warning.
-    
-    OpenBSD-Regress-ID: 382841db0ee28dfef7f7bffbd511803e1b8ab0ef
-
-commit 9d0892153c005cc65897e9372b01fa66fcbe2842
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Thu Jun 10 03:45:31 2021 +0000
-
-    upstream: Add regress test for SIGHUP restart
-    
-    while handling active and unauthenticated clients.  Should catch anything
-    similar to the pselect bug just fixed in sshd.c.
-    
-    OpenBSD-Regress-ID: 3b3c19b5e75e43af1ebcb9586875b3ae3a4cac73
-
-commit 73f6f191f44440ca3049b9d3c8e5401d10b55097
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Thu Jun 10 03:14:14 2021 +0000
-
-    upstream: Continue accept loop when pselect
-    
-    returns -1, eg if it was interrupted by a signal.  This should prevent
-    the hang discovered by sthen@ wherein sshd receives a SIGHUP while it has
-    an unauthenticated child and goes on to a blocking read on a notify_pipe.
-    feedback deraadt@, ok djm@
-    
-    OpenBSD-Commit-ID: 0243c1c5544fca0974dae92cd4079543a3fceaa0
-
-commit c785c0ae134a8e8b5c82b2193f64c632a98159e4
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Tue Jun 8 22:30:27 2021 +0000
-
-    upstream: test that UserKnownHostsFile correctly accepts multiple
-    
-    arguments; would have caught readconf.c r1.356 regression
-    
-    OpenBSD-Regress-ID: 71ca54e66c2a0211b04999263e56390b1f323a6a
-
-commit 1a6f6b08e62c78906a3032e8d9a83e721c84574e
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Tue Jun 8 22:06:12 2021 +0000
-
-    upstream: fix regression in r1.356: for ssh_config options that
-    
-    accepted multiple string arguments, ssh was only recording the first.
-    Reported by Lucas via bugs@
-    
-    OpenBSD-Commit-ID: 7cbf182f7449bf1cb7c5b4452667dc2b41170d6d
-
-commit 78e30af3e2b2dd540a341cc827c6b98dd8b0a6de
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Tue Jun 8 07:40:12 2021 +0000
-
-    upstream: test argv_split() optional termination on comments
-    
-    OpenBSD-Regress-ID: 9fd1c4a27a409897437c010cfd79c54b639a059c
-
-commit a023138957ea2becf1c7f93fcc42b0aaac6f2b03
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Tue Jun 8 07:05:27 2021 +0000
-
-    upstream: Add testcases from bz#3319 for IPQoS and TunnelDevice
-    
-    being overridden on the command line.
-    
-    OpenBSD-Regress-ID: 801674d5d2d02abd58274a78cab2711f11de14a8
-
-commit 660cea10b2cdc11f13ba99c89b1bbb368a4d9ff2
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Tue Jun 8 06:52:43 2021 +0000
-
-    upstream: sprinkle some "# comment" at end of configuration lines
-    
-    to test comment handling
-    
-    OpenBSD-Regress-ID: cb82fbf40bda5c257a9f742c63b1798e5a8fdda7
-
-commit acc9c32dcb6def6c7d3688bceb4c0e59bd26b411
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Tue Jun 8 06:51:47 2021 +0000
-
-    upstream: more descriptive failure message
-    
-    OpenBSD-Regress-ID: 5300f6faf1d9e99c0cd10827b51756c5510e3509
-
-commit ce04dd4eae23d1c9cf7c424a702f48ee78573bc1
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Mon Jun 7 01:16:34 2021 +0000
-
-    upstream: test AuthenticationMethods inside a Match block as well
-    
-    as in the main config section
-    
-    OpenBSD-Regress-ID: ebe0a686621b7cb8bb003ac520975279c28747f7
-
-commit 9018bd821fca17e26e92f7a7e51d9b24cd62f2db
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Mon Jun 7 00:00:50 2021 +0000
-
-    upstream: prepare for stricter sshd_config parsing that will refuse
-    
-    a config that has {Allow,Deny}{Users,Groups} on a line with no subsequent
-    arguments. Such lines are permitted but are nonsensical noops ATM
-    
-    OpenBSD-Regress-ID: ef65463fcbc0bd044e27f3fe400ea56eb4b8f650
-
-commit a10f929d1ce80640129fc5b6bc1acd9bf689169e
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Tue Jun 8 07:09:42 2021 +0000
-
-    upstream: switch sshd_config parsing to argv_split()
-    
-    similar to the previous commit, this switches sshd_config parsing to
-    the newer tokeniser. Config parsing will be a little stricter wrt
-    quote correctness and directives appearing without arguments.
-    
-    feedback and ok markus@
-    
-    tested in snaps for the last five or so days - thanks Theo and those who
-    caught bugs
-    
-    OpenBSD-Commit-ID: 9c4305631d20c2d194661504ce11e1f68b20d93e
-
-commit ea9e45c89a4822d74a9d97fef8480707d584da4d
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Tue Jun 8 07:07:15 2021 +0000
-
-    upstream: Switch ssh_config parsing to use argv_split()
-    
-    This fixes a couple of problems with the previous tokeniser,
-    strdelim()
-    
-    1. strdelim() is permissive wrt accepting '=' characters. This is
-      intended to allow it to tokenise "Option=value" but because it
-      cannot keep state, it will incorrectly split "Opt=val=val2".
-    2. strdelim() has rudimentry handling of quoted strings, but it
-      is incomplete and inconsistent. E.g. it doesn't handle escaped
-      quotes inside a quoted string.
-    3. It has no support for stopping on a (unquoted) comment. Because
-      of this readconf.c r1.343 added chopping of lines at '#', but
-      this caused a regression because these characters may legitimately
-      appear inside quoted strings.
-    
-    The new tokeniser is stricter is a number of cases, including #1 above
-    but previously it was also possible for some directives to appear
-    without arguments. AFAIK these were nonsensical in all cases, and the
-    new tokeniser refuses to accept them.
-    
-    The new code handles quotes much better, permitting quoted space as
-    well as escaped closing quotes. Finally, comment handling should be
-    fixed - the tokeniser will terminate only on unquoted # characters.
-    
-    feedback & ok markus@
-    
-    tested in snaps for the last five or so days - thanks Theo and those who
-    caught bugs
-    
-    OpenBSD-Commit-ID: dc72fd12af9d5398f4d9e159d671f9269c5b14d5
-
-commit d786424986c04d1d375f231fda177c8408e05c3e
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Tue Jun 8 07:02:46 2021 +0000
-
-    upstream: Check if IPQoS or TunnelDevice are already set before
-    
-    overriding. Prevents values in config files from overriding values supplied
-    on the command line.  bz#3319, ok markus.
-    
-    OpenBSD-Commit-ID: f3b08b898c324debb9195e6865d8999406938f74
-
-commit aae4b4d3585b9f944d7dbd3c9e5ba0006c55e457
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Tue Jun 8 06:54:40 2021 +0000
-
-    upstream: Allow argv_split() to optionally terminate tokenisation
-    
-    when it encounters an unquoted comment.
-    
-    Add some additional utility function for working with argument
-    vectors, since we'll be switching to using them to parse
-    ssh/sshd_config shortly.
-    
-    ok markus@ as part of a larger diff; tested in snaps
-    
-    OpenBSD-Commit-ID: fd9c108cef2f713f24e3bc5848861d221bb3a1ac
-
-commit da9f9acaac5bab95dca642b48e0c8182b246ab69
-Author: Darren Tucker <dtucker@dtucker.net>
-Date:   Mon Jun 7 19:19:23 2021 +1000
-
-    Save logs on failure for upstream test
-
-commit 76883c60161e5f3808787085a27a8c37f8cc4e08
-Author: Darren Tucker <dtucker@dtucker.net>
-Date:   Mon Jun 7 14:36:32 2021 +1000
-
-    Add obsdsnap-i386 upstream test target.
-
-commit d45b9c63f947ec5ec314696e70281f6afddc0ac3
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Mon Jun 7 03:38:38 2021 +0000
-
-    upstream: fix debug message when finding a private key to match a
-    
-    certificate being attempted for user authentication. Previously it would
-    print the certificate's path, whereas it was supposed to be showing the
-    private key's path. Patch from Alex Sherwin via GHPR247
-    
-    OpenBSD-Commit-ID: d5af3be66d0f22c371dc1fe6195e774a18b2327b
-
-commit 530739d42f6102668aecd699be0ce59815c1eceb
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Sun Jun 6 11:34:16 2021 +0000
-
-    upstream: Match host certificates against host public keys, not private
-    
-    keys. Allows use of certificates with private keys held in a ssh-agent.
-    Reported by Miles Zhou in bz3524; ok dtucker@
-    
-    OpenBSD-Commit-ID: 25f5bf70003126d19162862d9eb380bf34bac22a
-
-commit 4265215d7300901fd7097061c7517688ade82f8e
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Sun Jun 6 03:40:39 2021 +0000
-
-    upstream: Client-side workaround for a bug in OpenSSH 7.4: this release
-    
-    allows RSA/SHA2 signatures for public key authentication but fails to
-    advertise this correctly via SSH2_MSG_EXT_INFO. This causes clients of these
-    server to incorrectly match PubkeyAcceptedAlgorithms and potentially refuse
-    to offer valid keys.
-    
-    Reported by and based on patch from Gordon Messmer via bz3213, thanks
-    also for additional analysis by Jakub Jelen. ok dtucker
-    
-    OpenBSD-Commit-ID: d6d0b7351d5d44c45f3daaa26efac65847a564f7
-
-commit bda270d7fb8522d43c21a79a4b02a052d7c64de8
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Sun Jun 6 03:17:02 2021 +0000
-
-    upstream: degrade gracefully if a sftp-server offers the
-    
-    limits@openssh.com extension but fails when the client tries to invoke it.
-    Reported by Hector Martin via bz3318
-    
-    OpenBSD-Commit-ID: bd9d1839c41811616ede4da467e25746fcd9b967
-
-commit d345d5811afdc2d6923019b653cdd93c4cc95f76
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Sun Jun 6 03:15:39 2021 +0000
-
-    upstream: the limits@openssh.com extension was incorrectly marked
-    
-    as an operation that writes to the filesystem, which made it unavailable in
-    sftp-server read-only mode. Spotted by Hector Martin via bz3318
-    
-    OpenBSD-Commit-ID: f054465230787e37516c4b57098fc7975e00f067
-
-commit 2b71010d9b43d7b8c9ec1bf010beb00d98fa765a
-Author: naddy@openbsd.org <naddy@openbsd.org>
-Date:   Sat Jun 5 13:47:00 2021 +0000
-
-    upstream: PROTOCOL.certkeys: update reference from IETF draft to
-    
-    RFC
-    
-    Also fix some typos.
-    ok djm@
-    
-    OpenBSD-Commit-ID: 5e855b6c5a22b5b13f8ffa3897a868e40d349b44
-
-commit aa99b2d9a3e45b943196914e8d8bf086646fdb54
-Author: Darren Tucker <dtucker@dtucker.net>
-Date:   Fri Jun 4 23:41:29 2021 +1000
-
-    Clear notify_pipe from readset if present.
-    
-    Prevents leaking an implementation detail to the caller.
-
-commit 6de8dadf6b4d0627d35bca0667ca44b1d61c2c6b
-Author: Darren Tucker <dtucker@dtucker.net>
-Date:   Fri Jun 4 23:24:25 2021 +1000
-
-    space->tabs.
-
-commit c8677065070ee34c05c7582a9c2f58d8642e552d
-Author: Darren Tucker <dtucker@dtucker.net>
-Date:   Fri Jun 4 18:39:48 2021 +1000
-
-    Add pselect implementation for platforms without.
-    
-    This is basically the existing notify_pipe kludge from serverloop.c
-    moved behind a pselect interface.  It works by installing a signal
-    handler that writes to a pipe that the select is watching, then calls
-    the original handler.
-    
-    The select call in serverloop will become pselect soon, at which point the
-    kludge will be removed from thereand will only exist in the compat layer.
-    Original code by markus, help from djm.
-
-commit 7cd7f302d3a072748299f362f9e241d81fcecd26
-Author: Vincent Brillault <vincent.brillault@cern.ch>
-Date:   Sun May 24 09:15:06 2020 +0200
-
-    auth_log: dont log partial successes as failures
-    
-    By design, 'partial' logins are successful logins, so initially with
-    authenticated set to 1, for which another authentication is required. As
-    a result, authenticated is always reset to 0 when partial is set to 1.
-    However, even if authenticated is 0, those are not failed login
-    attempts, similarly to attempts with authctxt->postponed set to 1.
-
-commit e7606919180661edc7f698e6a1b4ef2cfb363ebf
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Fri Jun 4 06:19:07 2021 +0000
-
-    upstream: The RB_GENERATE_STATIC(3) macro expands to a series of
-    
-    function definitions and not a statement, so there should be no semicolon
-    following them. Patch from Michael Forney
-    
-    OpenBSD-Commit-ID: c975dd180580f0bdc0a4d5b7d41ab1f5e9b7bedd
-
-commit c298c4da574ab92df2f051561aeb3e106b0ec954
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Fri Jun 4 05:59:18 2021 +0000
-
-    upstream: rework authorized_keys example section, removing irrelevant
-    
-    stuff, de-wrapping the example lines and better aligning the examples with
-    common usage and FAQs; ok jmc
-    
-    OpenBSD-Commit-ID: d59f1c9281f828148e2a2e49eb9629266803b75c
-
-commit d9cb35bbec5f623589d7c58fc094817b33030f35
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Fri Jun 4 05:10:03 2021 +0000
-
-    upstream: adjust SetEnv description to clarify $TERM handling
-    
-    OpenBSD-Commit-ID: 8b8cc0124856bc1094949d55615e5c44390bcb22
-
-commit 771f57a8626709f2ad207058efd68fbf30d31553
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Fri Jun 4 05:09:08 2021 +0000
-
-    upstream: Switch the listening select loop from select() to
-    
-    pselect() and mask signals while checking signal flags, umasking for pselect
-    and restoring afterwards. Also restore signals before sighup_restart so they
-    don't remain blocked after restart.
-    
-    This prevents a race where a SIGTERM or SIGHUP can arrive between
-    checking the flag and calling select (eg if sshd is processing a
-    new connection) resulting in sshd not shutting down until the next
-    time it receives a new connection.  bz#2158, with & ok djm@
-    
-    OpenBSD-Commit-ID: bf85bf880fd78e00d7478657644fcda97b9a936f
-
-commit f64f8c00d158acc1359b8a096835849b23aa2e86
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Fri Jun 4 05:02:40 2021 +0000
-
-    upstream: allow ssh_config SetEnv to override $TERM, which is otherwise
-    
-    handled specially by the protocol. Useful in ~/.ssh/config to set TERM to
-    something generic (e.g. "xterm" instead of "xterm-256color") for destinations
-    that lack terminfo entries. feedback and ok dtucker@
-    
-    OpenBSD-Commit-ID: 38b1ef4d5bc159c7d9d589d05e3017433e2d5758
-
-commit 60107677dc0ce1e93c61f23c433ad54687fcd9f5
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Fri Jun 4 04:02:21 2021 +0000
-
-    upstream: correct extension name "no-presence-required" =>
-    
-    "no-touch-required"
-    
-    document "verify-required" option
-    
-    OpenBSD-Commit-ID: 1879ff4062cf61d79b515e433aff0bf49a6c55c5
-
-commit ecc186e46e3e30f27539b4311366dfda502f0a08
-Author: Darren Tucker <dtucker@dtucker.net>
-Date:   Wed Jun 2 13:54:11 2021 +1000
-
-    Retire fbsd7 test target.
-    
-    It's the slowest of the selfhosted targets (since it's 32bit but has
-    most of the crypto algos). We still have coverage for 32bit i386.
-
-commit 5de0867b822ec48b5eec9abde0f5f95d1d646546
-Author: Darren Tucker <dtucker@dtucker.net>
-Date:   Wed Jun 2 11:21:40 2021 +1000
-
-    Check for $OPENSSL in md5 fallback too.
-
-commit 1db69d1b6542f8419c04cee7fd523a4a11004be2
-Author: Darren Tucker <dtucker@dtucker.net>
-Date:   Wed Jun 2 11:17:54 2021 +1000
-
-    Add dfly60 target.
-
-commit a3f2dd955f1c19cad387a139f0e719af346ca6ef
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Wed Jun 2 00:17:45 2021 +0000
-
-    upstream: Merge back shell portability changes
-    
-    bringing it back in sync with -portable.
-    
-    OpenBSD-Regress-ID: c07905ba931e66ad7d849b87b7d19648007175d1
-
-commit 9d482295c9f073e84d75af46b720a1c0f7ec2867
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Tue Jun 1 23:56:20 2021 +0000
-
-    upstream: Use a default value for $OPENSSL,
-    
-    allowing it to be overridden. Do the same in the PuTTY tests since it's
-    needed there and not exported by test-exec.sh.
-    
-    OpenBSD-Regress-ID: c49dcd6aa7602a8606b7afa192196ca1fa65de16
-
-commit 07660b3c99f8ea74ddf4a440e55c16c9f7fb3dd1
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Mon May 24 10:25:18 2021 +0000
-
-    upstream: Find openssl binary via environment variable. This
-    
-    allows overriding if necessary (eg in -portable where we're testing against a
-    specific version of OpenSSL).
*** 1097 LINES SKIPPED ***