upstream: some language improvements; ok markus

OpenBSD-Commit-ID: 939d787d571b4d5da50b3b721fd0b2ac236acaa8

15 files changed, 79 insertions, 79 deletions

diff --git a/PROTOCOL b/PROTOCOL
index c702fca45..ecdacb9dc 100644
--- a/PROTOCOL
+++ b/PROTOCOL
@@ -140,7 +140,7 @@ window space and may be sent even if no window space is available.
 NB. due to certain broken SSH implementations aborting upon receipt
 of this message (in contravention of RFC4254 section 5.4), this
 message is only sent to OpenSSH peers (identified by banner).
-Other SSH implementations may be whitelisted to receive this message
+Other SSH implementations may be listed to receive this message
 upon request.
 
 2.2. connection: disallow additional sessions extension
@@ -169,7 +169,7 @@ Note that this is not a general defence against compromised clients
 NB. due to certain broken SSH implementations aborting upon receipt
 of this message, the no-more-sessions request is only sent to OpenSSH
 servers (identified by banner). Other SSH implementations may be
-whitelisted to receive this message upon request.
+listed to receive this message upon request.
 
 2.3. connection: Tunnel forward extension "tun@openssh.com"
 
@@ -496,4 +496,4 @@ OpenSSH's connection multiplexing uses messages as described in
 PROTOCOL.mux over a Unix domain socket for communications between a
 master instance and later clients.
 
-$OpenBSD: PROTOCOL,v 1.37 2020/02/21 00:04:43 dtucker Exp $
+$OpenBSD: PROTOCOL,v 1.38 2020/07/05 23:59:45 djm Exp $
diff --git a/channels.h b/channels.h
index c8ae0d904..ee818880e 100644
--- a/channels.h
+++ b/channels.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: channels.h,v 1.133 2020/01/25 22:49:38 djm Exp $ */
+/* $OpenBSD: channels.h,v 1.134 2020/07/05 23:59:45 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -52,11 +52,11 @@
 #define SSH_CHANNEL_DYNAMIC             13
 #define SSH_CHANNEL_ZOMBIE              14      /* Almost dead. */
 #define SSH_CHANNEL_MUX_LISTENER        15      /* Listener for mux conn. */
-#define SSH_CHANNEL_MUX_CLIENT          16      /* Conn. to mux slave */
+#define SSH_CHANNEL_MUX_CLIENT          16      /* Conn. to mux client */
 #define SSH_CHANNEL_ABANDONED           17      /* Abandoned session, eg mux */
 #define SSH_CHANNEL_UNIX_LISTENER       18      /* Listening on a domain socket. */
 #define SSH_CHANNEL_RUNIX_LISTENER      19      /* Listening to a R-style domain socket. */
-#define SSH_CHANNEL_MUX_PROXY           20      /* proxy channel for mux-slave */
+#define SSH_CHANNEL_MUX_PROXY           20      /* proxy channel for mux-client */
 #define SSH_CHANNEL_RDYNAMIC_OPEN       21      /* reverse SOCKS, parsing request */
 #define SSH_CHANNEL_RDYNAMIC_FINISH     22      /* reverse SOCKS, finishing connect */
 #define SSH_CHANNEL_MAX_TYPE            23
diff --git a/compat.c b/compat.c
index 7c0e1c230..dec8e7e93 100644
--- a/compat.c
+++ b/compat.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: compat.c,v 1.114 2020/06/01 07:11:38 dtucker Exp $ */
+/* $OpenBSD: compat.c,v 1.115 2020/07/05 23:59:45 djm Exp $ */
 /*
  * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl.  All rights reserved.
  *
@@ -163,8 +163,8 @@ compat_cipher_proposal(char *cipher_prop)
         if (!(datafellows & SSH_BUG_BIGENDIANAES))
                 return cipher_prop;
         debug2("%s: original cipher proposal: %s", __func__, cipher_prop);
-        if ((cipher_prop = match_filter_blacklist(cipher_prop, "aes*")) == NULL)
-                fatal("match_filter_blacklist failed");
+        if ((cipher_prop = match_filter_denylist(cipher_prop, "aes*")) == NULL)
+                fatal("match_filter_denylist failed");
         debug2("%s: compat cipher proposal: %s", __func__, cipher_prop);
         if (*cipher_prop == '\0')
                 fatal("No supported ciphers found");
@@ -177,8 +177,8 @@ compat_pkalg_proposal(char *pkalg_prop)
         if (!(datafellows & SSH_BUG_RSASIGMD5))
                 return pkalg_prop;
         debug2("%s: original public key proposal: %s", __func__, pkalg_prop);
-        if ((pkalg_prop = match_filter_blacklist(pkalg_prop, "ssh-rsa")) == NULL)
-                fatal("match_filter_blacklist failed");
+        if ((pkalg_prop = match_filter_denylist(pkalg_prop, "ssh-rsa")) == NULL)
+                fatal("match_filter_denylist failed");
         debug2("%s: compat public key proposal: %s", __func__, pkalg_prop);
         if (*pkalg_prop == '\0')
                 fatal("No supported PK algorithms found");
@@ -192,14 +192,14 @@ compat_kex_proposal(char *p)
                 return p;
         debug2("%s: original KEX proposal: %s", __func__, p);
         if ((datafellows & SSH_BUG_CURVE25519PAD) != 0)
-                if ((p = match_filter_blacklist(p,
+                if ((p = match_filter_denylist(p,
                     "curve25519-sha256@libssh.org")) == NULL)
-                        fatal("match_filter_blacklist failed");
+                        fatal("match_filter_denylist failed");
         if ((datafellows & SSH_OLD_DHGEX) != 0) {
-                if ((p = match_filter_blacklist(p,
+                if ((p = match_filter_denylist(p,
                     "diffie-hellman-group-exchange-sha256,"
                     "diffie-hellman-group-exchange-sha1")) == NULL)
-                        fatal("match_filter_blacklist failed");
+                        fatal("match_filter_denylist failed");
         }
         debug2("%s: compat KEX proposal: %s", __func__, p);
         if (*p == '\0')
diff --git a/kex.c b/kex.c
index 09c7258e0..aecb9394d 100644
--- a/kex.c
+++ b/kex.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.c,v 1.158 2020/03/13 04:01:56 djm Exp $ */
+/* $OpenBSD: kex.c,v 1.159 2020/07/05 23:59:45 djm Exp $ */
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
  *
@@ -247,7 +247,7 @@ kex_assemble_names(char **listp, const char *def, const char *all)
                 list = tmp;
         } else if (*list == '-') {
                 /* Remove names from default list */
-                if ((*listp = match_filter_blacklist(def, list + 1)) == NULL) {
+                if ((*listp = match_filter_denylist(def, list + 1)) == NULL) {
                         r = SSH_ERR_ALLOC_FAIL;
                         goto fail;
                 }
@@ -284,7 +284,7 @@ kex_assemble_names(char **listp, const char *def, const char *all)
                         goto fail;
                 }
                 free(matching);
-                if ((matching = match_filter_whitelist(all, cp)) == NULL) {
+                if ((matching = match_filter_allowlist(all, cp)) == NULL) {
                         r = SSH_ERR_ALLOC_FAIL;
                         goto fail;
                 }
diff --git a/match.c b/match.c
index 3a8fa9d78..927565c18 100644
--- a/match.c
+++ b/match.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: match.c,v 1.41 2019/11/13 04:47:52 deraadt Exp $ */
+/* $OpenBSD: match.c,v 1.42 2020/07/05 23:59:45 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -309,13 +309,13 @@ match_list(const char *client, const char *server, u_int *next)
 
 /*
  * Filter proposal using pattern-list filter.
- * "blacklist" determines sense of filter:
+ * "denylist" determines sense of filter:
  * non-zero indicates that items matching filter should be excluded.
  * zero indicates that only items matching filter should be included.
  * returns NULL on allocation error, otherwise caller must free result.
  */
 static char *
-filter_list(const char *proposal, const char *filter, int blacklist)
+filter_list(const char *proposal, const char *filter, int denylist)
 {
         size_t len = strlen(proposal) + 1;
         char *fix_prop = malloc(len);
@@ -333,7 +333,7 @@ filter_list(const char *proposal, const char *filter, int blacklist)
         *fix_prop = '\0';
         while ((cp = strsep(&tmp, ",")) != NULL) {
                 r = match_pattern_list(cp, filter, 0);
-                if ((blacklist && r != 1) || (!blacklist && r == 1)) {
+                if ((denylist && r != 1) || (!denylist && r == 1)) {
                         if (*fix_prop != '\0')
                                 strlcat(fix_prop, ",", len);
                         strlcat(fix_prop, cp, len);
@@ -348,7 +348,7 @@ filter_list(const char *proposal, const char *filter, int blacklist)
  * the 'filter' pattern list. Caller must free returned string.
  */
 char *
-match_filter_blacklist(const char *proposal, const char *filter)
+match_filter_denylist(const char *proposal, const char *filter)
 {
         return filter_list(proposal, filter, 1);
 }
@@ -358,7 +358,7 @@ match_filter_blacklist(const char *proposal, const char *filter)
  * the 'filter' pattern list. Caller must free returned string.
  */
 char *
-match_filter_whitelist(const char *proposal, const char *filter)
+match_filter_allowlist(const char *proposal, const char *filter)
 {
         return filter_list(proposal, filter, 0);
 }
diff --git a/match.h b/match.h
index 3a8a6ecdc..312ca6e16 100644
--- a/match.h
+++ b/match.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: match.h,v 1.19 2019/03/06 22:14:23 dtucker Exp $ */
+/* $OpenBSD: match.h,v 1.20 2020/07/05 23:59:45 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -21,8 +21,8 @@ int	 match_hostname(const char *, const char *);
 int      match_host_and_ip(const char *, const char *, const char *);
 int      match_user(const char *, const char *, const char *, const char *);
 char    *match_list(const char *, const char *, u_int *);
-char    *match_filter_blacklist(const char *, const char *);
-char    *match_filter_whitelist(const char *, const char *);
+char    *match_filter_denylist(const char *, const char *);
+char    *match_filter_allowlist(const char *, const char *);
 
 /* addrmatch.c */
 int      addr_match_list(const char *, const char *);
diff --git a/monitor.c b/monitor.c
index b6e855d5d..325ad95e0 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.210 2020/03/13 03:17:07 djm Exp $ */
+/* $OpenBSD: monitor.c,v 1.211 2020/07/05 23:59:45 djm Exp $ */
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
  * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -1568,7 +1568,7 @@ mm_answer_pty(struct ssh *ssh, int sock, struct sshbuf *m)
         if (fd0 != 0)
                 error("%s: fd0 %d != 0", __func__, fd0);
 
-        /* slave is not needed */
+        /* only need pty master side */
         close(s->ttyfd);
         s->ttyfd = s->ptyfd;
         /* no need to dup() because nobody closes ptyfd */
diff --git a/mux.c b/mux.c
index fb31ad448..376f0d711 100644
--- a/mux.c
+++ b/mux.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: mux.c,v 1.82 2020/04/30 17:12:20 markus Exp $ */
+/* $OpenBSD: mux.c,v 1.83 2020/07/05 23:59:45 djm Exp $ */
 /*
  * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org>
  *
@@ -187,7 +187,7 @@ static const struct {
         { 0, NULL }
 };
 
-/* Cleanup callback fired on closure of mux slave _session_ channel */
+/* Cleanup callback fired on closure of mux client _session_ channel */
 /* ARGSUSED */
 static void
 mux_master_session_cleanup_cb(struct ssh *ssh, int cid, void *unused)
@@ -209,7 +209,7 @@ mux_master_session_cleanup_cb(struct ssh *ssh, int cid, void *unused)
         channel_cancel_cleanup(ssh, c->self);
 }
 
-/* Cleanup callback fired on closure of mux slave _control_ channel */
+/* Cleanup callback fired on closure of mux client _control_ channel */
 /* ARGSUSED */
 static void
 mux_master_control_cleanup_cb(struct ssh *ssh, int cid, void *unused)
@@ -287,7 +287,7 @@ mux_master_process_hello(struct ssh *ssh, u_int rid,
                     "(expected %u)", __func__, ver, SSHMUX_VER);
                 return -1;
         }
-        debug2("%s: channel %d slave version %u", __func__, c->self, ver);
+        debug2("%s: channel %d client version %u", __func__, c->self, ver);
 
         /* No extensions are presently defined */
         while (sshbuf_len(m) > 0) {
@@ -401,7 +401,7 @@ mux_master_process_new_session(struct ssh *ssh, u_int rid,
         /* Gather fds from client */
         for(i = 0; i < 3; i++) {
                 if ((new_fd[i] = mm_receive_fd(c->sock)) == -1) {
-                        error("%s: failed to receive fd %d from slave",
+                        error("%s: failed to receive fd %d from client",
                             __func__, i);
                         for (j = 0; j < i; j++)
                                 close(new_fd[j]);
@@ -994,7 +994,7 @@ mux_master_process_stdio_fwd(struct ssh *ssh, u_int rid,
         /* Gather fds from client */
         for(i = 0; i < 2; i++) {
                 if ((new_fd[i] = mm_receive_fd(c->sock)) == -1) {
-                        error("%s: failed to receive fd %d from slave",
+                        error("%s: failed to receive fd %d from client",
                             __func__, i);
                         for (j = 0; j < i; j++)
                                 close(new_fd[j]);
@@ -1154,7 +1154,7 @@ mux_master_process_proxy(struct ssh *ssh, u_int rid,
         return 0;
 }
 
-/* Channel callbacks fired on read/write from mux slave fd */
+/* Channel callbacks fired on read/write from mux client fd */
 static int
 mux_master_read_cb(struct ssh *ssh, Channel *c)
 {
diff --git a/packet.c b/packet.c
index 042ec7c4f..00e3180cb 100644
--- a/packet.c
+++ b/packet.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: packet.c,v 1.295 2020/07/01 16:28:31 markus Exp $ */
+/* $OpenBSD: packet.c,v 1.296 2020/07/05 23:59:45 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -2450,7 +2450,7 @@ ssh_packet_set_state(struct ssh *ssh, struct sshbuf *m)
             (r = sshbuf_get_u64(m, &state->p_read.bytes)) != 0)
                 return r;
         /*
-         * We set the time here so that in post-auth privsep slave we
+         * We set the time here so that in post-auth privsep child we
          * count from the completion of the authentication.
          */
         state->rekey_time = monotime();
diff --git a/readconf.c b/readconf.c
index c0595a52b..9e597748c 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.331 2020/05/29 04:25:40 dtucker Exp $ */
+/* $OpenBSD: readconf.c,v 1.332 2020/07/05 23:59:45 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -2221,11 +2221,11 @@ fill_default_options(Options * options)
         all_key = sshkey_alg_list(0, 0, 1, ',');
         all_sig = sshkey_alg_list(0, 1, 1, ',');
         /* remove unsupported algos from default lists */
-        def_cipher = match_filter_whitelist(KEX_CLIENT_ENCRYPT, all_cipher);
-        def_mac = match_filter_whitelist(KEX_CLIENT_MAC, all_mac);
-        def_kex = match_filter_whitelist(KEX_CLIENT_KEX, all_kex);
-        def_key = match_filter_whitelist(KEX_DEFAULT_PK_ALG, all_key);
-        def_sig = match_filter_whitelist(SSH_ALLOWED_CA_SIGALGS, all_sig);
+        def_cipher = match_filter_allowlist(KEX_CLIENT_ENCRYPT, all_cipher);
+        def_mac = match_filter_allowlist(KEX_CLIENT_MAC, all_mac);
+        def_kex = match_filter_allowlist(KEX_CLIENT_KEX, all_kex);
+        def_key = match_filter_allowlist(KEX_DEFAULT_PK_ALG, all_key);
+        def_sig = match_filter_allowlist(SSH_ALLOWED_CA_SIGALGS, all_sig);
 #define ASSEMBLE(what, defaults, all) \
         do { \
                 if ((r = kex_assemble_names(&options->what, \
diff --git a/servconf.c b/servconf.c
index 22cb9583f..67581ccf2 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,5 +1,5 @@
 
-/* $OpenBSD: servconf.c,v 1.366 2020/06/24 15:09:53 markus Exp $ */
+/* $OpenBSD: servconf.c,v 1.367 2020/07/05 23:59:45 djm Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -141,7 +141,7 @@ initialize_server_options(ServerOptions *options)
         options->challenge_response_authentication = -1;
         options->permit_empty_passwd = -1;
         options->permit_user_env = -1;
-        options->permit_user_env_whitelist = NULL;
+        options->permit_user_env_allowlist = NULL;
         options->compression = -1;
         options->rekey_limit = -1;
         options->rekey_interval = -1;
@@ -213,11 +213,11 @@ assemble_algorithms(ServerOptions *o)
         all_key = sshkey_alg_list(0, 0, 1, ',');
         all_sig = sshkey_alg_list(0, 1, 1, ',');
         /* remove unsupported algos from default lists */
-        def_cipher = match_filter_whitelist(KEX_SERVER_ENCRYPT, all_cipher);
-        def_mac = match_filter_whitelist(KEX_SERVER_MAC, all_mac);
-        def_kex = match_filter_whitelist(KEX_SERVER_KEX, all_kex);
-        def_key = match_filter_whitelist(KEX_DEFAULT_PK_ALG, all_key);
-        def_sig = match_filter_whitelist(SSH_ALLOWED_CA_SIGALGS, all_sig);
+        def_cipher = match_filter_allowlist(KEX_SERVER_ENCRYPT, all_cipher);
+        def_mac = match_filter_allowlist(KEX_SERVER_MAC, all_mac);
+        def_kex = match_filter_allowlist(KEX_SERVER_KEX, all_kex);
+        def_key = match_filter_allowlist(KEX_DEFAULT_PK_ALG, all_key);
+        def_sig = match_filter_allowlist(SSH_ALLOWED_CA_SIGALGS, all_sig);
 #define ASSEMBLE(what, defaults, all) \
         do { \
                 if ((r = kex_assemble_names(&o->what, defaults, all)) != 0) \
@@ -390,7 +390,7 @@ fill_default_server_options(ServerOptions *options)
                 options->permit_empty_passwd = 0;
         if (options->permit_user_env == -1) {
                 options->permit_user_env = 0;
-                options->permit_user_env_whitelist = NULL;
+                options->permit_user_env_allowlist = NULL;
         }
         if (options->compression == -1)
 #ifdef WITH_ZLIB
@@ -1630,7 +1630,7 @@ process_server_config_line_depth(ServerOptions *options, char *line,
 
         case sPermitUserEnvironment:
                 intptr = &options->permit_user_env;
-                charptr = &options->permit_user_env_whitelist;
+                charptr = &options->permit_user_env_allowlist;
                 arg = strdelim(&cp);
                 if (!arg || *arg == '\0')
                         fatal("%s line %d: missing argument.",
@@ -2925,11 +2925,11 @@ dump_config(ServerOptions *o)
         }
         printf("\n");
 
-        if (o->permit_user_env_whitelist == NULL) {
+        if (o->permit_user_env_allowlist == NULL) {
                 dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env);
         } else {
                 printf("permituserenvironment %s\n",
-                    o->permit_user_env_whitelist);
+                    o->permit_user_env_allowlist);
         }
 
         printf("pubkeyauthoptions");
diff --git a/servconf.h b/servconf.h
index a420f398d..8422f3f51 100644
--- a/servconf.h
+++ b/servconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.h,v 1.144 2020/04/17 03:30:05 djm Exp $ */
+/* $OpenBSD: servconf.h,v 1.145 2020/07/05 23:59:45 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -146,7 +146,7 @@ typedef struct {
         int     permit_empty_passwd;    /* If false, do not permit empty
                                          * passwords. */
         int     permit_user_env;        /* If true, read ~/.ssh/environment */
-        char   *permit_user_env_whitelist; /* pattern-list whitelist */
+        char   *permit_user_env_allowlist; /* pattern-list of allowed env names */
         int     compression;    /* If true, compression is allowed */
         int     allow_tcp_forwarding; /* One of FORWARD_* */
         int     allow_streamlocal_forwarding; /* One of FORWARD_* */
@@ -250,7 +250,7 @@ TAILQ_HEAD(include_list, include_item);
 /*
  * These are string config options that must be copied between the
  * Match sub-config and the main config, and must be sent from the
- * privsep slave to the privsep master. We use a macro to ensure all
+ * privsep child to the privsep master. We use a macro to ensure all
  * the options are copied and the copies are done in the correct order.
  *
  * NB. an option must appear in servconf.c:copy_set_server_options() or
@@ -269,7 +269,7 @@ TAILQ_HEAD(include_list, include_item);
                 M_CP_STROPT(pubkey_key_types); \
                 M_CP_STROPT(ca_sign_algorithms); \
                 M_CP_STROPT(routing_domain); \
-                M_CP_STROPT(permit_user_env_whitelist); \
+                M_CP_STROPT(permit_user_env_allowlist); \
                 M_CP_STRARRAYOPT(authorized_keys_files, num_authkeys_files); \
                 M_CP_STRARRAYOPT(allow_users, num_allow_users); \
                 M_CP_STRARRAYOPT(deny_users, num_deny_users); \
diff --git a/session.c b/session.c
index 84d3286c4..ede983564 100644
--- a/session.c
+++ b/session.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: session.c,v 1.322 2020/07/03 07:02:37 djm Exp $ */
+/* $OpenBSD: session.c,v 1.323 2020/07/05 23:59:45 djm Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -644,7 +644,7 @@ do_exec_pty(struct ssh *ssh, Session *s, const char *command)
 
         s->pid = pid;
 
-        /* Parent.  Close the slave side of the pseudo tty. */
+        /* Parent.  Close the child side of the pseudo tty. */
         close(ttyfd);
 
         /* Enter interactive session. */
@@ -843,12 +843,12 @@ check_quietlogin(Session *s, const char *command)
  * into the environment.  If the file does not exist, this does nothing.
  * Otherwise, it must consist of empty lines, comments (line starts with '#')
  * and assignments of the form name=value.  No other forms are allowed.
- * If whitelist is not NULL, then it is interpreted as a pattern list and
+ * If allowlist is not NULL, then it is interpreted as a pattern list and
  * only variable names that match it will be accepted.
  */
 static void
 read_environment_file(char ***env, u_int *envsize,
-        const char *filename, const char *whitelist)
+        const char *filename, const char *allowlist)
 {
         FILE *f;
         char *line = NULL, *cp, *value;
@@ -881,8 +881,8 @@ read_environment_file(char ***env, u_int *envsize,
                  */
                 *value = '\0';
                 value++;
-                if (whitelist != NULL &&
-                    match_pattern_list(cp, whitelist, 0) != 1)
+                if (allowlist != NULL &&
+                    match_pattern_list(cp, allowlist, 0) != 1)
                         continue;
                 child_set_env(env, envsize, cp, value);
         }
@@ -1111,10 +1111,10 @@ do_setup_env(struct ssh *ssh, Session *s, const char *shell)
                         cp = strchr(ocp, '=');
                         if (*cp == '=') {
                                 *cp = '\0';
-                                /* Apply PermitUserEnvironment whitelist */
-                                if (options.permit_user_env_whitelist == NULL ||
+                                /* Apply PermitUserEnvironment allowlist */
+                                if (options.permit_user_env_allowlist == NULL ||
                                     match_pattern_list(ocp,
-                                    options.permit_user_env_whitelist, 0) == 1)
+                                    options.permit_user_env_allowlist, 0) == 1)
                                         child_set_env(&env, &envsize,
                                             ocp, cp + 1);
                         }
@@ -1127,7 +1127,7 @@ do_setup_env(struct ssh *ssh, Session *s, const char *shell)
                 snprintf(buf, sizeof buf, "%.200s/.ssh/environment",
                     pw->pw_dir);
                 read_environment_file(&env, &envsize, buf,
-                    options.permit_user_env_whitelist);
+                    options.permit_user_env_allowlist);
         }
 
 #ifdef USE_PAM
diff --git a/ssh-agent.c b/ssh-agent.c
index 06efe3c6f..5f7ac8b91 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.261 2020/06/22 06:37:38 jmc Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.262 2020/07/05 23:59:45 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -93,8 +93,8 @@
 #include "ssh-pkcs11.h"
 #include "sk-api.h"
 
-#ifndef DEFAULT_PROVIDER_WHITELIST
-# define DEFAULT_PROVIDER_WHITELIST "/usr/lib*/*,/usr/local/lib*/*"
+#ifndef DEFAULT_ALLOWED_PROVIDERS
+# define DEFAULT_ALLOWED_PROVIDERS "/usr/lib*/*,/usr/local/lib*/*"
 #endif
 
 /* Maximum accepted message length */
@@ -1359,7 +1359,7 @@ main(int ac, char **av)
                 usage();
 
         if (allowed_providers == NULL)
-                allowed_providers = xstrdup(DEFAULT_PROVIDER_WHITELIST);
+                allowed_providers = xstrdup(DEFAULT_ALLOWED_PROVIDERS);
 
         if (ac == 0 && !c_flag && !s_flag) {
                 shell = getenv("SHELL");
diff --git a/ssh.c b/ssh.c
index a767a1839..b13783d43 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.530 2020/06/26 05:02:03 dtucker Exp $ */
+/* $OpenBSD: ssh.c,v 1.531 2020/07/05 23:59:45 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -137,11 +137,11 @@ int stdin_null_flag = 0;
 
 /*
  * Flag indicating that the current process should be backgrounded and
- * a new slave launched in the foreground for ControlPersist.
+ * a new mux-client launched in the foreground for ControlPersist.
  */
 int need_controlpersist_detach = 0;
 
-/* Copies of flags for ControlPersist foreground slave */
+/* Copies of flags for ControlPersist foreground mux-client */
 int ostdin_null_flag, ono_shell_flag, otty_flag, orequest_tty;
 
 /*
@@ -1691,7 +1691,7 @@ control_persist_detach(void)
                 /* Child: master process continues mainloop */
                 break;
         default:
-                /* Parent: set up mux slave to connect to backgrounded master */
+                /* Parent: set up mux client to connect to backgrounded master */
                 debug2("%s: background process is %ld", __func__, (long)pid);
                 stdin_null_flag = ostdin_null_flag;
                 options.request_tty = orequest_tty;
@@ -2070,9 +2070,9 @@ ssh_session2(struct ssh *ssh, struct passwd *pw)
         /*
          * If we are in control persist mode and have a working mux listen
          * socket, then prepare to background ourselves and have a foreground
-         * client attach as a control slave.
+         * client attach as a control client.
          * NB. we must save copies of the flags that we override for
-         * the backgrounding, since we defer attachment of the slave until
+         * the backgrounding, since we defer attachment of the client until
          * after the connection is fully established (in particular,
          * async rfwd replies have been received for ExitOnForwardFailure).
          */