Import openssh_7.1p2.orig.tar.gz

author: Colin Watson <cjwatson@debian.org> 2016-01-14 15:07:14 +0000
committer: Colin Watson <cjwatson@debian.org> 2016-01-14 15:07:14 +0000
commit: eeff4de96f5d7365750dc56912c2c62b5c28db6b (patch)
tree: 87e6ba5620716a6a9c1cbf84786d81cf7373ad43 /ChangeLog
parent: 651211fd4a199b299540c00c54a46e27fadb04be (diff)
parent: c88ac102f0eb89f2eaa314cb2e2e0ca3c890c443 (diff)
1 files changed, 83 insertions, 1601 deletions
diff --git a/ChangeLog b/ChangeLog
index 0e0dd8787..35a1a76b1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,86 @@
+commit c88ac102f0eb89f2eaa314cb2e2e0ca3c890c443
+Author: Damien Miller <djm@mindrot.org>
+Date:   Thu Jan 14 11:08:19 2016 +1100
+    bump version numbers
+commit 302bc21e6fadacb04b665868cd69b625ef69df90
+Author: Damien Miller <djm@mindrot.org>
+Date:   Thu Jan 14 11:04:04 2016 +1100
+    openssh-7.1p2
+commit 6b33763242c063e4e0593877e835eeb1fd1b60aa
+Author: Damien Miller <djm@mindrot.org>
+Date:   Thu Jan 14 11:02:58 2016 +1100
+    forcibly disable roaming support in the client
+commit 34d364f0d2e1e30a444009f0e04299bb7c94ba13
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Mon Oct 5 17:11:21 2015 +0000
+    upstream commit
+    
+    some more bzero->explicit_bzero, from Michael McConville
+    
+    Upstream-ID: 17f19545685c33327db2efdc357c1c9225ff00d0
+commit 8f5b93026797b9f7fba90d0c717570421ccebbd3
+Author: guenther@openbsd.org <guenther@openbsd.org>
+Date:   Fri Sep 11 08:50:04 2015 +0000
+    upstream commit
+    
+    Use explicit_bzero() when zeroing before free()
+    
+    from Michael McConville (mmcconv1 (at) sccs.swarthmore.edu)
+    ok millert@ djm@
+    
+    Upstream-ID: 2e3337db046c3fe70c7369ee31515ac73ec00f50
+commit d77148e3a3ef6c29b26ec74331455394581aa257
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Sun Nov 8 21:59:11 2015 +0000
+    upstream commit
+    
+    fix OOB read in packet code caused by missing return
+     statement found by Ben Hawkes; ok markus@ deraadt@
+    
+    Upstream-ID: a3e3a85434ebfa0690d4879091959591f30efc62
+commit 076d849e17ab12603627f87b301e2dca71bae518
+Author: Damien Miller <djm@mindrot.org>
+Date:   Sat Nov 14 18:44:49 2015 +1100
+    read back from libcrypto RAND when privdropping
+    
+    makes certain libcrypto implementations cache a /dev/urandom fd
+    in preparation of sandboxing. Based on patch by Greg Hartman.
+commit f72adc0150011a28f177617a8456e1f83733099d
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Sun Dec 13 22:42:23 2015 +0000
+    upstream commit
+    
+    unbreak connections with peers that set
+     first_kex_follows; fix from Matt Johnston va bz#2515
+    
+    Upstream-ID: decc88ec4fc7515594fdb42b04aa03189a44184b
+commit 04bd8d019ccd906cac1a2b362517b8505f3759e6
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Tue Jan 12 23:42:54 2016 +0000
+    upstream commit
+    
+    use explicit_bzero() more liberally in the buffer code; ok
+     deraadt
+    
+    Upstream-ID: 0ece37069fd66bc6e4f55eb1321f93df372b65bf
 commit e91346dc2bbf460246df2ab591b7613908c1b0ad
 Author: Damien Miller <djm@mindrot.org>
 Date:   Fri Aug 21 14:49:03 2015 +1000
@@ -7530,1604 +7613,3 @@ Date:   Thu Jan 16 18:42:10 2014 +1100
         [sftp-client.c]
         needless and incorrect cast to size_t can break resumption of
         large download; patch from tobias@
-commit 91b580e4bec55118bf96ab3cdbe5a50839e75d0a
-Author: Damien Miller <djm@mindrot.org>
-Date:   Sun Jan 12 19:21:22 2014 +1100
-       - djm@cvs.openbsd.org 2014/01/12 08:13:13
-         [bufaux.c buffer.h kex.c kex.h kexc25519.c kexc25519c.c kexc25519s.c]
-         [kexdhc.c kexdhs.c kexecdhc.c kexecdhs.c kexgexc.c kexgexs.c]
-         avoid use of OpenSSL BIGNUM type and functions for KEX with
-         Curve25519 by adding a buffer_put_bignum2_from_string() that stores
-         a string using the bignum encoding rules. Will make it easier to
-         build a reduced-feature OpenSSH without OpenSSL in the future;
-         ok markus@
-commit af5d4481f4c7c8c3c746e68b961bb85ef907800e
-Author: Damien Miller <djm@mindrot.org>
-Date:   Sun Jan 12 19:20:47 2014 +1100
-       - djm@cvs.openbsd.org 2014/01/10 05:59:19
-         [sshd_config]
-         the /etc/ssh/ssh_host_ed25519_key is loaded by default too
-commit 58cd63bc63038acddfb4051ed14e11179d8f4941
-Author: Damien Miller <djm@mindrot.org>
-Date:   Fri Jan 10 10:59:24 2014 +1100
-       - djm@cvs.openbsd.org 2014/01/09 23:26:48
-         [sshconnect.c sshd.c]
-         ban clients/servers that suffer from SSH_BUG_DERIVEKEY, they are ancient,
-         deranged and might make some attacks on KEX easier; ok markus@
-commit b3051d01e505c9c2dc00faab472a0d06fa6b0e65
-Author: Damien Miller <djm@mindrot.org>
-Date:   Fri Jan 10 10:58:53 2014 +1100
-       - djm@cvs.openbsd.org 2014/01/09 23:20:00
-         [digest.c digest.h hostfile.c kex.c kex.h kexc25519.c kexc25519c.c]
-         [kexc25519s.c kexdh.c kexecdh.c kexecdhc.c kexecdhs.c kexgex.c kexgexc.c]
-         [kexgexs.c key.c key.h roaming_client.c roaming_common.c schnorr.c]
-         [schnorr.h ssh-dss.c ssh-ecdsa.c ssh-rsa.c sshconnect2.c]
-         Introduce digest API and use it to perform all hashing operations
-         rather than calling OpenSSL EVP_Digest* directly. Will make it easier
-         to build a reduced-feature OpenSSH without OpenSSL in future;
-         feedback, ok markus@
-commit e00e413dd16eb747fb2c15a099971d91c13cf70f
-Author: Damien Miller <djm@mindrot.org>
-Date:   Fri Jan 10 10:40:45 2014 +1100
-       - guenther@cvs.openbsd.org 2014/01/09 03:26:00
-         [sftp-common.c]
-         When formating the time for "ls -l"-style output, show dates in the future
-         with the year, and rearrange a comparison to avoid a potentional signed
-         arithmetic overflow that would give the wrong result.
-    
-         ok djm@
-commit 3e49853650448883685cfa32fa382d0ba6d51d48
-Author: Damien Miller <djm@mindrot.org>
-Date:   Fri Jan 10 10:37:05 2014 +1100
-       - tedu@cvs.openbsd.org 2014/01/04 17:50:55
-         [mac.c monitor_mm.c monitor_mm.h xmalloc.c]
-         use standard types and formats for size_t like variables. ok dtucker
-commit a9c1e500ef609795cbc662848edb1a1dca279c81
-Author: Damien Miller <djm@mindrot.org>
-Date:   Wed Jan 8 16:13:12 2014 +1100
-     - (djm) [regress/.cvsignore] Ignore regress test droppings; ok dtucker@
-commit 324541e5264e1489ca0babfaf2b39612eb80dfb3
-Author: Damien Miller <djm@mindrot.org>
-Date:   Tue Dec 31 12:25:40 2013 +1100
-       - djm@cvs.openbsd.org 2013/12/30 23:52:28
-         [auth2-hostbased.c auth2-pubkey.c compat.c compat.h ssh-rsa.c]
-         [sshconnect.c sshconnect2.c sshd.c]
-         refuse RSA keys from old proprietary clients/servers that use the
-         obsolete RSA+MD5 signature scheme. it will still be possible to connect
-         with these clients/servers but only DSA keys will be accepted, and we'll
-         deprecate them entirely in a future release. ok markus@
-commit 9f4c8e797ea002a883307ca906f1f1f815010e78
-Author: Damien Miller <djm@mindrot.org>
-Date:   Sun Dec 29 17:57:46 2013 +1100
-     - (djm) [regress/Makefile] Add some generated files for cleaning
-commit 106bf1ca3c7a5fdc34f9fd7a1fe651ca53085bc5
-Author: Damien Miller <djm@mindrot.org>
-Date:   Sun Dec 29 17:54:03 2013 +1100
-       - djm@cvs.openbsd.org 2013/12/29 05:57:02
-         [sshconnect.c]
-         when showing other hostkeys, don't forget Ed25519 keys
-commit 0fa47cfb32c239117632cab41e4db7d3e6de5e91
-Author: Damien Miller <djm@mindrot.org>
-Date:   Sun Dec 29 17:53:39 2013 +1100
-       - djm@cvs.openbsd.org 2013/12/29 05:42:16
-         [ssh.c]
-         don't forget to load Ed25519 certs too
-commit b9a95490daa04cc307589897f95bfaff324ad2c9
-Author: Damien Miller <djm@mindrot.org>
-Date:   Sun Dec 29 17:50:15 2013 +1100
-       - djm@cvs.openbsd.org 2013/12/29 04:35:50
-         [authfile.c]
-         don't refuse to load Ed25519 certificates
-commit f72cdde6e6fabc51d2a62f4e75b8b926d9d7ee89
-Author: Damien Miller <djm@mindrot.org>
-Date:   Sun Dec 29 17:49:55 2013 +1100
-       - djm@cvs.openbsd.org 2013/12/29 04:29:25
-         [authfd.c]
-         allow deletion of ed25519 keys from the agent
-commit 29ace1cb68cc378a464c72c0fd67aa5f9acd6b5b
-Author: Damien Miller <djm@mindrot.org>
-Date:   Sun Dec 29 17:49:31 2013 +1100
-       - djm@cvs.openbsd.org 2013/12/29 04:20:04
-         [key.c]
-         to make sure we don't omit any key types as valid CA keys again,
-         factor the valid key type check into a key_type_is_valid_ca()
-         function
-commit 9de4fcdc5a9cff48d49a3e2f6194d3fb2d7ae34d
-Author: Damien Miller <djm@mindrot.org>
-Date:   Sun Dec 29 17:49:13 2013 +1100
-       - djm@cvs.openbsd.org 2013/12/29 02:49:52
-         [key.c]
-         correct comment for key_drop_cert()
-commit 5baeacf8a80f054af40731c6f92435f9164b8e02
-Author: Damien Miller <djm@mindrot.org>
-Date:   Sun Dec 29 17:48:55 2013 +1100
-       - djm@cvs.openbsd.org 2013/12/29 02:37:04
-         [key.c]
-         correct comment for key_to_certified()
-commit 83f2fe26cb19330712c952eddbd3c0b621674adc
-Author: Damien Miller <djm@mindrot.org>
-Date:   Sun Dec 29 17:48:38 2013 +1100
-       - djm@cvs.openbsd.org 2013/12/29 02:28:10
-         [key.c]
-         allow ed25519 keys to appear as certificate authorities
-commit 06122e9a74bb488b0fe0a8f64e1135de870f9cc0
-Author: Damien Miller <djm@mindrot.org>
-Date:   Sun Dec 29 17:48:15 2013 +1100
-       - djm@cvs.openbsd.org 2013/12/27 22:37:18
-         [ssh-rsa.c]
-         correct comment
-commit 3e19295c3a253c8dc8660cf45baad7f45fccb969
-Author: Damien Miller <djm@mindrot.org>
-Date:   Sun Dec 29 17:47:50 2013 +1100
-       - djm@cvs.openbsd.org 2013/12/27 22:30:17
-         [ssh-dss.c ssh-ecdsa.c ssh-rsa.c]
-         make the original RSA and DSA signing/verification code look more like
-         the ECDSA/Ed25519 ones: use key_type_plain() when checking the key type
-         rather than tediously listing all variants, use __func__ for debug/
-         error messages
-commit 137977180be6254639e2c90245763e6965f8d815
-Author: Damien Miller <djm@mindrot.org>
-Date:   Sun Dec 29 17:47:14 2013 +1100
-       - tedu@cvs.openbsd.org 2013/12/21 07:10:47
-         [ssh-keygen.1]
-         small typo
-commit 339a48fe7ffb3186d22bbaa9efbbc3a053e602fd
-Author: Damien Miller <djm@mindrot.org>
-Date:   Sun Dec 29 17:46:49 2013 +1100
-       - djm@cvs.openbsd.org 2013/12/19 22:57:13
-         [poly1305.c poly1305.h]
-         use full name for author, with his permission
-commit 0b36c83148976c7c8268f4f41497359e2fb26251
-Author: Damien Miller <djm@mindrot.org>
-Date:   Sun Dec 29 17:45:51 2013 +1100
-       - djm@cvs.openbsd.org 2013/12/19 01:19:41
-         [ssh-agent.c]
-         bz#2186: don't crash (NULL deref) when deleting PKCS#11 keys from an agent
-         that has a mix of normal and PKCS#11 keys; fix from jay AT slushpupie.com;
-         ok dtucker
-commit 4def184e9b6c36be6d965a9705632fc4c0c2a8af
-Author: Damien Miller <djm@mindrot.org>
-Date:   Sun Dec 29 17:45:26 2013 +1100
-       - djm@cvs.openbsd.org 2013/12/19 01:04:36
-         [channels.c]
-         bz#2147: fix multiple remote forwardings with dynamically assigned
-         listen ports. In the s->c message to open the channel we were sending
-         zero (the magic number to request a dynamic port) instead of the actual
-         listen port. The client therefore had no way of discriminating between
-         them.
-    
-         Diagnosis and fix by ronf AT timeheart.net
-commit bf25d114e23a803f8feca8926281b1aaedb6191b
-Author: Damien Miller <djm@mindrot.org>
-Date:   Sun Dec 29 17:44:56 2013 +1100
-       - djm@cvs.openbsd.org 2013/12/19 00:27:57
-         [auth-options.c]
-         simplify freeing of source-address certificate restriction
-commit bb3dafe7024a5b4e851252e65ee35d45b965e4a8
-Author: Damien Miller <djm@mindrot.org>
-Date:   Sun Dec 29 17:44:29 2013 +1100
-       - dtucker@cvs.openbsd.org 2013/12/19 00:19:12
-         [serverloop.c]
-         Cast client_alive_interval to u_int64_t before assinging to
-         max_time_milliseconds to avoid potential integer overflow in the timeout.
-         bz#2170, patch from Loganaden Velvindron, ok djm@
-commit ef275ead3dcadde4db1efe7a0aa02b5e618ed40c
-Author: Damien Miller <djm@mindrot.org>
-Date:   Sun Dec 29 17:44:07 2013 +1100
-       - djm@cvs.openbsd.org 2013/12/19 00:10:30
-         [ssh-add.c]
-         skip requesting smartcard PIN when removing keys from agent; bz#2187
-         patch from jay AT slushpupie.com; ok dtucker
-commit 7d97fd9a1cae778c3eacf16e09f5da3689d616c6
-Author: Damien Miller <djm@mindrot.org>
-Date:   Sun Dec 29 17:40:18 2013 +1100
-     - (djm) [loginrec.c] Check for username truncation when looking up lastlog
-       entries
-commit 77244afe3b6d013b485e0952eaab89b9db83380f
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Sat Dec 21 17:02:39 2013 +1100
-    20131221
-     - (dtucker) [regress/keytype.sh] Actually test ecdsa key types.
-commit 53f8e784dc431a82d31c9b0e95b144507f9330e9
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Thu Dec 19 11:31:44 2013 +1100
-     - (dtucker) [auth-pam.c] bz#2163: check return value from pam_get_item().
-       Patch from Loganaden Velvindron.
-commit 1fcec9d4f265e38af248c4c845986ca8c174bd68
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Thu Dec 19 11:00:12 2013 +1100
-     - (dtucker) [configure.ac] bz#2178: Don't try to use BSM on Solaris versions
-       greater than 11 either rather than just 11.  Patch from Tomas Kuthan.
-commit 6674eb9683afd1ea4eb35670b5e66815543a759e
-Author: Damien Miller <djm@mindrot.org>
-Date:   Wed Dec 18 17:50:39 2013 +1100
-       - markus@cvs.openbsd.org 2013/12/17 10:36:38
-         [crypto_api.h]
-         I've assempled the header file by cut&pasting from generated headers
-         and the source files.
-commit d58a5964426ee014384d67d775d16712e93057f3
-Author: Damien Miller <djm@mindrot.org>
-Date:   Wed Dec 18 17:50:13 2013 +1100
-       - djm@cvs.openbsd.org 2013/12/15 21:42:35
-         [cipher-chachapoly.c]
-         add some comments and constify a constant
-commit 059321d19af24d87420de3193f79dfab23556078
-Author: Damien Miller <djm@mindrot.org>
-Date:   Wed Dec 18 17:49:48 2013 +1100
-       - pascal@cvs.openbsd.org 2013/12/15 18:17:26
-         [ssh-add.c]
-         Make ssh-add also add .ssh/id_ed25519; fixes lie in manual page.
-         ok markus@
-commit 155b5a5bf158767f989215479ded2a57f331e1c6
-Author: Damien Miller <djm@mindrot.org>
-Date:   Wed Dec 18 17:48:32 2013 +1100
-       - markus@cvs.openbsd.org 2013/12/09 11:08:17
-         [crypto_api.h]
-         remove unused defines
-commit 8a56dc2b6b48b05590810e7f4c3567508410000c
-Author: Damien Miller <djm@mindrot.org>
-Date:   Wed Dec 18 17:48:11 2013 +1100
-       - markus@cvs.openbsd.org 2013/12/09 11:03:45
-         [blocks.c ed25519.c fe25519.c fe25519.h ge25519.c ge25519.h]
-         [ge25519_base.data hash.c sc25519.c sc25519.h verify.c]
-         Add Authors for the public domain ed25519/nacl code.
-         see also http://nacl.cr.yp.to/features.html
-            All of the NaCl software is in the public domain.
-         and http://ed25519.cr.yp.to/software.html
-            The Ed25519 software is in the public domain.
-commit 6575c3acf31fca117352f31f37b16ae46e664837
-Author: Damien Miller <djm@mindrot.org>
-Date:   Wed Dec 18 17:47:02 2013 +1100
-       - dtucker@cvs.openbsd.org 2013/12/08 09:53:27
-         [sshd_config.5]
-         Use a literal for the default value of KEXAlgorithms.  ok deraadt jmc
-commit 8ba0ead6985ea14999265136b14ffd5aeec516f9
-Author: Damien Miller <djm@mindrot.org>
-Date:   Wed Dec 18 17:46:27 2013 +1100
-       - naddy@cvs.openbsd.org 2013/12/07 11:58:46
-         [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8 ssh.1]
-         [ssh_config.5 sshd.8 sshd_config.5]
-         add missing mentions of ed25519; ok djm@
-commit 4f752cf71cf44bf4bc777541156c2bf56daf9ce9
-Author: Damien Miller <djm@mindrot.org>
-Date:   Wed Dec 18 17:45:35 2013 +1100
-       - djm@cvs.openbsd.org 2013/12/07 08:08:26
-         [ssh-keygen.1]
-         document -a and -o wrt new key format
-commit 6d6fcd14e23a9053198342bb379815b15e504084
-Author: Damien Miller <djm@mindrot.org>
-Date:   Sun Dec 8 15:53:28 2013 +1100
-     - (djm) [Makefile.in regress/Makefile regress/agent-ptrace.sh]
-       [regress/setuid-allowed.c] Check that ssh-agent is not on a no-setuid
-       filesystem before running agent-ptrace.sh; ok dtucker
-commit 7e6e42fb532c7dafd7078ef5e9e2d3e47fcf6752
-Author: Damien Miller <djm@mindrot.org>
-Date:   Sun Dec 8 08:23:08 2013 +1100
-     - (djm) [openbsd-compat/bsd-setres_id.c] Missing header; from Corinna
-        Vinschen
-commit da3ca351b49d52ae85db2e3998265dc3c6617068
-Author: Damien Miller <djm@mindrot.org>
-Date:   Sat Dec 7 21:43:46 2013 +1100
-     - (djm) [Makefile.in] PATHSUBS and keygen bits for Ed25519; from
-        Loganaden Velvindron @ AfriNIC in bz#2179
-commit eb401585bb8336cbf81fe4fc58eb9f7cac3ab874
-Author: Damien Miller <djm@mindrot.org>
-Date:   Sat Dec 7 17:07:15 2013 +1100
-     - (djm) [regress/cert-hostkey.sh] Fix merge botch
-commit f54542af3ad07532188b10136ae302314ec69ed6
-Author: Damien Miller <djm@mindrot.org>
-Date:   Sat Dec 7 16:32:44 2013 +1100
-       - markus@cvs.openbsd.org 2013/12/06 13:52:46
-         [regress/Makefile regress/agent.sh regress/cert-hostkey.sh]
-         [regress/cert-userkey.sh regress/keytype.sh]
-         test ed25519 support; from djm@
-commit f104da263de995f66b6861b4f3368264ee483d7f
-Author: Damien Miller <djm@mindrot.org>
-Date:   Sat Dec 7 12:37:53 2013 +1100
-     - (djm) [ed25519.c ssh-ed25519.c openbsd-compat/Makefile.in]
-        [openbsd-compat/bcrypt_pbkdf.c] Make ed25519/new key format compile on
-           Linux
-commit 1ff130dac9b7aea0628f4ad30683431fe35e0020
-Author: Damien Miller <djm@mindrot.org>
-Date:   Sat Dec 7 11:51:51 2013 +1100
-     - [configure.ac openbsd-compat/Makefile.in openbsd-compat/bcrypt_pbkdf.c]
-       [openbsd-compat/blf.h openbsd-compat/blowfish.c]
-       [openbsd-compat/openbsd-compat.h] Start at supporting bcrypt_pbkdf in
-       portable.
-commit 4260828a2958ebe8c96f66d8301dac53f4cde556
-Author: Damien Miller <djm@mindrot.org>
-Date:   Sat Dec 7 11:38:03 2013 +1100
-     - [authfile.c] Conditionalise inclusion of util.h
-commit a913442bac8a26fd296a3add51293f8f6f9b3b4c
-Author: Damien Miller <djm@mindrot.org>
-Date:   Sat Dec 7 11:35:36 2013 +1100
-     - [Makefile.in] Add ed25519 sources
-commit ca570a519cb846da61d002c7f46fa92e39c83e45
-Author: Damien Miller <djm@mindrot.org>
-Date:   Sat Dec 7 11:29:09 2013 +1100
-       - djm@cvs.openbsd.org 2013/12/07 00:19:15
-         [key.c]
-         set k->cert = NULL after freeing it
-commit 3cccc0e155229a2f2d86b6df40bd4559b4f960ff
-Author: Damien Miller <djm@mindrot.org>
-Date:   Sat Dec 7 11:27:47 2013 +1100
-     - [blocks.c ed25519.c fe25519.c fe25519.h ge25519.c ge25519.h]
-       [ge25519_base.data hash.c sc25519.c sc25519.h verify.c] Fix RCS idents
-commit a7827c11b3f0380b7e593664bd62013ff9c131db
-Author: Damien Miller <djm@mindrot.org>
-Date:   Sat Dec 7 11:24:30 2013 +1100
-       - jmc@cvs.openbsd.org 2013/12/06 15:29:07
-         [sshd.8]
-         missing comma;
-commit 5be9d9e3cbd9c66f24745d25bf2e809c1d158ee0
-Author: Damien Miller <djm@mindrot.org>
-Date:   Sat Dec 7 11:24:01 2013 +1100
-       - markus@cvs.openbsd.org 2013/12/06 13:39:49
-         [authfd.c authfile.c key.c key.h myproposal.h pathnames.h readconf.c]
-         [servconf.c ssh-agent.c ssh-keygen.c ssh-keyscan.1 ssh-keyscan.c]
-         [ssh-keysign.c ssh.c ssh_config.5 sshd.8 sshd.c verify.c ssh-ed25519.c]
-         [sc25519.h sc25519.c hash.c ge25519_base.data ge25519.h ge25519.c]
-         [fe25519.h fe25519.c ed25519.c crypto_api.h blocks.c]
-         support ed25519 keys (hostkeys and user identities) using the public
-         domain ed25519 reference code from SUPERCOP, see
-         http://ed25519.cr.yp.to/software.html
-         feedback, help & ok djm@
-commit bcd00abd8451f36142ae2ee10cc657202149201e
-Author: Damien Miller <djm@mindrot.org>
-Date:   Sat Dec 7 10:41:55 2013 +1100
-       - markus@cvs.openbsd.org 2013/12/06 13:34:54
-         [authfile.c authfile.h cipher.c cipher.h key.c packet.c ssh-agent.c]
-         [ssh-keygen.c PROTOCOL.key] new private key format, bcrypt as KDF by
-         default; details in PROTOCOL.key; feedback and lots help from djm;
-         ok djm@
-commit f0e9060d236c0e38bec2fa1c6579fb0a2ea6458d
-Author: Damien Miller <djm@mindrot.org>
-Date:   Sat Dec 7 10:40:26 2013 +1100
-       - markus@cvs.openbsd.org 2013/12/06 13:30:08
-         [authfd.c key.c key.h ssh-agent.c]
-         move private key (de)serialization to key.c; ok djm
-commit 0f8536da23a6ef26e6495177c0d8a4242b710289
-Author: Damien Miller <djm@mindrot.org>
-Date:   Sat Dec 7 10:31:37 2013 +1100
-       - djm@cvs.openbsd.org 2013/12/06 03:40:51
-         [ssh-keygen.c]
-         remove duplicated character ('g') in getopt() string;
-         document the (few) remaining option characters so we don't have to
-         rummage next time.
-commit 393920745fd328d3fe07f739a3cf7e1e6db45b60
-Author: Damien Miller <djm@mindrot.org>
-Date:   Sat Dec 7 10:31:08 2013 +1100
-       - djm@cvs.openbsd.org 2013/12/05 22:59:45
-         [sftp-client.c]
-         fix memory leak in error path in do_readdir(); pointed out by
-         Loganaden Velvindron @ AfriNIC in bz#2163
-commit 534b2ccadea5e5e9a8b27226e6faac3ed5552e97
-Author: Damien Miller <djm@mindrot.org>
-Date:   Thu Dec 5 14:07:27 2013 +1100
-       - djm@cvs.openbsd.org 2013/12/05 01:16:41
-         [servconf.c servconf.h]
-         bz#2161 - fix AuthorizedKeysCommand inside a Match block and
-         rearrange things so the same error is harder to make next time;
-         with and ok dtucker@
-commit 8369c8e61a3408ec6bb75755fad4ffce29b5fdbe
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Thu Dec 5 11:00:16 2013 +1100
-     - (dtucker) [configure.ac] bz#2173: use pkg-config --libs to include correct
-       -L location for libedit.  Patch from Serge van den Boom.
-commit 9275df3e0a2a3bc3897f7d664ea86a425c8a092d
-Author: Damien Miller <djm@mindrot.org>
-Date:   Thu Dec 5 10:26:32 2013 +1100
-       - djm@cvs.openbsd.org 2013/12/04 04:20:01
-         [sftp-client.c]
-         bz#2171: don't leak local_fd on error; from Loganaden Velvindron @
-         AfriNIC
-commit 960f6a2b5254e4da082d8aa3700302ed12dc769a
-Author: Damien Miller <djm@mindrot.org>
-Date:   Thu Dec 5 10:26:14 2013 +1100
-       - djm@cvs.openbsd.org 2013/12/02 03:13:14
-         [cipher.c]
-         correct bzero of chacha20+poly1305 key context. bz#2177 from
-         Loganaden Velvindron @ AfriNIC
-    
-         Also make it a memset for consistency with the rest of cipher.c
-commit f7e8a8796d661c9d6692ab837e1effd4f5ada1c2
-Author: Damien Miller <djm@mindrot.org>
-Date:   Thu Dec 5 10:25:51 2013 +1100
-       - djm@cvs.openbsd.org 2013/12/02 03:09:22
-         [key.c]
-         make key_to_blob() return a NULL blob on failure; part of
-         bz#2175 from Loganaden Velvindron @ AfriNIC
-commit f1e44ea9d9a6d4c1a95a0024132e603bd1778c9c
-Author: Damien Miller <djm@mindrot.org>
-Date:   Thu Dec 5 10:23:21 2013 +1100
-       - djm@cvs.openbsd.org 2013/12/02 02:56:17
-         [ssh-pkcs11-helper.c]
-         use-after-free; bz#2175 patch from Loganaden Velvindron @ AfriNIC
-commit 114e540b15d57618f9ebf624264298f80bbd8c77
-Author: Damien Miller <djm@mindrot.org>
-Date:   Thu Dec 5 10:22:57 2013 +1100
-       - djm@cvs.openbsd.org 2013/12/02 02:50:27
-         [PROTOCOL.chacha20poly1305]
-         typo; from Jon Cave
-commit e4870c090629e32f2cb649dc16d575eeb693f4a8
-Author: Damien Miller <djm@mindrot.org>
-Date:   Thu Dec 5 10:22:39 2013 +1100
-       - djm@cvs.openbsd.org 2013/12/01 23:19:05
-         [PROTOCOL]
-         mention curve25519-sha256@libssh.org key exchange algorithm
-commit 1d2f8804a6d33a4e908b876b2e1266b8260ec76b
-Author: Damien Miller <djm@mindrot.org>
-Date:   Thu Dec 5 10:22:03 2013 +1100
-       - deraadt@cvs.openbsd.org 2013/11/26 19:15:09
-         [pkcs11.h]
-         cleanup 1 << 31 idioms.  Resurrection of this issue pointed out by
-         Eitan Adler ok markus for ssh, implies same change in kerberosV
-commit bdb352a54f82df94a548e3874b22f2d6ae90328d
-Author: Damien Miller <djm@mindrot.org>
-Date:   Thu Dec 5 10:20:52 2013 +1100
-       - jmc@cvs.openbsd.org 2013/11/26 12:14:54
-         [ssh.1 ssh.c]
-         - put -Q in the right place
-         - Ar was a poor choice for the arguments to -Q. i've chosen an
-           admittedly equally poor Cm, at least consistent with the rest
-           of the docs. also no need for multiple instances
-         - zap a now redundant Nm
-         - usage() sync
-commit d937dc084a087090f1cf5395822c3ac958d33759
-Author: Damien Miller <djm@mindrot.org>
-Date:   Thu Dec 5 10:19:54 2013 +1100
-       - deraadt@cvs.openbsd.org 2013/11/25 18:04:21
-         [ssh.1 ssh.c]
-         improve -Q usage and such.  One usage change is that the option is now
-         case-sensitive
-         ok dtucker markus djm
-commit dec0393f7ee8aabc7d9d0fc2c5fddb4bc649112e
-Author: Damien Miller <djm@mindrot.org>
-Date:   Thu Dec 5 10:18:43 2013 +1100
-       - jmc@cvs.openbsd.org 2013/11/21 08:05:09
-         [ssh_config.5 sshd_config.5]
-         no need for .Pp before displays;
-commit 8a073cf57940aabf85e49799f89f5d5e9b072c1b
-Author: Damien Miller <djm@mindrot.org>
-Date:   Thu Nov 21 14:26:18 2013 +1100
-       - djm@cvs.openbsd.org 2013/11/21 03:18:51
-         [regress/cipher-speed.sh regress/integrity.sh regress/rekey.sh]
-         [regress/try-ciphers.sh]
-         use new "ssh -Q cipher-auth" query to obtain lists of authenticated
-         encryption ciphers instead of specifying them manually; ensures that
-         the new chacha20poly1305@openssh.com mode is tested;
-    
-         ok markus@ and naddy@ as part of the diff to add
-         chacha20poly1305@openssh.com
-commit ea61b2179f63d48968dd2c9617621002bb658bfe
-Author: Damien Miller <djm@mindrot.org>
-Date:   Thu Nov 21 14:25:15 2013 +1100
-       - djm@cvs.openbsd.org 2013/11/21 03:16:47
-         [regress/modpipe.c]
-         use unsigned long long instead of u_int64_t here to avoid warnings
-         on some systems portable OpenSSH is built on.
-commit 36aba25b0409d2db6afc84d54bc47a2532d38424
-Author: Damien Miller <djm@mindrot.org>
-Date:   Thu Nov 21 14:24:42 2013 +1100
-       - djm@cvs.openbsd.org 2013/11/21 03:15:46
-         [regress/krl.sh]
-         add some reminders for additional tests that I'd like to implement
-commit fa7a20bc289f09b334808d988746bc260a2f60c9
-Author: Damien Miller <djm@mindrot.org>
-Date:   Thu Nov 21 14:24:08 2013 +1100
-       - naddy@cvs.openbsd.org 2013/11/18 05:09:32
-         [regress/forward-control.sh]
-         bump timeout to 10 seconds to allow slow machines (e.g. Alpha PC164)
-         to successfully run this; ok djm@
-         (ID sync only; our timeouts are already longer)
-commit 0fde8acdad78a4d20cadae974376cc0165f645ee
-Author: Damien Miller <djm@mindrot.org>
-Date:   Thu Nov 21 14:12:23 2013 +1100
-       - djm@cvs.openbsd.org 2013/11/21 00:45:44
-         [Makefile.in PROTOCOL PROTOCOL.chacha20poly1305 authfile.c chacha.c]
-         [chacha.h cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h]
-         [dh.c myproposal.h packet.c poly1305.c poly1305.h servconf.c ssh.1]
-         [ssh.c ssh_config.5 sshd_config.5] Add a new protocol 2 transport
-         cipher "chacha20-poly1305@openssh.com" that combines Daniel
-         Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an
-         authenticated encryption mode.
-    
-         Inspired by and similar to Adam Langley's proposal for TLS:
-         http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03
-         but differs in layout used for the MAC calculation and the use of a
-         second ChaCha20 instance to separately encrypt packet lengths.
-         Details are in the PROTOCOL.chacha20poly1305 file.
-    
-         Feedback markus@, naddy@; manpage bits Loganden Velvindron @ AfriNIC
-         ok markus@ naddy@
-commit fdb2306acdc3eb2bc46b6dfdaaf6005c650af22a
-Author: Damien Miller <djm@mindrot.org>
-Date:   Thu Nov 21 13:57:15 2013 +1100
-       - deraadt@cvs.openbsd.org 2013/11/20 20:54:10
-         [canohost.c clientloop.c match.c readconf.c sftp.c]
-         unsigned casts for ctype macros where neccessary
-         ok guenther millert markus
-commit e00167307e4d3692695441e9bd712f25950cb894
-Author: Damien Miller <djm@mindrot.org>
-Date:   Thu Nov 21 13:56:49 2013 +1100
-       - deraadt@cvs.openbsd.org 2013/11/20 20:53:10
-         [scp.c]
-         unsigned casts for ctype macros where neccessary
-         ok guenther millert markus
-commit 23e00aa6ba9eee0e0c218f2026bf405ad4625832
-Author: Damien Miller <djm@mindrot.org>
-Date:   Thu Nov 21 13:56:28 2013 +1100
-       - djm@cvs.openbsd.org 2013/11/20 02:19:01
-         [sshd.c]
-         delay closure of in/out fds until after "Bad protocol version
-         identification..." message, as get_remote_ipaddr/get_remote_port
-         require them open.
-commit 867e6934be6521f87f04a5ab86702e2d1b314245
-Author: Damien Miller <djm@mindrot.org>
-Date:   Thu Nov 21 13:56:06 2013 +1100
-       - markus@cvs.openbsd.org 2013/11/13 13:48:20
-         [ssh-pkcs11.c]
-         add missing braces found by pedro
-commit 0600c7020f4fe68a780bd7cf21ff541a8d4b568a
-Author: Damien Miller <djm@mindrot.org>
-Date:   Thu Nov 21 13:55:43 2013 +1100
-       - dtucker@cvs.openbsd.org 2013/11/08 11:15:19
-         [bufaux.c bufbn.c buffer.c sftp-client.c sftp-common.c sftp-glob.c]
-         [uidswap.c] Include stdlib.h for free() as per the man page.
-commit b6a75b0b93b8faa6f79c3a395ab6c71f3f880b80
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Sun Nov 10 20:25:22 2013 +1100
-     - (dtucker) [regress/keytype.sh] Populate ECDSA key types to be tested by
-       querying the ones that are compiled in.
-commit 2c89430119367eb1bc96ea5ee55de83357e4c926
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Sun Nov 10 12:38:42 2013 +1100
-     - (dtucker) [key.c] Check for the correct defines for NID_secp521r1.
-commit dd5264db5f641dbd03186f9e5e83e4b14b3d0003
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Sat Nov 9 22:32:51 2013 +1100
-     - (dtucker) [configure.ac] Add missing "test".
-commit 95cb2d4eb08117be061f3ff076adef3e9a5372c3
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Sat Nov 9 22:02:31 2013 +1100
-     - (dtucker) [configure.ac] Fix brackets in NID_secp521r1 test.
-commit 37bcef51b3d9d496caecea6394814d2f49a1357f
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Sat Nov 9 18:39:25 2013 +1100
-     - (dtucker) [configure.ac kex.c key.c myproposal.h] Test for the presence of
-       NID_X9_62_prime256v1, NID_secp384r1 and NID_secp521r1 and test that the
-       latter actually works before using it.  Fedora (at least) has NID_secp521r1
-       that doesn't work (see https://bugzilla.redhat.com/show_bug.cgi?id=1021897).
-commit 6e2fe81f926d995bae4be4a6b5b3c88c1c525187
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Sat Nov 9 16:55:03 2013 +1100
-       - dtucker@cvs.openbsd.org 2013/11/09 05:41:34
-         [regress/test-exec.sh regress/rekey.sh]
-         Use smaller test data files to speed up tests.  Grow test datafiles
-         where necessary for a specific test.
-commit aff7ef1bb8b7c1eeb1f4812129091c5adbf51848
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Sat Nov 9 00:19:22 2013 +1100
-     - (dtucker) [contrib/cygwin/ssh-host-config] Simplify host key generation:
-       rather than testing and generating each key, call ssh-keygen -A.
-       Patch from vinschen at redhat.com.
-commit 882abfd3fb3c98cfe70b4fc79224770468b570a5
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Sat Nov 9 00:17:41 2013 +1100
-     - (dtucker) [Makefile.in configure.ac] Set MALLOC_OPTIONS per platform
-       and pass in TEST_ENV.  Unknown options cause stderr to get polluted
-       and the stderr-data test to fail.
-commit 8c333ec23bdf7da917aa20ac6803a2cdd79182c5
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Fri Nov 8 21:12:58 2013 +1100
-     - (dtucker) [openbsd-compat/bsd-poll.c] Add headers to prevent compile
-       warnings.
-commit d94240b2f6b376b6e9de187e4a0cd4b89dfc48cb
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Fri Nov 8 21:10:04 2013 +1100
-     - (dtucker) [myproposal.h] Conditionally enable CURVE25519_SHA256.
-commit 1c8ce34909886288a3932dce770deec5449f7bb5
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Fri Nov 8 19:50:32 2013 +1100
-     - (dtucker) [kex.c] Only enable CURVE25519_SHA256 if we actually have
-       EVP_sha256.
-commit ccdb9bec46bcc88549b26a94aa0bae2b9f51031c
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Fri Nov 8 18:54:38 2013 +1100
-     - (dtucker) [openbsd-compat/openbsd-compat.h] Add null implementation of
-       arc4random_stir for platforms that have arc4random but don't have
-       arc4random_stir (right now this is only OpenBSD -current).
-commit 3420a50169b52cc8d2775d51316f9f866c73398f
-Author: Damien Miller <djm@mindrot.org>
-Date:   Fri Nov 8 16:48:13 2013 +1100
-     - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
-       [contrib/suse/openssh.spec] Update version numbers following release.
-commit 3ac4a234df842fd8c94d9cb0ad198e1fe84b895b
-Author: Damien Miller <djm@mindrot.org>
-Date:   Fri Nov 8 12:39:49 2013 +1100
-       - djm@cvs.openbsd.org 2013/11/08 01:38:11
-         [version.h]
-         openssh-6.4
-commit 6c81fee693038de7d4a5559043350391db2a2761
-Author: Damien Miller <djm@mindrot.org>
-Date:   Fri Nov 8 12:19:55 2013 +1100
-       - djm@cvs.openbsd.org 2013/11/08 00:39:15
-         [auth-options.c auth2-chall.c authfd.c channels.c cipher-3des1.c]
-         [clientloop.c gss-genr.c monitor_mm.c packet.c schnorr.c umac.c]
-         [sftp-client.c sftp-glob.c]
-         use calloc for all structure allocations; from markus@
-commit 690d989008e18af3603a5e03f1276c9bad090370
-Author: Damien Miller <djm@mindrot.org>
-Date:   Fri Nov 8 12:16:49 2013 +1100
-       - dtucker@cvs.openbsd.org 2013/11/07 11:58:27
-         [cipher.c cipher.h kex.c kex.h mac.c mac.h servconf.c ssh.c]
-         Output the effective values of Ciphers, MACs and KexAlgorithms when
-         the default has not been overridden.  ok markus@
-commit 08998c5fb9c7c1d248caa73b76e02ca0482e6d85
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Fri Nov 8 12:11:46 2013 +1100
-        - dtucker@cvs.openbsd.org 2013/11/08 01:06:14
-          [regress/rekey.sh]
-          Rekey less frequently during tests to speed them up
-commit 4bf7e50e533aa956366df7402c132f202e841a48
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Thu Nov 7 22:33:48 2013 +1100
-     - (dtucker) [Makefile.in configure.ac] Remove TEST_SSH_SHA256 environment
-       variable.  It's no longer used now that we get the supported MACs from
-       ssh -Q.
-commit 6e9d6f411288374d1dee4b7debbfa90bc7e73035
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Thu Nov 7 15:32:37 2013 +1100
-       - dtucker@cvs.openbsd.org 2013/11/07 04:26:56
-         [regress/kextype.sh]
-         trailing space
-commit 74cbc22529f3e5de756e1b7677b7624efb28f62c
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Thu Nov 7 15:26:12 2013 +1100
-       - dtucker@cvs.openbsd.org 2013/11/07 03:55:41
-         [regress/kextype.sh]
-         Use ssh -Q to get kex types instead of a static list.
-commit a955041c930e63405159ff7d25ef14272f36eab3
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Thu Nov 7 15:21:19 2013 +1100
-       - dtucker@cvs.openbsd.org 2013/11/07 02:48:38
-         [regress/integrity.sh regress/cipher-speed.sh regress/try-ciphers.sh]
-         Use ssh -Q instead of hardcoding lists of ciphers or MACs.
-commit 06595d639577577bc15d359e037a31eb83563269
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Thu Nov 7 15:08:02 2013 +1100
-       - dtucker@cvs.openbsd.org 2013/11/07 01:12:51
-         [regress/rekey.sh]
-         Factor out the data transfer rekey tests
-commit 651dc8b2592202dac6b16ee3b82ce5b331be7da3
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Thu Nov 7 15:04:44 2013 +1100
-       - dtucker@cvs.openbsd.org 2013/11/07 00:12:05
-         [regress/rekey.sh]
-         Test rekeying for every Cipher, MAC and KEX, plus test every KEX with
-         the GCM ciphers.
-commit 234557762ba1096a867ca6ebdec07efebddb5153
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Thu Nov 7 15:00:51 2013 +1100
-       - dtucker@cvs.openbsd.org 2013/11/04 12:27:42
-         [regress/rekey.sh]
-         Test rekeying with all KexAlgorithms.
-commit bbfb9b0f386aab0c3e19d11f136199ef1b9ad0ef
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Thu Nov 7 14:56:43 2013 +1100
-       - markus@cvs.openbsd.org 2013/11/02 22:39:53
-         [regress/kextype.sh]
-         add curve25519-sha256@libssh.org
-commit aa19548a98c0f89283ebd7354abd746ca6bc4fdf
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Thu Nov 7 14:50:09 2013 +1100
-       - djm@cvs.openbsd.org 2013/10/09 23:44:14
-         [regress/Makefile] (ID sync only)
-         regression test for sftp request white/blacklisting and readonly mode.
-commit c8908aabff252f5da772d4e679479c2b7d18cac1
-Author: Damien Miller <djm@mindrot.org>
-Date:   Thu Nov 7 13:38:35 2013 +1100
-       - djm@cvs.openbsd.org 2013/11/06 23:05:59
-         [ssh-pkcs11.c]
-         from portable: s/true/true_val/ to avoid name collisions on dump platforms
-         RCSID sync only
-commit 49c145c5e89b9d7d48e84328d6347d5ad640b567
-Author: Damien Miller <djm@mindrot.org>
-Date:   Thu Nov 7 13:35:39 2013 +1100
-       - markus@cvs.openbsd.org 2013/11/06 16:52:11
-         [monitor_wrap.c]
-         fix rekeying for AES-GCM modes; ok deraadt
-commit 67a8800f290b39fd60e379988c700656ae3f2539
-Author: Damien Miller <djm@mindrot.org>
-Date:   Thu Nov 7 13:32:51 2013 +1100
-       - markus@cvs.openbsd.org 2013/11/04 11:51:16
-         [monitor.c]
-         fix rekeying for KEX_C25519_SHA256; noted by dtucker@
-         RCSID sync only; I thought this was a merge botch and fixed it already
-commit df8b030b15fcec7baf38ec7944f309f9ca8cc9a7
-Author: Damien Miller <djm@mindrot.org>
-Date:   Thu Nov 7 13:28:16 2013 +1100
-     - (djm) [configure.ac defines.h] Skip arc4random_stir() calls on platforms
-       that lack it but have arc4random_uniform()
-commit a6fd1d3c38a562709374a70fa76423859160aa90
-Author: Damien Miller <djm@mindrot.org>
-Date:   Thu Nov 7 12:03:26 2013 +1100
-     - (djm) [regress/modpipe.c regress/rekey.sh] Never intended to commit these
-commit c98319750b0bbdd0d1794420ec97d65dd9244613
-Author: Damien Miller <djm@mindrot.org>
-Date:   Thu Nov 7 12:00:23 2013 +1100
-     - (djm) [Makefile.in monitor.c] Missed chunks of curve25519 KEX diff
-commit 61c5c2319e84a58210810d39b062c8b8e3321160
-Author: Damien Miller <djm@mindrot.org>
-Date:   Thu Nov 7 11:34:14 2013 +1100
-     - (djm) [ssh-pkcs11.c] Bring back "non-constant initialiser" fix (rev 1.5)
-       that got lost in recent merge.
-commit 094003f5454a9f5a607674b2739824a7e91835f4
-Author: Damien Miller <djm@mindrot.org>
-Date:   Mon Nov 4 22:59:27 2013 +1100
-     - (djm) [kexc25519.c kexc25519c.c kexc25519s.c] Import missed files from
-       KEX/curve25519 change
-commit ca67a7eaf8766499ba67801d0be8cdaa550b9a50
-Author: Damien Miller <djm@mindrot.org>
-Date:   Mon Nov 4 09:05:17 2013 +1100
-       - djm@cvs.openbsd.org 2013/11/03 10:37:19
-         [roaming_common.c]
-         fix a couple of function definitions foo() -> foo(void)
-         (-Wold-style-definition)
-commit 0bd8f1519d51af8d4229be81e8f2f4903a1d440b
-Author: Damien Miller <djm@mindrot.org>
-Date:   Mon Nov 4 08:55:43 2013 +1100
-       - markus@cvs.openbsd.org 2013/11/02 22:39:19
-         [ssh_config.5 sshd_config.5]
-         the default kex is now curve25519-sha256@libssh.org
-commit 4c3ba0767fbe4a8a2a748df4035aaf86651f6b30
-Author: Damien Miller <djm@mindrot.org>
-Date:   Mon Nov 4 08:40:13 2013 +1100
-       - markus@cvs.openbsd.org 2013/11/02 22:34:01
-         [auth-options.c]
-         no need to include monitor_wrap.h and ssh-gss.h
-commit 660621b2106b987b874c2f120218bec249d0f6ba
-Author: Damien Miller <djm@mindrot.org>
-Date:   Mon Nov 4 08:37:51 2013 +1100
-       - markus@cvs.openbsd.org 2013/11/02 22:24:24
-         [kexdhs.c kexecdhs.c]
-         no need to include ssh-gss.h
-commit abdca986decfbbc008c895195b85e879ed460ada
-Author: Damien Miller <djm@mindrot.org>
-Date:   Mon Nov 4 08:30:05 2013 +1100
-       - markus@cvs.openbsd.org 2013/11/02 22:10:15
-         [kexdhs.c kexecdhs.c]
-         no need to include monitor_wrap.h
-commit 1e1242604eb0fd510fe93f81245c529237ffc513
-Author: Damien Miller <djm@mindrot.org>
-Date:   Mon Nov 4 08:26:52 2013 +1100
-       - markus@cvs.openbsd.org 2013/11/02 21:59:15
-         [kex.c kex.h myproposal.h ssh-keyscan.c sshconnect2.c sshd.c]
-         use curve25519 for default key exchange (curve25519-sha256@libssh.org);
-         initial patch from Aris Adamantiadis; ok djm@
-commit d2252c79191d069372ed6effce7c7a2de93448cd
-Author: Damien Miller <djm@mindrot.org>
-Date:   Mon Nov 4 07:41:48 2013 +1100
-       - markus@cvs.openbsd.org 2013/11/02 20:03:54
-         [ssh-pkcs11.c]
-         support pkcs#11 tokes that only provide x509 zerts instead of raw pubkeys;
-         fixes bz#1908; based on patch from Laurent Barbe; ok djm
-commit 007e3b357e880caa974d5adf9669298ba0751c78
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Sun Nov 3 18:43:55 2013 +1100
-     - (dtucker) [configure.ac defines.h] Add typedefs for intmax_t and uintmax_t
-       for platforms that don't have them.
-commit 710f3747352fb93a63e5b69b12379da37f5b3fa9
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Sun Nov 3 17:20:34 2013 +1100
-     - (dtucker) [openbsd-compat/setproctitle.c] Handle error case form the 2nd
-       vsnprintf.  From eric at openbsd via chl@.
-commit d52770452308e5c2e99f4da6edaaa77ef078b610
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Sun Nov 3 16:30:46 2013 +1100
-     - (dtucker) [openbsd-compat/bsd-misc.c] Include time.h for nanosleep.
-       From OpenSMTPD where it prevents "implicit declaration" warnings (it's
-       a no-op in OpenSSH).  From chl at openbsd.
-commit 63857c9340d3482746a5622ffdacc756751f6448
-Author: Damien Miller <djm@mindrot.org>
-Date:   Wed Oct 30 22:31:06 2013 +1100
-       - jmc@cvs.openbsd.org 2013/10/29 18:49:32
-         [sshd_config.5]
-         pty(4), not pty(7);
-commit 5ff30c6b68adeee767dd29bf2369763c6a13c0b3
-Author: Damien Miller <djm@mindrot.org>
-Date:   Wed Oct 30 22:21:50 2013 +1100
-       - djm@cvs.openbsd.org 2013/10/29 09:48:02
-         [servconf.c servconf.h session.c sshd_config sshd_config.5]
-         shd_config PermitTTY to disallow TTY allocation, mirroring the
-         longstanding no-pty authorized_keys option;
-         bz#2070, patch from Teran McKinney; ok markus@
-commit 4a3a9d4bbf8048473f5cc202cd8db7164d5e6b8d
-Author: Damien Miller <djm@mindrot.org>
-Date:   Wed Oct 30 22:19:47 2013 +1100
-       - djm@cvs.openbsd.org 2013/10/29 09:42:11
-         [key.c key.h]
-         fix potential stack exhaustion caused by nested certificates;
-         report by Mateusz Kocielski; ok dtucker@ markus@
-commit 28631ceaa7acd9bc500f924614431542893c6a21
-Author: Damien Miller <djm@mindrot.org>
-Date:   Sat Oct 26 10:07:56 2013 +1100
-       - djm@cvs.openbsd.org 2013/10/25 23:04:51
-         [ssh.c]
-         fix crash when using ProxyCommand caused by previous commit - was calling
-         freeaddrinfo(NULL); spotted by sthen@ and Tim Ruehsen, patch by sthen@
-commit 26506ad29350c5681815745cc90b3952a84cf118
-Author: Damien Miller <djm@mindrot.org>
-Date:   Sat Oct 26 10:05:46 2013 +1100
-     - (djm) [ssh-keygen.c ssh-keysign.c sshconnect1.c sshd.c] Remove
-       unnecessary arc4random_stir() calls. The only ones left are to ensure
-       that the PRNG gets a different state after fork() for platforms that
-       have broken the API.
-commit bd43e8872325e9bbb3319c89da593614709f317c
-Author: Tim Rice <tim@multitalents.net>
-Date:   Thu Oct 24 12:22:49 2013 -0700
-     - (tim) [regress/sftp-perm.sh] We need a shell that understands "! somecmd"
-commit a90c0338083ee0e4064c4bdf61f497293a699be0
-Author: Damien Miller <djm@mindrot.org>
-Date:   Thu Oct 24 21:03:17 2013 +1100
-       - djm@cvs.openbsd.org 2013/10/24 08:19:36
-         [ssh.c]
-         fix bug introduced in hostname canonicalisation commit: don't try to
-         resolve hostnames when a ProxyCommand is set unless the user has forced
-         canonicalisation; spotted by Iain Morgan
-commit cf31f3863425453ffcda540fbefa9df80088c8d1
-Author: Damien Miller <djm@mindrot.org>
-Date:   Thu Oct 24 21:02:56 2013 +1100
-       - dtucker@cvs.openbsd.org 2013/10/24 00:51:48
-         [readconf.c servconf.c ssh_config.5 sshd_config.5]
-         Disallow empty Match statements and add "Match all" which matches
-         everything.  ok djm, man page help jmc@
-commit 4bedd4032a09ce87322ae5ea80f193f109e5c607
-Author: Damien Miller <djm@mindrot.org>
-Date:   Thu Oct 24 21:02:26 2013 +1100
-       - dtucker@cvs.openbsd.org 2013/10/24 00:49:49
-         [moduli.c]
-         Periodically print progress and, if possible, expected time to completion
-         when screening moduli for DH groups.  ok deraadt djm
-commit 5ecb41629860687b145be63b8877fabb6bae5eda
-Author: Damien Miller <djm@mindrot.org>
-Date:   Thu Oct 24 21:02:02 2013 +1100
-       - djm@cvs.openbsd.org 2013/10/23 23:35:32
-         [sshd.c]
-         include local address and port in "Connection from ..." message (only
-         shown at loglevel>=verbose)
-commit 03bf2e61ad6ac59a362a1f11b105586cb755c147
-Author: Damien Miller <djm@mindrot.org>
-Date:   Thu Oct 24 21:01:26 2013 +1100
-       - dtucker@cvs.openbsd.org 2013/10/23 05:40:58
-         [servconf.c]
-         fix comment
-commit 8f1873191478847773906af961c8984d02a49dd6
-Author: Damien Miller <djm@mindrot.org>
-Date:   Thu Oct 24 10:53:02 2013 +1100
-     - (djm) [auth-krb5.c] bz#2032 - use local username in krb5_kuserok check
-       rather than full client name which may be of form user@REALM;
-       patch from Miguel Sanders; ok dtucker@
-commit 5b01b0dcb417eb615df77e7ce1b59319bf04342c
-Author: Damien Miller <djm@mindrot.org>
-Date:   Wed Oct 23 16:31:31 2013 +1100
-       - djm@cvs.openbsd.org 2013/10/23 04:16:22
-         [ssh-keygen.c]
-         Make code match documentation: relative-specified certificate expiry time
-         should be relative to current time and not the validity start time.
-         Reported by Petr Lautrbach; ok deraadt@
-commit eff5cada589f25793dbe63a76aba9da39837a148
-Author: Damien Miller <djm@mindrot.org>
-Date:   Wed Oct 23 16:31:10 2013 +1100
-       - djm@cvs.openbsd.org 2013/10/23 03:05:19
-         [readconf.c ssh.c]
-         comment
-commit 084bcd24e9fe874020e4df4e073e7408e1b17fb7
-Author: Damien Miller <djm@mindrot.org>
-Date:   Wed Oct 23 16:30:51 2013 +1100
-       - djm@cvs.openbsd.org 2013/10/23 03:03:07
-         [readconf.c]
-         Hostname may have %h sequences that should be expanded prior to Match
-         evaluation; spotted by Iain Morgan
-commit 8e5a67f46916def40b2758bb7755350dd2eee843
-Author: Damien Miller <djm@mindrot.org>
-Date:   Wed Oct 23 16:30:25 2013 +1100
-       - jmc@cvs.openbsd.org 2013/10/20 18:00:13
-         [ssh_config.5]
-         tweak the "exec" description, as worded by djm;
-commit c0049bd0bca02890cd792babc594771c563f91f2
-Author: Damien Miller <djm@mindrot.org>
-Date:   Wed Oct 23 16:29:59 2013 +1100
-       - djm@cvs.openbsd.org 2013/10/20 09:51:26
-         [scp.1 sftp.1]
-         add canonicalisation options to -o lists
-commit 8a04be795fc28514a09e55a54b2e67968f2e1b3a
-Author: Damien Miller <djm@mindrot.org>
-Date:   Wed Oct 23 16:29:40 2013 +1100
-       - djm@cvs.openbsd.org 2013/10/20 06:19:28
-         [readconf.c ssh_config.5]
-         rename "command" subclause of the recently-added "Match" keyword to
-         "exec"; it's shorter, clearer in intent and we might want to add the
-         ability to match against the command being executed at the remote end in
-         the future.
-commit 5c86ebdf83b636b6741db4b03569ef4a53b89a58
-Author: Damien Miller <djm@mindrot.org>
-Date:   Wed Oct 23 16:29:12 2013 +1100
-       - djm@cvs.openbsd.org 2013/10/20 04:39:28
-         [ssh_config.5]
-         document % expansions performed by "Match command ..."
-commit 4502f88774edc56194707167443f94026d3c7cfa
-Author: Damien Miller <djm@mindrot.org>
-Date:   Fri Oct 18 10:17:36 2013 +1100
-       - djm@cvs.openbsd.org 2013/10/17 22:08:04
-         [sshd.c]
-         include remote port in bad banner message; bz#2162
-commit 1edcbf65ebd2febeaf10a836468f35e519eed7ca
-Author: Damien Miller <djm@mindrot.org>
-Date:   Fri Oct 18 10:17:17 2013 +1100
-       - jmc@cvs.openbsd.org 2013/10/17 07:35:48
-         [sftp.1 sftp.c]
-         tweak previous;
-commit a176e1823013dd8533a20235b3a5131f0626f46b
-Author: Damien Miller <djm@mindrot.org>
-Date:   Fri Oct 18 09:05:41 2013 +1100
-       - djm@cvs.openbsd.org 2013/10/09 23:44:14
-         [regress/Makefile regress/sftp-perm.sh]
-         regression test for sftp request white/blacklisting and readonly mode.
-commit e3ea09494dcfe7ba76536e95765c8328ecfc18fb
-Author: Damien Miller <djm@mindrot.org>
-Date:   Thu Oct 17 11:57:23 2013 +1100
-       - djm@cvs.openbsd.org 2013/10/17 00:46:49
-         [ssh.c]
-         rearrange check to reduce diff against -portable
-         (Id sync only)
-commit f29238e67471a7f1088a99c3c3dbafce76b790cf
-Author: Damien Miller <djm@mindrot.org>
-Date:   Thu Oct 17 11:48:52 2013 +1100
-       - djm@cvs.openbsd.org 2013/10/17 00:30:13
-         [PROTOCOL sftp-client.c sftp-client.h sftp-server.c sftp.1 sftp.c]
-         fsync@openssh.com protocol extension for sftp-server
-         client support to allow calling fsync() faster successful transfer
-         patch mostly by imorgan AT nas.nasa.gov; bz#1798
-         "fine" markus@ "grumble OK" deraadt@ "doesn't sound bad to me" millert@
-commit 51682faa599550a69d8120e5e2bdbdc0625ef4be
-Author: Damien Miller <djm@mindrot.org>
-Date:   Thu Oct 17 11:48:31 2013 +1100
-       - djm@cvs.openbsd.org 2013/10/16 22:58:01
-         [ssh.c ssh_config.5]
-         one I missed in previous: s/isation/ization/
-commit 3850559be93f1a442ae9ed370e8c389889dd5f72
-Author: Damien Miller <djm@mindrot.org>
-Date:   Thu Oct 17 11:48:13 2013 +1100
-       - djm@cvs.openbsd.org 2013/10/16 22:49:39
-         [readconf.c readconf.h ssh.1 ssh.c ssh_config.5]
-         s/canonicalise/canonicalize/ for consistency with existing spelling,
-         e.g. authorized_keys; pointed out by naddy@
-commit 607af3434b75acc7199a5d99d5a9c11068c01f27
-Author: Damien Miller <djm@mindrot.org>
-Date:   Thu Oct 17 11:47:51 2013 +1100
-       - jmc@cvs.openbsd.org 2013/10/16 06:42:25
-         [ssh_config.5]
-         tweak previous;
-commit 0faf747e2f77f0f7083bcd59cbed30c4b5448444
-Author: Damien Miller <djm@mindrot.org>
-Date:   Thu Oct 17 11:47:23 2013 +1100
-       - djm@cvs.openbsd.org 2013/10/16 02:31:47
-         [readconf.c readconf.h roaming_client.c ssh.1 ssh.c ssh_config.5]
-         [sshconnect.c sshconnect.h]
-         Implement client-side hostname canonicalisation to allow an explicit
-         search path of domain suffixes to use to convert unqualified host names
-         to fully-qualified ones for host key matching.
-         This is particularly useful for host certificates, which would otherwise
-         need to list unqualified names alongside fully-qualified ones (and this
-         causes a number of problems).
-         "looks fine" markus@
-commit d77b81f856e078714ec6b0f86f61c20249b7ead4
-Author: Damien Miller <djm@mindrot.org>
-Date:   Thu Oct 17 11:39:00 2013 +1100
-       - jmc@cvs.openbsd.org 2013/10/15 14:10:25
-         [ssh.1 ssh_config.5]
-         tweak previous;
-commit dcd39f29ce3308dc74a0ff27a9056205a932ce05
-Author: Damien Miller <djm@mindrot.org>
-Date:   Thu Oct 17 11:31:40 2013 +1100
-     - [ssh.c] g/c unused variable.
-commit 5359a628ce3763408da25d83271a8eddec597a0c
-Author: Damien Miller <djm@mindrot.org>
-Date:   Tue Oct 15 12:20:37 2013 +1100
-     - [ssh.c] g/c unused variable.
-commit 386feab0c4736b054585ee8ee372865d5cde8d69
-Author: Damien Miller <djm@mindrot.org>
-Date:   Tue Oct 15 12:14:49 2013 +1100
-       - djm@cvs.openbsd.org 2013/10/14 23:31:01
-         [ssh.c]
-         whitespace at EOL; pointed out by markus@
-commit e9fc72edd6c313b670558cd5219601c38a949b67
-Author: Damien Miller <djm@mindrot.org>
-Date:   Tue Oct 15 12:14:12 2013 +1100
-       - djm@cvs.openbsd.org 2013/10/14 23:28:23
-         [canohost.c misc.c misc.h readconf.c sftp-server.c ssh.c]
-         refactor client config code a little:
-         add multistate option partsing to readconf.c, similar to servconf.c's
-         existing code.
-         move checking of options that accept "none" as an argument to readconf.c
-         add a lowercase() function and use it instead of explicit tolower() in
-         loops
-         part of a larger diff that was ok markus@
-commit 194fd904d8597a274b93e075b2047afdf5a175d4
-Author: Damien Miller <djm@mindrot.org>
-Date:   Tue Oct 15 12:13:05 2013 +1100
-       - djm@cvs.openbsd.org 2013/10/14 22:22:05
-         [readconf.c readconf.h ssh-keysign.c ssh.c ssh_config.5]
-         add a "Match" keyword to ssh_config that allows matching on hostname,
-         user and result of arbitrary commands. "nice work" markus@
-commit 71df752de2a04f423b1cd18d961a79f4fbccbcee
-Author: Damien Miller <djm@mindrot.org>
-Date:   Tue Oct 15 12:12:02 2013 +1100
-       - djm@cvs.openbsd.org 2013/10/14 21:20:52
-         [session.c session.h]
-         Add logging of session starts in a useful format; ok markus@ feedback and
-         ok dtucker@
-commit 6efab27109b82820e8d32a5d811adb7bfc354f65
-Author: Damien Miller <djm@mindrot.org>
-Date:   Tue Oct 15 12:07:05 2013 +1100
-       - jmc@cvs.openbsd.org 2013/10/14 14:18:56
-         [sftp-server.8 sftp-server.c]
-         tweak previous;
-         ok djm
-commit 61c7de8a94156f6d7e9718ded9be8c65bb902b66
-Author: Damien Miller <djm@mindrot.org>
-Date:   Tue Oct 15 12:06:45 2013 +1100
-       - djm@cvs.openbsd.org 2013/10/11 02:53:45
-         [sftp-client.h]
-         obsolete comment
-commit 2f93d0556e4892208c9b072624caa8cc5ddd839d
-Author: Damien Miller <djm@mindrot.org>
-Date:   Tue Oct 15 12:06:27 2013 +1100
-       - djm@cvs.openbsd.org 2013/10/11 02:52:23
-         [sftp-client.c]
-         missed one arg reorder
-commit bda5c8445713ae592d969a5105ed1a65da22bc96
-Author: Damien Miller <djm@mindrot.org>
-Date:   Tue Oct 15 12:05:58 2013 +1100
-       - djm@cvs.openbsd.org 2013/10/11 02:45:36
-         [sftp-client.c]
-         rename flag arguments to be more clear and consistent.
-         reorder some internal function arguments to make adding additional flags
-         easier.
-         no functional change
-commit 61ee4d68ca0fcc793a826fc7ec70f3b8ffd12ab6
-Author: Damien Miller <djm@mindrot.org>
-Date:   Tue Oct 15 11:56:47 2013 +1100
-       - djm@cvs.openbsd.org 2013/10/10 01:43:03
-         [sshd.c]
-         bz#2139: fix re-exec fallback by ensuring that startup_pipe is correctly
-         updated; ok dtucker@
-commit 73600e51af9ee734a19767e0c084bbbc5eb5b8da
-Author: Damien Miller <djm@mindrot.org>
-Date:   Tue Oct 15 11:56:25 2013 +1100
-       - djm@cvs.openbsd.org 2013/10/10 00:53:25
-         [sftp-server.c]
-         add -Q, -P and -p to usage() before jmc@ catches me
-commit 6eaeebf27d92f39a38c772aa3f20c2250af2dd29
-Author: Damien Miller <djm@mindrot.org>
-Date:   Tue Oct 15 11:55:57 2013 +1100
-       - djm@cvs.openbsd.org 2013/10/09 23:42:17
-         [sftp-server.8 sftp-server.c]
-         Add ability to whitelist and/or blacklist sftp protocol requests by name.
-         Refactor dispatch loop and consolidate read-only mode checks.
-         Make global variables static, since sftp-server is linked into sshd(8).
-         ok dtucker@
-commit df62d71e64d29d1054e7a53d1a801075ef70335f
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Thu Oct 10 10:32:39 2013 +1100
-       - dtucker@cvs.openbsd.org 2013/10/08 11:42:13
-         [dh.c dh.h]
-         Increase the size of the Diffie-Hellman groups requested for a each
-         symmetric key size.  New values from NIST Special Publication 800-57 with
-         the upper limit specified by RFC4419.  Pointed out by Peter Backes, ok
-         djm@.
-commit e6e52f8c5dc89a6767702e65bb595aaf7bc8991c
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Thu Oct 10 10:28:07 2013 +1100
-       - djm@cvs.openbsd.org 2013/09/19 01:26:29
-         [sshconnect.c]
-         bz#1211: make BindAddress work with UsePrivilegedPort=yes; patch from
-         swp AT swp.pp.ru; ok dtucker@
-commit 71152bc9911bc34a98810b2398dac20df3fe8de3
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Thu Oct 10 10:27:21 2013 +1100
-       - djm@cvs.openbsd.org 2013/09/19 01:24:46
-         [channels.c]
-         bz#1297 - tell the client (via packet_send_debug) when their preferred
-         listen address has been overridden by the server's GatewayPorts;
-         ok dtucker@
-commit b59aaf3c4f3f449a4b86d8528668bd979be9aa5f
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Thu Oct 10 10:26:21 2013 +1100
-       - djm@cvs.openbsd.org 2013/09/19 00:49:12
-         [sftp-client.c]
-         fix swapped pflag and printflag in sftp upload_dir; from Iain Morgan
-commit 5d80e4522d6238bdefe9d0c634f0e6d35a241e41
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Thu Oct 10 10:25:09 2013 +1100
-       - djm@cvs.openbsd.org 2013/09/19 00:24:52
-         [progressmeter.c]
-         store the initial file offset so the progress meter doesn't freak out
-         when resuming sftp transfers. bz#2137; patch from Iain Morgan; ok dtucker@
-commit ad92df7e5ed26fea85adfb3f95352d6cd8e86344
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Thu Oct 10 10:24:11 2013 +1100
-       - sthen@cvs.openbsd.org 2013/09/16 11:35:43
-         [ssh_config]
-         Remove gssapi config parts from ssh_config, as was already done for
-         sshd_config.  Req by/ok ajacoutot@
-         ID SYNC ONLY for portable; kerberos/gssapi is still pretty popular
-commit 720711960b130d36dfdd3d50eb25ef482bdd000e
-Author: Damien Miller <djm@mindrot.org>
-Date:   Wed Oct 9 10:44:47 2013 +1100
-     - (djm) [openbsd-compat/Makefile.in openbsd-compat/arc4random.c]
-       [openbsd-compat/bsd-arc4random.c] Replace old RC4-based arc4random
-       implementation with recent OpenBSD's ChaCha-based PRNG. ok dtucker@,
-       tested tim@
-commit 9159310087a218e28940a592896808b8eb76a039
-Author: Damien Miller <djm@mindrot.org>
-Date:   Wed Oct 9 10:42:32 2013 +1100
-     - (djm) [openbsd-compat/arc4random.c openbsd-compat/chacha_private.h] Pull
-       in OpenBSD implementation of arc4random, shortly to replace the existing
-       bsd-arc4random.c
-commit 67f1d557a68d6fa8966a327d7b6dee3408cf0e72
-Author: Damien Miller <djm@mindrot.org>
-Date:   Wed Oct 9 09:33:08 2013 +1100
-    correct incorrect years in datestamps; from des
-commit f2bf36c3eb4d969f85ec8aa342e9aecb61cc8bb1
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Sun Sep 22 19:02:40 2013 +1000
-     - (dtucker) [platform.c platform.h sshd.c] bz#2156: restore Linux oom_adj
-       setting when handling SIGHUP to maintain behaviour over retart.  Patch
-       from Matthew Ife.
-commit e90a06ae570fd259a2f5ced873c7f17390f535a5
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Wed Sep 18 15:09:38 2013 +1000
-     - (dtucker) [sshd_config] Trailing whitespace; from jstjohn at purdue edu.
-commit 13840e0103946982cee2a05c40697be7e57dca41
-Author: Damien Miller <djm@mindrot.org>
-Date:   Sat Sep 14 09:49:43 2013 +1000
-       - djm@cvs.openbsd.org 2013/09/13 06:54:34
-         [channels.c]
-         avoid unaligned access in code that reused a buffer to send a
-         struct in_addr in a reply; simpler just use use buffer_put_int();
-         from portable; spotted by and ok dtucker@
-commit 70182522a47d283513a010338cd028cb80dac2ab
-Author: Damien Miller <djm@mindrot.org>
-Date:   Sat Sep 14 09:49:19 2013 +1000
-       - djm@cvs.openbsd.org 2013/09/12 01:41:12
-         [clientloop.c]
-         fix connection crash when sending break (~B) on ControlPersist'd session;
-         ok dtucker@
-commit ff9d6c2a4171ee32e8fe28fc3b86eb33bd5c845b
-Author: Damien Miller <djm@mindrot.org>
-Date:   Sat Sep 14 09:48:55 2013 +1000
-       - sthen@cvs.openbsd.org 2013/09/07 13:53:11
-         [sshd_config]
-         Remove commented-out kerberos/gssapi config options from sample config,
-         kerberos support is currently not enabled in ssh in OpenBSD. Discussed with
-         various people; ok deraadt@
-         ID SYNC ONLY for portable; kerberos/gssapi is still pretty popular
-commit 8bab5e7b5ff6721d926b5ebf05a3a24489889c58
-Author: Damien Miller <djm@mindrot.org>
-Date:   Sat Sep 14 09:47:00 2013 +1000
-       - deraadt@cvs.openbsd.org 2013/09/02 22:00:34
-         [ssh-keygen.c sshconnect1.c sshd.c]
-         All the instances of arc4random_stir() are bogus, since arc4random()
-         does this itself, inside itself, and has for a very long time..  Actually,
-         this was probably reducing the entropy available.
-         ok djm
-         ID SYNC ONLY for portable; we don't trust other arc4random implementations
-         to do this right.
-commit 61353b3208d548fab863e0e0ac5d2400ee5bb340
-Author: Damien Miller <djm@mindrot.org>
-Date:   Sat Sep 14 09:45:32 2013 +1000
-       - djm@cvs.openbsd.org 2013/08/31 00:13:54
-         [sftp.c]
-         make ^w match ksh behaviour (delete previous word instead of entire line)
-commit 660854859cad31d234edb9353fb7ca2780df8128
-Author: Damien Miller <djm@mindrot.org>
-Date:   Sat Sep 14 09:45:03 2013 +1000
-       - mikeb@cvs.openbsd.org 2013/08/28 12:34:27
-         [ssh-keygen.c]
-         improve batch processing a bit by making use of the quite flag a bit
-         more often and exit with a non zero code if asked to find a hostname
-         in a known_hosts file and it wasn't there;
-         originally from reyk@,  ok djm
-commit 045bda5cb8acf0eb9d71c275ee1247e3154fc9e5
-Author: Damien Miller <djm@mindrot.org>
-Date:   Sat Sep 14 09:44:37 2013 +1000
-       - djm@cvs.openbsd.org 2013/08/22 19:02:21
-         [sshd.c]
-         Stir PRNG after post-accept fork. The child gets a different PRNG state
-         anyway via rexec and explicit privsep reseeds, but it's good to be sure.
-         ok markus@
-commit ed4af412da60a084891b20412433a27966613fb8
-Author: Damien Miller <djm@mindrot.org>
-Date:   Sat Sep 14 09:40:51 2013 +1000
-    add marker for 6.3p1 release at the point of the last included change
-commit 43968a8e66a0aa1afefb11665bf96f86b113f5d9
-Author: Damien Miller <djm@mindrot.org>
-Date:   Wed Aug 28 14:00:54 2013 +1000
-     - (djm) [openbsd-compat/bsd-snprintf.c] #ifdef noytet for intmax_t bits
-       until we have configure support.
-commit 04be8b9e53f8388c94b531ebc5d1bd6e10e930d1
-Author: Damien Miller <djm@mindrot.org>
-Date:   Wed Aug 28 12:49:43 2013 +1000
-     - (djm) [openbsd-compat/bsd-snprintf.c] teach our local snprintf code the
-       'j' (intmax_t/uintmax_t) and 'z' (size_t/ssize_t) conversions in case we
-       start to use them in the future.
author	Colin Watson <cjwatson@debian.org>	2016-01-14 15:07:14 +0000
committer	Colin Watson <cjwatson@debian.org>	2016-01-14 15:07:14 +0000
commit	eeff4de96f5d7365750dc56912c2c62b5c28db6b (patch)
tree	87e6ba5620716a6a9c1cbf84786d81cf7373ad43 /ChangeLog
parent	651211fd4a199b299540c00c54a46e27fadb04be (diff)
parent	c88ac102f0eb89f2eaa314cb2e2e0ca3c890c443 (diff)