From 01ce1cd402d5eecde2bba35b67e08f5b266b37fd Mon Sep 17 00:00:00 2001
From: Abhishek Arya <inferno@chromium.org>
Date: Tue, 8 Oct 2019 20:19:18 -0700
Subject: Update README.md

---
 README.md | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'README.md')

diff --git a/README.md b/README.md
index 4e2624161..412adcecb 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,7 @@
 # Portable OpenSSH
 
+[![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/openssh.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:openssh)
+
 OpenSSH is a complete implementation of the SSH protocol (version 2) for secure remote login, command execution and file transfer. It includes a client ``ssh`` and server ``sshd``, file transfer utilities ``scp`` and ``sftp`` as well as tools for key generation (``ssh-keygen``), run-time key storage (``ssh-agent``) and a number of supporting programs.
 
 This is a port of OpenBSD's [OpenSSH](https://openssh.com) to most Unix-like operating systems, including Linux, OS X and Cygwin. Portable OpenSSH polyfills OpenBSD APIs that are not available elsewhere, adds sshd sandboxing for more operating systems and includes support for OS-native authentication and auditing (e.g. using PAM).
-- 
cgit v1.2.3


From 5c0bc273cba53f822b7d777bbb6c35d160d3b505 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Fri, 15 Nov 2019 16:08:00 +1100
Subject: configure flag to built-in security key support

Require --with-security-key-builtin before enabling the built-in
security key support (and consequent dependency on libfido2).
---
 README.md    |  1 +
 configure.ac | 12 +++++++++++-
 2 files changed, 12 insertions(+), 1 deletion(-)

(limited to 'README.md')

diff --git a/README.md b/README.md
index 412adcecb..4a393295d 100644
--- a/README.md
+++ b/README.md
@@ -66,6 +66,7 @@ Flag | Meaning
 ``--with-libedit`` | Enable [libedit](https://www.thrysoee.dk/editline/) support for sftp.
 ``--with-kerberos5`` | Enable Kerberos/GSSAPI support. Both [Heimdal](https://www.h5l.org/) and [MIT](https://web.mit.edu/kerberos/) Kerberos implementations are supported.
 ``--with-selinux`` | Enable [SELinux](https://en.wikipedia.org/wiki/Security-Enhanced_Linux) support.
+``--with-security-key-builtin`` | Include built-in support for U2F/FIDO2 security keys. This requires [libfido2](https://github.com/Yubico/libfido2) be installed.
 
 ## Development
 
diff --git a/configure.ac b/configure.ac
index 3814db66b..0c2882b1a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1908,6 +1908,16 @@ AC_ARG_ENABLE([security-key],
 		fi
 	]
 )
+enable_sk_internal=
+AC_ARG_WITH([security-key-builtin],
+	[  --with-security-key-builtin include builtin U2F/FIDO support],
+	[
+		if test "x$withval" != "xno" ; then
+			enable_sk_internal=yes
+		fi
+	]
+)
+test "x$disable_sk" != "x" && enable_sk_internal=""
 
 AC_SEARCH_LIBS([dlopen], [dl])
 AC_CHECK_FUNCS([dlopen])
@@ -3062,7 +3072,7 @@ fi
 AC_MSG_RESULT([$enable_sk])
 
 # Now check for built-in security key support.
-if test "x$enable_sk" = "xyes" ; then
+if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" = "xyes" ; then
 	AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
 	use_pkgconfig_for_libfido2=
 	if test "x$PKGCONFIG" != "xno"; then
-- 
cgit v1.2.3


From a19ef613e98141cc37c8acdeebe285b9dbe2531e Mon Sep 17 00:00:00 2001
From: Darren Tucker <dtucker@dtucker.net>
Date: Tue, 17 Dec 2019 19:35:59 +1100
Subject: OpenSSL is now optional.

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'README.md')

diff --git a/README.md b/README.md
index 4a393295d..41a97baf6 100644
--- a/README.md
+++ b/README.md
@@ -27,7 +27,7 @@ Stable release tarballs are available from a number of [download mirrors](https:
 
 ### Dependencies
 
-Portable OpenSSH is built using autoconf and make. It requires a working C compiler, standard library and headers, as well as [zlib](https://www.zlib.net/) and ``libcrypto`` from either [LibreSSL](https://www.libressl.org/) or [OpenSSL](https://www.openssl.org) to build. Certain platforms and build-time options may require additional dependencies.
+Portable OpenSSH is built using autoconf and make. It requires a working C compiler, standard library and headers, and [zlib](https://www.zlib.net/). ``libcrypto`` from either [LibreSSL](https://www.libressl.org/) or [OpenSSL](https://www.openssl.org) may also be used, but OpenSSH may be built without it supporting a subset of crytpo algorithms. Certain platforms and build-time options may require additional dependencies, see README.platform for details.
 
 ### Building a release
 
-- 
cgit v1.2.3


From bf8de8b8251af69b5ce96a8faa69145af156af4d Mon Sep 17 00:00:00 2001
From: Darren Tucker <dtucker@dtucker.net>
Date: Tue, 17 Dec 2019 19:37:06 +1100
Subject: Show portable tarball pattern in example.

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'README.md')

diff --git a/README.md b/README.md
index 41a97baf6..0f3ba89b1 100644
--- a/README.md
+++ b/README.md
@@ -34,7 +34,7 @@ Portable OpenSSH is built using autoconf and make. It requires a working C compi
 Releases include a pre-built copy of the ``configure`` script and may be built using:
 
 ```
-tar zxvf openssh-X.Y.tar.gz
+tar zxvf openssh-X.YpZ.tar.gz
 cd openssh
 ./configure # [options]
 make && make tests
-- 
cgit v1.2.3


From 515e10ddf9644010b88cfd7ecf601f4306d42232 Mon Sep 17 00:00:00 2001
From: Ruben Kerkhof <ruben@rubenkerkhof.com>
Date: Wed, 15 Jan 2020 16:16:31 +0100
Subject: Fix typo in README.md, s/crytpo/crypto/

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'README.md')

diff --git a/README.md b/README.md
index 0f3ba89b1..348148ac3 100644
--- a/README.md
+++ b/README.md
@@ -27,7 +27,7 @@ Stable release tarballs are available from a number of [download mirrors](https:
 
 ### Dependencies
 
-Portable OpenSSH is built using autoconf and make. It requires a working C compiler, standard library and headers, and [zlib](https://www.zlib.net/). ``libcrypto`` from either [LibreSSL](https://www.libressl.org/) or [OpenSSL](https://www.openssl.org) may also be used, but OpenSSH may be built without it supporting a subset of crytpo algorithms. Certain platforms and build-time options may require additional dependencies, see README.platform for details.
+Portable OpenSSH is built using autoconf and make. It requires a working C compiler, standard library and headers, and [zlib](https://www.zlib.net/). ``libcrypto`` from either [LibreSSL](https://www.libressl.org/) or [OpenSSL](https://www.openssl.org) may also be used, but OpenSSH may be built without it supporting a subset of crypto algorithms. Certain platforms and build-time options may require additional dependencies, see README.platform for details.
 
 ### Building a release
 
-- 
cgit v1.2.3


From 262eb05a22cb1fabc3bc1746c220566490b80229 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Mon, 3 Feb 2020 21:22:15 +1100
Subject: mention libfido2 in dependencies section

---
 README.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'README.md')

diff --git a/README.md b/README.md
index 348148ac3..1d08f2bed 100644
--- a/README.md
+++ b/README.md
@@ -27,7 +27,9 @@ Stable release tarballs are available from a number of [download mirrors](https:
 
 ### Dependencies
 
-Portable OpenSSH is built using autoconf and make. It requires a working C compiler, standard library and headers, and [zlib](https://www.zlib.net/). ``libcrypto`` from either [LibreSSL](https://www.libressl.org/) or [OpenSSL](https://www.openssl.org) may also be used, but OpenSSH may be built without it supporting a subset of crypto algorithms. Certain platforms and build-time options may require additional dependencies, see README.platform for details.
+Portable OpenSSH is built using autoconf and make. It requires a working C compiler, standard library and headers, and [zlib](https://www.zlib.net/). ``libcrypto`` from either [LibreSSL](https://www.libressl.org/) or [OpenSSL](https://www.openssl.org) may also be used, but OpenSSH may be built without it supporting a subset of crypto algorithms.
+
+FIDO security token support need [libfido2](https://github.com/Yubico/libfido2) and its dependenciesi. Also, certain platforms and build-time options may require additional dependencies, see README.platform for details.
 
 ### Building a release
 
-- 
cgit v1.2.3


From be075110c735a451fd9d79a864e01e2e0d9f19d2 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Fri, 7 Feb 2020 15:07:27 +1100
Subject: typo; reported by Phil Pennock

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'README.md')

diff --git a/README.md b/README.md
index 1d08f2bed..28fb43d2a 100644
--- a/README.md
+++ b/README.md
@@ -29,7 +29,7 @@ Stable release tarballs are available from a number of [download mirrors](https:
 
 Portable OpenSSH is built using autoconf and make. It requires a working C compiler, standard library and headers, and [zlib](https://www.zlib.net/). ``libcrypto`` from either [LibreSSL](https://www.libressl.org/) or [OpenSSL](https://www.openssl.org) may also be used, but OpenSSH may be built without it supporting a subset of crypto algorithms.
 
-FIDO security token support need [libfido2](https://github.com/Yubico/libfido2) and its dependenciesi. Also, certain platforms and build-time options may require additional dependencies, see README.platform for details.
+FIDO security token support need [libfido2](https://github.com/Yubico/libfido2) and its dependencies. Also, certain platforms and build-time options may require additional dependencies, see README.platform for details.
 
 ### Building a release
 
-- 
cgit v1.2.3