commit cdf1d0a9f5d18535e0a18ff34860e81a6d83aa5c
Author: Damien Miller <djm@mindrot.org>
Date:   Wed Oct 9 11:31:03 2019 +1100

    prepare for 8.1 release

commit 3b4e56d740b74324e2d7542957cad5a11518f455
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Wed Oct 9 00:04:57 2019 +0000

    upstream: openssh-8.1
    
    OpenBSD-Commit-ID: 3356bb34e2aa287f0e6d6773c9ae659dc680147d

commit 29e0ecd9b4eb3b9f305e2240351f0c59cad9ef81
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Wed Oct 9 00:04:42 2019 +0000

    upstream: fix an unreachable integer overflow similar to the XMSS
    
    case, and some other NULL dereferences found by fuzzing.
    
    fix with and ok markus@
    
    OpenBSD-Commit-ID: 0f81adbb95ef887ce586953e1cb225fa45c7a47b

commit a546b17bbaeb12beac4c9aeed56f74a42b18a93a
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Wed Oct 9 00:02:57 2019 +0000

    upstream: fix integer overflow in XMSS private key parsing.
    
    Reported by Adam Zabrocki via SecuriTeam's SSH program.
    
    Note that this code is experimental and not compiled by default.
    
    ok markus@
    
    OpenBSD-Commit-ID: cd0361896d15e8a1bac495ac583ff065ffca2be1

commit c2cc25480ba36ab48c1a577bebb12493865aad87
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Tue Oct 8 22:40:39 2019 +0000

    upstream: Correct type for end-of-list sentinel; fixes initializer
    
    warnings on some platforms.  ok deraadt.
    
    OpenBSD-Commit-ID: a990dbc2dac25bdfa07e79321349c73fd991efa2

commit e827aedf8818e75c0016b47ed8fc231427457c43
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Mon Oct 7 23:10:38 2019 +0000

    upstream: reversed test yielded incorrect debug message
    
    OpenBSD-Commit-ID: 78bb512d04cfc238adb2c5b7504ac93eecf523b3

commit 8ca491d29fbe26e5909ce22b344c0a848dc28d55
Author: Damien Miller <djm@mindrot.org>
Date:   Tue Oct 8 17:05:57 2019 +1100

    depend

commit 86a0323374cbd404629e75bb320b3fa1c16aaa6b
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Wed Oct 9 09:36:06 2019 +1100

    Make MAKE_CLONE no-op macro more correct.
    
    Similar to the previous change to DEF_WEAK, some compilers don't like
    the empty statement, so convert into a no-op function prototype.

commit cfc1897a2002ec6c4dc879b24e8b3153c87ea2cf
Author: Damien Miller <djm@mindrot.org>
Date:   Wed Oct 9 09:06:35 2019 +1100

    wrap stdint.h include in HAVE_STDINT_H
    
    make the indenting a little more consistent too..
    
    Fixes Solaris 2.6; reported by Tom G. Christensen

commit 13b3369830a43b89a503915216a23816d1b25744
Author: Damien Miller <djm@mindrot.org>
Date:   Tue Oct 8 15:32:02 2019 +1100

    avoid "return (value)" in void-declared function
    
    spotted by Tim Rice; ok dtucker

commit 0c7f8d2326d812b371f7afd63aff846973ec80a4
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Tue Oct 8 14:44:50 2019 +1100

    Make DEF_WEAK more likely to be correct.
    
    Completely nop-ing out DEF_WEAK leaves an empty statemment which some
    compilers don't like.  Replace with a no-op function template.  ok djm@

commit b1e79ea8fae9c252399677a28707661d85c7d00c
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Sun Oct 6 11:49:50 2019 +0000

    upstream: Instead of running sed over the whole log to remove CRs,
    
    remove them only where it's needed (and confuses test(1) on at least OS X in
    portable).
    
    OpenBSD-Regress-ID: a6ab9b4bd1d33770feaf01b2dfb96f9e4189d2d0

commit 8dc7d6b75a7f746fdd056acd41dffc0a13557a4c
Author: Eduardo Barretto <ebarretto@linux.vnet.ibm.com>
Date:   Tue May 9 13:33:30 2017 -0300

    Enable specific ioctl call for EP11 crypto card (s390)
    
    The EP11 crypto card needs to make an ioctl call, which receives an
    specific argument. This crypto card is for s390 only.
    
    Signed-off-by: Eduardo Barretto <ebarretto@linux.vnet.ibm.com>

commit 07f2c7f34951c04d2cd796ac6c80e47c56c4969e
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Oct 4 04:31:59 2019 +0000

    upstream: fix memory leak in error path; bz#3074 patch from
    
    krishnaiah.bommu@intel.com, ok dtucker
    
    OpenBSD-Commit-ID: d031853f3ecf47b35a0669588f4d9d8e3b307b3c

commit b7fbc75e119170f4d15c94a7fda4a1050e0871d6
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Oct 4 04:13:39 2019 +0000

    upstream: space
    
    OpenBSD-Commit-ID: 350648bcf00a2454e7ef998b7d88e42552b348ac

commit 643ab68c79ac1644f4a31e36928c2bfc8a51db3c
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Oct 4 03:39:19 2019 +0000

    upstream: more sshsig regress tests: check key revocation, the
    
    check-novalidate signature test mode and signing keys in ssh-agent.
    
    From Sebastian Kinne (slightly tweaked)
    
    OpenBSD-Regress-ID: b39566f5cec70140674658cdcedf38752a52e2e2

commit 714031a10bbe378a395a93cf1040f4ee1451f45f
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Fri Oct 4 03:26:58 2019 +0000

    upstream: Check for gmtime failure in moduli generation. Based on
    
    patch from krishnaiah.bommu@intel.com, ok djm@
    
    OpenBSD-Commit-ID: 4c6a4cde0022188ac83737de08da0e875704eeaa

commit 6918974405cc28ed977f802fd97a9c9a9b2e141b
Author: jmc@openbsd.org <jmc@openbsd.org>
Date:   Thu Oct 3 17:07:50 2019 +0000

    upstream: use a more common options order in SYNOPSIS and sync
    
    usage(); while here, no need for Bk/Ek;
    
    ok dtucker
    
    OpenBSD-Commit-ID: 38715c3f10b166f599a2283eb7bc14860211bb90

commit feff96b7d4c0b99307f0459cbff128aede4a8984
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Wed Oct 2 09:50:50 2019 +0000

    upstream: thinko in previous; spotted by Mantas
    
    =?UTF-8?q?=20Mikul=C4=97nas?=
    MIME-Version: 1.0
    Content-Type: text/plain; charset=UTF-8
    Content-Transfer-Encoding: 8bit
    
    OpenBSD-Commit-ID: ffa3f5a45e09752fc47d9041e2203ee2ec15b24d

commit b5a89eec410967d6b712665f8cf0cb632928d74b
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Wed Oct 2 08:07:13 2019 +0000

    upstream: make signature format match PROTOCO
    
    =?UTF-8?q?=20as=20a=20string,=20not=20raw=20bytes.=20Spotted=20by=20Manta?=
    =?UTF-8?q?s=20Mikul=C4=97nas?=
    MIME-Version: 1.0
    Content-Type: text/plain; charset=UTF-8
    Content-Transfer-Encoding: 8bit
    
    OpenBSD-Commit-ID: 80fcc6d52893f80c6de2bedd65353cebfebcfa8f

commit dc6f81ee94995deb11bbf7e19801022c5f6fd90a
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Wed Oct 2 08:05:50 2019 +0000

    upstream: ban empty namespace strings for s
    
    =?UTF-8?q?shsig;=20spotted=20by=20Mantas=20Mikul=C4=97nas?=
    MIME-Version: 1.0
    Content-Type: text/plain; charset=UTF-8
    Content-Transfer-Encoding: 8bit
    
    OpenBSD-Commit-ID: 7c5bcf40bed8f4e826230176f4aa353c52aeb698

commit fa5bd8107e0e2b3e1e184f55d0f9320c119f65f0
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Wed Oct 2 14:30:55 2019 +1000

    Put ssherr.h back as it's actually needed.

commit 3ef92a657444f172b61f92d5da66d94fa8265602
Author: Lonnie Abelbeck <lonnie@abelbeck.com>
Date:   Tue Oct 1 09:05:09 2019 -0500

    Deny (non-fatal) shmget/shmat/shmdt in preauth privsep child.
    
    New wait_random_seeded() function on OpenSSL 1.1.1d uses shmget, shmat, and shmdt
    in the preauth codepath, deny (non-fatal) in seccomp_filter sandbox.

commit edd1d3a6261aecbf9a55944fd7be1db83571b46e
Author: Damien Miller <djm@mindrot.org>
Date:   Wed Oct 2 10:54:28 2019 +1000

    remove duplicate #includes
    
    Prompted by Jakub Jelen

commit 13c508dfed9f25e6e54c984ad00a74ef08539e70
Author: Damien Miller <djm@mindrot.org>
Date:   Wed Oct 2 10:51:15 2019 +1000

    typo in comment

commit d0c3ac427f6c52b872d6617421421dd791664445
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Wed Oct 2 00:42:30 2019 +0000

    upstream: remove some duplicate #includes
    
    OpenBSD-Commit-ID: ed6827ab921eff8027669848ef4f70dc1da4098c

commit 084682786d9275552ee93857cb36e43c446ce92c
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Tue Oct 1 10:22:53 2019 +0000

    upstream: revert unconditional forced login implemented in r1.41 of
    
    ssh-pkcs11.c; r1.45 added a forced login as a fallback for cases where the
    token returns no objects and this is less disruptive for users of tokens
    directly in ssh (rather than via ssh-agent) and in ssh-keygen
    
    bz3006, patch from Jakub Jelen; ok markus
    
    OpenBSD-Commit-ID: 33d6df589b072094384631ff93b1030103b3d02e

commit 6c91d42cce3f055917dc3fd2c305dfc5b3b584b3
Author: jmc@openbsd.org <jmc@openbsd.org>
Date:   Sun Sep 29 16:31:57 2019 +0000

    upstream: group and sort single letter options; ok deraadt
    
    OpenBSD-Commit-ID: e1480e760a2b582f79696cdcff70098e23fc603f

commit 3b44bf39ff4d7ef5d50861e2e9dda62d2926d2fe
Author: jmc@openbsd.org <jmc@openbsd.org>
Date:   Fri Sep 27 20:03:24 2019 +0000

    upstream: fix the DH-GEX text in -a; because this required a comma,
    
    i added a comma to the first part, for balance...
    
    OpenBSD-Commit-ID: 2c3464e9e82a41e8cdfe8f0a16d94266e43dbb58

commit 3e53ef28fab53094e3b19622ba0e9c3d5fe71273
Author: deraadt@openbsd.org <deraadt@openbsd.org>
Date:   Tue Sep 24 12:50:46 2019 +0000

    upstream: identity_file[] should be PATH_MAX, not the arbitrary
    
    number 1024
    
    OpenBSD-Commit-ID: e775f94ad47ce9ab37bd1410d7cf3b7ea98b11b7

commit 90d4b2541e8c907793233d9cbd4963f7624f4174
Author: jmc@openbsd.org <jmc@openbsd.org>
Date:   Fri Sep 20 18:50:58 2019 +0000

    upstream: new sentence, new line;
    
    OpenBSD-Commit-ID: c35ca5ec07be460e95e7406af12eee04a77b6698

commit fbec7dba01b70b49ac47f56031310865dff86200
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Mon Sep 30 18:01:12 2019 +1000

    Include stdio.h for snprintf.
    
    Patch from vapier@gentoo.org.

commit 0a403bfde71c4b82147473298d3a60b4171468bd
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Mon Sep 30 14:11:42 2019 +1000

    Add SKIP_LTESTS for skipping specific tests.

commit 4d59f7a5169c451ebf559aedec031ac9da2bf80c
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Fri Sep 27 05:25:12 2019 +0000

    upstream: Test for empty result in expected bits. Remove CRs from log
    
    as they confuse tools on some platforms.  Re-enable the 3des-cbc test.
    
    OpenBSD-Regress-ID: edf536d4f29fc1ba412889b37247a47f1b49d250

commit 7c817d129e2d48fc8a6f7965339313023ec45765
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Fri Sep 27 15:26:22 2019 +1000

    Re-enable dhgex test.
    
    Since we've added larger fallback groups to dh.c this test will pass
    even if there is no moduli file installed on the system.

commit c1e0a32fa852de6d1c82ece4f76add0ab0ca0eae
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Tue Sep 24 21:17:20 2019 +1000

    Add more ToS bits, currently only used by netcat.

commit 5a273a33ca1410351cb484af7db7c13e8b4e8e4e
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Thu Sep 19 15:41:23 2019 +1000

    Privsep is now required.

commit 8aa2aa3cd4d27d14e74b247c773696349472ef20
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Mon Sep 16 03:23:02 2019 +0000

    upstream: Allow testing signature syntax and validity without verifying
    
    that a signature came from a trusted signer. To discourage accidental or
    unintentional use, this is invoked by the deliberately ugly option name
    "check-novalidate"
    
    from Sebastian Kinne
    
    OpenBSD-Commit-ID: cea42c36ab7d6b70890e2d8635c1b5b943adcc0b

commit 7047d5afe3103f0f07966c05b810682d92add359
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Sep 13 04:52:34 2019 +0000

    upstream: clarify that IdentitiesOnly also applies to the default
    
    ~/.ssh/id_* keys; bz#3062
    
    OpenBSD-Commit-ID: 604be570e04646f0f4a17026f8b2aada6a585dfa

commit b36ee3fcb2f1601693b1b7fd60dd6bd96006ea75
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Fri Sep 13 04:36:43 2019 +0000

    upstream: Plug mem leaks on error paths, based in part on github
    
    pr#120 from David Carlier.  ok djm@.
    
    OpenBSD-Commit-ID: c57adeb1022a8148fc86e5a88837b3b156dbdb7e

commit 2aefdf1aef906cf7548a2e5927d35aacb55948d4
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Sep 13 04:31:19 2019 +0000

    upstream: whitespace
    
    OpenBSD-Commit-ID: 57a71dd5f4cae8d61e0ac631a862589fb2bfd700

commit fbe24b142915331ceb2a3a76be3dc5b6d204fddf
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Sep 13 04:27:35 2019 +0000

    upstream: allow %n to be expanded in ProxyCommand strings
    
    From Zachary Harmany via github.com/openssh/openssh-portable/pull/118
    ok dtucker@
    
    OpenBSD-Commit-ID: 7eebf1b7695f50c66d42053d352a4db9e8fb84b6

commit 2ce1d11600e13bee0667d6b717ffcc18a057b821
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Sep 13 04:07:42 2019 +0000

    upstream: clarify that ConnectTimeout applies both to the TCP
    
    connection and to the protocol handshake/KEX. From Jean-Charles Longuet via
    Github PR140
    
    OpenBSD-Commit-ID: ce1766abc6da080f0d88c09c2c5585a32b2256bf

commit df780114278f406ef7cb2278802a2660092fff09
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Mon Sep 9 02:31:19 2019 +0000

    upstream: Fix potential truncation warning. ok deraadt.
    
    OpenBSD-Commit-ID: d87b7e3a94ec935e8194e7fce41815e22804c3ff

commit ec0e6243660bf2df30c620a6a0d83eded376c9c6
Author: Damien Miller <djm@mindrot.org>
Date:   Fri Sep 13 13:14:39 2019 +1000

    memleak of buffer in sshpam_query
    
    coverity report via Ed Maste; ok dtucker@

commit c17e4638e5592688264fc0349f61bfc7b4425aa5
Author: Damien Miller <djm@mindrot.org>
Date:   Fri Sep 13 13:12:42 2019 +1000

    explicitly test set[ug]id() return values
    
    Legacy !_POSIX_SAVED_IDS path only; coverity report via Ed Maste
    ok dtucker@

commit 91a2135f32acdd6378476c5bae475a6e7811a6a2
Author: naddy@openbsd.org <naddy@openbsd.org>
Date:   Fri Sep 6 14:45:34 2019 +0000

    upstream: Allow prepending a list of algorithms to the default set
    
    by starting the list with the '^' character, e.g.
    
    HostKeyAlgorithms ^ssh-ed25519
    Ciphers ^aes128-gcm@openssh.com,aes256-gcm@openssh.com
    
    ok djm@ dtucker@
    
    OpenBSD-Commit-ID: 1e1996fac0dc8a4b0d0ff58395135848287f6f97

commit c8bdd2db77ac2369d5cdee237656f266c8f41552
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Sep 6 07:53:40 2019 +0000

    upstream: key conversion should fail for !openssl builds, not fall
    
    through to the key generation code
    
    OpenBSD-Commit-ID: b957436adc43c4941e61d61958a193a708bc83c9

commit 823f6c37eb2d8191d45539f7b6fa877a4cb4ed3d
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Sep 6 06:08:11 2019 +0000

    upstream: typo in previous
    
    OpenBSD-Commit-ID: 7c3b94110864771a6b80a0d8acaca34037c3c96e

commit 6a710d3e06fd375e2c2ae02546b9541c488a2cdb
Author: Damien Miller <djm@mindrot.org>
Date:   Sun Sep 8 14:48:11 2019 +1000

    needs time.h for --without-openssl

commit f61f29afda6c71eda26effa54d3c2e5306fd0833
Author: Damien Miller <djm@mindrot.org>
Date:   Sat Sep 7 19:25:00 2019 +1000

    make unittests pass for no-openssl case

commit 105e1c9218940eb53473f55a9177652d889ddbad
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Sep 6 05:59:41 2019 +0000

    upstream: avoid compiling certain files that deeply depend on
    
    libcrypto when WITH_OPENSSL isn't set
    
    OpenBSD-Commit-ID: 569f08445c27124ec7c7f6c0268d844ec56ac061

commit 670104b923dd97b1c06c0659aef7c3e52af571b2
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Sep 6 05:23:55 2019 +0000

    upstream: fixes for !WITH_OPENSSL compilation; ok dtucker@
    
    OpenBSD-Commit-ID: 7fd68eaa9e0f7482b5d4c7e8d740aed4770a839f

commit be02d7cbde3d211ec2ed2320a1f7d86b2339d758
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Sep 6 04:53:27 2019 +0000

    upstream: lots of things were relying on libcrypto headers to
    
    transitively include various system headers (mostly stdlib.h); include them
    explicitly
    
    OpenBSD-Commit-ID: 5b522f4f2d844f78bf1cc4f3f4cc392e177b2080

commit d05aaaaadcad592abfaa44540928e0c61ef72ebb
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Sep 6 03:30:42 2019 +0000

    upstream: remove leakmalloc reference; we used this early when
    
    refactoring but not since
    
    OpenBSD-Commit-ID: bb28ebda8f7c490b87b37954044a6cdd43a7eb2c

commit 1268f0bcd8fc844ac6c27167888443c8350005eb
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Fri Sep 6 04:24:06 2019 +0000

    upstream: Check for RSA support before using it for the user key,
    
    otherwise use ed25519 which is supported when built without OpenSSL.
    
    OpenBSD-Regress-ID: 3d23ddfe83c5062f00ac845d463f19a2ec78c0f7

commit fd7a2dec652b9efc8e97f03f118f935dce732c60
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Fri Sep 6 14:07:10 2019 +1000

    Provide explicit path to configure-check.
    
    On some platforms (at least OpenBSD) make won't search VPATH for target
    files, so building out-of-tree will fail at configure-check.  Provide
    explicit path.  ok djm@

commit 00865c29690003b4523cc09a0e104724b9f911a4
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Sep 6 01:58:50 2019 +0000

    upstream: better error code for bad arguments; inspired by
    
    OpenBSD-Commit-ID: dfc263b6041de7f0ed921a1de0b81ddebfab1e0a

commit afdf27f5aceb4973b9f5308f4310c6e3fd8db1fb
Author: Damien Miller <djm@mindrot.org>
Date:   Thu Sep 5 21:38:40 2019 +1000

    revert config.h/config.h.in freshness checks
    
    turns out autoreconf and configure don't touch some files if their content
    doesn't change, so the mtime can't be relied upon in a makefile rule

commit a97609e850c57bd2cc2fe7e175fc35cb865bc834
Author: Damien Miller <djm@mindrot.org>
Date:   Thu Sep 5 20:54:39 2019 +1000

    extend autoconf freshness test
    
    make it cover config.h.in and config.h separately

commit 182297c10edb21c4856c6a38326fd04d81de41a5
Author: Damien Miller <djm@mindrot.org>
Date:   Thu Sep 5 20:34:54 2019 +1000

    check that configure/config.h is up to date
    
    Ensure they are newer than the configure.ac / aclocal.m4 source

commit 7d6034bd020248e9fc0f8c39c71c858debd0d0c1
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Thu Sep 5 10:05:51 2019 +0000

    upstream: if a PKCS#11 token returns no keys then try to login and
    
    refetch them. Based on patch from Jakub Jelen; bz#2430 ok markus@
    
    OpenBSD-Commit-ID: ab53bd6ddd54dd09e54a8bfbed1a984496f08b43

commit 76f09bd95917862101b740afb19f4db5ccc752bf
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Thu Sep 5 09:35:19 2019 +0000

    upstream: sprinkle in some explicit errors here, otherwise the
    
    percolate all the way up to dispatch_run_fatal() and lose all meaninful
    context
    
    to help with bz#3063; ok dtucker@
    
    OpenBSD-Commit-ID: 5b2da83bb1c4a3471444b7910b2120ae36438a0a

commit 0ea332497b2b2fc3995f72f6bafe9d664c0195b3
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Thu Sep 5 09:25:13 2019 +0000

    upstream: only send ext_info for KEX_INITIAL; bz#2929 ok dtucker
    
    OpenBSD-Commit-ID: 00f5c6062f6863769f5447c6346f78c05d2e4a63

commit f23d91f9fa7f6f42e70404e000fac88aebfe3076
Author: jmc@openbsd.org <jmc@openbsd.org>
Date:   Thu Sep 5 05:47:23 2019 +0000

    upstream: macro fix; ok djm
    
    OpenBSD-Commit-ID: e891dd6c7996114cb32f0924cb7898ab55efde6e

commit 8b57337c1c1506df2bb9f039d0628a6de618566b
Author: Damien Miller <djm@mindrot.org>
Date:   Thu Sep 5 15:46:39 2019 +1000

    update fuzzing makefile to more recent clang

commit ae631ad77daf8fd39723d15a687cd4b1482cbae8
Author: Damien Miller <djm@mindrot.org>
Date:   Thu Sep 5 15:45:32 2019 +1000

    fuzzer for sshsig allowed_signers option parsing

commit 69159afe24120c97e5ebaf81016c85968afb903e
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Thu Sep 5 05:42:59 2019 +0000

    upstream: memleak on error path; found by libfuzzer
    
    OpenBSD-Commit-ID: 34d44cb0fb5bdb5fcbc6b02b804e71b20a7a5fc7

commit bab6feb01f9924758ca7129dba708298a53dde5f
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Thu Sep 5 04:55:32 2019 +0000

    upstream: expose allowed_signers options parsing code in header for
    
    fuzzing
    
    rename to make more consistent with philosophically-similar auth
    options parsing API.
    
    OpenBSD-Commit-ID: 0c67600ef04187f98e2912ca57b60c22a8025b7c

commit 4f9d75fbafde83d428e291516f8ce98e6b3a7c4b
Author: naddy@openbsd.org <naddy@openbsd.org>
Date:   Wed Sep 4 20:31:15 2019 +0000

    upstream: Call comma-separated lists as such to clarify semantics.
    
    Options such as Ciphers take values that may be a list of ciphers; the
    complete list, not indiviual elements, may be prefixed with a dash or plus
    character to remove from or append to the default list, respectively.
    
    Users might read the current text as if each elment took an optional prefix,
    so tweak the wording from "values" to "list" to prevent such ambiguity for
    all options supporting these semantics.
    
    Fix instances missed in first commit.  ok jmc@ kn@
    
    OpenBSD-Commit-ID: 7112522430a54fb9f15a7a26d26190ed84d5e417

commit db1e6f60f03641b2d17e0ab062242609f4ed4598
Author: jmc@openbsd.org <jmc@openbsd.org>
Date:   Wed Sep 4 05:56:54 2019 +0000

    upstream: tweak previous;
    
    OpenBSD-Commit-ID: 0abd728aef6b5b35f6db43176aa83b7e3bf3ce27

commit 0f44e5956c7c816f6600f2a47be4d7bb5a8d711d
Author: naddy@openbsd.org <naddy@openbsd.org>
Date:   Tue Sep 3 20:51:49 2019 +0000

    upstream: repair typo and editing mishap
    
    OpenBSD-Commit-ID: d125ab720ca71ccf9baf83e08ddc8c12a328597e

commit f4846dfc6a79f84bbc6356ae3184f142bacedc24
Author: Damien Miller <djm@mindrot.org>
Date:   Thu Sep 5 11:09:28 2019 +1000

    Fuzzer harness for sshsig

commit b08a6bc1cc7750c6f8a425d1cdbd86552fffc637
Author: Damien Miller <djm@mindrot.org>
Date:   Tue Sep 3 18:45:42 2019 +1000

    oops; missed including the actual file

commit 1a72c0dd89f09754df443c9576dde624a17d7dd0
Author: Damien Miller <djm@mindrot.org>
Date:   Tue Sep 3 18:44:10 2019 +1000

    portability fixes for sshsig

commit 6d6427d01304d967e58544cf1c71d2b4394c0522
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Tue Sep 3 08:37:45 2019 +0000

    upstream: regress test for sshsig; feedback and ok markus@
    
    OpenBSD-Regress-ID: 74c0974f2cdae8d9599b9d76a09680bae55d8a8b

commit 59650f0eaf65115afe04c39abfb93a4fc994ec55
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Tue Sep 3 08:37:06 2019 +0000

    upstream: only add plain keys to prevent any certs laying around
    
    from confusing the test.
    
    OpenBSD-Regress-ID: b8f1508f822bc560b98dea910e61ecd76f34100f

commit d637c4aee6f9b5280c13c020d7653444ac1fcaa5
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Tue Sep 3 08:35:27 2019 +0000

    upstream: sshsig tweaks and improvements from and suggested by
    
    Markus
    
    ok markus/me
    
    OpenBSD-Commit-ID: ea4f46ad5a16b27af96e08c4877423918c4253e9

commit 2a9c9f7272c1e8665155118fe6536bebdafb6166
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Tue Sep 3 08:34:19 2019 +0000

    upstream: sshsig: lightweight signature and verification ability
    
    for OpenSSH
    
    This adds a simple manual signature scheme to OpenSSH.
    Signatures can be made and verified using ssh-keygen -Y sign|verify
    
    Signatures embed the key used to make them. At verification time, this
    is matched via principal name against an authorized_keys-like list
    of allowed signers.
    
    Mostly by Sebastian Kinne w/ some tweaks by me
    
    ok markus@
    
    OpenBSD-Commit-ID: 2ab568e7114c933346616392579d72be65a4b8fb

commit 5485f8d50a5bc46aeed829075ebf5d9c617027ea
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Tue Sep 3 08:32:11 2019 +0000

    upstream: move authorized_keys option parsing helpsers to misc.c
    
    and make them public; ok markus@
    
    OpenBSD-Commit-ID: c18bcb2a687227b3478377c981c2d56af2638ea2

commit f8df0413f0a057b6a3d3dd7bd8bc7c5d80911d3a
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Tue Sep 3 08:31:20 2019 +0000

    upstream: make get_sigtype public as sshkey_get_sigtype(); ok
    
    markus@
    
    OpenBSD-Commit-ID: 01f8cdbec63350490d2249f41112c5780d1cfbb8

commit dd8002fbe63d903ffea5be7b7f5fc2714acab4a0
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Tue Sep 3 08:30:47 2019 +0000

    upstream: move advance_past_options to authfile.c and make it
    
    public; ok markus@
    
    OpenBSD-Commit-ID: edda2fbba2c5b1f48e60f857a2010479e80c5f3c

commit c72d78ccbe642e08591a626e5de18381489716e0
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Tue Sep 3 08:29:58 2019 +0000

    upstream: move skip_space() to misc.c and make it public; ok
    
    markus@
    
    OpenBSD-Commit-ID: caa77e8a3b210948e29ad3e28c5db00852961eae

commit 06af3583f46e2c327fdd44d8a95b8b4e8dfd8db5
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Tue Sep 3 08:29:15 2019 +0000

    upstream: authfd: add function to check if key is in agent
    
    This commit adds a helper function which allows the caller to
    check if a given public key is present in ssh-agent.
    
    work by Sebastian Kinne; ok markus@
    
    OpenBSD-Commit-ID: d43c5826353e1fdc1af71eb42961b30782c7bd13

commit 2ab5a8464870cc4b29ddbe849bbbc255729437bf
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Tue Sep 3 08:28:30 2019 +0000

    upstream: fix memleak in ssh_free_identitylist(); ok markus@
    
    OpenBSD-Commit-ID: aa51f77ae2c5330a1f61b2d22933f24a443f9abf

commit 85443f165b4169b2a448b3e24bc1d4dc5b3156a4
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Tue Sep 3 08:27:52 2019 +0000

    upstream: factor out confirm_overwrite(); ok markus@
    
    OpenBSD-Commit-ID: 304e95381b39c774c8fced7e5328b106a3ff0400

commit 9a396e33685633581c67d5ad9664570ef95281f2
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Mon Sep 2 23:46:46 2019 +0000

    upstream: constify an argument
    
    OpenBSD-Commit-ID: 724bafc9f993746ad4303e95bede2c030de6233b

commit b52c0c2e64988277a35a955a474d944967059aeb
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Mon Sep 2 00:19:25 2019 +0000

    upstream: downgrade PKCS#11 "provider returned no slots" warning
    
    from log level error to debug. This is common when attempting to enumerate
    keys on smartcard readers with no cards plugged in. bz#3058 ok dtucker@
    
    OpenBSD-Commit-ID: bb8839ddeb77c271390488af1b771041d43e49c6

commit 0713322e18162463c5ab5ddfb9f935055ca775d8
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Sun Sep 1 23:47:32 2019 +0000

    upstream: print comment when printing pubkey from private
    
    bz#3052; ok dtucker
    
    OpenBSD-Commit-ID: a91b2a8d5f1053d34d7fce44523c53fb534ba914

commit 368f1cc2fbd6ad10c66bc1b67c2c04aebf8a04a8
Author: Damien Miller <djm@mindrot.org>
Date:   Mon Sep 2 10:28:42 2019 +1000

    fixed test in OSX closefrom() replacement
    
    from likan_999.student AT sina.com

commit 6b7c53498def19a14dd9587bf521ab6dbee8988f
Author: Damien Miller <djm@mindrot.org>
Date:   Mon Sep 2 10:22:02 2019 +1000

    retain Solaris PRIV_FILE_LINK_ANY in sftp-server
    
    Dropping this privilege removes the ability to create hard links to
    files owned by other users. This is required for the legacy sftp rename
    operation.
    
    bz#3036; approach ok Alex Wilson (the original author of the Solaris
    sandbox/pledge replacement code)

commit e50f808712393e86d69e42e9847cdf8d473412d7
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Fri Aug 30 05:08:28 2019 +0000

    upstream: Use ed25519 for most hostkey rotation tests since it's
    
    supported even when built without OpenSSL.  Use RSA for the secondary type
    test if supported, otherwise skip it.  Fixes this test for !OpenSSL builds.
    
    OpenBSD-Regress-ID: 101cb34a84fd974c623bdb2e496f25a6e91be109

commit 5e4796c47dd8d6c38fb2ff0b3e817525fed6040d
Author: bluhm@openbsd.org <bluhm@openbsd.org>
Date:   Thu Aug 22 21:47:27 2019 +0000

    upstream: Test did not compile due to missing symbols. Add source
    
    sshbuf-misc.c to regress as it was done in ssh make file. from Moritz Buhl
    
    OpenBSD-Regress-ID: 9e1c23476bb845f3cf3d15d9032da3ed0cb2fcf5

commit e0e7e3d0e26f2c30697e6d0cfc293414908963c7
Author: Damien Miller <djm@mindrot.org>
Date:   Fri Aug 30 14:26:19 2019 +1000

    tweak warning flags
    
    Enable -Wextra if compiler supports it
    
    Set -Wno-error=format-truncation if available to prevent expected
    string truncations in openbsd-compat from breaking -Werror builds

commit 28744182cf90e0073b76a9e98de58a47e688b2c4
Author: Damien Miller <djm@mindrot.org>
Date:   Fri Aug 30 13:21:38 2019 +1000

    proc_pidinfo()-based closefrom() for OS X
    
    Refactor closefrom() to use a single brute-force close() loop fallback.
    
    Based on patch from likan_999.student@sina.com in bz#3049. ok dtucker@

commit dc2ca588144f088a54febebfde3414568dc73d5f
Author: kn@openbsd.org <kn@openbsd.org>
Date:   Fri Aug 16 11:16:32 2019 +0000

    upstream: Call comma-separated lists as such to clarify semantics
    
    Options such as Ciphers take values that may be a list of ciphers;  the
    complete list, not indiviual elements, may be prefixed with a dash or plus
    character to remove from or append to the default list respectively.
    
    Users might read the current text as if each elment took an optional prefix,
    so tweak the wording from "values" to "list" to prevent such ambiguity for
    all options supporting this semantics (those that provide a list of
    available elements via "ssh -Q ...").
    
    Input and OK jmc
    
    OpenBSD-Commit-ID: 4fdd175b0e5f5cb10ab3f26ccc38a93bb6515d57

commit c4736f39e66729ce2bf5b06ee6b391e092b48f47
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Aug 16 06:35:27 2019 +0000

    upstream: include sshbuf-misc.c in SRCS_BASE
    
    OpenBSD-Commit-ID: 99dd10e72c04e93849981d43d64c946619efa474

commit d0e51810f332fe44ebdba41113aacf319d35f5a5
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Sat Aug 24 15:12:11 2019 +1000

    Fix pasto in fallback code.
    
    There is no parameter called "pathname", it should simply be "path".
    bz#3059, patch from samuel at cendio.se.

commit e83c989bfd9fc9838b7dfb711d1dc6da81814045
Author: Damien Miller <djm@mindrot.org>
Date:   Fri Aug 23 10:19:30 2019 +1000

    use SC_ALLOW_ARG_MASK to limit mmap protections
    
    Restrict to PROT_(READ|WRITE|NONE), i.e. exclude PROT_EXEC

commit f6906f9bf12c968debec3671bbf19926ff8a235b
Author: Damien Miller <djm@mindrot.org>
Date:   Fri Aug 23 10:08:48 2019 +1000

    allow mprotect(2) with PROT_(READ|WRITE|NONE) only
    
    Used by some hardened heap allocators. Requested by Yegor
    Timoshenko in https://github.com/openssh/openssh-portable/pull/142

commit e3b6c966b79c3ea5d51b923c3bbdc41e13b96ea0
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Aug 16 06:13:15 2019 +0000

    upstream: switch percent_expand() to use sshbuf instead of a limited
    
    fixed buffer; ok markus@
    
    OpenBSD-Commit-ID: 3f9ef20bca5ef5058b48c1cac67c53b9a1d15711

commit 9ab5b9474779ac4f581d402ae397f871ed16b383
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Aug 9 05:05:54 2019 +0000

    upstream: produce a useful error message if the user's shell is set
    
    incorrectly during "match exec" processing. bz#2791 reported by Dario
    Bertini; ok dtucker
    
    OpenBSD-Commit-ID: cf9eddd6a6be726cb73bd9c3936f3888cd85c03d

commit 8fdbc7247f432578abaaca1b72a0dbf5058d67e5
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Fri Aug 9 04:24:03 2019 +0000

    upstream: Change description of TCPKeepAlive from "inactive" to
    
    "unresponsive" to clarify what it checks for.  Patch from jblaine at
    kickflop.net via github pr#129, ok djm@.
    
    OpenBSD-Commit-ID: 3682f8ec7227f5697945daa25d11ce2d933899e9

commit 7afc45c3ed72672690014dc432edc223b23ae288
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Thu Aug 8 08:02:57 2019 +0000

    upstream: Allow the maximimum uint32 value for the argument passed to
    
    -b which allows better error messages from later validation.  bz#3050, ok
