commit 4a354fc231174901f2629437c2a6e924a2dd6772
Author: Damien Miller <djm@mindrot.org>
Date:   Mon Dec 19 15:59:26 2016 +1100

    crank version numbers for release

commit 5f8d0bb8413d4d909cc7aa3c616fb0538224c3c9
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Mon Dec 19 04:55:51 2016 +0000

    upstream commit
    
    openssh-7.4
    
    Upstream-ID: 1ee404adba6bbe10ae9277cbae3a94abe2867b79

commit 3a8213ea0ed843523e34e55ab9c852332bab4c7b
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Mon Dec 19 04:55:18 2016 +0000

    upstream commit
    
    remove testcase that depends on exact output and
    behaviour of snprintf(..., "%s", NULL)
    
    Upstream-Regress-ID: cab4288531766bd9593cb556613b91a2eeefb56f

commit eae735a82d759054f6ec7b4e887fb7a5692c66d7
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Mon Dec 19 03:32:57 2016 +0000

    upstream commit
    
    Use LOGNAME to get current user and fall back to whoami if
    not set. Mainly to benefit -portable since some platforms don't have whoami.
    
    Upstream-Regress-ID: e3a16b7836a3ae24dc8f8a4e43fdf8127a60bdfa

commit 0d2f88428487518eea60602bd593989013831dcf
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Fri Dec 16 03:51:19 2016 +0000

    upstream commit
    
    Add regression test for AllowUsers and DenyUsers.  Patch from
    Zev Weiss <zev at bewilderbeest.net>
    
    Upstream-Regress-ID: 8f1aac24d52728398871dac14ad26ea38b533fb9

commit 3bc8180a008929f6fe98af4a56fb37d04444b417
Author: Darren Tucker <dtucker@zip.com.au>
Date:   Fri Dec 16 15:02:24 2016 +1100

    Add missing monitor.h include.
    
    Fixes warning pointed out by Zev Weiss <zev at bewilderbeest.net>

commit 410681f9015d76cc7b137dd90dac897f673244a0
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Dec 16 02:48:55 2016 +0000

    upstream commit
    
    revert to rev1.2; the new bits in this test depend on changes
    to ssh that aren't yet committed
    
    Upstream-Regress-ID: 828ffc2c7afcf65d50ff2cf3dfc47a073ad39123

commit 2f2ffa4fbe4b671bbffa0611f15ba44cff64d58e
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Fri Dec 16 01:06:27 2016 +0000

    upstream commit
    
    Move the "stop sshd" code into its own helper function.
    Patch from Zev Weiss <zev at bewilderbeest.net>, ok djm@
    
    Upstream-Regress-ID: a113dea77df5bd97fb4633ea31f3d72dbe356329

commit e15e7152331e3976b35475fd4e9c72897ad0f074
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Dec 16 01:01:07 2016 +0000

    upstream commit
    
    regression test for certificates along with private key
    with no public half. bz#2617, mostly from Adam Eijdenberg
    
    Upstream-Regress-ID: 2e74dc2c726f4dc839609b3ce045466b69f01115

commit 9a70ec085faf6e55db311cd1a329f1a35ad2a500
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Thu Dec 15 23:50:37 2016 +0000

    upstream commit
    
    Use $SUDO to read pidfile in case root's umask is
    restricted.  From portable.
    
    Upstream-Regress-ID: f6b1c7ffbc5a0dfb7d430adb2883344899174a98

commit fe06b68f824f8f55670442fb31f2c03526dd326c
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Thu Dec 15 21:29:05 2016 +0000

    upstream commit
    
    Add missing braces in DenyUsers code.  Patch from zev at
    bewilderbeest.net, ok deraadt@
    
    Upstream-ID: d747ace338dcf943b077925f90f85f789714b54e

commit dcc7d74242a574fd5c4afbb4224795b1644321e7
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Thu Dec 15 21:20:41 2016 +0000

    upstream commit
    
    Fix text in error message.  Patch from zev at
    bewilderbeest.net.
    
    Upstream-ID: deb0486e175e7282f98f9a15035d76c55c84f7f6

commit b737e4d7433577403a31cff6614f6a1b0b5e22f4
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Wed Dec 14 00:36:34 2016 +0000

    upstream commit
    
    disable Unix-domain socket forwarding when privsep is
    disabled
    
    Upstream-ID: ab61516ae0faadad407857808517efa900a0d6d0

commit 08a1e7014d65c5b59416a0e138c1f73f417496eb
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Dec 9 03:04:29 2016 +0000

    upstream commit
    
    log connections dropped in excess of MaxStartups at
    verbose LogLevel; bz#2613 based on diff from Tomas Kuthan; ok dtucker@
    
    Upstream-ID: 703ae690dbf9b56620a6018f8a3b2389ce76d92b

commit 10e290ec00964b2bf70faab15a10a5574bb80527
Author: Darren Tucker <dtucker@zip.com.au>
Date:   Tue Dec 13 13:51:32 2016 +1100

    Get default of TEST_SSH_UTF8 from environment.

commit b9b8ba3f9ed92c6220b58d70d1e6d8aa3eea1104
Author: Darren Tucker <dtucker@zip.com.au>
Date:   Tue Dec 13 12:56:40 2016 +1100

    Remove commented-out includes.
    
    These commented-out includes have "Still needed?" comments.  Since
    they've been commented out for ~13 years I assert that they're not.

commit 25275f1c9d5f01a0877d39444e8f90521a598ea0
Author: Darren Tucker <dtucker@zip.com.au>
Date:   Tue Dec 13 12:54:23 2016 +1100

    Add prototype for strcasestr in compat library.

commit afec07732aa2985142f3e0b9a01eb6391f523dec
Author: Darren Tucker <dtucker@zip.com.au>
Date:   Tue Dec 13 10:23:03 2016 +1100

    Add strcasestr to compat library.
    
    Fixes build on (at least) Solaris 10.

commit dda78a03af32e7994f132d923c2046e98b7c56c8
Author: Damien Miller <djm@mindrot.org>
Date:   Mon Dec 12 13:57:10 2016 +1100

    Force Turkish locales back to C/POSIX; bz#2643
    
    Turkish locales are unique in their handling of the letters 'i' and
    'I' (yes, they are different letters) and OpenSSH isn't remotely
    prepared to deal with that. For now, the best we can do is to force
    OpenSSH to use the C/POSIX locale and try to preserve the UTF-8
    encoding if possible.
    
    ok dtucker@

commit c35995048f41239fc8895aadc3374c5f75180554
Author: Darren Tucker <dtucker@zip.com.au>
Date:   Fri Dec 9 12:52:02 2016 +1100

    exit is in stdlib.h not unistd.h (that's _exit).

commit d399a8b914aace62418c0cfa20341aa37a192f98
Author: Darren Tucker <dtucker@zip.com.au>
Date:   Fri Dec 9 12:33:25 2016 +1100

    Include <unistd.h> for exit in utf8 locale test.

commit 47b8c99ab3221188ad3926108dd9d36da3b528ec
Author: Darren Tucker <dtucker@zip.com.au>
Date:   Thu Dec 8 15:48:34 2016 +1100

    Check for utf8 local support before testing it.
    
    Check for utf8 local support and if not found, do not attempt to run the
    utf8 tests.  Suggested by djm@

commit 4089fc1885b3a2822204effbb02b74e3da58240d
Author: Darren Tucker <dtucker@zip.com.au>
Date:   Thu Dec 8 12:57:24 2016 +1100

    Use AC_PATH_TOOL for krb5-config.
    
    This will use the host-prefixed version when cross compiling; patch from
    david.michael at coreos.com.

commit b4867e0712c89b93be905220c82f0a15e6865d1e
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Tue Dec 6 07:48:01 2016 +0000

    upstream commit
    
    make IdentityFile successfully load and use certificates that
    have no corresponding bare public key. E.g. just a private id_rsa and
    certificate id_rsa-cert.pub (and no id_rsa.pub).
    
    bz#2617 ok dtucker@
    
    Upstream-ID: c1e9699b8c0e3b63cc4189e6972e3522b6292604

commit c9792783a98881eb7ed295680013ca97a958f8ac
Author: Damien Miller <djm@mindrot.org>
Date:   Fri Nov 25 14:04:21 2016 +1100

    Add a gnome-ssh-askpass3 target for GTK+3 version
    
    Based on patch from Colin Watson via bz#2640

commit 7be85ae02b9de0993ce0a1d1e978e11329f6e763
Author: Damien Miller <djm@mindrot.org>
Date:   Fri Nov 25 14:03:53 2016 +1100

    Make gnome-ssh-askpass2.c GTK+3-friendly
    
    Patch from Colin Watson via bz#2640

commit b9844a45c7f0162fd1b5465683879793d4cc4aaa
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Sun Dec 4 23:54:02 2016 +0000

    upstream commit
    
    Fix public key authentication when multiple
    authentication is in use. Instead of deleting and re-preparing the entire
    keys list, just reset the 'used' flags; the keys list is already in a good
    order (with already- tried keys at the back)
    
    Analysis and patch from Vincent Brillault on bz#2642; ok dtucker@
    
    Upstream-ID: 7123f12dc2f3bcaae715853035a97923d7300176

commit f2398eb774075c687b13af5bc22009eb08889abe
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Sun Dec 4 22:27:25 2016 +0000

    upstream commit
    
    Unlink PidFile on SIGHUP and always recreate it when the
    new sshd starts. Regression tests (and possibly other things) depend on the
    pidfile being recreated after SIGHUP, and unlinking it means it won't contain
    a stale pid if sshd fails to restart.  ok djm@ markus@
    
    Upstream-ID: 132dd6dda0c77dd49d2f15b2573b5794f6160870

commit 85aa2efeba51a96bf6834f9accf2935d96150296
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Wed Nov 30 03:01:33 2016 +0000

    upstream commit
    
    test new behaviour of cert force-command restriction vs.
    authorized_key/ principals
    
    Upstream-Regress-ID: 399efa7469d40c404c0b0a295064ce75d495387c

commit 5d333131cd8519d022389cfd3236280818dae1bc
Author: jmc@openbsd.org <jmc@openbsd.org>
Date:   Wed Nov 30 06:54:26 2016 +0000

    upstream commit
    
    tweak previous; while here fix up FILES and AUTHORS;
    
    Upstream-ID: 93f6e54086145a75df8d8ec7d8689bdadbbac8fa

commit 786d5994da79151180cb14a6cf157ebbba61c0cc
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Wed Nov 30 03:07:37 2016 +0000

    upstream commit
    
    add a whitelist of paths from which ssh-agent will load
    (via ssh-pkcs11-helper) a PKCS#11 module; ok markus@
    
    Upstream-ID: fe79769469d9cd6d26fe0dc15751b83ef2a06e8f

commit 7844f357cdd90530eec81340847783f1f1da010b
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Wed Nov 30 03:00:05 2016 +0000

    upstream commit
    
    Add a sshd_config DisableForwaring option that disables
    X11, agent, TCP, tunnel and Unix domain socket forwarding, as well as
    anything else we might implement in the future.
    
    This, like the 'restrict' authorized_keys flag, is intended to be a
    simple and future-proof way of restricting an account. Suggested as
    a complement to 'restrict' by Jann Horn; ok markus@
    
    Upstream-ID: 203803f66e533a474086b38a59ceb4cf2410fcf7

commit fd6dcef2030d23c43f986d26979f84619c10589d
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Wed Nov 30 02:57:40 2016 +0000

    upstream commit
    
    When a forced-command appears in both a certificate and
    an authorized keys/principals command= restriction, refuse to accept the
    certificate unless they are identical.
    
    The previous (documented) behaviour of having the certificate forced-
    command override the other could be a bit confused and more error-prone.
    
    Pointed out by Jann Horn of Project Zero; ok dtucker@
    
    Upstream-ID: 79d811b6eb6bbe1221bf146dde6928f92d2cd05f

commit 7fc4766ac78abae81ee75b22b7550720bfa28a33
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Wed Nov 30 00:28:31 2016 +0000

    upstream commit
    
    On startup, check to see if sshd is already daemonized
    and if so, skip the call to daemon() and do not rewrite the PidFile.  This
    means that when sshd re-execs itself on SIGHUP the process ID will no longer
    change.  Should address bz#2641.  ok djm@ markus@.
    
    Upstream-ID: 5ea0355580056fb3b25c1fd6364307d9638a37b9

commit c9f880c195c65f1dddcbc4ce9d6bfea7747debcc
Author: Damien Miller <djm@mindrot.org>
Date:   Wed Nov 30 13:51:49 2016 +1100

    factor out common PRNG reseed before privdrop
    
    Add a call to RAND_poll() to ensure than more than pid+time gets
    stirred into child processes states. Prompted by analysis from Jann
    Horn at Project Zero. ok dtucker@

commit 79e4829ec81dead1b30999e1626eca589319a47f
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Fri Nov 25 03:02:01 2016 +0000

    upstream commit
    
    Allow PuTTY interop tests to run unattended.  bz#2639,
    patch from cjwatson at debian.org.
    
    Upstream-Regress-ID: 4345253558ac23b2082aebabccd48377433b6fe0

commit 504c3a9a1bf090f6b27260fc3e8ea7d984d163dc
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Fri Nov 25 02:56:49 2016 +0000

    upstream commit
    
    Reverse args to sshd-log-wrapper.  Matches change in
    portable, where it allows sshd do be optionally run under Valgrind.
    
    Upstream-Regress-ID: b438d1c6726dc5caa2a45153e6103a0393faa906

commit bd13017736ec2f8f9ca498fe109fb0035f322733
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Fri Nov 25 02:49:18 2016 +0000

    upstream commit
    
    Fix typo in trace message; from portable.
    
    Upstream-Regress-ID: 4c4a2ba0d37faf5fd230a91b4c7edb5699fbd73a

commit 7da751d8b007c7f3e814fd5737c2351440d78b4c
Author: tb@openbsd.org <tb@openbsd.org>
Date:   Tue Nov 1 13:43:27 2016 +0000

    upstream commit
    
    Clean up MALLOC_OPTIONS.  For the unittests, move
    MALLOC_OPTIONS and TEST_ENV to unittets/Makefile.inc.
    
    ok otto
    
    Upstream-Regress-ID: 890d497e0a38eeddfebb11cc429098d76cf29f12

commit 36f58e68221bced35e06d1cca8d97c48807a8b71
Author: tb@openbsd.org <tb@openbsd.org>
Date:   Mon Oct 31 23:45:08 2016 +0000

    upstream commit
    
    Remove the obsolete A and P flags from MALLOC_OPTIONS.
    
    ok dtucker
    
    Upstream-Regress-ID: 6cc25024c8174a87e5734a0dc830194be216dd59

commit b0899ee26a6630883c0f2350098b6a35e647f512
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Tue Nov 29 03:54:50 2016 +0000

    upstream commit
    
    Factor out code to disconnect from controlling terminal
    into its own function.  ok djm@
    
    Upstream-ID: 39fd9e8ebd7222615a837312face5cc7ae962885

commit 54d022026aae4f53fa74cc636e4a032d9689b64d
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Nov 25 23:24:45 2016 +0000

    upstream commit
    
    use sshbuf_allocate() to pre-allocate the buffer used for
    loading keys. This avoids implicit realloc inside the buffer code, which
    might theoretically leave fragments of the key on the heap. This doesn't
    appear to happen in practice for normal sized keys, but was observed for
    novelty oversize ones.
    
    Pointed out by Jann Horn of Project Zero; ok markus@
    
    Upstream-ID: d620e1d46a29fdea56aeadeda120879eddc60ab1

commit a9c746088787549bb5b1ae3add7d06a1b6d93d5e
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Nov 25 23:22:04 2016 +0000

    upstream commit
    
    split allocation out of sshbuf_reserve() into a separate
    sshbuf_allocate() function; ok markus@
    
    Upstream-ID: 11b8a2795afeeb1418d508a2c8095b3355577ec2

commit f0ddedee460486fa0e32fefb2950548009e5026e
Author: markus@openbsd.org <markus@openbsd.org>
Date:   Wed Nov 23 23:14:15 2016 +0000

    upstream commit
    
    allow ClientAlive{Interval,CountMax} in Match; ok dtucker,
    djm
    
    Upstream-ID: 8beb4c1eadd588f1080b58932281983864979f55

commit 1a6f9d2e2493d445cd9ee496e6e3c2a2f283f66a
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Tue Nov 8 22:04:34 2016 +0000

    upstream commit
    
    unbreak DenyUsers; reported by henning@
    
    Upstream-ID: 1c67d4148f5e953c35acdb62e7c08ae8e33f7cb2

commit 010359b32659f455fddd2bd85fd7cc4d7a3b994a
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Sun Nov 6 05:46:37 2016 +0000

    upstream commit
    
    Validate address ranges for AllowUser/DenyUsers at
    configuration load time and refuse to accept bad ones. It was previously
    possible to specify invalid CIDR address ranges (e.g. djm@127.1.2.3/55) and
    these would always match.
    
    Thanks to Laurence Parry for a detailed bug report. ok markus (for
    a previous diff version)
    
    Upstream-ID: 9dfcdd9672b06e65233ea4434c38226680d40bfb

commit efb494e81d1317209256b38b49f4280897c61e69
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Oct 28 03:33:52 2016 +0000

    upstream commit
    
    Improve pkcs11_add_provider() logging: demote some
    excessively verbose error()s to debug()s, include PKCS#11 provider name and
    slot in log messages where possible. bz#2610, based on patch from Jakub Jelen
    
    Upstream-ID: 3223ef693cfcbff9079edfc7e89f55bf63e1973d

commit 5ee3fb5affd7646f141749483205ade5fc54adaf
Author: Darren Tucker <dtucker@zip.com.au>
Date:   Tue Nov 1 08:12:33 2016 +1100

    Use ptrace(PT_DENY_ATTACH, ..) on OS X.

commit 315d2a4e674d0b7115574645cb51f968420ebb34
Author: Damien Miller <djm@mindrot.org>
Date:   Fri Oct 28 14:34:07 2016 +1100

    Unbreak AES-CTR ciphers on old (~0.9.8) OpenSSL
    
    ok dtucker@

commit a9ff3950b8e80ff971b4d44bbce96df27aed28af
Author: Darren Tucker <dtucker@zip.com.au>
Date:   Fri Oct 28 14:26:58 2016 +1100

    Move OPENSSL_NO_RIPEMD160 to compat.
    
    Move OPENSSL_NO_RIPEMD160 to compat and add ifdefs to mac.c around the
    ripemd160 MACs.

commit bce58885160e5db2adda3054c3b81fe770f7285a
Author: Darren Tucker <dtucker@zip.com.au>
Date:   Fri Oct 28 13:52:31 2016 +1100

    Check if RIPEMD160 is disabled in OpenSSL.

commit d924640d4c355d1b5eca1f4cc60146a9975dbbff
Author: Darren Tucker <dtucker@zip.com.au>
Date:   Fri Oct 28 13:38:19 2016 +1100

    Skip ssh1 specfic ciphers.
    
    cipher-3des1.c and cipher-bf1.c are specific to sshv1 so don't even try
    to compile them when Protocol 1 is not enabled.

commit 79d078e7a49caef746516d9710ec369ba45feab6
Author: jsg@openbsd.org <jsg@openbsd.org>
Date:   Tue Oct 25 04:08:13 2016 +0000

    upstream commit
    
    Fix logic in add_local_forward() that inverted a test
    when code was refactored out into bind_permitted().  This broke ssh port
    forwarding for non-priv ports as a non root user.
    
    ok dtucker@ 'looks good' deraadt@
    
    Upstream-ID: ddb8156ca03cc99997de284ce7777536ff9570c9

commit a903e315dee483e555c8a3a02c2946937f9b4e5d
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Mon Oct 24 01:09:17 2016 +0000

    upstream commit
    
    Remove dead breaks, found via opencoverage.net.  ok
    deraadt@
    
    Upstream-ID: ad9cc655829d67fad219762810770787ba913069

commit b4e96b4c9bea4182846e4942ba2048e6d708ee54
Author: Darren Tucker <dtucker@zip.com.au>
Date:   Wed Oct 26 08:43:25 2016 +1100

    Use !=NULL instead of >0 for getdefaultproj.
    
    getdefaultproj() returns a pointer so test it for NULL inequality
    instead of >0.  Fixes compiler warning and is more correct.  Patch from
    David Binderman.

commit 1c4ef0b808d3d38232aeeb1cebb7e9a43def42c5
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Sun Oct 23 22:04:05 2016 +0000

    upstream commit
    
    Factor out "can bind to low ports" check into its own function.  This will
    make it easier for Portable to support platforms with permissions models
    other than uid==0 (eg bz#2625).  ok djm@, "doesn't offend me too much"
    deraadt@.
    
    Upstream-ID: 86213df4183e92b8f189a6d2dac858c994bfface

commit 0b9ee623d57e5de7e83e66fd61a7ba9a5be98894
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Wed Oct 19 23:21:56 2016 +0000

    upstream commit
    
    When tearing down ControlMaster connecctions, don't
    pollute stderr when LogLevel=quiet.  Patch from Tim Kuijsten via tech@.
    
    Upstream-ID: d9b3a68b2a7c2f2fc7f74678e29a4618d55ceced

commit 09e6a7d8354224933febc08ddcbc2010f542284e
Author: Darren Tucker <dtucker@zip.com.au>
Date:   Mon Oct 24 09:06:18 2016 +1100

    Wrap stdint.h include in ifdef.

commit 08d9e9516e587b25127545c029e5464b2e7f2919
Author: Darren Tucker <dtucker@zip.com.au>
Date:   Fri Oct 21 09:46:46 2016 +1100

    Fix formatting.

commit 461f50e7ab8751d3a55e9158c44c13031db7ba1d
Author: Darren Tucker <dtucker@zip.com.au>
Date:   Fri Oct 21 06:55:58 2016 +1100

    Update links to https.
    
    www.openssh.com now supports https and ftp.openbsd.org no longer
    supports ftp.  Make all links to these https.

commit dd4e7212a6141f37742de97795e79db51e4427ad
Author: Darren Tucker <dtucker@zip.com.au>
Date:   Fri Oct 21 06:48:46 2016 +1100

    Update host key generation examples.
    
    Remove ssh1 host key generation, add ssh-keygen -A

commit 6d49ae82634c67e9a4d4af882bee20b40bb8c639
Author: Darren Tucker <dtucker@zip.com.au>
Date:   Fri Oct 21 05:22:55 2016 +1100

    Update links.
    
    Make links to openssh.com HTTPS now that it's supported, point release
    notes link to the HTML release notes page, and update a couple of other
    links and bits of text.

commit fe0d1ca6ace06376625084b004ee533f2c2ea9d6
Author: Darren Tucker <dtucker@zip.com.au>
Date:   Thu Oct 20 03:42:09 2016 +1100

    Remote channels .orig and .rej files.
    
    These files were incorrectly added during an OpenBSD sync.

commit 246aa842a4ad368d8ce030495e657ef3a0e1f95c
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Tue Oct 18 17:32:54 2016 +0000

    upstream commit
    
    Remove channel_input_port_forward_request(); the only caller
    was the recently-removed SSH1 server code so it's now dead code.  ok markus@
    
    Upstream-ID: 05453983230a1f439562535fec2818f63f297af9

commit 2c6697c443d2c9c908260eed73eb9143223e3ec9
Author: millert@openbsd.org <millert@openbsd.org>
Date:   Tue Oct 18 12:41:22 2016 +0000

    upstream commit
    
    Install a signal handler for tty-generated signals and
    wait for the ssh child to suspend before suspending sftp.  This lets ssh
    restore the terminal mode as needed when it is suspended at the password
    prompt.  OK dtucker@
    
    Upstream-ID: a31c1f42aa3e2985dcc91e46e6a17bd22e372d69

commit fd2a8f1033fa2316fff719fd5176968277560158
Author: jmc@openbsd.org <jmc@openbsd.org>
Date:   Sat Oct 15 19:56:25 2016 +0000

    upstream commit
    
    various formatting fixes, specifically removing Dq;
    
    Upstream-ID: 81e85df2b8e474f5f93d66e61d9a4419ce87347c

commit 8f866d8a57b9a2dc5dd04504e27f593b551618e3
Author: Darren Tucker <dtucker@zip.com.au>
Date:   Wed Oct 19 03:26:09 2016 +1100

    Import readpassphrase.c rev 1.26.
    
    Author: miller@openbsd.org:
    Avoid generate SIGTTOU when restoring the terminal mode.  If we get
    SIGTTOU it means the process is not in the foreground process group
    which, in most cases, means that the shell has taken control of the tty.
    Requiring the user the fg the process in this case doesn't make sense
    and can result in both SIGTSTP and SIGTTOU being sent which can lead to
    the process being suspended again immediately after being brought into
    the foreground.

commit f901440cc844062c9bab0183d133f7ccc58ac3a5
Author: Darren Tucker <dtucker@zip.com.au>
Date:   Wed Oct 19 03:23:16 2016 +1100

    Import readpassphrase.c rev 1.25.
    
    Wrap <readpassphrase.h> so internal calls go direct and
    readpassphrase is weak.
    
    (DEF_WEAK is a no-op in portable.)

commit 032147b69527e5448a511049b2d43dbcae582624
Author: Darren Tucker <dtucker@zip.com.au>
Date:   Sat Oct 15 05:51:12 2016 +1100

    Move DEF_WEAK into defines.h.
    
    As well pull in more recent changes from OpenBSD these will start to
    arrive so put it where the definition is shared.

commit e0259a82ddd950cfb109ddee86fcebbc09c6bd04
Author: Darren Tucker <dtucker@zip.com.au>
Date:   Sat Oct 15 04:34:46 2016 +1100

    Remove do_pam_set_tty which is dead code.
    
    The callers of do_pam_set_tty were removed in 2008, so this is now dead
    code.  bz#2604, pointed out by jjelen at redhat.com.

commit ca04de83f210959ad2ed870a30ba1732c3ae00e3
Author: Damien Miller <djm@mindrot.org>
Date:   Thu Oct 13 18:53:43 2016 +1100

    unbreak principals-command test
    
    Undo inconsistetly updated variable name.

commit 1723ec92eb485ce06b4cbf49712d21975d873909
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Tue Oct 11 21:49:54 2016 +0000

    upstream commit
    
    fix the KEX fuzzer - the previous method of obtaining the
    packet contents was broken. This now uses the new per-packet input hook, so
    it sees exact post-decrypt packets and doesn't have to pass packet integrity
    checks. ok markus@
    
    Upstream-Regress-ID: 402fb6ffabd97de590e8e57b25788949dce8d2fd

commit 09f997893f109799cddbfce6d7e67f787045cbb2
Author: natano@openbsd.org <natano@openbsd.org>
Date:   Thu Oct 6 09:31:38 2016 +0000

    upstream commit
    
    Move USER out of the way to unbreak the BUILDUSER
    mechanism. ok tb
    
    Upstream-Regress-ID: 74ab9687417dd071d62316eaadd20ddad1d5af3c

commit 3049a012c482a7016f674db168f23fd524edce27
Author: bluhm@openbsd.org <bluhm@openbsd.org>
Date:   Fri Sep 30 11:55:20 2016 +0000

    upstream commit
    
    In ssh tests set REGRESS_FAIL_EARLY with ?= so that the
    environment can change it. OK djm@
    
    Upstream-Regress-ID: 77bcb50e47b68c7209c7f0a5a020d73761e5143b

commit 39af7b444db28c1cb01b7ea468a4f574a44f375b
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Tue Oct 11 21:47:45 2016 +0000

    upstream commit
    
    Add a per-packet input hook that is called with the
    decrypted packet contents. This will be used for fuzzing; ok markus@
    
    Upstream-ID: a3221cee6b1725dd4ae1dd2c13841b4784cb75dc

commit ec165c392ca54317dbe3064a8c200de6531e89ad
Author: markus@openbsd.org <markus@openbsd.org>
Date:   Mon Oct 10 19:28:48 2016 +0000

    upstream commit
    
    Unregister the KEXINIT handler after message has been
    received. Otherwise an unauthenticated peer can repeat the KEXINIT and cause
    allocation of up to 128MB -- until the connection is closed. Reported by
    shilei-c at 360.cn
    
    Upstream-ID: 43649ae12a27ef94290db16d1a98294588b75c05

commit 29d40319392e6e19deeca9d45468aa1119846e50
Author: Darren Tucker <dtucker@zip.com.au>
Date:   Thu Oct 13 04:07:20 2016 +1100

    Import rev 1.24 from OpenBSD.
    
    revision 1.24
    date: 2013/11/24 23:51:29;  author: deraadt;  state: Exp;  lines: +4 -4;
    most obvious unsigned char casts for ctype
    ok jca krw ingo

commit 12069e56221de207ed666c2449dedb431a2a7ca2
Author: Darren Tucker <dtucker@zip.com.au>
Date:   Thu Oct 13 04:04:44 2016 +1100

    Import rev 1.23 from OpenBSD.  Fixes bz#2619.
    
    revision 1.23
    date: 2010/05/14 13:30:34;  author: millert;  state: Exp;  lines: +41 -39;
    Defer installing signal handlers until echo is disabled so that we
    get suspended normally when not the foreground process.  Fix potential
    infinite loop when restoring terminal settings if process is in the
    background when restore occurs.  OK miod@

commit 7508d83eff89af069760b4cc587305588a64e415
Author: Darren Tucker <dtucker@zip.com.au>
Date:   Thu Oct 13 03:53:51 2016 +1100

    If we don't have TCSASOFT, define it to zero.
    
    This makes it a no-op when we use it below, which allows us to re-sync
    those lines with the upstream and make future updates easier.

commit aae4dbd4c058d3b1fe1eb5c4e6ddf35827271377
Author: jmc@openbsd.org <jmc@openbsd.org>
Date:   Fri Oct 7 14:41:52 2016 +0000

    upstream commit
    
    tidy up the formatting in this file. more specifically,
    replace .Dq, which looks appalling, with .Cm, where appropriate;
    
    Upstream-ID: ff8e90aa0343d9bb56f40a535e148607973cc738

commit a571dbcc7b7b25371174569b13df5159bc4c6c7a
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Tue Oct 4 21:34:40 2016 +0000

    upstream commit
    
    add a comment about implicitly-expected checks to
    sshkey_ec_validate_public()
    
    Upstream-ID: 74a7f71c28f7c13a50f89fc78e7863b9cd61713f

commit 2f78a2a698f4222f8e05cad57ac6e0c3d1faff00
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Sep 30 20:24:46 2016 +0000

    upstream commit
    
    fix some -Wpointer-sign warnings in the new mux proxy; ok
    markus@
    
    Upstream-ID: b1ba7b3769fbc6b7f526792a215b0197f5e55dfd

commit ca71c36645fc26fcd739a8cfdc702cec85607761
Author: bluhm@openbsd.org <bluhm@openbsd.org>
Date:   Wed Sep 28 20:09:52 2016 +0000

    upstream commit
    
    Add a makefile rule to create the ssh library when
    regress needs it.  This allows to run the ssh regression tests without doing
    a "make build" before. Discussed with dtucker@ and djm@; OK djm@
    
    Upstream-Regress-ID: ce489bd53afcd471225a125b4b94565d4717c025

commit ce44c970f913d2a047903dba8670554ac42fc479
Author: bluhm@openbsd.org <bluhm@openbsd.org>
Date:   Mon Sep 26 21:34:38 2016 +0000

    upstream commit
    
    Allow to run ssh regression tests as root.  If the user
    is already root, the test should not expect that SUDO is set.  If ssh needs
    another user, use sudo or doas to switch from root if necessary. OK dtucker@
    
    Upstream-Regress-ID: b464e55185ac4303529e3e6927db41683aaeace2

commit 8d0578478586e283e751ca51e7b0690631da139a
Author: markus@openbsd.org <markus@openbsd.org>
Date:   Fri Sep 30 09:19:13 2016 +0000

    upstream commit
    
    ssh proxy mux mode (-O proxy; idea from Simon Tatham): - mux
    client speaks the ssh-packet protocol directly over unix-domain socket. - mux
    server acts as a proxy, translates channel IDs and relays to the server. - no
    filedescriptor passing necessary. - combined with unix-domain forwarding it's
    even possible to run mux client   and server on different machines. feedback
    & ok djm@
    
    Upstream-ID: 666a2fb79f58e5c50e246265fb2b9251e505c25b

commit b7689155f3f5c4999846c07a852b1c7a43b09cec
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Wed Sep 28 21:44:52 2016 +0000

    upstream commit
    
    put back some pre-auth zlib bits that I shouldn't have
    removed - they are still used by the client. Spotted by naddy@
    
    Upstream-ID: 80919468056031037d56a1f5b261c164a6f90dc2

commit 4577adead6a7d600c8e764619d99477a08192c8f
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Wed Sep 28 20:32:42 2016 +0000

    upstream commit
    
    restore pre-auth compression support in the client -- the
    previous commit was intended to remove it from the server only.
    
    remove a few server-side pre-auth compression bits that escaped
    
    adjust wording of Compression directive in sshd_config(5)
    
    pointed out by naddy@ ok markus@
    
    Upstream-ID: d23696ed72a228dacd4839dd9f2dec424ba2016b

commit 80d1c963b4dc84ffd11d09617b39c4bffda08956
Author: jmc@openbsd.org <jmc@openbsd.org>
Date:   Wed Sep 28 17:59:22 2016 +0000

    upstream commit
    
    use a separate TOKENS section, as we've done for
    sshd_config(5); help/ok djm
    
    Upstream-ID: 640e32b5e4838e4363738cdec955084b3579481d

commit 1cfd5c06efb121e58e8b6671548fda77ef4b4455
Author: Damien Miller <djm@mindrot.org>
Date:   Thu Sep 29 03:19:23 2016 +1000

    Remove portability support for mmap
    
    We no longer need to wrap/replace mmap for portability now that
    pre-auth compression has been removed from OpenSSH.

commit 0082fba4efdd492f765ed4c53f0d0fbd3bdbdf7f
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Wed Sep 28 16:33:06 2016 +0000

    upstream commit
    
    Remove support for pre-authentication compression. Doing
    compression early in the protocol probably seemed reasonable in the 1990s,
    but today it's clearly a bad idea in terms of both cryptography (cf. multiple
    compression oracle attacks in TLS) and attack surface.
    
    Moreover, to support it across privilege-separation zlib needed
    the assistance of a complex shared-memory manager that made the
    required attack surface considerably larger.
    
    Prompted by Guido Vranken pointing out a compiler-elided security
    check in the shared memory manager found by Stack
    (http://css.csail.mit.edu/stack/); ok deraadt@ markus@
    
    NB. pre-auth authentication has been disabled by default in sshd
    for >10 years.
    
    Upstream-ID: 32af9771788d45a0779693b41d06ec199d849caf

commit 27c3a9c2aede2184856b5de1e6eca414bb751c38
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Mon Sep 26 21:16:11 2016 +0000

    upstream commit
    
    Avoid a theoretical signed integer overflow should
    BN_num_bytes() ever violate its manpage and return a negative value. Improve
    order of tests to avoid confusing increasingly pedantic compilers.
    
    Reported by Guido Vranken from stack (css.csail.mit.edu/stack)
    unstable optimisation analyser output.  ok deraadt@
    
    Upstream-ID: f8508c830c86d8f36c113985e52bf8eedae23505

commit 8663e51c80c6aa3d750c6d3bcff6ee05091922be
Author: Damien Miller <djm@mindrot.org>
Date:   Wed Sep 28 07:40:33 2016 +1000

    fix mdoc2man.awk formatting for top-level lists
    
    Reported by Glenn Golden
    Diagnosis and fix from Ingo Schwarze

commit b97739dc21570209ed9d4e7beee0c669ed23b097
Author: djm@openbsd.org <djm@openbsd.org>
