aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEd Maste <emaste@FreeBSD.org>2021-09-08 01:05:51 +0000
committerEd Maste <emaste@FreeBSD.org>2021-09-08 01:05:51 +0000
commit19261079b74319502c6ffa1249920079f0f69a72 (patch)
treea07fb2205e0cea7dee1ffbcc945d9d5b97124714
parentc5128c48df3c2f3828432aff2ea536bb9c887e14 (diff)
parent66719ee573ac2290622db642f6e89ab35b179f3d (diff)
downloadsrc-19261079b74319502c6ffa1249920079f0f69a72.tar.gz
src-19261079b74319502c6ffa1249920079f0f69a72.zip
openssh: update to OpenSSH v8.7p1
Some notable changes, from upstream's release notes: - sshd(8): Remove support for obsolete "host/port" syntax. - ssh(1): When prompting whether to record a new host key, accept the key fingerprint as a synonym for "yes". - ssh-keygen(1): when acting as a CA and signing certificates with an RSA key, default to using the rsa-sha2-512 signature algorithm. - ssh(1), sshd(8), ssh-keygen(1): this release removes the "ssh-rsa" (RSA/SHA1) algorithm from those accepted for certificate signatures. - ssh-sk-helper(8): this is a new binary. It is used by the FIDO/U2F support to provide address-space isolation for token middleware libraries (including the internal one). - ssh(1): this release enables UpdateHostkeys by default subject to some conservative preconditions. - scp(1): this release changes the behaviour of remote to remote copies (e.g. "scp host-a:/path host-b:") to transfer through the local host by default. - scp(1): experimental support for transfers using the SFTP protocol as a replacement for the venerable SCP/RCP protocol that it has traditionally used. Additional integration work is needed to support FIDO/U2F in the base system. Deprecation Notice ------------------ OpenSSH will disable the ssh-rsa signature scheme by default in the next release. Reviewed by: imp MFC after: 1 month Relnotes: Yes Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D29985
Diffstat
-rw-r--r--crypto/openssh/.depend354
-rw-r--r--crypto/openssh/.github/ci-status.md4
-rwxr-xr-xcrypto/openssh/.github/configs170
-rwxr-xr-xcrypto/openssh/.github/configure.sh6
-rwxr-xr-xcrypto/openssh/.github/run_test.sh34
-rwxr-xr-xcrypto/openssh/.github/setup_ci.sh115
-rw-r--r--crypto/openssh/.github/workflows/c-cpp.yml76
-rw-r--r--crypto/openssh/.github/workflows/selfhosted.yml93
-rw-r--r--crypto/openssh/.github/workflows/upstream.yml43
-rw-r--r--crypto/openssh/.gitignore8
-rw-r--r--crypto/openssh/.skipped-commit-ids18
-rw-r--r--crypto/openssh/CREDITS2
-rw-r--r--crypto/openssh/ChangeLog15891
-rw-r--r--crypto/openssh/FREEBSD-vendor4
-rw-r--r--crypto/openssh/INSTALL79
-rw-r--r--crypto/openssh/LICENCE64
-rw-r--r--crypto/openssh/Makefile.in328
-rw-r--r--crypto/openssh/OVERVIEW7
-rw-r--r--crypto/openssh/PROTOCOL89
-rw-r--r--crypto/openssh/PROTOCOL.agent6
-rw-r--r--crypto/openssh/PROTOCOL.certkeys35
-rw-r--r--crypto/openssh/PROTOCOL.chacha20poly13054
-rw-r--r--crypto/openssh/PROTOCOL.key9
-rw-r--r--crypto/openssh/PROTOCOL.mux4
-rw-r--r--crypto/openssh/PROTOCOL.sshsig100
-rw-r--r--crypto/openssh/PROTOCOL.u2f309
-rw-r--r--crypto/openssh/README36
-rw-r--r--crypto/openssh/README.dns8
-rw-r--r--crypto/openssh/README.md84
-rw-r--r--crypto/openssh/README.platform16
-rw-r--r--crypto/openssh/README.privsep11
-rw-r--r--crypto/openssh/aclocal.m4193
-rw-r--r--crypto/openssh/addr.c423
-rw-r--r--crypto/openssh/addr.h60
-rw-r--r--crypto/openssh/addrmatch.c351
-rw-r--r--crypto/openssh/atomicio.c32
-rw-r--r--crypto/openssh/atomicio.h4
-rw-r--r--crypto/openssh/audit-bsm.c41
-rw-r--r--crypto/openssh/audit-linux.c4
-rw-r--r--crypto/openssh/audit.c2
-rw-r--r--crypto/openssh/audit.h4
-rw-r--r--crypto/openssh/auth-bsdauth.c2
-rw-r--r--crypto/openssh/auth-krb5.c19
-rw-r--r--crypto/openssh/auth-options.c194
-rw-r--r--crypto/openssh/auth-options.h13
-rw-r--r--crypto/openssh/auth-pam.c119
-rw-r--r--crypto/openssh/auth-pam.h2
-rw-r--r--crypto/openssh/auth-passwd.c6
-rw-r--r--crypto/openssh/auth-rhosts.c19
-rw-r--r--crypto/openssh/auth-skey.c107
-rw-r--r--crypto/openssh/auth.c303
-rw-r--r--crypto/openssh/auth.h36
-rw-r--r--crypto/openssh/auth2-chall.c43
-rw-r--r--crypto/openssh/auth2-gss.c29
-rw-r--r--crypto/openssh/auth2-hostbased.c71
-rw-r--r--crypto/openssh/auth2-kbdint.c8
-rw-r--r--crypto/openssh/auth2-none.c4
-rw-r--r--crypto/openssh/auth2-passwd.c9
-rw-r--r--crypto/openssh/auth2-pubkey.c264
-rw-r--r--crypto/openssh/auth2.c209
-rw-r--r--crypto/openssh/authfd.c178
-rw-r--r--crypto/openssh/authfd.h12
-rw-r--r--crypto/openssh/authfile.c265
-rw-r--r--crypto/openssh/authfile.h10
-rw-r--r--crypto/openssh/blacklist.c6
-rw-r--r--crypto/openssh/buildpkg.sh.in8
-rw-r--r--crypto/openssh/canohost.c12
-rw-r--r--crypto/openssh/chacha.h4
-rw-r--r--crypto/openssh/channels.c761
-rw-r--r--crypto/openssh/channels.h38
-rw-r--r--crypto/openssh/cipher-chachapoly-libcrypto.c166
-rw-r--r--crypto/openssh/cipher-chachapoly.c32
-rw-r--r--crypto/openssh/cipher-chachapoly.h13
-rw-r--r--crypto/openssh/cipher.c48
-rw-r--r--crypto/openssh/cipher.h5
-rw-r--r--crypto/openssh/clientloop.c1074
-rw-r--r--crypto/openssh/clientloop.h5
-rw-r--r--crypto/openssh/compat.c92
-rw-r--r--crypto/openssh/compat.h20
-rwxr-xr-xcrypto/openssh/config.guess882
-rw-r--r--crypto/openssh/config.h241
-rwxr-xr-xcrypto/openssh/config.sub2528
-rw-r--r--crypto/openssh/configure.ac970
-rw-r--r--crypto/openssh/contrib/Makefile6
-rw-r--r--crypto/openssh/contrib/cygwin/README4
-rw-r--r--crypto/openssh/contrib/cygwin/ssh-host-config59
-rw-r--r--[-rwxr-xr-x]crypto/openssh/contrib/findssl.sh0
-rw-r--r--crypto/openssh/contrib/gnome-ssh-askpass1.c7
-rw-r--r--crypto/openssh/contrib/gnome-ssh-askpass2.c210
-rw-r--r--crypto/openssh/contrib/gnome-ssh-askpass3.c305
-rw-r--r--[-rwxr-xr-x]crypto/openssh/contrib/redhat/gnome-ssh-askpass.sh0
-rw-r--r--crypto/openssh/contrib/redhat/openssh.spec55
-rw-r--r--[-rwxr-xr-x]crypto/openssh/contrib/solaris/README0
-rw-r--r--crypto/openssh/contrib/ssh-copy-id303
-rw-r--r--crypto/openssh/contrib/ssh-copy-id.111
-rw-r--r--crypto/openssh/contrib/suse/openssh.spec6
-rw-r--r--crypto/openssh/crc32.c105
-rw-r--r--crypto/openssh/crc32.h30
-rw-r--r--crypto/openssh/crypto_api.h20
-rw-r--r--crypto/openssh/defines.h54
-rw-r--r--crypto/openssh/dh.c39
-rw-r--r--crypto/openssh/dh.h10
-rw-r--r--crypto/openssh/digest-libc.c33
-rw-r--r--crypto/openssh/digest-openssl.c19
-rw-r--r--crypto/openssh/dispatch.c6
-rw-r--r--crypto/openssh/dispatch.h9
-rw-r--r--crypto/openssh/dns.c72
-rw-r--r--crypto/openssh/dns.h3
-rw-r--r--crypto/openssh/entropy.c175
-rw-r--r--crypto/openssh/fatal.c7
-rw-r--r--crypto/openssh/groupaccess.c5
-rw-r--r--crypto/openssh/gss-genr.c19
-rw-r--r--crypto/openssh/gss-serv.c4
-rw-r--r--crypto/openssh/hash.c36
-rw-r--r--crypto/openssh/hmac.c7
-rw-r--r--crypto/openssh/hostfile.c269
-rw-r--r--crypto/openssh/hostfile.h27
-rw-r--r--crypto/openssh/int32_minmax.inc0
-rw-r--r--crypto/openssh/kex.c490
-rw-r--r--crypto/openssh/kex.h92
-rw-r--r--crypto/openssh/kexc25519.c182
-rw-r--r--crypto/openssh/kexc25519c.c169
-rw-r--r--crypto/openssh/kexc25519s.c158
-rw-r--r--crypto/openssh/kexdh.c205
-rw-r--r--crypto/openssh/kexdhc.c224
-rw-r--r--crypto/openssh/kexdhs.c222
-rw-r--r--crypto/openssh/kexecdh.c239
-rw-r--r--crypto/openssh/kexecdhc.c222
-rw-r--r--crypto/openssh/kexecdhs.c203
-rw-r--r--crypto/openssh/kexgen.c346
-rw-r--r--crypto/openssh/kexgex.c30
-rw-r--r--crypto/openssh/kexgexc.c123
-rw-r--r--crypto/openssh/kexgexs.c119
-rw-r--r--crypto/openssh/kexsntrup761x25519.c251
-rw-r--r--crypto/openssh/krl.c223
-rw-r--r--crypto/openssh/krl.h5
-rw-r--r--crypto/openssh/log.c219
-rw-r--r--crypto/openssh/log.h93
-rw-r--r--crypto/openssh/loginrec.c13
-rw-r--r--crypto/openssh/loginrec.h7
-rw-r--r--crypto/openssh/logintest.c60
-rw-r--r--crypto/openssh/m4/openssh.m4200
-rw-r--r--crypto/openssh/mac.c7
-rw-r--r--crypto/openssh/match.c34
-rw-r--r--crypto/openssh/match.h7
-rw-r--r--crypto/openssh/misc.c962
-rw-r--r--crypto/openssh/misc.h75
-rw-r--r--crypto/openssh/moduli876
-rw-r--r--crypto/openssh/moduli.c29
-rw-r--r--crypto/openssh/monitor.c708
-rw-r--r--crypto/openssh/monitor.h13
-rw-r--r--crypto/openssh/monitor_fdpass.c24
-rw-r--r--crypto/openssh/monitor_wrap.c305
-rw-r--r--crypto/openssh/monitor_wrap.h26
-rw-r--r--crypto/openssh/msg.c18
-rw-r--r--crypto/openssh/mux.c640
-rw-r--r--crypto/openssh/myproposal.h144
-rw-r--r--crypto/openssh/nchan.c77
-rw-r--r--crypto/openssh/opacket.c320
-rw-r--r--crypto/openssh/opacket.h154
-rw-r--r--crypto/openssh/openbsd-compat/Makefile.in11
-rw-r--r--crypto/openssh/openbsd-compat/arc4random.c12
-rw-r--r--crypto/openssh/openbsd-compat/base64.c2
-rw-r--r--crypto/openssh/openbsd-compat/bcrypt_pbkdf.c4
-rw-r--r--crypto/openssh/openbsd-compat/bsd-closefrom.c88
-rw-r--r--crypto/openssh/openbsd-compat/bsd-cygwin_util.c149
-rw-r--r--crypto/openssh/openbsd-compat/bsd-cygwin_util.h1
-rw-r--r--crypto/openssh/openbsd-compat/bsd-misc.c113
-rw-r--r--crypto/openssh/openbsd-compat/bsd-misc.h41
-rw-r--r--crypto/openssh/openbsd-compat/bsd-openpty.c17
-rw-r--r--crypto/openssh/openbsd-compat/bsd-poll.h2
-rw-r--r--crypto/openssh/openbsd-compat/bsd-pselect.c205
-rw-r--r--crypto/openssh/openbsd-compat/bsd-setres_id.c12
-rw-r--r--crypto/openssh/openbsd-compat/bsd-signal.c29
-rw-r--r--crypto/openssh/openbsd-compat/bsd-signal.h7
-rw-r--r--crypto/openssh/openbsd-compat/bsd-snprintf.c18
-rw-r--r--crypto/openssh/openbsd-compat/bsd-statvfs.c10
-rw-r--r--crypto/openssh/openbsd-compat/bsd-waitpid.h2
-rw-r--r--crypto/openssh/openbsd-compat/explicit_bzero.c10
-rw-r--r--crypto/openssh/openbsd-compat/fnmatch.c495
-rw-r--r--crypto/openssh/openbsd-compat/fnmatch.h66
-rw-r--r--crypto/openssh/openbsd-compat/getopt_long.c2
-rw-r--r--crypto/openssh/openbsd-compat/glob.c157
-rw-r--r--crypto/openssh/openbsd-compat/glob.h9
-rw-r--r--crypto/openssh/openbsd-compat/libressl-api-compat.c6
-rw-r--r--crypto/openssh/openbsd-compat/memmem.c196
-rw-r--r--crypto/openssh/openbsd-compat/mktemp.c4
-rw-r--r--crypto/openssh/openbsd-compat/openbsd-compat.h42
-rw-r--r--crypto/openssh/openbsd-compat/openssl-compat.c22
-rw-r--r--crypto/openssh/openbsd-compat/openssl-compat.h59
-rw-r--r--crypto/openssh/openbsd-compat/port-aix.c25
-rw-r--r--crypto/openssh/openbsd-compat/port-aix.h7
-rw-r--r--crypto/openssh/openbsd-compat/port-irix.c2
-rw-r--r--crypto/openssh/openbsd-compat/port-linux.c25
-rw-r--r--crypto/openssh/openbsd-compat/port-net.c18
-rw-r--r--crypto/openssh/openbsd-compat/port-prngd.c164
-rw-r--r--crypto/openssh/openbsd-compat/port-solaris.c14
-rw-r--r--crypto/openssh/openbsd-compat/port-uw.c2
-rw-r--r--crypto/openssh/openbsd-compat/pwcache.c4
-rw-r--r--crypto/openssh/openbsd-compat/regress/Makefile.in4
-rw-r--r--crypto/openssh/openbsd-compat/regress/closefromtest.c4
-rw-r--r--crypto/openssh/openbsd-compat/regress/opensslvertest.c2
-rw-r--r--crypto/openssh/openbsd-compat/regress/snprintftest.c5
-rw-r--r--crypto/openssh/openbsd-compat/regress/strduptest.c2
-rw-r--r--crypto/openssh/openbsd-compat/regress/strtonumtest.c2
-rw-r--r--crypto/openssh/openbsd-compat/regress/utimensattest.c120
-rw-r--r--crypto/openssh/openbsd-compat/rmd160.c378
-rw-r--r--crypto/openssh/openbsd-compat/rmd160.h61
-rw-r--r--crypto/openssh/openbsd-compat/setenv.c2
-rw-r--r--crypto/openssh/openbsd-compat/setproctitle.c1
-rw-r--r--crypto/openssh/openbsd-compat/sha1.c13
-rw-r--r--crypto/openssh/openbsd-compat/sha2.c336
-rw-r--r--crypto/openssh/openbsd-compat/sha2.h138
-rw-r--r--crypto/openssh/openbsd-compat/strtonum.c6
-rw-r--r--crypto/openssh/openbsd-compat/sys-queue.h376
-rw-r--r--crypto/openssh/packet.c264
-rw-r--r--crypto/openssh/packet.h14
-rw-r--r--crypto/openssh/pathnames.h9
-rw-r--r--crypto/openssh/platform.c1
-rw-r--r--crypto/openssh/progressmeter.c60
-rw-r--r--crypto/openssh/progressmeter.h3
-rw-r--r--crypto/openssh/readconf.c1338
-rw-r--r--crypto/openssh/readconf.h37
-rw-r--r--crypto/openssh/readpass.c191
-rw-r--r--crypto/openssh/regress/Makefile75
-rw-r--r--crypto/openssh/regress/README.regress80
-rw-r--r--[-rwxr-xr-x]crypto/openssh/regress/addrmatch.sh16
-rw-r--r--crypto/openssh/regress/agent-getpeereid.sh6
-rw-r--r--[-rwxr-xr-x]crypto/openssh/regress/agent-pkcs11.sh99
-rw-r--r--crypto/openssh/regress/agent-ptrace.sh2
-rw-r--r--crypto/openssh/regress/agent-subprocess.sh22
-rw-r--r--crypto/openssh/regress/agent-timeout.sh12
-rw-r--r--crypto/openssh/regress/agent.sh124
-rw-r--r--crypto/openssh/regress/allow-deny-users.sh8
-rw-r--r--crypto/openssh/regress/banner.sh6
-rw-r--r--[-rwxr-xr-x]crypto/openssh/regress/cert-file.sh4
-rw-r--r--[-rwxr-xr-x]crypto/openssh/regress/cert-hostkey.sh36
-rw-r--r--[-rwxr-xr-x]crypto/openssh/regress/cert-userkey.sh53
-rw-r--r--crypto/openssh/regress/cfginclude.sh24
-rw-r--r--crypto/openssh/regress/cfgmatch.sh55
-rw-r--r--[-rwxr-xr-x]crypto/openssh/regress/cfgparse.sh0
-rw-r--r--[-rwxr-xr-x]crypto/openssh/regress/conch-ciphers.sh4
-rw-r--r--crypto/openssh/regress/connect-privsep.sh5
-rw-r--r--crypto/openssh/regress/connect.sh11
-rw-r--r--[-rwxr-xr-x]crypto/openssh/regress/dhgex.sh14
-rw-r--r--crypto/openssh/regress/ed25519_openssh.prv7
-rw-r--r--crypto/openssh/regress/ed25519_openssh.pub1
-rw-r--r--[-rwxr-xr-x]crypto/openssh/regress/forward-control.sh6
-rw-r--r--crypto/openssh/regress/forwarding.sh44
-rw-r--r--[-rwxr-xr-x]crypto/openssh/regress/host-expand.sh0
-rw-r--r--[-rwxr-xr-x]crypto/openssh/regress/hostkey-agent.sh10
-rw-r--r--[-rwxr-xr-x]crypto/openssh/regress/hostkey-rotate.sh80
-rw-r--r--[-rwxr-xr-x]crypto/openssh/regress/integrity.sh8
-rw-r--r--[-rwxr-xr-x]crypto/openssh/regress/kextype.sh0
-rw-r--r--[-rwxr-xr-x]crypto/openssh/regress/key-options.sh10
-rw-r--r--crypto/openssh/regress/keygen-change.sh7
-rw-r--r--crypto/openssh/regress/keygen-comment.sh52
-rw-r--r--[-rwxr-xr-x]crypto/openssh/regress/keygen-convert.sh54
-rw-r--r--[-rwxr-xr-x]crypto/openssh/regress/keygen-knownhosts.sh0
-rw-r--r--crypto/openssh/regress/keygen-moduli.sh17
-rw-r--r--crypto/openssh/regress/keygen-sshfp.sh29
-rw-r--r--[-rwxr-xr-x]crypto/openssh/regress/keys-command.sh11
-rw-r--r--crypto/openssh/regress/keyscan.sh17
-rw-r--r--[-rwxr-xr-x]crypto/openssh/regress/keytype.sh57
-rw-r--r--crypto/openssh/regress/knownhosts-command.sh53
-rw-r--r--[-rwxr-xr-x]crypto/openssh/regress/krl.sh41
-rw-r--r--[-rwxr-xr-x]crypto/openssh/regress/limit-keytype.sh69
-rw-r--r--[-rwxr-xr-x]crypto/openssh/regress/localcommand.sh0
-rw-r--r--crypto/openssh/regress/misc/Makefile2
-rw-r--r--crypto/openssh/regress/misc/fuzz-harness/Makefile51
-rw-r--r--crypto/openssh/regress/misc/fuzz-harness/agent_fuzz.cc15
-rw-r--r--crypto/openssh/regress/misc/fuzz-harness/agent_fuzz_helper.c177
-rw-r--r--crypto/openssh/regress/misc/fuzz-harness/fixed-keys.h119
-rw-r--r--crypto/openssh/regress/misc/fuzz-harness/kex_fuzz.cc461
-rw-r--r--crypto/openssh/regress/misc/fuzz-harness/privkey_fuzz.cc21
-rw-r--r--crypto/openssh/regress/misc/fuzz-harness/sig_fuzz.cc24
-rw-r--r--crypto/openssh/regress/misc/fuzz-harness/ssh-sk-null.cc51
-rw-r--r--crypto/openssh/regress/misc/fuzz-harness/sshsig_fuzz.cc37
-rw-r--r--crypto/openssh/regress/misc/fuzz-harness/sshsigopt_fuzz.cc29
-rw-r--r--crypto/openssh/regress/misc/fuzz-harness/testdata/README4
-rwxr-xr-xcrypto/openssh/regress/misc/fuzz-harness/testdata/create-agent-corpus.sh44
-rw-r--r--crypto/openssh/regress/misc/fuzz-harness/testdata/id_dsa21
-rw-r--r--crypto/openssh/regress/misc/fuzz-harness/testdata/id_dsa-cert.pub1
-rw-r--r--crypto/openssh/regress/misc/fuzz-harness/testdata/id_dsa.pub1
-rw-r--r--crypto/openssh/regress/misc/fuzz-harness/testdata/id_ecdsa8
-rw-r--r--crypto/openssh/regress/misc/fuzz-harness/testdata/id_ecdsa-cert.pub1
-rw-r--r--crypto/openssh/regress/misc/fuzz-harness/testdata/id_ecdsa.pub1
-rw-r--r--crypto/openssh/regress/misc/fuzz-harness/testdata/id_ecdsa_sk14
-rw-r--r--crypto/openssh/regress/misc/fuzz-harness/testdata/id_ecdsa_sk-cert.pub1
-rw-r--r--crypto/openssh/regress/misc/fuzz-harness/testdata/id_ecdsa_sk.pub1
-rw-r--r--crypto/openssh/regress/misc/fuzz-harness/testdata/id_ed255197
-rw-r--r--crypto/openssh/regress/misc/fuzz-harness/testdata/id_ed25519-cert.pub1
-rw-r--r--crypto/openssh/regress/misc/fuzz-harness/testdata/id_ed25519.pub2
-rw-r--r--crypto/openssh/regress/misc/fuzz-harness/testdata/id_ed25519_sk8
-rw-r--r--crypto/openssh/regress/misc/fuzz-harness/testdata/id_ed25519_sk-cert.pub1
-rw-r--r--crypto/openssh/regress/misc/fuzz-harness/testdata/id_ed25519_sk.pub1
-rw-r--r--crypto/openssh/regress/misc/fuzz-harness/testdata/id_rsa27
-rw-r--r--crypto/openssh/regress/misc/fuzz-harness/testdata/id_rsa-cert.pub1
-rw-r--r--crypto/openssh/regress/misc/fuzz-harness/testdata/id_rsa.pub1
-rw-r--r--crypto/openssh/regress/misc/kexfuzz/Makefile88
-rw-r--r--crypto/openssh/regress/misc/kexfuzz/README34
-rw-r--r--crypto/openssh/regress/misc/kexfuzz/kexfuzz.c459
-rw-r--r--crypto/openssh/regress/misc/sk-dummy/fatal.c27
-rw-r--r--crypto/openssh/regress/misc/sk-dummy/sk-dummy.c539
-rw-r--r--[-rwxr-xr-x]crypto/openssh/regress/modpipe.c0
-rw-r--r--crypto/openssh/regress/multiplex.sh32
-rw-r--r--[-rwxr-xr-x]crypto/openssh/regress/multipubkey.sh19
-rw-r--r--crypto/openssh/regress/netcat.c46
-rw-r--r--crypto/openssh/regress/percent.sh119
-rw-r--r--[-rwxr-xr-x]crypto/openssh/regress/portnum.sh0
-rw-r--r--[-rwxr-xr-x]crypto/openssh/regress/principals-command.sh16
-rw-r--r--crypto/openssh/regress/proxy-connect.sh10
-rw-r--r--[-rwxr-xr-x]crypto/openssh/regress/putty-ciphers.sh4
-rw-r--r--[-rwxr-xr-x]crypto/openssh/regress/putty-kex.sh4
-rw-r--r--[-rwxr-xr-x]crypto/openssh/regress/putty-transfer.sh10
-rw-r--r--crypto/openssh/regress/reconfigure.sh24
-rw-r--r--crypto/openssh/regress/reexec.sh5
-rw-r--r--crypto/openssh/regress/rekey.sh8
-rw-r--r--crypto/openssh/regress/scp-ssh-wrapper.sh14
-rw-r--r--crypto/openssh/regress/scp-uri.sh81
-rw-r--r--crypto/openssh/regress/scp.sh183
-rw-r--r--crypto/openssh/regress/scp3.sh60
-rw-r--r--crypto/openssh/regress/servcfginclude.sh188
-rw-r--r--crypto/openssh/regress/sftp-badcmds.sh4
-rw-r--r--[-rwxr-xr-x]crypto/openssh/regress/sftp-chroot.sh7
-rw-r--r--crypto/openssh/regress/sftp-cmds.sh4
-rw-r--r--crypto/openssh/regress/sftp-perm.sh18
-rwxr-xr-xcrypto/openssh/regress/ssh2putty.sh8
-rw-r--r--crypto/openssh/regress/sshcfgparse.sh68
-rw-r--r--crypto/openssh/regress/sshfp-connect.sh66
-rw-r--r--crypto/openssh/regress/sshsig.sh236
-rw-r--r--crypto/openssh/regress/test-exec.sh280
-rw-r--r--crypto/openssh/regress/unittests/Makefile4
-rw-r--r--crypto/openssh/regress/unittests/Makefile.inc38
-rw-r--r--crypto/openssh/regress/unittests/authopt/tests.c10
-rw-r--r--crypto/openssh/regress/unittests/bitmap/tests.c4
-rw-r--r--crypto/openssh/regress/unittests/conversion/Makefile3
-rw-r--r--crypto/openssh/regress/unittests/conversion/tests.c32
-rw-r--r--crypto/openssh/regress/unittests/hostkeys/Makefile12
-rw-r--r--[-rwxr-xr-x]crypto/openssh/regress/unittests/hostkeys/mktestdata.sh0
-rw-r--r--crypto/openssh/regress/unittests/hostkeys/test_iterate.c119
-rw-r--r--crypto/openssh/regress/unittests/kex/Makefile31
-rw-r--r--crypto/openssh/regress/unittests/kex/test_kex.c29
-rw-r--r--crypto/openssh/regress/unittests/match/Makefile4
-rw-r--r--crypto/openssh/regress/unittests/match/tests.c4
-rw-r--r--crypto/openssh/regress/unittests/misc/test_argv.c187
-rw-r--r--crypto/openssh/regress/unittests/misc/test_convtime.c59
-rw-r--r--crypto/openssh/regress/unittests/misc/test_expand.c90
-rw-r--r--crypto/openssh/regress/unittests/misc/test_parse.c86
-rw-r--r--crypto/openssh/regress/unittests/misc/test_strdelim.c202
-rw-r--r--crypto/openssh/regress/unittests/misc/tests.c38
-rw-r--r--crypto/openssh/regress/unittests/sshbuf/Makefile10
-rw-r--r--crypto/openssh/regress/unittests/sshbuf/test_sshbuf_fuzz.c9
-rw-r--r--crypto/openssh/regress/unittests/sshbuf/test_sshbuf_getput_basic.c231
-rw-r--r--crypto/openssh/regress/unittests/sshbuf/test_sshbuf_getput_crypto.c160
-rw-r--r--crypto/openssh/regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c31
-rw-r--r--crypto/openssh/regress/unittests/sshbuf/test_sshbuf_misc.c71
-rw-r--r--crypto/openssh/regress/unittests/sshbuf/tests.c2
-rw-r--r--crypto/openssh/regress/unittests/sshkey/Makefile14
-rw-r--r--crypto/openssh/regress/unittests/sshkey/common.c17
-rwxr-xr-xcrypto/openssh/regress/unittests/sshkey/mktestdata.sh85
-rw-r--r--crypto/openssh/regress/unittests/sshkey/test_file.c141
-rw-r--r--crypto/openssh/regress/unittests/sshkey/test_fuzz.c78
-rw-r--r--crypto/openssh/regress/unittests/sshkey/test_sshkey.c55
-rw-r--r--crypto/openssh/regress/unittests/sshkey/testdata/dsa_n33
-rw-r--r--crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_n13
-rw-r--r--crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_sk113
-rw-r--r--crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_sk1-cert.fp1
-rw-r--r--crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_sk1-cert.pub1
-rw-r--r--crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_sk1.fp1
-rw-r--r--crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_sk1.fp.bb1
-rw-r--r--crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_sk1.pub1
-rw-r--r--crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_sk1_pw14
-rw-r--r--crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_sk213
-rw-r--r--crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_sk2.fp1
-rw-r--r--crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_sk2.fp.bb1
-rw-r--r--crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_sk2.pub1
-rw-r--r--crypto/openssh/regress/unittests/sshkey/testdata/ed25519_1_pw12
-rw-r--r--crypto/openssh/regress/unittests/sshkey/testdata/ed25519_sk18
-rw-r--r--crypto/openssh/regress/unittests/sshkey/testdata/ed25519_sk1-cert.fp1
-rw-r--r--crypto/openssh/regress/unittests/sshkey/testdata/ed25519_sk1-cert.pub1
-rw-r--r--crypto/openssh/regress/unittests/sshkey/testdata/ed25519_sk1.fp1
-rw-r--r--crypto/openssh/regress/unittests/sshkey/testdata/ed25519_sk1.fp.bb1
-rw-r--r--crypto/openssh/regress/unittests/sshkey/testdata/ed25519_sk1.pub1
-rw-r--r--crypto/openssh/regress/unittests/sshkey/testdata/ed25519_sk1_pw9
-rw-r--r--crypto/openssh/regress/unittests/sshkey/testdata/ed25519_sk28
-rw-r--r--crypto/openssh/regress/unittests/sshkey/testdata/ed25519_sk2.fp1
-rw-r--r--crypto/openssh/regress/unittests/sshkey/testdata/ed25519_sk2.fp.bb1
-rw-r--r--crypto/openssh/regress/unittests/sshkey/testdata/ed25519_sk2.pub1
-rw-r--r--crypto/openssh/regress/unittests/sshkey/testdata/rsa1_1bin533 -> 0 bytes
-rw-r--r--crypto/openssh/regress/unittests/sshkey/testdata/rsa1_1.fp1
-rw-r--r--crypto/openssh/regress/unittests/sshkey/testdata/rsa1_1.fp.bb1
-rw-r--r--crypto/openssh/regress/unittests/sshkey/testdata/rsa1_1.param.n1
-rw-r--r--crypto/openssh/regress/unittests/sshkey/testdata/rsa1_1.pub1
-rw-r--r--crypto/openssh/regress/unittests/sshkey/testdata/rsa1_1_pwbin533 -> 0 bytes
-rw-r--r--crypto/openssh/regress/unittests/sshkey/testdata/rsa1_2bin981 -> 0 bytes
-rw-r--r--crypto/openssh/regress/unittests/sshkey/testdata/rsa1_2.fp1
-rw-r--r--crypto/openssh/regress/unittests/sshkey/testdata/rsa1_2.fp.bb1
-rw-r--r--crypto/openssh/regress/unittests/sshkey/testdata/rsa1_2.param.n1
-rw-r--r--crypto/openssh/regress/unittests/sshkey/testdata/rsa1_2.pub1
-rw-r--r--crypto/openssh/regress/unittests/sshkey/testdata/rsa_n31
-rw-r--r--crypto/openssh/regress/unittests/sshkey/tests.c5
-rw-r--r--crypto/openssh/regress/unittests/sshsig/Makefile25
-rwxr-xr-xcrypto/openssh/regress/unittests/sshsig/mktestdata.sh42
-rw-r--r--crypto/openssh/regress/unittests/sshsig/testdata/dsa12
-rw-r--r--crypto/openssh/regress/unittests/sshsig/testdata/dsa.pub1
-rw-r--r--crypto/openssh/regress/unittests/sshsig/testdata/dsa.sig13
-rw-r--r--crypto/openssh/regress/unittests/sshsig/testdata/ecdsa5
-rw-r--r--crypto/openssh/regress/unittests/sshsig/testdata/ecdsa.pub1
-rw-r--r--crypto/openssh/regress/unittests/sshsig/testdata/ecdsa.sig7
-rw-r--r--crypto/openssh/regress/unittests/sshsig/testdata/ecdsa_sk13
-rw-r--r--crypto/openssh/regress/unittests/sshsig/testdata/ecdsa_sk.pub1
-rw-r--r--crypto/openssh/regress/unittests/sshsig/testdata/ecdsa_sk.sig8
-rw-r--r--crypto/openssh/regress/unittests/sshsig/testdata/ecdsa_sk_webauthn.pub1
-rw-r--r--crypto/openssh/regress/unittests/sshsig/testdata/ecdsa_sk_webauthn.sig13
-rw-r--r--crypto/openssh/regress/unittests/sshsig/testdata/ed255197
-rw-r--r--crypto/openssh/regress/unittests/sshsig/testdata/ed25519.pub1
-rw-r--r--crypto/openssh/regress/unittests/sshsig/testdata/ed25519.sig6
-rw-r--r--crypto/openssh/regress/unittests/sshsig/testdata/ed25519_sk8
-rw-r--r--crypto/openssh/regress/unittests/sshsig/testdata/ed25519_sk.pub1
-rw-r--r--crypto/openssh/regress/unittests/sshsig/testdata/ed25519_sk.sig7
-rw-r--r--crypto/openssh/regress/unittests/sshsig/testdata/namespace1
-rw-r--r--crypto/openssh/regress/unittests/sshsig/testdata/rsa39
-rw-r--r--crypto/openssh/regress/unittests/sshsig/testdata/rsa.pub1
-rw-r--r--crypto/openssh/regress/unittests/sshsig/testdata/rsa.sig19
-rw-r--r--crypto/openssh/regress/unittests/sshsig/testdata/signed-data1
-rw-r--r--crypto/openssh/regress/unittests/sshsig/tests.c139
-rw-r--r--crypto/openssh/regress/unittests/sshsig/webauthn.html766
-rw-r--r--crypto/openssh/regress/unittests/test_helper/test_helper.c60
-rw-r--r--crypto/openssh/regress/unittests/test_helper/test_helper.h8
-rw-r--r--crypto/openssh/regress/unittests/utf8/tests.c2
-rwxr-xr-xcrypto/openssh/regress/valgrind-unit.sh2
-rw-r--r--crypto/openssh/sandbox-darwin.c2
-rw-r--r--crypto/openssh/sandbox-pledge.c8
-rw-r--r--crypto/openssh/sandbox-rlimit.c18
-rw-r--r--crypto/openssh/sandbox-seccomp-filter.c76
-rw-r--r--crypto/openssh/sandbox-systrace.c7
-rw-r--r--crypto/openssh/scp.187
-rw-r--r--crypto/openssh/scp.c679
-rw-r--r--crypto/openssh/servconf.c1165
-rw-r--r--crypto/openssh/servconf.h63
-rw-r--r--crypto/openssh/serverloop.c566
-rw-r--r--crypto/openssh/session.c461
-rw-r--r--crypto/openssh/sftp-client.c1162
-rw-r--r--crypto/openssh/sftp-client.h64
-rw-r--r--crypto/openssh/sftp-common.c5
-rw-r--r--crypto/openssh/sftp-glob.c4
-rw-r--r--crypto/openssh/sftp-realpath.c (renamed from crypto/openssh/openbsd-compat/realpath.c)13
-rw-r--r--crypto/openssh/sftp-server-main.c5
-rw-r--r--crypto/openssh/sftp-server.832
-rw-r--r--crypto/openssh/sftp-server.c491
-rw-r--r--crypto/openssh/sftp.1126
-rw-r--r--crypto/openssh/sftp.c304
-rw-r--r--crypto/openssh/sk-api.h98
-rw-r--r--crypto/openssh/sk-usbhid.c1267
-rw-r--r--crypto/openssh/sntrup761.c1273
-rw-r--r--crypto/openssh/sntrup761.sh85
-rw-r--r--crypto/openssh/srclimit.c140
-rw-r--r--crypto/openssh/srclimit.h18
-rw-r--r--crypto/openssh/ssh-add.181
-rw-r--r--crypto/openssh/ssh-add.c315
-rw-r--r--crypto/openssh/ssh-agent.1178
-rw-r--r--crypto/openssh/ssh-agent.c697
-rw-r--r--crypto/openssh/ssh-dss.c8
-rw-r--r--crypto/openssh/ssh-ecdsa-sk.c324
-rw-r--r--crypto/openssh/ssh-ecdsa.c14
-rw-r--r--crypto/openssh/ssh-ed25519-sk.c163
-rw-r--r--crypto/openssh/ssh-ed25519.c23
-rw-r--r--crypto/openssh/ssh-gss.h4
-rw-r--r--crypto/openssh/ssh-keygen.1717
-rw-r--r--crypto/openssh/ssh-keygen.c2111
-rw-r--r--crypto/openssh/ssh-keyscan.16
-rw-r--r--crypto/openssh/ssh-keyscan.c105
-rw-r--r--crypto/openssh/ssh-keysign.86
-rw-r--r--crypto/openssh/ssh-keysign.c77
-rw-r--r--crypto/openssh/ssh-pkcs11-client.c212
-rw-r--r--crypto/openssh/ssh-pkcs11-helper.829
-rw-r--r--crypto/openssh/ssh-pkcs11-helper.c210
-rw-r--r--crypto/openssh/ssh-pkcs11.c1724
-rw-r--r--crypto/openssh/ssh-pkcs11.h20
-rw-r--r--crypto/openssh/ssh-sk-client.c448
-rw-r--r--crypto/openssh/ssh-sk-helper.866
-rw-r--r--crypto/openssh/ssh-sk-helper.c364
-rw-r--r--crypto/openssh/ssh-sk.c826
-rw-r--r--crypto/openssh/ssh-sk.h69
-rw-r--r--crypto/openssh/ssh-xmss.c27
-rw-r--r--crypto/openssh/ssh.1166
-rw-r--r--crypto/openssh/ssh.c925
-rw-r--r--crypto/openssh/ssh.h11
-rw-r--r--crypto/openssh/ssh2.h4
-rw-r--r--crypto/openssh/ssh_api.c234
-rw-r--r--crypto/openssh/ssh_config6
-rw-r--r--crypto/openssh/ssh_config.5651
-rw-r--r--crypto/openssh/ssh_namespace.h223
-rw-r--r--crypto/openssh/sshbuf-getput-basic.c171
-rw-r--r--crypto/openssh/sshbuf-getput-crypto.c76
-rw-r--r--crypto/openssh/sshbuf-io.c117
-rw-r--r--crypto/openssh/sshbuf-misc.c152
-rw-r--r--crypto/openssh/sshbuf.c22
-rw-r--r--crypto/openssh/sshbuf.h79
-rw-r--r--crypto/openssh/sshconnect.c882
-rw-r--r--crypto/openssh/sshconnect.h63
-rw-r--r--crypto/openssh/sshconnect2.c942
-rw-r--r--crypto/openssh/sshd.8115
-rw-r--r--crypto/openssh/sshd.c975
-rw-r--r--crypto/openssh/sshd_config12
-rw-r--r--crypto/openssh/sshd_config.5351
-rw-r--r--crypto/openssh/ssherr.c6
-rw-r--r--crypto/openssh/ssherr.h4
-rw-r--r--crypto/openssh/sshkey-xmss.c160
-rw-r--r--crypto/openssh/sshkey-xmss.h16
-rw-r--r--crypto/openssh/sshkey.c1498
-rw-r--r--crypto/openssh/sshkey.h103
-rw-r--r--crypto/openssh/sshlogin.c9
-rw-r--r--crypto/openssh/sshpty.c23
-rw-r--r--crypto/openssh/sshsig.c1098
-rw-r--r--crypto/openssh/sshsig.h107
-rw-r--r--crypto/openssh/ttymodes.c44
-rw-r--r--crypto/openssh/uidswap.c40
-rw-r--r--crypto/openssh/umac.c10
-rw-r--r--crypto/openssh/umac.h6
-rw-r--r--crypto/openssh/utf8.c27
-rw-r--r--crypto/openssh/utf8.h11
-rw-r--r--crypto/openssh/uuencode.c95
-rw-r--r--crypto/openssh/uuencode.h29
-rw-r--r--crypto/openssh/version.h6
-rw-r--r--crypto/openssh/xmalloc.c31
-rw-r--r--crypto/openssh/xmalloc.h8
-rw-r--r--crypto/openssh/xmss_commons.c2
-rw-r--r--crypto/openssh/xmss_fast.c2
-rw-r--r--crypto/openssh/xmss_hash.c2
-rw-r--r--crypto/openssh/xmss_hash_address.c2
-rw-r--r--crypto/openssh/xmss_wots.c2
-rw-r--r--lib/libpam/modules/pam_ssh/pam_ssh.c2
-rw-r--r--secure/lib/libssh/Makefile19
-rw-r--r--secure/usr.bin/scp/Makefile2
-rw-r--r--secure/usr.bin/ssh-add/Makefile2
-rw-r--r--secure/usr.bin/ssh-keygen/Makefile3
-rw-r--r--secure/usr.sbin/sshd/Makefile2
539 files changed, 53562 insertions, 25097 deletions
diff --git a/crypto/openssh/.depend b/crypto/openssh/.depend
index 2b29e3879da1..a94a82d0e6f7 100644
--- a/crypto/openssh/.depend
+++ b/crypto/openssh/.depend
@@ -1,175 +1,183 @@
-# DO NOT DELETE
+# Automatically generated by makedepend.
+# Run "make depend" to rebuild.
-addrmatch.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h match.h log.h
-atomicio.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h
-audit-bsm.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-audit-linux.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-audit.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-auth-bsdauth.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-auth-krb5.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h log.h sshbuf.h sshkey.h misc.h servconf.h uidswap.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
-auth-options.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssherr.h log.h sshbuf.h misc.h sshkey.h match.h ssh2.h auth-options.h
-auth-pam.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-auth-passwd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h sshbuf.h ssherr.h log.h misc.h servconf.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h
-auth-rhosts.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h uidswap.h pathnames.h log.h misc.h sshbuf.h sshkey.h servconf.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
-auth-shadow.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-auth-sia.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-auth-skey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-auth.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h groupaccess.h log.h sshbuf.h misc.h servconf.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h canohost.h uidswap.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h
-auth.o: authfile.h monitor_wrap.h ssherr.h compat.h channels.h
-auth2-chall.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh2.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h ssherr.h log.h misc.h servconf.h
-auth2-gss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-auth2-hostbased.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h sshbuf.h log.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h canohost.h monitor_wrap.h
-auth2-hostbased.o: pathnames.h ssherr.h match.h
-auth2-kbdint.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h hostfile.h auth.h auth-pam.h audit.h loginrec.h log.h misc.h servconf.h ssherr.h
-auth2-none.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h xmalloc.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h log.h misc.h servconf.h compat.h ssh2.h ssherr.h monitor_wrap.h
-auth2-passwd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h ssherr.h log.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h monitor_wrap.h misc.h servconf.h
-auth2-pubkey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h sshbuf.h log.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h pathnames.h uidswap.h
-auth2-pubkey.o: auth-options.h canohost.h monitor_wrap.h authfile.h match.h ssherr.h channels.h session.h
-auth2.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h xmalloc.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h log.h sshbuf.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h pathnames.h ssherr.h
-auth2.o: monitor_wrap.h digest.h
-authfd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h sshbuf.h sshkey.h authfd.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h compat.h log.h atomicio.h misc.h ssherr.h
-authfile.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h ssh.h log.h authfile.h misc.h atomicio.h sshkey.h sshbuf.h ssherr.h krl.h
-bitmap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h bitmap.h
-canohost.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h log.h canohost.h misc.h
-chacha.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h chacha.h
-channels.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h ssherr.h sshbuf.h packet.h dispatch.h opacket.h log.h misc.h channels.h compat.h canohost.h sshkey.h authfd.h pathnames.h match.h
-cipher-aes.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/openssl-compat.h
-cipher-aesctr.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h cipher-aesctr.h rijndael.h
-cipher-chachapoly.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h sshbuf.h ssherr.h cipher-chachapoly.h chacha.h poly1305.h
-cipher-ctr.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-cipher.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h misc.h sshbuf.h ssherr.h digest.h openbsd-compat/openssl-compat.h
-cleanup.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h
-clientloop.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h packet.h dispatch.h opacket.h sshbuf.h compat.h channels.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h
-clientloop.o: myproposal.h log.h misc.h readconf.h clientloop.h sshconnect.h authfd.h atomicio.h sshpty.h match.h msg.h ssherr.h hostfile.h
-compat.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h compat.h log.h match.h kex.h mac.h
-crc32.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crc32.h
-dh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-digest-libc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h digest.h
-digest-openssl.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-dispatch.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh2.h log.h dispatch.h packet.h openbsd-compat/sys-queue.h opacket.h compat.h ssherr.h
-dns.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h ssherr.h dns.h log.h digest.h
-ed25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h ge25519.h fe25519.h sc25519.h
-entropy.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-fatal.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h
-fe25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h fe25519.h crypto_api.h
-ge25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h fe25519.h crypto_api.h sc25519.h ge25519.h ge25519_base.data
-groupaccess.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h groupaccess.h match.h log.h
-gss-genr.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-gss-serv-krb5.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-gss-serv.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-hash.o: crypto_api.h includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h digest.h log.h ssherr.h
-hmac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshbuf.h digest.h hmac.h
-hostfile.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h sshkey.h hostfile.h log.h misc.h ssherr.h digest.h hmac.h
-kex.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h log.h match.h misc.h monitor.h ssherr.h sshbuf.h
-kex.o: digest.h
-kexc25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshbuf.h ssh2.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h log.h digest.h ssherr.h
-kexc25519c.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h log.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h ssh2.h sshbuf.h digest.h ssherr.h
-kexc25519s.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h kex.h mac.h log.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h ssh2.h sshbuf.h ssherr.h
-kexdh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-kexdhc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-kexdhs.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-kexecdh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-kexecdhc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-kexecdhs.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-kexgex.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-kexgexc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-kexgexs.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-krl.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h sshbuf.h ssherr.h sshkey.h authfile.h misc.h log.h digest.h bitmap.h krl.h
-log.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h
-loginrec.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h hostfile.h ssh.h loginrec.h log.h atomicio.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h canohost.h auth.h auth-pam.h audit.h sshbuf.h ssherr.h
-logintest.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h loginrec.h
-mac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h digest.h hmac.h umac.h mac.h misc.h ssherr.h sshbuf.h openbsd-compat/openssl-compat.h
-match.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h misc.h
-md5crypt.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h misc.h log.h ssh.h sshbuf.h ssherr.h
-moduli.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-monitor.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h openbsd-compat/openssl-compat.h atomicio.h xmalloc.h ssh.h sshkey.h sshbuf.h hostfile.h auth.h auth-pam.h audit.h loginrec.h cipher.h cipher-chachapoly.h
-monitor.o: chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h dh.h packet.h dispatch.h opacket.h auth-options.h sshpty.h channels.h session.h sshlogin.h canohost.h log.h misc.h servconf.h monitor.h monitor_wrap.h monitor_fdpass.h compat.h ssh2.h authfd.h match.h ssherr.h
-monitor_fdpass.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h monitor_fdpass.h
-monitor_wrap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
-monitor_wrap.o: auth-options.h packet.h dispatch.h opacket.h log.h monitor.h monitor_wrap.h atomicio.h monitor_fdpass.h misc.h channels.h session.h servconf.h ssherr.h
-msg.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshbuf.h ssherr.h log.h atomicio.h msg.h misc.h
-mux.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h log.h ssh.h ssh2.h pathnames.h misc.h match.h sshbuf.h channels.h msg.h packet.h dispatch.h opacket.h monitor_fdpass.h sshpty.h sshkey.h readconf.h clientloop.h ssherr.h
-nchan.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h ssh2.h sshbuf.h ssherr.h packet.h dispatch.h opacket.h channels.h compat.h log.h
-opacket.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h log.h
-packet.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h crc32.h compat.h ssh2.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h digest.h log.h canohost.h misc.h channels.h ssh.h
-packet.o: packet.h dispatch.h opacket.h ssherr.h sshbuf.h
-platform-misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-platform-pledge.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-platform-tracing.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h
-platform.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h misc.h servconf.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
-poly1305.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h poly1305.h
-progressmeter.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h progressmeter.h atomicio.h misc.h
-readconf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/glob.h xmalloc.h ssh.h ssherr.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h pathnames.h log.h sshkey.h misc.h readconf.h match.h kex.h mac.h uidswap.h
-readconf.o: myproposal.h digest.h
-readpass.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h misc.h pathnames.h log.h ssh.h uidswap.h
-rijndael.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h rijndael.h
-sandbox-capsicum.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-sandbox-darwin.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-sandbox-null.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-sandbox-pledge.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-sandbox-rlimit.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-sandbox-seccomp-filter.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-sandbox-solaris.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-sandbox-systrace.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-sc25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sc25519.h crypto_api.h
-scp.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h atomicio.h pathnames.h log.h misc.h progressmeter.h utf8.h
-servconf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h log.h sshbuf.h misc.h servconf.h compat.h pathnames.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h match.h channels.h
-servconf.o: groupaccess.h canohost.h packet.h dispatch.h opacket.h ssherr.h hostfile.h auth.h auth-pam.h audit.h loginrec.h myproposal.h digest.h
-serverloop.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h packet.h dispatch.h opacket.h sshbuf.h log.h misc.h servconf.h canohost.h sshpty.h channels.h compat.h ssh2.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h
-serverloop.o: cipher-aesctr.h rijndael.h kex.h mac.h hostfile.h auth.h auth-pam.h audit.h loginrec.h session.h auth-options.h serverloop.h ssherr.h
-session.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshpty.h packet.h dispatch.h opacket.h sshbuf.h ssherr.h match.h uidswap.h compat.h channels.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h
-session.o: cipher-aesctr.h rijndael.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h authfd.h pathnames.h log.h misc.h servconf.h sshlogin.h serverloop.h canohost.h session.h kex.h mac.h monitor_wrap.h sftp.h atomicio.h
-sftp-client.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssherr.h sshbuf.h log.h atomicio.h progressmeter.h misc.h utf8.h sftp.h sftp-common.h sftp-client.h openbsd-compat/glob.h
-sftp-common.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssherr.h sshbuf.h log.h misc.h sftp.h sftp-common.h
-sftp-glob.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sftp.h sftp-common.h sftp-client.h openbsd-compat/glob.h
-sftp-server-main.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h sftp.h misc.h xmalloc.h
-sftp-server.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshbuf.h ssherr.h log.h misc.h match.h uidswap.h sftp.h sftp-common.h
-sftp.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h pathnames.h misc.h utf8.h sftp.h ssherr.h sshbuf.h sftp-common.h sftp-client.h openbsd-compat/glob.h
-ssh-add.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/openssl-compat.h xmalloc.h ssh.h log.h sshkey.h sshbuf.h authfd.h authfile.h pathnames.h misc.h ssherr.h digest.h
-ssh-agent.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h authfd.h compat.h log.h misc.h digest.h ssherr.h match.h
-ssh-dss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-ssh-ecdsa.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-ssh-ed25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h log.h sshbuf.h sshkey.h ssherr.h ssh.h
-ssh-keygen.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h authfile.h uuencode.h sshbuf.h pathnames.h log.h misc.h match.h hostfile.h dns.h ssh.h ssh2.h ssherr.h ssh-pkcs11.h atomicio.h krl.h digest.h utf8.h authfd.h
-ssh-keyscan.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h compat.h myproposal.h packet.h dispatch.h opacket.h log.h
-ssh-keyscan.o: atomicio.h misc.h hostfile.h ssherr.h ssh_api.h ssh2.h dns.h
-ssh-keysign.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h sshkey.h ssh.h ssh2.h misc.h sshbuf.h authfile.h msg.h canohost.h pathnames.h readconf.h uidswap.h ssherr.h
-ssh-pkcs11-client.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-ssh-pkcs11-helper.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h sshbuf.h log.h misc.h sshkey.h authfd.h ssh-pkcs11.h ssherr.h
-ssh-pkcs11.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-ssh-rsa.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-ssh-xmss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-ssh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/openssl-compat.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h canohost.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h packet.h dispatch.h opacket.h
-ssh.o: sshbuf.h channels.h sshkey.h authfd.h authfile.h pathnames.h clientloop.h log.h misc.h readconf.h sshconnect.h kex.h mac.h sshpty.h match.h msg.h version.h ssherr.h myproposal.h utf8.h
-ssh_api.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh_api.h openbsd-compat/sys-queue.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h ssh.h ssh2.h packet.h dispatch.h opacket.h compat.h log.h authfile.h misc.h
-ssh_api.o: version.h myproposal.h ssherr.h sshbuf.h
-sshbuf-getput-basic.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h
-sshbuf-getput-crypto.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h
-sshbuf-misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h
-sshbuf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h misc.h
-sshconnect.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h hostfile.h ssh.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h compat.h sshkey.h sshconnect.h log.h misc.h readconf.h atomicio.h dns.h monitor_fdpass.h ssh2.h version.h authfile.h
-sshconnect.o: ssherr.h authfd.h
-sshconnect2.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshbuf.h packet.h dispatch.h opacket.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h myproposal.h
-sshconnect2.o: sshconnect.h authfile.h dh.h authfd.h log.h misc.h readconf.h match.h canohost.h msg.h pathnames.h uidswap.h hostfile.h ssherr.h utf8.h
-sshd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshpty.h packet.h dispatch.h opacket.h log.h sshbuf.h misc.h match.h servconf.h uidswap.h compat.h cipher.h cipher-chachapoly.h chacha.h
-sshd.o: poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h kex.h mac.h myproposal.h authfile.h pathnames.h atomicio.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h authfd.h msg.h channels.h session.h monitor.h monitor_wrap.h ssh-sandbox.h auth-options.h version.h ssherr.h
+# DO NOT DELETE
+addr.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h addr.h
+addrmatch.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h addr.h match.h log.h ssherr.h
+atomicio.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h
+audit-bsm.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+audit-linux.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+audit.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+auth-bsdauth.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+auth-krb5.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h ssherr.h sshbuf.h sshkey.h misc.h servconf.h uidswap.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
+auth-options.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssherr.h log.h sshbuf.h misc.h sshkey.h match.h ssh2.h auth-options.h
+auth-pam.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+auth-passwd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h sshbuf.h ssherr.h log.h misc.h servconf.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h
+auth-rhosts.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h uidswap.h pathnames.h log.h ssherr.h misc.h sshbuf.h sshkey.h servconf.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
+auth-shadow.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+auth-sia.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+auth.o: authfile.h monitor_wrap.h compat.h channels.h
+auth.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h groupaccess.h log.h ssherr.h sshbuf.h misc.h servconf.h openbsd-compat/sys-queue.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h canohost.h uidswap.h packet.h dispatch.h
+auth2-chall.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh2.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h ssherr.h log.h misc.h servconf.h
+auth2-gss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+auth2-hostbased.o: canohost.h monitor_wrap.h pathnames.h match.h
+auth2-hostbased.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h kex.h mac.h crypto_api.h sshbuf.h log.h ssherr.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
+auth2-kbdint.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h hostfile.h auth.h auth-pam.h audit.h loginrec.h log.h ssherr.h misc.h servconf.h
+auth2-none.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h xmalloc.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h ssherr.h misc.h servconf.h compat.h ssh2.h monitor_wrap.h
+auth2-passwd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h ssherr.h log.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h monitor_wrap.h misc.h servconf.h
+auth2-pubkey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h kex.h mac.h crypto_api.h sshbuf.h log.h ssherr.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
+auth2-pubkey.o: pathnames.h uidswap.h auth-options.h canohost.h monitor_wrap.h authfile.h match.h channels.h session.h sk-api.h
+auth2.o: digest.h
+auth2.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h xmalloc.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h ssherr.h sshbuf.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h pathnames.h monitor_wrap.h
+authfd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h sshbuf.h sshkey.h authfd.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h compat.h log.h ssherr.h atomicio.h misc.h
+authfile.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h ssh.h log.h ssherr.h authfile.h misc.h atomicio.h sshkey.h sshbuf.h krl.h
+bitmap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h bitmap.h
+canohost.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h ssherr.h canohost.h misc.h
+chacha.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h chacha.h
+channels.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h ssherr.h sshbuf.h packet.h dispatch.h log.h misc.h channels.h compat.h canohost.h sshkey.h authfd.h pathnames.h match.h
+cipher-aes.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/openssl-compat.h
+cipher-aesctr.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h cipher-aesctr.h rijndael.h
+cipher-chachapoly-libcrypto.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+cipher-chachapoly.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h sshbuf.h cipher-chachapoly.h chacha.h poly1305.h
+cipher-ctr.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+cipher.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h misc.h sshbuf.h ssherr.h digest.h openbsd-compat/openssl-compat.h
+cleanup.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h
+clientloop.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h packet.h dispatch.h sshbuf.h compat.h channels.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h
+clientloop.o: myproposal.h log.h ssherr.h misc.h readconf.h clientloop.h sshconnect.h authfd.h atomicio.h sshpty.h match.h msg.h hostfile.h
+compat.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h compat.h log.h ssherr.h match.h kex.h mac.h crypto_api.h
+dh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+digest-libc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h digest.h
+digest-openssl.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+dispatch.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh2.h log.h ssherr.h dispatch.h packet.h openbsd-compat/sys-queue.h compat.h
+dns.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h ssherr.h dns.h log.h digest.h
+ed25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h ge25519.h fe25519.h sc25519.h
+entropy.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+fatal.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h
+fe25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h fe25519.h crypto_api.h
+ge25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h fe25519.h crypto_api.h sc25519.h ge25519.h ge25519_base.data
+groupaccess.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h groupaccess.h match.h log.h ssherr.h
+gss-genr.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+gss-serv-krb5.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+gss-serv.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+hash.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h
+hmac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshbuf.h digest.h hmac.h
+hostfile.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h sshkey.h hostfile.h log.h ssherr.h misc.h pathnames.h digest.h hmac.h sshbuf.h
+kex.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh.h ssh2.h atomicio.h version.h packet.h openbsd-compat/sys-queue.h dispatch.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h log.h ssherr.h
+kex.o: match.h misc.h monitor.h sshbuf.h digest.h
+kexc25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h kex.h mac.h crypto_api.h sshbuf.h digest.h ssherr.h ssh2.h
+kexdh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+kexecdh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h
+kexgen.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h kex.h mac.h crypto_api.h log.h ssherr.h packet.h openbsd-compat/sys-queue.h dispatch.h ssh2.h sshbuf.h digest.h
+kexgex.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+kexgexc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+kexgexs.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+kexsntrup761x25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h
+krl.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h sshbuf.h ssherr.h sshkey.h authfile.h misc.h log.h digest.h bitmap.h utf8.h krl.h
+log.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h match.h
+loginrec.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h hostfile.h ssh.h loginrec.h log.h ssherr.h atomicio.h packet.h openbsd-compat/sys-queue.h dispatch.h canohost.h auth.h auth-pam.h audit.h sshbuf.h
+logintest.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h loginrec.h
+mac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h digest.h hmac.h umac.h mac.h misc.h ssherr.h sshbuf.h openbsd-compat/openssl-compat.h
+match.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h misc.h
+md5crypt.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h misc.h log.h ssherr.h ssh.h sshbuf.h
+moduli.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+monitor.o: chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h dh.h packet.h dispatch.h auth-options.h sshpty.h channels.h session.h sshlogin.h canohost.h log.h ssherr.h misc.h servconf.h monitor.h monitor_wrap.h monitor_fdpass.h compat.h ssh2.h authfd.h match.h sk-api.h
+monitor.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h openbsd-compat/openssl-compat.h atomicio.h xmalloc.h ssh.h sshkey.h sshbuf.h hostfile.h auth.h auth-pam.h audit.h loginrec.h cipher.h cipher-chachapoly.h
+monitor_fdpass.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h monitor_fdpass.h
+monitor_wrap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h hostfile.h auth.h auth-pam.h audit.h
+monitor_wrap.o: loginrec.h auth-options.h packet.h dispatch.h log.h ssherr.h monitor.h monitor_wrap.h atomicio.h monitor_fdpass.h misc.h channels.h session.h servconf.h
+msg.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshbuf.h ssherr.h log.h atomicio.h msg.h misc.h
+mux.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h log.h ssherr.h ssh.h ssh2.h pathnames.h misc.h match.h sshbuf.h channels.h msg.h packet.h dispatch.h monitor_fdpass.h sshpty.h sshkey.h readconf.h clientloop.h
+nchan.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h ssh2.h sshbuf.h ssherr.h packet.h dispatch.h channels.h compat.h log.h
+packet.o: channels.h ssh.h packet.h dispatch.h sshbuf.h
+packet.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h compat.h ssh2.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h digest.h log.h ssherr.h canohost.h misc.h
+platform-misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+platform-pledge.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+platform-tracing.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h
+platform.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h misc.h servconf.h openbsd-compat/sys-queue.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
+poly1305.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h poly1305.h
+progressmeter.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h progressmeter.h atomicio.h misc.h utf8.h
+readconf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/glob.h xmalloc.h ssh.h ssherr.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h pathnames.h log.h sshkey.h misc.h readconf.h match.h kex.h mac.h crypto_api.h
+readconf.o: uidswap.h myproposal.h digest.h
+readpass.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h misc.h pathnames.h log.h ssherr.h ssh.h uidswap.h
+rijndael.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h rijndael.h
+sandbox-capsicum.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+sandbox-darwin.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+sandbox-null.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+sandbox-pledge.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+sandbox-rlimit.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+sandbox-seccomp-filter.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+sandbox-solaris.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+sandbox-systrace.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+sc25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sc25519.h crypto_api.h
+scp.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/glob.h xmalloc.h ssh.h atomicio.h pathnames.h log.h ssherr.h misc.h progressmeter.h utf8.h sftp-common.h sftp-client.h
+servconf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/glob.h openbsd-compat/sys-queue.h xmalloc.h ssh.h log.h ssherr.h sshbuf.h misc.h servconf.h compat.h pathnames.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h
+servconf.o: kex.h mac.h crypto_api.h match.h channels.h groupaccess.h canohost.h packet.h dispatch.h hostfile.h auth.h auth-pam.h audit.h loginrec.h myproposal.h digest.h
+serverloop.o: cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h hostfile.h auth.h auth-pam.h audit.h loginrec.h session.h auth-options.h serverloop.h
+serverloop.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h packet.h dispatch.h sshbuf.h log.h ssherr.h misc.h servconf.h canohost.h sshpty.h channels.h compat.h ssh2.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h
+session.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshpty.h packet.h dispatch.h sshbuf.h ssherr.h match.h uidswap.h compat.h channels.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h
+session.o: rijndael.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h authfd.h pathnames.h log.h misc.h servconf.h sshlogin.h serverloop.h canohost.h session.h kex.h mac.h crypto_api.h monitor_wrap.h sftp.h atomicio.h
+sftp-client.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssherr.h sshbuf.h log.h atomicio.h progressmeter.h misc.h utf8.h sftp.h sftp-common.h sftp-client.h openbsd-compat/glob.h
+sftp-common.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssherr.h sshbuf.h log.h misc.h sftp.h sftp-common.h
+sftp-glob.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sftp.h sftp-common.h sftp-client.h openbsd-compat/glob.h
+sftp-realpath.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+sftp-server-main.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h sftp.h misc.h xmalloc.h
+sftp-server.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshbuf.h ssherr.h log.h misc.h match.h uidswap.h sftp.h sftp-common.h
+sftp.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h ssherr.h pathnames.h misc.h utf8.h sftp.h sshbuf.h sftp-common.h sftp-client.h openbsd-compat/glob.h
+sk-usbhid.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+sntrup761.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+srclimit.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h addr.h canohost.h log.h ssherr.h misc.h srclimit.h xmalloc.h
+ssh-add.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h log.h ssherr.h sshkey.h sshbuf.h authfd.h authfile.h pathnames.h misc.h digest.h ssh-sk.h sk-api.h
+ssh-agent.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshbuf.h sshkey.h authfd.h compat.h log.h ssherr.h misc.h digest.h match.h msg.h pathnames.h ssh-pkcs11.h sk-api.h
+ssh-dss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+ssh-ecdsa-sk.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/openssl-compat.h sshbuf.h ssherr.h digest.h sshkey.h
+ssh-ecdsa.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+ssh-ed25519-sk.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h log.h ssherr.h sshbuf.h sshkey.h ssh.h digest.h
+ssh-ed25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h log.h ssherr.h sshbuf.h sshkey.h ssh.h
+ssh-keygen.o: cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h
+ssh-keygen.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h authfile.h sshbuf.h pathnames.h log.h ssherr.h misc.h match.h hostfile.h dns.h ssh.h ssh2.h ssh-pkcs11.h atomicio.h krl.h digest.h utf8.h authfd.h sshsig.h ssh-sk.h sk-api.h cipher.h
+ssh-keyscan.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h compat.h myproposal.h packet.h dispatch.h log.h
+ssh-keyscan.o: ssherr.h atomicio.h misc.h hostfile.h ssh_api.h ssh2.h dns.h
+ssh-keysign.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h ssherr.h sshkey.h ssh.h ssh2.h misc.h sshbuf.h authfile.h msg.h canohost.h pathnames.h readconf.h uidswap.h
+ssh-pkcs11-client.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+ssh-pkcs11-helper.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h sshbuf.h log.h ssherr.h misc.h sshkey.h authfd.h ssh-pkcs11.h
+ssh-pkcs11.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h sshkey.h
+ssh-rsa.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+ssh-sk-client.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h sshbuf.h sshkey.h msg.h digest.h pathnames.h ssh-sk.h misc.h
+ssh-sk-helper.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h ssherr.h sshkey.h authfd.h misc.h sshbuf.h msg.h uidswap.h ssh-sk.h
+ssh-sk.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+ssh-xmss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+ssh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/openssl-compat.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h canohost.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h packet.h dispatch.h sshbuf.h channels.h
+ssh.o: sshkey.h authfd.h authfile.h pathnames.h clientloop.h log.h ssherr.h misc.h readconf.h sshconnect.h kex.h mac.h crypto_api.h sshpty.h match.h msg.h version.h myproposal.h utf8.h
+ssh_api.o: authfile.h misc.h version.h myproposal.h sshbuf.h openbsd-compat/openssl-compat.h
+ssh_api.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh_api.h openbsd-compat/sys-queue.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h ssh.h ssh2.h packet.h dispatch.h compat.h log.h ssherr.h
+sshbuf-getput-basic.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h
+sshbuf-getput-crypto.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+sshbuf-io.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h atomicio.h
+sshbuf-misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h
+sshbuf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h misc.h
+sshconnect.o: authfd.h kex.h mac.h crypto_api.h
+sshconnect.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h hostfile.h ssh.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h compat.h sshkey.h sshconnect.h log.h ssherr.h misc.h readconf.h atomicio.h dns.h monitor_fdpass.h ssh2.h version.h authfile.h
+sshconnect2.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshbuf.h packet.h dispatch.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h
+sshconnect2.o: myproposal.h sshconnect.h authfile.h dh.h authfd.h log.h ssherr.h misc.h readconf.h match.h canohost.h msg.h pathnames.h uidswap.h hostfile.h utf8.h ssh-sk.h sk-api.h
+sshd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshpty.h packet.h dispatch.h log.h ssherr.h sshbuf.h misc.h match.h servconf.h uidswap.h compat.h cipher.h cipher-chachapoly.h chacha.h
+sshd.o: poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h kex.h mac.h crypto_api.h myproposal.h authfile.h pathnames.h atomicio.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h authfd.h msg.h channels.h session.h monitor.h monitor_wrap.h ssh-sandbox.h auth-options.h version.h sk-api.h srclimit.h dh.h
ssherr.o: ssherr.h
-sshkey-xmss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-sshkey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h ssh2.h ssherr.h misc.h sshbuf.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h sshkey-xmss.h match.h xmss_fast.h openbsd-compat/openssl-compat.h
-sshlogin.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshlogin.h ssherr.h loginrec.h log.h sshbuf.h misc.h servconf.h
-sshpty.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshpty.h log.h misc.h
-sshtty.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshpty.h
-ttymodes.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h log.h compat.h sshbuf.h ssherr.h ttymodes.h
-uidswap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h uidswap.h xmalloc.h
-umac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h umac.h misc.h rijndael.h
-umac128.o: umac.c includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h umac.h misc.h rijndael.h
-utf8.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h utf8.h
-uuencode.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h uuencode.h
-verify.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h
-xmalloc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h
-xmss_commons.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-xmss_fast.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-xmss_hash.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-xmss_hash_address.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-xmss_wots.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+sshkey-xmss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+sshkey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h ssh2.h ssherr.h misc.h sshbuf.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h match.h ssh-sk.h openbsd-compat/openssl-compat.h
+sshlogin.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshlogin.h ssherr.h loginrec.h log.h sshbuf.h misc.h servconf.h openbsd-compat/sys-queue.h
+sshpty.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshpty.h log.h ssherr.h misc.h
+sshsig.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h authfd.h authfile.h log.h ssherr.h misc.h sshbuf.h sshsig.h sshkey.h match.h digest.h
+sshtty.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshpty.h
+ttymodes.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h ssherr.h compat.h sshbuf.h ttymodes.h
+uidswap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h uidswap.h xmalloc.h
+umac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h umac.h misc.h rijndael.h
+umac128.o: umac.c includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h umac.h misc.h rijndael.h
+utf8.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h utf8.h
+verify.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h
+xmalloc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h ssherr.h
+xmss_commons.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+xmss_fast.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+xmss_hash.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+xmss_hash_address.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+xmss_wots.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
diff --git a/crypto/openssh/.github/ci-status.md b/crypto/openssh/.github/ci-status.md
new file mode 100644
index 000000000000..0ad8bf5aaf44
--- /dev/null
+++ b/crypto/openssh/.github/ci-status.md
@@ -0,0 +1,4 @@
+[![C/C++ CI](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg)](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml)
+[![C/C++ CI self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml/badge.svg)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml)
+[![Upstream self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/upstream.yml/badge.svg)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/upstream.yml)
+[![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/openssh.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:openssh)
diff --git a/crypto/openssh/.github/configs b/crypto/openssh/.github/configs
new file mode 100755
index 000000000000..12578c067348
--- /dev/null
+++ b/crypto/openssh/.github/configs
@@ -0,0 +1,170 @@
+#!/bin/sh
+#
+# usage: configs vmname test_config (or '' for default)
+#
+# Sets the following variables:
+# CONFIGFLAGS options to ./configure
+# SSHD_CONFOPTS sshd_config options
+# TEST_TARGET make target used when testing. defaults to "tests".
+# LTESTS
+
+config=$1
+
+TEST_TARGET="tests"
+LTESTS=""
+SKIP_LTESTS=""
+SUDO=sudo # run with sudo by default
+TEST_SSH_UNSAFE_PERMISSIONS=1
+
+CONFIGFLAGS=""
+LIBCRYPTOFLAGS=""
+
+case "$config" in
+ default|sol64)
+ ;;
+ c89)
+ CC="gcc"
+ CFLAGS="-Wall -std=c89 -pedantic -Werror=vla"
+ CONFIGFLAGS="--without-openssl --without-zlib"
+ TEST_TARGET=t-exec
+ ;;
+ kitchensink)
+ CONFIGFLAGS="--with-kerberos5 --with-libedit --with-pam"
+ CONFIGFLAGS="${CONFIGFLAGS} --with-security-key-builtin --with-selinux"
+ CONFIGFLAGS="${CONFIGFLAGS} --with-cflags=-DSK_DEBUG"
+ ;;
+ hardenedmalloc)
+ CONFIGFLAGS="--with-ldflags=-lhardened_malloc"
+ ;;
+ kerberos5)
+ CONFIGFLAGS="--with-kerberos5"
+ ;;
+ libedit)
+ CONFIGFLAGS="--with-libedit"
+ ;;
+ pam-krb5)
+ CONFIGFLAGS="--with-pam --with-kerberos5"
+ SSHD_CONFOPTS="UsePam yes"
+ ;;
+ *pam)
+ CONFIGFLAGS="--with-pam"
+ SSHD_CONFOPTS="UsePam yes"
+ ;;
+ libressl-*)
+ LIBCRYPTOFLAGS="--with-ssl-dir=/opt/libressl --with-rpath=-Wl,-rpath,"
+ ;;
+ openssl-*)
+ LIBCRYPTOFLAGS="--with-ssl-dir=/opt/openssl --with-rpath=-Wl,-rpath,"
+ ;;
+ selinux)
+ CONFIGFLAGS="--with-selinux"
+ ;;
+ sk)
+ CONFIGFLAGS="--with-security-key-builtin"
+ ;;
+ without-openssl)
+ LIBCRYPTOFLAGS="--without-openssl"
+ TEST_TARGET=t-exec
+ ;;
+ valgrind-[1-4]|valgrind-unit)
+ # rlimit sandbox and FORTIFY_SOURCE confuse Valgrind.
+ CONFIGFLAGS="--without-sandbox --without-hardening"
+ CONFIGFLAGS="$CONFIGFLAGS --with-cppflags=-D_FORTIFY_SOURCE=0"
+ TEST_TARGET="t-exec USE_VALGRIND=1"
+ TEST_SSH_ELAPSED_TIMES=1
+ export TEST_SSH_ELAPSED_TIMES
+ # Valgrind slows things down enough that the agent timeout test
+ # won't reliably pass, and the unit tests run longer than allowed
+ # by github so split into three separate tests.
+ tests2="rekey integrity"
+ tests3="krl forward-control sshsig"
+ tests4="cert-userkey cert-hostkey kextype sftp-perm keygen-comment"
+ case "$config" in
+ valgrind-1)
+ # All tests except agent-timeout (which is flaky under valgrind)
+ #) and slow ones that run separately to increase parallelism.
+ SKIP_LTESTS="agent-timeout ${tests2} ${tests3} ${tests4}"
+ ;;
+ valgrind-2)
+ LTESTS="${tests2}"
+ ;;
+ valgrind-3)
+ LTESTS="${tests3}"
+ ;;
+ valgrind-4)
+ LTESTS="${tests4}"
+ ;;
+ valgrind-unit)
+ TEST_TARGET="unit USE_VALGRIND=1"
+ ;;
+ esac
+ ;;
+ *)
+ echo "Unknown configuration $config"
+ exit 1
+ ;;
+esac
+
+# The Solaris 64bit targets are special since they need a non-flag arg.
+case "$config" in
+ sol64*)
+ CONFIGFLAGS="x86_64 --with-cflags=-m64 --with-ldflags=-m64 ${CONFIGFLAGS}"
+ LIBCRYPTOFLAGS="--with-ssl-dir=/usr/local/ssl64"
+ ;;
+esac
+
+case "${TARGET_HOST}" in
+ dfly58*|dfly60*)
+ # scp 3-way connection hangs on these so skip until sorted.
+ SKIP_LTESTS=scp3
+ ;;
+ hurd)
+ SKIP_LTESTS="forwarding multiplex proxy-connect hostkey-agent agent-ptrace"
+ ;;
+ minix3)
+ CC="clang"
+ LIBCRYPTOFLAGS="--without-openssl"
+ # Minix does not have a loopback interface so we have to skip any
+ # test that relies on it.
+ TEST_TARGET=t-exec
+ SKIP_LTESTS="addrmatch cfgparse key-options reexec agent connect"
+ SKIP_LTESTS="$SKIP_LTESTS keyscan rekey allow-deny-users connect-uri"
+ SKIP_LTESTS="$SKIP_LTESTS knownhosts-command sftp-uri brokenkeys"
+ SKIP_LTESTS="$SKIP_LTESTS exit-status login-timeout stderr-data"
+ SKIP_LTESTS="$SKIP_LTESTS cfgmatch forward-control multiplex transfer"
+ SKIP_LTESTS="$SKIP_LTESTS cfgmatchlisten forwarding reconfigure"
+ SUDO=""
+ ;;
+ nbsd4)
+ # System compiler will ICE on some files with fstack-protector
+ CONFIGFLAGS="${CONFIGFLAGS} --without-hardening"
+ ;;
+ sol10|sol11)
+ # sol10 VM is 32bit and the unit tests are slow.
+ # sol11 has 4 test configs so skip unit tests to speed up.
+ TEST_TARGET="tests SKIP_UNIT=1"
+ ;;
+ win10)
+ # No sudo on Windows.
+ SUDO=""
+ ;;
+esac
+
+# If we have a local openssl/libressl, use that.
+if [ -z "${LIBCRYPTOFLAGS}" ]; then
+ # last-match
+ for i in /usr/local /usr/local/ssl /usr/local/opt/openssl; do
+ if [ -x ${i}/bin/openssl ]; then
+ LIBCRYPTOFLAGS="--with-ssl-dir=${i}"
+ fi
+ done
+fi
+
+CONFIGFLAGS="${CONFIGFLAGS} ${LIBCRYPTOFLAGS}"
+
+if [ -x "$(which plink 2>/dev/null)" ]; then
+ REGRESS_INTEROP_PUTTY=yes
+ export REGRESS_INTEROP_PUTTY
+fi
+
+export CC CFLAGS LTESTS SUDO TEST_TARGET TEST_SSH_UNSAFE_PERMISSIONS
diff --git a/crypto/openssh/.github/configure.sh b/crypto/openssh/.github/configure.sh
new file mode 100755
index 000000000000..e098730f02d6
--- /dev/null
+++ b/crypto/openssh/.github/configure.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+. .github/configs $1
+
+set -x
+./configure ${CONFIGFLAGS}
diff --git a/crypto/openssh/.github/run_test.sh b/crypto/openssh/.github/run_test.sh
new file mode 100755
index 000000000000..adf2568ad1e2
--- /dev/null
+++ b/crypto/openssh/.github/run_test.sh
@@ -0,0 +1,34 @@
+#!/bin/sh
+
+. .github/configs $1
+
+[ -z "${SUDO}" ] || ${SUDO} mkdir -p /var/empty
+
+set -ex
+
+output_failed_logs() {
+ for i in regress/failed*; do
+ if [ -f "$i" ]; then
+ echo -------------------------------------------------------------------------
+ echo LOGFILE $i
+ cat $i
+ echo -------------------------------------------------------------------------
+ fi
+ done
+}
+trap output_failed_logs 0
+
+if [ -z "${LTESTS}" ]; then
+ make ${TEST_TARGET} SKIP_LTESTS="${SKIP_LTESTS}"
+else
+ make ${TEST_TARGET} SKIP_LTESTS="${SKIP_LTESTS}" LTESTS="${LTESTS}"
+fi
+
+if [ ! -z "${SSHD_CONFOPTS}" ]; then
+ echo "rerunning t-exec with TEST_SSH_SSHD_CONFOPTS='${SSHD_CONFOPTS}'"
+ if [ -z "${LTESTS}" ]; then
+ make t-exec SKIP_LTESTS="${SKIP_LTESTS}" TEST_SSH_SSHD_CONFOPTS="${SSHD_CONFOPTS}"
+ else
+ make t-exec SKIP_LTESTS="${SKIP_LTESTS}" LTESTS="${LTESTS}" TEST_SSH_SSHD_CONFOPTS="${SSHD_CONFOPTS}"
+ fi
+fi
diff --git a/crypto/openssh/.github/setup_ci.sh b/crypto/openssh/.github/setup_ci.sh
new file mode 100755
index 000000000000..70a444e4eff4
--- /dev/null
+++ b/crypto/openssh/.github/setup_ci.sh
@@ -0,0 +1,115 @@
+#!/bin/sh
+
+case $(./config.guess) in
+*-darwin*)
+ brew install automake
+ exit 0
+ ;;
+esac
+
+TARGETS=$@
+
+PACKAGES=""
+INSTALL_FIDO_PPA="no"
+
+#echo "Setting up for '$TARGETS'"
+
+set -ex
+
+lsb_release -a
+
+if [ "${TARGETS}" = "kitchensink" ]; then
+ TARGETS="kerberos5 libedit pam sk selinux"
+fi
+
+for TARGET in $TARGETS; do
+ case $TARGET in
+ default|without-openssl|without-zlib|c89)
+ # nothing to do
+ ;;
+ kerberos5)
+ PACKAGES="$PACKAGES heimdal-dev"
+ #PACKAGES="$PACKAGES libkrb5-dev"
+ ;;
+ libedit)
+ PACKAGES="$PACKAGES libedit-dev"
+ ;;
+ *pam)
+ PACKAGES="$PACKAGES libpam0g-dev"
+ ;;
+ sk)
+ INSTALL_FIDO_PPA="yes"
+ PACKAGES="$PACKAGES libfido2-dev libu2f-host-dev libcbor-dev"
+ ;;
+ selinux)
+ PACKAGES="$PACKAGES libselinux1-dev selinux-policy-dev"
+ ;;
+ hardenedmalloc)
+ INSTALL_HARDENED_MALLOC=yes
+ ;;
+ openssl-noec)
+ INSTALL_OPENSSL=OpenSSL_1_1_1k
+ SSLCONFOPTS="no-ec"
+ ;;
+ openssl-*)
+ INSTALL_OPENSSL=$(echo ${TARGET} | cut -f2 -d-)
+ case ${INSTALL_OPENSSL} in
+ 1.*) INSTALL_OPENSSL="OpenSSL_$(echo ${INSTALL_OPENSSL} | tr . _)" ;;
+ 3.*) INSTALL_OPENSSL="openssl-${INSTALL_OPENSSL}" ;;
+ esac
+ PACKAGES="${PACKAGES} putty-tools"
+ ;;
+ libressl-*)
+ INSTALL_LIBRESSL=$(echo ${TARGET} | cut -f2 -d-)
+ case ${INSTALL_LIBRESSL} in
+ master) ;;
+ *) INSTALL_LIBRESSL="v$(echo ${TARGET} | cut -f2 -d-)" ;;
+ esac
+ PACKAGES="${PACKAGES} putty-tools"
+ ;;
+ valgrind*)
+ PACKAGES="$PACKAGES valgrind"
+ ;;
+ *) echo "Invalid option '${TARGET}'"
+ exit 1
+ ;;
+ esac
+done
+
+if [ "yes" = "$INSTALL_FIDO_PPA" ]; then
+ sudo apt update -qq
+ sudo apt install software-properties-common
+ sudo apt-add-repository ppa:yubico/stable
+fi
+
+if [ "x" != "x$PACKAGES" ]; then
+ sudo apt update -qq
+ sudo apt install -qy $PACKAGES
+fi
+
+if [ "${INSTALL_HARDENED_MALLOC}" = "yes" ]; then
+ (cd ${HOME} &&
+ git clone https://github.com/GrapheneOS/hardened_malloc.git &&
+ cd ${HOME}/hardened_malloc &&
+ make -j2 && sudo cp libhardened_malloc.so /usr/lib/)
+fi
+
+if [ ! -z "${INSTALL_OPENSSL}" ]; then
+ (cd ${HOME} &&
+ git clone https://github.com/openssl/openssl.git &&
+ cd ${HOME}/openssl &&
+ git checkout ${INSTALL_OPENSSL} &&
+ ./config no-threads shared ${SSLCONFOPTS} \
+ --prefix=/opt/openssl &&
+ make && sudo make install_sw)
+fi
+
+if [ ! -z "${INSTALL_LIBRESSL}" ]; then
+ (mkdir -p ${HOME}/libressl && cd ${HOME}/libressl &&
+ git clone https://github.com/libressl-portable/portable.git &&
+ cd ${HOME}/libressl/portable &&
+ git checkout ${INSTALL_LIBRESSL} &&
+ sh update.sh && sh autogen.sh &&
+ ./configure --prefix=/opt/libressl &&
+ make -j2 && sudo make install)
+fi
diff --git a/crypto/openssh/.github/workflows/c-cpp.yml b/crypto/openssh/.github/workflows/c-cpp.yml
new file mode 100644
index 000000000000..289b18b7f621
--- /dev/null
+++ b/crypto/openssh/.github/workflows/c-cpp.yml
@@ -0,0 +1,76 @@
+name: C/C++ CI
+
+on:
+ push:
+ branches: [ master, ci ]
+ pull_request:
+ branches: [ master ]
+
+jobs:
+ ci:
+ if: github.repository != 'openssh/openssh-portable-selfhosted'
+ strategy:
+ fail-fast: false
+ matrix:
+ # First we test all OSes in the default configuration.
+ os: [ubuntu-20.04, ubuntu-18.04, macos-10.15, macos-11.0]
+ configs: [default]
+ # Then we include any extra configs we want to test for specific VMs.
+ # Valgrind slows things down quite a bit, so start them first.
+ include:
+ - { os: ubuntu-20.04, configs: valgrind-1 }
+ - { os: ubuntu-20.04, configs: valgrind-2 }
+ - { os: ubuntu-20.04, configs: valgrind-3 }
+ - { os: ubuntu-20.04, configs: valgrind-4 }
+ - { os: ubuntu-20.04, configs: valgrind-unit }
+ - { os: ubuntu-20.04, configs: c89 }
+ - { os: ubuntu-20.04, configs: pam }
+ - { os: ubuntu-20.04, configs: kitchensink }
+ - { os: ubuntu-20.04, configs: hardenedmalloc }
+ - { os: ubuntu-latest, configs: libressl-master }
+ - { os: ubuntu-latest, configs: libressl-2.2.9 }
+ - { os: ubuntu-latest, configs: libressl-2.8.3 }
+ - { os: ubuntu-latest, configs: libressl-3.0.2 }
+ - { os: ubuntu-latest, configs: libressl-3.2.5 }
+ - { os: ubuntu-latest, configs: openssl-master }
+ - { os: ubuntu-latest, configs: openssl-noec }
+ - { os: ubuntu-latest, configs: openssl-1.0.1 }
+ - { os: ubuntu-latest, configs: openssl-1.0.1u }
+ - { os: ubuntu-latest, configs: openssl-1.0.2u }
+ - { os: ubuntu-latest, configs: openssl-1.1.0h }
+ - { os: ubuntu-latest, configs: openssl-1.1.1 }
+ - { os: ubuntu-latest, configs: openssl-1.1.1k }
+ - { os: ubuntu-18.04, configs: pam }
+ - { os: ubuntu-18.04, configs: kerberos5 }
+ - { os: ubuntu-18.04, configs: libedit }
+ - { os: ubuntu-18.04, configs: sk }
+ - { os: ubuntu-18.04, configs: selinux }
+ - { os: ubuntu-18.04, configs: kitchensink }
+ - { os: ubuntu-18.04, configs: without-openssl }
+ - { os: macos-10.15, configs: pam }
+ - { os: macos-11.0, configs: pam }
+ runs-on: ${{ matrix.os }}
+ steps:
+ - uses: actions/checkout@v2
+ - name: setup CI system
+ run: ./.github/setup_ci.sh ${{ matrix.configs }}
+ - name: autoreconf
+ run: autoreconf
+ - name: configure
+ run: ./.github/configure.sh ${{ matrix.configs }}
+ - name: make
+ run: make -j2
+ - name: make tests
+ run: ./.github/run_test.sh ${{ matrix.configs }}
+ env:
+ TEST_SSH_UNSAFE_PERMISSIONS: 1
+ - name: save logs
+ if: failure()
+ uses: actions/upload-artifact@v2
+ with:
+ name: ${{ matrix.os }}-${{ matrix.configs }}-logs
+ path: |
+ config.h
+ config.log
+ regress/*.log
+ regress/valgrind-out/
diff --git a/crypto/openssh/.github/workflows/selfhosted.yml b/crypto/openssh/.github/workflows/selfhosted.yml
new file mode 100644
index 000000000000..df6eca714fb5
--- /dev/null
+++ b/crypto/openssh/.github/workflows/selfhosted.yml
@@ -0,0 +1,93 @@
+name: C/C++ CI self-hosted
+
+on:
+ push:
+ branches: [ master, ci ]
+
+jobs:
+ selfhosted:
+ if: github.repository == 'openssh/openssh-portable-selfhosted'
+ runs-on: ${{ matrix.os }}
+ env:
+ TARGET_HOST: ${{ matrix.os }}
+ strategy:
+ fail-fast: false
+ # We use a matrix in two parts: firstly all of the VMs are tested with the
+ # default config. "os" corresponds to a label associated with the worker.
+ matrix:
+ os:
+ - ARM64
+ - bbone
+ - dfly30
+ - dfly48
+ - dfly58
+ - dfly60
+ - fbsd6
+ - fbsd10
+ - fbsd12
+ - fbsd13
+ - hurd
+ - minix3
+ # - nbsd2
+ - nbsd3
+ - nbsd4
+ - nbsd8
+ - nbsd9
+ - obsd51
+ - obsd67
+ - obsd68
+ - obsd69
+ - obsdsnap
+ - openindiana
+ # - rocky84
+ - sol10
+ - sol11
+ - win10
+ configs:
+ - default
+ # Then we include any extra configs we want to test for specific VMs.
+ include:
+ - { os: ARM64, configs: pam }
+ - { os: dfly30, configs: without-openssl}
+ - { os: dfly48, configs: pam }
+ - { os: dfly58, configs: pam }
+ - { os: dfly60, configs: pam }
+ - { os: fbsd6, configs: pam }
+ - { os: fbsd10, configs: pam }
+ - { os: fbsd12, configs: pam }
+ - { os: fbsd13, configs: pam }
+ - { os: nbsd8, configs: pam }
+ - { os: nbsd9, configs: pam }
+ - { os: openindiana, configs: pam }
+ # - { os: rocky84, configs: pam }
+ - { os: sol10, configs: pam }
+ - { os: sol11, configs: pam-krb5 }
+ - { os: sol11, configs: sol64 }
+ # - { os: sol11, configs: sol64-pam }
+ steps:
+ - uses: actions/checkout@v2
+ - name: autoreconf
+ run: autoreconf
+ - name: shutdown VM if running
+ run: vmshutdown
+ - name: startup VM
+ run: vmstartup
+ - name: configure
+ run: vmrun ./.github/configure.sh ${{ matrix.configs }}
+ - name: make
+ run: vmrun make
+ - name: make tests
+ run: vmrun ./.github/run_test.sh ${{ matrix.configs }}
+ - name: save logs
+ if: failure()
+ uses: actions/upload-artifact@v2
+ with:
+ name: ${{ matrix.os }}-${{ matrix.configs }}-logs
+ path: |
+ config.h
+ config.log
+ regress/*.log
+ regress/valgrind-out/
+ - name: shutdown VM
+ if: always()
+ run: vmshutdown
diff --git a/crypto/openssh/.github/workflows/upstream.yml b/crypto/openssh/.github/workflows/upstream.yml
new file mode 100644
index 000000000000..f0493c12d7d5
--- /dev/null
+++ b/crypto/openssh/.github/workflows/upstream.yml
@@ -0,0 +1,43 @@
+name: Upstream self-hosted
+
+on:
+ push:
+ branches: [ master, ci ]
+
+jobs:
+ selfhosted:
+ if: github.repository == 'openssh/openssh-portable-selfhosted'
+ runs-on: ${{ matrix.os }}
+ env:
+ TARGET_HOST: ${{ matrix.os }}
+ strategy:
+ fail-fast: false
+ matrix:
+ os: [ obsdsnap, obsdsnap-i386, obsd69, obsd68 ]
+ configs: [ default, without-openssl ]
+ steps:
+ - uses: actions/checkout@v2
+ - name: shutdown VM if running
+ run: vmshutdown
+ - name: startup VM
+ run: vmstartup
+ - name: update source
+ run: vmrun "cd /usr/src && cvs up -dPA usr.bin/ssh regress/usr.bin/ssh"
+ - name: make clean
+ run: vmrun "cd /usr/src/usr.bin/ssh && make obj && make clean"
+ - name: make
+ run: vmrun "cd /usr/src/usr.bin/ssh && if test '${{ matrix.configs }}' = 'without-openssl'; then make OPENSSL=no; else make; fi"
+ - name: make install
+ run: vmrun "cd /usr/src/usr.bin/ssh && sudo make install"
+ - name: make tests
+ run: vmrun "cd /usr/src/regress/usr.bin/ssh && make obj && make clean && if test '${{ matrix.configs }}' = 'without-openssl'; then make SUDO=sudo OPENSSL=no; else make SUDO=sudo; fi"
+ - name: save logs
+ if: failure()
+ uses: actions/upload-artifact@v2
+ with:
+ name: ${{ matrix.os }}-${{ matrix.configs }}-logs
+ path: |
+ /usr/obj/regress/usr.bin/ssh/*.log
+ - name: shutdown VM
+ if: always()
+ run: vmshutdown
diff --git a/crypto/openssh/.gitignore b/crypto/openssh/.gitignore
index 650eb3c3c90c..5e4ae5a60d06 100644
--- a/crypto/openssh/.gitignore
+++ b/crypto/openssh/.gitignore
@@ -2,8 +2,11 @@ Makefile
buildpkg.sh
config.h
config.h.in
+config.h.in~
+config.log
config.status
configure
+aclocal.m4
openbsd-compat/Makefile
openbsd-compat/regress/Makefile
openssh.xml
@@ -11,6 +14,8 @@ opensshd.init
survey.sh
**/*.0
**/*.o
+**/*.lo
+**/*.so
**/*.out
**/*.a
autom4te.cache/
@@ -24,5 +29,8 @@ ssh-keygen
ssh-keyscan
ssh-keysign
ssh-pkcs11-helper
+ssh-sk-helper
sshd
!regress/misc/fuzz-harness/Makefile
+!regress/unittests/sshsig/Makefile
+tags
diff --git a/crypto/openssh/.skipped-commit-ids b/crypto/openssh/.skipped-commit-ids
index f1b3b7640a3f..1de78172232a 100644
--- a/crypto/openssh/.skipped-commit-ids
+++ b/crypto/openssh/.skipped-commit-ids
@@ -5,6 +5,24 @@ fa728823ba21c4b45212750e1d3a4b2086fd1a62 more Makefile refactoring
1de0e85522051eb2ffa00437e1885e9d7b3e0c2e moduli update
814b2f670df75759e1581ecef530980b2b3d7e0f remove redundant make defs
04431e8e7872f49a2129bf080a6b73c19d576d40 moduli update
+c07772f58028fda683ee6abd41c73da3ff70d403 moduli update
+db6375fc302e3bdf07d96430c63c991b2c2bd3ff moduli update
+5ea3d63ab972691f43e9087ab5fd8376d48e898f uuencode.c Makefile accident
+99dd10e72c04e93849981d43d64c946619efa474 include sshbuf-misc.c
+9e1c23476bb845f3cf3d15d9032da3ed0cb2fcf5 sshbuf-misc.c in regress
+569f08445c27124ec7c7f6c0268d844ec56ac061 Makefile tweaks for !openssl
+58ec755be4e51978ecfee73539090eb68652a987 moduli update
+4bd5551b306df55379afe17d841207990eb773bf Makefile.inc
+14806a59353152f843eb349e618abbf6f4dd3ada Makefile.inc
+8ea4455a2d9364a0a04f9e4a2cbfa4c9fcefe77e Makefile.inc
+d9b910e412d139141b072a905e66714870c38ac0 Makefile.inc
+7b7b619c1452a459310b0cf4391c5757c6bdbc0f moduli update
+5010ff08f7ad92082e87dde098b20f5c24921a8f moduli regen script update
+3bcae7a754db3fc5ad3cab63dd46774edb35b8ae moduli regen script update
+52ff0e3205036147b2499889353ac082e505ea54 moduli update
+07b5031e9f49f2b69ac5e85b8da4fc9e393992a0 Makefile.inc
+cc12a9029833d222043aecd252d654965c351a69 moduli-gen Makefile
+7ac6c252d2a5be8fbad4c66d9d35db507c9dac5b moduli update
Old upstream tree:
diff --git a/crypto/openssh/CREDITS b/crypto/openssh/CREDITS
index 43be5e5f26d5..6cc3512515eb 100644
--- a/crypto/openssh/CREDITS
+++ b/crypto/openssh/CREDITS
@@ -33,7 +33,7 @@ David Agraz <dagraz@jahoopa.com> - Build fixes
David Del Piero <David.DelPiero@qed.qld.gov.au> - bug fixes
David Hesprich <darkgrue@gue-tech.org> - Configure fixes
David Rankin <drankin@bohemians.lexington.ky.us> - libwrap, AIX, NetBSD fixes
-Dag-Erling Smørgrav <des at freebsd.org> - Challenge-Response PAM code.
+Dag-Erling Smørgrav <des at freebsd.org> - Challenge-Response PAM code.
Dhiraj Gulati <dgulati@sco.com> - UnixWare long passwords
Ed Eden <ede370@stl.rural.usda.gov> - configure fixes
Garrick James <garrick@james.net> - configure fixes
diff --git a/crypto/openssh/ChangeLog b/crypto/openssh/ChangeLog
index 0307f62e0557..288e90bbfe51 100644
--- a/crypto/openssh/ChangeLog
+++ b/crypto/openssh/ChangeLog
@@ -1,9706 +1,13703 @@
-commit aede1c34243a6f7feae2fb2cb686ade5f9be6f3d
+commit e1a596186c81e65a34ce13076449712d3bf97eb4
Author: Damien Miller <djm@mindrot.org>
-Date: Wed Oct 17 11:01:20 2018 +1100
+Date: Fri Aug 20 14:03:49 2021 +1000
- Require OpenSSL 1.1.x series 1.1.0g or greater
+ depend
+
+commit 5450606c8f7f7a0d70211cea78bc2dab74ab35d1
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Aug 20 13:59:43 2021 +1000
+
+ update version numbers
+
+commit feee2384ab8d694c770b7750cfa76a512bdf8246
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri Aug 20 03:22:55 2021 +0000
+
+ upstream: openssh-8.7
- Previous versions have a bug with EVP_CipherInit() when passed a
- NULL EVP_CIPHER, per https://github.com/openssl/openssl/pull/4613
+ OpenBSD-Commit-ID: 8769dff0fd76ae3193d77bf83b439adee0f300cd
+
+commit 9a2ed62173cc551b2b5f479460bb015b19499de8
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Fri Aug 20 10:48:13 2021 +1000
+
+ Also check pid in pselect_notify_setup.
- ok dtucker@
+ Spotted by djm@.
-commit 08300c211409c212e010fe2e2f2883e573a04ce2
-Author: Damien Miller <djm@mindrot.org>
-Date: Wed Oct 17 08:12:02 2018 +1100
+commit deaadcb93ca15d4f38aa38fb340156077792ce87
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Fri Aug 20 08:39:33 2021 +1000
+
+ Prefix pselect functions to clarify debug messages
+
+commit 10e45654cff221ca60fd35ee069df67208fcf415
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Fri Aug 20 08:30:42 2021 +1000
- unbreak compilation with --with-ssl-engine
+ Fix race in pselect replacement code.
+
+ On the second and subsequent calls to pselect the notify_pipe was not
+ added to the select readset, opening up a race that om G. Christensen
+ discovered on multiprocessor Solaris <=9 systems.
- Missing last argument to OPENSSL_init_crypto()
+ Also reinitialize notify_pipe if the pid changes. This will prevent a
+ parent and child from using the same FD, although this is not an issue
+ in the current structure it might be in future.
-commit 1673274aee67ce0eb6f00578b6f3d2bcbd58f937
+commit 464ba22f1e38d25402e5ec79a9b8d34a32df5a3f
Author: Darren Tucker <dtucker@dtucker.net>
-Date: Tue Oct 16 14:45:57 2018 +1100
+Date: Wed Aug 18 12:51:30 2021 +1000
- Remove gcc spectre mitigation flags.
+ Check compiler for c99 declarations after code.
- Current impementions of the gcc spectre mitigation flags cause
- miscompilations when combined with other flags and do not provide much
- protection. Found by fweimer at redhat.com, ok djm@
+ The sntrup761 reference code contains c99-style declarations after code
+ so don't try to build that if the compiler doesn't support it.
-commit 4e23deefd7959ef83c73ed9cce574423438f6133
-Author: Damien Miller <djm@mindrot.org>
-Date: Tue Oct 16 10:51:52 2018 +1100
+commit 7d878679a4b155a359d32104ff473f789501748d
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Tue Aug 17 15:12:04 2021 +1000
- Avoid deprecated OPENSSL_config when using 1.1.x
+ Remove trailing backslash on regress-unit-binaries
+
+commit b71b2508f17c68c5d9dbbe537686d81cedb9a781
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Tue Aug 17 07:59:27 2021 +1000
+
+ Put stdint.h inside HAVE_STDINT_H.
- OpenSSL 1.1.x soft-deprecated OPENSSL_config in favour of
- OPENSSL_init_crypto; pointed out by Jakub Jelen
+ From Tom G. Christensen.
-commit 797cdd9c8468ed1125ce60d590ae3f1397866af4
+commit 6a24567a29bd7b4ab64e1afad859ea845cbc6b8c
Author: Darren Tucker <dtucker@dtucker.net>
-Date: Fri Oct 12 16:58:47 2018 +1100
+Date: Mon Aug 16 14:13:02 2021 +1000
- Don't avoid our *sprintf replacements.
+ Improve github test driver script.
- Don't let systems with broken printf(3) avoid our replacements
- via asprintf(3)/vasprintf(3) calling libc internally. From djm@
+ - use a trap to always output any failed regress logs (since the script
+ sets -e, the existing log output is never invoked).
+ - pass LTESTS and SKIP_LTESTS when re-running with sshd options (eg.
+ UsePAM).
-commit e526127cbd2f8ad88fb41229df0c9b850c722830
+commit b467cf13705f59ed348b620722ac098fe31879b7
Author: Darren Tucker <dtucker@dtucker.net>
-Date: Fri Oct 12 16:43:35 2018 +1100
+Date: Mon Aug 16 11:32:23 2021 +1000
- Check if snprintf understands %zu.
+ Remove deprecated ubuntu-16.04 test targets.
- If the platforms snprintf and friends don't understand %zu, use the
- compat replacement. Prevents segfaults on those platforms.
+ Github has deprecated ubuntu-16.04 and it will be removed on 20
+ September.
-commit cf39f875191708c5f2f1a3c1c9019f106e74aea3
-Author: Damien Miller <djm@mindrot.org>
-Date: Fri Oct 12 09:48:05 2018 +1100
+commit 20e6eefcdf78394f05e453d456c1212ffaa6b6a4
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Sun Aug 15 23:25:26 2021 +1000
- remove stale link, tweak
+ Skip agent ptrace test on hurd.
-commit a7205e68decf7de2005810853b4ce6b222b65e2a
-Author: Damien Miller <djm@mindrot.org>
-Date: Fri Oct 12 09:47:20 2018 +1100
+commit 7c9115bbbf958fbf85259a061c1122e2d046aabf
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Sun Aug 15 19:37:22 2021 +1000
+
+ Add hurd test target.
+
+commit 7909a566f6c6a78fcd30708dc49f4e4f9bb80ce3
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Sun Aug 15 12:45:10 2021 +1000
+
+ Skip scp3 tests on all dfly58 and 60 configs.
- update version numbers ahead of release
+commit e65198e52cb03534e8c846d1bca74c310b1526de
+Author: Tim Rice <tim@multitalents.net>
+Date: Sat Aug 14 13:08:07 2021 -0700
+
+ openbsd-compat/openbsd-compat.h: put bsd-signal.h before bsd-misc.h
+ to get sigset_t from signal.h needed for the pselect replacement.
+
+commit e50635640f79920d9375e0155cb3f4adb870eee5
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Fri Aug 13 13:21:00 2021 +1000
-commit 1a4a9cf80f5b92b9d1dadd0bfa8867c04d195391
+ Test OpenSSH from OpenBSD head on 6.8 and 6.9.
+
+commit e0ba38861c490c680117b7fe0a1d61a181cd00e7
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Fri Aug 13 13:00:14 2021 +1000
+
+ Skip scp3 test on dragonfly 58 and 60.
+
+ The tests hang, so skip until we figure them out.
+
+commit dcce2a2bcf007bf817a2fb0dce3db83fa9201e92
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Thu Oct 11 03:48:04 2018 +0000
+Date: Thu Aug 12 23:59:25 2021 +0000
- upstream: don't send new-style rsa-sha2-*-cert-v01@openssh.com names to
+ upstream: mention that CASignatureAlgorithms accepts +/- similarly to
- older OpenSSH that can't handle them. spotted by Adam Eijdenberg; ok dtucker
+ the other algorithm list directives; ok jmc bz#3335
- OpenBSD-Commit-ID: 662bbc402e3d7c9b6c322806269698106a6ae631
+ OpenBSD-Commit-ID: 0d46b53995817052c78e2dce9dbd133963b073d9
-commit dc8ddcdf1a95e011c263486c25869bb5bf4e30ec
-Author: Damien Miller <djm@mindrot.org>
-Date: Thu Oct 11 13:08:59 2018 +1100
+commit 090a82486e5d7a8f7f16613d67e66a673a40367f
+Author: schwarze@openbsd.org <schwarze@openbsd.org>
+Date: Thu Aug 12 09:59:00 2021 +0000
+
+ upstream: In the editline(3) branch of the sftp(1) event loop,
+
+ handle SIGINT rather than ignoring it, such that the user can use Ctrl-C to
+ discard the currently edited command line and get a fresh prompt, just like
+ in ftp(1), bc(1), and in shells.
+
+ It is critical to not use ssl_signal() for this particular case
+ because that function unconditionally sets SA_RESTART, but here we
+ need the signal to interrupt the read(2) in the el_gets(3) event loop.
+
+ OK dtucker@ deraadt@
+
+ OpenBSD-Commit-ID: 8025115a773f52e9bb562eaab37ea2e021cc7299
- update depends
+commit e1371e4f58404d6411d9f95eb774b444cea06a26
+Author: naddy@openbsd.org <naddy@openbsd.org>
+Date: Wed Aug 11 14:07:54 2021 +0000
-commit 26841ac265603fd2253e6832e03602823dbb4022
-Author: Damien Miller <djm@mindrot.org>
-Date: Thu Oct 11 13:02:11 2018 +1100
+ upstream: scp: tweak man page and error message for -3 by default
+
+ Now that the -3 option is enabled by default, flip the documentation
+ and error message logic from "requires -3" to "blocked by -R".
+
+ ok djm@
+
+ OpenBSD-Commit-ID: a872592118444fb3acda5267b2a8c3d4c4252020
- some more duplicated key algorithm lines
+commit 49f46f6d77328a3d10a758522b670a3e8c2235e7
+Author: naddy@openbsd.org <naddy@openbsd.org>
+Date: Wed Aug 11 14:05:19 2021 +0000
+
+ upstream: scp: do not spawn ssh with two -s flags for
+
+ remote-to-remote copies
- From Adam Eijdenberg
+ Do not add another "-s" to the argument vector every time an SFTP
+ connection is initiated. Instead, introduce a subsystem flag to
+ do_cmd() and add "-s" when the flag is set.
+
+ ok djm@
+
+ OpenBSD-Commit-ID: 25df69759f323661d31b2e1e790faa22e27966c1
-commit 5d9d17603bfbb620195a4581025052832b4c4adc
-Author: Damien Miller <djm@mindrot.org>
-Date: Thu Oct 11 11:56:36 2018 +1100
+commit 2a2cd00783e1da45ee730b7f453408af1358ef5b
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Wed Aug 11 08:55:04 2021 +0000
- fix duplicated algorithm specification lines
+ upstream: test -Oprint-pubkey
- Spotted by Adam Eijdenberg
+ OpenBSD-Regress-ID: 3d51afb6d1f287975fb6fddd7a2c00a3bc5094e0
-commit ebfafd9c7a5b2a7fb515ee95dbe0e44e11d0a663
+commit b9f4635ea5bc33ed5ebbacf332d79bae463b0f54
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Thu Oct 11 00:52:46 2018 +0000
+Date: Wed Aug 11 08:54:17 2021 +0000
- upstream: typo in plain RSA algorithm counterpart names for
+ upstream: when verifying sshsig signatures, support an option
- certificates; spotted by Adam Eijdenberg; ok dtucker@
+ (-Oprint-pubkey) to dump the full public key to stdout; based on patch from
+ Fabian Stelzer; ok markus@
- OpenBSD-Commit-ID: bfcdeb6f4fc9e7607f5096574c8f118f2e709e00
+ OpenBSD-Commit-ID: 0598000e5b9adfb45d42afa76ff80daaa12fc3e2
-commit c29b111e7d87c2324ff71c80653dd8da168c13b9
-Author: Damien Miller <djm@mindrot.org>
-Date: Thu Oct 11 11:29:35 2018 +1100
+commit 750c1a45ba4e8ad63793d49418a0780e77947b9b
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Wed Aug 11 05:21:32 2021 +0000
+
+ upstream: oops, missed one more %p
+
+ OpenBSD-Commit-ID: e7e62818d1564cc5cd9086eaf7a51cbd1a9701eb
- check pw_passwd != NULL here too
+commit b5aa27b69ab2e1c13ac2b5ad3f8f7d389bad7489
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Wed Aug 11 05:20:17 2021 +0000
+
+ upstream: remove a bunch of %p in format strings; leftovers of
- Again, for systems with broken NIS implementations.
+ debuggings past. prompted by Michael Forney, ok dtucker@
- Prompted by coolbugcheckers AT gmail.com
+ OpenBSD-Commit-ID: 4853a0d6c9cecaba9ecfcc19066e52d3a8dcb2ac
-commit fe8e8f349a553ef4c567acd418aac769a82b7729
-Author: Damien Miller <djm@mindrot.org>
-Date: Thu Oct 11 11:03:15 2018 +1100
+commit 419aa01123db5ff5dbc68b2376ef23b222862338
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Wed Aug 11 09:21:09 2021 +1000
- check for NULL return from shadow_pw()
+ Add includes.h to compat tests.
- probably unreachable on this platform; pointed out by
- coolbugcheckers AT gmail.com
+ On platforms where closefrom returns void (eg glibc>=2.34) the prototype
+ for closefrom in its compat tests would cause compile errors. Remove
+ this and have the tests pull in the compat headers in the same way as
+ the main code. bz#3336.
-commit acc59cbe7a1fb169e1c3caba65a39bd74d6e030d
-Author: deraadt@openbsd.org <deraadt@openbsd.org>
-Date: Wed Oct 10 16:43:49 2018 +0000
+commit 931f592f26239154eea3eb35a086585897b1a185
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Tue Aug 10 03:35:45 2021 +0000
- upstream: introducing openssh 7.9
+ upstream: adapt to scp -M flag change; make scp3.sh test SFTP mode too
- OpenBSD-Commit-ID: 42d526a9fe01a40dd299ac58014d3349adf40e25
+ OpenBSD-Regress-ID: 43fea26704a0f0b962b53c1fabcb68179638f9c0
-commit 12731158c75c8760a8bea06350eeb3e763fe1a07
-Author: Damien Miller <djm@mindrot.org>
-Date: Thu Oct 11 10:29:29 2018 +1100
+commit 391ca67fb978252c48d20c910553f803f988bd37
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Tue Aug 10 03:33:34 2021 +0000
- supply callback to PEM_read_bio_PrivateKey
+ upstream: Prepare for a future where scp(1) uses the SFTP protocol by
- OpenSSL 1.1.0i has changed the behaviour of their PEM APIs,
- so that empty passphrases are interpreted differently. This
- probabalistically breaks loading some keys, because the PEM format
- is terrible and doesn't include a proper MAC.
+ default. Replace recently added -M option to select the protocol with -O
+ (olde) and -s (SFTP) flags, and label the -s flag with a clear warning that
+ it will be removed in the near future (so no, don't use it in scripts!).
- Avoid this by providing a basic callback to avoid passing empty
- passphrases to OpenSSL in cases where one is required.
+ prompted by/feedback from deraadt@
- Based on patch from Jakub Jelen in bz#2913; ok dtucker@
+ OpenBSD-Commit-ID: 92ad72cc6f0023c9be9e316d8b30eb6d8d749cfc
-commit d1d301a1dd5d6cc3a9ed93ab7ab09dda4cb456e0
-Author: Damien Miller <djm@mindrot.org>
-Date: Wed Oct 10 14:57:00 2018 +1100
+commit bfdd4b722f124a4fa9173d20dd64dd0fc69856be
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Mon Aug 9 23:56:36 2021 +0000
- in pick_salt() avoid dereference of NULL passwords
+ upstream: make scp -3 the default for remote-to-remote copies. It
+
+ provides a much better and more intuitive user experience and doesn't require
+ exposing credentials to the source host.
- Apparently some NIS implementations can leave pw->pw_passwd (or the
- shadow equivalent) NULL.
+ thanks naddy@ for catching the missing argument in usage()
- bz#2909; based on patch from Todd Eigenschink
+ "Yes please!" - markus@
+ "makes a lot of sense" - deraadt@
+ "the right thing to do" - dtucker@
+
+ OpenBSD-Commit-ID: d0d2af5f0965c5192ba5b2fa461c9f9b130e5dd9
-commit edbb6febccee084d212fdc0cb05b40cb1c646ab1
+commit 2f7a3b51cef689ad9e93d0c6c17db5a194eb5555
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Tue Oct 9 05:42:23 2018 +0000
+Date: Mon Aug 9 23:49:31 2021 +0000
- upstream: Treat all PEM_read_bio_PrivateKey() errors when a passphrase
+ upstream: make scp in SFTP mode try to use relative paths as much
+
+ as possible. Previosuly, it would try to make relative and ~/-rooted paths
+ absolute before requesting transfers.
- is specified as "incorrect passphrase" instead of trying to choose between
- that and "invalid format".
+ prompted by and much discussion deraadt@
+ ok markus@
- libcrypto can return ASN1 parsing errors rather than the expected
- decrypt error in certain infrequent cases when trying to decrypt/parse
- PEM private keys when supplied with an invalid passphrase.
+ OpenBSD-Commit-ID: 46639d382ea99546a4914b545fa7b00fa1be5566
+
+commit 2ab864010e0a93c5dd95116fb5ceaf430e2fc23c
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Mon Aug 9 23:47:44 2021 +0000
+
+ upstream: SFTP protocol extension to allow the server to expand
- Report and repro recipe from Thomas Deutschmann in bz#2901
+ ~-prefixed paths, in particular ~user ones. Allows scp in sftp mode to accept
+ these paths, like scp in rcp mode does.
+ prompted by and much discussion deraadt@
ok markus@
- OpenBSD-Commit-ID: b1d4cd92395f9743f81c0d23aab2524109580870
+ OpenBSD-Commit-ID: 7d794def9e4de348e1e777f6030fc9bafdfff392
-commit 2581333d564d8697837729b3d07d45738eaf5a54
-Author: naddy@openbsd.org <naddy@openbsd.org>
-Date: Fri Oct 5 14:26:09 2018 +0000
+commit 41b019ac067f1d1f7d99914d0ffee4d2a547c3d8
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Mon Aug 9 23:44:32 2021 +0000
- upstream: Support using service names for port numbers.
+ upstream: when scp is in SFTP mode, try to deal better with ~
- * Try to resolve a port specification with getservbyname(3) if a
- numeric conversion fails.
- * Make the "Port" option in ssh_config handle its argument as a
- port rather than a plain integer.
+ prefixed paths. ~user paths aren't supported, but ~/ paths will be accepted
+ and prefixed with the SFTP server starting directory (more to come)
- ok dtucker@ deraadt@
+ prompted by and discussed with deraadt@
+ ok markus@
- OpenBSD-Commit-ID: e7f03633133205ab3dfbc67f9df7475fabae660d
+ OpenBSD-Commit-ID: 263a071f14555c045fd03132a8fb6cbd983df00d
-commit e0d6501e86734c48c8c503f81e1c0926e98c5c4c
+commit b4b3f3da6cdceb3fd168b5fab69d11fba73bd0ae
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Thu Oct 4 07:47:35 2018 +0000
+Date: Mon Aug 9 07:21:01 2021 +0000
- upstream: when the peer sends a channel-close message, make sure we
-
- close the local extended read fd (stderr) along with the regular read fd
- (stdout). Avoids weird stuck processed in multiplexing mode.
+ upstream: on fatal errors, make scp wait for ssh connection before
- Report and analysis by Nelson Elhage and Geoffrey Thomas in bz#2863
+ exiting avoids LogLevel=verbose (or greater) messages from ssh appearing
+ after scp has returned exited and control has returned to the shell; ok
+ markus@
- ok dtucker@ markus@
+ (this was originally committed as r1.223 along with unrelated stuff that
+ I rolled back in r1.224)
- OpenBSD-Commit-ID: a48a2467fe938de4de69d2e7193d5fa701f12ae9
+ OpenBSD-Commit-ID: 1261fd667ad918484889ed3d7aec074f3956a74b
-commit 6f1aabb128246f445e33b8844fad3de9cb1d18cb
+commit 2ae7771749e0b4cecb107f9d4860bec16c3f4245
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Thu Oct 4 01:04:52 2018 +0000
+Date: Mon Aug 9 07:19:12 2021 +0000
- upstream: factor out channel status formatting from
-
- channel_open_message() so we can use it in other debug messages
+ upstream: rever r1.223 - I accidentally committed unrelated changes
- OpenBSD-Commit-ID: 9c3903ca28fcabad57f566c9d0045b41ab7d52ba
+ OpenBSD-Commit-ID: fb73f3865b2647a27dd94db73d6589506a9625f9
-commit f1dd179e122bdfdb7ca3072d9603607740efda05
+commit 986abe94d481a1e82a01747360bd767b96b41eda
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Thu Oct 4 00:10:11 2018 +0000
+Date: Mon Aug 9 07:16:09 2021 +0000
- upstream: include a little more information about the status and
+ upstream: show only the final path component in the progress meter;
- disposition of channel's extended (stderr) fd; makes debugging some things a
- bit easier. No behaviour change.
+ more useful with long paths (that may truncate) and better matches
+ traditional scp behaviour; spotted by naddy@ ok deraadt@
- OpenBSD-Commit-ID: 483eb6467dc7d5dbca8eb109c453e7a43075f7ce
+ OpenBSD-Commit-ID: 26b544d0074f03ebb8a3ebce42317d8d7ee291a3
-commit 2d1428b11c8b6f616f070f2ecedce12328526944
+commit 2b67932bb3176dee4fd447af4368789e04a82b93
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Thu Oct 4 00:04:41 2018 +0000
+Date: Mon Aug 9 07:13:54 2021 +0000
- upstream: explicit_bzero here to be consistent with other kex*.c;
+ upstream: on fatal errors, make scp wait for ssh connection before
- report from coolbugcheckers AT gmail.com
+ exiting avoids LogLevel=verbose (or greater) messages from ssh appearing
+ after scp has returned exited and control has returned to the shell; ok
+ markus@
- OpenBSD-Commit-ID: a90f146c5b5f5b1408700395e394f70b440856cb
+ OpenBSD-Commit-ID: ef9dab5ef5ae54a6a4c3b15d380568e94263456c
-commit 5eff5b858e717e901e6af6596306a114de9f79f2
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Wed Oct 3 06:38:35 2018 +0000
+commit 724eb900ace30661d45db2ba01d0f924d95ecccb
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Sun Aug 8 08:49:09 2021 +0000
- upstream: Allow ssh_config IdentityAgent directive to accept
+ upstream: xstrdup environment variable used by ForwardAgent. bz#3328
- environment variable names as well as explicit paths. ok dtucker@
+ from goetze at dovetail.com, ok djm@ deraadt@
- OpenBSD-Commit-ID: 2f0996e103876c53d8c9dd51dcce9889d700767b
+ OpenBSD-Commit-ID: 760320dac1c3b26904284ba417a7d63fccc5e742
-commit a46ac4d86b25414d78b632e8173578b37e5f8a83
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Tue Oct 2 12:51:58 2018 +0000
+commit 86b4cb3a884846b358305aad17a6ef53045fa41f
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Sun Aug 8 08:27:28 2021 +0000
- upstream: mention INFO@openssh.com for sending SIGINFO
+ upstream: Although it's POSIX, not all shells used in Portable support
- OpenBSD-Commit-ID: 132471eeb0df658210afd27852fe65131b26e900
+ the implicit 'in "$@"' after 'for i'.
+
+ OpenBSD-Regress-ID: 3c9aec6bca4868f85d2742b6ba5223fce110bdbc
-commit ff3a411cae0b484274b7900ef52ff4dad3e12876
-Author: Damien Miller <djm@mindrot.org>
-Date: Tue Oct 2 22:49:40 2018 +1000
+commit f2ccf6c9f395923695f22345e626dfd691227aaf
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Sun Aug 8 17:39:56 2021 +1000
- only support SIGINFO on systems with SIGINFO
+ Move portable specific settings down.
+
+ This brings the top hunk of the file back in sync with OpenBSD
+ so patches to the CVS Id should apply instead of always being
+ rejected.
-commit cd98925c6405e972dc9f211afc7e75e838abe81c
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Tue Oct 2 12:40:07 2018 +0000
+commit 71b0eb997e220b0fc9331635af409ad84979f2af
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Sun Aug 8 07:27:52 2021 +0000
- upstream: Add server support for signalling sessions via the SSH
+ upstream: Move setting of USER further down the startup In portable
- channel/ session protocol. Signalling is only supported to sesssions that are
- not subsystems and were not started with a forced command.
+ we have to change this and having it in the same hunk as the CVS Id string
+ means applying changes fails every. single. time.
- Long requested in bz#1424
+ OpenBSD-Regress-ID: 87cd603eb6db58c9b430bf90adacb7f90864429b
+
+commit f0aca2706c710a0da1a4be705f825a807cd15400
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Sun Aug 8 06:38:33 2021 +0000
+
+ upstream: Drop -q in ssh-log-wrapper.sh to preserve logs.
+
+ scp and sftp like to add -q to the command line passed to ssh which
+ overrides the LogLevel we set in the config files and suppresses output
+ to the debug logs so drop any "-q" from the invoked ssh. In the one
+ case where we actually want to use -q in the banner test, call the ssh
+ binary directly bypassing the logging wrapper.
- Based on a patch from markus@ and reworked by dtucker@;
- ok markus@ dtucker@
+ OpenBSD-Regress-ID: e2c97d3c964bda33a751374c56f65cdb29755b75
+
+commit cf27810a649c5cfae60f8ce66eeb25caa53b13bc
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Sat Aug 7 01:57:08 2021 +0000
+
+ upstream: Fix prototype mismatch for do_cmd. ok djm@
- OpenBSD-Commit-ID: 4bea826f575862eaac569c4bedd1056a268be1c3
+ OpenBSD-Commit-ID: 1c1598bb5237a7ae0be99152f185e0071163714d
-commit dba50258333f2604a87848762af07ba2cc40407a
+commit 85de69f64665245786e28c81ab01fe18b0e2a149
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Wed Sep 26 07:32:44 2018 +0000
+Date: Sat Aug 7 01:55:01 2021 +0000
- upstream: remove big ugly TODO comment from start of file. Some of
+ upstream: sftp-client.c needs poll.h
- the mentioned tasks are obsolete and, of the remainder, most are already
- captured in PROTOCOL.mux where they better belong
+ remove unused variable
- OpenBSD-Commit-ID: 16d9d76dee42a5bb651c9d6740f7f0ef68aeb407
+ OpenBSD-Commit-ID: 233ac6c012cd23af62f237167a661db391055a16
+
+commit 397c4d72e50023af5fe3aee5cc2ad407a6eb1073
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Sat Aug 7 11:30:57 2021 +1000
+
+ Include poll.h and friends for struct pollfd.
-commit 92b61a38ee9b765f5049f03cd1143e13f3878905
+commit a9e2c533195f28627f205682482d9da384c4c52e
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Wed Sep 26 07:30:05 2018 +0000
+Date: Sat Aug 7 00:14:17 2021 +0000
- upstream: Document mux proxy mode; added by Markus in openssh-7.4
+ upstream: do_upload() used a near-identical structure for
- Also add a little bit of information about the overall packet format
+ tracking expected status replies from the server to what do_download() was
+ using.
- OpenBSD-Commit-ID: bdb6f6ea8580ef96792e270cae7857786ad84a95
+ Refactor it to use the same structure and factor out some common
+ code into helper functions.
+
+ OpenBSD-Commit-ID: 0c167df8ab6df4a5292c32421922b0cf379e9054
-commit 9d883a1ce4f89b175fd77405ff32674620703fb2
+commit 7b1cbcb7599d9f6a3bbad79d412604aa1203b5ee
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Wed Sep 26 01:48:57 2018 +0000
+Date: Sat Aug 7 00:12:09 2021 +0000
- upstream: s/process_mux_master/mux_master_process/ in mux master
+ upstream: make scp(1) in SFTP mode follow symlinks like
- function names,
+ traditional scp(1) ok markus@
- Gives better symmetry with the existing mux_client_*() names and makes
- it more obvious when a message comes from the master vs client (they
- are interleved in ControlMaster=auto mode).
+ OpenBSD-Commit-ID: 97255e55be37e8e26605e4ba1e69f9781765d231
+
+commit 133b44e500422df68c9c25c3b6de35c0263132f1
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Sat Aug 7 00:10:49 2021 +0000
+
+ upstream: fix incorrect directory permissions on scp -3
- no functional change beyond prefixing a could of log messages with
- __func__ where they were previously lacking.
+ transfers; ok markus@
- OpenBSD-Commit-ID: b01f7c3fdf92692e1713a822a89dc499333daf75
+ OpenBSD-Commit-ID: 64b2abaa5635a2be65ee2e77688ad9bcebf576c2
-commit c2fa53cd6462da82d3a851dc3a4a3f6b920337c8
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Sat Sep 22 14:41:24 2018 +1000
+commit 98b59244ca10e62ff67a420856770cb700164f59
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Sat Aug 7 00:09:57 2021 +0000
- Remove unused variable in _ssh_compat_fflush.
+ upstream: a bit more debugging of file attributes being
+
+ sent/received over the wire
+
+ OpenBSD-Commit-ID: f68c4e207b08ef95200a8b2de499d422808e089b
-commit d1b3540c21212624af907488960d703c7d987b42
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Thu Sep 20 18:08:43 2018 +1000
+commit c677e65365d6f460c084e41e0c4807bb8a9cf601
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Sat Aug 7 00:08:52 2021 +0000
- Import updated moduli.
+ upstream: make scp(1) in SFTP mode output better match original
+
+ scp(1) by suppressing "Retrieving [path]" lines that were emitted to support
+ the interactive sftp(1) client. ok markus@
+
+ OpenBSD-Commit-ID: 06be293df5f156a18f366079be2f33fa68001acc
-commit b5e412a8993ad17b9e1141c78408df15d3d987e1
+commit 48cd39b7a4e5e7c25101c6d1179f98fe544835cd
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Sep 21 12:46:22 2018 +0000
+Date: Sat Aug 7 00:07:18 2021 +0000
- upstream: Allow ssh_config ForwardX11Timeout=0 to disable the
+ upstream: factor out a structure duplicated between downloading
- timeout and allow X11 connections in untrusted mode indefinitely. ok dtucker@
+ and crossloading; ok markus@
- OpenBSD-Commit-ID: ea1ceed3f540b48e5803f933e59a03b20db10c69
+ OpenBSD-Commit-ID: 96eede24d520569232086a129febe342e4765d39
-commit cb24d9fcc901429d77211f274031653476864ec6
+commit 318c06bb04ee21a0cfa6b6022a201eacaa53f388
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Sep 21 12:23:17 2018 +0000
+Date: Sat Aug 7 00:06:30 2021 +0000
- upstream: when compiled with GSSAPI support, cache supported method
+ upstream: use sftp_client crossloading to implement scp -3
- OIDs by calling ssh_gssapi_prepare_supported_oids() regardless of whether
- GSSAPI authentication is enabled in the main config.
+ feedback/ok markus@
- This avoids sandbox violations for configurations that enable GSSAPI
- auth later, e.g.
+ OpenBSD-Commit-ID: 7db4c0086cfc12afc9cfb71d4c2fd3c7e9416ee9
+
+commit de7115b373ba0be3861c65de9b606a3e0e9d29a3
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Sat Aug 7 00:02:41 2021 +0000
+
+ upstream: support for "cross"-loading files/directories, i.e.
- Match user djm
- GSSAPIAuthentication yes
+ downloading from one SFTP server while simultaneously uploading to another.
- bz#2107; ok dtucker@
+ feedback & ok markus@
- OpenBSD-Commit-ID: a5dd42d87c74e27cfb712b15b0f97ab20e0afd1d
+ OpenBSD-Commit-ID: 3982878e29d8df0fa4ddc502f5ff6126ac714235
-commit bbc8af72ba68da014d4de6e21a85eb5123384226
+commit a50bd0367ff2063bbc70a387740a2aa6914de094
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Sep 21 12:20:12 2018 +0000
+Date: Sat Aug 7 00:01:29 2021 +0000
- upstream: In sshkey_in_file(), ignore keys that are considered for
-
- being too short (i.e. SSH_ERR_KEY_LENGTH). These keys will not be considered
- to be "in the file". This allows key revocation lists to contain short keys
- without the entire revocation list being considered invalid.
+ upstream: factor our SSH2_FXP_OPEN calls into their own function;
- bz#2897; ok dtucker
+ "looks fine" markus@
- OpenBSD-Commit-ID: d9f3d857d07194a42ad7e62889a74dc3f9d9924b
+ OpenBSD-Commit-ID: d3dea2153f08855c6d9dacc01973248944adeffb
-commit 383a33d160cefbfd1b40fef81f72eadbf9303a66
+commit e3c0ba05873cf3d3f7d19d595667a251026b2d84
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Sep 21 03:11:36 2018 +0000
+Date: Sat Aug 7 00:00:33 2021 +0000
- upstream: Treat connections with ProxyJump specified the same as ones
+ upstream: prepare for scp -3 implemented via sftp
- with a ProxyCommand set with regards to hostname canonicalisation (i.e. don't
- try to canonicalise the hostname unless CanonicalizeHostname is set to
- 'always').
+ OpenBSD-Commit-ID: 194aac0dd87cb175334b71c2a30623a5ad55bb44
+
+commit 395d8fbdb094497211e1461cf0e2f80af5617e0a
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Fri Aug 6 09:00:18 2021 +0000
+
+ upstream: Make diff invocation more portable.
- Patch from Sven Wegener via bz#2896
+ POSIX does not require diff to have -N, so compare in both directions
+ with just -r, which should catch missing files in either directory.
- OpenBSD-Commit-ID: 527ff501cf98bf65fb4b29ed0cb847dda10f4d37
+ OpenBSD-Regress-ID: 0e2ec8594556a6f369ed5a0a90c6806419b845f7
-commit 0cbed248ed81584129b67c348dbb801660f25a6a
+commit d247a73ce27b460138599648d9c637c6f2b77605
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Thu Sep 20 23:40:16 2018 +0000
+Date: Wed Aug 4 21:28:00 2021 +0000
- upstream: actually make CASignatureAlgorithms available as a config
+ upstream: regression test for scp -3
- option
-
- OpenBSD-Commit-ID: 93fa7ff58314ed7b1ab7744090a6a91232e6ae52
+ OpenBSD-Regress-ID: b44375d125c827754a1f722ec6b6b75b634de05d
-commit 62528870c0ec48cd86a37dd7320fb85886c3e6ee
+commit 35c8e41a6f6d8ad76f8d1cd81ac2ea23d0d993b2
Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date: Thu Sep 20 08:07:03 2018 +0000
+Date: Fri Aug 6 05:04:42 2021 +0000
- upstream: Import updated moduli.
+ upstream: Document "ProxyJump none". bz#3334.
- OpenBSD-Commit-ID: 04431e8e7872f49a2129bf080a6b73c19d576d40
+ OpenBSD-Commit-ID: f78cc6f55731f2cd35c3a41d5352ac1ee419eba7
-commit e6933a2ffa0659d57f3c7b7c457b2c62b2a84613
-Author: jmc@openbsd.org <jmc@openbsd.org>
-Date: Thu Sep 20 06:58:48 2018 +0000
+commit 911ec6411821bda535d09778df7503b92f0eafab
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Wed Aug 4 01:34:55 2021 +0000
- upstream: reorder CASignatureAlgorithms, and add them to the
+ upstream: Allow for different (but POSIX compliant) behaviour of
+
+ basename(3) and prevent a use-after-free in that case in the new sftp-compat
+ code.
+
+ POSIX allows basename(3) to either return a pointer to static storage
+ or modify the passed string and return a pointer to that. OpenBSD does
+ the former and works as is, but on other platforms "filename" points
+ into "tmp" which was just freed. This makes the freeing of tmp
+ consistent with the other variable in the loop.
- various -o lists; ok djm
+ Pinpointed by the -portable Valgrind regress test. ok djm@ deraadt@
- OpenBSD-Commit-ID: ecb88baecc3c54988b4d1654446ea033da359288
+ OpenBSD-Commit-ID: 750f3c19bd4440e4210e30dd5d7367386e833374
-commit aa083aa9624ea7b764d5a81c4c676719a1a3e42b
+commit 6df1fecb5d3e51f3a8027a74885c3a44f6cbfcbd
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Aug 4 11:05:11 2021 +1000
+
+ use openbsd-compat glob.h is required
+
+commit 9ebd1828881dfc9014a344587934a5ce7db6fa1b
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Tue Aug 3 21:03:23 2021 +1000
+
+ Missing space between macro arg and punctuation.
+
+ From jmc@
+
+commit 0fd3f62eddc7cf54dcc9053be6f58998f3eb926a
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Tue Aug 3 21:02:33 2021 +1000
+
+ Avoid lines >80 chars. From jmc@
+
+commit af5d8094d8b755e1daaf2e20ff1dc252800b4c9b
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Thu Sep 20 03:31:49 2018 +0000
+Date: Tue Aug 3 01:05:24 2021 +0000
- upstream: fix "ssh -Q sig" to show correct signature algorithm list
+ upstream: regression tests for scp SFTP protocol support; mostly by
- (it was erroneously showing certificate algorithms); prompted by markus@
+ Jakub Jelen in GHPR#194 ok markus
- OpenBSD-Commit-ID: 1cdee002f2f0c21456979deeb887fc889afb154d
+ OpenBSD-Regress-ID: 36f1458525bcb111741ec8547eaf58b13cddc715
-commit ecac7e1f7add6b28874959a11f2238d149dc2c07
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Thu Sep 20 03:30:44 2018 +0000
+commit e4673b7f67ae7740131a4ecea29a846593049a91
+Author: anton@openbsd.org <anton@openbsd.org>
+Date: Thu Jul 29 15:34:09 2021 +0000
- upstream: add CASignatureAlgorithms option for the client, allowing
+ upstream: Treat doas with arguments as a valid SUDO variable.
- it to specify which signature algorithms may be used by CAs when signing
- certificates. Useful if you want to ban RSA/SHA1; ok markus@
+ Allows one to specify SUDO="doas -n" which I do while running make regress.
- OpenBSD-Commit-ID: 9159e5e9f67504829bf53ff222057307a6e3230f
+ ok dtucker@
+
+ OpenBSD-Regress-ID: 4fe5814b5010dbf0885500d703bea06048d11005
-commit 86e5737c39153af134158f24d0cab5827cbd5852
+commit 197e29f1cca190d767c4b2b63a662f9a9e5da0b3
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Thu Sep 20 03:28:06 2018 +0000
+Date: Mon Aug 2 23:38:27 2021 +0000
- upstream: Add sshd_config CASignatureAlgorithms option to allow
+ upstream: support for using the SFTP protocol for file transfers in
- control over which signature algorithms a CA may use when signing
- certificates. In particular, this allows a sshd to ban certificates signed
- with RSA/SHA1.
+ scp, via a new "-M sftp" option. Marked as experimental for now.
- ok markus@
+ Some corner-cases exist, in particular there is no attempt to
+ provide bug-compatibility with scp's weird "double shell" quoting
+ rules.
+
+ Mostly by Jakub Jelen in GHPR#194 with some tweaks by me. ok markus@
+ Thanks jmc@ for improving the scp.1 bits.
- OpenBSD-Commit-ID: b05c86ef8b52b913ed48d54a9b9c1a7714d96bac
+ OpenBSD-Commit-ID: 6ce4c9157ff17b650ace571c9f7793d92874051c
-commit f80e68ea7d62e2dfafc12f1a60ab544ae4033a0f
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Wed Sep 19 02:03:02 2018 +0000
+commit dd533c7ab79d61a7796b77b64bd81b098e0d7f9f
+Author: jmc@openbsd.org <jmc@openbsd.org>
+Date: Fri Jul 30 14:28:13 2021 +0000
- upstream: Make "ssh-add -q" do what it says on the tin: silence
+ upstream: fix a formatting error and add some Xr; from debian at
- output from successful operations.
+ helgefjell de
- Based on patch from Thijs van Dijk; ok dtucker@ deraadt@
+ removed references to rlogin etc. as no longer relevant;
+ suggested by djm
- OpenBSD-Commit-ID: c4f754ecc055c10af166116ce7515104aa8522e1
+ ok djm dtucker
+
+ OpenBSD-Commit-ID: 3c431c303068d3aec5bb18573a0bd5e0cd77c5ae
-commit 5e532320e9e51de720d5f3cc2596e95d29f6e98f
-Author: millert@openbsd.org <millert@openbsd.org>
-Date: Mon Sep 17 15:40:14 2018 +0000
+commit c7cd347a8823819411222c1e10a0d26747d0fd5c
+Author: jmc@openbsd.org <jmc@openbsd.org>
+Date: Fri Jul 30 14:25:01 2021 +0000
- upstream: When choosing a prime from the moduli file, avoid
+ upstream: fix a formatting error and mark up known_hosts
+
+ consistently; issues reported by debian at helgefjell de
- re-using the linenum variable for something that is not a line number to
- avoid the confusion that resulted in the bug in rev. 1.64. This also lets us
- pass the actual linenum to parse_prime() so the error messages include the
- correct line number. OK markus@ some time ago.
+ ok djm dtucker
- OpenBSD-Commit-ID: 4d8e5d3e924d6e8eb70053e3defa23c151a00084
+ OpenBSD-Commit-ID: a1fd8d21dc77f507685443832df0c9700481b0ce
-commit cce8cbe0ed7d1ba3a575310e0b63c193326ae616
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Sat Sep 15 19:44:06 2018 +1000
+commit 4455aec2e4fc90f64ae4fc47e78ebc9c18721738
+Author: jmc@openbsd.org <jmc@openbsd.org>
+Date: Wed Jul 28 05:57:42 2021 +0000
- Fix openssl-1.1 fallout for --without-openssl.
+ upstream: no need to talk about version 2 with the -Q option, so
- ok djm@
+ rewrite the text to read better;
+
+ issue reported by debian at helgefjell de
+ ok djm dtucker
+
+ OpenBSD-Commit-ID: 59fe2e8219c37906740ad062e0fdaea487dbe9cf
-commit 149519b9f201dac755f3cba4789f4d76fecf0ee1
-Author: Damien Miller <djm@mindrot.org>
-Date: Sat Sep 15 19:37:48 2018 +1000
+commit bec429338e9b30d2c7668060e82608286a8a4777
+Author: jmc@openbsd.org <jmc@openbsd.org>
+Date: Tue Jul 27 14:28:46 2021 +0000
- add futex(2) syscall to seccomp sandbox
+ upstream: word fix; reported by debian at helgefjell de
- Apparently needed for some glibc/openssl combinations.
+ OpenBSD-Commit-ID: 0c6fd22142422a25343c5bd1a618f31618f41ece
+
+commit efad4deb5a1f1cf79ebefd63c6625059060bfbe1
+Author: jmc@openbsd.org <jmc@openbsd.org>
+Date: Tue Jul 27 14:14:25 2021 +0000
+
+ upstream: standardise the grammar in the options list; issue
+
+ reported by debian at helgefjell de
- Patch from Arkadiusz Miśkiewicz
+ ok dtucker djm
+
+ OpenBSD-Commit-ID: 7ac15575045d82f4b205a42cc7d5207fe4c3f8e6
-commit 4488ae1a6940af704c4dbf70f55bf2f756a16536
-Author: Damien Miller <djm@mindrot.org>
-Date: Sat Sep 15 19:36:55 2018 +1000
+commit 1e11fb24066f3fc259ee30db3dbb2a3127e05956
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Mon Aug 2 18:56:29 2021 +1000
- really add source for authopt_fuzz this time
+ Check for RLIMIT_NOFILE before trying to use it.
-commit 9201784b4a257c8345fbd740bcbdd70054885707
-Author: Damien Miller <djm@mindrot.org>
-Date: Sat Sep 15 19:35:40 2018 +1000
+commit 0f494236b49fb48c1ef33669f14822ca4f3ce2f4
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Tue Jul 27 17:45:34 2021 +1000
- remove accidentally checked-in authopt_fuzz binary
+ lastenv is only used in setenv.
+
+ Prevents an unused variable warning on platforms that have setenv but
+ not unsetenv.
-commit beb9e522dc7717df08179f9e59f36b361bfa14ab
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Sep 14 05:26:27 2018 +0000
+commit a1f78e08bdb3eaa88603ba3c6e01de7c8671e28a
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Mon Jul 26 12:45:30 2021 +1000
+
+ Move SUDO to "make test" command line.
+
+ Environment variables don't get passed by vmrun, so move to command
+ line.
+
+commit 02e624273b9c78a49a01239159b8c09b8409b1a0
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Sun Jul 25 23:26:36 2021 +1000
- upstream: second try, deals properly with missing and private-only
+ Set SUDO for tests and cleanup.
+
+commit 460ae5d93051bab70239ad823dd784822d58baad
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Sun Jul 25 22:37:55 2021 +1000
+
+ Pass OPENSSL=no to make tests too.
+
+commit b398f499c68d74ebe3298b73757cf3f36e14e0cb
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Sun Jul 25 12:27:37 2021 +0000
+
+ upstream: Skip unit and makefile-based key conversion tests when
- Use consistent format in debug log for keys readied, offered and
- received during public key authentication.
+ we're building with OPENSSL=no.
- This makes it a little easier to see what is going on, as each message
- now contains (where available) the key filename, its type and fingerprint,
- and whether the key is hosted in an agent or a token.
+ OpenBSD-Regress-ID: 20455ed9a977c93f846059d1fcb48e29e2c8d732
+
+commit 727ce36c8c5941bde99216d27109405907caae4f
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Sun Jul 25 12:13:03 2021 +0000
+
+ upstream: Replace OPENSSL as the variable that points to the
+
+ openssl binary with OPENSSL_BIN. This will allow us to use the OPENSSL
+ variable from mk.conf or the make(1) command line indicating if we're
+ building with our without OpenSSL, and ultimately get the regress tests
+ working in the OPENSSL=no configuration.
- OpenBSD-Commit-ID: f1c6a8e9cfc4e108c359db77f24f9a40e1e25ea7
+ OpenBSD-Regress-ID: 2d788fade3264d7803e5b54cae8875963f688c4e
-commit 6bc5a24ac867bfdc3ed615589d69ac640f51674b
-Author: Damien Miller <djm@mindrot.org>
-Date: Fri Sep 14 15:16:34 2018 +1000
+commit 55e17101a9075f6a63af724261c5744809dcb95c
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Sat Jul 24 02:57:28 2021 +0000
- fuzzer harness for authorized_keys option parsing
+ upstream: Skip RFC4716 format import and export tests when built
+
+ without OpenSSL.
+
+ OpenBSD-Regress-ID: d2c2d5d38c1acc2b88cc99cfe00a2eb8bb39dfa4
-commit 6c8b82fc6929b6a9a3f645151b6ec26c5507d9ef
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Sep 14 04:44:04 2018 +0000
+commit f5ccb5895d39cd627ad9e7b2c671d2587616100d
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Sat Jul 24 02:51:14 2021 +0000
- upstream: revert following; deals badly with agent keys
+ upstream: Don't omit ssh-keygen -y from usage when built without
+
+ OpenSSL. It is actually available, albeit only for ed25519 keys.
- revision 1.285
- date: 2018/09/14 04:17:12; author: djm; state: Exp; lines: +47 -26; commitid: lflGFcNb2X2HebaK;
- Use consistent format in debug log for keys readied, offered and
- received during public key authentication.
+ OpenBSD-Commit-ID: 7a254c33d0e6a55c30c6b016a8d298d3cb7a7674
+
+commit 819d57ac23469f1f03baa8feb38ddefbada90fdc
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Sat Jul 24 02:08:13 2021 +0000
+
+ upstream: Exclude key conversion options from usage when built
- This makes it a little easier to see what is going on, as each message
- now contains the key filename, its type and fingerprint, and whether
- the key is hosted in an agent or a token.
+ without OpenSSL since those are not available, similar to what we currently
+ do with the moduli screening options. We can also use this to skip the
+ conversion regression tests in this case.
- OpenBSD-Commit-ID: e496bd004e452d4b051f33ed9ae6a54ab918f56d
+ OpenBSD-Commit-ID: 3c82caa398cf99cd4518c23bba5a2fc66b16bafe
+
+commit b6673b1d2ee90b4690ee84f634efe40225423c38
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Sat Jul 24 13:02:51 2021 +1000
+
+ Test OpenBSD upstream with and without OpenSSL.
-commit 6da046f9c3374ce7e269ded15d8ff8bc45017301
+commit 9d38074b5453c1abbdf888e80828c278d3b886ac
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Sep 14 04:17:44 2018 +0000
+Date: Sat Jul 24 01:54:23 2021 +0000
- upstream: garbage-collect moribund ssh_new_private() API.
+ upstream: test for first-match-wins in authorized_keys environment=
- OpenBSD-Commit-ID: 7c05bf13b094093dfa01848a9306c82eb6e95f6c
+ options
+
+ OpenBSD-Regress-ID: 1517c90276fe84b5dc5821c59f88877fcc34c0e8
+
+commit 2b76f1dd19787e784711ea297ad8fc938b4484fd
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Fri Jul 23 05:53:02 2021 +0000
-commit 1f24ac5fc05252ceb1c1d0e8cab6a283b883c780
+ upstream: Simplify keygen-convert by using $SSH_KEYTYPES directly.
+
+ OpenBSD-Regress-ID: cdbe408ec3671ea9ee9b55651ee551370d2a4108
+
+commit 7d64a9fb587ba9592f027f7a2264226c713d6579
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Sep 14 04:17:12 2018 +0000
+Date: Sat Jul 24 01:55:19 2021 +0000
- upstream: Use consistent format in debug log for keys readied,
+ upstream: don't leak environment= variable when it is not the first
- offered and received during public key authentication.
+ match
- This makes it a little easier to see what is going on, as each message
- now contains the key filename, its type and fingerprint, and whether
- the key is hosted in an agent or a token.
+ OpenBSD-Commit-ID: 7fbdc3dfe0032deaf003fd937eeb4d434ee4efe0
+
+commit db2130e2340bf923e41c791aa9cd27b9e926042c
+Author: jmc@openbsd.org <jmc@openbsd.org>
+Date: Fri Jul 23 06:01:17 2021 +0000
+
+ upstream: punctuation;
- OpenBSD-Commit-ID: 2a01d59285a8a7e01185bb0a43316084b4f06a1f
+ OpenBSD-Commit-ID: 64be152e378c45975073ab1c07e0db7eddd15806
-commit 488c9325bb7233e975dbfbf89fa055edc3d3eddc
-Author: millert@openbsd.org <millert@openbsd.org>
-Date: Thu Sep 13 15:23:32 2018 +0000
+commit 03190d10980c6fc9124e988cb2df13101f266507
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri Jul 23 05:56:47 2021 +0000
- upstream: Fix warnings caused by user_from_uid() and group_from_gid()
+ upstream: mention in comment that read_passphrase(..., RP_ALLOW_STDIN)
+
+ will try to use askpass first. bz3314
- now returning const char *.
+ convert a couple of debug() -> debug_f() while here
- OpenBSD-Commit-ID: b5fe571ea77cfa7b9035062829ab05eb87d7cc6f
+ OpenBSD-Commit-ID: c7e812aebc28fcc5db06d4710e0f73613dee545c
-commit 0aa1f230846ebce698e52051a107f3127024a05a
-Author: Damien Miller <djm@mindrot.org>
-Date: Fri Sep 14 10:31:47 2018 +1000
+commit 1653ece6832b2b304d46866b262d5f69880a9ec7
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Fri Jul 23 05:07:16 2021 +0000
- allow SIGUSR1 as synonym for SIGINFO
+ upstream: Test conversion of ed25519 and ecdsa keys too.
- Lets users on those unfortunate operating systems that lack SIGINFO
- still be able to obtain progress information from unit tests :)
+ OpenBSD-Regress-ID: 3676d2d00e58e0d6d37f2878f108cc2b83bbe4bb
-commit d64e78526596f098096113fcf148216798c327ff
-Author: Damien Miller <djm@mindrot.org>
-Date: Thu Sep 13 19:05:48 2018 +1000
+commit 8b7af02dcf9d2b738787efd27da7ffda9859bed2
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Fri Jul 23 04:56:21 2021 +0000
- add compat header
+ upstream: Add test for exporting pubkey from a passphrase-protected
+
+ private key.
+
+ OpenBSD-Regress-ID: da99d93e7b235fbd5b5aaa01efc411225e6ba8ac
-commit a3fd8074e2e2f06602e25618721f9556c731312c
+commit 441095d4a3e5048fe3c87a6c5db5bc3383d767fb
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Thu Sep 13 09:03:20 2018 +0000
+Date: Fri Jul 23 03:54:55 2021 +0000
- upstream: missed a bit of openssl-1.0.x API in this unittest
+ upstream: regression test for time-limited signature keys
- OpenBSD-Regress-ID: a73a54d7f7381856a3f3a2d25947bee7a9a5dbc9
+ OpenBSD-Regress-ID: 2a6f3bd900dbee0a3c96f1ff23e032c93ab392bc
-commit 86e0a9f3d249d5580390daf58e015e68b01cef10
+commit 9e1882ef6489a7dd16b6d7794af96629cae61a53
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Thu Sep 13 05:06:51 2018 +0000
+Date: Fri Jul 23 05:24:02 2021 +0000
- upstream: use only openssl-1.1.x API here too
+ upstream: note successful authentication method in final "Authenticated
+
+ to ..." message and partial auth success messages (all at LogLevel=verbose)
+ ok dtucker@
- OpenBSD-Regress-ID: ae877064597c349954b1b443769723563cecbc8f
+ OpenBSD-Commit-ID: 06834b89ceb89f8f16c5321d368a66c08f441984
-commit 48f54b9d12c1c79fba333bc86d455d8f4cda8cfc
-Author: Damien Miller <djm@mindrot.org>
-Date: Thu Sep 13 12:13:50 2018 +1000
+commit a917e973a1b90b40ff1e950df083364b48fc6c78
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri Jul 23 04:04:52 2021 +0000
- adapt -portable to OpenSSL 1.1x API
+ upstream: Add a ForkAfterAuthentication ssh_config(5) counterpart
- Polyfill missing API with replacement functions extracted from LibreSSL
+ to the ssh(1) -f flag. Last part of GHPR231 from Volker Diels-Grabsch. ok
+ dtucker
+
+ OpenBSD-Commit-ID: b18aeda12efdebe2093d55263c90fe4ea0bce0d3
-commit 86112951d63d48839f035b5795be62635a463f99
-Author: Damien Miller <djm@mindrot.org>
-Date: Thu Sep 13 12:12:42 2018 +1000
+commit e0c5088f1c96a145eb6ea1dee438010da78f9ef5
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri Jul 23 04:00:59 2021 +0000
- forgot to stage these test files in commit d70d061
+ upstream: Add a StdinNull directive to ssh_config(5) that allows
+
+ the config file to do the same thing as -n does on the ssh(1) commandline.
+ Patch from Volker Diels-Grabsch via GHPR231; ok dtucker
+
+ OpenBSD-Commit-ID: 66ddf3f15c76796d4dcd22ff464aed1edd62468e
-commit 482d23bcacdd3664f21cc82a5135f66fc598275f
+commit e3957e21ffdc119d6d04c0b1686f8e2fe052f5ea
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Thu Sep 13 02:08:33 2018 +0000
+Date: Fri Jul 23 03:57:20 2021 +0000
- upstream: hold our collective noses and use the openssl-1.1.x API in
+ upstream: make authorized_keys environment="..." directives
+
+ first-match-wins and more strictly limit their maximum number; prompted by
+ OOM reported by OSS-fuzz (35470).
- OpenSSH; feedback and ok tb@ jsing@ markus@
+ feedback and ok dtucker@
- OpenBSD-Commit-ID: cacbcac87ce5da0d3ca7ef1b38a6f7fb349e4417
+ OpenBSD-Commit-ID: 01f63fc10dcd995e7aed9c378ad879161af83121
-commit d70d061828730a56636ab6f1f24fe4a8ccefcfc1
+commit d0bb1ce731762c55acb95817df4d5fab526c7ecd
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Wed Sep 12 01:36:45 2018 +0000
+Date: Fri Jul 23 03:37:52 2021 +0000
- upstream: Include certs with multiple RSA signature variants in
+ upstream: Let allowed signers files used by ssh-keygen(1)
- test data Ensure that cert->signature_key is populated correctly
+ signatures support key lifetimes, and allow the verification mode to specify
+ a signature time to check at. This is intended for use by git to support
+ signing objects using ssh keys. ok dtucker@
- OpenBSD-Regress-ID: 56e68f70fe46cb3a193ca207385bdb301fd6603a
+ OpenBSD-Commit-ID: 3e2c67b7dcd94f0610194d1e8e4907829a40cf31
-commit f803b2682992cfededd40c91818b653b5d923ef5
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Wed Sep 12 01:23:48 2018 +0000
+commit 44142068dc7ef783d135e91ff954e754d2ed432e
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Mon Jul 19 08:48:33 2021 +0000
- upstream: test revocation by explicit hash and by fingerprint
+ upstream: Use SUDO when setting up hostkey.
- OpenBSD-Regress-ID: 079c18a9ab9663f4af419327c759fc1e2bc78fd8
+ OpenBSD-Regress-ID: 990cf4481cab8dad62e90818a9b4b36c533851a7
-commit 2de78bc7da70e1338b32feeefcc6045cf49efcd4
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Wed Sep 12 01:22:43 2018 +0000
+commit 6b67f3f1d1d187597e54a139cc7785c0acebd9a2
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Mon Jul 19 05:08:54 2021 +0000
- upstream: s/sshkey_demote/sshkey_from_private/g
+ upstream: Increase time margin for rekey tests. Should help
- OpenBSD-Regress-ID: 782bde7407d94a87aa8d1db7c23750e09d4443c4
+ reliability on very heavily loaded hosts.
+
+ OpenBSD-Regress-ID: 4c28a0fce3ea89ebde441d7091464176e9730533
-commit 41c115a5ea1cb79a6a3182773c58a23f760e8076
-Author: Damien Miller <djm@mindrot.org>
-Date: Wed Sep 12 16:50:01 2018 +1000
+commit 7953e1bfce9e76bec41c1331a29bc6cff9d416b8
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Mon Jul 19 13:47:51 2021 +1000
- delete the correct thing; kexfuzz binary
+ Add sshfp-connect.sh file missed in previous.
-commit f0fcd7e65087db8c2496f13ed39d772f8e38b088
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Wed Sep 12 06:18:59 2018 +0000
+commit b75a80fa8369864916d4c93a50576155cad4df03
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Mon Jul 19 03:13:28 2021 +0000
- upstream: fix edit mistake; spotted by jmc@
+ upstream: Ensure that all returned SSHFP records for the specified host
- OpenBSD-Commit-ID: dd724e1c52c9d6084f4cd260ec7e1b2b138261c6
+ name and hostkey type match instead of only one. While there, simplify the
+ code somewhat and add some debugging. Based on discussion in bz#3322, ok
+ djm@.
+
+ OpenBSD-Commit-ID: 0a6a0a476eb7f9dfe8fe2c05a1a395e3e9b22ee4
-commit 4cc259bac699f4d2a5c52b92230f9e488c88a223
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Wed Sep 12 01:34:02 2018 +0000
+commit 1cc1fd095393663cd72ddac927d82c6384c622ba
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Mon Jul 19 02:21:50 2021 +0000
- upstream: add SSH_ALLOWED_CA_SIGALGS - the default list of
+ upstream: Id sync only, -portable already has this.
- signature algorithms that are allowed for CA signatures. Notably excludes
- ssh-dsa.
+ Put dh_set_moduli_file call inside ifdef WITH_OPENSSL. Fixes
+ build with OPENSSL=no.
- ok markus@
+ OpenBSD-Commit-ID: af54abbebfb12bcde6219a44d544e18204defb15
+
+commit 33abbe2f4153f5ca5c874582f6a7cc91ae167485
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Mon Jul 19 02:46:34 2021 +0000
+
+ upstream: Add test for host key verification via SSHFP records. This
+
+ requires some external setup to operate so is disabled by default (see
+ comments in sshfp-connect.sh).
- OpenBSD-Commit-ID: 1628e4181dc8ab71909378eafe5d06159a22deb4
+ OpenBSD-Regress-ID: c52c461bd1df3a803d17498917d156ef64512fd9
-commit ba9e788315b1f6a350f910cb2a9e95b2ce584e89
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Wed Sep 12 01:32:54 2018 +0000
+commit f0cd000d8e3afeb0416dce1c711c3d7c28d89bdd
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Mon Jul 19 02:29:28 2021 +0000
+
+ upstream: Add ed25519 key and test SSHFP export of it. Only test
+
+ RSA SSHFP export if we have RSA functionality compiled in.
+
+ OpenBSD-Regress-ID: b4ff5181b8c9a5862e7f0ecdd96108622333a9af
- upstream: add sshkey_check_cert_sigtype() that checks a
+commit 0075511e27e5394faa28edca02bfbf13b9a6693e
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Mon Jul 19 00:16:26 2021 +0000
+
+ upstream: Group keygen tests together.
- cert->signature_type against a supplied whitelist; ok markus
+ OpenBSD-Regress-ID: 07e2d25c527bb44f03b7c329d893a1f2d6c5c40c
+
+commit 034828820c7e62652e7c48f9ee6b67fb7ba6fa26
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Sun Jul 18 23:10:10 2021 +0000
+
+ upstream: Add test for ssh-keygen printing of SSHFP records.
- OpenBSD-Commit-ID: caadb8073292ed7a9535e5adc067d11d356d9302
+ OpenBSD-Regress-ID: fde9566b56eeb980e149bbe157a884838507c46b
-commit a70fd4ad7bd9f2ed223ff635a3d41e483057f23b
+commit 52c3b6985ef1d5dadb4c4fe212f8b3a78ca96812
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Wed Sep 12 01:31:30 2018 +0000
+Date: Sat Jul 17 00:38:11 2021 +0000
- upstream: add cert->signature_type field and keep it in sync with
+ upstream: wrap some long lines
- certificate signature wrt loading and certification operations; ok markus@
+ OpenBSD-Commit-ID: 4f5186b1466656762dae37d3e569438d900c350d
+
+commit 43ec991a782791d0b3f42898cd789f99a07bfaa4
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Sat Jul 17 00:36:53 2021 +0000
+
+ upstream: fix sftp on ControlPersist connections, broken by recent
- OpenBSD-Commit-ID: e8b8b9f76b66707a0cd926109c4383db8f664df3
+ SessionType change; spotted by sthen@
+
+ OpenBSD-Commit-ID: 4c5ddc5698790ae6ff50d2a4f8f832f0eeeaa234
-commit 357128ac48630a9970e3af0e6ff820300a28da47
+commit 073f45c236550f158c9a94003e4611c07dea5279
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Wed Sep 12 01:30:10 2018 +0000
+Date: Fri Jul 16 09:00:23 2021 +0000
- upstream: Add "ssh -Q sig" to allow listing supported signature
+ upstream: Explicitly check for and start time-based rekeying in the
+
+ client and server mainloops.
- algorithms ok markus@
+ Previously the rekey timeout could expire but rekeying would not start
+ until a packet was sent or received. This could cause us to spin in
+ select() on the rekey timeout if the connection was quiet.
+
+ ok markus@
- OpenBSD-Commit-ID: 7a8c6eb6c249dc37823ba5081fce64876d10fe2b
+ OpenBSD-Commit-ID: 4356cf50d7900f3df0a8f2117d9e07c91b9ff987
-commit 9405c6214f667be604a820c6823b27d0ea77937d
+commit ef7c4e52d5d840607f9ca3a302a4cbb81053eccf
+Author: jmc@openbsd.org <jmc@openbsd.org>
+Date: Wed Jul 14 06:46:38 2021 +0000
+
+ upstream: reorder SessionType; ok djm
+
+ OpenBSD-Commit-ID: c7dd0b39e942b1caf4976a0b1cf0fed33d05418c
+
+commit 8aa2f9aeb56506dca996d68ab90ab9c0bebd7ec3
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Wed Jul 14 11:26:50 2021 +1000
+
+ Make whitespace consistent.
+
+commit 4f4297ee9b8a39f4dfd243a74c5f51f9e7a05723
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Wed Jul 14 11:26:12 2021 +1000
+
+ Add ARM64 Linux self-hosted runner.
+
+commit eda8909d1b0a85b9c3804a04d03ec6738fd9dc7f
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Wed Sep 12 01:21:34 2018 +0000
+Date: Tue Jul 13 23:48:36 2021 +0000
- upstream: allow key revocation by SHA256 hash and allow ssh-keygen
+ upstream: add a SessionType directive to ssh_config, allowing the
- to create KRLs using SHA256/base64 key fingerprints; ok markus@
+ configuration file to offer equivalent control to the -N (no session) and -s
+ (subsystem) command-line flags.
- OpenBSD-Commit-ID: a0590fd34e7f1141f2873ab3acc57442560e6a94
+ Part of GHPR#231 by Volker Diels-Grabsch with some minor tweaks;
+ feedback and ok dtucker@
+
+ OpenBSD-Commit-ID: 726ee931dd4c5cc7f1d7a187b26f41257f9a2d12
-commit 50e2687ee0941c0ea216d6ffea370ffd2c1f14b9
+commit 7ae69f2628e338ba6e0eae7ee8a63bcf8fea7538
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Wed Sep 12 01:19:12 2018 +0000
+Date: Mon Jul 12 02:12:22 2021 +0000
- upstream: log certificate fingerprint in authentication
+ upstream: fix some broken tests; clean up output
- success/failure message (previously we logged only key ID and CA key
- fingerprint).
+ OpenBSD-Regress-ID: 1d5038edb511dc4ce1622344c1e724626a253566
+
+commit f5fc6a4c3404bbf65c21ca6361853b33d78aa87e
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Mon Jul 12 18:00:05 2021 +1000
+
+ Add configure-time detection for SSH_TIME_T_MAX.
- ok markus@
+ Should fix printing cert times exceeding INT_MAX (bz#3329) on platforms
+ were time_t is a long long. The limit used is for the signed type, so if
+ some system has a 32bit unsigned time_t then the lower limit will still
+ be imposed and we would need to add some way to detect this. Anyone using
+ an unsigned 64bit can let us know when it starts being a problem.
+
+commit fd2d06ae4442820429d634c0a8bae11c8e40c174
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Mon Jul 12 06:22:57 2021 +0000
+
+ upstream: Make limit for time_t test unconditional in the
+
+ format_absolute_time fix for bz#3329 that allows printing of timestamps past
+ INT_MAX. This was incorrectly included with the previous commit. Based on
+ discussion with djm@.
- OpenBSD-Commit-ID: a8ef2d172b7f1ddbcce26d6434b2de6d94f6c05d
+ OpenBSD-Commit-ID: 835936f6837c86504b07cabb596b613600cf0f6e
-commit de37ca909487d23e5844aca289b3f5e75d3f1e1f
+commit 6c29b387cd64a57b0ec8ae7d2c8d02789d88fcc3
Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date: Fri Sep 7 04:26:56 2018 +0000
+Date: Mon Jul 12 06:08:57 2021 +0000
- upstream: Add FALLTHROUGH comments where appropriate. Patch from
+ upstream: Use existing format_absolute_time() function when
- jjelen at redhat via bz#2687.
+ printing cert validity instead of doing it inline. Part of bz#3329.
- OpenBSD-Commit-ID: c48eb457be697a19d6d2950c6d0879f3ccc851d3
+ OpenBSD-Commit-ID: a13d4e3c4f59644c23745eb02a09b2a4e717c00c
-commit 247766cd3111d5d8c6ea39833a3257ca8fb820f2
+commit 99981d5f8bfa383791afea03f6bce8454e96e323
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Sep 7 01:42:54 2018 +0000
+Date: Fri Jul 9 09:55:56 2021 +0000
+
+ upstream: silence redundant error message; reported by Fabian Stelzer
+
+ OpenBSD-Commit-ID: 9349a703016579a60557dafd03af2fe1d44e6aa2
+
+commit e86097813419b49d5bff5c4b51d1c3a5d4d2d804
+Author: John Ericson <John.Ericson@Obsidian.Systems>
+Date: Sat Dec 26 11:40:49 2020 -0500
+
+ Re-indent krb5 section after pkg-config addition.
+
+commit 32dd2daa56c294e40ff7efea482c9eac536d8cbb
+Author: John Ericson <John.Ericson@Obsidian.Systems>
+Date: Sat Dec 26 11:40:49 2020 -0500
+
+ Support finding Kerberos via pkg-config
+
+ This makes cross compilation easier.
+
+commit def7a72234d7e4f684d72d33a0f7229f9eee0aa4
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Fri Jul 9 14:34:06 2021 +1000
+
+ Update comments about EGD to include prngd.
+
+commit b5d23150b4e3368f4983fd169d432c07afeee45a
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Mon Jul 5 01:21:07 2021 +0000
- upstream: ssh -MM requires confirmation for all operations that
+ upstream: Fix a couple of whitespace things. Portable already has
- change the multiplexing state, not just new sessions.
+ these so this removes two diffs between the two.
- mention that confirmation is checked via ssh-askpass
+ OpenBSD-Commit-ID: 769f017ebafd8e741e337b3e9e89eb5ac73c9c56
+
+commit 8f57be9f279b8e905f9883066aa633c7e67b31cf
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Mon Jul 5 01:16:46 2021 +0000
+
+ upstream: Order includes as per style(9). Portable already has
+
+ these so this removes a handful of diffs between the two.
- OpenBSD-Commit-ID: 0f1b45551ebb9cc5c9a4fe54ad3b23ce90f1f5c2
+ OpenBSD-Commit-ID: 8bd7452d809b199c19bfc49511a798f414eb4a77
-commit db8bb80e3ac1bcb3e1305d846cd98c6b869bf03f
-Author: mestre@openbsd.org <mestre@openbsd.org>
-Date: Tue Aug 28 12:25:53 2018 +0000
+commit b75624f8733b3ed9e240f86cac5d4a39dae11848
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Mon Jul 5 00:50:25 2021 +0000
- upstream: fix misplaced parenthesis inside if-clause. it's harmless
+ upstream: Remove comment referencing now-removed
- and the only issue is showing an unknown error (since it's not defined)
- during fatal(), if it ever an error occurs inside that condition.
+ RhostsRSAAuthentication. ok djm@
- OK deraadt@ markus@ djm@
+ OpenBSD-Commit-ID: 3d864bfbd99a1d4429a58e301688f3be464827a9
+
+commit b67eb12f013c5441bb4f0893a97533582ad4eb13
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Mon Jul 5 00:25:42 2021 +0000
+
+ upstream: allow spaces to appear in usernames for local to remote,
- OpenBSD-Commit-ID: acb0a8e6936bfbe590504752d01d1d251a7101d8
+ and scp -3 remote to remote copies. with & ok dtucker bz#1164
+
+ OpenBSD-Commit-ID: e9b550f3a85ffbb079b6720833da31317901d6dd
-commit 086cc614f550b7d4f100c95e472a6b6b823938ab
-Author: mestre@openbsd.org <mestre@openbsd.org>
-Date: Tue Aug 28 12:17:45 2018 +0000
+commit 8c4ef0943e574f614fc7c6c7e427fd81ee64ab87
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Fri Jul 2 07:20:44 2021 +0000
- upstream: fix build with DEBUG_PK enabled
+ upstream: Remove obsolete comments about SSHv1 auth methods. ok
- OK dtucker@
+ djm@
- OpenBSD-Commit-ID: ec1568cf27726e9638a0415481c20c406e7b441c
+ OpenBSD-Commit-ID: 6060f70966f362d8eb4bec3da2f6c4712fbfb98f
-commit 2678833013e97f8b18f09779b7f70bcbf5eb2ab2
+commit 88908c9b61bcb99f16e8d398fc41e2b3b4be2003
Author: Darren Tucker <dtucker@dtucker.net>
-Date: Fri Sep 7 14:41:53 2018 +1000
+Date: Sat Jul 3 23:00:19 2021 +1000
- Handle ngroups>_SC_NGROUPS_MAX.
+ Remove reference to ChallengeResponse.
- Based on github pull request #99 from Darren Maffat at Oracle: Solaris'
- getgrouplist considers _SC_NGROUPS_MAX more of a guideline and can return
- a larger number of groups. In this case, retry getgrouplist with a
- larger array and defer allocating groups_byname. ok djm@
+ challenge_response_authentication was removed from the struct, keeping
+ kbd_interactive_authentication.
-commit 039bf2a81797b8f3af6058d34005a4896a363221
+commit 321874416d610ad2158ce6112f094a4862c2e37f
Author: Darren Tucker <dtucker@dtucker.net>
-Date: Fri Sep 7 14:06:57 2018 +1000
+Date: Sat Jul 3 20:38:09 2021 +1000
- Initial len for the fmt=NULL case.
-
- Patch from jjelen at redhat via bz#2687. (OpenSSH never calls
- setproctitle with a null format so len is always initialized).
+ Move signal.h up include order to match upstream.
-commit ea9c06e11d2e8fb2f4d5e02f8a41e23d2bd31ca9
+commit 4fa83e2d0e32c2dd758653e0359984bbf1334f32
Author: Darren Tucker <dtucker@dtucker.net>
-Date: Fri Sep 7 14:01:39 2018 +1000
+Date: Sat Jul 3 20:36:06 2021 +1000
- Include stdlib.h.
+ Remove old OpenBSD version marker.
- Patch from jjelen at redhat via bz#2687.
+ Looks like an accidental leftover from a sync.
-commit 9617816dbe73ec4d65075f4d897443f63a97c87f
-Author: Damien Miller <djm@mindrot.org>
-Date: Mon Aug 27 13:08:01 2018 +1000
+commit 9d5e31f55d5f3899b72645bac41a932d298ad73b
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Sat Jul 3 20:34:19 2021 +1000
- document some more regress control env variables
-
- Specifically SKIP_UNIT, USE_VALGRING and LTESTS. Sort the list of
- environment variables.
+ Remove duplicate error on error path.
- Based on patch from Jakub Jelen
+ There's an extra error() call on the listen error path, it looks like
+ its removal was missed during an upstream sync.
-commit 71508e06fab14bc415a79a08f5535ad7bffa93d9
-Author: Damien Miller <djm@mindrot.org>
-Date: Thu Aug 23 15:41:42 2018 +1000
+commit 888c459925c7478ce22ff206c9ac1fb812a40caf
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Sat Jul 3 20:32:46 2021 +1000
- shorten temporary SSH_REGRESS_TMP path
+ Remove some whitespace not in upstream.
- Previous path was exceeding max socket length on at least one platform (OSX)
+ Reduces diff vs OpenBSD by a small amount.
-commit 26739cf5bdc9030a583b41ae5261dedd862060f0
-Author: Damien Miller <djm@mindrot.org>
-Date: Thu Aug 23 13:06:02 2018 +1000
+commit 4d2d4d47a18d93f3e0a91a241a6fdb545bbf7dc2
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Sat Jul 3 19:27:43 2021 +1000
- rebuild dependencies
+ Replace remaining references to ChallengeResponse.
+
+ Portable had a few additional references to ChallengeResponse related to
+ UsePAM, replaces these with equivalent keyboard-interactive ones.
-commit ff729025c7463cf5d0a8d1ca1823306e48c6d4cf
-Author: Damien Miller <djm@mindrot.org>
-Date: Thu Aug 23 13:03:32 2018 +1000
+commit 53237ac789183946dac6dcb8838bc3b6b9b43be1
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Sat Jul 3 19:23:28 2021 +1000
- fix path in distclean target
+ Sync remaining ChallengeResponse removal.
- Patch from Jakub Jelen
+ These were omitted from commit 88868fd131.
-commit 7fef173c28f7462dcd8ee017fdf12b5073f54c02
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Thu Aug 23 03:01:08 2018 +0000
+commit 2c9e4b319f7e98744b188b0f58859d431def343b
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Sat Jul 3 19:17:31 2021 +1000
+
+ Disable rocky84 to figure out why agent test fails
+
+commit bfe19197a92b7916f64a121fbd3c179abf15e218
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Fri Jul 2 15:43:28 2021 +1000
- upstream: memleak introduced in r1.83; from Colin Watson
+ Remove now-unused SSHv1 enums.
- OpenBSD-Commit-ID: 5c019104c280cbd549a264a7217b67665e5732dc
+ sRhostsRSAAuthentication and sRSAAuthentication are protocol 1 options
+ and are no longer used.
-commit b8ae02a2896778b8984c7f51566c7f0f56fa8b56
-Author: schwarze@openbsd.org <schwarze@openbsd.org>
-Date: Tue Aug 21 13:56:27 2018 +0000
+commit c73b02d92d72458a5312bd098f32ce88868fd131
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Fri Jul 2 05:11:20 2021 +0000
- upstream: AIX reports the CODESET as "ISO8859-1" in the POSIX locale.
+ upstream: Remove references to ChallengeResponseAuthentication in
- Treating that as a safe encoding is OK because even when other systems return
- that string for real ISO8859-1, it is still safe in the sense that it is
- ASCII-compatible and stateless.
+ favour of KbdInteractiveAuthentication. The former is what was in SSHv1, the
+ latter is what is in SSHv2 (RFC4256) and they were treated as somewhat but
+ not entirely equivalent. We retain the old name as deprecated alias so
+ config files continue to work and a reference in the man page for people
+ looking for it.
- Issue reported by Val dot Baranov at duke dot edu. Additional
- information provided by Michael dot Felt at felt dot demon dot nl.
- Tested by Michael Felt on AIX 6.1 and by Val Baranov on AIX 7.1.
- Tweak and OK djm@.
+ Prompted by bz#3303 which pointed out the discrepancy between the two
+ when used with Match. Man page help & ok jmc@, with & ok djm@
- OpenBSD-Commit-ID: 36f1210e0b229817d10eb490d6038f507b8256a7
+ OpenBSD-Commit-ID: 2c1bff8e5c9852cfcdab1f3ea94dfef5a22f3b7e
-commit bc44ee088ad269d232e514f037c87ada4c2fd3f0
-Author: Tim Rice <tim@multitalents.net>
-Date: Tue Aug 21 08:57:24 2018 -0700
+commit f841fc9c8c7568a3b5d84a4cc0cefacb7dbc16b9
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Fri Jul 2 15:20:32 2021 +1000
- modified: openbsd-compat/port-uw.c
- remove obsolete and un-needed include
+ Fix ifdefs around get_random_bytes_prngd.
+
+ get_random_bytes_prngd() is used if either of PRNGD_PORT or PRNGD_SOCKET
+ are defined, so adjust ifdef accordingly.
-commit 829fc28a9c54e3f812ee7248c7a3e31eeb4f0b3a
+commit 0767627cf66574484b9c0834500b42ea04fe528a
Author: Damien Miller <djm@mindrot.org>
-Date: Mon Aug 20 15:57:29 2018 +1000
+Date: Fri Jul 2 14:30:23 2021 +1000
- Missing unistd.h for regress/mkdtemp.c
+ wrap get_random_bytes_prngd() in ifdef
+
+ avoid unused static function warning
-commit c8313e492355a368a91799131520d92743d8d16c
-Author: Damien Miller <djm@mindrot.org>
-Date: Fri Aug 17 05:45:20 2018 +1000
+commit f93fdc4de158386efe1116bd44c5b3f4a7a82c25
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Mon Jun 28 13:06:37 2021 +1000
- update version numbers in anticipation of release
+ Add rocky84 test target.
-commit 477b49a34b89f506f4794b35e3c70b3e2e83cd38
-Author: Corinna Vinschen <vinschen@redhat.com>
-Date: Mon Aug 13 17:08:51 2018 +0200
+commit d443006c0ddfa7f6a5bd9c0ae92036f3d5f2fa3b
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri Jun 25 06:30:22 2021 +0000
- configure: work around GCC shortcoming on Cygwin
+ upstream: fix decoding of X.509 subject name; from Leif Thuresson
- Cygwin's latest 7.x GCC allows to specify -mfunction-return=thunk
- as well as -mindirect-branch=thunk on the command line, albeit
- producing invalid code, leading to an error at link stage.
+ via bz3327 ok markus@
- The check in configure.ac only checks if the option is present,
- but not if it produces valid code.
+ OpenBSD-Commit-ID: 0ea2e28f39750dd388b7e317bc43dd997a217ae8
+
+commit 2a5704ec142202d387fda2d6872fd4715ab81347
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Fri Jun 25 06:20:39 2021 +0000
+
+ upstream: Use better language to refer to the user. From l1ving
- This patch fixes it by special-casing Cygwin. Another solution
- may be to change these to linker checks.
+ via github PR#250, ok jmc@
- Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
+ OpenBSD-Commit-ID: 07ca3526626996613e128aeddf7748c93c4d6bbf
-commit b0917945efa374be7648d67dbbaaff323ab39edc
-Author: Corinna Vinschen <vinschen@redhat.com>
-Date: Mon Aug 13 17:05:05 2018 +0200
+commit 4bdf7a04797a0ea1c431a9d54588417c29177d19
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Fri Jun 25 03:38:17 2021 +0000
- cygwin: add missing stdarg.h include
+ upstream: Replace SIGCHLD/notify_pipe kludge with pselect.
+
+ Previously sshd's SIGCHLD handler would wake up select() by writing a
+ byte to notify_pipe. We can remove this by blocking SIGCHLD, checking
+ for child terminations then passing the original signal mask through
+ to pselect. This ensures that the pselect will immediately wake up if
+ a child terminates between wait()ing on them and the pselect.
+
+ In -portable, for platforms that do not have pselect the kludge is still
+ there but is hidden behind a pselect interface.
- Further header file standarization in Cygwin uncovered a lazy
- indirect include in bsd-cygwin_util.c
+ Based on other changes for bz#2158, ok djm@
- Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
+ OpenBSD-Commit-ID: 202c85de0b3bdf1744fe53529a05404c5480d813
-commit c3903c38b0fd168ab3d925c2b129d1a599593426
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Mon Aug 13 02:41:05 2018 +0000
+commit c9f7bba2e6f70b7ac1f5ea190d890cb5162ce127
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Fri Jun 25 15:08:18 2021 +1000
- upstream: revert compat.[ch] section of the following change. It
-
- causes double-free under some circumstances.
+ Move closefrom() to before first malloc.
- --
+ When built against tcmalloc, tcmalloc allocates a descriptor for its
+ internal use, so calling closefrom() afterward causes the descriptor
+ number to be reused resulting in a corrupted connection. Moving the
+ closefrom a little earlier should resolve this. From kircherlike at
+ outlook.com via bz#3321, ok djm@
+
+commit 7ebfe4e439853b88997c9cfc2ff703408a1cca92
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Fri Jun 18 20:41:45 2021 +1000
+
+ Put second -lssh in link line for sftp-server.
- date: 2018/07/31 03:07:24; author: djm; state: Exp; lines: +33 -18; commitid: f7g4UI8eeOXReTPh;
- fix some memory leaks spotted by Coverity via Jakub Jelen in bz#2366
- feedback and ok dtucker@
+ When building --without-openssl the recent port-prngd.c change adds
+ a dependency on atomicio, but since nothing else in sftp-server uses
+ it, the linker may not find it. Add a second -lssh similar to other
+ binaries.
+
+commit e409d7966785cfd9f5970e66a820685c42169717
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Fri Jun 18 18:34:08 2021 +1000
+
+ Try EGD/PRNGD if random device fails.
- OpenBSD-Commit-ID: 1e77547f60fdb5e2ffe23e2e4733c54d8d2d1137
+ When built --without-openssl, try EGD/PRGGD (if configured) as a last
+ resort before failing.
-commit 1b9dd4aa15208100fbc3650f33ea052255578282
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Sun Aug 12 20:19:13 2018 +0000
+commit e43a898043faa3a965dbaa1193cc60e0b479033d
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Fri Jun 18 18:32:51 2021 +1000
- upstream: better diagnosics on alg list assembly errors; ok
+ Split EGD/PRNGD interface into its own file.
- deraadt@ markus@
+ This will allow us to use it when building --without-openssl.
+
+commit acb2887a769a1b1912cfd7067f3ce04fad240260
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Thu Jun 17 21:03:19 2021 +1000
+
+ Handle GIDs > 2^31 in getgrouplist.
- OpenBSD-Commit-ID: 5a557e74b839daf13cc105924d2af06a1560faee
+ When compiled in 32bit mode, the getgrouplist implementation may fail
+ for GIDs greater than LONG_MAX. Analysis and change from ralf.winkel
+ at tui.com.
-commit e36a5f61b0f5bebf6d49c215d228cd99dfe86e28
-Author: Damien Miller <djm@mindrot.org>
-Date: Sat Aug 11 18:08:45 2018 -0700
+commit 31fac20c941126281b527605b73bff30a8f02edd
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Thu Jun 10 09:46:28 2021 +0000
- Some AIX fixes; report from Michael Felt
+ upstream: Use $SUDO when reading sshd's pidfile here too.
+
+ OpenBSD-Regress-ID: 6bfb0d455d493f24839034a629c5306f84dbd409
-commit 2f4766ceefe6657c5ad5fe92d13c411872acae0e
+commit a3a58acffc8cc527f8fc6729486d34e4c3d27643
Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date: Fri Aug 10 01:35:49 2018 +0000
+Date: Thu Jun 10 09:43:51 2021 +0000
- upstream: The script that cooks up PuTTY format host keys does not
+ upstream: Use $SUDO when reading sshd's pidfile in case it was
- understand the new key format so convert back to old format to create the
- PuTTY key and remove it once done.
+ created with a very restrictive umask. This resyncs with -portable.
- OpenBSD-Regress-ID: 2a449a18846c3a144bc645135b551ba6177e38d3
+ OpenBSD-Regress-ID: 07fd2af06df759d4f64b82c59094accca1076a5d
-commit e1b26ce504662a5d5b991091228984ccfd25f280
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Aug 10 00:44:01 2018 +0000
+commit 249ad4ae51cd3bc235e75a4846eccdf8b1416611
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Thu Jun 10 09:37:59 2021 +0000
- upstream: improve
+ upstream: Set umask when creating hostkeys to prevent excessive
+
+ permissions warning.
- OpenBSD-Commit-ID: 40d839db0977b4e7ac8b647b16d5411d4faf2f60
+ OpenBSD-Regress-ID: 382841db0ee28dfef7f7bffbd511803e1b8ab0ef
-commit 7c712966a3139622f7fb55045368d05de4e6782c
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Aug 10 00:42:29 2018 +0000
+commit 9d0892153c005cc65897e9372b01fa66fcbe2842
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Thu Jun 10 03:45:31 2021 +0000
- upstream: Describe pubkey format, prompted by bz#2853
+ upstream: Add regress test for SIGHUP restart
- While I'm here, describe and link to the remaining local PROTOCOL.*
- docs that weren't already mentioned (PROTOCOL.key, PROTOCOL.krl and
- PROTOCOL.mux)
+ while handling active and unauthenticated clients. Should catch anything
+ similar to the pselect bug just fixed in sshd.c.
- OpenBSD-Commit-ID: 2a900f9b994ba4d53e7aeb467d44d75829fd1231
+ OpenBSD-Regress-ID: 3b3c19b5e75e43af1ebcb9586875b3ae3a4cac73
-commit ef100a2c5a8ed83afac0b8f36520815803da227a
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Aug 10 00:27:15 2018 +0000
+commit 73f6f191f44440ca3049b9d3c8e5401d10b55097
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Thu Jun 10 03:14:14 2021 +0000
- upstream: fix numbering
+ upstream: Continue accept loop when pselect
- OpenBSD-Commit-ID: bc7a1764dff23fa4c5ff0e3379c9c4d5b63c9596
+ returns -1, eg if it was interrupted by a signal. This should prevent
+ the hang discovered by sthen@ wherein sshd receives a SIGHUP while it has
+ an unauthenticated child and goes on to a blocking read on a notify_pipe.
+ feedback deraadt@, ok djm@
+
+ OpenBSD-Commit-ID: 0243c1c5544fca0974dae92cd4079543a3fceaa0
-commit ed7bd5d93fe14c7bd90febd29b858ea985d14d45
+commit c785c0ae134a8e8b5c82b2193f64c632a98159e4
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Wed Aug 8 01:16:01 2018 +0000
+Date: Tue Jun 8 22:30:27 2021 +0000
- upstream: Use new private key format by default. This format is
+ upstream: test that UserKnownHostsFile correctly accepts multiple
- suported by OpenSSH >= 6.5 (released January 2014), so it should be supported
- by most OpenSSH versions in active use.
+ arguments; would have caught readconf.c r1.356 regression
- It is possible to convert new-format private keys to the older
- format using "ssh-keygen -f /path/key -pm PEM".
+ OpenBSD-Regress-ID: 71ca54e66c2a0211b04999263e56390b1f323a6a
+
+commit 1a6f6b08e62c78906a3032e8d9a83e721c84574e
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Tue Jun 8 22:06:12 2021 +0000
+
+ upstream: fix regression in r1.356: for ssh_config options that
- ok deraadt dtucker
+ accepted multiple string arguments, ssh was only recording the first.
+ Reported by Lucas via bugs@
- OpenBSD-Commit-ID: e3bd4f2509a2103bfa2f710733426af3ad6d8ab8
+ OpenBSD-Commit-ID: 7cbf182f7449bf1cb7c5b4452667dc2b41170d6d
-commit 967226a1bdde59ea137e8f0df871854ff7b91366
+commit 78e30af3e2b2dd540a341cc827c6b98dd8b0a6de
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Sat Aug 4 00:55:06 2018 +0000
+Date: Tue Jun 8 07:40:12 2021 +0000
+
+ upstream: test argv_split() optional termination on comments
+
+ OpenBSD-Regress-ID: 9fd1c4a27a409897437c010cfd79c54b639a059c
+
+commit a023138957ea2becf1c7f93fcc42b0aaac6f2b03
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Tue Jun 8 07:05:27 2021 +0000
- upstream: invalidate dh->priv_key after freeing it in error path;
+ upstream: Add testcases from bz#3319 for IPQoS and TunnelDevice
- avoids unlikely double-free later. Reported by Viktor Dukhovni via
- https://github.com/openssh/openssh-portable/pull/96 feedback jsing@ tb@
+ being overridden on the command line.
- OpenBSD-Commit-ID: e317eb17c3e05500ae851f279ef6486f0457c805
+ OpenBSD-Regress-ID: 801674d5d2d02abd58274a78cab2711f11de14a8
-commit 74287f5df9966a0648b4a68417451dd18f079ab8
+commit 660cea10b2cdc11f13ba99c89b1bbb368a4d9ff2
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Tue Jul 31 03:10:27 2018 +0000
+Date: Tue Jun 8 06:52:43 2021 +0000
- upstream: delay bailout for invalid authentic
+ upstream: sprinkle some "# comment" at end of configuration lines
- =?UTF-8?q?ating=20user=20until=20after=20the=20packet=20containing=20the?=
- =?UTF-8?q?=20request=20has=20been=20fully=20parsed.=20Reported=20by=20Dar?=
- =?UTF-8?q?iusz=20Tytko=20and=20Micha=C5=82=20Sajdak;=20ok=20deraadt?=
- MIME-Version: 1.0
- Content-Type: text/plain; charset=UTF-8
- Content-Transfer-Encoding: 8bit
+ to test comment handling
- OpenBSD-Commit-ID: b4891882fbe413f230fe8ac8a37349b03bd0b70d
+ OpenBSD-Regress-ID: cb82fbf40bda5c257a9f742c63b1798e5a8fdda7
-commit 1a66079c0669813306cc69e5776a4acd9fb49015
+commit acc9c32dcb6def6c7d3688bceb4c0e59bd26b411
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Tue Jul 31 03:07:24 2018 +0000
+Date: Tue Jun 8 06:51:47 2021 +0000
- upstream: fix some memory leaks spotted by Coverity via Jakub Jelen
+ upstream: more descriptive failure message
- in bz#2366 feedback and ok dtucker@
-
- OpenBSD-Commit-ID: 8402bbae67d578bedbadb0ce68ff7c5a136ef563
+ OpenBSD-Regress-ID: 5300f6faf1d9e99c0cd10827b51756c5510e3509
-commit 87f08be054b7eeadbb9cdeb3fb4872be79ccf218
-Author: Damien Miller <djm@mindrot.org>
-Date: Fri Jul 20 13:18:28 2018 +1000
+commit ce04dd4eae23d1c9cf7c424a702f48ee78573bc1
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Mon Jun 7 01:16:34 2021 +0000
- Remove support for S/Key
+ upstream: test AuthenticationMethods inside a Match block as well
+
+ as in the main config section
- Most people will 1) be using modern multi-factor authentication methods
- like TOTP/OATH etc and 2) be getting support for multi-factor
- authentication via PAM or BSD Auth.
+ OpenBSD-Regress-ID: ebe0a686621b7cb8bb003ac520975279c28747f7
-commit 5d14019ba2ff54acbfd20a6b9b96bb860a8c7c31
-Author: markus@openbsd.org <markus@openbsd.org>
-Date: Fri Jul 27 12:03:17 2018 +0000
+commit 9018bd821fca17e26e92f7a7e51d9b24cd62f2db
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Mon Jun 7 00:00:50 2021 +0000
- upstream: avoid expensive channel_open_message() calls; ok djm@
+ upstream: prepare for stricter sshd_config parsing that will refuse
- OpenBSD-Commit-ID: aea3b5512ad681cd8710367d743e8a753d4425d9
+ a config that has {Allow,Deny}{Users,Groups} on a line with no subsequent
+ arguments. Such lines are permitted but are nonsensical noops ATM
+
+ OpenBSD-Regress-ID: ef65463fcbc0bd044e27f3fe400ea56eb4b8f650
-commit e655ee04a3cb7999dbf9641b25192353e2b69418
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date: Fri Jul 27 05:34:42 2018 +0000
+commit a10f929d1ce80640129fc5b6bc1acd9bf689169e
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Tue Jun 8 07:09:42 2021 +0000
- upstream: Now that ssh can't be setuid, remove the
+ upstream: switch sshd_config parsing to argv_split()
+
+ similar to the previous commit, this switches sshd_config parsing to
+ the newer tokeniser. Config parsing will be a little stricter wrt
+ quote correctness and directives appearing without arguments.
- original_real_uid and original_effective_uid globals and replace with calls
- to plain getuid(). ok djm@
+ feedback and ok markus@
- OpenBSD-Commit-ID: 92561c0cd418d34e6841e20ba09160583e27b68c
+ tested in snaps for the last five or so days - thanks Theo and those who
+ caught bugs
+
+ OpenBSD-Commit-ID: 9c4305631d20c2d194661504ce11e1f68b20d93e
-commit 73ddb25bae4c33a0db361ac13f2e3a60d7c6c4a5
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date: Fri Jul 27 05:13:02 2018 +0000
+commit ea9e45c89a4822d74a9d97fef8480707d584da4d
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Tue Jun 8 07:07:15 2021 +0000
- upstream: Remove uid checks from low port binds. Now that ssh
+ upstream: Switch ssh_config parsing to use argv_split()
- cannot be setuid and sshd always has privsep on, we can remove the uid checks
- for low port binds and just let the system do the check. We leave a sanity
- check for the !privsep case so long as the code is stil there. with & ok
- djm@
+ This fixes a couple of problems with the previous tokeniser,
+ strdelim()
+
+ 1. strdelim() is permissive wrt accepting '=' characters. This is
+ intended to allow it to tokenise "Option=value" but because it
+ cannot keep state, it will incorrectly split "Opt=val=val2".
+ 2. strdelim() has rudimentry handling of quoted strings, but it
+ is incomplete and inconsistent. E.g. it doesn't handle escaped
+ quotes inside a quoted string.
+ 3. It has no support for stopping on a (unquoted) comment. Because
+ of this readconf.c r1.343 added chopping of lines at '#', but
+ this caused a regression because these characters may legitimately
+ appear inside quoted strings.
+
+ The new tokeniser is stricter is a number of cases, including #1 above
+ but previously it was also possible for some directives to appear
+ without arguments. AFAIK these were nonsensical in all cases, and the
+ new tokeniser refuses to accept them.
+
+ The new code handles quotes much better, permitting quoted space as
+ well as escaped closing quotes. Finally, comment handling should be
+ fixed - the tokeniser will terminate only on unquoted # characters.
+
+ feedback & ok markus@
- OpenBSD-Commit-ID: 9535cfdbd1cd54486fdbedfaee44ce4367ec7ca0
+ tested in snaps for the last five or so days - thanks Theo and those who
+ caught bugs
+
+ OpenBSD-Commit-ID: dc72fd12af9d5398f4d9e159d671f9269c5b14d5
-commit c12033e102760d043bc5c98e6c8180e4d331b0df
+commit d786424986c04d1d375f231fda177c8408e05c3e
Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date: Fri Jul 27 03:55:22 2018 +0000
+Date: Tue Jun 8 07:02:46 2021 +0000
- upstream: ssh(1) no longer supports being setuid root. Remove reference
+ upstream: Check if IPQoS or TunnelDevice are already set before
- to crc32 which went with protocol 1. Pointed out by deraadt@.
+ overriding. Prevents values in config files from overriding values supplied
+ on the command line. bz#3319, ok markus.
- OpenBSD-Commit-ID: f8763c25fd96ed91dd1abdab5667fd2e27e377b6
+ OpenBSD-Commit-ID: f3b08b898c324debb9195e6865d8999406938f74
-commit 4492e2ec4e1956a277ef507f51d66e5c2aafaaf8
-Author: Damien Miller <djm@mindrot.org>
-Date: Fri Jul 27 14:15:28 2018 +1000
+commit aae4b4d3585b9f944d7dbd3c9e5ba0006c55e457
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Tue Jun 8 06:54:40 2021 +0000
- correct snprintf truncation check in closefrom()
+ upstream: Allow argv_split() to optionally terminate tokenisation
+
+ when it encounters an unquoted comment.
- Truncation cannot happen unless the system has set PATH_MAX to some
- nonsensically low value.
+ Add some additional utility function for working with argument
+ vectors, since we'll be switching to using them to parse
+ ssh/sshd_config shortly.
- bz#2862, patch from Daniel Le
+ ok markus@ as part of a larger diff; tested in snaps
+
+ OpenBSD-Commit-ID: fd9c108cef2f713f24e3bc5848861d221bb3a1ac
-commit 149cab325a8599a003364ed833f878449c15f259
+commit da9f9acaac5bab95dca642b48e0c8182b246ab69
Author: Darren Tucker <dtucker@dtucker.net>
-Date: Fri Jul 27 13:46:06 2018 +1000
+Date: Mon Jun 7 19:19:23 2021 +1000
- Include stdarg.h in mkdtemp for va_list.
+ Save logs on failure for upstream test
-commit 6728f31bdfdc864d192773c32465b1860e23f556
-Author: deraadt@openbsd.org <deraadt@openbsd.org>
-Date: Wed Jul 25 17:12:35 2018 +0000
+commit 76883c60161e5f3808787085a27a8c37f8cc4e08
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Mon Jun 7 14:36:32 2021 +1000
- upstream: Don't redefine Makefile choices which come correct from
+ Add obsdsnap-i386 upstream test target.
+
+commit d45b9c63f947ec5ec314696e70281f6afddc0ac3
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Mon Jun 7 03:38:38 2021 +0000
+
+ upstream: fix debug message when finding a private key to match a
- bsd.*.mk ok markus
+ certificate being attempted for user authentication. Previously it would
+ print the certificate's path, whereas it was supposed to be showing the
+ private key's path. Patch from Alex Sherwin via GHPR247
- OpenBSD-Commit-ID: 814b2f670df75759e1581ecef530980b2b3d7e0f
+ OpenBSD-Commit-ID: d5af3be66d0f22c371dc1fe6195e774a18b2327b
-commit 21fd477a855753c1a8e450963669e28e39c3b5d2
-Author: deraadt@openbsd.org <deraadt@openbsd.org>
-Date: Wed Jul 25 13:56:23 2018 +0000
+commit 530739d42f6102668aecd699be0ce59815c1eceb
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Sun Jun 6 11:34:16 2021 +0000
- upstream: fix indent; Clemens Goessnitzer
+ upstream: Match host certificates against host public keys, not private
+
+ keys. Allows use of certificates with private keys held in a ssh-agent.
+ Reported by Miles Zhou in bz3524; ok dtucker@
- OpenBSD-Commit-ID: b5149a6d92b264d35f879d24608087b254857a83
+ OpenBSD-Commit-ID: 25f5bf70003126d19162862d9eb380bf34bac22a
-commit 8e433c2083db8664c41499ee146448ea7ebe7dbf
-Author: beck@openbsd.org <beck@openbsd.org>
-Date: Wed Jul 25 13:10:56 2018 +0000
+commit 4265215d7300901fd7097061c7517688ade82f8e
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Sun Jun 6 03:40:39 2021 +0000
- upstream: Use the caller provided (copied) pwent struct in
+ upstream: Client-side workaround for a bug in OpenSSH 7.4: this release
+
+ allows RSA/SHA2 signatures for public key authentication but fails to
+ advertise this correctly via SSH2_MSG_EXT_INFO. This causes clients of these
+ server to incorrectly match PubkeyAcceptedAlgorithms and potentially refuse
+ to offer valid keys.
- load_public_identity_files instead of calling getpwuid() again and discarding
- the argument. This prevents a client crash where tilde_expand_filename calls
- getpwuid() again before the pwent pointer is used. Issue noticed and reported
- by Pierre-Olivier Martel <pom@apple.com> ok djm@ deraadt@
+ Reported by and based on patch from Gordon Messmer via bz3213, thanks
+ also for additional analysis by Jakub Jelen. ok dtucker
- OpenBSD-Commit-ID: a067d74b5b098763736c94cc1368de8ea3f0b157
+ OpenBSD-Commit-ID: d6d0b7351d5d44c45f3daaa26efac65847a564f7
-commit e2127abb105ae72b6fda64fff150e6b24b3f1317
-Author: jmc@openbsd.org <jmc@openbsd.org>
-Date: Mon Jul 23 19:53:55 2018 +0000
+commit bda270d7fb8522d43c21a79a4b02a052d7c64de8
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Sun Jun 6 03:17:02 2021 +0000
- upstream: oops, failed to notice that SEE ALSO got messed up;
+ upstream: degrade gracefully if a sftp-server offers the
- OpenBSD-Commit-ID: 61c1306542cefdc6e59ac331751afe961557427d
+ limits@openssh.com extension but fails when the client tries to invoke it.
+ Reported by Hector Martin via bz3318
+
+ OpenBSD-Commit-ID: bd9d1839c41811616ede4da467e25746fcd9b967
-commit ddf1b797c2d26bbbc9d410aa4f484cbe94673587
-Author: kn@openbsd.org <kn@openbsd.org>
-Date: Mon Jul 23 19:02:49 2018 +0000
+commit d345d5811afdc2d6923019b653cdd93c4cc95f76
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Sun Jun 6 03:15:39 2021 +0000
- upstream: Point to glob in section 7 for the actual list of special
+ upstream: the limits@openssh.com extension was incorrectly marked
- characters instead the C API in section 3.
+ as an operation that writes to the filesystem, which made it unavailable in
+ sftp-server read-only mode. Spotted by Hector Martin via bz3318
- OK millert jmc nicm, "the right idea" deraadt
+ OpenBSD-Commit-ID: f054465230787e37516c4b57098fc7975e00f067
+
+commit 2b71010d9b43d7b8c9ec1bf010beb00d98fa765a
+Author: naddy@openbsd.org <naddy@openbsd.org>
+Date: Sat Jun 5 13:47:00 2021 +0000
+
+ upstream: PROTOCOL.certkeys: update reference from IETF draft to
+
+ RFC
- OpenBSD-Commit-ID: a74fd215488c382809e4d041613aeba4a4b1ffc6
+ Also fix some typos.
+ ok djm@
+
+ OpenBSD-Commit-ID: 5e855b6c5a22b5b13f8ffa3897a868e40d349b44
-commit 01c98d9661d0ed6156e8602b650f72eed9fc4d12
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date: Sun Jul 22 12:16:59 2018 +0000
+commit aa99b2d9a3e45b943196914e8d8bf086646fdb54
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Fri Jun 4 23:41:29 2021 +1000
+
+ Clear notify_pipe from readset if present.
+
+ Prevents leaking an implementation detail to the caller.
+
+commit 6de8dadf6b4d0627d35bca0667ca44b1d61c2c6b
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Fri Jun 4 23:24:25 2021 +1000
+
+ space->tabs.
+
+commit c8677065070ee34c05c7582a9c2f58d8642e552d
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Fri Jun 4 18:39:48 2021 +1000
- upstream: Switch authorized_keys example from ssh-dss to ssh-rsa
+ Add pselect implementation for platforms without.
- since the former is no longer enabled by default. Pointed out by Daniel A.
- Maierhofer, ok jmc
+ This is basically the existing notify_pipe kludge from serverloop.c
+ moved behind a pselect interface. It works by installing a signal
+ handler that writes to a pipe that the select is watching, then calls
+ the original handler.
- OpenBSD-Commit-ID: 6a196cef53d7524e0c9b58cdbc1b5609debaf8c7
+ The select call in serverloop will become pselect soon, at which point the
+ kludge will be removed from thereand will only exist in the compat layer.
+ Original code by markus, help from djm.
-commit 472269f8fe19343971c2d08f504ab5cbb8234b33
+commit 7cd7f302d3a072748299f362f9e241d81fcecd26
+Author: Vincent Brillault <vincent.brillault@cern.ch>
+Date: Sun May 24 09:15:06 2020 +0200
+
+ auth_log: dont log partial successes as failures
+
+ By design, 'partial' logins are successful logins, so initially with
+ authenticated set to 1, for which another authentication is required. As
+ a result, authenticated is always reset to 0 when partial is set to 1.
+ However, even if authenticated is 0, those are not failed login
+ attempts, similarly to attempts with authctxt->postponed set to 1.
+
+commit e7606919180661edc7f698e6a1b4ef2cfb363ebf
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Jul 20 05:01:10 2018 +0000
+Date: Fri Jun 4 06:19:07 2021 +0000
- upstream: slightly-clearer description for AuthenticationMethods - the
+ upstream: The RB_GENERATE_STATIC(3) macro expands to a series of
- lists have comma-separated elements; bz#2663 from Hans Meier
+ function definitions and not a statement, so there should be no semicolon
+ following them. Patch from Michael Forney
- OpenBSD-Commit-ID: 931c983d0fde4764d0942fb2c2b5017635993b5a
+ OpenBSD-Commit-ID: c975dd180580f0bdc0a4d5b7d41ab1f5e9b7bedd
-commit c59aca8adbdf7f5597084ad360a19bedb3f80970
-Author: Damien Miller <djm@mindrot.org>
-Date: Fri Jul 20 14:53:42 2018 +1000
+commit c298c4da574ab92df2f051561aeb3e106b0ec954
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri Jun 4 05:59:18 2021 +0000
- Create control sockets in clean temp directories
+ upstream: rework authorized_keys example section, removing irrelevant
- Adds a regress/mkdtemp tool and uses it to create empty temp
- directories for tests needing control sockets.
+ stuff, de-wrapping the example lines and better aligning the examples with
+ common usage and FAQs; ok jmc
- Patch from Colin Watson via bz#2660; ok dtucker
+ OpenBSD-Commit-ID: d59f1c9281f828148e2a2e49eb9629266803b75c
-commit 6ad8648e83e4f4ace37b742a05c2a6b6b872514e
+commit d9cb35bbec5f623589d7c58fc094817b33030f35
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Jul 20 03:46:34 2018 +0000
+Date: Fri Jun 4 05:10:03 2021 +0000
- upstream: remove unused zlib.h
+ upstream: adjust SetEnv description to clarify $TERM handling
- OpenBSD-Commit-ID: 8d274a9b467c7958df12668b49144056819f79f1
+ OpenBSD-Commit-ID: 8b8cc0124856bc1094949d55615e5c44390bcb22
-commit 3ba6e6883527fe517b6e4a824876e2fe62af22fc
+commit 771f57a8626709f2ad207058efd68fbf30d31553
Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date: Thu Jul 19 23:03:16 2018 +0000
+Date: Fri Jun 4 05:09:08 2021 +0000
- upstream: Fix typo in comment. From Alexandru Iacob via github.
+ upstream: Switch the listening select loop from select() to
+
+ pselect() and mask signals while checking signal flags, umasking for pselect
+ and restoring afterwards. Also restore signals before sighup_restart so they
+ don't remain blocked after restart.
- OpenBSD-Commit-ID: eff4ec07c6c8c5483533da43a4dda37d72ef7f1d
+ This prevents a race where a SIGTERM or SIGHUP can arrive between
+ checking the flag and calling select (eg if sshd is processing a
+ new connection) resulting in sshd not shutting down until the next
+ time it receives a new connection. bz#2158, with & ok djm@
+
+ OpenBSD-Commit-ID: bf85bf880fd78e00d7478657644fcda97b9a936f
-commit c77bc73c91bc656e343a1961756e09dd1b170820
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Fri Jul 20 13:48:51 2018 +1000
+commit f64f8c00d158acc1359b8a096835849b23aa2e86
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri Jun 4 05:02:40 2021 +0000
- Explicitly include openssl before zlib.
+ upstream: allow ssh_config SetEnv to override $TERM, which is otherwise
+
+ handled specially by the protocol. Useful in ~/.ssh/config to set TERM to
+ something generic (e.g. "xterm" instead of "xterm-256color") for destinations
+ that lack terminfo entries. feedback and ok dtucker@
- Some versions of OpenSSL have "free_func" in their headers, which zlib
- typedefs. Including openssl after zlib (eg via sshkey.h) results in
- "syntax error before `free_func'", which this fixes.
+ OpenBSD-Commit-ID: 38b1ef4d5bc159c7d9d589d05e3017433e2d5758
-commit 95d41e90eafcd1286a901e8e361e4a37b98aeb52
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date: Thu Jul 19 10:28:47 2018 +0000
+commit 60107677dc0ce1e93c61f23c433ad54687fcd9f5
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri Jun 4 04:02:21 2021 +0000
- upstream: Deprecate UsePrivilegedPort now that support for running
+ upstream: correct extension name "no-presence-required" =>
- ssh(1) setuid has been removed, remove supporting code and clean up
- references to it in the man pages
+ "no-touch-required"
- We have not shipped ssh(1) the setuid bit since 2002. If ayone
- really needs to make connections from a low port number this can
- be implemented via a small setuid ProxyCommand.
+ document "verify-required" option
- ok markus@ jmc@ djm@
+ OpenBSD-Commit-ID: 1879ff4062cf61d79b515e433aff0bf49a6c55c5
+
+commit ecc186e46e3e30f27539b4311366dfda502f0a08
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Wed Jun 2 13:54:11 2021 +1000
+
+ Retire fbsd7 test target.
- OpenBSD-Commit-ID: d03364610b7123ae4c6792f5274bd147b6de717e
+ It's the slowest of the selfhosted targets (since it's 32bit but has
+ most of the crypto algos). We still have coverage for 32bit i386.
-commit 258dc8bb07dfb35a46e52b0822a2c5b7027df60a
+commit 5de0867b822ec48b5eec9abde0f5f95d1d646546
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Wed Jun 2 11:21:40 2021 +1000
+
+ Check for $OPENSSL in md5 fallback too.
+
+commit 1db69d1b6542f8419c04cee7fd523a4a11004be2
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Wed Jun 2 11:17:54 2021 +1000
+
+ Add dfly60 target.
+
+commit a3f2dd955f1c19cad387a139f0e719af346ca6ef
Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date: Wed Jul 18 11:34:04 2018 +0000
+Date: Wed Jun 2 00:17:45 2021 +0000
- upstream: Remove support for running ssh(1) setuid and fatal if
+ upstream: Merge back shell portability changes
- attempted. Do not link uidwap.c into ssh any more. Neuters
- UsePrivilegedPort, which will be marked as deprecated shortly. ok markus@
- djm@
+ bringing it back in sync with -portable.
- OpenBSD-Commit-ID: c4ba5bf9c096f57a6ed15b713a1d7e9e2e373c42
+ OpenBSD-Regress-ID: c07905ba931e66ad7d849b87b7d19648007175d1
-commit ac590760b251506b0a152551abbf8e8d6dc2f527
+commit 9d482295c9f073e84d75af46b720a1c0f7ec2867
Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date: Mon Jul 16 22:25:01 2018 +0000
+Date: Tue Jun 1 23:56:20 2021 +0000
- upstream: Slot 0 in the hostbased key array was previously RSA1,
+ upstream: Use a default value for $OPENSSL,
- but that is now gone and the slot is unused so remove it. Remove two
- now-unused macros, and add an array bounds check to the two remaining ones
- (array is statically sized, so mostly a safety check on future changes). ok
- markus@
+ allowing it to be overridden. Do the same in the PuTTY tests since it's
+ needed there and not exported by test-exec.sh.
- OpenBSD-Commit-ID: 2e4c0ca6cc1d8daeccead2aa56192a3f9d5e1e7a
+ OpenBSD-Regress-ID: c49dcd6aa7602a8606b7afa192196ca1fa65de16
-commit 26efc2f5df0e3bcf6a6bbdd0506fd682d60c2145
+commit 07660b3c99f8ea74ddf4a440e55c16c9f7fb3dd1
Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date: Mon Jul 16 11:05:41 2018 +0000
+Date: Mon May 24 10:25:18 2021 +0000
- upstream: Remove support for loading HostBasedAuthentication keys
+ upstream: Find openssl binary via environment variable. This
- directly in ssh(1) and always use ssh-keysign. This removes one of the few
- remaining reasons why ssh(1) might be setuid. ok markus@
+ allows overriding if necessary (eg in -portable where we're testing against a
+ specific version of OpenSSL).
- OpenBSD-Commit-ID: 97f01e1448707129a20d75f86bad5d27c3cf0b7d
+ OpenBSD-Regress-ID: 491f39cae9e762c71aa4bf045803d077139815c5
-commit 3eb7f1038d17af7aea3c2c62d1e30cd545607640
+commit 1a4d1da9188d7c88f646b61f0d6a3b34f47c5439
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Mon Jul 16 07:06:50 2018 +0000
+Date: Fri May 21 04:03:47 2021 +0000
- upstream: keep options.identity_file_userprovided array in sync when we
+ upstream: fix memleak in test
- load keys, fixing some spurious error messages; ok markus
+ OpenBSD-Regress-ID: 5e529d0982aa04666604936df43242e97a7a6f81
+
+commit 60455a5d98065a73ec9a1f303345856bbd49aecc
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri May 21 03:59:01 2021 +0000
+
+ upstream: also check contents of remaining string
- OpenBSD-Commit-ID: c63e3d5200ee2cf9e35bda98de847302566c6a00
+ OpenBSD-Regress-ID: d526fa07253f4eebbc7d6205a0ab3d491ec71a28
-commit 2f131e1b34502aa19f345e89cabf6fa3fc097f09
+commit 39f6cd207851d7b67ca46903bfce4a9f615b5b1c
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Mon Jul 16 03:09:59 2018 +0000
+Date: Fri May 21 03:48:07 2021 +0000
- upstream: memleak in unittest; found by valgrind
+ upstream: unit test for misc.c:strdelim() that mostly servces to
+
+ highlight its inconsistencies
- OpenBSD-Regress-ID: 168c23b0fb09fc3d0b438628990d3fd9260a8a5e
+ OpenBSD-Regress-ID: 8d2bf970fcc01ccc6e36a5065f89b9c7fa934195
+
+commit 7a3a1dd2c7d4461962acbcc0ebee9445ba892be0
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Thu May 27 21:23:15 2021 +1000
+
+ Put minix3 config in the host-specific block.
-commit de2997a4cf22ca0a524f0e5b451693c583e2fd89
+commit 59a194825f12fff8a7f75d91bf751ea17645711b
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Mon Jul 16 03:09:13 2018 +0000
+Date: Mon May 31 06:48:42 2021 +0000
- upstream: memleaks; found by valgrind
+ upstream: Hash challenge supplied by client during FIDO key enrollment
- OpenBSD-Commit-ID: 6c3ba22be53e753c899545f771e8399fc93cd844
+ prior to passing it to libfido2, which does expect a hash.
+
+ There is no effect for users who are simply generating FIDO keys using
+ ssh-keygen - by default we generate a random 256 bit challenge, but
+ people building attestation workflows around our tools should now have
+ a more consistent experience (esp. fewer failures when they fail to
+ guess the magic 32-byte challenge length requirement).
+
+ ok markus@
+
+ OpenBSD-Commit-ID: b8d5363a6a7ca3b23dc28f3ca69470472959f2b5
-commit 61cc0003eb37fa07603c969c12b7c795caa498f3
+commit eb68e669bc8ab968d4cca5bf1357baca7136a826
Author: Darren Tucker <dtucker@dtucker.net>
-Date: Sat Jul 14 16:49:01 2018 +1000
+Date: Thu May 27 21:14:15 2021 +1000
- Undef a few new macros in sys-queue.h.
+ Include login_cap.h for login_getpwclass override.
- Prevents macro redefinition warnings on OSX.
+ On minix3, login_getpwclass is __RENAME'ed to __login_getpwclass50 so
+ without this the include overriding login_getpwclass causes a compile
+ error.
-commit 30a2c213877a54a44dfdffb6ca8db70be5b457e0
+commit 2063af71422501b65c7a92a5e14c0e6a3799ed89
Author: Darren Tucker <dtucker@dtucker.net>
-Date: Fri Jul 13 13:40:20 2018 +1000
+Date: Thu May 27 21:13:38 2021 +1000
+
+ Add minix3 test target.
+
+commit 2e1efcfd9f94352ca5f4b6958af8a454f8cf48cd
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Wed May 26 01:47:24 2021 +0000
- Include unistd.h for geteuid declaration.
+ upstream: fix SEGV in UpdateHostkeys debug() message, triggered
+
+ when the update removed more host keys than remain present. Fix tested by
+ reporter James Cook, via bugs@
+
+ OpenBSD-Commit-ID: 44f641f6ee02bb957f0c1d150495b60cf7b869d3
+
+commit 9acd76e6e4d2b519773e7119c33cf77f09534909
+Author: naddy@openbsd.org <naddy@openbsd.org>
+Date: Sun May 23 18:22:57 2021 +0000
+
+ upstream: ssh: The client configuration keyword is
+
+ "hostbasedacceptedalgorithms"
+
+ This fixes a mistake that slipped in when "HostbasedKeyTypes" was
+ renamed to "HostbasedAcceptedAlgorithms".
+
+ Bug report by zack@philomathiclife.com
+
+ OpenBSD-Commit-ID: d745a7e8e50b2589fc56877f322ea204bc784f38
-commit 1dd32c23f2a85714dfafe2a9cc516971d187caa4
+commit 078a0e60c92700da4c536c93c007257828ccd05b
Author: Darren Tucker <dtucker@dtucker.net>
-Date: Fri Jul 13 13:38:10 2018 +1000
+Date: Tue May 25 11:40:47 2021 +1000
- Fallout from buffer conversion in AUDIT_EVENTS.
+ Rename README.md to ci-status.md.
- Supply missing "int r" and fix error path for sshbuf_new().
+ The original intent was to provide a status page for the CIs configured
+ in that directory, but it had the side effect of replacing the top-level
+ README.md.
-commit 7449c178e943e5c4f6c8416a4e41d93b70c11c9e
+commit 7be4ac813662f68e89f23c50de058a49aa32f7e4
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Jul 13 02:13:50 2018 +0000
+Date: Wed May 19 01:24:05 2021 +0000
- upstream: make this use ssh_proxy rather than starting/stopping a
+ upstream: restore blocking status on stdio fds before close
+
+ ssh(1) needs to set file descriptors to non-blocking mode to operate
+ but it was not restoring the original state on exit. This could cause
+ problems with fds shared with other programs via the shell, e.g.
+
+ > $ cat > test.sh << _EOF
+ > #!/bin/sh
+ > {
+ > ssh -Fnone -oLogLevel=verbose ::1 hostname
+ > cat /usr/share/dict/words
+ > } | sleep 10
+ > _EOF
+ > $ ./test.sh
+ > Authenticated to ::1 ([::1]:22).
+ > Transferred: sent 2352, received 2928 bytes, in 0.1 seconds
+ > Bytes per second: sent 44338.9, received 55197.4
+ > cat: stdout: Resource temporarily unavailable
- daemon for each testcase
+ This restores the blocking status for fds 0,1,2 (stdio) before ssh(1)
+ abandons/closes them.
- OpenBSD-Regress-ID: 608b7655ea65b1ba8fff5a13ce9caa60ef0c8166
+ This was reported as bz3280 and GHPR246; ok dtucker@
+
+ OpenBSD-Commit-ID: 8cc67346f05aa85a598bddf2383fcfcc3aae61ce
-commit dbab02f9208d9baa134cec1d007054ec82b96ca9
+commit c4902e1a653c67fea850ec99c7537f358904c0af
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Jul 13 02:13:19 2018 +0000
+Date: Mon May 17 11:43:16 2021 +0000
- upstream: fix leaks in unit test; with this, all unit tests are
+ upstream: fix breakage of -W forwaring introduced in 1.554; reported by
- leak free (as far as valgrind can spot anyway)
+ naddy@ and sthen@, ok sthen@
- OpenBSD-Regress-ID: b824d8b27998365379963440e5d18b95ca03aa17
+ OpenBSD-Commit-ID: f72558e643a26dc4150cff6e5097b5502f6c85fd
-commit 2f6accff5085eb79b0dbe262d8b85ed017d1a51c
-Author: Damien Miller <djm@mindrot.org>
-Date: Fri Jul 13 11:39:25 2018 +1000
+commit afea01381ad1fcea1543b133040f75f7542257e6
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Mon May 17 07:22:45 2021 +0000
- Enable leak checks for unit tests with valgrind
+ upstream: Regenerate moduli.
- Leave the leak checking on unconditionally when running with valgrind.
- The unit tests are leak-free and I want them to stay that way.
+ OpenBSD-Commit-ID: 83c93a2a07c584c347ac6114d6329b18ce515557
-commit e46cfbd9db5e907b821bf4fd0184d4dab99815ee
+commit be2866d6207b090615ff083c9ef212b603816a56
Author: Damien Miller <djm@mindrot.org>
-Date: Fri Jul 13 11:38:59 2018 +1000
+Date: Mon May 17 09:40:23 2021 +1000
- increase timeout to match cfgmatch.sh
+ Handle Android libc returning NULL pw->pw_passwd
- lets test pass under valgrind (on my workstation at least)
+ Reported by Luke Dashjr
-commit 6aa1bf475cf3e7a2149acc5a1e80e904749f064c
-Author: Damien Miller <djm@mindrot.org>
-Date: Thu Jul 12 14:54:18 2018 +1000
+commit 5953c143008259d87342fb5155bd0b8835ba88e5
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri May 14 05:20:32 2021 +0000
- rm regress/misc/kexfuzz/*.o in distclean target
+ upstream: fix previous: test saved no_shell_flag, not the one that just
+
+ got clobbered
+
+ OpenBSD-Commit-ID: b8deace085d9d941b2d02f810243b9c302e5355d
-commit eef1447ddb559c03725a23d4aa6d03f40e8b0049
-Author: Damien Miller <djm@mindrot.org>
-Date: Thu Jul 12 14:49:26 2018 +1000
+commit 1e9fa55f4dc4b334651d569d3448aaa3841f736f
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri May 14 03:09:48 2021 +0000
- repair !WITH_OPENSSL build
+ upstream: Fix ssh started with ControlPersist incorrectly executing a
+
+ shell when the -N (no shell) option was specified. bz3290 reported by Richard
+ Schwab; patch from markus@ ok me
+
+ OpenBSD-Commit-ID: ea1ea4af16a95687302f7690bdbe36a6aabf87e1
-commit 4d3b2f36fd831941d1627ac587faae37b6d3570f
-Author: Damien Miller <djm@mindrot.org>
-Date: Thu Jul 12 14:49:14 2018 +1000
+commit d1320c492f655d8f5baef8c93899d79dded217a5
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Wed May 12 11:34:30 2021 +0000
- missing headers
+ upstream: Clarify language about moduli. While both ends of the
+
+ connection do need to use the same parameters (ie groups), the DH-GEX
+ protocol takes care of that and both ends do not need the same contents in
+ the moduli file, which is what the previous text suggested. ok djm@ jmc@
+
+ OpenBSD-Commit-ID: f0c18cc8e79c2fbf537a432a9070ed94e96a622a
-commit 3f420a692b293921216549c1099c2e46ff284eae
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Thu Jul 12 14:57:46 2018 +1000
+commit d3cc4d650ce3e59f3e370b101778b0e8f1c02c4d
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri May 7 04:11:51 2021 +0000
- Remove key.h from portable files too.
+ upstream: include pid in LogVerbose spam
- Commit 5467fbcb removed key.h so stop including it in portable files
- too. Fixes builds on lots of platforms.
+ OpenBSD-Commit-ID: aacb86f96ee90c7cb84ec27452374285f89a7f00
-commit e2c4af311543093f16005c10044f7e06af0426f0
+commit e3c032333be5fdbbaf2751f6f478e044922b4ec4
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Thu Jul 12 04:35:25 2018 +0000
+Date: Fri May 7 03:09:38 2021 +0000
- upstream: remove prototype to long-gone function
+ upstream: don't sigdie() in signal handler in privsep child process;
- OpenBSD-Commit-ID: 0414642ac7ce01d176b9f359091a66a8bbb640bd
+ this can end up causing sandbox violations per bz3286; ok dtucker@
+
+ OpenBSD-Commit-ID: a7f40b2141dca4287920da68ede812bff7ccfdda
-commit 394a842e60674bf8ee5130b9f15b01452a0b0285
-Author: markus@openbsd.org <markus@openbsd.org>
-Date: Wed Jul 11 18:55:11 2018 +0000
+commit a4039724a3f2abac810735fc95cf9114a3856049
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Fri May 7 09:23:40 2021 +0000
- upstream: treat ssh_packet_write_wait() errors as fatal; ok djm@
+ upstream: Increase ConnectionAttempts from 4 to 10 as the tests
+
+ occasionally time out on heavily loaded hosts.
- OpenBSD-Commit-ID: f88ba43c9d54ed2d911218aa8d3f6285430629c3
+ OpenBSD-Regress-ID: 29a8cdef354fc9da471a301f7f65184770434f3a
-commit 5467fbcb09528ecdcb914f4f2452216c24796790
-Author: markus@openbsd.org <markus@openbsd.org>
-Date: Wed Jul 11 18:53:29 2018 +0000
+commit c0d7e36e979fa3cdb60f5dcb6ac9ad3fd018543b
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri May 7 02:26:55 2021 +0000
+
+ upstream: dump out a usable private key string too; inspired by Tyson
+
+ Whitehead
+
+ OpenBSD-Regress-ID: 65572d5333801cb2f650ebc778cbdc955e372058
- upstream: remove legacy key emulation layer; ok djm@
+commit 24fee8973abdf1c521cd2c0047d89e86d9c3fc38
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri May 7 02:29:40 2021 +0000
+
+ upstream: correct mistake in spec - the private key blobs are encoded
- OpenBSD-Commit-ID: 2b1f9619259e222bbd4fe9a8d3a0973eafb9dd8d
+ verbatim and not as strings (i.e. no 4-byte length header)
+
+ OpenBSD-Commit-ID: 3606b5d443d72118c5b76c4af6dd87a5d5a4f837
-commit 5dc4c59d5441a19c99e7945779f7ec9051126c25
-Author: martijn@openbsd.org <martijn@openbsd.org>
-Date: Wed Jul 11 08:19:35 2018 +0000
+commit f43859159cc62396ad5d080f0b1f2635a67dac02
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Tue May 4 22:53:52 2021 +0000
- upstream: s/wuth/with/ in comment
+ upstream: Don't pass NULL as a string in debugging as it does not work
- OpenBSD-Commit-ID: 9de41468afd75f54a7f47809d2ad664aa577902c
+ on some platforms in -portable. ok djm@
+
+ OpenBSD-Commit-ID: 937c892c99aa3c9c272a8ed78fa7c2aba3a44fc9
+
+commit ac31aa3c6341905935e75f0539cf4a61bbe99779
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Mon May 3 00:16:45 2021 +0000
-commit 1c688801e9dd7f9889fb2a29bc2b6fbfbc35a11f
+ upstream: more debugging for UpdateHostKeys signature failures
+
+ OpenBSD-Commit-ID: 1ee95f03875e1725df15d5e4bea3e73493d57d36
+
+commit 8e32e97e788e0676ce83018a742203614df6a2b3
Author: Darren Tucker <dtucker@dtucker.net>
-Date: Wed Jul 11 12:12:38 2018 +1000
+Date: Sat May 1 20:07:47 2021 +1000
+
+ Add obsd69 test target.
+
+commit f06893063597c5bb9d9e93f851c4070e77d2fba9
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri Apr 30 04:29:53 2021 +0000
- Include stdlib.h for declaration of free.
+ upstream: a little debugging in the main mux process for status
- Fixes build with -Werror on at least Fedora and probably others.
+ confirmation failures in multiplexed sessions
+
+ OpenBSD-Commit-ID: 6e27b87c95176107597035424e1439c3232bcb49
-commit fccfa239def497615f92ed28acc57cfe63da3666
-Author: Damien Miller <djm@mindrot.org>
-Date: Wed Jul 11 10:19:56 2018 +1000
+commit e65cf00da6bc31e5f54603b7feb7252dc018c033
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Fri Apr 30 04:02:52 2021 +0000
- VALGRIND_CHECK_LEAKS logic was backwards :(
+ upstream: Remove now-unused skey function prototypes leftover from
+
+ skey removal.
+
+ OpenBSD-Commit-ID: 2fc36d519fd37c6f10ce74854c628561555a94c3
-commit 416287d45fcde0a8e66eee8b99aa73bd58607588
+commit ae5f9b0d5c8126214244ee6b35aae29c21028133
Author: Darren Tucker <dtucker@dtucker.net>
-Date: Wed Jul 11 10:10:26 2018 +1000
+Date: Thu Apr 29 13:01:50 2021 +1000
- Fix sshbuf_new error path in skey.
+ Wrap sntrup761x25519 inside ifdef.
+
+ From balu.gajjala at gmail.com via bz#3306.
-commit 7aab109b8b90a353c1af780524f1ac0d3af47bab
+commit 70a8dc138a6480f85065cdb239915ad4b7f928cf
Author: Darren Tucker <dtucker@dtucker.net>
-Date: Wed Jul 11 10:06:18 2018 +1000
+Date: Wed Apr 28 14:44:07 2021 +1000
- Supply missing third arg in skey.
-
- During the change to the new buffer api the third arg to
- sshbuf_get_cstring was ommitted. Fixes build when configured with skey.
+ Add status badges for Actions-based tests.
-commit 380320bb72cc353a901790ab04b6287fd335dc4a
+commit 40b59024cc3365815381474cdf4fe423102e391b
Author: Darren Tucker <dtucker@dtucker.net>
-Date: Wed Jul 11 10:03:34 2018 +1000
+Date: Wed Apr 28 12:22:11 2021 +1000
- Supply some more missing "int r" in skey
+ Add obsdsnap (OpenBSD snapshot) test target.
-commit d20720d373d8563ee737d1a45dc5e0804d622dbc
-Author: Damien Miller <djm@mindrot.org>
-Date: Wed Jul 11 09:56:36 2018 +1000
+commit e627067ec8ef9ae8e7a638f4dbac91d52dee3e6d
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Wed Apr 28 11:35:28 2021 +1000
- disable valgrind memleak checking by default
+ Add test building upstream OpenBSD source.
+
+commit 1b8108ebd12fc4ed0fb39ef94c5ba122558ac373
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Tue Apr 27 14:22:20 2021 +1000
+
+ Test against OpenSSL 1.1.0h instead of 1.1.0g.
- Add VALGRIND_CHECK_LEAKS knob to turn it back on.
+ 1.1.0g requires a perl glob module that's not installed by default.
-commit 79c9d35018f3a5e30ae437880b669aa8636cd3cd
+commit 9bc20efd39ce8525be33df3ee009f5a4564224f1
Author: Darren Tucker <dtucker@dtucker.net>
-Date: Wed Jul 11 09:54:00 2018 +1000
+Date: Tue Apr 27 12:37:59 2021 +1000
- Supply missing "int r" in skey code.
+ Use the default VM type for libcrypto ver tests.
-commit 984bacfaacbbe31c35191b828fb5b5b2f0362c36
-Author: sf@openbsd.org <sf@openbsd.org>
-Date: Tue Jul 10 09:36:58 2018 +0000
+commit 9f79e80dc40965c2e73164531250b83b176c1eea
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Tue Apr 27 12:24:10 2021 +1000
- upstream: re-remove some pre-auth compression bits
+ Always build OpenSSL shared.
- This time, make sure to not remove things that are necessary for
- pre-auth compression on the client. Add a comment that pre-auth
- compression is still supported in the client.
+ This is the default for current versions but we need it to test against
+ earlier versions.
+
+commit b3cc9fbdff2782eca79e33e02ac22450dc63bce9
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Tue Apr 27 09:18:02 2021 +1000
+
+ Fix custom OpenSSL tests.
- ok markus@
+ Check out specified OpenSSL version. Install custom libcrypto where
+ configure expects to find it. Remove unneeded OpenSSL config time
+ options. Older OpenSSL versions were not make -j safe so remove it.
+
+commit 77532609874a99a19e3e2eb2d1b7fa93aef963bb
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Mon Apr 26 17:18:25 2021 +1000
+
+ Export CC and CFLAGS for c89 test.
+
+commit 33f62dfbe865f4de77980ab88774bf1eb5e4e040
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Mon Apr 26 17:13:44 2021 +1000
+
+ Add c89 here too.
+
+commit da9d59f526fce58e11cba49cd8eb011dc0bf5677
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Mon Apr 26 15:34:23 2021 +1000
+
+ Add test against OpenSSL w/out ECC.
+
+commit 29e194a752359ebf85bf7fce100f23a0477fc4de
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Mon Apr 26 14:49:59 2021 +1000
+
+ Ensure we can still build with C89.
+
+commit a38016d369d21df5d35f761f2b67e175e132ba22
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Mon Apr 26 14:29:03 2021 +1000
+
+ Interop test agains PuTTY.
+
+commit 095b0307a77be8803768857cc6c0963fa52ed85b
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Mon Apr 26 14:02:03 2021 +1000
+
+ Support testing against arbitary libcrytpo vers.
- OpenBSD-Commit-ID: 282c6fec7201f18a5c333bbb68d9339734d2f784
+ Add tests against various LibreSSL and OpenSSL versions.
-commit 120a1ec74e8d9d29f4eb9a27972ddd22351ddef9
-Author: Damien Miller <djm@mindrot.org>
-Date: Tue Jul 10 19:39:52 2018 +1000
+commit b16082aa110fa7128ece2a9037ff420c4a285317
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Mon Apr 26 13:35:44 2021 +1000
- Adapt portable to legacy buffer API removal
+ Add fbsd10 test target.
-commit 0f3958c1e6ffb8ea4ba27e2a97a00326fce23246
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Tue Jul 10 09:13:30 2018 +0000
+commit 2c805f16b24ea37cc051c6018fcb05defab6e57a
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Sun Apr 25 14:15:02 2021 +1000
- upstream: kerberos/gssapi fixes for buffer removal
+ Disable compiler hardening on nbsd4.
- OpenBSD-Commit-ID: 1cdf56fec95801e4563c47f21696f04cd8b60c4c
+ The system compiler supports -fstack-protector-all, but using it will
+ result in an internal compiler error on some files.
-commit c74ae8e7c45f325f3387abd48fa7dfef07a08069
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Tue Jul 10 06:45:29 2018 +0000
+commit 6a5d39305649da5dff1934ee54292ee0cebd579d
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Sun Apr 25 13:01:34 2021 +1000
+
+ Add nbsd3, nbsd4 and nbsd9 test targets.
+
+commit d1aed05bd2e4ae70f359a394dc60a2d96b88f78c
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Sat Apr 24 22:03:46 2021 +1000
+
+ Comment out nbsd2 test target for now.
+
+commit a6b4ec94e5bd5a8a18cd2c9942d829d2e5698837
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Sat Apr 24 17:52:24 2021 +1000
+
+ Add OPENBSD ORIGINAL marker.
- upstream: buffer.[ch] and bufaux.c are no more
+commit 3737c9f66ee590255546c4b637b6d2be669a11eb
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Fri Apr 23 19:49:46 2021 +1000
+
+ Replace "==" (a bashism) with "=".
+
+commit a116b6f5be17a1dd345b7d54bf8aa3779a28a0df
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Fri Apr 23 16:34:48 2021 +1000
+
+ Add nbsd2 test target.
+
+commit 196bf2a9bb771f45d9b0429cee7d325962233c44
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Fri Apr 23 14:54:10 2021 +1000
+
+ Add obsd68 test target.
+
+commit e3ba6574ed69e8b7af725cf5e8a9edaac04ff077
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Fri Apr 23 14:53:32 2021 +1000
+
+ Remove dependency on bash.
+
+commit db1f9ab8feb838aee9f5b99c6fd3f211355dfdcf
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Fri Apr 23 14:41:13 2021 +1000
+
+ Add obsd67 test target.
+
+commit c039a6bf79192fe1daa9ddcc7c87dd98e258ae7c
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Fri Apr 23 11:08:23 2021 +1000
+
+ Re-add macos-11.0 test target.
+
+commit a6db3a47b56adb76870d59225ffb90a65bc4daf2
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Fri Apr 23 10:28:28 2021 +1000
+
+ Add openindiana test target.
+
+commit 3fe7e73b025c07eda46d78049f1da8ed7dfc0c69
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Fri Apr 23 10:26:35 2021 +1000
+
+ Test krb5 on Solaris 11 too.
+
+commit f57fbfe5eb02df1a91f1a237c4d27165afd87c13
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Thu Apr 22 22:27:26 2021 +1000
+
+ Don't always set SUDO.
- OpenBSD-Commit-ID: d1a1852284e554f39525eb4d4891b207cfb3d3a0
+ Rely on sourcing configs to set as appropriate.
+
+commit e428f29402fb6ac140b52f8f12e06ece7bb104a0
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Thu Apr 22 22:26:08 2021 +1000
+
+ Remove now-unused 2nd arg to configs.
-commit a881e5a133d661eca923fb0633a03152ab2b70b2
+commit cb4ff640d79b3c736879582139778f016bbb2cd7
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Wed Apr 21 01:08:04 2021 +1000
+
+ Add win10 test target.
+
+commit 4457837238072836b2fa3107d603aac809624983
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Tue Apr 20 23:31:29 2021 +1000
+
+ Add nbsd8 test target.
+
+commit bd4fba22e14da2fa196009010aabec5a8ba9dd42
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Sat Apr 17 09:55:47 2021 +1000
+
+ Add obsd51 target.
+
+commit 9403d0e805c77a5741ea8c3281bbe92558c2f125
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Fri Apr 16 18:14:25 2021 +1000
+
+ Add fbsd13 target.
+
+commit e86968280e358e62649d268d41f698d64d0dc9fa
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Apr 16 13:55:25 2021 +1000
+
+ depend
+
+commit 2fb25ca11e8b281363a2a2a4dec4c497a1475d9a
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Apr 16 13:53:02 2021 +1000
+
+ crank version in README and RPM spec files
+
+commit b2b60ebab0cb77b5bc02d364d72e13db882f33ae
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Tue Jul 10 06:43:52 2018 +0000
+Date: Fri Apr 16 03:42:00 2021 +0000
- upstream: one mention of Buffer that almost got away :)
+ upstream: openssh-8.6
- OpenBSD-Commit-ID: 30d7c27a90b4544ad5dfacf654595710cd499f02
+ OpenBSD-Commit-ID: b5f3e133c846127ec114812248bc17eff07c3e19
-commit 49f47e656b60bcd1d1db98d88105295f4b4e600d
+commit faf2b86a46c9281d237bcdec18c99e94a4eb820a
Author: markus@openbsd.org <markus@openbsd.org>
-Date: Mon Jul 9 21:59:10 2018 +0000
+Date: Thu Apr 15 16:24:31 2021 +0000
- upstream: replace cast with call to sshbuf_mutable_ptr(); ok djm@
+ upstream: do not pass file/func to monitor; noted by Ilja van Sprundel;
- OpenBSD-Commit-ID: 4dfe9d29fa93d9231645c89084f7217304f7ba29
+ ok djm@
+
+ OpenBSD-Commit-ID: 85ae5c063845c410283cbdce685515dcd19479fa
-commit cb30cd47041edb03476be1c8ef7bc1f4b69d1555
-Author: markus@openbsd.org <markus@openbsd.org>
-Date: Mon Jul 9 21:56:06 2018 +0000
+commit 2dc328023f60212cd29504fc05d849133ae47355
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Apr 14 11:42:55 2021 +1000
- upstream: remove legacy buffer API emulation layer; ok djm@
+ sshd don't exit on transient read errors
- OpenBSD-Commit-ID: 2dd5dc17cbc23195be4299fa93be2707a0e08ad9
+ openssh-8.5 introduced a regression that would cause sshd to exit
+ because of transient read errors on the network socket (e.g. EINTR,
+ EAGAIN). Reported by balu.gajjala AT gmail.com via bz3297
-commit 235c7c4e3bf046982c2d8242f30aacffa01073d1
-Author: markus@openbsd.org <markus@openbsd.org>
-Date: Mon Jul 9 21:53:45 2018 +0000
+commit d5d6b7d76d171a2e6861609dcd92e714ee62ad88
+Author: Damien Miller <djm@mindrot.org>
+Date: Sat Apr 10 18:45:00 2021 +1000
- upstream: sshd: switch monitor to sshbuf API; lots of help & ok
+ perform report_failed_grab() inline
+
+commit ea996ce2d023aa3c6d31125e2c3ebda1cb42db8c
+Author: Damien Miller <djm@mindrot.org>
+Date: Sat Apr 10 18:22:57 2021 +1000
+
+ dedicated gnome-ssk-askpass3 source
- djm@
+ Compatibility with Wayland requires that we use the gdk_seat_grab()
+ API for grabbing mouse/keyboard, however these API don't exist in
+ Gtk+2.
+
+ This branches gnome-ssk-askpass2.c => gnome-ssk-askpass3.c and
+ makes the changes to use the gdk_seat_grab() instead of grabbing
+ mouse/focus separately via GDK.
- OpenBSD-Commit-ID: d89bd02d33974fd35ca0b8940d88572227b34a48
+ In the future, we can also use the branched file to avoid some
+ API that has been soft-deprecated in GTK+3, e.g. gtk_widget_modify_fg
-commit b8d9214d969775e409e1408ecdf0d58fad99b344
-Author: markus@openbsd.org <markus@openbsd.org>
-Date: Mon Jul 9 21:37:55 2018 +0000
+commit bfa5405da05d906ffd58216eb77c4375b62d64c2
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Thu Apr 8 15:18:15 2021 +1000
- upstream: sshd: switch GSSAPI to sshbuf API; ok djm@
+ Ensure valgrind-out exists.
- OpenBSD-Commit-ID: e48449ab4be3f006f7ba33c66241b7d652973e30
+ Normally the regress tests would create it, but running the unit tests
+ on their own would fail because the directory did not exist.
-commit c7d39ac8dc3587c5f05bdd5bcd098eb5c201c0c8
-Author: markus@openbsd.org <markus@openbsd.org>
-Date: Mon Jul 9 21:35:50 2018 +0000
+commit 1f189181f3ea09a9b08aa866f78843fec800874f
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Thu Apr 8 15:17:19 2021 +1000
- upstream: sshd: switch authentication to sshbuf API; ok djm@
+ Pass OBJ to unit test make invocation.
- OpenBSD-Commit-ID: 880aa06bce4b140781e836bb56bec34873290641
+ At least the Valgrind unit tests uses $OBJ.
-commit c3cb7790e9efb14ba74b2d9f543ad593b3d55b31
-Author: markus@openbsd.org <markus@openbsd.org>
-Date: Mon Jul 9 21:29:36 2018 +0000
+commit f42b550c281d28bd19e9dd6ce65069164f3482b0
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Thu Apr 8 14:20:12 2021 +1000
- upstream: sshd: switch config to sshbuf API; ok djm@
-
- OpenBSD-Commit-ID: 72b02017bac7feac48c9dceff8355056bea300bd
+ Add pattern for valgrind-unit.
-commit 2808d18ca47ad3d251836c555f0e22aaca03d15c
-Author: markus@openbsd.org <markus@openbsd.org>
-Date: Mon Jul 9 21:26:02 2018 +0000
+commit 19e534462710e98737478fd9c44768b50c27c4c6
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Thu Apr 8 13:31:08 2021 +1000
- upstream: sshd: switch loginmsg to sshbuf API; ok djm@
+ Run unit tests under valgrind.
- OpenBSD-Commit-ID: f3cb4e54bff15c593602d95cc43e32ee1a4bac42
+ Run a separate build for the unit tests under Valgrind. They take long
+ enough that running in parallel with the other Valgrind tests helps.
-commit 89dd615b8b531979be63f05f9d5624367c9b28e6
-Author: markus@openbsd.org <markus@openbsd.org>
-Date: Mon Jul 9 21:20:26 2018 +0000
+commit 80032102d05e866dc2a48a5caf760cf42c2e090e
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Thu Apr 8 13:25:57 2021 +1000
- upstream: ttymodes: switch to sshbuf API; ok djm@
+ ifdef out MIN and MAX.
- OpenBSD-Commit-ID: 5df340c5965e822c9da21e19579d08dea3cbe429
+ In -portable, defines.h ensures that these are defined, so redefining
+ potentially causes a warning. We don't just delete it to make any
+ future code syncs a little but easier. bz#3293.
-commit f4608a7065480516ab46214f554e5f853fb7870f
-Author: markus@openbsd.org <markus@openbsd.org>
-Date: Mon Jul 9 21:18:10 2018 +0000
+commit d1bd184046bc310c405f45da3614a1dc5b3e521a
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Wed Apr 7 10:23:51 2021 +1000
- upstream: client: switch mux to sshbuf API; with & ok djm@
+ Remove only use of warn().
- OpenBSD-Commit-ID: 5948fb98d704f9c4e075b92edda64e0290b5feb2
+ The warn() function is only used in one place in portable and does not
+ exist upstream. Upgrade the only instance it's used to fail()
+ (the privsep/sandbox+proxyconnect, from back when that was new) and
+ remove the now-unused function.
-commit cecee2d607099a7bba0a84803e2325d15be4277b
-Author: markus@openbsd.org <markus@openbsd.org>
-Date: Mon Jul 9 21:03:30 2018 +0000
+commit fea8f4b1aa85026ad5aee5ad8e1599a8d5141fe0
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Wed Apr 7 10:18:32 2021 +1000
- upstream: client: switch to sshbuf API; ok djm@
+ Move make_tmpdir() into portable-specific area.
- OpenBSD-Commit-ID: 60cb0356114acc7625ab85105f6f6a7cd44a8d05
+ Reduces diff vs OpenBSD and makes it more likely diffs will apply
+ cleanly.
-commit ff55f4ad898137d4703e7a2bcc81167dfe8e9324
-Author: markus@openbsd.org <markus@openbsd.org>
-Date: Mon Jul 9 20:39:28 2018 +0000
+commit 13e5fa2acffd26e754c6ee1d070d0afd035d4cb7
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Tue Apr 6 23:57:56 2021 +0000
- upstream: pkcs11: switch to sshbuf API; ok djm@
+ upstream: Add TEST_SSH_ELAPSED_TIMES environment variable to print the
- OpenBSD-Commit-ID: 98cc4e800f1617c51caf59a6cb3006f14492db79
+ elapsed time in seconds of each test. This depends on "date +%s" which is
+ not specified by POSIX but is commonly implemented.
+
+ OpenBSD-Regress-ID: ec3c8c19ff49b2192116a0a646ee7c9b944e8a9c
-commit 168b46f405d6736960ba7930389eecb9b6710b7e
-Author: sf@openbsd.org <sf@openbsd.org>
-Date: Mon Jul 9 13:37:10 2018 +0000
+commit ef4f46ab4387bb863b471bad124d46e8d911a79a
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Wed Apr 7 09:59:15 2021 +1000
- upstream: Revert previous two commits
+ Move the TEST_SSH_PORT section down a bit.
- It turns out we still support pre-auth compression on the client.
- Therefore revert the previous two commits:
+ This groups the portable-specific changes together and makes it a
+ little more likely that patches will apply cleanly.
+
+commit 3674e33fa70dfa1fe69b345bf576113af7b7be11
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Wed Apr 7 10:05:10 2021 +1000
+
+ Further split Valgrind tests.
- date: 2018/07/06 09:06:14; author: sf; commitid: yZVYKIRtUZWD9CmE;
- Rename COMP_DELAYED to COMP_ZLIB
+ Even split in two, the Valgrind tests take by far the longest to run,
+ so split them four ways to further increase parallelism.
+
+commit 961af266b861e30fce1e26170ee0dbb5bf591f29
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Tue Apr 6 23:24:30 2021 +0000
+
+ upstream: include "ssherr.h" not <ssherr.h>; from Balu Gajjala via
- Only delayed compression is supported nowadays.
+ bz#3292
- ok markus@
+ OpenBSD-Commit-ID: e9535cd9966eb2e69e73d1ede1f44905c30310bd
+
+commit e7d0a285dbdd65d8df16123ad90f15e91862f959
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Apr 7 08:50:38 2021 +1000
+
+ wrap struct rlimit in HAVE_GETRLIMIT too
+
+commit f283a6c2e0a9bd9369e18462acd00be56fbe5b0d
+Author: Damien Miller <djm@mindrot.org>
+Date: Wed Apr 7 08:20:35 2021 +1000
+
+ wrap getrlimit call in HAVE_GETRLIMIT; bz3291
+
+commit 679bdc4a5c9244f427a7aee9c14b0a0ed086da1f
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Tue Apr 6 09:07:33 2021 +0000
+
+ upstream: Don't check return value of unsetenv(). It's part of the
- date: 2018/07/06 09:05:01; author: sf; commitid: rEGuT5UgI9f6kddP;
- Remove leftovers from pre-authentication compression
+ environment setup and not part of the actual test, and some platforms
+ -portable runs on declare it as returning void, which prevents the test from
+ compiling.
- Support for this has been removed in 2016.
- COMP_DELAYED will be renamed in a later commit.
+ OpenBSD-Regress-ID: 24f08543ee3cdebc404f2951f3e388cc82b844a1
+
+commit 320af2f3de6333aa123f1b088eca146a245e968a
+Author: jmc@openbsd.org <jmc@openbsd.org>
+Date: Sun Apr 4 11:36:56 2021 +0000
+
+ upstream: remove stray inserts; from matthias schmidt
- ok markus@
+ OpenBSD-Commit-ID: 2c36ebdc54e14bbf1daad70c6a05479a073d5c63
+
+commit 801f710953b24dd2f21939171c622eac77c7484d
+Author: jmc@openbsd.org <jmc@openbsd.org>
+Date: Sun Apr 4 06:11:24 2021 +0000
+
+ upstream: missing comma; from kawashima james
- OpenBSD-Commit-ID: cdfef526357e4e1483c86cf599491b2dafb77772
+ OpenBSD-Commit-ID: 31cec6bf26c6db4ffefc8a070715ebef274e68ea
-commit ab39267fa1243d02b6c330615539fc4b21e17dc4
-Author: sf@openbsd.org <sf@openbsd.org>
-Date: Fri Jul 6 09:06:14 2018 +0000
+commit b3ca08cb174266884d44ec710a84cd64c12414ea
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Mon Apr 5 23:46:42 2021 +1000
+
+ Install libcbor with libfido2.
+
+commit f3ca8af87a4c32ada660da12ae95cf03d190c083
+Author: Damien Miller <djm@mindrot.org>
+Date: Sat Apr 3 18:21:08 2021 +1100
- upstream: Rename COMP_DELAYED to COMP_ZLIB
+ enable authopt and misc unit tests
- Only delayed compression is supported nowadays.
+ Neither were wired into the build, both required some build
+ adaptations for -portable
+
+commit dc1b45841fb97e3d7f655ddbcfef3839735cae5f
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Sat Apr 3 06:58:30 2021 +0000
+
+ upstream: typos in comments; GHPR#180 from Vill
- ok markus@
+ =?UTF-8?q?e=20Skytt=C3=A4?=
+ MIME-Version: 1.0
+ Content-Type: text/plain; charset=UTF-8
+ Content-Transfer-Encoding: 8bit
- OpenBSD-Commit-ID: 5b1dbaf3d9a4085aaa10fec0b7a4364396561821
+ OpenBSD-Commit-ID: 93c732381ae0e2b680c79e67c40c1814b7ceed2c
-commit 95db395d2e56a6f868193aead6cadb2493f036c6
-Author: sf@openbsd.org <sf@openbsd.org>
-Date: Fri Jul 6 09:05:01 2018 +0000
+commit 53ea05e09b04fd7b6dea66b42b34d65fe61b9636
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Sat Apr 3 06:55:52 2021 +0000
- upstream: Remove leftovers from pre-authentication compression
+ upstream: sync CASignatureAlgorithms lists with reality. GHPR#174 from
- Support for this has been removed in 2016.
- COMP_DELAYED will be renamed in a later commit.
+ Matt Hazinski
- ok markus@
-
- OpenBSD-Commit-ID: 6a99616c832627157113fcb0cf5a752daf2e6b58
+ OpenBSD-Commit-ID: f05e4ca54d7e67b90fe58fe1bdb1d2a37e0e2696
+
+commit 57ed647ee07bb883a2f2264231bcd1df6a5b9392
+Author: Damien Miller <djm@mindrot.org>
+Date: Sat Apr 3 17:47:37 2021 +1100
-commit f28a4d5cd24c4aa177e96b4f96957991e552cb70
-Author: sf@openbsd.org <sf@openbsd.org>
-Date: Fri Jul 6 09:03:02 2018 +0000
+ polish whitespace for portable files
- upstream: Remove unused ssh_packet_start_compression()
+commit 31d8d231eb9377df474746a822d380c5d68d7ad6
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Sat Apr 3 06:18:40 2021 +0000
+
+ upstream: highly polished whitespace, mostly fixing spaces-for-tab
- ok markus@
+ and bad indentation on continuation lines. Prompted by GHPR#185
- OpenBSD-Commit-ID: 9d34cf2f59aca5422021ae2857190578187dc2b4
+ OpenBSD-Commit-ID: e5c81f0cbdcc6144df1ce468ec1bac366d8ad6e9
-commit 872517ddbb72deaff31d4760f28f2b0a1c16358f
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Fri Jul 6 13:32:02 2018 +1000
+commit 34afde5c73b5570d6f8cce9b49993b23b77bfb86
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Sat Apr 3 05:54:14 2021 +0000
- Defer setting bufsiz in getdelim.
+ upstream: whitespace (tab after space)
- Do not write to bufsiz until we are sure the malloc has succeeded,
- in case any callers rely on it (which they shouldn't). ok djm@
+ OpenBSD-Commit-ID: 0e2b3f7674e985d3f7c27ff5028e690ba1c2efd4
-commit 3deb56f7190a414dc264e21e087a934fa1847283
+commit 7cd262c1c5a08cc7f4f30e3cab108ef089d0a57b
Author: Darren Tucker <dtucker@dtucker.net>
-Date: Thu Jul 5 13:32:01 2018 +1000
+Date: Sat Apr 3 16:59:10 2021 +1100
+
+ Save config.h and config.log on failure too.
+
+commit 460aee9298f365357e9fd26851c22e0dca51fd6a
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Sat Apr 3 05:46:41 2021 +0000
- Fix other callers of read_environment_file.
+ upstream: fix incorrect plural; from Ville Skyt
- read_environment_file recently gained an extra argument Some platform
- specific code also calls it so add the argument to those too. Fixes
- build on Solaris and AIX.
+ =?UTF-8?q?t=C3=A4=20via=20GHPR#181?=
+ MIME-Version: 1.0
+ Content-Type: text/plain; charset=UTF-8
+ Content-Transfer-Encoding: 8bit
+
+ OpenBSD-Commit-ID: 92f31754c6296d8f403d7c293e09dc27292d22c9
-commit 314908f451e6b2d4ccf6212ad246fa4619c721d3
+commit 082804c14e548cada75c81003a3c68ee098138ee
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Wed Jul 4 13:51:45 2018 +0000
+Date: Sat Apr 3 05:40:39 2021 +0000
- upstream: deal with API rename: match_filter_list() =>
+ upstream: ensure that pkcs11_del_provider() is called before exit -
+
+ some PKCS#11 providers get upset if C_Initialize is not matched with
+ C_Finalize.
- match_filter_blacklist()
+ From Adithya Baglody via GHPR#234; ok markus
- OpenBSD-Regress-ID: 2da342be913efeb51806351af906fab01ba4367f
+ OpenBSD-Commit-ID: f8e770e03b416ee9a58f9762e162add900f832b6
-commit 89f54cdf6b9cf1cf5528fd33897f1443913ddfb4
+commit 464ebc82aa926dd132ec75a0b064574ef375675e
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Wed Jul 4 13:51:12 2018 +0000
+Date: Sat Apr 3 05:28:43 2021 +0000
- upstream: exercise new expansion behaviour of
+ upstream: unused variable
- PubkeyAcceptedKeyTypes and, by proxy, test kex_assemble_names()
+ OpenBSD-Commit-ID: 85f6a394c8e0f60d15ecddda75176f112007b205
+
+commit dc3c0be8208c488e64a8bcb7d9efad98514e0ffb
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Sat Apr 3 05:21:46 2021 +0000
+
+ upstream: Fix two problems in string->argv conversion: 1) multiple
- ok markus@
+ backslashes were not being dequoted correctly and 2) quoted space in the
+ middle of a string was being incorrectly split.
+ MIME-Version: 1.0
+ Content-Type: text/plain; charset=UTF-8
+ Content-Transfer-Encoding: 8bit
+
+ A unit test for these cases has already been committed
+
+ prompted by and based on GHPR#223 by Eero Häkkinen; ok markus@
- OpenBSD-Regress-ID: 292978902e14d5729aa87e492dd166c842f72736
+ OpenBSD-Commit-ID: d7ef27abb4eeeaf6e167e9312e4abe9e89faf1e4
+
+commit f75bcbba58a08c670727ece5e3f8812125969799
+Author: Damien Miller <djm@mindrot.org>
+Date: Sat Apr 3 16:22:48 2021 +1100
+
+ missing bits from 259d648e
-commit 187633f24c71564e970681c8906df5a6017dcccf
+commit 4cbc4a722873d9b68cb5496304dc050d7168df78
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Tue Jul 3 13:53:26 2018 +0000
+Date: Wed Mar 31 21:59:26 2021 +0000
- upstream: add a comment that could have saved me 45 minutes of wild
+ upstream: cannot effectively test posix-rename extension after
- goose chasing
+ changes in feature advertisment.
- OpenBSD-Regress-ID: d469b29ffadd3402c090e21b792d627d46fa5297
+ OpenBSD-Regress-ID: 5e390bf88d379162aaa81b60ed86b34cb0c54d29
-commit 312d2f2861a2598ed08587cb6c45c0e98a85408f
+commit 259d648e63e82ade4fe2c2c73c8b67fe57d9d049
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Wed Jul 4 13:49:31 2018 +0000
+Date: Fri Mar 19 04:23:50 2021 +0000
- upstream: repair PubkeyAcceptedKeyTypes (and friends) after RSA
+ upstream: add a test for misc.c:argv_split(), currently fails
- signature work - returns ability to add/remove/specify algorithms by
- wildcard.
+ OpenBSD-Regress-ID: ad6b96d6ebeb9643b698b3575bdd6f78bb144200
+
+commit 473ddfc2d6b602cb2d1d897e0e5c204de145cd9a
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri Mar 19 03:25:01 2021 +0000
+
+ upstream: split
+
+ OpenBSD-Regress-ID: f6c03c0e4c58b3b9e04b161757b8c10dc8378c34
+
+commit 1339800fef8d0dfbfeabff71b34670105bcfddd2
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Wed Mar 31 22:16:34 2021 +0000
+
+ upstream: Use new limits@openssh.com protocol extension to let the
- Algorithm lists are now fully expanded when the server/client configs
- are finalised, so errors are reported early and the config dumps
- (e.g. "ssh -G ...") now list the actual algorithms selected.
+ client select good limits based on what the server supports. Split the
+ download and upload buffer sizes to allow them to be chosen independently.
- Clarify that, while wildcards are accepted in algorithm lists, they
- aren't full pattern-lists that support negation.
+ In practice (and assuming upgraded sftp/sftp-server at each end), this
+ increases the download buffer 32->64KiB and the upload buffer
+ 32->255KiB.
- (lots of) feedback, ok markus@
+ Patches from Mike Frysinger; ok dtucker@
- OpenBSD-Commit-ID: a8894c5c81f399a002f02ff4fe6b4fa46b1f3207
+ OpenBSD-Commit-ID: ebd61c80d85b951b794164acc4b2f2fd8e88606c
-commit 303af5803bd74bf05d375c04e1a83b40c30b2be5
+commit 6653c61202d104e59c8e741329fcc567f7bc36b8
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Tue Jul 3 11:43:49 2018 +0000
+Date: Wed Mar 31 21:58:07 2021 +0000
- upstream: some magic for RSA-SHA2 checks
+ upstream: do not advertise protocol extensions that have been
- OpenBSD-Regress-ID: e5a9b11368ff6d86e7b25ad10ebe43359b471cd4
+ disallowed by the command-line options (e.g. -p/-P/-R); ok dtucker@
+
+ OpenBSD-Commit-ID: 3a8a76b3f5131741aca4b41bfab8d101c9926205
-commit 7d68e262944c1fff1574600fe0e5e92ec8b398f5
+commit 71241fc05db4bbb11bb29340b44b92e2575373d8
Author: Damien Miller <djm@mindrot.org>
-Date: Tue Jul 3 23:27:11 2018 +1000
+Date: Mon Mar 29 15:14:25 2021 +1100
- depend
+ gnome-ssh-askpass3 is a valid target here
-commit b4d4eda633af433d20232cbf7e855ceac8b83fe5
+commit 8a9520836e71830f4fccca066dba73fea3d16bda
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Tue Jul 3 13:20:25 2018 +0000
+Date: Fri Mar 19 02:22:34 2021 +0000
- upstream: some finesse to fix RSA-SHA2 certificate authentication
+ upstream: return non-zero exit status when killed by signal; bz#3281 ok
- for certs hosted in ssh-agent
+ dtucker@
- OpenBSD-Commit-ID: e5fd5edd726137dda2d020e1cdebc464110a010f
+ OpenBSD-Commit-ID: 117b31cf3c807993077b596bd730c24da9e9b816
-commit d78b75df4a57e0f92295f24298e5f2930e71c172
+commit 1269b8a686bf1254b03cd38af78167a04aa6ec88
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Tue Jul 3 13:07:58 2018 +0000
+Date: Fri Mar 19 02:18:28 2021 +0000
- upstream: check correct variable; unbreak agent keys
+ upstream: increase maximum SSH2_FXP_READ to match the maximum
+
+ packet size. Also handle zero-length reads that are borderline nonsensical
+ but not explicitly banned by the spec. Based on patch from Mike Frysinger,
+ feedback deraadt@ ok dtucker@
- OpenBSD-Commit-ID: c36981fdf1f3ce04966d3310826a3e1e6233d93e
+ OpenBSD-Commit-ID: 4e67d60d81bde7b84a742b4ee5a34001bdf80d9c
-commit 2f30300c5e15929d0e34013f38d73e857f445e12
+commit 860b67604416640e8db14f365adc3f840aebcb1f
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Tue Jul 3 11:42:12 2018 +0000
+Date: Tue Mar 16 06:15:43 2021 +0000
- upstream: crank version number to 7.8; needed for new compat flag
+ upstream: don't let logging clobber errno before use
- for prior version; part of RSA-SHA2 strictification, ok markus@
-
- OpenBSD-Commit-ID: 84a11fc0efd2674c050712336b5093f5d408e32b
+ OpenBSD-Commit-ID: ce6cca370005c270c277c51c111bb6911e1680ec
-commit 4ba0d54794814ec0de1ec87987d0c3b89379b436
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Tue Jul 3 11:39:54 2018 +0000
+commit 5ca8a9216559349c56e09039c4335636fd85c241
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Sat Mar 13 14:40:43 2021 +1100
- upstream: Improve strictness and control over RSA-SHA2 signature
+ Only call dh_set_moduli_file if using OpenSSL.
- In ssh, when an agent fails to return a RSA-SHA2 signature when
- requested and falls back to RSA-SHA1 instead, retry the signature to
- ensure that the public key algorithm sent in the SSH_MSG_USERAUTH
- matches the one in the signature itself.
+ Fixes link failure when configuring --without-openssl since dh.c is not
+ linked in.
+
+commit 867a7dcf003c51d5a83f83565771a35f0d9530ac
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Sat Mar 13 13:52:53 2021 +1100
+
+ Don't install moduli during tests.
- In sshd, strictly enforce that the public key algorithm sent in the
- SSH_MSG_USERAUTH message matches what appears in the signature.
+ Now that we have TEST_SSH_MODULI_FILE pointing to the moduli in the
+ soure directory we don't need to install the file to prevent warnings
+ about it being missing.
+
+commit 0c054538fccf92b4a028008321d3711107bee6d5
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Sat Mar 13 13:51:26 2021 +1100
+
+ Point TEST_SSH_MODULI_FILE at our own moduli.
- Make the sshd_config PubkeyAcceptedKeyTypes and
- HostbasedAcceptedKeyTypes options control accepted signature algorithms
- (previously they selected supported key types). This allows these
- options to ban RSA-SHA1 in favour of RSA-SHA2.
+ This will allow the test to run without requiring a moduli file
+ installed at the configured default path.
+
+commit 4d48219c72ab0c71238806f057f0e9630b7dd25c
+Author: jsg@openbsd.org <jsg@openbsd.org>
+Date: Fri Mar 12 05:18:01 2021 +0000
+
+ upstream: spelling
- Add new signature algorithms "rsa-sha2-256-cert-v01@openssh.com" and
- "rsa-sha2-512-cert-v01@openssh.com" to force use of RSA-SHA2 signatures
- with certificate keys.
+ OpenBSD-Commit-ID: 478bc3db04f62f1048ed6e1765400f3ab325e60f
+
+commit 88057eb6df912abf2678ea5c846d9d9cbc92752c
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Fri Mar 12 04:08:19 2021 +0000
+
+ upstream: Add ModuliFile keyword to sshd_config to specify the
- feedback and ok markus@
+ location of the "moduli" file containing the groups for DH-GEX. This will
+ allow us to run tests against arbitrary moduli files without having to
+ install them. ok djm@
- OpenBSD-Commit-ID: c6e9f6d45eed8962ad502d315d7eaef32c419dde
+ OpenBSD-Commit-ID: 8df99d60b14ecaaa28f3469d01fc7f56bff49f66
-commit 95344c257412b51199ead18d54eaed5bafb75617
+commit f07519a2af96109325b5a48b1af18b57601074ca
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Tue Jul 3 10:59:35 2018 +0000
+Date: Fri Mar 12 03:43:40 2021 +0000
- upstream: allow sshd_config PermitUserEnvironment to accept a
+ upstream: pwcopy() struct passwd that we're going to reuse across a
- pattern-list of whitelisted environment variable names in addition to yes|no.
+ bunch of library calls; bz3273 ok dtucker@
- bz#1800, feedback and ok markus@
+ OpenBSD-Commit-ID: b6eafa977b2e44607b1b121f5de855107809b762
+
+commit 69d6d4b0c8a88d3d1288415605f36e2df61a2f12
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Wed Mar 10 06:32:27 2021 +0000
+
+ upstream: Import regenerated moduli file.
- OpenBSD-Commit-ID: 77dc2b468e0bf04b53f333434ba257008a1fdf24
+ OpenBSD-Commit-ID: 7ac6c252d2a5be8fbad4c66d9d35db507c9dac5b
-commit 6f56fe4b9578b0627667f8bce69d4d938a88324c
-Author: millert@openbsd.org <millert@openbsd.org>
-Date: Tue Jun 26 11:23:59 2018 +0000
+commit e5895e8ecfac65086ea6b34d0d168409a66a15e1
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Wed Mar 10 04:58:45 2021 +0000
- upstream: Fix "WARNING: line 6 disappeared in /etc/moduli, giving up"
+ upstream: no need to reset buffer after send_msg() as that is done
- when choosing a prime. An extra increment of linenum snuck in as part of the
- conversion to getline(). OK djm@ markus@
+ for us; patch from Mike Frysinger
- OpenBSD-Commit-ID: 0019225cb52ed621b71cd9f19ee2e78e57e3dd38
+ OpenBSD-Commit-ID: 565516495ff8362a38231e0f1a087b8ae66da59c
-commit 1eee79a11c1b3594f055b01e387c49c9a6e80005
+commit 721948e67488767df0fa0db71ff2578ee2bb9210
Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date: Mon Jul 2 14:13:30 2018 +0000
+Date: Sat Mar 13 01:52:16 2021 +0000
- upstream: One ampersand is enough to backgroud an process. OpenBSD
+ upstream: Add TEST_SSH_MODULI_FILE variable to allow overriding of the
- doesn't seem to mind, but some platforms in -portable object to the second.
+ moduli file used during the test run.
- OpenBSD-Regress-ID: d6c3e404871764343761dc25c3bbe29c2621ff74
+ OpenBSD-Regress-ID: be10f785263120edb64fc87db0e0d6570a10220a
-commit 6301e6c787d4e26bfae1119ab4f747bbcaa94e44
+commit 82fef71e20ffef425b932bec26f5bc46aa1ed41c
Author: Darren Tucker <dtucker@dtucker.net>
-Date: Mon Jul 2 21:16:58 2018 +1000
+Date: Fri Mar 12 15:58:57 2021 +1100
- Add implementation of getline.
+ Allow (but return EACCES) fstatat64 in sandbox.
- Add getline for the benefit of platforms that don't have it. Sourced
- from NetBSD (OpenBSD's implementation is a little too chummy with the
- internals of FILE).
+ This is apparently used in some configurations of OpenSSL when glibc
+ has getrandom(). bz#3276, patch from Kris Karas, ok djm@
-commit 84623e0037628f9992839063151f7a9f5f13099a
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Tue Jun 26 02:02:36 2018 +0000
+commit 1cd67ee15ce3d192ab51be22bc4872a6a7a4b6d9
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Fri Mar 12 13:16:10 2021 +1100
- upstream: whitespace
+ Move generic includes outside of ifdef.
- OpenBSD-Commit-ID: 9276951caf4daf555f6d262e95720e7f79244572
+ This ensures that the macros in log.h are defined in the case where
+ either of --with-solaris-projects or --with-solaris-privs are used
+ without --with-solaris-contracts. bz#3278.
-commit 90e51d672711c19a36573be1785caf35019ae7a8
+commit 2421a567a8862fe5102a4e7d60003ebffd1313dd
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Wed Mar 10 17:41:21 2021 +1100
+
+ Import regenerated moduli file.
+
+commit e99080c05d9d48dbbdb022538533d53ae1bd567d
+Author: millert@openbsd.org <millert@openbsd.org>
+Date: Sat Mar 6 20:36:31 2021 +0000
+
+ upstream: Fix PRINT macro, the suffix param to sshlog() was missing.
+
+ Also remove redundant __func__ prefix from PRINT calls as the macro already
+ adds __FILE__, __func__ and __LINE__. From Christos Zoulas. OK dtucker@
+
+ OpenBSD-Commit-ID: 01fdfa9c5541151b5461d9d7d6ca186a3413d949
+
+commit 160db17fc678ceb5e3fd4a7e006cc73866f484aa
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Mon Jun 25 22:28:33 2018 +0000
+Date: Wed Mar 3 22:41:49 2021 +0000
- upstream: fix NULL dereference in open_listen_match_tcpip()
+ upstream: don't sshbuf_get_u32() into an enum; reported by goetze
- OpenBSD-Commit-ID: c968c1d29e392352383c0f9681fcc1e93620c4a9
+ AT dovetail.com via bz3269
+
+ OpenBSD-Commit-ID: 99a30a8f1df9bd72be54e21eee5c56a0f050921a
-commit f535ff922a67d9fcc5ee69d060d1b21c8bb01d14
-Author: jmc@openbsd.org <jmc@openbsd.org>
-Date: Tue Jun 19 05:36:57 2018 +0000
+commit cffd033817a5aa388764b6661855dcdaabab0588
+Author: sthen@openbsd.org <sthen@openbsd.org>
+Date: Wed Mar 3 21:40:16 2021 +0000
- upstream: spelling;
+ upstream: typo in other_hostkeys_message() display output, ok djm
- OpenBSD-Commit-ID: db542918185243bea17202383a581851736553cc
+ OpenBSD-Commit-ID: 276f58afc97b6f5826e0be58380b737603dbf5f5
-commit 80e199d6175904152aafc5c297096c3e18297691
+commit 7fe141b96b13bd7dc67ca985e14d55b9bd8a03fd
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Tue Jun 19 03:02:17 2018 +0000
+Date: Wed Mar 3 08:42:52 2021 +0000
- upstream: test PermitListen with bare port numbers
+ upstream: needs FILE*; from Mike Frysinger
- OpenBSD-Regress-ID: 4b50a02dfb0ccaca08247f3877c444126ba901b3
+ OpenBSD-Commit-ID: dddb3aa9cb5792eeeaa37a1af67b5a3f25ded41d
+
+commit d2afd717e62d76bb41ab5f3ab4ce6f885c8edc98
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Mar 2 21:31:47 2021 +1100
+
+ update depend
+
+commit f0c4eddf7cf224ebcac1f07ac8afdb30c6e9fe0a
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Mar 2 21:30:14 2021 +1100
-commit 87ddd676da0f3abd08b778b12b53b91b670dc93c
+ update relnotes URL
+
+commit 67a8bb7fe62a381634db4c261720092e7d514a3d
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Mar 2 21:29:54 2021 +1100
+
+ update RPM spec version numbers
+
+commit 0a4b23b11b9a4e6eec332dd5c6ab2ac6f62aa164
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Tue Jun 19 02:59:41 2018 +0000
+Date: Tue Mar 2 01:48:18 2021 +0000
- upstream: allow bare port numbers to appear in PermitListen directives,
+ upstream: openssh-8.5
- e.g.
+ OpenBSD-Commit-ID: 185e85d60fe042b8f8fa1ef29d4ef637bdf397d6
+
+commit de3866383b6720ad4cad83be76fe4c8aa111a249
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Mon Mar 1 21:13:24 2021 +1100
+
+ Only upload config logs if configure fails.
+
+commit 85ff2a564ce838f8690050081176c1de1fb33116
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Sun Feb 28 22:56:30 2021 +0000
+
+ upstream: Add %k to list of keywords. From
- PermitListen 2222 8080
+ =?UTF-8?q?=20Eero=20H=C3=A4kkinenvia=20bz#3267?=
+ MIME-Version: 1.0
+ Content-Type: text/plain; charset=UTF-8
+ Content-Transfer-Encoding: 8bit
- is equivalent to:
+ OpenBSD-Commit-ID: 9c87f39a048cee2a7d1c8bab951b2f716256865e
+
+commit e774bac35933e71f924f4301786e7fb5bbe1422f
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Sun Feb 28 01:50:47 2021 +0000
+
+ upstream: Do not try to reset signal handler for signal 0 in
- PermitListen *:2222 *:8080
+ subprocess. Prevents spurious debug message. ok djm@
- Some bonus manpage improvements, mostly from markus@
+ OpenBSD-Commit-ID: 7f9785e292dcf304457566ad4637effd27ad1d46
+
+commit 351c5dbbd74ce300c4f058112f9731c867c6e225
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Sat Feb 27 23:42:37 2021 +0000
+
+ upstream: fix alphabetic ordering of options; spotted by Iain Morgan
- "looks fine" markus@
+ OpenBSD-Commit-ID: f955fec617d74af0feb5b275831a9fee813d7ad5
+
+commit 0d1c9dbe578597f8d45d3ac7690df10d32d743e5
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Sat Feb 27 12:25:25 2021 +1100
+
+ zlib is now optional.
+
+commit b7c6ee7b437d9adfd19ef49d6c0f19f13f26f9b3
+Author: Jeffrey H. Johnson <61629094+johnsonjh@users.noreply.github.com>
+Date: Sat Feb 27 01:04:58 2021 +0000
+
+ Fix punctuatio and typo in README.md.
- OpenBSD-Commit-ID: 6546b0cc5aab7f53d65ad0a348ca0ae591d6dd24
+ Some very minor fixes, missing 's' and punctuation.
-commit 26f96ca10ad0ec5da9b05b99de1e1ccea15a11be
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Jun 15 07:01:11 2018 +0000
+commit 6248b86074804983e8f7a2058856a516dbfe2924
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Feb 26 16:45:50 2021 +1100
- upstream: invalidate supplemental group cache used by
+ Revert "ssh: optional bind interface if bind address specified."
- temporarily_use_uid() when the target uid differs; could cause failure to
- read authorized_keys under some configurations. patch by Jakub Jelen via
- bz2873; ok dtucker, markus
+ This reverts commit 5a878a71a3528c2626aa1d331934fd964782d41c.
- OpenBSD-Commit-ID: 48a345f0ee90f6c465a078eb5e89566b23abd8a1
+ Apologies - I accidentally pushed this.
-commit 89a85d724765b6b82e0135ee5a1181fdcccea9c6
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Sun Jun 10 23:45:41 2018 +0000
+commit 493339a940b13be6071629c3c2dd5a3b6fc17023
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Feb 26 15:45:38 2021 +1100
- upstream: unbreak SendEnv; patch from tb@
+ detech BSD libc hash functions in libbsd / libmd
- OpenBSD-Commit-ID: fc808daced813242563b80976e1478de95940056
+ Some Linux distributions are shipping the BSD-style hashing functions
+ (e.g. SHA256Update) in libbsd and/or libmd. Detect this situation to
+ avoid header/replacement clashes later. ok dtucker@
-commit acf4260f0951f89c64e1ebbc4c92f451768871ad
-Author: jmc@openbsd.org <jmc@openbsd.org>
-Date: Sat Jun 9 06:36:31 2018 +0000
+commit 5a878a71a3528c2626aa1d331934fd964782d41c
+Author: Dmitrii Turlupov <dturlupov@factor-ts.ru>
+Date: Thu Feb 4 16:27:31 2021 +0300
- upstream: sort previous;
+ ssh: optional bind interface if bind address specified.
- OpenBSD-Commit-ID: 27d80d8b8ca99bc33971dee905e8ffd0053ec411
+ Allows the -b and -B options to be used together.
+ For example, when the interface is in the VRF.
-commit 1678d4236451060b735cb242d2e26e1ac99f0947
+commit 1fe4d70df94d3bcc2b35fd57cad6b5fc4b2d7b16
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Sat Jun 9 03:18:11 2018 +0000
+Date: Fri Feb 26 04:18:42 2021 +0000
- upstream: slightly better wording re handing of $TERM, from Jakub
+ upstream: remove this KEX fuzzer; it's awkward to use and doesn't play
+
+ nice with popular fuzzing drivers like libfuzzer. AFAIK nobody has used it
+ but me.
- Jelen via bz2386
+ OpenBSD-Regress-ID: cad919522b3ce90c147c95abaf81b0492ac296c9
+
+commit 24a3a67bd7421740d08803b84bd784e764107928
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Fri Feb 26 11:49:19 2021 +1100
+
+ Remove macos-11.00 PAM test target too.
- OpenBSD-Commit-ID: 14bea3f069a93c8be66a7b97794255a91fece964
+ These are failing apparently due to some kind of infrastructure problem,
+ making it look like every commit is busted.
-commit 28013759f09ed3ebf7e8335e83a62936bd7a7f47
+commit 473201783f732ca8b0ec528b56aa55fa0d8cf717
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Sat Jun 9 03:03:10 2018 +0000
+Date: Fri Feb 26 00:16:58 2021 +0000
- upstream: add a SetEnv directive for sshd_config to allow an
+ upstream: a bit more debugging behind #ifdef DEBUG_SK
- administrator to explicitly specify environment variables set in sessions
- started by sshd. These override the default environment and any variables set
- by user configuration (PermitUserEnvironment, etc), but not the SSH_*
- variables set by sshd itself.
+ OpenBSD-Commit-ID: d9fbce14945721061cb322f0084c2165d33d1993
+
+commit fd9fa76a344118fe1ef10b9a6c9e85d39599e9a8
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Fri Feb 26 01:15:10 2021 +1100
+
+ Remove macos-11.0 from the test target list.
- ok markus@
+ It has been consistently failing for the past few days with a github
+ actions internal error.
+
+commit 476ac8e9d33dbf96ef97aab812b8d7089d0cdc24
+Author: Philip Hands <phil@hands.com>
+Date: Wed Feb 24 23:43:16 2021 +0100
+
+ tidy the $INSTALLKEY_SH code layout a little
- OpenBSD-Commit-ID: b6a96c0001ccd7dd211df6cae9e961c20fd718c0
+ SSH-Copy-ID-Upstream: 78178aa5017222773e4c23d9001391eeaeca8983
-commit 7082bb58a2eb878d23ec674587c742e5e9673c36
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Sat Jun 9 03:01:12 2018 +0000
+commit 983e05ef3b81329d76d6a802b39ad0d1f637c06c
+Author: Jakub Jelen <jjelen@redhat.com>
+Date: Tue Sep 29 10:02:45 2020 +0000
- upstream: add a SetEnv directive to ssh_config that allows setting
+ if unable to add a missing newline, fail
- environment variables for the remote session (subject to the server accepting
- them)
+ SSH-Copy-ID-Upstream: 76b25e18f55499ea9edb4c4d6dc4a80bebc36d95
+
+commit 3594b3b015f6014591da88ba71bf6ff010be7411
+Author: Philip Hands <phil@hands.com>
+Date: Tue Oct 13 14:12:58 2020 +0200
+
+ use $AUTH_KEY_DIR, now that we have it
- refactor SendEnv to remove the arbitrary limit of variable names.
+ since that was a change made since jjelen's commit was written
- ok markus@
+ also, quote the variables
- OpenBSD-Commit-ID: cfbb00d9b0e10c1ffff1d83424351fd961d1f2be
+ SSH-Copy-ID-Upstream: 588cd8e5cbf95f3443d92b9ab27c5d73ceaf6616
-commit 3b9798bda15bd3f598f5ef07595d64e23504da91
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Sat Jun 9 02:58:02 2018 +0000
+commit 333e25f7bc43cee6e36f766e39dad6f9918b318c
+Author: Jakub Jelen <jjelen@redhat.com>
+Date: Tue Sep 29 10:00:01 2020 +0000
- upstream: reorder child environment preparation so that variables
+ restorecon the correct directory
- read from ~/.ssh/environment (if enabled) do not override SSH_* variables set
- by the server.
+ if using different path for authorized_keys file
- OpenBSD-Commit-ID: 59f9d4c213cdcef2ef21f4b4ae006594dcf2aa7a
+ SSH-Copy-ID-Upstream: 791a3df47b48412c726bff6f7b1d190721e65d51
-commit 0368889f82f63c82ff8db9f8c944d89e7c657db4
+commit 9beeab8a37a49a9e3ffb1972fff6621ee5bd7a71
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Jun 8 03:35:36 2018 +0000
+Date: Thu Feb 25 03:27:34 2021 +0000
+
+ upstream: s/PubkeyAcceptedKeyTypes/PubkeyAcceptedAlgorithms/
+
+ OpenBSD-Regress-ID: 3dbc005fa29f69dc23d97e433b6dffed6fe7cb69
+
+commit 2dd9870c16ddbd83740adeead5030d6840288c8f
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Wed Feb 24 23:12:35 2021 +0000
- upstream: fix incorrect expansion of %i in
+ upstream: Rename pubkeyacceptedkeytypes to pubkeyacceptedalgorithms in
- load_public_identity_files(); reported by Roumen Petrov
+ test to match change to config-dump output.
- OpenBSD-Commit-ID: a827289e77149b5e0850d72a350c8b0300e7ef25
+ OpenBSD-Regress-ID: 74c9a4ad50306be873d032819d5e55c24eb74d5d
+
+commit b9225c3a1c3f5827e31d5d64a71b8e0504a25619
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Wed Feb 24 01:18:08 2021 +0000
-commit 027607fc2db6a0475a3380f8d95c635482714cb0
+ upstream: Put obsolete aliases for hostbasedalgorithms and
+
+ pubkeyacceptedalgorithms after their current names so that the config-dump
+ mode finds and uses the current names. Spotted by Phil Pennock.
+
+ OpenBSD-Commit-ID: 5dd10e93cccfaff3aaaa09060c917adff04a9b15
+
+commit 8b8b60542d6652b2c91e0ef9e9cc81bcb65e6b42
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Jun 8 01:55:40 2018 +0000
+Date: Tue Feb 23 21:55:08 2021 +0000
- upstream: fix some over-long lines and __func__ up some debug
+ upstream: lots more s/key types/signature algorithms/ mostly in
- messages
+ HostbasedAcceptedAlgorithms and HostKeyAlgorithms; prompted by Jakub Jelen
- OpenBSD-Commit-ID: c70a60b4c8207d9f242fc2351941ba50916bb267
+ OpenBSD-Commit-ID: 3f719de4385b1a89e4323b2549c66aae050129cb
-commit 6ff6fda705bc204456a5fa12518dde6e8790bb02
-Author: jmc@openbsd.org <jmc@openbsd.org>
-Date: Thu Jun 7 11:26:14 2018 +0000
+commit 0aeb508aaabc4818970c90831e3d21843c3c6d09
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Tue Feb 23 21:50:18 2021 +0000
- upstream: tweak previous;
+ upstream: Correct reference to signature algorithms as keys; from
- OpenBSD-Commit-ID: f98f16af10b28e24bcecb806cb71ea994b648fd6
+ Jakub Jelen
+
+ OpenBSD-Commit-ID: 36f7ecee86fc811aa0f8e21e7a872eee044b4be5
-commit f2c06ab8dd90582030991f631a2715216bf45e5a
+commit f186a020f2ba5f9c462a23293750e29ba0a746b1
Author: Darren Tucker <dtucker@dtucker.net>
-Date: Fri Jun 8 17:43:36 2018 +1000
+Date: Tue Feb 23 16:05:22 2021 +1100
- Remove ability to override $LD.
-
- Since autoconf always uses $CC to link C programs, allowing users to
- override LD caused mismatches between what LD_LINK_IFELSE thought worked
- and what ld thought worked. If you do need to do this kind of thing you
- need to set a compiler flag such as gcc's -fuse-ld in LDFLAGS.
+ Add a couple more test VMs.
-commit e1542a80797b4ea40a91d2896efdcc76a57056d2
+commit ffcdd3d90e74176b3bb22937ad1f65a6c1cd3f9d
Author: Darren Tucker <dtucker@dtucker.net>
-Date: Fri Jun 8 13:55:59 2018 +1000
+Date: Mon Feb 22 08:09:27 2021 +1100
- Better detection of unsupported compiler options.
+ Valgrind test: split and move up list.
- Should prevent "unsupported -Wl,-z,retpoline" warnings during linking.
- ok djm@
+ Since the valgrind test takes so long it approaches the limit allowed by
+ github, move it to the head of the list so it's the first one started and
+ split the longest tests out into a second instance that runs concurrently
+ with the first.
-commit 57379dbd013ad32ee3f9989bf5f5741065428360
+commit c3b1636770785cc2830dedd0f22ef7d3d3491d6d
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Thu Jun 7 14:29:43 2018 +0000
+Date: Tue Feb 23 00:05:31 2021 +0000
- upstream: test the correct configuration option name
+ upstream: warn when the user specifies a ForwardAgent path that does
+
+ not exist and exit if ExitOnForwardFailure is set; bz3264
- OpenBSD-Regress-ID: 492279ea9f65657f97a970e0e7c7fd0b339fee23
+ OpenBSD-Commit-ID: 72f7875865e723e464c71bf8692e83110699bf26
-commit 6d41815e202fbd6182c79780b6cc90e1ec1c9981
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Thu Jun 7 09:26:42 2018 +0000
+commit 5fcb0514949d61aadaf4a89cf16eb78fb47491ec
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Sat Feb 20 13:34:02 2021 +1100
- upstream: some permitlisten fixes from markus@ that I missed in my
+ Disable rlimit sandbox, doesn't work with valgrind
- insomnia-fueled commits last night
+ Only run regress tests, runing unit tests as well makes it run longer
+ than allowed y github.
+
+commit bb0b9bf45396c19486080d3eb0a159f94de7e6ba
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Sat Feb 20 13:06:25 2021 +1100
+
+ Upload valgrind logs on failure.
+
+commit ebb3b75e974cb241c6b9b9f5881b09c7bd32b651
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Fri Feb 19 22:18:50 2021 +1100
+
+ Rename "vm" to "os" in selfhosted to match c-cpp.
- OpenBSD-Commit-ID: 26f23622e928996086e85b1419cc1c0f136e359c
+ Should make it easier to share code or maybe merge at some point.
-commit 4319f7a868d86d435fa07112fcb6153895d03a7f
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Thu Jun 7 04:46:34 2018 +0000
+commit 76c0be0fe0465cb2b975dbd409f8d38b55e55bcb
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Fri Feb 19 22:15:22 2021 +1100
- upstream: permitlisten/PermitListen unit test from Markus
+ Upload regress failure logs in c-cpp too.
+
+commit 8751b6c3136f5225c40f41bbf29aa29e15795f6e
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Fri Feb 19 22:13:36 2021 +1100
+
+ Comment out Solaris 64bit PAM build...
- OpenBSD-Regress-ID: ab12eb42f0e14926980441cf7c058a6d1d832ea5
+ until I can figure out why it's failing.
+
+commit e9f6d563c06886b277c6b9abafa99fa80726dc48
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Fri Feb 19 10:20:17 2021 +1100
+
+ Actually run Valgrind tests.
+
+commit 41d232e226624f1a81c17091c36b44c9010aae62
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Fri Feb 19 10:16:56 2021 +1100
+
+ Add test against Valgrind.
+
+commit e6528d91f12fba05f0ea64224091c9d0f38bdf1d
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Thu Feb 18 16:30:01 2021 +1100
+
+ Add fbsd12 test target.
+
+commit 6506cb2798d98ff03a7cc06567c392a81f540680
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Thu Feb 18 15:21:13 2021 +1100
+
+ Remove unused arg.
-commit fa09076410ffc2d34d454145af23c790d728921e
+commit 93c31a623973b0fad508214593aab6ca94b11dcb
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Thu Feb 18 14:54:07 2021 +1100
+
+ Add DEBUG_SK to kitchensink builds.
+
+commit 65085740d3574eeb3289d592f042df62c2689bb0
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Thu Feb 18 14:53:14 2021 +1100
+
+ Add bbone test target (arm32).
+
+commit 63238f5aed66148b8d6ca7bd5fb347d624200155
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Thu Jun 7 04:31:51 2018 +0000
+Date: Thu Feb 18 02:49:35 2021 +0000
- upstream: fix regression caused by recent permitlisten option commit:
+ upstream: Fix the hostkeys rotation extension documentation
- authorized_keys lines that contained permitopen/permitlisten were being
- treated as invalid.
+ The documentation was lacking the needed want-reply field in the initial
+ global request.
- OpenBSD-Commit-ID: 7ef41d63a5a477b405d142dc925b67d9e7aaa31b
+ https://github.com/openssh/openssh-portable/pull/218 by dbussink
+
+ OpenBSD-Commit-ID: 051824fd78edf6d647a0b9ac011bf88e28775054
-commit 7f90635216851f6cb4bf3999e98b825f85d604f8
-Author: markus@openbsd.org <markus@openbsd.org>
-Date: Wed Jun 6 18:29:18 2018 +0000
+commit 34c5ef6e2d06d9f0e20cb04a9aebf67a6f96609a
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Thu Feb 18 02:15:07 2021 +0000
- upstream: switch config file parsing to getline(3) as this avoids
+ upstream: make names in function prototypes match those in
- static limits noted by gerhard@; ok dtucker@, djm@
+ definition from https://github.com/openssh/openssh-portable/pull/225 by
+ ZenithalHourlyRate
- OpenBSD-Commit-ID: 6d702eabef0fa12e5a1d75c334a8c8b325298b5c
+ OpenBSD-Commit-ID: 7c736307bf3f2c7cb24d6f82f244eee959485acd
-commit 392db2bc83215986a91c0b65feb0e40e7619ce7e
+commit 88e3d4de31ab4f14cac658e9e0c512043b15b146
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Wed Jun 6 18:25:33 2018 +0000
+Date: Thu Feb 18 02:13:58 2021 +0000
- upstream: regress test for PermitOpen
+ upstream: unbreak SK_DEBUG builds
+
+ from https://github.com/openssh/openssh-portable/pull/225 by
+ ZenithalHourlyRate
- OpenBSD-Regress-ID: ce8b5f28fc039f09bb297fc4a92319e65982ddaf
+ OpenBSD-Commit-ID: 28d7259ce1b04d025411464decfa2f1a097b43eb
-commit 803d896ef30758135e2f438bdd1a0be27989e018
+commit 788cbc5b74a53956ba9fff11e1ca506271a3597f
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Wed Jun 6 18:24:15 2018 +0000
+Date: Thu Feb 18 00:30:17 2021 +0000
- upstream: man bits for permitlisten authorized_keys option
+ upstream: sftp-server: implement limits@openssh.com extension
+
+ This is a simple extension that allows the server to clearly
+ communicate transfer limits it is imposing so the client doesn't
+ have to guess, or force the user to manually tune. This is
+ particularly useful when an attempt to use too large of a value
+ causes the server to abort the connection.
+
+ Patch from Mike Frysinger; ok dtucker@
- OpenBSD-Commit-ID: 86910af8f781a4ac5980fea125442eb25466dd78
+ OpenBSD-Commit-ID: f96293221e5aa24102d9bf30e4f4ef04d5f4fb51
-commit 04df43208b5b460d7360e1598f876b92a32f5922
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Wed Jun 6 18:24:00 2018 +0000
+commit 324449a68d510720d0e4dfcc8e9e5a702fe6a48f
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Feb 18 12:06:25 2021 +1100
- upstream: man bits for PermitListen
+ support OpenSSL 3.x cipher IV API change
+
+ OpenSSL renamed the "get current CIPHER_CTX" IV operation in 3.x.
+ This uses the new name if available.
- OpenBSD-Commit-ID: 35b200cba4e46a16a4db6a80ef11838ab0fad67c
+ https://github.com/openssl/openssl/issues/13411
+
+ bz#3238 ok dtucker@
-commit 93c06ab6b77514e0447fe4f1d822afcbb2a9be08
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Wed Jun 6 18:23:32 2018 +0000
+commit 845fe9811c047063d935eca89188ed55c993626b
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Feb 18 11:25:38 2021 +1100
- upstream: permitlisten option for authorized_keys; ok markus@
+ prefer login_getpwclass() to login_getclass()
+
+ FreeBSD has login_getpwclass() that does some special magic for
+ UID=0. Prefer this to login_getclass() as its easier to emulate
+ the former with the latter.
- OpenBSD-Commit-ID: 8650883018d7aa893173d703379e4456a222c672
+ Based on FreeBSD PR 37416 via Ed Maste; ok dtucker@
-commit 115063a6647007286cc8ca70abfd2a7585f26ccc
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Wed Jun 6 18:22:41 2018 +0000
+commit d0763c8d566119cce84d9806e419badf20444b02
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Thu Feb 18 10:45:27 2021 +1100
- upstream: Add a PermitListen directive to control which server-side
+ Fixing quoting for installing moduli on target guest.
+
+commit b3afc243bc820f323a09e3218e9ec8a30a3c1933
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Thu Feb 18 10:27:16 2021 +1100
+
+ Install moduli on target not host.
+
+commit f060c2bc85d59d111fa18a12eb3872ee4b9f7e97
+Author: Damien Miller <djm@mindrot.org>
+Date: Thu Feb 18 10:33:58 2021 +1100
+
+ don't free string returned by login_getcapstr(3)
- addresses may be listened on when the client requests remote forwarding (ssh
- -R).
+ OpenBSD and NetBSD require the caller to free strings returned
+ bu the login_* functions, but FreeBSD requires that callers don't.
- This is the converse of the existing PermitOpen directive and this
- includes some refactoring to share much of its implementation.
+ Fortunately in this case, we can harmlessly leak as the process is
+ about to exec the shell/command.
- feedback and ok markus@
+ From https://reviews.freebsd.org/D28617 via Ed Maste; ok dtucker@
+
+commit bc9b0c25703215501da28aa7a6539f96c0fa656f
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Thu Feb 18 10:10:00 2021 +1100
+
+ Skip unit tests on sol11 to speed things up.
+
+commit 161873035c12cc22211fc73d07170ade47746bc5
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Thu Feb 18 10:09:27 2021 +1100
+
+ Remove SKIP_UNIT as it needs to be a make arg.
+
+commit 1c293868e4b4e8e74e3ea15b8dff90f6b089967a
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Thu Feb 18 10:05:03 2021 +1100
+
+ Always intall moduli.
- OpenBSD-Commit-ID: 15a931238c61a3f2ac74ea18a98c933e358e277f
+ Allows us to run tests without falling back to a fixed modulus. Ensure that
+ the directory exists.
+
+commit 5c8f41ad100601ec2fdcbccdfe92890c31f81bbe
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Thu Feb 18 09:59:09 2021 +1100
+
+ Quote SSHD_CONFOPTS in case it contains spaces.
+
+commit 4653116c1f5384ea7006e6396d9b53c33d218975
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Thu Feb 18 09:51:18 2021 +1100
+
+ Fix labels on targets (dots vs underscores).
+
+commit 4512047f57ca3c6e8cd68f0cc69be59e98b25287
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Wed Feb 17 21:47:48 2021 +1100
+
+ More compact representation of config matrix.
+
+commit 0406cd09f05c2e419b113dd4c0eac8bc34ec915b
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Wed Feb 17 21:19:18 2021 +1100
+
+ Skip unit tests on hosted VMs to speed things up.
+
+commit 4582612e6147d766c336198c498740242fb8f1ec
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Wed Feb 17 20:21:29 2021 +1100
+
+ Merge macos and ubuntu tests.
-commit 7703ae5f5d42eb302ded51705166ff6e19c92892
+commit 09f4b84654b71099559492e9aed5e1a38bf24815
Author: Darren Tucker <dtucker@dtucker.net>
-Date: Wed Jun 6 16:04:29 2018 +1000
+Date: Wed Feb 17 18:41:30 2021 +1100
- Use ssh-keygen -A to generate missing host keys.
+ Convert most github hosted tests to new config structure.
+
+commit 65380ff7e054be1454e5ab4fd7bb9c66f8fcbaa9
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Wed Feb 17 18:27:36 2021 +1100
+
+ Only run selfhosted tests from selfhosted repo.
+
+commit f031366535650b88248ed7dbf23033afdf466240
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Fri Jan 15 14:11:43 2021 +1100
+
+ Add self-hosted runners for VMs of other platforms.
+
+ Github only hosts a limited number of platforms, and the runner code
+ is only supported on slightly wider range of platforms. To increase
+ our test coverage beyond that, we run the runner natively on a VM host,
+ where it runs a jobs that boot VMs of other platforms, waits for them
+ to come up then runs the build and test by ssh'ing into the guest.
+ This means that the minimum dependencies for the guests are quite low
+ (basically just sshd, a compiler and make).
- Instead of testing for each specific key type, use ssh-keygen -A to
- generate any missing host key types.
+ The interface to the VM host is fairly simple (basically 3 scripts:
+ vmstartup, vmrun and vmshutdown), but those are specific to the VM host
+ so are not in the public repo. We also mount the working directory on the
+ host via sshfs, so things like artifact upload by the runner also work.
+
+ As part of this we are moving the per-test-target configs into a single
+ place (.github/configs) where there will be referenced by a single short
+ "config" key. I plan to make the github-hosted runners use this too.
+
+ The self-hosted runners are run off a private repo on github since that
+ prevents third parties from accessing them[0], and since runner quota is
+ limited on private repos, we avoid running the tests we run on the public
+ repo.
+
+ [0] https://docs.github.com/en/actions/hosting-your-own-runners/about-self-hosted-runners#self-hosted-runner-security-with-public-repositories
-commit e8d59fef1098e24f408248dc64e5c8efa5d01f3c
-Author: jmc@openbsd.org <jmc@openbsd.org>
-Date: Fri Jun 1 06:23:10 2018 +0000
+commit 64bbd7444d658ef7ee14a7ea5ccc7f5810279ee7
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Wed Feb 17 03:59:00 2021 +0000
- upstream: add missing punctuation after %i in ssh_config.5, and
+ upstream: Make sure puttygen is new enough to successfully run the
- make the grammatical format in sshd_config.5 match that in ssh_config.5;
+ PuTTY interop tests, otherwise skip them.
- OpenBSD-Commit-ID: e325663b9342f3d556e223e5306e0d5fa1a74fa0
+ OpenBSD-Regress-ID: 34565bb50b8aec58331ed02a5e9e0a9a929bef51
-commit a1f737d6a99314e291a87856122cb4dbaf64c641
-Author: jmc@openbsd.org <jmc@openbsd.org>
-Date: Fri Jun 1 05:52:26 2018 +0000
+commit da0a9afcc446a30ca49dd216612c41ac3cb1f2d4
+Author: markus@openbsd.org <markus@openbsd.org>
+Date: Mon Feb 15 20:43:15 2021 +0000
- upstream: oops - further adjustment to text neccessary;
+ upstream: ssh: add PermitRemoteOpen for remote dynamic forwarding
+
+ with SOCKS ok djm@, dtucker@
- OpenBSD-Commit-ID: 23585576c807743112ab956be0fb3c786bdef025
+ OpenBSD-Commit-ID: 64fe7b6360acc4ea56aa61b66498b5ecc0a96a7c
-commit 294028493471e0bd0c7ffe55dc0c0a67cba6ec41
-Author: jmc@openbsd.org <jmc@openbsd.org>
-Date: Fri Jun 1 05:50:18 2018 +0000
+commit b696858a7f9db72a83d02cb6edaca4b30a91b386
+Author: markus@openbsd.org <markus@openbsd.org>
+Date: Mon Feb 15 20:36:35 2021 +0000
- upstream: %U needs to be escaped; tweak text;
+ upstream: factor out opt_array_append; ok djm@
- OpenBSD-Commit-ID: 30887b73ece257273fb619ab6f4e86dc92ddc15e
+ OpenBSD-Commit-ID: 571bc5dd35f99c5cf9de6aaeac428b168218e74a
-commit e5019da3c5a31e6e729a565f2b886a80c4be96cc
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date: Fri Jun 1 04:31:48 2018 +0000
+commit ad74fc127cc45567e170e8c6dfa2cfd9767324ec
+Author: dlg@openbsd.org <dlg@openbsd.org>
+Date: Mon Feb 15 11:09:22 2021 +0000
- upstream: Apply umask to all incoming files and directories not
+ upstream: ProxyJump takes "none" to disable processing like
- just files. This makes sure it gets applied to directories too, and prevents
- a race where files get chmodded after creation. bz#2839, ok djm@
+ ProxyCommand does
- OpenBSD-Commit-ID: 3168ee6c7c39093adac4fd71039600cfa296203b
+ ok djm@ jmc@
+
+ OpenBSD-Commit-ID: 941a2399da2193356bdc30b879d6e1692f18b6d3
-commit a1dcafc41c376332493b9385ee39f9754dc145ec
+commit 16eacdb016ccf38dd9959c78edd3a6282513aa53
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Jun 1 03:52:37 2018 +0000
+Date: Fri Feb 12 03:49:09 2021 +0000
- upstream: Adapt to extra default verboisity from ssh-keygen when
+ upstream: sftp: add missing lsetstat@openssh.com documentation
- searching for and hashing known_hosts entries in a single operation
- (ssh-keygen -HF ...) Patch from Anton Kremenetsky
+ patch from Mike Frysinger
- OpenBSD-Regress-ID: 519585a4de35c4611285bd6a7272766c229b19dd
+ OpenBSD-Commit-ID: 9c114db88d505864075bfe7888b7c8745549715b
-commit 76f314c75dffd4a55839d50ee23622edad52c168
+commit e04fd6dde16de1cdc5a4d9946397ff60d96568db
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Tue May 22 00:22:49 2018 +0000
+Date: Fri Feb 12 03:14:18 2021 +0000
- upstream: Add TEST_SSH_FAIL_FATAL variable, to force all failures
+ upstream: factor SSH_AGENT_CONSTRAIN_EXTENSION parsing into its own
- to instantly abort the test. Useful in capturing clean logs for individual
- failure cases.
+ function and remove an unused variable; ok dtucker@
- OpenBSD-Regress-ID: feba18cf338c2328b9601bd4093cabdd9baa3af1
+ OpenBSD-Commit-ID: e1a938657fbf7ef0ba5e73b30365734a0cc96559
-commit 065c8c055df8d83ae7c92e5e524a579d87668aab
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date: Fri May 11 03:51:06 2018 +0000
+commit 1bb130ed34721d46452529d094d9bbf045607d79
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Thu Feb 11 10:18:05 2021 +1100
- upstream: Clean up comment.
+ Add __NR_futex_time64 to seccomp sandbox.
- OpenBSD-Regress-ID: 6adb35f384d447e7dcb9f170d4f0d546d3973e10
+ This is apparently needed for (some) 32 bit platforms with glibc 2.33.
+ Patch from nix at esperi.org.uk and jjelen at redhat.com via bz#3260.
-commit 01b048c8eba3b021701bd0ab26257fc82903cba8
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Jun 1 04:21:29 2018 +0000
+commit f88a7a431212a16e572ecabd559e632f369c363e
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Sat Feb 6 09:37:01 2021 +1100
- upstream: whitespace
+ Add a hostname function for systems that don't have it.
- OpenBSD-Commit-ID: e5edb5e843ddc9b73a8e46518899be41d5709add
+ Some systems don't have a hostname command (it's not required by POSIX).
+ The do have uname -n (which is), but as found by tim@ some others (eg
+ UnixWare) do not report the FQDN from uname -n.
-commit 854ae209f992465a276de0b5f10ef770510c2418
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Jun 1 04:05:29 2018 +0000
+commit 5e385a71ef2317856f37c91a98658eb12eb5a89c
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Fri Feb 5 22:03:40 2021 +0000
- upstream: make ssh_remote_ipaddr() capable of being called after
+ upstream: Roll back the hostname->uname change in rev 1.10. It turns
- the ssh->state has been torn down; bz#2773
+ out uname -n doesn't do what we need for some platforms in portable, so we'll
+ fix the original problem (that some other platforms don't have hostname at
+ all) by providing wrapper function to implement it.
- OpenBSD-Commit-ID: 167f12523613ca3d16d7716a690e7afa307dc7eb
+ OpenBSD-Regress-ID: 827a707d6201d5a8e196a8c28aec1d2c76c52341
-commit 3e088aaf236ef35beeef3c9be93fd53700df5861
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Jun 1 03:51:34 2018 +0000
+commit b446c214279de50ed8388e54897eb1be5281c894
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Fri Feb 5 06:01:58 2021 +0000
- upstream: return correct exit code when searching for and hashing
+ upstream: hostname is not specified by POSIX but uname -n is, so use
- known_hosts entries in a single operation (ssh-keygen -HF hostname); bz2772
- Report and fix from Anton Kremenetsky
+ the latter for portability. Patch from Geert Hendrickx via github PR#208.
- OpenBSD-Commit-ID: ac10ca13eb9bb0bc50fcd42ad11c56c317437b58
+ OpenBSD-Regress-ID: d6a79c7c4d141a0d05ade4a042eb57dddbce89f3
-commit 9c935dd9bf05628826ad2495d3e8bdf3d3271c21
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Jun 1 03:33:53 2018 +0000
+commit 1cb6ce98d658e5fbdae025a3bd65793980e3b5d9
+Author: David Carlier <devnexen@gmail.com>
+Date: Sat Nov 21 12:22:23 2020 +0000
- upstream: make UID available as a %-expansion everywhere that the
+ Using explicit_memset for the explicit_bzero compatibility layer.
- username is available currently. In the client this is via %i, in the server
- %U (since %i was already used in the client in some places for this, but used
- for something different in the server); bz#2870, ok dtucker@
+ Favoriting the native implementation in this case.
+
+commit 2e0beff67def2120f4b051b1016d7fbf84823e78
+Author: Luca Weiss <luca@z3ntu.xyz>
+Date: Sun Nov 8 14:19:23 2020 +0100
+
+ Deny (non-fatal) statx in preauth privsep child.
+
+commit a35d3e911e193a652bd09eed40907e3e165b0a7b
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Fri Feb 5 02:20:23 2021 +0000
+
+ upstream: Remove debug message from sigchld handler. While this
+
+ works on OpenBSD it can cause problems on other platforms. From kircherlike
+ at outlook.com via bz#3259, ok djm@
- OpenBSD-Commit-ID: c7e912b0213713316cb55db194b3a6415b3d4b95
+ OpenBSD-Commit-ID: 3e241d7ac1ee77e3de3651780b5dc47b283a7668
-commit d8748b91d1d6c108c0c260ed41fa55f37b9ef34b
+commit 69338ab46afe9e3dfb7762ad65351d854077c998
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Jun 1 03:11:49 2018 +0000
+Date: Tue Feb 2 22:36:59 2021 +0000
- upstream: prefer argv0 to "ssh" when re-executing ssh for ProxyJump
-
- directive; bz2831, feedback and ok dtucker@
+ upstream: whitespace
- OpenBSD-Commit-ID: 3cec709a131499fbb0c1ea8a0a9e0b0915ce769e
+ OpenBSD-Commit-ID: 544bb092e03fcbecb420196cd0f70af13ea868ad
-commit fbb4b5fd4f8e0bb89732670a01954e18b69e15ba
+commit f71219a01d8f71c4b3ed7e456337a84ddba1653e
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri May 25 07:11:01 2018 +0000
+Date: Tue Feb 2 22:36:46 2021 +0000
- upstream: Do not ban PTY allocation when a sshd session is restricted
+ upstream: fix memleaks in private key deserialisation; enforce more
- because the user password is expired as it breaks password change dialog.
+ consistency between redundant fields in private key certificate and private
+ key body; ok markus@
- regression in openssh-7.7 reported by Daniel Wagner
+ OpenBSD-Commit-ID: dec344e414d47f0a7adc13aecf3760fe58101240
+
+commit 3287790e78bf5b53c4a3cafb67bb5aa03e3910f0
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Tue Feb 2 22:35:14 2021 +0000
+
+ upstream: memleak on error path; ok markus@
- OpenBSD-Commit-ID: 9fc09c584c6f1964b00595e3abe7f83db4d90d73
+ OpenBSD-Commit-ID: 2091a36d6ca3980c81891a6c4bdc544e63cb13a8
-commit f6a59a22b0c157c4c4e5fd7232f868138223be64
+commit 3dd0c64e08f1bba21d71996d635c7256c8c139d1
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri May 25 04:25:46 2018 +0000
+Date: Sun Jan 31 22:55:29 2021 +0000
- upstream: Fix return value confusion in several functions (readdir,
+ upstream: more strictly enforce KEX state-machine by banning packet
- download and fsync). These should return -1 on error, not a sftp status code.
+ types once they are received. Fixes memleak caused by duplicate
+ SSH2_MSG_KEX_DH_GEX_REQUEST (spotted by portable OpenSSH kex_fuzz via
+ oss-fuzz #30078).
- patch from Petr Cerny in bz#2871
+ ok markus@
- OpenBSD-Commit-ID: 651aa0220ad23c9167d9297a436162d741f97a09
+ OpenBSD-Commit-ID: 87331c715c095b587d5c88724694cdeb701c9def
-commit 1da5934b860ac0378d52d3035b22b6670f6a967e
+commit 7a92a324a2e351fabd0ba8ef9b434d3b12d54ee3
Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date: Fri May 25 03:20:59 2018 +0000
+Date: Sun Jan 31 10:50:10 2021 +0000
- upstream: If select() fails in ssh_packet_read_seqnr go directly to
+ upstream: Set linesize returned by getline to zero when freeing and
- the error path instead of trying to read from the socket on the way out,
- which resets errno and causes the true error to be misreported. ok djm@
+ NULLing the returned string. OpenBSD's getline handles this just fine, but
+ some implementations used by -portable do not. ok djm@
- OpenBSD-Commit-ID: 2614edaadbd05a957aa977728aa7a030af7c6f0a
+ OpenBSD-Commit-ID: 4d7bd5169d3397654247db9655cc69a9908d165c
-commit 4ef75926ef517d539f2c7aac3188b09f315c86a7
+commit a5dfc5bae8c16e2a7caf564758d812c7672480b5
Author: Damien Miller <djm@mindrot.org>
-Date: Fri May 25 13:36:58 2018 +1000
+Date: Sat Jan 30 16:32:29 2021 +1100
- Permit getuid()/geteuid() syscalls.
+ allow a fuzz case to contain more than one request
- Requested for Linux/s390; patch from Eduardo Barretto via bz#2752;
- ok dtucker
+ loop until input buffer empty, no message consumed or 256 messages
+ processed
-commit 4b22fd8ecefd059a66140be67f352eb6145a9d88
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Tue May 22 00:13:26 2018 +0000
+commit 0ef24ad60204022f7e33b6e9d171172c50514132
+Author: Damien Miller <djm@mindrot.org>
+Date: Sat Jan 30 16:28:23 2021 +1100
- upstream: support ProxyJump=none to disable ProxyJump
+ expect fuzz cases to have length prefix
- functionality; bz#2869 ok dtucker@
+ might make life a little easier for the fuzzer, e.g. it can now
+ produce valid (multi-request) messages by smashing two cases together.
+
+commit de613f2713d2dfcd3b03c00e5558a40997f52712
+Author: Damien Miller <djm@mindrot.org>
+Date: Sat Jan 30 12:03:30 2021 +1100
+
+ ssh-agent fuzzer
+
+commit 7e96c877bcb2fb645355a687b8cb7347987c1c58
+Author: Damien Miller <djm@mindrot.org>
+Date: Sat Jan 30 12:02:46 2021 +1100
+
+ move keys out of kex_fuzz.cc into separate header
- OpenBSD-Commit-ID: 1c06ee08eb78451b5837fcfd8cbebc5ff3a67a01
+ add certificates and missing key types
-commit f41bcd70f55b4f0fc4d8e1039cb361ac922b23fb
-Author: jmc@openbsd.org <jmc@openbsd.org>
-Date: Tue May 15 05:40:11 2018 +0000
+commit 76f46d75664fdaa1112739ca523ff85ee4eb52b4
+Author: Damien Miller <djm@mindrot.org>
+Date: Sat Jan 30 12:02:10 2021 +1100
+
+ some fixed test data (mostly keys) for fuzzing
+
+commit 7c2e3d6de1f2edb0c8b4725b4c2b56360e032b19
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Sat Jan 30 00:56:38 2021 +0000
- upstream: correct keyowrd name (permitemptypasswords); from brendan
+ upstream: add a SK_DUMMY_INTEGRATE define that allows the dummy
- macdonell
+ security key middleware to be directly linked; useful for writing fuzzers,
+ etc.
- OpenBSD-Commit-ID: ef1bdbc936b2ea693ee37a4c20a94d4d43f5fda3
+ OpenBSD-Regress-ID: 0ebd00159b58ebd85e61d8270fc02f1e45df1544
-commit f18bc97151340127859634d20d79fd39ec8a7f39
+commit 1a4b92758690faa12f49079dd3b72567f909466d
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri May 11 04:01:11 2018 +0000
+Date: Fri Jan 29 06:29:46 2021 +0000
- upstream: Emphasise that -w implicitly sets Tunnel=point-to-point
+ upstream: fix the values of enum sock_type
- and that users should specify an explicit Tunnel directive if they don't want
- this. bz#2365.
+ OpenBSD-Commit-ID: 18d048f4dbfbb159ff500cfc2700b8fb1407facd
+
+commit 8afaa7d7918419d3da6c0477b83db2159879cb33
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri Jan 29 06:28:10 2021 +0000
+
+ upstream: give typedef'd struct a struct name; makes the fuzzer I'm
- OpenBSD-Commit-ID: 1a8d9c67ae213ead180481900dbbb3e04864560d
+ writing a bit easier
+
+ OpenBSD-Commit-ID: 1052ab521505a4d8384d67acb3974ef81b8896cb
+
+commit 1e660115f0c7c4a750cd31e468ff889f33dd8088
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Jan 29 11:09:14 2021 +1100
+
+ fuzz diffie-hellman-group-exchange-sha1 kex too
-commit 32e4e94e1511fe0020fbfbb62399d31b2d22a801
+commit be5f0048ea2aaeddd27be7dcca23aaad345fa16c
Author: Damien Miller <djm@mindrot.org>
-Date: Mon May 14 14:40:08 2018 +1000
+Date: Fri Jan 29 11:03:35 2021 +1100
+
+ support for running kex fuzzer with null cipher
+
+commit 3d59e88c0e42182c3749b446ccd9027933c84be4
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Thu Jan 28 20:55:16 2021 +1100
- sync fmt_scaled.c
+ make with -j2 to use available CPUs.
+
+commit 66dd9ddb5d2ea8c407908c8e8468c9d6e71db05b
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Thu Jan 28 14:31:01 2021 +1100
+
+ Add test against openssl head and libressl head.
+
+commit 237dbb34e24b6b7ea888d54bda4d17da0a0fd0fa
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Thu Jan 28 14:30:50 2021 +1100
+
+ Remove whitespace.
+
+commit d983e1732b8135d7ee8d92290d6dce35f736ab88
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Wed Jan 27 23:49:46 2021 +0000
+
+ upstream: fix leak: was double allocating kex->session_id buffer
- revision 1.17
- date: 2018/05/14 04:39:04; author: djm; state: Exp; lines: +5 -2;
- commitid: 53zY8GjViUBnWo8Z;
- constrain fractional part to [0-9] (less confusing to static analysis); ok ian@
+ OpenBSD-Commit-ID: 3765f4cc3ae1df874dba9102a3588ba7b48b8183
-commit 54268d589e85ecc43d3eba8d83f327bdada9d696
+commit 1134a48cdcef8e7363b9f6c73ebdd24405066738
Author: Damien Miller <djm@mindrot.org>
-Date: Fri May 11 14:04:40 2018 +1000
+Date: Thu Jan 28 08:57:31 2021 +1100
+
+ correct kex name in disabled code
+
+commit 67f47f1965abafc1830a287761125c2f4790857e
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Wed Jan 27 10:15:08 2021 +0000
+
+ upstream: this needs kex.h now
+
+ OpenBSD-Commit-ID: c5a42166c5aa002197217421a971e48be7cb5d41
+
+commit 39be3dc209f28f9c1ebfeba42adde8963b01e1cd
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Wed Jan 27 10:05:28 2021 +0000
- fix key-options.sh on platforms without openpty(3)
+ upstream: make ssh->kex->session_id a sshbuf instead of u_char*/size_t
- Skip the pty tests if the platform lacks openpty(3) and has to chown(2)
- the pty device explicitly. This typically requires root permissions that
- this test lacks.
+ and use that instead of global variables containing copies of it. feedback/ok
+ markus@
- bz#2856 ok dtucker@
+ OpenBSD-Commit-ID: a4b1b1ca4afd2e37cb9f64f737b30a6a7f96af68
-commit b2140a739be4c3b43cc1dc08322dca39a1e39d20
+commit 4ca6a1fac328477c642329676d6469dba59019a3
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri May 11 03:38:51 2018 +0000
+Date: Wed Jan 27 09:26:53 2021 +0000
- upstream: implement EMFILE mitigation for ssh-agent: remember the
+ upstream: remove global variable used to stash compat flags and use the
- fd rlimit and stop accepting new connections when it is exceeded (with some
- grace). Accept is resumed when enough connections are closed.
+ purpose-built ssh->compat variable instead; feedback/ok markus@
- bz#2576. feedback deraadt; ok dtucker@
+ OpenBSD-Commit-ID: 7c4f200e112dae6bcf99f5bae1a5629288378a06
+
+commit bba229b6f3328171f5e3ae85de443002523c0452
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Wed Jan 27 12:34:07 2021 +1100
+
+ Install moduli file before tests.
- OpenBSD-Commit-ID: 6a85d9cec7b85741961e7116a49f8dae777911ea
+ Reduces warnings during test runs.
+
+commit 1b83185593a90a73860a503d753a95ca6d726c00
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Wed Jan 27 11:58:26 2021 +1100
+
+ Run one test with -Werror to catch warnings.
-commit fdba503fdfc647ee8a244002f1581e869c1f3d90
+commit d1532d90074b212054d5fd965f833231b09982f5
Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date: Fri May 11 03:22:55 2018 +0000
+Date: Wed Jan 27 00:37:26 2021 +0000
- upstream: Explicit cast when snprintf'ing an uint64. Prevents
+ upstream: Logical not bitwise or. ok djm@
- warnings on platforms where int64 is long not long long. ok djm@
+ OpenBSD-Commit-ID: d4dc855cf04951b93c45caa383e1ac9af0a3b0e5
+
+commit 507b448a2465a53ab03a88acbc71cc51b48ca6ac
+Author: naddy@openbsd.org <naddy@openbsd.org>
+Date: Tue Jan 26 15:40:17 2021 +0000
+
+ upstream: move HostbasedAcceptedAlgorithms to the right place in
+
+ alphabetical order
- OpenBSD-Commit-ID: 9c5359e2fbfce11dea2d93f7bc257e84419bd001
+ OpenBSD-Commit-ID: d766820d33dd874d944c14b0638239adb522c7ec
-commit e7751aa4094d51a9bc00778aa8d07e22934c55ee
-Author: bluhm@openbsd.org <bluhm@openbsd.org>
-Date: Thu Apr 26 14:47:03 2018 +0000
+commit e26c980778b228bdd42b8353cc70101cf49b731b
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Tue Jan 26 11:25:01 2021 +0000
- upstream: Since the previous commit, ssh regress test sftp-chroot was
+ upstream: Remove unused variables leftover from refactoring. ok
- failing. The sftp program terminated with the wrong exit code as sftp called
- fatal() instad of exit(0). So when the sigchld handler waits for the child,
- remember that it was found. Then don't expect that main() can wait again. OK
- dtucker@
+ djm@
- OpenBSD-Commit-ID: bfafd940c0de5297940c71ddf362053db0232266
+ OpenBSD-Commit-ID: 8b3ad58bff828fcf874e54b2fc27a4cf1d9505e8
-commit 7c15301841e2e9d37cae732400de63ae9c0961d6
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Sun Apr 29 17:54:12 2018 +1000
+commit e9f78d6b06fc323bba1890b2dc3b8423138fb35c
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Tue Jan 26 05:32:21 2021 +0000
- Use includes.h instead of config.h.
+ upstream: Rename HostbasedKeyTypes (ssh) and
+
+ HostbasedAcceptedKeyTypes (sshd) to HostbasedAcceptedAlgorithms, which more
+ accurately reflects its effect. This matches a previous change to
+ PubkeyAcceptedAlgorithms. The previous names are retained as aliases. ok
+ djm@
- This ensures it picks up the definition of DEF_WEAK, the lack of which
- can cause compile errors in some cases (eg modern AIX). From
- michael at felt.demon.nl.
+ OpenBSD-Commit-ID: 49451c382adc6e69d3fa0e0663eeef2daa4b199e
-commit cec338967a666b7c8ad8b88175f2faeddf268116
+commit 48d0d7a4dd31154c4208ec39029d60646192f978
Author: Darren Tucker <dtucker@dtucker.net>
-Date: Thu Apr 19 09:53:14 2018 +1000
+Date: Tue Jan 26 14:48:07 2021 +1100
- Omit 3des-cbc if OpenSSL built without DES.
+ Disable sntrup761 if compiler doesn't support VLAs.
+
+ The sntrup761 code sourced from supercop uses variable length
+ arrays. Although widely supported, they are not part of the ANSI
+ C89 spec so if the compiler does not support VLAs, disable the
+ sntrup761x25519-sha512@openssh.com KEX method by replacing the kex
+ functions with no-op ones similar to what we do in kexecdh.c.
- Patch from hongxu.jia at windriver.com, ok djm@
+ This should allow OpenSSH to build with a plain C89 compiler again.
+ Spotted by tim@, ok djm@.
-commit a575ddd58835759393d2dddd16ebe5abdb56485e
+commit 37c70ea8d4f3664a88141bcdf0bf7a16bd5fd1ac
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Mon Apr 16 22:50:44 2018 +0000
+Date: Tue Jan 26 00:54:49 2021 +0000
- upstream: Disable SSH2_MSG_DEBUG messages for Twisted Conch clients
+ upstream: refactor key constraint parsing in ssh-agent
- without version numbers since they choke on them under some circumstances.
- https://twistedmatrix.com/trac/ticket/9422 via Colin Watson
+ Key constraints parsing code previously existed in both the "add regular
+ key" and "add smartcard key" path. This unifies them but also introduces
+ more consistency checking: duplicated constraints and constraints that
+ are nonsensical for a particular situation (e.g. FIDO provider for a
+ smartcard key) are now banned.
- Newer Conch versions have a version number in their ident string and
- handle debug messages okay. https://twistedmatrix.com/trac/ticket/9424
+ ok markus@
- OpenBSD-Commit-ID: 6cf7be262af0419c58ddae11324d9c0dc1577539
+ OpenBSD-Commit-ID: 511cb1b1c021ee1d51a4c2d649b937445de7983c
-commit 390c7000a8946db565b66eab9e52fb11948711fa
+commit e0e8bee8024fa9e31974244d14f03d799e5c0775
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Sat Apr 14 21:50:41 2018 +0000
+Date: Tue Jan 26 00:53:31 2021 +0000
- upstream: don't free the %C expansion, it's used later for
+ upstream: more ssh-agent refactoring
+
+ Allow confirm_key() to accept an additional reason suffix
- LocalCommand
+ Factor publickey userauth parsing out into its own function and allow
+ it to optionally return things it parsed out of the message to its
+ caller.
- OpenBSD-Commit-ID: 857b5cb37b2d856bfdfce61289a415257a487fb1
+ feedback/ok markus@
+
+ OpenBSD-Commit-ID: 29006515617d1aa2d8b85cd2bf667e849146477e
-commit 3455f1e7c48e2e549192998d330214975b9b1dc7
+commit dfe18a295542c169ffde8533b3d7fe42088e2de7
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Apr 13 05:04:12 2018 +0000
+Date: Tue Jan 26 00:51:30 2021 +0000
- upstream: notify user immediately when underlying ssh process dies;
+ upstream: make struct hostkeys public; I have no idea why I made it
+
+ opaque originally.
- patch from Thomas Kuthan in bz2719; ok dtucker@
+ ok markus@
- OpenBSD-Commit-ID: 78fac88c2f08054d1fc5162c43c24162b131cf78
+ OpenBSD-Commit-ID: e50780b34d4bbe628d69b2405b024dd749d982f3
-commit 1c5b4bc827f4abc3e65888cda061ad5edf1b8c7c
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Fri Apr 13 16:23:57 2018 +1000
+commit 3b44f2513cae89c920e8fe927b9bc910a1c8c65a
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Tue Jan 26 00:49:30 2021 +0000
- Allow nanosleep in preauth privsep child.
+ upstream: move check_host_cert() from sshconnect,c to sshkey.c and
+
+ refactor it to make it more generally usable and testable.
- The new timing attack mitigation code uses nanosleep in the preauth
- codepath, allow in systrace andbox too.
+ ok markus@
+
+ OpenBSD-Commit-ID: 536f489f5ff38808c1fa711ba58d4579b636f9e4
-commit 0e73428038d5ecfa5d2a28cff26661502a7aff4e
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Fri Apr 13 16:06:29 2018 +1000
+commit 1fe16fd61bb53944ec510882acc0491abd66ff76
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Tue Jan 26 00:47:47 2021 +0000
- Allow nanosleep in preauth privsep child.
+ upstream: use recallocarray to allocate the agent sockets table;
+
+ also clear socket entries that are being marked as unused.
- The new timing attack mitigation code uses nanosleep in the preauth
- codepath, allow in sandbox.
+ spinkle in some debug2() spam to make it easier to watch an agent
+ do its thing.
+
+ ok markus
+
+ OpenBSD-Commit-ID: 74582c8e82e96afea46f6c7b6813a429cbc75922
-commit e9d910b0289c820852f7afa67f584cef1c05fe95
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date: Fri Apr 13 03:57:26 2018 +0000
+commit cb7b22ea20a01332c81c0ddcb3555ad50de9cce2
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Tue Jan 26 00:46:17 2021 +0000
+
+ upstream: factor out common code in the agent client
+
+ Add a ssh_request_reply_decode() function that sends a message to
+ the agent, reads and parses a success/failure reply.
+ Use it for all requests that only expect success/failure
+
+ ok markus@
+
+ OpenBSD-Commit-ID: e0c1f4d5e6cfa525d62581e2b8de93be0cb85adb
+
+commit d1e578afe7cd48140ad6e92a453f9b035363fd7f
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Mon Jan 25 06:00:17 2021 +0000
- upstream: Defend against user enumeration timing attacks. This
+ upstream: make ssh hostbased authentication send the signature
+
+ algorithm in its SSH2_MSG_USERAUTH_REQUEST packets instead of the key type.
+ This make HostbasedAcceptedAlgorithms do what it is supposed to - filter on
+ signature algorithm and not key type.
- establishes a minimum time for each failed authentication attempt (5ms) and
- adds a per-user constant derived from a host secret (0-4ms). Based on work
- by joona.kannisto at tut.fi, ok markus@ djm@.
+ spotted with dtucker@ ok markus@
- OpenBSD-Commit-ID: b7845b355bb7381703339c8fb0e57e81a20ae5ca
+ OpenBSD-Commit-ID: 25bffe19f0326972f5728170f7da81d5f45c78c6
-commit d97874cbd909eb706886cd0cdd418f812c119ef9
+commit 95eca1e195a3b41baa1a725c2c5af8a09d885e4b
Author: Darren Tucker <dtucker@dtucker.net>
-Date: Fri Apr 13 13:43:55 2018 +1000
+Date: Sat Jan 23 18:26:05 2021 +1100
- Using "==" in shell tests is not portable.
+ ifdef new instance of sin6_scope_id
- Patch from rsbecker at nexbridge.com.
+ Put inside HAVE_STRUCT_SOCKADDR_IN6_SIN6_SCOPE_ID similar to
+ existing instance. Should fix error on UnixWare 7.
-commit cfb1d9bc76734681e3dea532a1504fcd466fbe91
-Author: Damien Miller <djm@mindrot.org>
-Date: Fri Apr 13 13:38:06 2018 +1000
+commit 6ffdcdda128045226dda7fbb3956407978028a1e
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Mon Jan 18 11:43:34 2021 +0000
- Fix tunnel forwarding broken in 7.7p1
+ upstream: Fix long->int for convtime tests here too. Spotted by
- bz2855, ok dtucker@
+ tobhe@.
+
+ OpenBSD-Regress-ID: a87094f5863312d00938afba771d25f788c849d0
-commit afa6e79b76fb52a0c09a29688b5c0d125eb08302
-Author: Damien Miller <djm@mindrot.org>
-Date: Fri Apr 13 13:31:42 2018 +1000
+commit b55b7565f15327d82ad7acbddafa90b658c5f0af
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Fri Jan 22 02:46:40 2021 +0000
- prefer to use getrandom() for PRNG seeding
+ upstream: PubkeyAcceptedKeyTypes->PubkeyAcceptedAlgorithms
+
+ here too.
- Only applies when built --without-openssl. Thanks Jann Horn for
- reminder.
+ OpenBSD-Commit-ID: 3b64a640f8ce8c21d9314da9df7ce2420eefde3a
-commit 575fac34a97f69bc217b235f81de9f8f433eceed
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Fri Apr 13 13:13:33 2018 +1000
+commit ee9c0da8035b3168e8e57c1dedc2d1b0daf00eec
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Fri Jan 22 02:44:58 2021 +0000
- Revert $REGRESSTMP changes.
+ upstream: Rename PubkeyAcceptedKeyTypes keyword to
- Revert 3fd2d229 and subsequent changes as they turned out to be a
- portability hassle.
+ PubkeyAcceptedAlgorithms. While the two were originally equivalent, this
+ actually specifies the signature algorithms that are accepted. Some key
+ types (eg RSA) can be used by multiple algorithms (eg ssh-rsa, rsa-sha2-512)
+ so the old name is becoming increasingly misleading. The old name is
+ retained as an alias. Prompted by bz#3253, help & ok djm@, man page help jmc@
+
+ OpenBSD-Commit-ID: 0346b2f73f54c43d4e001089759d149bfe402ca5
-commit 10479cc2a4acd6faaf643eb305233b49d70c31c1
-Author: Damien Miller <djm@mindrot.org>
-Date: Tue Apr 10 10:19:02 2018 +1000
+commit a8e798feabe36d02de292bcfd274712cae1d8d17
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Fri Jan 15 02:58:11 2021 +0000
- Many typo fixes from Karsten Weiss
+ upstream: Change types in convtime() unit test to int to match change
+
+ its new type. Add tests for boundary conditions and fix convtime to work up
+ to INT_MAX. ok djm@
- Spotted using https://github.com/lucasdemarchi/codespell
+ OpenBSD-Regress-ID: ba2b81e9a3257fff204b020affe85b604a44f97e
-commit 907da2f88519b34189fd03fac96de0c52d448233
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Tue Apr 10 00:14:10 2018 +0000
+commit 9bde1a420626da5007bf7ab499fa2159b9eddf72
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Fri Jan 15 04:31:25 2021 +0000
- upstream: more typos spotted by Karsten Weiss using codespell
+ upstream: Make output buffer larger to prevent potential truncation
+
+ warnings from compilers not smart enough to know the strftime calls won't
+ ever fully fill "to" and "from". ok djm@
- OpenBSD-Regress-ID: d906a2aea0663810a658b7d0bc61a1d2907d4d69
+ OpenBSD-Commit-ID: 83733f1b01b82da88b9dd1769475952aff10bdd7
-commit 37e5f4a7ab9a8026e5fc2f47dafb0f1b123d39e9
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Tue Apr 10 00:13:27 2018 +0000
+commit 02da325f10b214219eae2bb1bc2d3bf0c2f13f9f
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Fri Jan 15 02:58:11 2021 +0000
- upstream: make this a bit more portable-friendly
+ upstream: Change types in convtime() unit test to int to match
- OpenBSD-Regress-ID: 62f7b9e055e8dfaab92b3825f158beeb4ca3f963
+ change its new type. Add tests for boundary conditions and fix convtime to
+ work up to INT_MAX. ok djm@
+
+ OpenBSD-Commit-ID: 01dc0475f1484ac2f47facdfcf9221f9472145de
-commit 001aa55484852370488786bd40e9fdad4b465811
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Tue Apr 10 00:10:49 2018 +0000
+commit 5339ab369c225b40bc64d5ec3374f5c91b3ad609
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Fri Jan 15 02:32:41 2021 +0000
- upstream: lots of typos in comments/docs. Patch from Karsten Weiss
+ upstream: In waitfd(), when poll returns early we are subtracting
- after checking with codespell tool
- (https://github.com/lucasdemarchi/codespell)
+ the elapsed time from the timeout each loop, so we only want to measure the
+ elapsed time the poll() in that loop, not since the start of the function.
+ Spotted by chris.xj.zhu at gmail.com, ok djm@
- OpenBSD-Commit-ID: 373222f12d7ab606598a2d36840c60be93568528
+ OpenBSD-Commit-ID: 199df060978ee9aa89b8041a3dfaf1bf7ae8dd7a
-commit 260ede2787fe80b18b8d5920455b4fb268519c7d
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Mon Apr 9 23:54:49 2018 +0000
+commit a164862dfa863b54b7897f66e1dd75437f086c11
+Author: rob@openbsd.org <rob@openbsd.org>
+Date: Thu Jan 14 19:45:06 2021 +0000
- upstream: don't kill ssh-agent's listening socket entriely if we
+ upstream: Minor grammatical correction.
- fail to accept a connection; bz#2837, patch from Lukas Kuster
+ OK jmc@
- OpenBSD-Commit-ID: 52413f5069179bebf30d38f524afe1a2133c738f
+ OpenBSD-Commit-ID: de0fad0581e212b2750751e479b79c18ff8cac02
+
+commit 8635e7df7e3a3fbb4a4f6cd5a7202883b2506087
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Wed Jan 13 18:00:57 2021 +1100
+
+ Merge Mac OS X targets into a single config.
+
+commit ac112ade990585c511048ed4edaf2d9fc92b61f0
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Tue Jan 12 19:22:47 2021 +1100
+
+ Add Mac OS X test targets.
+
+commit 1050109b4b2884bf50fd1b3aa084c7fd0a42ae90
+Author: anatasluo <luolongjuna@gmail.com>
+Date: Mon Jan 11 13:51:39 2021 +0000
-commit ebc8b4656f9b0f834a642a9fb3c9fbca86a61838
-Author: tj@openbsd.org <tj@openbsd.org>
-Date: Mon Apr 9 20:41:22 2018 +0000
+ Remove duplicated declaration in fatal.c .
- upstream: the UseLogin option was removed, so remove it here too.
+commit 7d0f8a3369579dfe398536eb4e3da7bc15da9599
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Mon Jan 11 04:48:22 2021 +0000
+
+ upstream: Correct spelling of persourcenetblocksize in config-dump
- ok dtucker
+ mode.
- OpenBSD-Commit-ID: 7080be73a64d68e21f22f5408a67a0ba8b1b6b06
+ OpenBSD-Commit-ID: ecdc49e2b6bde6b6b0e52163d621831f6ac7b13d
-commit 3e36f281851fc8e9c996b33f108b2ae167314fbe
-Author: jmc@openbsd.org <jmc@openbsd.org>
-Date: Sun Apr 8 07:36:02 2018 +0000
+commit ba328bd7a6774f30daaf90b83f1933cc4afc866c
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Sat Jan 9 12:31:46 2021 +0000
- upstream: tweak previous;
+ upstream: Adjust kexfuzz to addr.c/addrmatch.c split.
- OpenBSD-Commit-ID: 2b9c23022ea7b9dddb62864de4e906000f9d7474
+ OpenBSD-Regress-ID: 1d8d23bb548078020be2fb52c4c643efb190f0eb
-commit 8368571efd6693c5c57f850e23a2372acf3f865f
-Author: jmc@openbsd.org <jmc@openbsd.org>
-Date: Sat Apr 7 13:50:10 2018 +0000
+commit b08ef25552443e94c0857d5e3806dd019ccc55d7
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Sat Jan 9 12:24:30 2021 +0000
- upstream: tweak previous;
+ upstream: Update unittests for addr.c/addrmatch.c split.
- OpenBSD-Commit-ID: 38e347b6f8e888f5e0700d01abb1eba7caa154f9
+ OpenBSD-Regress-ID: de2b415fb7af084a91c6ef147a90482d8f771eef
-commit 555294a7279914ae6795b71bedf4e6011b7636df
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Apr 6 13:02:39 2018 +0000
+commit 6d30673fedec2d251f4962c526fd0451f70c4d97
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Mon Jan 11 02:12:57 2021 +0000
- upstream: Allow "SendEnv -PATTERN" to clear environment variables
+ upstream: Change convtime() from returning long to returning int.
- previously labeled for sendind. bz#1285 ok dtucker@
+ On platforms where sizeof(int) != sizeof(long), convtime could accept values
+ >MAX_INT which subsequently truncate when stored in an int during config
+ parsing. bz#3250, ok djm@
- OpenBSD-Commit-ID: f6fec9e3d0f366f15903094fbe1754cb359a0df9
+ OpenBSD-Commit-ID: 8fc932683d6b4660d52f50911d62bd6639c5db31
-commit 40f5f03544a07ebd2003b443d42e85cb51d94d59
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Apr 6 04:15:45 2018 +0000
+commit 7a57adb8b07b2ad0aead4b2e09ee18edc04d0481
+Author: jmc@openbsd.org <jmc@openbsd.org>
+Date: Sat Jan 9 12:51:12 2021 +0000
- upstream: relax checking of authorized_keys environment="..."
+ upstream: add a comma to previous;
- options to allow underscores in variable names (regression introduced in
- 7.7). bz2851, ok deraadt@
+ OpenBSD-Commit-ID: 9139433701c0aa86a0d3a6c7afe10d1c9c2e0869
+
+commit 3a923129534b007c2e24176a8655dec74eca9c46
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Sat Jan 9 12:10:02 2021 +0000
+
+ upstream: Add PerSourceMaxStartups and PerSourceNetBlockSize
- OpenBSD-Commit-ID: 69690ffe0c97ff393f2c76d25b4b3d2ed4e4ac9c
+ options which provide more fine grained MaxStartups limits. Man page help
+ jmc@, feedback & ok djm@
+
+ OpenBSD-Commit-ID: e2f68664e3d02c0895b35aa751c48a2af622047b
-commit 30fd7f9af0f553aaa2eeda5a1f53f26cfc222b5e
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Apr 6 03:51:27 2018 +0000
+commit d9a2bc71693ea27461a78110005d5a2d8b0c6a50
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Sat Jan 9 11:58:50 2021 +0000
- upstream: add a couple of missed options to the config dump; patch
+ upstream: Move address handling functions out into their own file
- from Jakub Jelen via bz2835
+ in order to reuse them for per-source maxstartups limiting. Supplement with
+ some additional functions from djm's flowtools that we'll also need. ok djm@
+ (as part of a larger diff).
- OpenBSD-Commit-ID: 5970adadf6ef206bee0dddfc75d24c2019861446
+ OpenBSD-Commit-ID: e3e7d9ccc6c9b82e25cfef0ec83598e8e2327cbf
+
+commit b744914fcb76d70761f1b667de95841b3fc80a56
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Sat Jan 9 00:36:05 2021 +1100
+
+ Add test against Graphene hardened malloc.
-commit 8d6829be324452d2acd282d5f8ceb0adaa89a4de
+commit 6cb52d5bf771f6769b630fce35a8e9b8e433044f
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Apr 6 03:34:27 2018 +0000
+Date: Fri Jan 8 04:49:13 2021 +0000
- upstream: ssh does not accept -oInclude=... on the commandline, the
+ upstream: make CheckHostIP default to 'no'. It doesn't provide any
- Include keyword is for configuration files only. bz#2840, patch from Jakub
- Jelen
+ perceptible value and makes it much harder for hosts to change host keys,
+ particularly ones that use IP-based load-balancing.
+
+ ok dtucker@
- OpenBSD-Commit-ID: 32d052b4a7a7f22df35fe3f71c368c02b02cacb0
+ OpenBSD-Commit-ID: 0db98413e82074f78c7d46784b1286d08aee78f0
+
+commit 309b642e1442961b5e57701f095bcd4acd2bfb5f
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Fri Jan 8 15:50:41 2021 +1100
+
+ Run tests with sudo for better coverage.
+
+commit c336644351fa3c715a08b7a292e309e72792e71e
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Fri Jan 8 14:26:32 2021 +1100
+
+ Add Ubuntu 16.04 and 20.04 test targets.
-commit 00c5222ddc0c8edcaa4ea45ac03befdc8013d137
+commit 4c7af01f9dcc1606dec033e7665a042cb0d8ec52
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Thu Apr 5 22:54:28 2018 +0000
+Date: Fri Jan 8 02:57:24 2021 +0000
- upstream: We don't offer CBC cipher by default any more. Spotted by
+ upstream: If a signature operation on a FIDO key fails with a
+
+ "incorrect PIN" reason and no PIN was initially requested from the user, then
+ request a PIN and retry the operation.
+
+ This smoothes over a few corner cases including FIDO devices that
+ require PINs for all hosted credentials, biometric FIDO devices that
+ fall back to requiring PIN when reading the biometric failed, devices
+ that don't implement reading credProtect status for downloaded keys
+ and probably a few more cases that I haven't though of yet.
- Renaud Allard (via otto@)
+ ok dtucker@
- OpenBSD-Commit-ID: a559b1eef741557dd959ae378b665a2977d92dca
+ OpenBSD-Commit-ID: 176db8518933d6a5bbf81a2e3cf62447158dc878
-commit 5ee8448ad7c306f05a9f56769f95336a8269f379
-Author: job@openbsd.org <job@openbsd.org>
-Date: Wed Apr 4 15:12:17 2018 +0000
+commit 64ddd0fe68c4a7acf99b78624f8af45e919cd317
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri Jan 8 02:44:14 2021 +0000
- upstream: Update default IPQoS in ssh(1), sshd(8) to DSCP AF21 for
+ upstream: don't try to use timespeccmp(3) directly as a qsort(3)
- interactive and CS1 for bulk
+ comparison function - it returns 0/1 and not the -1/0/1 that qsort expectes.
- AF21 was selected as this is the highest priority within the low-latency
- service class (and it is higher than what we have today). SSH is elastic
- and time-sensitive data, where a user is waiting for a response via the
- network in order to continue with a task at hand. As such, these flows
- should be considered foreground traffic, with delays or drops to such
- traffic directly impacting user-productivity.
+ fixes sftp "ls -ltr" under some circumstances.
- For bulk SSH traffic, the CS1 "Lower Effort" marker was chosen to enable
- networks implementing a scavanger/lower-than-best effort class to
- discriminate scp(1) below normal activities, such as web surfing. In
- general this type of bulk SSH traffic is a background activity.
+ Based on patch by Masahiro Matsuya via bz3248.
- An advantage of using "AF21" for interactive SSH and "CS1" for bulk SSH
- is that they are recognisable values on all common platforms (IANA
- https://www.iana.org/assignments/dscp-registry/dscp-registry.xml), and
- for AF21 specifically a definition of the intended behavior exists
- https://tools.ietf.org/html/rfc4594#section-4.7 in addition to the definition
- of the Assured Forwarding PHB group https://tools.ietf.org/html/rfc2597, and
- for CS1 (Lower Effort) there is https://tools.ietf.org/html/rfc3662
+ OpenBSD-Commit-ID: 65b5e9f18bb0d10573868c3516de6e5170adb163
+
+commit 599df78f3008cf78af21f8977be3e1dd085f8e2e
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Fri Jan 8 02:33:13 2021 +0000
+
+ upstream: Update the sntrup761 creation script and generated code:
- The first three bits of "AF21" map to the equivalent IEEEE 802.1D PCP, IEEE
- 802.11e, MPLS EXP/CoS and IP Precedence value of 2 (also known as "Immediate",
- or "AC_BE"), and CS1's first 3 bits map to IEEEE 802.1D PCP, IEEE 802.11e,
- MPLS/CoS and IP Precedence value 1 ("Background" or "AC_BK").
+ - remove unneeded header files and typedefs and rely on crypto_api.h - add
+ defines to map types used to the crypto_api ones instead of typedefs. This
+ prevents typedef name collisions in -portable. - remove CRYPTO_NAMESPACE
+ entirely instead of making it a no-op - delete unused functions and make the
+ remaining ones that aren't exported static.
- OK deraadt@, "no objection" djm@
+ ok djm@
- OpenBSD-Commit-ID: d11d2a4484f461524ef0c20870523dfcdeb52181
+ OpenBSD-Commit-ID: 7b9d0cf3acd5a3c1091da8afe00c904d38cf5783
-commit 424b544fbda963f973da80f884717c3e0a513288
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date: Tue Apr 3 02:14:08 2018 +0000
+commit 16448ff529affda7e2a15ee7c3200793abde0759
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri Jan 8 02:19:24 2021 +0000
- upstream: Import regenerated moduli file.
+ upstream: mention that DisableForwarding is valid in a sshd_config
+
+ Match block reported by Fredrik Eriksson in bz3239
- OpenBSD-Commit-ID: 1de0e85522051eb2ffa00437e1885e9d7b3e0c2e
+ OpenBSD-Commit-ID: 3a71c3d84b597f5e43e4b40d5232797daf0993f6
-commit 323f66ce934df2da551f256f37d69822428e1ca1
+commit 91bac5e95b1b0debf9b2b4f05c20dcfa96b368b9
Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date: Fri Apr 6 04:18:35 2018 +0000
+Date: Mon Jan 4 21:58:58 2021 +0000
- upstream: Add test for username options parsing order, prompted by
+ upstream: estructure sntrup761.sh to process all files in a single
- bz#2849.
+ list, which will make it easier to reorder. Re-inline int32_MINMAX. ok
+ tobhe@
- OpenBSD-Regress-ID: 6985cd32f38596882a3ac172ff8c510693b65283
+ OpenBSD-Commit-ID: d145c6c19b08bb93c9e14bfaa7af589d90f144c0
-commit e8f474554e3bda102a797a2fbab0594ccc66f097
-Author: Damien Miller <djm@mindrot.org>
-Date: Fri Apr 6 14:11:44 2018 +1000
+commit 4d96a3ebab2224f17e639a15078e03be1ad3736d
+Author: tobhe@openbsd.org <tobhe@openbsd.org>
+Date: Sun Jan 3 18:05:21 2021 +0000
- Expose SSH_AUTH_INFO_0 to PAM auth modules
+ upstream: Prevent redefinition of `crypto_int32' error with gcc3.
- bz#2408, patch from Radoslaw Ejsmont; ok dtucker@
+ Fixes compilation on luna88k.
+
+ Feedback millert@
+ Found by and ok aoyama@
+
+ OpenBSD-Commit-ID: f305ddfe575a26cc53431af3fde3f4aeebed9ba6
-commit 014ba209cf4c6a159baa30ecebbaddfa97da7100
+commit a23954eeb930ccc8a66a2710153730769dba31b6
Author: Darren Tucker <dtucker@dtucker.net>
-Date: Tue Apr 3 12:18:00 2018 +1000
+Date: Fri Jan 1 22:00:49 2021 +1100
- Import regenerated moduli file.
+ Undef int32 after sort routines.
+
+ This prevents typedef'ing crypto_int32 twice, in sntrup761.c and
+ crypto_api.h, which some compilers (at least some GCCs) don't accept.
-commit a0349a1cc4a18967ad1dbff5389bcdf9da098814
+commit 148b8a661c3f93e4b6d049ee902de3d521261fbc
Author: Damien Miller <djm@mindrot.org>
-Date: Mon Apr 2 15:38:28 2018 +1000
+Date: Thu Dec 31 12:47:22 2020 +1100
- update versions in .spec files
+ fix: missing pieces of previous commit
-commit 816ad38f79792f5617e3913be306ddb27e91091c
+commit 3d999be7b987c848feda718cfcfcdc005ddf670d
+Author: tobhe@openbsd.org <tobhe@openbsd.org>
+Date: Wed Dec 30 14:13:28 2020 +0000
+
+ upstream: Use int64_t for intermediate values in int32_MINMAX to
+
+ prevent signed 32-bit integer overflow.
+
+ Found by and ok djm@
+ ok markus@
+
+ OpenBSD-Commit-ID: 4f0704768e34cf45fdd792bac4011c6971881bb3
+
+commit 5c1953bf98732da5a76c706714ac066dbfa015ac
Author: Damien Miller <djm@mindrot.org>
-Date: Mon Apr 2 15:38:20 2018 +1000
+Date: Tue Dec 29 12:40:54 2020 +1100
- update version number
+ adapt KEX fuzzer to PQ kex change
-commit 2c71ca1dd1efe458cb7dee3f8a1a566f913182c2
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Fri Mar 30 18:23:07 2018 +1100
+commit 659864fe81dbc57eeed3769c462679d83e026640
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Tue Dec 29 01:02:15 2020 +0000
- Disable native strndup and strnlen on AIX.
+ upstream: Adapt to replacement of
- On at least some revisions of AIX, strndup returns unterminated strings
- under some conditions, apparently because strnlen returns incorrect
- values in those cases. Disable both on AIX and use the replacements
- from openbsd-compat. Fixes problem with ECDSA keys there, ok djm.
+ sntrup4591761x25519-sha512@tinyssh.org with
+ sntrup761x25519-sha512@openssh.com.
+
+ Also test sntrup761x25519-sha512@openssh.com in unittests/kex
+
+ OpenBSD-Regress-ID: cfa3506b2b077a9cac1877fb521efd2641b6030c
-commit 6b5a17bc14e896e3904dc58d889b58934cfacd24
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Mon Mar 26 13:12:44 2018 +1100
+commit 2c71cec020219d69df84055c59eba5799a1233ec
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Tue Dec 29 00:59:15 2020 +0000
- Include ssh_api.h for struct ssh.
+ upstream: Update/replace the experimental post-quantim hybrid key
+
+ exchange method based on Streamlined NTRU Prime (coupled with X25519).
+
+ The previous sntrup4591761x25519-sha512@tinyssh.org method is
+ replaced with sntrup761x25519-sha512@openssh.com. Per the authors,
+ sntrup4591761 was replaced almost two years ago by sntrup761.
+
+ The sntrup761 implementaion, like sntrup4591761 before it, is public
+ domain code extracted from the SUPERCOP cryptography benchmark
+ suite (https://bench.cr.yp.to/supercop.html).
- struct ssh is needed by implementations of sys_auth_passwd() that were
- converted in commit bba02a50. Needed to fix build on AIX, I assume for
- the other platforms too (although it should be harmless if not needed).
+ Thanks for Daniel J Bernstein for guidance on algorithm selection.
+ Patch from Tobias Heider; feedback & ok markus@ and myself
+
+ (note this both the updated method and the one that it replaced are
+ disabled by default)
+
+ OpenBSD-Commit-ID: 2bf582b772d81ee24e911bb6f4b2aecfd39338ae
-commit bc3f80e4d191b8e48650045dfa8a682cd3aabd4d
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Mon Mar 26 12:58:09 2018 +1100
+commit 09d070ccc3574ae0d7947d212ed53c7268ef7e1f
+Author: jmc@openbsd.org <jmc@openbsd.org>
+Date: Tue Dec 22 07:40:26 2020 +0000
- Remove UNICOS code missed during removal.
+ upstream: tweak the description of KnownHostsCommand in ssh_conf.5,
+
+ and add entries for it to the -O list in scp.1 and sftp.1;
+
+ ok djm
- Fixes compile error on AIX.
+ OpenBSD-Commit-ID: aba31ebea03f38f8d218857f7ce16a500c3e4aff
-commit 9d57762c24882e2f000a21a0ffc8c5908a1fa738
-Author: markus@openbsd.org <markus@openbsd.org>
-Date: Sat Mar 24 19:29:03 2018 +0000
+commit 931c93389a80e32272712459b1102d303844453d
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Dec 22 19:43:55 2020 +1100
- upstream: openssh-7.7
-
- OpenBSD-Commit-ID: 274e614352460b9802c905f38fb5ea7ed5db3d41
+ whitespace at EOL
-commit 4b7d8acdbbceef247dc035e611e577174ed8a87e
+commit 397b1c4d393f97427283a4717e9015a2bd31b8a5
Author: Damien Miller <djm@mindrot.org>
-Date: Mon Mar 26 09:37:02 2018 +1100
+Date: Tue Dec 22 19:42:37 2020 +1100
+
+ whitespace at EOL
+
+commit 33fa3ac547e5349ca34681cce6727b2f933dff0a
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Tue Dec 22 19:21:26 2020 +1100
+
+ Improve AIX text.
+
+commit 0f2e21c9dca89598b694932b5b05848380a23ec0
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Tue Dec 22 18:56:54 2020 +1100
- Remove authinfo.sh test dependency on printenv
+ Include stdio.h for FILE in misc.h.
- Some platforms lack printenv in the default $PATH.
- Reported by Tom G. Christensen
+ Fixes build on at least OpenBSD.
-commit 4afeaf3dcb7dc70efd98fcfcb0ed28a6b40b820e
-Author: Tim Rice <tim@multitalents.net>
-Date: Sun Mar 25 10:00:21 2018 -0700
+commit 3e9811e57b57ee66b0f70d99d7258da3153b0e8a
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Dec 22 18:31:50 2020 +1100
- Use libiaf on all sysv5 systems
+ ensure $LOGNAME is set in tests
-commit bba02a5094b3db228ceac41cb4bfca165d0735f3
-Author: Tim Rice <tim@multitalents.net>
-Date: Sun Mar 25 09:17:33 2018 -0700
+commit 3eb647cbb34d87a063aa7714256c6e56103fffda
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Tue Dec 22 06:47:24 2020 +0000
- modified: auth-sia.c
- modified: openbsd-compat/port-aix.c
- modified: openbsd-compat/port-uw.c
+ upstream: more detail for failing tests
- propogate changes to auth-passwd.c in commit
- 7c856857607112a3dfe6414696bf4c7ab7fb0cb3 to other providers
- of sys_auth_passwd()
+ OpenBSD-Regress-ID: c68c0e5a521cad7e7f68e54c54ebf86d6c10ee1d
-commit d7a7a39168bdfe273587bf85d779d60569100a3f
-Author: markus@openbsd.org <markus@openbsd.org>
-Date: Sat Mar 24 19:29:03 2018 +0000
+commit 2873f19570d4d8758be24dbf78332be9a779009b
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Tue Dec 22 06:03:36 2020 +0000
- upstream: openssh-7.7
+ upstream: regress test for KnownHostsCommand
- OpenBSD-Commit-ID: 274e614352460b9802c905f38fb5ea7ed5db3d41
+ OpenBSD-Regress-ID: ffc77464320b6dabdcfa0a72e0df02659233a38a
-commit 9efcaaac314c611c6c0326e8bac5b486c424bbd2
-Author: markus@openbsd.org <markus@openbsd.org>
-Date: Sat Mar 24 19:28:43 2018 +0000
+commit 0121aa87bab9ad2365de2d07f2832b56d5ff9871
+Author: tb@openbsd.org <tb@openbsd.org>
+Date: Tue Dec 22 03:05:31 2020 +0000
- upstream: fix bogus warning when signing cert keys using agent;
+ upstream: Remove lines accidentally left behind in the ProxyJump
+
+ parsing fix r1.345.
- from djm; ok deraadt dtucker
+ ok djm
- OpenBSD-Commit-ID: 12e50836ba2040042383a8b71e12d7ea06e9633d
+ OpenBSD-Commit-ID: fe767c108c8117bea33767b080ff62eef2c55f5c
-commit 393436024d2e4b4c7a01f9cfa5854e7437896d11
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Sun Mar 25 09:40:46 2018 +1100
+commit da4bf0db942b5f0278f33238b86235e5813d7a5a
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Tue Dec 22 00:15:22 2020 +0000
- Replace /dev/stdin with "-".
+ upstream: add a ssh_config KnownHostsCommand that allows the client
+
+ to obtain known_hosts data from a command in addition to the usual files.
- For some reason sftp -b doesn't work with /dev/stdin on Cygwin, as noted
- and suggested by vinschen at redhat.com.
+ The command accepts bunch of %-expansions, including details of the
+ connection and the offered server host key. Note that the command may
+ be invoked up to three times per connection (see the manpage for
+ details).
+
+ ok markus@
+
+ OpenBSD-Commit-ID: 2433cff4fb323918ae968da6ff38feb99b4d33d0
-commit b5974de1a1d419e316ffb6524b1b277dda2f3b49
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Fri Mar 23 13:21:14 2018 +1100
+commit a34e14a5a0071de2036826a00197ce38c8b4ba8b
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Tue Dec 22 00:12:22 2020 +0000
- Provide $OBJ to paths in PuTTY interop tests.
+ upstream: move subprocess() from auth.c to misc.c
+
+ make privilege dropping optional but allow it via callbacks (to avoid
+ need to link uidswap.c everywhere)
+
+ add some other flags (keep environment, disable strict path safety check)
+ that make this more useful for client-side use.
+
+ feedback & ok markus@
+
+ OpenBSD-Commit-ID: a80ea9fdcc156f1a18e9c166122c759fae1637bf
-commit dc31e79454e9b9140b33ad380565fdb59b9c4f33
+commit 649205fe388b56acb3481a1b2461f6b5b7c6efa6
Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date: Fri Mar 16 09:06:31 2018 +0000
+Date: Mon Dec 21 22:48:41 2020 +0000
- upstream: Tell puttygen to use /dev/urandom instead of /dev/random. On
+ upstream: Remove explicit rijndael-cbc@lysator.liu.se test since the
- OpenBSD they are both non-blocking, but on many other -portable platforms it
- blocks, stalling tests.
+ cipher was removed.
- OpenBSD-Regress-ID: 397d0d4c719c353f24d79f5b14775e0cfdf0e1cc
+ OpenBSD-Regress-ID: aa93cddb4ecd9bc21446a79008a1a53050e64f17
-commit cb1f94431ef319cd48618b8b771b58739a8210cf
-Author: markus@openbsd.org <markus@openbsd.org>
-Date: Thu Mar 22 07:06:11 2018 +0000
+commit 03e93c753d7c223063ad8acaf9a30aa511e5f931
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Mon Dec 21 11:09:32 2020 +0000
- upstream: ssh/xmss: fix build; ok djm@
+ upstream: Remove the pre-standardization cipher
+
+ rijndael-cbc@lysator.liu.se. It is an alias for aes256-cbc which was
+ standardized in RFC4253 (2006), has been deprecated and disabled by default
+ since OpenSSH 7.2 (2016) and was only briefly documented in ssh.1 in 2001.
+
+ This will reduce the amount of work the cipher/kex regression tests need
+ to do by a little bit. ok markus@ djm@
- OpenBSD-Commit-ID: c9374ca41d4497f1c673ab681cc33f6e7c5dd186
+ OpenBSD-Commit-ID: fb460acc18290a998fd70910b19c29b4e4f199ad
-commit 27979da9e4074322611355598f69175b9ff10d39
-Author: markus@openbsd.org <markus@openbsd.org>
-Date: Thu Mar 22 07:05:48 2018 +0000
+commit a11ca015879eab941add8c6bdaaec7d41107c6f5
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Mon Dec 21 09:19:53 2020 +0000
- upstream: ssh/xmss: fix deserialize for certs; ok djm@
+ upstream: properly fix ProxyJump parsing; Thanks to tb@ for
+
+ pointing out my error (parse_ssh_uri() can return -1/0/1, that I missed).
+ Reported by Raf Czlonka via bugs@
+
+ ok tb@
- OpenBSD-Commit-ID: f44c41636c16ec83502039828beaf521c057dddc
+ OpenBSD-Commit-ID: a2991a3794bcaf1ca2b025212cce11cdb5f6b7d6
-commit c6cb2565c9285eb54fa9dfbb3890f5464aff410f
+commit d97fb879724f1670bf55d9adfea7278a93c33ae2
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Mon Dec 21 01:31:06 2020 +0000
+
+ upstream: adapt to API change in hostkeys_foreach()/load_hostkeys()
+
+ OpenBSD-Regress-ID: dcb468514f32da49a446372453497dc6eeafdbf3
+
+commit bf7eb3c266b7fd4ddda108fcf72b860af2af6406
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri Oct 16 14:02:24 2020 +0000
+
+ upstream: few more things needs match.c and addrmatch.c now that
+
+ log.c calls match_pattern_list()
+
+ OpenBSD-Regress-ID: f7c95c76b150d0aeb00a67858b9579b7d1b2db74
+
+commit 2c64f24e27a5e72a7f59e515fc4f4985355237ae
Author: Darren Tucker <dtucker@dtucker.net>
-Date: Thu Mar 22 17:00:28 2018 +1100
+Date: Mon Dec 21 14:02:56 2020 +1100
+
+ Pull in missing rev 1.2.
+
+commit 0f504f592d15d8047e466eb7453067a6880992a8
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Sun Dec 20 23:40:19 2020 +0000
+
+ upstream: plumb ssh_conn_info through to sshconnect.c; feedback/ok
+
+ markus@
+
+ OpenBSD-Commit-ID: e8d14a09cda3f1dc55df08f8a4889beff74e68b0
+
+commit 729b05f59ded35483acef90a6f88aa03eae33b29
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Sun Dec 20 23:38:00 2020 +0000
- Save $? before case statement.
+ upstream: allow UserKnownHostsFile=none; feedback and ok markus@
- In some shells (FreeBSD 9, ash) the case statement resets $?, so save
- for later testing.
+ OpenBSD-Commit-ID: c46d515eac94a35a1d50d5fd71c4b1ca53334b48
-commit 4c4e7f783b43b264c247233acb887ee10ed4ce4d
+commit b4c7cd1185c5dc0593d47eafcc1a34fda569dd1d
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Wed Mar 14 05:35:40 2018 +0000
+Date: Sun Dec 20 23:36:51 2020 +0000
- upstream: rename recently-added "valid-before" key restriction to
+ upstream: load_hostkeys()/hostkeys_foreach() variants for FILE*
- "expiry-time" as the former is confusing wrt similar terminology in X.509;
- pointed out by jsing@
+ Add load_hostkeys_file() and hostkeys_foreach_file() that accept a
+ FILE* argument instead of opening the file directly.
- OpenBSD-Regress-ID: ac8b41dbfd90cffd525d58350c327195b0937793
+ Original load_hostkeys() and hostkeys_foreach() are implemented using
+ these new interfaces.
+
+ Add a u_int note field to the hostkey_entry and hostkey_foreach_line
+ structs that is passed directly from the load_hostkeys() and
+ hostkeys_foreach() call. This is a lightweight way to annotate results
+ between different invocations of load_hostkeys().
+
+ ok markus@
+
+ OpenBSD-Commit-ID: 6ff6db13ec9ee4edfa658b2c38baad0f505d8c20
+
+commit 06fbb386bed666581095cb9cbc7a900e02bfe1b7
+Author: tobhe@openbsd.org <tobhe@openbsd.org>
+Date: Sat Dec 19 22:09:21 2020 +0000
+
+ upstream: Print client kem key with correct length.
+
+ ok markus@
+
+ OpenBSD-Commit-ID: 91689e14a4fc6c270e265a32d1c8faba63a45755
-commit 500396b204c58e78ad9d081516a365a9f28dc3fd
+commit 0ebead6593e2441e4af2735bbe2cd097607cd0d3
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Mon Mar 12 00:56:03 2018 +0000
+Date: Thu Dec 17 23:28:50 2020 +0000
- upstream: check valid-before option in authorized_keys
+ upstream: fix possible error("%s", NULL) on error paths
- OpenBSD-Regress-ID: 7e1e4a84f7f099a290e5a4cbf4196f90ff2d7e11
+ OpenBSD-Commit-ID: 0b3833c2cb985453ecca1d76803ebb8f3b736a11
-commit a76b5d26c2a51d7dd7a5164e683ab3f4419be215
+commit d060bc7f6e6244f001e658208f53e3e2ecbbd382
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Mon Mar 12 00:54:04 2018 +0000
+Date: Thu Dec 17 23:26:11 2020 +0000
- upstream: explicitly specify RSA/SHA-2 keytype here too
+ upstream: refactor client percent_expand() argument passing;
- OpenBSD-Regress-ID: 74d7b24e8c72c27af6b481198344eb077e993a62
+ consolidate the common arguments into a single struct and pass that around
+ instead of using a bunch of globals. ok markus@
+
+ OpenBSD-Commit-ID: 035e6d7ca9145ad504f6af5a021943f1958cd19b
-commit 3a43297ce29d37c64e37c7e21282cb219e28d3d1
+commit 43026da035cd266db37df1f723d5575056150744
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Mon Mar 12 00:52:57 2018 +0000
+Date: Thu Dec 17 23:10:27 2020 +0000
- upstream: exlicitly include RSA/SHA-2 keytypes in
+ upstream: prepare readconf.c for fuzzing; remove fatal calls and
- PubkeyAcceptedKeyTypes here
+ fix some (one-off) memory leaks; ok markus@
- OpenBSD-Regress-ID: 954d19e0032a74e31697fb1dc7e7d3d1b2d65fe9
+ OpenBSD-Commit-ID: 91c6aec57b0e7aae9190de188e9fe8933aad5ec5
-commit 037fdc1dc2d68e1d43f9c9e2586c02cabc8f7cc8
-Author: jmc@openbsd.org <jmc@openbsd.org>
-Date: Wed Mar 14 06:56:20 2018 +0000
+commit bef92346c4a808f33216e54d6f4948f9df2ad7c1
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Mon Dec 14 03:13:12 2020 +0000
- upstream: sort expiry-time;
+ upstream: use _PATH_SSH_USER_DIR instead of hardcoded .ssh in path
- OpenBSD-Commit-ID: 8c7d82ee1e63e26ceb2b3d3a16514019f984f6bf
+ OpenBSD-Commit-ID: 5c1048468813107baa872f5ee33ba51623630e01
+
+commit a5ab499bd2644b4026596fc2cb24a744fa310666
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Dec 4 14:01:27 2020 +1100
+
+ basic KEX fuzzer; adapted from Markus' unittest
+
+commit 021ff33e383c77b11badd60cec5b141a3e3fa532
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Dec 4 13:57:43 2020 +1100
+
+ use options that work with recent clang
-commit abc0fa38c9bc136871f28e452c3465c3051fc785
+commit e4d1a0b40add800b6e9352b40c2223e44acc3a45
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Wed Mar 14 05:35:40 2018 +0000
+Date: Fri Dec 4 02:41:10 2020 +0000
- upstream: rename recently-added "valid-before" key restriction to
+ upstream: shuffle a few utility functions into sftp-client.c; from
- "expiry-time" as the former is confusing wrt similar terminology in X.509;
- pointed out by jsing@
+ Jakub Jelen
- OpenBSD-Commit-ID: 376939466a1f562f3950a22314bc6505733aaae6
+ OpenBSD-Commit-ID: fdeb1aae1f6149b193f12cd2af158f948c514a2a
-commit bf0fbf2b11a44f06a64b620af7d01ff171c28e13
+commit ace12dc64f8e3a2496ca48d36b53cb3c0a090755
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Mon Mar 12 00:52:01 2018 +0000
+Date: Fri Dec 4 02:29:56 2020 +0000
- upstream: add valid-before="[time]" authorized_keys option. A
+ upstream: make ssh_free(NULL) a no-op
- simple way of giving a key an expiry date. ok markus@
+ OpenBSD-Commit-ID: 42cb285d94789cefe6608db89c63040ab0a80fa0
+
+commit 3b98b6e27f8a122dbfda9966b1afeb3e371cce91
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri Dec 4 02:29:25 2020 +0000
+
+ upstream: memleak of DH public bignum; found with libfuzzer
- OpenBSD-Commit-ID: 1793b4dd5184fa87f42ed33c7b0f4f02bc877947
+ OpenBSD-Commit-ID: 0e913b542c3764b100b1571fdb0d0e5cc086fe97
-commit fbd733ab7adc907118a6cf56c08ed90c7000043f
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Mon Mar 12 19:17:26 2018 +1100
+commit 553b90feedd7da5b90901d73005f86705456d686
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri Dec 4 02:27:57 2020 +0000
- Add AC_LANG_PROGRAM to AC_COMPILE_IFELSE.
+ upstream: fix minor memleak of kex->hostkey_alg on rekex
- The recently added MIPS ABI tests need AC_LANG_PROGRAM to prevent
- warnings from autoconf. Pointed out by klausz at haus-gisela.de.
+ OpenBSD-Commit-ID: 2c3969c74966d4ccdfeff5e5f0df0791919aef50
-commit c7c458e8261b04d161763cd333d74e7a5842e917
+commit ac0364b85e66eb53da2f9618f699ba6bd195ceea
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Wed Mar 7 23:53:08 2018 +0000
+Date: Fri Dec 4 02:27:08 2020 +0000
- upstream: revert recent strdelim() change, it causes problems with
+ upstream: typos: s/hex/kex/ in error messages
- some configs.
+ OpenBSD-Commit-ID: 43a026c9571dd779ec148de1829cf5a6b6651905
+
+commit ee22db7c5885a1d90219202c0695bc621aa0409b
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri Dec 4 02:25:13 2020 +0000
+
+ upstream: make program name be const
- revision 1.124
- date: 2018/03/02 03:02:11; author: djm; state: Exp; lines: +19 -8; commitid: nNRsCijZiGG6SUTT;
- Allow escaped quotes \" and \' in ssh_config and sshd_config quotes
- option strings. bz#1596 ok markus@
+ OpenBSD-Commit-ID: ece25680ec637fdf20502721ccb0276691df5384
+
+commit 2bcbf679de838bb77a8bd7fa18e100df471a679c
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Mon Nov 30 05:36:39 2020 +0000
+
+ upstream: Ignore comments at the end of config lines in ssh_config,
- OpenBSD-Commit-ID: 59c40b1b81206d713c06b49d8477402c86babda5
+ similar to what we already do for sshd_config. bz#2320, with & ok djm@
+
+ OpenBSD-Commit-ID: bdbf9fc5bc72b1a14266f5f61723ed57307a6db4
-commit 0bcd871ccdf3baf2b642509ba4773d5be067cfa2
-Author: jmc@openbsd.org <jmc@openbsd.org>
-Date: Mon Mar 5 07:03:18 2018 +0000
+commit b755264e7d3cdf1de34e18df1af4efaa76a3c015
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Sat Nov 28 12:52:32 2020 +0000
- upstream: move the input format details to -f; remove the output
+ upstream: Include cipher.h for declaration of cipher_by_name.
- format details and point to sshd(8), where it is documented;
+ OpenBSD-Commit-ID: ddfebbca03ca0e14e00bbad9d35f94b99655d032
+
+commit 022def7bd16c3426a95e25f57cb259d54468341c
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Sat Nov 28 03:27:59 2020 +0000
+
+ upstream: check result of strchr() against NULL rather than
- ok dtucker
+ searched-for characters; from zhongjubin@huawei.com
- OpenBSD-Commit-ID: 95f17e47dae02a6ac7329708c8c893d4cad0004a
+ OpenBSD-Commit-ID: e6f57de1d4a4d25f8db2d44e8d58d847e247a4fe
-commit 45011511a09e03493568506ce32f4891a174a3bd
-Author: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
-Date: Tue Jun 20 16:42:28 2017 +0100
+commit 57bf03f0217554afb8980f6697a7a0b88658d0a9
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Fri Nov 27 10:12:30 2020 +0000
- configure.ac: properly set seccomp_audit_arch for MIPS64
+ upstream: Document ssh-keygen -Z, sanity check its argument earlier and
- Currently seccomp_audit_arch is set to AUDIT_ARCH_MIPS64 or
- AUDIT_ARCH_MIPSEL64 (depending on the endinness) when openssh is built
- for MIPS64. However, that's only valid for n64 ABI. The right macros for
- n32 ABI defined in seccomp.h are AUDIT_ARCH_MIPS64N32 and
- AUDIT_ARCH_MIPSEL64N32, for big and little endian respectively.
+ provide a better error message if it's not correct. Prompted by bz#2879, ok
+ djm@ jmc@
- Because of that an sshd built for MIPS64 n32 rejects connection attempts
- and the output of strace reveals that the problem is related to seccomp
- audit:
+ OpenBSD-Commit-ID: 484178a173e92230fb1803fb4f206d61f7b58005
+
+commit 33313ebc1c7135085676db62189e3520341d6b73
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri Nov 27 00:49:58 2020 +0000
+
+ upstream: Set the specified TOS/DSCP for interactive use prior to
- [pid 194] prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, {len=57,
- filter=0x555d5da0}) = 0
- [pid 194] write(7, "\0\0\0]\0\0\0\5\0\0\0Ulist_hostkey_types: "..., 97) = ?
- [pid 193] <... poll resumed> ) = 2 ([{fd=5, revents=POLLIN|POLLHUP},
- {fd=6, revents=POLLHUP}])
- [pid 194] +++ killed by SIGSYS +++
+ TCP connect. The connection phase of the SSH session is time-sensitive (due
+ to server side login grace periods) and is frequently interactive (e.g.
+ entering passwords). The ultimate interactive/bulk TOS/DSCP will be set after
+ authentication completes.
- This patch fixes that problem by setting the right value to
- seccomp_audit_arch taking into account the MIPS64 ABI.
+ ok dtucker@
- Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
+ OpenBSD-Commit-ID: f31ab10d9233363a6d2c9996007083ba43a093f1
-commit 580086704c31de91dc7ba040a28e416bf1fefbca
-Author: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
-Date: Tue Jun 20 16:42:11 2017 +0100
+commit b2bcec13f17ce9174238a704e91d52203e916432
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri Nov 27 00:37:10 2020 +0000
- configure.ac: detect MIPS ABI
+ upstream: clean up passing of struct passwd from monitor to preauth
+
+ privsep process. No longer copy entire struct w/ pointer addresses, but pass
+ remaining scalar fields explicitly,
+
+ Prompted by Yuichiro NAITO, feedback Thorsten Glaser; ok dtucker@
- Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
+ OpenBSD-Commit-ID: 9925df75a56732c43f3663e70dd15ff413ab3e53
-commit cd4e937aa701f70366cd5b5969af525dff6fdf15
-Author: Alan Yee <alyee@ucsd.edu>
-Date: Wed Mar 7 15:12:14 2018 -0800
+commit 19af04e2231155d513e24fdc81fbec2217ae36a6
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Sun Nov 22 22:38:26 2020 +0000
- Use https URLs for links that support it.
+ upstream: when loading PKCS#11 keys, include the key fingerprints
+
+ and provider/slot information in debug output.
+
+ OpenBSD-Commit-ID: 969a089575d0166a9a364a9901bb6a8d9b8a1431
-commit c0a0c3fc4a76b682db22146b28ddc46566db1ce9
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Mon Mar 5 20:03:07 2018 +1100
+commit 9b9465ea856e15b9e9890b4ecb4110d7106e7766
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Sun Nov 22 22:37:11 2020 +0000
- Disable UTMPX on SunOS4.
+ upstream: when mentioning that the host key has changed, don't
+
+ report the type because it is ambiguous as to whether it referred to the
+ known or new host key. bz3216; ok dtucker@
+
+ OpenBSD-Commit-ID: 2d5ce4a83dbcf44e340a572e361decad8aab7bad
-commit 58fd4c5c0140f6636227ca7acbb149ab0c2509b9
+commit 637017a7dd3281d3f2df804993cc27c30dbfda47
Author: Darren Tucker <dtucker@dtucker.net>
-Date: Mon Mar 5 19:28:08 2018 +1100
+Date: Wed Nov 25 17:38:46 2020 +1100
- Check for and work around buggy fflush(NULL).
+ Use "=" not "==" in string test.
- Some really old platforms (eg SunOS4) segfault on fflush(NULL) so check
- for and work around. With klausz at haus-gisela.de.
+ POSIX says "=" is string comparison and some shells (eg HP-UX) will
+ complain about "==".
-commit 71e48bc7945f867029e50e06c665c66aed6d3c64
+commit 9880f3480f9768897f3b8e714d5317fb993bc5b3
Author: Darren Tucker <dtucker@dtucker.net>
-Date: Mon Mar 5 10:22:32 2018 +1100
+Date: Fri Nov 20 17:16:51 2020 +1100
- Remove extra XMSS #endif
+ Restore correct flags during localtime_r check.
- Extra #endif breaks compile with -DWITH_XMSS. Pointed out by Jack
- Schmidt via github.
+ We were restoring the wrong thing CPPFLAGS (we used CFLAGS) for any
+ platform that doesn't have localtime_r.
-commit 055e09e2212ff52067786bf6d794ca9512ff7f0c
+commit 41935882f4e82de60dbd6e033eabe79e1b963518
Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date: Sat Mar 3 06:37:53 2018 +0000
+Date: Fri Nov 20 03:16:56 2020 +0000
- upstream: Update RSA minimum modulus size to 1024. sshkey.h rev 1.18
+ upstream: When doing an sftp recursive upload or download of a
- bumped the minimum from 768 to 1024, update man page accordingly.
+ read-only directory, ensure that the directory is created with write and
+ execute permissions in the interim so that we can actually complete the
+ transfer, then set the directory permission as the final step. (The execute
+ bit is only likely to be an issue with a non-POSIX server). bz#3222, ok djm@
- OpenBSD-Commit-ID: 27563ab4e866cd2aac40a5247876f6787c08a338
+ OpenBSD-Commit-ID: a82606212f2796e31f0e1af94a63355a7ad5d903
-commit 7e4fadd3248d6bb7d39d6688c76a613d35d2efc1
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Sun Mar 4 01:46:48 2018 +0000
+commit 0f90440ca70abab947acbd77795e9f130967956c
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Fri Nov 20 13:37:54 2020 +1100
- upstream: for the pty control tests, just check that the PTY path
-
- points to something in /dev (rather than checking the device node itself);
- makes life easier for portable, where systems with dynamic ptys can delete
- nodes before we get around to testing their existence.
+ Add new pselect6_time64 syscall on ARM.
- OpenBSD-Regress-ID: b1e455b821e62572bccd98102f8dd9d09bb94994
+ This is apparently needed on armhfp/armv7hl. bz#3232, patch from
+ jjelen at redhat.com.
-commit 13ef4cf53f24753fe920832b990b25c9c9cd0530
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Sat Mar 3 16:21:20 2018 +1100
+commit 3a7c46c72b6a1f643b1fc3589cd20d8320c3d9e1
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Fri Nov 20 02:14:16 2020 +0000
- Update PAM password change to new opts API.
+ upstream: Explicitly initialize all members of the
+
+ find_by_key_ctx struct. Initializing a single member should be enough
+ (the spec says the remainder should be initialized as per the static
+ rules) but some GCCs warn on this which prevents us testing with -Werror
+ on those. ok deraadt@ djm@
+
+ OpenBSD-Commit-ID: 687126e60a27d30f02614760ef3c3ae4e8d6af28
-commit 33561e68e0b27366cb769295a077aabc6a49d2a1
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Sat Mar 3 14:56:09 2018 +1100
+commit 076cb616b87d1ea1d292973fcd0ba38c08ea6832
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Thu Nov 19 23:05:05 2020 +0000
- Add strndup for platforms that need it.
+ upstream: draft-ietf-secsh-architecture is now RFC4251.
- Some platforms don't have strndup, which includes Solaris 10, NetBSD 3
- and FreeBSD 6.
+ OpenBSD-Commit-ID: cb0bb58c2711fb5ed519507659be1dcf179ed403
-commit e8a17feba95eef424303fb94441008f6c5347aaf
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Sat Mar 3 14:49:07 2018 +1100
+commit 85cceda21f1471548e04111aefe2c4943131c1c8
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Tue Nov 17 11:23:58 2020 +0000
- Flatten and alphabetize object file lists.
+ upstream: Specify that the KDF function is bcrypt. Based on github
+
+ PR#214 from rafork, ok markus@, mdoc correction jmc@
- This will make maintenance and changes easier. "no objection" tim@
+ OpenBSD-Commit-ID: d8f2853e7edbcd483f31b50da77ab80ffa18b4ef
-commit de1920d743d295f50e6905e5957c4172c038e8eb
+commit 5b9720f9adbd70ba5a994f407fe07a7d016d8d65
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Sat Mar 3 03:16:17 2018 +0000
+Date: Sun Nov 15 22:34:58 2020 +0000
- upstream: unit tests for new authorized_keys options API
+ upstream: revert r1.341; it breaks ProxyJump; reported by sthen@
- OpenBSD-Regress-ID: 820f9ec9c6301f6ca330ad4052d85f0e67d0bdc1
+ OpenBSD-Commit-ID: 6ac2f945b26cb86d936eed338f77861d6da8356a
-commit dc3e92df17556dc5b0ab19cee8dcb2a6ba348717
+commit 04088725ec9c44880c01799b588cd4ba47b3e8bc
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Mar 2 02:53:27 2018 +0000
+Date: Fri Nov 13 07:30:44 2020 +0000
- upstream: fix testing of pty option, include positive test and
+ upstream: scrub keyboard-interactive authentication prompts coming
- testing of restrict keyword
+ from the server through asmprintf() prior to display; suggested by and ok
+ dtucker@
- OpenBSD-Regress-ID: 4268f27c2706a0a95e725d9518c5bcbec9814c6d
+ OpenBSD-Commit-ID: 31fe93367645c37fbfe4691596bf6cf1e3972a58
-commit 3d1edd1ebbc0aabea8bbe61903060f37137f7c61
+commit 5442b491d0ee4bb82f6341ad0ee620ef3947f8c5
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Mar 2 02:51:55 2018 +0000
+Date: Fri Nov 13 04:53:12 2020 +0000
- upstream: better testing for port-forwarding and restrict flags in
+ upstream: prefix keyboard interactive prompts with (user@host) to
- authorized_keys
+ make it easier to determine which connection they are associated with in
+ cases like scp -3, ProxyJump, etc. bz#3224 ok dtucker
- OpenBSD-Regress-ID: ee771df8955f2735df54746872c6228aff381daa
+ OpenBSD-Commit-ID: 67e6189b04b46c867662f8a6759cf3ecb5f59170
-commit 7c856857607112a3dfe6414696bf4c7ab7fb0cb3
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Sat Mar 3 03:15:51 2018 +0000
+commit 2992e4e7014ac1047062acfdbbf6feb156fef616
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Fri Nov 13 17:56:11 2020 +1100
- upstream: switch over to the new authorized_keys options API and
+ Remove use of TIME_WITH_SYS_TIME.
- remove the legacy one.
+ It was only set by the recently removed AC_HEADER_TIME macro, replace
+ with simple inclusions of both sys/time.h and time.h. Should prevent
+ mis-detection of struct timespec.
+
+commit e3f27006f15abacb7e89fda3f5e9a0bd420b7e38
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Nov 13 14:20:43 2020 +1100
+
+ Revert "detect Linux/X32 systems"
- Includes a fairly big refactor of auth2-pubkey.c to retain less state
- between key file lines.
+ This reverts commit 5b56bd0affea7b02b540bdbc4d1d271b0e4fc885.
- feedback and ok markus@
+ The approach used was incorrect; discussion in bz#3085
+
+commit e51dc7fab61df36e43f3bc64b673f88d388cab91
+Author: Damien Miller <djm@mindrot.org>
+Date: Fri Nov 13 13:22:15 2020 +1100
+
+ SELinux has deprecated security_context_t
+
+ (it was only ever a char* anyway)
+
+commit b79add37d118276d67f3899987b9f0629c9449c3
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Fri Nov 13 13:43:30 2020 +1100
+
+ Remove obsolete AC_HEADER_TIME macro.
- OpenBSD-Commit-ID: dece6cae0f47751b9892080eb13d6625599573df
+ AC_HEADER_TIME is marked as obsolete in autoconf-2.70 and as far as I
+ can tell everything we have that might be old enough to need it doesn't.
-commit 90c4bec8b5f9ec4c003ae4abdf13fc7766f00c8b
+commit d5d05cdb3d4efd4a618aa52caab5bec73097c163
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Sat Mar 3 03:06:02 2018 +0000
+Date: Thu Nov 12 22:56:00 2020 +0000
- upstream: Introduce a new API for handling authorized_keys options.
+ upstream: when prompting the user to accept a new hostkey, display
+
+ any other host names/addresses already associated with the key. E.g.
- This API parses options to a dedicated structure rather than the old API's
- approach of setting global state. It also includes support for merging
- options, e.g. from authorized_keys, authorized_principals and/or
- certificates.
+ > The authenticity of host 'test (10.0.0.1)' can't be established.
+ > ECDSA key fingerprint is SHA256:milU4MODXm8iJQI18wlsbPG7Yup+34fuNNmV08qDnax.
+ > This host key is known by the following other names/addresses:
+ > ~/.ssh/known_hosts:1: host.example.org,10.0.0.1
+ > ~/.ssh/known_hosts:2: [hashed name]
+ > ~/.ssh/known_hosts:3: [hashed name]
+ > ~/.ssh/known_hosts:4: host
+ > ~/.ssh/known_hosts:5: [host]:2222
+ > Are you sure you want to continue connecting (yes/no/[fingerprint])?
feedback and ok markus@
- OpenBSD-Commit-ID: 98badda102cd575210d7802943e93a34232c80a2
+ OpenBSD-Commit-ID: f6f58a77b49f1368b5883b3a1f776447cfcc7ef4
+
+commit 819b44e8b9af6ce18d3ec7505b9f461bf7991a1f
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Thu Nov 12 22:38:57 2020 +0000
+
+ upstream: Prevent integer overflow when ridiculously large
+
+ ConnectTimeout is specified, capping the effective value (for most platforms)
+ at 24 days. bz#3229, ok djm@
+
+ OpenBSD-Commit-ID: 62d4c4b7b87d111045f8e9f28b5b532d17ac5bc0
-commit 26074380767e639ef89321610e146ae11016b385
+commit add926dd1bbe3c4db06e27cab8ab0f9a3d00a0c2
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Sat Mar 3 03:01:50 2018 +0000
+Date: Wed Nov 11 05:22:32 2020 +0000
- upstream: warn when the agent returns a signature type that was
+ upstream: fix logic error that broke URI parsing in ProxyJump
- different to what was requested. This might happen when an old/non-OpenSSH
- agent is asked to make a rsa-sha2-256/512 signature but only supports
- ssh-rsa. bz#2799 feedback and ok markus@
+ directives; ok dtucker@
- OpenBSD-Commit-ID: 760c0f9438c5c58abc16b5f98008ff2d95cb13ce
+ OpenBSD-Commit-ID: 96d48839b1704882a0e9a77898f5e14b2d222705
-commit f493d2b0b66fb003ed29f31dd66ff1aeb64be1fc
-Author: jmc@openbsd.org <jmc@openbsd.org>
-Date: Fri Mar 2 21:40:15 2018 +0000
+commit 4340dd43928dfe746cb7e75fe920b63c0d909a9a
+Author: claudio@openbsd.org <claudio@openbsd.org>
+Date: Tue Nov 10 07:46:20 2020 +0000
- upstream: apply a lick of paint; tweaks/ok dtucker
+ upstream: Free the previously allocated msg buffer after writing it
- OpenBSD-Commit-ID: 518a6736338045e0037f503c21027d958d05e703
+ out. OK djm@
+
+ OpenBSD-Commit-ID: 18c055870fc75e4cb9f926c86c7543e2e21d7fa4
-commit 713d9cb510e0e7759398716cbe6dcf43e574be71
-Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Mar 2 03:02:11 2018 +0000
+commit fcf429a4c69d30d8725612a55b37181594da8ddf
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Wed Nov 11 12:30:46 2020 +1100
- upstream: Allow escaped quotes \" and \' in ssh_config and
+ Prevent excessively long username going to PAM.
- sshd_config quotes option strings. bz#1596 ok markus@
+ This is a mitigation for a buffer overflow in Solaris' PAM username
+ handling (CVE-2020-14871), and is only enabled for Sun-derived PAM
+ implementations. This is not a problem in sshd itself, it only
+ prevents sshd from being used as a vector to attack Solaris' PAM.
+ It does not prevent the bug in PAM from being exploited via some other
+ PAM application.
- OpenBSD-Commit-ID: dd3a29fc2dc905e8780198e5a6a30b096de1a1cb
+ Based on github PR#212 from Mike Scott but implemented slightly
+ differently. ok tim@ djm@
-commit 94b4e2d29afaaaef89a95289b16c18bf5627f7cd
+commit 10dce8ff68ef615362cfcab0c0cc33ce524e7682
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Mar 2 02:08:03 2018 +0000
+Date: Sun Nov 8 23:19:03 2020 +0000
- upstream: refactor sshkey_read() to make it a little more, err,
-
- readable. ok markus
+ upstream: unbreak; missing NULL check
- OpenBSD-Commit-ID: 2e9247b5762fdac3b6335dc606d3822121714c28
+ OpenBSD-Commit-ID: 6613dfab488123f454d348ef496824476b8c11c0
-commit 5886b92968b360623491699247caddfb77a74d80
-Author: markus@openbsd.org <markus@openbsd.org>
-Date: Thu Mar 1 20:32:16 2018 +0000
+commit d5a0cd4fc430c8eda213a4010a612d4778867cd9
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Sun Nov 8 22:37:24 2020 +0000
- upstream: missing #ifdef for _PATH_HOST_XMSS_KEY_FILE; report by
+ upstream: when requesting a security key touch on stderr, inform the
- jmc@
+ user once the touch has been recorded; requested by claudio@ ok markus@
- OpenBSD-Commit-ID: 9039cb69a3f9886bfef096891a9e7fcbd620280b
+ OpenBSD-Commit-ID: 3b76ee444490e546b9ea7f879e4092ee0d256233
-commit 3b36bed3d26f17f6a2b7e036e01777770fe1bcd4
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date: Mon Feb 26 12:14:53 2018 +0000
+commit 292bcb2479deb27204e3ff796539c003975a5f7a
+Author: Darren Tucker <dtucker@dtucker.net>
+Date: Mon Nov 9 00:33:35 2020 +1100
- upstream: Remove unneeded (local) include. ok markus@
+ Remove preprocessor directive from log macro calls.
- OpenBSD-Commit-ID: 132812dd2296b1caa8cb07d2408afc28e4e60f93
+ Preprocessor directives inside macro calls, such as the new log macros,
+ are undefined behaviour and do not work with, eg old GCCs. Put the
+ entire log call inside the ifdef for OPENSSL_HAS_NISTP521.
-commit 27b9f3950e0289e225b57b7b880a8f1859dcd70b
+commit 71693251b7cbb7dd89aaac18815147124732d0d3
Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date: Mon Feb 26 03:56:44 2018 +0000
+Date: Sun Nov 8 12:10:20 2020 +0000
- upstream: Add $OpenBSD$ markers to xmss files to help keep synced
+ upstream: Add a comment documenting the source of the moduli group
- with portable. ok djm@.
+ sizes.
- OpenBSD-Commit-ID: 5233a27aafd1dfadad4b957225f95ae51eb365c1
+ OpenBSD-Commit-ID: aec0725ce607630caaa62682624c6763b350391c
-commit afd830847a82ebbd5aeab05bad6d2c8ce74df1cd
+commit 4d94b031ff88b015f0db57e140f481bff7ae1a91
Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date: Mon Feb 26 03:03:05 2018 +0000
+Date: Sun Nov 8 11:46:12 2020 +0000
- upstream: Add newline at end of file to prevent compiler warnings.
+ upstream: Replace WITH_OPENSSL ifdefs in log calls with a macro.
- OpenBSD-Commit-ID: 52f247d4eafe840c7c14c8befa71a760a8eeb063
+ The log calls are themselves now macros, and preprocessor directives inside
+ macro arguments are undefined behaviour which some compilers (eg old GCCs)
+ choke on. It also makes the code tidier. ok deraadt@
+
+ OpenBSD-Commit-ID: cc12a9029833d222043aecd252d654965c351a69
-commit 941e0d3e9bb8d5e4eb70cc694441445faf037c84
+commit 6d2564b94e51184eb0b73b97d13a36ad50b4f810
Author: Darren Tucker <dtucker@dtucker.net>
-Date: Wed Feb 28 19:59:35 2018 +1100
+Date: Fri Nov 6 17:11:16 2020 +1100
- Add WITH_XMSS, move to prevent conflicts.
+ Fix function body for variadic macro test.
- Add #ifdef WITH_XMSS to ssh-xmss.c, move it in the other files to after
- includes.h so it's less likely to conflict and will pick up WITH_XMSS if
- added to config.h.
+ AC_LANG_PROGRAM puts its second argument inside main() so we don't need
+ to do it ourselves.
-commit a10d8552d0d2438da4ed539275abcbf557d1e7a8
+commit 586f9bd2f5980e12f8cf0d3c2a761fa63175da52
Author: Darren Tucker <dtucker@dtucker.net>
-Date: Tue Feb 27 14:45:17 2018 +1100
+Date: Fri Nov 6 16:53:24 2020 +1100
- Conditionally compile XMSS code.
+ Remove AC_PROC_CC_C99 obsoleted in autoconf 2.70.
- The XMSS code is currently experimental and, unlike the rest of OpenSSH
- cannot currently be compiled with a c89 compiler.
+ Since we only use it to make sure we can handle variadic macros,
+ explicitly check only for that. with & ok djm@
-commit 146c3bd28c8dbee9c4b06465d9c9facab96b1e9b
+commit a019e353df04de1b2ca78d91b39c393256044ad7
Author: Darren Tucker <dtucker@dtucker.net>
-Date: Mon Feb 26 12:51:29 2018 +1100
+Date: Fri Nov 6 13:56:41 2020 +1100
- Check dlopen has RTLD_NOW before enabling pkcs11.
+ Replace AC_TRY_COMPILE obsoleted in autoconf 2.70.
+
+ Replace with the equivalent AC_COMPILE_IFELSE.
-commit 1323f120d06a26074c4d154fcbe7f49bcad3d741
+commit 771b7795c0ef6a2fb43b4c6c66b615c2085cb9cd
Author: Darren Tucker <dtucker@dtucker.net>
-Date: Tue Feb 27 08:41:25 2018 +1100
+Date: Fri Nov 6 13:55:33 2020 +1100
- Check for attributes on prototype args.
+ Move AC_PROG_CC_C99 to immediately afer AC_PROG_CC.
- Some compilers (gcc 2.9.53, 3.0 and probably others, see gcc bug #3481)
- do not accept __attribute__ on function pointer prototype args. Check for
- this and hide them if they're not accepted.
+ This puts the related C version selection output in the same place.
-commit f0b245b0439e600fab782d19e97980e9f2c2533c
+commit e5591161f21ab493c6284a85ac3c0710ad94998f
Author: Darren Tucker <dtucker@dtucker.net>
-Date: Mon Feb 26 11:43:48 2018 +1100
+Date: Fri Nov 6 13:54:17 2020 +1100
- Check if HAVE_DECL_BZERO correctly.
+ AC_CHECK_HEADER() is obsoleted in autoconf 2.70.
+
+ Replace with the non-obsoleted AC_CHECK_HEADERS().
-commit c7ef4a399155e1621a532cc5e08e6fa773658dd4
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Mon Feb 26 17:42:56 2018 +1100
+commit 05bcd0cadf160fd4826a2284afa7cba6ec432633
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Tue Nov 3 22:53:12 2020 +0000
- Wrap <stdint.h> in #ifdef HAVE_STDINT_H.
+ upstream: fold consecutive '*' wildcards to mitigate combinatorial
+
+ explosion of recursive searches; ok dtucker
+
+ OpenBSD-Commit-ID: d18bcb39c40fb8a1ab61153db987e7d11dd3792b
-commit ac53ce46cf8165cbda7f57ee045f9f32e1e92b31
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Mon Feb 26 16:24:23 2018 +1100
+commit 7d680448db5858dc76307663f78d0b8d3c2b4a3d
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri Oct 30 01:50:07 2020 +0000
- Replace $(CURDIR) with $(PWD).
+ upstream: print reason in fatal error message when
+
+ kex_assemble_namelist() fails
- The former doesn't work on Solaris or BSDs.
+ OpenBSD-Commit-ID: a9975ee8db6c98d6f32233d88051b2077ca63dab
-commit 534b2680a15d14e7e60274d5b29b812d44cc5a44
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Mon Feb 26 14:51:59 2018 +1100
+commit 95d1109fec7e89ad21f2a97e92bde1305d32a353
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Thu Oct 29 03:13:06 2020 +0000
- Comment out hexdump().
+ upstream: fix sshd_config SetEnv directive inside Match blocks; part of
+
+ github PR#201 from github user manuelm
- Nothing currently uses them but they cause conflicts on at least
- FreeBSD, possibly others. ok djm@
+ OpenBSD-Commit-ID: 9772e3748abff3ad65ae8fc43d026ed569b1d2bc
-commit 5aea4aa522f61bb2f34c3055a7de203909dfae77
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Mon Feb 26 14:39:14 2018 +1100
+commit b12b835dc022ba161afe68348e05a83dfbcb1515
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Thu Oct 29 03:01:18 2020 +0000
- typo: missing ;
+ upstream: fix type of nid in type_bits_valid(); github PR#202 from
+
+ github user thingsconnected
+
+ OpenBSD-Commit-ID: 769d2b040dec7ab32d323daf54b854dd5dcb5485
-commit cd3ab57f9b388f8b1abf601dc4d78ff82d83b75e
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Mon Feb 26 14:37:06 2018 +1100
+commit 1a14c13147618144d1798c36a588397ba9008fcc
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Thu Oct 29 02:52:43 2020 +0000
- Hook up flock() compat code.
+ upstream: whitespace; no code change
- Also a couple of minor changes: fail if we can't lock instead of
- silently succeeding, and apply a couple of minor style fixes.
+ OpenBSD-Commit-ID: efefc1c47e880887bdee8cd2127ca93177eaad79
-commit b087998d1ba90dd1ddb6bfdb17873dc3e7392798
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Mon Feb 26 14:27:02 2018 +1100
+commit 815209abfdd2991fb92ad7d2e33374916cdcbcf4
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Thu Oct 29 02:47:23 2020 +0000
+
+ upstream: UpdateHostkeys: fixed/better detection of host keys that
+
+ exist under other names and addresses; spotted by and debugged with lots of
+ help from jca@
+
+ OpenBSD-Commit-ID: 5113d7f550bbd48243db1705afbf16b63792d4b7
+
+commit a575cf44e59a65506c67bddb62a712208a7a279c
+Author: Duncan Eastoe <duncan.eastoe@att.com>
+Date: Wed Oct 21 10:11:10 2020 +0100
+
+ session.c: use "denylist" terminology
+
+ Follow upstream (6d755706a0059eb9e2d63517f288b75cbc3b4701) language
+ improvements in this portable-specific code.
- Import flock() compat from NetBSD.
+commit 33267feaffd5d98aa56d2f0b3a99ec352effe938
+Author: Damien Miller <djm@mindrot.org>
+Date: Tue Oct 27 16:46:31 2020 +1100
+
+ Remove checks for strict POSIX mkdtemp()
+
+ We needed a mkdtemp() that accepted template paths that did not
+ end in XXXXXX a long time ago for KRB4, but that code is long
+ deprecated. We no longer need to replace mkdtemp() for strictly
+ following POSIX. ok dtucker@
+
+commit 492d70e18bad5a8c97d05f5eddac817171e88d2c
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Mon Oct 26 00:39:04 2020 +0000
+
+ upstream: Minor man page fixes (capitalization, commas) identified by
+
+ the manpage-l10n project via bz#3223. feedback deraadt@, ok jmc@
+
+ OpenBSD-Commit-ID: ab83af0daf18369244a72daaec6c4a58a9eb7e2c
+
+commit eab2888cfc6cc4e2ef24bd017da9835a0f365f3f
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date: Mon Oct 19 22:49:23 2020 +0000
+
+ upstream: Adapt XMSS to new logging infrastructure. With markus@, ok
+
+ djm@.
+
+ OpenBSD-Commit-ID: 9c35ec3aa0f710e4e3325187ceff4fa3791686de
+
+commit f7bd11e4941620991f3e727cd0131b01f0311a58
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Mon Oct 19 08:07:08 2020 +0000
+
+ upstream: fix SEGV on fatal() errors spotted by dtucker@
- From NetBSD's src/trunk/tools/compat/flock.c, no OpenSSH changes yet.
+ OpenBSD-Commit-ID: 75f155a1ac61e364ed00dc379e2c42df81067ce2
-commit 89212533dde6798324e835b1499084658df4579e
+commit 7715a3b171049afa1feffb1d5a1245dfac36ce99
Author: Darren Tucker <dtucker@dtucker.net>
-Date: Mon Feb 26 12:32:14 2018 +1100
+Date: Mon Oct 19 10:54:41 2020 +1100
+
+ Use fatal_fr not fatal_r when passing r.
+
+ Caught by the PAM -Werror tinderbox build.
+
+commit 816036f142ecd284c12bb3685ae316a68d2ef190
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Sun Oct 18 11:32:01 2020 +0000
+
+ upstream: use the new variant log macros instead of prepending
+
+ __func__ and appending ssh_err(r) manually; ok markus@
+
+ OpenBSD-Commit-ID: 1f14b80bcfa85414b2a1a6ff714fb5362687ace8
+
+commit 9e2c4f64224f68fb84c49b5182e449f94b0dc985
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Sun Oct 18 11:21:59 2020 +0000
+
+ upstream: variants of the log methods that append a ssherr.h string
+
+ from a supplied error code; ok markus@
+
+ OpenBSD-Commit-ID: aed98c4435d48d036ae6740300f6a8357b7cc0bf
+
+commit 28cb0a4b03940d1ee576eb767a81a4113bdc917e
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Sun Oct 18 11:14:27 2020 +0000
- Fix breakage when REGRESSTMP not set.
+ upstream: remove a level of macro indirection; ok markus@
- BUILDDIR is not set where used for REGRESSTMP, use make's CURDIR
- instead. Pointed out by djm@.
+ OpenBSD-Commit-ID: 0c529d06e902c5d1a6b231e1bec6157f76dc67c9
-commit f885474137df4b89498c0b8834c2ac72c47aa4bd
+commit 9cac1db52e6c4961c447910fe02cd68a3b2f9460
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Sun Oct 18 11:13:45 2020 +0000
+
+ upstream: add some variant log.h calls that prepend the calling
+
+ function name; ok markus@
+
+ OpenBSD-Commit-ID: 4be1b2e2455b271ddb7457bc195c5367644f4e48
+
+commit d55dfed34ef6ef1f028d552a90d5f3dba8dd6f7b
Author: Damien Miller <djm@mindrot.org>
-Date: Mon Feb 26 12:18:14 2018 +1100
+Date: Sat Oct 17 22:55:24 2020 +1100
- XMSS-related files get includes.h
+ missing header
-commit 612faa34c72e421cdc9e63f624526bae62d557cc
+commit 999d7cb79a3a73d92a6dfbf174c33da0d984c7a2
Author: Damien Miller <djm@mindrot.org>
-Date: Mon Feb 26 12:17:55 2018 +1100
+Date: Sat Oct 17 22:47:52 2020 +1100
+
+ sync regress/misc/sk-dummy/fatal.c
- object files end with .o - not .c
+commit 3554b4afa38b3483a3302f1be18eaa6f843bb260
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Sat Oct 17 01:28:20 2020 +0000
-commit bda709b8e13d3eef19e69c2d1684139e3af728f5
+ upstream: make the log functions that exit (sshlogdie(),
+
+ sshfatal(), etc) have identical signatures. Makes things a bit more
+ consistent...
+
+ OpenBSD-Commit-ID: bd0ae124733389d7c0042e135c71ee9091362eb9
+
+commit 616029a85ad7529b24bb8c4631d9607c0d6e7afe
+Author: jmc@openbsd.org <jmc@openbsd.org>
+Date: Fri Oct 16 14:34:33 2020 +0000
+
+ upstream: add space between macro arg and punctuation;
+
+ OpenBSD-Commit-ID: bb81e2ed5a77832fe62ab30a915ae67cda57633e
+
+commit f812a36cee5727147bc897d34ab9af068dd4561e
Author: Damien Miller <djm@mindrot.org>
-Date: Mon Feb 26 12:17:22 2018 +1100
+Date: Sat Oct 17 12:03:34 2020 +1100
- avoid inclusion of deprecated selinux/flask.h
+ check for and require a C99 capable compiler
- Use string_to_security_class() instead.
+ recent logging changes use __VA_ARGS__.
-commit 2e396439365c4ca352cac222717d09b14f8a0dfd
+commit f9ea6515202b59a1e2d5b885cafc1b12eff33016
Author: Damien Miller <djm@mindrot.org>
-Date: Mon Feb 26 11:48:27 2018 +1100
+Date: Sat Oct 17 11:51:20 2020 +1100
- updatedepend
+ logging is now macros, remove function pointers
-commit 1b11ea7c58cd5c59838b5fa574cd456d6047b2d4
-Author: markus@openbsd.org <markus@openbsd.org>
-Date: Fri Feb 23 15:58:37 2018 +0000
+commit 0f938f998626e8359324f803157cd7c9f8f403e2
+Author: Damien Miller <djm@mindrot.org>
+Date: Sat Oct 17 11:42:26 2020 +1100
+
+ adapt sk-dummy's fatal implementation to changes
+
+commit afbd9ec9e2dbad04834ce7ce53e58740434f32a5
+Author: Damien Miller <djm@mindrot.org>
+Date: Sat Oct 17 11:33:13 2020 +1100
+
+ fix netcat build problem
+
+commit 793b583d097381730adaf6f68bed3c343139a013
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri Oct 16 13:26:13 2020 +0000
- upstream: Add experimental support for PQC XMSS keys (Extended
+ upstream: LogVerbose keyword for ssh and sshd
- Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS
- in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See
- https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok
- djm@
+ Allows forcing maximum debug logging by file/function/line pattern-
+ lists.
+
+ ok markus@
- OpenBSD-Commit-ID: ef3eccb96762a5d6f135d7daeef608df7776a7ac
+ OpenBSD-Commit-ID: c294c25732d1b4fe7e345cb3e044df00531a6356
-commit 7d330a1ac02076de98cfc8fda05353d57b603755
-Author: jmc@openbsd.org <jmc@openbsd.org>
-Date: Fri Feb 23 07:38:09 2018 +0000
+commit 752250caabda3dd24635503c4cd689b32a650794
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri Oct 16 13:24:45 2020 +0000
+
+ upstream: revised log infrastructure for OpenSSH
+
+ log functions receive function, filename and line number of caller.
+ We can use this to selectively enable logging via pattern-lists.
+
+ ok markus@
+
+ OpenBSD-Commit-ID: 51a472610cbe37834ce6ce4a3f0e0b1ccc95a349
+
+commit acadbb3402b70f72f14d9a6930ad41be97c2f9dc
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Fri Oct 16 02:37:12 2020 +0000
- upstream: some cleanup for BindInterface and ssh-keyscan;
+ upstream: use do_log2 instead of function pointers to different log
+
+ functions
- OpenBSD-Commit-ID: 1a719ebeae22a166adf05bea5009add7075acc8c
+ OpenBSD-Commit-ID: 88077b826d348c58352a6b394755520f4e484480
-commit c7b5a47e3b9db9a0f0198f9c90c705f6307afc2b
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Sun Feb 25 23:55:41 2018 +1100
+commit 95b0bcfd1531d59e056ae8af27bb741391f26ab0
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Wed Oct 14 00:55:17 2020 +0000
- Invert sense of getpgrp test.
+ upstream: make UpdateHostkeys still more conservative: refuse to
- AC_FUNC_GETPGRP tests if getpgrp(0) works, which it does if it's not
- declared. Instead, test if the zero-arg version we want to use works.
+ proceed if one of the keys offered by the server is already in known_hosts
+ under another name. This avoid collisions between address entries for
+ different host aliases when CheckHostIP=yes
+
+ Also, do not attempt to fix known_hosts with incomplete host/ip matches
+ when there are no new or deprecated hostkeys.
+
+ OpenBSD-Commit-ID: 95c19842f7c41f9bd9c92aa6441a278c0fd0c4a3
-commit b39593a6de5290650a01adf8699c6460570403c2
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Sun Feb 25 13:25:15 2018 +1100
+commit a336ce8c2c55547cc00e0070a18c55f30bb53fb6
+Author: kn@openbsd.org <kn@openbsd.org>
+Date: Mon Oct 12 08:36:36 2020 +0000
- Add no-op getsid implmentation.
+ upstream: Zap unused family parameter from ssh_connect_direct()
+
+ sshconnect.c r1.241 from 2013 made it unused; found while reading code.
+
+ OK djm
+
+ OpenBSD-Commit-ID: 219ba6d7f9925d0b7992918612680399d86712b5
-commit 11057564eb6ab8fd987de50c3d7f394c6f6632b7
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Sun Feb 25 11:22:57 2018 +1100
+commit e545d94b713effab8e6c7dfabbfb76c1d84d7498
+Author: Philip Hands <phil@hands.com>
+Date: Sun Oct 4 00:15:46 2020 +0200
- bsd-statvfs: include sys/vfs.h, check for f_flags.
+ shift contents of long $() into filter_ids()
+
+ This was prompted by the fact that posh does not deal with $()
+ that contains comments where the comment includes an odd number
+ of single-quotes. It seems to get befuddled into trying to find
+ the matching quote.
+ Regardless, making a function for filtering the unneeded ids
+ seems much neater than avoiding apostrophes,
+ so that's what I've done.
+
+ SSH-Copy-ID-Upstream: 3dab3366a584427045c8a690a93282f02c09cf24
-commit e9dede06e5bc582a4aeb5b1cd5a7a640d7de3609
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Sun Feb 25 10:20:31 2018 +1100
+commit fd360174596047b52aa1cddda74d85012a03ca4b
+Author: Philip Hands <phil@hands.com>
+Date: Sat Oct 3 23:15:16 2020 +0200
- Handle calloc(0,x) where different from malloc.
+ combine if/elif to avoid duplication of the action
- Configure assumes that if malloc(0) returns null then calloc(0,n)
- also does. On some old platforms (SunOS4) malloc behaves as expected
- (as determined by AC_FUNC_MALLOC) but calloc doesn't. Test for this
- at configure time and activate the replacement function if found, plus
- handle this case in rpl_calloc.
+ SSH-Copy-ID-Upstream: 42aeb1cc53d3f7f6e78edc210fb121fda0834914
-commit 2eb4041493fd2635ffdc64a852d02b38c4955e0b
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Sat Feb 24 21:06:48 2018 +1100
+commit f7c3a39b016dd77709ecbf18da8282f967b86cd7
+Author: Philip Hands <phil@hands.com>
+Date: Sat Oct 3 21:45:16 2020 +0200
- Add prototype for readv if needed.
+ shellcheck tidyage
+
+ SSH-Copy-ID-Upstream: 5b08f840e78ac544288b3983010a1b0585e966fd
-commit 6c8c9a615b6d31db8a87bc25033f053d5b0a831e
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Sat Feb 24 20:46:37 2018 +1100
+commit 108676c3f26be6c873db0dd8754063699908727b
+Author: Philip Hands <phil@hands.com>
+Date: Sat Oct 3 21:10:03 2020 +0200
- Check for raise and supply if needed.
+ tidy up test of $SCRATCH_DIR creation
+
+ SSH-Copy-ID-Upstream: 2d8b22d96c105d87743ffe8874887b06f8989b93
-commit a9004425a032d7a7141a5437cfabfd02431e2a74
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Sat Feb 24 20:25:22 2018 +1100
+commit a9c9e91a82bc1a2cf801b4e3ef27a941dbd27717
+Author: Philip Hands <phil@hands.com>
+Date: Wed Sep 16 16:13:30 2020 +0200
- Check for bzero and supply if needed.
+ add -s flag: to install keys via SFTP
+
+ This is prompted by:
+
+ https://bugzilla.mindrot.org/show_bug.cgi?id=3201
+
+ Thanks go to Matthias Blümel for the idea, and the helpful patch, from
+ which this patch grew.
- Since explicit_bzero uses it via an indirect it needs to be a function
- not just a macro.
+ SSH-Copy-ID-Upstream: f7c76dc64427cd20287a6868f672423b62057614
-commit 1a348359e4d2876203b5255941bae348557f4f54
+commit f92424970c02b78852ff149378c7f2616ada4ccf
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Feb 23 05:14:05 2018 +0000
+Date: Sun Oct 11 22:14:38 2020 +0000
- upstream: Add ssh-keyscan -D option to make it print its results in
+ upstream: UpdateHostkeys: check for keys under other names
- SSHFP format bz#2821, ok dtucker@
+ Stop UpdateHostkeys from automatically removing deprecated keys from
+ known_hosts files if the same keys exist under a different name or
+ address to the host that is being connected to.
+
+ This avoids UpdateHostkeys from making known_hosts inconsistent in
+ some cases. For example, multiple host aliases sharing address-based
+ known_hosts on different lines, or hosts that resolves to multiple
+ addresses.
+
+ ok markus@
- OpenBSD-Commit-ID: 831446b582e0f298ca15c9d99c415c899e392221
+ OpenBSD-Commit-ID: 6444a705ba504c3c8ccddccd8d1b94aa33bd11c1
-commit 3e19fb976a47b44b3d7c4f8355269f7f2c5dd82c
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date: Fri Feb 23 04:18:46 2018 +0000
+commit d98f14b5328922ae3085e07007d820c4f655b57a
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Sun Oct 11 22:13:37 2020 +0000
- upstream: Add missing braces.
+ upstream: UpdateHostkeys: better CheckHostIP handling
+
+ When preparing to update the known_hosts file, fully check both
+ entries for both the host and the address (if CheckHostIP enabled)
+ and ensure that, at the end of the operation, entries for both are
+ recorded.
+
+ Make sure this works with HashKnownHosts too, which requires maintaining
+ a list of entry-types seen across the whole file for each key.
- Caught by the tinderbox's -Werror=misleading-indentation, ok djm@
+ ok markus@
- OpenBSD-Commit-ID: d44656af594c3b2366eb87d6abcef83e1c88a6ca
+ OpenBSD-Commit-ID: 374dc263103f6b343d9671f87dbf81ffd0d6abdd
-commit b59162da99399d89bd57f71c170c0003c55b1583
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Fri Feb 23 15:20:42 2018 +1100
+commit af5941ae9b013aac12585e84c4cf494f3728982f
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Sun Oct 11 22:12:44 2020 +0000
- Check for ifaddrs.h for BindInterface.
+ upstream: UpdateHostkeys: better detect manual host entries
+
+ Disable UpdateHostkeys if the known_hosts line has more than two
+ entries in the pattern-list. ssh(1) only writes "host" or "host,ip"
+ lines so anything else was added by a different tool or by a human.
- BindInterface required getifaddr and friends so disable if not available
- (eg Solaris 10). We should be able to add support for some systems with
- a bit more work but this gets the building again.
+ ok markus@
+
+ OpenBSD-Commit-ID: e434828191fb5f3877d4887c218682825aa59820
-commit a8dd6fe0aa10b6866830b4688a73ef966f0aed88
-Author: Damien Miller <djm@mindrot.org>
-Date: Fri Feb 23 14:19:11 2018 +1100
+commit 6247812c76f70b2245f3c23f5074665b3d436cae
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Thu Oct 8 01:15:16 2020 +0000
- space before tab in previous
+ upstream: don't misdetect comma-separated hostkey names as wildcards;
+
+ spotted by naddy@
+
+ OpenBSD-Commit-ID: 4b874edfec7fc324a21b130bdb42f912177739ce
-commit b5e9263c7704247f9624c8f5c458e9181fcdbc09
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date: Fri Feb 9 03:40:22 2018 +0000
+commit 67146c7d022a170be3cdad2f5f40259a663fb266
+Author: wangxp006 <wangxiaopeng7@huawei.com>
+Date: Thu Oct 8 17:49:59 2020 +0800
- upstream: Replace fatal with exit in the case that we do not have
+ fix TEST_MALLOC_OPTIONS var
+
+commit 3205eaa3f8883a34fa4559ddef6c90d1067c5cce
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Thu Oct 8 00:31:05 2020 +0000
+
+ upstream: clarify conditions for UpdateHostkeys
+
+ OpenBSD-Commit-ID: 9cba714cf6aeed769f998ccbe8c483077a618e27
+
+commit e8dfca9bfeff05de87160407fb3e6a5717fa3dcb
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Wed Oct 7 06:38:16 2020 +0000
+
+ upstream: remove GlobalKnownHostsFile for this test after
- $SUDO set. Prevents test failures when neither sudo nor doas are configured.
+ UpdateHostkeys change
- OpenBSD-Regress-ID: 6a0464decc4f8ac7d6eded556a032b0fc521bc7b
+ OpenBSD-Regress-ID: a940ad79d59343319613ba8fc46b6ef24aa3f8e1
-commit 3e9d3192ad43758ef761c5b0aa3ac5ccf8121ef2
-Author: Darren Tucker <dtucker@dtucker.net>
-Date: Fri Feb 23 14:10:53 2018 +1100
+commit 4aa2717d7517cff4bc423a6cfba3a2defb055aea
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Wed Oct 7 02:26:28 2020 +0000
+
+ upstream: Disable UpdateHostkeys when hostkey checking fails
+
+ If host key checking fails (i.e. a wrong host key is recorded for the
+ server) and the user elects to continue (via StrictHostKeyChecking=no),
+ then disable UpdateHostkeys for the session.
+
+ reminded by Mark D. Baushke; ok markus@
+
+ OpenBSD-Commit-ID: 98b524f121f4252309dd21becd8c4cacb0c6042a
+
+commit 04c06d04475f1f673e9d9743710d194453fe3888
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Wed Oct 7 02:25:43 2020 +0000
+
+ upstream: Fix UpdateHostkeys/HashKnownHosts/CheckHostIP bug
+
+ When all of UpdateHostkeys, HashKnownHosts and ChechHostIP
+ were enabled and new host keys were learned, known_hosts IP
+ entries were not being recorded for new host keys.
+
+ reported by matthieu@ ok markus@
+
+ OpenBSD-Commit-ID: a654a8290bd1c930aac509e8158cf85e42e49cb7
+
+commit b70e33711291f3081702133175a41cccafc0212a
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Wed Oct 7 02:24:51 2020 +0000
+
+ upstream: don't UpdateHostkeys when the hostkey is verified by the
+
+ GlobalKnownHostsFile file, support only UserKnownHostsFile matches
+
+ suggested by Mark D. Baushke; feedback and ok markus@
+
+ OpenBSD-Commit-ID: eabb771a6add676c398d38a143a1aff5f04abbb9
+
+commit aa623142e426ca1ab9db77b06dcc9b1b70bd102b
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Wed Oct 7 02:22:23 2020 +0000
+
+ upstream: revert kex->flags cert hostkey downgrade back to a plain
+
+ key (commitid VtF8vozGOF8DMKVg). We now do this a simpler way that needs less
+ plumbing.
+
+ ok markus@
+
+ OpenBSD-Commit-ID: fb92d25b216bff8c136da818ac2221efaadf18ed
- Use portable syntax for REGRESSTMP.
+commit f4f14e023cafee1cd9ebe4bb0db4029e6e1fafac
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Wed Oct 7 02:20:35 2020 +0000
-commit 73282b61187883a2b2bb48e087fdda1d751d6059
+ upstream: simply disable UpdateHostkeys when a certificate
+
+ successfully authenticated the host; simpler than the complicated plumbing
+ via kex->flags we have now.
+
+ ok markus@
+
+ OpenBSD-Commit-ID: 80e39644eed75717d563a7f177e8117a0e14f42c
+
+commit e79957e877db42c4c68fabcf6ecff2268e53acb5
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Feb 23 03:03:00 2018 +0000
+Date: Wed Oct 7 02:18:45 2020 +0000
- upstream: unbreak interop test after SSHv1 purge; patch from Colin
+ upstream: disable UpdateHostkeys by default if VerifyHostKeyDNS is
- Watson via bz#2823
+ enabled; suggested by Mark D. Baushke
- OpenBSD-Regress-ID: 807d30a597756ed6612bdf46dfebca74f49cb31a
+ OpenBSD-Commit-ID: 85a1b88592c81bc85df7ee7787dbbe721a0542bf
-commit f8985dde5f46aedade0373365cbf86ed3f1aead2
+commit 3d4c2016bae1a6f14b48c1150a4c79ca4c9968bd
Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date: Fri Feb 9 03:42:57 2018 +0000
+Date: Tue Oct 6 07:12:04 2020 +0000
- upstream: Skip sftp-chroot test when SUDO not set instead of
+ upstream: Agent protocol draft is now at rev 4. ok djm@
- fatal().
+ OpenBSD-Commit-ID: 8c01ea3aae48aab45e01b7421b0fca2dad5e7837
+
+commit af889a40ffc113af9105c03d7b32131eb4372d50
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Sun Oct 4 09:45:01 2020 +0000
+
+ upstream: when ordering host key algorithms in the client, consider
- OpenBSD-Regress-ID: cd4b5f1109b0dc09af4e5ea7d4968c43fbcbde88
+ the ECDSA key subtype; ok markus@
+
+ OpenBSD-Commit-ID: 3097686f853c61ff61772ea35f8b699931392ece
-commit df88551c02d4e3445c44ff67ba8757cff718609a
+commit 2d39fc9f7e039351daa3d6aead1538ac29258add
Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date: Fri Feb 9 03:40:22 2018 +0000
+Date: Sun Oct 4 03:04:02 2020 +0000
+
+ upstream: Allow full range of UIDs and GIDs for sftp chown and
+
+ chgrp on 32bit platforms instead of being limited by LONG_MAX. bz#3206,
+ found by booking00 at sina.cn, ok markus@
+
+ OpenBSD-Commit-ID: 373b7bbf1f15ae482d39567ce30d18b51c9229b5
+
+commit 396d32f3a1a16e54df2a76b2a9b237868580dcbe
+Author: djm@openbsd.org <djm@openbsd.org>
+Date: Sat Oct 3 09:22:26 2020 +0000
- upstream: Replace fatal with exit in the case that we do not have
+ upstream: There are lots of place where we want to redirect stdin,
- $SUDO set. Prevents test failures when neither sudo nor doas are configured.
+ stdout and/or stderr to /dev/null. Factor all these out to a single
+ stdfd_devnull() function that allows selection of which of these to redirect.
+ ok markus@
- OpenBSD-Regress-ID: 6a0464decc4f8ac7d6eded556a032b0fc521bc7b
+ OpenBSD-Commit-ID: 3033ba5a4c47cacfd5def020d42cabc52fad3099
-commit 3b252c20b19f093e87363de197f1100b79705dd3
+commit 1286981d08b8429a64613215ce8bff3f6b32488a
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Thu Feb 8 08:46:20 2018 +0000
+Date: Sat Oct 3 08:30:47 2020 +0000
- upstream: some helpers to check verbose/quiet mode
+ upstream: enable UpdateHostkeys by default when the configuration
- OpenBSD-Regress-ID: e736aac39e563f5360a0935080a71d5fdcb976de
+ has not overridden UserKnownHostsFile; ok markus@ "The timing is perfect"
+ deraadt@
+
+ OpenBSD-Commit-ID: 62df71c9c5242da5763cb473c2a2deefbd0cef60
-commit ac2e3026bbee1367e4cda34765d1106099be3287
+commit 332f21537293d66508f7342dc643bc7fe45f0f69
Author: djm@openbsd.org <djm@openbsd.org>
-Date: Fri Feb 23 02:34:33 2018 +0000
+Date: Sat Oct 3 08:12:59 2020 +0000
- upstream: Add BindInterface ssh_config directive and -B
+ upstream: disable UpdateHostkeys when a wildcard hostname pattern
- command-line argument to ssh(1) that directs it to bind its outgoing
- connection to the address of the specified network interface.
+ is encountered or when a certificate host key is in use. feedback/ok markus@
- BindInterface prefers to use addresses that aren't loopback or link-
- local, but will fall back to those if no other addresses of the
- required family are available on that interface.
+ OpenBSD-Commit-ID: b6e5575af7e6732322be82ec299e09051a5413bd
+
+commit 13cee44ef907824083d89cb9395adbbd552e46c1
+Author: djm@openbsd.org <djm@openbsd.or