thr3ads.net - freebsd stable - svn commit: r295367 - in stable/10: crypto/openssh crypto/openssh/contrib crypto/openssh/contrib/caldera crypto/openssh/contrib/cygwin crypto/openssh/contrib/redhat crypto/openssh/contrib/suse cryp... [Feb 2016]

If this information is useful, please help other people find it:
Share via:

Mike Tancsa

2016-Feb-29 16:19 UTC

svn commit: r295367 - in stable/10: crypto/openssh crypto/openssh/contrib crypto/openssh/contrib/caldera crypto/openssh/contrib/cygwin crypto/openssh/contrib/redhat crypto/openssh/contrib/suse cryp...

Hi,
	I noticed on a server that I updated on Friday that incorporates
r295367, some lightweight clients that were using aes128-cbc are now
failing to connect.  Is this a planned change ? If so, perhaps a heads
up in UPDATING ?



e.g. from an older client

 ssh -c aes128-cbc user at target.sentex.ca
no matching cipher found: client aes128-cbc server
chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at
openssh.com,aes256-gcm at openssh.com


and running sshd -ddd

debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug2: kex_parse_kexinit:
curve25519-sha256 at
libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
[preauth]
debug2: kex_parse_kexinit:
ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug2: kex_parse_kexinit:
chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at
openssh.com,aes256-gcm at openssh.com
[preauth]
debug2: kex_parse_kexinit:
chacha20-poly1305 at openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at
openssh.com,aes256-gcm at openssh.com
[preauth]
debug2: kex_parse_kexinit:
umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at
openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at
openssh.com,umac-64 at openssh.com,umac-128 at
openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
[preauth]
debug2: kex_parse_kexinit:
umac-64-etm at openssh.com,umac-128-etm at openssh.com,hmac-sha2-256-etm at
openssh.com,hmac-sha2-512-etm at openssh.com,hmac-sha1-etm at
openssh.com,umac-64 at openssh.com,umac-128 at
openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
[preauth]
debug2: kex_parse_kexinit: none,zlib at openssh.com [preauth]
debug2: kex_parse_kexinit: none,zlib at openssh.com [preauth]
debug2: kex_parse_kexinit:  [preauth]
debug2: kex_parse_kexinit:  [preauth]
debug2: first_kex_follows 0  [preauth]
debug2: reserved 0  [preauth]
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
[preauth]
debug2: kex_parse_kexinit: ssh-dss,ssh-rsa [preauth]
debug2: kex_parse_kexinit: aes128-cbc [preauth]
debug2: kex_parse_kexinit: aes128-cbc [preauth]
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,umac-64 at openssh.com,hmac-ripemd160,hmac-ripemd160 at
openssh.com,hmac-sha1-96,hmac-md5-96
[preauth]
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,umac-64 at openssh.com,hmac-ripemd160,hmac-ripemd160 at
openssh.com,hmac-sha1-96,hmac-md5-96
[preauth]
debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib [preauth]
debug2: kex_parse_kexinit: none,zlib at openssh.com,zlib [preauth]
debug2: kex_parse_kexinit:  [preauth]
debug2: kex_parse_kexinit:  [preauth]
debug2: first_kex_follows 0  [preauth]
debug2: reserved 0  [preauth]
Unable to negotiate with xx.yy.zz.146: no matching cipher found. Their
offer: aes128-cbc [preauth]
debug1: do_cleanup [preauth]



On 2/7/2016 6:38 AM, Dag-Erling Sm?rgrav wrote:> Author: des
> Date: Sun Feb  7 11:38:54 2016
> New Revision: 295367
> URL: https://svnweb.freebsd.org/changeset/base/295367
> 
> Log:
>   MFH (r265214, r294333, r294407, r294467): misc prop fixes
>   MFH (r285975, r287143): register mergeinfo for security fixes
>   MFH (r294497, r294498, r295139): internal documentation
>   MFH (r294328): upgrade to openssh 6.7p1, re-add libwrap
>   MFH (r294332): upgrade to openssh 6.8p1
>   MFH (r294367): update pam_ssh for api changes
>   MFH (r294909): switch usedns back on
>   MFH (r294336): upgrade to openssh 6.9p1
>   MFH (r294495): re-enable dsa keys
>   MFH (r294464): upgrade to openssh 7.0p1
>   MFH (r294496): upgrade to openssh 7.1p2
>   
>   Approved by:	re (gjb)
>   Relnotes:	yes
> 
> Added:
>   stable/10/crypto/openssh/.cvsignore
>      - copied unchanged from r294332, head/crypto/openssh/.cvsignore
>   stable/10/crypto/openssh/bitmap.c   (contents, props changed)
>      - copied, changed from r294332, head/crypto/openssh/bitmap.c
>      - copied unchanged from r294332, head/crypto/openssh/bitmap.h
>   stable/10/crypto/openssh/cipher-aesctr.c
>      - copied, changed from r294328, head/crypto/openssh/cipher-aesctr.c
>   stable/10/crypto/openssh/cipher-aesctr.h
>      - copied unchanged from r294328, head/crypto/openssh/cipher-aesctr.h
>      - copied unchanged from r294332, head/crypto/openssh/opacket.c
>      - copied unchanged from r294332, head/crypto/openssh/opacket.h
>   stable/10/crypto/openssh/openbsd-compat/.cvsignore
>      - copied unchanged from r294332,
head/crypto/openssh/openbsd-compat/.cvsignore
>   stable/10/crypto/openssh/openbsd-compat/kludge-fd_set.c
>      - copied unchanged from r294328,
head/crypto/openssh/openbsd-compat/kludge-fd_set.c
>      - copied unchanged from r294332,
head/crypto/openssh/openbsd-compat/md5.c
>      - copied unchanged from r294332,
head/crypto/openssh/openbsd-compat/md5.h
>      - copied unchanged from r294332,
head/crypto/openssh/openbsd-compat/reallocarray.c
>   stable/10/crypto/openssh/openbsd-compat/regress/.cvsignore
>      - copied unchanged from r294332,
head/crypto/openssh/openbsd-compat/regress/.cvsignore
>   stable/10/crypto/openssh/openbsd-compat/regress/opensslvertest.c
>      - copied unchanged from r294328,
head/crypto/openssh/openbsd-compat/regress/opensslvertest.c
>   stable/10/crypto/openssh/openbsd-compat/rmd160.c   (contents, props
changed)
>      - copied, changed from r294332,
head/crypto/openssh/openbsd-compat/rmd160.c
>      - copied unchanged from r294332,
head/crypto/openssh/openbsd-compat/rmd160.h
>      - copied unchanged from r294332,
head/crypto/openssh/openbsd-compat/sha1.c
>      - copied unchanged from r294332,
head/crypto/openssh/openbsd-compat/sha1.h
>   stable/10/crypto/openssh/regress/.cvsignore
>      - copied unchanged from r294332,
head/crypto/openssh/regress/.cvsignore
>      - copied unchanged from r294336,
head/crypto/openssh/regress/cfgparse.sh
>   stable/10/crypto/openssh/regress/hostkey-agent.sh   (contents, props
changed)
>      - copied, changed from r294332,
head/crypto/openssh/regress/hostkey-agent.sh
>   stable/10/crypto/openssh/regress/hostkey-rotate.sh   (contents, props
changed)
>      - copied, changed from r294332,
head/crypto/openssh/regress/hostkey-rotate.sh
>   stable/10/crypto/openssh/regress/keygen-knownhosts.sh   (contents, props
changed)
>      - copied, changed from r294332,
head/crypto/openssh/regress/keygen-knownhosts.sh
>      - copied unchanged from r294332,
head/crypto/openssh/regress/limit-keytype.sh
>      - copied unchanged from r294332,
head/crypto/openssh/regress/multipubkey.sh
>   stable/10/crypto/openssh/regress/netcat.c   (contents, props changed)
>      - copied, changed from r294332, head/crypto/openssh/regress/netcat.c
>   stable/10/crypto/openssh/regress/principals-command.sh   (contents, props
changed)
>      - copied, changed from r294336,
head/crypto/openssh/regress/principals-command.sh
>   stable/10/crypto/openssh/regress/t11.ok
>      - copied unchanged from r294332, head/crypto/openssh/regress/t11.ok
>   stable/10/crypto/openssh/regress/unittests/
>      - copied from r294328, head/crypto/openssh/regress/unittests/
>   stable/10/crypto/openssh/regress/unittests/bitmap/
>      - copied from r294332, head/crypto/openssh/regress/unittests/bitmap/
>   stable/10/crypto/openssh/regress/unittests/hostkeys/
>      - copied from r294332, head/crypto/openssh/regress/unittests/hostkeys/
>   stable/10/crypto/openssh/regress/unittests/kex/
>      - copied from r294332, head/crypto/openssh/regress/unittests/kex/
>      - copied unchanged from r294332,
head/crypto/openssh/regress/valgrind-unit.sh
>   stable/10/crypto/openssh/scard/.cvsignore
>      - copied unchanged from r294332, head/crypto/openssh/scard/.cvsignore
>      - copied unchanged from r294332, head/crypto/openssh/ssh_api.c
>      - copied unchanged from r294332, head/crypto/openssh/ssh_api.h
>   stable/10/crypto/openssh/sshbuf-getput-basic.c
>      - copied, changed from r294328,
head/crypto/openssh/sshbuf-getput-basic.c
>   stable/10/crypto/openssh/sshbuf-getput-crypto.c
>      - copied, changed from r294328,
head/crypto/openssh/sshbuf-getput-crypto.c
>   stable/10/crypto/openssh/sshbuf-misc.c
>      - copied, changed from r294328, head/crypto/openssh/sshbuf-misc.c
>   stable/10/crypto/openssh/sshbuf.c
>      - copied, changed from r294328, head/crypto/openssh/sshbuf.c
>   stable/10/crypto/openssh/sshbuf.h
>      - copied, changed from r294328, head/crypto/openssh/sshbuf.h
>   stable/10/crypto/openssh/ssherr.c
>      - copied, changed from r294328, head/crypto/openssh/ssherr.c
>   stable/10/crypto/openssh/ssherr.h
>      - copied, changed from r294328, head/crypto/openssh/ssherr.h
>   stable/10/crypto/openssh/sshkey.c
>      - copied, changed from r294328, head/crypto/openssh/sshkey.c
>   stable/10/crypto/openssh/sshkey.h
>      - copied, changed from r294328, head/crypto/openssh/sshkey.h
> Directory Properties:
>   stable/10/crypto/openssh/bitmap.h   (props changed)
>   stable/10/crypto/openssh/opacket.c   (props changed)
>   stable/10/crypto/openssh/opacket.h   (props changed)
>   stable/10/crypto/openssh/openbsd-compat/md5.c   (props changed)
>   stable/10/crypto/openssh/openbsd-compat/md5.h   (props changed)
>   stable/10/crypto/openssh/openbsd-compat/reallocarray.c   (props changed)
>   stable/10/crypto/openssh/openbsd-compat/rmd160.h   (props changed)
>   stable/10/crypto/openssh/openbsd-compat/sha1.c   (props changed)
>   stable/10/crypto/openssh/openbsd-compat/sha1.h   (props changed)
>   stable/10/crypto/openssh/regress/cfgparse.sh   (props changed)
>   stable/10/crypto/openssh/regress/limit-keytype.sh   (props changed)
>   stable/10/crypto/openssh/regress/multipubkey.sh   (props changed)
>   stable/10/crypto/openssh/regress/valgrind-unit.sh   (props changed)
>   stable/10/crypto/openssh/ssh_api.c   (props changed)
>   stable/10/crypto/openssh/ssh_api.h   (props changed)
> Deleted:
>   stable/10/crypto/openssh/compress.c
>   stable/10/crypto/openssh/compress.h
>   stable/10/crypto/openssh/contrib/caldera/
>   stable/10/crypto/openssh/moduli.0
>   stable/10/crypto/openssh/scp.0
>   stable/10/crypto/openssh/sftp-server.0
>   stable/10/crypto/openssh/sftp.0
>   stable/10/crypto/openssh/ssh-add.0
>   stable/10/crypto/openssh/ssh-agent.0
>   stable/10/crypto/openssh/ssh-keygen.0
>   stable/10/crypto/openssh/ssh-keyscan.0
>   stable/10/crypto/openssh/ssh-keysign.0
>   stable/10/crypto/openssh/ssh-pkcs11-helper.0
>   stable/10/crypto/openssh/ssh.0
>   stable/10/crypto/openssh/ssh_config.0
>   stable/10/crypto/openssh/sshd.0
>   stable/10/crypto/openssh/sshd_config.0
> Modified:
>   stable/10/crypto/openssh/ChangeLog
>   stable/10/crypto/openssh/FREEBSD-upgrade
>   stable/10/crypto/openssh/INSTALL
>   stable/10/crypto/openssh/Makefile.in
>   stable/10/crypto/openssh/OVERVIEW
>   stable/10/crypto/openssh/PROTOCOL
>   stable/10/crypto/openssh/PROTOCOL.agent
>   stable/10/crypto/openssh/PROTOCOL.krl
>   stable/10/crypto/openssh/PROTOCOL.mux
>   stable/10/crypto/openssh/README
>   stable/10/crypto/openssh/addrmatch.c
>   stable/10/crypto/openssh/atomicio.c
>   stable/10/crypto/openssh/auth-bsdauth.c
>   stable/10/crypto/openssh/auth-chall.c
>   stable/10/crypto/openssh/auth-krb5.c   (contents, props changed)
>   stable/10/crypto/openssh/auth-options.c
>   stable/10/crypto/openssh/auth-options.h
>   stable/10/crypto/openssh/auth-pam.c
>   stable/10/crypto/openssh/auth-passwd.c
>   stable/10/crypto/openssh/auth-rh-rsa.c
>   stable/10/crypto/openssh/auth-rhosts.c
>   stable/10/crypto/openssh/auth-rsa.c
>   stable/10/crypto/openssh/auth.c
>   stable/10/crypto/openssh/auth.h
>   stable/10/crypto/openssh/auth1.c
>   stable/10/crypto/openssh/auth2-chall.c
>   stable/10/crypto/openssh/auth2-gss.c
>   stable/10/crypto/openssh/auth2-hostbased.c
>   stable/10/crypto/openssh/auth2-kbdint.c
>   stable/10/crypto/openssh/auth2-none.c
>   stable/10/crypto/openssh/auth2-passwd.c
>   stable/10/crypto/openssh/auth2-pubkey.c
>   stable/10/crypto/openssh/auth2.c
>   stable/10/crypto/openssh/authfd.c
>   stable/10/crypto/openssh/authfd.h
>   stable/10/crypto/openssh/authfile.c
>   stable/10/crypto/openssh/authfile.h
>   stable/10/crypto/openssh/bufaux.c
>   stable/10/crypto/openssh/bufbn.c
>   stable/10/crypto/openssh/bufec.c
>   stable/10/crypto/openssh/buffer.c
>   stable/10/crypto/openssh/buffer.h
>   stable/10/crypto/openssh/canohost.c
>   stable/10/crypto/openssh/chacha.h
>   stable/10/crypto/openssh/channels.c
>   stable/10/crypto/openssh/channels.h
>   stable/10/crypto/openssh/cipher-3des1.c
>   stable/10/crypto/openssh/cipher-bf1.c
>   stable/10/crypto/openssh/cipher-chachapoly.c
>   stable/10/crypto/openssh/cipher-chachapoly.h
>   stable/10/crypto/openssh/cipher-ctr.c
>   stable/10/crypto/openssh/cipher.c
>   stable/10/crypto/openssh/cipher.h
>   stable/10/crypto/openssh/clientloop.c
>   stable/10/crypto/openssh/compat.c
>   stable/10/crypto/openssh/compat.h
>   stable/10/crypto/openssh/config.guess
>   stable/10/crypto/openssh/config.h
>   stable/10/crypto/openssh/configure.ac
>   stable/10/crypto/openssh/contrib/Makefile
>   stable/10/crypto/openssh/contrib/README
>   stable/10/crypto/openssh/contrib/cygwin/README
>   stable/10/crypto/openssh/contrib/cygwin/ssh-host-config
>   stable/10/crypto/openssh/contrib/cygwin/ssh-user-config
>   stable/10/crypto/openssh/contrib/redhat/openssh.spec
>   stable/10/crypto/openssh/contrib/suse/openssh.spec
>   stable/10/crypto/openssh/deattack.c
>   stable/10/crypto/openssh/deattack.h
>   stable/10/crypto/openssh/defines.h
>   stable/10/crypto/openssh/dh.c
>   stable/10/crypto/openssh/dh.h
>   stable/10/crypto/openssh/digest-libc.c
>   stable/10/crypto/openssh/digest-openssl.c
>   stable/10/crypto/openssh/digest.h
>   stable/10/crypto/openssh/dispatch.c
>   stable/10/crypto/openssh/dispatch.h
>   stable/10/crypto/openssh/dns.c
>   stable/10/crypto/openssh/dns.h
>   stable/10/crypto/openssh/entropy.c
>   stable/10/crypto/openssh/ge25519.h
>   stable/10/crypto/openssh/groupaccess.c
>   stable/10/crypto/openssh/gss-genr.c
>   stable/10/crypto/openssh/gss-serv-krb5.c
>   stable/10/crypto/openssh/gss-serv.c
>   stable/10/crypto/openssh/hmac.c
>   stable/10/crypto/openssh/hmac.h
>   stable/10/crypto/openssh/hostfile.c
>   stable/10/crypto/openssh/hostfile.h
>   stable/10/crypto/openssh/includes.h
>   stable/10/crypto/openssh/kex.c
>   stable/10/crypto/openssh/kex.h
>   stable/10/crypto/openssh/kexc25519.c
>   stable/10/crypto/openssh/kexc25519c.c
>   stable/10/crypto/openssh/kexc25519s.c
>   stable/10/crypto/openssh/kexdh.c
>   stable/10/crypto/openssh/kexdhc.c
>   stable/10/crypto/openssh/kexdhs.c
>   stable/10/crypto/openssh/kexecdh.c
>   stable/10/crypto/openssh/kexecdhc.c
>   stable/10/crypto/openssh/kexecdhs.c
>   stable/10/crypto/openssh/kexgex.c
>   stable/10/crypto/openssh/kexgexc.c
>   stable/10/crypto/openssh/kexgexs.c
>   stable/10/crypto/openssh/key.c
>   stable/10/crypto/openssh/key.h
>   stable/10/crypto/openssh/krl.c
>   stable/10/crypto/openssh/krl.h
>   stable/10/crypto/openssh/log.c
>   stable/10/crypto/openssh/loginrec.c
>   stable/10/crypto/openssh/mac.c
>   stable/10/crypto/openssh/mac.h
>   stable/10/crypto/openssh/match.c
>   stable/10/crypto/openssh/match.h
>   stable/10/crypto/openssh/misc.c
>   stable/10/crypto/openssh/misc.h
>   stable/10/crypto/openssh/moduli
>   stable/10/crypto/openssh/moduli.c
>   stable/10/crypto/openssh/monitor.c
>   stable/10/crypto/openssh/monitor.h
>   stable/10/crypto/openssh/monitor_fdpass.c
>   stable/10/crypto/openssh/monitor_mm.c
>   stable/10/crypto/openssh/monitor_wrap.c
>   stable/10/crypto/openssh/monitor_wrap.h
>   stable/10/crypto/openssh/msg.c
>   stable/10/crypto/openssh/msg.h
>   stable/10/crypto/openssh/mux.c
>   stable/10/crypto/openssh/myproposal.h
>   stable/10/crypto/openssh/openbsd-compat/Makefile.in
>   stable/10/crypto/openssh/openbsd-compat/arc4random.c
>   stable/10/crypto/openssh/openbsd-compat/bcrypt_pbkdf.c
>   stable/10/crypto/openssh/openbsd-compat/bsd-cygwin_util.c
>   stable/10/crypto/openssh/openbsd-compat/bsd-cygwin_util.h
>   stable/10/crypto/openssh/openbsd-compat/bsd-misc.c
>   stable/10/crypto/openssh/openbsd-compat/bsd-misc.h
>   stable/10/crypto/openssh/openbsd-compat/bsd-snprintf.c
>   stable/10/crypto/openssh/openbsd-compat/explicit_bzero.c
>   stable/10/crypto/openssh/openbsd-compat/fake-rfc2553.h
>   stable/10/crypto/openssh/openbsd-compat/getrrsetbyname-ldns.c
>   stable/10/crypto/openssh/openbsd-compat/openbsd-compat.h
>   stable/10/crypto/openssh/openbsd-compat/openssl-compat.c
>   stable/10/crypto/openssh/openbsd-compat/openssl-compat.h
>   stable/10/crypto/openssh/openbsd-compat/port-linux.c
>   stable/10/crypto/openssh/openbsd-compat/port-tun.c
>   stable/10/crypto/openssh/openbsd-compat/port-uw.c
>   stable/10/crypto/openssh/openbsd-compat/readpassphrase.c
>   stable/10/crypto/openssh/openbsd-compat/realpath.c
>   stable/10/crypto/openssh/openbsd-compat/regress/Makefile.in
>   stable/10/crypto/openssh/openbsd-compat/sha2.c
>   stable/10/crypto/openssh/openbsd-compat/sha2.h
>   stable/10/crypto/openssh/openbsd-compat/xcrypt.c
>   stable/10/crypto/openssh/opensshd.init.in
>   stable/10/crypto/openssh/packet.c
>   stable/10/crypto/openssh/packet.h
>   stable/10/crypto/openssh/platform.c
>   stable/10/crypto/openssh/poly1305.h
>   stable/10/crypto/openssh/progressmeter.c
>   stable/10/crypto/openssh/progressmeter.h
>   stable/10/crypto/openssh/readconf.c
>   stable/10/crypto/openssh/readconf.h
>   stable/10/crypto/openssh/regress/Makefile
>   stable/10/crypto/openssh/regress/README.regress
>   stable/10/crypto/openssh/regress/agent-pkcs11.sh
>   stable/10/crypto/openssh/regress/agent-timeout.sh
>   stable/10/crypto/openssh/regress/agent.sh
>   stable/10/crypto/openssh/regress/broken-pipe.sh
>   stable/10/crypto/openssh/regress/cert-hostkey.sh
>   stable/10/crypto/openssh/regress/cert-userkey.sh
>   stable/10/crypto/openssh/regress/cfgmatch.sh
>   stable/10/crypto/openssh/regress/cipher-speed.sh
>   stable/10/crypto/openssh/regress/connect-privsep.sh
>   stable/10/crypto/openssh/regress/connect.sh
>   stable/10/crypto/openssh/regress/dhgex.sh
>   stable/10/crypto/openssh/regress/dynamic-forward.sh
>   stable/10/crypto/openssh/regress/exit-status.sh
>   stable/10/crypto/openssh/regress/forcecommand.sh
>   stable/10/crypto/openssh/regress/forward-control.sh
>   stable/10/crypto/openssh/regress/forwarding.sh
>   stable/10/crypto/openssh/regress/host-expand.sh
>   stable/10/crypto/openssh/regress/integrity.sh
>   stable/10/crypto/openssh/regress/kextype.sh
>   stable/10/crypto/openssh/regress/key-options.sh
>   stable/10/crypto/openssh/regress/keygen-change.sh
>   stable/10/crypto/openssh/regress/keys-command.sh
>   stable/10/crypto/openssh/regress/keyscan.sh
>   stable/10/crypto/openssh/regress/keytype.sh
>   stable/10/crypto/openssh/regress/krl.sh
>   stable/10/crypto/openssh/regress/localcommand.sh
>   stable/10/crypto/openssh/regress/login-timeout.sh
>   stable/10/crypto/openssh/regress/multiplex.sh
>   stable/10/crypto/openssh/regress/proto-mismatch.sh
>   stable/10/crypto/openssh/regress/proto-version.sh
>   stable/10/crypto/openssh/regress/proxy-connect.sh
>   stable/10/crypto/openssh/regress/reconfigure.sh
>   stable/10/crypto/openssh/regress/reexec.sh
>   stable/10/crypto/openssh/regress/rekey.sh
>   stable/10/crypto/openssh/regress/ssh-com.sh
>   stable/10/crypto/openssh/regress/ssh2putty.sh
>   stable/10/crypto/openssh/regress/sshd-log-wrapper.sh
>   stable/10/crypto/openssh/regress/stderr-data.sh
>   stable/10/crypto/openssh/regress/t4.ok
>   stable/10/crypto/openssh/regress/test-exec.sh
>   stable/10/crypto/openssh/regress/transfer.sh
>   stable/10/crypto/openssh/regress/try-ciphers.sh
>   stable/10/crypto/openssh/regress/unittests/Makefile
>   stable/10/crypto/openssh/regress/unittests/Makefile.inc
>   stable/10/crypto/openssh/regress/unittests/hostkeys/test_iterate.c  
(contents, props changed)
>   stable/10/crypto/openssh/regress/unittests/kex/test_kex.c   (contents,
props changed)
>  
stable/10/crypto/openssh/regress/unittests/sshbuf/test_sshbuf_getput_crypto.c
>  
stable/10/crypto/openssh/regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c
>   stable/10/crypto/openssh/regress/unittests/sshkey/common.c
>   stable/10/crypto/openssh/regress/unittests/sshkey/mktestdata.sh
>   stable/10/crypto/openssh/regress/unittests/sshkey/test_file.c
>   stable/10/crypto/openssh/regress/unittests/sshkey/test_fuzz.c
>   stable/10/crypto/openssh/regress/unittests/sshkey/test_sshkey.c
>   stable/10/crypto/openssh/regress/unittests/sshkey/testdata/dsa_1
>   stable/10/crypto/openssh/regress/unittests/sshkey/testdata/dsa_1-cert.fp
>   stable/10/crypto/openssh/regress/unittests/sshkey/testdata/dsa_1-cert.pub
(contents, props changed)
>   stable/10/crypto/openssh/regress/unittests/sshkey/testdata/dsa_1.fp
>   stable/10/crypto/openssh/regress/unittests/sshkey/testdata/dsa_1.fp.bb
>   stable/10/crypto/openssh/regress/unittests/sshkey/testdata/dsa_1.param.g
>  
stable/10/crypto/openssh/regress/unittests/sshkey/testdata/dsa_1.param.priv
>  
stable/10/crypto/openssh/regress/unittests/sshkey/testdata/dsa_1.param.pub  
(contents, props changed)
>   stable/10/crypto/openssh/regress/unittests/sshkey/testdata/dsa_1.pub  
(contents, props changed)
>   stable/10/crypto/openssh/regress/unittests/sshkey/testdata/dsa_1_pw
>   stable/10/crypto/openssh/regress/unittests/sshkey/testdata/dsa_2
>   stable/10/crypto/openssh/regress/unittests/sshkey/testdata/dsa_2.fp
>   stable/10/crypto/openssh/regress/unittests/sshkey/testdata/dsa_2.fp.bb
>   stable/10/crypto/openssh/regress/unittests/sshkey/testdata/dsa_2.pub  
(contents, props changed)
>   stable/10/crypto/openssh/regress/unittests/sshkey/testdata/dsa_n
>   stable/10/crypto/openssh/regress/unittests/sshkey/testdata/dsa_n_pw
>   stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_1
>  
stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_1-cert.fp
>  
stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_1-cert.pub  
(contents, props changed)
>   stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_1.fp
>   stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_1.fp.bb
>  
stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_1.param.priv
>  
stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_1.param.pub  
(contents, props changed)
>   stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_1.pub  
(contents, props changed)
>   stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_1_pw
>   stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_2
>   stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_2.fp
>   stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_2.fp.bb
>  
stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_2.param.priv
>  
stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_2.param.pub  
(contents, props changed)
>   stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_2.pub  
(contents, props changed)
>   stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_n
>   stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_n_pw
>   stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ed25519_1
>  
stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ed25519_1-cert.fp
>  
stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ed25519_1-cert.pub  
(contents, props changed)
>   stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ed25519_1.fp
>  
stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ed25519_1.fp.bb
>   stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ed25519_1.pub 
(contents, props changed)
>   stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ed25519_1_pw
>   stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ed25519_2
>   stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ed25519_2.fp
>  
stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ed25519_2.fp.bb
>   stable/10/crypto/openssh/regress/unittests/sshkey/testdata/ed25519_2.pub 
(contents, props changed)
>   stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa1_1
>   stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa1_1.fp
>   stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa1_1.fp.bb
>   stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa1_1.param.n
>   stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa1_1.pub  
(contents, props changed)
>   stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa1_1_pw
>   stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa1_2
>   stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa1_2.fp
>   stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa1_2.fp.bb
>   stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa1_2.param.n
>   stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa1_2.pub  
(contents, props changed)
>   stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa_1
>   stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa_1-cert.fp
>   stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa_1-cert.pub
(contents, props changed)
>   stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa_1.fp
>   stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa_1.fp.bb
>   stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa_1.param.n
>   stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa_1.param.p
>   stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa_1.param.q
>   stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa_1.pub  
(contents, props changed)
>   stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa_1_pw
>   stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa_2
>   stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa_2.fp
>   stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa_2.fp.bb
>   stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa_2.param.n
>   stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa_2.param.p
>   stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa_2.param.q
>   stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa_2.pub  
(contents, props changed)
>   stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa_n
>   stable/10/crypto/openssh/regress/unittests/sshkey/testdata/rsa_n_pw
>   stable/10/crypto/openssh/regress/unittests/test_helper/Makefile
>   stable/10/crypto/openssh/regress/unittests/test_helper/fuzz.c
>   stable/10/crypto/openssh/regress/unittests/test_helper/test_helper.c
>   stable/10/crypto/openssh/regress/unittests/test_helper/test_helper.h
>   stable/10/crypto/openssh/regress/yes-head.sh
>   stable/10/crypto/openssh/rijndael.c
>   stable/10/crypto/openssh/rijndael.h
>   stable/10/crypto/openssh/roaming_client.c
>   stable/10/crypto/openssh/roaming_common.c
>   stable/10/crypto/openssh/roaming_dummy.c
>   stable/10/crypto/openssh/rsa.c
>   stable/10/crypto/openssh/rsa.h
>   stable/10/crypto/openssh/sandbox-seccomp-filter.c
>   stable/10/crypto/openssh/sandbox-systrace.c
>   stable/10/crypto/openssh/scp.1
>   stable/10/crypto/openssh/scp.c
>   stable/10/crypto/openssh/servconf.c
>   stable/10/crypto/openssh/servconf.h
>   stable/10/crypto/openssh/serverloop.c
>   stable/10/crypto/openssh/session.c
>   stable/10/crypto/openssh/sftp-client.c
>   stable/10/crypto/openssh/sftp-client.h
>   stable/10/crypto/openssh/sftp-common.c
>   stable/10/crypto/openssh/sftp-common.h
>   stable/10/crypto/openssh/sftp-glob.c
>   stable/10/crypto/openssh/sftp-server.8
>   stable/10/crypto/openssh/sftp-server.c
>   stable/10/crypto/openssh/sftp.1
>   stable/10/crypto/openssh/sftp.c
>   stable/10/crypto/openssh/ssh-add.1
>   stable/10/crypto/openssh/ssh-add.c
>   stable/10/crypto/openssh/ssh-agent.1
>   stable/10/crypto/openssh/ssh-agent.c
>   stable/10/crypto/openssh/ssh-dss.c
>   stable/10/crypto/openssh/ssh-ecdsa.c
>   stable/10/crypto/openssh/ssh-ed25519.c
>   stable/10/crypto/openssh/ssh-keygen.1
>   stable/10/crypto/openssh/ssh-keygen.c
>   stable/10/crypto/openssh/ssh-keyscan.1
>   stable/10/crypto/openssh/ssh-keyscan.c
>   stable/10/crypto/openssh/ssh-keysign.c
>   stable/10/crypto/openssh/ssh-pkcs11-client.c
>   stable/10/crypto/openssh/ssh-pkcs11-helper.c
>   stable/10/crypto/openssh/ssh-pkcs11.c
>   stable/10/crypto/openssh/ssh-pkcs11.h
>   stable/10/crypto/openssh/ssh-rsa.c
>   stable/10/crypto/openssh/ssh.1
>   stable/10/crypto/openssh/ssh.c
>   stable/10/crypto/openssh/ssh.h
>   stable/10/crypto/openssh/ssh_config
>   stable/10/crypto/openssh/ssh_config.5
>   stable/10/crypto/openssh/ssh_namespace.h
>   stable/10/crypto/openssh/sshconnect.c
>   stable/10/crypto/openssh/sshconnect1.c
>   stable/10/crypto/openssh/sshconnect2.c
>   stable/10/crypto/openssh/sshd.8
>   stable/10/crypto/openssh/sshd.c
>   stable/10/crypto/openssh/sshd_config
>   stable/10/crypto/openssh/sshd_config.5
>   stable/10/crypto/openssh/sshlogin.c
>   stable/10/crypto/openssh/sshpty.c
>   stable/10/crypto/openssh/uidswap.c
>   stable/10/crypto/openssh/umac.c
>   stable/10/crypto/openssh/uuencode.c
>   stable/10/crypto/openssh/version.h
>   stable/10/crypto/openssh/xmalloc.c
>   stable/10/crypto/openssh/xmalloc.h
>   stable/10/lib/libpam/modules/pam_ssh/pam_ssh.c
>   stable/10/secure/lib/libssh/Makefile
>   stable/10/secure/usr.sbin/sshd/Makefile
> Directory Properties:
>   stable/10/   (props changed)
>   stable/10/crypto/openssh/   (props changed)
>   stable/10/crypto/openssh/openbsd-compat/   (props changed)
>   stable/10/crypto/openssh/openbsd-compat/regress/   (props changed)
>   stable/10/crypto/openssh/regress/unittests/bitmap/Makefile   (props
changed)
>   stable/10/crypto/openssh/regress/unittests/bitmap/tests.c   (props
changed)
>   stable/10/crypto/openssh/regress/unittests/hostkeys/Makefile   (props
changed)
>   stable/10/crypto/openssh/regress/unittests/hostkeys/mktestdata.sh  
(props changed)
>   stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/dsa_1.pub  
(props changed)
>   stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/dsa_2.pub  
(props changed)
>   stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/dsa_3.pub  
(props changed)
>   stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/dsa_4.pub  
(props changed)
>   stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/dsa_5.pub  
(props changed)
>   stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/dsa_6.pub  
(props changed)
>   stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/ecdsa_1.pub 
(props changed)
>   stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/ecdsa_2.pub 
(props changed)
>   stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/ecdsa_3.pub 
(props changed)
>   stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/ecdsa_4.pub 
(props changed)
>   stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/ecdsa_5.pub 
(props changed)
>   stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/ecdsa_6.pub 
(props changed)
>  
stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/ed25519_1.pub  
(props changed)
>  
stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/ed25519_2.pub  
(props changed)
>  
stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/ed25519_3.pub  
(props changed)
>  
stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/ed25519_4.pub  
(props changed)
>  
stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/ed25519_5.pub  
(props changed)
>  
stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/ed25519_6.pub  
(props changed)
>   stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/rsa1_1.pub  
(props changed)
>   stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/rsa1_2.pub  
(props changed)
>   stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/rsa1_3.pub  
(props changed)
>   stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/rsa1_4.pub  
(props changed)
>   stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/rsa1_5.pub  
(props changed)
>   stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/rsa1_6.pub  
(props changed)
>   stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/rsa_1.pub  
(props changed)
>   stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/rsa_2.pub  
(props changed)
>   stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/rsa_3.pub  
(props changed)
>   stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/rsa_4.pub  
(props changed)
>   stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/rsa_5.pub  
(props changed)
>   stable/10/crypto/openssh/regress/unittests/hostkeys/testdata/rsa_6.pub  
(props changed)
>   stable/10/crypto/openssh/regress/unittests/hostkeys/tests.c   (props
changed)
>   stable/10/crypto/openssh/regress/unittests/kex/Makefile   (props changed)
>   stable/10/crypto/openssh/regress/unittests/kex/tests.c   (props changed)
> 
> Copied: stable/10/crypto/openssh/.cvsignore (from r294332,
head/crypto/openssh/.cvsignore)
>
=============================================================================>
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
> +++ stable/10/crypto/openssh/.cvsignore	Sun Feb  7 11:38:54 2016	(r295367,
copy of r294332, head/crypto/openssh/.cvsignore)
> @@ -0,0 +1,28 @@
> +*.0
> +*.out
> +Makefile
> +autom4te.cache
> +buildit.sh
> +buildpkg.sh
> +config.cache
> +config.h
> +config.h.in
> +config.log
> +config.status
> +configure
> +openssh.xml
> +opensshd.init
> +scp
> +sftp
> +sftp-server
> +ssh
> +ssh-add
> +ssh-agent
> +ssh-keygen
> +ssh-keyscan
> +ssh-keysign
> +ssh-pkcs11-helper
> +sshd
> +stamp-h.in
> +survey
> +survey.sh
> 
> Modified: stable/10/crypto/openssh/ChangeLog
>
=============================================================================>
--- stable/10/crypto/openssh/ChangeLog	Sun Feb  7 09:51:22 2016	(r295366)
> +++ stable/10/crypto/openssh/ChangeLog	Sun Feb  7 11:38:54 2016	(r295367)
> @@ -1,2887 +1,7615 @@
> -20140313
> - - (djm) Release OpenSSH 6.6
> -
> -20140304
> - - OpenBSD CVS Sync
> -   - djm at cvs.openbsd.org 2014/03/03 22:22:30
> -     [session.c]
> -     ignore enviornment variables with embedded '=' or
'\0' characters;
> -     spotted by Jann Horn; ok deraadt@
> -
> -20140301
> - - (djm) [regress/Makefile] Disable dhgex regress test; it breaks when
> -   no moduli file exists at the expected location.
> -
> -20140228
> - - OpenBSD CVS Sync
> -   - djm at cvs.openbsd.org 2014/02/27 00:41:49
> -     [bufbn.c]
> -     fix unsigned overflow that could lead to reading a short ssh protocol
> -     1 bignum value; found by Ben Hawkes; ok deraadt@
> -   - djm at cvs.openbsd.org 2014/02/27 08:25:09
> -     [bufbn.c]
> -     off by one in range check
> -   - djm at cvs.openbsd.org 2014/02/27 22:47:07
> -     [sshd_config.5]
> -     bz#2184 clarify behaviour of a keyword that appears in multiple
> -     matching Match blocks; ok dtucker@
> -   - djm at cvs.openbsd.org 2014/02/27 22:57:40
> -     [version.h]
> -     openssh-6.6
> -   - dtucker at cvs.openbsd.org 2014/01/19 23:43:02
> -     [regress/sftp-chroot.sh]
> -     Don't use -q on sftp as it suppresses logging, instead redirect
the
> -     output to the regress logfile.
> -   - dtucker at cvs.openbsd.org 2014/01/20 00:00:30
> -     [sregress/ftp-chroot.sh]
> -     append to rather than truncating the log file
> -   - dtucker at cvs.openbsd.org 2014/01/25 04:35:32
> -     [regress/Makefile regress/dhgex.sh]
> -     Add a test for DH GEX sizes
> -   - djm at cvs.openbsd.org 2014/01/26 10:22:10
> -     [regress/cert-hostkey.sh]
> -     automatically generate revoked keys from listed keys rather than
> -     manually specifying each type; from portable
> -     (Id sync only)
> -   - djm at cvs.openbsd.org 2014/01/26 10:49:17
> -     [scp-ssh-wrapper.sh scp.sh]
> -     make sure $SCP is tested on the remote end rather than whichever one
> -     happens to be in $PATH; from portable
> -     (Id sync only)
> -   - djm at cvs.openbsd.org 2014/02/27 20:04:16
> -     [login-timeout.sh]
> -     remove any existing LoginGraceTime from sshd_config before adding
> -     a specific one for the test back in
> -   - djm at cvs.openbsd.org 2014/02/27 21:21:25
> -     [agent-ptrace.sh agent.sh]
> -     keep return values that are printed in error messages;
> -     from portable
> -     (Id sync only)
> - - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
> -   [contrib/suse/openssh.spec] Crank version numbers
> - - (djm) [regress/host-expand.sh] Add RCS Id
> -
> -20140227
> - - OpenBSD CVS Sync
> -   - djm at cvs.openbsd.org 2014/02/26 20:18:37
> -     [ssh.c]
> -     bz#2205: avoid early hostname lookups unless canonicalisation is
enabled;
> -     ok dtucker@ markus@
> -   - djm at cvs.openbsd.org 2014/02/26 20:28:44
> -     [auth2-gss.c gss-serv.c ssh-gss.h sshd.c]
> -     bz#2107 - cache OIDs of supported GSSAPI mechanisms before privsep
> -     sandboxing, as running this code in the sandbox can cause violations;
> -     ok markus@
> -   - djm at cvs.openbsd.org 2014/02/26 20:29:29
> -     [channels.c]
> -     don't assume that the socks4 username is \0 terminated;
> -     spotted by Ben Hawkes; ok markus@
> -   - markus at cvs.openbsd.org 2014/02/26 21:53:37
> -     [sshd.c]
> -     ssh_gssapi_prepare_supported_oids needs GSSAPI
> -
> -20140224
> - - OpenBSD CVS Sync
> -   - djm at cvs.openbsd.org 2014/02/07 06:55:54
> -     [cipher.c mac.c]
> -     remove some logging that makes ssh debugging output very verbose;
> -     ok markus
> -   - djm at cvs.openbsd.org 2014/02/15 23:05:36
> -     [channels.c]
> -     avoid spurious "getsockname failed: Bad file descriptor"
errors in ssh -W;
> -     bz#2200, debian#738692 via Colin Watson; ok dtucker@
> -   - djm at cvs.openbsd.org 2014/02/22 01:32:19
> -     [readconf.c]
> -     when processing Match blocks, skip 'exec' clauses if previous
predicates
> -     failed to match; ok markus@
> -   - djm at cvs.openbsd.org 2014/02/23 20:03:42
> -     [ssh-ed25519.c]
> -     check for unsigned overflow; not reachable in OpenSSH but others
might
> -     copy our code...
> -   - djm at cvs.openbsd.org 2014/02/23 20:11:36
> -     [readconf.c readconf.h ssh.c ssh_config.5]
> -     reparse ssh_config and ~/.ssh/config if hostname canonicalisation
changes
> -     the hostname. This allows users to write configurations that always
> -     refer to canonical hostnames, e.g.
> -     
> -     CanonicalizeHostname yes
> -     CanonicalDomains int.example.org example.org
> -     CanonicalizeFallbackLocal no
> -     
> -     Host *.int.example.org
> -         Compression off
> -     Host *.example.org
> -         User djm
> -     
> -     ok markus@
> +commit c88ac102f0eb89f2eaa314cb2e2e0ca3c890c443
> +Author: Damien Miller <djm at mindrot.org>
> +Date:   Thu Jan 14 11:08:19 2016 +1100
> +
> +    bump version numbers
> +
> +commit 302bc21e6fadacb04b665868cd69b625ef69df90
> +Author: Damien Miller <djm at mindrot.org>
> +Date:   Thu Jan 14 11:04:04 2016 +1100
> +
> +    openssh-7.1p2
> +
> +commit 6b33763242c063e4e0593877e835eeb1fd1b60aa
> +Author: Damien Miller <djm at mindrot.org>
> +Date:   Thu Jan 14 11:02:58 2016 +1100
> +
> +    forcibly disable roaming support in the client
> +
> +commit 34d364f0d2e1e30a444009f0e04299bb7c94ba13
> +Author: djm at openbsd.org <djm at openbsd.org>
> +Date:   Mon Oct 5 17:11:21 2015 +0000
> +
> +    upstream commit
> +    
> +    some more bzero->explicit_bzero, from Michael McConville
> +    
> +    Upstream-ID: 17f19545685c33327db2efdc357c1c9225ff00d0
> +
> +commit 8f5b93026797b9f7fba90d0c717570421ccebbd3
> +Author: guenther at openbsd.org <guenther at openbsd.org>
> +Date:   Fri Sep 11 08:50:04 2015 +0000
> +
> +    upstream commit
> +    
> +    Use explicit_bzero() when zeroing before free()
> +    
> +    from Michael McConville (mmcconv1 (at) sccs.swarthmore.edu)
> +    ok millert@ djm@
> +    
> +    Upstream-ID: 2e3337db046c3fe70c7369ee31515ac73ec00f50
> +
> +commit d77148e3a3ef6c29b26ec74331455394581aa257
> +Author: djm at openbsd.org <djm at openbsd.org>
> +Date:   Sun Nov 8 21:59:11 2015 +0000
> +
> +    upstream commit
> +    
> +    fix OOB read in packet code caused by missing return
> +     statement found by Ben Hawkes; ok markus@ deraadt@
> +    
> +    Upstream-ID: a3e3a85434ebfa0690d4879091959591f30efc62
> +
> +commit 076d849e17ab12603627f87b301e2dca71bae518
> +Author: Damien Miller <djm at mindrot.org>
> +Date:   Sat Nov 14 18:44:49 2015 +1100
> +
> +    read back from libcrypto RAND when privdropping
> +    
> +    makes certain libcrypto implementations cache a /dev/urandom fd
> +    in preparation of sandboxing. Based on patch by Greg Hartman.
> +
> +commit f72adc0150011a28f177617a8456e1f83733099d
> +Author: djm at openbsd.org <djm at openbsd.org>
> +Date:   Sun Dec 13 22:42:23 2015 +0000
> +
> +    upstream commit
> +    
> +    unbreak connections with peers that set
> +     first_kex_follows; fix from Matt Johnston va bz#2515
> +    
> +    Upstream-ID: decc88ec4fc7515594fdb42b04aa03189a44184b
> +
> +commit 04bd8d019ccd906cac1a2b362517b8505f3759e6
> +Author: djm at openbsd.org <djm at openbsd.org>
> +Date:   Tue Jan 12 23:42:54 2016 +0000
> +
> +    upstream commit
> +    
> +    use explicit_bzero() more liberally in the buffer code; ok
> +     deraadt
> +    
> +    Upstream-ID: 0ece37069fd66bc6e4f55eb1321f93df372b65bf
> +
> +commit e91346dc2bbf460246df2ab591b7613908c1b0ad
> +Author: Damien Miller <djm at mindrot.org>
> +Date:   Fri Aug 21 14:49:03 2015 +1000
> +
> +    we don't use Github for issues/pull-requests
> +
> +commit a4f5b507c708cc3dc2c8dd2d02e4416d7514dc23
> +Author: Damien Miller <djm at mindrot.org>
> +Date:   Fri Aug 21 14:43:55 2015 +1000
> +
> +    fix URL for connect.c
> +
> +commit d026a8d3da0f8186598442997c7d0a28e7275414
> +Author: Damien Miller <djm at mindrot.org>
> +Date:   Fri Aug 21 13:47:10 2015 +1000
> +
> +    update version numbers for 7.1
> +
> +commit 78f8f589f0ca1c9f41e5a9bae3cda5ce8a6b42ed
> +Author: djm at openbsd.org <djm at openbsd.org>
> +Date:   Fri Aug 21 03:45:26 2015 +0000
> +
> +    upstream commit
> +    
> +    openssh-7.1
> +    
> +    Upstream-ID: ff7b1ef4b06caddfb45e08ba998128c88be3d73f
> +
> +commit 32a181980c62fce94f7f9ffaf6a79d90f0c309cf
> +Author: djm at openbsd.org <djm at openbsd.org>
> +Date:   Fri Aug 21 03:42:19 2015 +0000
> +
> +    upstream commit
> +    
> +    fix inverted logic that broke PermitRootLogin; reported
> +     by Mantas Mikulenas; ok markus@
> +    
> +    Upstream-ID: 260dd6a904c1bb7e43267e394b1c9cf70bdd5ea5
> +
> +commit ce445b0ed927e45bd5bdce8f836eb353998dd65c
> +Author: deraadt at openbsd.org <deraadt at openbsd.org>
> +Date:   Thu Aug 20 22:32:42 2015 +0000
> +
> +    upstream commit
> +    
> +    Do not cast result of malloc/calloc/realloc* if stdlib.h
> +     is in scope ok krw millert
> +    
> +    Upstream-ID: 5e50ded78cadf3841556649a16cc4b1cb6c58667
> +
> +commit 05291e5288704d1a98bacda269eb5a0153599146
> +Author: naddy at openbsd.org <naddy at openbsd.org>
> +Date:   Thu Aug 20 19:20:06 2015 +0000
> +
> +    upstream commit
> +    
> +    In the certificates section, be consistent about using
> +     "host_key" and "user_key" for the respective key
types.  ok sthen@ deraadt@
> +    
> +    Upstream-ID: 9e037ea3b15577b238604c5533e082a3947f13cb
> +
> +commit 8543d4ef6f2e9f98c3e6b77c894ceec30c5e4ae4
> +Author: djm at openbsd.org <djm at openbsd.org>
> +Date:   Wed Aug 19 23:21:42 2015 +0000
> +
> +    upstream commit
> +    
> +    Better compat matching for WinSCP, add compat matching
> +     for FuTTY (fork of PuTTY); ok markus@ deraadt@
> +    
> +    Upstream-ID: 24001d1ac115fa3260fbdc329a4b9aeb283c5389
> +
> +commit ec6eda16ebab771aa3dfc90629b41953b999cb1e
> +Author: djm at openbsd.org <djm at openbsd.org>
> +Date:   Wed Aug 19 23:19:01 2015 +0000
> +
> +    upstream commit
> +    
> +    fix double-free() in error path of DSA key generation
> +     reported by Mateusz Kocielski; ok markus@
> +    
> +    Upstream-ID: 4735d8f888b10599a935fa1b374787089116713c
> +
> +commit 45b0eb752c94954a6de046bfaaf129e518ad4b5b
> +Author: djm at openbsd.org <djm at openbsd.org>
> +Date:   Wed Aug 19 23:18:26 2015 +0000
> +
> +    upstream commit
> +    
> +    fix free() of uninitialised pointer reported by Mateusz
> +     Kocielski; ok markus@
> +    
> +    Upstream-ID: 519552b050618501a06b7b023de5cb104e2c5663
> +
> +commit c837643b93509a3ef538cb6624b678c5fe32ff79
> +Author: djm at openbsd.org <djm at openbsd.org>
> +Date:   Wed Aug 19 23:17:51 2015 +0000
> +
> +    upstream commit
> +    
> +    fixed unlink([uninitialised memory]) reported by Mateusz
> +     Kocielski; ok markus@
> +    
> +    Upstream-ID: 14a0c4e7d891f5a8dabc4b89d4f6b7c0d5a20109
> +
> +commit 1f8d3d629cd553031021068eb9c646a5f1e50994
> +Author: jmc at openbsd.org <jmc at openbsd.org>
> +Date:   Fri Aug 14 15:32:41 2015 +0000
> +
> +    upstream commit
> +    
> +    match myproposal.h order; from brian conway (i snuck in a
> +     tweak while here)
> +    
> +    ok dtucker
> +    
> +    Upstream-ID: 35174a19b5237ea36aa3798f042bf5933b772c67
> +
> +commit 1dc8d93ce69d6565747eb44446ed117187621b26
> +Author: deraadt at openbsd.org <deraadt at openbsd.org>
> +Date:   Thu Aug 6 14:53:21 2015 +0000
> +
> +    upstream commit
> +    
> +    add prohibit-password as a synonymn for without-password,
> +     since the without-password is causing too many questions.  Harden it
to ban
> +     all but pubkey, hostbased, and GSSAPI auth (when the latter is
enabled) from
> +     djm, ok markus
> +    
> +    Upstream-ID: d53317d7b28942153e6236d3fd6e12ceb482db7a
> +
> +commit 90a95a4745a531b62b81ce3b025e892bdc434de5
> +Author: Damien Miller <djm at mindrot.org>
> +Date:   Tue Aug 11 13:53:41 2015 +1000
> +
> +    update version in README
> +
> +commit 318c37743534b58124f1bab37a8a0087a3a9bd2f
> +Author: Damien Miller <djm at mindrot.org>
> +Date:   Tue Aug 11 13:53:09 2015 +1000
> +
> +    update versions in *.spec
> +
> +commit 5e75f5198769056089fb06c4d738ab0e5abc66f7
> +Author: Damien Miller <djm at mindrot.org>
> +Date:   Tue Aug 11 13:34:12 2015 +1000
> +
> +    set sshpam_ctxt to NULL after free
> +    
> +    Avoids use-after-free in monitor when privsep child is compromised.
> +    Reported by Moritz Jodeit; ok dtucker@
> +
> +commit d4697fe9a28dab7255c60433e4dd23cf7fce8a8b
> +Author: Damien Miller <djm at mindrot.org>
> +Date:   Tue Aug 11 13:33:24 2015 +1000
> +
> +    Don't resend username to PAM; it already has it.
> +    
> +    Pointed out by Moritz Jodeit; ok dtucker@
> +
> +commit 88763a6c893bf3dfe951ba9271bf09715e8d91ca
> +Author: Darren Tucker <dtucker at zip.com.au>
> +Date:   Mon Jul 27 12:14:25 2015 +1000
> +
> +    Import updated moduli file from OpenBSD.
> +
> +commit 55b263fb7cfeacb81aaf1c2036e0394c881637da
> +Author: Damien Miller <djm at mindrot.org>
> +Date:   Mon Aug 10 11:13:44 2015 +1000
> +
> +    let principals-command.sh work for noexec /var/run
> +
> +commit 2651e34cd11b1aac3a0fe23b86d8c2ff35c07897
> +Author: Damien Miller <djm at mindrot.org>
> +Date:   Thu Aug 6 11:43:42 2015 +1000
> +
> +    work around echo -n / sed behaviour in tests
> +
> +commit d85dad81778c1aa8106acd46930b25fdf0d15b2a
> +Author: djm at openbsd.org <djm at openbsd.org>
> +Date:   Wed Aug 5 05:27:33 2015 +0000
> +
> +    upstream commit
> +    
> +    adjust for RSA minimum modulus switch; ok deraadt@
> +    
> +    Upstream-Regress-ID: 5a72c83431b96224d583c573ca281cd3a3ebfdae
> +
> +commit 57e8e229bad5fe6056b5f1199665f5f7008192c6
> +Author: djm at openbsd.org <djm at openbsd.org>
> +Date:   Tue Aug 4 05:23:06 2015 +0000
> +
> +    upstream commit
> +    
> +    backout SSH_RSA_MINIMUM_MODULUS_SIZE increase for this
> +     release; problems spotted by sthen@ ok deraadt@ markus@
> +    
> +    Upstream-ID: d0bd60dde9e8c3cd7030007680371894c1499822
> +
> +commit f097d0ea1e0889ca0fa2e53a00214e43ab7fa22a
> +Author: djm at openbsd.org <djm at openbsd.org>
> +Date:   Sun Aug 2 09:56:42 2015 +0000
> +
> +    upstream commit
> +    
> +    openssh 7.0; ok deraadt@
> +    
> +    Upstream-ID: c63afdef537f57f28ae84145c5a8e29e9250221f
> +
> +commit 3d5728a0f6874ce4efb16913a12963595070f3a9
> +Author: chris at openbsd.org <chris at openbsd.org>
> +Date:   Fri Jul 31 15:38:09 2015 +0000
> +
> +    upstream commit
> +    
> +    Allow PermitRootLogin to be overridden by config
> +    
> +    ok markus@ deeradt@
> +    
> +    Upstream-ID: 5cf3e26ed702888de84e2dc9d0054ccf4d9125b4
> +
> +commit 6f941396b6835ad18018845f515b0c4fe20be21a
> +Author: djm at openbsd.org <djm at openbsd.org>
> +Date:   Thu Jul 30 23:09:15 2015 +0000
> +
> +    upstream commit
> +    
> +    fix pty permissions; patch from Nikolay Edigaryev; ok
> +     deraadt
> +    
> +    Upstream-ID: 40ff076d2878b916fbfd8e4f45dbe5bec019e550
> +
> +commit f4373ed1e8fbc7c8ce3fc4ea97d0ba2e0c1d7ef0
> +Author: deraadt at openbsd.org <deraadt at openbsd.org>
> +Date:   Thu Jul 30 19:23:02 2015 +0000
> +
> +    upstream commit
> +    
> +    change default: PermitRootLogin without-password matching
> +     install script changes coming as well ok djm markus
> +    
> +    Upstream-ID: 0e2a6c4441daf5498b47a61767382bead5eb8ea6
> +
> +commit 0c30ba91f87fcda7e975e6ff8a057f624e87ea1c
> +Author: Damien Miller <djm at mindrot.org>
> +Date:   Thu Jul 30 12:31:39 2015 +1000
> +
> +    downgrade OOM adjustment logging: verbose -> debug
> +
> +commit f9eca249d4961f28ae4b09186d7dc91de74b5895
> +Author: djm at openbsd.org <djm at openbsd.org>
> +Date:   Thu Jul 30 00:01:34 2015 +0000
> +
> +    upstream commit
> +    
> +    Allow ssh_config and sshd_config kex parameters options be
> +     prefixed by a '+' to indicate that the specified items be
appended to the
> +     default rather than replacing it.
> +    
> +    approach suggested by dtucker@, feedback dlg@, ok markus@
> +    
> +    Upstream-ID: 0f901137298fc17095d5756ff1561a7028e8882a
> +
> +commit 5cefe769105a2a2e3ca7479d28d9a325d5ef0163
> +Author: djm at openbsd.org <djm at openbsd.org>
> +Date:   Wed Jul 29 08:34:54 2015 +0000
> +
> +    upstream commit
> +    
> +    fix bug in previous; was printing incorrect string for
> +     failed host key algorithms negotiation
> +    
> +    Upstream-ID: 22c0dc6bc61930513065d92e11f0753adc4c6e6e
> +
> +commit f319912b0d0e1675b8bb051ed8213792c788bcb2
> +Author: djm at openbsd.org <djm at openbsd.org>
> +Date:   Wed Jul 29 04:43:06 2015 +0000
> +
> +    upstream commit
> +    
> +    include the peer's offer when logging a failure to
> +     negotiate a mutual set of algorithms (kex, pubkey, ciphers, etc.) ok
markus@
> +    
> +    Upstream-ID: bbb8caabf5c01790bb845f5ce135565248d7c796
> +
> +commit b6ea0e573042eb85d84defb19227c89eb74cf05a
> +Author: djm at openbsd.org <djm at openbsd.org>
> +Date:   Tue Jul 28 23:20:42 2015 +0000
> +
> +    upstream commit
> +    
> +    add Cisco to the list of clients that choke on the
> +     hostkeys update extension. Pointed out by Howard Kash
> +    
> +    Upstream-ID: c9eadde28ecec056c73d09ee10ba4570dfba7e84
> +
> +commit 3f628c7b537291c1019ce86af90756fb4e66d0fd
> +Author: guenther at openbsd.org <guenther at openbsd.org>
> +Date:   Mon Jul 27 16:29:23 2015 +0000
> +
> +    upstream commit
> +    
> +    Permit kbind(2) use in the sandbox now, to ease testing
> +     of ld.so work using it
> +    
> +    reminded by miod@, ok deraadt@
> +    
> +    Upstream-ID: 523922e4d1ba7a091e3824e77a8a3c818ee97413
> +
> +commit ebe27ebe520098bbc0fe58945a87ce8490121edb
> +Author: millert at openbsd.org <millert at openbsd.org>
> +Date:   Mon Jul 20 18:44:12 2015 +0000
> +
> +    upstream commit
> +    
> +    Move .Pp before .Bl, not after to quiet mandoc -Tlint.
> +     Noticed by jmc@
> +    
> +    Upstream-ID: 59fadbf8407cec4e6931e50c53cfa0214a848e23
> +
> +commit d5d91d0da819611167782c66ab629159169d94d4
> +Author: millert at openbsd.org <millert at openbsd.org>
> +Date:   Mon Jul 20 18:42:35 2015 +0000
> +
> +    upstream commit
> +    
> +    Sync usage with SYNOPSIS
> +    
> +    Upstream-ID: 7a321a170181a54f6450deabaccb6ef60cf3f0b7
> +
> +commit 79ec2142fbc68dd2ed9688608da355fc0b1ed743
> +Author: millert at openbsd.org <millert at openbsd.org>
> +Date:   Mon Jul 20 15:39:52 2015 +0000
> +
> +    upstream commit
> +    
> +    Better desciption of Unix domain socket forwarding.
> +     bz#2423; ok jmc@
> +    
> +    Upstream-ID: 85e28874726897e3f26ae50dfa2e8d2de683805d
> +
> +commit d56fd1828074a4031b18b8faa0bf949669eb18a0
> +Author: Damien Miller <djm at mindrot.org>
> +Date:   Mon Jul 20 11:19:51 2015 +1000
> +
> +    make realpath.c compile -Wsign-compare clean
> +
> +commit c63c9a691dca26bb7648827f5a13668832948929
> +Author: djm at openbsd.org <djm at openbsd.org>
> +Date:   Mon Jul 20 00:30:01 2015 +0000
> +
> +    upstream commit
> +    
> +    mention that the default of UseDNS=no implies that
> +     hostnames cannot be used for host matching in sshd_config and
> +     authorized_keys; bz#2045, ok dtucker@
> +    
> +    Upstream-ID: 0812705d5f2dfa59aab01f2764ee800b1741c4e1
> +
> +commit 63ebcd0005e9894fcd6871b7b80aeea1fec0ff76
> +Author: djm at openbsd.org <djm at openbsd.org>
> +Date:   Sat Jul 18 08:02:17 2015 +0000
> +
> +    upstream commit
> +    
> +    don't ignore PKCS#11 hosted keys that return empty
> +     CKA_ID; patch by Jakub Jelen via bz#2429; ok markus
> +    
> +    Upstream-ID: 2f7c94744eb0342f8ee8bf97b2351d4e00116485
> +
> +commit b15fd989c8c62074397160147a8d5bc34b3f3c63
> +Author: djm at openbsd.org <djm at openbsd.org>
> +Date:   Sat Jul 18 08:00:21 2015 +0000
> +
> +    upstream commit
> +    
> +    skip uninitialised PKCS#11 slots; patch from Jakub Jelen
> +     in bz#2427 ok markus@
> +    
> +    Upstream-ID: 744c1e7796e237ad32992d0d02148e8a18f27d29
> +
> +commit 5b64f85bb811246c59ebab70aed331f26ba37b18
> +Author: djm at openbsd.org <djm at openbsd.org>
> +Date:   Sat Jul 18 07:57:14 2015 +0000
> +
> +    upstream commit
> +    
> +    only query each keyboard-interactive device once per
> +     authentication request regardless of how many times it is listed; ok
markus@
> +    
> +    Upstream-ID: d73fafba6e86030436ff673656ec1f33d9ffeda1
> +
> +commit cd7324d0667794eb5c236d8a4e0f236251babc2d
> +Author: djm at openbsd.org <djm at openbsd.org>
> +Date:   Fri Jul 17 03:34:27 2015 +0000
> +
> +    upstream commit
> +    
> +    remove -u flag to diff (only used for error output) to make
> +     things easier for -portable
> +    
> +    Upstream-Regress-ID: a5d6777d2909540d87afec3039d9bb2414ade548
> +
> +commit deb8d99ecba70b67f4af7880b11ca8768df9ec3a
> +Author: djm at openbsd.org <djm at openbsd.org>
> +Date:   Fri Jul 17 03:09:19 2015 +0000
> +
> +    upstream commit
> +    
> +    direct-streamlocal at openssh.com Unix domain foward
> +     messages do not contain a "reserved for future use" field
and in fact,
> +     serverloop.c checks that there isn't one. Remove erroneous
mention from
> +     PROTOCOL description. bz#2421 from Daniel Black
> +    
> +    Upstream-ID: 3d51a19e64f72f764682f1b08f35a8aa810a43ac
> +
> +commit 356b61f365405b5257f5b2ab446e5d7bd33a7b52
> +Author: djm at openbsd.org <djm at openbsd.org>
> +Date:   Fri Jul 17 03:04:27 2015 +0000
> +
> +    upstream commit
> +    
> +    describe magic for setting up Unix domain socket fowards
> +     via the mux channel; bz#2422 patch from Daniel Black
> +    
> +    Upstream-ID: 943080fe3864715c423bdeb7c920bb30c4eee861
> +
> +commit d3e2aee41487d55b8d7d40f538b84ff1db7989bc
> +Author: Darren Tucker <dtucker at zip.com.au>
> +Date:   Fri Jul 17 12:52:34 2015 +1000
> +
> +    Check if realpath works on nonexistent files.
> +    
> +    On some platforms the native realpath doesn't work with
non-existent
> +    files (this is actually specified in some versions of POSIX), however
> +    the sftp spec says its realpath with "canonicalize any given path
name".
> +    On those platforms, use realpath from the compat library.
> +    
> +    In addition, when compiling with -DFORTIFY_SOURCE, glibc redefines
> +    the realpath symbol to the checked version, so redefine ours to
> +    something else so we pick up the compat version we want.
> +    
> +    bz#2428, ok djm@
> +
> +commit 25b14610dab655646a109db5ef8cb4c4bf2a48a0
> +Author: djm at openbsd.org <djm at openbsd.org>
> +Date:   Fri Jul 17 02:47:45 2015 +0000
> +
> +    upstream commit
> +    
> +    fix incorrect test for SSH1 keys when compiled without SSH1
> +     support
> +    
> +    Upstream-ID: 6004d720345b8e481c405e8ad05ce2271726e451
> +
> +commit df56a8035d429b2184ee94aaa7e580c1ff67f73a
> +Author: djm at openbsd.org <djm at openbsd.org>
> +Date:   Wed Jul 15 08:00:11 2015 +0000
> +
> +    upstream commit
> +    
> +    fix NULL-deref when SSH1 reenabled
> +    
> +    Upstream-ID: f22fd805288c92b3e9646782d15b48894b2d5295
> +
> +commit 41e38c4d49dd60908484e6703316651333f16b93
> +Author: djm at openbsd.org <djm at openbsd.org>
> +Date:   Wed Jul 15 07:19:50 2015 +0000
> +
> +    upstream commit
> +    
> +    regen RSA1 test keys; the last batch was missing their
> +     private parts
> +    
> +    Upstream-Regress-ID: 7ccf437305dd63ff0b48dd50c5fd0f4d4230c10a
> +
> +commit 5bf0933184cb622ca3f96d224bf3299fd2285acc
> +Author: markus at openbsd.org <markus at openbsd.org>
> +Date:   Fri Jul 10 06:23:25 2015 +0000
> +
> +    upstream commit
> +    
> +    Adapt tests, now that DSA if off by default; use
> +     PubkeyAcceptedKeyTypes and PubkeyAcceptedKeyTypes to test DSA.
> +    
> +    Upstream-Regress-ID: 0ff2a3ff5ac1ce5f92321d27aa07b98656efcc5c
> +
> +commit 7a6e3fd7b41dbd3756b6bf9acd67954c0b1564cc
> +Author: markus at openbsd.org <markus at openbsd.org>
> +Date:   Tue Jul 7 14:54:16 2015 +0000
> +
> +    upstream commit
> +    
> +    regen test data after mktestdata.sh changes
> +    
> +    Upstream-Regress-ID: 3495ecb082b9a7c048a2d7c5c845d3bf181d25a4
> +
> +commit 7c8c174c69f681d4910fa41c37646763692b28e2
> +Author: markus at openbsd.org <markus at openbsd.org>
> +Date:   Tue Jul 7 14:53:30 2015 +0000
> +
> +    upstream commit
> +    
> +    adapt tests to new minimum RSA size and default FP format
> +    
> +    Upstream-Regress-ID: a4b30afd174ce82b96df14eb49fb0b81398ffd0e
> +
> +commit 6a977a4b68747ade189e43d302f33403fd4a47ac
> +Author: djm at openbsd.org <djm at openbsd.org>
> +Date:   Fri Jul 3 04:39:23 2015 +0000
> +
> +    upstream commit
> +    
> +    legacy v00 certificates are gone; adapt and don't try to
> +     test them; "sure" markus@ dtucker@
> +    
> +    Upstream-Regress-ID: c57321e69b3cd4a3b3396dfcc43f0803d047da12
> +
> +commit 0c4123ad5e93fb90fee9c6635b13a6cdabaac385
> +Author: djm at openbsd.org <djm at openbsd.org>
> +Date:   Wed Jul 1 23:11:18 2015 +0000
> +
> +    upstream commit
> +    
> +    don't expect SSH v.1 in unittests
> +    
> +    Upstream-Regress-ID: f8812b16668ba78e6a698646b2a652b90b653397
> +
> +commit 3c099845798a817cdde513c39074ec2063781f18
> +Author: djm at openbsd.org <djm at openbsd.org>
> +Date:   Mon Jun 15 06:38:50 2015 +0000
> +
> +    upstream commit
> +    
> +    turn SSH1 back on to match src/usr.bin/ssh being tested
> +    
> +    Upstream-Regress-ID: 6c4f763a2f0cc6893bf33983919e9030ae638333
> +
> +commit b1dc2b33689668c75e95f873a42d5aea1f4af1db
> +Author: dtucker at openbsd.org <dtucker at openbsd.org>
> +Date:   Mon Jul 13 04:57:14 2015 +0000
> +
> +    upstream commit
> +    
> +    Add "PuTTY_Local:" to the clients to which we do not
> +     offer DH-GEX. This was the string that was used for development
versions
> +     prior to September 2014 and they don't do RFC4419 DH-GEX, but
unfortunately
> +     there are some extant products based on those versions.  bx2424 from
Jay
> +     Rouman, ok markus@ djm@
> +    
> +    Upstream-ID: be34d41e18b966832fe09ca243d275b81882e1d5
> +
> +commit 3a1638dda19bbc73d0ae02b4c251ce08e564b4b9
> +Author: markus at openbsd.org <markus at openbsd.org>
> +Date:   Fri Jul 10 06:21:53 2015 +0000
> +
> +    upstream commit
> +    
> +    Turn off DSA by default; add HostKeyAlgorithms to the
> +     server and PubkeyAcceptedKeyTypes to the client side, so it still can
be
> +     tested or turned back on; feedback and ok djm@
> +    
> +    Upstream-ID: 8450a9e6d83f80c9bfed864ff061dfc9323cec21
> +
> +commit 16db0a7ee9a87945cc594d13863cfcb86038db59
> +Author: markus at openbsd.org <markus at openbsd.org>
> +Date:   Thu Jul 9 09:49:46 2015 +0000
> +
> +    upstream commit
> +    
> +    re-enable ed25519-certs if compiled w/o openssl; ok djm
> +    
> +    Upstream-ID: e10c90808b001fd2c7a93778418e9b318f5c4c49
> +
> +commit c355bf306ac33de6545ce9dac22b84a194601e2f
> +Author: markus at openbsd.org <markus at openbsd.org>
> +Date:   Wed Jul 8 20:24:02 2015 +0000
> +
> +    upstream commit
> +    
> +    no need to include the old buffer/key API
> +    
> +    Upstream-ID: fb13c9f7c0bba2545f3eb0a0e69cb0030819f52b
> +
> +commit a3cc48cdf9853f1e832d78cb29bedfab7adce1ee
> +Author: markus at openbsd.org <markus at openbsd.org>
> +Date:   Wed Jul 8 19:09:25 2015 +0000
> +
> +    upstream commit
> +    
> +    typedefs for Cipher&CipherContext are unused
> +    
> +    Upstream-ID: 50e6a18ee92221d23ad173a96d5b6c42207cf9a7
> +
> +commit a635bd06b5c427a57c3ae760d3a2730bb2c863c0
> +Author: markus at openbsd.org <markus at openbsd.org>
> +Date:   Wed Jul 8 19:04:21 2015 +0000
> +
> +    upstream commit
> +    
> +    xmalloc.h is unused
> +    
> +    Upstream-ID: afb532355b7fa7135a60d944ca1e644d1d63cb58
> +
> +commit 2521cf0e36c7f3f6b19f206da0af134f535e4a31
> +Author: markus at openbsd.org <markus at openbsd.org>
> +Date:   Wed Jul 8 19:01:15 2015 +0000
> +
> +    upstream commit
> +    
> +    compress.c is gone
> +    
> +    Upstream-ID: 174fa7faa9b9643cba06164b5e498591356fbced
> +
> +commit c65a7aa6c43aa7a308ee1ab8a96f216169ae9615
> +Author: djm at openbsd.org <djm at openbsd.org>
> +Date:   Fri Jul 3 04:05:54 2015 +0000
> +
> +    upstream commit
> +    
> +    another SSH_RSA_MINIMUM_MODULUS_SIZE that needed
> +     cranking
> +    
> +    Upstream-ID: 9d8826cafe96aab4ae8e2f6fd22800874b7ffef1
> +
> +commit b1f383da5cd3cb921fc7776f17a14f44b8a31757
> +Author: djm at openbsd.org <djm at openbsd.org>
> +Date:   Fri Jul 3 03:56:25 2015 +0000
> +
> +    upstream commit
> +    
> +    add an XXX reminder for getting correct key paths from
> +     sshd_config
> +    
> +    Upstream-ID: feae52b209d7782ad742df04a4260e9fe41741db
> +
> +commit 933935ce8d093996c34d7efa4d59113163080680
> +Author: djm at openbsd.org <djm at openbsd.org>
> +Date:   Fri Jul 3 03:49:45 2015 +0000
> +
> +    upstream commit
> +    
> +    refuse to generate or accept RSA keys smaller than 1024
> +     bits; feedback and ok dtucker@
> +    
> +    Upstream-ID: 7ea3d31271366ba264f06e34a3539bf1ac30f0ba
> +
> +commit bdfd29f60b74f3e678297269dc6247a5699583c1
> +Author: djm at openbsd.org <djm at openbsd.org>
> +Date:   Fri Jul 3 03:47:00 2015 +0000
> +
> +    upstream commit
> +    
> +    turn off 1024 bit diffie-hellman-group1-sha1 key
> +     exchange method (already off in server, this turns it off in the
client by
> +     default too) ok dtucker@
> +    
> +    Upstream-ID: f59b88f449210ab7acf7d9d88f20f1daee97a4fa
> +
> +commit c28fc62d789d860c75e23a9fa9fb250eb2beca57
> +Author: djm at openbsd.org <djm at openbsd.org>
> +Date:   Fri Jul 3 03:43:18 2015 +0000
> +
> +    upstream commit
> +    
> +    delete support for legacy v00 certificates; "sure"
> +     markus@ dtucker@
> +    
> +    Upstream-ID: b5b9bb5f9202d09e88f912989d74928601b6636f
> +
> +commit 564d63e1b4a9637a209d42a9d49646781fc9caef
> +Author: djm at openbsd.org <djm at openbsd.org>
> +Date:   Wed Jul 1 23:10:47 2015 +0000
> +
> +    upstream commit
> +    
> +    Compile-time disable SSH v.1 again
> +    
> +    Upstream-ID: 1d4b513a3a06232f02650b73bad25100d1b800af
> +
> +commit 868109b650504dd9bcccdb1f51d0906f967c20ff
> +Author: djm at openbsd.org <djm at openbsd.org>
> +Date:   Wed Jul 1 02:39:06 2015 +0000
> +
> +    upstream commit
> +    
> +    twiddle PermitRootLogin back
> +    
> +    Upstream-ID: 2bd23976305d0512e9f84d054e1fc23cd70b89f2
> +
> +commit 7de4b03a6e4071d454b72927ffaf52949fa34545
> +Author: djm at openbsd.org <djm at openbsd.org>
> +Date:   Wed Jul 1 02:32:17 2015 +0000
> +
> +    upstream commit
> +    
> +    twiddle; (this commit marks the openssh-6.9 release)
> +    
> +    Upstream-ID: 78500582819f61dd8adee36ec5cc9b9ac9351234
> +
> +commit 1bf477d3cdf1a864646d59820878783d42357a1d
> +Author: djm at openbsd.org <djm at openbsd.org>
> +Date:   Wed Jul 1 02:26:31 2015 +0000
> +
> +    upstream commit
> +    
> +    better refuse ForwardX11Trusted=no connections attempted
> +     after ForwardX11Timeout expires; reported by Jann Horn
> +    
> +    Upstream-ID: bf0fddadc1b46a0334e26c080038313b4b6dea21
> +
> +commit 47aa7a0f8551b471fcae0447c1d78464f6dba869
> +Author: djm at openbsd.org <djm at openbsd.org>
> +Date:   Wed Jul 1 01:56:13 2015 +0000
> +
> +    upstream commit
> +    
> +    put back default PermitRootLogin=no
> +    
> +    Upstream-ID: 7bdedd5cead99c57ed5571f3b6b7840922d5f728
> +
> +commit 984b064fe2a23733733262f88d2e1b2a1a501662
> +Author: djm at openbsd.org <djm at openbsd.org>
> +Date:   Wed Jul 1 01:55:13 2015 +0000
> +
> +    upstream commit
> +    
> +    openssh-6.9
> +    
> +    Upstream-ID: 6cfe8e1904812531080e6ab6e752d7001b5b2d45
> +
> +commit d921082ed670f516652eeba50705e1e9f6325346
> +Author: djm at openbsd.org <djm at openbsd.org>
> +Date:   Wed Jul 1 01:55:00 2015 +0000
> +
> +    upstream commit
> +    
> +    reset default PermitRootLogin to 'yes' (momentarily, for
> +     release)
> +    
> +    Upstream-ID: cad8513527066e65dd7a1c16363d6903e8cefa24
> +
> +commit 66295e0e1ba860e527f191b6325d2d77dec4dbce
> +Author: Damien Miller <djm at mindrot.org>
> +Date:   Wed Jul 1 11:49:12 2015 +1000
> +
> +    crank version numbers for release
> +
> +commit 37035c07d4f26bb1fbe000d2acf78efdb008681d
> +Author: Damien Miller <djm at mindrot.org>
> +Date:   Wed Jul 1 10:49:37 2015 +1000
> +
> +    s/--with-ssh1/--without-ssh1/
> +
> +commit 629df770dbadc2accfbe1c81b3f31f876d0acd84
> +Author: djm at openbsd.org <djm at openbsd.org>
> +Date:   Tue Jun 30 05:25:07 2015 +0000
> +
> +    upstream commit
> +    
> +    fatal() when a remote window update causes the window
> +     value to overflow. Reported by Georg Wicherski, ok markus@
> +    
> +    Upstream-ID: ead397a9aceb3bf74ebfa5fcaf259d72e569f351
> +
> +commit f715afebe735d61df3fd30ad72d9ac1c8bd3b5f2
> +Author: djm at openbsd.org <djm at openbsd.org>
> 
> *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
> _______________________________________________
> svn-src-stable-10 at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/svn-src-stable-10
> To unsubscribe, send any mail to "svn-src-stable-10-unsubscribe at
freebsd.org"
> 
> 

-- 
-------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mike at sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada   http://www.tancsa.com/

Dag-Erling Smørgrav

2016-Mar-03 06:46 UTC

head link

svn commit: r295367 - in stable/10: crypto/openssh crypto/openssh/contrib crypto/openssh/contrib/caldera crypto/openssh/contrib/cygwin crypto/openssh/contrib/redhat crypto/openssh/contrib/suse cryp...

Mike Tancsa <mike at sentex.net> writes:> I noticed on a server that I updated on Friday that incorporates
> r295367, some lightweight clients that were using aes128-cbc are now
> failing to connect.  Is this a planned change ? If so, perhaps a heads
> up in UPDATING ?
Please file a bug and send me the number.  I will make sure this change
is reverted in 10, and we can discuss whether to keep it in 11.

DES
-- 
Dag-Erling Sm?rgrav - des at des.no

freebsd stable - Feb 2016 - svn commit: r295367 - in stable/10: crypto/openssh crypto/openssh/contrib crypto/openssh/contrib/caldera crypto/openssh/contrib/cygwin crypto/openssh/contrib/redhat crypto/openssh/contrib/suse cryp...

svn commit: r295367 - in stable/10: crypto/openssh crypto/openssh/contrib crypto/openssh/contrib/caldera crypto/openssh/contrib/cygwin crypto/openssh/contrib/redhat crypto/openssh/contrib/suse cryp...

svn commit: r295367 - in stable/10: crypto/openssh crypto/openssh/contrib crypto/openssh/contrib/caldera crypto/openssh/contrib/cygwin crypto/openssh/contrib/redhat crypto/openssh/contrib/suse cryp...