commit 9795c4016ae35162072144df032c8b262433b462
Author: Damien Miller <djm@mindrot.org>
Date:   Wed Jul 19 16:27:12 2023 +1000

    OpenSSH 9.3p2

commit bde3635f3c9324bad132cf9ed917813d6abb599e
Author: Damien Miller <djm@mindrot.org>
Date:   Wed Jul 19 16:31:09 2023 +1000

    update version in README

commit f673f2f3e5f67099018fc281a6b5fb918142472e
Author: Damien Miller <djm@mindrot.org>
Date:   Wed Jul 19 16:31:00 2023 +1000

    update RPM spec versions

commit d7790cdce72a1b6982795baa2b4d6f0bdbb0100d
Author: Damien Miller <djm@mindrot.org>
Date:   Fri Jul 7 13:30:15 2023 +1000

    disallow remote addition of FIDO/PKCS11 keys
    
    Depends on the local client performing the session-bind@openssh.com
    operation, so non-OpenSSH local client may circumvent this.

commit b23fe83f06ee7e721033769cfa03ae840476d280
Author: Damien Miller <djm@mindrot.org>
Date:   Thu Jul 13 12:09:34 2023 +1000

    terminate pkcs11 process for bad libraries

commit cb30fbdbee869f1ce11f06aa97e1cb8717a0b645
Author: Damien Miller <djm@mindrot.org>
Date:   Thu Mar 16 08:28:19 2023 +1100

    depend

commit 1dba63eb10c40b6fda9f5012ed6ae87e2d3d028e
Author: Damien Miller <djm@mindrot.org>
Date:   Thu Mar 16 08:27:54 2023 +1100

    crank version

commit ba7532d0dac9aaf0ad7270664c43837fc9f64a5f
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Wed Mar 15 21:19:57 2023 +0000

    upstream: openssh-9.3
    
    OpenBSD-Commit-ID: 8011495f2449c1029bb316bd015eab2e00509848

commit 6fd4daafb949b66bf555f3100f715a9ec64c3390
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Tue Mar 14 07:28:47 2023 +0000

    upstream: Free KRL ptr in addition to its contents.
    
    From Coverity CID 291841, ok djm@
    
    OpenBSD-Commit-ID: f146ba08b1b43af4e0d7ad8c4dae3748b4fa31b6

commit 1d270bd303afaf6d94e9098cbbf18e5e539e2088
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Tue Mar 14 07:26:25 2023 +0000

    upstream: Check pointer for NULL before deref.
    
    None of the existing callers seem to do that, but it's worth checking.
    From Coverity CID 291834, ok djm@
    
    OpenBSD-Commit-ID: a0a97113f192a7cb1a2c97b932f677f573cda7a4

commit d95af508e78c0cd3dce56b83853baaa59ae295cf
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Sun Mar 12 10:40:39 2023 +0000

    upstream: Limit number of entries in SSH2_MSG_EXT_INFO
    
    request. This is already constrained by the maximum SSH packet size but this
    makes it explicit.  Prompted by Coverity CID 291868, ok djm@ markus@
    
    OpenBSD-Commit-ID: aea023819aa44a2dcb9dd0fbec10561896fc3a09

commit 8f287ba60d342b3e2f750e7332d2131e3ec7ecd0
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Sun Mar 12 09:41:18 2023 +0000

    upstream: calloc can return NULL but xcalloc can't.
    
    From Coverity CID 291881, ok djm@
    
    OpenBSD-Commit-ID: 50204b755f66b2ec7ac3cfe379d07d85ca161d2b

commit 83a56a49fd50f4acf900f934279482e4ef329715
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Fri Mar 10 07:17:08 2023 +0000

    upstream: Explicitly ignore return from fcntl
    
    (... FD_CLOEXEC) here too.  Coverity CID 291853.
    
    OpenBSD-Commit-ID: 99d8b3da9d0be1d07ca8dd8e98800a890349e9b5

commit 0fda9d704d3bbf54a5e64ce02a6fecb11fe7f047
Author: Damien Miller <djm@mindrot.org>
Date:   Fri Mar 10 15:59:46 2023 +1100

    bounds checking for getrrsetbyname() replacement;
    
    Spotted by Coverity in CID 405033; ok millert@

commit 89b8df518f21677045599df0ad3e5dd0f39909b5
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Fri Mar 10 04:06:21 2023 +0000

    upstream: Plug mem leak on error path. Coverity CID 405026, ok djm@.
    
    OpenBSD-Commit-ID: 8212ca05d01966fb5e72205c592b2257708a2aac

commit bf4dae0ad192c3e2f03f7223834b00d88ace3d3e
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Fri Mar 10 14:46:57 2023 +1100

    Add prototypes for mkstemp replacements.
    
    Should prevent warnings due to our wrapper function.

commit 4e04d68d6a33cdc73b831fd4b5e6124175555d3d
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Fri Mar 10 03:01:51 2023 +0000

    upstream: Expliticly ignore return code from fcntl(.. FD_CLOEXEC) since
    
    there's not much we can do anyway.  From Coverity CID 291857, ok djm@
    
    OpenBSD-Commit-ID: 051429dd07af8db3fec10d82cdc78d90bb051729

commit d6d38fd77cbe091c59e1bb720c3a494df4990640
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Mar 10 02:32:04 2023 +0000

    upstream: Like sshd_config, some ssh_config options are not
    
    first-match-wins. sshd_config.5 was fixed in r1.348, this is the same for
    this file
    
    OpenBSD-Commit-ID: 7be55b9351cde449b136afcc52d07aa4113b215e

commit 7187d3f86bf8f2066cc9941f217d23b0cacae25e
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Fri Mar 10 02:24:56 2023 +0000

    upstream: Remove no-op (int) > INT_MAX checks
    
    since they can never be true. From Coverity CID 405031, ok djm@
    
    OpenBSD-Commit-ID: 9df3783b181e056595e2bb9edf7ed41d61cf8e84

commit 77adde4305542ebe3005dd456122624fe2347b01
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Fri Mar 10 13:27:29 2023 +1100

    Wrap mkstemp calls with umask set/restore.
    
    glibc versions 2.06 and earlier did not set a umask on files created by
    mkstemp created the world-writable.  Wrap mkstemp to set and restore
    the umask.  From Coverity (CIDs 291826 291886 291891), ok djm@

commit 633d3dc2a1e9e2a013d019a0576a0771c8423713
Author: jcs@openbsd.org <jcs@openbsd.org>
Date:   Thu Mar 9 21:06:24 2023 +0000

    upstream: modify parentheses in conditionals to make it clearer what is
    
    being assigned and what is being checked
    
    ok djm dtucker
    
    OpenBSD-Commit-ID: 19c10baa46ae559474409f75a5cb3d0eade7a9b8

commit 733030840c4772f858de95d5940ec0c37663e8b0
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Thu Mar 9 07:11:05 2023 +0000

    upstream: Re-split the merge of the reorder-hostkeys test.
    
    In the kex_proposal_populate_entries change I merged the the check for
    reordering hostkeys with the actual reordering, but kex_assemble_names
    mutates options.hostkeyalgorithms which renders the check ineffective.
    Put the check back where it was.  Spotted and tested by jsg@, ok djm@
    
    OpenBSD-Commit-ID: a7469f25a738db5567395d1881e32479a7ffc9de

commit 54ac4ab2b53ce9fcb66b8250dee91c070e4167ed
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Thu Mar 9 06:58:26 2023 +0000

    upstream: include destination constraints for smartcard keys too.
    
    Spotted by Luci Stanescu; ok deraadt@ markus@
    
    OpenBSD-Commit-ID: add879fac6903a1cb1d1e42c4309e5359c3d870f

commit bfd1ad01d974a316b60622759ad17537fa2d92b4
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Thu Mar 9 18:24:54 2023 +1100

    Limit the number of PAM environment variables.
    
    xcalloc has its own limits, but these are specific to PAM.  From
    Coverity CID 405198, ok djm@

commit a231414970e01a35f45a295d5f93698fa1249b28
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Thu Mar 9 18:19:44 2023 +1100

    Limit the number of PAM environment variables.
    
    From Coverity CID 405194, tweaks and ok djm@

commit 36c6c3eff5e4a669ff414b9daf85f919666e8e03
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Wed Mar 8 06:21:32 2023 +0000

    upstream: Plug mem leak. Coverity CID 405196, ok djm@
    
    OpenBSD-Commit-ID: 175f09349387c292f626da68f65f334faaa085f2

commit dfb9b736e1ccf9e6b03eea21cd961f4fd0634c98
Author: tb@openbsd.org <tb@openbsd.org>
Date:   Wed Mar 8 05:33:53 2023 +0000

    upstream: ssh-pkcs11: synchronize error messages with errors
    
    A handful of error messages contained incorrect function names or
    otherwise inaccurate descriptions. Fix them to match reality.
    
    input/ok djm
    
    OpenBSD-Commit-ID: 165a15db52f75b31e1804b043480c36af09f3411

commit 51875897b81b5c21b80c256a29597916edbde454
Author: guenther@openbsd.org <guenther@openbsd.org>
Date:   Wed Mar 8 04:43:12 2023 +0000

    upstream: Delete obsolete /* ARGSUSED */ lint comments.
    
    ok miod@ millert@
    
    OpenBSD-Commit-ID: 7be168a570264d59e96a7d2d22e927d45fee0e4c

commit a76085bda883c2104afb33ab0334eca190927362
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Wed Mar 8 17:25:37 2023 +1100

    Extra brackets to prevent warning.

commit 147ae57d4dfa0508109f93b78a7d8b92819e1f83
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Wed Mar 8 00:05:58 2023 +0000

    upstream: use RSA/SHA256 when testing usability of private key in
    
    agent; with/ok dtucker
    
    OpenBSD-Commit-ID: fe1382e2fdf23fcae631308e72342bad56066a56

commit 27fd251bc906a763e70ce0f27c8abdf8bbd1e416
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Wed Mar 8 00:05:37 2023 +0000

    upstream: use RSA/SHA256 when testing usability of private key;
    
    based on fix in bz3546 by Dmitry Belyavskiy; with/ok dtucker
    
    OpenBSD-Commit-ID: 0ef414cc363a832f9fab92a5da0234448bce2eba

commit eee9f3fc3d52ae7d2106929bb06b7f291fb0b81a
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Tue Mar 7 21:47:42 2023 +0000

    upstream: refactor to be more readable top to bottom. Prompted by
    
    Coverity CID 405048 which was a false-positive fd leak; ok dtucker@
    
    OpenBSD-Commit-ID: fc55ec2af622a017defb9b768bf26faefc792c00

commit 42a06b29a4c99272bf690f9b3be520b08b448dc5
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Tue Mar 7 18:34:41 2023 +1100

    Add header changes missed in previous.

commit 4710077096edff2e6926dd5b15bf586491d317db
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Tue Mar 7 06:09:14 2023 +0000

    upstream: Fix mem leak in environment setup.
    
    From jjelen at redhat.com via bz#2687, ok djm@
    
    OpenBSD-Commit-ID: 9f9e4ba3cac003e6f81da3bcebd1b9ec43e7f353

commit 03acc50d0ccb78fc91d1570de1cd0fdfea646028
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Mon Mar 6 12:15:47 2023 +0000

    upstream: Unit test for kex_proposal_populate_entries.
    
    OpenBSD-Regress-ID: bdb211d80d572a08bf14b49fe2a58b9ff265c006

commit 3f9231c2e1f374ebb08016ba00ea97b47c0ed20b
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Tue Mar 7 05:37:26 2023 +0000

    upstream: fix memory leak in process_read() path; Spotted by James
    
    Robinson in GHPR363; ok markus@
    
    OpenBSD-Commit-ID: cdc2d98e6478b7e7f3a36976845adae3820429d8

commit c5e6e890839ec520ab9301a92cba56303749dea2
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Tue Mar 7 01:30:52 2023 +0000

    upstream: correct size for array argument when changing
    
    UMAC_OUTPUT_LEN Coverity CID 291845; ok dtucker@
    
    OpenBSD-Commit-ID: 2eb017d10705bb623d4418691f961c930eafaec0

commit 9641753e0fd146204d57b2a4165f552a81afade4
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Mon Mar 6 12:14:48 2023 +0000

    upstream: Refactor creation of KEX proposal.
    
    This adds kex_proposal_populate_entries (and corresponding free) which
    populates the KEX proposal array with dynamically allocated strings.
    This replaces the previous mix of static and dynamic that has been the
    source of previous leaks and bugs.  Remove unused compat functions.
    With & ok djm@.
    
    OpenBSD-Commit-ID: f2f99da4aae2233cb18bf9c749320c5e040a9c7b

commit aa59d6a489fb20973fa461d0fdb1110db412947b
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Sun Mar 5 09:24:35 2023 +0000

    upstream: Fix mem and FILE leaks in moduli screening.
    
    If multiple -Ocheckpoint= options are passed, the earlier ones would
    be overwritten and leaked.  If we use an input file that wasn't stdin,
    close that.  From Coverity CIDs 291884 and 291894.
    
    OpenBSD-Commit-ID: a4d9d15f572926f841788912e2b282485ad09e8b

commit 23b8cb41767af99a1aac24589d1882d9c8c2c205
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Sun Mar 5 08:18:58 2023 +0000

    upstream: Plug mem leak in moduli checkpoint option parsing.
    
    From Coverity CID 291894.
    
    OpenBSD-Commit-ID: 9b1aba2d049741ae21c8dc4560a7e29ab17310f4

commit fc7f8f2188d4a4fc8ba77eddbe863c7665666db5
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Sun Mar 5 05:34:09 2023 +0000

    upstream: Remove unused compat.h includes.
    
    We've previously removed a lot of the really old compatibility code,
    and with it went the need to include compat.h in most of the files that
    have it.
    
    OpenBSD-Commit-ID: 5af8baa194be00a3092d17598e88a5b29f7ea2b4

commit 6c165c36246d8004c20e1df5cec4961a5ac422d6
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Sat Mar 4 03:22:59 2023 +0000

    upstream: Use time_t for x11 timeout.
    
    Use time_t instead of u_int for remaining x11 timeout checks for 64bit
    time_t safety.  From Coverity CIDs 405197 and 405028, ok djm@
    
    OpenBSD-Commit-ID: 356685bfa1fc3d81bd95722d3fc47101cc1a4972

commit 4a3918f51bd2d968387e7aa87e33b32c78077fb4
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Fri Mar 3 10:23:42 2023 +0000

    upstream: Ensure ms_remain is always initialized
    
    similar to what we do in ssh_packet_write_wait.  bz#2687, from jjelen
    at redhat.com.
    
    OpenBSD-Commit-ID: a50e0541cf823f8d1c72f71ccde925d3dbe6dfac

commit e44846a4487d2885ac7f2610be09b1e2bf52249b
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Fri Mar 3 09:48:51 2023 +0000

    upstream: Check for non-NULL before string
    
    comparison. From jjelen at redhat.com via bz#2687.
    
    OpenBSD-Commit-ID: 0d9b2e0cac88a311b5766b1aef737082583c285f

commit 1842d523fae63b862ce8e60725c9b606cddb86a6
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Mar 3 05:00:34 2023 +0000

    upstream: guard against getsockname(-1, ...) from Coverity CID
    
    291832
    
    OpenBSD-Commit-ID: e58d5227327917d189229b7f0b37d2780f360d5f

commit 78571a5fe9847d40d7f220c92b707574ae9ec4ce
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Mar 3 04:36:20 2023 +0000

    upstream: some options are not first-match-wins. Mention that there
    
    are exceptions at the start of the manpage and label some of them in the
    option description.
    
    OpenBSD-Commit-ID: 3b74728446fa6fc8742769eeb8c3674e233e84c4

commit d1c1b3272e8895a96c4f5889bd6e07a8525bd9f1
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Mar 3 04:34:49 2023 +0000

    upstream: actually print "channeltimeout none" in config dump mode;
    
    spotted via Coverity CID 405022
    
    OpenBSD-Commit-ID: b074b52bf138b75f08264e8da15880b29c7a630f

commit 8bf61e95610b48192d4e1720cc15d9004617301d
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Fri Mar 3 14:50:03 2023 +1100

    Add Coverity badges.

commit 93291bd723959adf462b1df958106cf07a7734dd
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Fri Mar 3 03:12:24 2023 +0000

    upstream: Check return values of dup2. Spotted by Coverity, ok djm@
    
    OpenBSD-Commit-ID: 19fb1b53072826d00c67df677731d2f6c1dd602b

commit e37261dff33af23f37202cfce0848d36f5c1055c
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Fri Mar 3 02:37:58 2023 +0000

    upstream: Use time_t for x11_refuse_time timeout. We need
    
    SSH_TIME_T_MAX for this, so move from misc.c to misc.h so it's available.
    Fixes a Coverity warning for 64bit time_t safety, ok djm@
    
    OpenBSD-Commit-ID: c69c4c3152cdaab953706db4ccf4d5fd682f7d8d

commit 32755a98c29114b13f4c9d47454bbb265b932ad7
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Fri Mar 3 02:34:29 2023 +0000

    upstream: Check return value from fctnl and warn on failure.
    
    Spotted by Coverity, ok djm@
    
    OpenBSD-Commit-ID: 2097c7db3cf657f1e3a6c5077041bacc63143cab

commit 5fc60e8246c36b8255f72a937ebe9787b39648c6
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Thu Mar 2 11:10:27 2023 +0000

    upstream: Remove SUDO in proxy command wrapper. Anything that needs
    
    sudo is already run by it, and it breaks if root isn't in sudoers.
    
    OpenBSD-Regress-ID: 6cf22fda32a89c16915f31a6ed9bbdbef2a3bac9

commit 0d514659b23a257247491179cfbb53a6dd64e164
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Thu Mar 2 08:24:41 2023 +0000

    upstream: Fix breakage on dhgex test.
    
    This was due to the sshd logs being written to the wrong log file.
    While there, make save_debug_logs less verbose, write the name of the
    tarball to regress.log and use $SUDO to remove the old symlinks (which
    shouldn't be needed, but won't hurt).  Initial problem spotted by anton@.
    
    OpenBSD-Regress-ID: 9c44fb9cd418e6ff31165e7a6c1f9f11a6d19f5b

commit 860201201d4ae655702807966901682cff30a171
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Thu Mar 2 08:14:52 2023 +0000

    upstream: Quote grep and log message better.
    
    OpenBSD-Regress-ID: 3823d9063127169736aa274b1784cb28e15b64d4

commit 03a03c6002525f5ad9c8fc874a5d5826a35d9858
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Thu Mar 2 06:41:56 2023 +0000

    upstream: Always call fclose on checkpoints.
    
    In the case of an fprintf failure we would not call fclose which would
    leak the FILE pointer.  While we're there, try to clean up the temp file
    on failure.  Spotted by Coverity, ok djm@
    
    OpenBSD-Commit-ID: 73c7ccc5d4fcc235f54c6b20767a2815408525ef

commit 13fe8f9785e6d90400ce548939a0b0ddc11fcb3c
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Wed Mar 1 21:54:50 2023 +0000

    upstream: Remove old log symlinks
    
    before creating new ones. In -portable some platforms don't like
    overwriting existing symlinks.
    
    OpenBSD-Regress-ID: 7e7ddc0beb73e945e1c4c58d51c8a125b518120f

commit 131fcbcaffd1e3bcf5ab766ec497b5d768955310
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Wed Mar 1 23:23:02 2023 +1100

    Adjust test jobs for new log directory.

commit a6f4ac8a2baf77e5361cfa017d0dc250d1409bec
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Wed Mar 1 09:29:32 2023 +0000

    upstream: Rework logging for the regression tests.
    
    Previously we would log to ssh.log and sshd.log, but that is insufficient
    for tests that have more than one concurent ssh/sshd.
    
    Instead, we'll log to separate datestamped files in a $OBJ/log/ and
    leave a symlink at the previous location pointing at the most recent
    instance with an entry in regress.log showing which files were created
    at each point.  This should be sufficient to reconstruct what happened
    even for tests that use multiple instances of each program.  If the test
    fails, tar up all of the logs for later analysis.
    
    This will let us also capture the output from some of the other tools
    which was previously sent to /dev/null although most of those will be
    in future commits.
    
    OpenBSD-Regress-ID: f802aa9e7fa51d1a01225c05fb0412d015c33e24

commit 8ead62ed5e86c7df597d8604f332f49cd1527b85
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Tue Feb 28 21:31:50 2023 +0000

    upstream: fatal out if allocating banner string fails to avoid
    
    potential null deref later in sscanf.  Spotted by Coverity, ok deraadt@
    
    OpenBSD-Commit-ID: 74e8d228ac00552e96e9e968dfcccf8dd1f46ad5

commit 44ca56ba0b3f531f1d85730cc701097cd49e6868
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Tue Feb 28 08:45:24 2023 +0000

    upstream: Explicitly ignore return from fchmod
    
    similar to other calls to prevent warning.
    
    OpenBSD-Commit-ID: fdc5287dcee0860b5a493186414226c655b0eb0a

commit 803392933a3a6f09f834aa5f0c2aab06a3b382f4
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Mon Feb 27 22:12:40 2023 +0000

    upstream: Plug mem leak on globbed ls error path.
    
     Spotted by Coverity, ok deraadt@
    
    OpenBSD-Commit-ID: de28476025db29820a9a2e56e98b964d8a02861c

commit aa33b4d396abf47a2a45f982f28d054fb1dcb5c3
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Mon Feb 27 21:04:22 2023 +1100

    Cast time_t's in debug output to long long.
    
    Should fix Coverity warning about truncation of 64bit time_t.

commit b0fd60a9de62a03189ad57d0c07f0ac51dc00e95
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Mon Feb 27 17:28:59 2023 +1100

    Do shadow expiry calcs using "long long".
    
    Coverity flags these as potentially not 64bit time_t safe so use
    long long for the calculations and debug output.  ok djm@

commit 01dbeb3084d714bbd001ff9d03b9de542e8cdf58
Author: Damien Miller <djm@mindrot.org>
Date:   Mon Feb 27 17:07:52 2023 +1100

    avoid clash between for getopt's struct option
    
    Since we don't use getopt_long() nothing outside the getopt()
    implementation itself uses this structure, so move it into the
    source to remove it from visibility and clashes with libc's
    
    ok dtucker@

commit eb88d07c43afe407094e7d609248d85a15e148ef
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Sat Feb 25 14:45:41 2023 +1100

    Revert explicit chmods on private keys.
    
    This should no longer be needed on Cygwin test runners due to previous
    commit.

commit 52b75db61030a6c8baf66b73644380cf3f58e26a
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Sat Feb 25 14:43:28 2023 +1100

    Remove extended ACLs from working dirs.
    
    This should allow umask to work as expected and prevent tests from
    failing due to excessive permissions on private keys.

commit 0c5d4c843df5605b043a758d69f9a611ef63c479
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Fri Feb 24 13:44:13 2023 +1100

    Explicitly set permissions on user and host keys.
    
    On cygwin, the umask might not be sufficient.  Should fix tests on
    Github runners.

commit 6c9fc9d7a9f7abf82c3294d74e6d4a25735862ce
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Wed Feb 22 03:56:43 2023 +0000

    upstream: fix progressmeter corruption on wide displays; bz3534
    
    feedback/ok dtucker@
    
    OpenBSD-Commit-ID: f4affee067cec7c182f3e0b307d758e0472762a3

commit fe0bd3cde9665d364e5eedd2c2c2e60d4cdc3786
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Tue Feb 21 06:48:18 2023 +0000

    upstream: fseek to end of known_hosts before writing to it.
    
    POSIX and ANSI C require that applications call fseek or similar between
    read and writing to a RW file.  OpenBSD doesn't enforce this, but some
    (System V derived) platforms need this to prevent it from writing a
    spurious extra byte (in this case, a newline).  ok djm@ deraadt@
    
    OpenBSD-Commit-ID: 33e680dcd8110582a93a40a8491024e961f45137

commit 357fb8ae14c07cd025eeed66e73de91bab569849
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Tue Feb 21 17:51:09 2023 +1100

    Also run unit tests on AIX VMs.
    
    In the past these tests took too long, but these days it only adds
    about 5 min to the run.

commit 17781aaa5188ee1477f7779b280d105512e3dbed
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Tue Feb 21 17:38:55 2023 +1100

    Wrap stdint.h inside ifdef.

commit ef798bad38505f7bf1b5fa5c0843dfc5a2b192b9
Author: Mayank Sharma <mayank.fit2010@gmail.com>
Date:   Mon Feb 20 17:37:15 2023 +0530

    Add includes to ptimeout test.
    
    Fixes test failures on AIX due to type mismatches.

commit ab69dda05d5268454209f529fa80f477e60d846a
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Mon Feb 20 18:24:39 2023 +1100

    Always use the openssl binary configure tells us.
    
    This fixes tests on platforms that do not have the openssl tool
    installed at all.

commit 2a7e3449908571af601a4c2d12ab140096442e47
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Fri Feb 17 04:22:50 2023 +0000

    upstream: Remove now-unused compat bit SSH_BUG_RSASIGMD5. The code
    
    to set this was removed in OpenSSH 7.7 when support for SSH implementations
    dating back to before RFC standardization were removed.  "burn it all" djm@
    
    OpenBSD-Commit-ID: 6330935fbe23dd00be79891505e06d1ffdac7cda

commit 0833ccf2c8b7ae08b296c06f17bd53e3ab94b0b0
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Fri Feb 17 03:06:18 2023 +0000

    upstream: Remove now-unused compat bit SSH_BUG_BIGENDIANAES. This
    
    was previously set for OpenSSH 2.3 (released in 2000) but this check was
    removed in OpenSSH 7.7 (2018).  ok djm@ deraadt@
    
    OpenBSD-Commit-ID: 326426ea328707fc9e83305291ab135c87f678af

commit c81c2bea6e828d52b62b448b4ffdd3c163177975
Author: Damien Miller <djm@mindrot.org>
Date:   Fri Feb 17 10:12:40 2023 +1100

    whitespace fixes

commit 500f90b39db5f0014e6b0c49ff1f45c994b69293
Author: Damien Miller <djm@mindrot.org>
Date:   Fri Feb 17 10:02:08 2023 +1100

    whitespace at EOL

commit 68350152406339170721c15e97afdf827a5e4001
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Thu Feb 16 10:10:00 2023 +0000

    upstream: Remove SSH_BUG_PASSWORDPAD compat bit
    
    since it's no longer used. ok markus@
    
    OpenBSD-Commit-ID: b92c21f56fe4b7f9a54790d6a9650725c226820b

commit 537cccd804eaf65f32bdce037cc31db4e0ab0f44
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Thu Feb 16 07:55:15 2023 +0000

    upstream: Remove SSH_BUG_IGNOREMSG compat flag
    
    since it's only applicable to SSH1 and thus no longer used.  ok markus@
    "kill it with fire" djm@
    
    OpenBSD-Commit-ID: ea13318b1937795d9db4790d3ce0a6ed01584dab

commit 285cf6cd4b91a0a0ce33193c358c99085af33e43
Author: jmc@openbsd.org <jmc@openbsd.org>
Date:   Fri Feb 10 06:41:53 2023 +0000

    upstream: space between macro and punctuation; sort usage();
    
    OpenBSD-Commit-ID: 6141610cfca037700730e41f868d1d9124958f8c

commit d39a96f70f81878c77336ed35f5c648c1804b71a
Author: jmc@openbsd.org <jmc@openbsd.org>
Date:   Fri Feb 10 06:40:48 2023 +0000

    upstream: space between macro and punctuation;
    
    OpenBSD-Commit-ID: abc95e550be9e6d9a7ff64b65c104c7be21ab19e

commit 16e82bf53fc34e43e3b948d43b68d5b27a7335e6
Author: jmc@openbsd.org <jmc@openbsd.org>
Date:   Fri Feb 10 06:39:27 2023 +0000

    upstream: sort SYNOPSIS;
    
    OpenBSD-Commit-ID: dacd9da33277d5669a51213d880632599c890c1e

commit d9685121ff6d57b8797411f3cb123884a4b96e30
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Sat Feb 11 12:32:19 2023 +1100

    Improve seccomp compat on older systems.
    
    Check if flags to mmap and madvise are defined before using them.
    Should fix problems building on older Linux systems that don't have
    these.  bz#3537, with & ok djm@.

commit 6180b0fa4f7996687678702806257e661fd5931e
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Feb 10 05:06:03 2023 +0000

    upstream: test -Ohashalg=... and that the default output contains both
    
    specified hash algorithms; prompted by dtucker@
    
    OpenBSD-Regress-ID: 26f309208c8d8b8fa9c5f419767b85f1e9b22f51

commit d651f5c9fe37e61491eee46c49ba9fa03dbc0e6a
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Feb 10 04:56:30 2023 +0000

    upstream: let ssh-keygen and ssh-keyscan accept
    
    -Ohashalg=sha1|sha256 when outputting SSHFP fingerprints to allow algorithm
    selection. bz3493 ok dtucker@
    
    OpenBSD-Commit-ID: e6e07fe21318a873bd877f333e189eb963a11b3d

commit 18938d11a90b74d63c20b2d3c965d5bd64786ab1
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Feb 10 04:47:19 2023 +0000

    upstream: add a `sshd -G` option that parses and prints the
    
    effective configuration without attempting to load private keys and perform
    other checks. This allows usage of the option before keys have been
    generated.
    
    bz3460 feedback/ok dtucker@
    
    OpenBSD-Commit-ID: 774504f629023fc25a559ab1d95401adb3a7fb29

commit df7d3dbf7194db8e97730ee0425d4d9d7bdb8b10
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Fri Feb 10 04:40:28 2023 +0000

    upstream: make `ssh -Q CASignatureAlgorithms` work as the manpage says
    
    it should bz3532
    
    OpenBSD-Commit-ID: 0ddb17b3fcbd99bfb5baea4ac5e449620cbd3adc

commit d3b8d4198b6595f23b5859d43dc8fc701f97429b
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Fri Feb 10 14:26:44 2023 +1100

    Add CentOS 7 test targets.

commit 22efb01e355bba4755b730ed417f91c081445bfc
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Thu Feb 9 09:55:33 2023 +0000

    upstream: Test adding terminating newline to known_hosts.
    
    OpenBSD-Regress-ID: 5fc3010ac450195b3fbdeb68e875564968800365

commit caec6da1a583ed8c32c6ad3b81bbcaab46ac8b61
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Wed Feb 8 08:06:03 2023 +0000

    upstream: ssh-agent doesn't actually take -v,
    
    so the recently-added ones will result in the test not cleaning up
    after itself.  Patch from cjwatson at debian.org vi bz#3536.
    
    OpenBSD-Regress-ID: 1fc8283568f5bf2f918517c2c1e778072cf61b1a

commit 3c379c9a849a635cc7f05cbe49fe473ccf469ef9
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Thu Feb 9 09:54:11 2023 +0000

    upstream: Ensure that there is a terminating newline when adding a new
    
    entry to known_hosts.  bz#3529, with git+openssh at limpsquid.nl, ok deraadt@
    markus@
    
    OpenBSD-Commit-ID: fa8d90698da1886570512b96f051e266eac105e0

commit 95b6bbd2553547260b324b39d602061c88b774bc
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Tue Feb 7 08:43:47 2023 +1100

    Replace 9.1 with 9.2 on CI status page.

commit 195313dfe10a23c82e9d56d5fdd2f59beee1bdcf
Author: Damien Miller <djm@mindrot.org>
Date:   Fri Feb 3 16:33:09 2023 +1100

    harden Linux seccomp sandbox
    
    Linux mmap(2) and madvise(2) syscalls support quite a number of funky
    flags that we don't expect that sshd/libc will ever need. We can
    exclude this kernel attack surface by filtering the mmap(2) flags
    and the madvise(2) advice arguments.
    
    Similarly, the sandboxed process in sshd is a single-threaded program
    that does not use shared memory for synchronisation or communication.
    Therefore, there should be no reason for the advanced priority
    inheritance futex(2) operations to be necessary. These can also be
    excluded.
    
    Motivated by Jann Horn pointing out that there have been kernel bugs
    in nearby Linux kernel code, e.g. CVE-2020-29368, CVE-2020-29374 and
    CVE-2022-42703.
    
    Feedback Jann Horn, ok dtucker@

commit 6dfb65de949cdd0a5d198edee9a118f265924f33
Author: Damien Miller <djm@mindrot.org>
Date:   Thu Feb 2 23:21:54 2023 +1100

    crank versions in RPM specs

commit d07cfb11a0ca574eb68a3931d8c46fbe862a2021
Author: Damien Miller <djm@mindrot.org>
Date:   Thu Feb 2 23:21:45 2023 +1100

    update version in README

commit 9fe207565b4ab0fe5d1ac5bb85e39188d96fb214
Author: Damien Miller <djm@mindrot.org>
Date:   Thu Feb 2 23:17:49 2023 +1100

    adapt compat_kex_proposal() test to portable

commit 903c556b938fff2d7bff8da2cc460254430963c5
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Thu Feb 2 12:12:52 2023 +0000

    upstream: test compat_kex_proposal(); by dtucker@
    
    OpenBSD-Regress-ID: 0e404ee264db546f9fdbf53390689ab5f8d38bf2

commit 405fba71962dec8409c0c962408e09049e5624b5
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Thu Jan 19 07:53:45 2023 +0000

    upstream: Check if we can copy sshd or need to use sudo to do so
    
    during reexec test. Skip test if neither can work.  Patch from anton@, tweaks
    from me.
    
    OpenBSD-Regress-ID: 731b96ae74d02d5744e1f1a8e51d09877ffd9b6d

commit b2a2a8f69fd7737ea17dc044353c514f2f962f35
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Thu Feb 2 12:10:22 2023 +0000

    upstream: openssh-9.2
    
    OpenBSD-Commit-ID: f7389f32413c74d6e2055f05cf65e7082de03923

commit 12da7823336434a403f25c7cc0c2c6aed0737a35
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Thu Feb 2 12:10:05 2023 +0000

    upstream: fix double-free caused by compat_kex_proposal(); bz3522
    
    by dtucker@, ok me
    
    OpenBSD-Commit-ID: 2bfc37cd2d41f67dad64c17a64cf2cd3806a5c80

commit 79efd95ab5ff99f4cb3a955e2d713b3f54fb807e
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Wed Feb 1 17:17:26 2023 +1100

    Skip connection-timeout test on minix3.
    
    Minix 3's Unix domain sockets don't seem to work the way we expect, so
    skip connection-timeout test on that platform.  While there, group
    together all similarly skipped tests and explicitly comment.

commit 6b508c4e039619842bcf5a16f8a6b08dd6bec44a
Author: Damien Miller <djm@mindrot.org>
Date:   Wed Feb 1 12:12:05 2023 +1100

    fix libfido2 detection without pkg-config
    
    Place libfido2 before additional libraries (that it may depend upon)
    and not after. bz3530 from James Zhang; ok dtucker@

commit 358e300fed5e6def233a2c06326e51e20ebed621
Author: deraadt@openbsd.org <deraadt@openbsd.org>
Date:   Wed Jan 18 20:56:36 2023 +0000

    upstream: delete useless dependency
    
    OpenBSD-Commit-ID: e1dc11143f83082e3154d6094f9136d0dc2637ad

commit a4cb9be1b021b511e281ee55c356f964487d9e82
Author: deraadt@openbsd.org <deraadt@openbsd.org>
Date:   Wed Jan 18 20:43:15 2023 +0000

    upstream: Create and install sshd random relink kit.
    
    ../Makefile.inc and Makfile are concatenated for reuse, which hopefully won't
    be too fragile, we'll see if we need a different approach. The resulting sshd
    binary is tested with the new sshd -V option before installation.  As the
    binary layout is now semi-unknown (meaning relative, fixed, and gadget
    offsets are not precisely known), change the filesystem permissions to 511 to
    prevent what I call "logged in BROP". I have ideas for improving this further
    but this is a first step ok djm
    
    OpenBSD-Commit-ID: 1e0a2692b7e20b126dda60bf04999d1d30d959d8

commit bc7de6f91a9a0ae2f148a9d31a4027d441a51999
