netio.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 fix ftbfs on hurd-i386.

GNU Hurd defines neither IOV_MAX nor UIO_MAXIOV.

test/test_aslr.py | 7 5 + 2 - 0 !
1 file changed, 5 insertions(+), 2 deletions(-)

 support running test_aslr without venv.

Without this patch the test fails because the remote shell can't parse
the command:

    $ ; echo nay
    bash: syntax error near unexpected token `;'

test/test_channels.py | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 raise connection delay in tests.

0.1s delay is too short on slower hardware such as the armhf debci
runners (or armhf porterboxes).  Ideally the test would wait for the
listener to actually be available instead of doing guess work, but
raising the delay should be good enough for now.

cli-session.c | 11 11 + 0 - 0 !
common-algo.c | 6 6 + 0 - 0 !
common-kex.c | 26 25 + 1 - 0 !
kex.h | 3 3 + 0 - 0 !
process-packet.c | 34 19 + 15 - 0 !
ssh.h | 4 4 + 0 - 0 !
svr-session.c | 3 3 + 0 - 0 !
7 files changed, 71 insertions(+), 16 deletions(-)

 implement strict kex mode

As specified by OpenSSH with kex-strict-c-v00@openssh.com and
kex-strict-s-v00@openssh.com.

svr-tcpfwd.c | 6 3 + 3 - 0 !
1 file changed, 3 insertions(+), 3 deletions(-)

 src: svr-tcpfwd: fix noremotetcp behavior

If noremotetcp is set, we should still reply with
send_msg_request_failed. This matches the behavior
of !DROPBEAR_SVR_REMOTETCPFWD.

We were seeing keepalive packets being ignored when
the "-k" option was used.

cli-runopts.c | 45 25 + 20 - 0 !
1 file changed, 25 insertions(+), 20 deletions(-)

 handle arbitrary length paths and commands in
 multihop_passthrough_args()

cli-main.c | 61 41 + 20 - 0 !
cli-runopts.c | 100 59 + 41 - 0 !
dbutil.c | 9 7 + 2 - 0 !
dbutil.h | 1 1 + 0 - 0 !
runopts.h | 5 5 + 0 - 0 !
5 files changed, 113 insertions(+), 63 deletions(-)

 execute multihop commands directly, no shell

This avoids problems with shell escaping if arguments contain special
characters.