Package: openssh / 1:7.4p1-10+deb9u7

Metadata

Package Version Patches format
openssh 1:7.4p1-10+deb9u7 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
gssapi.patch | (download)

ChangeLog.gssapi | 113 113 + 0 - 0 !
Makefile.in | 3 2 + 1 - 0 !
auth-krb5.c | 17 15 + 2 - 0 !
auth.c | 96 2 + 94 - 0 !
auth2-gss.c | 48 45 + 3 - 0 !
auth2.c | 2 2 + 0 - 0 !
canohost.c | 93 93 + 0 - 0 !
canohost.h | 3 3 + 0 - 0 !
clientloop.c | 15 14 + 1 - 0 !
config.h.in | 6 6 + 0 - 0 !
configure.ac | 24 24 + 0 - 0 !
gss-genr.c | 275 271 + 4 - 0 !
gss-serv-krb5.c | 85 78 + 7 - 0 !
gss-serv.c | 184 170 + 14 - 0 !
kex.c | 19 19 + 0 - 0 !
kex.h | 14 14 + 0 - 0 !
kexgssc.c | 338 338 + 0 - 0 !
kexgsss.c | 295 295 + 0 - 0 !
monitor.c | 115 106 + 9 - 0 !
monitor.h | 3 3 + 0 - 0 !
monitor_wrap.c | 47 46 + 1 - 0 !
monitor_wrap.h | 4 3 + 1 - 0 !
readconf.c | 42 42 + 0 - 0 !
readconf.h | 5 5 + 0 - 0 !
servconf.c | 28 27 + 1 - 0 !
servconf.h | 2 2 + 0 - 0 !
ssh-gss.h | 41 37 + 4 - 0 !
ssh_config | 2 2 + 0 - 0 !
ssh_config.5 | 32 32 + 0 - 0 !
sshconnect2.c | 131 127 + 4 - 0 !
sshd.c | 112 111 + 1 - 0 !
sshd_config | 2 2 + 0 - 0 !
sshd_config.5 | 10 10 + 0 - 0 !
sshkey.c | 3 2 + 1 - 0 !
sshkey.h | 1 1 + 0 - 0 !
35 files changed, 2062 insertions(+), 148 deletions(-)

 gssapi key exchange support

This patch has been rejected upstream: "None of the OpenSSH developers are
in favour of adding this, and this situation has not changed for several
years.  This is not a slight on Simon's patch, which is of fine quality, but
just that a) we don't trust GSSAPI implementations that much and b) we don't
like adding new KEX since they are pre-auth attack surface.  This one is
particularly scary, since it requires hooks out to typically root-owned
system resources."

However, quite a lot of people rely on this in Debian, and it's better to
have it merged into the main openssh package rather than having separate
-krb5 packages (as we used to have).  It seems to have a generally good
security history.

Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242
Last-Updated: 2017-01-16

Patch-Name: gssapi.patch

restore tcp wrappers.patch | (download)

configure.ac | 57 57 + 0 - 0 !
sshd.8 | 7 7 + 0 - 0 !
sshd.c | 25 25 + 0 - 0 !
3 files changed, 89 insertions(+)

 restore tcp wrappers support

Support for TCP wrappers was dropped in OpenSSH 6.7.  See this message
and thread:

  https://lists.mindrot.org/pipermail/openssh-unix-dev/2014-April/032497.html

It is true that this reduces preauth attack surface in sshd.  On the
other hand, this support seems to be quite widely used, and abruptly
dropping it (from the perspective of users who don't read
openssh-unix-dev) could easily cause more serious problems in practice.

It's not entirely clear what the right long-term answer for Debian is,
but it at least probably doesn't involve dropping this feature shortly
before a freeze.

selinux role.patch | (download)

auth.h | 1 1 + 0 - 0 !
auth2.c | 10 8 + 2 - 0 !
monitor.c | 32 29 + 3 - 0 !
monitor.h | 2 2 + 0 - 0 !
monitor_wrap.c | 22 20 + 2 - 0 !
monitor_wrap.h | 3 2 + 1 - 0 !
openbsd-compat/port-linux.c | 27 20 + 7 - 0 !
openbsd-compat/port-linux.h | 4 2 + 2 - 0 !
platform.c | 4 2 + 2 - 0 !
platform.h | 2 1 + 1 - 0 !
session.c | 10 5 + 5 - 0 !
session.h | 2 1 + 1 - 0 !
sshd.c | 2 1 + 1 - 0 !
sshpty.c | 4 2 + 2 - 0 !
sshpty.h | 2 1 + 1 - 0 !
15 files changed, 97 insertions(+), 30 deletions(-)

 handle selinux authorisation roles

Rejected upstream due to discomfort with magic usernames; a better approach
will need an SSH protocol change.  In the meantime, this came from Debian's
SELinux maintainer, so we'll keep it until we have something better.

Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1641
Bug-Debian: http://bugs.debian.org/394795
ssh vulnkey compat.patch | (download)

readconf.c | 1 1 + 0 - 0 !
servconf.c | 1 1 + 0 - 0 !
2 files changed, 2 insertions(+)

 accept obsolete ssh-vulnkey configuration options

These options were used as part of Debian's response to CVE-2008-0166.
Nearly six years later, we no longer need to continue carrying the bulk
of that patch, but we do need to avoid failing when the associated
configuration options are still present.

keepalive extensions.patch | (download)

readconf.c | 14 12 + 2 - 0 !
ssh_config.5 | 21 19 + 2 - 0 !
sshd_config.5 | 3 3 + 0 - 0 !
3 files changed, 34 insertions(+), 4 deletions(-)

 various keepalive extensions

Add compatibility aliases for ProtocolKeepAlives and SetupTimeOut, supported
in previous versions of Debian's OpenSSH package but since superseded by
ServerAliveInterval.  (We're probably stuck with this bit for
compatibility.)

In batch mode, default ServerAliveInterval to five minutes.

Adjust documentation to match and to give some more advice on use of
keepalives.

syslog level silent.patch | (download)

log.c | 1 1 + 0 - 0 !
ssh.c | 2 1 + 1 - 0 !
2 files changed, 2 insertions(+), 1 deletion(-)

 "loglevel silent" compatibility

"LogLevel SILENT" (-qq) was introduced in Debian openssh 1:3.0.1p1-1 to
match the behaviour of non-free SSH, in which -q does not suppress fatal
errors.  However, this was unintentionally broken in 1:4.6p1-2 and nobody
complained, so we've dropped most of it.  The parts that remain are basic
configuration file compatibility, and an adjustment to "Pseudo-terminal will
not be allocated ..." which should be split out into a separate patch.

quieter signals.patch | (download)

clientloop.c | 6 4 + 2 - 0 !
1 file changed, 4 insertions(+), 2 deletions(-)

 reduce severity of "killed by signal %d"

This produces irritating messages when using ProxyCommand or other programs
that use ssh under the covers (e.g. Subversion).  These messages are more
normally printed by the calling program, such as the shell.

According to the upstream bug, the right way to avoid this is to use the -q
option, so we may drop this patch after further investigation into whether
any software in Debian is still relying on it.

user group modes.patch | (download)

auth-rhosts.c | 6 2 + 4 - 0 !
auth.c | 9 3 + 6 - 0 !
misc.c | 69 68 + 1 - 0 !
misc.h | 2 2 + 0 - 0 !
platform.c | 16 0 + 16 - 0 !
readconf.c | 3 1 + 2 - 0 !
ssh.1 | 2 2 + 0 - 0 !
ssh_config.5 | 2 2 + 0 - 0 !
8 files changed, 80 insertions(+), 29 deletions(-)

 allow harmless group-writability

Allow secure files (~/.ssh/config, ~/.ssh/authorized_keys, etc.) to be
group-writable, provided that the group in question contains only the file's
owner.  Rejected upstream for IMO incorrect reasons (e.g. a misunderstanding
about the contents of gr->gr_mem).  Given that per-user groups and umask 002
are the default setup in Debian (for good reasons - this makes operating in
setgid directories with other groups much easier), we need to permit this by
default.

Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1060
Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=314347
scp quoting.patch | (download)

scp.c | 12 10 + 2 - 0 !
1 file changed, 10 insertions(+), 2 deletions(-)

 adjust scp quoting in verbose mode

Tweak scp's reporting of filenames in verbose mode to be a bit less
confusing with spaces.

This should be revised to mimic real shell quoting.

Bug-Ubuntu: https://bugs.launchpad.net/bugs/89945
shell path.patch | (download)

sshconnect.c | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 look for $shell on the path for proxycommand/localcommand

There's some debate on the upstream bug about whether POSIX requires this.
I (Colin Watson) agree with Vincent and think it does.

Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1494
Bug-Debian: http://bugs.debian.org/492728
dnssec sshfp.patch | (download)

dns.c | 14 13 + 1 - 0 !
openbsd-compat/getrrsetbyname.c | 10 5 + 5 - 0 !
openbsd-compat/getrrsetbyname.h | 3 3 + 0 - 0 !
3 files changed, 21 insertions(+), 6 deletions(-)

 force use of dnssec even if "options edns0" isn't in resolv.conf

This allows SSHFP DNS records to be verified if glibc 2.11 is installed.

auth log verbosity.patch | (download)

auth-options.c | 35 26 + 9 - 0 !
auth-options.h | 1 1 + 0 - 0 !
auth2-pubkey.c | 3 3 + 0 - 0 !
3 files changed, 30 insertions(+), 9 deletions(-)

 quieten logs when multiple from= restrictions are used

Bug-Debian: http://bugs.debian.org/630606
mention ssh keygen on keychange.patch | (download)

sshconnect.c | 8 7 + 1 - 0 !
1 file changed, 7 insertions(+), 1 deletion(-)

 mention ssh-keygen in ssh fingerprint changed warning

Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1843
Bug-Ubuntu: https://bugs.launchpad.net/bugs/686607
package versioning.patch | (download)

sshconnect.c | 4 2 + 2 - 0 !
sshd.c | 2 1 + 1 - 0 !
version.h | 7 6 + 1 - 0 !
3 files changed, 9 insertions(+), 4 deletions(-)

 include the debian version in our identification

This makes it easier to audit networks for versions patched against security
vulnerabilities.  It has little detrimental effect, as attackers will
generally just try attacks rather than bothering to scan for
vulnerable-looking version strings.  (However, see debian-banner.patch.)

debian banner.patch | (download)

servconf.c | 9 9 + 0 - 0 !
servconf.h | 2 2 + 0 - 0 !
sshd.c | 3 2 + 1 - 0 !
sshd_config.5 | 5 5 + 0 - 0 !
4 files changed, 18 insertions(+), 1 deletion(-)

 add debianbanner server configuration option

Setting this to "no" causes sshd to omit the Debian revision from its
initial protocol handshake, for those scared by package-versioning.patch.

Bug-Debian: http://bugs.debian.org/562048
authorized keys man symlink.patch | (download)

Makefile.in | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 install authorized_keys(5) as a symlink to sshd(8)

Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1720
Bug-Debian: http://bugs.debian.org/441817
openbsd docs.patch | (download)

moduli.5 | 4 2 + 2 - 0 !
ssh-keygen.1 | 12 4 + 8 - 0 !
ssh.1 | 4 4 + 0 - 0 !
sshd.8 | 5 2 + 3 - 0 !
sshd_config.5 | 3 1 + 2 - 0 !
5 files changed, 13 insertions(+), 15 deletions(-)

 adjust various openbsd-specific references in manual pages

No single bug reference for this patch, but history includes:
 http://bugs.debian.org/154434 (login.conf(5))
 http://bugs.debian.org/513417 (/etc/rc)
 http://bugs.debian.org/530692 (ssl(8))
 https://bugs.launchpad.net/bugs/456660 (ssl(8))

ssh argv0.patch | (download)

ssh.1 | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 ssh(1): refer to ssh-argv0(1)

Old versions of OpenSSH (up to 2.5 or thereabouts) allowed creating symlinks
to ssh with the name of the host you want to connect to.  Debian ships an
ssh-argv0 script restoring this feature; this patch refers to its manual
page from ssh(1).

Bug-Debian: http://bugs.debian.org/111341
doc hash tab completion.patch | (download)

ssh_config.5 | 3 3 + 0 - 0 !
1 file changed, 3 insertions(+)

 document that hashknownhosts may break tab-completion

Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1727
Bug-Debian: http://bugs.debian.org/430154
doc upstart.patch | (download)

sshd.8 | 5 4 + 1 - 0 !
1 file changed, 4 insertions(+), 1 deletion(-)

 refer to ssh's upstart job as well as its init script

ssh agent setgid.patch | (download)

ssh-agent.1 | 15 15 + 0 - 0 !
1 file changed, 15 insertions(+)

 document consequences of ssh-agent being setgid in ssh-agent(1)

Bug-Debian: http://bugs.debian.org/711623
no openssl version status.patch | (download)

openbsd-compat/openssl-compat.c | 6 3 + 3 - 0 !
openbsd-compat/regress/opensslvertest.c | 1 1 + 0 - 0 !
2 files changed, 4 insertions(+), 3 deletions(-)

 don't check the status field of the openssl version

There is no reason to check the version of OpenSSL (in Debian).  If it's
not compatible the soname will change.  OpenSSH seems to want to do a
check for the soname based on the version number, but wants to keep the
status of the release the same.  Remove that check on the status since
it doesn't tell you anything about how compatible that version is.

gnome ssh askpass2 icon.patch | (download)

contrib/gnome-ssh-askpass2.c | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 give the ssh-askpass-gnome window a default icon

Bug-Ubuntu: https://bugs.launchpad.net/bugs/27152
sigstop.patch | (download)

sshd.c | 10 10 + 0 - 0 !
1 file changed, 10 insertions(+)

 support synchronisation with service supervisor using sigstop

systemd readiness.patch | (download)

configure.ac | 24 24 + 0 - 0 !
sshd.c | 9 9 + 0 - 0 !
2 files changed, 33 insertions(+)

 add systemd readiness notification support

Bug-Debian: https://bugs.debian.org/778913
debian config.patch | (download)

readconf.c | 2 1 + 1 - 0 !
ssh.1 | 21 21 + 0 - 0 !
ssh_config | 6 5 + 1 - 0 !
ssh_config.5 | 19 18 + 1 - 0 !
sshd_config | 16 10 + 6 - 0 !
sshd_config.5 | 22 22 + 0 - 0 !
6 files changed, 77 insertions(+), 9 deletions(-)

 various debian-specific configuration changes

ssh: Enable ForwardX11Trusted, returning to earlier semantics which cause
fewer problems with existing setups (http://bugs.debian.org/237021).

ssh: Set 'SendEnv LANG LC_*' by default (http://bugs.debian.org/264024).

ssh: Enable HashKnownHosts by default to try to limit the spread of ssh
worms.

ssh: Enable GSSAPIAuthentication by default.

sshd: Enable PAM, disable ChallengeResponseAuthentication, and disable
PrintMotd.

sshd: Enable X11Forwarding.

sshd: Set 'AcceptEnv LANG LC_*' by default.

sshd: Change sftp subsystem path to /usr/lib/openssh/sftp-server.

Document all of this.

regress integrity robust.patch | (download)

regress/integrity.sh | 9 5 + 4 - 0 !
1 file changed, 5 insertions(+), 4 deletions(-)

 make integrity tests more robust against timeouts

If the first test in a series for a given MAC happens to modify the low
bytes of a packet length, then ssh will time out and this will be
interpreted as a test failure.  Handle this failure mode.

Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=2658
Patch-Name: regress-integrity-robust.patch

regress forwarding race.patch | (download)

regress/forwarding.sh | 32 19 + 13 - 0 !
1 file changed, 19 insertions(+), 13 deletions(-)

 fix race conditions in forwarding tests

The forwarding tests sometimes seem to fail in a way that suggests ports
are in use even though they shouldn't be.  Convert more of them to use a
mux socket rather than relying on sleeps in the hope that that makes
behaviour more consistent.

Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=2659
Patch-Name: regress-forwarding-race.patch

regress mktemp.patch | (download)

Makefile.in | 5 5 + 0 - 0 !
regress/forwarding.sh | 3 2 + 1 - 0 !
regress/mkdtemp.c | 59 59 + 0 - 0 !
regress/multiplex.sh | 3 2 + 1 - 0 !
regress/test-exec.sh | 11 11 + 0 - 0 !
5 files changed, 79 insertions(+), 2 deletions(-)

 create mux socket for regress in temp directory

In some setups, creating the socket under OBJ may result in a path that
is too long for a Unix domain socket.  Add a helper to let us portably
create a temporary directory instead.

Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=2660
sandbox x32 workaround.patch | (download)

sandbox-seccomp-filter.c | 9 9 + 0 - 0 !
1 file changed, 9 insertions(+)

 work around clock_gettime kernel bug on linux x32

On Linux x32, the clock_gettime VDSO currently falls back to the x86-64
syscall, so allow that as well as its x32 sibling.

Bug-Debian: https://bugs.debian.org/849923
no dsa host key by default.patch | (download)

servconf.c | 2 0 + 2 - 0 !
sshd.8 | 7 3 + 4 - 0 !
sshd_config | 1 0 + 1 - 0 !
sshd_config.5 | 7 3 + 4 - 0 !
4 files changed, 6 insertions(+), 11 deletions(-)

 remove ssh_host_dsa_key from hostkey default

The client no longer accepts DSA host keys, and servers using the
default HostKey setting should have better host keys available.

Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=2662
Bug-Debian: https://bugs.debian.org/850614
restore authorized_keys2.patch | (download)

sshd_config | 5 2 + 3 - 0 !
1 file changed, 2 insertions(+), 3 deletions(-)

 restore reading authorized_keys2 by default

Upstream seems to intend to gradually phase this out, so don't assume
that this will remain the default forever.  However, we were late in
adopting the upstream sshd_config changes, so it makes sense to extend
the grace period.

Bug-Debian: https://bugs.debian.org/852320
ssh keygen hash corruption.patch | (download)

ssh-keygen.c | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 upstream commit

fix ssh-keygen -H accidentally corrupting known_hosts that
contained already-hashed entries. HKF_MATCH_HOST_HASHED is only set by
hostkeys_foreach() when hostname matching is in use, so we need to look for
the hash marker explicitly.

Upstream-ID: da82ad653b93e8a753580d3cf5cd448bc2520528

ssh keyscan hash port.patch | (download)

ssh-keyscan.c | 11 6 + 5 - 0 !
1 file changed, 6 insertions(+), 5 deletions(-)

 upstream commit

correctly hash hosts with a port number. Reported by Josh
Powers in bz#2692; ok dtucker@

Upstream-ID: 468e357ff143e00acc05bdd2803a696b3d4b6442

ssh keygen null deref.patch | (download)

ssh-keygen.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 upstream commit

Check l->hosts before dereferencing; fixes potential null
pointer deref. ok djm@

Upstream-ID: 81c0327c6ec361da794b5c680601195cc23d1301

unbreak unix forwarding for root.patch | (download)

serverloop.c | 19 12 + 7 - 0 !
1 file changed, 12 insertions(+), 7 deletions(-)

 upstream commit

unbreak Unix domain socket forwarding for root; ok
markus@

Upstream-ID: 6649c76eb7a3fa15409373295ca71badf56920a2

fix incoming compression statistics.patch | (download)

packet.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 fix incoming compression statistics

Bug-Debian: https://bugs.debian.org/797964
winscp dhgex compat.patch | (download)

compat.c | 9 6 + 3 - 0 !
1 file changed, 6 insertions(+), 3 deletions(-)

 fix dh group exchange compat with current winscp

Make WinSCP patterns for SSH_OLD_DHGEX more specific to
exclude WinSCP 5.10.x and up.  bz#2748, from martin at winscp.net, ok djm@

Upstream-ID: 6fd7c32e99af3952db007aa180e73142ddbc741a

dash dash before hostname.patch | (download)

ssh.c | 9 6 + 3 - 0 !
1 file changed, 6 insertions(+), 3 deletions(-)

 make "--" before hostname end option processing

make "--" before the hostname terminate command-line
option processing completely; previous behaviour would not prevent further
options appearing after the hostname (ssh has a supported options after the
hostname for >20 years, so that's too late to change).

ok deraadt@

Upstream-ID: ef5ee50571b98ad94dcdf8282204e877ec88ad89

CVE 2017 15906.patch | (download)

sftp-server.c | 6 3 + 3 - 0 !
1 file changed, 3 insertions(+), 3 deletions(-)

 upstream commit

disallow creation (of empty files) in read-only mode;
reported by Michal Zalewski, feedback & ok deraadt@

Upstream-ID: 5d9c8f2fa8511d4ecf95322994ffe73e9283899b

upstream delay bailout for invalid authenticating user.patch | (download)

auth2-gss.c | 9 6 + 3 - 0 !
auth2-hostbased.c | 9 5 + 4 - 0 !
auth2-pubkey.c | 21 14 + 7 - 0 !
3 files changed, 25 insertions(+), 14 deletions(-)

 upstream: delay bailout for invalid authenticating user
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

... until after the packet containing the request has been fully parsed.
Reported by Dariusz Tytko and Micha Sajdak; ok deraadt

OpenBSD-Commit-ID: b4891882fbe413f230fe8ac8a37349b03bd0b70d

scp disallow dot or empty filename.patch | (download)

scp.c | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

 upstream: disallow empty incoming filename or ones that refer to the

current directory; based on report/patch from Harry Sintonen

OpenBSD-Commit-ID: f27651b30eaee2df49540ab68d030865c04f6de9

sanitize scp filenames via snmprintf.patch | (download)

atomicio.c | 20 15 + 5 - 0 !
progressmeter.c | 53 24 + 29 - 0 !
progressmeter.h | 3 2 + 1 - 0 !
scp.c | 1 1 + 0 - 0 !
sftp-client.c | 16 9 + 7 - 0 !
5 files changed, 51 insertions(+), 42 deletions(-)

 upstream: sanitize scp filenames via snmprintf. to do this we move

the progressmeter formatting outside of signal handler context and have the
atomicio callback called for EINTR too.  bz#2434 with contributions from djm
and jjelen at redhat.com, ok djm@

OpenBSD-Commit-ID: 1af61c1f70e4f3bd8ab140b9f1fa699481db57d8

have progressmeter force update at beginning and end transfer.patch | (download)

progressmeter.c | 13 5 + 8 - 0 !
progressmeter.h | 4 2 + 2 - 0 !
scp.c | 2 1 + 1 - 0 !
sftp-client.c | 2 1 + 1 - 0 !
4 files changed, 9 insertions(+), 12 deletions(-)

 upstream: have progressmeter force an update at the beginning and

end of each transfer.  Fixes the problem recently introduces where very quick
transfers do not display the progressmeter at all.  Spotted by naddy@

OpenBSD-Commit-ID: 68dc46c259e8fdd4f5db3ec2a130f8e4590a7a9a

check filenames in scp client.patch | (download)

scp.1 | 17 13 + 4 - 0 !
scp.c | 35 27 + 8 - 0 !
2 files changed, 40 insertions(+), 12 deletions(-)

 upstream: check in scp client that filenames sent during

remote->local directory copies satisfy the wildcard specified by the user.

This checking provides some protection against a malicious server
sending unexpected filenames, but it comes at a risk of rejecting wanted
scp handle braces.patch | (download)

scp.c | 280 269 + 11 - 0 !
1 file changed, 269 insertions(+), 11 deletions(-)

 upstream: when checking that filenames sent by the server side

match what the client requested, be prepared to handle shell-style brace
alternations, e.g. "{foo,bar}".

"looks good to me" millert@ + in snaps for the last week courtesy
deraadt@

OpenBSD-Commit-ID: 3b1ce7639b0b25b2248e3a30f561a548f6815f3e

fix deadlock in keys principals command.patch | (download)

auth2-pubkey.c | 6 6 + 0 - 0 !
1 file changed, 6 insertions(+)

 [patch] upstream commit

fix deadlock when keys/principals command produces a lot of
output and a key is matched early; bz#2655, patch from jboning AT gmail.com

Upstream-ID: e19456429bf99087ea994432c16d00a642060afe