Sync with HEAD. 77 conflicts resolved - all of them $NetBSD$ pgoyette-compat
authorpgoyette <pgoyette@NetBSD.org>
Sat, 07 Apr 2018 04:11:47 +0000
branchpgoyette-compat
changeset 317848 fb08c4cde159
parent 317735 22b1fdad0264
child 318120 63d80ea6bbbf
Sync with HEAD. 77 conflicts resolved - all of them $NetBSD$
bin/ed/ed.1
bin/ed/main.c
build.sh
crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c
crypto/dist/ipsec-tools/src/racoon/debugrm.c
crypto/dist/ipsec-tools/src/racoon/debugrm.h
crypto/external/bsd/heimdal/dist/kcm/cache.c
crypto/external/bsd/heimdal/dist/kcm/glue.c
crypto/external/bsd/netpgp/dist/include/netpgp.h
crypto/external/bsd/netpgp/dist/src/lib/libnetpgp.3
crypto/external/bsd/netpgp/dist/src/libbn/libnetpgpbn.3
crypto/external/bsd/netpgp/dist/src/libmj/libmj.3
crypto/external/bsd/netpgp/dist/src/netpgpverify/netpgpverify.1
crypto/external/bsd/openssh/Makefile.inc
crypto/external/bsd/openssh/bin/ssh/Makefile
crypto/external/bsd/openssh/dist/PROTOCOL
crypto/external/bsd/openssh/dist/PROTOCOL.certkeys
crypto/external/bsd/openssh/dist/auth-options.c
crypto/external/bsd/openssh/dist/auth-options.h
crypto/external/bsd/openssh/dist/auth-pam.c
crypto/external/bsd/openssh/dist/auth-pam.h
crypto/external/bsd/openssh/dist/auth-passwd.c
crypto/external/bsd/openssh/dist/auth.c
crypto/external/bsd/openssh/dist/auth.h
crypto/external/bsd/openssh/dist/auth2-hostbased.c
crypto/external/bsd/openssh/dist/auth2-none.c
crypto/external/bsd/openssh/dist/auth2-passwd.c
crypto/external/bsd/openssh/dist/auth2-pubkey.c
crypto/external/bsd/openssh/dist/auth2.c
crypto/external/bsd/openssh/dist/authfd.c
crypto/external/bsd/openssh/dist/authfd.h
crypto/external/bsd/openssh/dist/authfile.c
crypto/external/bsd/openssh/dist/bitmap.c
crypto/external/bsd/openssh/dist/bitmap.h
crypto/external/bsd/openssh/dist/blf.h
crypto/external/bsd/openssh/dist/blocks.c
crypto/external/bsd/openssh/dist/chacha.h
crypto/external/bsd/openssh/dist/channels.c
crypto/external/bsd/openssh/dist/cipher-aesctr.c
crypto/external/bsd/openssh/dist/cipher-aesctr.h
crypto/external/bsd/openssh/dist/cipher-chachapoly.h
crypto/external/bsd/openssh/dist/cipher-ctr-mt.c
crypto/external/bsd/openssh/dist/cipher.c
crypto/external/bsd/openssh/dist/cleanup.c
crypto/external/bsd/openssh/dist/clientloop.c
crypto/external/bsd/openssh/dist/clientloop.h
crypto/external/bsd/openssh/dist/compat.c
crypto/external/bsd/openssh/dist/compat.h
crypto/external/bsd/openssh/dist/crypto_api.h
crypto/external/bsd/openssh/dist/dh.c
crypto/external/bsd/openssh/dist/digest.h
crypto/external/bsd/openssh/dist/dns.c
crypto/external/bsd/openssh/dist/dns.h
crypto/external/bsd/openssh/dist/fe25519.h
crypto/external/bsd/openssh/dist/fmt_scaled.c
crypto/external/bsd/openssh/dist/ge25519.h
crypto/external/bsd/openssh/dist/hash.c
crypto/external/bsd/openssh/dist/hmac.h
crypto/external/bsd/openssh/dist/includes.h
crypto/external/bsd/openssh/dist/kex.c
crypto/external/bsd/openssh/dist/kexc25519c.c
crypto/external/bsd/openssh/dist/kexdhc.c
crypto/external/bsd/openssh/dist/kexdhs.c
crypto/external/bsd/openssh/dist/kexecdhc.c
crypto/external/bsd/openssh/dist/kexecdhs.c
crypto/external/bsd/openssh/dist/kexgexc.c
crypto/external/bsd/openssh/dist/kexgexs.c
crypto/external/bsd/openssh/dist/key.c
crypto/external/bsd/openssh/dist/key.h
crypto/external/bsd/openssh/dist/krl.c
crypto/external/bsd/openssh/dist/krl.h
crypto/external/bsd/openssh/dist/misc.c
crypto/external/bsd/openssh/dist/misc.h
crypto/external/bsd/openssh/dist/moduli-gen/moduli.2048
crypto/external/bsd/openssh/dist/moduli-gen/moduli.3072
crypto/external/bsd/openssh/dist/moduli-gen/moduli.4096
crypto/external/bsd/openssh/dist/moduli-gen/moduli.6144
crypto/external/bsd/openssh/dist/moduli-gen/moduli.7680
crypto/external/bsd/openssh/dist/moduli-gen/moduli.8192
crypto/external/bsd/openssh/dist/moduli.c
crypto/external/bsd/openssh/dist/monitor.c
crypto/external/bsd/openssh/dist/monitor_wrap.c
crypto/external/bsd/openssh/dist/monitor_wrap.h
crypto/external/bsd/openssh/dist/opacket.c
crypto/external/bsd/openssh/dist/opacket.h
crypto/external/bsd/openssh/dist/packet.c
crypto/external/bsd/openssh/dist/packet.h
crypto/external/bsd/openssh/dist/pathnames.h
crypto/external/bsd/openssh/dist/pfilter.c
crypto/external/bsd/openssh/dist/pfilter.h
crypto/external/bsd/openssh/dist/poly1305.h
crypto/external/bsd/openssh/dist/readconf.c
crypto/external/bsd/openssh/dist/readconf.h
crypto/external/bsd/openssh/dist/readpassphrase.c
crypto/external/bsd/openssh/dist/rijndael.c
crypto/external/bsd/openssh/dist/rijndael.h
crypto/external/bsd/openssh/dist/sandbox-pledge.c
crypto/external/bsd/openssh/dist/sc25519.h
crypto/external/bsd/openssh/dist/scp.1
crypto/external/bsd/openssh/dist/scp.c
crypto/external/bsd/openssh/dist/servconf.c
crypto/external/bsd/openssh/dist/servconf.h
crypto/external/bsd/openssh/dist/serverloop.c
crypto/external/bsd/openssh/dist/session.c
crypto/external/bsd/openssh/dist/sftp-client.c
crypto/external/bsd/openssh/dist/sftp.1
crypto/external/bsd/openssh/dist/sftp.c
crypto/external/bsd/openssh/dist/ssh-add.c
crypto/external/bsd/openssh/dist/ssh-agent.c
crypto/external/bsd/openssh/dist/ssh-dss.c
crypto/external/bsd/openssh/dist/ssh-ecdsa.c
crypto/external/bsd/openssh/dist/ssh-keygen.1
crypto/external/bsd/openssh/dist/ssh-keygen.c
crypto/external/bsd/openssh/dist/ssh-keyscan.1
crypto/external/bsd/openssh/dist/ssh-keyscan.c
crypto/external/bsd/openssh/dist/ssh-keysign.c
crypto/external/bsd/openssh/dist/ssh-pkcs11-client.c
crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c
crypto/external/bsd/openssh/dist/ssh-pkcs11.c
crypto/external/bsd/openssh/dist/ssh-rsa.c
crypto/external/bsd/openssh/dist/ssh-sandbox.h
crypto/external/bsd/openssh/dist/ssh.1
crypto/external/bsd/openssh/dist/ssh.c
crypto/external/bsd/openssh/dist/ssh_config.5
crypto/external/bsd/openssh/dist/sshbuf.h
crypto/external/bsd/openssh/dist/sshconnect.c
crypto/external/bsd/openssh/dist/sshconnect.h
crypto/external/bsd/openssh/dist/sshconnect2.c
crypto/external/bsd/openssh/dist/sshd.8
crypto/external/bsd/openssh/dist/sshd.c
crypto/external/bsd/openssh/dist/sshd_config
crypto/external/bsd/openssh/dist/sshd_config.5
crypto/external/bsd/openssh/dist/ssherr.h
crypto/external/bsd/openssh/dist/sshkey.c
crypto/external/bsd/openssh/dist/sshkey.h
crypto/external/bsd/openssh/dist/ttymodes.c
crypto/external/bsd/openssh/dist/umac.c
crypto/external/bsd/openssh/dist/umac128.c
crypto/external/bsd/openssh/dist/utf8.h
crypto/external/bsd/openssh/dist/version.h
crypto/external/bsd/openssh/lib/Makefile
crypto/external/bsd/openssh/lib/shlib_version
crypto/external/bsd/openssl.old/mkpc
crypto/external/bsd/openssl/dist/.travis.yml
crypto/external/bsd/openssl/dist/CHANGES
crypto/external/bsd/openssl/dist/Configurations/10-main.conf
crypto/external/bsd/openssl/dist/Configurations/README
crypto/external/bsd/openssl/dist/Configurations/common.tmpl
crypto/external/bsd/openssl/dist/Configurations/descrip.mms.tmpl
crypto/external/bsd/openssl/dist/Configurations/unix-Makefile.tmpl
crypto/external/bsd/openssl/dist/Configurations/windows-makefile.tmpl
crypto/external/bsd/openssl/dist/Configure
crypto/external/bsd/openssl/dist/LICENSE
crypto/external/bsd/openssl/dist/NEWS
crypto/external/bsd/openssl/dist/README
crypto/external/bsd/openssl/dist/apps/CA.pl.in
crypto/external/bsd/openssl/dist/apps/app_rand.c
crypto/external/bsd/openssl/dist/apps/apps.c
crypto/external/bsd/openssl/dist/apps/apps.h
crypto/external/bsd/openssl/dist/apps/ca.c
crypto/external/bsd/openssl/dist/apps/ciphers.c
crypto/external/bsd/openssl/dist/apps/cms.c
crypto/external/bsd/openssl/dist/apps/dhparam.c
crypto/external/bsd/openssl/dist/apps/dsa.c
crypto/external/bsd/openssl/dist/apps/dsaparam.c
crypto/external/bsd/openssl/dist/apps/ecparam.c
crypto/external/bsd/openssl/dist/apps/enc.c
crypto/external/bsd/openssl/dist/apps/errstr.c
crypto/external/bsd/openssl/dist/apps/genrsa.c
crypto/external/bsd/openssl/dist/apps/ocsp.c
crypto/external/bsd/openssl/dist/apps/openssl.c
crypto/external/bsd/openssl/dist/apps/opt.c
crypto/external/bsd/openssl/dist/apps/passwd.c
crypto/external/bsd/openssl/dist/apps/pkcs12.c
crypto/external/bsd/openssl/dist/apps/pkcs8.c
crypto/external/bsd/openssl/dist/apps/pkeyutl.c
crypto/external/bsd/openssl/dist/apps/prime.c
crypto/external/bsd/openssl/dist/apps/progs.pl
crypto/external/bsd/openssl/dist/apps/rand.c
crypto/external/bsd/openssl/dist/apps/req.c
crypto/external/bsd/openssl/dist/apps/s_client.c
crypto/external/bsd/openssl/dist/apps/s_server.c
crypto/external/bsd/openssl/dist/apps/s_socket.c
crypto/external/bsd/openssl/dist/apps/s_time.c
crypto/external/bsd/openssl/dist/apps/speed.c
crypto/external/bsd/openssl/dist/apps/srp.c
crypto/external/bsd/openssl/dist/apps/version.c
crypto/external/bsd/openssl/dist/apps/vms_term_sock.c
crypto/external/bsd/openssl/dist/apps/x509.c
crypto/external/bsd/openssl/dist/config.com
crypto/external/bsd/openssl/dist/crypto/aes/asm/aes-armv4.pl
crypto/external/bsd/openssl/dist/crypto/aes/asm/bsaes-armv7.pl
crypto/external/bsd/openssl/dist/crypto/asn1/a_i2d_fp.c
crypto/external/bsd/openssl/dist/crypto/asn1/a_mbstr.c
crypto/external/bsd/openssl/dist/crypto/asn1/a_object.c
crypto/external/bsd/openssl/dist/crypto/asn1/a_strex.c
crypto/external/bsd/openssl/dist/crypto/asn1/ameth_lib.c
crypto/external/bsd/openssl/dist/crypto/asn1/asn1_err.c
crypto/external/bsd/openssl/dist/crypto/asn1/asn1_par.c
crypto/external/bsd/openssl/dist/crypto/asn1/asn_mime.c
crypto/external/bsd/openssl/dist/crypto/asn1/bio_asn1.c
crypto/external/bsd/openssl/dist/crypto/asn1/tasn_dec.c
crypto/external/bsd/openssl/dist/crypto/asn1/tasn_prn.c
crypto/external/bsd/openssl/dist/crypto/async/arch/async_posix.h
crypto/external/bsd/openssl/dist/crypto/async/async.c
crypto/external/bsd/openssl/dist/crypto/async/async_wait.c
crypto/external/bsd/openssl/dist/crypto/bio/b_addr.c
crypto/external/bsd/openssl/dist/crypto/bio/b_dump.c
crypto/external/bsd/openssl/dist/crypto/bio/b_print.c
crypto/external/bsd/openssl/dist/crypto/bio/b_sock2.c
crypto/external/bsd/openssl/dist/crypto/bio/bf_buff.c
crypto/external/bsd/openssl/dist/crypto/bio/bf_lbuf.c
crypto/external/bsd/openssl/dist/crypto/bio/bf_nbio.c
crypto/external/bsd/openssl/dist/crypto/bio/bf_null.c
crypto/external/bsd/openssl/dist/crypto/bio/bio_cb.c
crypto/external/bsd/openssl/dist/crypto/bio/bio_err.c
crypto/external/bsd/openssl/dist/crypto/bio/bio_lib.c
crypto/external/bsd/openssl/dist/crypto/bio/bio_meth.c
crypto/external/bsd/openssl/dist/crypto/bio/bss_acpt.c
crypto/external/bsd/openssl/dist/crypto/bio/bss_conn.c
crypto/external/bsd/openssl/dist/crypto/bio/bss_dgram.c
crypto/external/bsd/openssl/dist/crypto/bio/bss_fd.c
crypto/external/bsd/openssl/dist/crypto/bio/bss_file.c
crypto/external/bsd/openssl/dist/crypto/bio/bss_log.c
crypto/external/bsd/openssl/dist/crypto/bio/bss_mem.c
crypto/external/bsd/openssl/dist/crypto/bio/bss_null.c
crypto/external/bsd/openssl/dist/crypto/bio/bss_sock.c
crypto/external/bsd/openssl/dist/crypto/bn/asm/rsaz-avx2.pl
crypto/external/bsd/openssl/dist/crypto/bn/asm/x86_64-gcc.c
crypto/external/bsd/openssl/dist/crypto/bn/bn_add.c
crypto/external/bsd/openssl/dist/crypto/bn/bn_exp.c
crypto/external/bsd/openssl/dist/crypto/bn/bn_lib.c
crypto/external/bsd/openssl/dist/crypto/bn/bn_mont.c
crypto/external/bsd/openssl/dist/crypto/bn/bn_print.c
crypto/external/bsd/openssl/dist/crypto/cms/cms_sd.c
crypto/external/bsd/openssl/dist/crypto/comp/c_zlib.c
crypto/external/bsd/openssl/dist/crypto/conf/conf_def.c
crypto/external/bsd/openssl/dist/crypto/conf/conf_mod.c
crypto/external/bsd/openssl/dist/crypto/cryptlib.c
crypto/external/bsd/openssl/dist/crypto/des/ecb_enc.c
crypto/external/bsd/openssl/dist/crypto/des/fcrypt.c
crypto/external/bsd/openssl/dist/crypto/des/set_key.c
crypto/external/bsd/openssl/dist/crypto/dsa/dsa_ameth.c
crypto/external/bsd/openssl/dist/crypto/ec/ec_mult.c
crypto/external/bsd/openssl/dist/crypto/ec/ecp_nistp224.c
crypto/external/bsd/openssl/dist/crypto/ec/ecp_nistp256.c
crypto/external/bsd/openssl/dist/crypto/ec/ecp_nistp521.c
crypto/external/bsd/openssl/dist/crypto/ec/ecp_smpl.c
crypto/external/bsd/openssl/dist/crypto/engine/eng_cryptodev.c
crypto/external/bsd/openssl/dist/crypto/engine/eng_fat.c
crypto/external/bsd/openssl/dist/crypto/engine/eng_table.c
crypto/external/bsd/openssl/dist/crypto/err/err.c
crypto/external/bsd/openssl/dist/crypto/err/err_prn.c
crypto/external/bsd/openssl/dist/crypto/evp/bio_b64.c
crypto/external/bsd/openssl/dist/crypto/evp/bio_enc.c
crypto/external/bsd/openssl/dist/crypto/evp/bio_md.c
crypto/external/bsd/openssl/dist/crypto/evp/bio_ok.c
crypto/external/bsd/openssl/dist/crypto/evp/e_aes.c
crypto/external/bsd/openssl/dist/crypto/evp/e_camellia.c
crypto/external/bsd/openssl/dist/crypto/evp/evp_enc.c
crypto/external/bsd/openssl/dist/crypto/evp/evp_err.c
crypto/external/bsd/openssl/dist/crypto/evp/evp_pbe.c
crypto/external/bsd/openssl/dist/crypto/evp/m_sha1.c
crypto/external/bsd/openssl/dist/crypto/evp/p5_crpt2.c
crypto/external/bsd/openssl/dist/crypto/include/internal/evp_int.h
crypto/external/bsd/openssl/dist/crypto/init.c
crypto/external/bsd/openssl/dist/crypto/lhash/lhash.c
crypto/external/bsd/openssl/dist/crypto/mem.c
crypto/external/bsd/openssl/dist/crypto/mem_dbg.c
crypto/external/bsd/openssl/dist/crypto/mem_sec.c
crypto/external/bsd/openssl/dist/crypto/objects/obj_dat.c
crypto/external/bsd/openssl/dist/crypto/ocsp/ocsp_lcl.h
crypto/external/bsd/openssl/dist/crypto/ocsp/ocsp_vfy.c
crypto/external/bsd/openssl/dist/crypto/pariscid.pl
crypto/external/bsd/openssl/dist/crypto/pem/pem_info.c
crypto/external/bsd/openssl/dist/crypto/pem/pem_lib.c
crypto/external/bsd/openssl/dist/crypto/pem/pvkfmt.c
crypto/external/bsd/openssl/dist/crypto/pkcs7/pk7_doit.c
crypto/external/bsd/openssl/dist/crypto/rand/md_rand.c
crypto/external/bsd/openssl/dist/crypto/rand/rand_egd.c
crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c
crypto/external/bsd/openssl/dist/crypto/rc4/asm/rc4-c64xplus.pl
crypto/external/bsd/openssl/dist/crypto/rc4/build.info
crypto/external/bsd/openssl/dist/crypto/rsa/rsa_ameth.c
crypto/external/bsd/openssl/dist/crypto/rsa/rsa_gen.c
crypto/external/bsd/openssl/dist/crypto/rsa/rsa_pss.c
crypto/external/bsd/openssl/dist/crypto/x509/t_x509.c
crypto/external/bsd/openssl/dist/crypto/x509/x509_v3.c
crypto/external/bsd/openssl/dist/crypto/x509v3/v3_alt.c
crypto/external/bsd/openssl/dist/crypto/x509v3/v3_conf.c
crypto/external/bsd/openssl/dist/crypto/x509v3/v3_info.c
crypto/external/bsd/openssl/dist/crypto/x509v3/v3_lib.c
crypto/external/bsd/openssl/dist/crypto/x509v3/v3_purp.c
crypto/external/bsd/openssl/dist/crypto/x509v3/v3_utl.c
crypto/external/bsd/openssl/dist/crypto/x509v3/v3err.c
crypto/external/bsd/openssl/dist/demos/bio/cmod.cnf
crypto/external/bsd/openssl/dist/doc/apps/ca.pod
crypto/external/bsd/openssl/dist/doc/apps/cms.pod
crypto/external/bsd/openssl/dist/doc/apps/ecparam.pod
crypto/external/bsd/openssl/dist/doc/apps/engine.pod
crypto/external/bsd/openssl/dist/doc/apps/openssl.pod
crypto/external/bsd/openssl/dist/doc/apps/x509.pod
crypto/external/bsd/openssl/dist/doc/apps/x509v3_config.pod
crypto/external/bsd/openssl/dist/doc/crypto/ASN1_STRING_length.pod
crypto/external/bsd/openssl/dist/doc/crypto/BIO_ctrl.pod
crypto/external/bsd/openssl/dist/doc/crypto/BIO_meth_new.pod
crypto/external/bsd/openssl/dist/doc/crypto/BIO_s_mem.pod
crypto/external/bsd/openssl/dist/doc/crypto/BIO_set_callback.pod
crypto/external/bsd/openssl/dist/doc/crypto/BN_zero.pod
crypto/external/bsd/openssl/dist/doc/crypto/EC_POINT_new.pod
crypto/external/bsd/openssl/dist/doc/crypto/ENGINE_add.pod
crypto/external/bsd/openssl/dist/doc/crypto/EVP_CIPHER_meth_new.pod
crypto/external/bsd/openssl/dist/doc/crypto/EVP_EncryptInit.pod
crypto/external/bsd/openssl/dist/doc/crypto/EVP_MD_meth_new.pod
crypto/external/bsd/openssl/dist/doc/crypto/EVP_SignInit.pod
crypto/external/bsd/openssl/dist/doc/crypto/EVP_VerifyInit.pod
crypto/external/bsd/openssl/dist/doc/crypto/OCSP_resp_find_status.pod
crypto/external/bsd/openssl/dist/doc/crypto/OPENSSL_VERSION_NUMBER.pod
crypto/external/bsd/openssl/dist/doc/crypto/PKCS7_sign.pod
crypto/external/bsd/openssl/dist/doc/crypto/PKCS7_sign_add_signer.pod
crypto/external/bsd/openssl/dist/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
crypto/external/bsd/openssl/dist/doc/crypto/X509_get0_notBefore.pod
crypto/external/bsd/openssl/dist/doc/crypto/X509_get_extension_flags.pod
crypto/external/bsd/openssl/dist/doc/crypto/d2i_X509.pod
crypto/external/bsd/openssl/dist/doc/openssl-c-indent.el
crypto/external/bsd/openssl/dist/doc/ssl/SSL_CONF_cmd.pod
crypto/external/bsd/openssl/dist/doc/ssl/SSL_CTX_config.pod
crypto/external/bsd/openssl/dist/doc/ssl/SSL_CTX_dane_enable.pod
crypto/external/bsd/openssl/dist/doc/ssl/SSL_CTX_set_options.pod
crypto/external/bsd/openssl/dist/doc/ssl/ssl.pod
crypto/external/bsd/openssl/dist/engines/afalg/e_afalg.c
crypto/external/bsd/openssl/dist/engines/e_dasync.c
crypto/external/bsd/openssl/dist/include/internal/bio.h
crypto/external/bsd/openssl/dist/include/openssl/asn1.h
crypto/external/bsd/openssl/dist/include/openssl/bio.h
crypto/external/bsd/openssl/dist/include/openssl/e_os2.h
crypto/external/bsd/openssl/dist/include/openssl/evp.h
crypto/external/bsd/openssl/dist/include/openssl/ocsp.h
crypto/external/bsd/openssl/dist/include/openssl/opensslconf.h.in
crypto/external/bsd/openssl/dist/include/openssl/opensslv.h
crypto/external/bsd/openssl/dist/include/openssl/ssl.h
crypto/external/bsd/openssl/dist/include/openssl/x509v3.h
crypto/external/bsd/openssl/dist/ssl/bio_ssl.c
crypto/external/bsd/openssl/dist/ssl/record/rec_layer_d1.c
crypto/external/bsd/openssl/dist/ssl/record/rec_layer_s3.c
crypto/external/bsd/openssl/dist/ssl/record/ssl3_record.c
crypto/external/bsd/openssl/dist/ssl/s3_lib.c
crypto/external/bsd/openssl/dist/ssl/s3_msg.c
crypto/external/bsd/openssl/dist/ssl/ssl_cert.c
crypto/external/bsd/openssl/dist/ssl/ssl_ciph.c
crypto/external/bsd/openssl/dist/ssl/ssl_conf.c
crypto/external/bsd/openssl/dist/ssl/ssl_err.c
crypto/external/bsd/openssl/dist/ssl/ssl_init.c
crypto/external/bsd/openssl/dist/ssl/ssl_lib.c
crypto/external/bsd/openssl/dist/ssl/ssl_locl.h
crypto/external/bsd/openssl/dist/ssl/ssl_sess.c
crypto/external/bsd/openssl/dist/ssl/statem/statem.c
crypto/external/bsd/openssl/dist/ssl/statem/statem_clnt.c
crypto/external/bsd/openssl/dist/ssl/statem/statem_dtls.c
crypto/external/bsd/openssl/dist/ssl/statem/statem_lib.c
crypto/external/bsd/openssl/dist/ssl/statem/statem_locl.h
crypto/external/bsd/openssl/dist/ssl/t1_lib.c
crypto/external/bsd/openssl/dist/ssl/t1_trce.c
crypto/external/bsd/openssl/dist/test/asynciotest.c
crypto/external/bsd/openssl/dist/test/bad_dtls_test.c
crypto/external/bsd/openssl/dist/test/bftest.c
crypto/external/bsd/openssl/dist/test/bntest.c
crypto/external/bsd/openssl/dist/test/build.info
crypto/external/bsd/openssl/dist/test/clienthellotest.c
crypto/external/bsd/openssl/dist/test/d2i_test.c
crypto/external/bsd/openssl/dist/test/dhtest.c
crypto/external/bsd/openssl/dist/test/dsatest.c
crypto/external/bsd/openssl/dist/test/dtlstest.c
crypto/external/bsd/openssl/dist/test/ectest.c
crypto/external/bsd/openssl/dist/test/exptest.c
crypto/external/bsd/openssl/dist/test/fatalerrtest.c
crypto/external/bsd/openssl/dist/test/generate_ssl_tests.pl
crypto/external/bsd/openssl/dist/test/handshake_helper.c
crypto/external/bsd/openssl/dist/test/igetest.c
crypto/external/bsd/openssl/dist/test/ocspapitest.c
crypto/external/bsd/openssl/dist/test/recipes/04-test_pem.t
crypto/external/bsd/openssl/dist/test/recipes/40-test_rehash.t
crypto/external/bsd/openssl/dist/test/recipes/70-test_sslcbcpadding.t
crypto/external/bsd/openssl/dist/test/recipes/70-test_sslcertstatus.t
crypto/external/bsd/openssl/dist/test/recipes/70-test_sslextension.t
crypto/external/bsd/openssl/dist/test/recipes/70-test_sslmessages.t
crypto/external/bsd/openssl/dist/test/recipes/70-test_sslrecords.t
crypto/external/bsd/openssl/dist/test/recipes/70-test_sslsessiontick.t
crypto/external/bsd/openssl/dist/test/recipes/70-test_sslskewith0p.t
crypto/external/bsd/openssl/dist/test/recipes/70-test_sslvertol.t
crypto/external/bsd/openssl/dist/test/recipes/70-test_tlsextms.t
crypto/external/bsd/openssl/dist/test/recipes/80-test_ocsp.t
crypto/external/bsd/openssl/dist/test/recipes/80-test_ocsp_data/cert.pem
crypto/external/bsd/openssl/dist/test/recipes/80-test_ocsp_data/key.pem
crypto/external/bsd/openssl/dist/test/recipes/80-test_pkcs12.t
crypto/external/bsd/openssl/dist/test/recipes/80-test_ssl_new.t
crypto/external/bsd/openssl/dist/test/recipes/80-test_ssl_old.t
crypto/external/bsd/openssl/dist/test/recipes/90-test_fatalerr.t
crypto/external/bsd/openssl/dist/test/recipes/tconversion.pl
crypto/external/bsd/openssl/dist/test/rsa_test.c
crypto/external/bsd/openssl/dist/test/run_tests.pl
crypto/external/bsd/openssl/dist/test/sanitytest.c
crypto/external/bsd/openssl/dist/test/shlibloadtest.c
crypto/external/bsd/openssl/dist/test/ssl-tests/06-sni-ticket.conf.in
crypto/external/bsd/openssl/dist/test/ssl-tests/08-npn.conf.in
crypto/external/bsd/openssl/dist/test/ssl-tests/09-alpn.conf.in
crypto/external/bsd/openssl/dist/test/ssl-tests/12-ct.conf.in
crypto/external/bsd/openssl/dist/test/ssl-tests/13-fragmentation.conf.in
crypto/external/bsd/openssl/dist/test/ssl-tests/17-renegotiate.conf
crypto/external/bsd/openssl/dist/test/ssl-tests/17-renegotiate.conf.in
crypto/external/bsd/openssl/dist/test/ssl_test.c
crypto/external/bsd/openssl/dist/test/sslapitest.c
crypto/external/bsd/openssl/dist/test/sslcorrupttest.c
crypto/external/bsd/openssl/dist/test/ssltest_old.c
crypto/external/bsd/openssl/dist/test/ssltestlib.c
crypto/external/bsd/openssl/dist/test/ssltestlib.h
crypto/external/bsd/openssl/dist/test/testlib/OpenSSL/Test.pm
crypto/external/bsd/openssl/dist/test/testlib/OpenSSL/Test/Simple.pm
crypto/external/bsd/openssl/dist/test/testlib/OpenSSL/Test/Utils.pm
crypto/external/bsd/openssl/dist/util/TLSProxy/ClientHello.pm
crypto/external/bsd/openssl/dist/util/TLSProxy/Message.pm
crypto/external/bsd/openssl/dist/util/TLSProxy/NewSessionTicket.pm
crypto/external/bsd/openssl/dist/util/TLSProxy/Proxy.pm
crypto/external/bsd/openssl/dist/util/TLSProxy/Record.pm
crypto/external/bsd/openssl/dist/util/TLSProxy/ServerHello.pm
crypto/external/bsd/openssl/dist/util/TLSProxy/ServerKeyExchange.pm
crypto/external/bsd/openssl/dist/util/copy.pl
crypto/external/bsd/openssl/dist/util/dofile.pl
crypto/external/bsd/openssl/dist/util/indent.pro
crypto/external/bsd/openssl/dist/util/libcrypto.num
crypto/external/bsd/openssl/dist/util/mkdef.pl
crypto/external/bsd/openssl/dist/util/perl/OpenSSL/Glob.pm
crypto/external/bsd/openssl/dist/util/perl/OpenSSL/Test.pm
crypto/external/bsd/openssl/dist/util/perl/OpenSSL/Test/Simple.pm
crypto/external/bsd/openssl/dist/util/perl/OpenSSL/Test/Utils.pm
crypto/external/bsd/openssl/dist/util/perl/TLSProxy/ClientHello.pm
crypto/external/bsd/openssl/dist/util/perl/TLSProxy/Message.pm
crypto/external/bsd/openssl/dist/util/perl/TLSProxy/NewSessionTicket.pm
crypto/external/bsd/openssl/dist/util/perl/TLSProxy/Proxy.pm
crypto/external/bsd/openssl/dist/util/perl/TLSProxy/Record.pm
crypto/external/bsd/openssl/dist/util/perl/TLSProxy/ServerHello.pm
crypto/external/bsd/openssl/dist/util/perl/TLSProxy/ServerKeyExchange.pm
crypto/external/bsd/openssl/dist/util/perl/with_fallback.pm
crypto/external/bsd/openssl/dist/util/process_docs.pl
crypto/external/bsd/openssl/dist/util/shlib_wrap.sh.in
crypto/external/bsd/openssl/dist/util/with_fallback.pm
crypto/external/bsd/openssl/lib/libcrypto/Makefile
crypto/external/bsd/openssl/lib/libcrypto/libc-sha512.c
crypto/external/bsd/openssl/lib/libcrypto/sha.inc
crypto/external/bsd/openssl/mkpc
distrib/evbarm/Makefile
distrib/evbarm/instkernel/ramdisk/Makefile
distrib/evbarm64/ramdisk/Makefile
distrib/evbarm64/ramdisk/dot.profile
distrib/evbarm64/ramdisk/list
distrib/sets/lists/base/ad.aarch64
distrib/sets/lists/base/shl.mi
distrib/sets/lists/comp/ad.aarch64
distrib/sets/lists/comp/mi
distrib/sets/lists/debug/ad.aarch64
distrib/sets/lists/debug/mi
distrib/sets/lists/debug/shl.mi
distrib/sets/lists/tests/mi
distrib/utils/embedded/conf/arm64.conf
distrib/utils/embedded/files/arm64_extlinux.conf
doc/3RDPARTY
doc/CHANGES
etc/Makefile
etc/etc.evbarm/Makefile.inc
etc/rc.d/sshd
etc/rc.subr
external/bsd/dhcpcd/dist/configure
external/bsd/dhcpcd/dist/src/defs.h
external/bsd/dhcpcd/dist/src/dev/udev.c
external/bsd/dhcpcd/dist/src/dhcp6.c
external/bsd/dhcpcd/dist/src/dhcpcd.c
external/bsd/dhcpcd/dist/src/if-options.c
external/bsd/dhcpcd/dist/src/if-options.h
external/bsd/dhcpcd/dist/src/if.c
external/bsd/dhcpcd/dist/src/ipv4.c
external/bsd/dhcpcd/dist/src/route.c
external/bsd/dhcpcd/dist/src/route.h
external/bsd/ntp/dist/ChangeLog
external/bsd/ntp/dist/Makefile.am
external/bsd/ntp/dist/Makefile.in
external/bsd/ntp/dist/NEWS
external/bsd/ntp/dist/aclocal.m4
external/bsd/ntp/dist/adjtimed/Makefile.in
external/bsd/ntp/dist/clockstuff/Makefile.in
external/bsd/ntp/dist/configure
external/bsd/ntp/dist/configure.ac
external/bsd/ntp/dist/html/access.html
external/bsd/ntp/dist/html/accopt.html
external/bsd/ntp/dist/html/authentic.html
external/bsd/ntp/dist/html/drivers/driver18.html
external/bsd/ntp/dist/html/drivers/driver40-ja.html
external/bsd/ntp/dist/html/drivers/driver40.html
external/bsd/ntp/dist/html/keygen.html
external/bsd/ntp/dist/html/miscopt.html
external/bsd/ntp/dist/html/monopt.html
external/bsd/ntp/dist/html/ntpq.html
external/bsd/ntp/dist/include/Makefile.in
external/bsd/ntp/dist/include/isc/Makefile.in
external/bsd/ntp/dist/include/ntp.h
external/bsd/ntp/dist/include/ntp_calendar.h
external/bsd/ntp/dist/include/ntp_config.h
external/bsd/ntp/dist/include/ntp_fp.h
external/bsd/ntp/dist/include/ntp_keyacc.h
external/bsd/ntp/dist/include/ntp_request.h
external/bsd/ntp/dist/include/ntp_stdlib.h
external/bsd/ntp/dist/include/ntpd.h
external/bsd/ntp/dist/include/recvbuff.h
external/bsd/ntp/dist/include/ssl_applink.c
external/bsd/ntp/dist/kernel/Makefile.in
external/bsd/ntp/dist/kernel/sys/Makefile.in
external/bsd/ntp/dist/libntp/Makefile.in
external/bsd/ntp/dist/libntp/a_md5encrypt.c
external/bsd/ntp/dist/libntp/adjtime.c
external/bsd/ntp/dist/libntp/authkeys.c
external/bsd/ntp/dist/libntp/authreadkeys.c
external/bsd/ntp/dist/libntp/libssl_compat.c
external/bsd/ntp/dist/libntp/ntp_calendar.c
external/bsd/ntp/dist/libntp/ssl_init.c
external/bsd/ntp/dist/libntp/statestr.c
external/bsd/ntp/dist/libntp/systime.c
external/bsd/ntp/dist/libntp/work_thread.c
external/bsd/ntp/dist/libparse/Makefile.in
external/bsd/ntp/dist/ntpd/Makefile.in
external/bsd/ntp/dist/ntpd/complete.conf.in
external/bsd/ntp/dist/ntpd/invoke-ntp.conf.texi
external/bsd/ntp/dist/ntpd/invoke-ntp.keys.texi
external/bsd/ntp/dist/ntpd/invoke-ntpd.texi
external/bsd/ntp/dist/ntpd/keyword-gen-utd
external/bsd/ntp/dist/ntpd/keyword-gen.c
external/bsd/ntp/dist/ntpd/ntp.conf.5man
external/bsd/ntp/dist/ntpd/ntp.conf.5mdoc
external/bsd/ntp/dist/ntpd/ntp.conf.def
external/bsd/ntp/dist/ntpd/ntp.conf.html
external/bsd/ntp/dist/ntpd/ntp.conf.man.in
external/bsd/ntp/dist/ntpd/ntp.conf.mdoc.in
external/bsd/ntp/dist/ntpd/ntp.keys.5man
external/bsd/ntp/dist/ntpd/ntp.keys.5mdoc
external/bsd/ntp/dist/ntpd/ntp.keys.def
external/bsd/ntp/dist/ntpd/ntp.keys.html
external/bsd/ntp/dist/ntpd/ntp.keys.man.in
external/bsd/ntp/dist/ntpd/ntp.keys.mdoc.in
external/bsd/ntp/dist/ntpd/ntp_config.c
external/bsd/ntp/dist/ntpd/ntp_control.c
external/bsd/ntp/dist/ntpd/ntp_crypto.c
external/bsd/ntp/dist/ntpd/ntp_io.c
external/bsd/ntp/dist/ntpd/ntp_keyword.h
external/bsd/ntp/dist/ntpd/ntp_leapsec.c
external/bsd/ntp/dist/ntpd/ntp_parser.y
external/bsd/ntp/dist/ntpd/ntp_peer.c
external/bsd/ntp/dist/ntpd/ntp_proto.c
external/bsd/ntp/dist/ntpd/ntp_refclock.c
external/bsd/ntp/dist/ntpd/ntp_request.c
external/bsd/ntp/dist/ntpd/ntp_restrict.c
external/bsd/ntp/dist/ntpd/ntp_scanner.c
external/bsd/ntp/dist/ntpd/ntp_util.c
external/bsd/ntp/dist/ntpd/ntpd-opts.c
external/bsd/ntp/dist/ntpd/ntpd-opts.h
external/bsd/ntp/dist/ntpd/ntpd.1ntpdman
external/bsd/ntp/dist/ntpd/ntpd.1ntpdmdoc
external/bsd/ntp/dist/ntpd/ntpd.c
external/bsd/ntp/dist/ntpd/ntpd.html
external/bsd/ntp/dist/ntpd/ntpd.man.in
external/bsd/ntp/dist/ntpd/ntpd.mdoc.in
external/bsd/ntp/dist/ntpd/ntpsim.c
external/bsd/ntp/dist/ntpd/refclock_gpsdjson.c
external/bsd/ntp/dist/ntpd/refclock_jjy.c
external/bsd/ntp/dist/ntpd/refclock_palisade.c
external/bsd/ntp/dist/ntpd/refclock_parse.c
external/bsd/ntp/dist/ntpdate/Makefile.in
external/bsd/ntp/dist/ntpdc/Makefile.in
external/bsd/ntp/dist/ntpdc/invoke-ntpdc.texi
external/bsd/ntp/dist/ntpdc/layout.std
external/bsd/ntp/dist/ntpdc/ntpdc-opts.c
external/bsd/ntp/dist/ntpdc/ntpdc-opts.h
external/bsd/ntp/dist/ntpdc/ntpdc.1ntpdcman
external/bsd/ntp/dist/ntpdc/ntpdc.1ntpdcmdoc
external/bsd/ntp/dist/ntpdc/ntpdc.c
external/bsd/ntp/dist/ntpdc/ntpdc.html
external/bsd/ntp/dist/ntpdc/ntpdc.man.in
external/bsd/ntp/dist/ntpdc/ntpdc.mdoc.in
external/bsd/ntp/dist/ntpdc/ntpdc_ops.c
external/bsd/ntp/dist/ntpq/Makefile.am
external/bsd/ntp/dist/ntpq/Makefile.in
external/bsd/ntp/dist/ntpq/invoke-ntpq.texi
external/bsd/ntp/dist/ntpq/ntpq-opts.c
external/bsd/ntp/dist/ntpq/ntpq-opts.def
external/bsd/ntp/dist/ntpq/ntpq-opts.h
external/bsd/ntp/dist/ntpq/ntpq-subs.c
external/bsd/ntp/dist/ntpq/ntpq.1ntpqman
external/bsd/ntp/dist/ntpq/ntpq.1ntpqmdoc
external/bsd/ntp/dist/ntpq/ntpq.c
external/bsd/ntp/dist/ntpq/ntpq.html
external/bsd/ntp/dist/ntpq/ntpq.man.in
external/bsd/ntp/dist/ntpq/ntpq.mdoc.in
external/bsd/ntp/dist/ntpq/ntpq.texi
external/bsd/ntp/dist/ntpsnmpd/Makefile.in
external/bsd/ntp/dist/ntpsnmpd/invoke-ntpsnmpd.texi
external/bsd/ntp/dist/ntpsnmpd/netsnmp_daemonize.c
external/bsd/ntp/dist/ntpsnmpd/ntpsnmpd-opts.c
external/bsd/ntp/dist/ntpsnmpd/ntpsnmpd-opts.h
external/bsd/ntp/dist/ntpsnmpd/ntpsnmpd.1ntpsnmpdman
external/bsd/ntp/dist/ntpsnmpd/ntpsnmpd.1ntpsnmpdmdoc
external/bsd/ntp/dist/ntpsnmpd/ntpsnmpd.html
external/bsd/ntp/dist/ntpsnmpd/ntpsnmpd.man.in
external/bsd/ntp/dist/ntpsnmpd/ntpsnmpd.mdoc.in
external/bsd/ntp/dist/packageinfo.sh
external/bsd/ntp/dist/parseutil/Makefile.in
external/bsd/ntp/dist/scripts/Makefile.in
external/bsd/ntp/dist/scripts/build/Makefile.in
external/bsd/ntp/dist/scripts/build/UpdatePoint
external/bsd/ntp/dist/scripts/calc_tickadj/Makefile.in
external/bsd/ntp/dist/scripts/calc_tickadj/calc_tickadj.1calc_tickadjman
external/bsd/ntp/dist/scripts/calc_tickadj/calc_tickadj.1calc_tickadjmdoc
external/bsd/ntp/dist/scripts/calc_tickadj/calc_tickadj.html
external/bsd/ntp/dist/scripts/calc_tickadj/calc_tickadj.man.in
external/bsd/ntp/dist/scripts/calc_tickadj/calc_tickadj.mdoc.in
external/bsd/ntp/dist/scripts/calc_tickadj/invoke-calc_tickadj.texi
external/bsd/ntp/dist/scripts/invoke-plot_summary.texi
external/bsd/ntp/dist/scripts/invoke-summary.texi
external/bsd/ntp/dist/scripts/lib/Makefile.in
external/bsd/ntp/dist/scripts/ntp-wait/Makefile.in
external/bsd/ntp/dist/scripts/ntp-wait/invoke-ntp-wait.texi
external/bsd/ntp/dist/scripts/ntp-wait/ntp-wait-opts
external/bsd/ntp/dist/scripts/ntp-wait/ntp-wait.1ntp-waitman
external/bsd/ntp/dist/scripts/ntp-wait/ntp-wait.1ntp-waitmdoc
external/bsd/ntp/dist/scripts/ntp-wait/ntp-wait.html
external/bsd/ntp/dist/scripts/ntp-wait/ntp-wait.man.in
external/bsd/ntp/dist/scripts/ntp-wait/ntp-wait.mdoc.in
external/bsd/ntp/dist/scripts/ntpsweep/Makefile.in
external/bsd/ntp/dist/scripts/ntpsweep/invoke-ntpsweep.texi
external/bsd/ntp/dist/scripts/ntpsweep/ntpsweep-opts
external/bsd/ntp/dist/scripts/ntpsweep/ntpsweep.1ntpsweepman
external/bsd/ntp/dist/scripts/ntpsweep/ntpsweep.1ntpsweepmdoc
external/bsd/ntp/dist/scripts/ntpsweep/ntpsweep.html
external/bsd/ntp/dist/scripts/ntpsweep/ntpsweep.man.in
external/bsd/ntp/dist/scripts/ntpsweep/ntpsweep.mdoc.in
external/bsd/ntp/dist/scripts/ntptrace/Makefile.in
external/bsd/ntp/dist/scripts/ntptrace/invoke-ntptrace.texi
external/bsd/ntp/dist/scripts/ntptrace/ntptrace-opts
external/bsd/ntp/dist/scripts/ntptrace/ntptrace.1ntptraceman
external/bsd/ntp/dist/scripts/ntptrace/ntptrace.1ntptracemdoc
external/bsd/ntp/dist/scripts/ntptrace/ntptrace.html
external/bsd/ntp/dist/scripts/ntptrace/ntptrace.man.in
external/bsd/ntp/dist/scripts/ntptrace/ntptrace.mdoc.in
external/bsd/ntp/dist/scripts/plot_summary-opts
external/bsd/ntp/dist/scripts/plot_summary.1plot_summaryman
external/bsd/ntp/dist/scripts/plot_summary.1plot_summarymdoc
external/bsd/ntp/dist/scripts/plot_summary.html
external/bsd/ntp/dist/scripts/plot_summary.man.in
external/bsd/ntp/dist/scripts/plot_summary.mdoc.in
external/bsd/ntp/dist/scripts/summary-opts
external/bsd/ntp/dist/scripts/summary.1summaryman
external/bsd/ntp/dist/scripts/summary.1summarymdoc
external/bsd/ntp/dist/scripts/summary.html
external/bsd/ntp/dist/scripts/summary.man.in
external/bsd/ntp/dist/scripts/summary.mdoc.in
external/bsd/ntp/dist/scripts/update-leap/Makefile.in
external/bsd/ntp/dist/scripts/update-leap/invoke-update-leap.texi
external/bsd/ntp/dist/scripts/update-leap/update-leap-opts
external/bsd/ntp/dist/scripts/update-leap/update-leap.1update-leapman
external/bsd/ntp/dist/scripts/update-leap/update-leap.1update-leapmdoc
external/bsd/ntp/dist/scripts/update-leap/update-leap.html
external/bsd/ntp/dist/scripts/update-leap/update-leap.in
external/bsd/ntp/dist/scripts/update-leap/update-leap.man.in
external/bsd/ntp/dist/scripts/update-leap/update-leap.mdoc.in
external/bsd/ntp/dist/sntp/Makefile.in
external/bsd/ntp/dist/sntp/check-libntp.mf
external/bsd/ntp/dist/sntp/configure
external/bsd/ntp/dist/sntp/crypto.c
external/bsd/ntp/dist/sntp/crypto.h
external/bsd/ntp/dist/sntp/harden/linux
external/bsd/ntp/dist/sntp/include/version.def
external/bsd/ntp/dist/sntp/include/version.texi
external/bsd/ntp/dist/sntp/invoke-sntp.texi
external/bsd/ntp/dist/sntp/m4/ntp_af_unspec.m4
external/bsd/ntp/dist/sntp/m4/ntp_harden.m4
external/bsd/ntp/dist/sntp/m4/ntp_libevent.m4
external/bsd/ntp/dist/sntp/m4/ntp_openssl.m4
external/bsd/ntp/dist/sntp/m4/version.m4
external/bsd/ntp/dist/sntp/main.c
external/bsd/ntp/dist/sntp/networking.c
external/bsd/ntp/dist/sntp/sntp-opts.c
external/bsd/ntp/dist/sntp/sntp-opts.def
external/bsd/ntp/dist/sntp/sntp-opts.h
external/bsd/ntp/dist/sntp/sntp.1sntpman
external/bsd/ntp/dist/sntp/sntp.1sntpmdoc
external/bsd/ntp/dist/sntp/sntp.html
external/bsd/ntp/dist/sntp/sntp.man.in
external/bsd/ntp/dist/sntp/sntp.mdoc.in
external/bsd/ntp/dist/sntp/tests/Makefile.am
external/bsd/ntp/dist/sntp/tests/Makefile.in
external/bsd/ntp/dist/sntp/tests/crypto.c
external/bsd/ntp/dist/sntp/tests/keyFile.c
external/bsd/ntp/dist/sntp/tests/packetHandling.c
external/bsd/ntp/dist/sntp/tests/packetProcessing.c
external/bsd/ntp/dist/sntp/tests/run-crypto.c
external/bsd/ntp/dist/sntp/tests/run-keyFile.c
external/bsd/ntp/dist/sntp/tests/run-kodDatabase.c
external/bsd/ntp/dist/sntp/tests/run-kodFile.c
external/bsd/ntp/dist/sntp/tests/run-networking.c
external/bsd/ntp/dist/sntp/tests/run-packetHandling.c
external/bsd/ntp/dist/sntp/tests/run-packetProcessing.c
external/bsd/ntp/dist/sntp/tests/run-t-log.c
external/bsd/ntp/dist/sntp/tests/run-utilities.c
external/bsd/ntp/dist/sntp/tests/testconf.yml
external/bsd/ntp/dist/sntp/unity/auto/generate_test_runner.rb
external/bsd/ntp/dist/sntp/utilities.c
external/bsd/ntp/dist/sntp/version.c
external/bsd/ntp/dist/tests/Makefile.in
external/bsd/ntp/dist/tests/bug-2803/Makefile.am
external/bsd/ntp/dist/tests/bug-2803/Makefile.in
external/bsd/ntp/dist/tests/bug-2803/run-bug-2803.c
external/bsd/ntp/dist/tests/bug-2803/testconf.yml
external/bsd/ntp/dist/tests/libntp/Makefile.am
external/bsd/ntp/dist/tests/libntp/Makefile.in
external/bsd/ntp/dist/tests/libntp/a_md5encrypt.c
external/bsd/ntp/dist/tests/libntp/authkeys.c
external/bsd/ntp/dist/tests/libntp/run-a_md5encrypt.c
external/bsd/ntp/dist/tests/libntp/run-atoint.c
external/bsd/ntp/dist/tests/libntp/run-atouint.c
external/bsd/ntp/dist/tests/libntp/run-authkeys.c
external/bsd/ntp/dist/tests/libntp/run-buftvtots.c
external/bsd/ntp/dist/tests/libntp/run-calendar.c
external/bsd/ntp/dist/tests/libntp/run-caljulian.c
external/bsd/ntp/dist/tests/libntp/run-caltontp.c
external/bsd/ntp/dist/tests/libntp/run-calyearstart.c
external/bsd/ntp/dist/tests/libntp/run-clocktime.c
external/bsd/ntp/dist/tests/libntp/run-decodenetnum.c
external/bsd/ntp/dist/tests/libntp/run-hextoint.c
external/bsd/ntp/dist/tests/libntp/run-hextolfp.c
external/bsd/ntp/dist/tests/libntp/run-humandate.c
external/bsd/ntp/dist/tests/libntp/run-lfpfunc.c
external/bsd/ntp/dist/tests/libntp/run-lfptostr.c
external/bsd/ntp/dist/tests/libntp/run-modetoa.c
external/bsd/ntp/dist/tests/libntp/run-msyslog.c
external/bsd/ntp/dist/tests/libntp/run-netof.c
external/bsd/ntp/dist/tests/libntp/run-numtoa.c
external/bsd/ntp/dist/tests/libntp/run-numtohost.c
external/bsd/ntp/dist/tests/libntp/run-octtoint.c
external/bsd/ntp/dist/tests/libntp/run-prettydate.c
external/bsd/ntp/dist/tests/libntp/run-recvbuff.c
external/bsd/ntp/dist/tests/libntp/run-refidsmear.c
external/bsd/ntp/dist/tests/libntp/run-refnumtoa.c
external/bsd/ntp/dist/tests/libntp/run-sfptostr.c
external/bsd/ntp/dist/tests/libntp/run-socktoa.c
external/bsd/ntp/dist/tests/libntp/run-ssl_init.c
external/bsd/ntp/dist/tests/libntp/run-statestr.c
external/bsd/ntp/dist/tests/libntp/run-strtolfp.c
external/bsd/ntp/dist/tests/libntp/run-timespecops.c
external/bsd/ntp/dist/tests/libntp/run-timevalops.c
external/bsd/ntp/dist/tests/libntp/run-tsafememcmp.c
external/bsd/ntp/dist/tests/libntp/run-tstotv.c
external/bsd/ntp/dist/tests/libntp/run-tvtots.c
external/bsd/ntp/dist/tests/libntp/run-uglydate.c
external/bsd/ntp/dist/tests/libntp/run-vi64ops.c
external/bsd/ntp/dist/tests/libntp/run-ymd2yd.c
external/bsd/ntp/dist/tests/libntp/ssl_init.c
external/bsd/ntp/dist/tests/libntp/testconf.yml
external/bsd/ntp/dist/tests/libntp/timespecops.c
external/bsd/ntp/dist/tests/libntp/timevalops.c
external/bsd/ntp/dist/tests/ntpd/Makefile.am
external/bsd/ntp/dist/tests/ntpd/Makefile.in
external/bsd/ntp/dist/tests/ntpd/leapsec.c
external/bsd/ntp/dist/tests/ntpd/ntp_prio_q.c
external/bsd/ntp/dist/tests/ntpd/ntp_restrict.c
external/bsd/ntp/dist/tests/ntpd/rc_cmdlength.c
external/bsd/ntp/dist/tests/ntpd/run-leapsec.c
external/bsd/ntp/dist/tests/ntpd/run-ntp_prio_q.c
external/bsd/ntp/dist/tests/ntpd/run-ntp_restrict.c
external/bsd/ntp/dist/tests/ntpd/run-rc_cmdlength.c
external/bsd/ntp/dist/tests/ntpd/run-t-ntp_scanner.c
external/bsd/ntp/dist/tests/ntpd/run-t-ntp_signd.c
external/bsd/ntp/dist/tests/ntpd/t-ntp_scanner.c
external/bsd/ntp/dist/tests/ntpd/testconf.yml
external/bsd/ntp/dist/tests/ntpq/Makefile.am
external/bsd/ntp/dist/tests/ntpq/Makefile.in
external/bsd/ntp/dist/tests/ntpq/run-t-ntpq.c
external/bsd/ntp/dist/tests/ntpq/testconf.yml
external/bsd/ntp/dist/tests/sandbox/Makefile.am
external/bsd/ntp/dist/tests/sandbox/Makefile.in
external/bsd/ntp/dist/tests/sandbox/run-modetoa.c
external/bsd/ntp/dist/tests/sandbox/run-uglydate.c
external/bsd/ntp/dist/tests/sandbox/run-ut-2803.c
external/bsd/ntp/dist/tests/sandbox/testconf.yml
external/bsd/ntp/dist/tests/sec-2853/Makefile.am
external/bsd/ntp/dist/tests/sec-2853/Makefile.in
external/bsd/ntp/dist/tests/sec-2853/run-sec-2853.c
external/bsd/ntp/dist/tests/sec-2853/testconf.yml
external/bsd/ntp/dist/util/Makefile.in
external/bsd/ntp/dist/util/invoke-ntp-keygen.texi
external/bsd/ntp/dist/util/ntp-keygen-opts.c
external/bsd/ntp/dist/util/ntp-keygen-opts.def
external/bsd/ntp/dist/util/ntp-keygen-opts.h
external/bsd/ntp/dist/util/ntp-keygen.1ntp-keygenman
external/bsd/ntp/dist/util/ntp-keygen.1ntp-keygenmdoc
external/bsd/ntp/dist/util/ntp-keygen.html
external/bsd/ntp/dist/util/ntp-keygen.man.in
external/bsd/ntp/dist/util/ntp-keygen.mdoc.in
external/bsd/ntp/importdate
external/bsd/ntp/include/config.h
external/bsd/ntp/ntp2netbsd
external/gpl3/gcc/dist/gcc/config/vax/builtins.md
external/gpl3/gcc/dist/gcc/config/vax/predicates.md
external/gpl3/gcc/lib/libasan/Makefile
external/gpl3/gcc/usr.bin/backend/Makefile
external/mit/xorg/lib/libxcb/dri3/Makefile
lib/libc/Makefile
lib/libc/shlib_version
lib/libkvm/kvm_aarch64.c
lib/libutil/Makefile
lib/libutil/opendisk.3
libexec/ld.elf_so/arch/arm/Makefile.inc
libexec/ld.elf_so/arch/arm/mdreloc.c
libexec/ld.elf_so/arch/i386/Makefile.inc
libexec/ld.elf_so/arch/i386/mdreloc.c
libexec/ld.elf_so/arch/powerpc/Makefile.inc
libexec/ld.elf_so/arch/powerpc/ppc_reloc.c
libexec/ld.elf_so/arch/sparc/Makefile.inc
libexec/ld.elf_so/arch/sparc/mdreloc.c
libexec/ld.elf_so/arch/sparc64/Makefile.inc
libexec/ld.elf_so/arch/sparc64/mdreloc.c
libexec/ld.elf_so/arch/x86_64/Makefile.inc
libexec/ld.elf_so/arch/x86_64/mdreloc.c
libexec/ld.elf_so/reloc.c
libexec/ld.elf_so/rtld.c
libexec/ld.elf_so/rtld.h
sbin/disklabel/main.c
sbin/dmesg/dmesg.8
sbin/dmesg/dmesg.c
sbin/fsck_lfs/bufcache.c
sbin/fsck_lfs/bufcache.h
sbin/mbrlabel/mbrlabel.c
share/man/man4/man4.macppc/awacs.4
share/man/man4/man4.macppc/obio.4
share/man/man4/man4.macppc/snapper.4
share/man/man4/options.4
share/mk/bsd.README
share/mk/bsd.own.mk
sys/arch/Makefile
sys/arch/aarch64/aarch64/TODO
sys/arch/aarch64/aarch64/aarch64_machdep.c
sys/arch/aarch64/aarch64/aarch64_reboot.c
sys/arch/aarch64/aarch64/bus_dma.c
sys/arch/aarch64/aarch64/bus_space.c
sys/arch/aarch64/aarch64/bus_space_asm_generic.S
sys/arch/aarch64/aarch64/bus_space_notimpl.S
sys/arch/aarch64/aarch64/copyinout.S
sys/arch/aarch64/aarch64/core_machdep.c
sys/arch/aarch64/aarch64/cpu.c
sys/arch/aarch64/aarch64/cpu_machdep.c
sys/arch/aarch64/aarch64/cpufunc.c
sys/arch/aarch64/aarch64/cpufunc_asm_armv8.S
sys/arch/aarch64/aarch64/cpuswitch.S
sys/arch/aarch64/aarch64/db_disasm.c
sys/arch/aarch64/aarch64/db_interface.c
sys/arch/aarch64/aarch64/db_machdep.c
sys/arch/aarch64/aarch64/db_trace.c
sys/arch/aarch64/aarch64/disasm.c
sys/arch/aarch64/aarch64/disasm.h
sys/arch/aarch64/aarch64/exception.S
sys/arch/aarch64/aarch64/exec_machdep.c
sys/arch/aarch64/aarch64/fault.c
sys/arch/aarch64/aarch64/fpu.c
sys/arch/aarch64/aarch64/fusu.S
sys/arch/aarch64/aarch64/genassym.cf
sys/arch/aarch64/aarch64/idle_machdep.S
sys/arch/aarch64/aarch64/locore.S
sys/arch/aarch64/aarch64/locore_el2.S
sys/arch/aarch64/aarch64/netbsd32_machdep.c
sys/arch/aarch64/aarch64/pmap.c
sys/arch/aarch64/aarch64/process_machdep.c
sys/arch/aarch64/aarch64/sig_machdep.c
sys/arch/aarch64/aarch64/sys_machdep.c
sys/arch/aarch64/aarch64/syscall.c
sys/arch/aarch64/aarch64/trap.c
sys/arch/aarch64/aarch64/vectors.S
sys/arch/aarch64/aarch64/vm_machdep.c
sys/arch/aarch64/conf/Makefile.aarch64
sys/arch/aarch64/conf/files.aarch64
sys/arch/aarch64/conf/kern.ldscript
sys/arch/aarch64/conf/std.aarch64
sys/arch/aarch64/dev/a64gic_mainbus.c
sys/arch/aarch64/dev/a64gtmr.c
sys/arch/aarch64/dev/a64gtmr_intr.h
sys/arch/aarch64/dev/a64gtmr_var.h
sys/arch/aarch64/dev/cpu.c
sys/arch/aarch64/dev/cpucore.c
sys/arch/aarch64/dev/cpunode.c
sys/arch/aarch64/dev/mainbus.c
sys/arch/aarch64/include/Makefile
sys/arch/aarch64/include/aout_machdep.h
sys/arch/aarch64/include/armreg.h
sys/arch/aarch64/include/asm.h
sys/arch/aarch64/include/bus_defs.h
sys/arch/aarch64/include/bus_funcs.h
sys/arch/aarch64/include/cpu.h
sys/arch/aarch64/include/cpufunc.h
sys/arch/aarch64/include/db_machdep.h
sys/arch/aarch64/include/disklabel.h
sys/arch/aarch64/include/frame.h
sys/arch/aarch64/include/hypervisor.h
sys/arch/aarch64/include/intr.h
sys/arch/aarch64/include/locore.h
sys/arch/aarch64/include/machdep.h
sys/arch/aarch64/include/mcontext.h
sys/arch/aarch64/include/netbsd32_machdep.h
sys/arch/aarch64/include/param.h
sys/arch/aarch64/include/pmap.h
sys/arch/aarch64/include/pmc.h
sys/arch/aarch64/include/proc.h
sys/arch/aarch64/include/psl.h
sys/arch/aarch64/include/pte.h
sys/arch/aarch64/include/reg.h
sys/arch/aarch64/include/signal.h
sys/arch/aarch64/include/sysarch.h
sys/arch/aarch64/include/trap.h
sys/arch/aarch64/include/types.h
sys/arch/aarch64/include/userret.h
sys/arch/aarch64/include/vmparam.h
sys/arch/amd64/amd64/db_interface.c
sys/arch/amd64/amd64/genassym.cf
sys/arch/amd64/amd64/locore.S
sys/arch/amd64/amd64/machdep.c
sys/arch/amd64/amd64/spl.S
sys/arch/amd64/amd64/vector.S
sys/arch/arm/arm/cpufunc.c
sys/arch/arm/arm/psci_arm.S
sys/arch/arm/arm32/armv7_generic_space.c
sys/arch/arm/arm32/bus_dma.c
sys/arch/arm/arm32/pmap.c
sys/arch/arm/broadcom/bcm2835_genfb.c
sys/arch/arm/broadcom/bcm2835_space.c
sys/arch/arm/broadcom/bcm2835reg.h
sys/arch/arm/broadcom/bcm2835var.h
sys/arch/arm/broadcom/bcm283x_platform.c
sys/arch/arm/broadcom/bcm283x_platform.h
sys/arch/arm/broadcom/files.bcm2835
sys/arch/arm/conf/files.arm
sys/arch/arm/cortex/gic.c
sys/arch/arm/cortex/gtmr.c
sys/arch/arm/fdt/cpu_fdt.c
sys/arch/arm/include/arm32/pmap.h
sys/arch/arm/include/armreg.h
sys/arch/arm/include/asm.h
sys/arch/arm/include/bus_defs.h
sys/arch/arm/include/bus_funcs.h
sys/arch/arm/include/cpu.h
sys/arch/arm/include/cpuconf.h
sys/arch/arm/include/cpufunc.h
sys/arch/arm/include/db_machdep.h
sys/arch/arm/include/disklabel.h
sys/arch/arm/include/locore.h
sys/arch/arm/include/mcontext.h
sys/arch/arm/include/signal.h
sys/arch/arm/nvidia/files.tegra
sys/arch/arm/nvidia/tegra_pcie.c
sys/arch/arm/nvidia/tegra_platform.c
sys/arch/arm/nvidia/tegra_platform.h
sys/arch/arm/nvidia/tegra_pmc.c
sys/arch/arm/nvidia/tegra_reg.h
sys/arch/arm/nvidia/tegra_soc.c
sys/arch/arm/nvidia/tegra_timer.c
sys/arch/arm/pic/pic.c
sys/arch/arm/pic/pic_splfuncs.c
sys/arch/arm/sunxi/files.sunxi
sys/arch/arm/sunxi/sun4i_a10_ccu.c
sys/arch/arm/sunxi/sun4i_a10_gpio.c
sys/arch/arm/sunxi/sun50i_a64_gpio.c
sys/arch/arm/sunxi/sun50i_h6_gpio.c
sys/arch/arm/sunxi/sun5i_a13_gpio.c
sys/arch/arm/sunxi/sun6i_a31_gpio.c
sys/arch/arm/sunxi/sun7i_a20_gpio.c
sys/arch/arm/sunxi/sun8i_a83t_gpio.c
sys/arch/arm/sunxi/sun8i_h3_gpio.c
sys/arch/arm/sunxi/sun9i_a80_gpio.c
sys/arch/arm/sunxi/sunxi_ccu.c
sys/arch/arm/sunxi/sunxi_ccu.h
sys/arch/arm/sunxi/sunxi_ccu_display.c
sys/arch/arm/sunxi/sunxi_ccu_fractional.c
sys/arch/arm/sunxi/sunxi_debe.c
sys/arch/arm/sunxi/sunxi_debereg.h
sys/arch/arm/sunxi/sunxi_dep.c
sys/arch/arm/sunxi/sunxi_display.h
sys/arch/arm/sunxi/sunxi_gpio.c
sys/arch/arm/sunxi/sunxi_hdmi.c
sys/arch/arm/sunxi/sunxi_hdmireg.h
sys/arch/arm/sunxi/sunxi_platform.c
sys/arch/arm/sunxi/sunxi_platform.h
sys/arch/arm/sunxi/sunxi_tcon.c
sys/arch/arm/sunxi/sunxi_tconreg.h
sys/arch/atari/conf/ATARITT
sys/arch/atari/conf/FALCON
sys/arch/atari/conf/HADES
sys/arch/atari/conf/HADES.in
sys/arch/atari/conf/MILAN-ISAIDE
sys/arch/atari/conf/MILAN-PCIIDE
sys/arch/atari/conf/SMALL030
sys/arch/evbarm/conf/GENERIC
sys/arch/evbarm/conf/GENERIC.common
sys/arch/evbarm/conf/GENERIC64
sys/arch/evbarm/conf/RPI64
sys/arch/evbarm/conf/SUNXI
sys/arch/evbarm/conf/files.evbarm
sys/arch/evbarm/conf/files.fdt
sys/arch/evbarm/conf/files.generic
sys/arch/evbarm/conf/files.generic64
sys/arch/evbarm/conf/files.rpi
sys/arch/evbarm/conf/files.sunxi
sys/arch/evbarm/conf/files.tegra
sys/arch/evbarm/conf/mk.generic
sys/arch/evbarm/conf/mk.generic64
sys/arch/evbarm/conf/std.generic
sys/arch/evbarm/conf/std.generic64
sys/arch/evbarm/fdt/fdt_machdep.c
sys/arch/evbarm/fdt/fdt_start.S
sys/arch/evbarm/fdt/genassym.cf
sys/arch/evbarm/fdt/platform.h
sys/arch/evbarm/include/bootconfig.h
sys/arch/evbarm/include/cpu.h
sys/arch/evbarm/include/cpu_counter.h
sys/arch/evbarm/include/db_machdep.h
sys/arch/evbarm/include/elf_machdep.h
sys/arch/evbarm/include/frame.h
sys/arch/evbarm/include/isa_machdep.h
sys/arch/evbarm/include/lock.h
sys/arch/evbarm/include/netbsd32_machdep.h
sys/arch/evbarm/include/param.h
sys/arch/evbarm/include/pcb.h
sys/arch/evbarm/include/pmap.h
sys/arch/evbarm/include/pmc.h
sys/arch/evbarm/include/proc.h
sys/arch/evbarm/include/profile.h
sys/arch/evbarm/include/ptrace.h
sys/arch/evbarm/include/reg.h
sys/arch/evbarm/include/setjmp.h
sys/arch/evbarm/include/types.h
sys/arch/evbarm/include/vmparam.h
sys/arch/evbarm/rpi/genassym.cf
sys/arch/evbarm/stand/Makefile
sys/arch/evbarm/tegra/tegra_start.S
sys/arch/evbarm64/Makefile
sys/arch/evbarm64/a64emul/a64emul_machdep.c
sys/arch/evbarm64/a64emul/obio_mainbus.c
sys/arch/evbarm64/a64emul/obio_var.h
sys/arch/evbarm64/a64emul/plcom_obio.c
sys/arch/evbarm64/a64emul/sm_mainbus.c
sys/arch/evbarm64/conf/A64EMUL
sys/arch/evbarm64/conf/Makefile.evbarm64.inc
sys/arch/evbarm64/conf/files.a64emul
sys/arch/evbarm64/conf/files.evbarm64
sys/arch/evbarm64/conf/std.a64emul
sys/arch/evbarm64/conf/std.evbarm64
sys/arch/evbarm64/include/Makefile
sys/arch/evbarm64/include/ansi.h
sys/arch/evbarm64/include/asm.h
sys/arch/evbarm64/include/bswap.h
sys/arch/evbarm64/include/bus_defs.h
sys/arch/evbarm64/include/bus_funcs.h
sys/arch/evbarm64/include/cdefs.h
sys/arch/evbarm64/include/cpu.h
sys/arch/evbarm64/include/cpu_counter.h
sys/arch/evbarm64/include/db_machdep.h
sys/arch/evbarm64/include/disklabel.h
sys/arch/evbarm64/include/elf_machdep.h
sys/arch/evbarm64/include/endian.h
sys/arch/evbarm64/include/endian_machdep.h
sys/arch/evbarm64/include/frame.h
sys/arch/evbarm64/include/int_const.h
sys/arch/evbarm64/include/int_fmtio.h
sys/arch/evbarm64/include/int_limits.h
sys/arch/evbarm64/include/int_mwgwtypes.h
sys/arch/evbarm64/include/int_types.h
sys/arch/evbarm64/include/intr.h
sys/arch/evbarm64/include/kcore.h
sys/arch/evbarm64/include/limits.h
sys/arch/evbarm64/include/lock.h
sys/arch/evbarm64/include/mcontext.h
sys/arch/evbarm64/include/mutex.h
sys/arch/evbarm64/include/param.h
sys/arch/evbarm64/include/pcb.h
sys/arch/evbarm64/include/pmap.h
sys/arch/evbarm64/include/pmc.h
sys/arch/evbarm64/include/proc.h
sys/arch/evbarm64/include/profile.h
sys/arch/evbarm64/include/psl.h
sys/arch/evbarm64/include/pte.h
sys/arch/evbarm64/include/ptrace.h
sys/arch/evbarm64/include/reg.h
sys/arch/evbarm64/include/rwlock.h
sys/arch/evbarm64/include/setjmp.h
sys/arch/evbarm64/include/signal.h
sys/arch/evbarm64/include/trap.h
sys/arch/evbarm64/include/types.h
sys/arch/evbarm64/include/vmparam.h
sys/arch/evbarm64/include/wchar_limits.h
sys/arch/i386/i386/db_interface.c
sys/arch/i386/i386/machdep.c
sys/arch/i386/i386/spl.S
sys/arch/i386/i386/vector.S
sys/arch/i386/stand/efiboot/TODO.efiboot
sys/arch/i386/stand/efiboot/boot.c
sys/arch/i386/stand/efiboot/devopen.c
sys/arch/i386/stand/efiboot/devopen.h
sys/arch/i386/stand/efiboot/efidisk.c
sys/arch/i386/stand/efiboot/efidisk.h
sys/arch/i386/stand/lib/biosdisk.c
sys/arch/i386/stand/lib/biosdisk.h
sys/arch/i386/stand/lib/bootmenu.c
sys/arch/i386/stand/lib/bootmenu.h
sys/arch/vax/include/vmparam.h
sys/arch/vax/vax/ctu.c
sys/arch/vax/vax/machdep.c
sys/arch/vax/vax/pmap.c
sys/arch/x86/include/cpu.h
sys/arch/x86/include/intr.h
sys/arch/x86/include/specialreg.h
sys/arch/x86/x86/cpu.c
sys/arch/x86/x86/dbregs.c
sys/arch/x86/x86/identcpu.c
sys/arch/x86/x86/intr.c
sys/arch/x86/x86/lapic.c
sys/arch/x86/x86/spectre.c
sys/arch/x86/x86/svs.c
sys/arch/x86/x86/x86_machdep.c
sys/dev/acpi/acpi_mcfg.c
sys/dev/cardbus/ahc_cardbus.c
sys/dev/clk/clk.c
sys/dev/clk/clk.h
sys/dev/clk/clk_backend.h
sys/dev/fdt/connector_fdt.c
sys/dev/fdt/connector_fdt.h
sys/dev/fdt/fdt_port.c
sys/dev/fdt/fdt_port.h
sys/dev/fdt/files.fdt
sys/dev/fdt/panel_fdt.c
sys/dev/fdt/panel_fdt.h
sys/dev/fdt/simplefb.c
sys/dev/ic/aic7xxx.c
sys/dev/ieee1394/fwohcireg.h
sys/dev/pci/fwohci_pci.c
sys/dev/pci/if_rtwn.c
sys/dev/pci/ixgbe/if_bypass.c
sys/dev/pci/ixgbe/if_fdir.c
sys/dev/pci/ixgbe/if_sriov.c
sys/dev/pci/ixgbe/ix_txrx.c
sys/dev/pci/ixgbe/ixgbe.c
sys/dev/pci/ixgbe/ixgbe.h
sys/dev/pci/ixgbe/ixgbe_82598.c
sys/dev/pci/ixgbe/ixgbe_82598.h
sys/dev/pci/ixgbe/ixgbe_82599.c
sys/dev/pci/ixgbe/ixgbe_82599.h
sys/dev/pci/ixgbe/ixgbe_api.c
sys/dev/pci/ixgbe/ixgbe_api.h
sys/dev/pci/ixgbe/ixgbe_common.c
sys/dev/pci/ixgbe/ixgbe_common.h
sys/dev/pci/ixgbe/ixgbe_dcb.c
sys/dev/pci/ixgbe/ixgbe_dcb.h
sys/dev/pci/ixgbe/ixgbe_dcb_82598.c
sys/dev/pci/ixgbe/ixgbe_dcb_82598.h
sys/dev/pci/ixgbe/ixgbe_dcb_82599.c
sys/dev/pci/ixgbe/ixgbe_dcb_82599.h
sys/dev/pci/ixgbe/ixgbe_fdir.h
sys/dev/pci/ixgbe/ixgbe_mbx.c
sys/dev/pci/ixgbe/ixgbe_mbx.h
sys/dev/pci/ixgbe/ixgbe_osdep.c
sys/dev/pci/ixgbe/ixgbe_osdep.h
sys/dev/pci/ixgbe/ixgbe_phy.c
sys/dev/pci/ixgbe/ixgbe_phy.h
sys/dev/pci/ixgbe/ixgbe_rss.h
sys/dev/pci/ixgbe/ixgbe_sriov.h
sys/dev/pci/ixgbe/ixgbe_type.h
sys/dev/pci/ixgbe/ixgbe_vf.c
sys/dev/pci/ixgbe/ixgbe_vf.h
sys/dev/pci/ixgbe/ixgbe_x540.c
sys/dev/pci/ixgbe/ixgbe_x540.h
sys/dev/pci/ixgbe/ixgbe_x550.c
sys/dev/pci/ixgbe/ixgbe_x550.h
sys/dev/pci/ixgbe/ixv.c
sys/dev/pci/pcidevs
sys/dev/pci/pcidevs.h
sys/dev/pci/pcidevs_data.h
sys/dev/tc/stic.c
sys/dev/usb/udl.c
sys/dev/usb/usbdevs
sys/dev/usb/usbdevs.h
sys/dev/usb/usbdevs_data.h
sys/external/bsd/drm2/include/drm/bus_dma_hacks.h
sys/kern/subr_log.c
sys/kern/subr_prf.c
sys/kern/sysv_msg.c
sys/kern/tty.c
sys/lib/libsa/bootcfg.c
sys/lib/libsa/bootcfg.h
sys/miscfs/kernfs/kernfs_vnops.c
sys/net/if_ipsec.c
sys/net/if_media.c
sys/net/if_spppsubr.c
sys/net/npf/npf_inet.c
sys/net/route.c
sys/netinet/in.c
sys/netinet/ip_output.c
sys/netinet/ip_var.h
sys/netinet/sctp_output.c
sys/netinet/tcp_input.c
sys/netinet/tcp_output.c
sys/netinet6/in6.c
sys/netipsec/ipsec.c
sys/netipsec/ipsec.h
sys/netipsec/ipsecif.c
sys/netipsec/ipsecif.h
sys/rump/listsrcdirs
sys/rump/net/lib/libshmif/shmif_user.c
sys/sys/msgbuf.h
sys/uvm/uvm_emap.c
sys/uvm/uvm_readahead.c
tests/net/arp/t_arp.sh
tests/net/net_common.sh
tests/usr.bin/c++/Makefile
tests/usr.bin/c++/t_asan_double_free.sh
tests/usr.bin/c++/t_asan_global_buffer_overflow.sh
tests/usr.bin/c++/t_asan_heap_overflow.sh
tests/usr.bin/c++/t_asan_off_by_one.sh
tests/usr.bin/c++/t_asan_uaf.sh
tests/usr.bin/cc/Makefile
tests/usr.bin/cc/t_asan_double_free.sh
tests/usr.bin/cc/t_asan_global_buffer_overflow.sh
tests/usr.bin/cc/t_asan_heap_overflow.sh
tests/usr.bin/cc/t_asan_off_by_one.sh
tests/usr.bin/cc/t_asan_uaf.sh
tools/headerlist
usr.bin/make/make.1
usr.bin/make/parse.c
usr.bin/patch/pch.c
usr.sbin/cpuctl/arch/i386.c
usr.sbin/ofctl/Makefile
usr.sbin/racoon/Makefile
usr.sbin/sysinst/arch/evbarm64/Makefile
usr.sbin/sysinst/arch/evbarm64/md.c
usr.sbin/sysinst/arch/evbarm64/md.h
usr.sbin/sysinst/arch/evbarm64/msg.md.en
usr.sbin/tpctl/Makefile
--- a/bin/ed/ed.1	Tue Apr 03 08:29:44 2018 +0000
+++ b/bin/ed/ed.1	Sat Apr 07 04:11:47 2018 +0000
@@ -1,4 +1,4 @@
-.\"	$NetBSD: ed.1,v 1.31 2017/07/03 21:33:23 wiz Exp $
+.\"	$NetBSD: ed.1,v 1.31.4.1 2018/04/07 04:11:47 pgoyette Exp $
 .\"	$OpenBSD: ed.1,v 1.42 2003/07/27 13:25:43 jmc Exp $
 .\"
 .\" Copyright (c) 1993 Andrew Moore, Talke Studio.
@@ -25,7 +25,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd January 23, 2002
+.Dd April 23, 2002
 .Dt ED 1
 .Os
 .Sh NAME
@@ -34,7 +34,7 @@
 .Sh SYNOPSIS
 .Nm
 .Op Fl
-.Op Fl Esx
+.Op Fl ESsx
 .Op Fl p Ar string
 .Op Ar file
 .Sh DESCRIPTION
@@ -130,6 +130,12 @@
 .It Fl E
 Enables the use of extended regular expressions instead of the basic
 regular expressions that are normally used.
+.It Fl S
+Disables using of the
+.Dq !
+command (execuring a subshell).
+Intended to be used by batch jobs like
+.Xr patch 1 .
 .It Fl p Ar string
 Specifies a command prompt.
 This may be toggled on and off with the
@@ -955,6 +961,7 @@
 .Xr sed 1 ,
 .Xr sh 1 ,
 .Xr vi 1 ,
+.Xr patch 1 ,
 .Xr regex 3
 .Pp
 USD:09-10
--- a/bin/ed/main.c	Tue Apr 03 08:29:44 2018 +0000
+++ b/bin/ed/main.c	Sat Apr 07 04:11:47 2018 +0000
@@ -1,4 +1,4 @@
-/*	$NetBSD: main.c,v 1.28 2016/03/02 19:11:28 christos Exp $	*/
+/*	$NetBSD: main.c,v 1.28.14.1 2018/04/07 04:11:47 pgoyette Exp $	*/
 
 /* main.c: This file contains the main control and user-interface routines
    for the ed line editor. */
@@ -39,7 +39,7 @@
 #if 0
 static char *rcsid = "@(#)main.c,v 1.1 1994/02/01 00:34:42 alm Exp";
 #else
-__RCSID("$NetBSD: main.c,v 1.28 2016/03/02 19:11:28 christos Exp $");
+__RCSID("$NetBSD: main.c,v 1.28.14.1 2018/04/07 04:11:47 pgoyette Exp $");
 #endif
 #endif /* not lint */
 
@@ -94,6 +94,7 @@
 int red = 0;			/* if set, restrict shell/directory access */
 int ere = 0;			/* if set, use extended regexes */
 int scripted = 0;		/* if set, suppress diagnostics */
+int secure = 0;			/* is set, ! is not allowed */
 int sigflags = 0;		/* if set, signals received while mutex set */
 int sigactive = 0;		/* if set, signal handlers are enabled */
 
@@ -105,7 +106,7 @@
 const char *dps = "*";		/* default command-line prompt */
 
 
-static const char usage[] = "Usage: %s [-] [-sxE] [-p string] [name]\n";
+static const char usage[] = "Usage: %s [-] [-ESsx] [-p string] [name]\n";
 
 /* ed: line editor */
 int
@@ -118,7 +119,7 @@
 
 	red = (n = strlen(argv[0])) > 2 && argv[0][n - 3] == 'r';
 top:
-	while ((c = getopt(argc, argv, "p:sxE")) != -1)
+	while ((c = getopt(argc, argv, "p:sxES")) != -1)
 		switch(c) {
 		case 'p':				/* set prompt */
 			prompt = optarg;
@@ -137,6 +138,9 @@
 		case 'E':
 			ere = REG_EXTENDED;
 			break;
+		case 'S':				/* ! is not allowed */
+			secure = 1;
+			break;
 		default:
 			fprintf(stderr, usage, getprogname());
 			exit(1);
@@ -861,6 +865,10 @@
 		printf("%ld\n", addr_cnt ? second_addr : addr_last);
 		break;
 	case '!':
+		if (secure) {
+			seterrmsg("'!' not allowed");
+			return ERR;
+		}
 		if (addr_cnt > 0) {
 			seterrmsg("unexpected address");
 			return ERR;
--- a/build.sh	Tue Apr 03 08:29:44 2018 +0000
+++ b/build.sh	Sat Apr 07 04:11:47 2018 +0000
@@ -1,5 +1,5 @@
 #! /usr/bin/env sh
-#	$NetBSD: build.sh,v 1.324 2018/01/24 09:04:40 skrll Exp $
+#	$NetBSD: build.sh,v 1.324.2.1 2018/04/07 04:11:47 pgoyette Exp $
 #
 # Copyright (c) 2001-2011 The NetBSD Foundation, Inc.
 # All rights reserved.
@@ -651,8 +651,8 @@
 MACHINE=evbarm		MACHINE_ARCH=earmv7eb	ALIAS=evbearmv7-eb
 MACHINE=evbarm		MACHINE_ARCH=earmv7hf	ALIAS=evbearmv7hf-el
 MACHINE=evbarm		MACHINE_ARCH=earmv7hfeb	ALIAS=evbearmv7hf-eb
-MACHINE=evbarm64	MACHINE_ARCH=aarch64	ALIAS=evbarm64-el DEFAULT
-MACHINE=evbarm64	MACHINE_ARCH=aarch64eb	ALIAS=evbarm64-eb
+MACHINE=evbarm		MACHINE_ARCH=aarch64	ALIAS=evbarm64-el DEFAULT
+MACHINE=evbarm		MACHINE_ARCH=aarch64eb	ALIAS=evbarm64-eb
 MACHINE=evbcf		MACHINE_ARCH=coldfire
 MACHINE=evbmips		MACHINE_ARCH=		NO_DEFAULT
 MACHINE=evbmips		MACHINE_ARCH=mips64eb	ALIAS=evbmips64-eb
@@ -1932,7 +1932,7 @@
 	eval cat <<EOF ${makewrapout}
 #! ${HOST_SH}
 # Set proper variables to allow easy "make" building of a NetBSD subtree.
-# Generated from:  \$NetBSD: build.sh,v 1.324 2018/01/24 09:04:40 skrll Exp $
+# Generated from:  \$NetBSD: build.sh,v 1.324.2.1 2018/04/07 04:11:47 pgoyette Exp $
 # with these arguments: ${_args}
 #
 
--- a/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c	Tue Apr 03 08:29:44 2018 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c	Sat Apr 07 04:11:47 2018 +0000
@@ -1,4 +1,4 @@
-/*	$NetBSD: crypto_openssl.c,v 1.27 2018/02/07 03:59:03 christos Exp $	*/
+/*	$NetBSD: crypto_openssl.c,v 1.27.2.1 2018/04/07 04:11:47 pgoyette Exp $	*/
 
 /* Id: crypto_openssl.c,v 1.47 2006/05/06 20:42:09 manubsd Exp */
 
@@ -2331,6 +2331,7 @@
 		goto end;
 	if (!DH_set0_pqg(dh, p, NULL, g))
 		goto end;
+	p = g = NULL;
 
 	if (publen != 0)
 		DH_set_length(dh, publen);
@@ -2395,9 +2396,11 @@
 
 	if (!DH_set0_pqg(dh, p, NULL, g))
 		goto end;
+	p = g = NULL;
 
 	if (!DH_set0_key(dh, pub_key, priv_key))
 		goto end;
+	pub_key = priv_key = NULL;
 
 	if ((v = racoon_calloc(prime->l, sizeof(u_char))) == NULL)
 		goto end;
@@ -2565,7 +2568,6 @@
 	return rsa_pub;
 out:
 	BN_free(exp);
-	BN_free(exp);
 	RSA_free(rsa_pub);
 	return NULL;
 }
--- a/crypto/dist/ipsec-tools/src/racoon/debugrm.c	Tue Apr 03 08:29:44 2018 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/debugrm.c	Sat Apr 07 04:11:47 2018 +0000
@@ -1,4 +1,4 @@
-/*	$NetBSD: debugrm.c,v 1.3 2006/09/09 16:22:09 manu Exp $	*/
+/*	$NetBSD: debugrm.c,v 1.3.86.1 2018/04/07 04:11:47 pgoyette Exp $	*/
 
 /*	$KAME: debugrm.c,v 1.6 2001/12/13 16:07:46 sakane Exp $	*/
 
@@ -51,37 +51,38 @@
 #define DRMLISTSIZE 1024
 
 struct drm_list_t {
-	void *ptr;
+	const void *ptr;
 	char msg[100];
 };
 static struct drm_list_t drmlist[DRMLISTSIZE];
 
 static int drm_unknown;
 
-static void DRM_add __P((void *, char *));
-static void DRM_del __P((void *));
-static void DRM_setmsg __P((char *, int, void *, int, char *, int, char *));
+static void DRM_add(const void *, const char *);
+static void DRM_del(const void *);
+static void DRM_setmsg(char *, size_t, const void *, size_t, const char *,
+    size_t, const char *);
 
 void 
-DRM_init()
+DRM_init(void)
 {
-	int i;
+	size_t i;
 	drm_unknown = 0;
-	for (i = 0; i < sizeof(drmlist)/sizeof(drmlist[0]); i++)
+	for (i = 0; i < __arraycount(drmlist); i++)
 		drmlist[i].ptr = 0;
 }
 
 void
-DRM_dump()
+DRM_dump(void)
 {
 	FILE *fp;
-	int i;
+	size_t i;
 
 	fp = fopen(DRMDUMPFILE, "w");
 	if (fp == NULL)
 		err(1, "fopen");	/*XXX*/
 	fprintf(fp, "drm_unknown=%d\n", drm_unknown);
-	for (i = 0; i < sizeof(drmlist)/sizeof(drmlist[0]); i++) {
+	for (i = 0; i < __arraycount(drmlist); i++) {
 		if (drmlist[i].ptr)
 			fprintf(fp, "%s\n", drmlist[i].msg);
 	}
@@ -89,12 +90,10 @@
 }
 
 static void 
-DRM_add(p, msg)
-	void *p;
-	char *msg;
+DRM_add(const void *p, const char *msg)
 {
-	int i;
-	for (i = 0; i < sizeof(drmlist)/sizeof(drmlist[0]); i++) {
+	size_t i;
+	for (i = 0; i < __arraycount(drmlist); i++) {
 		if (!drmlist[i].ptr) {
 			drmlist[i].ptr = p;
 			strlcpy(drmlist[i].msg, msg, sizeof(drmlist[i].msg));
@@ -104,15 +103,14 @@
 }
 
 static void
-DRM_del(p)
-	void *p;
+DRM_del(const void *p)
 {
-	int i;
+	size_t i;
 
 	if (!p)
 		return;
 
-	for (i = 0; i < sizeof(drmlist)/sizeof(drmlist[0]); i++) {
+	for (i = 0; i < __arraycount(drmlist); i++) {
 		if (drmlist[i].ptr == p) {
 			drmlist[i].ptr = 0;
 			return;
@@ -122,10 +120,8 @@
 }
 
 static void
-DRM_setmsg(buf, buflen, ptr, size, file, line, func)
-	char *buf, *file, *func;
-	int buflen, size, line;
-	void *ptr;
+DRM_setmsg(char *buf, size_t buflen, const void *ptr, size_t size,
+    const char *file, size_t line, const char *func)
 {
 	time_t t;
 	struct tm *tm;
@@ -136,14 +132,11 @@
 	len = strftime(buf, buflen, "%Y/%m/%d:%T ", tm);
 
 	snprintf(buf + len, buflen - len, "%p %6d %s:%d:%s",
-		ptr, size, file , line, func);
+		ptr, size, file, line, func);
 }
 
 void *
-DRM_malloc(file, line, func, size)
-	char *file, *func;
-	int line;
-	size_t size;
+DRM_malloc(const char *file, size_t line, const char *func, size_t size)
 {
 	void *p;
 
@@ -158,10 +151,8 @@
 }
 
 void *
-DRM_calloc(file, line, func, number, size)
-	char *file, *func;
-	int line;
-	size_t number, size;
+DRM_calloc(const char *file, size_t line, const char *func, size_t number,
+    size_t size)
 {
 	void *p;
 
@@ -175,11 +166,8 @@
 }
 
 void *
-DRM_realloc(file, line, func, ptr, size)
-	char *file, *func;
-	int line;
-	void *ptr;
-	size_t size;
+DRM_realloc(const char *file, size_t line, const char *func, void *ptr,
+    size_t size)
 {
 	void *p;
 
@@ -197,20 +185,14 @@
 }
 
 void
-DRM_free(file, line, func, ptr)
-	char *file, *func;
-	int line;
-	void *ptr;
+DRM_free(const char *file, size_t line, const char *func, void *ptr)
 {
 	DRM_del(ptr);
 	free(ptr);
 }
 
 char *
-DRM_strdup(file, line, func, str)
-	char *file, *func;
-	int line;
-	const char *str;
+DRM_strdup(const char *file, size_t line, const char *func, const char *str)
 {
 	char *p;
 
@@ -218,7 +200,7 @@
 
 	if (p) {
 		char buf[1024];
-		DRM_setmsg(buf, sizeof(buf), p, size, file, line, func);
+		DRM_setmsg(buf, sizeof(buf), p, strlen(p), file, line, func);
 		DRM_add(p, buf);
 	}
 
@@ -229,10 +211,7 @@
  * mask vmbuf.c functions.
  */
 void *
-DRM_vmalloc(file, line, func, size)
-	char *file, *func;
-	int line;
-	size_t size;
+DRM_vmalloc(const char *file, size_t line, const char *func, size_t size)
 {
 	void *p;
 
@@ -247,11 +226,8 @@
 }
 
 void *
-DRM_vrealloc(file, line, func, ptr, size)
-	char *file, *func;
-	int line;
-	void *ptr;
-	size_t size;
+DRM_vrealloc(const char *file, size_t line, const char *func, void *ptr,
+    size_t size)
 {
 	void *p;
 
@@ -269,20 +245,14 @@
 }
 
 void
-DRM_vfree(file, line, func, ptr)
-	char *file, *func;
-	int line;
-	void *ptr;
+DRM_vfree(const char *file, size_t line, const char *func, void *ptr)
 {
 	DRM_del(ptr);
 	vfree(ptr);
 }
 
 void *
-DRM_vdup(file, line, func, ptr)
-	char *file, *func;
-	int line;
-	void *ptr;
+DRM_vdup(const char *file, size_t line, const char *func, void *ptr)
 {
 	void *p;
 
--- a/crypto/dist/ipsec-tools/src/racoon/debugrm.h	Tue Apr 03 08:29:44 2018 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/debugrm.h	Sat Apr 07 04:11:47 2018 +0000
@@ -1,4 +1,4 @@
-/*	$NetBSD: debugrm.h,v 1.4 2006/09/09 16:22:09 manu Exp $	*/
+/*	$NetBSD: debugrm.h,v 1.4.86.1 2018/04/07 04:11:47 pgoyette Exp $	*/
 
 /* Id: debugrm.h,v 1.4 2006/04/06 14:00:06 manubsd Exp */
 
@@ -75,13 +75,13 @@
 #endif
 #endif /*NONEED_DRM*/
 
-extern void DRM_init __P((void));
-extern void DRM_dump __P((void));
-extern void *DRM_malloc __P((char *, int, char *, size_t));
-extern void *DRM_calloc __P((char *, int, char *, size_t, size_t));
-extern void *DRM_realloc __P((char *, int, char *, void *, size_t));
-extern void DRM_free __P((char *, int, char *, void *));
-extern char *DRM_strdup __P((char *, int, char *, const char *));
+extern void DRM_init(void);
+extern void DRM_dump(void);
+extern void *DRM_malloc(const char *, size_t, const char *, size_t);
+extern void *DRM_calloc(const char *, size_t, const char *, size_t, size_t);
+extern void *DRM_realloc(const char *, size_t, const char *, void *, size_t);
+extern void DRM_free(const char *, size_t, const char *, void *);
+extern char *DRM_strdup(const char *, size_t, const char *, const char *);
 
 #ifndef NONEED_DRM
 #define	vmalloc(sz)	\
@@ -94,9 +94,9 @@
 	DRM_vfree(__FILE__, __LINE__, __func__, (p))
 #endif
 
-extern void *DRM_vmalloc __P((char *, int, char *, size_t));
-extern void *DRM_vrealloc __P((char *, int, char *, void *, size_t));
-extern void DRM_vfree __P((char *, int, char *, void *));
-extern void *DRM_vdup __P((char *, int, char *, void *));
+extern void *DRM_vmalloc(const char *, size_t, const char *, size_t);
+extern void *DRM_vrealloc(const char *, size_t, const char *, void *, size_t);
+extern void DRM_vfree(const char *, size_t, const char *, void *);
+extern void *DRM_vdup(const char *, size_t, const char *, void *);
 
 #endif /* _DEBUGRM_H */
--- a/crypto/external/bsd/heimdal/dist/kcm/cache.c	Tue Apr 03 08:29:44 2018 +0000
+++ b/crypto/external/bsd/heimdal/dist/kcm/cache.c	Sat Apr 07 04:11:47 2018 +0000
@@ -1,4 +1,4 @@
-/*	$NetBSD: cache.c,v 1.3 2017/01/28 21:31:44 christos Exp $	*/
+/*	$NetBSD: cache.c,v 1.3.10.1 2018/04/07 04:11:47 pgoyette Exp $	*/
 
 /*
  * Copyright (c) 2005, PADL Software Pty Ltd.
@@ -324,6 +324,7 @@
     slot->key.keytab = NULL;
     slot->tkt_life = 0;
     slot->renew_life = 0;
+    slot->kdc_offset = 0;
 
     if (new_slot)
 	ccache_head = slot;
--- a/crypto/external/bsd/heimdal/dist/kcm/glue.c	Tue Apr 03 08:29:44 2018 +0000
+++ b/crypto/external/bsd/heimdal/dist/kcm/glue.c	Sat Apr 07 04:11:47 2018 +0000
@@ -1,4 +1,4 @@
-/*	$NetBSD: glue.c,v 1.2 2017/01/28 21:31:44 christos Exp $	*/
+/*	$NetBSD: glue.c,v 1.2.10.1 2018/04/07 04:11:47 pgoyette Exp $	*/
 
 /*
  * Copyright (c) 2005, PADL Software Pty Ltd.
@@ -34,7 +34,7 @@
 
 #include "kcm_locl.h"
 
-__RCSID("$NetBSD: glue.c,v 1.2 2017/01/28 21:31:44 christos Exp $");
+__RCSID("$NetBSD: glue.c,v 1.2.10.1 2018/04/07 04:11:47 pgoyette Exp $");
 
 /*
  * Server-side loopback glue for credentials cache operations; this
@@ -248,33 +248,60 @@
     return 0;
 }
 
+static krb5_error_code
+kcmss_get_kdc_sec_offset(krb5_context context,
+			 krb5_ccache id,
+			 krb5_deltat *t)
+{
+    kcm_ccache c = KCMCACHE(id);
+
+    KCM_ASSERT_VALID(c);
+
+    *t = c->kdc_offset;
+
+    return 0;
+}
+
+static krb5_error_code
+kcmss_set_kdc_sec_offset(krb5_context context,
+			 krb5_ccache id, krb5_deltat t)
+{
+    kcm_ccache c = KCMCACHE(id);
+
+    KCM_ASSERT_VALID(c);
+
+    c->kdc_offset = t;
+
+    return 0;
+}
+
 static const krb5_cc_ops krb5_kcmss_ops = {
-    KRB5_CC_OPS_VERSION,
-    "KCM",
-    kcmss_get_name,
-    kcmss_resolve,
-    kcmss_gen_new,
-    kcmss_initialize,
-    kcmss_destroy,
-    kcmss_close,
-    kcmss_store_cred,
-    kcmss_retrieve,
-    kcmss_get_principal,
-    kcmss_get_first,
-    kcmss_get_next,
-    kcmss_end_get,
-    kcmss_remove_cred,
-    kcmss_set_flags,
-    kcmss_get_version,
-    NULL,
-    NULL,
-    NULL,
-    NULL,
-    NULL,
-    NULL,
-    NULL,
-    NULL,
-    NULL,
+    .version =		KRB5_CC_OPS_VERSION,
+    .prefix =		"KCM",
+    .get_name =		kcmss_get_name,
+    .resolve =		kcmss_resolve,
+    .gen_new =		kcmss_gen_new,
+    .init =		kcmss_initialize,
+    .destroy =		kcmss_destroy,
+    .close =		kcmss_close,
+    .store =		kcmss_store_cred,
+    .retrieve =		kcmss_retrieve,
+    .get_princ =	kcmss_get_principal,
+    .get_first =	kcmss_get_first,
+    .get_next =		kcmss_get_next,
+    .end_get =		kcmss_end_get,
+    .remove_cred =	kcmss_remove_cred,
+    .set_flags =	kcmss_set_flags,
+    .get_version =	kcmss_get_version,
+    .get_cache_first =	NULL,
+    .get_cache_next =	NULL,
+    .end_cache_get =	NULL,
+    .move =		NULL,
+    .get_default_name =	NULL,
+    .set_default =	NULL,
+    .lastchange =	NULL,
+    .set_kdc_offset =	kcmss_set_kdc_sec_offset,
+    .get_kdc_offset =	kcmss_get_kdc_sec_offset,
 };
 
 krb5_error_code
--- a/crypto/external/bsd/netpgp/dist/include/netpgp.h	Tue Apr 03 08:29:44 2018 +0000
+++ b/crypto/external/bsd/netpgp/dist/include/netpgp.h	Sat Apr 07 04:11:47 2018 +0000
@@ -42,7 +42,7 @@
 __BEGIN_DECLS
 
 /* structure used to hold (key,value) pair information */
-typedef struct netpgp_t {
+typedef struct {
 	unsigned	  c;		/* # of elements used */
 	unsigned	  size;		/* size of array */
 	char		**name;		/* key names */
--- a/crypto/external/bsd/netpgp/dist/src/lib/libnetpgp.3	Tue Apr 03 08:29:44 2018 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/lib/libnetpgp.3	Sat Apr 07 04:11:47 2018 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: libnetpgp.3,v 1.16 2014/02/17 07:23:18 agc Exp $
+.\" $NetBSD: libnetpgp.3,v 1.16.24.1 2018/04/07 04:11:47 pgoyette Exp $
 .\"
 .\" Copyright (c) 2009,2010 The NetBSD Foundation, Inc.
 .\" All rights reserved.
@@ -27,7 +27,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd February 16, 2014
+.Dd April 3, 2018
 .Dt LIBNETPGP 3
 .Os
 .Sh NAME
@@ -223,13 +223,13 @@
 .Pp
 To import a key onto the public keyring, the
 .Fn netpgp_import_key
-is used.
+function is used.
 The name of the file containing the key to be imported is provided
 as the filename argument.
 .Pp
 To generate a key, the
 .Fn netpgp_generate_key
-is used.
+function is used.
 It takes an argument of the number of bits to use in the key.
 At the time that this manual page was created (April 2009),
 the recommendations are that the bare minimum key size
--- a/crypto/external/bsd/netpgp/dist/src/libbn/libnetpgpbn.3	Tue Apr 03 08:29:44 2018 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/libbn/libnetpgpbn.3	Sat Apr 07 04:11:47 2018 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: libnetpgpbn.3,v 1.4 2014/02/17 07:23:18 agc Exp $
+.\" $NetBSD: libnetpgpbn.3,v 1.4.24.1 2018/04/07 04:11:47 pgoyette Exp $
 .\"
 .\" Copyright (c) 2010 Alistair Crooks <agc@NetBSD.org>
 .\" All rights reserved.
@@ -23,7 +23,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd February 16, 2014
+.Dd April 3, 2018
 .Dt LIBNETPGPBN 3
 .Os
 .Sh NAME
@@ -257,7 +257,7 @@
 buffer called
 .Va buf
 where
-.Dq USERNAME
+.Dq USER
 is the name of the user taken from the runtime environment.
 The encoded text will be in an allocated buffer called
 .Va s .
--- a/crypto/external/bsd/netpgp/dist/src/libmj/libmj.3	Tue Apr 03 08:29:44 2018 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/libmj/libmj.3	Sat Apr 07 04:11:47 2018 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: libmj.3,v 1.7 2014/02/17 07:23:18 agc Exp $
+.\" $NetBSD: libmj.3,v 1.7.24.1 2018/04/07 04:11:47 pgoyette Exp $
 .\"
 .\" Copyright (c) 2010 Alistair Crooks <agc@NetBSD.org>
 .\" All rights reserved.
@@ -23,7 +23,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd February 16, 2014
+.Dd April 3, 2018
 .Dt LIBMJ 3
 .Os
 .Sh NAME
@@ -227,10 +227,10 @@
 buffer called
 .Va buf
 where
-.Dq USERNAME
+.Dq USER
 is the name of the user taken from the runtime environment.
 The encoded text will be in an allocated buffer called
-.Va s
+.Va s .
 .Bd -literal -offset indent
 mj_t atom;
 char buf[BUFSIZ];
--- a/crypto/external/bsd/netpgp/dist/src/netpgpverify/netpgpverify.1	Tue Apr 03 08:29:44 2018 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/netpgpverify/netpgpverify.1	Sat Apr 07 04:11:47 2018 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: netpgpverify.1,v 1.11 2017/04/17 19:50:28 agc Exp $
+.\" $NetBSD: netpgpverify.1,v 1.11.10.1 2018/04/07 04:11:47 pgoyette Exp $
 .\"
 .\" Copyright (c) 2013,2014,2015 Alistair Crooks <agc@NetBSD.org>
 .\" All rights reserved.
@@ -23,7 +23,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd January 15, 2015
+.Dd April 3, 2018
 .Dt NETPGPVERIFY 1
 .Os
 .Sh NAME
@@ -143,9 +143,16 @@
 .\" .Xr libbz2 3 ,
 .Xr zlib 3
 .Sh STANDARDS
-The
-.Nm
-utility is designed to conform to IETF RFC 4880.
+.Rs
+.%A J. Callas
+.%A L. Donnerhacke
+.%A H. Finney
+.%A D. Shaw
+.%A R. Thayer
+.%D November 2007
+.%R RFC 4880
+.%T OpenPGP Message Format
+.Re
 .Sh HISTORY
 The
 .Nm
--- a/crypto/external/bsd/openssh/Makefile.inc	Tue Apr 03 08:29:44 2018 +0000
+++ b/crypto/external/bsd/openssh/Makefile.inc	Sat Apr 07 04:11:47 2018 +0000
@@ -1,4 +1,4 @@
-#	$NetBSD: Makefile.inc,v 1.13 2018/02/09 01:54:46 christos Exp $
+#	$NetBSD: Makefile.inc,v 1.13.2.1 2018/04/07 04:11:48 pgoyette Exp $
 
 WARNS?=	4
 
@@ -19,7 +19,7 @@
 CPPFLAGS+=-DOPENSSL_API_COMPAT=0x10100000L
 .endif
 
-CPPFLAGS+=-DWITH_OPENSSL -DENABLE_PKCS11 -D_OPENBSD_SOURCE
+CPPFLAGS+=-DWITH_OPENSSL -DENABLE_PKCS11 -D_OPENBSD_SOURCE -DWITH_XMSS
 .if !defined(NOPIC)
 CPPFLAGS+=-DHAVE_DLOPEN
 .endif
--- a/crypto/external/bsd/openssh/bin/ssh/Makefile	Tue Apr 03 08:29:44 2018 +0000
+++ b/crypto/external/bsd/openssh/bin/ssh/Makefile	Sat Apr 07 04:11:47 2018 +0000
@@ -1,4 +1,4 @@
-#	$NetBSD: Makefile,v 1.13 2018/02/25 00:16:48 mrg Exp $
+#	$NetBSD: Makefile,v 1.13.2.1 2018/04/07 04:11:48 pgoyette Exp $
 
 .include <bsd.own.mk>
 
@@ -8,7 +8,7 @@
 SRCS=	ssh.c readconf.c clientloop.c sshtty.c \
 	sshconnect.c sshconnect2.c mux.c auth.c
 
-COPTS.auth.c=	-DHOST_ONLY
+COPTS.auth.c=		-DHOST_ONLY
 COPTS.mux.c=		-Wno-pointer-sign
 COPTS.sshconnect2.c=	-Wno-pointer-sign
 
--- a/crypto/external/bsd/openssh/dist/PROTOCOL	Tue Apr 03 08:29:44 2018 +0000
+++ b/crypto/external/bsd/openssh/dist/PROTOCOL	Sat Apr 07 04:11:47 2018 +0000
@@ -295,10 +295,14 @@
 	string[]	hostkeys
 
 Upon receiving this message, a client should check which of the
-supplied host keys are present in known_hosts. For keys that are
-not present, it should send a "hostkeys-prove@openssh.com" message
-to request the server prove ownership of the private half of the
-key.
+supplied host keys are present in known_hosts.
+
+Note that the server may send key types that the client does not
+support. The client should disgregard such keys if they are received.
+
+If the client identifies any keys that are not present for the host,
+it should send a "hostkeys-prove@openssh.com" message to request the
+server prove ownership of the private half of the key.
 
 	byte		SSH_MSG_GLOBAL_REQUEST
 	string		"hostkeys-prove-00@openssh.com"
@@ -454,5 +458,5 @@
 This extension is advertised in the SSH_FXP_VERSION hello with version
 "1".
 
-$OpenBSD: PROTOCOL,v 1.31 2017/05/26 01:40:07 djm Exp $
-$NetBSD: PROTOCOL,v 1.10 2017/10/07 19:39:19 christos Exp $
+$OpenBSD: PROTOCOL,v 1.32 2018/02/19 00:55:02 djm Exp $
+$NetBSD: PROTOCOL,v 1.10.2.1 2018/04/07 04:11:48 pgoyette Exp $
--- a/crypto/external/bsd/openssh/dist/PROTOCOL.certkeys	Tue Apr 03 08:29:44 2018 +0000
+++ b/crypto/external/bsd/openssh/dist/PROTOCOL.certkeys	Sat Apr 07 04:11:47 2018 +0000
@@ -100,9 +100,9 @@
 
 ECDSA certificate
 
-    string    "ecdsa-sha2-nistp256-v01@openssh.com" |
-              "ecdsa-sha2-nistp384-v01@openssh.com" |
-              "ecdsa-sha2-nistp521-v01@openssh.com"
+    string    "ecdsa-sha2-nistp256-cert-v01@openssh.com" |
+              "ecdsa-sha2-nistp384-cert-v01@openssh.com" |
+              "ecdsa-sha2-nistp521-cert-v01@openssh.com"
     string    nonce
     string    curve
     string    public_key
@@ -291,5 +291,5 @@
                                       of this script will not be permitted if
                                       this option is not present.
 
-$OpenBSD: PROTOCOL.certkeys,v 1.12 2017/05/31 04:29:44 djm Exp $
-$NetBSD: PROTOCOL.certkeys,v 1.8 2017/10/07 19:39:19 christos Exp $
+$OpenBSD: PROTOCOL.certkeys,v 1.13 2017/11/03 02:32:19 djm Exp $
+$NetBSD: PROTOCOL.certkeys,v 1.8.2.1 2018/04/07 04:11:48 pgoyette Exp $
--- a/crypto/external/bsd/openssh/dist/auth-options.c	Tue Apr 03 08:29:44 2018 +0000
+++ b/crypto/external/bsd/openssh/dist/auth-options.c	Sat Apr 07 04:11:47 2018 +0000
@@ -1,19 +1,24 @@
-/*	$NetBSD: auth-options.c,v 1.16 2017/10/07 19:39:19 christos Exp $	*/
-/* $OpenBSD: auth-options.c,v 1.74 2017/09/12 06:32:07 djm Exp $ */
+/*	$NetBSD: auth-options.c,v 1.16.2.1 2018/04/07 04:11:48 pgoyette Exp $	*/
+/* $OpenBSD: auth-options.c,v 1.78 2018/03/14 05:35:40 djm Exp $ */
 
 /*
- * Author: Tatu Ylonen <ylo@cs.hut.fi>
- * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
- *                    All rights reserved
- * As far as I am concerned, the code I have written for this software
- * can be used freely for any purpose.  Any derived versions of this
- * software must be clearly marked as such, and if the derived work is
- * incompatible with the protocol description in the RFC file, it must be
- * called by a name other than "ssh" or "Secure Shell".
+ * Copyright (c) 2018 Damien Miller <djm@mindrot.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: auth-options.c,v 1.16 2017/10/07 19:39:19 christos Exp $");
+__RCSID("$NetBSD: auth-options.c,v 1.16.2.1 2018/04/07 04:11:48 pgoyette Exp $");
 #include <sys/types.h>
 #include <sys/queue.h>
 
@@ -23,83 +28,28 @@
 #include <stdio.h>
 #include <stdarg.h>
 #include <time.h>
+#include <ctype.h>
+#include <limits.h>
 
-#include "key.h"	/* XXX for typedef */
-#include "buffer.h"	/* XXX for typedef */
 #include "xmalloc.h"
-#include "match.h"
 #include "ssherr.h"
 #include "log.h"
-#include "canohost.h"
-#include "packet.h"
 #include "sshbuf.h"
 #include "misc.h"
-#include "channels.h"
-#include "servconf.h"
 #include "sshkey.h"
+#include "match.h"
+#include "ssh2.h"
 #include "auth-options.h"
-#include "hostfile.h"
-#include "auth.h"
-
-/* Flags set authorized_keys flags */
-int no_port_forwarding_flag = 0;
-int no_agent_forwarding_flag = 0;
-int no_x11_forwarding_flag = 0;
-int no_pty_flag = 0;
-int no_user_rc = 0;
-int key_is_cert_authority = 0;
-
-/* "command=" option. */
-char *forced_command = NULL;
-
-/* "environment=" options. */
-struct envstring *custom_environment = NULL;
-
-/* "tunnel=" option. */
-int forced_tun_device = -1;
-
-/* "principals=" option. */
-char *authorized_principals = NULL;
-
-extern ServerOptions options;
-
-/* XXX refactor to be stateless */
-
-void
-auth_clear_options(void)
-{
-	struct ssh *ssh = active_state;		/* XXX */
-
-	no_agent_forwarding_flag = 0;
-	no_port_forwarding_flag = 0;
-	no_pty_flag = 0;
-	no_x11_forwarding_flag = 0;
-	no_user_rc = 0;
-	key_is_cert_authority = 0;
-	while (custom_environment) {
-		struct envstring *ce = custom_environment;
-		custom_environment = ce->next;
-		free(ce->s);
-		free(ce);
-	}
-	free(forced_command);
-	forced_command = NULL;
-	free(authorized_principals);
-	authorized_principals = NULL;
-	forced_tun_device = -1;
-	channel_clear_permitted_opens(ssh);
-}
 
 /*
  * Match flag 'opt' in *optsp, and if allow_negate is set then also match
  * 'no-opt'. Returns -1 if option not matched, 1 if option matches or 0
- * if negated option matches. 
+ * if negated option matches.
  * If the option or negated option matches, then *optsp is updated to
- * point to the first character after the option and, if 'msg' is not NULL
- * then a message based on it added via auth_debug_add().
+ * point to the first character after the option.
  */
 static int
-match_flag(const char *opt, int allow_negate, const char **optsp, const char *msg)
+opt_flag(const char *opt, int allow_negate, const char **optsp)
 {
 	size_t opt_len = strlen(opt);
 	const char *opts = *optsp;
@@ -111,368 +61,92 @@
 	}
 	if (strncasecmp(opts, opt, opt_len) == 0) {
 		*optsp = opts + opt_len;
-		if (msg != NULL) {
-			auth_debug_add("%s %s.", msg,
-			    negate ? "disabled" : "enabled");
-		}
 		return negate ? 0 : 1;
 	}
 	return -1;
 }
 
-/*
- * return 1 if access is granted, 0 if not.
- * side effect: sets key option flags
- * XXX remove side effects; fill structure instead.
- */
-int
-auth_parse_options(struct passwd *pw, const char *opts, const char *file,
-    u_long linenum)
+static char *
+opt_dequote(const char **sp, const char **errstrp)
 {
-	struct ssh *ssh = active_state;		/* XXX */
-	const char *cp;
-	int i, r;
-
-	/* reset options */
-	auth_clear_options();
-
-	if (!opts)
-		return 1;
+	const char *s = *sp;
+	char *ret;
+	size_t i;
 
-	while (*opts && *opts != ' ' && *opts != '\t') {
-		if ((r = match_flag("cert-authority", 0, &opts, NULL)) != -1) {
-			key_is_cert_authority = r;
-			goto next_option;
-		}
-		if ((r = match_flag("restrict", 0, &opts, NULL)) != -1) {
-			auth_debug_add("Key is restricted.");
-			no_port_forwarding_flag = 1;
-			no_agent_forwarding_flag = 1;
-			no_x11_forwarding_flag = 1;
-			no_pty_flag = 1;
-			no_user_rc = 1;
-			goto next_option;
-		}
-		if ((r = match_flag("port-forwarding", 1, &opts,
-		    "Port forwarding")) != -1) {
-			no_port_forwarding_flag = r != 1;
-			goto next_option;
-		}
-		if ((r = match_flag("agent-forwarding", 1, &opts,
-		    "Agent forwarding")) != -1) {
-			no_agent_forwarding_flag = r != 1;
-			goto next_option;
-		}
-		if ((r = match_flag("x11-forwarding", 1, &opts,
-		    "X11 forwarding")) != -1) {
-			no_x11_forwarding_flag = r != 1;
-			goto next_option;
-		}
-		if ((r = match_flag("pty", 1, &opts,
-		    "PTY allocation")) != -1) {
-			no_pty_flag = r != 1;
-			goto next_option;
-		}
-		if ((r = match_flag("user-rc", 1, &opts,
-		    "User rc execution")) != -1) {
-			no_user_rc = r != 1;
-			goto next_option;
-		}
-		cp = "command=\"";
-		if (strncasecmp(opts, cp, strlen(cp)) == 0) {
-			opts += strlen(cp);
-			free(forced_command);
-			forced_command = xmalloc(strlen(opts) + 1);
-			i = 0;
-			while (*opts) {
-				if (*opts == '"')
-					break;
-				if (*opts == '\\' && opts[1] == '"') {
-					opts += 2;
-					forced_command[i++] = '"';
-					continue;
-				}
-				forced_command[i++] = *opts++;
-			}
-			if (!*opts) {
-				debug("%.100s, line %lu: missing end quote",
-				    file, linenum);
-				auth_debug_add("%.100s, line %lu: missing end quote",
-				    file, linenum);
-				free(forced_command);
-				forced_command = NULL;
-				goto bad_option;
-			}
-			forced_command[i] = '\0';
-			auth_debug_add("Forced command.");
-			opts++;
-			goto next_option;
-		}
-		cp = "principals=\"";
-		if (strncasecmp(opts, cp, strlen(cp)) == 0) {
-			opts += strlen(cp);
-			free(authorized_principals);
-			authorized_principals = xmalloc(strlen(opts) + 1);
-			i = 0;
-			while (*opts) {
-				if (*opts == '"')
-					break;
-				if (*opts == '\\' && opts[1] == '"') {
-					opts += 2;
-					authorized_principals[i++] = '"';
-					continue;
-				}
-				authorized_principals[i++] = *opts++;
-			}
-			if (!*opts) {
-				debug("%.100s, line %lu: missing end quote",
-				    file, linenum);
-				auth_debug_add("%.100s, line %lu: missing end quote",
-				    file, linenum);
-				free(authorized_principals);
-				authorized_principals = NULL;
-				goto bad_option;
-			}
-			authorized_principals[i] = '\0';
-			auth_debug_add("principals: %.900s",
-			    authorized_principals);
-			opts++;
-			goto next_option;
-		}
-		cp = "environment=\"";
-		if (strncasecmp(opts, cp, strlen(cp)) == 0) {
-			char *s;
-			struct envstring *new_envstring;
+	*errstrp = NULL;
+	if (*s != '"') {
+		*errstrp = "missing start quote";
+		return NULL;
+	}
+	s++;
+	if ((ret = malloc(strlen((s)) + 1)) == NULL) {
+		*errstrp = "memory allocation failed";
+		return NULL;
+	}
+	for (i = 0; *s != '\0' && *s != '"';) {
+		if (s[0] == '\\' && s[1] == '"')
+			s++;
+		ret[i++] = *s++;
+	}
+	if (*s == '\0') {
+		*errstrp = "missing end quote";
+		free(ret);
+		return NULL;
+	}
+	ret[i] = '\0';
+	s++;
+	*sp = s;
+	return ret;
+}
 
-			opts += strlen(cp);
-			s = xmalloc(strlen(opts) + 1);
-			i = 0;
-			while (*opts) {
-				if (*opts == '"')
-					break;
-				if (*opts == '\\' && opts[1] == '"') {
-					opts += 2;
-					s[i++] = '"';
-					continue;
-				}
-				s[i++] = *opts++;
-			}
-			if (!*opts) {
-				debug("%.100s, line %lu: missing end quote",
-				    file, linenum);
-				auth_debug_add("%.100s, line %lu: missing end quote",
-				    file, linenum);
-				free(s);
-				goto bad_option;
-			}
-			s[i] = '\0';
-			opts++;
-			if (options.permit_user_env) {
-				auth_debug_add("Adding to environment: "
-				    "%.900s", s);
-				debug("Adding to environment: %.900s", s);
-				new_envstring = xcalloc(1,
-				    sizeof(*new_envstring));
-				new_envstring->s = s;
-				new_envstring->next = custom_environment;
-				custom_environment = new_envstring;
-				s = NULL;
-			}
-			free(s);
-			goto next_option;
+static int
+opt_match(const char **opts, const char *term)
+{
+	if (strncasecmp((*opts), term, strlen(term)) == 0 &&
+	    (*opts)[strlen(term)] == '=') {
+		*opts += strlen(term) + 1;
+		return 1;
+	}
+	return 0;
+}
+
+static int
+dup_strings(char ***dstp, size_t *ndstp, char **src, size_t nsrc)
+{
+	char **dst;
+	size_t i, j;
+
+	*dstp = NULL;
+	*ndstp = 0;
+	if (nsrc == 0)
+		return 0;
+
+	if ((dst = calloc(nsrc, sizeof(*src))) == NULL)
+		return -1;
+	for (i = 0; i < nsrc; i++) {
+		if ((dst[i] = strdup(src[i])) == NULL) {
+			for (j = 0; j < i; j++)
+				free(dst[j]);
+			free(dst);
+			return -1;
 		}
-		cp = "from=\"";
-		if (strncasecmp(opts, cp, strlen(cp)) == 0) {
-			const char *remote_ip = ssh_remote_ipaddr(ssh);
-			const char *remote_host = auth_get_canonical_hostname(
-			    ssh, options.use_dns);
-			char *patterns = xmalloc(strlen(opts) + 1);
-
-			opts += strlen(cp);
-			i = 0;
-			while (*opts) {
-				if (*opts == '"')
-					break;
-				if (*opts == '\\' && opts[1] == '"') {
-					opts += 2;
-					patterns[i++] = '"';
-					continue;
-				}
-				patterns[i++] = *opts++;
-			}
-			if (!*opts) {
-				debug("%.100s, line %lu: missing end quote",
-				    file, linenum);
-				auth_debug_add("%.100s, line %lu: missing end quote",
-				    file, linenum);
-				free(patterns);
-				goto bad_option;
-			}
-			patterns[i] = '\0';
-			opts++;
-			switch (match_host_and_ip(remote_host, remote_ip,
-			    patterns)) {
-			case 1:
-				free(patterns);
-				/* Host name matches. */
-				goto next_option;
-			case -1:
-				debug("%.100s, line %lu: invalid criteria",
-				    file, linenum);
-				auth_debug_add("%.100s, line %lu: "
-				    "invalid criteria", file, linenum);
-				/* FALLTHROUGH */
-			case 0:
-				free(patterns);
-				logit("Authentication tried for %.100s with "
-				    "correct key but not from a permitted "
-				    "host (host=%.200s, ip=%.200s).",
-				    pw->pw_name, remote_host, remote_ip);
-				auth_debug_add("Your host '%.200s' is not "
-				    "permitted to use this key for login.",
-				    remote_host);
-				break;
-			}
-			/* deny access */
-			return 0;
-		}
-		cp = "permitopen=\"";
-		if (strncasecmp(opts, cp, strlen(cp)) == 0) {
-			char *host, *p;
-			int port;
-			char *patterns = xmalloc(strlen(opts) + 1);
-
-			opts += strlen(cp);
-			i = 0;
-			while (*opts) {
-				if (*opts == '"')
-					break;
-				if (*opts == '\\' && opts[1] == '"') {
-					opts += 2;
-					patterns[i++] = '"';
-					continue;
-				}
-				patterns[i++] = *opts++;
-			}
-			if (!*opts) {
-				debug("%.100s, line %lu: missing end quote",
-				    file, linenum);
-				auth_debug_add("%.100s, line %lu: missing "
-				    "end quote", file, linenum);
-				free(patterns);
-				goto bad_option;
-			}
-			patterns[i] = '\0';
-			opts++;
-			p = patterns;
-			/* XXX - add streamlocal support */
-			host = hpdelim(&p);
-			if (host == NULL || strlen(host) >= NI_MAXHOST) {
-				debug("%.100s, line %lu: Bad permitopen "
-				    "specification <%.100s>", file, linenum,
-				    patterns);
-				auth_debug_add("%.100s, line %lu: "
-				    "Bad permitopen specification", file,
-				    linenum);
-				free(patterns);
-				goto bad_option;
-			}
-			host = cleanhostname(host);
-			if (p == NULL || (port = permitopen_port(p)) < 0) {
-				debug("%.100s, line %lu: Bad permitopen port "
-				    "<%.100s>", file, linenum, p ? p : "");
-				auth_debug_add("%.100s, line %lu: "
-				    "Bad permitopen port", file, linenum);
-				free(patterns);
-				goto bad_option;
-			}
-			if ((options.allow_tcp_forwarding & FORWARD_LOCAL) != 0)
-				channel_add_permitted_opens(ssh, host, port);
-			free(patterns);
-			goto next_option;
-		}
-		cp = "tunnel=\"";
-		if (strncasecmp(opts, cp, strlen(cp)) == 0) {
-			char *tun = NULL;
-			opts += strlen(cp);
-			tun = xmalloc(strlen(opts) + 1);
-			i = 0;
-			while (*opts) {
-				if (*opts == '"')
-					break;
-				tun[i++] = *opts++;
-			}
-			if (!*opts) {
-				debug("%.100s, line %lu: missing end quote",
-				    file, linenum);
-				auth_debug_add("%.100s, line %lu: missing end quote",
-				    file, linenum);
-				free(tun);
-				forced_tun_device = -1;
-				goto bad_option;
-			}
-			tun[i] = '\0';
-			forced_tun_device = a2tun(tun, NULL);
-			free(tun);
-			if (forced_tun_device == SSH_TUNID_ERR) {
-				debug("%.100s, line %lu: invalid tun device",
-				    file, linenum);
-				auth_debug_add("%.100s, line %lu: invalid tun device",
-				    file, linenum);
-				forced_tun_device = -1;
-				goto bad_option;
-			}
-			auth_debug_add("Forced tun device: %d", forced_tun_device);
-			opts++;
-			goto next_option;
-		}
-next_option:
-		/*
-		 * Skip the comma, and move to the next option
-		 * (or break out if there are no more).
-		 */
-		if (!*opts)
-			fatal("Bugs in auth-options.c option processing.");
-		if (*opts == ' ' || *opts == '\t')
-			break;		/* End of options. */
-		if (*opts != ',')
-			goto bad_option;
-		opts++;
-		/* Process the next option. */
 	}
-
-	/* grant access */
-	return 1;
-
-bad_option:
-	logit("Bad options in %.100s file, line %lu: %.50s",
-	    file, linenum, opts);
-	auth_debug_add("Bad options in %.100s file, line %lu: %.50s",
-	    file, linenum, opts);
-
-	/* deny access */
+	/* success */
+	*dstp = dst;
+	*ndstp = nsrc;
 	return 0;
 }
 
 #define OPTIONS_CRITICAL	1
 #define OPTIONS_EXTENSIONS	2
 static int
-parse_option_list(struct sshbuf *oblob, struct passwd *pw,
-    u_int which, int crit,
-    int *cert_no_port_forwarding_flag,
-    int *cert_no_agent_forwarding_flag,
-    int *cert_no_x11_forwarding_flag,
-    int *cert_no_pty_flag,
-    int *cert_no_user_rc,
-    char **cert_forced_command,
-    int *cert_source_address_done)
+cert_option_list(struct sshauthopt *opts, struct sshbuf *oblob,
+    u_int which, int crit)
 {
-	struct ssh *ssh = active_state;		/* XXX */
 	char *command, *allowed;
-	const char *remote_ip;
 	char *name = NULL;
 	struct sshbuf *c = NULL, *data = NULL;
-	int r, ret = -1, result, found;
+	int r, ret = -1, found;
 
 	if ((c = sshbuf_fromb(oblob)) == NULL) {
 		error("%s: sshbuf_fromb failed", __func__);
@@ -493,21 +167,21 @@
 		found = 0;
 		if ((which & OPTIONS_EXTENSIONS) != 0) {
 			if (strcmp(name, "permit-X11-forwarding") == 0) {
-				*cert_no_x11_forwarding_flag = 0;
+				opts->permit_x11_forwarding_flag = 1;
 				found = 1;
 			} else if (strcmp(name,
 			    "permit-agent-forwarding") == 0) {
-				*cert_no_agent_forwarding_flag = 0;
+				opts->permit_agent_forwarding_flag = 1;
 				found = 1;
 			} else if (strcmp(name,
 			    "permit-port-forwarding") == 0) {
-				*cert_no_port_forwarding_flag = 0;
+				opts->permit_port_forwarding_flag = 1;
 				found = 1;
 			} else if (strcmp(name, "permit-pty") == 0) {
-				*cert_no_pty_flag = 0;
+				opts->permit_pty_flag = 1;
 				found = 1;
 			} else if (strcmp(name, "permit-user-rc") == 0) {
-				*cert_no_user_rc = 0;
+				opts->permit_user_rc = 1;
 				found = 1;
 			}
 		}
@@ -519,13 +193,13 @@
 					    "section: %s", name, ssh_err(r));
 					goto out;
 				}
-				if (*cert_forced_command != NULL) {
+				if (opts->force_command != NULL) {
 					error("Certificate has multiple "
 					    "force-command options");
 					free(command);
 					goto out;
 				}
-				*cert_forced_command = command;
+				opts->force_command = command;
 				found = 1;
 			}
 			if (strcmp(name, "source-address") == 0) {
@@ -535,38 +209,19 @@
 					    "section: %s", name, ssh_err(r));
 					goto out;
 				}
-				if ((*cert_source_address_done)++) {
+				if (opts->required_from_host_cert != NULL) {
 					error("Certificate has multiple "
 					    "source-address options");
 					free(allowed);
 					goto out;
 				}
-				remote_ip = ssh_remote_ipaddr(ssh);
-				result = addr_match_cidr_list(remote_ip,
-				    allowed);
-				free(allowed);
-				switch (result) {
-				case 1:
-					/* accepted */
-					break;
-				case 0:
-					/* no match */
-					logit("Authentication tried for %.100s "
-					    "with valid certificate but not "
-					    "from a permitted host "
-					    "(ip=%.200s).", pw->pw_name,
-					    remote_ip);
-					auth_debug_add("Your address '%.200s' "
-					    "is not permitted to use this "
-					    "certificate for login.",
-					    remote_ip);
-					goto out;
-				case -1:
-				default:
+				/* Check syntax */
+				if (addr_match_cidr_list(NULL, allowed) == -1) {
 					error("Certificate source-address "
 					    "contents invalid");
 					goto out;
 				}
+				opts->required_from_host_cert = allowed;
 				found = 1;
 			}
 		}
@@ -592,74 +247,628 @@
 	ret = 0;
 
  out:
-	if (ret != 0 &&
-	    cert_forced_command != NULL &&
-	    *cert_forced_command != NULL) {
-		free(*cert_forced_command);
-		*cert_forced_command = NULL;
-	}
 	free(name);
 	sshbuf_free(data);
 	sshbuf_free(c);
 	return ret;
 }
 
-/*
- * Set options from critical certificate options. These supersede user key
- * options so this must be called after auth_parse_options().
- */
-int
-auth_cert_options(struct sshkey *k, struct passwd *pw, const char **reason)
+struct sshauthopt *
+sshauthopt_new(void)
+{
+	struct sshauthopt *ret;
+
+	if ((ret = calloc(1, sizeof(*ret))) == NULL)
+		return NULL;
+	ret->force_tun_device = -1;
+	return ret;
+}
+
+void
+sshauthopt_free(struct sshauthopt *opts)
 {
-	int cert_no_port_forwarding_flag = 1;
-	int cert_no_agent_forwarding_flag = 1;
-	int cert_no_x11_forwarding_flag = 1;
-	int cert_no_pty_flag = 1;
-	int cert_no_user_rc = 1;
-	char *cert_forced_command = NULL;
-	int cert_source_address_done = 0;
+	size_t i;
+
+	if (opts == NULL)
+		return;
+
+	free(opts->cert_principals);
+	free(opts->force_command);
+	free(opts->required_from_host_cert);
+	free(opts->required_from_host_keys);
+
+	for (i = 0; i < opts->nenv; i++)
+		free(opts->env[i]);
+	free(opts->env);
+
+	for (i = 0; i < opts->npermitopen; i++)
+		free(opts->permitopen[i]);
+	free(opts->permitopen);
+
+	explicit_bzero(opts, sizeof(*opts));
+	free(opts);
+}
+
+struct sshauthopt *
+sshauthopt_new_with_keys_defaults(void)
+{
+	struct sshauthopt *ret = NULL;
 
-	*reason = "invalid certificate options";
+	if ((ret = sshauthopt_new()) == NULL)
+		return NULL;
+
+	/* Defaults for authorized_keys flags */
+	ret->permit_port_forwarding_flag = 1;
+	ret->permit_agent_forwarding_flag = 1;
+	ret->permit_x11_forwarding_flag = 1;
+	ret->permit_pty_flag = 1;
+	ret->permit_user_rc = 1;
+	return ret;
+}
+
+struct sshauthopt *
+sshauthopt_parse(const char *opts, const char **errstrp)
+{
+	char **oarray, *opt, *cp, *tmp, *host;
+	int r;
+	struct sshauthopt *ret = NULL;
+	const char *errstr = "unknown error";
+	uint64_t valid_before;
+
+	if (errstrp != NULL)
+		*errstrp = NULL;
+	if ((ret = sshauthopt_new_with_keys_defaults()) == NULL)
+		goto alloc_fail;
+
+	if (opts == NULL)
+		return ret;
 
-	/* Separate options and extensions for v01 certs */
-	if (parse_option_list(k->cert->critical, pw,
-	    OPTIONS_CRITICAL, 1, NULL, NULL, NULL, NULL, NULL,
-	    &cert_forced_command,
-	    &cert_source_address_done) == -1)
-		return -1;
-	if (parse_option_list(k->cert->extensions, pw,
-	    OPTIONS_EXTENSIONS, 0,
-	    &cert_no_port_forwarding_flag,
-	    &cert_no_agent_forwarding_flag,
-	    &cert_no_x11_forwarding_flag,
-	    &cert_no_pty_flag,
-	    &cert_no_user_rc,
-	    NULL, NULL) == -1)
-		return -1;
+	while (*opts && *opts != ' ' && *opts != '\t') {
+		/* flag options */
+		if ((r = opt_flag("restrict", 0, &opts)) != -1) {
+			ret->restricted = 1;
+			ret->permit_port_forwarding_flag = 0;
+			ret->permit_agent_forwarding_flag = 0;
+			ret->permit_x11_forwarding_flag = 0;
+			ret->permit_pty_flag = 0;
+			ret->permit_user_rc = 0;
+		} else if ((r = opt_flag("cert-authority", 0, &opts)) != -1) {
+			ret->cert_authority = r;
+		} else if ((r = opt_flag("port-forwarding", 1, &opts)) != -1) {
+			ret->permit_port_forwarding_flag = r == 1;
+		} else if ((r = opt_flag("agent-forwarding", 1, &opts)) != -1) {
+			ret->permit_agent_forwarding_flag = r == 1;
+		} else if ((r = opt_flag("x11-forwarding", 1, &opts)) != -1) {
+			ret->permit_x11_forwarding_flag = r == 1;
+		} else if ((r = opt_flag("pty", 1, &opts)) != -1) {
+			ret->permit_pty_flag = r == 1;
+		} else if ((r = opt_flag("user-rc", 1, &opts)) != -1) {
+			ret->permit_user_rc = r == 1;
+		} else if (opt_match(&opts, "command")) {
+			if (ret->force_command != NULL) {
+				errstr = "multiple \"command\" clauses";
+				goto fail;
+			}
+			ret->force_command = opt_dequote(&opts, &errstr);
+			if (ret->force_command == NULL)
+				goto fail;
+		} else if (opt_match(&opts, "principals")) {
+			if (ret->cert_principals != NULL) {
+				errstr = "multiple \"principals\" clauses";
+				goto fail;
+			}
+			ret->cert_principals = opt_dequote(&opts, &errstr);
+			if (ret->cert_principals == NULL)
+				goto fail;
+		} else if (opt_match(&opts, "from")) {
+			if (ret->required_from_host_keys != NULL) {
+				errstr = "multiple \"from\" clauses";
+				goto fail;
+			}
+			ret->required_from_host_keys = opt_dequote(&opts,
+			    &errstr);
+			if (ret->required_from_host_keys == NULL)
+				goto fail;
+		} else if (opt_match(&opts, "expiry-time")) {
+			if ((opt = opt_dequote(&opts, &errstr)) == NULL)
+				goto fail;
+			if (parse_absolute_time(opt, &valid_before) != 0 ||
+			    valid_before == 0) {
+				free(opt);
+				errstr = "invalid expires time";
+				goto fail;
+			}
+			free(opt);
+			if (ret->valid_before == 0 ||
+			    valid_before < ret->valid_before)
+				ret->valid_before = valid_before;
+		} else if (opt_match(&opts, "environment")) {
+			if (ret->nenv > INT_MAX) {
+				errstr = "too many environment strings";
+				goto fail;
+			}
+			if ((opt = opt_dequote(&opts, &errstr)) == NULL)
+				goto fail;
+			/* env name must be alphanumeric and followed by '=' */
+			if ((tmp = strchr(opt, '=')) == NULL) {
+				free(opt);
+				errstr = "invalid environment string";
+				goto fail;
+			}
+			for (cp = opt; cp < tmp; cp++) {
+				if (!isalnum((u_char)*cp)) {
+					free(opt);
+					errstr = "invalid environment string";
+					goto fail;
+				}
+			}
+			/* Append it. */
+			oarray = ret->env;
+			if ((ret->env = recallocarray(ret->env, ret->nenv,
+			    ret->nenv + 1, sizeof(*ret->env))) == NULL) {
+				free(opt);
+				ret->env = oarray; /* put it back for cleanup */
+				goto alloc_fail;
+			}
+			ret->env[ret->nenv++] = opt;
+		} else if (opt_match(&opts, "permitopen")) {
+			if (ret->npermitopen > INT_MAX) {
+				errstr = "too many permitopens";
+				goto fail;
+			}
+			if ((opt = opt_dequote(&opts, &errstr)) == NULL)
+				goto fail;
+			if ((tmp = strdup(opt)) == NULL) {
+				free(opt);
+				goto alloc_fail;
+			}
+			cp = tmp;
+			/* validate syntax of permitopen before recording it. */
+			host = hpdelim(&cp);
+			if (host == NULL || strlen(host) >= NI_MAXHOST) {
+				free(tmp);
+				free(opt);
+				errstr = "invalid permitopen hostname";
+				goto fail;
+			}
+			/*
+			 * don't want to use permitopen_port to avoid
+			 * dependency on channels.[ch] here.
+			 */
+			if (cp == NULL ||
+			    (strcmp(cp, "*") != 0 && a2port(cp) <= 0)) {
+				free(tmp);
+				free(opt);
+				errstr = "invalid permitopen port";
+				goto fail;
+			}
+			/* XXX - add streamlocal support */
+			free(tmp);
+			/* Record it */
+			oarray = ret->permitopen;
+			if ((ret->permitopen = recallocarray(ret->permitopen,
+			    ret->npermitopen, ret->npermitopen + 1,
+			    sizeof(*ret->permitopen))) == NULL) {
+				free(opt);
+				ret->permitopen = oarray;
+				goto alloc_fail;
+			}
+			ret->permitopen[ret->npermitopen++] = opt;
+		} else if (opt_match(&opts, "tunnel")) {
+			if ((opt = opt_dequote(&opts, &errstr)) == NULL)
+				goto fail;
+			ret->force_tun_device = a2tun(opt, NULL);
+			free(opt);
+			if (ret->force_tun_device == SSH_TUNID_ERR) {
+				errstr = "invalid tun device";
+				goto fail;
+			}
+		}
+		/*
+		 * Skip the comma, and move to the next option
+		 * (or break out if there are no more).
+		 */
+		if (*opts == '\0' || *opts == ' ' || *opts == '\t')
+			break;		/* End of options. */
+		/* Anything other than a comma is an unknown option */
+		if (*opts != ',') {
+			errstr = "unknown key option";
+			goto fail;
+		}
+		opts++;
+		if (*opts == '\0') {
+			errstr = "unexpected end-of-options";
+			goto fail;
+		}
+	}
+
+	/* success */
+	if (errstrp != NULL)
+		*errstrp = NULL;
+	return ret;
+
+alloc_fail:
+	errstr = "memory allocation failed";
+fail:
+	sshauthopt_free(ret);
+	if (errstrp != NULL)
+		*errstrp = errstr;
+	return NULL;
+}
+
+struct sshauthopt *
+sshauthopt_from_cert(struct sshkey *k)
+{
+	struct sshauthopt *ret;
+
+	if (k == NULL || !sshkey_type_is_cert(k->type) || k->cert == NULL ||
+	    k->cert->type != SSH2_CERT_TYPE_USER)
+		return NULL;
+
+	if ((ret = sshauthopt_new()) == NULL)
+		return NULL;
 
-	no_port_forwarding_flag |= cert_no_port_forwarding_flag;
-	no_agent_forwarding_flag |= cert_no_agent_forwarding_flag;
-	no_x11_forwarding_flag |= cert_no_x11_forwarding_flag;
-	no_pty_flag |= cert_no_pty_flag;
-	no_user_rc |= cert_no_user_rc;
+	/* Handle options and critical extensions separately */
+	if (cert_option_list(ret, k->cert->critical,
+	    OPTIONS_CRITICAL, 1) == -1) {
+		sshauthopt_free(ret);
+		return NULL;
+	}
+	if (cert_option_list(ret, k->cert->extensions,
+	    OPTIONS_EXTENSIONS, 0) == -1) {
+		sshauthopt_free(ret);
+		return NULL;
+	}
+	/* success */
+	return ret;
+}
+
+/*
+ * Merges "additional" options to "primary" and returns the result.
+ * NB. Some options from primary have primacy.
+ */
+struct sshauthopt *
+sshauthopt_merge(const struct sshauthopt *primary,
+    const struct sshauthopt *additional, const char **errstrp)
+{
+	struct sshauthopt *ret;
+	const char *errstr = "internal error";
+	const char *tmp;
+
+	if (errstrp != NULL)
+		*errstrp = NULL;
+
+	if ((ret = sshauthopt_new()) == NULL)
+		goto alloc_fail;
+
+	/* cert_authority and cert_principals are cleared in result */
+
+	/* Prefer access lists from primary. */
+	/* XXX err is both set and mismatch? */
+	tmp = primary->required_from_host_cert;
+	if (tmp == NULL)
+		tmp = additional->required_from_host_cert;
+	if (tmp != NULL && (ret->required_from_host_cert = strdup(tmp)) == NULL)
+		goto alloc_fail;
+	tmp = primary->required_from_host_keys;
+	if (tmp == NULL)
+		tmp = additional->required_from_host_keys;
+	if (tmp != NULL && (ret->required_from_host_keys = strdup(tmp)) == NULL)
+		goto alloc_fail;
+
+	/* force_tun_device, permitopen and environment prefer the primary. */
+	ret->force_tun_device = primary->force_tun_device;
+	if (ret->force_tun_device == -1)
+		ret->force_tun_device = additional->force_tun_device;
+	if (primary->nenv > 0) {
+		if (dup_strings(&ret->env, &ret->nenv,
+		    primary->env, primary->nenv) != 0)
+			goto alloc_fail;
+	} else if (additional->nenv) {
+		if (dup_strings(&ret->env, &ret->nenv,
+		    additional->env, additional->nenv) != 0)
+			goto alloc_fail;
+	}
+	if (primary->npermitopen > 0) {
+		if (dup_strings(&ret->permitopen, &ret->npermitopen,
+		    primary->permitopen, primary->npermitopen) != 0)
+			goto alloc_fail;
+	} else if (additional->npermitopen > 0) {
+		if (dup_strings(&ret->permitopen, &ret->npermitopen,
+		    additional->permitopen, additional->npermitopen) != 0)
+			goto alloc_fail;
+	}
+
+	/* Flags are logical-AND (i.e. must be set in both for permission) */
+#define OPTFLAG(x) ret->x = (primary->x == 1) && (additional->x == 1)
+	OPTFLAG(permit_port_forwarding_flag);
+	OPTFLAG(permit_agent_forwarding_flag);
+	OPTFLAG(permit_x11_forwarding_flag);
+	OPTFLAG(permit_pty_flag);
+	OPTFLAG(permit_user_rc);
+#undef OPTFLAG
+
+	/* Earliest expiry time should win */
+	if (primary->valid_before != 0)
+		ret->valid_before = primary->valid_before;
+	if (additional->valid_before != 0 &&
+	    additional->valid_before < ret->valid_before)
+		ret->valid_before = additional->valid_before;
+
 	/*
-	 * Only permit both CA and key option forced-command if they match.
-	 * Otherwise refuse the certificate.
+	 * When both multiple forced-command are specified, only
+	 * proceed if they are identical, otherwise fail.
 	 */
-	if (cert_forced_command != NULL && forced_command != NULL) {
-		if (strcmp(forced_command, cert_forced_command) == 0) {
-			free(forced_command);
-			forced_command = cert_forced_command;
+	if (primary->force_command != NULL &&
+	    additional->force_command != NULL) {
+		if (strcmp(primary->force_command,
+		    additional->force_command) == 0) {
+			/* ok */
+			ret->force_command = strdup(primary->force_command);
+			if (ret->force_command == NULL)
+				goto alloc_fail;
 		} else {
-			*reason = "certificate and key options forced command "
-			    "do not match";
-			free(cert_forced_command);
-			return -1;
+			errstr = "forced command options do not match";
+			goto fail;
 		}
-	} else if (cert_forced_command != NULL)
-		forced_command = cert_forced_command;
+	} else if (primary->force_command != NULL) {
+		if ((ret->force_command = strdup(
+		    primary->force_command)) == NULL)
+			goto alloc_fail;
+	} else if (additional->force_command != NULL) {
+		if ((ret->force_command = strdup(
+		    additional->force_command)) == NULL)
+			goto alloc_fail;
+	}
 	/* success */
-	*reason = NULL;
+	if (errstrp != NULL)
+		*errstrp = NULL;
+	return ret;
+
+ alloc_fail:
+	errstr = "memory allocation failed";
+ fail:
+	if (errstrp != NULL)
+		*errstrp = errstr;
+	sshauthopt_free(ret);
+	return NULL;
+}
+
+/*
+ * Copy options
+ */
+struct sshauthopt *
+sshauthopt_copy(const struct sshauthopt *orig)
+{
+	struct sshauthopt *ret;
+
+	if ((ret = sshauthopt_new()) == NULL)
+		return NULL;
+
+#define OPTSCALAR(x) ret->x = orig->x
+	OPTSCALAR(permit_port_forwarding_flag);
+	OPTSCALAR(permit_agent_forwarding_flag);
+	OPTSCALAR(permit_x11_forwarding_flag);
+	OPTSCALAR(permit_pty_flag);
+	OPTSCALAR(permit_user_rc);
+	OPTSCALAR(restricted);
+	OPTSCALAR(cert_authority);
+	OPTSCALAR(force_tun_device);
+	OPTSCALAR(valid_before);
+#undef OPTSCALAR
+#define OPTSTRING(x) \
+	do { \
+		if (orig->x != NULL && (ret->x = strdup(orig->x)) == NULL) { \
+			sshauthopt_free(ret); \
+			return NULL; \
+		} \
+	} while (0)
+	OPTSTRING(cert_principals);
+	OPTSTRING(force_command);
+	OPTSTRING(required_from_host_cert);
+	OPTSTRING(required_from_host_keys);
+#undef OPTSTRING
+
+	if (dup_strings(&ret->env, &ret->nenv, orig->env, orig->nenv) != 0 ||
+	    dup_strings(&ret->permitopen, &ret->npermitopen,
+	    orig->permitopen, orig->npermitopen) != 0) {
+		sshauthopt_free(ret);
+		return NULL;
+	}
+	return ret;
+}
+
+static int
+serialise_array(struct sshbuf *m, char **a, size_t n)
+{
+	struct sshbuf *b;
+	size_t i;
+	int r;
+
+	if (n > INT_MAX)
+		return SSH_ERR_INTERNAL_ERROR;
+
+	if ((b = sshbuf_new()) == NULL) {
+		return SSH_ERR_ALLOC_FAIL;
+	}
+	for (i = 0; i < n; i++) {
+		if ((r = sshbuf_put_cstring(b, a[i])) != 0) {
+			sshbuf_free(b);
+			return r;
+		}
+	}
+	if ((r = sshbuf_put_u32(m, n)) != 0 ||
+	    (r = sshbuf_put_stringb(m, b)) != 0) {
+		sshbuf_free(b);
+		return r;
+	}
+	/* success */
 	return 0;
 }
 
+static int
+deserialise_array(struct sshbuf *m, char ***ap, size_t *np)
+{
+	char **a = NULL;
+	size_t i, n = 0;
+	struct sshbuf *b = NULL;
+	u_int tmp;
+	int r = SSH_ERR_INTERNAL_ERROR;
+
+	if ((r = sshbuf_get_u32(m, &tmp)) != 0 ||
+	    (r = sshbuf_froms(m, &b)) != 0)
+		goto out;
+	if (tmp > INT_MAX) {
+		r = SSH_ERR_INVALID_FORMAT;
+		goto out;
+	}
+	n = tmp;
+	if (n > 0 && (a = calloc(n, sizeof(*a))) == NULL) {
+		r = SSH_ERR_ALLOC_FAIL;
+		goto out;
+	}
+	for (i = 0; i < n; i++) {
+		if ((r = sshbuf_get_cstring(b, &a[i], NULL)) != 0)
+			goto out;
+	}
+	/* success */
+	r = 0;
+	*ap = a;
+	a = NULL;
+	*np = n;
+	n = 0;
+ out:
+	for (i = 0; i < n; i++)
+		free(a[i]);
+	free(a);
+	sshbuf_free(b);
+	return r;
+}
+
+static int
+serialise_nullable_string(struct sshbuf *m, const char *s)
+{
+	int r;
+
+	if ((r = sshbuf_put_u8(m, s == NULL)) != 0 ||
+	    (r = sshbuf_put_cstring(m, s)) != 0)
+		return r;
+	return 0;
+}
+
+static int
+deserialise_nullable_string(struct sshbuf *m, char **sp)
+{
+	int r;
+	u_char flag;
+
+	*sp = NULL;
+	if ((r = sshbuf_get_u8(m, &flag)) != 0 ||
+	    (r = sshbuf_get_cstring(m, flag ? NULL : sp, NULL)) != 0)
+		return r;
+	return 0;
+}
+
+int
+sshauthopt_serialise(const struct sshauthopt *opts, struct sshbuf *m,
+    int untrusted)
+{
+	int r = SSH_ERR_INTERNAL_ERROR;
+
+	/* Flag and simple integer options */
+	if ((r = sshbuf_put_u8(m, opts->permit_port_forwarding_flag)) != 0 ||
+	    (r = sshbuf_put_u8(m, opts->permit_agent_forwarding_flag)) != 0 ||
+	    (r = sshbuf_put_u8(m, opts->permit_x11_forwarding_flag)) != 0 ||
+	    (r = sshbuf_put_u8(m, opts->permit_pty_flag)) != 0 ||
+	    (r = sshbuf_put_u8(m, opts->permit_user_rc)) != 0 ||
+	    (r = sshbuf_put_u8(m, opts->restricted)) != 0 ||
+	    (r = sshbuf_put_u8(m, opts->cert_authority)) != 0 ||
+	    (r = sshbuf_put_u64(m, opts->valid_before)) != 0)
+		return r;
+
+	/* tunnel number can be negative to indicate "unset" */
+	if ((r = sshbuf_put_u8(m, opts->force_tun_device == -1)) != 0 ||
+	    (r = sshbuf_put_u32(m, (opts->force_tun_device < 0) ?
+	    0 : (u_int)opts->force_tun_device)) != 0)
+		return r;
+
+	/* String options; these may be NULL */
+	if ((r = serialise_nullable_string(m,
+	    untrusted ? "yes" : opts->cert_principals)) != 0 ||
+	    (r = serialise_nullable_string(m,
+	    untrusted ? "true" : opts->force_command)) != 0 ||
+	    (r = serialise_nullable_string(m,
+	    untrusted ? NULL : opts->required_from_host_cert)) != 0 ||
+	    (r = serialise_nullable_string(m,
+	     untrusted ? NULL : opts->required_from_host_keys)) != 0)
+		return r;
+
+	/* Array options */
+	if ((r = serialise_array(m, opts->env,
+	    untrusted ? 0 : opts->nenv)) != 0 ||
+	    (r = serialise_array(m, opts->permitopen,
+	    untrusted ? 0 : opts->npermitopen)) != 0)
+		return r;
+
+	/* success */
+	return 0;
+}
+
+int
+sshauthopt_deserialise(struct sshbuf *m, struct sshauthopt **optsp)
+{
+	struct sshauthopt *opts = NULL;
+	int r = SSH_ERR_INTERNAL_ERROR;
+	u_char f;
+	u_int tmp;
+
+	if ((opts = calloc(1, sizeof(*opts))) == NULL)
+		return SSH_ERR_ALLOC_FAIL;
+
+#define OPT_FLAG(x) \
+	do { \
+		if ((r = sshbuf_get_u8(m, &f)) != 0) \
+			goto out; \
+		opts->x = f; \
+	} while (0)
+	OPT_FLAG(permit_port_forwarding_flag);
+	OPT_FLAG(permit_agent_forwarding_flag);
+	OPT_FLAG(permit_x11_forwarding_flag);
+	OPT_FLAG(permit_pty_flag);
+	OPT_FLAG(permit_user_rc);
+	OPT_FLAG(restricted);
+	OPT_FLAG(cert_authority);
+#undef OPT_FLAG
+
+	if ((r = sshbuf_get_u64(m, &opts->valid_before)) != 0)
+		goto out;
+
+	/* tunnel number can be negative to indicate "unset" */
+	if ((r = sshbuf_get_u8(m, &f)) != 0 ||
+	    (r = sshbuf_get_u32(m, &tmp)) != 0)
+		goto out;
+	opts->force_tun_device = f ? -1 : (int)tmp;
+
+	/* String options may be NULL */
+	if ((r = deserialise_nullable_string(m, &opts->cert_principals)) != 0 ||
+	    (r = deserialise_nullable_string(m, &opts->force_command)) != 0 ||
+	    (r = deserialise_nullable_string(m,
+	    &opts->required_from_host_cert)) != 0 ||
+	    (r = deserialise_nullable_string(m,
+	    &opts->required_from_host_keys)) != 0)
+		goto out;
+
+	/* Array options */
+	if ((r = deserialise_array(m, &opts->env, &opts->nenv)) != 0 ||
+	    (r = deserialise_array(m,
+	    &opts->permitopen, &opts->npermitopen)) != 0)
+		goto out;
+
+	/* success */
+	r = 0;
+	*optsp = opts;
+	opts = NULL;
+ out:
+	sshauthopt_free(opts);
+	return r;
+}
--- a/crypto/external/bsd/openssh/dist/auth-options.h	Tue Apr 03 08:29:44 2018 +0000
+++ b/crypto/external/bsd/openssh/dist/auth-options.h	Sat Apr 07 04:11:47 2018 +0000
@@ -1,41 +1,92 @@
-/*	$NetBSD: auth-options.h,v 1.9 2017/10/07 19:39:19 christos Exp $	*/
-/* $OpenBSD: auth-options.h,v 1.23 2017/05/31 10:54:00 markus Exp $ */
+/*	$NetBSD: auth-options.h,v 1.9.2.1 2018/04/07 04:11:48 pgoyette Exp $	*/
+/* $OpenBSD: auth-options.h,v 1.26 2018/03/12 00:52:01 djm Exp $ */
 
 /*
- * Author: Tatu Ylonen <ylo@cs.hut.fi>
- * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
- *                    All rights reserved
+ * Copyright (c) 2018 Damien Miller <djm@mindrot.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
  *
- * As far as I am concerned, the code I have written for this software
- * can be used freely for any purpose.  Any derived versions of this
- * software must be clearly marked as such, and if the derived work is
- * incompatible with the protocol description in the RFC file, it must be
- * called by a name other than "ssh" or "Secure Shell".
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
 #ifndef AUTH_OPTIONS_H
 #define AUTH_OPTIONS_H
 
-/* Linked list of custom environment strings */
-struct envstring {
-	struct envstring *next;
-	char   *s;
+struct passwd;
+struct sshkey;
+
+/*
+ * sshauthopt represents key options parsed from authorized_keys or
+ * from certificate extensions/options.
+ */
+struct sshauthopt {
+	/* Feature flags */
+	int permit_port_forwarding_flag;
+	int permit_agent_forwarding_flag;
+	int permit_x11_forwarding_flag;
+	int permit_pty_flag;
+	int permit_user_rc;
+
+	/* "restrict" keyword was invoked */
+	int restricted;
+
+	/* key/principal expiry date */
+	uint64_t valid_before;
+
+	/* Certificate-related options */
+	int cert_authority;
+	char *cert_principals;
+
+	int force_tun_device;
+	char *force_command;
+
+	/* Custom environment */
+	size_t nenv;
+	char **env;
+
+	/* Permitted port forwardings */
+	size_t npermitopen;
+	char **permitopen;
+
+	/*
+	 * Permitted host/addresses (comma-separated)
+	 * Caller must check source address matches both lists (if present).
+	 */
+	char *required_from_host_cert;
+	char *required_from_host_keys;
 };
 
-/* Flags that may be set in authorized_keys options. */
-extern int no_port_forwarding_flag;
-extern int no_agent_forwarding_flag;
-extern int no_x11_forwarding_flag;
-extern int no_pty_flag;
-extern int no_user_rc;
-extern char *forced_command;
-extern struct envstring *custom_environment;
-extern int forced_tun_device;
-extern int key_is_cert_authority;
-extern char *authorized_principals;
+struct sshauthopt *sshauthopt_new(void);
+struct sshauthopt *sshauthopt_new_with_keys_defaults(void);
+void sshauthopt_free(struct sshauthopt *opts);
+struct sshauthopt *sshauthopt_copy(const struct sshauthopt *orig);
+int sshauthopt_serialise(const struct sshauthopt *opts, struct sshbuf *m, int);
+int sshauthopt_deserialise(struct sshbuf *m, struct sshauthopt **opts);
 
-int	auth_parse_options(struct passwd *, const char *, const char *, u_long);
-void	auth_clear_options(void);
-int	auth_cert_options(struct sshkey *, struct passwd *, const char **);
+/*
+ * Parse authorized_keys options. Returns an options structure on success
+ * or NULL on failure. Will set errstr on failure.
+ */
+struct sshauthopt *sshauthopt_parse(const char *s, const char **errstr);
+
+/*
+ * Parse certification options to a struct sshauthopt.
+ * Returns options on success or NULL on failure.
+ */
+struct sshauthopt *sshauthopt_from_cert(struct sshkey *k);
+
+/*
+ * Merge key options.
+ */
+struct sshauthopt *sshauthopt_merge(const struct sshauthopt *primary,
+    const struct sshauthopt *additional, const char **errstrp);
 
 #endif
--- a/crypto/external/bsd/openssh/dist/auth-pam.c	Tue Apr 03 08:29:44 2018 +0000
+++ b/crypto/external/bsd/openssh/dist/auth-pam.c	Sat Apr 07 04:11:47 2018 +0000
@@ -50,7 +50,7 @@
 /*
  * NetBSD local changes
  */
-__RCSID("$NetBSD: auth-pam.c,v 1.13 2018/02/05 00:13:50 christos Exp $");
+__RCSID("$NetBSD: auth-pam.c,v 1.13.2.1 2018/04/07 04:11:48 pgoyette Exp $");
 #undef USE_POSIX_THREADS /* Not yet */
 #define HAVE_SECURITY_PAM_APPL_H
 #define HAVE_PAM_GETENVLIST
@@ -59,6 +59,7 @@
 #define PAM_MSG_MEMBER(msg, n, member) ((*(msg))[(n)].member)
 #define mysig_t sig_t
 void sshpam_password_change_required(int);
+#define SSHD_PAM_SERVICE               getprogname()
 /* end NetBSD local changes */
 
 #include <sys/types.h>
@@ -88,6 +89,12 @@
 # define sshpam_const	const	/* LinuxPAM, OpenPAM */
 #endif
 
+#if !defined(SSHD_PAM_SERVICE)
+extern char *__progname;
+# define SSHD_PAM_SERVICE               __progname
+#endif
+
+
 /* Ambiguity in spec: is it an array of pointers or a pointer to an array? */
 #ifdef PAM_SUN_CODEBASE
 # define PAM_MSG_MEMBER(msg, n, member) ((*(msg))[(n)].member)
@@ -177,9 +184,12 @@
 	    <= 0) {
 		/* PAM thread has not exitted, privsep slave must have */
 		kill(cleanup_ctxt->pam_thread, SIGTERM);
-		if (waitpid(cleanup_ctxt->pam_thread, &sshpam_thread_status, 0)
-		    <= 0)
-			return; /* could not wait */
+		while (waitpid(cleanup_ctxt->pam_thread,
+		    &sshpam_thread_status, 0) == -1) {
+			if (errno == EINTR)
+				continue;
+			return;
+		}
 	}
 	if (WIFSIGNALED(sshpam_thread_status) &&
 	    WTERMSIG(sshpam_thread_status) == SIGTERM)
@@ -240,7 +250,11 @@
 	if (sshpam_thread_status != -1)
 		return (sshpam_thread_status);
 	signal(SIGCHLD, sshpam_oldsig);
-	waitpid(thread, &status, 0);
+	while (waitpid(thread, &status, 0) == -1) {
+		if (errno == EINTR)
+			continue;
+		fatal("%s: waitpid: %s", __func__, strerror(errno));
+	}
 	return (status);
 }
 #endif
@@ -252,10 +266,10 @@
 static int sshpam_session_open = 0;
 static int sshpam_cred_established = 0;
 static int sshpam_account_status = -1;
+static int sshpam_maxtries_reached = 0;
 static char **sshpam_env = NULL;
 static Authctxt *sshpam_authctxt = NULL;
 static const char *sshpam_password = NULL;
-static char badpw[] = "\b\n\r\177INCORRECT";
 
 /* Some PAM implementations don't implement this */
 #ifndef HAVE_PAM_GETENVLIST
@@ -299,18 +313,27 @@
 void
 sshpam_password_change_required(int reqd)
 {
+	extern struct sshauthopt *auth_opts;
+	static int saved_port, saved_agent, saved_x11;
+
 	debug3("%s %d", __func__, reqd);
 	if (sshpam_authctxt == NULL)
 		fatal("%s: PAM authctxt not initialized", __func__);
 	sshpam_authctxt->force_pwchange = reqd;
 	if (reqd) {
-		no_port_forwarding_flag |= 2;
-		no_agent_forwarding_flag |= 2;
-		no_x11_forwarding_flag |= 2;
+		saved_port = auth_opts->permit_port_forwarding_flag;
+		saved_agent = auth_opts->permit_agent_forwarding_flag;
+		saved_x11 = auth_opts->permit_x11_forwarding_flag;
+		auth_opts->permit_port_forwarding_flag = 0;
+		auth_opts->permit_agent_forwarding_flag = 0;
+		auth_opts->permit_x11_forwarding_flag = 0;
 	} else {
-		no_port_forwarding_flag &= ~2;
-		no_agent_forwarding_flag &= ~2;
-		no_x11_forwarding_flag &= ~2;
+		if (saved_port)
+			auth_opts->permit_port_forwarding_flag = saved_port;
+		if (saved_agent)
+			auth_opts->permit_agent_forwarding_flag = saved_agent;
+		if (saved_x11)
+			auth_opts->permit_x11_forwarding_flag = saved_x11;
 	}
 }
 
@@ -388,17 +411,6 @@
 	for (i = 0; i < n; ++i) {
 		switch (PAM_MSG_MEMBER(msg, i, msg_style)) {
 		case PAM_PROMPT_ECHO_OFF:
-			buffer_put_cstring(&buffer,
-			    PAM_MSG_MEMBER(msg, i, msg));
-			if (ssh_msg_send(ctxt->pam_csock,
-			    PAM_MSG_MEMBER(msg, i, msg_style), &buffer) == -1)
-				goto fail;
-			if (ssh_msg_recv(ctxt->pam_csock, &buffer) == -1)
-				goto fail;
-			if (buffer_get_char(&buffer) != PAM_AUTHTOK)
-				goto fail;
-			reply[i].resp = buffer_get_string(&buffer, NULL);
-			break;
 		case PAM_PROMPT_ECHO_ON:
 			buffer_put_cstring(&buffer,
 			    PAM_MSG_MEMBER(msg, i, msg));
@@ -412,12 +424,6 @@
 			reply[i].resp = buffer_get_string(&buffer, NULL);
 			break;
 		case PAM_ERROR_MSG:
-			buffer_put_cstring(&buffer,
-			    PAM_MSG_MEMBER(msg, i, msg));
-			if (ssh_msg_send(ctxt->pam_csock,
-			    PAM_MSG_MEMBER(msg, i, msg_style), &buffer) == -1)
-				goto fail;
-			break;
 		case PAM_TEXT_INFO:
 			buffer_put_cstring(&buffer,
 			    PAM_MSG_MEMBER(msg, i, msg));
@@ -436,8 +442,7 @@
 
  fail:
 	for(i = 0; i < n; i++) {
-		if (reply[i].resp != NULL)
-			free(reply[i].resp);
+		free(reply[i].resp);
 	}
 	free(reply);
 	buffer_free(&buffer);
@@ -463,8 +468,10 @@
 	const char **ptr_pam_user = &pam_user;
 	char *tz = getenv("TZ");
 
-	pam_get_item(sshpam_handle, PAM_USER,
+	sshpam_err = pam_get_item(sshpam_handle, PAM_USER,
 	    (sshpam_const void **)ptr_pam_user);
+	if (sshpam_err != PAM_SUCCESS)
+		goto auth_fail;
 
 	environ[0] = NULL;
 	if (tz != NULL)
@@ -490,6 +497,8 @@
 	if (sshpam_err != PAM_SUCCESS)
 		goto auth_fail;
 	sshpam_err = pam_authenticate(sshpam_handle, flags);
+	if (sshpam_err == PAM_MAXTRIES)
+		sshpam_set_maxtries_reached(1);
 	if (sshpam_err != PAM_SUCCESS)
 		goto auth_fail;
 
@@ -539,6 +548,8 @@
 	/* XXX - can't do much about an error here */
 	if (sshpam_err == PAM_ACCT_EXPIRED)
 		ssh_msg_send(ctxt->pam_csock, PAM_ACCT_EXPIRED, &buffer);
+	else if (sshpam_maxtries_reached)
+		ssh_msg_send(ctxt->pam_csock, PAM_MAXTRIES, &buffer);
 	else
 		ssh_msg_send(ctxt->pam_csock, PAM_AUTH_ERR, &buffer);
 	buffer_free(&buffer);
@@ -608,8 +619,7 @@
 
  fail:
 	for(i = 0; i < n; i++) {
-		if (reply[i].resp != NULL)
-			free(reply[i].resp);
+		free(reply[i].resp);
 	}
 	free(reply);
 	return (PAM_CONV_ERR);
@@ -665,7 +675,7 @@
 		sshpam_handle = NULL;
 		return (-1);
 	}
-	pam_rhost = session_get_remote_name_or_ip(ssh, utmp_len, options.use_dns);
+	pam_rhost = auth_get_canonical_hostname(ssh, options.use_dns);
 	debug("PAM: setting PAM_RHOST to \"%s\"", pam_rhost);
 	sshpam_err = pam_set_item(sshpam_handle, PAM_RHOST, pam_rhost);
 	if (sshpam_err != PAM_SUCCESS) {
@@ -736,13 +746,13 @@
 sshpam_query(void *ctx, char **name, char **info,
     u_int *num, char ***prompts, u_int **echo_on)
 {
+	struct ssh *ssh = active_state; /* XXX */
 	Buffer buffer;
 	struct pam_ctxt *ctxt = ctx;
 	size_t plen;
 	u_char type;
 	char *msg;
 	size_t len, mlen;
-	struct ssh *ssh = active_state; /* XXX */
 
 	debug3("PAM: %s entering", __func__);
 	buffer_init(&buffer);
@@ -779,7 +789,11 @@
 			free(msg);
 			break;
 		case PAM_ACCT_EXPIRED:
-			sshpam_account_status = 0;
+		case PAM_MAXTRIES:
+			if (type == PAM_ACCT_EXPIRED)
+				sshpam_account_status = 0;
+			if (type == PAM_MAXTRIES)
+				sshpam_set_maxtries_reached(1);
 			/*