Regression: I broke logging of public key fingerprints in
 1.46. Pointed out by Pontus Lundkvist

UpdateHostKeys fixes:

I accidentally changed the format of the hostkeys@openssh.com messages
last week without changing the extension name, and this has been causing
connection failures for people who are running -current. First reported
by sthen@

s/hostkeys@openssh.com/hostkeys-00@openssh.com/
Change the name of the proof message too, and reorder it a little.

Also, UpdateHostKeys=ask is incompatible with ControlPersist (no TTY
available to read the response) so disable UpdateHostKeys if it is in
ask mode and ControlPersist is active (and document this)

more options that are available under Match; bz#2353 reported
 by calestyo AT scientia.net

Some platforms (older FreeBSD and DragonFly versions) do have
getaddrinfo() but do not have AI_NUMERICINFO. so define it to zero
in those cases.

correct paths to configuration files being written/updated;
 they live in $OBJ not cwd; some by Roumen Petrov

sort options useable under Match case-insensitively; prodded
 jmc@

make "ssh-add -d" properly remove a corresponding
 certificate, and also not whine and fail if there is none

ok djm@

Ifdef out the ECC parts when building with an OpenSSL that doesn't have
it.

fix setting/clearing of TTY raw mode around
 UpdateHostKeys=ask confirmation question; reported by Herb Goldman

silence a spurious error message when listing
 fingerprints for known_hosts; bz#2342

add an XXX to remind me to improve sshkey_load_public

fix a race condition by using a mux socket rather than an
 ineffectual wait statement

spotted by Tom Christensen

further silence spurious error message even when -v is
 specified (e.g. to get visual host keys); reported by naddy@

Convert packet_send_debug and packet_disconnect from macros to
functions.  Some older GCCs (2.7.x, 2.95.x) see to have problems with
variadic macros with only one argument so we convert these two into
functions.  ok djm@

Prevents compile errors on some platforms (at least old GCCs and AIX's
XLC compilers).

Our getaddrinfo implementation always returns numeric values already.

…use 255

a88dd1d
(some systems have sig_atomic_t in signal.h, some in sys/signal.h)
Sounds good to me djm@

Fix name space clash on Solaris 10. Still more to do for Solaris 10
to deal with msghdr structure differences. ok djm@

_NSIG is only unsed in one file, so move it there prevent redefinition
warnings reported by Kevin Brott.

ifdef out some more ECDSA and ECDH tests when built against an OpenSSL
that does not have eliptic curve functionality.

Remove ssh_get_progname's dependency on xmalloc, which should reduce
link order problems.  ok djm@

add -v (show ASCII art) to -l's synopsis; ok djm@

don't leak validity of user in "too many authentication
 failures" disconnect message; reported by Sebastian Reitenbach

This reverts commit d1db656.

No longer needed with commit 678e473

fix small memory leak when UpdateHostkeys=no

zero cmsgbuf before use; we initialise the bits we use
 but valgrind still spams warning on it

don't printf NULL key comments; reported by Tom Christensen

from Tom G. Christensen

Mostly avoiding "err(1, NULL)"

Make sure we only call getnameinfo() for AF_INET or AF_INET6
 sockets. getpeername() of a Unix domain socket may return without error on
 some systems without actually setting ss_family so getnameinfo() was getting
 called with ss_family set to AF_UNSPEC.  OK djm@

Allow "ssh -Q protocol-version" to list supported SSH
 protocol versions. Useful for detecting builds without SSH v.1 support; idea
 and ok markus@