import openssh-5.2p1-gsskex-all-20090726.patch

15 files changed, 148 insertions, 779 deletions

diff --git a/contrib/caldera/openssh.spec b/contrib/caldera/openssh.spec
index 32d175d4b..42dbcfeeb 100644
--- a/contrib/caldera/openssh.spec
+++ b/contrib/caldera/openssh.spec
@@ -17,11 +17,11 @@
 #old cvs stuff.  please update before use.  may be deprecated.
 %define use_stable      1
 %if %{use_stable}
-  %define version       5.1p1
+  %define version       5.2p1
   %define cvs           %{nil}
   %define release       1
 %else
-  %define version       5.1p1
+  %define version       5.2p1
   %define cvs           cvs20050315
   %define release       0r1
 %endif
@@ -251,7 +251,7 @@ install -m 0755 contrib/caldera/ssh-host-keygen $SKG
 # install remaining docs
 DocD="%{buildroot}%{_defaultdocdir}/%{name}-%{version}"
 mkdir -p $DocD/%{askpass}
-cp -a CREDITS ChangeLog LICENCE OVERVIEW README* TODO  $DocD
+cp -a CREDITS ChangeLog LICENCE OVERVIEW README* TODO PROTOCOL* $DocD
 install -p -m 0444 %{SOURCE3}  $DocD/faq.html
 cp -a %{askpass}/{README,ChangeLog,TODO,SshAskpass*.ad}  $DocD/%{askpass}
 %if %{use_stable}
@@ -358,4 +358,4 @@ fi
 * Mon Jan 01 1998 ...
 Template Version: 1.31
 
-$Id: openssh.spec,v 1.65 2008/07/21 08:21:53 djm Exp $
+$Id: openssh.spec,v 1.66 2009/02/21 07:03:05 djm Exp $
diff --git a/contrib/caldera/ssh-host-keygen b/contrib/caldera/ssh-host-keygen
index 3c5c17182..86382ddfb 100755
--- a/contrib/caldera/ssh-host-keygen
+++ b/contrib/caldera/ssh-host-keygen
@@ -1,6 +1,6 @@
 #! /bin/sh
 #
-# $Id: ssh-host-keygen,v 1.2 2003/11/21 12:48:57 djm Exp $
+# $Id: ssh-host-keygen,v 1.3 2008/11/03 09:16:01 djm Exp $
 #
 # This script is normally run only *once* for a given host
 # (in a given period of time) -- on updates/upgrades/recovery
@@ -15,16 +15,16 @@ if [ -f $keydir/ssh_host_key -o \
              -f $keydir/ssh_host_key.pub ]; then
   echo "You already have an SSH1 RSA host key in $keydir/ssh_host_key."
 else
-  echo "Generating 1024 bit SSH1 RSA host key."
-  $keygen -b 1024 -t rsa1 -f $keydir/ssh_host_key -C '' -N ''
+  echo "Generating SSH1 RSA host key."
+  $keygen -t rsa1 -f $keydir/ssh_host_key -C '' -N ''
 fi
 
 if [ -f $keydir/ssh_host_rsa_key -o \
              -f $keydir/ssh_host_rsa_key.pub ]; then
   echo "You already have an SSH2 RSA host key in $keydir/ssh_host_rsa_key."
 else
-  echo "Generating 1024 bit SSH2 RSA host key."
-  $keygen -b 1024 -t rsa -f $keydir/ssh_host_rsa_key -C '' -N ''
+  echo "Generating SSH2 RSA host key."
+  $keygen -t rsa -f $keydir/ssh_host_rsa_key -C '' -N ''
 fi
 
 if [ -f $keydir/ssh_host_dsa_key -o \
diff --git a/contrib/caldera/sshd.pam b/contrib/caldera/sshd.pam
index 26dcb34d9..f050a9aee 100644
--- a/contrib/caldera/sshd.pam
+++ b/contrib/caldera/sshd.pam
@@ -1,6 +1,6 @@
 #%PAM-1.0
 auth       required     /lib/security/pam_pwdb.so shadow nodelay
-auth       required     /lib/security/pam_nologin.so
+account    required     /lib/security/pam_nologin.so
 account    required     /lib/security/pam_pwdb.so
 password   required     /lib/security/pam_cracklib.so
 password   required     /lib/security/pam_pwdb.so shadow nullok use_authtok
diff --git a/contrib/cygwin/Makefile b/contrib/cygwin/Makefile
index 3e2d26404..2ebd143dc 100644
--- a/contrib/cygwin/Makefile
+++ b/contrib/cygwin/Makefile
@@ -38,11 +38,13 @@ install-sshdoc:
         $(INSTALL) -m 644 $(srcdir)/ChangeLog $(DESTDIR)$(sshdocdir)/ChangeLog
         $(INSTALL) -m 644 $(srcdir)/LICENCE $(DESTDIR)$(sshdocdir)/LICENCE
         $(INSTALL) -m 644 $(srcdir)/OVERVIEW $(DESTDIR)$(sshdocdir)/OVERVIEW
+        $(INSTALL) -m 644 $(srcdir)/PROTOCOL $(DESTDIR)$(sshdocdir)/PROTOCOL
+        $(INSTALL) -m 644 $(srcdir)/PROTOCOL.agent $(DESTDIR)$(sshdocdir)/PROTOCOL.agent
         $(INSTALL) -m 644 $(srcdir)/README $(DESTDIR)$(sshdocdir)/README
         $(INSTALL) -m 644 $(srcdir)/README.dns $(DESTDIR)$(sshdocdir)/README.dns
+        $(INSTALL) -m 644 $(srcdir)/README.platform $(DESTDIR)$(sshdocdir)/README.platform
         $(INSTALL) -m 644 $(srcdir)/README.privsep $(DESTDIR)$(sshdocdir)/README.privsep
         $(INSTALL) -m 644 $(srcdir)/README.smartcard $(DESTDIR)$(sshdocdir)/README.smartcard
-        $(INSTALL) -m 644 $(srcdir)/RFC.nroff $(DESTDIR)$(sshdocdir)/RFC.nroff
         $(INSTALL) -m 644 $(srcdir)/TODO $(DESTDIR)$(sshdocdir)/TODO
         $(INSTALL) -m 644 $(srcdir)/WARNING.RNG $(DESTDIR)$(sshdocdir)/WARNING.RNG
 
diff --git a/contrib/cygwin/ssh-host-config b/contrib/cygwin/ssh-host-config
index bbb6da4c4..57e728fbc 100644
--- a/contrib/cygwin/ssh-host-config
+++ b/contrib/cygwin/ssh-host-config
@@ -25,7 +25,7 @@ source ${CSIH_SCRIPT}
 port_number=22
 privsep_configured=no
 privsep_used=yes
-cygwin_value="ntsec"
+cygwin_value=""
 password_value=
 
 # ======================================================================
@@ -37,13 +37,13 @@ create_host_keys() {
     csih_inform "Generating ${SYSCONFDIR}/ssh_host_key"
     ssh-keygen -t rsa1 -f ${SYSCONFDIR}/ssh_host_key -N '' > /dev/null
   fi
-  
+
   if [ ! -f "${SYSCONFDIR}/ssh_host_rsa_key" ]
   then
     csih_inform "Generating ${SYSCONFDIR}/ssh_host_rsa_key"
     ssh-keygen -t rsa -f ${SYSCONFDIR}/ssh_host_rsa_key -N '' > /dev/null
   fi
-  
+
   if [ ! -f "${SYSCONFDIR}/ssh_host_dsa_key" ]
   then
     csih_inform "Generating ${SYSCONFDIR}/ssh_host_dsa_key"
@@ -75,12 +75,12 @@ update_services_file() {
     _spaces="                  # "
   fi
   _serv_tmp="${_my_etcdir}/srv.out.$$"
-  
-  mount -t -f "${_win_etcdir}" "${_my_etcdir}"
-  
+
+  mount -o text -f "${_win_etcdir}" "${_my_etcdir}"
+
   # Depends on the above mount
   _wservices=`cygpath -w "${_services}"`
-  
+
   # Remove sshd 22/port from services
   if [ `grep -q 'sshd[ \t][ \t]*22' "${_services}"; echo $?` -eq 0 ]
   then
@@ -89,16 +89,16 @@ update_services_file() {
     then
       if mv "${_serv_tmp}" "${_services}"
       then
-        csih_inform "Removing sshd from ${_wservices}"
+        csih_inform "Removing sshd from ${_wservices}"
       else
-        csih_warning "Removing sshd from ${_wservices} failed!"
+        csih_warning "Removing sshd from ${_wservices} failed!"
       fi
       rm -f "${_serv_tmp}"
     else
       csih_warning "Removing sshd from ${_wservices} failed!"
     fi
   fi
-  
+
   # Add ssh 22/tcp  and ssh 22/udp to services
   if [ `grep -q 'ssh[ \t][ \t]*22' "${_services}"; echo $?` -ne 0 ]
   then
@@ -106,9 +106,9 @@ update_services_file() {
     then
       if mv "${_serv_tmp}" "${_services}"
       then
-        csih_inform "Added ssh to ${_wservices}"
+        csih_inform "Added ssh to ${_wservices}"
       else
-        csih_warning "Adding ssh to ${_wservices} failed!"
+        csih_warning "Adding ssh to ${_wservices} failed!"
       fi
       rm -f "${_serv_tmp}"
     else
@@ -134,16 +134,16 @@ sshd_privsep() {
       csih_inform "For more info on privilege separation read /usr/share/doc/openssh/README.privsep."
       if csih_request "Should privilege separation be used?"
       then
-        privsep_used=yes
-        if ! csih_create_unprivileged_user sshd
-        then
+        privsep_used=yes
+        if ! csih_create_unprivileged_user sshd
+        then
           csih_warning "Couldn't create user 'sshd'!"
-          csih_warning "Privilege separation set to 'no' again!"
-          csih_warning "Check your ${SYSCONFDIR}/sshd_config file!"
+          csih_warning "Privilege separation set to 'no' again!"
+          csih_warning "Check your ${SYSCONFDIR}/sshd_config file!"
           privsep_used=no
-        fi
+        fi
       else
-        privsep_used=no
+        privsep_used=no
       fi
     else
       # On 9x don't use privilege separation.  Since security isn't
@@ -151,7 +151,7 @@ sshd_privsep() {
       privsep_used=no
     fi
   fi
-  
+
   # Create default sshd_config from skeleton files in /etc/defaults/etc or
   # modify to add the missing privsep configuration option
   if cmp "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults/${SYSCONFDIR}/sshd_config" >/dev/null 2>&1
@@ -161,8 +161,8 @@ sshd_privsep() {
     sed -e "s/^#UsePrivilegeSeparation yes/UsePrivilegeSeparation ${privsep_used}/
           s/^#Port 22/Port ${port_number}/
           s/^#StrictModes yes/StrictModes no/" \
-        < ${SYSCONFDIR}/sshd_config \
-        > "${sshdconfig_tmp}"
+        < ${SYSCONFDIR}/sshd_config \
+        > "${sshdconfig_tmp}"
     mv "${sshdconfig_tmp}" ${SYSCONFDIR}/sshd_config
   elif [ "${privsep_configured}" != "yes" ]
   then
@@ -193,19 +193,19 @@ update_inetd_conf() {
       # will be replaced by a file in inetd.d/
       if [ `grep -q '^[# \t]*ssh' "${_inetcnf}"; echo $?` -eq 0 ]
       then
-        grep -v '^[# \t]*ssh' "${_inetcnf}" >> "${_inetcnf_tmp}"
-        if [ -f "${_inetcnf_tmp}" ]
-        then
-          if mv "${_inetcnf_tmp}" "${_inetcnf}"
-          then
+        grep -v '^[# \t]*ssh' "${_inetcnf}" >> "${_inetcnf_tmp}"
+        if [ -f "${_inetcnf_tmp}" ]
+        then
+          if mv "${_inetcnf_tmp}" "${_inetcnf}"
+          then
             csih_inform "Removed ssh[d] from ${_inetcnf}"
-          else
+          else
             csih_warning "Removing ssh[d] from ${_inetcnf} failed!"
-          fi
-          rm -f "${_inetcnf_tmp}"
-        else
-          csih_warning "Removing ssh[d] from ${_inetcnf} failed!"
-        fi
+          fi
+          rm -f "${_inetcnf_tmp}"
+        else
+          csih_warning "Removing ssh[d] from ${_inetcnf} failed!"
+        fi
       fi
     fi
 
@@ -214,13 +214,13 @@ update_inetd_conf() {
     then
       if [ "${_with_comment}" -eq 0 ]
       then
-        sed -e 's/@COMMENT@[ \t]*//' < "${_sshd_inetd_conf}" > "${_sshd_inetd_conf_tmp}"
+        sed -e 's/@COMMENT@[ \t]*//' < "${_sshd_inetd_conf}" > "${_sshd_inetd_conf_tmp}"
       else
-        sed -e 's/@COMMENT@[ \t]*/# /' < "${_sshd_inetd_conf}" > "${_sshd_inetd_conf_tmp}"
+        sed -e 's/@COMMENT@[ \t]*/# /' < "${_sshd_inetd_conf}" > "${_sshd_inetd_conf_tmp}"
       fi
       mv "${_sshd_inetd_conf_tmp}" "${_sshd_inetd_conf}"
       csih_inform "Updated ${_sshd_inetd_conf}"
-    fi 
+    fi
 
   elif [ -f "${_inetcnf}" ]
   then
@@ -233,26 +233,26 @@ update_inetd_conf() {
       grep -v '^[# \t]*sshd' "${_inetcnf}" >> "${_inetcnf_tmp}"
       if [ -f "${_inetcnf_tmp}" ]
       then
-        if mv "${_inetcnf_tmp}" "${_inetcnf}"
-        then
+        if mv "${_inetcnf_tmp}" "${_inetcnf}"
+        then
             csih_inform "Removed sshd from ${_inetcnf}"
-        else
+        else
             csih_warning "Removing sshd from ${_inetcnf} failed!"
-        fi
-        rm -f "${_inetcnf_tmp}"
+        fi
+        rm -f "${_inetcnf_tmp}"
       else
-        csih_warning "Removing sshd from ${_inetcnf} failed!"
+        csih_warning "Removing sshd from ${_inetcnf} failed!"
       fi
     fi
-  
+
     # Add ssh line to inetd.conf
     if [ `grep -q '^[# \t]*ssh' "${_inetcnf}"; echo $?` -ne 0 ]
     then
       if [ "${_with_comment}" -eq 0 ]
       then
-        echo 'ssh  stream  tcp     nowait  root    /usr/sbin/sshd sshd -i' >> "${_inetcnf}"
+        echo 'ssh  stream  tcp     nowait  root    /usr/sbin/sshd sshd -i' >> "${_inetcnf}"
       else
-        echo '# ssh  stream  tcp     nowait  root    /usr/sbin/sshd sshd -i' >> "${_inetcnf}"
+        echo '# ssh  stream  tcp     nowait  root    /usr/sbin/sshd sshd -i' >> "${_inetcnf}"
       fi
       csih_inform "Added ssh to ${_inetcnf}"
     fi
@@ -278,80 +278,83 @@ install_service() {
       echo -e "${_csih_QUERY_STR} Do you want to install sshd as a service?"
       if csih_request "(Say \"no\" if it is already installed as a service)"
       then
-        csih_inform "Note that the CYGWIN variable must contain at least \"ntsec\""
-        csih_inform "for sshd to be able to change user context without password."
-        csih_get_cygenv "${cygwin_value}"
-
-        if ( csih_is_nt2003 || [ "$csih_FORCE_PRIVILEGED_USER" = "yes" ] )
-        then
-          csih_inform "On Windows Server 2003, Windows Vista, and above, the"
-          csih_inform "SYSTEM account cannot setuid to other users -- a capability"
-          csih_inform "sshd requires.  You need to have or to create a privileged"
-          csih_inform "account.  This script will help you do so."
-          echo
-          if ! csih_create_privileged_user "${password_value}"
-          then
-            csih_error_recoverable "There was a serious problem creating a privileged user."
-            csih_request "Do you want to proceed anyway?" || exit 1
-          fi
-        fi
-
-        # never returns empty if NT or above
-        run_service_as=$(csih_service_should_run_as)
-
-        if [ "${run_service_as}" = "${csih_PRIVILEGED_USERNAME}" ]
-        then
-          password="${csih_PRIVILEGED_PASSWORD}"
-          if [ -z "${password}" ]
-          then
-            csih_get_value "Please enter the password for user '${run_service_as}':" "-s"
-            password="${csih_value}"
-          fi
-        fi
-
-        # at this point, we either have $run_service_as = "system" and $password is empty,
-        # or $run_service_as is some privileged user and (hopefully) $password contains
-        # the correct password.  So, from here out, we use '-z "${password}"' to discriminate
-        # the two cases.
-
-        csih_check_user "${run_service_as}"
-
-        if [ -z "${password}" ]
-        then
-          if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a "-D" -y tcpip \
-             -e CYGWIN="${csih_cygenv}"
-          then
-            echo
-            csih_inform "The sshd service has been installed under the LocalSystem"
-            csih_inform "account (also known as SYSTEM). To start the service now, call"
-            csih_inform "\`net start sshd' or \`cygrunsrv -S sshd'.  Otherwise, it"
-            csih_inform "will start automatically after the next reboot."
-          fi
-        else
-          if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a "-D" -y tcpip \
-             -e CYGWIN="${csih_cygenv}" -u "${run_service_as}" -w "${password}"
-          then
+        csih_get_cygenv "${cygwin_value}"
+
+        if ( csih_is_nt2003 || [ "$csih_FORCE_PRIVILEGED_USER" = "yes" ] )
+        then
+          csih_inform "On Windows Server 2003, Windows Vista, and above, the"
+          csih_inform "SYSTEM account cannot setuid to other users -- a capability"
+          csih_inform "sshd requires.  You need to have or to create a privileged"
+          csih_inform "account.  This script will help you do so."
+          echo
+          if ! csih_create_privileged_user "${password_value}"
+          then
+            csih_error_recoverable "There was a serious problem creating a privileged user."
+            csih_request "Do you want to proceed anyway?" || exit 1
+          fi
+        fi
+
+        # never returns empty if NT or above
+        run_service_as=$(csih_service_should_run_as)
+
+        if [ "${run_service_as}" = "${csih_PRIVILEGED_USERNAME}" ]
+        then
+          password="${csih_PRIVILEGED_PASSWORD}"
+          if [ -z "${password}" ]
+          then
+            csih_get_value "Please enter the password for user '${run_service_as}':" "-s"
+            password="${csih_value}"
+          fi
+        fi
+
+        # at this point, we either have $run_service_as = "system" and $password is empty,
+        # or $run_service_as is some privileged user and (hopefully) $password contains
+        # the correct password.  So, from here out, we use '-z "${password}"' to discriminate
+        # the two cases.
+
+        csih_check_user "${run_service_as}"
+
+        if [ -n "${csih_cygenv}" ]
+        then
+          cygwin_env="-e CYGWIN=\"${csih_cygenv}\""
+        fi
+        if [ -z "${password}" ]
+        then
+          if eval cygrunsrv -I sshd -d \"CYGWIN sshd\" -p /usr/sbin/sshd \
+                            -a "-D" -y tcpip ${cygwin_env}
+          then
+            echo
+            csih_inform "The sshd service has been installed under the LocalSystem"
+            csih_inform "account (also known as SYSTEM). To start the service now, call"
+            csih_inform "\`net start sshd' or \`cygrunsrv -S sshd'.  Otherwise, it"
+            csih_inform "will start automatically after the next reboot."
+          fi
+        else
+          if eval cygrunsrv -I sshd -d \"CYGWIN sshd\" -p /usr/sbin/sshd \
+                            -a "-D" -y tcpip ${cygwin_env} \
+                            -u "${run_service_as}" -w "${password}"
+          then
             echo
             csih_inform "The sshd service has been installed under the '${run_service_as}'"
             csih_inform "account.  To start the service now, call \`net start sshd' or"
-            csih_inform "\`cygrunsrv -S sshd'.  Otherwise, it will start automatically"
-            csih_inform "after the next reboot."
-          fi
-        fi
-
-        # now, if successfully installed, set ownership of the affected files 
-        if cygrunsrv -Q sshd >/dev/null 2>&1
-        then
-          chown "${run_service_as}" ${SYSCONFDIR}/ssh*
-          chown "${run_service_as}".544 ${LOCALSTATEDIR}/empty
-          chown "${run_service_as}".544 ${LOCALSTATEDIR}/log/lastlog
-          if [ -f ${LOCALSTATEDIR}/log/sshd.log ]
-          then
+            csih_inform "\`cygrunsrv -S sshd'.  Otherwise, it will start automatically"
+            csih_inform "after the next reboot."
+          fi
+        fi
+
+        # now, if successfully installed, set ownership of the affected files
+        if cygrunsrv -Q sshd >/dev/null 2>&1
+        then
+          chown "${run_service_as}" ${SYSCONFDIR}/ssh*
+          chown "${run_service_as}".544 ${LOCALSTATEDIR}/empty
+          chown "${run_service_as}".544 ${LOCALSTATEDIR}/log/lastlog
+          if [ -f ${LOCALSTATEDIR}/log/sshd.log ]
+          then
             chown "${run_service_as}".544 ${LOCALSTATEDIR}/log/sshd.log
-          fi
-        else
-          csih_warning "Something went wrong installing the sshd service."
-        fi
+          fi
+        else
+          csih_warning "Something went wrong installing the sshd service."
+        fi
       fi # user allowed us to install as service
     fi # service not yet installed
   fi # csih_is_nt
@@ -456,7 +459,7 @@ done
 
 # Check for running ssh/sshd processes first. Refuse to do anything while
 # some ssh processes are still running
-if ps -ef | grep -v grep | grep -q ssh
+if ps -ef | grep -q '/sshd\?$'
 then
   echo
   csih_error "There are still ssh processes running. Please shut them down first."
@@ -475,9 +478,9 @@ setfacl -m u:system:rwx "${LOCALSTATEDIR}/log"
 # Create /var/log/lastlog if not already exists
 if [ -e ${LOCALSTATEDIR}/log/lastlog -a ! -f ${LOCALSTATEDIR}/log/lastlog ]
 then
-  echo 
+  echo
   csih_error_multi "${LOCALSTATEDIR}/log/lastlog exists, but is not a file." \
-                   "Cannot create ssh host configuration."
+                   "Cannot create ssh host configuration."
 fi
 if [ ! -e ${LOCALSTATEDIR}/log/lastlog ]
 then
@@ -520,7 +523,7 @@ sshd_privsep
 
 
 
-update_services_file 
+update_services_file
 update_inetd_conf
 install_service
 
diff --git a/contrib/gnome-ssh-askpass.c b/contrib/gnome-ssh-askpass.c
deleted file mode 100644
index 7cece5620..000000000
--- a/contrib/gnome-ssh-askpass.c
+++ /dev/null
@@ -1,168 +0,0 @@
-/*
- * Copyright (c) 2000-2002 Damien Miller.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/*
- * This is a simple GNOME SSH passphrase grabber. To use it, set the 
- * environment variable SSH_ASKPASS to point to the location of 
- * gnome-ssh-askpass before calling "ssh-add < /dev/null". 
- *
- * There is only two run-time options: if you set the environment variable
- * "GNOME_SSH_ASKPASS_GRAB_SERVER=true" then gnome-ssh-askpass will grab
- * the X server. If you set "GNOME_SSH_ASKPASS_GRAB_POINTER=true", then the 
- * pointer will be grabbed too. These may have some benefit to security if 
- * you don't trust your X server. We grab the keyboard always.
- */
-
-/*
- * Compile with:
- *
- * cc `gnome-config --cflags gnome gnomeui` \
- *    gnome-ssh-askpass.c -o gnome-ssh-askpass \
- *    `gnome-config --libs gnome gnomeui`
- *
- */
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-#include <gnome.h>
-#include <X11/Xlib.h>
-#include <gdk/gdkx.h>
-
-void
-report_failed_grab (void)
-{
-        GtkWidget *err;
-
-        err = gnome_message_box_new("Could not grab keyboard or mouse.\n"
-                "A malicious client may be eavesdropping on your session.",
-                                    GNOME_MESSAGE_BOX_ERROR, "EXIT", NULL);
-        gtk_window_set_position(GTK_WINDOW(err), GTK_WIN_POS_CENTER);
-        gtk_object_set(GTK_OBJECT(err), "type", GTK_WINDOW_POPUP, NULL);
-
-        gnome_dialog_run_and_close(GNOME_DIALOG(err));
-}
-
-void
-passphrase_dialog(char *message)
-{
-        char *passphrase;
-        char **messages;
-        int result, i, grab_server, grab_pointer;
-        GtkWidget *dialog, *entry, *label;
-
-        grab_server = (getenv("GNOME_SSH_ASKPASS_GRAB_SERVER") != NULL);
-        grab_pointer = (getenv("GNOME_SSH_ASKPASS_GRAB_POINTER") != NULL);
-
-        dialog = gnome_dialog_new("OpenSSH", GNOME_STOCK_BUTTON_OK,
-            GNOME_STOCK_BUTTON_CANCEL, NULL);
-
-        messages = g_strsplit(message, "\\n", 0);
-        if (messages)
-                for(i = 0; messages[i]; i++) {
-                        label = gtk_label_new(messages[i]);
-                        gtk_box_pack_start(GTK_BOX(GNOME_DIALOG(dialog)->vbox),
-                            label, FALSE, FALSE, 0);
-                }
-
-        entry = gtk_entry_new();
-        gtk_box_pack_start(GTK_BOX(GNOME_DIALOG(dialog)->vbox), entry, FALSE, 
-            FALSE, 0);
-        gtk_entry_set_visibility(GTK_ENTRY(entry), FALSE);
-        gtk_widget_grab_focus(entry);
-
-        /* Center window and prepare for grab */
-        gtk_object_set(GTK_OBJECT(dialog), "type", GTK_WINDOW_POPUP, NULL);
-        gnome_dialog_set_default(GNOME_DIALOG(dialog), 0);
-        gtk_window_set_position (GTK_WINDOW(dialog), GTK_WIN_POS_CENTER);
-        gtk_window_set_policy(GTK_WINDOW(dialog), FALSE, FALSE, TRUE);
-        gnome_dialog_close_hides(GNOME_DIALOG(dialog), TRUE);
-        gtk_container_set_border_width(GTK_CONTAINER(GNOME_DIALOG(dialog)->vbox),
-            GNOME_PAD);
-        gtk_widget_show_all(dialog);
-
-        /* Grab focus */
-        if (grab_server)
-                XGrabServer(GDK_DISPLAY());
-        if (grab_pointer && gdk_pointer_grab(dialog->window, TRUE, 0, 
-            NULL, NULL, GDK_CURRENT_TIME))
-                goto nograb;
-        if (gdk_keyboard_grab(dialog->window, FALSE, GDK_CURRENT_TIME))
-                goto nograbkb;
-
-        /* Make <enter> close dialog */
-        gnome_dialog_editable_enters(GNOME_DIALOG(dialog), GTK_EDITABLE(entry));
-
-        /* Run dialog */
-        result = gnome_dialog_run(GNOME_DIALOG(dialog));
-
-        /* Ungrab */
-        if (grab_server)
-                XUngrabServer(GDK_DISPLAY());
-        if (grab_pointer)
-                gdk_pointer_ungrab(GDK_CURRENT_TIME);
-        gdk_keyboard_ungrab(GDK_CURRENT_TIME);
-        gdk_flush();
-
-        /* Report passphrase if user selected OK */
-        passphrase = gtk_entry_get_text(GTK_ENTRY(entry));
-        if (result == 0)
-                puts(passphrase);
-                
-        /* Zero passphrase in memory */
-        memset(passphrase, '\0', strlen(passphrase));
-        gtk_entry_set_text(GTK_ENTRY(entry), passphrase);
-                        
-        gnome_dialog_close(GNOME_DIALOG(dialog));
-        return;
-
-        /* At least one grab failed - ungrab what we got, and report
-           the failure to the user.  Note that XGrabServer() cannot
-           fail.  */
- nograbkb:
-        gdk_pointer_ungrab(GDK_CURRENT_TIME);
- nograb:
-        if (grab_server)
-                XUngrabServer(GDK_DISPLAY());
-        gnome_dialog_close(GNOME_DIALOG(dialog));
-        
-        report_failed_grab();
-}
-
-int
-main(int argc, char **argv)
-{
-        char *message;
-        
-        gnome_init("GNOME ssh-askpass", "0.1", argc, argv);
-
-        if (argc == 2)
-                message = argv[1];
-        else
-                message = "Enter your OpenSSH passphrase:";
-
-        setvbuf(stdout, 0, _IONBF, 0);
-        passphrase_dialog(message);
-        return 0;
-}
diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec
index bb9e4d616..10bdc1989 100644
--- a/contrib/redhat/openssh.spec
+++ b/contrib/redhat/openssh.spec
@@ -1,4 +1,4 @@
-%define ver 5.1p1
+%define ver 5.2p1
 %define rel 1
 
 # OpenSSH privilege separation requires a user & group ID
@@ -333,7 +333,7 @@ fi
 
 %files
 %defattr(-,root,root)
-%doc CREDITS ChangeLog INSTALL LICENCE OVERVIEW README* RFC* TODO WARNING*
+%doc CREDITS ChangeLog INSTALL LICENCE OVERVIEW README* PROTOCOL* TODO WARNING*
 %attr(0755,root,root) %{_bindir}/scp
 %attr(0644,root,root) %{_mandir}/man1/scp.1*
 %attr(0755,root,root) %dir %{_sysconfdir}/ssh
diff --git a/contrib/redhat/sshd.pam b/contrib/redhat/sshd.pam
index e48607766..ffa5adbe5 100644
--- a/contrib/redhat/sshd.pam
+++ b/contrib/redhat/sshd.pam
@@ -1,6 +1,6 @@
 #%PAM-1.0
 auth       required     pam_stack.so service=system-auth
-auth       required     pam_nologin.so
+account    required     pam_nologin.so
 account    required     pam_stack.so service=system-auth
 password   required     pam_stack.so service=system-auth
 session    required     pam_stack.so service=system-auth
diff --git a/contrib/solaris/buildpkg.sh b/contrib/solaris/buildpkg.sh
deleted file mode 100755
index 29d096306..000000000
--- a/contrib/solaris/buildpkg.sh
+++ /dev/null
@@ -1,386 +0,0 @@
-#!/bin/sh
-#
-# Fake Root Solaris/SVR4/SVR5 Build System - Prototype
-#
-# The following code has been provide under Public Domain License.  I really
-# don't care what you use it for.  Just as long as you don't complain to me
-# nor my employer if you break it. - Ben Lindstrom (mouring@eviladmin.org)
-#
-umask 022
-#
-# Options for building the package
-# You can create a config.local with your customized options
-#
-# uncommenting TEST_DIR and using
-# configure --prefix=/var/tmp --with-privsep-path=/var/tmp/empty
-# and
-# PKGNAME=tOpenSSH should allow testing a package without interfering
-# with a real OpenSSH package on a system. This is not needed on systems
-# that support the -R option to pkgadd.
-#TEST_DIR=/var/tmp      # leave commented out for production build
-PKGNAME=OpenSSH
-SYSVINIT_NAME=opensshd
-MAKE=${MAKE:="make"}
-SSHDUID=67      # Default privsep uid
-SSHDGID=67      # Default privsep gid
-# uncomment these next three as needed
-#PERMIT_ROOT_LOGIN=no
-#X11_FORWARDING=yes
-#USR_LOCAL_IS_SYMLINK=yes
-# list of system directories we do NOT want to change owner/group/perms
-# when installing our package
-SYSTEM_DIR="/etc        \
-/etc/init.d             \
-/etc/rcS.d              \
-/etc/rc0.d              \
-/etc/rc1.d              \
-/etc/rc2.d              \
-/etc/opt                \
-/opt                    \
-/opt/bin                \
-/usr                    \
-/usr/bin                \
-/usr/lib                \
-/usr/sbin               \
-/usr/share              \
-/usr/share/man          \
-/usr/share/man/man1     \
-/usr/share/man/man8     \
-/usr/local              \
-/usr/local/bin          \
-/usr/local/etc          \
-/usr/local/libexec      \
-/usr/local/man          \
-/usr/local/man/man1     \
-/usr/local/man/man8     \
-/usr/local/sbin         \
-/usr/local/share        \
-/var                    \
-/var/opt                \
-/var/run                \
-/var/tmp                \
-/tmp"
-
-# We may need to build as root so we make sure PATH is set up
-# only set the path if it's not set already
-[ -d /usr/local/bin ]  &&  {
-        echo $PATH | grep ":/usr/local/bin"  > /dev/null 2>&1
-        [ $? -ne 0 ] && PATH=$PATH:/usr/local/bin
-}
-[ -d /usr/ccs/bin ]  &&  {
-        echo $PATH | grep ":/usr/ccs/bin"  > /dev/null 2>&1
-        [ $? -ne 0 ] && PATH=$PATH:/usr/ccs/bin
-}
-export PATH
-#
-
-[ -f Makefile ]  ||  {
-        echo "Please run this script from your build directory"
-        exit 1
-}
-
-# we will look for config.local to override the above options
-[ -s ./config.local ]  &&  . ./config.local
-
-## Start by faking root install
-echo "Faking root install..."
-START=`pwd`
-OPENSSHD_IN=`dirname $0`/opensshd.in
-FAKE_ROOT=$START/package
-[ -d $FAKE_ROOT ]  &&  rm -fr $FAKE_ROOT
-mkdir $FAKE_ROOT
-${MAKE} install-nokeys DESTDIR=$FAKE_ROOT
-if [ $? -gt 0 ]
-then
-        echo "Fake root install failed, stopping."
-        exit 1
-fi
-
-## Fill in some details, like prefix and sysconfdir
-for confvar in prefix exec_prefix bindir sbindir libexecdir datadir mandir sysconfdir piddir
-do
-        eval $confvar=`grep "^$confvar=" Makefile | cut -d = -f 2`
-done
-
-
-## Collect value of privsep user
-for confvar in SSH_PRIVSEP_USER
-do
-        eval $confvar=`awk '/#define[ \t]'$confvar'/{print $3}' config.h`
-done
-
-## Set privsep defaults if not defined
-if [ -z "$SSH_PRIVSEP_USER" ]
-then
-        SSH_PRIVSEP_USER=sshd
-fi
-
-## Extract common info requires for the 'info' part of the package.
-VERSION=`./ssh -V 2>&1 | sed -e 's/,.*//'`
-
-UNAME_S=`uname -s`
-case ${UNAME_S} in
-        SunOS)  UNAME_S=Solaris
-                ARCH=`uname -p`
-                RCS_D=yes
-                DEF_MSG="(default: n)"
-                ;;
-        *)      ARCH=`uname -m`
-                DEF_MSG="\n" ;;
-esac
-
-## Setup our run level stuff while we are at it.
-mkdir -p $FAKE_ROOT${TEST_DIR}/etc/init.d
-
-## setup our initscript correctly
-sed -e "s#%%configDir%%#${sysconfdir}#g"        \
-    -e "s#%%openSSHDir%%#$prefix#g"             \
-    -e "s#%%pidDir%%#${piddir}#g"               \
-        ${OPENSSHD_IN}  > $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME}
-chmod 744 $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME}
-
-[ "${PERMIT_ROOT_LOGIN}" = no ]  &&  \
-        perl -p -i -e "s/#PermitRootLogin yes/PermitRootLogin no/" \
-                $FAKE_ROOT/${sysconfdir}/sshd_config
-[ "${X11_FORWARDING}" = yes ]  &&  \
-        perl -p -i -e "s/#X11Forwarding no/X11Forwarding yes/" \
-                $FAKE_ROOT/${sysconfdir}/sshd_config
-# fix PrintMotd
-perl -p -i -e "s/#PrintMotd yes/PrintMotd no/" \
-        $FAKE_ROOT/${sysconfdir}/sshd_config
-
-# We don't want to overwrite config files on multiple installs
-mv $FAKE_ROOT/${sysconfdir}/ssh_config $FAKE_ROOT/${sysconfdir}/ssh_config.default
-mv $FAKE_ROOT/${sysconfdir}/sshd_config $FAKE_ROOT/${sysconfdir}/sshd_config.default
-[ -f $FAKE_ROOT/${sysconfdir}/ssh_prng_cmds ]  &&  \
-mv $FAKE_ROOT/${sysconfdir}/ssh_prng_cmds $FAKE_ROOT/${sysconfdir}/ssh_prng_cmds.default
-
-cd $FAKE_ROOT
-
-## Ok, this is outright wrong, but it will work.  I'm tired of pkgmk
-## whining.
-for i in *; do
-  PROTO_ARGS="$PROTO_ARGS $i=/$i";
-done
-
-## Build info file
-echo "Building pkginfo file..."
-cat > pkginfo << _EOF
-PKG=$PKGNAME
-NAME="OpenSSH Portable for ${UNAME_S}"
-DESC="Secure Shell remote access utility; replaces telnet and rlogin/rsh."
-VENDOR="OpenSSH Portable Team - http://www.openssh.com/portable.html"
-ARCH=$ARCH
-VERSION=$VERSION
-CATEGORY="Security,application"
-BASEDIR=/
-CLASSES="none"
-_EOF
-
-## Build preinstall file
-echo "Building preinstall file..."
-cat > preinstall << _EOF
-#! /sbin/sh
-#
-[ "\${PRE_INS_STOP}" = "yes" ]  &&  ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop
-exit 0
-_EOF
-
-## Build postinstall file
-echo "Building postinstall file..."
-cat > postinstall << _EOF
-#! /sbin/sh
-#
-[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config ]  ||  \\
-        cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config.default \\
-                \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config
-[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config ]  ||  \\
-        cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config.default \\
-                \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config
-[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds.default ]  &&  {
-        [ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds ]  ||  \\
-        cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds.default \\
-                \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds
-}
-
-# make rc?.d dirs only if we are doing a test install
-[ -n "${TEST_DIR}" ]  &&  {
-        [ "$RCS_D" = yes ]  &&  mkdir -p ${TEST_DIR}/etc/rcS.d
-        mkdir -p ${TEST_DIR}/etc/rc0.d
-        mkdir -p ${TEST_DIR}/etc/rc1.d
-        mkdir -p ${TEST_DIR}/etc/rc2.d
-}
-
-if [ "\${USE_SYM_LINKS}" = yes ]
-then
-        [ "$RCS_D" = yes ]  &&  \
-installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
-        installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
-        installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
-        installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/S98${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
-else
-        [ "$RCS_D" = yes ]  &&  \
-installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
-        installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
-        installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
-        installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/S98${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
-fi
-
-# If piddir doesn't exist we add it. (Ie. --with-pid-dir=/var/opt/ssh)
-[ -d $piddir ]  ||  installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR$piddir d 755 root sys
-
-installf -f ${PKGNAME}
-
-# Use chroot to handle PKG_INSTALL_ROOT
-if [ ! -z "\${PKG_INSTALL_ROOT}" ]
-then
-        chroot="chroot \${PKG_INSTALL_ROOT}"
-fi
-# If this is a test build, we will skip the groupadd/useradd/passwd commands
-if [ ! -z "${TEST_DIR}" ]
-then
-        chroot=echo
-fi
-
-if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' \${PKG_INSTALL_ROOT}/$sysconfdir/sshd_config >/dev/null
-then
-        echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user"
-        echo "or group."
-else
-        echo "UsePrivilegeSeparation enabled in config (or defaulting to on)."
-
-        # create group if required
-        if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
-        then
-                echo "PrivSep group $SSH_PRIVSEP_USER already exists."
-        else
-                # Use gid of 67 if possible
-                if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSHDGID'\$' >/dev/null
-                then
-                        :
-                else
-                        sshdgid="-g $SSHDGID"
-                fi
-                echo "Creating PrivSep group $SSH_PRIVSEP_USER."
-                \$chroot /usr/sbin/groupadd \$sshdgid $SSH_PRIVSEP_USER
-        fi
-
-        # Create user if required
-        if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
-        then
-                echo "PrivSep user $SSH_PRIVSEP_USER already exists."
-        else
-                # Use uid of 67 if possible
-                if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSHDGID'\$' >/dev/null
-                then
-                        :
-                else
-                        sshduid="-u $SSHDUID"
-                fi
-                echo "Creating PrivSep user $SSH_PRIVSEP_USER."
-                \$chroot /usr/sbin/useradd -c 'SSHD PrivSep User' -s /bin/false -g $SSH_PRIVSEP_USER \$sshduid $SSH_PRIVSEP_USER
-                \$chroot /usr/bin/passwd -l $SSH_PRIVSEP_USER
-        fi
-fi
-
-[ "\${POST_INS_START}" = "yes" ]  &&  ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} start
-exit 0
-_EOF
-
-## Build preremove file
-echo "Building preremove file..."
-cat > preremove << _EOF
-#! /sbin/sh
-#
-${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop
-exit 0
-_EOF
-
-## Build request file
-echo "Building request file..."
-cat > request << _EOF
-trap 'exit 3' 15
-USE_SYM_LINKS=no
-PRE_INS_STOP=no
-POST_INS_START=no
-# Use symbolic links?
-ans=\`ckyorn -d n \
--p "Do you want symbolic links for the start/stop scripts? ${DEF_MSG}"\` || exit \$?
-case \$ans in
-        [y,Y]*) USE_SYM_LINKS=yes ;;
-esac
-
-# determine if should restart the daemon
-if [ -s ${piddir}/sshd.pid  -a  -f ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} ]
-then
-        ans=\`ckyorn -d n \
--p "Should the running sshd daemon be restarted? ${DEF_MSG}"\` || exit \$?
-        case \$ans in
-                [y,Y]*) PRE_INS_STOP=yes
-                        POST_INS_START=yes
-                        ;;
-        esac
-
-else
-
-# determine if we should start sshd
-        ans=\`ckyorn -d n \
--p "Start the sshd daemon after installing this package? ${DEF_MSG}"\` || exit \$?
-        case \$ans in
-                [y,Y]*) POST_INS_START=yes ;;
-        esac
-fi
-
-# make parameters available to installation service,
-# and so to any other packaging scripts
-cat >\$1 <<!
-USE_SYM_LINKS='\$USE_SYM_LINKS'
-PRE_INS_STOP='\$PRE_INS_STOP'
-POST_INS_START='\$POST_INS_START'
-!
-exit 0
-
-_EOF
-
-## Build space file
-echo "Building space file..."
-cat > space << _EOF
-# extra space required by start/stop links added by installf in postinstall
-$TEST_DIR/etc/rc0.d/K30${SYSVINIT_NAME} 0 1
-$TEST_DIR/etc/rc1.d/K30${SYSVINIT_NAME} 0 1
-$TEST_DIR/etc/rc2.d/S98${SYSVINIT_NAME} 0 1
-_EOF
-[ "$RCS_D" = yes ]  &&  \
-echo "$TEST_DIR/etc/rcS.d/K30${SYSVINIT_NAME} 0 1" >> space
-
-## Next Build our prototype
-echo "Building prototype file..."
-cat >mk-proto.awk << _EOF
-            BEGIN { print "i pkginfo"; print "i preinstall"; \\
-                    print "i postinstall"; print "i preremove"; \\
-                    print "i request"; print "i space"; \\
-                    split("$SYSTEM_DIR",sys_files); }
-            {
-             for (dir in sys_files) { if ( \$3 != sys_files[dir] )
-                     { \$5="root"; \$6="sys"; }
-                else
-                     { \$4="?"; \$5="?"; \$6="?"; break;}
-            } }
-            { print; }
-_EOF
-find . | egrep -v "prototype|pkginfo|mk-proto.awk" | sort | \
-        pkgproto $PROTO_ARGS | nawk -f mk-proto.awk > prototype
-
-# /usr/local is a symlink on some systems
-[ "${USR_LOCAL_IS_SYMLINK}" = yes ]  &&  {
-        grep -v "^d none /usr/local ? ? ?$" prototype > prototype.new
-        mv prototype.new prototype
-}
-
-## Step back a directory and now build the package.
-echo "Building package.."
-cd ..
-pkgmk -d ${FAKE_ROOT} -f $FAKE_ROOT/prototype -o
-echo | pkgtrans -os ${FAKE_ROOT} ${START}/$PKGNAME-$UNAME_S-$ARCH-$VERSION.pkg
-rm -rf $FAKE_ROOT
-
diff --git a/contrib/solaris/opensshd.in b/contrib/solaris/opensshd.in
deleted file mode 100755
index 50e18deea..000000000
--- a/contrib/solaris/opensshd.in
+++ /dev/null
@@ -1,82 +0,0 @@
-#!/sbin/sh
-# Donated code that was put under PD license.
-#
-# Stripped PRNGd out of it for the time being.
-
-umask 022
-
-CAT=/usr/bin/cat
-KILL=/usr/bin/kill
-
-prefix=%%openSSHDir%%
-etcdir=%%configDir%%
-piddir=%%pidDir%%
-
-SSHD=$prefix/sbin/sshd
-PIDFILE=$piddir/sshd.pid
-SSH_KEYGEN=$prefix/bin/ssh-keygen
-HOST_KEY_RSA1=$etcdir/ssh_host_key
-HOST_KEY_DSA=$etcdir/ssh_host_dsa_key
-HOST_KEY_RSA=$etcdir/ssh_host_rsa_key
-
-
-checkkeys() {
-    if [ ! -f $HOST_KEY_RSA1 ]; then
-        ${SSH_KEYGEN} -t rsa1 -f ${HOST_KEY_RSA1} -N ""
-    fi
-    if [ ! -f $HOST_KEY_DSA ]; then
-        ${SSH_KEYGEN} -t dsa -f ${HOST_KEY_DSA} -N ""
-    fi
-    if [ ! -f $HOST_KEY_RSA ]; then
-        ${SSH_KEYGEN} -t rsa -f ${HOST_KEY_RSA} -N ""
-    fi
-}
-
-stop_service() {
-    if [  -r $PIDFILE  -a  ! -z ${PIDFILE}  ]; then
-        PID=`${CAT} ${PIDFILE}`
-    fi
-    if [  ${PID:=0} -gt 1 -a  ! "X$PID" = "X "  ]; then
-        ${KILL} ${PID}
-    else
-        echo "Unable to read PID file"
-    fi
-}
-
-start_service() {
-    # XXX We really should check if the service is already going, but
-    # XXX we will opt out at this time. - Bal
-
-    # Check to see if we have keys that need to be made
-    checkkeys
-
-    # Start SSHD
-    echo "starting $SSHD... \c"         ; $SSHD
-
-    sshd_rc=$?
-    if [ $sshd_rc -ne 0 ]; then
-        echo "$0: Error ${sshd_rc} starting ${SSHD}... bailing."
-        exit $sshd_rc
-    fi
-    echo done.
-}
-
-case $1 in
-
-'start')
-    start_service
-    ;;
-
-'stop')
-    stop_service
-    ;;
-
-'restart')
-    stop_service
-    start_service
-    ;;
-
-*)
-    echo "$0:  usage:  $0 {start|stop|restart}"
-    ;;
-esac
diff --git a/contrib/ssh-copy-id b/contrib/ssh-copy-id
index acd36d398..df74d25c8 100644
--- a/contrib/ssh-copy-id
+++ b/contrib/ssh-copy-id
@@ -1,11 +1,11 @@
 #!/bin/sh
 
-# Shell script to install your identity.pub on a remote machine
+# Shell script to install your public key on a remote machine
 # Takes the remote machine name as an argument.
 # Obviously, the remote machine must accept password authentication,
 # or one of the other keys in your ssh-agent, for this to work.
 
-ID_FILE="${HOME}/.ssh/identity.pub"
+ID_FILE="${HOME}/.ssh/id_rsa.pub"
 
 if [ "-i" = "$1" ]; then
   shift
diff --git a/contrib/ssh-copy-id.1 b/contrib/ssh-copy-id.1
index b331fa149..f25ed01f2 100644
--- a/contrib/ssh-copy-id.1
+++ b/contrib/ssh-copy-id.1
@@ -18,7 +18,7 @@ the original English.
 ..
 .TH SSH-COPY-ID 1 "14 November 1999" "OpenSSH"
 .SH NAME
-ssh-copy-id \- install your identity.pub in a remote machine's authorized_keys
+ssh-copy-id \- install your public key in a remote machine's authorized_keys
 .SH SYNOPSIS
 .B ssh-copy-id [-i [identity_file]]
 .I "[user@]machine"
@@ -42,7 +42,7 @@ set in its configuration).
 If the
 .B -i
 option is given then the identity file (defaults to
-.BR ~/.ssh/identity.pub )
+.BR ~/.ssh/id_rsa.pub )
 is used, regardless of whether there are any keys in your
 .BR ssh-agent .
 Otherwise, if this:
diff --git a/contrib/sshd.pam.generic b/contrib/sshd.pam.generic
index cf5af3024..215f0fe30 100644
--- a/contrib/sshd.pam.generic
+++ b/contrib/sshd.pam.generic
@@ -1,6 +1,6 @@
 #%PAM-1.0
 auth       required     /lib/security/pam_unix.so shadow nodelay
-auth       required     /lib/security/pam_nologin.so
+account    required     /lib/security/pam_nologin.so
 account    required     /lib/security/pam_unix.so
 password   required     /lib/security/pam_cracklib.so
 password   required     /lib/security/pam_unix.so shadow nullok use_authtok
diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec
index 7bd9e0569..62f43e137 100644
--- a/contrib/suse/openssh.spec
+++ b/contrib/suse/openssh.spec
@@ -13,7 +13,7 @@
 
 Summary:        OpenSSH, a free Secure Shell (SSH) protocol implementation
 Name:           openssh
-Version:        5.1p1
+Version:        5.2p1
 URL:            http://www.openssh.com/
 Release:        1
 Source0:        openssh-%{version}.tar.gz
@@ -200,7 +200,7 @@ fi
 
 %files
 %defattr(-,root,root)
-%doc ChangeLog OVERVIEW README*
+%doc ChangeLog OVERVIEW README* PROTOCOL*
 %doc TODO CREDITS LICENCE
 %attr(0755,root,root) %dir %{_sysconfdir}/ssh
 %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config
diff --git a/contrib/suse/rc.sshd b/contrib/suse/rc.sshd
index 573960bfa..4d4880d7e 100644
--- a/contrib/suse/rc.sshd
+++ b/contrib/suse/rc.sshd
@@ -45,17 +45,17 @@ case "$1" in
     start)
         if ! test -f /etc/ssh/ssh_host_key ; then
             echo Generating /etc/ssh/ssh_host_key.
-            ssh-keygen -t rsa1 -b 1024 -f /etc/ssh/ssh_host_key -N ''
+            ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N ''
         fi
         if ! test -f /etc/ssh/ssh_host_dsa_key ; then
             echo Generating /etc/ssh/ssh_host_dsa_key.
             
-            ssh-keygen -t dsa -b 1024 -f /etc/ssh/ssh_host_dsa_key -N ''
+            ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
         fi
         if ! test -f /etc/ssh/ssh_host_rsa_key ; then
             echo Generating /etc/ssh/ssh_host_rsa_key.
             
-            ssh-keygen -t rsa -b 1024 -f /etc/ssh/ssh_host_rsa_key -N ''
+            ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
         fi
         echo -n "Starting SSH daemon"
         ## Start daemon with startproc(8). If this fails