[ Christian Ehrhardt ]

Fix unintentional restriction of authorized keys environment options to be alphanumeric (LP: #1771011)
author: Christian Ehrhardt <christian.ehrhardt@canonical.com> 2018-06-28 15:43:13 +0200
committer: Christian Ehrhardt <christian.ehrhardt@canonical.com> 2018-06-28 15:43:14 +0200
commit: 92d266b9e75233afd4a1ce663f062b7e9a843e65 (patch)
tree: c23159a23239438f10da5f025ca2297ad44ca9d5 /debian/patches/gssapi.patch
parent: 970f1c25f7c73067f2f07e2e64c88201c90ff490 (diff)
parent: 60256f28189c3d0650a78e737eb0ca4753478a4b (diff)
1 files changed, 54 insertions, 54 deletions
diff --git a/debian/patches/gssapi.patch b/debian/patches/gssapi.patch
index a67ebced0..d47b0a796 100644
--- a/debian/patches/gssapi.patch
+++ b/debian/patches/gssapi.patch
@@ -21,37 +21,37 @@ Last-Updated: 2017-10-04
 Patch-Name: gssapi.patch
 ---
- ChangeLog.gssapi | 113 +++++++++++++++++++
+ ChangeLog.gssapi | 113 ++++++++++++++++
 Makefile.in      |   3 +-
 auth-krb5.c      |  17 ++-
- auth.c           |  96 +---------------
+ auth.c           |  96 +-------------
- auth2-gss.c      |  49 +++++++-
+ auth2-gss.c      |  49 ++++++-
 auth2.c          |   2 +
- canohost.c       |  93 +++++++++++++++
+ canohost.c       |  93 +++++++++++++
 canohost.h       |   3 +
 clientloop.c     |  15 ++-
 config.h.in      |   6 +
 configure.ac     |  24 ++++
- gss-genr.c       | 275 +++++++++++++++++++++++++++++++++++++++++++-
+ gss-genr.c       | 275 +++++++++++++++++++++++++++++++++++++-
- gss-serv-krb5.c  |  85 ++++++++++++--
+ gss-serv-krb5.c  |  85 +++++++++++-
- gss-serv.c       | 184 +++++++++++++++++++++++++++---
+ gss-serv.c       | 184 ++++++++++++++++++++++++--
- kex.c            |  19 ++++
+ kex.c            |  19 +++
- kex.h            |  14 +++
+ kex.h            |  14 ++
- kexgssc.c        | 338 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ kexgssc.c        | 338 +++++++++++++++++++++++++++++++++++++++++++++++
- kexgsss.c        | 295 ++++++++++++++++++++++++++++++++++++++++++++++++
+ kexgsss.c        | 295 +++++++++++++++++++++++++++++++++++++++++
- monitor.c        | 115 +++++++++++++++++--
+ monitor.c        | 115 ++++++++++++++--
 monitor.h        |   3 +
- monitor_wrap.c   |  47 +++++++-
+ monitor_wrap.c   |  47 ++++++-
 monitor_wrap.h   |   4 +-
- readconf.c       |  43 +++++++
+ readconf.c       |  43 ++++++
 readconf.h       |   5 +
- servconf.c       |  26 +++++
+ servconf.c       |  26 ++++
 servconf.h       |   2 +
- ssh-gss.h        |  41 ++++++-
+ ssh-gss.h        |  41 +++++-
 ssh_config       |   2 +
- ssh_config.5     |  32 ++++++
+ ssh_config.5     |  32 +++++
- sshconnect2.c    | 131 ++++++++++++++++++++-
+ sshconnect2.c    | 131 +++++++++++++++++-
- sshd.c           | 112 +++++++++++++++++-
+ sshd.c           | 112 +++++++++++++++-
 sshd_config      |   2 +
 sshd_config.5    |  10 ++
 sshkey.c         |   3 +-
@@ -63,7 +63,7 @@ Patch-Name: gssapi.patch
 diff --git a/ChangeLog.gssapi b/ChangeLog.gssapi
 new file mode 100644
-index 00000000..f117a336
+index 000000000..f117a336a
 --- /dev/null
 +++ b/ChangeLog.gssapi
 @@ -0,0 +1,113 @@
@@ -181,7 +181,7 @@ index 00000000..f117a336
 +    (from jbasney AT ncsa.uiuc.edu)
 +    <gssapi-with-mic support is Bugzilla #1008>
 diff --git a/Makefile.in b/Makefile.in
-index 04e1c8e5..6f3f042b 100644
+index 04e1c8e53..6f3f042b1 100644
 --- a/Makefile.in
 +++ b/Makefile.in
 @@ -100,6 +100,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
@@ -202,7 +202,7 @@ index 04e1c8e5..6f3f042b 100644
        sftp-server.o sftp-common.o \
        sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
 diff --git a/auth-krb5.c b/auth-krb5.c
-index a5a81ed2..38e7fee2 100644
+index a5a81ed2e..38e7fee21 100644
 --- a/auth-krb5.c
 +++ b/auth-krb5.c
 @@ -182,8 +182,13 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
@@ -253,7 +253,7 @@ index a5a81ed2..38e7fee2 100644
        return (krb5_cc_resolve(ctx, ccname, ccache));
 }
 diff --git a/auth.c b/auth.c
-index 63366768..76d586e3 100644
+index 63366768a..76d586e31 100644
 --- a/auth.c
 +++ b/auth.c
 @@ -396,7 +396,8 @@ auth_root_allowed(struct ssh *ssh, const char *method)
@@ -367,7 +367,7 @@ index 63366768..76d586e3 100644
  * Return the canonical name of the host in the other side of the current
  * connection.  The host name is cached, so it is efficient to call this
 diff --git a/auth2-gss.c b/auth2-gss.c
-index 589283b7..fd411d3a 100644
+index 589283b72..fd411d3a7 100644
 --- a/auth2-gss.c
 +++ b/auth2-gss.c
 @@ -1,7 +1,7 @@
@@ -455,7 +455,7 @@ index 589283b7..fd411d3a 100644
        "gssapi-with-mic",
        userauth_gssapi,
 diff --git a/auth2.c b/auth2.c
-index e0034229..c34f58c4 100644
+index e0034229a..c34f58c45 100644
 --- a/auth2.c
 +++ b/auth2.c
 @@ -72,6 +72,7 @@ extern Authmethod method_passwd;
@@ -475,7 +475,7 @@ index e0034229..c34f58c4 100644
 #endif
        &method_passwd,
 diff --git a/canohost.c b/canohost.c
-index f71a0856..404731d2 100644
+index f71a08568..404731d24 100644
 --- a/canohost.c
 +++ b/canohost.c
 @@ -35,6 +35,99 @@
@@ -579,7 +579,7 @@ index f71a0856..404731d2 100644
 ipv64_normalise_mapped(struct sockaddr_storage *addr, socklen_t *len)
 {
 diff --git a/canohost.h b/canohost.h
-index 26d62855..0cadc9f1 100644
+index 26d62855a..0cadc9f18 100644
 --- a/canohost.h
 +++ b/canohost.h
 @@ -15,6 +15,9 @@
@@ -593,7 +593,7 @@ index 26d62855..0cadc9f1 100644
 int             get_peer_port(int);
 char           *get_local_ipaddr(int);
 diff --git a/clientloop.c b/clientloop.c
-index 7bcf22e3..ef803e98 100644
+index 7bcf22e38..ef803e985 100644
 --- a/clientloop.c
 +++ b/clientloop.c
 @@ -112,6 +112,10 @@
@@ -628,7 +628,7 @@ index 7bcf22e3..ef803e98 100644
                client_process_net_input(readset);
 
 diff --git a/config.h.in b/config.h.in
-index 57208740..4c9545c7 100644
+index 572087407..4c9545c78 100644
 --- a/config.h.in
 +++ b/config.h.in
 @@ -1746,6 +1746,9 @@
@@ -652,7 +652,7 @@ index 57208740..4c9545c7 100644
 #undef USE_SOLARIS_PRIVS
 
 diff --git a/configure.ac b/configure.ac
-index 663062be..1cd5eab6 100644
+index 663062bef..1cd5eab6c 100644
 --- a/configure.ac
 +++ b/configure.ac
 @@ -664,6 +664,30 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
@@ -687,7 +687,7 @@ index 663062be..1cd5eab6 100644
        AC_CHECK_DECL([AU_IPv4], [],
            AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records])
 diff --git a/gss-genr.c b/gss-genr.c
-index 62559ed9..0b3ae073 100644
+index 62559ed9e..0b3ae073c 100644
 --- a/gss-genr.c
 +++ b/gss-genr.c
 @@ -1,7 +1,7 @@
@@ -1038,7 +1038,7 @@ index 62559ed9..0b3ae073 100644
 +
 #endif /* GSSAPI */
 diff --git a/gss-serv-krb5.c b/gss-serv-krb5.c
-index 795992d9..fd8b3718 100644
+index 795992d9f..fd8b37183 100644
 --- a/gss-serv-krb5.c
 +++ b/gss-serv-krb5.c
 @@ -1,7 +1,7 @@
@@ -1164,7 +1164,7 @@ index 795992d9..fd8b3718 100644
 
 #endif /* KRB5 */
 diff --git a/gss-serv.c b/gss-serv.c
-index 6cae720e..967c6cfb 100644
+index 6cae720e5..967c6cfbc 100644
 --- a/gss-serv.c
 +++ b/gss-serv.c
 @@ -1,7 +1,7 @@
@@ -1435,7 +1435,7 @@ index 6cae720e..967c6cfb 100644
 
 /* Privileged */
 diff --git a/kex.c b/kex.c
-index 15ea28b0..6cc2935f 100644
+index 15ea28b07..6cc2935fe 100644
 --- a/kex.c
 +++ b/kex.c
 @@ -54,6 +54,10 @@
@@ -1486,7 +1486,7 @@ index 15ea28b0..6cc2935f 100644
        free(kex->server_version_string);
        free(kex->failed_choice);
 diff --git a/kex.h b/kex.h
-index 01bb3986..a708e486 100644
+index 01bb3986a..a708e4868 100644
 --- a/kex.h
 +++ b/kex.h
 @@ -99,6 +99,9 @@ enum kex_exchange {
@@ -1526,7 +1526,7 @@ index 01bb3986..a708e486 100644
     const BIGNUM *, const BIGNUM *, const BIGNUM *, u_char *, size_t *);
 diff --git a/kexgssc.c b/kexgssc.c
 new file mode 100644
-index 00000000..10447f2b
+index 000000000..10447f2b0
 --- /dev/null
 +++ b/kexgssc.c
 @@ -0,0 +1,338 @@
@@ -1870,7 +1870,7 @@ index 00000000..10447f2b
 +#endif /* GSSAPI */
 diff --git a/kexgsss.c b/kexgsss.c
 new file mode 100644
-index 00000000..38ca082b
+index 000000000..38ca082ba
 --- /dev/null
 +++ b/kexgsss.c
 @@ -0,0 +1,295 @@
@@ -2170,7 +2170,7 @@ index 00000000..38ca082b
 +}
 +#endif /* GSSAPI */
 diff --git a/monitor.c b/monitor.c
-index c68e1b0d..868fb0d2 100644
+index c68e1b0d9..868fb0d2d 100644
 --- a/monitor.c
 +++ b/monitor.c
 @@ -158,6 +158,8 @@ int mm_answer_gss_setup_ctx(int, Buffer *);
@@ -2371,7 +2371,7 @@ index c68e1b0d..868fb0d2 100644
 #endif /* GSSAPI */
 
 diff --git a/monitor.h b/monitor.h
-index d68f6745..ec41404c 100644
+index d68f67458..ec41404c7 100644
 --- a/monitor.h
 +++ b/monitor.h
 @@ -65,6 +65,9 @@ enum monitor_reqtype {
@@ -2385,7 +2385,7 @@ index d68f6745..ec41404c 100644
 
 struct monitor {
 diff --git a/monitor_wrap.c b/monitor_wrap.c
-index 9666bda4..e749efc1 100644
+index 9666bda4b..e749efc18 100644
 --- a/monitor_wrap.c
 +++ b/monitor_wrap.c
 @@ -943,7 +943,7 @@ mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic)
@@ -2449,7 +2449,7 @@ index 9666bda4..e749efc1 100644
 #endif /* GSSAPI */
 
 diff --git a/monitor_wrap.h b/monitor_wrap.h
-index 76233270..0970d1f8 100644
+index 762332704..0970d1f87 100644
 --- a/monitor_wrap.h
 +++ b/monitor_wrap.h
 @@ -60,8 +60,10 @@ int mm_sshkey_verify(const struct sshkey *, const u_char *, size_t,
@@ -2465,7 +2465,7 @@ index 76233270..0970d1f8 100644
 
 #ifdef USE_PAM
 diff --git a/readconf.c b/readconf.c
-index 88051db5..c8e79299 100644
+index 88051db57..c8e792991 100644
 --- a/readconf.c
 +++ b/readconf.c
 @@ -160,6 +160,8 @@ typedef enum {
@@ -2558,7 +2558,7 @@ index 88051db5..c8e79299 100644
                options->password_authentication = 1;
        if (options->kbd_interactive_authentication == -1)
 diff --git a/readconf.h b/readconf.h
-index f4d9e2b2..f469daaf 100644
+index f4d9e2b26..f469daaff 100644
 --- a/readconf.h
 +++ b/readconf.h
 @@ -42,7 +42,12 @@ typedef struct {
@@ -2575,7 +2575,7 @@ index f4d9e2b2..f469daaf 100644
                                                 * authentication. */
        int     kbd_interactive_authentication; /* Try keyboard-interactive auth. */
 diff --git a/servconf.c b/servconf.c
-index 0f0d0906..cbbea05b 100644
+index 0f0d09068..cbbea05bf 100644
 --- a/servconf.c
 +++ b/servconf.c
 @@ -123,8 +123,10 @@ initialize_server_options(ServerOptions *options)
@@ -2667,7 +2667,7 @@ index 0f0d0906..cbbea05b 100644
        dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication);
        dump_cfg_fmtint(sKbdInteractiveAuthentication,
 diff --git a/servconf.h b/servconf.h
-index 37a0fb1a..5dfc9bc0 100644
+index 37a0fb1a3..5dfc9bc02 100644
 --- a/servconf.h
 +++ b/servconf.h
 @@ -130,8 +130,10 @@ typedef struct {
@@ -2682,7 +2682,7 @@ index 37a0fb1a..5dfc9bc0 100644
                                                 * authentication. */
        int     kbd_interactive_authentication; /* If true, permit */
 diff --git a/ssh-gss.h b/ssh-gss.h
-index 6593e422..919660a0 100644
+index 6593e422d..919660a03 100644
 --- a/ssh-gss.h
 +++ b/ssh-gss.h
 @@ -1,6 +1,6 @@
@@ -2786,7 +2786,7 @@ index 6593e422..919660a0 100644
 
 #endif /* _SSH_GSS_H */
 diff --git a/ssh_config b/ssh_config
-index c12f5ef5..bcb9f153 100644
+index c12f5ef52..bcb9f153d 100644
 --- a/ssh_config
 +++ b/ssh_config
 @@ -24,6 +24,8 @@
@@ -2799,7 +2799,7 @@ index c12f5ef5..bcb9f153 100644
 #   CheckHostIP yes
 #   AddressFamily any
 diff --git a/ssh_config.5 b/ssh_config.5
-index 71705cab..66826aa7 100644
+index 71705cabd..66826aa70 100644
 --- a/ssh_config.5
 +++ b/ssh_config.5
 @@ -727,10 +727,42 @@ The default is
@@ -2846,7 +2846,7 @@ index 71705cab..66826aa7 100644
 Indicates that
 .Xr ssh 1
 diff --git a/sshconnect2.c b/sshconnect2.c
-index 1f4a74cf..83562c68 100644
+index 1f4a74cf4..83562c688 100644
 --- a/sshconnect2.c
 +++ b/sshconnect2.c
 @@ -162,6 +162,11 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
@@ -3063,7 +3063,7 @@ index 1f4a74cf..83562c68 100644
 
 int
 diff --git a/sshd.c b/sshd.c
-index fd95b681..e88185ef 100644
+index fd95b681b..e88185efa 100644
 --- a/sshd.c
 +++ b/sshd.c
 @@ -123,6 +123,10 @@
@@ -3225,7 +3225,7 @@ index fd95b681..e88185ef 100644
        kex->client_version_string=client_version_string;
        kex->server_version_string=server_version_string;
 diff --git a/sshd_config b/sshd_config
-index 3109d5d7..86263d71 100644
+index 3109d5d73..86263d713 100644
 --- a/sshd_config
 +++ b/sshd_config
 @@ -69,6 +69,8 @@ AuthorizedKeysFile    .ssh/authorized_keys
@@ -3238,7 +3238,7 @@ index 3109d5d7..86263d71 100644
 # Set this to 'yes' to enable PAM authentication, account processing,
 # and session processing. If this is enabled, PAM authentication will
 diff --git a/sshd_config.5 b/sshd_config.5
-index e3c7c393..c4a3f3cb 100644
+index e3c7c3936..c4a3f3cb2 100644
 --- a/sshd_config.5
 +++ b/sshd_config.5
 @@ -636,6 +636,11 @@ The default is
@@ -3266,7 +3266,7 @@ index e3c7c393..c4a3f3cb 100644
 Specifies the key types that will be accepted for hostbased authentication
 as a comma-separated pattern list.
 diff --git a/sshkey.c b/sshkey.c
-index 7712fba2..08887286 100644
+index 7712fba23..088872860 100644
 --- a/sshkey.c
 +++ b/sshkey.c
 @@ -122,6 +122,7 @@ static const struct keytype keytypes[] = {
@@ -3287,7 +3287,7 @@ index 7712fba2..08887286 100644
                if (!include_sigonly && kt->sigonly)
                        continue;
 diff --git a/sshkey.h b/sshkey.h
-index 155cd45a..4e89049f 100644
+index 155cd45ae..4e89049f1 100644
 --- a/sshkey.h
 +++ b/sshkey.h
 @@ -63,6 +63,7 @@ enum sshkey_types {
author	Christian Ehrhardt <christian.ehrhardt@canonical.com>	2018-06-28 15:43:13 +0200
committer	Christian Ehrhardt <christian.ehrhardt@canonical.com>	2018-06-28 15:43:14 +0200
commit	92d266b9e75233afd4a1ce663f062b7e9a843e65 (patch)
tree	c23159a23239438f10da5f025ca2297ad44ca9d5 /debian/patches/gssapi.patch
parent	970f1c25f7c73067f2f07e2e64c88201c90ff490 (diff)
parent	60256f28189c3d0650a78e737eb0ca4753478a4b (diff)

diff --git a/debian/patches/gssapi.patch b/debian/patches/gssapi.patch index a67ebced0..d47b0a796 100644 --- a/debian/patches/gssapi.patch +++ b/debian/patches/gssapi.patch
@@ -21,37 +21,37 @@ Last-Updated: 2017-10-04
21		21
22	Patch-Name: gssapi.patch	22	Patch-Name: gssapi.patch
23	---	23	---
24	ChangeLog.gssapi \| 113 +++++++++++++++++++	24	ChangeLog.gssapi \| 113 ++++++++++++++++
25	Makefile.in \| 3 +-	25	Makefile.in \| 3 +-
26	auth-krb5.c \| 17 ++-	26	auth-krb5.c \| 17 ++-
27	auth.c \| 96 +---------------	27	auth.c \| 96 +-------------
28	auth2-gss.c \| 49 +++++++-	28	auth2-gss.c \| 49 ++++++-
29	auth2.c \| 2 +	29	auth2.c \| 2 +
30	canohost.c \| 93 +++++++++++++++	30	canohost.c \| 93 +++++++++++++
31	canohost.h \| 3 +	31	canohost.h \| 3 +
32	clientloop.c \| 15 ++-	32	clientloop.c \| 15 ++-
33	config.h.in \| 6 +	33	config.h.in \| 6 +
34	configure.ac \| 24 ++++	34	configure.ac \| 24 ++++
35	gss-genr.c \| 275 +++++++++++++++++++++++++++++++++++++++++++-	35	gss-genr.c \| 275 +++++++++++++++++++++++++++++++++++++-
36	gss-serv-krb5.c \| 85 ++++++++++++--	36	gss-serv-krb5.c \| 85 +++++++++++-
37	gss-serv.c \| 184 +++++++++++++++++++++++++++---	37	gss-serv.c \| 184 ++++++++++++++++++++++++--
38	kex.c \| 19 ++++	38	kex.c \| 19 +++
39	kex.h \| 14 +++	39	kex.h \| 14 ++
40	kexgssc.c \| 338 +++++++++++++++++++++++++++++++++++++++++++++++++++++++	40	kexgssc.c \| 338 +++++++++++++++++++++++++++++++++++++++++++++++
41	kexgsss.c \| 295 ++++++++++++++++++++++++++++++++++++++++++++++++	41	kexgsss.c \| 295 +++++++++++++++++++++++++++++++++++++++++
42	monitor.c \| 115 +++++++++++++++++--	42	monitor.c \| 115 ++++++++++++++--
43	monitor.h \| 3 +	43	monitor.h \| 3 +
44	monitor_wrap.c \| 47 +++++++-	44	monitor_wrap.c \| 47 ++++++-
45	monitor_wrap.h \| 4 +-	45	monitor_wrap.h \| 4 +-
46	readconf.c \| 43 +++++++	46	readconf.c \| 43 ++++++
47	readconf.h \| 5 +	47	readconf.h \| 5 +
48	servconf.c \| 26 +++++	48	servconf.c \| 26 ++++
49	servconf.h \| 2 +	49	servconf.h \| 2 +
50	ssh-gss.h \| 41 ++++++-	50	ssh-gss.h \| 41 +++++-
51	ssh_config \| 2 +	51	ssh_config \| 2 +
52	ssh_config.5 \| 32 ++++++	52	ssh_config.5 \| 32 +++++
53	sshconnect2.c \| 131 ++++++++++++++++++++-	53	sshconnect2.c \| 131 +++++++++++++++++-
54	sshd.c \| 112 +++++++++++++++++-	54	sshd.c \| 112 +++++++++++++++-
55	sshd_config \| 2 +	55	sshd_config \| 2 +
56	sshd_config.5 \| 10 ++	56	sshd_config.5 \| 10 ++
57	sshkey.c \| 3 +-	57	sshkey.c \| 3 +-
@@ -63,7 +63,7 @@ Patch-Name: gssapi.patch
63		63
64	diff --git a/ChangeLog.gssapi b/ChangeLog.gssapi	64	diff --git a/ChangeLog.gssapi b/ChangeLog.gssapi
65	new file mode 100644	65	new file mode 100644
66	index 00000000..f117a336	66	index 000000000..f117a336a
67	--- /dev/null	67	--- /dev/null
68	+++ b/ChangeLog.gssapi	68	+++ b/ChangeLog.gssapi
69	@@ -0,0 +1,113 @@	69	@@ -0,0 +1,113 @@
@@ -181,7 +181,7 @@ index 00000000..f117a336
181	+ (from jbasney AT ncsa.uiuc.edu)	181	+ (from jbasney AT ncsa.uiuc.edu)
182	+ <gssapi-with-mic support is Bugzilla #1008>	182	+ <gssapi-with-mic support is Bugzilla #1008>
183	diff --git a/Makefile.in b/Makefile.in	183	diff --git a/Makefile.in b/Makefile.in
184	index 04e1c8e5..6f3f042b 100644	184	index 04e1c8e53..6f3f042b1 100644
185	--- a/Makefile.in	185	--- a/Makefile.in
186	+++ b/Makefile.in	186	+++ b/Makefile.in
187	@@ -100,6 +100,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \	187	@@ -100,6 +100,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
@@ -202,7 +202,7 @@ index 04e1c8e5..6f3f042b 100644
202	sftp-server.o sftp-common.o \	202	sftp-server.o sftp-common.o \
203	sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \	203	sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
204	diff --git a/auth-krb5.c b/auth-krb5.c	204	diff --git a/auth-krb5.c b/auth-krb5.c
205	index a5a81ed2..38e7fee2 100644	205	index a5a81ed2e..38e7fee21 100644
206	--- a/auth-krb5.c	206	--- a/auth-krb5.c
207	+++ b/auth-krb5.c	207	+++ b/auth-krb5.c
208	@@ -182,8 +182,13 @@ auth_krb5_password(Authctxt authctxt, const char password)	208	@@ -182,8 +182,13 @@ auth_krb5_password(Authctxt authctxt, const char password)
@@ -253,7 +253,7 @@ index a5a81ed2..38e7fee2 100644
253	return (krb5_cc_resolve(ctx, ccname, ccache));	253	return (krb5_cc_resolve(ctx, ccname, ccache));
254	}	254	}
255	diff --git a/auth.c b/auth.c	255	diff --git a/auth.c b/auth.c
256	index 63366768..76d586e3 100644	256	index 63366768a..76d586e31 100644
257	--- a/auth.c	257	--- a/auth.c
258	+++ b/auth.c	258	+++ b/auth.c
259	@@ -396,7 +396,8 @@ auth_root_allowed(struct ssh ssh, const char method)	259	@@ -396,7 +396,8 @@ auth_root_allowed(struct ssh ssh, const char method)
@@ -367,7 +367,7 @@ index 63366768..76d586e3 100644
367	* Return the canonical name of the host in the other side of the current	367	* Return the canonical name of the host in the other side of the current
368	* connection. The host name is cached, so it is efficient to call this	368	* connection. The host name is cached, so it is efficient to call this
369	diff --git a/auth2-gss.c b/auth2-gss.c	369	diff --git a/auth2-gss.c b/auth2-gss.c
370	index 589283b7..fd411d3a 100644	370	index 589283b72..fd411d3a7 100644
371	--- a/auth2-gss.c	371	--- a/auth2-gss.c
372	+++ b/auth2-gss.c	372	+++ b/auth2-gss.c
373	@@ -1,7 +1,7 @@	373	@@ -1,7 +1,7 @@
@@ -455,7 +455,7 @@ index 589283b7..fd411d3a 100644
455	"gssapi-with-mic",	455	"gssapi-with-mic",
456	userauth_gssapi,	456	userauth_gssapi,
457	diff --git a/auth2.c b/auth2.c	457	diff --git a/auth2.c b/auth2.c
458	index e0034229..c34f58c4 100644	458	index e0034229a..c34f58c45 100644
459	--- a/auth2.c	459	--- a/auth2.c
460	+++ b/auth2.c	460	+++ b/auth2.c
461	@@ -72,6 +72,7 @@ extern Authmethod method_passwd;	461	@@ -72,6 +72,7 @@ extern Authmethod method_passwd;
@@ -475,7 +475,7 @@ index e0034229..c34f58c4 100644
475	#endif	475	#endif
476	&method_passwd,	476	&method_passwd,
477	diff --git a/canohost.c b/canohost.c	477	diff --git a/canohost.c b/canohost.c
478	index f71a0856..404731d2 100644	478	index f71a08568..404731d24 100644
479	--- a/canohost.c	479	--- a/canohost.c
480	+++ b/canohost.c	480	+++ b/canohost.c
481	@@ -35,6 +35,99 @@	481	@@ -35,6 +35,99 @@
@@ -579,7 +579,7 @@ index f71a0856..404731d2 100644
579	ipv64_normalise_mapped(struct sockaddr_storage addr, socklen_t len)	579	ipv64_normalise_mapped(struct sockaddr_storage addr, socklen_t len)
580	{	580	{
581	diff --git a/canohost.h b/canohost.h	581	diff --git a/canohost.h b/canohost.h
582	index 26d62855..0cadc9f1 100644	582	index 26d62855a..0cadc9f18 100644
583	--- a/canohost.h	583	--- a/canohost.h
584	+++ b/canohost.h	584	+++ b/canohost.h
585	@@ -15,6 +15,9 @@	585	@@ -15,6 +15,9 @@
@@ -593,7 +593,7 @@ index 26d62855..0cadc9f1 100644
593	int get_peer_port(int);	593	int get_peer_port(int);
594	char *get_local_ipaddr(int);	594	char *get_local_ipaddr(int);
595	diff --git a/clientloop.c b/clientloop.c	595	diff --git a/clientloop.c b/clientloop.c
596	index 7bcf22e3..ef803e98 100644	596	index 7bcf22e38..ef803e985 100644
597	--- a/clientloop.c	597	--- a/clientloop.c
598	+++ b/clientloop.c	598	+++ b/clientloop.c
599	@@ -112,6 +112,10 @@	599	@@ -112,6 +112,10 @@
@@ -628,7 +628,7 @@ index 7bcf22e3..ef803e98 100644
628	client_process_net_input(readset);	628	client_process_net_input(readset);
629		629
630	diff --git a/config.h.in b/config.h.in	630	diff --git a/config.h.in b/config.h.in
631	index 57208740..4c9545c7 100644	631	index 572087407..4c9545c78 100644
632	--- a/config.h.in	632	--- a/config.h.in
633	+++ b/config.h.in	633	+++ b/config.h.in
634	@@ -1746,6 +1746,9 @@	634	@@ -1746,6 +1746,9 @@
@@ -652,7 +652,7 @@ index 57208740..4c9545c7 100644
652	#undef USE_SOLARIS_PRIVS	652	#undef USE_SOLARIS_PRIVS
653		653
654	diff --git a/configure.ac b/configure.ac	654	diff --git a/configure.ac b/configure.ac
655	index 663062be..1cd5eab6 100644	655	index 663062bef..1cd5eab6c 100644
656	--- a/configure.ac	656	--- a/configure.ac
657	+++ b/configure.ac	657	+++ b/configure.ac
658	@@ -664,6 +664,30 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))	658	@@ -664,6 +664,30 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
@@ -687,7 +687,7 @@ index 663062be..1cd5eab6 100644
687	AC_CHECK_DECL([AU_IPv4], [],	687	AC_CHECK_DECL([AU_IPv4], [],
688	AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records])	688	AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records])
689	diff --git a/gss-genr.c b/gss-genr.c	689	diff --git a/gss-genr.c b/gss-genr.c
690	index 62559ed9..0b3ae073 100644	690	index 62559ed9e..0b3ae073c 100644
691	--- a/gss-genr.c	691	--- a/gss-genr.c
692	+++ b/gss-genr.c	692	+++ b/gss-genr.c
693	@@ -1,7 +1,7 @@	693	@@ -1,7 +1,7 @@
@@ -1038,7 +1038,7 @@ index 62559ed9..0b3ae073 100644
1038	+	1038	+
1039	#endif /* GSSAPI */	1039	#endif /* GSSAPI */
1040	diff --git a/gss-serv-krb5.c b/gss-serv-krb5.c	1040	diff --git a/gss-serv-krb5.c b/gss-serv-krb5.c
1041	index 795992d9..fd8b3718 100644	1041	index 795992d9f..fd8b37183 100644
1042	--- a/gss-serv-krb5.c	1042	--- a/gss-serv-krb5.c
1043	+++ b/gss-serv-krb5.c	1043	+++ b/gss-serv-krb5.c
1044	@@ -1,7 +1,7 @@	1044	@@ -1,7 +1,7 @@
@@ -1164,7 +1164,7 @@ index 795992d9..fd8b3718 100644
1164		1164
1165	#endif /* KRB5 */	1165	#endif /* KRB5 */
1166	diff --git a/gss-serv.c b/gss-serv.c	1166	diff --git a/gss-serv.c b/gss-serv.c
1167	index 6cae720e..967c6cfb 100644	1167	index 6cae720e5..967c6cfbc 100644
1168	--- a/gss-serv.c	1168	--- a/gss-serv.c
1169	+++ b/gss-serv.c	1169	+++ b/gss-serv.c
1170	@@ -1,7 +1,7 @@	1170	@@ -1,7 +1,7 @@
@@ -1435,7 +1435,7 @@ index 6cae720e..967c6cfb 100644
1435		1435
1436	/* Privileged */	1436	/* Privileged */
1437	diff --git a/kex.c b/kex.c	1437	diff --git a/kex.c b/kex.c
1438	index 15ea28b0..6cc2935f 100644	1438	index 15ea28b07..6cc2935fe 100644
1439	--- a/kex.c	1439	--- a/kex.c
1440	+++ b/kex.c	1440	+++ b/kex.c
1441	@@ -54,6 +54,10 @@	1441	@@ -54,6 +54,10 @@
@@ -1486,7 +1486,7 @@ index 15ea28b0..6cc2935f 100644
1486	free(kex->server_version_string);	1486	free(kex->server_version_string);
1487	free(kex->failed_choice);	1487	free(kex->failed_choice);
1488	diff --git a/kex.h b/kex.h	1488	diff --git a/kex.h b/kex.h
1489	index 01bb3986..a708e486 100644	1489	index 01bb3986a..a708e4868 100644
1490	--- a/kex.h	1490	--- a/kex.h
1491	+++ b/kex.h	1491	+++ b/kex.h
1492	@@ -99,6 +99,9 @@ enum kex_exchange {	1492	@@ -99,6 +99,9 @@ enum kex_exchange {
@@ -1526,7 +1526,7 @@ index 01bb3986..a708e486 100644
1526	const BIGNUM , const BIGNUM , const BIGNUM , u_char , size_t *);	1526	const BIGNUM , const BIGNUM , const BIGNUM , u_char , size_t *);
1527	diff --git a/kexgssc.c b/kexgssc.c	1527	diff --git a/kexgssc.c b/kexgssc.c
1528	new file mode 100644	1528	new file mode 100644
1529	index 00000000..10447f2b	1529	index 000000000..10447f2b0
1530	--- /dev/null	1530	--- /dev/null
1531	+++ b/kexgssc.c	1531	+++ b/kexgssc.c
1532	@@ -0,0 +1,338 @@	1532	@@ -0,0 +1,338 @@
@@ -1870,7 +1870,7 @@ index 00000000..10447f2b
1870	+#endif /* GSSAPI */	1870	+#endif /* GSSAPI */
1871	diff --git a/kexgsss.c b/kexgsss.c	1871	diff --git a/kexgsss.c b/kexgsss.c
1872	new file mode 100644	1872	new file mode 100644
1873	index 00000000..38ca082b	1873	index 000000000..38ca082ba
1874	--- /dev/null	1874	--- /dev/null
1875	+++ b/kexgsss.c	1875	+++ b/kexgsss.c
1876	@@ -0,0 +1,295 @@	1876	@@ -0,0 +1,295 @@
@@ -2170,7 +2170,7 @@ index 00000000..38ca082b
2170	+}	2170	+}
2171	+#endif /* GSSAPI */	2171	+#endif /* GSSAPI */
2172	diff --git a/monitor.c b/monitor.c	2172	diff --git a/monitor.c b/monitor.c
2173	index c68e1b0d..868fb0d2 100644	2173	index c68e1b0d9..868fb0d2d 100644
2174	--- a/monitor.c	2174	--- a/monitor.c
2175	+++ b/monitor.c	2175	+++ b/monitor.c
2176	@@ -158,6 +158,8 @@ int mm_answer_gss_setup_ctx(int, Buffer *);	2176	@@ -158,6 +158,8 @@ int mm_answer_gss_setup_ctx(int, Buffer *);
@@ -2371,7 +2371,7 @@ index c68e1b0d..868fb0d2 100644
2371	#endif /* GSSAPI */	2371	#endif /* GSSAPI */
2372		2372
2373	diff --git a/monitor.h b/monitor.h	2373	diff --git a/monitor.h b/monitor.h
2374	index d68f6745..ec41404c 100644	2374	index d68f67458..ec41404c7 100644
2375	--- a/monitor.h	2375	--- a/monitor.h
2376	+++ b/monitor.h	2376	+++ b/monitor.h
2377	@@ -65,6 +65,9 @@ enum monitor_reqtype {	2377	@@ -65,6 +65,9 @@ enum monitor_reqtype {
@@ -2385,7 +2385,7 @@ index d68f6745..ec41404c 100644
2385		2385
2386	struct monitor {	2386	struct monitor {
2387	diff --git a/monitor_wrap.c b/monitor_wrap.c	2387	diff --git a/monitor_wrap.c b/monitor_wrap.c
2388	index 9666bda4..e749efc1 100644	2388	index 9666bda4b..e749efc18 100644
2389	--- a/monitor_wrap.c	2389	--- a/monitor_wrap.c
2390	+++ b/monitor_wrap.c	2390	+++ b/monitor_wrap.c
2391	@@ -943,7 +943,7 @@ mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic)	2391	@@ -943,7 +943,7 @@ mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic)
@@ -2449,7 +2449,7 @@ index 9666bda4..e749efc1 100644
2449	#endif /* GSSAPI */	2449	#endif /* GSSAPI */
2450		2450
2451	diff --git a/monitor_wrap.h b/monitor_wrap.h	2451	diff --git a/monitor_wrap.h b/monitor_wrap.h
2452	index 76233270..0970d1f8 100644	2452	index 762332704..0970d1f87 100644
2453	--- a/monitor_wrap.h	2453	--- a/monitor_wrap.h
2454	+++ b/monitor_wrap.h	2454	+++ b/monitor_wrap.h
2455	@@ -60,8 +60,10 @@ int mm_sshkey_verify(const struct sshkey , const u_char , size_t,	2455	@@ -60,8 +60,10 @@ int mm_sshkey_verify(const struct sshkey , const u_char , size_t,
@@ -2465,7 +2465,7 @@ index 76233270..0970d1f8 100644
2465		2465
2466	#ifdef USE_PAM	2466	#ifdef USE_PAM
2467	diff --git a/readconf.c b/readconf.c	2467	diff --git a/readconf.c b/readconf.c
2468	index 88051db5..c8e79299 100644	2468	index 88051db57..c8e792991 100644
2469	--- a/readconf.c	2469	--- a/readconf.c
2470	+++ b/readconf.c	2470	+++ b/readconf.c
2471	@@ -160,6 +160,8 @@ typedef enum {	2471	@@ -160,6 +160,8 @@ typedef enum {
@@ -2558,7 +2558,7 @@ index 88051db5..c8e79299 100644
2558	options->password_authentication = 1;	2558	options->password_authentication = 1;
2559	if (options->kbd_interactive_authentication == -1)	2559	if (options->kbd_interactive_authentication == -1)
2560	diff --git a/readconf.h b/readconf.h	2560	diff --git a/readconf.h b/readconf.h
2561	index f4d9e2b2..f469daaf 100644	2561	index f4d9e2b26..f469daaff 100644
2562	--- a/readconf.h	2562	--- a/readconf.h
2563	+++ b/readconf.h	2563	+++ b/readconf.h
2564	@@ -42,7 +42,12 @@ typedef struct {	2564	@@ -42,7 +42,12 @@ typedef struct {
@@ -2575,7 +2575,7 @@ index f4d9e2b2..f469daaf 100644
2575	* authentication. */	2575	* authentication. */
2576	int kbd_interactive_authentication; /* Try keyboard-interactive auth. */	2576	int kbd_interactive_authentication; /* Try keyboard-interactive auth. */
2577	diff --git a/servconf.c b/servconf.c	2577	diff --git a/servconf.c b/servconf.c
2578	index 0f0d0906..cbbea05b 100644	2578	index 0f0d09068..cbbea05bf 100644
2579	--- a/servconf.c	2579	--- a/servconf.c
2580	+++ b/servconf.c	2580	+++ b/servconf.c
2581	@@ -123,8 +123,10 @@ initialize_server_options(ServerOptions *options)	2581	@@ -123,8 +123,10 @@ initialize_server_options(ServerOptions *options)
@@ -2667,7 +2667,7 @@ index 0f0d0906..cbbea05b 100644
2667	dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication);	2667	dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication);
2668	dump_cfg_fmtint(sKbdInteractiveAuthentication,	2668	dump_cfg_fmtint(sKbdInteractiveAuthentication,
2669	diff --git a/servconf.h b/servconf.h	2669	diff --git a/servconf.h b/servconf.h
2670	index 37a0fb1a..5dfc9bc0 100644	2670	index 37a0fb1a3..5dfc9bc02 100644
2671	--- a/servconf.h	2671	--- a/servconf.h
2672	+++ b/servconf.h	2672	+++ b/servconf.h
2673	@@ -130,8 +130,10 @@ typedef struct {	2673	@@ -130,8 +130,10 @@ typedef struct {
@@ -2682,7 +2682,7 @@ index 37a0fb1a..5dfc9bc0 100644
2682	* authentication. */	2682	* authentication. */
2683	int kbd_interactive_authentication; /* If true, permit */	2683	int kbd_interactive_authentication; /* If true, permit */
2684	diff --git a/ssh-gss.h b/ssh-gss.h	2684	diff --git a/ssh-gss.h b/ssh-gss.h
2685	index 6593e422..919660a0 100644	2685	index 6593e422d..919660a03 100644
2686	--- a/ssh-gss.h	2686	--- a/ssh-gss.h
2687	+++ b/ssh-gss.h	2687	+++ b/ssh-gss.h
2688	@@ -1,6 +1,6 @@	2688	@@ -1,6 +1,6 @@
@@ -2786,7 +2786,7 @@ index 6593e422..919660a0 100644
2786		2786
2787	#endif /* _SSH_GSS_H */	2787	#endif /* _SSH_GSS_H */
2788	diff --git a/ssh_config b/ssh_config	2788	diff --git a/ssh_config b/ssh_config
2789	index c12f5ef5..bcb9f153 100644	2789	index c12f5ef52..bcb9f153d 100644
2790	--- a/ssh_config	2790	--- a/ssh_config
2791	+++ b/ssh_config	2791	+++ b/ssh_config
2792	@@ -24,6 +24,8 @@	2792	@@ -24,6 +24,8 @@
@@ -2799,7 +2799,7 @@ index c12f5ef5..bcb9f153 100644
2799	# CheckHostIP yes	2799	# CheckHostIP yes
2800	# AddressFamily any	2800	# AddressFamily any
2801	diff --git a/ssh_config.5 b/ssh_config.5	2801	diff --git a/ssh_config.5 b/ssh_config.5
2802	index 71705cab..66826aa7 100644	2802	index 71705cabd..66826aa70 100644
2803	--- a/ssh_config.5	2803	--- a/ssh_config.5
2804	+++ b/ssh_config.5	2804	+++ b/ssh_config.5
2805	@@ -727,10 +727,42 @@ The default is	2805	@@ -727,10 +727,42 @@ The default is
@@ -2846,7 +2846,7 @@ index 71705cab..66826aa7 100644
2846	Indicates that	2846	Indicates that
2847	.Xr ssh 1	2847	.Xr ssh 1
2848	diff --git a/sshconnect2.c b/sshconnect2.c	2848	diff --git a/sshconnect2.c b/sshconnect2.c
2849	index 1f4a74cf..83562c68 100644	2849	index 1f4a74cf4..83562c688 100644
2850	--- a/sshconnect2.c	2850	--- a/sshconnect2.c
2851	+++ b/sshconnect2.c	2851	+++ b/sshconnect2.c
2852	@@ -162,6 +162,11 @@ ssh_kex2(char host, struct sockaddr hostaddr, u_short port)	2852	@@ -162,6 +162,11 @@ ssh_kex2(char host, struct sockaddr hostaddr, u_short port)
@@ -3063,7 +3063,7 @@ index 1f4a74cf..83562c68 100644
3063		3063
3064	int	3064	int
3065	diff --git a/sshd.c b/sshd.c	3065	diff --git a/sshd.c b/sshd.c
3066	index fd95b681..e88185ef 100644	3066	index fd95b681b..e88185efa 100644
3067	--- a/sshd.c	3067	--- a/sshd.c
3068	+++ b/sshd.c	3068	+++ b/sshd.c
3069	@@ -123,6 +123,10 @@	3069	@@ -123,6 +123,10 @@
@@ -3225,7 +3225,7 @@ index fd95b681..e88185ef 100644
3225	kex->client_version_string=client_version_string;	3225	kex->client_version_string=client_version_string;
3226	kex->server_version_string=server_version_string;	3226	kex->server_version_string=server_version_string;
3227	diff --git a/sshd_config b/sshd_config	3227	diff --git a/sshd_config b/sshd_config
3228	index 3109d5d7..86263d71 100644	3228	index 3109d5d73..86263d713 100644
3229	--- a/sshd_config	3229	--- a/sshd_config
3230	+++ b/sshd_config	3230	+++ b/sshd_config
3231	@@ -69,6 +69,8 @@ AuthorizedKeysFile .ssh/authorized_keys	3231	@@ -69,6 +69,8 @@ AuthorizedKeysFile .ssh/authorized_keys
@@ -3238,7 +3238,7 @@ index 3109d5d7..86263d71 100644
3238	# Set this to 'yes' to enable PAM authentication, account processing,	3238	# Set this to 'yes' to enable PAM authentication, account processing,
3239	# and session processing. If this is enabled, PAM authentication will	3239	# and session processing. If this is enabled, PAM authentication will
3240	diff --git a/sshd_config.5 b/sshd_config.5	3240	diff --git a/sshd_config.5 b/sshd_config.5
3241	index e3c7c393..c4a3f3cb 100644	3241	index e3c7c3936..c4a3f3cb2 100644
3242	--- a/sshd_config.5	3242	--- a/sshd_config.5
3243	+++ b/sshd_config.5	3243	+++ b/sshd_config.5
3244	@@ -636,6 +636,11 @@ The default is	3244	@@ -636,6 +636,11 @@ The default is
@@ -3266,7 +3266,7 @@ index e3c7c393..c4a3f3cb 100644
3266	Specifies the key types that will be accepted for hostbased authentication	3266	Specifies the key types that will be accepted for hostbased authentication
3267	as a comma-separated pattern list.	3267	as a comma-separated pattern list.
3268	diff --git a/sshkey.c b/sshkey.c	3268	diff --git a/sshkey.c b/sshkey.c
3269	index 7712fba2..08887286 100644	3269	index 7712fba23..088872860 100644
3270	--- a/sshkey.c	3270	--- a/sshkey.c
3271	+++ b/sshkey.c	3271	+++ b/sshkey.c
3272	@@ -122,6 +122,7 @@ static const struct keytype keytypes[] = {	3272	@@ -122,6 +122,7 @@ static const struct keytype keytypes[] = {
@@ -3287,7 +3287,7 @@ index 7712fba2..08887286 100644
3287	if (!include_sigonly && kt->sigonly)	3287	if (!include_sigonly && kt->sigonly)
3288	continue;	3288	continue;
3289	diff --git a/sshkey.h b/sshkey.h	3289	diff --git a/sshkey.h b/sshkey.h
3290	index 155cd45a..4e89049f 100644	3290	index 155cd45ae..4e89049f1 100644
3291	--- a/sshkey.h	3291	--- a/sshkey.h
3292	+++ b/sshkey.h	3292	+++ b/sshkey.h
3293	@@ -63,6 +63,7 @@ enum sshkey_types {	3293	@@ -63,6 +63,7 @@ enum sshkey_types {