Merge 6.7p1.

  * New upstream release (http://www.openssh.com/txt/release-6.7):
    - sshd(8): The default set of ciphers and MACs has been altered to
      remove unsafe algorithms.  In particular, CBC ciphers and arcfour* are
      disabled by default.  The full set of algorithms remains available if
      configured explicitly via the Ciphers and MACs sshd_config options.
    - ssh(1), sshd(8): Add support for Unix domain socket forwarding.  A
      remote TCP port may be forwarded to a local Unix domain socket and
      vice versa or both ends may be a Unix domain socket (closes: #236718).
    - ssh(1), ssh-keygen(1): Add support for SSHFP DNS records for ED25519
      key types.
    - sftp(1): Allow resumption of interrupted uploads.
    - ssh(1): When rekeying, skip file/DNS lookups of the hostkey if it is
      the same as the one sent during initial key exchange.
    - sshd(8): Allow explicit ::1 and 127.0.0.1 forwarding bind addresses
      when GatewayPorts=no; allows client to choose address family.
    - sshd(8): Add a sshd_config PermitUserRC option to control whether
      ~/.ssh/rc is executed, mirroring the no-user-rc authorized_keys
      option.
    - ssh(1): Add a %C escape sequence for LocalCommand and ControlPath that
      expands to a unique identifer based on a hash of the tuple of (local
      host, remote user, hostname, port).  Helps avoid exceeding miserly
      pathname limits for Unix domain sockets in multiplexing control paths.
    - sshd(8): Make the "Too many authentication failures" message include
      the user, source address, port and protocol in a format similar to the
      authentication success / failure messages.
    - Use CLOCK_BOOTTIME in preference to CLOCK_MONOTONIC when it is
      available. It considers time spent suspended, thereby ensuring
      timeouts (e.g. for expiring agent keys) fire correctly (closes:
      #734553).
    - Use prctl() to prevent sftp-server from accessing
      /proc/self/{mem,maps}.
  * Restore TCP wrappers support, removed upstream in 6.7.  It is true that
    dropping this reduces preauth attack surface in sshd.  On the other
    hand, this support seems to be quite widely used, and abruptly dropping
    it (from the perspective of users who don't read openssh-unix-dev) could
    easily cause more serious problems in practice.  It's not entirely clear
    what the right long-term answer for Debian is, but it at least probably
    doesn't involve dropping this feature shortly before a freeze.
  * Replace patch to disable OpenSSL version check with an updated version
    of Kurt Roeckx's patch from #732940 to just avoid checking the status
    field.

1 files changed, 142 insertions, 141 deletions

diff --git a/debian/patches/gssapi.patch b/debian/patches/gssapi.patch
index d8439bf03..e8cbc1083 100644
--- a/debian/patches/gssapi.patch
+++ b/debian/patches/gssapi.patch
@@ -1,4 +1,4 @@
-From 9dfcd1a0e691c1cad34b168e27b3ed31ab6986cd Mon Sep 17 00:00:00 2001
+From 1c1b6fa17982eb622e2c4e8f4a279f2113f57413 Mon Sep 17 00:00:00 2001
 From: Simon Wilkinson <simon@sxw.org.uk>
 Date: Sun, 9 Feb 2014 16:09:48 +0000
 Subject: GSSAPI key exchange support
@@ -17,7 +17,7 @@ have it merged into the main openssh package rather than having separate
 security history.
 
 Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242
-Last-Updated: 2014-03-19
+Last-Updated: 2014-10-07
 
 Patch-Name: gssapi.patch
 ---
@@ -36,9 +36,7 @@ Patch-Name: gssapi.patch
  kex.c            |  16 +++
  kex.h            |  14 +++
  kexgssc.c        | 332 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
- kexgsss.c        | 289 ++++++++++++++++++++++++++++++++++++++++++++++++
- key.c            |   3 +-
- key.h            |   1 +
+ kexgsss.c        | 290 ++++++++++++++++++++++++++++++++++++++++++++++++
  monitor.c        | 108 +++++++++++++++++-
  monitor.h        |   3 +
  monitor_wrap.c   |  47 +++++++-
@@ -54,7 +52,9 @@ Patch-Name: gssapi.patch
  sshd.c           | 110 ++++++++++++++++++
  sshd_config      |   2 +
  sshd_config.5    |  28 +++++
- 33 files changed, 2051 insertions(+), 59 deletions(-)
+ sshkey.c         |   3 +-
+ sshkey.h         |   1 +
+ 33 files changed, 2052 insertions(+), 59 deletions(-)
  create mode 100644 ChangeLog.gssapi
  create mode 100644 kexgssc.c
  create mode 100644 kexgsss.c
@@ -179,10 +179,10 @@ index 0000000..f117a33
 +    (from jbasney AT ncsa.uiuc.edu)
 +    <gssapi-with-mic support is Bugzilla #1008>
 diff --git a/Makefile.in b/Makefile.in
-index 28a8ec4..ee1d2c3 100644
+index 06be3d5..086d8dd 100644
 --- a/Makefile.in
 +++ b/Makefile.in
-@@ -72,6 +72,7 @@ LIBSSH_OBJS=authfd.o authfile.o bufaux.o bufbn.o buffer.o \
+@@ -82,6 +82,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
         atomicio.o key.o dispatch.o kex.o mac.o uidswap.o uuencode.o misc.o \
         monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \
         kexdh.o kexgex.o kexdhc.o kexgexc.o bufec.o kexecdh.o kexecdhc.o \
@@ -190,7 +190,7 @@ index 28a8ec4..ee1d2c3 100644
         msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o umac128.o \
         ssh-pkcs11.o krl.o smult_curve25519_ref.o \
         kexc25519.o kexc25519c.o poly1305.o chacha.o cipher-chachapoly.o \
-@@ -91,7 +92,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
+@@ -101,7 +102,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
         auth2-none.o auth2-passwd.o auth2-pubkey.o \
         monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o kexecdhs.o \
         kexc25519s.o auth-krb5.o \
@@ -200,10 +200,10 @@ index 28a8ec4..ee1d2c3 100644
         sftp-server.o sftp-common.o \
         roaming_common.o roaming_serv.o \
 diff --git a/auth-krb5.c b/auth-krb5.c
-index 6c62bdf..69a1a53 100644
+index 0089b18..ec47869 100644
 --- a/auth-krb5.c
 +++ b/auth-krb5.c
-@@ -182,8 +182,13 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
+@@ -183,8 +183,13 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
  
         len = strlen(authctxt->krb5_ticket_file) + 6;
         authctxt->krb5_ccname = xmalloc(len);
@@ -217,7 +217,7 @@ index 6c62bdf..69a1a53 100644
  
  #ifdef USE_PAM
         if (options.use_pam)
-@@ -240,15 +245,22 @@ krb5_cleanup_proc(Authctxt *authctxt)
+@@ -241,15 +246,22 @@ krb5_cleanup_proc(Authctxt *authctxt)
  #ifndef HEIMDAL
  krb5_error_code
  ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) {
@@ -242,7 +242,7 @@ index 6c62bdf..69a1a53 100644
         old_umask = umask(0177);
         tmpfd = mkstemp(ccname + strlen("FILE:"));
         oerrno = errno;
-@@ -265,6 +277,7 @@ ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) {
+@@ -266,6 +278,7 @@ ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) {
                 return oerrno;
         }
         close(tmpfd);
@@ -251,7 +251,7 @@ index 6c62bdf..69a1a53 100644
         return (krb5_cc_resolve(ctx, ccname, ccache));
  }
 diff --git a/auth2-gss.c b/auth2-gss.c
-index c28a705..3ff2d72 100644
+index 447f896..284f364 100644
 --- a/auth2-gss.c
 +++ b/auth2-gss.c
 @@ -1,7 +1,7 @@
@@ -263,7 +263,7 @@ index c28a705..3ff2d72 100644
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
-@@ -52,6 +52,40 @@ static void input_gssapi_mic(int type, u_int32_t plen, void *ctxt);
+@@ -53,6 +53,40 @@ static void input_gssapi_mic(int type, u_int32_t plen, void *ctxt);
  static void input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt);
  static void input_gssapi_errtok(int, u_int32_t, void *);
  
@@ -304,7 +304,7 @@ index c28a705..3ff2d72 100644
  /*
   * We only support those mechanisms that we know about (ie ones that we know
   * how to check local user kuserok and the like)
-@@ -235,7 +269,8 @@ input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt)
+@@ -236,7 +270,8 @@ input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt)
  
         packet_check_eom();
  
@@ -314,7 +314,7 @@ index c28a705..3ff2d72 100644
  
         authctxt->postponed = 0;
         dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
-@@ -270,7 +305,8 @@ input_gssapi_mic(int type, u_int32_t plen, void *ctxt)
+@@ -271,7 +306,8 @@ input_gssapi_mic(int type, u_int32_t plen, void *ctxt)
         gssbuf.length = buffer_len(&b);
  
         if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gssctxt, &gssbuf, &mic))))
@@ -324,7 +324,7 @@ index c28a705..3ff2d72 100644
         else
                 logit("GSSAPI MIC check failed");
  
-@@ -285,6 +321,12 @@ input_gssapi_mic(int type, u_int32_t plen, void *ctxt)
+@@ -286,6 +322,12 @@ input_gssapi_mic(int type, u_int32_t plen, void *ctxt)
         userauth_finish(authctxt, authenticated, "gssapi-with-mic", NULL);
  }
  
@@ -338,10 +338,10 @@ index c28a705..3ff2d72 100644
         "gssapi-with-mic",
         userauth_gssapi,
 diff --git a/auth2.c b/auth2.c
-index a5490c0..fbe3e1b 100644
+index d9b440a..2f0d565 100644
 --- a/auth2.c
 +++ b/auth2.c
-@@ -69,6 +69,7 @@ extern Authmethod method_passwd;
+@@ -70,6 +70,7 @@ extern Authmethod method_passwd;
  extern Authmethod method_kbdint;
  extern Authmethod method_hostbased;
  #ifdef GSSAPI
@@ -349,7 +349,7 @@ index a5490c0..fbe3e1b 100644
  extern Authmethod method_gssapi;
  #endif
  
-@@ -76,6 +77,7 @@ Authmethod *authmethods[] = {
+@@ -77,6 +78,7 @@ Authmethod *authmethods[] = {
         &method_none,
         &method_pubkey,
  #ifdef GSSAPI
@@ -358,7 +358,7 @@ index a5490c0..fbe3e1b 100644
  #endif
         &method_passwd,
 diff --git a/clientloop.c b/clientloop.c
-index 59ad3a2..6d8cd7d 100644
+index 397c965..f9175e3 100644
 --- a/clientloop.c
 +++ b/clientloop.c
 @@ -111,6 +111,10 @@
@@ -372,7 +372,7 @@ index 59ad3a2..6d8cd7d 100644
  /* import options */
  extern Options options;
  
-@@ -1608,6 +1612,15 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
+@@ -1596,6 +1600,15 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
                 /* Do channel operations unless rekeying in progress. */
                 if (!rekeying) {
                         channel_after_select(readset, writeset);
@@ -389,7 +389,7 @@ index 59ad3a2..6d8cd7d 100644
                                 debug("need rekeying");
                                 xxx_kex->done = 0;
 diff --git a/config.h.in b/config.h.in
-index 0401ad1..6bc422c 100644
+index 16d6206..a9a8b7a 100644
 --- a/config.h.in
 +++ b/config.h.in
 @@ -1622,6 +1622,9 @@
@@ -413,10 +413,10 @@ index 0401ad1..6bc422c 100644
  #undef USE_SOLARIS_PROCESS_CONTRACTS
  
 diff --git a/configure b/configure
-index d690393..b6b5b6d 100755
+index 6815388..ea5f200 100755
 --- a/configure
 +++ b/configure
-@@ -7170,6 +7170,63 @@ $as_echo "#define SSH_TUN_COMPAT_AF 1" >>confdefs.h
+@@ -7168,6 +7168,63 @@ $as_echo "#define SSH_TUN_COMPAT_AF 1" >>confdefs.h
  
  $as_echo "#define SSH_TUN_PREPEND_AF 1" >>confdefs.h
  
@@ -481,7 +481,7 @@ index d690393..b6b5b6d 100755
         ac_fn_c_check_decl "$LINENO" "AU_IPv4" "ac_cv_have_decl_AU_IPv4" "$ac_includes_default"
  if test "x$ac_cv_have_decl_AU_IPv4" = xyes; then :
 diff --git a/configure.ac b/configure.ac
-index 7c6ce08..d235fb0 100644
+index 67c4486..90e81e1 100644
 --- a/configure.ac
 +++ b/configure.ac
 @@ -584,6 +584,30 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
@@ -866,7 +866,7 @@ index b39281b..1e569ad 100644
 +
  #endif /* GSSAPI */
 diff --git a/gss-serv-krb5.c b/gss-serv-krb5.c
-index 759fa10..e678a27 100644
+index 795992d..fd8b371 100644
 --- a/gss-serv-krb5.c
 +++ b/gss-serv-krb5.c
 @@ -1,7 +1,7 @@
@@ -878,7 +878,7 @@ index 759fa10..e678a27 100644
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
-@@ -120,8 +120,8 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
+@@ -121,8 +121,8 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
         krb5_error_code problem;
         krb5_principal princ;
         OM_uint32 maj_status, min_status;
@@ -888,7 +888,7 @@ index 759fa10..e678a27 100644
  
         if (client->creds == NULL) {
                 debug("No credentials stored");
-@@ -180,11 +180,16 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
+@@ -181,11 +181,16 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
                 return;
         }
  
@@ -909,7 +909,7 @@ index 759fa10..e678a27 100644
  
  #ifdef USE_PAM
         if (options.use_pam)
-@@ -196,6 +201,71 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
+@@ -197,6 +202,71 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
         return;
  }
  
@@ -981,7 +981,7 @@ index 759fa10..e678a27 100644
  ssh_gssapi_mech gssapi_kerberos_mech = {
         "toWM5Slw5Ew8Mqkay+al2g==",
         "Kerberos",
-@@ -203,7 +273,8 @@ ssh_gssapi_mech gssapi_kerberos_mech = {
+@@ -204,7 +274,8 @@ ssh_gssapi_mech gssapi_kerberos_mech = {
         NULL,
         &ssh_gssapi_krb5_userok,
         NULL,
@@ -992,11 +992,11 @@ index 759fa10..e678a27 100644
  
  #endif /* KRB5 */
 diff --git a/gss-serv.c b/gss-serv.c
-index e61b37b..c33463b 100644
+index 5c59924..50fa438 100644
 --- a/gss-serv.c
 +++ b/gss-serv.c
 @@ -1,7 +1,7 @@
- /* $OpenBSD: gss-serv.c,v 1.26 2014/02/26 20:28:44 djm Exp $ */
+ /* $OpenBSD: gss-serv.c,v 1.27 2014/07/03 03:34:09 djm Exp $ */
  
  /*
 - * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@@ -1029,7 +1029,7 @@ index e61b37b..c33463b 100644
  #ifdef KRB5
  extern ssh_gssapi_mech gssapi_kerberos_mech;
 @@ -100,25 +106,32 @@ ssh_gssapi_acquire_cred(Gssctxt *ctx)
-        char lname[MAXHOSTNAMELEN];
+        char lname[NI_MAXHOST];
         gss_OID_set oidset;
  
 -       gss_create_empty_oid_set(&status, &oidset);
@@ -1038,11 +1038,11 @@ index e61b37b..c33463b 100644
 +               gss_create_empty_oid_set(&status, &oidset);
 +               gss_add_oid_set_member(&status, ctx->oid, &oidset);
  
--       if (gethostname(lname, MAXHOSTNAMELEN)) {
+-       if (gethostname(lname, sizeof(lname))) {
 -               gss_release_oid_set(&status, &oidset);
 -               return (-1);
 -       }
-+               if (gethostname(lname, MAXHOSTNAMELEN)) {
++               if (gethostname(lname, sizeof(lname))) {
 +                       gss_release_oid_set(&status, &oidset);
 +                       return (-1);
 +               }
@@ -1310,10 +1310,10 @@ index e61b37b..c33463b 100644
  
  #endif
 diff --git a/kex.c b/kex.c
-index 74e2b86..d114ee3 100644
+index a173e70..891852b 100644
 --- a/kex.c
 +++ b/kex.c
-@@ -51,6 +51,10 @@
+@@ -53,6 +53,10 @@
  #include "roaming.h"
  #include "digest.h"
  
@@ -1324,8 +1324,8 @@ index 74e2b86..d114ee3 100644
  #if OPENSSL_VERSION_NUMBER >= 0x00907000L
  # if defined(HAVE_EVP_SHA256)
  # define evp_ssh_sha256 EVP_sha256
-@@ -92,6 +96,14 @@ static const struct kexalg kexalgs[] = {
- #endif
+@@ -96,6 +100,14 @@ static const struct kexalg kexalgs[] = {
+ #endif /* HAVE_EVP_SHA256 */
         { NULL, -1, -1, -1},
  };
 +static const struct kexalg kexalg_prefixes[] = {
@@ -1339,7 +1339,7 @@ index 74e2b86..d114ee3 100644
  
  char *
  kex_alg_list(char sep)
-@@ -120,6 +132,10 @@ kex_alg_by_name(const char *name)
+@@ -124,6 +136,10 @@ kex_alg_by_name(const char *name)
                 if (strcmp(k->name, name) == 0)
                         return k;
         }
@@ -1351,7 +1351,7 @@ index 74e2b86..d114ee3 100644
  }
  
 diff --git a/kex.h b/kex.h
-index c85680e..ea698c4 100644
+index 4c40ec8..c179a4d 100644
 --- a/kex.h
 +++ b/kex.h
 @@ -76,6 +76,9 @@ enum kex_exchange {
@@ -1729,10 +1729,10 @@ index 0000000..92a31c5
 +#endif /* GSSAPI */
 diff --git a/kexgsss.c b/kexgsss.c
 new file mode 100644
-index 0000000..8095259
+index 0000000..6a0ece8
 --- /dev/null
 +++ b/kexgsss.c
-@@ -0,0 +1,289 @@
+@@ -0,0 +1,290 @@
 +/*
 + * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
 + *
@@ -1777,6 +1777,7 @@ index 0000000..8095259
 +#include "dh.h"
 +#include "ssh-gss.h"
 +#include "monitor_wrap.h"
++#include "misc.h"
 +#include "servconf.h"
 +
 +extern ServerOptions options;
@@ -2022,44 +2023,11 @@ index 0000000..8095259
 +               ssh_gssapi_rekey_creds();
 +}
 +#endif /* GSSAPI */
-diff --git a/key.c b/key.c
-index 168e1b7..3d640e7 100644
---- a/key.c
-+++ b/key.c
-@@ -985,6 +985,7 @@ static const struct keytype keytypes[] = {
-            KEY_DSA_CERT_V00, 0, 1 },
-        { "ssh-ed25519-cert-v01@openssh.com", "ED25519-CERT",
-            KEY_ED25519_CERT, 0, 1 },
-+       { "null", "null", KEY_NULL, 0, 0 },
-        { NULL, NULL, -1, -1, 0 }
- };
- 
-@@ -1063,7 +1064,7 @@ key_alg_list(int certs_only, int plain_only)
-        const struct keytype *kt;
- 
-        for (kt = keytypes; kt->type != -1; kt++) {
--               if (kt->name == NULL)
-+               if (kt->name == NULL || kt->type == KEY_NULL)
-                        continue;
-                if ((certs_only && !kt->cert) || (plain_only && kt->cert))
-                        continue;
-diff --git a/key.h b/key.h
-index d8ad13d..c8aeba2 100644
---- a/key.h
-+++ b/key.h
-@@ -46,6 +46,7 @@ enum types {
-        KEY_ED25519_CERT,
-        KEY_RSA_CERT_V00,
-        KEY_DSA_CERT_V00,
-+       KEY_NULL,
-        KEY_UNSPEC
- };
- enum fp_type {
 diff --git a/monitor.c b/monitor.c
-index 531c4f9..2918814 100644
+index dbe29f1..b0896ef 100644
 --- a/monitor.c
 +++ b/monitor.c
-@@ -175,6 +175,8 @@ int mm_answer_gss_setup_ctx(int, Buffer *);
+@@ -178,6 +178,8 @@ int mm_answer_gss_setup_ctx(int, Buffer *);
  int mm_answer_gss_accept_ctx(int, Buffer *);
  int mm_answer_gss_userok(int, Buffer *);
  int mm_answer_gss_checkmic(int, Buffer *);
@@ -2068,7 +2036,7 @@ index 531c4f9..2918814 100644
  #endif
  
  #ifdef SSH_AUDIT_EVENTS
-@@ -247,11 +249,18 @@ struct mon_table mon_dispatch_proto20[] = {
+@@ -255,11 +257,18 @@ struct mon_table mon_dispatch_proto20[] = {
      {MONITOR_REQ_GSSSTEP, MON_ISAUTH, mm_answer_gss_accept_ctx},
      {MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok},
      {MONITOR_REQ_GSSCHECKMIC, MON_ISAUTH, mm_answer_gss_checkmic},
@@ -2084,10 +2052,10 @@ index 531c4f9..2918814 100644
 +    {MONITOR_REQ_GSSSIGN, 0, mm_answer_gss_sign},
 +    {MONITOR_REQ_GSSUPCREDS, 0, mm_answer_gss_updatecreds},
 +#endif
+ #ifdef WITH_OPENSSL
      {MONITOR_REQ_MODULI, 0, mm_answer_moduli},
-     {MONITOR_REQ_SIGN, 0, mm_answer_sign},
-     {MONITOR_REQ_PTY, 0, mm_answer_pty},
-@@ -360,6 +369,10 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
+ #endif
+@@ -374,6 +383,10 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
                 /* Permit requests for moduli and signatures */
                 monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);
                 monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);
@@ -2098,7 +2066,7 @@ index 531c4f9..2918814 100644
         } else {
                 mon_dispatch = mon_dispatch_proto15;
  
-@@ -465,6 +478,10 @@ monitor_child_postauth(struct monitor *pmonitor)
+@@ -482,6 +495,10 @@ monitor_child_postauth(struct monitor *pmonitor)
                 monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);
                 monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);
                 monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1);
@@ -2109,9 +2077,9 @@ index 531c4f9..2918814 100644
         } else {
                 mon_dispatch = mon_dispatch_postauth15;
                 monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1);
-@@ -1834,6 +1851,13 @@ mm_get_kex(Buffer *m)
-        kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
+@@ -1861,6 +1878,13 @@ mm_get_kex(Buffer *m)
         kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
+ #endif
         kex->kex[KEX_C25519_SHA256] = kexc25519_server;
 +#ifdef GSSAPI
 +       if (options.gss_keyex) {
@@ -2123,7 +2091,7 @@ index 531c4f9..2918814 100644
         kex->server = 1;
         kex->hostkey_type = buffer_get_int(m);
         kex->kex_type = buffer_get_int(m);
-@@ -2041,6 +2065,9 @@ mm_answer_gss_setup_ctx(int sock, Buffer *m)
+@@ -2068,6 +2092,9 @@ mm_answer_gss_setup_ctx(int sock, Buffer *m)
         OM_uint32 major;
         u_int len;
  
@@ -2133,7 +2101,7 @@ index 531c4f9..2918814 100644
         goid.elements = buffer_get_string(m, &len);
         goid.length = len;
  
-@@ -2068,6 +2095,9 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m)
+@@ -2095,6 +2122,9 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m)
         OM_uint32 flags = 0; /* GSI needs this */
         u_int len;
  
@@ -2143,7 +2111,7 @@ index 531c4f9..2918814 100644
         in.value = buffer_get_string(m, &len);
         in.length = len;
         major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags);
-@@ -2085,6 +2115,7 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m)
+@@ -2112,6 +2142,7 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m)
                 monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0);
                 monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1);
                 monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1);
@@ -2151,7 +2119,7 @@ index 531c4f9..2918814 100644
         }
         return (0);
  }
-@@ -2096,6 +2127,9 @@ mm_answer_gss_checkmic(int sock, Buffer *m)
+@@ -2123,6 +2154,9 @@ mm_answer_gss_checkmic(int sock, Buffer *m)
         OM_uint32 ret;
         u_int len;
  
@@ -2161,7 +2129,7 @@ index 531c4f9..2918814 100644
         gssbuf.value = buffer_get_string(m, &len);
         gssbuf.length = len;
         mic.value = buffer_get_string(m, &len);
-@@ -2122,7 +2156,11 @@ mm_answer_gss_userok(int sock, Buffer *m)
+@@ -2149,7 +2183,11 @@ mm_answer_gss_userok(int sock, Buffer *m)
  {
         int authenticated;
  
@@ -2174,7 +2142,7 @@ index 531c4f9..2918814 100644
  
         buffer_clear(m);
         buffer_put_int(m, authenticated);
-@@ -2135,5 +2173,73 @@ mm_answer_gss_userok(int sock, Buffer *m)
+@@ -2162,5 +2200,73 @@ mm_answer_gss_userok(int sock, Buffer *m)
         /* Monitor loop will terminate if authenticated */
         return (authenticated);
  }
@@ -2263,10 +2231,10 @@ index 5bc41b5..7f32b0c 100644
  
  struct mm_master;
 diff --git a/monitor_wrap.c b/monitor_wrap.c
-index 1a47e41..60b987d 100644
+index 45dc169..e476f0d 100644
 --- a/monitor_wrap.c
 +++ b/monitor_wrap.c
-@@ -1271,7 +1271,7 @@ mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic)
+@@ -1281,7 +1281,7 @@ mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic)
  }
  
  int
@@ -2275,7 +2243,7 @@ index 1a47e41..60b987d 100644
  {
         Buffer m;
         int authenticated = 0;
-@@ -1288,5 +1288,50 @@ mm_ssh_gssapi_userok(char *user)
+@@ -1298,5 +1298,50 @@ mm_ssh_gssapi_userok(char *user)
         debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not ");
         return (authenticated);
  }
@@ -2343,10 +2311,10 @@ index 18c2501..a4e9d24 100644
  
  #ifdef USE_PAM
 diff --git a/readconf.c b/readconf.c
-index dc884c9..7613ff2 100644
+index 7948ce1..9127e93 100644
 --- a/readconf.c
 +++ b/readconf.c
-@@ -141,6 +141,8 @@ typedef enum {
+@@ -142,6 +142,8 @@ typedef enum {
         oClearAllForwardings, oNoHostAuthenticationForLocalhost,
         oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
         oAddressFamily, oGssAuthentication, oGssDelegateCreds,
@@ -2355,7 +2323,7 @@ index dc884c9..7613ff2 100644
         oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
         oSendEnv, oControlPath, oControlMaster, oControlPersist,
         oHashKnownHosts,
-@@ -183,10 +185,19 @@ static struct {
+@@ -185,10 +187,19 @@ static struct {
         { "afstokenpassing", oUnsupported },
  #if defined(GSSAPI)
         { "gssapiauthentication", oGssAuthentication },
@@ -2375,7 +2343,7 @@ index dc884c9..7613ff2 100644
  #endif
         { "fallbacktorsh", oDeprecated },
         { "usersh", oDeprecated },
-@@ -841,10 +852,30 @@ parse_time:
+@@ -865,10 +876,30 @@ parse_time:
                 intptr = &options->gss_authentication;
                 goto parse_flag;
  
@@ -2406,7 +2374,7 @@ index dc884c9..7613ff2 100644
         case oBatchMode:
                 intptr = &options->batch_mode;
                 goto parse_flag;
-@@ -1497,7 +1528,12 @@ initialize_options(Options * options)
+@@ -1538,7 +1569,12 @@ initialize_options(Options * options)
         options->pubkey_authentication = -1;
         options->challenge_response_authentication = -1;
         options->gss_authentication = -1;
@@ -2419,7 +2387,7 @@ index dc884c9..7613ff2 100644
         options->password_authentication = -1;
         options->kbd_interactive_authentication = -1;
         options->kbd_interactive_devices = NULL;
-@@ -1616,8 +1652,14 @@ fill_default_options(Options * options)
+@@ -1661,8 +1697,14 @@ fill_default_options(Options * options)
                 options->challenge_response_authentication = 1;
         if (options->gss_authentication == -1)
                 options->gss_authentication = 0;
@@ -2435,10 +2403,10 @@ index dc884c9..7613ff2 100644
                 options->password_authentication = 1;
         if (options->kbd_interactive_authentication == -1)
 diff --git a/readconf.h b/readconf.h
-index 75e3f8f..5cc97f0 100644
+index 0b9cb77..0e29889 100644
 --- a/readconf.h
 +++ b/readconf.h
-@@ -54,7 +54,12 @@ typedef struct {
+@@ -45,7 +45,12 @@ typedef struct {
         int     challenge_response_authentication;
                                         /* Try S/Key or TIS, authentication. */
         int     gss_authentication;     /* Try GSS authentication */
@@ -2452,10 +2420,10 @@ index 75e3f8f..5cc97f0 100644
                                                  * authentication. */
         int     kbd_interactive_authentication; /* Try keyboard-interactive auth. */
 diff --git a/servconf.c b/servconf.c
-index 7ba65d5..0083cf8 100644
+index b7f3294..cb3c831 100644
 --- a/servconf.c
 +++ b/servconf.c
-@@ -108,7 +108,10 @@ initialize_server_options(ServerOptions *options)
+@@ -109,7 +109,10 @@ initialize_server_options(ServerOptions *options)
         options->kerberos_ticket_cleanup = -1;
         options->kerberos_get_afs_token = -1;
         options->gss_authentication=-1;
@@ -2466,7 +2434,7 @@ index 7ba65d5..0083cf8 100644
         options->password_authentication = -1;
         options->kbd_interactive_authentication = -1;
         options->challenge_response_authentication = -1;
-@@ -244,8 +247,14 @@ fill_default_server_options(ServerOptions *options)
+@@ -250,8 +253,14 @@ fill_default_server_options(ServerOptions *options)
                 options->kerberos_get_afs_token = 0;
         if (options->gss_authentication == -1)
                 options->gss_authentication = 0;
@@ -2481,7 +2449,7 @@ index 7ba65d5..0083cf8 100644
         if (options->password_authentication == -1)
                 options->password_authentication = 1;
         if (options->kbd_interactive_authentication == -1)
-@@ -340,7 +349,9 @@ typedef enum {
+@@ -352,7 +361,9 @@ typedef enum {
         sBanner, sUseDNS, sHostbasedAuthentication,
         sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
         sClientAliveCountMax, sAuthorizedKeysFile,
@@ -2492,7 +2460,7 @@ index 7ba65d5..0083cf8 100644
         sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
         sUsePrivilegeSeparation, sAllowAgentForwarding,
         sHostCertificate,
-@@ -407,10 +418,20 @@ static struct {
+@@ -421,10 +432,20 @@ static struct {
  #ifdef GSSAPI
         { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
         { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
@@ -2513,7 +2481,7 @@ index 7ba65d5..0083cf8 100644
         { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
         { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
         { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL },
-@@ -1086,10 +1107,22 @@ process_server_config_line(ServerOptions *options, char *line,
+@@ -1104,10 +1125,22 @@ process_server_config_line(ServerOptions *options, char *line,
                 intptr = &options->gss_authentication;
                 goto parse_flag;
  
@@ -2536,7 +2504,7 @@ index 7ba65d5..0083cf8 100644
         case sPasswordAuthentication:
                 intptr = &options->password_authentication;
                 goto parse_flag;
-@@ -1995,7 +2028,10 @@ dump_config(ServerOptions *o)
+@@ -2042,7 +2075,10 @@ dump_config(ServerOptions *o)
  #endif
  #ifdef GSSAPI
         dump_cfg_fmtint(sGssAuthentication, o->gss_authentication);
@@ -2548,10 +2516,10 @@ index 7ba65d5..0083cf8 100644
         dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication);
         dump_cfg_fmtint(sKbdInteractiveAuthentication,
 diff --git a/servconf.h b/servconf.h
-index 752d1c5..c922eb5 100644
+index 766db3a..f8265a8 100644
 --- a/servconf.h
 +++ b/servconf.h
-@@ -112,7 +112,10 @@ typedef struct {
+@@ -113,7 +113,10 @@ typedef struct {
         int     kerberos_get_afs_token;         /* If true, try to get AFS token if
                                                  * authenticated with Kerberos. */
         int     gss_authentication;     /* If true, permit GSSAPI authentication */
@@ -2679,10 +2647,10 @@ index 03a228f..228e5ab 100644
  #   CheckHostIP yes
  #   AddressFamily any
 diff --git a/ssh_config.5 b/ssh_config.5
-index b580392..e7accd6 100644
+index f9ede7a..e6649ac 100644
 --- a/ssh_config.5
 +++ b/ssh_config.5
-@@ -682,11 +682,43 @@ Specifies whether user authentication based on GSSAPI is allowed.
+@@ -701,11 +701,43 @@ Specifies whether user authentication based on GSSAPI is allowed.
  The default is
  .Dq no .
  Note that this option applies to protocol version 2 only.
@@ -2728,11 +2696,11 @@ index b580392..e7accd6 100644
  Indicates that
  .Xr ssh 1
 diff --git a/sshconnect2.c b/sshconnect2.c
-index 7f4ff41..66cb035 100644
+index 68f7f4f..7b478f1 100644
 --- a/sshconnect2.c
 +++ b/sshconnect2.c
-@@ -158,9 +158,34 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
- {
+@@ -159,9 +159,34 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
+        char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT };
         Kex *kex;
  
 +#ifdef GSSAPI
@@ -2766,9 +2734,9 @@ index 7f4ff41..66cb035 100644
         if (options.ciphers == (char *)-1) {
                 logit("No valid ciphers for protocol version 2 given, using defaults.");
                 options.ciphers = NULL;
-@@ -196,6 +221,17 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
-        if (options.kex_algorithms != NULL)
-                myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms;
+@@ -199,6 +224,17 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
+        myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(
+            myproposal[PROPOSAL_KEX_ALGS]);
  
 +#ifdef GSSAPI
 +       /* If we've got GSSAPI algorithms, then we also support the
@@ -2784,9 +2752,9 @@ index 7f4ff41..66cb035 100644
         if (options.rekey_limit || options.rekey_interval)
                 packet_set_rekey_limits((u_int32_t)options.rekey_limit,
                     (time_t)options.rekey_interval);
-@@ -208,10 +244,30 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
-        kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;
+@@ -213,10 +249,30 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
         kex->kex[KEX_ECDH_SHA2] = kexecdh_client;
+ #endif
         kex->kex[KEX_C25519_SHA256] = kexc25519_client;
 +#ifdef GSSAPI
 +       if (options.gss_keyex) {
@@ -2815,7 +2783,7 @@ index 7f4ff41..66cb035 100644
         xxx_kex = kex;
  
         dispatch_run(DISPATCH_BLOCK, &kex->done, kex);
-@@ -301,6 +357,7 @@ void        input_gssapi_token(int type, u_int32_t, void *);
+@@ -306,6 +362,7 @@ void        input_gssapi_token(int type, u_int32_t, void *);
  void   input_gssapi_hash(int type, u_int32_t, void *);
  void   input_gssapi_error(int, u_int32_t, void *);
  void   input_gssapi_errtok(int, u_int32_t, void *);
@@ -2823,7 +2791,7 @@ index 7f4ff41..66cb035 100644
  #endif
  
  void   userauth(Authctxt *, char *);
-@@ -316,6 +373,11 @@ static char *authmethods_get(void);
+@@ -321,6 +378,11 @@ static char *authmethods_get(void);
  
  Authmethod authmethods[] = {
  #ifdef GSSAPI
@@ -2835,7 +2803,7 @@ index 7f4ff41..66cb035 100644
         {"gssapi-with-mic",
                 userauth_gssapi,
                 NULL,
-@@ -612,19 +674,31 @@ userauth_gssapi(Authctxt *authctxt)
+@@ -617,19 +679,31 @@ userauth_gssapi(Authctxt *authctxt)
         static u_int mech = 0;
         OM_uint32 min;
         int ok = 0;
@@ -2869,7 +2837,7 @@ index 7f4ff41..66cb035 100644
                         ok = 1; /* Mechanism works */
                 } else {
                         mech++;
-@@ -721,8 +795,8 @@ input_gssapi_response(int type, u_int32_t plen, void *ctxt)
+@@ -726,8 +800,8 @@ input_gssapi_response(int type, u_int32_t plen, void *ctxt)
  {
         Authctxt *authctxt = ctxt;
         Gssctxt *gssctxt;
@@ -2880,7 +2848,7 @@ index 7f4ff41..66cb035 100644
  
         if (authctxt == NULL)
                 fatal("input_gssapi_response: no authentication context");
-@@ -831,6 +905,48 @@ input_gssapi_error(int type, u_int32_t plen, void *ctxt)
+@@ -836,6 +910,48 @@ input_gssapi_error(int type, u_int32_t plen, void *ctxt)
         free(msg);
         free(lang);
  }
@@ -2930,10 +2898,10 @@ index 7f4ff41..66cb035 100644
  
  int
 diff --git a/sshd.c b/sshd.c
-index 7523de9..d787fea 100644
+index 481d001..e6706a8 100644
 --- a/sshd.c
 +++ b/sshd.c
-@@ -122,6 +122,10 @@
+@@ -123,6 +123,10 @@
  #include "ssh-sandbox.h"
  #include "version.h"
  
@@ -2941,10 +2909,10 @@ index 7523de9..d787fea 100644
 +#include <Security/AuthSession.h>
 +#endif
 +
- #ifdef LIBWRAP
- #include <tcpd.h>
- #include <syslog.h>
-@@ -1728,10 +1732,13 @@ main(int ac, char **av)
+ #ifndef O_NOCTTY
+ #define O_NOCTTY       0
+ #endif
+@@ -1745,10 +1749,13 @@ main(int ac, char **av)
                 logit("Disabling protocol version 1. Could not load host key");
                 options.protocol &= ~SSH_PROTO_1;
         }
@@ -2958,7 +2926,7 @@ index 7523de9..d787fea 100644
         if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) {
                 logit("sshd: no hostkeys available -- exiting.");
                 exit(1);
-@@ -2058,6 +2065,60 @@ main(int ac, char **av)
+@@ -2060,6 +2067,60 @@ main(int ac, char **av)
             remote_ip, remote_port,
             get_local_ipaddr(sock_in), get_local_port());
  
@@ -3019,7 +2987,7 @@ index 7523de9..d787fea 100644
         /*
          * We don't want to listen forever unless the other side
          * successfully authenticates itself.  So we set up an alarm which is
-@@ -2469,6 +2530,48 @@ do_ssh2_kex(void)
+@@ -2482,6 +2543,48 @@ do_ssh2_kex(void)
         myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(
             list_hostkey_types());
  
@@ -3067,10 +3035,10 @@ index 7523de9..d787fea 100644
 +
         /* start key exchange */
         kex = kex_setup(myproposal);
-        kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
-@@ -2477,6 +2580,13 @@ do_ssh2_kex(void)
-        kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
+ #ifdef WITH_OPENSSL
+@@ -2492,6 +2595,13 @@ do_ssh2_kex(void)
         kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
+ #endif
         kex->kex[KEX_C25519_SHA256] = kexc25519_server;
 +#ifdef GSSAPI
 +       if (options.gss_keyex) {
@@ -3096,10 +3064,10 @@ index e9045bc..d9b8594 100644
  # Set this to 'yes' to enable PAM authentication, account processing,
  # and session processing. If this is enabled, PAM authentication will
 diff --git a/sshd_config.5 b/sshd_config.5
-index ce71efe..ceed88a 100644
+index fd44abe..c8b43da 100644
 --- a/sshd_config.5
 +++ b/sshd_config.5
-@@ -493,12 +493,40 @@ Specifies whether user authentication based on GSSAPI is allowed.
+@@ -527,12 +527,40 @@ Specifies whether user authentication based on GSSAPI is allowed.
  The default is
  .Dq no .
  Note that this option applies to protocol version 2 only.
@@ -3140,3 +3108,36 @@ index ce71efe..ceed88a 100644
  .It Cm HostbasedAuthentication
  Specifies whether rhosts or /etc/hosts.equiv authentication together
  with successful public key client host authentication is allowed
+diff --git a/sshkey.c b/sshkey.c
+index fdd0c8a..1a96eae 100644
+--- a/sshkey.c
++++ b/sshkey.c
+@@ -110,6 +110,7 @@ static const struct keytype keytypes[] = {
+        { "ssh-dss-cert-v00@openssh.com", "DSA-CERT-V00",
+            KEY_DSA_CERT_V00, 0, 1 },
+ #endif /* WITH_OPENSSL */
++       { "null", "null", KEY_NULL, 0, 0 },
+        { NULL, NULL, -1, -1, 0 }
+ };
+ 
+@@ -198,7 +199,7 @@ key_alg_list(int certs_only, int plain_only)
+        const struct keytype *kt;
+ 
+        for (kt = keytypes; kt->type != -1; kt++) {
+-               if (kt->name == NULL)
++               if (kt->name == NULL || kt->type == KEY_NULL)
+                        continue;
+                if ((certs_only && !kt->cert) || (plain_only && kt->cert))
+                        continue;
+diff --git a/sshkey.h b/sshkey.h
+index 450b30c..b573e7f 100644
+--- a/sshkey.h
++++ b/sshkey.h
+@@ -64,6 +64,7 @@ enum sshkey_types {
+        KEY_ED25519_CERT,
+        KEY_RSA_CERT_V00,
+        KEY_DSA_CERT_V00,
++       KEY_NULL,
+        KEY_UNSPEC
+ };
+