New upstream release (7.8p1)

Closes: #907534

32 files changed, 669 insertions, 749 deletions

diff --git a/debian/.git-dpm b/debian/.git-dpm
index 40345f1a3..7cfb27f1e 100644
--- a/debian/.git-dpm
+++ b/debian/.git-dpm
@@ -1,11 +1,11 @@
 # see git-dpm(1) from git-dpm package
-c4ca1497658e0508e8595ad74978c07bc92a18e3
-c4ca1497658e0508e8595ad74978c07bc92a18e3
-ed6ae9c1a014a08ff5db3d768f01f2e427eeb476
-ed6ae9c1a014a08ff5db3d768f01f2e427eeb476
-openssh_7.7p1.orig.tar.gz
-446fe9ed171f289f0d62197dffdbfdaaf21c49f2
-1536900
+16a47fc4b04977a14f44dd433c8da1499fa80671
+16a47fc4b04977a14f44dd433c8da1499fa80671
+e6547182a54f0f268ee36e7c99319eeddffbaff2
+e6547182a54f0f268ee36e7c99319eeddffbaff2
+openssh_7.8p1.orig.tar.gz
+27e267e370315561de96577fccae563bc2c37a60
+1548026
 debianTag="debian/%e%%%V"
 patchedTag="patched/%e%%%V"
 upstreamTag="upstream/%U"
diff --git a/debian/NEWS b/debian/NEWS
index 08e596552..dd32ef436 100644
--- a/debian/NEWS
+++ b/debian/NEWS
@@ -1,3 +1,42 @@
+openssh (1:7.8p1-1) UNRELEASED; urgency=medium
+
+  OpenSSH 7.8 includes a number of changes that may affect existing
+  configurations:
+
+   * ssh-keygen(1): Write OpenSSH format private keys by default instead of
+     using OpenSSL's PEM format.  The OpenSSH format, supported in OpenSSH
+     releases since 2014 and described in the PROTOCOL.key file in the
+     source distribution, offers substantially better protection against
+     offline password guessing and supports key comments in private keys.
+     If necessary, it is possible to write old PEM-style keys by adding "-m
+     PEM" to ssh-keygen's arguments when generating or updating a key.
+   * sshd(8): Remove internal support for S/Key multiple factor
+     authentication.  S/Key may still be used via PAM or BSD auth.
+   * ssh(1): Remove vestigial support for running ssh(1) as setuid.  This
+     used to be required for hostbased authentication and the (long gone)
+     rhosts-style authentication, but has not been necessary for a long
+     time.  Attempting to execute ssh as a setuid binary, or with uid !=
+     effective uid will now yield a fatal error at runtime.
+   * sshd(8): The semantics of PubkeyAcceptedKeyTypes and the similar
+     HostbasedAcceptedKeyTypes options have changed.  These now specify
+     signature algorithms that are accepted for their respective
+     authentication mechanism, where previously they specified accepted key
+     types.  This distinction matters when using the RSA/SHA2 signature
+     algorithms "rsa-sha2-256", "rsa-sha2-512" and their certificate
+     counterparts.  Configurations that override these options but omit
+     these algorithm names may cause unexpected authentication failures (no
+     action is required for configurations that accept the default for these
+     options).
+   * sshd(8): The precedence of session environment variables has changed.
+     ~/.ssh/environment and environment="..." options in authorized_keys
+     files can no longer override SSH_* variables set implicitly by sshd.
+   * ssh(1)/sshd(8): The default IPQoS used by ssh/sshd has changed.  They
+     will now use DSCP AF21 for interactive traffic and CS1 for bulk.  For a
+     detailed rationale, please see the commit message:
+     https://cvsweb.openbsd.org/src/usr.bin/ssh/readconf.c#rev1.284
+
+ -- Colin Watson <cjwatson@debian.org>  Fri, 24 Aug 2018 10:13:03 +0100
+
 openssh (1:7.6p1-1) unstable; urgency=medium
 
   OpenSSH 7.6 includes a number of changes that may affect existing
diff --git a/debian/changelog b/debian/changelog
index bef0cb443..c3502c25a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,106 @@
-openssh (1:7.7p1-5) UNRELEASED; urgency=medium
-
+openssh (1:7.8p1-1) UNRELEASED; urgency=medium
+
+  * New upstream release (https://www.openssh.com/txt/release-7.8, closes:
+    #907534):
+    - ssh-keygen(1): Write OpenSSH format private keys by default instead of
+      using OpenSSL's PEM format (closes: #905407).  The OpenSSH format,
+      supported in OpenSSH releases since 2014 and described in the
+      PROTOCOL.key file in the source distribution, offers substantially
+      better protection against offline password guessing and supports key
+      comments in private keys.  If necessary, it is possible to write old
+      PEM-style keys by adding "-m PEM" to ssh-keygen's arguments when
+      generating or updating a key.
+    - sshd(8): Remove internal support for S/Key multiple factor
+      authentication.  S/Key may still be used via PAM or BSD auth.
+    - ssh(1): Remove vestigial support for running ssh(1) as setuid.  This
+      used to be required for hostbased authentication and the (long gone)
+      rhosts-style authentication, but has not been necessary for a long
+      time.  Attempting to execute ssh as a setuid binary, or with uid !=
+      effective uid will now yield a fatal error at runtime.
+    - sshd(8): The semantics of PubkeyAcceptedKeyTypes and the similar
+      HostbasedAcceptedKeyTypes options have changed.  These now specify
+      signature algorithms that are accepted for their respective
+      authentication mechanism, where previously they specified accepted key
+      types.  This distinction matters when using the RSA/SHA2 signature
+      algorithms "rsa-sha2-256", "rsa-sha2-512" and their certificate
+      counterparts.  Configurations that override these options but omit
+      these algorithm names may cause unexpected authentication failures (no
+      action is required for configurations that accept the default for
+      these options).
+    - sshd(8): The precedence of session environment variables has changed.
+      ~/.ssh/environment and environment="..." options in authorized_keys
+      files can no longer override SSH_* variables set implicitly by sshd.
+    - ssh(1)/sshd(8): The default IPQoS used by ssh/sshd has changed.  They
+      will now use DSCP AF21 for interactive traffic and CS1 for bulk.  For
+      a detailed rationale, please see the commit message:
+      https://cvsweb.openbsd.org/src/usr.bin/ssh/readconf.c#rev1.284
+    - ssh(1)/sshd(8): Add new signature algorithms "rsa-sha2-256-cert-
+      v01@openssh.com" and "rsa-sha2-512-cert-v01@openssh.com" to explicitly
+      force use of RSA/SHA2 signatures in authentication.
+    - sshd(8): Extend the PermitUserEnvironment option to accept a whitelist
+      of environment variable names in addition to global "yes" or "no"
+      settings.
+    - sshd(8): Add a PermitListen directive to sshd_config(5) and a
+      corresponding permitlisten= authorized_keys option that control which
+      listen addresses and port numbers may be used by remote forwarding
+      (ssh -R ...).
+    - sshd(8): Add some countermeasures against timing attacks used for
+      account validation/enumeration.  sshd will enforce a minimum time or
+      each failed authentication attempt consisting of a global 5ms minimum
+      plus an additional per-user 0-4ms delay derived from a host secret.
+    - sshd(8): Add a SetEnv directive to allow an administrator to
+      explicitly specify environment variables in sshd_config.  Variables
+      set by SetEnv override the default and client-specified environment.
+    - ssh(1): Add a SetEnv directive to request that the server sets an
+      environment variable in the session.  Similar to the existing SendEnv
+      option, these variables are set subject to server configuration.
+    - ssh(1): Allow "SendEnv -PATTERN" to clear environment variables
+      previously marked for sending to the server (closes: #573316).
+    - ssh(1)/sshd(8): Make UID available as a %-expansion everywhere that
+      the username is available currently.
+    - ssh(1): Allow setting ProxyJump=none to disable ProxyJump
+      functionality.
+    - sshd(8): Avoid observable differences in request parsing that could be
+      used to determine whether a target user is valid.
+    - ssh(1)/sshd(8): Fix some memory leaks.
+    - ssh(1): Fix a pwent clobber (introduced in openssh-7.7) that could
+      occur during key loading, manifesting as crash on some platforms.
+    - sshd_config(5): Clarify documentation for AuthenticationMethods
+      option.
+    - ssh(1): Ensure that the public key algorithm sent in a public key
+      SSH_MSG_USERAUTH_REQUEST matches the content of the signature blob.
+      Previously, these could be inconsistent when a legacy or non-OpenSSH
+      ssh-agent returned a RSA/SHA1 signature when asked to make a RSA/SHA2
+      signature.
+    - sshd(8): Fix failures to read authorized_keys caused by faulty
+      supplemental group caching.
+    - scp(1): Apply umask to directories, fixing potential mkdir/chmod race
+      when copying directory trees.
+    - ssh-keygen(1): Return correct exit code when searching for and hashing
+      known_hosts entries in a single operation.
+    - ssh(1): Prefer the ssh binary pointed to via argv[0] to $PATH when
+      re-executing ssh for ProxyJump.
+    - sshd(8): Do not ban PTY allocation when a sshd session is restricted
+      because the user password is expired as it breaks password change
+      dialog.
+    - ssh(1)/sshd(8): Fix error reporting from select() failures.
+    - ssh(1): Improve documentation for -w (tunnel) flag, emphasising that
+      -w implicitly sets Tunnel=point-to-point.
+    - ssh-agent(1): Implement EMFILE mitigation for ssh-agent.  ssh-agent
+      will no longer spin when its file descriptor limit is exceeded.
+    - ssh(1)/sshd(8): Disable SSH2_MSG_DEBUG messages for Twisted Conch
+      clients.  Twisted Conch versions that lack a version number in their
+      identification strings will mishandle these messages when running on
+      Python 2.x (https://twistedmatrix.com/trac/ticket/9422).
+    - sftp(1): Notify user immediately when underlying ssh process dies
+      expectedly.
+    - ssh(1)/sshd(8): Fix tunnel forwarding; regression in 7.7 release.
+    - ssh-agent(1): Don't kill ssh-agent's listening socket entirely if it
+      fails to accept(2) a connection.
+    - ssh(1): Add some missing options in the configuration dump output (ssh
+      -G).
+    - sshd(8): Expose details of completed authentication to PAM auth
+      modules via SSH_AUTH_INFO_0 in the PAM environment.
   * Switch debian/watch to HTTPS.
 
  -- Colin Watson <cjwatson@debian.org>  Fri, 24 Aug 2018 10:13:03 +0100
diff --git a/debian/patches/authorized-keys-man-symlink.patch b/debian/patches/authorized-keys-man-symlink.patch
index b5a1ea191..ad2890400 100644
--- a/debian/patches/authorized-keys-man-symlink.patch
+++ b/debian/patches/authorized-keys-man-symlink.patch
@@ -1,4 +1,4 @@
-From 66488db1ed04b4ca150ec530ed212fa46a653c1a Mon Sep 17 00:00:00 2001
+From 153278a21da639b5ad965632485f79ea4ac5e705 Mon Sep 17 00:00:00 2001
 From: Tomas Pospisek <tpo_deb@sourcepole.ch>
 Date: Sun, 9 Feb 2014 16:10:07 +0000
 Subject: Install authorized_keys(5) as a symlink to sshd(8)
@@ -13,10 +13,10 @@ Patch-Name: authorized-keys-man-symlink.patch
  1 file changed, 1 insertion(+)
 
 diff --git a/Makefile.in b/Makefile.in
-index 6f3f042b1..1afb4f798 100644
+index 6175c6063..0ee0285f6 100644
 --- a/Makefile.in
 +++ b/Makefile.in
-@@ -352,6 +352,7 @@ install-files:
+@@ -356,6 +356,7 @@ install-files:
         $(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5
         $(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh_config.5
         $(INSTALL) -m 644 sshd.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8
diff --git a/debian/patches/debian-banner.patch b/debian/patches/debian-banner.patch
index 9062918f6..98d97dce8 100644
--- a/debian/patches/debian-banner.patch
+++ b/debian/patches/debian-banner.patch
@@ -1,4 +1,4 @@
-From 9ec4db016a0510c449f9cefeb3299c2e755698c7 Mon Sep 17 00:00:00 2001
+From 905ffae23105d59b013aac809da6195d231b0395 Mon Sep 17 00:00:00 2001
 From: Kees Cook <kees@debian.org>
 Date: Sun, 9 Feb 2014 16:10:06 +0000
 Subject: Add DebianBanner server configuration option
@@ -8,7 +8,7 @@ initial protocol handshake, for those scared by package-versioning.patch.
 
 Bug-Debian: http://bugs.debian.org/562048
 Forwarded: not-needed
-Last-Update: 2018-04-03
+Last-Update: 2018-08-24
 
 Patch-Name: debian-banner.patch
 ---
@@ -19,10 +19,10 @@ Patch-Name: debian-banner.patch
  4 files changed, 18 insertions(+), 1 deletion(-)
 
 diff --git a/servconf.c b/servconf.c
-index 3fff3d531..0a8f6fd62 100644
+index e49984a81..bb43a649c 100644
 --- a/servconf.c
 +++ b/servconf.c
-@@ -177,6 +177,7 @@ initialize_server_options(ServerOptions *options)
+@@ -181,6 +181,7 @@ initialize_server_options(ServerOptions *options)
         options->fingerprint_hash = -1;
         options->disable_forwarding = -1;
         options->expose_userauth_info = -1;
@@ -30,7 +30,7 @@ index 3fff3d531..0a8f6fd62 100644
  }
  
  /* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */
-@@ -393,6 +394,8 @@ fill_default_server_options(ServerOptions *options)
+@@ -413,6 +414,8 @@ fill_default_server_options(ServerOptions *options)
                 options->disable_forwarding = 0;
         if (options->expose_userauth_info == -1)
                 options->expose_userauth_info = 0;
@@ -39,7 +39,7 @@ index 3fff3d531..0a8f6fd62 100644
  
         assemble_algorithms(options);
  
-@@ -480,6 +483,7 @@ typedef enum {
+@@ -500,6 +503,7 @@ typedef enum {
         sStreamLocalBindMask, sStreamLocalBindUnlink,
         sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding,
         sExposeAuthInfo, sRDomain,
@@ -47,7 +47,7 @@ index 3fff3d531..0a8f6fd62 100644
         sDeprecated, sIgnore, sUnsupported
  } ServerOpCodes;
  
-@@ -634,6 +638,7 @@ static struct {
+@@ -656,6 +660,7 @@ static struct {
         { "disableforwarding", sDisableForwarding, SSHCFG_ALL },
         { "exposeauthinfo", sExposeAuthInfo, SSHCFG_ALL },
         { "rdomain", sRDomain, SSHCFG_ALL },
@@ -55,7 +55,7 @@ index 3fff3d531..0a8f6fd62 100644
         { NULL, sBadOption, 0 }
  };
  
-@@ -2056,6 +2061,10 @@ process_server_config_line(ServerOptions *options, char *line,
+@@ -2164,6 +2169,10 @@ process_server_config_line(ServerOptions *options, char *line,
                         *charptr = xstrdup(arg);
                 break;
  
@@ -67,20 +67,20 @@ index 3fff3d531..0a8f6fd62 100644
         case sIgnore:
         case sUnsupported:
 diff --git a/servconf.h b/servconf.h
-index 5dfc9bc02..b0fa70455 100644
+index 9b117fe27..76098119b 100644
 --- a/servconf.h
 +++ b/servconf.h
 @@ -211,6 +211,8 @@ typedef struct {
- 
         int     fingerprint_hash;
         int     expose_userauth_info;
+        u_int64_t timing_secret;
 +
 +       int     debian_banner;
  }       ServerOptions;
  
  /* Information about the incoming connection as used by Match */
 diff --git a/sshd.c b/sshd.c
-index 9a7f5495c..1d645a170 100644
+index ffd3dad6a..698593605 100644
 --- a/sshd.c
 +++ b/sshd.c
 @@ -384,7 +384,8 @@ sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out)
@@ -94,10 +94,10 @@ index 9a7f5495c..1d645a170 100644
             options.version_addendum);
  
 diff --git a/sshd_config.5 b/sshd_config.5
-index 1a1c6dd09..45044a70f 100644
+index 0fbbccbde..96a69ab55 100644
 --- a/sshd_config.5
 +++ b/sshd_config.5
-@@ -531,6 +531,11 @@ or
+@@ -532,6 +532,11 @@ or
  .Cm no .
  The default is
  .Cm yes .
diff --git a/debian/patches/debian-config.patch b/debian/patches/debian-config.patch
index be6d7df30..fd86d5a4d 100644
--- a/debian/patches/debian-config.patch
+++ b/debian/patches/debian-config.patch
@@ -1,4 +1,4 @@
-From e8e09061f8168f6f105f56fca10b6cd61b9f587a Mon Sep 17 00:00:00 2001
+From 157278376c0eb6e4de3d47e8573684095a230685 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:18 +0000
 Subject: Various Debian-specific configuration changes
@@ -39,10 +39,10 @@ Patch-Name: debian-config.patch
  6 files changed, 77 insertions(+), 9 deletions(-)
 
 diff --git a/readconf.c b/readconf.c
-index 50349e238..efcf2d628 100644
+index 3ed6dfb54..a3d42f2ae 100644
 --- a/readconf.c
 +++ b/readconf.c
-@@ -1916,7 +1916,7 @@ fill_default_options(Options * options)
+@@ -1974,7 +1974,7 @@ fill_default_options(Options * options)
         if (options->forward_x11 == -1)
                 options->forward_x11 = 0;
         if (options->forward_x11_trusted == -1)
@@ -52,10 +52,10 @@ index 50349e238..efcf2d628 100644
                 options->forward_x11_timeout = 1200;
         /*
 diff --git a/ssh.1 b/ssh.1
-index f8fc26d2a..8a03db952 100644
+index 0a8e63f51..ba55aa665 100644
 --- a/ssh.1
 +++ b/ssh.1
-@@ -768,6 +768,16 @@ directive in
+@@ -772,6 +772,16 @@ directive in
  .Xr ssh_config 5
  for more information.
  .Pp
@@ -72,7 +72,7 @@ index f8fc26d2a..8a03db952 100644
  .It Fl x
  Disables X11 forwarding.
  .Pp
-@@ -776,6 +786,17 @@ Enables trusted X11 forwarding.
+@@ -780,6 +790,17 @@ Enables trusted X11 forwarding.
  Trusted X11 forwardings are not subjected to the X11 SECURITY extension
  controls.
  .Pp
@@ -114,7 +114,7 @@ index bcb9f153d..1b676fb2c 100644
 +    HashKnownHosts yes
 +    GSSAPIAuthentication yes
 diff --git a/ssh_config.5 b/ssh_config.5
-index ca0528842..ed6e5d026 100644
+index cb68f51a6..35c578c3b 100644
 --- a/ssh_config.5
 +++ b/ssh_config.5
 @@ -71,6 +71,22 @@ Since the first obtained value for each parameter is used, more
@@ -140,7 +140,7 @@ index ca0528842..ed6e5d026 100644
  The file contains keyword-argument pairs, one per line.
  Lines starting with
  .Ql #
-@@ -690,11 +706,12 @@ elapsed.
+@@ -681,11 +697,12 @@ elapsed.
  .It Cm ForwardX11Trusted
  If this option is set to
  .Cm yes ,
@@ -155,7 +155,7 @@ index ca0528842..ed6e5d026 100644
  from stealing or tampering with data belonging to trusted X11
  clients.
 diff --git a/sshd_config b/sshd_config
-index 86263d713..de9cc9fe2 100644
+index 2c48105f8..ed8272f6d 100644
 --- a/sshd_config
 +++ b/sshd_config
 @@ -57,8 +57,9 @@ AuthorizedKeysFile    .ssh/authorized_keys
@@ -189,8 +189,8 @@ index 86263d713..de9cc9fe2 100644
 +PrintMotd no
  #PrintLastLog yes
  #TCPKeepAlive yes
- #UseLogin no
-@@ -108,8 +109,11 @@ AuthorizedKeysFile .ssh/authorized_keys
+ #PermitUserEnvironment no
+@@ -107,8 +108,11 @@ AuthorizedKeysFile .ssh/authorized_keys
  # no default banner path
  #Banner none
  
@@ -204,7 +204,7 @@ index 86263d713..de9cc9fe2 100644
  # Example of overriding settings on a per-user basis
  #Match User anoncvs
 diff --git a/sshd_config.5 b/sshd_config.5
-index 44b918463..4c7ee4254 100644
+index 9774831fe..15b82e84d 100644
 --- a/sshd_config.5
 +++ b/sshd_config.5
 @@ -56,6 +56,28 @@ Arguments may optionally be enclosed in double quotes
diff --git a/debian/patches/dnssec-sshfp.patch b/debian/patches/dnssec-sshfp.patch
index 6c2ebf173..6e90d402c 100644
--- a/debian/patches/dnssec-sshfp.patch
+++ b/debian/patches/dnssec-sshfp.patch
@@ -1,4 +1,4 @@
-From 8c11a03efd47de883b52838735d6890ca8d4d9f8 Mon Sep 17 00:00:00 2001
+From 298716354cedb77d8e3672a2157d63e15a778d64 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:01 +0000
 Subject: Force use of DNSSEC even if "options edns0" isn't in resolv.conf
diff --git a/debian/patches/doc-hash-tab-completion.patch b/debian/patches/doc-hash-tab-completion.patch
index 599b8c0f6..2b7936a5d 100644
--- a/debian/patches/doc-hash-tab-completion.patch
+++ b/debian/patches/doc-hash-tab-completion.patch
@@ -1,4 +1,4 @@
-From 6765f629a8f5416b133d26e023a201193c33d8b5 Mon Sep 17 00:00:00 2001
+From c1af61a47620c9f50efb53774139c308410f9296 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:11 +0000
 Subject: Document that HashKnownHosts may break tab-completion
@@ -13,10 +13,10 @@ Patch-Name: doc-hash-tab-completion.patch
  1 file changed, 3 insertions(+)
 
 diff --git a/ssh_config.5 b/ssh_config.5
-index 84dcd52cc..ca0528842 100644
+index 03341a229..cb68f51a6 100644
 --- a/ssh_config.5
 +++ b/ssh_config.5
-@@ -784,6 +784,9 @@ Note that existing names and addresses in known hosts files
+@@ -775,6 +775,9 @@ Note that existing names and addresses in known hosts files
  will not be converted automatically,
  but may be manually hashed using
  .Xr ssh-keygen 1 .
diff --git a/debian/patches/gnome-ssh-askpass2-icon.patch b/debian/patches/gnome-ssh-askpass2-icon.patch
index 3a4a5c896..eb212da29 100644
--- a/debian/patches/gnome-ssh-askpass2-icon.patch
+++ b/debian/patches/gnome-ssh-askpass2-icon.patch
@@ -1,4 +1,4 @@
-From 4ccb07d2ebea1b01b56a455790224ce97a0b36e8 Mon Sep 17 00:00:00 2001
+From cae89cd0edc9d656661ea05b7ecca4c9a9ba4d77 Mon Sep 17 00:00:00 2001
 From: Vincent Untz <vuntz@ubuntu.com>
 Date: Sun, 9 Feb 2014 16:10:16 +0000
 Subject: Give the ssh-askpass-gnome window a default icon
diff --git a/debian/patches/gssapi.patch b/debian/patches/gssapi.patch
index d47b0a796..25edd5cbe 100644
--- a/debian/patches/gssapi.patch
+++ b/debian/patches/gssapi.patch
@@ -1,4 +1,4 @@
-From cb427e23bf78d65407c78d868c4ef525dbfaa68f Mon Sep 17 00:00:00 2001
+From e6c7c11ac2576ac62334616bd4408bf64140bba7 Mon Sep 17 00:00:00 2001
 From: Simon Wilkinson <simon@sxw.org.uk>
 Date: Sun, 9 Feb 2014 16:09:48 +0000
 Subject: GSSAPI key exchange support
@@ -17,7 +17,7 @@ have it merged into the main openssh package rather than having separate
 security history.
 
 Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242
-Last-Updated: 2017-10-04
+Last-Updated: 2018-08-24
 
 Patch-Name: gssapi.patch
 ---
@@ -25,23 +25,23 @@ Patch-Name: gssapi.patch
  Makefile.in      |   3 +-
  auth-krb5.c      |  17 ++-
  auth.c           |  96 +-------------
- auth2-gss.c      |  49 ++++++-
+ auth2-gss.c      |  54 +++++++-
  auth2.c          |   2 +
  canohost.c       |  93 +++++++++++++
  canohost.h       |   3 +
  clientloop.c     |  15 ++-
  config.h.in      |   6 +
  configure.ac     |  24 ++++
- gss-genr.c       | 275 +++++++++++++++++++++++++++++++++++++-
+ gss-genr.c       | 277 +++++++++++++++++++++++++++++++++++++-
  gss-serv-krb5.c  |  85 +++++++++++-
  gss-serv.c       | 184 ++++++++++++++++++++++++--
  kex.c            |  19 +++
  kex.h            |  14 ++
  kexgssc.c        | 338 +++++++++++++++++++++++++++++++++++++++++++++++
  kexgsss.c        | 295 +++++++++++++++++++++++++++++++++++++++++
- monitor.c        | 115 ++++++++++++++--
+ monitor.c        | 122 +++++++++++++++--
  monitor.h        |   3 +
- monitor_wrap.c   |  47 ++++++-
+ monitor_wrap.c   |  53 +++++++-
  monitor_wrap.h   |   4 +-
  readconf.c       |  43 ++++++
  readconf.h       |   5 +
@@ -50,13 +50,13 @@ Patch-Name: gssapi.patch
  ssh-gss.h        |  41 +++++-
  ssh_config       |   2 +
  ssh_config.5     |  32 +++++
- sshconnect2.c    | 131 +++++++++++++++++-
+ sshconnect2.c    | 133 ++++++++++++++++++-
  sshd.c           | 112 +++++++++++++++-
  sshd_config      |   2 +
  sshd_config.5    |  10 ++
  sshkey.c         |   3 +-
  sshkey.h         |   1 +
- 35 files changed, 2063 insertions(+), 147 deletions(-)
+ 35 files changed, 2087 insertions(+), 145 deletions(-)
  create mode 100644 ChangeLog.gssapi
  create mode 100644 kexgssc.c
  create mode 100644 kexgsss.c
@@ -181,7 +181,7 @@ index 000000000..f117a336a
 +    (from jbasney AT ncsa.uiuc.edu)
 +    <gssapi-with-mic support is Bugzilla #1008>
 diff --git a/Makefile.in b/Makefile.in
-index 04e1c8e53..6f3f042b1 100644
+index 2385c62a8..6175c6063 100644
 --- a/Makefile.in
 +++ b/Makefile.in
 @@ -100,6 +100,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
@@ -193,7 +193,7 @@ index 04e1c8e53..6f3f042b1 100644
  
  SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
 @@ -113,7 +114,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o \
-        auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o \
+        auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o \
         auth2-none.o auth2-passwd.o auth2-pubkey.o \
         monitor.o monitor_wrap.o auth-krb5.o \
 -       auth2-gss.o gss-serv.o gss-serv-krb5.o \
@@ -202,7 +202,7 @@ index 04e1c8e53..6f3f042b1 100644
         sftp-server.o sftp-common.o \
         sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
 diff --git a/auth-krb5.c b/auth-krb5.c
-index a5a81ed2e..38e7fee21 100644
+index 3096f1c8e..204752e1b 100644
 --- a/auth-krb5.c
 +++ b/auth-krb5.c
 @@ -182,8 +182,13 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
@@ -253,10 +253,10 @@ index a5a81ed2e..38e7fee21 100644
         return (krb5_cc_resolve(ctx, ccname, ccache));
  }
 diff --git a/auth.c b/auth.c
-index 63366768a..76d586e31 100644
+index 9a3bc96f1..80eb78c48 100644
 --- a/auth.c
 +++ b/auth.c
-@@ -396,7 +396,8 @@ auth_root_allowed(struct ssh *ssh, const char *method)
+@@ -395,7 +395,8 @@ auth_root_allowed(struct ssh *ssh, const char *method)
         case PERMIT_NO_PASSWD:
                 if (strcmp(method, "publickey") == 0 ||
                     strcmp(method, "hostbased") == 0 ||
@@ -266,7 +266,7 @@ index 63366768a..76d586e31 100644
                         return 1;
                 break;
         case PERMIT_FORCED_ONLY:
-@@ -728,99 +729,6 @@ fakepw(void)
+@@ -733,99 +734,6 @@ fakepw(void)
         return (&fake);
  }
  
@@ -367,11 +367,11 @@ index 63366768a..76d586e31 100644
   * Return the canonical name of the host in the other side of the current
   * connection.  The host name is cached, so it is efficient to call this
 diff --git a/auth2-gss.c b/auth2-gss.c
-index 589283b72..fd411d3a7 100644
+index 9351e0428..1f12bb113 100644
 --- a/auth2-gss.c
 +++ b/auth2-gss.c
 @@ -1,7 +1,7 @@
- /* $OpenBSD: auth2-gss.c,v 1.26 2017/06/24 06:34:38 djm Exp $ */
+ /* $OpenBSD: auth2-gss.c,v 1.29 2018/07/31 03:10:27 djm Exp $ */
  
  /*
 - * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@@ -379,7 +379,7 @@ index 589283b72..fd411d3a7 100644
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
-@@ -53,6 +53,41 @@ static int input_gssapi_mic(int type, u_int32_t plen, struct ssh *ssh);
+@@ -54,6 +54,46 @@ static int input_gssapi_mic(int type, u_int32_t plen, struct ssh *ssh);
  static int input_gssapi_exchange_complete(int type, u_int32_t plen, struct ssh *ssh);
  static int input_gssapi_errtok(int, u_int32_t, struct ssh *);
  
@@ -390,21 +390,26 @@ index 589283b72..fd411d3a7 100644
 +userauth_gsskeyex(struct ssh *ssh)
 +{
 +       Authctxt *authctxt = ssh->authctxt;
-+       int authenticated = 0;
-+       Buffer b;
++       int r, authenticated = 0;
++       struct sshbuf *b;
 +       gss_buffer_desc mic, gssbuf;
-+       u_int len;
-+
-+       mic.value = packet_get_string(&len);
++       u_char *p;
++       size_t len;
++
++       if ((r = sshpkt_get_string(ssh, &p, &len)) != 0 ||
++           (r = sshpkt_get_end(ssh)) != 0)
++               fatal("%s: %s", __func__, ssh_err(r));
++       if ((b = sshbuf_new()) == NULL)
++               fatal("%s: sshbuf_new failed", __func__);
++       mic.value = p;
 +       mic.length = len;
 +
-+       packet_check_eom();
-+
-+       ssh_gssapi_buildmic(&b, authctxt->user, authctxt->service,
++       ssh_gssapi_buildmic(b, authctxt->user, authctxt->service,
 +           "gssapi-keyex");
 +
-+       gssbuf.value = buffer_ptr(&b);
-+       gssbuf.length = buffer_len(&b);
++       if ((gssbuf.value = sshbuf_mutable_ptr(b)) == NULL)
++               fatal("%s: sshbuf_mutable_ptr failed", __func__);
++       gssbuf.length = sshbuf_len(b);
 +
 +       /* gss_kex_context is NULL with privsep, so we can't check it here */
 +       if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gss_kex_context, 
@@ -412,7 +417,7 @@ index 589283b72..fd411d3a7 100644
 +               authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user,
 +                   authctxt->pw));
 +       
-+       buffer_free(&b);
++       sshbuf_free(b);
 +       free(mic.value);
 +
 +       return (authenticated);
@@ -421,9 +426,9 @@ index 589283b72..fd411d3a7 100644
  /*
   * We only support those mechanisms that we know about (ie ones that we know
   * how to check local user kuserok and the like)
-@@ -240,7 +275,8 @@ input_gssapi_exchange_complete(int type, u_int32_t plen, struct ssh *ssh)
- 
-        packet_check_eom();
+@@ -260,7 +300,8 @@ input_gssapi_exchange_complete(int type, u_int32_t plen, struct ssh *ssh)
+        if ((r = sshpkt_get_end(ssh)) != 0)
+                fatal("%s: %s", __func__, ssh_err(r));
  
 -       authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user));
 +       authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user,
@@ -431,8 +436,8 @@ index 589283b72..fd411d3a7 100644
  
         if ((!use_privsep || mm_is_monitor()) &&
             (displayname = ssh_gssapi_displayname()) != NULL)
-@@ -281,7 +317,8 @@ input_gssapi_mic(int type, u_int32_t plen, struct ssh *ssh)
-        gssbuf.length = buffer_len(&b);
+@@ -306,7 +347,8 @@ input_gssapi_mic(int type, u_int32_t plen, struct ssh *ssh)
+        gssbuf.length = sshbuf_len(b);
  
         if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gssctxt, &gssbuf, &mic))))
 -               authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user));
@@ -441,7 +446,7 @@ index 589283b72..fd411d3a7 100644
         else
                 logit("GSSAPI MIC check failed");
  
-@@ -301,6 +338,12 @@ input_gssapi_mic(int type, u_int32_t plen, struct ssh *ssh)
+@@ -326,6 +368,12 @@ input_gssapi_mic(int type, u_int32_t plen, struct ssh *ssh)
         return 0;
  }
  
@@ -455,10 +460,10 @@ index 589283b72..fd411d3a7 100644
         "gssapi-with-mic",
         userauth_gssapi,
 diff --git a/auth2.c b/auth2.c
-index e0034229a..c34f58c45 100644
+index ab8795895..96efe164c 100644
 --- a/auth2.c
 +++ b/auth2.c
-@@ -72,6 +72,7 @@ extern Authmethod method_passwd;
+@@ -74,6 +74,7 @@ extern Authmethod method_passwd;
  extern Authmethod method_kbdint;
  extern Authmethod method_hostbased;
  #ifdef GSSAPI
@@ -466,7 +471,7 @@ index e0034229a..c34f58c45 100644
  extern Authmethod method_gssapi;
  #endif
  
-@@ -79,6 +80,7 @@ Authmethod *authmethods[] = {
+@@ -81,6 +82,7 @@ Authmethod *authmethods[] = {
         &method_none,
         &method_pubkey,
  #ifdef GSSAPI
@@ -593,7 +598,7 @@ index 26d62855a..0cadc9f18 100644
  int             get_peer_port(int);
  char           *get_local_ipaddr(int);
 diff --git a/clientloop.c b/clientloop.c
-index 7bcf22e38..ef803e985 100644
+index ad35cb7ba..e69c5141f 100644
 --- a/clientloop.c
 +++ b/clientloop.c
 @@ -112,6 +112,10 @@
@@ -607,7 +612,7 @@ index 7bcf22e38..ef803e985 100644
  /* import options */
  extern Options options;
  
-@@ -1335,9 +1339,18 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg,
+@@ -1357,9 +1361,18 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg,
                         break;
  
                 /* Do channel operations unless rekeying in progress. */
@@ -628,10 +633,10 @@ index 7bcf22e38..ef803e985 100644
                 client_process_net_input(readset);
  
 diff --git a/config.h.in b/config.h.in
-index 572087407..4c9545c78 100644
+index 7940b4c86..93295da07 100644
 --- a/config.h.in
 +++ b/config.h.in
-@@ -1746,6 +1746,9 @@
+@@ -1749,6 +1749,9 @@
  /* Use btmp to log bad logins */
  #undef USE_BTMP
  
@@ -641,7 +646,7 @@ index 572087407..4c9545c78 100644
  /* Use libedit for sftp */
  #undef USE_LIBEDIT
  
-@@ -1761,6 +1764,9 @@
+@@ -1764,6 +1767,9 @@
  /* Use PIPES instead of a socketpair() */
  #undef USE_PIPES
  
@@ -652,10 +657,10 @@ index 572087407..4c9545c78 100644
  #undef USE_SOLARIS_PRIVS
  
 diff --git a/configure.ac b/configure.ac
-index 663062bef..1cd5eab6c 100644
+index 83e530750..82428b241 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -664,6 +664,30 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
+@@ -673,6 +673,30 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
             [Use tunnel device compatibility to OpenBSD])
         AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
             [Prepend the address family to IP tunnel traffic])
@@ -687,11 +692,11 @@ index 663062bef..1cd5eab6c 100644
         AC_CHECK_DECL([AU_IPv4], [],
             AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records])
 diff --git a/gss-genr.c b/gss-genr.c
-index 62559ed9e..0b3ae073c 100644
+index d56257b4a..285fc29a5 100644
 --- a/gss-genr.c
 +++ b/gss-genr.c
 @@ -1,7 +1,7 @@
- /* $OpenBSD: gss-genr.c,v 1.24 2016/09/12 01:22:38 deraadt Exp $ */
+ /* $OpenBSD: gss-genr.c,v 1.26 2018/07/10 09:13:30 djm Exp $ */
  
  /*
 - * Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved.
@@ -699,12 +704,11 @@ index 62559ed9e..0b3ae073c 100644
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
-@@ -40,12 +40,167 @@
- #include "buffer.h"
+@@ -41,12 +41,34 @@
+ #include "sshbuf.h"
  #include "log.h"
  #include "ssh2.h"
 +#include "cipher.h"
-+#include "key.h"
 +#include "kex.h"
 +#include <openssl/evp.h>
  
@@ -732,6 +736,13 @@ index 62559ed9e..0b3ae073c 100644
 +       return (gss_enc2oid != NULL);
 +}
 +
+ /* sshbuf_get for gss_buffer_desc */
+ int
+ ssh_gssapi_get_buffer_desc(struct sshbuf *b, gss_buffer_desc *g)
+@@ -62,6 +84,141 @@ ssh_gssapi_get_buffer_desc(struct sshbuf *b, gss_buffer_desc *g)
+        return 0;
+ }
+ 
 +/*
 + * Return a list of the gss-group1-sha1 mechanisms supported by this program
 + *
@@ -754,9 +765,9 @@ index 62559ed9e..0b3ae073c 100644
 +char *
 +ssh_gssapi_kex_mechs(gss_OID_set gss_supported, ssh_gssapi_check_fn *check,
 +    const char *host, const char *client) {
-+       Buffer buf;
++       struct sshbuf *buf;
 +       size_t i;
-+       int oidpos, enclen;
++       int r, oidpos, enclen;
 +       char *mechs, *encoded;
 +       u_char digest[EVP_MAX_MD_SIZE];
 +       char deroid[2];
@@ -772,7 +783,8 @@ index 62559ed9e..0b3ae073c 100644
 +       gss_enc2oid = xmalloc(sizeof(ssh_gss_kex_mapping) *
 +           (gss_supported->count + 1));
 +
-+       buffer_init(&buf);
++       if ((buf = sshbuf_new()) == NULL)
++               fatal("%s: sshbuf_new failed", __func__);
 +
 +       oidpos = 0;
 +       for (i = 0; i < gss_supported->count; i++) {
@@ -793,20 +805,25 @@ index 62559ed9e..0b3ae073c 100644
 +                       enclen = __b64_ntop(digest, EVP_MD_size(evp_md),
 +                           encoded, EVP_MD_size(evp_md) * 2);
 +
-+                       if (oidpos != 0)
-+                               buffer_put_char(&buf, ',');
-+
-+                       buffer_append(&buf, KEX_GSS_GEX_SHA1_ID,
-+                           sizeof(KEX_GSS_GEX_SHA1_ID) - 1);
-+                       buffer_append(&buf, encoded, enclen);
-+                       buffer_put_char(&buf, ',');
-+                       buffer_append(&buf, KEX_GSS_GRP1_SHA1_ID, 
-+                           sizeof(KEX_GSS_GRP1_SHA1_ID) - 1);
-+                       buffer_append(&buf, encoded, enclen);
-+                       buffer_put_char(&buf, ',');
-+                       buffer_append(&buf, KEX_GSS_GRP14_SHA1_ID,
-+                           sizeof(KEX_GSS_GRP14_SHA1_ID) - 1);
-+                       buffer_append(&buf, encoded, enclen);
++                       if (oidpos != 0) {
++                               if ((r = sshbuf_put_u8(buf, ',')) != 0)
++                                       fatal("%s: buffer error: %s",
++                                           __func__, ssh_err(r));
++                       }
++
++                       if ((r = sshbuf_put(buf, KEX_GSS_GEX_SHA1_ID,
++                           sizeof(KEX_GSS_GEX_SHA1_ID) - 1)) != 0 ||
++                           (r = sshbuf_put(buf, encoded, enclen)) != 0 ||
++                           (r = sshbuf_put_u8(buf, ',')) != 0 ||
++                           (r = sshbuf_put(buf, KEX_GSS_GRP1_SHA1_ID,
++                           sizeof(KEX_GSS_GRP1_SHA1_ID) - 1)) != 0 ||
++                           (r = sshbuf_put(buf, encoded, enclen)) != 0 ||
++                           (r = sshbuf_put_u8(buf, ',')) != 0 ||
++                           (r = sshbuf_put(buf, KEX_GSS_GRP14_SHA1_ID,
++                           sizeof(KEX_GSS_GRP14_SHA1_ID) - 1)) != 0 ||
++                           (r = sshbuf_put(buf, encoded, enclen)) != 0)
++                               fatal("%s: buffer error: %s",
++                                   __func__, ssh_err(r));
 +
 +                       gss_enc2oid[oidpos].oid = &(gss_supported->elements[i]);
 +                       gss_enc2oid[oidpos].encoded = encoded;
@@ -816,11 +833,8 @@ index 62559ed9e..0b3ae073c 100644
 +       gss_enc2oid[oidpos].oid = NULL;
 +       gss_enc2oid[oidpos].encoded = NULL;
 +
-+       buffer_put_char(&buf, '\0');
-+
-+       mechs = xmalloc(buffer_len(&buf));
-+       buffer_get(&buf, mechs, buffer_len(&buf));
-+       buffer_free(&buf);
++       if ((mechs = sshbuf_dup_string(buf)) == NULL)
++               fatal("%s: sshbuf_dup_string failed", __func__);
 +
 +       if (strlen(mechs) == 0) {
 +               free(mechs);
@@ -867,7 +881,7 @@ index 62559ed9e..0b3ae073c 100644
  /* Check that the OID in a data stream matches that in the context */
  int
  ssh_gssapi_check_oid(Gssctxt *ctx, void *data, size_t len)
-@@ -198,7 +353,7 @@ ssh_gssapi_init_ctx(Gssctxt *ctx, int deleg_creds, gss_buffer_desc *recv_tok,
+@@ -218,7 +375,7 @@ ssh_gssapi_init_ctx(Gssctxt *ctx, int deleg_creds, gss_buffer_desc *recv_tok,
         }
  
         ctx->major = gss_init_sec_context(&ctx->minor,
@@ -876,7 +890,7 @@ index 62559ed9e..0b3ae073c 100644
             GSS_C_MUTUAL_FLAG | GSS_C_INTEG_FLAG | deleg_flag,
             0, NULL, recv_tok, NULL, send_tok, flags, NULL);
  
-@@ -227,9 +382,43 @@ ssh_gssapi_import_name(Gssctxt *ctx, const char *host)
+@@ -247,9 +404,43 @@ ssh_gssapi_import_name(Gssctxt *ctx, const char *host)
         return (ctx->major);
  }
  
@@ -920,7 +934,7 @@ index 62559ed9e..0b3ae073c 100644
         if ((ctx->major = gss_get_mic(&ctx->minor, ctx->context,
             GSS_C_QOP_DEFAULT, buffer, hash)))
                 ssh_gssapi_error(ctx);
-@@ -237,6 +426,19 @@ ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_t buffer, gss_buffer_t hash)
+@@ -257,6 +448,19 @@ ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_t buffer, gss_buffer_t hash)
         return (ctx->major);
  }
  
@@ -938,9 +952,9 @@ index 62559ed9e..0b3ae073c 100644
 +}
 +
  void
- ssh_gssapi_buildmic(Buffer *b, const char *user, const char *service,
+ ssh_gssapi_buildmic(struct sshbuf *b, const char *user, const char *service,
      const char *context)
-@@ -250,11 +452,16 @@ ssh_gssapi_buildmic(Buffer *b, const char *user, const char *service,
+@@ -273,11 +477,16 @@ ssh_gssapi_buildmic(struct sshbuf *b, const char *user, const char *service,
  }
  
  int
@@ -958,7 +972,7 @@ index 62559ed9e..0b3ae073c 100644
  
         /* RFC 4462 says we MUST NOT do SPNEGO */
         if (oid->length == spnego_oid.length && 
-@@ -264,6 +471,10 @@ ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host)
+@@ -287,6 +496,10 @@ ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host)
         ssh_gssapi_build_ctx(ctx);
         ssh_gssapi_set_oid(*ctx, oid);
         major = ssh_gssapi_import_name(*ctx, host);
@@ -969,7 +983,7 @@ index 62559ed9e..0b3ae073c 100644
         if (!GSS_ERROR(major)) {
                 major = ssh_gssapi_init_ctx(*ctx, 0, GSS_C_NO_BUFFER, &token, 
                     NULL);
-@@ -273,10 +484,66 @@ ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host)
+@@ -296,10 +509,66 @@ ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host)
                             GSS_C_NO_BUFFER);
         }
  
@@ -1038,11 +1052,11 @@ index 62559ed9e..0b3ae073c 100644
 +
  #endif /* GSSAPI */
 diff --git a/gss-serv-krb5.c b/gss-serv-krb5.c
-index 795992d9f..fd8b37183 100644
+index a151bc1e4..90f8692f5 100644
 --- a/gss-serv-krb5.c
 +++ b/gss-serv-krb5.c
 @@ -1,7 +1,7 @@
- /* $OpenBSD: gss-serv-krb5.c,v 1.8 2013/07/20 01:55:13 djm Exp $ */
+ /* $OpenBSD: gss-serv-krb5.c,v 1.9 2018/07/09 21:37:55 markus Exp $ */
  
  /*
 - * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@@ -1050,7 +1064,7 @@ index 795992d9f..fd8b37183 100644
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
-@@ -121,8 +121,8 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
+@@ -120,8 +120,8 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
         krb5_error_code problem;
         krb5_principal princ;
         OM_uint32 maj_status, min_status;
@@ -1060,7 +1074,7 @@ index 795992d9f..fd8b37183 100644
  
         if (client->creds == NULL) {
                 debug("No credentials stored");
-@@ -181,11 +181,16 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
+@@ -180,11 +180,16 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
                 return;
         }
  
@@ -1081,7 +1095,7 @@ index 795992d9f..fd8b37183 100644
  
  #ifdef USE_PAM
         if (options.use_pam)
-@@ -197,6 +202,71 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
+@@ -196,6 +201,71 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
         return;
  }
  
@@ -1153,7 +1167,7 @@ index 795992d9f..fd8b37183 100644
  ssh_gssapi_mech gssapi_kerberos_mech = {
         "toWM5Slw5Ew8Mqkay+al2g==",
         "Kerberos",
-@@ -204,7 +274,8 @@ ssh_gssapi_mech gssapi_kerberos_mech = {
+@@ -203,7 +273,8 @@ ssh_gssapi_mech gssapi_kerberos_mech = {
         NULL,
         &ssh_gssapi_krb5_userok,
         NULL,
@@ -1164,11 +1178,11 @@ index 795992d9f..fd8b37183 100644
  
  #endif /* KRB5 */
 diff --git a/gss-serv.c b/gss-serv.c
-index 6cae720e5..967c6cfbc 100644
+index ab3a15f0f..6c087a1b1 100644
 --- a/gss-serv.c
 +++ b/gss-serv.c
 @@ -1,7 +1,7 @@
- /* $OpenBSD: gss-serv.c,v 1.30 2017/06/24 06:34:38 djm Exp $ */
+ /* $OpenBSD: gss-serv.c,v 1.31 2018/07/09 21:37:55 markus Exp $ */
  
  /*
 - * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@@ -1176,7 +1190,7 @@ index 6cae720e5..967c6cfbc 100644
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
-@@ -45,17 +45,22 @@
+@@ -44,17 +44,22 @@
  #include "session.h"
  #include "misc.h"
  #include "servconf.h"
@@ -1201,7 +1215,7 @@ index 6cae720e5..967c6cfbc 100644
  
  #ifdef KRB5
  extern ssh_gssapi_mech gssapi_kerberos_mech;
-@@ -141,6 +146,28 @@ ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid)
+@@ -140,6 +145,28 @@ ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid)
         return (ssh_gssapi_acquire_cred(*ctx));
  }
  
@@ -1230,7 +1244,7 @@ index 6cae720e5..967c6cfbc 100644
  /* Unprivileged */
  void
  ssh_gssapi_supported_oids(gss_OID_set *oidset)
-@@ -151,7 +178,9 @@ ssh_gssapi_supported_oids(gss_OID_set *oidset)
+@@ -150,7 +177,9 @@ ssh_gssapi_supported_oids(gss_OID_set *oidset)
         gss_OID_set supported;
  
         gss_create_empty_oid_set(&min_status, oidset);
@@ -1241,7 +1255,7 @@ index 6cae720e5..967c6cfbc 100644
  
         while (supported_mechs[i]->name != NULL) {
                 if (GSS_ERROR(gss_test_oid_set_member(&min_status,
-@@ -277,8 +306,48 @@ OM_uint32
+@@ -276,8 +305,48 @@ OM_uint32
  ssh_gssapi_getclient(Gssctxt *ctx, ssh_gssapi_client *client)
  {
         int i = 0;
@@ -1291,7 +1305,7 @@ index 6cae720e5..967c6cfbc 100644
  
         client->mech = NULL;
  
-@@ -293,6 +362,13 @@ ssh_gssapi_getclient(Gssctxt *ctx, ssh_gssapi_client *client)
+@@ -292,6 +361,13 @@ ssh_gssapi_getclient(Gssctxt *ctx, ssh_gssapi_client *client)
         if (client->mech == NULL)
                 return GSS_S_FAILURE;
  
@@ -1305,7 +1319,7 @@ index 6cae720e5..967c6cfbc 100644
         if ((ctx->major = gss_display_name(&ctx->minor, ctx->client,
             &client->displayname, NULL))) {
                 ssh_gssapi_error(ctx);
-@@ -310,6 +386,8 @@ ssh_gssapi_getclient(Gssctxt *ctx, ssh_gssapi_client *client)
+@@ -309,6 +385,8 @@ ssh_gssapi_getclient(Gssctxt *ctx, ssh_gssapi_client *client)
                 return (ctx->major);
         }
  
@@ -1314,7 +1328,7 @@ index 6cae720e5..967c6cfbc 100644
         /* We can't copy this structure, so we just move the pointer to it */
         client->creds = ctx->client_creds;
         ctx->client_creds = GSS_C_NO_CREDENTIAL;
-@@ -357,7 +435,7 @@ ssh_gssapi_do_child(char ***envp, u_int *envsizep)
+@@ -356,7 +434,7 @@ ssh_gssapi_do_child(char ***envp, u_int *envsizep)
  
  /* Privileged */
  int
@@ -1323,7 +1337,7 @@ index 6cae720e5..967c6cfbc 100644
  {
         OM_uint32 lmin;
  
-@@ -367,9 +445,11 @@ ssh_gssapi_userok(char *user)
+@@ -366,9 +444,11 @@ ssh_gssapi_userok(char *user)
                 return 0;
         }
         if (gssapi_client.mech && gssapi_client.mech->userok)
@@ -1337,7 +1351,7 @@ index 6cae720e5..967c6cfbc 100644
                         /* Destroy delegated credentials if userok fails */
                         gss_release_buffer(&lmin, &gssapi_client.displayname);
                         gss_release_buffer(&lmin, &gssapi_client.exportedname);
-@@ -383,14 +463,90 @@ ssh_gssapi_userok(char *user)
+@@ -382,14 +462,90 @@ ssh_gssapi_userok(char *user)
         return (0);
  }
  
@@ -1435,7 +1449,7 @@ index 6cae720e5..967c6cfbc 100644
  
  /* Privileged */
 diff --git a/kex.c b/kex.c
-index 15ea28b07..6cc2935fe 100644
+index 25f9f66f6..fb5bfaea5 100644
 --- a/kex.c
 +++ b/kex.c
 @@ -54,6 +54,10 @@
@@ -1475,7 +1489,7 @@ index 15ea28b07..6cc2935fe 100644
         return NULL;
  }
  
-@@ -599,6 +615,9 @@ kex_free(struct kex *kex)
+@@ -653,6 +669,9 @@ kex_free(struct kex *kex)
         sshbuf_free(kex->peer);
         sshbuf_free(kex->my);
         free(kex->session_id);
@@ -1486,10 +1500,10 @@ index 15ea28b07..6cc2935fe 100644
         free(kex->server_version_string);
         free(kex->failed_choice);
 diff --git a/kex.h b/kex.h
-index 01bb3986a..a708e4868 100644
+index 593de1208..4e5ead839 100644
 --- a/kex.h
 +++ b/kex.h
-@@ -99,6 +99,9 @@ enum kex_exchange {
+@@ -100,6 +100,9 @@ enum kex_exchange {
         KEX_DH_GEX_SHA256,
         KEX_ECDH_SHA2,
         KEX_C25519_SHA256,
@@ -1499,7 +1513,7 @@ index 01bb3986a..a708e4868 100644
         KEX_MAX
  };
  
-@@ -147,6 +150,12 @@ struct kex {
+@@ -148,6 +151,12 @@ struct kex {
         u_int   flags;
         int     hash_alg;
         int     ec_nid;
@@ -1512,7 +1526,7 @@ index 01bb3986a..a708e4868 100644
         char    *client_version_string;
         char    *server_version_string;
         char    *failed_choice;
-@@ -197,6 +206,11 @@ int         kexecdh_server(struct ssh *);
+@@ -198,6 +207,11 @@ int         kexecdh_server(struct ssh *);
  int     kexc25519_client(struct ssh *);
  int     kexc25519_server(struct ssh *);
  
@@ -1526,7 +1540,7 @@ index 01bb3986a..a708e4868 100644
      const BIGNUM *, const BIGNUM *, const BIGNUM *, u_char *, size_t *);
 diff --git a/kexgssc.c b/kexgssc.c
 new file mode 100644
-index 000000000..10447f2b0
+index 000000000..953c0a248
 --- /dev/null
 +++ b/kexgssc.c
 @@ -0,0 +1,338 @@
@@ -1566,9 +1580,9 @@ index 000000000..10447f2b0
 +#include <string.h>
 +
 +#include "xmalloc.h"
-+#include "buffer.h"
++#include "sshbuf.h"
 +#include "ssh2.h"
-+#include "key.h"
++#include "sshkey.h"
 +#include "cipher.h"
 +#include "kex.h"
 +#include "log.h"
@@ -1805,8 +1819,8 @@ index 000000000..10447f2b0
 +                   ssh->kex->hash_alg,
 +                   ssh->kex->client_version_string,
 +                   ssh->kex->server_version_string,
-+                   buffer_ptr(ssh->kex->my), buffer_len(ssh->kex->my),
-+                   buffer_ptr(ssh->kex->peer), buffer_len(ssh->kex->peer),
++                   sshbuf_ptr(ssh->kex->my), sshbuf_len(ssh->kex->my),
++                   sshbuf_ptr(ssh->kex->peer), sshbuf_len(ssh->kex->peer),
 +                   (serverhostkey ? serverhostkey : empty), slen,
 +                   dh->pub_key,        /* e */
 +                   dh_server_pub,      /* f */
@@ -1819,8 +1833,8 @@ index 000000000..10447f2b0
 +                   ssh->kex->hash_alg,
 +                   ssh->kex->client_version_string,
 +                   ssh->kex->server_version_string,
-+                   buffer_ptr(ssh->kex->my), buffer_len(ssh->kex->my),
-+                   buffer_ptr(ssh->kex->peer), buffer_len(ssh->kex->peer),
++                   sshbuf_ptr(ssh->kex->my), sshbuf_len(ssh->kex->my),
++                   sshbuf_ptr(ssh->kex->peer), sshbuf_len(ssh->kex->peer),
 +                   (serverhostkey ? serverhostkey : empty), slen,
 +                   min, nbits, max,
 +                   dh->p, dh->g,
@@ -1870,7 +1884,7 @@ index 000000000..10447f2b0
 +#endif /* GSSAPI */
 diff --git a/kexgsss.c b/kexgsss.c
 new file mode 100644
-index 000000000..38ca082ba
+index 000000000..31ec6a890
 --- /dev/null
 +++ b/kexgsss.c
 @@ -0,0 +1,295 @@
@@ -1908,9 +1922,9 @@ index 000000000..38ca082ba
 +#include <openssl/bn.h>
 +
 +#include "xmalloc.h"
-+#include "buffer.h"
++#include "sshbuf.h"
 +#include "ssh2.h"
-+#include "key.h"
++#include "sshkey.h"
 +#include "cipher.h"
 +#include "kex.h"
 +#include "log.h"
@@ -2096,8 +2110,8 @@ index 000000000..38ca082ba
 +               kex_dh_hash(
 +                   ssh->kex->hash_alg,
 +                   ssh->kex->client_version_string, ssh->kex->server_version_string,
-+                   buffer_ptr(ssh->kex->peer), buffer_len(ssh->kex->peer),
-+                   buffer_ptr(ssh->kex->my), buffer_len(ssh->kex->my),
++                   sshbuf_ptr(ssh->kex->peer), sshbuf_len(ssh->kex->peer),
++                   sshbuf_ptr(ssh->kex->my), sshbuf_len(ssh->kex->my),
 +                   NULL, 0, /* Change this if we start sending host keys */
 +                   dh_client_pub, dh->pub_key, shared_secret,
 +                   hash, &hashlen
@@ -2107,8 +2121,8 @@ index 000000000..38ca082ba
 +               kexgex_hash(
 +                   ssh->kex->hash_alg,
 +                   ssh->kex->client_version_string, ssh->kex->server_version_string,
-+                   buffer_ptr(ssh->kex->peer), buffer_len(ssh->kex->peer),
-+                   buffer_ptr(ssh->kex->my), buffer_len(ssh->kex->my),
++                   sshbuf_ptr(ssh->kex->peer), sshbuf_len(ssh->kex->peer),
++                   sshbuf_ptr(ssh->kex->my), sshbuf_len(ssh->kex->my),
 +                   NULL, 0,
 +                   min, nbits, max,
 +                   dh->p, dh->g,
@@ -2170,19 +2184,19 @@ index 000000000..38ca082ba
 +}
 +#endif /* GSSAPI */
 diff --git a/monitor.c b/monitor.c
-index c68e1b0d9..868fb0d2d 100644
+index d4b4b0471..4e574a2ae 100644
 --- a/monitor.c
 +++ b/monitor.c
-@@ -158,6 +158,8 @@ int mm_answer_gss_setup_ctx(int, Buffer *);
- int mm_answer_gss_accept_ctx(int, Buffer *);
- int mm_answer_gss_userok(int, Buffer *);
- int mm_answer_gss_checkmic(int, Buffer *);
-+int mm_answer_gss_sign(int, Buffer *);
-+int mm_answer_gss_updatecreds(int, Buffer *);
+@@ -143,6 +143,8 @@ int mm_answer_gss_setup_ctx(int, struct sshbuf *);
+ int mm_answer_gss_accept_ctx(int, struct sshbuf *);
+ int mm_answer_gss_userok(int, struct sshbuf *);
+ int mm_answer_gss_checkmic(int, struct sshbuf *);
++int mm_answer_gss_sign(int, struct sshbuf *);
++int mm_answer_gss_updatecreds(int, struct sshbuf *);
  #endif
  
  #ifdef SSH_AUDIT_EVENTS
-@@ -232,11 +234,18 @@ struct mon_table mon_dispatch_proto20[] = {
+@@ -213,11 +215,18 @@ struct mon_table mon_dispatch_proto20[] = {
      {MONITOR_REQ_GSSSTEP, 0, mm_answer_gss_accept_ctx},
      {MONITOR_REQ_GSSUSEROK, MON_ONCE|MON_AUTHDECIDE, mm_answer_gss_userok},
      {MONITOR_REQ_GSSCHECKMIC, MON_ONCE, mm_answer_gss_checkmic},
@@ -2201,7 +2215,7 @@ index c68e1b0d9..868fb0d2d 100644
  #ifdef WITH_OPENSSL
      {MONITOR_REQ_MODULI, 0, mm_answer_moduli},
  #endif
-@@ -306,6 +315,10 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
+@@ -287,6 +296,10 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
         /* Permit requests for moduli and signatures */
         monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);
         monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);
@@ -2212,7 +2226,7 @@ index c68e1b0d9..868fb0d2d 100644
  
         /* The first few requests do not require asynchronous access */
         while (!authenticated) {
-@@ -415,6 +428,10 @@ monitor_child_postauth(struct monitor *pmonitor)
+@@ -399,6 +412,10 @@ monitor_child_postauth(struct monitor *pmonitor)
         monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);
         monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);
         monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1);
@@ -2223,7 +2237,7 @@ index c68e1b0d9..868fb0d2d 100644
  
         if (auth_opts->permit_pty_flag) {
                 monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1);
-@@ -1652,6 +1669,13 @@ monitor_apply_keystate(struct monitor *pmonitor)
+@@ -1662,6 +1679,13 @@ monitor_apply_keystate(struct monitor *pmonitor)
  # endif
  #endif /* WITH_OPENSSL */
                 kex->kex[KEX_C25519_SHA256] = kexc25519_server;
@@ -2237,29 +2251,29 @@ index c68e1b0d9..868fb0d2d 100644
                 kex->load_host_public_key=&get_hostkey_public_by_type;
                 kex->load_host_private_key=&get_hostkey_private_by_type;
                 kex->host_key_index=&get_hostkey_index;
-@@ -1740,8 +1764,8 @@ mm_answer_gss_setup_ctx(int sock, Buffer *m)
-        OM_uint32 major;
-        u_int len;
+@@ -1752,8 +1776,8 @@ mm_answer_gss_setup_ctx(int sock, struct sshbuf *m)
+        u_char *p;
+        int r;
  
 -       if (!options.gss_authentication)
 -               fatal("%s: GSSAPI authentication not enabled", __func__);
 +       if (!options.gss_authentication && !options.gss_keyex)
 +               fatal("%s: GSSAPI not enabled", __func__);
  
-        goid.elements = buffer_get_string(m, &len);
-        goid.length = len;
-@@ -1770,8 +1794,8 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m)
+        if ((r = sshbuf_get_string(m, &p, &len)) != 0)
+                fatal("%s: buffer error: %s", __func__, ssh_err(r));
+@@ -1785,8 +1809,8 @@ mm_answer_gss_accept_ctx(int sock, struct sshbuf *m)
         OM_uint32 flags = 0; /* GSI needs this */
-        u_int len;
+        int r;
  
 -       if (!options.gss_authentication)
 -               fatal("%s: GSSAPI authentication not enabled", __func__);
 +       if (!options.gss_authentication && !options.gss_keyex)
 +               fatal("%s: GSSAPI not enabled", __func__);
  
-        in.value = buffer_get_string(m, &len);
-        in.length = len;
-@@ -1790,6 +1814,7 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m)
+        if ((r = ssh_gssapi_get_buffer_desc(m, &in)) != 0)
+                fatal("%s: buffer error: %s", __func__, ssh_err(r));
+@@ -1806,6 +1830,7 @@ mm_answer_gss_accept_ctx(int sock, struct sshbuf *m)
                 monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0);
                 monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1);
                 monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1);
@@ -2267,19 +2281,19 @@ index c68e1b0d9..868fb0d2d 100644
         }
         return (0);
  }
-@@ -1801,8 +1826,8 @@ mm_answer_gss_checkmic(int sock, Buffer *m)
+@@ -1817,8 +1842,8 @@ mm_answer_gss_checkmic(int sock, struct sshbuf *m)
         OM_uint32 ret;
-        u_int len;
+        int r;
  
 -       if (!options.gss_authentication)
 -               fatal("%s: GSSAPI authentication not enabled", __func__);
 +       if (!options.gss_authentication && !options.gss_keyex)
 +               fatal("%s: GSSAPI not enabled", __func__);
  
-        gssbuf.value = buffer_get_string(m, &len);
-        gssbuf.length = len;
-@@ -1831,10 +1856,11 @@ mm_answer_gss_userok(int sock, Buffer *m)
-        int authenticated;
+        if ((r = ssh_gssapi_get_buffer_desc(m, &gssbuf)) != 0 ||
+            (r = ssh_gssapi_get_buffer_desc(m, &mic)) != 0)
+@@ -1847,10 +1872,11 @@ mm_answer_gss_userok(int sock, struct sshbuf *m)
+        int r, authenticated;
         const char *displayname;
  
 -       if (!options.gss_authentication)
@@ -2291,25 +2305,29 @@ index c68e1b0d9..868fb0d2d 100644
 +       authenticated = authctxt->valid && 
 +           ssh_gssapi_userok(authctxt->user, authctxt->pw);
  
-        buffer_clear(m);
-        buffer_put_int(m, authenticated);
-@@ -1850,5 +1876,76 @@ mm_answer_gss_userok(int sock, Buffer *m)
+        sshbuf_reset(m);
+        if ((r = sshbuf_put_u32(m, authenticated)) != 0)
+@@ -1867,5 +1893,83 @@ mm_answer_gss_userok(int sock, struct sshbuf *m)
         /* Monitor loop will terminate if authenticated */
         return (authenticated);
  }
 +
 +int 
-+mm_answer_gss_sign(int socket, Buffer *m)
++mm_answer_gss_sign(int socket, struct sshbuf *m)
 +{
 +       gss_buffer_desc data;
 +       gss_buffer_desc hash = GSS_C_EMPTY_BUFFER;
 +       OM_uint32 major, minor;
-+       u_int len;
++       size_t len;
++       u_char *p;
++       int r;
 +
 +       if (!options.gss_authentication && !options.gss_keyex)
 +               fatal("%s: GSSAPI not enabled", __func__);
 +
-+       data.value = buffer_get_string(m, &len);
++       if ((r = sshbuf_get_string(m, &p, &len)) != 0)
++               fatal("%s: buffer error: %s", __func__, ssh_err(r));
++       data.value = p;
 +       data.length = len;
 +       if (data.length != 20) 
 +               fatal("%s: data length incorrect: %d", __func__, 
@@ -2325,9 +2343,10 @@ index c68e1b0d9..868fb0d2d 100644
 +
 +       free(data.value);
 +
-+       buffer_clear(m);
-+       buffer_put_int(m, major);
-+       buffer_put_string(m, hash.value, hash.length);
++       sshbuf_reset(m);
++       if ((r = sshbuf_put_u32(m, major)) != 0 ||
++           (r = sshbuf_put_string(m, hash.value, hash.length)) != 0)
++               fatal("%s: buffer error: %s", __func__, ssh_err(r));
 +
 +       mm_request_send(socket, MONITOR_ANS_GSSSIGN, m);
 +
@@ -2343,16 +2362,17 @@ index c68e1b0d9..868fb0d2d 100644
 +}
 +
 +int
-+mm_answer_gss_updatecreds(int socket, Buffer *m) {
++mm_answer_gss_updatecreds(int socket, struct sshbuf *m) {
 +       ssh_gssapi_ccache store;
-+       int ok;
++       int r, ok;
 +
 +       if (!options.gss_authentication && !options.gss_keyex)
 +               fatal("%s: GSSAPI not enabled", __func__);
 +
-+       store.filename = buffer_get_string(m, NULL);
-+       store.envvar   = buffer_get_string(m, NULL);
-+       store.envval   = buffer_get_string(m, NULL);
++       if ((r = sshbuf_get_cstring(m, &store.filename, NULL)) != 0 ||
++           (r = sshbuf_get_cstring(m, &store.envvar, NULL)) != 0 ||
++           (r = sshbuf_get_cstring(m, &store.envval, NULL)) != 0)
++               fatal("%s: buffer error: %s", __func__, ssh_err(r));
 +
 +       ok = ssh_gssapi_update_creds(&store);
 +
@@ -2360,8 +2380,9 @@ index c68e1b0d9..868fb0d2d 100644
 +       free(store.envvar);
 +       free(store.envval);
 +
-+       buffer_clear(m);
-+       buffer_put_int(m, ok);
++       sshbuf_reset(m);
++       if ((r = sshbuf_put_u32(m, ok)) != 0)
++               fatal("%s: buffer error: %s", __func__, ssh_err(r));
 +
 +       mm_request_send(socket, MONITOR_ANS_GSSUPCREDS, m);
 +
@@ -2371,10 +2392,10 @@ index c68e1b0d9..868fb0d2d 100644
  #endif /* GSSAPI */
  
 diff --git a/monitor.h b/monitor.h
-index d68f67458..ec41404c7 100644
+index 16047299f..44fbed589 100644
 --- a/monitor.h
 +++ b/monitor.h
-@@ -65,6 +65,9 @@ enum monitor_reqtype {
+@@ -63,6 +63,9 @@ enum monitor_reqtype {
         MONITOR_REQ_PAM_FREE_CTX = 110, MONITOR_ANS_PAM_FREE_CTX = 111,
         MONITOR_REQ_AUDIT_EVENT = 112, MONITOR_REQ_AUDIT_COMMAND = 113,
  
@@ -2385,19 +2406,19 @@ index d68f67458..ec41404c7 100644
  
  struct monitor {
 diff --git a/monitor_wrap.c b/monitor_wrap.c
-index 9666bda4b..e749efc18 100644
+index 732fb3476..1865a122a 100644
 --- a/monitor_wrap.c
 +++ b/monitor_wrap.c
-@@ -943,7 +943,7 @@ mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic)
+@@ -984,7 +984,7 @@ mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic)
  }
  
  int
 -mm_ssh_gssapi_userok(char *user)
 +mm_ssh_gssapi_userok(char *user, struct passwd *pw)
  {
-        Buffer m;
-        int authenticated = 0;
-@@ -960,5 +960,50 @@ mm_ssh_gssapi_userok(char *user)
+        struct sshbuf *m;
+        int r, authenticated = 0;
+@@ -1003,4 +1003,55 @@ mm_ssh_gssapi_userok(char *user)
         debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not ");
         return (authenticated);
  }
@@ -2405,21 +2426,23 @@ index 9666bda4b..e749efc18 100644
 +OM_uint32
 +mm_ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_desc *data, gss_buffer_desc *hash)
 +{
-+       Buffer m;
++       struct sshbuf *m;
 +       OM_uint32 major;
-+       u_int len;
++       int r;
 +
-+       buffer_init(&m);
-+       buffer_put_string(&m, data->value, data->length);
++       if ((m = sshbuf_new()) == NULL)
++               fatal("%s: sshbuf_new failed", __func__);
++       if ((r = sshbuf_put_string(m, data->value, data->length)) != 0)
++               fatal("%s: buffer error: %s", __func__, ssh_err(r));
 +
-+       mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSIGN, &m);
-+       mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSIGN, &m);
++       mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSIGN, m);
++       mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSIGN, m);
 +
-+       major = buffer_get_int(&m);
-+       hash->value = buffer_get_string(&m, &len);
-+       hash->length = len;
++       if ((r = sshbuf_get_u32(m, &major)) != 0 ||
++           (r = ssh_gssapi_get_buffer_desc(m, hash)) != 0)
++               fatal("%s: buffer error: %s", __func__, ssh_err(r));
 +
-+       buffer_free(&m);
++       sshbuf_free(m);
 +
 +       return(major);
 +}
@@ -2427,29 +2450,32 @@ index 9666bda4b..e749efc18 100644
 +int
 +mm_ssh_gssapi_update_creds(ssh_gssapi_ccache *store)
 +{
-+       Buffer m;
-+       int ok;
-+
-+       buffer_init(&m);
-+
-+       buffer_put_cstring(&m, store->filename ? store->filename : "");
-+       buffer_put_cstring(&m, store->envvar ? store->envvar : "");
-+       buffer_put_cstring(&m, store->envval ? store->envval : "");
-+       
-+       mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUPCREDS, &m);
-+       mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSUPCREDS, &m);
++       struct sshbuf *m;
++       int r, ok;
++
++       if ((m = sshbuf_new()) == NULL)
++               fatal("%s: sshbuf_new failed", __func__);
++       if ((r = sshbuf_put_cstring(m,
++           store->filename ? store->filename : "")) != 0 ||
++           (r = sshbuf_put_cstring(m,
++           store->envvar ? store->envvar : "")) != 0 ||
++           (r = sshbuf_put_cstring(m,
++           store->envval ? store->envval : "")) != 0)
++               fatal("%s: buffer error: %s", __func__, ssh_err(r));
++
++       mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUPCREDS, m);
++       mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSUPCREDS, m);
++
++       if ((r = sshbuf_get_u32(m, &ok)) != 0)
++               fatal("%s: buffer error: %s", __func__, ssh_err(r));
++       sshbuf_free(m);
 +
-+       ok = buffer_get_int(&m);
-+
-+       buffer_free(&m);
-+       
 +       return (ok);
 +}
 +
  #endif /* GSSAPI */
- 
 diff --git a/monitor_wrap.h b/monitor_wrap.h
-index 762332704..0970d1f87 100644
+index 644da081d..7f93144ff 100644
 --- a/monitor_wrap.h
 +++ b/monitor_wrap.h
 @@ -60,8 +60,10 @@ int mm_sshkey_verify(const struct sshkey *, const u_char *, size_t,
@@ -2465,19 +2491,19 @@ index 762332704..0970d1f87 100644
  
  #ifdef USE_PAM
 diff --git a/readconf.c b/readconf.c
-index 88051db57..c8e792991 100644
+index db5f2d547..4ad3c75fe 100644
 --- a/readconf.c
 +++ b/readconf.c
-@@ -160,6 +160,8 @@ typedef enum {
+@@ -161,6 +161,8 @@ typedef enum {
         oClearAllForwardings, oNoHostAuthenticationForLocalhost,
         oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
         oAddressFamily, oGssAuthentication, oGssDelegateCreds,
 +       oGssTrustDns, oGssKeyEx, oGssClientIdentity, oGssRenewalRekey,
 +       oGssServerIdentity, 
         oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
-        oSendEnv, oControlPath, oControlMaster, oControlPersist,
+        oSendEnv, oSetEnv, oControlPath, oControlMaster, oControlPersist,
         oHashKnownHosts,
-@@ -199,10 +201,20 @@ static struct {
+@@ -201,10 +203,20 @@ static struct {
         /* Sometimes-unsupported options */
  #if defined(GSSAPI)
         { "gssapiauthentication", oGssAuthentication },
@@ -2498,7 +2524,7 @@ index 88051db57..c8e792991 100644
  #endif
  #ifdef ENABLE_PKCS11
         { "smartcarddevice", oPKCS11Provider },
-@@ -950,10 +962,30 @@ parse_time:
+@@ -973,10 +985,30 @@ parse_time:
                 intptr = &options->gss_authentication;
                 goto parse_flag;
  
@@ -2529,7 +2555,7 @@ index 88051db57..c8e792991 100644
         case oBatchMode:
                 intptr = &options->batch_mode;
                 goto parse_flag;
-@@ -1765,7 +1797,12 @@ initialize_options(Options * options)
+@@ -1817,7 +1849,12 @@ initialize_options(Options * options)
         options->pubkey_authentication = -1;
         options->challenge_response_authentication = -1;
         options->gss_authentication = -1;
@@ -2542,7 +2568,7 @@ index 88051db57..c8e792991 100644
         options->password_authentication = -1;
         options->kbd_interactive_authentication = -1;
         options->kbd_interactive_devices = NULL;
-@@ -1906,8 +1943,14 @@ fill_default_options(Options * options)
+@@ -1962,8 +1999,14 @@ fill_default_options(Options * options)
                 options->challenge_response_authentication = 1;
         if (options->gss_authentication == -1)
                 options->gss_authentication = 0;
@@ -2558,10 +2584,10 @@ index 88051db57..c8e792991 100644
                 options->password_authentication = 1;
         if (options->kbd_interactive_authentication == -1)
 diff --git a/readconf.h b/readconf.h
-index f4d9e2b26..f469daaff 100644
+index c56887816..5ea0c296b 100644
 --- a/readconf.h
 +++ b/readconf.h
-@@ -42,7 +42,12 @@ typedef struct {
+@@ -40,7 +40,12 @@ typedef struct {
         int     challenge_response_authentication;
                                         /* Try S/Key or TIS, authentication. */
         int     gss_authentication;     /* Try GSS authentication */
@@ -2575,10 +2601,10 @@ index f4d9e2b26..f469daaff 100644
                                                  * authentication. */
         int     kbd_interactive_authentication; /* Try keyboard-interactive auth. */
 diff --git a/servconf.c b/servconf.c
-index 0f0d09068..cbbea05bf 100644
+index c0f6af0be..e1ae07fb7 100644
 --- a/servconf.c
 +++ b/servconf.c
-@@ -123,8 +123,10 @@ initialize_server_options(ServerOptions *options)
+@@ -124,8 +124,10 @@ initialize_server_options(ServerOptions *options)
         options->kerberos_ticket_cleanup = -1;
         options->kerberos_get_afs_token = -1;
         options->gss_authentication=-1;
@@ -2589,7 +2615,7 @@ index 0f0d09068..cbbea05bf 100644
         options->password_authentication = -1;
         options->kbd_interactive_authentication = -1;
         options->challenge_response_authentication = -1;
-@@ -315,10 +317,14 @@ fill_default_server_options(ServerOptions *options)
+@@ -333,10 +335,14 @@ fill_default_server_options(ServerOptions *options)
                 options->kerberos_get_afs_token = 0;
         if (options->gss_authentication == -1)
                 options->gss_authentication = 0;
@@ -2604,15 +2630,15 @@ index 0f0d09068..cbbea05bf 100644
         if (options->password_authentication == -1)
                 options->password_authentication = 1;
         if (options->kbd_interactive_authentication == -1)
-@@ -461,6 +467,7 @@ typedef enum {
+@@ -481,6 +487,7 @@ typedef enum {
         sHostKeyAlgorithms,
         sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile,
         sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
 +       sGssKeyEx, sGssStoreRekey,
-        sAcceptEnv, sPermitTunnel,
-        sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
+        sAcceptEnv, sSetEnv, sPermitTunnel,
+        sMatch, sPermitOpen, sPermitListen, sForceCommand, sChrootDirectory,
         sUsePrivilegeSeparation, sAllowAgentForwarding,
-@@ -535,12 +542,20 @@ static struct {
+@@ -555,12 +562,20 @@ static struct {
  #ifdef GSSAPI
         { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
         { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
@@ -2633,7 +2659,7 @@ index 0f0d09068..cbbea05bf 100644
         { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
         { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
         { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL },
-@@ -1407,6 +1422,10 @@ process_server_config_line(ServerOptions *options, char *line,
+@@ -1459,6 +1474,10 @@ process_server_config_line(ServerOptions *options, char *line,
                 intptr = &options->gss_authentication;
                 goto parse_flag;
  
@@ -2644,7 +2670,7 @@ index 0f0d09068..cbbea05bf 100644
         case sGssCleanupCreds:
                 intptr = &options->gss_cleanup_creds;
                 goto parse_flag;
-@@ -1415,6 +1434,10 @@ process_server_config_line(ServerOptions *options, char *line,
+@@ -1467,6 +1486,10 @@ process_server_config_line(ServerOptions *options, char *line,
                 intptr = &options->gss_strict_acceptor;
                 goto parse_flag;
  
@@ -2655,7 +2681,7 @@ index 0f0d09068..cbbea05bf 100644
         case sPasswordAuthentication:
                 intptr = &options->password_authentication;
                 goto parse_flag;
-@@ -2453,7 +2476,10 @@ dump_config(ServerOptions *o)
+@@ -2551,7 +2574,10 @@ dump_config(ServerOptions *o)
  #endif
  #ifdef GSSAPI
         dump_cfg_fmtint(sGssAuthentication, o->gss_authentication);
@@ -2667,10 +2693,10 @@ index 0f0d09068..cbbea05bf 100644
         dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication);
         dump_cfg_fmtint(sKbdInteractiveAuthentication,
 diff --git a/servconf.h b/servconf.h
-index 37a0fb1a3..5dfc9bc02 100644
+index 557521d73..9b117fe27 100644
 --- a/servconf.h
 +++ b/servconf.h
-@@ -130,8 +130,10 @@ typedef struct {
+@@ -124,8 +124,10 @@ typedef struct {
         int     kerberos_get_afs_token;         /* If true, try to get AFS token if
                                                  * authenticated with Kerberos. */
         int     gss_authentication;     /* If true, permit GSSAPI authentication */
@@ -2682,11 +2708,11 @@ index 37a0fb1a3..5dfc9bc02 100644
                                                  * authentication. */
         int     kbd_interactive_authentication; /* If true, permit */
 diff --git a/ssh-gss.h b/ssh-gss.h
-index 6593e422d..919660a03 100644
+index 36180d07a..350ce7882 100644
 --- a/ssh-gss.h
 +++ b/ssh-gss.h
 @@ -1,6 +1,6 @@
- /* $OpenBSD: ssh-gss.h,v 1.12 2017/06/24 06:34:38 djm Exp $ */
+ /* $OpenBSD: ssh-gss.h,v 1.14 2018/07/10 09:13:30 djm Exp $ */
  /*
 - * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
 + * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
@@ -2749,10 +2775,10 @@ index 6593e422d..919660a03 100644
  
  int  ssh_gssapi_check_oid(Gssctxt *, void *, size_t);
  void ssh_gssapi_set_oid_data(Gssctxt *, void *, size_t);
-@@ -119,17 +136,33 @@ void ssh_gssapi_build_ctx(Gssctxt **);
- void ssh_gssapi_delete_ctx(Gssctxt **);
+@@ -123,17 +140,33 @@ void ssh_gssapi_delete_ctx(Gssctxt **);
  OM_uint32 ssh_gssapi_sign(Gssctxt *, gss_buffer_t, gss_buffer_t);
- void ssh_gssapi_buildmic(Buffer *, const char *, const char *, const char *);
+ void ssh_gssapi_buildmic(struct sshbuf *, const char *,
+     const char *, const char *);
 -int ssh_gssapi_check_mechanism(Gssctxt **, gss_OID, const char *);
 +int ssh_gssapi_check_mechanism(Gssctxt **, gss_OID, const char *, const char *);
 +OM_uint32 ssh_gssapi_client_identity(Gssctxt *, const char *);
@@ -2799,10 +2825,10 @@ index c12f5ef52..bcb9f153d 100644
  #   CheckHostIP yes
  #   AddressFamily any
 diff --git a/ssh_config.5 b/ssh_config.5
-index 71705cabd..66826aa70 100644
+index f499396a3..5b99921b4 100644
 --- a/ssh_config.5
 +++ b/ssh_config.5
-@@ -727,10 +727,42 @@ The default is
+@@ -718,10 +718,42 @@ The default is
  Specifies whether user authentication based on GSSAPI is allowed.
  The default is
  .Cm no .
@@ -2846,7 +2872,7 @@ index 71705cabd..66826aa70 100644
  Indicates that
  .Xr ssh 1
 diff --git a/sshconnect2.c b/sshconnect2.c
-index 1f4a74cf4..83562c688 100644
+index 10e4f0a08..c6a1b1271 100644
 --- a/sshconnect2.c
 +++ b/sshconnect2.c
 @@ -162,6 +162,11 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
@@ -2861,7 +2887,7 @@ index 1f4a74cf4..83562c688 100644
         xxx_host = host;
         xxx_hostaddr = hostaddr;
  
-@@ -192,6 +197,35 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
+@@ -194,6 +199,35 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
                     order_hostkeyalgs(host, hostaddr, port));
         }
  
@@ -2897,7 +2923,7 @@ index 1f4a74cf4..83562c688 100644
         if (options.rekey_limit || options.rekey_interval)
                 packet_set_rekey_limits(options.rekey_limit,
                     options.rekey_interval);
-@@ -213,15 +247,41 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
+@@ -215,15 +249,41 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
  # endif
  #endif
         kex->kex[KEX_C25519_SHA256] = kexc25519_client;
@@ -2939,7 +2965,7 @@ index 1f4a74cf4..83562c688 100644
         if ((r = kex_prop2buf(kex->my, myproposal)) != 0)
                 fatal("kex_prop2buf: %s", ssh_err(r));
  
-@@ -311,6 +371,7 @@ int input_gssapi_token(int type, u_int32_t, struct ssh *);
+@@ -314,6 +374,7 @@ int input_gssapi_token(int type, u_int32_t, struct ssh *);
  int    input_gssapi_hash(int type, u_int32_t, struct ssh *);
  int    input_gssapi_error(int, u_int32_t, struct ssh *);
  int    input_gssapi_errtok(int, u_int32_t, struct ssh *);
@@ -2947,7 +2973,7 @@ index 1f4a74cf4..83562c688 100644
  #endif
  
  void   userauth(Authctxt *, char *);
-@@ -327,6 +388,11 @@ static char *authmethods_get(void);
+@@ -330,6 +391,11 @@ static char *authmethods_get(void);
  
  Authmethod authmethods[] = {
  #ifdef GSSAPI
@@ -2959,10 +2985,10 @@ index 1f4a74cf4..83562c688 100644
         {"gssapi-with-mic",
                 userauth_gssapi,
                 NULL,
-@@ -643,25 +709,40 @@ userauth_gssapi(Authctxt *authctxt)
+@@ -657,25 +723,40 @@ userauth_gssapi(Authctxt *authctxt)
         static u_int mech = 0;
         OM_uint32 min;
-        int ok = 0;
+        int r, ok = 0;
 +       char *gss_host;
 +
 +       if (options.gss_server_identity)
@@ -2987,9 +3013,9 @@ index 1f4a74cf4..83562c688 100644
         while (mech < gss_supported->count && !ok) {
                 /* My DER encoding requires length<128 */
                 if (gss_supported->elements[mech].length < 128 &&
-                    ssh_gssapi_check_mechanism(&gssctxt, 
+                    ssh_gssapi_check_mechanism(&gssctxt,
 -                   &gss_supported->elements[mech], authctxt->host)) {
-+                   &gss_supported->elements[mech], gss_host, 
++                   &gss_supported->elements[mech], gss_host,
 +                    options.gss_client_identity)) {
                         ok = 1; /* Mechanism works */
                 } else {
@@ -3002,29 +3028,20 @@ index 1f4a74cf4..83562c688 100644
         if (!ok)
                 return 0;
  
-@@ -752,8 +833,8 @@ input_gssapi_response(int type, u_int32_t plen, struct ssh *ssh)
- {
-        Authctxt *authctxt = ssh->authctxt;
-        Gssctxt *gssctxt;
--       int oidlen;
--       char *oidv;
-+       u_int oidlen;
-+       u_char *oidv;
- 
-        if (authctxt == NULL)
-                fatal("input_gssapi_response: no authentication context");
-@@ -866,6 +947,48 @@ input_gssapi_error(int type, u_int32_t plen, struct ssh *ssh)
+@@ -906,6 +987,54 @@ input_gssapi_error(int type, u_int32_t plen, struct ssh *ssh)
         free(lang);
-        return 0;
+        return r;
  }
 +
 +int
 +userauth_gsskeyex(Authctxt *authctxt)
 +{
-+       Buffer b;
++       struct ssh *ssh = active_state; /* XXX */
++       struct sshbuf *b;
 +       gss_buffer_desc gssbuf;
 +       gss_buffer_desc mic = GSS_C_EMPTY_BUFFER;
 +       OM_uint32 ms;
++       int r;
 +
 +       static int attempt = 0;
 +       if (attempt++ >= 1)
@@ -3035,25 +3052,29 @@ index 1f4a74cf4..83562c688 100644
 +               return (0);
 +       }
 +
-+       ssh_gssapi_buildmic(&b, authctxt->server_user, authctxt->service,
++       if ((b = sshbuf_new()) == NULL)
++               fatal("%s: sshbuf_new failed", __func__);
++       ssh_gssapi_buildmic(b, authctxt->server_user, authctxt->service,
 +           "gssapi-keyex");
 +
-+       gssbuf.value = buffer_ptr(&b);
-+       gssbuf.length = buffer_len(&b);
++       if ((gssbuf.value = sshbuf_mutable_ptr(b)) == NULL)
++               fatal("%s: sshbuf_mutable_ptr failed", __func__);
++       gssbuf.length = sshbuf_len(b);
 +
 +       if (GSS_ERROR(ssh_gssapi_sign(gss_kex_context, &gssbuf, &mic))) {
-+               buffer_free(&b);
++               sshbuf_free(b);
 +               return (0);
 +       }
 +
-+       packet_start(SSH2_MSG_USERAUTH_REQUEST);
-+       packet_put_cstring(authctxt->server_user);
-+       packet_put_cstring(authctxt->service);
-+       packet_put_cstring(authctxt->method->name);
-+       packet_put_string(mic.value, mic.length);
-+       packet_send();
++       if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_REQUEST)) != 0 ||
++           (r = sshpkt_put_cstring(ssh, authctxt->server_user)) != 0 ||
++           (r = sshpkt_put_cstring(ssh, authctxt->service)) != 0 ||
++           (r = sshpkt_put_cstring(ssh, authctxt->method->name)) != 0 ||
++           (r = sshpkt_put_string(ssh, mic.value, mic.length)) != 0 ||
++           (r = sshpkt_send(ssh)) != 0)
++               fatal("%s: %s", __func__, ssh_err(r));
 +
-+       buffer_free(&b);
++       sshbuf_free(b);
 +       gss_release_buffer(&ms, &mic);
 +
 +       return (1);
@@ -3063,7 +3084,7 @@ index 1f4a74cf4..83562c688 100644
  
  int
 diff --git a/sshd.c b/sshd.c
-index fd95b681b..e88185efa 100644
+index a738c3ab6..2e453cdf8 100644
 --- a/sshd.c
 +++ b/sshd.c
 @@ -123,6 +123,10 @@
@@ -3077,7 +3098,7 @@ index fd95b681b..e88185efa 100644
  /* Re-exec fds */
  #define REEXEC_DEVCRYPTO_RESERVED_FD   (STDERR_FILENO + 1)
  #define REEXEC_STARTUP_PIPE_FD         (STDERR_FILENO + 2)
-@@ -531,7 +535,7 @@ privsep_preauth_child(void)
+@@ -536,7 +540,7 @@ privsep_preauth_child(void)
  
  #ifdef GSSAPI
         /* Cache supported mechanism OIDs for later use */
@@ -3086,10 +3107,10 @@ index fd95b681b..e88185efa 100644
                 ssh_gssapi_prepare_supported_oids();
  #endif
  
-@@ -1753,10 +1757,13 @@ main(int ac, char **av)
-                    key ? "private" : "agent", i, sshkey_ssh_name(pubkey), fp);
+@@ -1811,10 +1815,13 @@ main(int ac, char **av)
                 free(fp);
         }
+        accumulate_host_timing_secret(cfg, NULL);
 +#ifndef GSSAPI
 +       /* The GSSAPI key exchange can run without a host key */
         if (!sensitive_data.have_ssh2_key) {
@@ -3100,7 +3121,7 @@ index fd95b681b..e88185efa 100644
  
         /*
          * Load certificates. They are stored in an array at identical
-@@ -2047,6 +2054,60 @@ main(int ac, char **av)
+@@ -2105,6 +2112,60 @@ main(int ac, char **av)
             rdomain == NULL ? "" : "\"");
         free(laddr);
  
@@ -3161,7 +3182,7 @@ index fd95b681b..e88185efa 100644
         /*
          * We don't want to listen forever unless the other side
          * successfully authenticates itself.  So we set up an alarm which is
-@@ -2234,6 +2295,48 @@ do_ssh2_kex(void)
+@@ -2288,6 +2349,48 @@ do_ssh2_kex(void)
         myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(
             list_hostkey_types());
  
@@ -3210,7 +3231,7 @@ index fd95b681b..e88185efa 100644
         /* start key exchange */
         if ((r = kex_setup(active_state, myproposal)) != 0)
                 fatal("kex_setup: %s", ssh_err(r));
-@@ -2251,6 +2354,13 @@ do_ssh2_kex(void)
+@@ -2305,6 +2408,13 @@ do_ssh2_kex(void)
  # endif
  #endif
         kex->kex[KEX_C25519_SHA256] = kexc25519_server;
@@ -3225,7 +3246,7 @@ index fd95b681b..e88185efa 100644
         kex->client_version_string=client_version_string;
         kex->server_version_string=server_version_string;
 diff --git a/sshd_config b/sshd_config
-index 3109d5d73..86263d713 100644
+index 19b7c91a1..2c48105f8 100644
 --- a/sshd_config
 +++ b/sshd_config
 @@ -69,6 +69,8 @@ AuthorizedKeysFile    .ssh/authorized_keys
@@ -3238,10 +3259,10 @@ index 3109d5d73..86263d713 100644
  # Set this to 'yes' to enable PAM authentication, account processing,
  # and session processing. If this is enabled, PAM authentication will
 diff --git a/sshd_config.5 b/sshd_config.5
-index e3c7c3936..c4a3f3cb2 100644
+index e1b54ba20..a0ac717c7 100644
 --- a/sshd_config.5
 +++ b/sshd_config.5
-@@ -636,6 +636,11 @@ The default is
+@@ -637,6 +637,11 @@ The default is
  Specifies whether user authentication based on GSSAPI is allowed.
  The default is
  .Cm no .
@@ -3253,7 +3274,7 @@ index e3c7c3936..c4a3f3cb2 100644
  .It Cm GSSAPICleanupCredentials
  Specifies whether to automatically destroy the user's credentials cache
  on logout.
-@@ -655,6 +660,11 @@ machine's default store.
+@@ -656,6 +661,11 @@ machine's default store.
  This facility is provided to assist with operation on multi homed machines.
  The default is
  .Cm yes .
@@ -3264,20 +3285,20 @@ index e3c7c3936..c4a3f3cb2 100644
 +.Cm no .
  .It Cm HostbasedAcceptedKeyTypes
  Specifies the key types that will be accepted for hostbased authentication
- as a comma-separated pattern list.
+ as a list of comma-separated patterns.
 diff --git a/sshkey.c b/sshkey.c
-index 7712fba23..088872860 100644
+index 72c08c7e0..91e99a262 100644
 --- a/sshkey.c
 +++ b/sshkey.c
-@@ -122,6 +122,7 @@ static const struct keytype keytypes[] = {
+@@ -140,6 +140,7 @@ static const struct keytype keytypes[] = {
  #  endif /* OPENSSL_HAS_NISTP521 */
  # endif /* OPENSSL_HAS_ECC */
  #endif /* WITH_OPENSSL */
-+       { "null", "null", KEY_NULL, 0, 0, 0 },
-        { NULL, NULL, -1, -1, 0, 0 }
++       { "null", "null", NULL, KEY_NULL, 0, 0, 0 },
+        { NULL, NULL, NULL, -1, -1, 0, 0 }
  };
  
-@@ -210,7 +211,7 @@ sshkey_alg_list(int certs_only, int plain_only, int include_sigonly, char sep)
+@@ -228,7 +229,7 @@ sshkey_alg_list(int certs_only, int plain_only, int include_sigonly, char sep)
         const struct keytype *kt;
  
         for (kt = keytypes; kt->type != -1; kt++) {
@@ -3287,7 +3308,7 @@ index 7712fba23..088872860 100644
                 if (!include_sigonly && kt->sigonly)
                         continue;
 diff --git a/sshkey.h b/sshkey.h
-index 155cd45ae..4e89049f1 100644
+index 9060b2ecb..0cbdcfd74 100644
 --- a/sshkey.h
 +++ b/sshkey.h
 @@ -63,6 +63,7 @@ enum sshkey_types {
diff --git a/debian/patches/keepalive-extensions.patch b/debian/patches/keepalive-extensions.patch
index b75b82068..fc052ea73 100644
--- a/debian/patches/keepalive-extensions.patch
+++ b/debian/patches/keepalive-extensions.patch
@@ -1,4 +1,4 @@
-From a7045c36e6e072c8f9250fbe11cf2f9db9f51a08 Mon Sep 17 00:00:00 2001
+From 2c0a1fef2aaf16c5b97694139239797f0ea33d27 Mon Sep 17 00:00:00 2001
 From: Richard Kettlewell <rjk@greenend.org.uk>
 Date: Sun, 9 Feb 2014 16:09:52 +0000
 Subject: Various keepalive extensions
@@ -16,7 +16,7 @@ keepalives.
 Author: Ian Jackson <ian@chiark.greenend.org.uk>
 Author: Matthew Vernon <matthew@debian.org>
 Author: Colin Watson <cjwatson@debian.org>
-Last-Update: 2017-10-04
+Last-Update: 2018-08-24
 
 Patch-Name: keepalive-extensions.patch
 ---
@@ -26,10 +26,10 @@ Patch-Name: keepalive-extensions.patch
  3 files changed, 34 insertions(+), 4 deletions(-)
 
 diff --git a/readconf.c b/readconf.c
-index 1f1be7789..7f2b5c172 100644
+index 6e26ba32d..3fd0fe7b7 100644
 --- a/readconf.c
 +++ b/readconf.c
-@@ -174,6 +174,7 @@ typedef enum {
+@@ -175,6 +175,7 @@ typedef enum {
         oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys,
         oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes,
         oPubkeyAcceptedKeyTypes, oProxyJump,
@@ -37,7 +37,7 @@ index 1f1be7789..7f2b5c172 100644
         oIgnore, oIgnoredUnknownOption, oDeprecated, oUnsupported
  } OpCodes;
  
-@@ -319,6 +320,8 @@ static struct {
+@@ -321,6 +322,8 @@ static struct {
         { "pubkeyacceptedkeytypes", oPubkeyAcceptedKeyTypes },
         { "ignoreunknown", oIgnoreUnknown },
         { "proxyjump", oProxyJump },
@@ -46,7 +46,7 @@ index 1f1be7789..7f2b5c172 100644
  
         { NULL, oBadOption }
  };
-@@ -1378,6 +1381,8 @@ parse_keytypes:
+@@ -1401,6 +1404,8 @@ parse_keytypes:
                 goto parse_flag;
  
         case oServerAliveInterval:
@@ -55,7 +55,7 @@ index 1f1be7789..7f2b5c172 100644
                 intptr = &options->server_alive_interval;
                 goto parse_time;
  
-@@ -2019,8 +2024,13 @@ fill_default_options(Options * options)
+@@ -2075,8 +2080,13 @@ fill_default_options(Options * options)
                 options->rekey_interval = 0;
         if (options->verify_host_key_dns == -1)
                 options->verify_host_key_dns = 0;
@@ -72,7 +72,7 @@ index 1f1be7789..7f2b5c172 100644
                 options->server_alive_count_max = 3;
         if (options->control_master == -1)
 diff --git a/ssh_config.5 b/ssh_config.5
-index 66826aa70..32c3632c7 100644
+index 5b99921b4..86ada128e 100644
 --- a/ssh_config.5
 +++ b/ssh_config.5
 @@ -247,8 +247,12 @@ Valid arguments are
@@ -102,10 +102,10 @@ index 66826aa70..32c3632c7 100644
 +and
 +.Cm SetupTimeOut
 +are Debian-specific compatibility aliases for this option.
- .It Cm StreamLocalBindMask
- Sets the octal file creation mode mask
- .Pq umask
-@@ -1537,6 +1548,12 @@ Specifies whether the system should send TCP keepalive messages to the
+ .It Cm SetEnv
+ Directly specify one or more environment variables and their contents to
+ be sent to the server.
+@@ -1543,6 +1554,12 @@ Specifies whether the system should send TCP keepalive messages to the
  other side.
  If they are sent, death of the connection or crash of one
  of the machines will be properly noticed.
@@ -119,10 +119,10 @@ index 66826aa70..32c3632c7 100644
  connections will die if the route is down temporarily, and some people
  find it annoying.
 diff --git a/sshd_config.5 b/sshd_config.5
-index c4a3f3cb2..1a1c6dd09 100644
+index a0ac717c7..0fbbccbde 100644
 --- a/sshd_config.5
 +++ b/sshd_config.5
-@@ -1495,6 +1495,9 @@ This avoids infinitely hanging sessions.
+@@ -1566,6 +1566,9 @@ This avoids infinitely hanging sessions.
  .Pp
  To disable TCP keepalive messages, the value should be set to
  .Cm no .
diff --git a/debian/patches/mention-ssh-keygen-on-keychange.patch b/debian/patches/mention-ssh-keygen-on-keychange.patch
index 95c235b32..3f0d5fba3 100644
--- a/debian/patches/mention-ssh-keygen-on-keychange.patch
+++ b/debian/patches/mention-ssh-keygen-on-keychange.patch
@@ -1,4 +1,4 @@
-From 76ab788bcf265360e1b88f8ced6085198c320fdd Mon Sep 17 00:00:00 2001
+From 0e0121b6dc0ffc2ec6a171328fea530378df2b3b Mon Sep 17 00:00:00 2001
 From: Scott Moser <smoser@ubuntu.com>
 Date: Sun, 9 Feb 2014 16:10:03 +0000
 Subject: Mention ssh-keygen in ssh fingerprint changed warning
@@ -14,10 +14,10 @@ Patch-Name: mention-ssh-keygen-on-keychange.patch
  1 file changed, 8 insertions(+), 1 deletion(-)
 
 diff --git a/sshconnect.c b/sshconnect.c
-index 8ab01c0ef..58f9eac8a 100644
+index a2efe6d15..ab5966066 100644
 --- a/sshconnect.c
 +++ b/sshconnect.c
-@@ -1141,9 +1141,13 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
+@@ -1112,9 +1112,13 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
                         error("%s. This could either mean that", key_msg);
                         error("DNS SPOOFING is happening or the IP address for the host");
                         error("and its host key have changed at the same time.");
@@ -32,7 +32,7 @@ index 8ab01c0ef..58f9eac8a 100644
                 }
                 /* The host key has changed. */
                 warn_changed_key(host_key);
-@@ -1152,6 +1156,9 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
+@@ -1123,6 +1127,9 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
                 error("Offending %s key in %s:%lu",
                     sshkey_type(host_found->key),
                     host_found->file, host_found->line);
diff --git a/debian/patches/no-openssl-version-status.patch b/debian/patches/no-openssl-version-status.patch
index c7b57a428..9c9c664d4 100644
--- a/debian/patches/no-openssl-version-status.patch
+++ b/debian/patches/no-openssl-version-status.patch
@@ -1,4 +1,4 @@
-From 7cdc2be2d56f5f49c9f2557d056bf2c15a141a79 Mon Sep 17 00:00:00 2001
+From 4d75300bdb447824c974febd3d04331755dde3ca Mon Sep 17 00:00:00 2001
 From: Kurt Roeckx <kurt@roeckx.be>
 Date: Sun, 9 Feb 2014 16:10:14 +0000
 Subject: Don't check the status field of the OpenSSL version
diff --git a/debian/patches/openbsd-docs.patch b/debian/patches/openbsd-docs.patch
index 89bd0a3bd..dacff74c3 100644
--- a/debian/patches/openbsd-docs.patch
+++ b/debian/patches/openbsd-docs.patch
@@ -1,4 +1,4 @@
-From c3d9231e598560dfe63a56a422439d263a2c3ebe Mon Sep 17 00:00:00 2001
+From f48c4fd12f8ecd275226e357454e45f10c20ac92 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:09 +0000
 Subject: Adjust various OpenBSD-specific references in manual pages
@@ -44,7 +44,7 @@ index ef0de0850..149846c8c 100644
  .Sh SEE ALSO
  .Xr ssh-keygen 1 ,
 diff --git a/ssh-keygen.1 b/ssh-keygen.1
-index 3525d7d17..39767e621 100644
+index dd6e7e5a8..33e0bbcc1 100644
 --- a/ssh-keygen.1
 +++ b/ssh-keygen.1
 @@ -176,9 +176,7 @@ key in
@@ -67,9 +67,9 @@ index 3525d7d17..39767e621 100644
 -to generate new host keys.
 +This is used by system administration scripts to generate new host keys.
  .It Fl a Ar rounds
- When saving a new-format private key (i.e. an ed25519 key or when the
- .Fl o
-@@ -685,7 +681,7 @@ option.
+ When saving a private key this option specifies the number of KDF
+ (key derivation function) rounds used.
+@@ -677,7 +673,7 @@ option.
  Valid generator values are 2, 3, and 5.
  .Pp
  Screened DH groups may be installed in
@@ -78,7 +78,7 @@ index 3525d7d17..39767e621 100644
  It is important that this file contains moduli of a range of bit lengths and
  that both ends of a connection share common moduli.
  .Sh CERTIFICATES
-@@ -872,7 +868,7 @@ on all machines
+@@ -864,7 +860,7 @@ on all machines
  where the user wishes to log in using public key authentication.
  There is no need to keep the contents of this file secret.
  .Pp
@@ -88,10 +88,10 @@ index 3525d7d17..39767e621 100644
  The file format is described in
  .Xr moduli 5 .
 diff --git a/ssh.1 b/ssh.1
-index 0ef7c1709..54e21d88a 100644
+index cb0fdd50e..d41426781 100644
 --- a/ssh.1
 +++ b/ssh.1
-@@ -846,6 +846,10 @@ implements public key authentication protocol automatically,
+@@ -850,6 +850,10 @@ implements public key authentication protocol automatically,
  using one of the DSA, ECDSA, Ed25519 or RSA algorithms.
  The HISTORY section of
  .Xr ssl 8
@@ -103,7 +103,7 @@ index 0ef7c1709..54e21d88a 100644
  .Pp
  The file
 diff --git a/sshd.8 b/sshd.8
-index c8299d5e5..378aeb9f5 100644
+index 57a7fd66b..4abc01d66 100644
 --- a/sshd.8
 +++ b/sshd.8
 @@ -65,7 +65,7 @@ over an insecure network.
@@ -115,7 +115,7 @@ index c8299d5e5..378aeb9f5 100644
  It forks a new
  daemon for each incoming connection.
  The forked daemons handle
-@@ -856,7 +856,7 @@ This file is for host-based authentication (see
+@@ -884,7 +884,7 @@ This file is for host-based authentication (see
  .Xr ssh 1 ) .
  It should only be writable by root.
  .Pp
@@ -124,7 +124,7 @@ index c8299d5e5..378aeb9f5 100644
  Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange"
  key exchange method.
  The file format is described in
-@@ -954,7 +954,6 @@ The content of this file is not sensitive; it can be world-readable.
+@@ -982,7 +982,6 @@ The content of this file is not sensitive; it can be world-readable.
  .Xr ssh-keyscan 1 ,
  .Xr chroot 2 ,
  .Xr hosts_access 5 ,
@@ -133,10 +133,10 @@ index c8299d5e5..378aeb9f5 100644
  .Xr sshd_config 5 ,
  .Xr inetd 8 ,
 diff --git a/sshd_config.5 b/sshd_config.5
-index 45044a70f..44b918463 100644
+index 96a69ab55..9774831fe 100644
 --- a/sshd_config.5
 +++ b/sshd_config.5
-@@ -383,8 +383,7 @@ then no banner is displayed.
+@@ -384,8 +384,7 @@ then no banner is displayed.
  By default, no banner is displayed.
  .It Cm ChallengeResponseAuthentication
  Specifies whether challenge-response authentication is allowed (e.g. via
diff --git a/debian/patches/package-versioning.patch b/debian/patches/package-versioning.patch
index c95f06568..470d057b2 100644
--- a/debian/patches/package-versioning.patch
+++ b/debian/patches/package-versioning.patch
@@ -1,4 +1,4 @@
-From 52359fc0d6ee73ee6e24332b2777dc8abdaed652 Mon Sep 17 00:00:00 2001
+From 97c5d99b8d1957d5a29ca34157a9bfe2ed5c7003 Mon Sep 17 00:00:00 2001
 From: Matthew Vernon <matthew@debian.org>
 Date: Sun, 9 Feb 2014 16:10:05 +0000
 Subject: Include the Debian version in our identification
@@ -19,10 +19,10 @@ Patch-Name: package-versioning.patch
  3 files changed, 8 insertions(+), 3 deletions(-)
 
 diff --git a/sshconnect.c b/sshconnect.c
-index 58f9eac8a..15d8b807e 100644
+index ab5966066..d3656e47a 100644
 --- a/sshconnect.c
 +++ b/sshconnect.c
-@@ -638,7 +638,7 @@ send_client_banner(int connection_out, int minor1)
+@@ -609,7 +609,7 @@ send_client_banner(int connection_out, int minor1)
  {
         /* Send our own protocol version identification. */
         xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n",
@@ -32,7 +32,7 @@ index 58f9eac8a..15d8b807e 100644
             strlen(client_version_string)) != strlen(client_version_string))
                 fatal("write: %.100s", strerror(errno));
 diff --git a/sshd.c b/sshd.c
-index 6d911c19a..9a7f5495c 100644
+index 92d15c82d..ffd3dad6a 100644
 --- a/sshd.c
 +++ b/sshd.c
 @@ -384,7 +384,7 @@ sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out)
@@ -45,11 +45,11 @@ index 6d911c19a..9a7f5495c 100644
             options.version_addendum);
  
 diff --git a/version.h b/version.h
-index ea52b26f5..a3fa6e0b9 100644
+index f1bbf00f3..e7df751e1 100644
 --- a/version.h
 +++ b/version.h
 @@ -3,4 +3,9 @@
- #define SSH_VERSION    "OpenSSH_7.7"
+ #define SSH_VERSION    "OpenSSH_7.8"
  
  #define SSH_PORTABLE   "p1"
 -#define SSH_RELEASE    SSH_VERSION SSH_PORTABLE
diff --git a/debian/patches/restore-authorized_keys2.patch b/debian/patches/restore-authorized_keys2.patch
index 366c41655..6f0abc35f 100644
--- a/debian/patches/restore-authorized_keys2.patch
+++ b/debian/patches/restore-authorized_keys2.patch
@@ -1,4 +1,4 @@
-From 1e4b9d8e6cee1e15edfc12aa0294fa78639496b9 Mon Sep 17 00:00:00 2001
+From 2bc71f46ab96ec8af88a5b86786fb0835d9b65bc Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 5 Mar 2017 02:02:11 +0000
 Subject: Restore reading authorized_keys2 by default
@@ -18,7 +18,7 @@ Patch-Name: restore-authorized_keys2.patch
  1 file changed, 2 insertions(+), 3 deletions(-)
 
 diff --git a/sshd_config b/sshd_config
-index de9cc9fe2..31e14a4f0 100644
+index ed8272f6d..ee9629102 100644
 --- a/sshd_config
 +++ b/sshd_config
 @@ -36,9 +36,8 @@
diff --git a/debian/patches/restore-tcp-wrappers.patch b/debian/patches/restore-tcp-wrappers.patch
index fccd130b8..91f3377b1 100644
--- a/debian/patches/restore-tcp-wrappers.patch
+++ b/debian/patches/restore-tcp-wrappers.patch
@@ -1,4 +1,4 @@
-From 398af3d66bfe8dc7d436570026571e522a0a13a0 Mon Sep 17 00:00:00 2001
+From 84a7a1b1c767056c80add9f0e15c9f9ec23ec94d Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Tue, 7 Oct 2014 13:22:41 +0100
 Subject: Restore TCP wrappers support
@@ -18,7 +18,7 @@ but it at least probably doesn't involve dropping this feature shortly
 before a freeze.
 
 Forwarded: not-needed
-Last-Update: 2014-10-07
+Last-Update: 2018-08-24
 
 Patch-Name: restore-tcp-wrappers.patch
 ---
@@ -28,12 +28,12 @@ Patch-Name: restore-tcp-wrappers.patch
  3 files changed, 89 insertions(+)
 
 diff --git a/configure.ac b/configure.ac
-index 1cd5eab6c..3e23e60d6 100644
+index 82428b241..ebc10f51e 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -1566,6 +1566,62 @@ AC_ARG_WITH([skey],
-        ]
- )
+@@ -1526,6 +1526,62 @@ else
+        AC_MSG_RESULT([no])
+ fi
  
 +# Check whether user wants TCP wrappers support
 +TCPW_MSG="no"
@@ -94,19 +94,19 @@ index 1cd5eab6c..3e23e60d6 100644
  # Check whether user wants to use ldns
  LDNS_MSG="no"
  AC_ARG_WITH(ldns,
-@@ -5240,6 +5296,7 @@ echo "                   OSF SIA support: $SIA_MSG"
+@@ -5201,6 +5257,7 @@ echo "                       PAM support: $PAM_MSG"
+ echo "                   OSF SIA support: $SIA_MSG"
  echo "                 KerberosV support: $KRB5_MSG"
  echo "                   SELinux support: $SELINUX_MSG"
- echo "                     S/KEY support: $SKEY_MSG"
 +echo "              TCP Wrappers support: $TCPW_MSG"
  echo "              MD5 password support: $MD5_MSG"
  echo "                   libedit support: $LIBEDIT_MSG"
  echo "                   libldns support: $LDNS_MSG"
 diff --git a/sshd.8 b/sshd.8
-index 968ba66bb..c8299d5e5 100644
+index fb133c14b..57a7fd66b 100644
 --- a/sshd.8
 +++ b/sshd.8
-@@ -845,6 +845,12 @@ the user's home directory becomes accessible.
+@@ -873,6 +873,12 @@ the user's home directory becomes accessible.
  This file should be writable only by the user, and need not be
  readable by anyone else.
  .Pp
@@ -119,7 +119,7 @@ index 968ba66bb..c8299d5e5 100644
  .It Pa /etc/hosts.equiv
  This file is for host-based authentication (see
  .Xr ssh 1 ) .
-@@ -947,6 +953,7 @@ The content of this file is not sensitive; it can be world-readable.
+@@ -975,6 +981,7 @@ The content of this file is not sensitive; it can be world-readable.
  .Xr ssh-keygen 1 ,
  .Xr ssh-keyscan 1 ,
  .Xr chroot 2 ,
@@ -128,7 +128,7 @@ index 968ba66bb..c8299d5e5 100644
  .Xr moduli 5 ,
  .Xr sshd_config 5 ,
 diff --git a/sshd.c b/sshd.c
-index e88185efa..4ed0364f2 100644
+index 2e453cdf8..71c360da0 100644
 --- a/sshd.c
 +++ b/sshd.c
 @@ -127,6 +127,13 @@
@@ -145,7 +145,7 @@ index e88185efa..4ed0364f2 100644
  /* Re-exec fds */
  #define REEXEC_DEVCRYPTO_RESERVED_FD   (STDERR_FILENO + 1)
  #define REEXEC_STARTUP_PIPE_FD         (STDERR_FILENO + 2)
-@@ -2042,6 +2049,24 @@ main(int ac, char **av)
+@@ -2100,6 +2107,24 @@ main(int ac, char **av)
  #ifdef SSH_AUDIT_EVENTS
         audit_connection_from(remote_ip, remote_port);
  #endif
diff --git a/debian/patches/scp-quoting.patch b/debian/patches/scp-quoting.patch
index 18c7155e4..c52632134 100644
--- a/debian/patches/scp-quoting.patch
+++ b/debian/patches/scp-quoting.patch
@@ -1,4 +1,4 @@
-From e800454207f4d7a0c402f129029b8282209cdf74 Mon Sep 17 00:00:00 2001
+From f14447b774639c6de52f452e5a0e012939832855 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Nicolas=20Valc=C3=A1rcel?= <nvalcarcel@ubuntu.com>
 Date: Sun, 9 Feb 2014 16:09:59 +0000
 Subject: Adjust scp quoting in verbose mode
@@ -17,7 +17,7 @@ Patch-Name: scp-quoting.patch
  1 file changed, 10 insertions(+), 2 deletions(-)
 
 diff --git a/scp.c b/scp.c
-index 31e6709fb..2bbf6938e 100644
+index 60682c687..ed2864250 100644
 --- a/scp.c
 +++ b/scp.c
 @@ -198,8 +198,16 @@ do_local_cmd(arglist *a)
diff --git a/debian/patches/seccomp-getuid-geteuid.patch b/debian/patches/seccomp-getuid-geteuid.patch
deleted file mode 100644
index be4921ae4..000000000
--- a/debian/patches/seccomp-getuid-geteuid.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From 5b35741e661c6a95e39f5f897ae62c0f3686ca4f Mon Sep 17 00:00:00 2001
-From: Eduardo Barretto <ebarretto@linux.vnet.ibm.com>
-Date: Tue, 9 May 2017 13:31:05 -0300
-Subject: Allow getuid and geteuid calls
-
-getuid and geteuid are needed when using an openssl engine that calls a
-crypto card, e.g. ICA (libica).
-Those syscalls are also needed by the distros for audit code.
-
-Signed-off-by: Eduardo Barretto <ebarretto@linux.vnet.ibm.com>
-
-Origin: other, https://bugzilla.mindrot.org/show_bug.cgi?id=2752
-Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=2752
-Bug-Ubuntu: https://bugs.launchpad.net/bugs/1686618
-Last-Update: 2017-08-28
-
-Patch-Name: seccomp-getuid-geteuid.patch
----
- sandbox-seccomp-filter.c | 12 ++++++++++++
- 1 file changed, 12 insertions(+)
-
-diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
-index 6e7de3114..e86aa2c91 100644
---- a/sandbox-seccomp-filter.c
-+++ b/sandbox-seccomp-filter.c
-@@ -175,6 +175,18 @@ static const struct sock_filter preauth_insns[] = {
- #ifdef __NR_getpid
-        SC_ALLOW(__NR_getpid),
- #endif
-+#ifdef __NR_getuid
-+       SC_ALLOW(__NR_getuid),
-+#endif
-+#ifdef __NR_getuid32
-+       SC_ALLOW(__NR_getuid32),
-+#endif
-+#ifdef __NR_geteuid
-+       SC_ALLOW(__NR_geteuid),
-+#endif
-+#ifdef __NR_geteuid32
-+       SC_ALLOW(__NR_geteuid32),
-+#endif
- #ifdef __NR_getrandom
-        SC_ALLOW(__NR_getrandom),
- #endif
diff --git a/debian/patches/seccomp-s390-flock-ipc.patch b/debian/patches/seccomp-s390-flock-ipc.patch
index b62d0195c..2febc4e38 100644
--- a/debian/patches/seccomp-s390-flock-ipc.patch
+++ b/debian/patches/seccomp-s390-flock-ipc.patch
@@ -1,4 +1,4 @@
-From 8435aa5e322a4899dcb9bc68d5f0551e93d3f5a5 Mon Sep 17 00:00:00 2001
+From 04910479f7869c27065950b7deb0d69d85230927 Mon Sep 17 00:00:00 2001
 From: Eduardo Barretto <ebarretto@linux.vnet.ibm.com>
 Date: Tue, 9 May 2017 10:53:04 -0300
 Subject: Allow flock and ipc syscall for s390 architecture
@@ -14,7 +14,7 @@ Signed-off-by: Eduardo Barretto <ebarretto@linux.vnet.ibm.com>
 Origin: other, https://bugzilla.mindrot.org/show_bug.cgi?id=2752
 Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=2752
 Bug-Ubuntu: https://bugs.launchpad.net/bugs/1686618
-Last-Update: 2017-08-28
+Last-Update: 2018-08-24
 
 Patch-Name: seccomp-s390-flock-ipc.patch
 ---
@@ -22,7 +22,7 @@ Patch-Name: seccomp-s390-flock-ipc.patch
  1 file changed, 6 insertions(+)
 
 diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
-index ca75cc719..6e7de3114 100644
+index 12c4ee130..bcea77997 100644
 --- a/sandbox-seccomp-filter.c
 +++ b/sandbox-seccomp-filter.c
 @@ -166,6 +166,9 @@ static const struct sock_filter preauth_insns[] = {
@@ -32,12 +32,12 @@ index ca75cc719..6e7de3114 100644
 +#if defined(__NR_flock) && defined(__s390__)
 +       SC_ALLOW(__NR_flock),
 +#endif
- #ifdef __NR_getpgid
-        SC_ALLOW(__NR_getpgid),
+ #ifdef __NR_geteuid
+        SC_ALLOW(__NR_geteuid),
  #endif
-@@ -178,6 +181,9 @@ static const struct sock_filter preauth_insns[] = {
- #ifdef __NR_gettimeofday
-        SC_ALLOW(__NR_gettimeofday),
+@@ -190,6 +193,9 @@ static const struct sock_filter preauth_insns[] = {
+ #ifdef __NR_getuid32
+        SC_ALLOW(__NR_getuid32),
  #endif
 +#if defined(__NR_ipc) && defined(__s390__)
 +       SC_ALLOW(__NR_ipc),
diff --git a/debian/patches/seccomp-s390-ioctl-ep11-crypto.patch b/debian/patches/seccomp-s390-ioctl-ep11-crypto.patch
index dd0f6510c..fc3af3e64 100644
--- a/debian/patches/seccomp-s390-ioctl-ep11-crypto.patch
+++ b/debian/patches/seccomp-s390-ioctl-ep11-crypto.patch
@@ -1,4 +1,4 @@
-From ea67bc97339c9a507343e4a1f5fb867f678fbe1d Mon Sep 17 00:00:00 2001
+From 16a47fc4b04977a14f44dd433c8da1499fa80671 Mon Sep 17 00:00:00 2001
 From: Eduardo Barretto <ebarretto@linux.vnet.ibm.com>
 Date: Tue, 9 May 2017 13:33:30 -0300
 Subject: Enable specific ioctl call for EP11 crypto card (s390)
@@ -19,10 +19,10 @@ Patch-Name: seccomp-s390-ioctl-ep11-crypto.patch
  1 file changed, 2 insertions(+)
 
 diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
-index e86aa2c91..98062f152 100644
+index bcea77997..f216ba353 100644
 --- a/sandbox-seccomp-filter.c
 +++ b/sandbox-seccomp-filter.c
-@@ -250,6 +250,8 @@ static const struct sock_filter preauth_insns[] = {
+@@ -253,6 +253,8 @@ static const struct sock_filter preauth_insns[] = {
         SC_ALLOW_ARG(__NR_ioctl, 1, Z90STAT_STATUS_MASK),
         SC_ALLOW_ARG(__NR_ioctl, 1, ICARSAMODEXPO),
         SC_ALLOW_ARG(__NR_ioctl, 1, ICARSACRT),
diff --git a/debian/patches/selinux-role.patch b/debian/patches/selinux-role.patch
index 5c0bad093..95d582067 100644
--- a/debian/patches/selinux-role.patch
+++ b/debian/patches/selinux-role.patch
@@ -1,4 +1,4 @@
-From 7da968d97beba5fb80a5488516563ea1376db907 Mon Sep 17 00:00:00 2001
+From 03979f2e0768e146d179c66f2d2e33afe61c1be3 Mon Sep 17 00:00:00 2001
 From: Manoj Srivastava <srivasta@debian.org>
 Date: Sun, 9 Feb 2014 16:09:49 +0000
 Subject: Handle SELinux authorisation roles
@@ -9,17 +9,17 @@ SELinux maintainer, so we'll keep it until we have something better.
 
 Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1641
 Bug-Debian: http://bugs.debian.org/394795
-Last-Update: 2017-10-04
+Last-Update: 2018-08-24
 
 Patch-Name: selinux-role.patch
 ---
  auth.h                      |  1 +
  auth2.c                     | 10 ++++++++--
- monitor.c                   | 32 +++++++++++++++++++++++++++++---
+ monitor.c                   | 37 +++++++++++++++++++++++++++++++++----
  monitor.h                   |  2 ++
- monitor_wrap.c              | 22 ++++++++++++++++++++--
+ monitor_wrap.c              | 27 ++++++++++++++++++++++++---
  monitor_wrap.h              |  3 ++-
- openbsd-compat/port-linux.c | 27 ++++++++++++++++++++-------
+ openbsd-compat/port-linux.c | 21 ++++++++++++++-------
  openbsd-compat/port-linux.h |  4 ++--
  platform.c                  |  4 ++--
  platform.h                  |  2 +-
@@ -28,10 +28,10 @@ Patch-Name: selinux-role.patch
  sshd.c                      |  2 +-
  sshpty.c                    |  4 ++--
  sshpty.h                    |  2 +-
- 15 files changed, 97 insertions(+), 30 deletions(-)
+ 15 files changed, 99 insertions(+), 32 deletions(-)
 
 diff --git a/auth.h b/auth.h
-index 23ce67caf..15ba7073e 100644
+index 977562f0a..90802a5eb 100644
 --- a/auth.h
 +++ b/auth.h
 @@ -65,6 +65,7 @@ struct Authctxt {
@@ -43,19 +43,19 @@ index 23ce67caf..15ba7073e 100644
         /* Method lists for multiple authentication */
         char            **auth_methods; /* modified from server config */
 diff --git a/auth2.c b/auth2.c
-index c34f58c45..be5e9f15f 100644
+index 96efe164c..90a247c1c 100644
 --- a/auth2.c
 +++ b/auth2.c
-@@ -218,7 +218,7 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh)
+@@ -257,7 +257,7 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh)
  {
         Authctxt *authctxt = ssh->authctxt;
         Authmethod *m = NULL;
 -       char *user, *service, *method, *style = NULL;
 +       char *user, *service, *method, *style = NULL, *role = NULL;
         int authenticated = 0;
+        double tstart = monotime_double();
  
-        if (authctxt == NULL)
-@@ -230,8 +230,13 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh)
+@@ -270,8 +270,13 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh)
         debug("userauth-request for user %s service %s method %s", user, service, method);
         debug("attempt %d failures %d", authctxt->attempt, authctxt->failures);
  
@@ -69,7 +69,7 @@ index c34f58c45..be5e9f15f 100644
  
         if (authctxt->attempt++ == 0) {
                 /* setup auth context */
-@@ -258,8 +263,9 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh)
+@@ -298,8 +303,9 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh)
                     use_privsep ? " [net]" : "");
                 authctxt->service = xstrdup(service);
                 authctxt->style = style ? xstrdup(style) : NULL;
@@ -81,18 +81,18 @@ index c34f58c45..be5e9f15f 100644
                 if (auth2_setup_methods_lists(authctxt) != 0)
                         packet_disconnect("no authentication methods enabled");
 diff --git a/monitor.c b/monitor.c
-index 868fb0d2d..ed37458fb 100644
+index 4e574a2ae..c1e7e9b80 100644
 --- a/monitor.c
 +++ b/monitor.c
-@@ -128,6 +128,7 @@ int mm_answer_sign(int, Buffer *);
- int mm_answer_pwnamallow(int, Buffer *);
- int mm_answer_auth2_read_banner(int, Buffer *);
- int mm_answer_authserv(int, Buffer *);
-+int mm_answer_authrole(int, Buffer *);
- int mm_answer_authpassword(int, Buffer *);
- int mm_answer_bsdauthquery(int, Buffer *);
- int mm_answer_bsdauthrespond(int, Buffer *);
-@@ -206,6 +207,7 @@ struct mon_table mon_dispatch_proto20[] = {
+@@ -115,6 +115,7 @@ int mm_answer_sign(int, struct sshbuf *);
+ int mm_answer_pwnamallow(int, struct sshbuf *);
+ int mm_answer_auth2_read_banner(int, struct sshbuf *);
+ int mm_answer_authserv(int, struct sshbuf *);
++int mm_answer_authrole(int, struct sshbuf *);
+ int mm_answer_authpassword(int, struct sshbuf *);
+ int mm_answer_bsdauthquery(int, struct sshbuf *);
+ int mm_answer_bsdauthrespond(int, struct sshbuf *);
+@@ -191,6 +192,7 @@ struct mon_table mon_dispatch_proto20[] = {
      {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign},
      {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},
      {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv},
@@ -100,7 +100,7 @@ index 868fb0d2d..ed37458fb 100644
      {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner},
      {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
  #ifdef USE_PAM
-@@ -806,6 +808,7 @@ mm_answer_pwnamallow(int sock, Buffer *m)
+@@ -813,6 +815,7 @@ mm_answer_pwnamallow(int sock, struct sshbuf *m)
  
         /* Allow service/style information on the auth context */
         monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1);
@@ -108,13 +108,16 @@ index 868fb0d2d..ed37458fb 100644
         monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1);
  
  #ifdef USE_PAM
-@@ -836,14 +839,37 @@ mm_answer_authserv(int sock, Buffer *m)
- 
-        authctxt->service = buffer_get_string(m, NULL);
-        authctxt->style = buffer_get_string(m, NULL);
+@@ -846,16 +849,42 @@ mm_answer_authserv(int sock, struct sshbuf *m)
+        monitor_permit_authentications(1);
+ 
+        if ((r = sshbuf_get_cstring(m, &authctxt->service, NULL)) != 0 ||
+-           (r = sshbuf_get_cstring(m, &authctxt->style, NULL)) != 0)
++           (r = sshbuf_get_cstring(m, &authctxt->style, NULL)) != 0 ||
++           (r = sshbuf_get_cstring(m, &authctxt->role, NULL)) != 0)
+                fatal("%s: buffer error: %s", __func__, ssh_err(r));
 -       debug3("%s: service=%s, style=%s",
 -           __func__, authctxt->service, authctxt->style);
-+       authctxt->role = buffer_get_string(m, NULL);
 +       debug3("%s: service=%s, style=%s, role=%s",
 +           __func__, authctxt->service, authctxt->style, authctxt->role);
  
@@ -132,11 +135,14 @@ index 868fb0d2d..ed37458fb 100644
 +}
 +
 +int
-+mm_answer_authrole(int sock, Buffer *m)
++mm_answer_authrole(int sock, struct sshbuf *m)
 +{
++       int r;
++
 +       monitor_permit_authentications(1);
 +
-+       authctxt->role = buffer_get_string(m, NULL);
++       if ((r = sshbuf_get_cstring(m, &authctxt->role, NULL)) != 0)
++               fatal("%s: buffer error: %s", __func__, ssh_err(r));
 +       debug3("%s: role=%s",
 +           __func__, authctxt->role);
 +
@@ -148,20 +154,20 @@ index 868fb0d2d..ed37458fb 100644
         return (0);
  }
  
-@@ -1497,7 +1523,7 @@ mm_answer_pty(int sock, Buffer *m)
+@@ -1497,7 +1526,7 @@ mm_answer_pty(int sock, struct sshbuf *m)
         res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty));
         if (res == 0)
                 goto error;
 -       pty_setowner(authctxt->pw, s->tty);
 +       pty_setowner(authctxt->pw, s->tty, authctxt->role);
  
-        buffer_put_int(m, 1);
-        buffer_put_cstring(m, s->tty);
+        if ((r = sshbuf_put_u32(m, 1)) != 0 ||
+            (r = sshbuf_put_cstring(m, s->tty)) != 0)
 diff --git a/monitor.h b/monitor.h
-index ec41404c7..4c7955d7a 100644
+index 44fbed589..8f65e684d 100644
 --- a/monitor.h
 +++ b/monitor.h
-@@ -68,6 +68,8 @@ enum monitor_reqtype {
+@@ -66,6 +66,8 @@ enum monitor_reqtype {
         MONITOR_REQ_GSSSIGN = 150, MONITOR_ANS_GSSSIGN = 151,
         MONITOR_REQ_GSSUPCREDS = 152, MONITOR_ANS_GSSUPCREDS = 153,
  
@@ -171,10 +177,10 @@ index ec41404c7..4c7955d7a 100644
  
  struct monitor {
 diff --git a/monitor_wrap.c b/monitor_wrap.c
-index e749efc18..7b2d06c65 100644
+index 1865a122a..fd4d7eb3b 100644
 --- a/monitor_wrap.c
 +++ b/monitor_wrap.c
-@@ -331,10 +331,10 @@ mm_auth2_read_banner(void)
+@@ -369,10 +369,10 @@ mm_auth2_read_banner(void)
         return (banner);
  }
  
@@ -185,17 +191,20 @@ index e749efc18..7b2d06c65 100644
 -mm_inform_authserv(char *service, char *style)
 +mm_inform_authserv(char *service, char *style, char *role)
  {
-        Buffer m;
- 
-@@ -343,12 +343,30 @@ mm_inform_authserv(char *service, char *style)
-        buffer_init(&m);
-        buffer_put_cstring(&m, service);
-        buffer_put_cstring(&m, style ? style : "");
-+       buffer_put_cstring(&m, role ? role : "");
- 
-        mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHSERV, &m);
- 
-        buffer_free(&m);
+        struct sshbuf *m;
+        int r;
+@@ -382,7 +382,8 @@ mm_inform_authserv(char *service, char *style)
+        if ((m = sshbuf_new()) == NULL)
+                fatal("%s: sshbuf_new failed", __func__);
+        if ((r = sshbuf_put_cstring(m, service)) != 0 ||
+-           (r = sshbuf_put_cstring(m, style ? style : "")) != 0)
++           (r = sshbuf_put_cstring(m, style ? style : "")) != 0 ||
++           (r = sshbuf_put_cstring(m, role ? role : "")) != 0)
+                fatal("%s: buffer error: %s", __func__, ssh_err(r));
+ 
+        mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHSERV, m);
+@@ -390,6 +391,26 @@ mm_inform_authserv(char *service, char *style)
+        sshbuf_free(m);
  }
  
 +/* Inform the privileged process about role */
@@ -203,29 +212,32 @@ index e749efc18..7b2d06c65 100644
 +void
 +mm_inform_authrole(char *role)
 +{
-+       Buffer m;
++       struct sshbuf *m;
++       int r;
 +
 +       debug3("%s entering", __func__);
 +
-+       buffer_init(&m);
-+       buffer_put_cstring(&m, role ? role : "");
++       if ((m = sshbuf_new()) == NULL)
++               fatal("%s: sshbuf_new failed", __func__);
++       if ((r = sshbuf_put_cstring(m, role ? role : "")) != 0)
++               fatal("%s: buffer error: %s", __func__, ssh_err(r));
 +
-+       mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHROLE, &m);
++       mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHROLE, m);
 +
-+       buffer_free(&m);
++       sshbuf_free(m);
 +}
 +
  /* Do the password authentication */
  int
  mm_auth_password(struct ssh *ssh, char *password)
 diff --git a/monitor_wrap.h b/monitor_wrap.h
-index 0970d1f87..492de5c85 100644
+index 7f93144ff..79e78cc90 100644
 --- a/monitor_wrap.h
 +++ b/monitor_wrap.h
 @@ -43,7 +43,8 @@ int mm_is_monitor(void);
  DH *mm_choose_dh(int, int, int);
- int mm_key_sign(struct sshkey *, u_char **, u_int *, const u_char *, u_int,
-     const char *);
+ int mm_sshkey_sign(struct sshkey *, u_char **, size_t *, const u_char *, size_t,
+     const char *, u_int compat);
 -void mm_inform_authserv(char *, char *);
 +void mm_inform_authserv(char *, char *, char *);
 +void mm_inform_authrole(char *);
@@ -233,23 +245,10 @@ index 0970d1f87..492de5c85 100644
  char *mm_auth2_read_banner(void);
  int mm_auth_password(struct ssh *, char *);
 diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c
-index 8c5325cc3..8a3e5c68d 100644
+index 8c5325cc3..9fdda664f 100644
 --- a/openbsd-compat/port-linux.c
 +++ b/openbsd-compat/port-linux.c
-@@ -27,6 +27,12 @@
- #include <string.h>
- #include <stdio.h>
- 
-+#ifdef WITH_SELINUX
-+#include "key.h"
-+#include "hostfile.h"
-+#include "auth.h"
-+#endif
-+
- #include "log.h"
- #include "xmalloc.h"
- #include "port-linux.h"
-@@ -55,7 +61,7 @@ ssh_selinux_enabled(void)
+@@ -55,7 +55,7 @@ ssh_selinux_enabled(void)
  
  /* Return the default security context for the given username */
  static security_context_t
@@ -258,7 +257,7 @@ index 8c5325cc3..8a3e5c68d 100644
  {
         security_context_t sc = NULL;
         char *sename = NULL, *lvl = NULL;
-@@ -70,9 +76,16 @@ ssh_selinux_getctxbyname(char *pwname)
+@@ -70,9 +70,16 @@ ssh_selinux_getctxbyname(char *pwname)
  #endif
  
  #ifdef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL
@@ -277,7 +276,7 @@ index 8c5325cc3..8a3e5c68d 100644
  #endif
  
         if (r != 0) {
-@@ -102,7 +115,7 @@ ssh_selinux_getctxbyname(char *pwname)
+@@ -102,7 +109,7 @@ ssh_selinux_getctxbyname(char *pwname)
  
  /* Set the execution context to the default for the specified user */
  void
@@ -286,7 +285,7 @@ index 8c5325cc3..8a3e5c68d 100644
  {
         security_context_t user_ctx = NULL;
  
-@@ -111,7 +124,7 @@ ssh_selinux_setup_exec_context(char *pwname)
+@@ -111,7 +118,7 @@ ssh_selinux_setup_exec_context(char *pwname)
  
         debug3("%s: setting execution context", __func__);
  
@@ -295,7 +294,7 @@ index 8c5325cc3..8a3e5c68d 100644
         if (setexeccon(user_ctx) != 0) {
                 switch (security_getenforce()) {
                 case -1:
-@@ -133,7 +146,7 @@ ssh_selinux_setup_exec_context(char *pwname)
+@@ -133,7 +140,7 @@ ssh_selinux_setup_exec_context(char *pwname)
  
  /* Set the TTY context for the specified user */
  void
@@ -304,7 +303,7 @@ index 8c5325cc3..8a3e5c68d 100644
  {
         security_context_t new_tty_ctx = NULL;
         security_context_t user_ctx = NULL;
-@@ -145,7 +158,7 @@ ssh_selinux_setup_pty(char *pwname, const char *tty)
+@@ -145,7 +152,7 @@ ssh_selinux_setup_pty(char *pwname, const char *tty)
  
         debug3("%s: setting TTY context on %s", __func__, tty);
  
@@ -329,10 +328,10 @@ index 3c22a854d..c88129428 100644
  void ssh_selinux_setfscreatecon(const char *);
  #endif
 diff --git a/platform.c b/platform.c
-index 18c7751de..380ee3a41 100644
+index 41acc9370..35654ea51 100644
 --- a/platform.c
 +++ b/platform.c
-@@ -143,7 +143,7 @@ platform_setusercontext(struct passwd *pw)
+@@ -142,7 +142,7 @@ platform_setusercontext(struct passwd *pw)
   * called if sshd is running as root.
   */
  void
@@ -341,7 +340,7 @@ index 18c7751de..380ee3a41 100644
  {
  #if !defined(HAVE_LOGIN_CAP) && defined(USE_PAM)
         /*
-@@ -184,7 +184,7 @@ platform_setusercontext_post_groups(struct passwd *pw)
+@@ -183,7 +183,7 @@ platform_setusercontext_post_groups(struct passwd *pw)
         }
  #endif /* HAVE_SETPCRED */
  #ifdef WITH_SELINUX
@@ -364,19 +363,19 @@ index ea4f9c584..60d72ffe7 100644
  char *platform_krb5_get_principal_name(const char *);
  int platform_sys_dir_uid(uid_t);
 diff --git a/session.c b/session.c
-index 58826db16..ff301c983 100644
+index f2cf52006..d5d2e94b0 100644
 --- a/session.c
 +++ b/session.c
-@@ -1322,7 +1322,7 @@ safely_chroot(const char *path, uid_t uid)
+@@ -1378,7 +1378,7 @@ safely_chroot(const char *path, uid_t uid)
  
  /* Set login name, uid, gid, and groups. */
  void
 -do_setusercontext(struct passwd *pw)
 +do_setusercontext(struct passwd *pw, const char *role)
  {
-        char *chroot_path, *tmp;
+        char uidstr[32], *chroot_path, *tmp;
  
-@@ -1350,7 +1350,7 @@ do_setusercontext(struct passwd *pw)
+@@ -1406,7 +1406,7 @@ do_setusercontext(struct passwd *pw)
                 endgrent();
  #endif
  
@@ -385,7 +384,7 @@ index 58826db16..ff301c983 100644
  
                 if (!in_chroot && options.chroot_directory != NULL &&
                     strcasecmp(options.chroot_directory, "none") != 0) {
-@@ -1487,7 +1487,7 @@ do_child(struct ssh *ssh, Session *s, const char *command)
+@@ -1545,7 +1545,7 @@ do_child(struct ssh *ssh, Session *s, const char *command)
  
         /* Force a password change */
         if (s->authctxt->force_pwchange) {
@@ -394,7 +393,7 @@ index 58826db16..ff301c983 100644
                 child_close_fds(ssh);
                 do_pwchange(s);
                 exit(1);
-@@ -1505,7 +1505,7 @@ do_child(struct ssh *ssh, Session *s, const char *command)
+@@ -1563,7 +1563,7 @@ do_child(struct ssh *ssh, Session *s, const char *command)
         /* When PAM is enabled we rely on it to do the nologin check */
         if (!options.use_pam)
                 do_nologin(pw);
@@ -403,8 +402,8 @@ index 58826db16..ff301c983 100644
         /*
          * PAM session modules in do_setusercontext may have
          * generated messages, so if this in an interactive
-@@ -1897,7 +1897,7 @@ session_pty_req(struct ssh *ssh, Session *s)
-        tty_parse_modes(s->ttyfd, &n_bytes);
+@@ -1953,7 +1953,7 @@ session_pty_req(struct ssh *ssh, Session *s)
+        ssh_tty_parse_modes(ssh, s->ttyfd);
  
         if (!use_privsep)
 -               pty_setowner(s->pw, s->tty);
@@ -426,10 +425,10 @@ index 54dd1f0ca..8535ebcef 100644
  const char     *session_get_remote_name_or_ip(struct ssh *, u_int, int);
  
 diff --git a/sshd.c b/sshd.c
-index 4ed0364f2..6d911c19a 100644
+index 71c360da0..92d15c82d 100644
 --- a/sshd.c
 +++ b/sshd.c
-@@ -679,7 +679,7 @@ privsep_postauth(Authctxt *authctxt)
+@@ -684,7 +684,7 @@ privsep_postauth(Authctxt *authctxt)
         reseed_prngs();
  
         /* Drop privileges */
diff --git a/debian/patches/series b/debian/patches/series
index e1eb16773..1f82bea11 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -22,7 +22,4 @@ systemd-readiness.patch
 debian-config.patch
 restore-authorized_keys2.patch
 seccomp-s390-flock-ipc.patch
-seccomp-getuid-geteuid.patch
 seccomp-s390-ioctl-ep11-crypto.patch
-upstream-relax-checking-of-authorized_keys-environme.patch
-upstream-delay-bailout-for-invalid-authenticating-user.patch
diff --git a/debian/patches/shell-path.patch b/debian/patches/shell-path.patch
index 92fc0026a..7e91b9b14 100644
--- a/debian/patches/shell-path.patch
+++ b/debian/patches/shell-path.patch
@@ -1,4 +1,4 @@
-From 72fead7f622b074c9b92dbdb8ae745faf2702b3d Mon Sep 17 00:00:00 2001
+From 0e7d3495f758a4ecccc14eda31845ea0efc89251 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:00 +0000
 Subject: Look for $SHELL on the path for ProxyCommand/LocalCommand
@@ -16,10 +16,10 @@ Patch-Name: shell-path.patch
  1 file changed, 2 insertions(+), 2 deletions(-)
 
 diff --git a/sshconnect.c b/sshconnect.c
-index 3805d35d9..8ab01c0ef 100644
+index 78813c164..a2efe6d15 100644
 --- a/sshconnect.c
 +++ b/sshconnect.c
-@@ -239,7 +239,7 @@ ssh_proxy_connect(struct ssh *ssh, const char *host, u_short port,
+@@ -229,7 +229,7 @@ ssh_proxy_connect(struct ssh *ssh, const char *host, u_short port,
                 /* Execute the proxy command.  Note that we gave up any
                    extra privileges above. */
                 signal(SIGPIPE, SIG_DFL);
@@ -28,7 +28,7 @@ index 3805d35d9..8ab01c0ef 100644
                 perror(argv[0]);
                 exit(1);
         }
-@@ -1554,7 +1554,7 @@ ssh_local_cmd(const char *args)
+@@ -1525,7 +1525,7 @@ ssh_local_cmd(const char *args)
         if (pid == 0) {
                 signal(SIGPIPE, SIG_DFL);
                 debug3("Executing %s -c \"%s\"", shell, args);
diff --git a/debian/patches/ssh-agent-setgid.patch b/debian/patches/ssh-agent-setgid.patch
index add4d5115..ae29c2afb 100644
--- a/debian/patches/ssh-agent-setgid.patch
+++ b/debian/patches/ssh-agent-setgid.patch
@@ -1,4 +1,4 @@
-From 9155e0368189860345a5f4b52a756266704447af Mon Sep 17 00:00:00 2001
+From 67414e1884f4ac0eb391988b932af2dd9b2ab5ae Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:13 +0000
 Subject: Document consequences of ssh-agent being setgid in ssh-agent(1)
diff --git a/debian/patches/ssh-argv0.patch b/debian/patches/ssh-argv0.patch
index eb830e4cb..5f9e9bbc8 100644
--- a/debian/patches/ssh-argv0.patch
+++ b/debian/patches/ssh-argv0.patch
@@ -1,4 +1,4 @@
-From 77113aa5aacb35d773268411edbe3bca4255703d Mon Sep 17 00:00:00 2001
+From 0d0221146dc61545ca1dba099f669d5d6a37504e Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:10 +0000
 Subject: ssh(1): Refer to ssh-argv0(1)
@@ -18,10 +18,10 @@ Patch-Name: ssh-argv0.patch
  1 file changed, 1 insertion(+)
 
 diff --git a/ssh.1 b/ssh.1
-index 54e21d88a..f8fc26d2a 100644
+index d41426781..0a8e63f51 100644
 --- a/ssh.1
 +++ b/ssh.1
-@@ -1571,6 +1571,7 @@ if an error occurred.
+@@ -1575,6 +1575,7 @@ if an error occurred.
  .Xr sftp 1 ,
  .Xr ssh-add 1 ,
  .Xr ssh-agent 1 ,
diff --git a/debian/patches/ssh-vulnkey-compat.patch b/debian/patches/ssh-vulnkey-compat.patch
index 4d6f3e151..da0f358d8 100644
--- a/debian/patches/ssh-vulnkey-compat.patch
+++ b/debian/patches/ssh-vulnkey-compat.patch
@@ -1,4 +1,4 @@
-From 4fb99d4eb8936b6ffae3749717abfc2dccbaa162 Mon Sep 17 00:00:00 2001
+From 80ef33d2e2559a2fcb71940f0ef0de18f426dab4 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@ubuntu.com>
 Date: Sun, 9 Feb 2014 16:09:50 +0000
 Subject: Accept obsolete ssh-vulnkey configuration options
@@ -17,10 +17,10 @@ Patch-Name: ssh-vulnkey-compat.patch
  2 files changed, 2 insertions(+)
 
 diff --git a/readconf.c b/readconf.c
-index c8e792991..1f1be7789 100644
+index 4ad3c75fe..6e26ba32d 100644
 --- a/readconf.c
 +++ b/readconf.c
-@@ -189,6 +189,7 @@ static struct {
+@@ -190,6 +190,7 @@ static struct {
         { "fallbacktorsh", oDeprecated },
         { "globalknownhostsfile2", oDeprecated },
         { "rhostsauthentication", oDeprecated },
@@ -29,10 +29,10 @@ index c8e792991..1f1be7789 100644
         { "useroaming", oDeprecated },
         { "usersh", oDeprecated },
 diff --git a/servconf.c b/servconf.c
-index cbbea05bf..3fff3d531 100644
+index e1ae07fb7..e49984a81 100644
 --- a/servconf.c
 +++ b/servconf.c
-@@ -576,6 +576,7 @@ static struct {
+@@ -596,6 +596,7 @@ static struct {
         { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL },
         { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL },
         { "strictmodes", sStrictModes, SSHCFG_GLOBAL },
diff --git a/debian/patches/syslog-level-silent.patch b/debian/patches/syslog-level-silent.patch
index 1b41b0801..1610d40d1 100644
--- a/debian/patches/syslog-level-silent.patch
+++ b/debian/patches/syslog-level-silent.patch
@@ -1,4 +1,4 @@
-From 027619c6b05713e3f08a51e7232389383900e5d8 Mon Sep 17 00:00:00 2001
+From d47fa6fefb418c6d8f5a6d3dd49fd9dc7fce0c74 Mon Sep 17 00:00:00 2001
 From: Jonathan David Amery <jdamery@ysolde.ucam.org>
 Date: Sun, 9 Feb 2014 16:09:54 +0000
 Subject: "LogLevel SILENT" compatibility
@@ -21,7 +21,7 @@ Patch-Name: syslog-level-silent.patch
  2 files changed, 2 insertions(+), 1 deletion(-)
 
 diff --git a/log.c b/log.c
-index 99450dd12..1559091da 100644
+index d9c2d136c..1749af6d1 100644
 --- a/log.c
 +++ b/log.c
 @@ -93,6 +93,7 @@ static struct {
@@ -33,7 +33,7 @@ index 99450dd12..1559091da 100644
         { "FATAL",      SYSLOG_LEVEL_FATAL },
         { "ERROR",      SYSLOG_LEVEL_ERROR },
 diff --git a/ssh.c b/ssh.c
-index d3619fe29..e36debf6a 100644
+index ce628848c..6ee0f8c68 100644
 --- a/ssh.c
 +++ b/ssh.c
 @@ -1252,7 +1252,7 @@ main(int ac, char **av)
diff --git a/debian/patches/systemd-readiness.patch b/debian/patches/systemd-readiness.patch
index 982085c4c..95753542e 100644
--- a/debian/patches/systemd-readiness.patch
+++ b/debian/patches/systemd-readiness.patch
@@ -1,4 +1,4 @@
-From 4acdde3e5b206718774fa162763058155fe572bf Mon Sep 17 00:00:00 2001
+From ba2be368348f9f411377f494e209faedf53903de Mon Sep 17 00:00:00 2001
 From: Michael Biebl <biebl@debian.org>
 Date: Mon, 21 Dec 2015 16:08:47 +0000
 Subject: Add systemd readiness notification support
@@ -14,10 +14,10 @@ Patch-Name: systemd-readiness.patch
  2 files changed, 33 insertions(+)
 
 diff --git a/configure.ac b/configure.ac
-index 3e23e60d6..eac143b4d 100644
+index ebc10f51e..dab138640 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -4496,6 +4496,29 @@ AC_ARG_WITH([kerberos5],
+@@ -4458,6 +4458,29 @@ AC_ARG_WITH([kerberos5],
  AC_SUBST([GSSLIBS])
  AC_SUBST([K5LIBS])
  
@@ -47,7 +47,7 @@ index 3e23e60d6..eac143b4d 100644
  # Looking for programs, paths and files
  
  PRIVSEP_PATH=/var/empty
-@@ -5303,6 +5326,7 @@ echo "                   libldns support: $LDNS_MSG"
+@@ -5264,6 +5287,7 @@ echo "                   libldns support: $LDNS_MSG"
  echo "  Solaris process contract support: $SPC_MSG"
  echo "           Solaris project support: $SP_MSG"
  echo "         Solaris privilege support: $SPP_MSG"
@@ -56,7 +56,7 @@ index 3e23e60d6..eac143b4d 100644
  echo "           Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
  echo "                  BSD Auth support: $BSD_AUTH_MSG"
 diff --git a/sshd.c b/sshd.c
-index 1d645a170..3a86e66e7 100644
+index 698593605..7ff109175 100644
 --- a/sshd.c
 +++ b/sshd.c
 @@ -85,6 +85,10 @@
@@ -70,7 +70,7 @@ index 1d645a170..3a86e66e7 100644
  #include "xmalloc.h"
  #include "ssh.h"
  #include "ssh2.h"
-@@ -1933,6 +1937,11 @@ main(int ac, char **av)
+@@ -1991,6 +1995,11 @@ main(int ac, char **av)
                         }
                 }
  
diff --git a/debian/patches/upstream-delay-bailout-for-invalid-authenticating-user.patch b/debian/patches/upstream-delay-bailout-for-invalid-authenticating-user.patch
deleted file mode 100644
index 737a9f48d..000000000
--- a/debian/patches/upstream-delay-bailout-for-invalid-authenticating-user.patch
+++ /dev/null
@@ -1,153 +0,0 @@
-From c4ca1497658e0508e8595ad74978c07bc92a18e3 Mon Sep 17 00:00:00 2001
-From: "djm@openbsd.org" <djm@openbsd.org>
-Date: Tue, 31 Jul 2018 03:10:27 +0000
-Subject: upstream: delay bailout for invalid authenticating user
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-... until after the packet containing the request has been fully parsed.
-Reported by Dariusz Tytko and Michał Sajdak; ok deraadt
-
-OpenBSD-Commit-ID: b4891882fbe413f230fe8ac8a37349b03bd0b70d
-
-Origin: backport, http://anongit.mindrot.org/openssh.git/commit/?id=74287f5df9966a0648b4a68417451dd18f079ab8
-Bug-Debian: https://bugs.debian.org/906236
-Last-Update: 2018-08-17
-
-Patch-Name: upstream-delay-bailout-for-invalid-authenticating-user.patch
----
- auth2-gss.c       |  9 ++++++---
- auth2-hostbased.c |  9 +++++----
- auth2-pubkey.c    | 23 ++++++++++++++---------
- 3 files changed, 25 insertions(+), 16 deletions(-)
-
-diff --git a/auth2-gss.c b/auth2-gss.c
-index fd411d3a7..88bc3ae7b 100644
---- a/auth2-gss.c
-+++ b/auth2-gss.c
-@@ -104,9 +104,6 @@ userauth_gssapi(struct ssh *ssh)
-        u_int len;
-        u_char *doid = NULL;
- 
--       if (!authctxt->valid || authctxt->user == NULL)
--               return (0);
--
-        mechs = packet_get_int();
-        if (mechs == 0) {
-                debug("Mechanism negotiation is not supported");
-@@ -137,6 +134,12 @@ userauth_gssapi(struct ssh *ssh)
-                return (0);
-        }
- 
-+       if (!authctxt->valid || authctxt->user == NULL) {
-+               debug2("%s: disabled because of invalid user", __func__);
-+               free(doid);
-+               return (0);
-+       }
-+
-        if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, &goid)))) {
-                if (ctxt != NULL)
-                        ssh_gssapi_delete_ctx(&ctxt);
-diff --git a/auth2-hostbased.c b/auth2-hostbased.c
-index 8996f7e05..82a7dcdae 100644
---- a/auth2-hostbased.c
-+++ b/auth2-hostbased.c
-@@ -67,10 +67,6 @@ userauth_hostbased(struct ssh *ssh)
-        size_t alen, blen, slen;
-        int r, pktype, authenticated = 0;
- 
--       if (!authctxt->valid) {
--               debug2("%s: disabled because of invalid user", __func__);
--               return 0;
--       }
-        /* XXX use sshkey_froms() */
-        if ((r = sshpkt_get_cstring(ssh, &pkalg, &alen)) != 0 ||
-            (r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0 ||
-@@ -118,6 +114,11 @@ userauth_hostbased(struct ssh *ssh)
-                goto done;
-        }
- 
-+       if (!authctxt->valid || authctxt->user == NULL) {
-+               debug2("%s: disabled because of invalid user", __func__);
-+               goto done;
-+       }
-+
-        if ((b = sshbuf_new()) == NULL)
-                fatal("%s: sshbuf_new failed", __func__);
-        /* reconstruct packet */
-diff --git a/auth2-pubkey.c b/auth2-pubkey.c
-index 8024b1d6a..a9272b97f 100644
---- a/auth2-pubkey.c
-+++ b/auth2-pubkey.c
-@@ -89,19 +89,15 @@ userauth_pubkey(struct ssh *ssh)
- {
-        Authctxt *authctxt = ssh->authctxt;
-        struct passwd *pw = authctxt->pw;
--       struct sshbuf *b;
-+       struct sshbuf *b = NULL;
-        struct sshkey *key = NULL;
--       char *pkalg, *userstyle = NULL, *key_s = NULL, *ca_s = NULL;
--       u_char *pkblob, *sig, have_sig;
-+       char *pkalg = NULL, *userstyle = NULL, *key_s = NULL, *ca_s = NULL;
-+       u_char *pkblob = NULL, *sig = NULL, have_sig;
-        size_t blen, slen;
-        int r, pktype;
-        int authenticated = 0;
-        struct sshauthopt *authopts = NULL;
- 
--       if (!authctxt->valid) {
--               debug2("%s: disabled because of invalid user", __func__);
--               return 0;
--       }
-        if ((r = sshpkt_get_u8(ssh, &have_sig)) != 0 ||
-            (r = sshpkt_get_cstring(ssh, &pkalg, NULL)) != 0 ||
-            (r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0)
-@@ -168,6 +164,11 @@ userauth_pubkey(struct ssh *ssh)
-                                fatal("%s: sshbuf_put_string session id: %s",
-                                    __func__, ssh_err(r));
-                }
-+               if (!authctxt->valid || authctxt->user == NULL) {
-+                       debug2("%s: disabled because of invalid user",
-+                           __func__);
-+                       goto done;
-+               }
-                /* reconstruct packet */
-                xasprintf(&userstyle, "%s%s%s", authctxt->user,
-                    authctxt->style ? ":" : "",
-@@ -184,7 +185,6 @@ userauth_pubkey(struct ssh *ssh)
- #ifdef DEBUG_PK
-                sshbuf_dump(b, stderr);
- #endif
--
-                /* test for correct signature */
-                authenticated = 0;
-                if (PRIVSEP(user_key_allowed(ssh, pw, key, 1, &authopts)) &&
-@@ -193,7 +193,6 @@ userauth_pubkey(struct ssh *ssh)
-                        authenticated = 1;
-                }
-                sshbuf_free(b);
--               free(sig);
-                auth2_record_key(authctxt, authenticated, key);
-        } else {
-                debug("%s: test pkalg %s pkblob %s%s%s",
-@@ -204,6 +203,11 @@ userauth_pubkey(struct ssh *ssh)
-                if ((r = sshpkt_get_end(ssh)) != 0)
-                        fatal("%s: %s", __func__, ssh_err(r));
- 
-+               if (!authctxt->valid || authctxt->user == NULL) {
-+                       debug2("%s: disabled because of invalid user",
-+                           __func__);
-+                       goto done;
-+               }
-                /* XXX fake reply and always send PK_OK ? */
-                /*
-                 * XXX this allows testing whether a user is allowed
-@@ -237,6 +241,7 @@ done:
-        free(pkblob);
-        free(key_s);
-        free(ca_s);
-+       free(sig);
-        return authenticated;
- }
- 
diff --git a/debian/patches/upstream-relax-checking-of-authorized_keys-environme.patch b/debian/patches/upstream-relax-checking-of-authorized_keys-environme.patch
deleted file mode 100644
index 251b9a3ca..000000000
--- a/debian/patches/upstream-relax-checking-of-authorized_keys-environme.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 60256f28189c3d0650a78e737eb0ca4753478a4b Mon Sep 17 00:00:00 2001
-From: "djm@openbsd.org" <djm@openbsd.org>
-Date: Fri, 6 Apr 2018 04:15:45 +0000
-Subject: upstream: relax checking of authorized_keys environment="..."
-
-options to allow underscores in variable names (regression introduced in
-7.7). bz2851, ok deraadt@
-
-OpenBSD-Commit-ID: 69690ffe0c97ff393f2c76d25b4b3d2ed4e4ac9c
-
-Original-Author: Damien Miller <djm@mindrot.org>
-Origin: backport, http://anongit.mindrot.org/openssh.git/commit/?id=40f5f03544a07ebd2003b443d42e85cb51d94d59
-Bug-Ubuntu: https://bugs.launchpad.net/bugs/1771011
-Last-Update: 2018-06-28
-Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
-
-Patch-Name: upstream-relax-checking-of-authorized_keys-environme.patch
----
- auth-options.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/auth-options.c b/auth-options.c
-index b528c197a..ef57ebf43 100644
---- a/auth-options.c
-+++ b/auth-options.c
-@@ -1,4 +1,4 @@
--/* $OpenBSD: auth-options.c,v 1.78 2018/03/14 05:35:40 djm Exp $ */
-+/* $OpenBSD: auth-options.c,v 1.79 2018/04/06 04:15:45 djm Exp $ */
- /*
-  * Copyright (c) 2018 Damien Miller <djm@mindrot.org>
-  *
-@@ -394,7 +394,7 @@ sshauthopt_parse(const char *opts, const char **errstrp)
-                                goto fail;
-                        }
-                        for (cp = opt; cp < tmp; cp++) {
--                               if (!isalnum((u_char)*cp)) {
-+                               if (!isalnum((u_char)*cp) && *cp != '_') {
-                                        free(opt);
-                                        errstr = "invalid environment string";
-                                        goto fail;
diff --git a/debian/patches/user-group-modes.patch b/debian/patches/user-group-modes.patch
index 712620843..cc9cbacad 100644
--- a/debian/patches/user-group-modes.patch
+++ b/debian/patches/user-group-modes.patch
@@ -1,4 +1,4 @@
-From 9e45701c5d6105444cc2f4f5d6c44b0f69969479 Mon Sep 17 00:00:00 2001
+From 840f43066f9cdf5f6bb07992aca1c5f43be8eb80 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:09:58 +0000
 Subject: Allow harmless group-writability
@@ -27,7 +27,7 @@ Patch-Name: user-group-modes.patch
  7 files changed, 63 insertions(+), 13 deletions(-)
 
 diff --git a/auth-rhosts.c b/auth-rhosts.c
-index ecf956f06..4dccd5e6a 100644
+index 57296e1f6..546aa0495 100644
 --- a/auth-rhosts.c
 +++ b/auth-rhosts.c
 @@ -261,8 +261,7 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname,
@@ -51,10 +51,10 @@ index ecf956f06..4dccd5e6a 100644
                             pw->pw_name, buf);
                         auth_debug_add("Bad file modes for %.200s", buf);
 diff --git a/auth.c b/auth.c
-index 76d586e31..68b9fe795 100644
+index 80eb78c48..ad25631a5 100644
 --- a/auth.c
 +++ b/auth.c
-@@ -468,8 +468,7 @@ check_key_in_hostfiles(struct passwd *pw, struct sshkey *key, const char *host,
+@@ -469,8 +469,7 @@ check_key_in_hostfiles(struct passwd *pw, struct sshkey *key, const char *host,
                 user_hostfile = tilde_expand_filename(userfile, pw->pw_uid);
                 if (options.strict_modes &&
                     (stat(user_hostfile, &st) == 0) &&
@@ -65,7 +65,7 @@ index 76d586e31..68b9fe795 100644
                             "bad owner or modes for %.200s",
                             pw->pw_name, user_hostfile);
 diff --git a/misc.c b/misc.c
-index 874dcc8a2..75c4113f0 100644
+index ae4d29b84..2f3dbda0c 100644
 --- a/misc.c
 +++ b/misc.c
 @@ -57,8 +57,9 @@
@@ -79,8 +79,8 @@ index 874dcc8a2..75c4113f0 100644
  #ifdef SSH_TUN_OPENBSD
  #include <net/if.h>
  #endif
-@@ -1030,6 +1031,55 @@ read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz,
-        return -1;
+@@ -1024,6 +1025,55 @@ percent_expand(const char *string, ...)
+ #undef EXPAND_MAX_KEYS
  }
  
 +int
@@ -135,7 +135,7 @@ index 874dcc8a2..75c4113f0 100644
  int
  tun_open(int tun, int mode, char **ifname)
  {
-@@ -1797,8 +1847,7 @@ safe_path(const char *name, struct stat *stp, const char *pw_dir,
+@@ -1782,8 +1832,7 @@ safe_path(const char *name, struct stat *stp, const char *pw_dir,
                 snprintf(err, errlen, "%s is not a regular file", buf);
                 return -1;
         }
@@ -145,7 +145,7 @@ index 874dcc8a2..75c4113f0 100644
                 snprintf(err, errlen, "bad ownership or modes for file %s",
                     buf);
                 return -1;
-@@ -1813,8 +1862,7 @@ safe_path(const char *name, struct stat *stp, const char *pw_dir,
+@@ -1798,8 +1847,7 @@ safe_path(const char *name, struct stat *stp, const char *pw_dir,
                 strlcpy(buf, cp, sizeof(buf));
  
                 if (stat(buf, &st) < 0 ||
@@ -156,12 +156,12 @@ index 874dcc8a2..75c4113f0 100644
                             "bad ownership or modes for directory %s", buf);
                         return -1;
 diff --git a/misc.h b/misc.h
-index cdafea735..51943db90 100644
+index 6be289fd2..213c3abb7 100644
 --- a/misc.h
 +++ b/misc.h
-@@ -168,6 +168,8 @@ char        *read_passphrase(const char *, int);
+@@ -167,6 +167,8 @@ int  safe_path_fd(int, const char *, struct passwd *,
+ char   *read_passphrase(const char *, int);
  int     ask_permission(const char *, ...) __attribute__((format(printf, 1, 2)));
- int     read_keyfile_line(FILE *, const char *, char *, size_t, u_long *);
  
 +int     secure_permissions(struct stat *st, uid_t uid);
 +
@@ -169,10 +169,10 @@ index cdafea735..51943db90 100644
  #define MAXIMUM(a, b)  (((a) > (b)) ? (a) : (b))
  #define ROUNDUP(x, y)   ((((x)+((y)-1))/(y))*(y))
 diff --git a/readconf.c b/readconf.c
-index 7f2b5c172..50349e238 100644
+index 3fd0fe7b7..3ed6dfb54 100644
 --- a/readconf.c
 +++ b/readconf.c
-@@ -1741,8 +1741,7 @@ read_config_file_depth(const char *filename, struct passwd *pw,
+@@ -1795,8 +1795,7 @@ read_config_file_depth(const char *filename, struct passwd *pw,
  
                 if (fstat(fileno(f), &sb) == -1)
                         fatal("fstat %s: %s", filename, strerror(errno));
@@ -183,10 +183,10 @@ index 7f2b5c172..50349e238 100644
         }
  
 diff --git a/ssh.1 b/ssh.1
-index b4078525b..0ef7c1709 100644
+index b20908a5e..cb0fdd50e 100644
 --- a/ssh.1
 +++ b/ssh.1
-@@ -1471,6 +1471,8 @@ The file format and configuration options are described in
+@@ -1475,6 +1475,8 @@ The file format and configuration options are described in
  .Xr ssh_config 5 .
  Because of the potential for abuse, this file must have strict permissions:
  read/write for the user, and not writable by others.
@@ -196,10 +196,10 @@ index b4078525b..0ef7c1709 100644
  .It Pa ~/.ssh/environment
  Contains additional definitions for environment variables; see
 diff --git a/ssh_config.5 b/ssh_config.5
-index 32c3632c7..84dcd52cc 100644
+index 86ada128e..03341a229 100644
 --- a/ssh_config.5
 +++ b/ssh_config.5
-@@ -1818,6 +1818,8 @@ The format of this file is described above.
+@@ -1813,6 +1813,8 @@ The format of this file is described above.
  This file is used by the SSH client.
  Because of the potential for abuse, this file must have strict permissions:
  read/write for the user, and not accessible by others.