24 files changed, 191 insertions, 185 deletions

diff --git a/ChangeLog b/ChangeLog
index ed0502115..0e0dd8787 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,121 @@
+commit e91346dc2bbf460246df2ab591b7613908c1b0ad
+Author: Damien Miller <djm@mindrot.org>
+Date:   Fri Aug 21 14:49:03 2015 +1000
+
+    we don't use Github for issues/pull-requests
+
+commit a4f5b507c708cc3dc2c8dd2d02e4416d7514dc23
+Author: Damien Miller <djm@mindrot.org>
+Date:   Fri Aug 21 14:43:55 2015 +1000
+
+    fix URL for connect.c
+
+commit d026a8d3da0f8186598442997c7d0a28e7275414
+Author: Damien Miller <djm@mindrot.org>
+Date:   Fri Aug 21 13:47:10 2015 +1000
+
+    update version numbers for 7.1
+
+commit 78f8f589f0ca1c9f41e5a9bae3cda5ce8a6b42ed
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Aug 21 03:45:26 2015 +0000
+
+    upstream commit
+    
+    openssh-7.1
+    
+    Upstream-ID: ff7b1ef4b06caddfb45e08ba998128c88be3d73f
+
+commit 32a181980c62fce94f7f9ffaf6a79d90f0c309cf
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Aug 21 03:42:19 2015 +0000
+
+    upstream commit
+    
+    fix inverted logic that broke PermitRootLogin; reported
+     by Mantas Mikulenas; ok markus@
+    
+    Upstream-ID: 260dd6a904c1bb7e43267e394b1c9cf70bdd5ea5
+
+commit ce445b0ed927e45bd5bdce8f836eb353998dd65c
+Author: deraadt@openbsd.org <deraadt@openbsd.org>
+Date:   Thu Aug 20 22:32:42 2015 +0000
+
+    upstream commit
+    
+    Do not cast result of malloc/calloc/realloc* if stdlib.h
+     is in scope ok krw millert
+    
+    Upstream-ID: 5e50ded78cadf3841556649a16cc4b1cb6c58667
+
+commit 05291e5288704d1a98bacda269eb5a0153599146
+Author: naddy@openbsd.org <naddy@openbsd.org>
+Date:   Thu Aug 20 19:20:06 2015 +0000
+
+    upstream commit
+    
+    In the certificates section, be consistent about using
+     "host_key" and "user_key" for the respective key types.  ok sthen@ deraadt@
+    
+    Upstream-ID: 9e037ea3b15577b238604c5533e082a3947f13cb
+
+commit 8543d4ef6f2e9f98c3e6b77c894ceec30c5e4ae4
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Wed Aug 19 23:21:42 2015 +0000
+
+    upstream commit
+    
+    Better compat matching for WinSCP, add compat matching
+     for FuTTY (fork of PuTTY); ok markus@ deraadt@
+    
+    Upstream-ID: 24001d1ac115fa3260fbdc329a4b9aeb283c5389
+
+commit ec6eda16ebab771aa3dfc90629b41953b999cb1e
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Wed Aug 19 23:19:01 2015 +0000
+
+    upstream commit
+    
+    fix double-free() in error path of DSA key generation
+     reported by Mateusz Kocielski; ok markus@
+    
+    Upstream-ID: 4735d8f888b10599a935fa1b374787089116713c
+
+commit 45b0eb752c94954a6de046bfaaf129e518ad4b5b
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Wed Aug 19 23:18:26 2015 +0000
+
+    upstream commit
+    
+    fix free() of uninitialised pointer reported by Mateusz
+     Kocielski; ok markus@
+    
+    Upstream-ID: 519552b050618501a06b7b023de5cb104e2c5663
+
+commit c837643b93509a3ef538cb6624b678c5fe32ff79
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Wed Aug 19 23:17:51 2015 +0000
+
+    upstream commit
+    
+    fixed unlink([uninitialised memory]) reported by Mateusz
+     Kocielski; ok markus@
+    
+    Upstream-ID: 14a0c4e7d891f5a8dabc4b89d4f6b7c0d5a20109
+
+commit 1f8d3d629cd553031021068eb9c646a5f1e50994
+Author: jmc@openbsd.org <jmc@openbsd.org>
+Date:   Fri Aug 14 15:32:41 2015 +0000
+
+    upstream commit
+    
+    match myproposal.h order; from brian conway (i snuck in a
+     tweak while here)
+    
+    ok dtucker
+    
+    Upstream-ID: 35174a19b5237ea36aa3798f042bf5933b772c67
+
 commit 1dc8d93ce69d6565747eb44446ed117187621b26
 Author: deraadt@openbsd.org <deraadt@openbsd.org>
 Date:   Thu Aug 6 14:53:21 2015 +0000
@@ -9013,134 +9131,3 @@ Date:   Wed Aug 28 12:49:43 2013 +1000
      - (djm) [openbsd-compat/bsd-snprintf.c] teach our local snprintf code the
        'j' (intmax_t/uintmax_t) and 'z' (size_t/ssize_t) conversions in case we
        start to use them in the future.
-
-commit f2f6c315a920a256937e1b6a3702757f3195a592
-Author: Damien Miller <djm@mindrot.org>
-Date:   Wed Aug 21 02:44:58 2013 +1000
-
-       - jmc@cvs.openbsd.org 2013/08/20 06:56:07
-         [ssh.1 ssh_config.5]
-         some proxyusefdpass tweaks;
-
-commit 1262b6638f7d01ab110fd373dd90d915c882fe1a
-Author: Damien Miller <djm@mindrot.org>
-Date:   Wed Aug 21 02:44:24 2013 +1000
-
-       - djm@cvs.openbsd.org 2013/08/20 00:11:38
-         [readconf.c readconf.h ssh_config.5 sshconnect.c]
-         Add a ssh_config ProxyUseFDPass option that supports the use of
-         ProxyCommands that establish a connection and then pass a connected
-         file descriptor back to ssh(1). This allows the ProxyCommand to exit
-         rather than have to shuffle data back and forth and enables ssh to use
-         getpeername, etc. to obtain address information just like it does with
-         regular directly-connected sockets. ok markus@
-
-commit b7727df37efde4dbe4f5a33b19cbf42022aabf66
-Author: Damien Miller <djm@mindrot.org>
-Date:   Wed Aug 21 02:43:49 2013 +1000
-
-       - jmc@cvs.openbsd.org 2013/08/14 08:39:27
-         [scp.1 ssh.1]
-         some Bx/Ox conversion;
-         From: Jan Stary
-
-commit d5d9d7b1fdacf0551de4c747728bd159be40590a
-Author: Damien Miller <djm@mindrot.org>
-Date:   Wed Aug 21 02:43:27 2013 +1000
-
-       - djm@cvs.openbsd.org 2013/08/13 18:33:08
-         [ssh-keygen.c]
-         another of the same typo
-
-commit d234afb0b3a8de1be78cbeafed5fc86912594c3c
-Author: Damien Miller <djm@mindrot.org>
-Date:   Wed Aug 21 02:42:58 2013 +1000
-
-       - djm@cvs.openbsd.org 2013/08/13 18:32:08
-         [ssh-keygen.c]
-         typo in error message; from Stephan Rickauer
-
-commit e0ee727b8281a7c2ae20630ce83f6b200b404059
-Author: Damien Miller <djm@mindrot.org>
-Date:   Wed Aug 21 02:42:35 2013 +1000
-
-       - djm@cvs.openbsd.org 2013/08/09 03:56:42
-         [sftp.c]
-         enable ctrl-left-arrow and ctrl-right-arrow to move forward/back a word;
-         matching ksh's relatively recent change.
-
-commit fec029f1dc2c338f3fae3fa82aabc988dc07868c
-Author: Damien Miller <djm@mindrot.org>
-Date:   Wed Aug 21 02:42:12 2013 +1000
-
-       - djm@cvs.openbsd.org 2013/08/09 03:39:13
-         [sftp-client.c]
-         two problems found by a to-be-committed regress test: 1) msg_id was not
-         being initialised so was starting at a random value from the heap
-         (harmless, but confusing). 2) some error conditions were not being
-         propagated back to the caller
-
-commit 036d30743fc914089f9849ca52d615891d47e616
-Author: Damien Miller <djm@mindrot.org>
-Date:   Wed Aug 21 02:41:46 2013 +1000
-
-       - djm@cvs.openbsd.org 2013/08/09 03:37:25
-         [sftp.c]
-         do getopt parsing for all sftp commands (with an empty optstring for
-         commands without arguments) to ensure consistent behaviour
-
-commit c7dba12bf95eb1d69711881a153cc286c1987663
-Author: Damien Miller <djm@mindrot.org>
-Date:   Wed Aug 21 02:41:15 2013 +1000
-
-       - djm@cvs.openbsd.org 2013/08/08 05:04:03
-         [sftp-client.c sftp-client.h sftp.c]
-         add a "-l" flag for the rename command to force it to use the silly
-         standard SSH_FXP_RENAME command instead of the POSIX-rename- like
-         posix-rename@openssh.com extension.
-    
-         intended for use in regress tests, so no documentation.
-
-commit 034f27a0c09e69fe3589045b41f03f6e345b63f5
-Author: Damien Miller <djm@mindrot.org>
-Date:   Wed Aug 21 02:40:44 2013 +1000
-
-       - djm@cvs.openbsd.org 2013/08/08 04:52:04
-         [sftp.c]
-         fix two year old regression: symlinking a file would incorrectly
-         canonicalise the target path. bz#2129 report from delphij AT freebsd.org
-
-commit c6895c5c67492144dd28589e5788f783be9152ed
-Author: Damien Miller <djm@mindrot.org>
-Date:   Wed Aug 21 02:40:21 2013 +1000
-
-       - jmc@cvs.openbsd.org 2013/08/07 06:24:51
-         [sftp.1 sftp.c]
-         sort -a;
-
-commit a6d6c1f38ac9b4a5e1bd4df889e1020a8370ed55
-Author: Damien Miller <djm@mindrot.org>
-Date:   Wed Aug 21 02:40:01 2013 +1000
-
-       - djm@cvs.openbsd.org 2013/08/06 23:06:01
-         [servconf.c]
-         add cast to avoid format warning; from portable
-
-commit eec840673bce3f69ad269672fba7ed8ff05f154f
-Author: Damien Miller <djm@mindrot.org>
-Date:   Wed Aug 21 02:39:39 2013 +1000
-
-       - djm@cvs.openbsd.org 2013/08/06 23:05:01
-         [sftp.1]
-         document top-level -a option (the -a option to 'get' was already
-         documented)
-
-commit 02e878070d0eddad4e11f2c82644b275418eb112
-Author: Damien Miller <djm@mindrot.org>
-Date:   Wed Aug 21 02:38:51 2013 +1000
-
-       - djm@cvs.openbsd.org 2013/08/06 23:03:49
-         [sftp.c]
-         fix some whitespace at EOL
-         make list of commands an enum rather than a long list of defines
-         add -a to usage()
diff --git a/README b/README
index c566f7b1b..9bbd3bac2 100644
--- a/README
+++ b/README
@@ -1,4 +1,8 @@
-See http://www.openssh.com/txt/release-7.0 for the release notes.
+See http://www.openssh.com/txt/release-7.1 for the release notes.
+
+Please read http://www.openssh.com/report.html for bug reporting
+instructions and note that we do not use Github for bug reporting or
+patch/pull-request management.
 
 - A Japanese translation of this document and of the OpenSSH FAQ is
 - available at http://www.unixuser.org/~haruyama/security/openssh/index.html
diff --git a/auth.c b/auth.c
index fc32f6c4b..214c2c708 100644
--- a/auth.c
+++ b/auth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.c,v 1.112 2015/08/06 14:53:21 deraadt Exp $ */
+/* $OpenBSD: auth.c,v 1.113 2015/08/21 03:42:19 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -354,7 +354,7 @@ auth_root_allowed(const char *method)
         case PERMIT_NO_PASSWD:
                 if (strcmp(method, "publickey") == 0 ||
                     strcmp(method, "hostbased") == 0 ||
-                    strcmp(method, "gssapi-with-mic"))
+                    strcmp(method, "gssapi-with-mic") == 0)
                         return 1;
                 break;
         case PERMIT_FORCED_ONLY:
diff --git a/compat.c b/compat.c
index eef5fbba5..55838044c 100644
--- a/compat.c
+++ b/compat.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: compat.c,v 1.96 2015/07/28 23:20:42 djm Exp $ */
+/* $OpenBSD: compat.c,v 1.97 2015/08/19 23:21:42 djm Exp $ */
 /*
  * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl.  All rights reserved.
  *
@@ -176,6 +176,7 @@ compat_datafellows(const char *version)
                   "PuTTY_Release_0.63*,"
                   "PuTTY_Release_0.64*",
                                         SSH_OLD_DHGEX },
+                { "FuTTY*",             SSH_OLD_DHGEX }, /* Putty Fork */
                 { "Probe-*",
                                         SSH_BUG_PROBE },
                 { "TeraTerm SSH*,"
@@ -189,7 +190,17 @@ compat_datafellows(const char *version)
                   "TTSSH/2.70*,"
                   "TTSSH/2.71*,"
                   "TTSSH/2.72*",        SSH_BUG_HOSTKEYS },
-                { "WinSCP*",            SSH_OLD_DHGEX },
+                { "WinSCP_release_4*,"
+                  "WinSCP_release_5.0*,"
+                  "WinSCP_release_5.1*,"
+                  "WinSCP_release_5.5*,"
+                  "WinSCP_release_5.6*,"
+                  "WinSCP_release_5.7,"
+                  "WinSCP_release_5.7.1,"
+                  "WinSCP_release_5.7.2,"
+                  "WinSCP_release_5.7.3,"
+                  "WinSCP_release_5.7.4",
+                                        SSH_OLD_DHGEX },
                 { NULL,                 0 }
         };
 
diff --git a/contrib/README b/contrib/README
index c00223865..60e19ba9f 100644
--- a/contrib/README
+++ b/contrib/README
@@ -11,7 +11,7 @@ which allows the use of outbound SSH from behind a SOCKS4, SOCKS5 or
 https CONNECT style proxy server. His page for connect.c has extensive
 documentation on its use as well as compiled versions for Win32.
 
-http://www.taiyo.co.jp/~gotoh/ssh/connect.html
+https://bitbucket.org/gotoh/connect/wiki/Home
 
 
 X11 SSH Askpass:
diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec
index 5de787555..5b27106fb 100644
--- a/contrib/redhat/openssh.spec
+++ b/contrib/redhat/openssh.spec
@@ -1,4 +1,4 @@
-%define ver 7.0p1
+%define ver 7.1p1
 %define rel 1
 
 # OpenSSH privilege separation requires a user & group ID
diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec
index dd9692da1..596895882 100644
--- a/contrib/suse/openssh.spec
+++ b/contrib/suse/openssh.spec
@@ -13,7 +13,7 @@
 
 Summary:        OpenSSH, a free Secure Shell (SSH) protocol implementation
 Name:           openssh
-Version:        7.0p1
+Version:        7.1p1
 URL:            http://www.openssh.com/
 Release:        1
 Source0:        openssh-%{version}.tar.gz
diff --git a/dns.c b/dns.c
index f201b602e..e813afeae 100644
--- a/dns.c
+++ b/dns.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dns.c,v 1.34 2015/01/28 22:36:00 djm Exp $ */
+/* $OpenBSD: dns.c,v 1.35 2015/08/20 22:32:42 deraadt Exp $ */
 
 /*
  * Copyright (c) 2003 Wesley Griffin. All rights reserved.
@@ -154,7 +154,7 @@ dns_read_rdata(u_int8_t *algorithm, u_int8_t *digest_type,
                 *digest_len = rdata_len - 2;
 
                 if (*digest_len > 0) {
-                        *digest = (u_char *) xmalloc(*digest_len);
+                        *digest = xmalloc(*digest_len);
                         memcpy(*digest, rdata + 2, *digest_len);
                 } else {
                         *digest = (u_char *)xstrdup("");
diff --git a/mux.c b/mux.c
index cdc01bd4f..e6136fd28 100644
--- a/mux.c
+++ b/mux.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: mux.c,v 1.53 2015/05/01 04:03:20 djm Exp $ */
+/* $OpenBSD: mux.c,v 1.54 2015/08/19 23:18:26 djm Exp $ */
 /*
  * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org>
  *
@@ -665,6 +665,8 @@ process_mux_open_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r)
         u_int lport, cport;
         int i, ret = 0, freefwd = 1;
 
+        memset(&fwd, 0, sizeof(fwd));
+
         /* XXX - lport/cport check redundant */
         if (buffer_get_int_ret(&ftype, m) != 0 ||
             (listen_addr = buffer_get_string_ret(m, NULL)) == NULL ||
@@ -832,6 +834,8 @@ process_mux_close_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r)
         int i, ret = 0;
         u_int lport, cport;
 
+        memset(&fwd, 0, sizeof(fwd));
+
         if (buffer_get_int_ret(&ftype, m) != 0 ||
             (listen_addr = buffer_get_string_ret(m, NULL)) == NULL ||
             buffer_get_int_ret(&lport, m) != 0 ||
diff --git a/packet.c b/packet.c
index 6008c2d94..01d3e2970 100644
--- a/packet.c
+++ b/packet.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: packet.c,v 1.213 2015/07/29 04:43:06 djm Exp $ */
+/* $OpenBSD: packet.c,v 1.214 2015/08/20 22:32:42 deraadt Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1272,7 +1272,7 @@ ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
 
         DBG(debug("packet_read()"));
 
-        setp = (fd_set *)calloc(howmany(state->connection_in + 1,
+        setp = calloc(howmany(state->connection_in + 1,
             NFDBITS), sizeof(fd_mask));
         if (setp == NULL)
                 return SSH_ERR_ALLOC_FAIL;
@@ -2036,7 +2036,7 @@ ssh_packet_write_wait(struct ssh *ssh)
         struct timeval start, timeout, *timeoutp = NULL;
         struct session_state *state = ssh->state;
 
-        setp = (fd_set *)calloc(howmany(state->connection_out + 1,
+        setp = calloc(howmany(state->connection_out + 1,
             NFDBITS), sizeof(fd_mask));
         if (setp == NULL)
                 return SSH_ERR_ALLOC_FAIL;
diff --git a/sftp-server.c b/sftp-server.c
index d1831bf8d..eac11d7e6 100644
--- a/sftp-server.c
+++ b/sftp-server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp-server.c,v 1.106 2015/04/24 01:36:01 deraadt Exp $ */
+/* $OpenBSD: sftp-server.c,v 1.107 2015/08/20 22:32:42 deraadt Exp $ */
 /*
  * Copyright (c) 2000-2004 Markus Friedl.  All rights reserved.
  *
@@ -1632,8 +1632,8 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw)
                 fatal("%s: sshbuf_new failed", __func__);
 
         set_size = howmany(max + 1, NFDBITS) * sizeof(fd_mask);
-        rset = (fd_set *)xmalloc(set_size);
-        wset = (fd_set *)xmalloc(set_size);
+        rset = xmalloc(set_size);
+        wset = xmalloc(set_size);
 
         if (homedir != NULL) {
                 if (chdir(homedir) != 0) {
diff --git a/sftp.c b/sftp.c
index cb9b967ed..788601a8d 100644
--- a/sftp.c
+++ b/sftp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp.c,v 1.170 2015/01/20 23:14:00 deraadt Exp $ */
+/* $OpenBSD: sftp.c,v 1.171 2015/08/20 22:32:42 deraadt Exp $ */
 /*
  * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
  *
@@ -1958,7 +1958,7 @@ complete(EditLine *el, int ch)
 
         /* Figure out which argument the cursor points to */
         cursor = lf->cursor - lf->buffer;
-        line = (char *)xmalloc(cursor + 1);
+        line = xmalloc(cursor + 1);
         memcpy(line, lf->buffer, cursor);
         line[cursor] = '\0';
         argv = makeargv(line, &carg, 1, &quote, &terminated);
@@ -1966,7 +1966,7 @@ complete(EditLine *el, int ch)
 
         /* Get all the arguments on the line */
         len = lf->lastchar - lf->buffer;
-        line = (char *)xmalloc(len + 1);
+        line = xmalloc(len + 1);
         memcpy(line, lf->buffer, len);
         line[len] = '\0';
         argv = makeargv(line, &argc, 1, NULL, NULL);
diff --git a/ssh-keygen.0 b/ssh-keygen.0
index a471a4055..07a45b36b 100644
--- a/ssh-keygen.0
+++ b/ssh-keygen.0
@@ -426,7 +426,7 @@ CERTIFICATES
      providing the token library using -D and identifying the CA key by
      providing its public half as an argument to -s:
 
-           $ ssh-keygen -s ca_key.pub -D libpkcs11.so -I key_id host_key.pub
+           $ ssh-keygen -s ca_key.pub -D libpkcs11.so -I key_id user_key.pub
 
      In all cases, key_id is a "key identifier" that is logged by the server
      when the certificate is used for authentication.
@@ -437,7 +437,7 @@ CERTIFICATES
      principals:
 
            $ ssh-keygen -s ca_key -I key_id -n user1,user2 user_key.pub
-           $ ssh-keygen -s ca_key -I key_id -h -n host.domain user_key.pub
+           $ ssh-keygen -s ca_key -I key_id -h -n host.domain host_key.pub
 
      Additional limitations on the validity and use of user certificates may
      be specified through certificate options.  A certificate option may
@@ -563,4 +563,4 @@ AUTHORS
      created OpenSSH.  Markus Friedl contributed the support for SSH protocol
      versions 1.5 and 2.0.
 
-OpenBSD 5.8                      July 3, 2015                      OpenBSD 5.8
+OpenBSD 5.8                     August 20, 2015                    OpenBSD 5.8
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index 8c3317be7..ed17a08fa 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: ssh-keygen.1,v 1.126 2015/07/03 03:49:45 djm Exp $
+.\"     $OpenBSD: ssh-keygen.1,v 1.127 2015/08/20 19:20:06 naddy Exp $
 .\"
 .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
 .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: July 3 2015 $
+.Dd $Mdocdate: August 20 2015 $
 .Dt SSH-KEYGEN 1
 .Os
 .Sh NAME
@@ -680,7 +680,7 @@ and identifying the CA key by providing its public half as an argument
 to
 .Fl s :
 .Pp
-.Dl $ ssh-keygen -s ca_key.pub -D libpkcs11.so -I key_id host_key.pub
+.Dl $ ssh-keygen -s ca_key.pub -D libpkcs11.so -I key_id user_key.pub
 .Pp
 In all cases,
 .Ar key_id
@@ -693,7 +693,7 @@ By default, generated certificates are valid for all users or hosts.
 To generate a certificate for a specified set of principals:
 .Pp
 .Dl $ ssh-keygen -s ca_key -I key_id -n user1,user2 user_key.pub
-.Dl "$ ssh-keygen -s ca_key -I key_id -h -n host.domain user_key.pub"
+.Dl "$ ssh-keygen -s ca_key -I key_id -h -n host.domain host_key.pub"
 .Pp
 Additional limitations on the validity and use of user certificates may
 be specified through certificate options.
diff --git a/ssh-keygen.c b/ssh-keygen.c
index ea5f1e49e..4e0a85554 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.276 2015/07/03 03:49:45 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.277 2015/08/19 23:17:51 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1201,7 +1201,8 @@ do_known_hosts(struct passwd *pw, const char *name)
                 exit(1);
         } else if (delete_host && !ctx.found_key) {
                 logit("Host %s not found in %s", name, identity_file);
-                unlink(tmp);
+                if (inplace)
+                        unlink(tmp);
         } else if (inplace) {
                 /* Backup existing file */
                 if (unlink(old) == -1 && errno != ENOENT)
diff --git a/ssh-pkcs11-helper.c b/ssh-pkcs11-helper.c
index ceabc8ba7..f2d586395 100644
--- a/ssh-pkcs11-helper.c
+++ b/ssh-pkcs11-helper.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-pkcs11-helper.c,v 1.10 2015/01/20 23:14:00 deraadt Exp $ */
+/* $OpenBSD: ssh-pkcs11-helper.c,v 1.11 2015/08/20 22:32:42 deraadt Exp $ */
 /*
  * Copyright (c) 2010 Markus Friedl.  All rights reserved.
  *
@@ -301,8 +301,8 @@ main(int argc, char **argv)
         buffer_init(&oqueue);
 
         set_size = howmany(max + 1, NFDBITS) * sizeof(fd_mask);
-        rset = (fd_set *)xmalloc(set_size);
-        wset = (fd_set *)xmalloc(set_size);
+        rset = xmalloc(set_size);
+        wset = xmalloc(set_size);
 
         for (;;) {
                 memset(rset, 0, set_size);
diff --git a/ssh_config.0 b/ssh_config.0
index 654807779..67133cd4d 100644
--- a/ssh_config.0
+++ b/ssh_config.0
@@ -205,9 +205,9 @@ DESCRIPTION
 
              The default is:
 
+                   chacha20-poly1305@openssh.com,
                    aes128-ctr,aes192-ctr,aes256-ctr,
                    aes128-gcm@openssh.com,aes256-gcm@openssh.com,
-                   chacha20-poly1305@openssh.com,
                    arcfour256,arcfour128,
                    aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,
                    aes192-cbc,aes256-cbc,arcfour
@@ -1023,4 +1023,4 @@ AUTHORS
      created OpenSSH.  Markus Friedl contributed the support for SSH protocol
      versions 1.5 and 2.0.
 
-OpenBSD 5.8                      July 30, 2015                     OpenBSD 5.8
+OpenBSD 5.8                     August 14, 2015                    OpenBSD 5.8
diff --git a/ssh_config.5 b/ssh_config.5
index 5b0975f87..a47f3ca9e 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.214 2015/07/30 00:01:34 djm Exp $
-.Dd $Mdocdate: July 30 2015 $
+.\" $OpenBSD: ssh_config.5,v 1.215 2015/08/14 15:32:41 jmc Exp $
+.Dd $Mdocdate: August 14 2015 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -415,9 +415,9 @@ chacha20-poly1305@openssh.com
 .Pp
 The default is:
 .Bd -literal -offset indent
+chacha20-poly1305@openssh.com,
 aes128-ctr,aes192-ctr,aes256-ctr,
 aes128-gcm@openssh.com,aes256-gcm@openssh.com,
-chacha20-poly1305@openssh.com,
 arcfour256,arcfour128,
 aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,
 aes192-cbc,aes256-cbc,arcfour
diff --git a/sshconnect.c b/sshconnect.c
index f41960c5d..17fbe39b0 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.262 2015/05/28 05:41:29 dtucker Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.263 2015/08/20 22:32:42 deraadt Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -356,7 +356,7 @@ timeout_connect(int sockfd, const struct sockaddr *serv_addr,
                 goto done;
         }
 
-        fdset = (fd_set *)xcalloc(howmany(sockfd + 1, NFDBITS),
+        fdset = xcalloc(howmany(sockfd + 1, NFDBITS),
             sizeof(fd_mask));
         FD_SET(sockfd, fdset);
         ms_to_timeval(&tv, *timeoutp);
diff --git a/sshd.c b/sshd.c
index c7dd8cb7a..65ef7e850 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.457 2015/07/30 00:01:34 djm Exp $ */
+/* $OpenBSD: sshd.c,v 1.458 2015/08/20 22:32:42 deraadt Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1253,7 +1253,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
                         sighup_restart();
                 if (fdset != NULL)
                         free(fdset);
-                fdset = (fd_set *)xcalloc(howmany(maxfd + 1, NFDBITS),
+                fdset = xcalloc(howmany(maxfd + 1, NFDBITS),
                     sizeof(fd_mask));
 
                 for (i = 0; i < num_listen_socks; i++)
diff --git a/sshd_config.0 b/sshd_config.0
index 1cc7459f8..aae7fb6af 100644
--- a/sshd_config.0
+++ b/sshd_config.0
@@ -286,9 +286,9 @@ DESCRIPTION
 
              The default is:
 
+                   chacha20-poly1305@openssh.com,
                    aes128-ctr,aes192-ctr,aes256-ctr,
-                   aes128-gcm@openssh.com,aes256-gcm@openssh.com,
-                   chacha20-poly1305@openssh.com
+                   aes128-gcm@openssh.com,aes256-gcm@openssh.com
 
              The list of available ciphers may also be obtained using the -Q
              option of ssh(1) with an argument of M-bM-^@M-^\cipherM-bM-^@M-^].
@@ -927,7 +927,7 @@ DESCRIPTION
 
              If this option is set to M-bM-^@M-^\noM-bM-^@M-^] (the default) then only addresses
              and not host names may be used in ~/.ssh/known_hosts from and
-             sshd_config(5) Match Host directives.
+             sshd_config Match Host directives.
 
      UseLogin
              Specifies whether login(1) is used for interactive login
@@ -1049,4 +1049,4 @@ AUTHORS
      versions 1.5 and 2.0.  Niels Provos and Markus Friedl contributed support
      for privilege separation.
 
-OpenBSD 5.8                     August 6, 2015                     OpenBSD 5.8
+OpenBSD 5.8                     August 14, 2015                    OpenBSD 5.8
diff --git a/sshd_config.5 b/sshd_config.5
index 58e277f95..b18d340af 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.210 2015/08/06 14:53:21 deraadt Exp $
-.Dd $Mdocdate: August 6 2015 $
+.\" $OpenBSD: sshd_config.5,v 1.211 2015/08/14 15:32:41 jmc Exp $
+.Dd $Mdocdate: August 14 2015 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -476,9 +476,9 @@ chacha20-poly1305@openssh.com
 .Pp
 The default is:
 .Bd -literal -offset indent
+chacha20-poly1305@openssh.com,
 aes128-ctr,aes192-ctr,aes256-ctr,
-aes128-gcm@openssh.com,aes256-gcm@openssh.com,
-chacha20-poly1305@openssh.com
+aes128-gcm@openssh.com,aes256-gcm@openssh.com
 .Ed
 .Pp
 The list of available ciphers may also be obtained using the
@@ -1528,7 +1528,7 @@ If this option is set to
 .Pa ~/.ssh/known_hosts
 .Cm from
 and
-.Xr sshd_config 5
+.Nm
 .Cm Match
 .Cm Host
 directives.
diff --git a/sshkey.c b/sshkey.c
index dbb16e2fd..32dd8f225 100644
--- a/sshkey.c
+++ b/sshkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshkey.c,v 1.20 2015/07/03 03:43:18 djm Exp $ */
+/* $OpenBSD: sshkey.c,v 1.21 2015/08/19 23:19:01 djm Exp $ */
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Alexander von Gernler.  All rights reserved.
@@ -1556,7 +1556,6 @@ dsa_generate_private_key(u_int bits, DSA **dsap)
         *dsap = NULL;
         if (!DSA_generate_parameters_ex(private, bits, NULL, 0, NULL,
             NULL, NULL) || !DSA_generate_key(private)) {
-                DSA_free(private);
                 ret = SSH_ERR_LIBCRYPTO_ERROR;
                 goto out;
         }
diff --git a/version.h b/version.h
index 7a5dbc8a2..d917ca1f6 100644
--- a/version.h
+++ b/version.h
@@ -1,6 +1,6 @@
-/* $OpenBSD: version.h,v 1.74 2015/08/02 09:56:42 djm Exp $ */
+/* $OpenBSD: version.h,v 1.75 2015/08/21 03:45:26 djm Exp $ */
 
-#define SSH_VERSION     "OpenSSH_7.0"
+#define SSH_VERSION     "OpenSSH_7.1"
 
 #define SSH_PORTABLE    "p1"
 #define SSH_RELEASE     SSH_VERSION SSH_PORTABLE