29 files changed, 101 insertions, 49 deletions

diff --git a/ChangeLog b/ChangeLog
index 0356a33c5..993e0cb0b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,31 @@
+20110204
+ - OpenBSD CVS Sync
+   - djm@cvs.openbsd.org 2011/01/31 21:42:15
+     [PROTOCOL.mux]
+     cut'n'pasto; from bert.wesarg AT googlemail.com
+   - djm@cvs.openbsd.org 2011/02/04 00:44:21
+     [key.c]
+     fix uninitialised nonce variable; reported by Mateusz Kocielski
+   - djm@cvs.openbsd.org 2011/02/04 00:44:43
+     [version.h]
+     openssh-5.8
+ - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
+   [contrib/suse/openssh.spec] update versions in docs and spec files.
+ - Release OpenSSH 5.8p1
+
+20110128
+ - (djm) [openbsd-compat/port-linux.c] Check whether SELinux is enabled
+   before attempting setfscreatecon(). Check whether matchpathcon()
+   succeeded before using its result. Patch from cjwatson AT debian.org;
+   bz#1851
+
+20110125
+ - (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.c
+   openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to
+   port-linux.c to avoid compilation errors. Add -lselinux to ssh when
+   building with SELinux support to avoid linking failure; report from
+   amk AT spamfence.net; ok dtucker
+
 20110122
  - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add
    RSA_get_default_method() for the benefit of openssl versions that don't
diff --git a/Makefile.in b/Makefile.in
index 77a78aa61..870a7f18d 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.320 2011/01/17 10:15:29 dtucker Exp $
+# $Id: Makefile.in,v 1.320.4.1 2011/02/04 00:42:13 djm Exp $
 
 # uncomment if you run a non bourne compatable shell. Ie. csh
 #SHELL = @SH@
@@ -46,6 +46,7 @@ LD=@LD@
 CFLAGS=@CFLAGS@
 CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
 LIBS=@LIBS@
+SSHLIBS=@SSHLIBS@
 SSHDLIBS=@SSHDLIBS@
 LIBEDIT=@LIBEDIT@
 AR=@AR@
@@ -142,7 +143,7 @@ libssh.a: $(LIBSSH_OBJS)
         $(RANLIB) $@
 
 ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
-        $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+        $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHLIBS) $(LIBS)
 
 sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)
         $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS)
diff --git a/PROTOCOL.mux b/PROTOCOL.mux
index 3d6f81878..2a5817bd7 100644
--- a/PROTOCOL.mux
+++ b/PROTOCOL.mux
@@ -122,7 +122,7 @@ For dynamically allocated listen port the server replies with
 
 Note: currently unimplemented (server will always reply with MUX_S_FAILURE).
 
-A client may request the master to establish a port forward:
+A client may request the master to close a port forward:
 
         uint32  MUX_C_CLOSE_FWD
         uint32  request id
@@ -200,4 +200,4 @@ XXX server->client error/warning notifications
 XXX port0 rfwd (need custom response message)
 XXX send signals via mux
 
-$OpenBSD: PROTOCOL.mux,v 1.3 2011/01/13 21:55:25 djm Exp $
+$OpenBSD: PROTOCOL.mux,v 1.4 2011/01/31 21:42:15 djm Exp $
diff --git a/README b/README
index 4e7e9a9f2..4f695066b 100644
--- a/README
+++ b/README
@@ -1,4 +1,4 @@
-See http://www.openssh.com/txt/release-5.7 for the release notes.
+See http://www.openssh.com/txt/release-5.8 for the release notes.
 
 - A Japanese translation of this document and of the OpenSSH FAQ is
 - available at http://www.unixuser.org/~haruyama/security/openssh/index.html
@@ -62,4 +62,4 @@ References -
 [6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9
 [7] http://www.openssh.com/faq.html
 
-$Id: README,v 1.75 2011/01/22 09:23:12 djm Exp $
+$Id: README,v 1.75.4.1 2011/02/04 00:57:50 djm Exp $
diff --git a/configure b/configure
index 6e05311aa..73040c5d3 100755
--- a/configure
+++ b/configure
@@ -1,5 +1,5 @@
 #! /bin/sh
-# From configure.ac Revision: 1.469 .
+# From configure.ac Revision: 1.469.4.1 .
 # Guess values for system-dependent variables and create Makefiles.
 # Generated by GNU Autoconf 2.61 for OpenSSH Portable.
 #
@@ -696,7 +696,6 @@ STARTUP_SCRIPT_SHELL
 LOGIN_PROGRAM_FALLBACK
 PATH_PASSWD_PROG
 LD
-SSHDLIBS
 PKGCONFIG
 LIBEDIT
 TEST_SSH_SHA256
@@ -721,6 +720,8 @@ PROG_UPTIME
 PROG_IPCS
 PROG_TAIL
 INSTALL_SSH_PRNG_CMDS
+SSHLIBS
+SSHDLIBS
 KRB5CONF
 PRIVSEP_PATH
 xauth_path
@@ -9047,7 +9048,6 @@ cat >>confdefs.h <<\_ACEOF
 _ACEOF
 
                           SSHDLIBS="$SSHDLIBS -lcontract"
-
                           SPC_MSG="yes"
 fi
 
@@ -9126,7 +9126,6 @@ cat >>confdefs.h <<\_ACEOF
 _ACEOF
 
                         SSHDLIBS="$SSHDLIBS -lproject"
-
                         SP_MSG="yes"
 fi
 
@@ -27806,6 +27805,7 @@ echo "$as_me: error: SELinux support requires libselinux library" >&2;}
    { (exit 1); exit 1; }; }
 fi
 
+                SSHLIBS="$SSHLIBS $LIBSELINUX"
                 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
 
 
@@ -27908,6 +27908,8 @@ done
 fi
 
 
+
+
 # Check whether user wants Kerberos 5 support
 KRB5_MSG="no"
 
@@ -31416,7 +31418,6 @@ STARTUP_SCRIPT_SHELL!$STARTUP_SCRIPT_SHELL$ac_delim
 LOGIN_PROGRAM_FALLBACK!$LOGIN_PROGRAM_FALLBACK$ac_delim
 PATH_PASSWD_PROG!$PATH_PASSWD_PROG$ac_delim
 LD!$LD$ac_delim
-SSHDLIBS!$SSHDLIBS$ac_delim
 PKGCONFIG!$PKGCONFIG$ac_delim
 LIBEDIT!$LIBEDIT$ac_delim
 TEST_SSH_SHA256!$TEST_SSH_SHA256$ac_delim
@@ -31433,6 +31434,7 @@ PROG_PS!$PROG_PS$ac_delim
 PROG_SAR!$PROG_SAR$ac_delim
 PROG_W!$PROG_W$ac_delim
 PROG_WHO!$PROG_WHO$ac_delim
+PROG_LAST!$PROG_LAST$ac_delim
 _ACEOF
 
   if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 97; then
@@ -31474,7 +31476,6 @@ _ACEOF
 ac_delim='%!_!# '
 for ac_last_try in false false false false false :; do
   cat >conf$$subs.sed <<_ACEOF
-PROG_LAST!$PROG_LAST$ac_delim
 PROG_LASTLOG!$PROG_LASTLOG$ac_delim
 PROG_DF!$PROG_DF$ac_delim
 PROG_VMSTAT!$PROG_VMSTAT$ac_delim
@@ -31482,6 +31483,8 @@ PROG_UPTIME!$PROG_UPTIME$ac_delim
 PROG_IPCS!$PROG_IPCS$ac_delim
 PROG_TAIL!$PROG_TAIL$ac_delim
 INSTALL_SSH_PRNG_CMDS!$INSTALL_SSH_PRNG_CMDS$ac_delim
+SSHLIBS!$SSHLIBS$ac_delim
+SSHDLIBS!$SSHDLIBS$ac_delim
 KRB5CONF!$KRB5CONF$ac_delim
 PRIVSEP_PATH!$PRIVSEP_PATH$ac_delim
 xauth_path!$xauth_path$ac_delim
@@ -31496,7 +31499,7 @@ LIBOBJS!$LIBOBJS$ac_delim
 LTLIBOBJS!$LTLIBOBJS$ac_delim
 _ACEOF
 
-  if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 20; then
+  if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 21; then
     break
   elif $ac_last_try; then
     { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
@@ -31993,6 +31996,9 @@ echo "         Libraries: ${LIBS}"
 if test ! -z "${SSHDLIBS}"; then
 echo "         +for sshd: ${SSHDLIBS}"
 fi
+if test ! -z "${SSHLIBS}"; then
+echo "          +for ssh: ${SSHLIBS}"
+fi
 
 echo ""
 
diff --git a/configure.ac b/configure.ac
index 769e83594..f23784d9b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-# $Id: configure.ac,v 1.469 2011/01/21 22:37:05 dtucker Exp $
+# $Id: configure.ac,v 1.469.4.1 2011/02/04 00:42:14 djm Exp $
 #
 # Copyright (c) 1999-2004 Damien Miller
 #
@@ -15,7 +15,7 @@
 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
-AC_REVISION($Revision: 1.469 $)
+AC_REVISION($Revision: 1.469.4.1 $)
 AC_CONFIG_SRCDIR([ssh.c])
 
 # local macros
@@ -737,7 +737,6 @@ mips-sony-bsd|mips-sony-newsos4)
                         [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
                                 [Define if you have Solaris process contracts])
                           SSHDLIBS="$SSHDLIBS -lcontract"
-                          AC_SUBST(SSHDLIBS)
                           SPC_MSG="yes" ], )
                 ],
         )
@@ -748,7 +747,6 @@ mips-sony-bsd|mips-sony-newsos4)
                         [ AC_DEFINE(USE_SOLARIS_PROJECTS, 1,
                                 [Define if you have Solaris projects])
                         SSHDLIBS="$SSHDLIBS -lproject"
-                        AC_SUBST(SSHDLIBS)
                         SP_MSG="yes" ], )
                 ],
         )
@@ -3515,11 +3513,14 @@ AC_ARG_WITH(selinux,
                           LIBS="$LIBS -lselinux"
                         ],
                         AC_MSG_ERROR(SELinux support requires libselinux library))
+                SSHLIBS="$SSHLIBS $LIBSELINUX"
                 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
                 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
                 LIBS="$save_LIBS"
         fi ]
 )
+AC_SUBST(SSHLIBS)
+AC_SUBST(SSHDLIBS)
 
 # Check whether user wants Kerberos 5 support
 KRB5_MSG="no"
@@ -4341,6 +4342,9 @@ echo "         Libraries: ${LIBS}"
 if test ! -z "${SSHDLIBS}"; then
 echo "         +for sshd: ${SSHDLIBS}"
 fi
+if test ! -z "${SSHLIBS}"; then
+echo "          +for ssh: ${SSHLIBS}"
+fi
 
 echo ""
 
diff --git a/contrib/caldera/openssh.spec b/contrib/caldera/openssh.spec
index 23397b04d..435003a2a 100644
--- a/contrib/caldera/openssh.spec
+++ b/contrib/caldera/openssh.spec
@@ -16,7 +16,7 @@
 
 #old cvs stuff.  please update before use.  may be deprecated.
 %define use_stable      1
-%define version         5.7p1
+%define version         5.8p1
 %if %{use_stable}
   %define cvs           %{nil}
   %define release       1
@@ -363,4 +363,4 @@ fi
 * Mon Jan 01 1998 ...
 Template Version: 1.31
 
-$Id: openssh.spec,v 1.73 2011/01/22 09:23:33 djm Exp $
+$Id: openssh.spec,v 1.73.4.1 2011/02/04 00:57:54 djm Exp $
diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec
index 8fc76b625..e99e33d0f 100644
--- a/contrib/redhat/openssh.spec
+++ b/contrib/redhat/openssh.spec
@@ -1,4 +1,4 @@
-%define ver 5.7p1
+%define ver 5.8p1
 %define rel 1
 
 # OpenSSH privilege separation requires a user & group ID
diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec
index 4573c52fd..6afdcc4b4 100644
--- a/contrib/suse/openssh.spec
+++ b/contrib/suse/openssh.spec
@@ -13,7 +13,7 @@
 
 Summary:        OpenSSH, a free Secure Shell (SSH) protocol implementation
 Name:           openssh
-Version:        5.7p1
+Version:        5.8p1
 URL:            http://www.openssh.com/
 Release:        1
 Source0:        openssh-%{version}.tar.gz
diff --git a/key.c b/key.c
index 1defb1132..e3a305e66 100644
--- a/key.c
+++ b/key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: key.c,v 1.95 2010/11/10 01:33:07 djm Exp $ */
+/* $OpenBSD: key.c,v 1.96 2011/02/04 00:44:21 djm Exp $ */
 /*
  * read_bignum():
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1886,10 +1886,9 @@ key_certify(Key *k, Key *ca)
         buffer_put_cstring(&k->cert->certblob, key_ssh_name(k));
 
         /* -v01 certs put nonce first */
-        if (!key_cert_is_legacy(k)) {
-                arc4random_buf(&nonce, sizeof(nonce));
+        arc4random_buf(&nonce, sizeof(nonce));
+        if (!key_cert_is_legacy(k))
                 buffer_put_string(&k->cert->certblob, nonce, sizeof(nonce));
-        }
 
         switch (k->type) {
         case KEY_DSA_CERT_V00:
diff --git a/moduli.0 b/moduli.0
index af4b37511..ded094ff0 100644
--- a/moduli.0
+++ b/moduli.0
@@ -69,4 +69,4 @@ SEE ALSO
      Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer
      Protocol, RFC 4419, 2006.
 
-OpenBSD 4.8                      June 26, 2008                     OpenBSD 4.8
+OpenBSD 4.9                      June 26, 2008                     OpenBSD 4.9
diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c
index 5b1cf402c..ede533fdd 100644
--- a/openbsd-compat/port-linux.c
+++ b/openbsd-compat/port-linux.c
@@ -1,4 +1,4 @@
-/* $Id: port-linux.c,v 1.11 2011/01/17 07:50:24 dtucker Exp $ */
+/* $Id: port-linux.c,v 1.11.4.2 2011/02/04 00:43:08 djm Exp $ */
 
 /*
  * Copyright (c) 2005 Daniel Walsh <dwalsh@redhat.com>
@@ -205,6 +205,22 @@ ssh_selinux_change_context(const char *newname)
         xfree(oldctx);
         xfree(newctx);
 }
+
+void
+ssh_selinux_setfscreatecon(const char *path)
+{
+        security_context_t context;
+
+        if (!ssh_selinux_enabled())
+                return;
+        if (path == NULL)
+                setfscreatecon(NULL);
+                return;
+        }
+        if (matchpathcon(path, 0700, &context) == 0)
+                setfscreatecon(context);
+}
+
 #endif /* WITH_SELINUX */
 
 #ifdef LINUX_OOM_ADJUST
diff --git a/openbsd-compat/port-linux.h b/openbsd-compat/port-linux.h
index 209d9a7a2..c2f618400 100644
--- a/openbsd-compat/port-linux.h
+++ b/openbsd-compat/port-linux.h
@@ -1,4 +1,4 @@
-/* $Id: port-linux.h,v 1.4 2009/12/08 02:39:48 dtucker Exp $ */
+/* $Id: port-linux.h,v 1.4.10.1 2011/02/04 00:42:21 djm Exp $ */
 
 /*
  * Copyright (c) 2006 Damien Miller <djm@openbsd.org>
@@ -24,6 +24,7 @@ int ssh_selinux_enabled(void);
 void ssh_selinux_setup_pty(char *, const char *);
 void ssh_selinux_setup_exec_context(char *);
 void ssh_selinux_change_context(const char *);
+void ssh_selinux_setfscreatecon(const char *);
 #endif
 
 #ifdef LINUX_OOM_ADJUST
diff --git a/scp.0 b/scp.0
index f00631626..72467c8ec 100644
--- a/scp.0
+++ b/scp.0
@@ -153,4 +153,4 @@ AUTHORS
      Timo Rinne <tri@iki.fi>
      Tatu Ylonen <ylo@cs.hut.fi>
 
-OpenBSD 4.8                    December 9, 2010                    OpenBSD 4.8
+OpenBSD 4.9                    December 9, 2010                    OpenBSD 4.9
diff --git a/sftp-server.0 b/sftp-server.0
index d8d91c5d5..b7d30ec09 100644
--- a/sftp-server.0
+++ b/sftp-server.0
@@ -61,4 +61,4 @@ HISTORY
 AUTHORS
      Markus Friedl <markus@openbsd.org>
 
-OpenBSD 4.8                     January 9, 2010                    OpenBSD 4.8
+OpenBSD 4.9                     January 9, 2010                    OpenBSD 4.9
diff --git a/sftp.0 b/sftp.0
index 6ceed93ab..960ffb9df 100644
--- a/sftp.0
+++ b/sftp.0
@@ -328,4 +328,4 @@ SEE ALSO
      draft-ietf-secsh-filexfer-00.txt, January 2001, work in progress
      material.
 
-OpenBSD 4.8                    December 4, 2010                    OpenBSD 4.8
+OpenBSD 4.9                    December 4, 2010                    OpenBSD 4.9
diff --git a/ssh-add.0 b/ssh-add.0
index bf62ca905..d91512888 100644
--- a/ssh-add.0
+++ b/ssh-add.0
@@ -112,4 +112,4 @@ AUTHORS
      created OpenSSH.  Markus Friedl contributed the support for SSH protocol
      versions 1.5 and 2.0.
 
-OpenBSD 4.8                    October 28, 2010                    OpenBSD 4.8
+OpenBSD 4.9                    October 28, 2010                    OpenBSD 4.9
diff --git a/ssh-agent.0 b/ssh-agent.0
index 7fe1560d3..c3de21b42 100644
--- a/ssh-agent.0
+++ b/ssh-agent.0
@@ -120,4 +120,4 @@ AUTHORS
      created OpenSSH.  Markus Friedl contributed the support for SSH protocol
      versions 1.5 and 2.0.
 
-OpenBSD 4.8                    November 21, 2010                   OpenBSD 4.8
+OpenBSD 4.9                    November 21, 2010                   OpenBSD 4.9
diff --git a/ssh-keygen.0 b/ssh-keygen.0
index e01ad16d9..a01b30db0 100644
--- a/ssh-keygen.0
+++ b/ssh-keygen.0
@@ -440,4 +440,4 @@ AUTHORS
      created OpenSSH.  Markus Friedl contributed the support for SSH protocol
      versions 1.5 and 2.0.
 
-OpenBSD 4.8                    October 28, 2010                    OpenBSD 4.8
+OpenBSD 4.9                    October 28, 2010                    OpenBSD 4.9
diff --git a/ssh-keyscan.0 b/ssh-keyscan.0
index ba53bce81..4c3d2dbcc 100644
--- a/ssh-keyscan.0
+++ b/ssh-keyscan.0
@@ -106,4 +106,4 @@ BUGS
      This is because it opens a connection to the ssh port, reads the public
      key, and drops the connection as soon as it gets the key.
 
-OpenBSD 4.8                     August 31, 2010                    OpenBSD 4.8
+OpenBSD 4.9                     August 31, 2010                    OpenBSD 4.9
diff --git a/ssh-keysign.0 b/ssh-keysign.0
index 9da4b2446..bff850f27 100644
--- a/ssh-keysign.0
+++ b/ssh-keysign.0
@@ -48,4 +48,4 @@ HISTORY
 AUTHORS
      Markus Friedl <markus@openbsd.org>
 
-OpenBSD 4.8                     August 31, 2010                    OpenBSD 4.8
+OpenBSD 4.9                     August 31, 2010                    OpenBSD 4.9
diff --git a/ssh-pkcs11-helper.0 b/ssh-pkcs11-helper.0
index 664ec971f..22526781e 100644
--- a/ssh-pkcs11-helper.0
+++ b/ssh-pkcs11-helper.0
@@ -22,4 +22,4 @@ HISTORY
 AUTHORS
      Markus Friedl <markus@openbsd.org>
 
-OpenBSD 4.8                    February 10, 2010                   OpenBSD 4.8
+OpenBSD 4.9                    February 10, 2010                   OpenBSD 4.9
diff --git a/ssh-rand-helper.0 b/ssh-rand-helper.0
index 5bc19e8a7..93d3554fc 100644
--- a/ssh-rand-helper.0
+++ b/ssh-rand-helper.0
@@ -48,4 +48,4 @@ AUTHORS
 SEE ALSO
      ssh(1), ssh-add(1), ssh-keygen(1), sshd(8)
 
-OpenBSD 4.8                     April 14, 2002                     OpenBSD 4.8
+OpenBSD 4.9                     April 14, 2002                     OpenBSD 4.9
diff --git a/ssh.0 b/ssh.0
index 3d2036253..c1d3135ce 100644
--- a/ssh.0
+++ b/ssh.0
@@ -895,4 +895,4 @@ AUTHORS
      created OpenSSH.  Markus Friedl contributed the support for SSH protocol
      versions 1.5 and 2.0.
 
-OpenBSD 4.8                    November 18, 2010                   OpenBSD 4.8
+OpenBSD 4.9                    November 18, 2010                   OpenBSD 4.9
diff --git a/ssh.c b/ssh.c
index 9409fa713..d32ef78b0 100644
--- a/ssh.c
+++ b/ssh.c
@@ -852,15 +852,12 @@ main(int ac, char **av)
             strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);
         if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) {
 #ifdef WITH_SELINUX
-                char *scon;
-
-                matchpathcon(buf, 0700, &scon);
-                setfscreatecon(scon);
+                ssh_selinux_setfscreatecon(buf);
 #endif
                 if (mkdir(buf, 0700) < 0)
                         error("Could not create directory '%.200s'.", buf);
 #ifdef WITH_SELINUX
-                setfscreatecon(NULL);
+                ssh_selinux_setfscreatecon(NULL);
 #endif
         }
         /* load options.identity_files */
diff --git a/ssh_config.0 b/ssh_config.0
index 71233b49b..c4a12f7bb 100644
--- a/ssh_config.0
+++ b/ssh_config.0
@@ -741,4 +741,4 @@ AUTHORS
      created OpenSSH.  Markus Friedl contributed the support for SSH protocol
      versions 1.5 and 2.0.
 
-OpenBSD 4.8                    December 8, 2010                    OpenBSD 4.8
+OpenBSD 4.9                    December 8, 2010                    OpenBSD 4.9
diff --git a/sshd.0 b/sshd.0
index bb01b7164..873584d7d 100644
--- a/sshd.0
+++ b/sshd.0
@@ -631,4 +631,4 @@ CAVEATS
      System security is not improved unless rshd, rlogind, and rexecd are
      disabled (thus completely disabling rlogin and rsh into the machine).
 
-OpenBSD 4.8                    October 28, 2010                    OpenBSD 4.8
+OpenBSD 4.9                    October 28, 2010                    OpenBSD 4.9
diff --git a/sshd_config.0 b/sshd_config.0
index 669d29a06..ab0d79be6 100644
--- a/sshd_config.0
+++ b/sshd_config.0
@@ -710,4 +710,4 @@ AUTHORS
      versions 1.5 and 2.0.  Niels Provos and Markus Friedl contributed support
      for privilege separation.
 
-OpenBSD 4.8                    December 8, 2010                    OpenBSD 4.8
+OpenBSD 4.9                    December 8, 2010                    OpenBSD 4.9
diff --git a/version.h b/version.h
index 202e0dec2..bf1c7124a 100644
--- a/version.h
+++ b/version.h
@@ -1,6 +1,6 @@
-/* $OpenBSD: version.h,v 1.60 2011/01/22 09:18:53 djm Exp $ */
+/* $OpenBSD: version.h,v 1.61 2011/02/04 00:44:43 djm Exp $ */
 
-#define SSH_VERSION     "OpenSSH_5.7"
+#define SSH_VERSION     "OpenSSH_5.8"
 
 #define SSH_PORTABLE    "p1"
 #define SSH_RELEASE     SSH_VERSION SSH_PORTABLE