30 files changed, 52 insertions, 89 deletions

diff --git a/debian/patches/auth-log-verbosity.patch b/debian/patches/auth-log-verbosity.patch
index dc82a6085..3635e50ad 100644
--- a/debian/patches/auth-log-verbosity.patch
+++ b/debian/patches/auth-log-verbosity.patch
@@ -1,4 +1,4 @@
-From bede2f8c8a352b57ae5188fe6d3e45c5a57892eb Mon Sep 17 00:00:00 2001
+From a791d607756f04e41153c2297e5f9a608daa7335 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:02 +0000
 Subject: Quieten logs when multiple from= restrictions are used
diff --git a/debian/patches/authorized-keys-man-symlink.patch b/debian/patches/authorized-keys-man-symlink.patch
index 694b8e584..2b1bd05f7 100644
--- a/debian/patches/authorized-keys-man-symlink.patch
+++ b/debian/patches/authorized-keys-man-symlink.patch
@@ -1,4 +1,4 @@
-From efc61f37910b46ad2ac920aca7eefce909ef2555 Mon Sep 17 00:00:00 2001
+From 9769daa27369920a909debed3ee297c32f0c3ef7 Mon Sep 17 00:00:00 2001
 From: Tomas Pospisek <tpo_deb@sourcepole.ch>
 Date: Sun, 9 Feb 2014 16:10:07 +0000
 Subject: Install authorized_keys(5) as a symlink to sshd(8)
diff --git a/debian/patches/backport-fix-first-kex-follows.patch b/debian/patches/backport-fix-first-kex-follows.patch
deleted file mode 100644
index 0039a55a6..000000000
--- a/debian/patches/backport-fix-first-kex-follows.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 31cc76b587fe2305eab8f7788c5dc6c876aff60e Mon Sep 17 00:00:00 2001
-From: Damien Miller <djm@mindrot.org>
-Date: Tue, 15 Dec 2015 15:25:04 +0000
-Subject: upstream commit
-
-unbreak connections with peers that set first_kex_follows;
-fix from Matt Johnston va bz#2515
-
-Origin: backport, http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/kex.c.diff?r1=1.114&r2=1.115
-Forwarded: not-needed
-Bug-Ubuntu: https://bugs.launchpad.net/bugs/1526357
-
-Patch-Name: backport-fix-first-kex-follows.patch
----
- kex.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/kex.c b/kex.c
-index 39a6f98..12f3e41 100644
---- a/kex.c
-+++ b/kex.c
-@@ -286,11 +286,11 @@ kex_buf2prop(struct sshbuf *raw, int *first_kex_follows, char ***propp)
-                debug2("kex_parse_kexinit: %s", proposal[i]);
-        }
-        /* first kex follows / reserved */
--       if ((r = sshbuf_get_u8(b, &v)) != 0 ||
--           (r = sshbuf_get_u32(b, &i)) != 0)
-+       if ((r = sshbuf_get_u8(b, &v)) != 0 ||  /* first_kex_follows */
-+           (r = sshbuf_get_u32(b, &i)) != 0)   /* reserved */
-                goto out;
-        if (first_kex_follows != NULL)
--               *first_kex_follows = i;
-+               *first_kex_follows = v;
-        debug2("kex_parse_kexinit: first_kex_follows %d ", v);
-        debug2("kex_parse_kexinit: reserved %u ", i);
-        r = 0;
diff --git a/debian/patches/debian-banner.patch b/debian/patches/debian-banner.patch
index 0ca73053b..eceac3ccf 100644
--- a/debian/patches/debian-banner.patch
+++ b/debian/patches/debian-banner.patch
@@ -1,4 +1,4 @@
-From e35768a64e1ca5a6ad2a5df3ebbe6806ffb8afa2 Mon Sep 17 00:00:00 2001
+From 1cbbbb90ae1a4f88f8090e1fdecee007b8d360f8 Mon Sep 17 00:00:00 2001
 From: Kees Cook <kees@debian.org>
 Date: Sun, 9 Feb 2014 16:10:06 +0000
 Subject: Add DebianBanner server configuration option
@@ -80,7 +80,7 @@ index 778ba17..161fa37 100644
  
  /* Information about the incoming connection as used by Match */
 diff --git a/sshd.c b/sshd.c
-index 0d4fb7f..6024e0e 100644
+index 189d34a..8d17521 100644
 --- a/sshd.c
 +++ b/sshd.c
 @@ -443,7 +443,8 @@ sshd_exchange_identification(int sock_in, int sock_out)
diff --git a/debian/patches/debian-config.patch b/debian/patches/debian-config.patch
index 0a2b1c58d..0a5e2cd39 100644
--- a/debian/patches/debian-config.patch
+++ b/debian/patches/debian-config.patch
@@ -1,4 +1,4 @@
-From 966fde291d530349c427da5c98e4f1869cb4e0bb Mon Sep 17 00:00:00 2001
+From 003a875a474100d250b6643270ef3874da6591d8 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:18 +0000
 Subject: Various Debian-specific configuration changes
@@ -32,7 +32,7 @@ Patch-Name: debian-config.patch
  6 files changed, 72 insertions(+), 4 deletions(-)
 
 diff --git a/readconf.c b/readconf.c
-index c0ba5a7..e4e1cba 100644
+index b9442fd..ee46ad6 100644
 --- a/readconf.c
 +++ b/readconf.c
 @@ -1749,7 +1749,7 @@ fill_default_options(Options * options)
diff --git a/debian/patches/dnssec-sshfp.patch b/debian/patches/dnssec-sshfp.patch
index 16c4d61b9..725d26e81 100644
--- a/debian/patches/dnssec-sshfp.patch
+++ b/debian/patches/dnssec-sshfp.patch
@@ -1,4 +1,4 @@
-From c35c5d9e775ad138661f3c4ef797060be53a4bd8 Mon Sep 17 00:00:00 2001
+From 54d62ce82775d6a6f556cef7b1ff61412d2d0581 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:01 +0000
 Subject: Force use of DNSSEC even if "options edns0" isn't in resolv.conf
diff --git a/debian/patches/doc-hash-tab-completion.patch b/debian/patches/doc-hash-tab-completion.patch
index ec2878845..646716fe5 100644
--- a/debian/patches/doc-hash-tab-completion.patch
+++ b/debian/patches/doc-hash-tab-completion.patch
@@ -1,4 +1,4 @@
-From a6edf4df120a78aefe39b44d07c89e13340c9ac8 Mon Sep 17 00:00:00 2001
+From 6f8b6ab94f4c4351e49598f08abc6da16fe29740 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:11 +0000
 Subject: Document that HashKnownHosts may break tab-completion
diff --git a/debian/patches/doc-upstart.patch b/debian/patches/doc-upstart.patch
index 1f3d7bf08..b7a072414 100644
--- a/debian/patches/doc-upstart.patch
+++ b/debian/patches/doc-upstart.patch
@@ -1,4 +1,4 @@
-From 5e6ecf32f56fa0c7d102239b74ae09bd4186c5a3 Mon Sep 17 00:00:00 2001
+From 17063f049ca0f00cb455eed0852405bc9abe6213 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@ubuntu.com>
 Date: Sun, 9 Feb 2014 16:10:12 +0000
 Subject: Refer to ssh's Upstart job as well as its init script
diff --git a/debian/patches/gnome-ssh-askpass2-icon.patch b/debian/patches/gnome-ssh-askpass2-icon.patch
index 4fce0733d..c3b601c76 100644
--- a/debian/patches/gnome-ssh-askpass2-icon.patch
+++ b/debian/patches/gnome-ssh-askpass2-icon.patch
@@ -1,4 +1,4 @@
-From a9bfb2fba2b1ec9ebeca20550cbccf2499d42461 Mon Sep 17 00:00:00 2001
+From a1913369b4abfcebec320706e561591c1ed8640c Mon Sep 17 00:00:00 2001
 From: Vincent Untz <vuntz@ubuntu.com>
 Date: Sun, 9 Feb 2014 16:10:16 +0000
 Subject: Give the ssh-askpass-gnome window a default icon
diff --git a/debian/patches/gssapi.patch b/debian/patches/gssapi.patch
index 8c96afbb0..8bc83cace 100644
--- a/debian/patches/gssapi.patch
+++ b/debian/patches/gssapi.patch
@@ -1,4 +1,4 @@
-From 48424483cbf2232ba849038e02675b2db1ea3a88 Mon Sep 17 00:00:00 2001
+From 6a0a4b2f79889c9b0d5e2478a6ee5f51be38dcc9 Mon Sep 17 00:00:00 2001
 From: Simon Wilkinson <simon@sxw.org.uk>
 Date: Sun, 9 Feb 2014 16:09:48 +0000
 Subject: GSSAPI key exchange support
@@ -1212,7 +1212,7 @@ index 53993d6..2f6baf7 100644
  
  #endif
 diff --git a/kex.c b/kex.c
-index 5100c66..39a6f98 100644
+index b777b7d..390bb69 100644
 --- a/kex.c
 +++ b/kex.c
 @@ -55,6 +55,10 @@
@@ -2222,7 +2222,7 @@ index de4a08f..9758290 100644
  
  #ifdef USE_PAM
 diff --git a/readconf.c b/readconf.c
-index 1d03bdf..43b7570 100644
+index cd01482..56e0f44 100644
 --- a/readconf.c
 +++ b/readconf.c
 @@ -147,6 +147,8 @@ typedef enum {
@@ -2801,7 +2801,7 @@ index 7751031..32e9b0d 100644
  
  int
 diff --git a/sshd.c b/sshd.c
-index 65ef7e8..839c2e0 100644
+index 43d4650..d659a68 100644
 --- a/sshd.c
 +++ b/sshd.c
 @@ -126,6 +126,10 @@
@@ -2815,7 +2815,7 @@ index 65ef7e8..839c2e0 100644
  #ifndef O_NOCTTY
  #define O_NOCTTY       0
  #endif
-@@ -1827,10 +1831,13 @@ main(int ac, char **av)
+@@ -1833,10 +1837,13 @@ main(int ac, char **av)
                 logit("Disabling protocol version 1. Could not load host key");
                 options.protocol &= ~SSH_PROTO_1;
         }
@@ -2829,7 +2829,7 @@ index 65ef7e8..839c2e0 100644
         if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) {
                 logit("sshd: no hostkeys available -- exiting.");
                 exit(1);
-@@ -2145,6 +2152,60 @@ main(int ac, char **av)
+@@ -2151,6 +2158,60 @@ main(int ac, char **av)
             remote_ip, remote_port, laddr,  get_local_port());
         free(laddr);
  
@@ -2890,7 +2890,7 @@ index 65ef7e8..839c2e0 100644
         /*
          * We don't want to listen forever unless the other side
          * successfully authenticates itself.  So we set up an alarm which is
-@@ -2563,6 +2624,48 @@ do_ssh2_kex(void)
+@@ -2569,6 +2630,48 @@ do_ssh2_kex(void)
         myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(
             list_hostkey_types());
  
@@ -2939,7 +2939,7 @@ index 65ef7e8..839c2e0 100644
         /* start key exchange */
         if ((r = kex_setup(active_state, myproposal)) != 0)
                 fatal("kex_setup: %s", ssh_err(r));
-@@ -2577,6 +2680,13 @@ do_ssh2_kex(void)
+@@ -2583,6 +2686,13 @@ do_ssh2_kex(void)
  # endif
  #endif
         kex->kex[KEX_C25519_SHA256] = kexc25519_server;
diff --git a/debian/patches/helpful-wait-terminate.patch b/debian/patches/helpful-wait-terminate.patch
index 0dc5bafbf..a19fe6c6d 100644
--- a/debian/patches/helpful-wait-terminate.patch
+++ b/debian/patches/helpful-wait-terminate.patch
@@ -1,4 +1,4 @@
-From 86d7bcd53809aacc75344386bd8b88bf5fcb2fce Mon Sep 17 00:00:00 2001
+From 0a3d1df1344642161b1ee001a3885a1ee8ebc03b Mon Sep 17 00:00:00 2001
 From: Matthew Vernon <matthew@debian.org>
 Date: Sun, 9 Feb 2014 16:09:56 +0000
 Subject: Mention ~& when waiting for forwarded connections to terminate
diff --git a/debian/patches/keepalive-extensions.patch b/debian/patches/keepalive-extensions.patch
index bbb3ef86f..9b5d38271 100644
--- a/debian/patches/keepalive-extensions.patch
+++ b/debian/patches/keepalive-extensions.patch
@@ -1,4 +1,4 @@
-From 8f53616f872acf853b52e94f5b0668c78bf0cb76 Mon Sep 17 00:00:00 2001
+From ea47a6eba9fce31a1b4cd909b7ba19541c9d9c9b Mon Sep 17 00:00:00 2001
 From: Richard Kettlewell <rjk@greenend.org.uk>
 Date: Sun, 9 Feb 2014 16:09:52 +0000
 Subject: Various keepalive extensions
@@ -26,7 +26,7 @@ Patch-Name: keepalive-extensions.patch
  3 files changed, 34 insertions(+), 4 deletions(-)
 
 diff --git a/readconf.c b/readconf.c
-index 522ad37..46c343f 100644
+index 831072f..83582e3 100644
 --- a/readconf.c
 +++ b/readconf.c
 @@ -160,6 +160,7 @@ typedef enum {
diff --git a/debian/patches/lintian-symlink-pickiness.patch b/debian/patches/lintian-symlink-pickiness.patch
index 252cd99b8..a2a440fae 100644
--- a/debian/patches/lintian-symlink-pickiness.patch
+++ b/debian/patches/lintian-symlink-pickiness.patch
@@ -1,4 +1,4 @@
-From ca06409500b9f4f3a43fa61526a4c0654761e009 Mon Sep 17 00:00:00 2001
+From c685ea67334abf73c014aa6ab9f833e9d28fdab8 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:08 +0000
 Subject: Fix picky lintian errors about slogin symlinks
diff --git a/debian/patches/mention-ssh-keygen-on-keychange.patch b/debian/patches/mention-ssh-keygen-on-keychange.patch
index 79c984179..a9c4cb7fc 100644
--- a/debian/patches/mention-ssh-keygen-on-keychange.patch
+++ b/debian/patches/mention-ssh-keygen-on-keychange.patch
@@ -1,4 +1,4 @@
-From 9f59e8a3ddd28351126a5b26d2dd3d9f24442c09 Mon Sep 17 00:00:00 2001
+From 89f2729da6734f2d5e3a31d2a75e817750f6cd95 Mon Sep 17 00:00:00 2001
 From: Scott Moser <smoser@ubuntu.com>
 Date: Sun, 9 Feb 2014 16:10:03 +0000
 Subject: Mention ssh-keygen in ssh fingerprint changed warning
diff --git a/debian/patches/no-openssl-version-status.patch b/debian/patches/no-openssl-version-status.patch
index 14ec01dbf..194100f56 100644
--- a/debian/patches/no-openssl-version-status.patch
+++ b/debian/patches/no-openssl-version-status.patch
@@ -1,4 +1,4 @@
-From e5908e70f9a105f725d9884fba1a68bfb3ba664f Mon Sep 17 00:00:00 2001
+From dcc3ce03144d1560d878db8290c9f19dc0511f6f Mon Sep 17 00:00:00 2001
 From: Kurt Roeckx <kurt@roeckx.be>
 Date: Sun, 9 Feb 2014 16:10:14 +0000
 Subject: Don't check the status field of the OpenSSL version
diff --git a/debian/patches/openbsd-docs.patch b/debian/patches/openbsd-docs.patch
index 4ce6c79e0..9b1c38bfc 100644
--- a/debian/patches/openbsd-docs.patch
+++ b/debian/patches/openbsd-docs.patch
@@ -1,4 +1,4 @@
-From 70ef4add88e4f6adc7f9f0e9521567dcd80a12e6 Mon Sep 17 00:00:00 2001
+From eb8141e6ac12c0714e0951598fe44634327bfde7 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:09 +0000
 Subject: Adjust various OpenBSD-specific references in manual pages
diff --git a/debian/patches/package-versioning.patch b/debian/patches/package-versioning.patch
index 51e14b07a..fb7724f58 100644
--- a/debian/patches/package-versioning.patch
+++ b/debian/patches/package-versioning.patch
@@ -1,4 +1,4 @@
-From 3b79d6bcaf9405b878496c9107855ebe8906a60a Mon Sep 17 00:00:00 2001
+From 3e38e90de2e2ead094624f4f140568574c40cae6 Mon Sep 17 00:00:00 2001
 From: Matthew Vernon <matthew@debian.org>
 Date: Sun, 9 Feb 2014 16:10:05 +0000
 Subject: Include the Debian version in our identification
@@ -36,7 +36,7 @@ index bbde8af..0ec1e54 100644
         if (roaming_atomicio(vwrite, connection_out, client_version_string,
             strlen(client_version_string)) != strlen(client_version_string))
 diff --git a/sshd.c b/sshd.c
-index 0537bc9..0d4fb7f 100644
+index 1b49b26..189d34a 100644
 --- a/sshd.c
 +++ b/sshd.c
 @@ -443,7 +443,7 @@ sshd_exchange_identification(int sock_in, int sock_out)
@@ -49,13 +49,13 @@ index 0537bc9..0d4fb7f 100644
             options.version_addendum, newline);
  
 diff --git a/version.h b/version.h
-index d917ca1..5c22d90 100644
+index 41e1ea9..2969570 100644
 --- a/version.h
 +++ b/version.h
 @@ -3,4 +3,9 @@
  #define SSH_VERSION    "OpenSSH_7.1"
  
- #define SSH_PORTABLE   "p1"
+ #define SSH_PORTABLE   "p2"
 -#define SSH_RELEASE    SSH_VERSION SSH_PORTABLE
 +#define SSH_RELEASE_MINIMUM    SSH_VERSION SSH_PORTABLE
 +#ifdef SSH_EXTRAVERSION
diff --git a/debian/patches/quieter-signals.patch b/debian/patches/quieter-signals.patch
index 4d9267c19..0dc3f1c32 100644
--- a/debian/patches/quieter-signals.patch
+++ b/debian/patches/quieter-signals.patch
@@ -1,4 +1,4 @@
-From de340b1ef1920a34e8c640a571a88a3f58121c6a Mon Sep 17 00:00:00 2001
+From 72aec10a082f61d9a601b03ec57e0053e03397dd Mon Sep 17 00:00:00 2001
 From: Peter Samuelson <peter@p12n.org>
 Date: Sun, 9 Feb 2014 16:09:55 +0000
 Subject: Reduce severity of "Killed by signal %d"
diff --git a/debian/patches/restore-tcp-wrappers.patch b/debian/patches/restore-tcp-wrappers.patch
index 0bda03255..13090ff06 100644
--- a/debian/patches/restore-tcp-wrappers.patch
+++ b/debian/patches/restore-tcp-wrappers.patch
@@ -1,4 +1,4 @@
-From c538473bc1958b99bb26283752f287df5934045a Mon Sep 17 00:00:00 2001
+From f1fe58341ea22a6f07e5e1de79aa0385c0ee0c6a Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Tue, 7 Oct 2014 13:22:41 +0100
 Subject: Restore TCP wrappers support
@@ -128,7 +128,7 @@ index 213b5fc..2105979 100644
  .Xr moduli 5 ,
  .Xr sshd_config 5 ,
 diff --git a/sshd.c b/sshd.c
-index 839c2e0..0e30e6e 100644
+index d659a68..9275e0b 100644
 --- a/sshd.c
 +++ b/sshd.c
 @@ -130,6 +130,13 @@
@@ -145,7 +145,7 @@ index 839c2e0..0e30e6e 100644
  #ifndef O_NOCTTY
  #define O_NOCTTY       0
  #endif
-@@ -2145,6 +2152,24 @@ main(int ac, char **av)
+@@ -2151,6 +2158,24 @@ main(int ac, char **av)
  #ifdef SSH_AUDIT_EVENTS
         audit_connection_from(remote_ip, remote_port);
  #endif
diff --git a/debian/patches/scp-quoting.patch b/debian/patches/scp-quoting.patch
index c6568cf1e..e8049d902 100644
--- a/debian/patches/scp-quoting.patch
+++ b/debian/patches/scp-quoting.patch
@@ -1,4 +1,4 @@
-From bad235ddc7e9cb8fa83ccefac7640fe456bcf993 Mon Sep 17 00:00:00 2001
+From efd79b5b880f473ef06d4659cf279b07a65de208 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Nicolas=20Valc=C3=A1rcel?= <nvalcarcel@ubuntu.com>
 Date: Sun, 9 Feb 2014 16:09:59 +0000
 Subject: Adjust scp quoting in verbose mode
diff --git a/debian/patches/selinux-role.patch b/debian/patches/selinux-role.patch
index f479c4635..5fec9eae0 100644
--- a/debian/patches/selinux-role.patch
+++ b/debian/patches/selinux-role.patch
@@ -1,4 +1,4 @@
-From 5f583693723b0f56608a9a91e58b248219a668c9 Mon Sep 17 00:00:00 2001
+From 701eb985309b1c9fce617949298659843fce723d Mon Sep 17 00:00:00 2001
 From: Manoj Srivastava <srivasta@debian.org>
 Date: Sun, 9 Feb 2014 16:09:49 +0000
 Subject: Handle SELinux authorisation roles
@@ -458,10 +458,10 @@ index 6a2f35e..ef6593c 100644
                        const char *value);
  
 diff --git a/sshd.c b/sshd.c
-index 0e30e6e..0537bc9 100644
+index 9275e0b..1b49b26 100644
 --- a/sshd.c
 +++ b/sshd.c
-@@ -782,7 +782,7 @@ privsep_postauth(Authctxt *authctxt)
+@@ -786,7 +786,7 @@ privsep_postauth(Authctxt *authctxt)
         explicit_bzero(rnd, sizeof(rnd));
  
         /* Drop privileges */
diff --git a/debian/patches/series b/debian/patches/series
index f7eb1cc8b..e612e0554 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -26,4 +26,3 @@ gnome-ssh-askpass2-icon.patch
 sigstop.patch
 systemd-readiness.patch
 debian-config.patch
-backport-fix-first-kex-follows.patch
diff --git a/debian/patches/shell-path.patch b/debian/patches/shell-path.patch
index 3a98343cc..e60dfc4d3 100644
--- a/debian/patches/shell-path.patch
+++ b/debian/patches/shell-path.patch
@@ -1,4 +1,4 @@
-From bf28735236933b0a1f011d73d7cbb948e197c4cc Mon Sep 17 00:00:00 2001
+From ccc03dd81a15fa91155bbdfa6b84a0d6e37c43e4 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:00 +0000
 Subject: Look for $SHELL on the path for ProxyCommand/LocalCommand
diff --git a/debian/patches/sigstop.patch b/debian/patches/sigstop.patch
index 7db2557a0..0cf814455 100644
--- a/debian/patches/sigstop.patch
+++ b/debian/patches/sigstop.patch
@@ -1,4 +1,4 @@
-From bf533d857451efe2f9abc6fb96e1c9c93ff1a7ee Mon Sep 17 00:00:00 2001
+From 5af03fab96e1d53019d1c50282eb21ce3e581895 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:17 +0000
 Subject: Support synchronisation with service supervisor using SIGSTOP
@@ -13,10 +13,10 @@ Patch-Name: sigstop.patch
  1 file changed, 10 insertions(+)
 
 diff --git a/sshd.c b/sshd.c
-index 6024e0e..7e72b9b 100644
+index 8d17521..5ccf175 100644
 --- a/sshd.c
 +++ b/sshd.c
-@@ -2042,6 +2042,16 @@ main(int ac, char **av)
+@@ -2048,6 +2048,16 @@ main(int ac, char **av)
                         }
                 }
  
diff --git a/debian/patches/ssh-agent-setgid.patch b/debian/patches/ssh-agent-setgid.patch
index 11ecc5c42..ffab898c7 100644
--- a/debian/patches/ssh-agent-setgid.patch
+++ b/debian/patches/ssh-agent-setgid.patch
@@ -1,4 +1,4 @@
-From 0f29b62fb2529bd6341dae7bea1271f5b967ece0 Mon Sep 17 00:00:00 2001
+From 7566d3563c174cc339da8b72833e66614cfc1458 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:13 +0000
 Subject: Document consequences of ssh-agent being setgid in ssh-agent(1)
diff --git a/debian/patches/ssh-argv0.patch b/debian/patches/ssh-argv0.patch
index 3c22db5cf..d3097fe10 100644
--- a/debian/patches/ssh-argv0.patch
+++ b/debian/patches/ssh-argv0.patch
@@ -1,4 +1,4 @@
-From 11e3509a4baa45a988598b937ea16e6ed3949d44 Mon Sep 17 00:00:00 2001
+From 078b7a5e7b89d20ce867e2c9839096be673b6ae0 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:10 +0000
 Subject: ssh(1): Refer to ssh-argv0(1)
diff --git a/debian/patches/ssh-vulnkey-compat.patch b/debian/patches/ssh-vulnkey-compat.patch
index 59b0983f9..be725e357 100644
--- a/debian/patches/ssh-vulnkey-compat.patch
+++ b/debian/patches/ssh-vulnkey-compat.patch
@@ -1,4 +1,4 @@
-From 6b1e8291597ff151b913c470f4af4b04ddec5c7d Mon Sep 17 00:00:00 2001
+From 7f0a4ecb6694298414e6d84c0aa49c35b19cad1b Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@ubuntu.com>
 Date: Sun, 9 Feb 2014 16:09:50 +0000
 Subject: Accept obsolete ssh-vulnkey configuration options
@@ -17,7 +17,7 @@ Patch-Name: ssh-vulnkey-compat.patch
  2 files changed, 2 insertions(+)
 
 diff --git a/readconf.c b/readconf.c
-index 43b7570..522ad37 100644
+index 56e0f44..831072f 100644
 --- a/readconf.c
 +++ b/readconf.c
 @@ -181,6 +181,7 @@ static struct {
diff --git a/debian/patches/syslog-level-silent.patch b/debian/patches/syslog-level-silent.patch
index d591c1a70..255395666 100644
--- a/debian/patches/syslog-level-silent.patch
+++ b/debian/patches/syslog-level-silent.patch
@@ -1,4 +1,4 @@
-From 2b9216f2931cfe880a7ea85750730579f8da4465 Mon Sep 17 00:00:00 2001
+From 25ead9080a3f98eafc64a9a9c4b6650d922a19fa Mon Sep 17 00:00:00 2001
 From: Jonathan David Amery <jdamery@ysolde.ucam.org>
 Date: Sun, 9 Feb 2014 16:09:54 +0000
 Subject: "LogLevel SILENT" compatibility
@@ -33,7 +33,7 @@ index ad12930..e68b84a 100644
         { "FATAL",      SYSLOG_LEVEL_FATAL },
         { "ERROR",      SYSLOG_LEVEL_ERROR },
 diff --git a/ssh.c b/ssh.c
-index 59c1f93..712ea0e 100644
+index 67c1ebf..eb73903 100644
 --- a/ssh.c
 +++ b/ssh.c
 @@ -1106,7 +1106,7 @@ main(int ac, char **av)
diff --git a/debian/patches/systemd-readiness.patch b/debian/patches/systemd-readiness.patch
index 4914cd6f5..62ca0f284 100644
--- a/debian/patches/systemd-readiness.patch
+++ b/debian/patches/systemd-readiness.patch
@@ -1,4 +1,4 @@
-From 0aff7ca980bc54be68f7479a016d7779f99cf06e Mon Sep 17 00:00:00 2001
+From 9d88bc29443745ebf30004136ac18ced47292833 Mon Sep 17 00:00:00 2001
 From: Michael Biebl <biebl@debian.org>
 Date: Mon, 21 Dec 2015 16:08:47 +0000
 Subject: Add systemd readiness notification support
@@ -56,7 +56,7 @@ index 128889a..eec2b72 100644
  echo "           Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
  echo "                  BSD Auth support: $BSD_AUTH_MSG"
 diff --git a/sshd.c b/sshd.c
-index 7e72b9b..19ee92b 100644
+index 5ccf175..366ae92 100644
 --- a/sshd.c
 +++ b/sshd.c
 @@ -85,6 +85,10 @@
@@ -70,7 +70,7 @@ index 7e72b9b..19ee92b 100644
  #include "xmalloc.h"
  #include "ssh.h"
  #include "ssh1.h"
-@@ -2052,6 +2056,11 @@ main(int ac, char **av)
+@@ -2058,6 +2062,11 @@ main(int ac, char **av)
                         unsetenv("SSH_SIGSTOP");
                 }
  
diff --git a/debian/patches/user-group-modes.patch b/debian/patches/user-group-modes.patch
index 70d5275aa..c2dbdcd7a 100644
--- a/debian/patches/user-group-modes.patch
+++ b/debian/patches/user-group-modes.patch
@@ -1,4 +1,4 @@
-From c60b1066b877429b723b351f44efb9e84bc64252 Mon Sep 17 00:00:00 2001
+From a1010980d6906a140307825466934a21c3d4d228 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:09:58 +0000
 Subject: Allow harmless group-writability
@@ -216,7 +216,7 @@ index f35ec39..9a23e6e 100644
 -       return 0;
 -}
 diff --git a/readconf.c b/readconf.c
-index 46c343f..c0ba5a7 100644
+index 83582e3..b9442fd 100644
 --- a/readconf.c
 +++ b/readconf.c
 @@ -39,6 +39,8 @@