30 files changed, 74 insertions, 63 deletions

diff --git a/debian/patches/auth-log-verbosity.patch b/debian/patches/auth-log-verbosity.patch
index c91cdbd68..3de03e861 100644
--- a/debian/patches/auth-log-verbosity.patch
+++ b/debian/patches/auth-log-verbosity.patch
@@ -1,4 +1,4 @@
-From 493e37552aa05b38cf69b5f1bc4b717fd4a1a285 Mon Sep 17 00:00:00 2001
+From 72aaec921b802c4f1dd73cac0fb21f149e443fc5 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:02 +0000
 Subject: Quieten logs when multiple from= restrictions are used
diff --git a/debian/patches/authorized-keys-man-symlink.patch b/debian/patches/authorized-keys-man-symlink.patch
index ce1b72d60..39e63e33b 100644
--- a/debian/patches/authorized-keys-man-symlink.patch
+++ b/debian/patches/authorized-keys-man-symlink.patch
@@ -1,4 +1,4 @@
-From cf559d6c8b4616022f5bedcf3b3b85387a4d1559 Mon Sep 17 00:00:00 2001
+From 6384f890f732a0967590e37ad402ace6505799ea Mon Sep 17 00:00:00 2001
 From: Tomas Pospisek <tpo_deb@sourcepole.ch>
 Date: Sun, 9 Feb 2014 16:10:07 +0000
 Subject: Install authorized_keys(5) as a symlink to sshd(8)
diff --git a/debian/patches/consolekit.patch b/debian/patches/consolekit.patch
index 65b6feb71..7492daca8 100644
--- a/debian/patches/consolekit.patch
+++ b/debian/patches/consolekit.patch
@@ -1,4 +1,4 @@
-From efe70e315cfcc70e765ebd070e83528a6be6c125 Mon Sep 17 00:00:00 2001
+From f4858fd1a10d1621e5e3ad5f2400dd17d156ced7 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@ubuntu.com>
 Date: Sun, 9 Feb 2014 16:09:57 +0000
 Subject: Add support for registering ConsoleKit sessions on login
diff --git a/debian/patches/debian-banner.patch b/debian/patches/debian-banner.patch
index 4cae13961..39cab81e7 100644
--- a/debian/patches/debian-banner.patch
+++ b/debian/patches/debian-banner.patch
@@ -1,4 +1,4 @@
-From 68ebfc0e90ceb0f7b24dfb38979df6a80b7ec9e4 Mon Sep 17 00:00:00 2001
+From 75e44c43679e8b888b7ef55ce7abe432eb57ef1c Mon Sep 17 00:00:00 2001
 From: Kees Cook <kees@debian.org>
 Date: Sun, 9 Feb 2014 16:10:06 +0000
 Subject: Add DebianBanner server configuration option
diff --git a/debian/patches/debian-config.patch b/debian/patches/debian-config.patch
index 70e057ed5..77be015fa 100644
--- a/debian/patches/debian-config.patch
+++ b/debian/patches/debian-config.patch
@@ -1,4 +1,4 @@
-From f08f2d9c3fedf37f97f1b2d06f1fe36af4e5f1c3 Mon Sep 17 00:00:00 2001
+From 54a7935863c3e6b3f08f620b3bd75571bb90470c Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:18 +0000
 Subject: Various Debian-specific configuration changes
diff --git a/debian/patches/dnssec-sshfp.patch b/debian/patches/dnssec-sshfp.patch
index ccedef08f..3d33a91f9 100644
--- a/debian/patches/dnssec-sshfp.patch
+++ b/debian/patches/dnssec-sshfp.patch
@@ -1,4 +1,4 @@
-From a3e8cef2bae563fe8c87cf9f32511a0808dd47eb Mon Sep 17 00:00:00 2001
+From 231608bce9f439366bc2d2c7537f48920f3dd852 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:01 +0000
 Subject: Force use of DNSSEC even if "options edns0" isn't in resolv.conf
diff --git a/debian/patches/doc-hash-tab-completion.patch b/debian/patches/doc-hash-tab-completion.patch
index 6b21b2e93..df957fca2 100644
--- a/debian/patches/doc-hash-tab-completion.patch
+++ b/debian/patches/doc-hash-tab-completion.patch
@@ -1,4 +1,4 @@
-From 5e0540a17ace7dbbcec332ad3828d09dfa69dc6f Mon Sep 17 00:00:00 2001
+From 465d1a333520edbd2f0fac77c76e06bdd1d94cb9 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:11 +0000
 Subject: Document that HashKnownHosts may break tab-completion
diff --git a/debian/patches/doc-upstart.patch b/debian/patches/doc-upstart.patch
index a813eb0ab..a09ac77e4 100644
--- a/debian/patches/doc-upstart.patch
+++ b/debian/patches/doc-upstart.patch
@@ -1,4 +1,4 @@
-From 61466f681be917753b4ae82f3b6b16cbb44047ae Mon Sep 17 00:00:00 2001
+From faf2466c7933f1c4225c8a8ceb503e24e4228ab9 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@ubuntu.com>
 Date: Sun, 9 Feb 2014 16:10:12 +0000
 Subject: Refer to ssh's Upstart job as well as its init script
diff --git a/debian/patches/fix-case-sensitive-matching.patch b/debian/patches/fix-case-sensitive-matching.patch
index 820745cc1..c721b5a0a 100644
--- a/debian/patches/fix-case-sensitive-matching.patch
+++ b/debian/patches/fix-case-sensitive-matching.patch
@@ -1,4 +1,4 @@
-From bdb60d16baf6d163844fc6f5f8520bc853b6611b Mon Sep 17 00:00:00 2001
+From efb58a7258484c31c702f9093b7a726da9eab682 Mon Sep 17 00:00:00 2001
 From: Damien Miller <djm@mindrot.org>
 Date: Tue, 4 Feb 2014 11:26:04 +1100
 Subject: Unbreak case-sensitive matching of ssh_config
diff --git a/debian/patches/getsockname-error.patch b/debian/patches/getsockname-error.patch
index b4dbc2c9f..300151cab 100644
--- a/debian/patches/getsockname-error.patch
+++ b/debian/patches/getsockname-error.patch
@@ -1,4 +1,4 @@
-From 18e1479bf4586a14b88dab082af10a8981b9d48d Mon Sep 17 00:00:00 2001
+From 6dbd954a28d3fc2631f1c0b42c23452e1e493e6f Mon Sep 17 00:00:00 2001
 From: Damien Miller <djm@mindrot.org>
 Date: Sat, 15 Feb 2014 02:08:20 +0000
 Subject: Skip get_sock_port call for c->sock==-1
diff --git a/debian/patches/gnome-ssh-askpass2-icon.patch b/debian/patches/gnome-ssh-askpass2-icon.patch
index c0ee03c3f..951284cf5 100644
--- a/debian/patches/gnome-ssh-askpass2-icon.patch
+++ b/debian/patches/gnome-ssh-askpass2-icon.patch
@@ -1,4 +1,4 @@
-From 1a6c95a5c5c82664f18bab6159e16cd64b07d870 Mon Sep 17 00:00:00 2001
+From fd8d46990dfe572955a6eda524fcbf9e9efefa75 Mon Sep 17 00:00:00 2001
 From: Vincent Untz <vuntz@ubuntu.com>
 Date: Sun, 9 Feb 2014 16:10:16 +0000
 Subject: Give the ssh-askpass-gnome window a default icon
diff --git a/debian/patches/gssapi.patch b/debian/patches/gssapi.patch
index 3f6fccfff..90a21db99 100644
--- a/debian/patches/gssapi.patch
+++ b/debian/patches/gssapi.patch
@@ -1,4 +1,4 @@
-From cd404114ded78fc51d5d9cbd458d55c9b2f67daa Mon Sep 17 00:00:00 2001
+From 429c595dbaff7f7c2b3a53fe4235211f6d788025 Mon Sep 17 00:00:00 2001
 From: Simon Wilkinson <simon@sxw.org.uk>
 Date: Sun, 9 Feb 2014 16:09:48 +0000
 Subject: GSSAPI key exchange support
@@ -17,7 +17,7 @@ have it merged into the main openssh package rather than having separate
 security history.
 
 Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242
-Last-Updated: 2014-02-10
+Last-Updated: 2014-03-19
 
 Patch-Name: gssapi.patch
 ---
@@ -30,14 +30,14 @@ Patch-Name: gssapi.patch
  config.h.in      |   6 +
  configure        |  57 ++++++++++
  configure.ac     |  24 ++++
- gss-genr.c       | 276 ++++++++++++++++++++++++++++++++++++++++++++-
- gss-serv-krb5.c  |  84 +++++++++++++-
+ gss-genr.c       | 275 ++++++++++++++++++++++++++++++++++++++++++++-
+ gss-serv-krb5.c  |  85 ++++++++++++--
  gss-serv.c       | 221 +++++++++++++++++++++++++++++++-----
  kex.c            |  16 +++
  kex.h            |  14 +++
- kexgssc.c        | 333 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
- kexgsss.c        | 289 +++++++++++++++++++++++++++++++++++++++++++++++
- key.c            |   1 +
+ kexgssc.c        | 332 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ kexgsss.c        | 289 ++++++++++++++++++++++++++++++++++++++++++++++++
+ key.c            |   3 +-
  key.h            |   1 +
  monitor.c        | 108 +++++++++++++++++-
  monitor.h        |   3 +
@@ -47,14 +47,14 @@ Patch-Name: gssapi.patch
  readconf.h       |   5 +
  servconf.c       |  38 ++++++-
  servconf.h       |   3 +
- ssh-gss.h        |  39 ++++++-
+ ssh-gss.h        |  41 ++++++-
  ssh_config       |   2 +
  ssh_config.5     |  34 +++++-
  sshconnect2.c    | 124 ++++++++++++++++++++-
  sshd.c           | 110 ++++++++++++++++++
  sshd_config      |   2 +
  sshd_config.5    |  28 +++++
- 33 files changed, 2050 insertions(+), 57 deletions(-)
+ 33 files changed, 2051 insertions(+), 59 deletions(-)
  create mode 100644 ChangeLog.gssapi
  create mode 100644 kexgssc.c
  create mode 100644 kexgsss.c
@@ -358,7 +358,7 @@ index f0cab8c..6ed8f04 100644
  #endif
  #ifdef JPAKE
 diff --git a/clientloop.c b/clientloop.c
-index f30c8b6..6d02b0b 100644
+index f30c8b6..cc23e35 100644
 --- a/clientloop.c
 +++ b/clientloop.c
 @@ -111,6 +111,10 @@
@@ -379,7 +379,7 @@ index f30c8b6..6d02b0b 100644
 +
 +#ifdef GSSAPI
 +                       if (options.gss_renewal_rekey &&
-+                           ssh_gssapi_credentials_updated(GSS_C_NO_CONTEXT)) {
++                           ssh_gssapi_credentials_updated(NULL)) {
 +                               debug("credentials updated - forcing rekey");
 +                               need_rekeying = 1;
 +                       }
@@ -516,7 +516,7 @@ index dfd32cd..90eebf5 100644
         AC_CHECK_DECL([AU_IPv4], [], 
             AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records])
 diff --git a/gss-genr.c b/gss-genr.c
-index b39281b..b7d1b7d 100644
+index b39281b..1e569ad 100644
 --- a/gss-genr.c
 +++ b/gss-genr.c
 @@ -1,7 +1,7 @@
@@ -557,7 +557,7 @@ index b39281b..b7d1b7d 100644
 +static ssh_gss_kex_mapping *gss_enc2oid = NULL;
 +
 +int 
-+ssh_gssapi_oid_table_ok() {
++ssh_gssapi_oid_table_ok(void) {
 +       return (gss_enc2oid != NULL);
 +}
 +
@@ -797,7 +797,7 @@ index b39281b..b7d1b7d 100644
         if (!GSS_ERROR(major)) {
                 major = ssh_gssapi_init_ctx(*ctx, 0, GSS_C_NO_BUFFER, &token, 
                     NULL);
-@@ -272,10 +483,67 @@ ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host)
+@@ -272,10 +483,66 @@ ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host)
                             GSS_C_NO_BUFFER);
         }
  
@@ -817,7 +817,6 @@ index b39281b..b7d1b7d 100644
 +       static OM_uint32 last_call = 0;
 +       OM_uint32 lifetime, now, major, minor;
 +       int equal;
-+       gss_cred_usage_t usage = GSS_C_INITIATE;
 +       
 +       now = time(NULL);
 +
@@ -867,7 +866,7 @@ index b39281b..b7d1b7d 100644
 +
  #endif /* GSSAPI */
 diff --git a/gss-serv-krb5.c b/gss-serv-krb5.c
-index 759fa10..959a77e 100644
+index 759fa10..e678a27 100644
 --- a/gss-serv-krb5.c
 +++ b/gss-serv-krb5.c
 @@ -1,7 +1,7 @@
@@ -879,15 +878,17 @@ index 759fa10..959a77e 100644
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
-@@ -122,6 +122,7 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
+@@ -120,8 +120,8 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
+        krb5_error_code problem;
+        krb5_principal princ;
         OM_uint32 maj_status, min_status;
-        int len;
+-       int len;
         const char *errmsg;
 +       const char *new_ccname;
  
         if (client->creds == NULL) {
                 debug("No credentials stored");
-@@ -180,11 +181,16 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
+@@ -180,11 +180,16 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
                 return;
         }
  
@@ -908,7 +909,7 @@ index 759fa10..959a77e 100644
  
  #ifdef USE_PAM
         if (options.use_pam)
-@@ -196,6 +202,71 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
+@@ -196,6 +201,71 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
         return;
  }
  
@@ -980,7 +981,7 @@ index 759fa10..959a77e 100644
  ssh_gssapi_mech gssapi_kerberos_mech = {
         "toWM5Slw5Ew8Mqkay+al2g==",
         "Kerberos",
-@@ -203,7 +274,8 @@ ssh_gssapi_mech gssapi_kerberos_mech = {
+@@ -203,7 +273,8 @@ ssh_gssapi_mech gssapi_kerberos_mech = {
         NULL,
         &ssh_gssapi_krb5_userok,
         NULL,
@@ -991,7 +992,7 @@ index 759fa10..959a77e 100644
  
  #endif /* KRB5 */
 diff --git a/gss-serv.c b/gss-serv.c
-index 95348e2..97f366f 100644
+index 95348e2..feb1ed7 100644
 --- a/gss-serv.c
 +++ b/gss-serv.c
 @@ -1,7 +1,7 @@
@@ -1079,7 +1080,7 @@ index 95348e2..97f366f 100644
  
  /* Unprivileged */
 +char *
-+ssh_gssapi_server_mechanisms() {
++ssh_gssapi_server_mechanisms(void) {
 +       gss_OID_set     supported;
 +
 +       ssh_gssapi_supported_oids(&supported);
@@ -1240,7 +1241,7 @@ index 95348e2..97f366f 100644
  
 -       return (ctx->major);
 +void
-+ssh_gssapi_rekey_creds() {
++ssh_gssapi_rekey_creds(void) {
 +       int ok;
 +       int ret;
 +#ifdef USE_PAM
@@ -1390,10 +1391,10 @@ index 1aa3ec2..8fbcb2b 100644
      BIGNUM *, BIGNUM *, BIGNUM *, u_char **, u_int *);
 diff --git a/kexgssc.c b/kexgssc.c
 new file mode 100644
-index 0000000..14f5598
+index 0000000..92a31c5
 --- /dev/null
 +++ b/kexgssc.c
-@@ -0,0 +1,333 @@
+@@ -0,0 +1,332 @@
 +/*
 + * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
 + *
@@ -1457,7 +1458,6 @@ index 0000000..14f5598
 +       u_char *serverhostkey = NULL;
 +       u_char *empty = "";
 +       char *msg;
-+       char *lang;
 +       int type = 0;
 +       int first = 1;
 +       int nbits = 0, min = DH_GRP_MIN, max = DH_GRP_MAX;
@@ -1616,7 +1616,7 @@ index 0000000..14f5598
 +                               maj_status = packet_get_int();
 +                               min_status = packet_get_int();
 +                               msg = packet_get_string(NULL);
-+                               lang = packet_get_string(NULL);
++                               (void) packet_get_string_ptr(NULL);
 +                               fatal("GSSAPI Error: \n%.400s",msg);
 +                       default:
 +                               packet_disconnect("Protocol error: didn't expect packet type %d",
@@ -2023,7 +2023,7 @@ index 0000000..8095259
 +}
 +#endif /* GSSAPI */
 diff --git a/key.c b/key.c
-index 9142338..3867eb3 100644
+index 9142338..7ac844c 100644
 --- a/key.c
 +++ b/key.c
 @@ -985,6 +985,7 @@ static const struct keytype keytypes[] = {
@@ -2034,6 +2034,15 @@ index 9142338..3867eb3 100644
         { NULL, NULL, -1, -1, 0 }
  };
  
+@@ -1063,7 +1064,7 @@ key_alg_list(int certs_only, int plain_only)
+        const struct keytype *kt;
+ 
+        for (kt = keytypes; kt->type != -1; kt++) {
+-               if (kt->name == NULL)
++               if (kt->name == NULL || kt->type == KEY_NULL)
+                        continue;
+                if ((certs_only && !kt->cert) || (plain_only && kt->cert))
+                        continue;
 diff --git a/key.h b/key.h
 index d8ad13d..c8aeba2 100644
 --- a/key.h
@@ -2558,7 +2567,7 @@ index 8812c5a..eba76ee 100644
                                                  * authentication. */
         int     kbd_interactive_authentication; /* If true, permit */
 diff --git a/ssh-gss.h b/ssh-gss.h
-index 077e13c..bc6e8f9 100644
+index 077e13c..885e481 100644
 --- a/ssh-gss.h
 +++ b/ssh-gss.h
 @@ -1,6 +1,6 @@
@@ -2625,7 +2634,7 @@ index 077e13c..bc6e8f9 100644
  
  int  ssh_gssapi_check_oid(Gssctxt *, void *, size_t);
  void ssh_gssapi_set_oid_data(Gssctxt *, void *, size_t);
-@@ -117,16 +134,30 @@ void ssh_gssapi_build_ctx(Gssctxt **);
+@@ -117,16 +134,32 @@ void ssh_gssapi_build_ctx(Gssctxt **);
  void ssh_gssapi_delete_ctx(Gssctxt **);
  OM_uint32 ssh_gssapi_sign(Gssctxt *, gss_buffer_t, gss_buffer_t);
  void ssh_gssapi_buildmic(Buffer *, const char *, const char *, const char *);
@@ -2652,9 +2661,11 @@ index 077e13c..bc6e8f9 100644
  void ssh_gssapi_storecreds(void);
  
 +char *ssh_gssapi_server_mechanisms(void);
-+int ssh_gssapi_oid_table_ok();
++int ssh_gssapi_oid_table_ok(void);
 +
 +int ssh_gssapi_update_creds(ssh_gssapi_ccache *store);
++void ssh_gssapi_rekey_creds(void);
++
  #endif /* GSSAPI */
  
  #endif /* _SSH_GSS_H */
diff --git a/debian/patches/helpful-wait-terminate.patch b/debian/patches/helpful-wait-terminate.patch
index ca90ba124..6f28f7db5 100644
--- a/debian/patches/helpful-wait-terminate.patch
+++ b/debian/patches/helpful-wait-terminate.patch
@@ -1,4 +1,4 @@
-From 71003a35537df521296408d9f6bd0a200ed2a854 Mon Sep 17 00:00:00 2001
+From 29a3d408fe0b8e91aed47ec4ad26d0c0a16e8f65 Mon Sep 17 00:00:00 2001
 From: Matthew Vernon <matthew@debian.org>
 Date: Sun, 9 Feb 2014 16:09:56 +0000
 Subject: Mention ~& when waiting for forwarded connections to terminate
diff --git a/debian/patches/keepalive-extensions.patch b/debian/patches/keepalive-extensions.patch
index 84da73ae0..149821283 100644
--- a/debian/patches/keepalive-extensions.patch
+++ b/debian/patches/keepalive-extensions.patch
@@ -1,4 +1,4 @@
-From 043f937820e1152df2c8416f37e6c8d923fc1811 Mon Sep 17 00:00:00 2001
+From 89a797b303eb5ed9edeb122a15b9dedf152cdd02 Mon Sep 17 00:00:00 2001
 From: Richard Kettlewell <rjk@greenend.org.uk>
 Date: Sun, 9 Feb 2014 16:09:52 +0000
 Subject: Various keepalive extensions
diff --git a/debian/patches/lintian-symlink-pickiness.patch b/debian/patches/lintian-symlink-pickiness.patch
index 588834b5a..97f9b0759 100644
--- a/debian/patches/lintian-symlink-pickiness.patch
+++ b/debian/patches/lintian-symlink-pickiness.patch
@@ -1,4 +1,4 @@
-From cf359c36be95e478071cb0dc4491aba88a5bae70 Mon Sep 17 00:00:00 2001
+From b25d3b37e89fb73b5fa86d19bc22f67f64dd0ad9 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:08 +0000
 Subject: Fix picky lintian errors about slogin symlinks
diff --git a/debian/patches/mention-ssh-keygen-on-keychange.patch b/debian/patches/mention-ssh-keygen-on-keychange.patch
index 637d438b9..ab0505834 100644
--- a/debian/patches/mention-ssh-keygen-on-keychange.patch
+++ b/debian/patches/mention-ssh-keygen-on-keychange.patch
@@ -1,4 +1,4 @@
-From 9c6deb4e89ad1ac2c2046b1371f378a80b0b4dec Mon Sep 17 00:00:00 2001
+From 1ad5769e5d1d878125c48c6bb4a8bea7225940fc Mon Sep 17 00:00:00 2001
 From: Scott Moser <smoser@ubuntu.com>
 Date: Sun, 9 Feb 2014 16:10:03 +0000
 Subject: Mention ssh-keygen in ssh fingerprint changed warning
diff --git a/debian/patches/no-openssl-version-check.patch b/debian/patches/no-openssl-version-check.patch
index ca2a83473..590259750 100644
--- a/debian/patches/no-openssl-version-check.patch
+++ b/debian/patches/no-openssl-version-check.patch
@@ -1,4 +1,4 @@
-From db27c81d3de93a0df6cb0f01e9b8b6bf4bb17d06 Mon Sep 17 00:00:00 2001
+From 4edb6872515344a0b137fe835ea7f76dcb0325ad Mon Sep 17 00:00:00 2001
 From: Philip Hands <phil@hands.com>
 Date: Sun, 9 Feb 2014 16:10:14 +0000
 Subject: Disable OpenSSL version check
diff --git a/debian/patches/openbsd-docs.patch b/debian/patches/openbsd-docs.patch
index 2dbfd31b7..ea9f290ad 100644
--- a/debian/patches/openbsd-docs.patch
+++ b/debian/patches/openbsd-docs.patch
@@ -1,4 +1,4 @@
-From 1c4af29874fe7bd1cec92ee90fc613c3cf83f571 Mon Sep 17 00:00:00 2001
+From ddca9737b50bd2ec15dc166434e312ae2fbd1196 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:09 +0000
 Subject: Adjust various OpenBSD-specific references in manual pages
diff --git a/debian/patches/package-versioning.patch b/debian/patches/package-versioning.patch
index 99a2167b3..67e54ccf3 100644
--- a/debian/patches/package-versioning.patch
+++ b/debian/patches/package-versioning.patch
@@ -1,4 +1,4 @@
-From 03b1ae877da1db4c517747bee89f1a494cce8566 Mon Sep 17 00:00:00 2001
+From 07b738d2bf93a5e3c57ab242b666a5f58484c7a3 Mon Sep 17 00:00:00 2001
 From: Matthew Vernon <matthew@debian.org>
 Date: Sun, 9 Feb 2014 16:10:05 +0000
 Subject: Include the Debian version in our identification
diff --git a/debian/patches/quieter-signals.patch b/debian/patches/quieter-signals.patch
index 18489cabe..168b05a34 100644
--- a/debian/patches/quieter-signals.patch
+++ b/debian/patches/quieter-signals.patch
@@ -1,4 +1,4 @@
-From 32e3aad13edff8c03c524105e2c4d4194995573b Mon Sep 17 00:00:00 2001
+From 4ba49a8d770618307867a73769ebba62bf553961 Mon Sep 17 00:00:00 2001
 From: Peter Samuelson <peter@p12n.org>
 Date: Sun, 9 Feb 2014 16:09:55 +0000
 Subject: Reduce severity of "Killed by signal %d"
@@ -22,7 +22,7 @@ Patch-Name: quieter-signals.patch
  1 file changed, 4 insertions(+), 2 deletions(-)
 
 diff --git a/clientloop.c b/clientloop.c
-index 37b3a04..60c9e87 100644
+index cd1739f..30097cd 100644
 --- a/clientloop.c
 +++ b/clientloop.c
 @@ -1717,8 +1717,10 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
diff --git a/debian/patches/scp-quoting.patch b/debian/patches/scp-quoting.patch
index a2df78d10..d4755c6b3 100644
--- a/debian/patches/scp-quoting.patch
+++ b/debian/patches/scp-quoting.patch
@@ -1,4 +1,4 @@
-From 52d571e95114cd6d63b5dc4829f87fd55213c828 Mon Sep 17 00:00:00 2001
+From 882d0c4c4403674eebd4ec525fe368ecc2100bfc Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Nicolas=20Valc=C3=A1rcel?= <nvalcarcel@ubuntu.com>
 Date: Sun, 9 Feb 2014 16:09:59 +0000
 Subject: Adjust scp quoting in verbose mode
diff --git a/debian/patches/selinux-role.patch b/debian/patches/selinux-role.patch
index dc0ffa300..1f924dfad 100644
--- a/debian/patches/selinux-role.patch
+++ b/debian/patches/selinux-role.patch
@@ -1,4 +1,4 @@
-From cc5ecb35ae6572d13ed523d143439a8559d1fee2 Mon Sep 17 00:00:00 2001
+From 7afb9ad9307191397a3ccf3d7cc90dfe474b09e8 Mon Sep 17 00:00:00 2001
 From: Manoj Srivastava <srivasta@debian.org>
 Date: Sun, 9 Feb 2014 16:09:49 +0000
 Subject: Handle SELinux authorisation roles
diff --git a/debian/patches/shell-path.patch b/debian/patches/shell-path.patch
index 8f716f8de..71d52e0bc 100644
--- a/debian/patches/shell-path.patch
+++ b/debian/patches/shell-path.patch
@@ -1,4 +1,4 @@
-From 95e6f7afe0ca1c16c31845d6fa30453b45b73e0e Mon Sep 17 00:00:00 2001
+From 43dbfc0c515e0adeddb097a9996dea382cc9e582 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:00 +0000
 Subject: Look for $SHELL on the path for ProxyCommand/LocalCommand
diff --git a/debian/patches/sigstop.patch b/debian/patches/sigstop.patch
index 0abebb664..b34dbcda0 100644
--- a/debian/patches/sigstop.patch
+++ b/debian/patches/sigstop.patch
@@ -1,4 +1,4 @@
-From 6b7aca6f112d216f321466cc7301b5183e772513 Mon Sep 17 00:00:00 2001
+From b0d3fe663d6a54b1348934946bbf8678b7470d14 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:17 +0000
 Subject: Support synchronisation with service supervisor using SIGSTOP
diff --git a/debian/patches/ssh-agent-setgid.patch b/debian/patches/ssh-agent-setgid.patch
index 78047d30c..1eedfe297 100644
--- a/debian/patches/ssh-agent-setgid.patch
+++ b/debian/patches/ssh-agent-setgid.patch
@@ -1,4 +1,4 @@
-From 0b9347201e50bd518c09babde3e7650c2b2e9228 Mon Sep 17 00:00:00 2001
+From 5708dae528688dd06c784773f0e05f5e3739d0e5 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:13 +0000
 Subject: Document consequences of ssh-agent being setgid in ssh-agent(1)
diff --git a/debian/patches/ssh-argv0.patch b/debian/patches/ssh-argv0.patch
index 53f7d6641..9afa12a88 100644
--- a/debian/patches/ssh-argv0.patch
+++ b/debian/patches/ssh-argv0.patch
@@ -1,4 +1,4 @@
-From 4e249feb183e35e32cbc0f68cfdfb6bbe09576a9 Mon Sep 17 00:00:00 2001
+From ce4c3e861126520177b929d3d04e57c0dc9cb70d Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:10 +0000
 Subject: ssh(1): Refer to ssh-argv0(1)
diff --git a/debian/patches/ssh-vulnkey-compat.patch b/debian/patches/ssh-vulnkey-compat.patch
index a14f7ae06..9939dda8c 100644
--- a/debian/patches/ssh-vulnkey-compat.patch
+++ b/debian/patches/ssh-vulnkey-compat.patch
@@ -1,4 +1,4 @@
-From 889e217b88a7848e6c997f7f87d07b9d1a35fb49 Mon Sep 17 00:00:00 2001
+From 9ae199bbd2484aed4fd61535221a96f1ae478712 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@ubuntu.com>
 Date: Sun, 9 Feb 2014 16:09:50 +0000
 Subject: Accept obsolete ssh-vulnkey configuration options
diff --git a/debian/patches/ssh1-keepalive.patch b/debian/patches/ssh1-keepalive.patch
index 4eab486fe..4456498bf 100644
--- a/debian/patches/ssh1-keepalive.patch
+++ b/debian/patches/ssh1-keepalive.patch
@@ -1,4 +1,4 @@
-From 9f42d3b964854aecfed2fff64ac375c0c4805fa5 Mon Sep 17 00:00:00 2001
+From 40a23637b9cb6364c8baeb2c25b1d8115bc740c0 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:09:51 +0000
 Subject: Partial server keep-alive implementation for SSH1
@@ -13,7 +13,7 @@ Patch-Name: ssh1-keepalive.patch
  2 files changed, 19 insertions(+), 11 deletions(-)
 
 diff --git a/clientloop.c b/clientloop.c
-index 6d02b0b..37b3a04 100644
+index cc23e35..cd1739f 100644
 --- a/clientloop.c
 +++ b/clientloop.c
 @@ -563,16 +563,21 @@ client_global_request_reply(int type, u_int32_t seq, void *ctxt)
diff --git a/debian/patches/syslog-level-silent.patch b/debian/patches/syslog-level-silent.patch
index 682ec3657..30ba118e8 100644
--- a/debian/patches/syslog-level-silent.patch
+++ b/debian/patches/syslog-level-silent.patch
@@ -1,4 +1,4 @@
-From 36c21f10bd09ee15eb7f5bd7448309bf9a5cd466 Mon Sep 17 00:00:00 2001
+From 3afa62c176aa4ea42a87372f10f355efa48f582b Mon Sep 17 00:00:00 2001
 From: Jonathan David Amery <jdamery@ysolde.ucam.org>
 Date: Sun, 9 Feb 2014 16:09:54 +0000
 Subject: "LogLevel SILENT" compatibility
diff --git a/debian/patches/user-group-modes.patch b/debian/patches/user-group-modes.patch
index 0bc245ab1..5062d7d80 100644
--- a/debian/patches/user-group-modes.patch
+++ b/debian/patches/user-group-modes.patch
@@ -1,4 +1,4 @@
-From b63620615d5c8af09e350608233f69191ad6c275 Mon Sep 17 00:00:00 2001
+From 0879622ccc5a92902c6ffd88391824cfb2d27924 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:09:58 +0000
 Subject: Allow harmless group-writability