36 files changed, 561 insertions, 701 deletions

diff --git a/debian/.git-dpm b/debian/.git-dpm
index 782b862df..1532e846b 100644
--- a/debian/.git-dpm
+++ b/debian/.git-dpm
@@ -1,8 +1,8 @@
 # see git-dpm(1) from git-dpm package
-751d1f6494fb3ffd75188de7390c28725a5b91a6
-751d1f6494fb3ffd75188de7390c28725a5b91a6
-f0329aac23c61e1a5197d6d57349a63f459bccb0
-f0329aac23c61e1a5197d6d57349a63f459bccb0
-openssh_7.2p2.orig.tar.gz
-70e35d7d6386fe08abbd823b3a12a3ca44ac6d38
-1499808
+4c914ccd85bbf391c4dc61b85e3c178fef465e3f
+4c914ccd85bbf391c4dc61b85e3c178fef465e3f
+a8ed8d256b2e2c05b0c15565a7938028c5192277
+a8ed8d256b2e2c05b0c15565a7938028c5192277
+openssh_7.3p1.orig.tar.gz
+bfade84283fcba885e2084343ab19a08c7d123a5
+1522617
diff --git a/debian/changelog b/debian/changelog
index 46a0a6f39..76607d617 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,60 @@
+openssh (1:7.3p1-1) UNRELEASED; urgency=medium
+
+  * New upstream release (http://www.openssh.com/txt/release-7.3):
+    - SECURITY: sshd(8): Mitigate a potential denial-of-service attack
+      against the system's crypt(3) function via sshd(8).  An attacker could
+      send very long passwords that would cause excessive CPU use in
+      crypt(3).  sshd(8) now refuses to accept password authentication
+      requests of length greater than 1024 characters.
+    - SECURITY: ssh(1), sshd(8): Fix observable timing weakness in the CBC
+      padding oracle countermeasures.  Note that CBC ciphers are disabled by
+      default and only included for legacy compatibility.
+    - SECURITY: ssh(1), sshd(8): Improve operation ordering of MAC
+      verification for Encrypt-then-MAC (EtM) mode transport MAC algorithms
+      to verify the MAC before decrypting any ciphertext.  This removes the
+      possibility of timing differences leaking facts about the plaintext,
+      though no such leakage has been observed.
+    - ssh(1): Add a ProxyJump option and corresponding -J command-line flag
+      to allow simplified indirection through a one or more SSH bastions or
+      "jump hosts".
+    - ssh(1): Add an IdentityAgent option to allow specifying specific agent
+      sockets instead of accepting one from the environment.
+    - ssh(1): Allow ExitOnForwardFailure and ClearAllForwardings to be
+      optionally overridden when using ssh -W.
+    - ssh(1), sshd(8): Implement support for the IUTF8 terminal mode as per
+      draft-sgtatham-secsh-iutf8-00 (closes: #337041, LP: #394570).
+    - ssh(1), sshd(8): Add support for additional fixed Diffie-Hellman 2K,
+      4K and 8K groups from draft-ietf-curdle-ssh-kex-sha2-03.
+    - ssh-keygen(1), ssh(1), sshd(8): Support SHA256 and SHA512 RSA
+      signatures in certificates.
+    - ssh(1): Add an Include directive for ssh_config(5) files (closes:
+      #536031).
+    - ssh(1): Permit UTF-8 characters in pre-authentication banners sent
+      from the server.
+    - ssh(1), sshd(8): Reduce the syslog level of some relatively common
+      protocol events from LOG_CRIT.
+    - sshd(8): Refuse AuthenticationMethods="" in configurations and accept
+      AuthenticationMethods=any for the default behaviour of not requiring
+      multiple authentication.
+    - sshd(8): Remove obsolete and misleading "POSSIBLE BREAK-IN ATTEMPT!"
+      message when forward and reverse DNS don't match.
+    - ssh(1): Deduplicate LocalForward and RemoteForward entries to fix
+      failures when both ExitOnForwardFailure and hostname canonicalisation
+      are enabled.
+    - sshd(8): Remove fallback from moduli to obsolete "primes" file that
+      was deprecated in 2001 (LP: #1528251).
+    - sshd_config(5): Correct description of UseDNS: it affects ssh hostname
+      processing for authorized_keys, not known_hosts.
+    - sshd(8): Send ClientAliveInterval pings when a time-based RekeyLimit
+      is set; previously keepalive packets were not being sent.
+    - sshd(8): Whitelist more architectures to enable the seccomp-bpf
+      sandbox.
+    - scp(1): Respect the local user's LC_CTYPE locale (closes: #396295).
+    - Take character display widths into account for the progressmeter
+      (closes: #407088).
+
+ -- Colin Watson <cjwatson@debian.org>  Sat, 06 Aug 2016 11:00:55 +0100
+
 openssh (1:7.2p2-8) unstable; urgency=medium
 
   [ Colin Watson ]
diff --git a/debian/patches/CVE-2015-8325.patch b/debian/patches/CVE-2015-8325.patch
deleted file mode 100644
index de2c33577..000000000
--- a/debian/patches/CVE-2015-8325.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 7f3fb4e5fdddc6600e70ae663c21511fbcf2c64c Mon Sep 17 00:00:00 2001
-From: Damien Miller <djm@mindrot.org>
-Date: Wed, 13 Apr 2016 10:39:57 +1000
-Subject: ignore PAM environment vars when UseLogin=yes
-
-If PAM is configured to read user-specified environment variables
-and UseLogin=yes in sshd_config, then a hostile local user may
-attack /bin/login via LD_PRELOAD or similar environment variables
-set via PAM.
-
-CVE-2015-8325, found by Shayan Sadigh, via Colin Watson
-
-Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=85bdcd7c92fe7ff133bbc4e10a65c91810f88755
-Last-Update: 2016-04-13
-
-Patch-Name: CVE-2015-8325.patch
----
- session.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/session.c b/session.c
-index f246b8a..8ab9814 100644
---- a/session.c
-+++ b/session.c
-@@ -1317,7 +1317,7 @@ do_setup_env(Session *s, const char *shell)
-         * Pull in any environment variables that may have
-         * been set by PAM.
-         */
--       if (options.use_pam) {
-+       if (options.use_pam && !options.use_login) {
-                char **p;
- 
-                p = fetch_pam_child_environment();
diff --git a/debian/patches/CVE-2016-6210-1.patch b/debian/patches/CVE-2016-6210-1.patch
deleted file mode 100644
index 9b46ec12a..000000000
--- a/debian/patches/CVE-2016-6210-1.patch
+++ /dev/null
@@ -1,114 +0,0 @@
-From e5ef9d3942cebda819a6fd81647b51c8d87d23df Mon Sep 17 00:00:00 2001
-From: Darren Tucker <dtucker@zip.com.au>
-Date: Fri, 15 Jul 2016 13:32:45 +1000
-Subject: Determine appropriate salt for invalid users.
-
-When sshd is processing a non-PAM login for a non-existent user it uses
-the string from the fakepw structure as the salt for crypt(3)ing the
-password supplied by the client.  That string has a Blowfish prefix, so on
-systems that don't understand that crypt will fail fast due to an invalid
-salt, and even on those that do it may have significantly different timing
-from the hash methods used for real accounts (eg sha512).  This allows
-user enumeration by, eg, sending large password strings.  This was noted
-by EddieEzra.Harari at verint.com (CVE-2016-6210).
-
-To mitigate, use the same hash algorithm that root uses for hashing
-passwords for users that do not exist on the system.  ok djm@
-
-Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=9286875a73b2de7736b5e50692739d314cd8d9dc
-Bug-Debian: https://bugs.debian.org/831902
-Last-Update: 2016-07-22
-
-Patch-Name: CVE-2016-6210-1.patch
----
- auth-passwd.c           | 12 ++++++++----
- openbsd-compat/xcrypt.c | 34 ++++++++++++++++++++++++++++++++++
- 2 files changed, 42 insertions(+), 4 deletions(-)
-
-diff --git a/auth-passwd.c b/auth-passwd.c
-index 63ccf3c..530b5d4 100644
---- a/auth-passwd.c
-+++ b/auth-passwd.c
-@@ -193,7 +193,7 @@ int
- sys_auth_passwd(Authctxt *authctxt, const char *password)
- {
-        struct passwd *pw = authctxt->pw;
--       char *encrypted_password;
-+       char *encrypted_password, *salt = NULL;
- 
-        /* Just use the supplied fake password if authctxt is invalid */
-        char *pw_password = authctxt->valid ? shadow_pw(pw) : pw->pw_passwd;
-@@ -202,9 +202,13 @@ sys_auth_passwd(Authctxt *authctxt, const char *password)
-        if (strcmp(pw_password, "") == 0 && strcmp(password, "") == 0)
-                return (1);
- 
--       /* Encrypt the candidate password using the proper salt. */
--       encrypted_password = xcrypt(password,
--           (pw_password[0] && pw_password[1]) ? pw_password : "xx");
-+       /*
-+        * Encrypt the candidate password using the proper salt, or pass a
-+        * NULL and let xcrypt pick one.
-+        */
-+       if (authctxt->valid && pw_password[0] && pw_password[1])
-+               salt = pw_password;
-+       encrypted_password = xcrypt(password, salt);
- 
-        /*
-         * Authentication is accepted if the encrypted passwords
-diff --git a/openbsd-compat/xcrypt.c b/openbsd-compat/xcrypt.c
-index 8577cbd..8913bb8 100644
---- a/openbsd-compat/xcrypt.c
-+++ b/openbsd-compat/xcrypt.c
-@@ -25,6 +25,7 @@
- #include "includes.h"
- 
- #include <sys/types.h>
-+#include <string.h>
- #include <unistd.h>
- #include <pwd.h>
- 
-@@ -62,11 +63,44 @@
- #  define crypt DES_crypt
- # endif
- 
-+/*
-+ * Pick an appropriate password encryption type and salt for the running
-+ * system.
-+ */
-+static const char *
-+pick_salt(void)
-+{
-+       struct passwd *pw;
-+       char *passwd, *p;
-+       size_t typelen;
-+       static char salt[32];
-+
-+       if (salt[0] != '\0')
-+               return salt;
-+       strlcpy(salt, "xx", sizeof(salt));
-+       if ((pw = getpwuid(0)) == NULL)
-+               return salt;
-+       passwd = shadow_pw(pw);
-+       if (passwd[0] != '$' || (p = strrchr(passwd + 1, '$')) == NULL)
-+               return salt;  /* no $, DES */
-+       typelen = p - passwd + 1;
-+       strlcpy(salt, passwd, MIN(typelen, sizeof(salt)));
-+       explicit_bzero(passwd, strlen(passwd));
-+       return salt;
-+}
-+
- char *
- xcrypt(const char *password, const char *salt)
- {
-        char *crypted;
- 
-+       /*
-+        * If we don't have a salt we are encrypting a fake password for
-+        * for timing purposes.  Pick an appropriate salt.
-+        */
-+       if (salt == NULL)
-+               salt = pick_salt();
-+
- # ifdef HAVE_MD5_PASSWORDS
-         if (is_md5_salt(salt))
-                 crypted = md5_crypt(password, salt);
diff --git a/debian/patches/CVE-2016-6210-2.patch b/debian/patches/CVE-2016-6210-2.patch
deleted file mode 100644
index 1c580f90b..000000000
--- a/debian/patches/CVE-2016-6210-2.patch
+++ /dev/null
@@ -1,111 +0,0 @@
-From dde63f7f998ac3812a26bbb2c1b2947f24fcd060 Mon Sep 17 00:00:00 2001
-From: Darren Tucker <dtucker@zip.com.au>
-Date: Fri, 15 Jul 2016 13:49:44 +1000
-Subject: Mitigate timing of disallowed users PAM logins.
-
-When sshd decides to not allow a login (eg PermitRootLogin=no) and
-it's using PAM, it sends a fake password to PAM so that the timing for
-the failure is not noticeably different whether or not the password
-is correct.  This behaviour can be detected by sending a very long
-password string which is slower to hash than the fake password.
-
-Mitigate by constructing an invalid password that is the same length
-as the one from the client and thus takes the same time to hash.
-Diff from djm@
-
-Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=283b97ff33ea2c641161950849931bd578de6946
-Bug-Debian: https://bugs.debian.org/831902
-Last-Update: 2016-07-22
-
-Patch-Name: CVE-2016-6210-2.patch
----
- auth-pam.c | 35 +++++++++++++++++++++++++++++++----
- 1 file changed, 31 insertions(+), 4 deletions(-)
-
-diff --git a/auth-pam.c b/auth-pam.c
-index 8425af1..abd6a5e 100644
---- a/auth-pam.c
-+++ b/auth-pam.c
-@@ -232,7 +232,6 @@ static int sshpam_account_status = -1;
- static char **sshpam_env = NULL;
- static Authctxt *sshpam_authctxt = NULL;
- static const char *sshpam_password = NULL;
--static char badpw[] = "\b\n\r\177INCORRECT";
- 
- /* Some PAM implementations don't implement this */
- #ifndef HAVE_PAM_GETENVLIST
-@@ -810,12 +809,35 @@ sshpam_query(void *ctx, char **name, char **info,
-        return (-1);
- }
- 
-+/*
-+ * Returns a junk password of identical length to that the user supplied.
-+ * Used to mitigate timing attacks against crypt(3)/PAM stacks that
-+ * vary processing time in proportion to password length.
-+ */
-+static char *
-+fake_password(const char *wire_password)
-+{
-+       const char junk[] = "\b\n\r\177INCORRECT";
-+       char *ret = NULL;
-+       size_t i, l = wire_password != NULL ? strlen(wire_password) : 0;
-+
-+       if (l >= INT_MAX)
-+               fatal("%s: password length too long: %zu", __func__, l);
-+
-+       ret = malloc(l + 1);
-+       for (i = 0; i < l; i++)
-+               ret[i] = junk[i % (sizeof(junk) - 1)];
-+       ret[i] = '\0';
-+       return ret;
-+}
-+
- /* XXX - see also comment in auth-chall.c:verify_response */
- static int
- sshpam_respond(void *ctx, u_int num, char **resp)
- {
-        Buffer buffer;
-        struct pam_ctxt *ctxt = ctx;
-+       char *fake;
- 
-        debug2("PAM: %s entering, %u responses", __func__, num);
-        switch (ctxt->pam_done) {
-@@ -836,8 +858,11 @@ sshpam_respond(void *ctx, u_int num, char **resp)
-            (sshpam_authctxt->pw->pw_uid != 0 ||
-            options.permit_root_login == PERMIT_YES))
-                buffer_put_cstring(&buffer, *resp);
--       else
--               buffer_put_cstring(&buffer, badpw);
-+       else {
-+               fake = fake_password(*resp);
-+               buffer_put_cstring(&buffer, fake);
-+               free(fake);
-+       }
-        if (ssh_msg_send(ctxt->pam_psock, PAM_AUTHTOK, &buffer) == -1) {
-                buffer_free(&buffer);
-                return (-1);
-@@ -1181,6 +1206,7 @@ sshpam_auth_passwd(Authctxt *authctxt, const char *password)
- {
-        int flags = (options.permit_empty_passwd == 0 ?
-            PAM_DISALLOW_NULL_AUTHTOK : 0);
-+       char *fake = NULL;
- 
-        if (!options.use_pam || sshpam_handle == NULL)
-                fatal("PAM: %s called when PAM disabled or failed to "
-@@ -1196,7 +1222,7 @@ sshpam_auth_passwd(Authctxt *authctxt, const char *password)
-         */
-        if (!authctxt->valid || (authctxt->pw->pw_uid == 0 &&
-            options.permit_root_login != PERMIT_YES))
--               sshpam_password = badpw;
-+               sshpam_password = fake = fake_password(password);
- 
-        sshpam_err = pam_set_item(sshpam_handle, PAM_CONV,
-            (const void *)&passwd_conv);
-@@ -1206,6 +1232,7 @@ sshpam_auth_passwd(Authctxt *authctxt, const char *password)
- 
-        sshpam_err = pam_authenticate(sshpam_handle, flags);
-        sshpam_password = NULL;
-+       free(fake);
-        if (sshpam_err == PAM_SUCCESS && authctxt->valid) {
-                debug("PAM: password authentication accepted for %.100s",
-                    authctxt->user);
diff --git a/debian/patches/CVE-2016-6210-3.patch b/debian/patches/CVE-2016-6210-3.patch
deleted file mode 100644
index 303c34ee1..000000000
--- a/debian/patches/CVE-2016-6210-3.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-From abde8dda29c2db2405d6fbca2fe022430e2c1177 Mon Sep 17 00:00:00 2001
-From: Darren Tucker <dtucker@zip.com.au>
-Date: Thu, 21 Jul 2016 14:17:31 +1000
-Subject: Search users for one with a valid salt.
-
-If the root account is locked (eg password "!!" or "*LK*") keep looking
-until we find a user with a valid salt to use for crypting passwords of
-invalid users.  ok djm@
-
-Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=dbf788b4d9d9490a5fff08a7b09888272bb10fcc
-Bug-Debian: https://bugs.debian.org/831902
-Last-Update: 2016-07-22
-
-Patch-Name: CVE-2016-6210-3.patch
----
- openbsd-compat/xcrypt.c | 24 +++++++++++++++---------
- 1 file changed, 15 insertions(+), 9 deletions(-)
-
-diff --git a/openbsd-compat/xcrypt.c b/openbsd-compat/xcrypt.c
-index 8913bb8..cf6a9b9 100644
---- a/openbsd-compat/xcrypt.c
-+++ b/openbsd-compat/xcrypt.c
-@@ -65,7 +65,9 @@
- 
- /*
-  * Pick an appropriate password encryption type and salt for the running
-- * system.
-+ * system by searching through accounts until we find one that has a valid
-+ * salt.  Usually this will be root unless the root account is locked out.
-+ * If we don't find one we return a traditional DES-based salt.
-  */
- static const char *
- pick_salt(void)
-@@ -78,14 +80,18 @@ pick_salt(void)
-        if (salt[0] != '\0')
-                return salt;
-        strlcpy(salt, "xx", sizeof(salt));
--       if ((pw = getpwuid(0)) == NULL)
--               return salt;
--       passwd = shadow_pw(pw);
--       if (passwd[0] != '$' || (p = strrchr(passwd + 1, '$')) == NULL)
--               return salt;  /* no $, DES */
--       typelen = p - passwd + 1;
--       strlcpy(salt, passwd, MIN(typelen, sizeof(salt)));
--       explicit_bzero(passwd, strlen(passwd));
-+       setpwent();
-+       while ((pw = getpwent()) != NULL) {
-+               passwd = shadow_pw(pw);
-+               if (passwd[0] == '$' && (p = strrchr(passwd+1, '$')) != NULL) {
-+                       typelen = p - passwd + 1;
-+                       strlcpy(salt, passwd, MIN(typelen, sizeof(salt)));
-+                       explicit_bzero(passwd, strlen(passwd));
-+                       goto out;
-+               }
-+       }
-+ out:
-+       endpwent();
-        return salt;
- }
- 
diff --git a/debian/patches/auth-log-verbosity.patch b/debian/patches/auth-log-verbosity.patch
index a08e710da..7abed3704 100644
--- a/debian/patches/auth-log-verbosity.patch
+++ b/debian/patches/auth-log-verbosity.patch
@@ -1,4 +1,4 @@
-From 1dd7836b386be1816bc565aafb9875769430a02d Mon Sep 17 00:00:00 2001
+From b4b79ae5a16f73426b54c6394a29b2b49da4dc16 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:02 +0000
 Subject: Quieten logs when multiple from= restrictions are used
@@ -16,10 +16,10 @@ Patch-Name: auth-log-verbosity.patch
  4 files changed, 32 insertions(+), 9 deletions(-)
 
 diff --git a/auth-options.c b/auth-options.c
-index edbaf80..bda39df 100644
+index b399b91..a9d9a81 100644
 --- a/auth-options.c
 +++ b/auth-options.c
-@@ -58,9 +58,20 @@ int forced_tun_device = -1;
+@@ -59,9 +59,20 @@ int forced_tun_device = -1;
  /* "principals=" option. */
  char *authorized_principals = NULL;
  
@@ -40,7 +40,7 @@ index edbaf80..bda39df 100644
  auth_clear_options(void)
  {
         no_agent_forwarding_flag = 0;
-@@ -314,10 +325,13 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
+@@ -316,10 +327,13 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
                                 /* FALLTHROUGH */
                         case 0:
                                 free(patterns);
@@ -58,7 +58,7 @@ index edbaf80..bda39df 100644
                                 auth_debug_add("Your host '%.200s' is not "
                                     "permitted to use this key for login.",
                                     remote_host);
-@@ -540,11 +554,14 @@ parse_option_list(struct sshbuf *oblob, struct passwd *pw,
+@@ -543,11 +557,14 @@ parse_option_list(struct sshbuf *oblob, struct passwd *pw,
                                         break;
                                 case 0:
                                         /* no match */
diff --git a/debian/patches/authorized-keys-man-symlink.patch b/debian/patches/authorized-keys-man-symlink.patch
index 16319024c..d75494fa6 100644
--- a/debian/patches/authorized-keys-man-symlink.patch
+++ b/debian/patches/authorized-keys-man-symlink.patch
@@ -1,4 +1,4 @@
-From 37a9102e7075f34d57b02d1eac631efa73f120fd Mon Sep 17 00:00:00 2001
+From 724283a55e8928a5564722ebe9c133033b51809d Mon Sep 17 00:00:00 2001
 From: Tomas Pospisek <tpo_deb@sourcepole.ch>
 Date: Sun, 9 Feb 2014 16:10:07 +0000
 Subject: Install authorized_keys(5) as a symlink to sshd(8)
@@ -13,10 +13,10 @@ Patch-Name: authorized-keys-man-symlink.patch
  1 file changed, 1 insertion(+)
 
 diff --git a/Makefile.in b/Makefile.in
-index 0954c63..85cde7f 100644
+index 51817df..21948dd 100644
 --- a/Makefile.in
 +++ b/Makefile.in
-@@ -324,6 +324,7 @@ install-files:
+@@ -327,6 +327,7 @@ install-files:
         $(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5
         $(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh_config.5
         $(INSTALL) -m 644 sshd.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8
diff --git a/debian/patches/control-persist-close-stderr.patch b/debian/patches/control-persist-close-stderr.patch
deleted file mode 100644
index f800c0d13..000000000
--- a/debian/patches/control-persist-close-stderr.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-From 751d1f6494fb3ffd75188de7390c28725a5b91a6 Mon Sep 17 00:00:00 2001
-From: "djm@openbsd.org" <djm@openbsd.org>
-Date: Fri, 29 Apr 2016 08:07:53 +0000
-Subject: upstream commit
-
-close ControlPersist background process stderr when not
- in debug mode or when logging to a file or syslog. bz#1988 ok dtucker
-
-Upstream-ID: 4fb726f0fdcb155ad419913cea10dc4afd409d24
-
-Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=d2d6bf864e52af8491a60dd507f85b74361f5da3
-Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1988
-Bug-Debian: https://bugs.debian.org/714526
-Last-Update: 2016-07-22
-
-Patch-Name: control-persist-close-stderr.patch
----
- log.c | 2 +-
- ssh.c | 6 ++++--
- 2 files changed, 5 insertions(+), 3 deletions(-)
-
-diff --git a/log.c b/log.c
-index e68b84a..6c59641 100644
---- a/log.c
-+++ b/log.c
-@@ -343,7 +343,7 @@ log_change_level(LogLevel new_log_level)
- int
- log_is_on_stderr(void)
- {
--       return log_on_stderr;
-+       return log_on_stderr && log_stderr_fd == STDERR_FILENO;
- }
- 
- /* redirect what would usually get written to stderr to specified file */
-diff --git a/ssh.c b/ssh.c
-index 314dd52..af39e72 100644
---- a/ssh.c
-+++ b/ssh.c
-@@ -1392,7 +1392,7 @@ static void
- control_persist_detach(void)
- {
-        pid_t pid;
--       int devnull;
-+       int devnull, keep_stderr;
- 
-        debug("%s: backgrounding master process", __func__);
- 
-@@ -1423,8 +1423,10 @@ control_persist_detach(void)
-                error("%s: open(\"/dev/null\"): %s", __func__,
-                    strerror(errno));
-        } else {
-+               keep_stderr = log_is_on_stderr() && debug_flag;
-                if (dup2(devnull, STDIN_FILENO) == -1 ||
--                   dup2(devnull, STDOUT_FILENO) == -1)
-+                   dup2(devnull, STDOUT_FILENO) == -1 ||
-+                   (!keep_stderr && dup2(devnull, STDERR_FILENO) == -1))
-                        error("%s: dup2: %s", __func__, strerror(errno));
-                if (devnull > STDERR_FILENO)
-                        close(devnull);
diff --git a/debian/patches/debian-banner.patch b/debian/patches/debian-banner.patch
index 4d60c3c01..cf4bfad50 100644
--- a/debian/patches/debian-banner.patch
+++ b/debian/patches/debian-banner.patch
@@ -1,4 +1,4 @@
-From 1b9f8f458824d7e46f9f749c77f26016f2ea9967 Mon Sep 17 00:00:00 2001
+From 277ad2acedde81dce324e711da116d100b47f445 Mon Sep 17 00:00:00 2001
 From: Kees Cook <kees@debian.org>
 Date: Sun, 9 Feb 2014 16:10:06 +0000
 Subject: Add DebianBanner server configuration option
@@ -19,7 +19,7 @@ Patch-Name: debian-banner.patch
  4 files changed, 18 insertions(+), 1 deletion(-)
 
 diff --git a/servconf.c b/servconf.c
-index fad7c92..8ca9695 100644
+index bf9f8f7..a98b309 100644
 --- a/servconf.c
 +++ b/servconf.c
 @@ -171,6 +171,7 @@ initialize_server_options(ServerOptions *options)
@@ -39,7 +39,7 @@ index fad7c92..8ca9695 100644
  
         assemble_algorithms(options);
  
-@@ -437,6 +440,7 @@ typedef enum {
+@@ -445,6 +448,7 @@ typedef enum {
         sAuthenticationMethods, sHostKeyAgent, sPermitUserRC,
         sStreamLocalBindMask, sStreamLocalBindUnlink,
         sAllowStreamLocalForwarding, sFingerprintHash,
@@ -47,7 +47,7 @@ index fad7c92..8ca9695 100644
         sDeprecated, sUnsupported
  } ServerOpCodes;
  
-@@ -588,6 +592,7 @@ static struct {
+@@ -596,6 +600,7 @@ static struct {
         { "streamlocalbindunlink", sStreamLocalBindUnlink, SSHCFG_ALL },
         { "allowstreamlocalforwarding", sAllowStreamLocalForwarding, SSHCFG_ALL },
         { "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL },
@@ -55,7 +55,7 @@ index fad7c92..8ca9695 100644
         { NULL, sBadOption, 0 }
  };
  
-@@ -1874,6 +1879,10 @@ process_server_config_line(ServerOptions *options, char *line,
+@@ -1903,6 +1908,10 @@ process_server_config_line(ServerOptions *options, char *line,
                         options->fingerprint_hash = value;
                 break;
  
@@ -80,10 +80,10 @@ index 778ba17..161fa37 100644
  
  /* Information about the incoming connection as used by Match */
 diff --git a/sshd.c b/sshd.c
-index c762190..57ae4ad 100644
+index e873557..71fad9e 100644
 --- a/sshd.c
 +++ b/sshd.c
-@@ -442,7 +442,8 @@ sshd_exchange_identification(int sock_in, int sock_out)
+@@ -443,7 +443,8 @@ sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out)
         }
  
         xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s",
@@ -94,10 +94,10 @@ index c762190..57ae4ad 100644
             options.version_addendum, newline);
  
 diff --git a/sshd_config.5 b/sshd_config.5
-index bc79a66..b565640 100644
+index e05cdbe..ac9b1f0 100644
 --- a/sshd_config.5
 +++ b/sshd_config.5
-@@ -534,6 +534,11 @@ or
+@@ -541,6 +541,11 @@ or
  .Dq no .
  The default is
  .Dq delayed .
diff --git a/debian/patches/debian-config.patch b/debian/patches/debian-config.patch
index bb1728107..1d9efcbbf 100644
--- a/debian/patches/debian-config.patch
+++ b/debian/patches/debian-config.patch
@@ -1,4 +1,4 @@
-From d888c9637031a93c13c168a35e99e9aa76c14a9a Mon Sep 17 00:00:00 2001
+From 4c914ccd85bbf391c4dc61b85e3c178fef465e3f Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:18 +0000
 Subject: Various Debian-specific configuration changes
@@ -32,10 +32,10 @@ Patch-Name: debian-config.patch
  6 files changed, 72 insertions(+), 4 deletions(-)
 
 diff --git a/readconf.c b/readconf.c
-index cc1a633..dc22360 100644
+index f6b4c8f..5cd51f3 100644
 --- a/readconf.c
 +++ b/readconf.c
-@@ -1797,7 +1797,7 @@ fill_default_options(Options * options)
+@@ -1928,7 +1928,7 @@ fill_default_options(Options * options)
         if (options->forward_x11 == -1)
                 options->forward_x11 = 0;
         if (options->forward_x11_trusted == -1)
@@ -43,12 +43,12 @@ index cc1a633..dc22360 100644
 +               options->forward_x11_trusted = 1;
         if (options->forward_x11_timeout == -1)
                 options->forward_x11_timeout = 1200;
-        if (options->exit_on_forward_failure == -1)
+        /*
 diff --git a/ssh.1 b/ssh.1
-index 74d9655..7fb9d30 100644
+index 22e56a7..6aa57c4 100644
 --- a/ssh.1
 +++ b/ssh.1
-@@ -760,6 +760,16 @@ directive in
+@@ -785,6 +785,16 @@ directive in
  .Xr ssh_config 5
  for more information.
  .Pp
@@ -65,7 +65,7 @@ index 74d9655..7fb9d30 100644
  .It Fl x
  Disables X11 forwarding.
  .Pp
-@@ -768,6 +778,17 @@ Enables trusted X11 forwarding.
+@@ -793,6 +803,17 @@ Enables trusted X11 forwarding.
  Trusted X11 forwardings are not subjected to the X11 SECURITY extension
  controls.
  .Pp
@@ -108,7 +108,7 @@ index 4e879cd..5190b06 100644
 +    GSSAPIAuthentication yes
 +    GSSAPIDelegateCredentials no
 diff --git a/ssh_config.5 b/ssh_config.5
-index 0f52d14..51765c9 100644
+index 30c97a9..c967258 100644
 --- a/ssh_config.5
 +++ b/ssh_config.5
 @@ -74,6 +74,22 @@ Since the first obtained value for each parameter is used, more
@@ -145,10 +145,10 @@ index 0f52d14..51765c9 100644
  See the X11 SECURITY extension specification for full details on
  the restrictions imposed on untrusted clients.
 diff --git a/sshd_config b/sshd_config
-index f103298..d103ac5 100644
+index 3fe3e01..ec8ff8f 100644
 --- a/sshd_config
 +++ b/sshd_config
-@@ -125,7 +125,7 @@ AuthorizedKeysFile  .ssh/authorized_keys
+@@ -124,7 +124,7 @@ AuthorizedKeysFile  .ssh/authorized_keys
  #Banner none
  
  # override default of no subsystems
@@ -158,7 +158,7 @@ index f103298..d103ac5 100644
  # Example of overriding settings on a per-user basis
  #Match User anoncvs
 diff --git a/sshd_config.5 b/sshd_config.5
-index 4d255e5..2387b51 100644
+index b2b349e..79f2d61 100644
 --- a/sshd_config.5
 +++ b/sshd_config.5
 @@ -57,6 +57,31 @@ Arguments may optionally be enclosed in double quotes
diff --git a/debian/patches/dnssec-sshfp.patch b/debian/patches/dnssec-sshfp.patch
index a82a719b2..e4498fb48 100644
--- a/debian/patches/dnssec-sshfp.patch
+++ b/debian/patches/dnssec-sshfp.patch
@@ -1,4 +1,4 @@
-From ca8dd1a2520b4230dd97d8e4774426b756f16c42 Mon Sep 17 00:00:00 2001
+From 9d9a37bb0c2d7546253ff2b0b67e314d8475bfc7 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:01 +0000
 Subject: Force use of DNSSEC even if "options edns0" isn't in resolv.conf
diff --git a/debian/patches/doc-hash-tab-completion.patch b/debian/patches/doc-hash-tab-completion.patch
index b0b7e5602..5f91cadfe 100644
--- a/debian/patches/doc-hash-tab-completion.patch
+++ b/debian/patches/doc-hash-tab-completion.patch
@@ -1,4 +1,4 @@
-From 298a5e96571cbe9036a2445eecaca26d2aeade11 Mon Sep 17 00:00:00 2001
+From bfea780bba64294541d98efcc26b01392ff64c60 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:11 +0000
 Subject: Document that HashKnownHosts may break tab-completion
@@ -13,7 +13,7 @@ Patch-Name: doc-hash-tab-completion.patch
  1 file changed, 3 insertions(+)
 
 diff --git a/ssh_config.5 b/ssh_config.5
-index ab8f271..0f52d14 100644
+index 5dd26bc..30c97a9 100644
 --- a/ssh_config.5
 +++ b/ssh_config.5
 @@ -883,6 +883,9 @@ Note that existing names and addresses in known hosts files
diff --git a/debian/patches/doc-upstart.patch b/debian/patches/doc-upstart.patch
index 5d52dcde6..8f093d80c 100644
--- a/debian/patches/doc-upstart.patch
+++ b/debian/patches/doc-upstart.patch
@@ -1,4 +1,4 @@
-From ceec3c2a41d87211d478fa6332137aad39dcd18a Mon Sep 17 00:00:00 2001
+From e4ba4e1616d372522de9e18f0973ed49a5521b95 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@ubuntu.com>
 Date: Sun, 9 Feb 2014 16:10:12 +0000
 Subject: Refer to ssh's Upstart job as well as its init script
diff --git a/debian/patches/gnome-ssh-askpass2-icon.patch b/debian/patches/gnome-ssh-askpass2-icon.patch
index 36ed11962..c34441df3 100644
--- a/debian/patches/gnome-ssh-askpass2-icon.patch
+++ b/debian/patches/gnome-ssh-askpass2-icon.patch
@@ -1,4 +1,4 @@
-From 067b8148b52fcf5de6e3bfa3a90ed8a2fa05d8e6 Mon Sep 17 00:00:00 2001
+From db85bf41862b80b0447777d942a091cd3ac5f1c1 Mon Sep 17 00:00:00 2001
 From: Vincent Untz <vuntz@ubuntu.com>
 Date: Sun, 9 Feb 2014 16:10:16 +0000
 Subject: Give the ssh-askpass-gnome window a default icon
diff --git a/debian/patches/gssapi.patch b/debian/patches/gssapi.patch
index fd3b9b630..8e946aa88 100644
--- a/debian/patches/gssapi.patch
+++ b/debian/patches/gssapi.patch
@@ -1,4 +1,4 @@
-From 8c27af53099b50387dda97c0aae36194197186f6 Mon Sep 17 00:00:00 2001
+From eecddf8b72fcad83ccca43b1badb03782704f6b7 Mon Sep 17 00:00:00 2001
 From: Simon Wilkinson <simon@sxw.org.uk>
 Date: Sun, 9 Feb 2014 16:09:48 +0000
 Subject: GSSAPI key exchange support
@@ -17,26 +17,28 @@ have it merged into the main openssh package rather than having separate
 security history.
 
 Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242
-Last-Updated: 2016-03-21
+Last-Updated: 2016-08-07
 
 Patch-Name: gssapi.patch
 ---
  ChangeLog.gssapi | 113 +++++++++++++++++++
  Makefile.in      |   3 +-
  auth-krb5.c      |  17 ++-
- auth.c           |   3 +-
+ auth.c           |  96 +---------------
  auth2-gss.c      |  48 +++++++-
  auth2.c          |   2 +
+ canohost.c       |  93 +++++++++++++++
+ canohost.h       |   3 +
  clientloop.c     |  15 ++-
  config.h.in      |   6 +
  configure.ac     |  24 ++++
- gss-genr.c       | 275 ++++++++++++++++++++++++++++++++++++++++++++-
+ gss-genr.c       | 275 +++++++++++++++++++++++++++++++++++++++++++-
  gss-serv-krb5.c  |  85 ++++++++++++--
  gss-serv.c       | 185 +++++++++++++++++++++++++++---
- kex.c            |  16 +++
+ kex.c            |  19 ++++
  kex.h            |  14 +++
- kexgssc.c        | 336 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
- kexgsss.c        | 294 ++++++++++++++++++++++++++++++++++++++++++++++++
+ kexgssc.c        | 338 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ kexgsss.c        | 295 ++++++++++++++++++++++++++++++++++++++++++++++++
  monitor.c        | 108 +++++++++++++++++-
  monitor.h        |   3 +
  monitor_wrap.c   |  47 +++++++-
@@ -48,13 +50,13 @@ Patch-Name: gssapi.patch
  ssh-gss.h        |  41 ++++++-
  ssh_config       |   2 +
  ssh_config.5     |  32 ++++++
- sshconnect2.c    | 120 +++++++++++++++++++-
+ sshconnect2.c    | 122 +++++++++++++++++++-
  sshd.c           | 110 ++++++++++++++++++
  sshd_config      |   2 +
  sshd_config.5    |  10 ++
  sshkey.c         |   3 +-
  sshkey.h         |   1 +
- 33 files changed, 1950 insertions(+), 46 deletions(-)
+ 35 files changed, 2054 insertions(+), 139 deletions(-)
  create mode 100644 ChangeLog.gssapi
  create mode 100644 kexgssc.c
  create mode 100644 kexgsss.c
@@ -179,7 +181,7 @@ index 0000000..f117a33
 +    (from jbasney AT ncsa.uiuc.edu)
 +    <gssapi-with-mic support is Bugzilla #1008>
 diff --git a/Makefile.in b/Makefile.in
-index d401787..0954c63 100644
+index 12991cd..51817df 100644
 --- a/Makefile.in
 +++ b/Makefile.in
 @@ -92,6 +92,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
@@ -187,7 +189,7 @@ index d401787..0954c63 100644
         kexdhc.o kexgexc.o kexecdhc.o kexc25519c.o \
         kexdhs.o kexgexs.o kexecdhs.o kexc25519s.o \
 +       kexgssc.o \
-        platform-pledge.o
+        platform-pledge.o platform-tracing.o
  
  SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
 @@ -105,7 +106,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
@@ -200,10 +202,10 @@ index d401787..0954c63 100644
         sftp-server.o sftp-common.o \
         sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
 diff --git a/auth-krb5.c b/auth-krb5.c
-index d1c5a2f..f019fb1 100644
+index a5a81ed..38e7fee 100644
 --- a/auth-krb5.c
 +++ b/auth-krb5.c
-@@ -183,8 +183,13 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
+@@ -182,8 +182,13 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
  
         len = strlen(authctxt->krb5_ticket_file) + 6;
         authctxt->krb5_ccname = xmalloc(len);
@@ -217,7 +219,7 @@ index d1c5a2f..f019fb1 100644
  
  #ifdef USE_PAM
         if (options.use_pam)
-@@ -241,15 +246,22 @@ krb5_cleanup_proc(Authctxt *authctxt)
+@@ -240,15 +245,22 @@ krb5_cleanup_proc(Authctxt *authctxt)
  #ifndef HEIMDAL
  krb5_error_code
  ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) {
@@ -242,7 +244,7 @@ index d1c5a2f..f019fb1 100644
         old_umask = umask(0177);
         tmpfd = mkstemp(ccname + strlen("FILE:"));
         oerrno = errno;
-@@ -266,6 +278,7 @@ ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) {
+@@ -265,6 +277,7 @@ ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) {
                 return oerrno;
         }
         close(tmpfd);
@@ -251,10 +253,10 @@ index d1c5a2f..f019fb1 100644
         return (krb5_cc_resolve(ctx, ccname, ccache));
  }
 diff --git a/auth.c b/auth.c
-index 214c2c7..bd6a026 100644
+index 24527dd..f56dcc6 100644
 --- a/auth.c
 +++ b/auth.c
-@@ -354,7 +354,8 @@ auth_root_allowed(const char *method)
+@@ -363,7 +363,8 @@ auth_root_allowed(const char *method)
         case PERMIT_NO_PASSWD:
                 if (strcmp(method, "publickey") == 0 ||
                     strcmp(method, "hostbased") == 0 ||
@@ -264,6 +266,106 @@ index 214c2c7..bd6a026 100644
                         return 1;
                 break;
         case PERMIT_FORCED_ONLY:
+@@ -786,99 +787,6 @@ fakepw(void)
+ }
+ 
+ /*
+- * Returns the remote DNS hostname as a string. The returned string must not
+- * be freed. NB. this will usually trigger a DNS query the first time it is
+- * called.
+- * This function does additional checks on the hostname to mitigate some
+- * attacks on legacy rhosts-style authentication.
+- * XXX is RhostsRSAAuthentication vulnerable to these?
+- * XXX Can we remove these checks? (or if not, remove RhostsRSAAuthentication?)
+- */
+-
+-static char *
+-remote_hostname(struct ssh *ssh)
+-{
+-       struct sockaddr_storage from;
+-       socklen_t fromlen;
+-       struct addrinfo hints, *ai, *aitop;
+-       char name[NI_MAXHOST], ntop2[NI_MAXHOST];
+-       const char *ntop = ssh_remote_ipaddr(ssh);
+-
+-       /* Get IP address of client. */
+-       fromlen = sizeof(from);
+-       memset(&from, 0, sizeof(from));
+-       if (getpeername(ssh_packet_get_connection_in(ssh),
+-           (struct sockaddr *)&from, &fromlen) < 0) {
+-               debug("getpeername failed: %.100s", strerror(errno));
+-               return strdup(ntop);
+-       }
+-
+-       ipv64_normalise_mapped(&from, &fromlen);
+-       if (from.ss_family == AF_INET6)
+-               fromlen = sizeof(struct sockaddr_in6);
+-
+-       debug3("Trying to reverse map address %.100s.", ntop);
+-       /* Map the IP address to a host name. */
+-       if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name),
+-           NULL, 0, NI_NAMEREQD) != 0) {
+-               /* Host name not found.  Use ip address. */
+-               return strdup(ntop);
+-       }
+-
+-       /*
+-        * if reverse lookup result looks like a numeric hostname,
+-        * someone is trying to trick us by PTR record like following:
+-        *      1.1.1.10.in-addr.arpa.  IN PTR  2.3.4.5
+-        */
+-       memset(&hints, 0, sizeof(hints));
+-       hints.ai_socktype = SOCK_DGRAM; /*dummy*/
+-       hints.ai_flags = AI_NUMERICHOST;
+-       if (getaddrinfo(name, NULL, &hints, &ai) == 0) {
+-               logit("Nasty PTR record \"%s\" is set up for %s, ignoring",
+-                   name, ntop);
+-               freeaddrinfo(ai);
+-               return strdup(ntop);
+-       }
+-
+-       /* Names are stored in lowercase. */
+-       lowercase(name);
+-
+-       /*
+-        * Map it back to an IP address and check that the given
+-        * address actually is an address of this host.  This is
+-        * necessary because anyone with access to a name server can
+-        * define arbitrary names for an IP address. Mapping from
+-        * name to IP address can be trusted better (but can still be
+-        * fooled if the intruder has access to the name server of
+-        * the domain).
+-        */
+-       memset(&hints, 0, sizeof(hints));
+-       hints.ai_family = from.ss_family;
+-       hints.ai_socktype = SOCK_STREAM;
+-       if (getaddrinfo(name, NULL, &hints, &aitop) != 0) {
+-               logit("reverse mapping checking getaddrinfo for %.700s "
+-                   "[%s] failed.", name, ntop);
+-               return strdup(ntop);
+-       }
+-       /* Look for the address from the list of addresses. */
+-       for (ai = aitop; ai; ai = ai->ai_next) {
+-               if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop2,
+-                   sizeof(ntop2), NULL, 0, NI_NUMERICHOST) == 0 &&
+-                   (strcmp(ntop, ntop2) == 0))
+-                               break;
+-       }
+-       freeaddrinfo(aitop);
+-       /* If we reached the end of the list, the address was not there. */
+-       if (ai == NULL) {
+-               /* Address not found for the host name. */
+-               logit("Address %.100s maps to %.600s, but this does not "
+-                   "map back to the address.", ntop, name);
+-               return strdup(ntop);
+-       }
+-       return strdup(name);
+-}
+-
+-/*
+  * Return the canonical name of the host in the other side of the current
+  * connection.  The host name is cached, so it is efficient to call this
+  * several times.
 diff --git a/auth2-gss.c b/auth2-gss.c
 index 1ca8357..3b5036d 100644
 --- a/auth2-gss.c
@@ -352,7 +454,7 @@ index 1ca8357..3b5036d 100644
         "gssapi-with-mic",
         userauth_gssapi,
 diff --git a/auth2.c b/auth2.c
-index 7177962..3f49bdc 100644
+index 9108b86..ce0d376 100644
 --- a/auth2.c
 +++ b/auth2.c
 @@ -70,6 +70,7 @@ extern Authmethod method_passwd;
@@ -371,8 +473,126 @@ index 7177962..3f49bdc 100644
         &method_gssapi,
  #endif
         &method_passwd,
+diff --git a/canohost.c b/canohost.c
+index f71a085..404731d 100644
+--- a/canohost.c
++++ b/canohost.c
+@@ -35,6 +35,99 @@
+ #include "canohost.h"
+ #include "misc.h"
+ 
++/*
++ * Returns the remote DNS hostname as a string. The returned string must not
++ * be freed. NB. this will usually trigger a DNS query the first time it is
++ * called.
++ * This function does additional checks on the hostname to mitigate some
++ * attacks on legacy rhosts-style authentication.
++ * XXX is RhostsRSAAuthentication vulnerable to these?
++ * XXX Can we remove these checks? (or if not, remove RhostsRSAAuthentication?)
++ */
++
++char *
++remote_hostname(struct ssh *ssh)
++{
++       struct sockaddr_storage from;
++       socklen_t fromlen;
++       struct addrinfo hints, *ai, *aitop;
++       char name[NI_MAXHOST], ntop2[NI_MAXHOST];
++       const char *ntop = ssh_remote_ipaddr(ssh);
++
++       /* Get IP address of client. */
++       fromlen = sizeof(from);
++       memset(&from, 0, sizeof(from));
++       if (getpeername(ssh_packet_get_connection_in(ssh),
++           (struct sockaddr *)&from, &fromlen) < 0) {
++               debug("getpeername failed: %.100s", strerror(errno));
++               return strdup(ntop);
++       }
++
++       ipv64_normalise_mapped(&from, &fromlen);
++       if (from.ss_family == AF_INET6)
++               fromlen = sizeof(struct sockaddr_in6);
++
++       debug3("Trying to reverse map address %.100s.", ntop);
++       /* Map the IP address to a host name. */
++       if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name),
++           NULL, 0, NI_NAMEREQD) != 0) {
++               /* Host name not found.  Use ip address. */
++               return strdup(ntop);
++       }
++
++       /*
++        * if reverse lookup result looks like a numeric hostname,
++        * someone is trying to trick us by PTR record like following:
++        *      1.1.1.10.in-addr.arpa.  IN PTR  2.3.4.5
++        */
++       memset(&hints, 0, sizeof(hints));
++       hints.ai_socktype = SOCK_DGRAM; /*dummy*/
++       hints.ai_flags = AI_NUMERICHOST;
++       if (getaddrinfo(name, NULL, &hints, &ai) == 0) {
++               logit("Nasty PTR record \"%s\" is set up for %s, ignoring",
++                   name, ntop);
++               freeaddrinfo(ai);
++               return strdup(ntop);
++       }
++
++       /* Names are stored in lowercase. */
++       lowercase(name);
++
++       /*
++        * Map it back to an IP address and check that the given
++        * address actually is an address of this host.  This is
++        * necessary because anyone with access to a name server can
++        * define arbitrary names for an IP address. Mapping from
++        * name to IP address can be trusted better (but can still be
++        * fooled if the intruder has access to the name server of
++        * the domain).
++        */
++       memset(&hints, 0, sizeof(hints));
++       hints.ai_family = from.ss_family;
++       hints.ai_socktype = SOCK_STREAM;
++       if (getaddrinfo(name, NULL, &hints, &aitop) != 0) {
++               logit("reverse mapping checking getaddrinfo for %.700s "
++                   "[%s] failed.", name, ntop);
++               return strdup(ntop);
++       }
++       /* Look for the address from the list of addresses. */
++       for (ai = aitop; ai; ai = ai->ai_next) {
++               if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop2,
++                   sizeof(ntop2), NULL, 0, NI_NUMERICHOST) == 0 &&
++                   (strcmp(ntop, ntop2) == 0))
++                               break;
++       }
++       freeaddrinfo(aitop);
++       /* If we reached the end of the list, the address was not there. */
++       if (ai == NULL) {
++               /* Address not found for the host name. */
++               logit("Address %.100s maps to %.600s, but this does not "
++                   "map back to the address.", ntop, name);
++               return strdup(ntop);
++       }
++       return strdup(name);
++}
++
+ void
+ ipv64_normalise_mapped(struct sockaddr_storage *addr, socklen_t *len)
+ {
+diff --git a/canohost.h b/canohost.h
+index 26d6285..0cadc9f 100644
+--- a/canohost.h
++++ b/canohost.h
+@@ -15,6 +15,9 @@
+ #ifndef _CANOHOST_H
+ #define _CANOHOST_H
+ 
++struct ssh;
++
++char           *remote_hostname(struct ssh *);
+ char           *get_peer_ipaddr(int);
+ int             get_peer_port(int);
+ char           *get_local_ipaddr(int);
 diff --git a/clientloop.c b/clientloop.c
-index 9820455..1567e4a 100644
+index 2c44f5d..421241f 100644
 --- a/clientloop.c
 +++ b/clientloop.c
 @@ -114,6 +114,10 @@
@@ -386,7 +606,7 @@ index 9820455..1567e4a 100644
  /* import options */
  extern Options options;
  
-@@ -1662,9 +1666,18 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
+@@ -1666,9 +1670,18 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
                         break;
  
                 /* Do channel operations unless rekeying in progress. */
@@ -407,10 +627,10 @@ index 9820455..1567e4a 100644
                 client_process_net_input(readset);
  
 diff --git a/config.h.in b/config.h.in
-index 89bf1b0..621c139 100644
+index 39d018f..d7caf9a 100644
 --- a/config.h.in
 +++ b/config.h.in
-@@ -1641,6 +1641,9 @@
+@@ -1668,6 +1668,9 @@
  /* Use btmp to log bad logins */
  #undef USE_BTMP
  
@@ -420,7 +640,7 @@ index 89bf1b0..621c139 100644
  /* Use libedit for sftp */
  #undef USE_LIBEDIT
  
-@@ -1656,6 +1659,9 @@
+@@ -1683,6 +1686,9 @@
  /* Use PIPES instead of a socketpair() */
  #undef USE_PIPES
  
@@ -431,7 +651,7 @@ index 89bf1b0..621c139 100644
  #undef USE_SOLARIS_PRIVS
  
 diff --git a/configure.ac b/configure.ac
-index 7258cc0..5f1ff74 100644
+index 373d21b..894ec3b 100644
 --- a/configure.ac
 +++ b/configure.ac
 @@ -632,6 +632,30 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
@@ -463,7 +683,7 @@ index 7258cc0..5f1ff74 100644
 +               [AC_MSG_RESULT([no])]
 +       )
         m4_pattern_allow([AU_IPv])
-        AC_CHECK_DECL([AU_IPv4], [], 
+        AC_CHECK_DECL([AU_IPv4], [],
             AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records])
 diff --git a/gss-genr.c b/gss-genr.c
 index d617d60..b4eca3f 100644
@@ -1214,10 +1434,10 @@ index 53993d6..2f6baf7 100644
  
  #endif
 diff --git a/kex.c b/kex.c
-index d371f47..913e923 100644
+index 50c7a0f..c17d652 100644
 --- a/kex.c
 +++ b/kex.c
-@@ -54,6 +54,10 @@
+@@ -55,6 +55,10 @@
  #include "sshbuf.h"
  #include "digest.h"
  
@@ -1228,7 +1448,7 @@ index d371f47..913e923 100644
  #if OPENSSL_VERSION_NUMBER >= 0x00907000L
  # if defined(HAVE_EVP_SHA256)
  # define evp_ssh_sha256 EVP_sha256
-@@ -109,6 +113,14 @@ static const struct kexalg kexalgs[] = {
+@@ -113,6 +117,14 @@ static const struct kexalg kexalgs[] = {
  #endif /* HAVE_EVP_SHA256 || !WITH_OPENSSL */
         { NULL, -1, -1, -1},
  };
@@ -1243,7 +1463,7 @@ index d371f47..913e923 100644
  
  char *
  kex_alg_list(char sep)
-@@ -141,6 +153,10 @@ kex_alg_by_name(const char *name)
+@@ -145,6 +157,10 @@ kex_alg_by_name(const char *name)
                 if (strcmp(k->name, name) == 0)
                         return k;
         }
@@ -1254,11 +1474,21 @@ index d371f47..913e923 100644
         return NULL;
  }
  
+@@ -587,6 +603,9 @@ kex_free(struct kex *kex)
+        sshbuf_free(kex->peer);
+        sshbuf_free(kex->my);
+        free(kex->session_id);
++#ifdef GSSAPI
++       free(kex->gss_host);
++#endif /* GSSAPI */
+        free(kex->client_version_string);
+        free(kex->server_version_string);
+        free(kex->failed_choice);
 diff --git a/kex.h b/kex.h
-index 1c58966..123ef83 100644
+index c351955..8ed459a 100644
 --- a/kex.h
 +++ b/kex.h
-@@ -92,6 +92,9 @@ enum kex_exchange {
+@@ -98,6 +98,9 @@ enum kex_exchange {
         KEX_DH_GEX_SHA256,
         KEX_ECDH_SHA2,
         KEX_C25519_SHA256,
@@ -1268,7 +1498,7 @@ index 1c58966..123ef83 100644
         KEX_MAX
  };
  
-@@ -140,6 +143,12 @@ struct kex {
+@@ -146,6 +149,12 @@ struct kex {
         u_int   flags;
         int     hash_alg;
         int     ec_nid;
@@ -1281,7 +1511,7 @@ index 1c58966..123ef83 100644
         char    *client_version_string;
         char    *server_version_string;
         char    *failed_choice;
-@@ -190,6 +199,11 @@ int         kexecdh_server(struct ssh *);
+@@ -196,6 +205,11 @@ int         kexecdh_server(struct ssh *);
  int     kexc25519_client(struct ssh *);
  int     kexc25519_server(struct ssh *);
  
@@ -1290,15 +1520,15 @@ index 1c58966..123ef83 100644
 +int     kexgss_server(struct ssh *);
 +#endif
 +
- int     kex_dh_hash(const char *, const char *,
+ int     kex_dh_hash(int, const char *, const char *,
      const u_char *, size_t, const u_char *, size_t, const u_char *, size_t,
      const BIGNUM *, const BIGNUM *, const BIGNUM *, u_char *, size_t *);
 diff --git a/kexgssc.c b/kexgssc.c
 new file mode 100644
-index 0000000..a49bac2
+index 0000000..10447f2
 --- /dev/null
 +++ b/kexgssc.c
-@@ -0,0 +1,336 @@
+@@ -0,0 +1,338 @@
 +/*
 + * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
 + *
@@ -1570,7 +1800,9 @@ index 0000000..a49bac2
 +       switch (ssh->kex->kex_type) {
 +       case KEX_GSS_GRP1_SHA1:
 +       case KEX_GSS_GRP14_SHA1:
-+               kex_dh_hash( ssh->kex->client_version_string, 
++               kex_dh_hash(
++                   ssh->kex->hash_alg,
++                   ssh->kex->client_version_string,
 +                   ssh->kex->server_version_string,
 +                   buffer_ptr(ssh->kex->my), buffer_len(ssh->kex->my),
 +                   buffer_ptr(ssh->kex->peer), buffer_len(ssh->kex->peer),
@@ -1637,10 +1869,10 @@ index 0000000..a49bac2
 +#endif /* GSSAPI */
 diff --git a/kexgsss.c b/kexgsss.c
 new file mode 100644
-index 0000000..dd8ba1d
+index 0000000..38ca082
 --- /dev/null
 +++ b/kexgsss.c
-@@ -0,0 +1,294 @@
+@@ -0,0 +1,295 @@
 +/*
 + * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
 + *
@@ -1861,6 +2093,7 @@ index 0000000..dd8ba1d
 +       case KEX_GSS_GRP1_SHA1:
 +       case KEX_GSS_GRP14_SHA1:
 +               kex_dh_hash(
++                   ssh->kex->hash_alg,
 +                   ssh->kex->client_version_string, ssh->kex->server_version_string,
 +                   buffer_ptr(ssh->kex->peer), buffer_len(ssh->kex->peer),
 +                   buffer_ptr(ssh->kex->my), buffer_len(ssh->kex->my),
@@ -1936,10 +2169,10 @@ index 0000000..dd8ba1d
 +}
 +#endif /* GSSAPI */
 diff --git a/monitor.c b/monitor.c
-index ac7dd30..6c82023 100644
+index cb57bd0..05bb48a 100644
 --- a/monitor.c
 +++ b/monitor.c
-@@ -156,6 +156,8 @@ int mm_answer_gss_setup_ctx(int, Buffer *);
+@@ -158,6 +158,8 @@ int mm_answer_gss_setup_ctx(int, Buffer *);
  int mm_answer_gss_accept_ctx(int, Buffer *);
  int mm_answer_gss_userok(int, Buffer *);
  int mm_answer_gss_checkmic(int, Buffer *);
@@ -1948,7 +2181,7 @@ index ac7dd30..6c82023 100644
  #endif
  
  #ifdef SSH_AUDIT_EVENTS
-@@ -233,11 +235,18 @@ struct mon_table mon_dispatch_proto20[] = {
+@@ -235,11 +237,18 @@ struct mon_table mon_dispatch_proto20[] = {
      {MONITOR_REQ_GSSSTEP, MON_ISAUTH, mm_answer_gss_accept_ctx},
      {MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok},
      {MONITOR_REQ_GSSCHECKMIC, MON_ISAUTH, mm_answer_gss_checkmic},
@@ -1967,7 +2200,7 @@ index ac7dd30..6c82023 100644
  #ifdef WITH_OPENSSL
      {MONITOR_REQ_MODULI, 0, mm_answer_moduli},
  #endif
-@@ -352,6 +361,10 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
+@@ -354,6 +363,10 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
                 /* Permit requests for moduli and signatures */
                 monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);
                 monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);
@@ -1978,7 +2211,7 @@ index ac7dd30..6c82023 100644
         } else {
                 mon_dispatch = mon_dispatch_proto15;
  
-@@ -460,6 +473,10 @@ monitor_child_postauth(struct monitor *pmonitor)
+@@ -462,6 +475,10 @@ monitor_child_postauth(struct monitor *pmonitor)
                 monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);
                 monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);
                 monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1);
@@ -1989,7 +2222,7 @@ index ac7dd30..6c82023 100644
         } else {
                 mon_dispatch = mon_dispatch_postauth15;
                 monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1);
-@@ -1861,6 +1878,13 @@ monitor_apply_keystate(struct monitor *pmonitor)
+@@ -1876,6 +1893,13 @@ monitor_apply_keystate(struct monitor *pmonitor)
  # endif
  #endif /* WITH_OPENSSL */
                 kex->kex[KEX_C25519_SHA256] = kexc25519_server;
@@ -2003,7 +2236,7 @@ index ac7dd30..6c82023 100644
                 kex->load_host_public_key=&get_hostkey_public_by_type;
                 kex->load_host_private_key=&get_hostkey_private_by_type;
                 kex->host_key_index=&get_hostkey_index;
-@@ -1960,6 +1984,9 @@ mm_answer_gss_setup_ctx(int sock, Buffer *m)
+@@ -1975,6 +1999,9 @@ mm_answer_gss_setup_ctx(int sock, Buffer *m)
         OM_uint32 major;
         u_int len;
  
@@ -2013,7 +2246,7 @@ index ac7dd30..6c82023 100644
         goid.elements = buffer_get_string(m, &len);
         goid.length = len;
  
-@@ -1987,6 +2014,9 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m)
+@@ -2002,6 +2029,9 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m)
         OM_uint32 flags = 0; /* GSI needs this */
         u_int len;
  
@@ -2023,7 +2256,7 @@ index ac7dd30..6c82023 100644
         in.value = buffer_get_string(m, &len);
         in.length = len;
         major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags);
-@@ -2004,6 +2034,7 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m)
+@@ -2019,6 +2049,7 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m)
                 monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0);
                 monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1);
                 monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1);
@@ -2031,7 +2264,7 @@ index ac7dd30..6c82023 100644
         }
         return (0);
  }
-@@ -2015,6 +2046,9 @@ mm_answer_gss_checkmic(int sock, Buffer *m)
+@@ -2030,6 +2061,9 @@ mm_answer_gss_checkmic(int sock, Buffer *m)
         OM_uint32 ret;
         u_int len;
  
@@ -2041,7 +2274,7 @@ index ac7dd30..6c82023 100644
         gssbuf.value = buffer_get_string(m, &len);
         gssbuf.length = len;
         mic.value = buffer_get_string(m, &len);
-@@ -2041,7 +2075,11 @@ mm_answer_gss_userok(int sock, Buffer *m)
+@@ -2056,7 +2090,11 @@ mm_answer_gss_userok(int sock, Buffer *m)
  {
         int authenticated;
  
@@ -2054,7 +2287,7 @@ index ac7dd30..6c82023 100644
  
         buffer_clear(m);
         buffer_put_int(m, authenticated);
-@@ -2054,5 +2092,73 @@ mm_answer_gss_userok(int sock, Buffer *m)
+@@ -2069,5 +2107,73 @@ mm_answer_gss_userok(int sock, Buffer *m)
         /* Monitor loop will terminate if authenticated */
         return (authenticated);
  }
@@ -2143,10 +2376,10 @@ index 93b8b66..bc50ade 100644
  
  struct mm_master;
 diff --git a/monitor_wrap.c b/monitor_wrap.c
-index c5db6df..74fbd2e 100644
+index 99dc13b..5a9f1b5 100644
 --- a/monitor_wrap.c
 +++ b/monitor_wrap.c
-@@ -1068,7 +1068,7 @@ mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic)
+@@ -1073,7 +1073,7 @@ mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic)
  }
  
  int
@@ -2155,7 +2388,7 @@ index c5db6df..74fbd2e 100644
  {
         Buffer m;
         int authenticated = 0;
-@@ -1085,5 +1085,50 @@ mm_ssh_gssapi_userok(char *user)
+@@ -1090,5 +1090,50 @@ mm_ssh_gssapi_userok(char *user)
         debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not ");
         return (authenticated);
  }
@@ -2207,10 +2440,10 @@ index c5db6df..74fbd2e 100644
  #endif /* GSSAPI */
  
 diff --git a/monitor_wrap.h b/monitor_wrap.h
-index eb820ae..403f8d0 100644
+index 9fd02b3..b5414c2 100644
 --- a/monitor_wrap.h
 +++ b/monitor_wrap.h
-@@ -58,8 +58,10 @@ BIGNUM *mm_auth_rsa_generate_challenge(Key *);
+@@ -60,8 +60,10 @@ BIGNUM *mm_auth_rsa_generate_challenge(Key *);
  OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **, gss_OID);
  OM_uint32 mm_ssh_gssapi_accept_ctx(Gssctxt *,
     gss_buffer_desc *, gss_buffer_desc *, OM_uint32 *);
@@ -2223,10 +2456,10 @@ index eb820ae..403f8d0 100644
  
  #ifdef USE_PAM
 diff --git a/readconf.c b/readconf.c
-index 69d4553..d2a3d4b 100644
+index c177202..e019195 100644
 --- a/readconf.c
 +++ b/readconf.c
-@@ -148,6 +148,8 @@ typedef enum {
+@@ -160,6 +160,8 @@ typedef enum {
         oClearAllForwardings, oNoHostAuthenticationForLocalhost,
         oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
         oAddressFamily, oGssAuthentication, oGssDelegateCreds,
@@ -2235,7 +2468,7 @@ index 69d4553..d2a3d4b 100644
         oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
         oSendEnv, oControlPath, oControlMaster, oControlPersist,
         oHashKnownHosts,
-@@ -193,10 +195,19 @@ static struct {
+@@ -205,10 +207,19 @@ static struct {
         { "afstokenpassing", oUnsupported },
  #if defined(GSSAPI)
         { "gssapiauthentication", oGssAuthentication },
@@ -2255,7 +2488,7 @@ index 69d4553..d2a3d4b 100644
  #endif
         { "fallbacktorsh", oDeprecated },
         { "usersh", oDeprecated },
-@@ -926,10 +937,30 @@ parse_time:
+@@ -962,10 +973,30 @@ parse_time:
                 intptr = &options->gss_authentication;
                 goto parse_flag;
  
@@ -2286,7 +2519,7 @@ index 69d4553..d2a3d4b 100644
         case oBatchMode:
                 intptr = &options->batch_mode;
                 goto parse_flag;
-@@ -1648,7 +1679,12 @@ initialize_options(Options * options)
+@@ -1777,7 +1808,12 @@ initialize_options(Options * options)
         options->pubkey_authentication = -1;
         options->challenge_response_authentication = -1;
         options->gss_authentication = -1;
@@ -2299,7 +2532,7 @@ index 69d4553..d2a3d4b 100644
         options->password_authentication = -1;
         options->kbd_interactive_authentication = -1;
         options->kbd_interactive_devices = NULL;
-@@ -1777,8 +1813,14 @@ fill_default_options(Options * options)
+@@ -1921,8 +1957,14 @@ fill_default_options(Options * options)
                 options->challenge_response_authentication = 1;
         if (options->gss_authentication == -1)
                 options->gss_authentication = 0;
@@ -2315,7 +2548,7 @@ index 69d4553..d2a3d4b 100644
                 options->password_authentication = 1;
         if (options->kbd_interactive_authentication == -1)
 diff --git a/readconf.h b/readconf.h
-index c84d068..37a0555 100644
+index cef55f7..fd3d7c7 100644
 --- a/readconf.h
 +++ b/readconf.h
 @@ -45,7 +45,12 @@ typedef struct {
@@ -2332,7 +2565,7 @@ index c84d068..37a0555 100644
                                                  * authentication. */
         int     kbd_interactive_authentication; /* Try keyboard-interactive auth. */
 diff --git a/servconf.c b/servconf.c
-index b19d30e..b8af6dd 100644
+index 873b0d0..9b06281 100644
 --- a/servconf.c
 +++ b/servconf.c
 @@ -117,8 +117,10 @@ initialize_server_options(ServerOptions *options)
@@ -2362,7 +2595,7 @@ index b19d30e..b8af6dd 100644
         if (options->password_authentication == -1)
                 options->password_authentication = 1;
         if (options->kbd_interactive_authentication == -1)
-@@ -419,6 +425,7 @@ typedef enum {
+@@ -427,6 +433,7 @@ typedef enum {
         sHostKeyAlgorithms,
         sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile,
         sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
@@ -2370,7 +2603,7 @@ index b19d30e..b8af6dd 100644
         sAcceptEnv, sPermitTunnel,
         sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
         sUsePrivilegeSeparation, sAllowAgentForwarding,
-@@ -492,12 +499,20 @@ static struct {
+@@ -500,12 +507,20 @@ static struct {
  #ifdef GSSAPI
         { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
         { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
@@ -2391,7 +2624,7 @@ index b19d30e..b8af6dd 100644
         { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
         { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
         { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL },
-@@ -1242,6 +1257,10 @@ process_server_config_line(ServerOptions *options, char *line,
+@@ -1251,6 +1266,10 @@ process_server_config_line(ServerOptions *options, char *line,
                 intptr = &options->gss_authentication;
                 goto parse_flag;
  
@@ -2402,7 +2635,7 @@ index b19d30e..b8af6dd 100644
         case sGssCleanupCreds:
                 intptr = &options->gss_cleanup_creds;
                 goto parse_flag;
-@@ -1250,6 +1269,10 @@ process_server_config_line(ServerOptions *options, char *line,
+@@ -1259,6 +1278,10 @@ process_server_config_line(ServerOptions *options, char *line,
                 intptr = &options->gss_strict_acceptor;
                 goto parse_flag;
  
@@ -2413,7 +2646,7 @@ index b19d30e..b8af6dd 100644
         case sPasswordAuthentication:
                 intptr = &options->password_authentication;
                 goto parse_flag;
-@@ -2265,7 +2288,10 @@ dump_config(ServerOptions *o)
+@@ -2308,7 +2331,10 @@ dump_config(ServerOptions *o)
  #endif
  #ifdef GSSAPI
         dump_cfg_fmtint(sGssAuthentication, o->gss_authentication);
@@ -2556,7 +2789,7 @@ index 90fb63f..4e879cd 100644
  #   CheckHostIP yes
  #   AddressFamily any
 diff --git a/ssh_config.5 b/ssh_config.5
-index caf13a6..9060d5b 100644
+index 7630e7b..707d0e1 100644
 --- a/ssh_config.5
 +++ b/ssh_config.5
 @@ -826,10 +826,42 @@ The default is
@@ -2603,10 +2836,10 @@ index caf13a6..9060d5b 100644
  Indicates that
  .Xr ssh 1
 diff --git a/sshconnect2.c b/sshconnect2.c
-index f79c96b..b452eae 100644
+index fae8b0f..34b9d30 100644
 --- a/sshconnect2.c
 +++ b/sshconnect2.c
-@@ -161,6 +161,11 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
+@@ -162,6 +162,11 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
         struct kex *kex;
         int r;
  
@@ -2618,7 +2851,7 @@ index f79c96b..b452eae 100644
         xxx_host = host;
         xxx_hostaddr = hostaddr;
  
-@@ -195,6 +200,33 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
+@@ -192,6 +197,36 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
                     order_hostkeyalgs(host, hostaddr, port));
         }
  
@@ -2628,12 +2861,15 @@ index f79c96b..b452eae 100644
 +                * client to the key exchange algorithm proposal */
 +               orig = myproposal[PROPOSAL_KEX_ALGS];
 +
-+               if (options.gss_trust_dns)
-+                       gss_host = (char *)get_canonical_hostname(1);
++               if (options.gss_server_identity)
++                       gss_host = xstrdup(options.gss_server_identity);
++               else if (options.gss_trust_dns)
++                       gss_host = remote_hostname(active_state);
 +               else
-+                       gss_host = host;
++                       gss_host = xstrdup(host);
 +
-+               gss = ssh_gssapi_client_mechanisms(gss_host, options.gss_client_identity);
++               gss = ssh_gssapi_client_mechanisms(gss_host,
++                   options.gss_client_identity);
 +               if (gss) {
 +                       debug("Offering GSSAPI proposal: %s", gss);
 +                       xasprintf(&myproposal[PROPOSAL_KEX_ALGS],
@@ -2652,7 +2888,7 @@ index f79c96b..b452eae 100644
         if (options.rekey_limit || options.rekey_interval)
                 packet_set_rekey_limits((u_int32_t)options.rekey_limit,
                     (time_t)options.rekey_interval);
-@@ -213,10 +245,30 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
+@@ -213,10 +248,26 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
  # endif
  #endif
         kex->kex[KEX_C25519_SHA256] = kexc25519_client;
@@ -2672,18 +2908,14 @@ index f79c96b..b452eae 100644
 +               kex->gss_deleg_creds = options.gss_deleg_creds;
 +               kex->gss_trust_dns = options.gss_trust_dns;
 +               kex->gss_client = options.gss_client_identity;
-+               if (options.gss_server_identity) {
-+                       kex->gss_host = options.gss_server_identity;
-+               } else {
-+                       kex->gss_host = gss_host;
-+        }
++               kex->gss_host = gss_host;
 +       }
 +#endif
 +
         dispatch_run(DISPATCH_BLOCK, &kex->done, active_state);
  
         /* remove ext-info from the KEX proposals for rekeying */
-@@ -311,6 +363,7 @@ int input_gssapi_token(int type, u_int32_t, void *);
+@@ -311,6 +362,7 @@ int input_gssapi_token(int type, u_int32_t, void *);
  int    input_gssapi_hash(int type, u_int32_t, void *);
  int    input_gssapi_error(int, u_int32_t, void *);
  int    input_gssapi_errtok(int, u_int32_t, void *);
@@ -2691,7 +2923,7 @@ index f79c96b..b452eae 100644
  #endif
  
  void   userauth(Authctxt *, char *);
-@@ -326,6 +379,11 @@ static char *authmethods_get(void);
+@@ -326,6 +378,11 @@ static char *authmethods_get(void);
  
  Authmethod authmethods[] = {
  #ifdef GSSAPI
@@ -2703,18 +2935,18 @@ index f79c96b..b452eae 100644
         {"gssapi-with-mic",
                 userauth_gssapi,
                 NULL,
-@@ -656,19 +714,31 @@ userauth_gssapi(Authctxt *authctxt)
+@@ -650,25 +707,40 @@ userauth_gssapi(Authctxt *authctxt)
         static u_int mech = 0;
         OM_uint32 min;
         int ok = 0;
-+       const char *gss_host;
++       char *gss_host;
 +
 +       if (options.gss_server_identity)
-+               gss_host = options.gss_server_identity;
++               gss_host = xstrdup(options.gss_server_identity);
 +       else if (options.gss_trust_dns)
-+               gss_host = get_canonical_hostname(1);
++               gss_host = remote_hostname(active_state);
 +       else
-+               gss_host = authctxt->host;
++               gss_host = xstrdup(authctxt->host);
  
         /* Try one GSSAPI method at a time, rather than sending them all at
          * once. */
@@ -2723,6 +2955,7 @@ index f79c96b..b452eae 100644
 -               gss_indicate_mechs(&min, &gss_supported);
 +               if (GSS_ERROR(gss_indicate_mechs(&min, &gss_supported))) {
 +                       gss_supported = NULL;
++                       free(gss_host);
 +                       return 0;
 +               }
  
@@ -2737,7 +2970,15 @@ index f79c96b..b452eae 100644
                         ok = 1; /* Mechanism works */
                 } else {
                         mech++;
-@@ -765,8 +835,8 @@ input_gssapi_response(int type, u_int32_t plen, void *ctxt)
+                }
+        }
+ 
++       free(gss_host);
++
+        if (!ok)
+                return 0;
+ 
+@@ -759,8 +831,8 @@ input_gssapi_response(int type, u_int32_t plen, void *ctxt)
  {
         Authctxt *authctxt = ctxt;
         Gssctxt *gssctxt;
@@ -2748,7 +2989,7 @@ index f79c96b..b452eae 100644
  
         if (authctxt == NULL)
                 fatal("input_gssapi_response: no authentication context");
-@@ -879,6 +949,48 @@ input_gssapi_error(int type, u_int32_t plen, void *ctxt)
+@@ -873,6 +945,48 @@ input_gssapi_error(int type, u_int32_t plen, void *ctxt)
         free(lang);
         return 0;
  }
@@ -2798,7 +3039,7 @@ index f79c96b..b452eae 100644
  
  int
 diff --git a/sshd.c b/sshd.c
-index 430569c..5cd9129 100644
+index 799c771..ebb88c7 100644
 --- a/sshd.c
 +++ b/sshd.c
 @@ -125,6 +125,10 @@
@@ -2812,7 +3053,7 @@ index 430569c..5cd9129 100644
  #ifndef O_NOCTTY
  #define O_NOCTTY       0
  #endif
-@@ -1833,10 +1837,13 @@ main(int ac, char **av)
+@@ -1892,10 +1896,13 @@ main(int ac, char **av)
                 logit("Disabling protocol version 1. Could not load host key");
                 options.protocol &= ~SSH_PROTO_1;
         }
@@ -2826,8 +3067,8 @@ index 430569c..5cd9129 100644
         if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) {
                 logit("sshd: no hostkeys available -- exiting.");
                 exit(1);
-@@ -2151,6 +2158,60 @@ main(int ac, char **av)
-            remote_ip, remote_port, laddr,  get_local_port());
+@@ -2207,6 +2214,60 @@ main(int ac, char **av)
+            remote_ip, remote_port, laddr,  ssh_local_port(ssh));
         free(laddr);
  
 +#ifdef USE_SECURITY_SESSION_API
@@ -2887,7 +3128,7 @@ index 430569c..5cd9129 100644
         /*
          * We don't want to listen forever unless the other side
          * successfully authenticates itself.  So we set up an alarm which is
-@@ -2571,6 +2632,48 @@ do_ssh2_kex(void)
+@@ -2631,6 +2692,48 @@ do_ssh2_kex(void)
         myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(
             list_hostkey_types());
  
@@ -2936,7 +3177,7 @@ index 430569c..5cd9129 100644
         /* start key exchange */
         if ((r = kex_setup(active_state, myproposal)) != 0)
                 fatal("kex_setup: %s", ssh_err(r));
-@@ -2585,6 +2688,13 @@ do_ssh2_kex(void)
+@@ -2648,6 +2751,13 @@ do_ssh2_kex(void)
  # endif
  #endif
         kex->kex[KEX_C25519_SHA256] = kexc25519_server;
@@ -2951,10 +3192,10 @@ index 430569c..5cd9129 100644
         kex->client_version_string=client_version_string;
         kex->server_version_string=server_version_string;
 diff --git a/sshd_config b/sshd_config
-index a848d73..f103298 100644
+index 75ae8e7..3fe3e01 100644
 --- a/sshd_config
 +++ b/sshd_config
-@@ -84,6 +84,8 @@ AuthorizedKeysFile    .ssh/authorized_keys
+@@ -83,6 +83,8 @@ AuthorizedKeysFile    .ssh/authorized_keys
  # GSSAPI options
  #GSSAPIAuthentication no
  #GSSAPICleanupCredentials yes
@@ -2964,10 +3205,10 @@ index a848d73..f103298 100644
  # Set this to 'yes' to enable PAM authentication, account processing,
  # and session processing. If this is enabled, PAM authentication will
 diff --git a/sshd_config.5 b/sshd_config.5
-index a37a3ac..c6d6858 100644
+index 1bc26ec..3b4cba9 100644
 --- a/sshd_config.5
 +++ b/sshd_config.5
-@@ -623,6 +623,11 @@ The default is
+@@ -632,6 +632,11 @@ The default is
  Specifies whether user authentication based on GSSAPI is allowed.
  The default is
  .Dq no .
@@ -2979,7 +3220,7 @@ index a37a3ac..c6d6858 100644
  .It Cm GSSAPICleanupCredentials
  Specifies whether to automatically destroy the user's credentials cache
  on logout.
-@@ -643,6 +648,11 @@ machine's default store.
+@@ -652,6 +657,11 @@ machine's default store.
  This facility is provided to assist with operation on multi homed machines.
  The default is
  .Dq yes .
@@ -2992,7 +3233,7 @@ index a37a3ac..c6d6858 100644
  Specifies the key types that will be accepted for hostbased authentication
  as a comma-separated pattern list.
 diff --git a/sshkey.c b/sshkey.c
-index 87b093e..e595b11 100644
+index c9f04cd..558bbbe 100644
 --- a/sshkey.c
 +++ b/sshkey.c
 @@ -115,6 +115,7 @@ static const struct keytype keytypes[] = {
@@ -3013,7 +3254,7 @@ index 87b093e..e595b11 100644
                 if ((certs_only && !kt->cert) || (plain_only && kt->cert))
                         continue;
 diff --git a/sshkey.h b/sshkey.h
-index a20a14f..2259cbb 100644
+index 8c3d866..e0caa37 100644
 --- a/sshkey.h
 +++ b/sshkey.h
 @@ -62,6 +62,7 @@ enum sshkey_types {
diff --git a/debian/patches/helpful-wait-terminate.patch b/debian/patches/helpful-wait-terminate.patch
index 8ebbf1fbc..a990ca1ea 100644
--- a/debian/patches/helpful-wait-terminate.patch
+++ b/debian/patches/helpful-wait-terminate.patch
@@ -1,4 +1,4 @@
-From 2b2c5ff34efa305e141130466260ca97f3a429ff Mon Sep 17 00:00:00 2001
+From 173d65e72989cba82502604da3f1336766c0cf0f Mon Sep 17 00:00:00 2001
 From: Matthew Vernon <matthew@debian.org>
 Date: Sun, 9 Feb 2014 16:09:56 +0000
 Subject: Mention ~& when waiting for forwarded connections to terminate
@@ -12,10 +12,10 @@ Patch-Name: helpful-wait-terminate.patch
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/serverloop.c b/serverloop.c
-index 80d1db5..830f885 100644
+index 3563e5d..c4e1d1d 100644
 --- a/serverloop.c
 +++ b/serverloop.c
-@@ -683,7 +683,7 @@ server_loop(pid_t pid, int fdin_arg, int fdout_arg, int fderr_arg)
+@@ -687,7 +687,7 @@ server_loop(pid_t pid, int fdin_arg, int fdout_arg, int fderr_arg)
                         if (!channel_still_open())
                                 break;
                         if (!waiting_termination) {
diff --git a/debian/patches/keepalive-extensions.patch b/debian/patches/keepalive-extensions.patch
index bc798582d..14ab7d34f 100644
--- a/debian/patches/keepalive-extensions.patch
+++ b/debian/patches/keepalive-extensions.patch
@@ -1,4 +1,4 @@
-From c7c5d5805bd2a58fcab69da87daa53259db06d81 Mon Sep 17 00:00:00 2001
+From 67c34f23edbcd0f39ebc2aadae9d33950bd1f98a Mon Sep 17 00:00:00 2001
 From: Richard Kettlewell <rjk@greenend.org.uk>
 Date: Sun, 9 Feb 2014 16:09:52 +0000
 Subject: Various keepalive extensions
@@ -26,27 +26,27 @@ Patch-Name: keepalive-extensions.patch
  3 files changed, 34 insertions(+), 4 deletions(-)
 
 diff --git a/readconf.c b/readconf.c
-index 559e4c7..fde6b41 100644
+index c0b7822..3a6c67b 100644
 --- a/readconf.c
 +++ b/readconf.c
-@@ -161,6 +161,7 @@ typedef enum {
+@@ -173,6 +173,7 @@ typedef enum {
         oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys,
         oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes,
-        oPubkeyAcceptedKeyTypes,
+        oPubkeyAcceptedKeyTypes, oProxyJump,
 +       oProtocolKeepAlives, oSetupTimeOut,
         oIgnoredUnknownOption, oDeprecated, oUnsupported
  } OpCodes;
  
-@@ -293,6 +294,8 @@ static struct {
-        { "hostbasedkeytypes", oHostbasedKeyTypes },
+@@ -308,6 +309,8 @@ static struct {
         { "pubkeyacceptedkeytypes", oPubkeyAcceptedKeyTypes },
         { "ignoreunknown", oIgnoreUnknown },
+        { "proxyjump", oProxyJump },
 +       { "protocolkeepalives", oProtocolKeepAlives },
 +       { "setuptimeout", oSetupTimeOut },
  
         { NULL, oBadOption }
  };
-@@ -1350,6 +1353,8 @@ parse_keytypes:
+@@ -1403,6 +1406,8 @@ parse_keytypes:
                 goto parse_flag;
  
         case oServerAliveInterval:
@@ -55,7 +55,7 @@ index 559e4c7..fde6b41 100644
                 intptr = &options->server_alive_interval;
                 goto parse_time;
  
-@@ -1906,8 +1911,13 @@ fill_default_options(Options * options)
+@@ -2048,8 +2053,13 @@ fill_default_options(Options * options)
                 options->rekey_interval = 0;
         if (options->verify_host_key_dns == -1)
                 options->verify_host_key_dns = 0;
@@ -72,7 +72,7 @@ index 559e4c7..fde6b41 100644
                 options->server_alive_count_max = 3;
         if (options->control_master == -1)
 diff --git a/ssh_config.5 b/ssh_config.5
-index 9060d5b..bbf638b 100644
+index 707d0e1..efc265a 100644
 --- a/ssh_config.5
 +++ b/ssh_config.5
 @@ -268,8 +268,12 @@ The default is
@@ -89,7 +89,7 @@ index 9060d5b..bbf638b 100644
  The argument must be
  .Dq yes
  or
-@@ -1551,7 +1555,14 @@ from the server,
+@@ -1624,7 +1628,14 @@ from the server,
  will send a message through the encrypted
  channel to request a response from the server.
  The default
@@ -105,7 +105,7 @@ index 9060d5b..bbf638b 100644
  .It Cm StreamLocalBindMask
  Sets the octal file creation mode mask
  .Pq umask
-@@ -1617,6 +1628,12 @@ Specifies whether the system should send TCP keepalive messages to the
+@@ -1690,6 +1701,12 @@ Specifies whether the system should send TCP keepalive messages to the
  other side.
  If they are sent, death of the connection or crash of one
  of the machines will be properly noticed.
@@ -119,10 +119,10 @@ index 9060d5b..bbf638b 100644
  connections will die if the route is down temporarily, and some people
  find it annoying.
 diff --git a/sshd_config.5 b/sshd_config.5
-index c6d6858..bc79a66 100644
+index 3b4cba9..e05cdbe 100644
 --- a/sshd_config.5
 +++ b/sshd_config.5
-@@ -1518,6 +1518,9 @@ This avoids infinitely hanging sessions.
+@@ -1530,6 +1530,9 @@ This avoids infinitely hanging sessions.
  .Pp
  To disable TCP keepalive messages, the value should be set to
  .Dq no .
diff --git a/debian/patches/mention-ssh-keygen-on-keychange.patch b/debian/patches/mention-ssh-keygen-on-keychange.patch
index 80f9b78e0..12dbaf853 100644
--- a/debian/patches/mention-ssh-keygen-on-keychange.patch
+++ b/debian/patches/mention-ssh-keygen-on-keychange.patch
@@ -1,4 +1,4 @@
-From 4dc338b2703dd6169cecdbe3388c92f4cc2fc119 Mon Sep 17 00:00:00 2001
+From 6a1979d97fbde734a745b5123130fed669bfb145 Mon Sep 17 00:00:00 2001
 From: Scott Moser <smoser@ubuntu.com>
 Date: Sun, 9 Feb 2014 16:10:03 +0000
 Subject: Mention ssh-keygen in ssh fingerprint changed warning
diff --git a/debian/patches/no-openssl-version-status.patch b/debian/patches/no-openssl-version-status.patch
index a53f6dee1..8503c5854 100644
--- a/debian/patches/no-openssl-version-status.patch
+++ b/debian/patches/no-openssl-version-status.patch
@@ -1,4 +1,4 @@
-From d3362ea5419b16b81eb171436b95b51beedb9242 Mon Sep 17 00:00:00 2001
+From e7d4050d9077603c20a93bdfd6b99cd419d69f1c Mon Sep 17 00:00:00 2001
 From: Kurt Roeckx <kurt@roeckx.be>
 Date: Sun, 9 Feb 2014 16:10:14 +0000
 Subject: Don't check the status field of the OpenSSL version
diff --git a/debian/patches/openbsd-docs.patch b/debian/patches/openbsd-docs.patch
index 6027ca645..771e77216 100644
--- a/debian/patches/openbsd-docs.patch
+++ b/debian/patches/openbsd-docs.patch
@@ -1,4 +1,4 @@
-From 9d764f08fd01fa5c62a7cbff66165bc5d5ffb637 Mon Sep 17 00:00:00 2001
+From ab7ae820a882c8a51b06ec0b3522813b4e90eeff Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:09 +0000
 Subject: Adjust various OpenBSD-specific references in manual pages
@@ -44,7 +44,7 @@ index ef0de08..149846c 100644
  .Sh SEE ALSO
  .Xr ssh-keygen 1 ,
 diff --git a/ssh-keygen.1 b/ssh-keygen.1
-index 37a4fc2..24bed5f 100644
+index ce2213c..01711df 100644
 --- a/ssh-keygen.1
 +++ b/ssh-keygen.1
 @@ -178,9 +178,7 @@ key in
@@ -69,7 +69,7 @@ index 37a4fc2..24bed5f 100644
  .It Fl a Ar rounds
  When saving a new-format private key (i.e. an ed25519 key or any SSH protocol
  2 key when the
-@@ -642,7 +638,7 @@ option.
+@@ -644,7 +640,7 @@ option.
  Valid generator values are 2, 3, and 5.
  .Pp
  Screened DH groups may be installed in
@@ -78,7 +78,7 @@ index 37a4fc2..24bed5f 100644
  It is important that this file contains moduli of a range of bit lengths and
  that both ends of a connection share common moduli.
  .Sh CERTIFICATES
-@@ -841,7 +837,7 @@ on all machines
+@@ -843,7 +839,7 @@ on all machines
  where the user wishes to log in using public key authentication.
  There is no need to keep the contents of this file secret.
  .Pp
@@ -88,10 +88,10 @@ index 37a4fc2..24bed5f 100644
  The file format is described in
  .Xr moduli 5 .
 diff --git a/ssh.1 b/ssh.1
-index feb0e89..41e0aab 100644
+index feef81a..b1f128c 100644
 --- a/ssh.1
 +++ b/ssh.1
-@@ -852,6 +852,10 @@ implements public key authentication protocol automatically,
+@@ -877,6 +877,10 @@ implements public key authentication protocol automatically,
  using one of the DSA, ECDSA, Ed25519 or RSA algorithms.
  The HISTORY section of
  .Xr ssl 8
@@ -133,10 +133,10 @@ index 589841f..58eefe9 100644
  .Xr sshd_config 5 ,
  .Xr inetd 8 ,
 diff --git a/sshd_config.5 b/sshd_config.5
-index b565640..4d255e5 100644
+index ac9b1f0..b2b349e 100644
 --- a/sshd_config.5
 +++ b/sshd_config.5
-@@ -375,8 +375,7 @@ then no banner is displayed.
+@@ -382,8 +382,7 @@ then no banner is displayed.
  By default, no banner is displayed.
  .It Cm ChallengeResponseAuthentication
  Specifies whether challenge-response authentication is allowed (e.g. via
diff --git a/debian/patches/package-versioning.patch b/debian/patches/package-versioning.patch
index 58c57dbac..efc629b71 100644
--- a/debian/patches/package-versioning.patch
+++ b/debian/patches/package-versioning.patch
@@ -1,4 +1,4 @@
-From 81e52d59797c24edadc36f0f90f96387976a82c0 Mon Sep 17 00:00:00 2001
+From c8105413361d3c97b6a2f72c9f1c85da830bed2c Mon Sep 17 00:00:00 2001
 From: Matthew Vernon <matthew@debian.org>
 Date: Sun, 9 Feb 2014 16:10:05 +0000
 Subject: Include the Debian version in our identification
@@ -36,10 +36,10 @@ index fd67727..07dfc9d 100644
         if (atomicio(vwrite, connection_out, client_version_string,
             strlen(client_version_string)) != strlen(client_version_string))
 diff --git a/sshd.c b/sshd.c
-index bb093cc..c762190 100644
+index 76306da..e873557 100644
 --- a/sshd.c
 +++ b/sshd.c
-@@ -442,7 +442,7 @@ sshd_exchange_identification(int sock_in, int sock_out)
+@@ -443,7 +443,7 @@ sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out)
         }
  
         xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s",
@@ -49,13 +49,13 @@ index bb093cc..c762190 100644
             options.version_addendum, newline);
  
 diff --git a/version.h b/version.h
-index eb4e948..0840a1a 100644
+index 617ab62..fb81655 100644
 --- a/version.h
 +++ b/version.h
 @@ -3,4 +3,9 @@
- #define SSH_VERSION    "OpenSSH_7.2"
+ #define SSH_VERSION    "OpenSSH_7.3"
  
- #define SSH_PORTABLE   "p2"
+ #define SSH_PORTABLE   "p1"
 -#define SSH_RELEASE    SSH_VERSION SSH_PORTABLE
 +#define SSH_RELEASE_MINIMUM    SSH_VERSION SSH_PORTABLE
 +#ifdef SSH_EXTRAVERSION
diff --git a/debian/patches/quieter-signals.patch b/debian/patches/quieter-signals.patch
index b085e5e08..36c366d95 100644
--- a/debian/patches/quieter-signals.patch
+++ b/debian/patches/quieter-signals.patch
@@ -1,4 +1,4 @@
-From f1e898fb6e470f99c3e64313c6f9fce08eb94e80 Mon Sep 17 00:00:00 2001
+From 8eeec10866f78acd021824225e9d62e4a18fc2c3 Mon Sep 17 00:00:00 2001
 From: Peter Samuelson <peter@p12n.org>
 Date: Sun, 9 Feb 2014 16:09:55 +0000
 Subject: Reduce severity of "Killed by signal %d"
@@ -22,10 +22,10 @@ Patch-Name: quieter-signals.patch
  1 file changed, 4 insertions(+), 2 deletions(-)
 
 diff --git a/clientloop.c b/clientloop.c
-index 1567e4a..3b6cacb 100644
+index 421241f..e5cc3f8 100644
 --- a/clientloop.c
 +++ b/clientloop.c
-@@ -1753,8 +1753,10 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
+@@ -1757,8 +1757,10 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
                 exit_status = 0;
         }
  
diff --git a/debian/patches/restore-tcp-wrappers.patch b/debian/patches/restore-tcp-wrappers.patch
index 4607d5f53..bf3a575ad 100644
--- a/debian/patches/restore-tcp-wrappers.patch
+++ b/debian/patches/restore-tcp-wrappers.patch
@@ -1,4 +1,4 @@
-From 0031968609564a15294c39d2519201741664905d Mon Sep 17 00:00:00 2001
+From c027de5eb3e6cb1718990841c2a9cbc89fd53151 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Tue, 7 Oct 2014 13:22:41 +0100
 Subject: Restore TCP wrappers support
@@ -28,10 +28,10 @@ Patch-Name: restore-tcp-wrappers.patch
  3 files changed, 89 insertions(+)
 
 diff --git a/configure.ac b/configure.ac
-index 5f1ff74..5d720f7 100644
+index 894ec3b..f822fb3 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -1481,6 +1481,62 @@ AC_ARG_WITH([skey],
+@@ -1510,6 +1510,62 @@ AC_ARG_WITH([skey],
         ]
  )
  
@@ -94,7 +94,7 @@ index 5f1ff74..5d720f7 100644
  # Check whether user wants to use ldns
  LDNS_MSG="no"
  AC_ARG_WITH(ldns,
-@@ -5003,6 +5059,7 @@ echo "                 KerberosV support: $KRB5_MSG"
+@@ -5059,6 +5115,7 @@ echo "                 KerberosV support: $KRB5_MSG"
  echo "                   SELinux support: $SELINUX_MSG"
  echo "                 Smartcard support: $SCARD_MSG"
  echo "                     S/KEY support: $SKEY_MSG"
@@ -128,7 +128,7 @@ index 6c521f2..589841f 100644
  .Xr moduli 5 ,
  .Xr sshd_config 5 ,
 diff --git a/sshd.c b/sshd.c
-index 5cd9129..d1dd711 100644
+index ebb88c7..982e545 100644
 --- a/sshd.c
 +++ b/sshd.c
 @@ -129,6 +129,13 @@
@@ -145,7 +145,7 @@ index 5cd9129..d1dd711 100644
  #ifndef O_NOCTTY
  #define O_NOCTTY       0
  #endif
-@@ -2151,6 +2158,24 @@ main(int ac, char **av)
+@@ -2207,6 +2214,24 @@ main(int ac, char **av)
  #ifdef SSH_AUDIT_EVENTS
         audit_connection_from(remote_ip, remote_port);
  #endif
diff --git a/debian/patches/scp-quoting.patch b/debian/patches/scp-quoting.patch
index 1ad0d11e2..2efc40e07 100644
--- a/debian/patches/scp-quoting.patch
+++ b/debian/patches/scp-quoting.patch
@@ -1,4 +1,4 @@
-From eca335b47f5cf4adfc64cd17096f83d546fa91da Mon Sep 17 00:00:00 2001
+From 119936d7b64829f81cbc84c2e81bf23373c6ed37 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Nicolas=20Valc=C3=A1rcel?= <nvalcarcel@ubuntu.com>
 Date: Sun, 9 Feb 2014 16:09:59 +0000
 Subject: Adjust scp quoting in verbose mode
@@ -17,24 +17,24 @@ Patch-Name: scp-quoting.patch
  1 file changed, 10 insertions(+), 2 deletions(-)
 
 diff --git a/scp.c b/scp.c
-index 0bdd7cb..51bc2b7 100644
+index 43ca3fa..4a7f73a 100644
 --- a/scp.c
 +++ b/scp.c
-@@ -190,8 +190,16 @@ do_local_cmd(arglist *a)
+@@ -192,8 +192,16 @@ do_local_cmd(arglist *a)
  
         if (verbose_mode) {
                 fprintf(stderr, "Executing:");
 -               for (i = 0; i < a->num; i++)
--                       fprintf(stderr, " %s", a->list[i]);
+-                       fmprintf(stderr, " %s", a->list[i]);
 +               for (i = 0; i < a->num; i++) {
 +                       if (i == 0)
-+                               fprintf(stderr, " %s", a->list[i]);
++                               fmprintf(stderr, " %s", a->list[i]);
 +                       else
 +                               /*
 +                                * TODO: misbehaves if a->list[i] contains a
 +                                * single quote
 +                                */
-+                               fprintf(stderr, " '%s'", a->list[i]);
++                               fmprintf(stderr, " '%s'", a->list[i]);
 +               }
                 fprintf(stderr, "\n");
         }
diff --git a/debian/patches/selinux-role.patch b/debian/patches/selinux-role.patch
index fea289291..bcb61480d 100644
--- a/debian/patches/selinux-role.patch
+++ b/debian/patches/selinux-role.patch
@@ -1,4 +1,4 @@
-From 206bdbf6bcc95e589effa11695aff2c6b9327e11 Mon Sep 17 00:00:00 2001
+From 7a7851c903e5dbb58a85014deb2c88cb718068c9 Mon Sep 17 00:00:00 2001
 From: Manoj Srivastava <srivasta@debian.org>
 Date: Sun, 9 Feb 2014 16:09:49 +0000
 Subject: Handle SELinux authorisation roles
@@ -32,7 +32,7 @@ Patch-Name: selinux-role.patch
  16 files changed, 104 insertions(+), 31 deletions(-)
 
 diff --git a/auth.h b/auth.h
-index 2160154..3b3a085 100644
+index 55170af..50baeaa 100644
 --- a/auth.h
 +++ b/auth.h
 @@ -62,6 +62,7 @@ struct Authctxt {
@@ -75,7 +75,7 @@ index 5073c49..dd00648 100644
         /* Verify that the user is a valid user. */
         if ((authctxt->pw = PRIVSEP(getpwnamallow(user))) != NULL)
 diff --git a/auth2.c b/auth2.c
-index 3f49bdc..6eb3cc7 100644
+index ce0d376..461311b 100644
 --- a/auth2.c
 +++ b/auth2.c
 @@ -216,7 +216,7 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
@@ -113,10 +113,10 @@ index 3f49bdc..6eb3cc7 100644
                 if (auth2_setup_methods_lists(authctxt) != 0)
                         packet_disconnect("no authentication methods enabled");
 diff --git a/monitor.c b/monitor.c
-index 6c82023..5be3fbf 100644
+index 05bb48a..e91054e 100644
 --- a/monitor.c
 +++ b/monitor.c
-@@ -126,6 +126,7 @@ int mm_answer_sign(int, Buffer *);
+@@ -128,6 +128,7 @@ int mm_answer_sign(int, Buffer *);
  int mm_answer_pwnamallow(int, Buffer *);
  int mm_answer_auth2_read_banner(int, Buffer *);
  int mm_answer_authserv(int, Buffer *);
@@ -124,7 +124,7 @@ index 6c82023..5be3fbf 100644
  int mm_answer_authpassword(int, Buffer *);
  int mm_answer_bsdauthquery(int, Buffer *);
  int mm_answer_bsdauthrespond(int, Buffer *);
-@@ -207,6 +208,7 @@ struct mon_table mon_dispatch_proto20[] = {
+@@ -209,6 +210,7 @@ struct mon_table mon_dispatch_proto20[] = {
      {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign},
      {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},
      {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv},
@@ -132,7 +132,7 @@ index 6c82023..5be3fbf 100644
      {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner},
      {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
  #ifdef USE_PAM
-@@ -875,6 +877,7 @@ mm_answer_pwnamallow(int sock, Buffer *m)
+@@ -880,6 +882,7 @@ mm_answer_pwnamallow(int sock, Buffer *m)
         else {
                 /* Allow service/style information on the auth context */
                 monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1);
@@ -140,7 +140,7 @@ index 6c82023..5be3fbf 100644
                 monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1);
         }
  #ifdef USE_PAM
-@@ -905,14 +908,37 @@ mm_answer_authserv(int sock, Buffer *m)
+@@ -910,14 +913,37 @@ mm_answer_authserv(int sock, Buffer *m)
  
         authctxt->service = buffer_get_string(m, NULL);
         authctxt->style = buffer_get_string(m, NULL);
@@ -180,7 +180,7 @@ index 6c82023..5be3fbf 100644
         return (0);
  }
  
-@@ -1541,7 +1567,7 @@ mm_answer_pty(int sock, Buffer *m)
+@@ -1553,7 +1579,7 @@ mm_answer_pty(int sock, Buffer *m)
         res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty));
         if (res == 0)
                 goto error;
@@ -203,10 +203,10 @@ index bc50ade..2d82b8b 100644
  
  struct mm_master;
 diff --git a/monitor_wrap.c b/monitor_wrap.c
-index 74fbd2e..eaf0a12 100644
+index 5a9f1b5..11e3a69 100644
 --- a/monitor_wrap.c
 +++ b/monitor_wrap.c
-@@ -327,10 +327,10 @@ mm_auth2_read_banner(void)
+@@ -328,10 +328,10 @@ mm_auth2_read_banner(void)
         return (banner);
  }
  
@@ -219,7 +219,7 @@ index 74fbd2e..eaf0a12 100644
  {
         Buffer m;
  
-@@ -339,12 +339,30 @@ mm_inform_authserv(char *service, char *style)
+@@ -340,12 +340,30 @@ mm_inform_authserv(char *service, char *style)
         buffer_init(&m);
         buffer_put_cstring(&m, service);
         buffer_put_cstring(&m, style ? style : "");
@@ -251,7 +251,7 @@ index 74fbd2e..eaf0a12 100644
  int
  mm_auth_password(Authctxt *authctxt, char *password)
 diff --git a/monitor_wrap.h b/monitor_wrap.h
-index 403f8d0..d9de551 100644
+index b5414c2..d5b3334 100644
 --- a/monitor_wrap.h
 +++ b/monitor_wrap.h
 @@ -41,7 +41,8 @@ void mm_log_handler(LogLevel, const char *, void *);
@@ -361,10 +361,10 @@ index e3d1004..80ce13a 100644
  void ssh_selinux_setfscreatecon(const char *);
  #endif
 diff --git a/platform.c b/platform.c
-index ee313da..f35ec39 100644
+index acf8554..4831706 100644
 --- a/platform.c
 +++ b/platform.c
-@@ -143,7 +143,7 @@ platform_setusercontext(struct passwd *pw)
+@@ -145,7 +145,7 @@ platform_setusercontext(struct passwd *pw)
   * called if sshd is running as root.
   */
  void
@@ -373,7 +373,7 @@ index ee313da..f35ec39 100644
  {
  #if !defined(HAVE_LOGIN_CAP) && defined(USE_PAM)
         /*
-@@ -184,7 +184,7 @@ platform_setusercontext_post_groups(struct passwd *pw)
+@@ -186,7 +186,7 @@ platform_setusercontext_post_groups(struct passwd *pw)
         }
  #endif /* HAVE_SETPCRED */
  #ifdef WITH_SELINUX
@@ -383,7 +383,7 @@ index ee313da..f35ec39 100644
  }
  
 diff --git a/platform.h b/platform.h
-index e687c99..823901b 100644
+index e97ecd9..5b72304 100644
 --- a/platform.h
 +++ b/platform.h
 @@ -27,7 +27,7 @@ void platform_post_fork_parent(pid_t child_pid);
@@ -396,10 +396,10 @@ index e687c99..823901b 100644
  char *platform_krb5_get_principal_name(const char *);
  int platform_sys_dir_uid(uid_t);
 diff --git a/session.c b/session.c
-index 87fddfc..f246b8a 100644
+index 2235f26..6dfcf84 100644
 --- a/session.c
 +++ b/session.c
-@@ -1511,7 +1511,7 @@ safely_chroot(const char *path, uid_t uid)
+@@ -1517,7 +1517,7 @@ safely_chroot(const char *path, uid_t uid)
  
  /* Set login name, uid, gid, and groups. */
  void
@@ -408,7 +408,7 @@ index 87fddfc..f246b8a 100644
  {
         char *chroot_path, *tmp;
  
-@@ -1539,7 +1539,7 @@ do_setusercontext(struct passwd *pw)
+@@ -1545,7 +1545,7 @@ do_setusercontext(struct passwd *pw)
                 endgrent();
  #endif
  
@@ -417,7 +417,7 @@ index 87fddfc..f246b8a 100644
  
                 if (!in_chroot && options.chroot_directory != NULL &&
                     strcasecmp(options.chroot_directory, "none") != 0) {
-@@ -1696,7 +1696,7 @@ do_child(Session *s, const char *command)
+@@ -1703,7 +1703,7 @@ do_child(Session *s, const char *command)
  
         /* Force a password change */
         if (s->authctxt->force_pwchange) {
@@ -426,7 +426,7 @@ index 87fddfc..f246b8a 100644
                 child_close_fds();
                 do_pwchange(s);
                 exit(1);
-@@ -1723,7 +1723,7 @@ do_child(Session *s, const char *command)
+@@ -1730,7 +1730,7 @@ do_child(Session *s, const char *command)
                 /* When PAM is enabled we rely on it to do the nologin check */
                 if (!options.use_pam)
                         do_nologin(pw);
@@ -435,7 +435,7 @@ index 87fddfc..f246b8a 100644
                 /*
                  * PAM session modules in do_setusercontext may have
                  * generated messages, so if this in an interactive
-@@ -2134,7 +2134,7 @@ session_pty_req(Session *s)
+@@ -2141,7 +2141,7 @@ session_pty_req(Session *s)
         tty_parse_modes(s->ttyfd, &n_bytes);
  
         if (!use_privsep)
@@ -445,7 +445,7 @@ index 87fddfc..f246b8a 100644
         /* Set window size from the packet. */
         pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel);
 diff --git a/session.h b/session.h
-index 6a2f35e..ef6593c 100644
+index f18eaf3..2b7d939 100644
 --- a/session.h
 +++ b/session.h
 @@ -77,7 +77,7 @@ void   session_pty_cleanup2(Session *);
@@ -458,10 +458,10 @@ index 6a2f35e..ef6593c 100644
                        const char *value);
  
 diff --git a/sshd.c b/sshd.c
-index d1dd711..bb093cc 100644
+index 982e545..76306da 100644
 --- a/sshd.c
 +++ b/sshd.c
-@@ -781,7 +781,7 @@ privsep_postauth(Authctxt *authctxt)
+@@ -787,7 +787,7 @@ privsep_postauth(Authctxt *authctxt)
         explicit_bzero(rnd, sizeof(rnd));
  
         /* Drop privileges */
diff --git a/debian/patches/series b/debian/patches/series
index d8ea2890b..e5821f627 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -25,9 +25,3 @@ gnome-ssh-askpass2-icon.patch
 sigstop.patch
 systemd-readiness.patch
 debian-config.patch
-CVE-2015-8325.patch
-unbreak-certificate-auth.patch
-CVE-2016-6210-1.patch
-CVE-2016-6210-2.patch
-CVE-2016-6210-3.patch
-control-persist-close-stderr.patch
diff --git a/debian/patches/shell-path.patch b/debian/patches/shell-path.patch
index 95ff21814..506ba3f7a 100644
--- a/debian/patches/shell-path.patch
+++ b/debian/patches/shell-path.patch
@@ -1,4 +1,4 @@
-From cfcbb82102babef6affeec3b8373f5811d82d065 Mon Sep 17 00:00:00 2001
+From ac283605e244f9dab676b039986f137f86284291 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:00 +0000
 Subject: Look for $SHELL on the path for ProxyCommand/LocalCommand
diff --git a/debian/patches/sigstop.patch b/debian/patches/sigstop.patch
index b17176db8..7ae7f3558 100644
--- a/debian/patches/sigstop.patch
+++ b/debian/patches/sigstop.patch
@@ -1,4 +1,4 @@
-From 803865858838e2ccf1fa885ba14b9a11c4a3153e Mon Sep 17 00:00:00 2001
+From 8d765e441787d024e76369496316105fe736d3ba Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:17 +0000
 Subject: Support synchronisation with service supervisor using SIGSTOP
@@ -13,10 +13,10 @@ Patch-Name: sigstop.patch
  1 file changed, 10 insertions(+)
 
 diff --git a/sshd.c b/sshd.c
-index 57ae4ad..c2d42f5 100644
+index 71fad9e..837409b 100644
 --- a/sshd.c
 +++ b/sshd.c
-@@ -2048,6 +2048,16 @@ main(int ac, char **av)
+@@ -2107,6 +2107,16 @@ main(int ac, char **av)
                         }
                 }
  
diff --git a/debian/patches/ssh-agent-setgid.patch b/debian/patches/ssh-agent-setgid.patch
index 0a8180056..2d1dabfd3 100644
--- a/debian/patches/ssh-agent-setgid.patch
+++ b/debian/patches/ssh-agent-setgid.patch
@@ -1,4 +1,4 @@
-From c13ebec3d0989b374bef99d2d1f2a3bcc3c62aa8 Mon Sep 17 00:00:00 2001
+From 172bb48ec4cb3b65d26d4f3bd8bc0e82ddaf6ca1 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:13 +0000
 Subject: Document consequences of ssh-agent being setgid in ssh-agent(1)
diff --git a/debian/patches/ssh-argv0.patch b/debian/patches/ssh-argv0.patch
index 51cdfde48..614ed8195 100644
--- a/debian/patches/ssh-argv0.patch
+++ b/debian/patches/ssh-argv0.patch
@@ -1,4 +1,4 @@
-From 22585509beb1efc6a3a58c8ff714211043325201 Mon Sep 17 00:00:00 2001
+From ccfb71ca70b73f6d5a2873b31d0140c7cb5f4430 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:10 +0000
 Subject: ssh(1): Refer to ssh-argv0(1)
@@ -18,10 +18,10 @@ Patch-Name: ssh-argv0.patch
  1 file changed, 1 insertion(+)
 
 diff --git a/ssh.1 b/ssh.1
-index 41e0aab..74d9655 100644
+index b1f128c..22e56a7 100644
 --- a/ssh.1
 +++ b/ssh.1
-@@ -1561,6 +1561,7 @@ if an error occurred.
+@@ -1586,6 +1586,7 @@ if an error occurred.
  .Xr sftp 1 ,
  .Xr ssh-add 1 ,
  .Xr ssh-agent 1 ,
diff --git a/debian/patches/ssh-vulnkey-compat.patch b/debian/patches/ssh-vulnkey-compat.patch
index b909e6ddb..0492c84fe 100644
--- a/debian/patches/ssh-vulnkey-compat.patch
+++ b/debian/patches/ssh-vulnkey-compat.patch
@@ -1,4 +1,4 @@
-From ceebe313c4b094557bda974d274a6e7b5b33e3f9 Mon Sep 17 00:00:00 2001
+From e35c0bb4c3997b8ef885c6afdcc600b403eb878b Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@ubuntu.com>
 Date: Sun, 9 Feb 2014 16:09:50 +0000
 Subject: Accept obsolete ssh-vulnkey configuration options
@@ -17,10 +17,10 @@ Patch-Name: ssh-vulnkey-compat.patch
  2 files changed, 2 insertions(+)
 
 diff --git a/readconf.c b/readconf.c
-index d2a3d4b..559e4c7 100644
+index e019195..c0b7822 100644
 --- a/readconf.c
 +++ b/readconf.c
-@@ -182,6 +182,7 @@ static struct {
+@@ -194,6 +194,7 @@ static struct {
         { "passwordauthentication", oPasswordAuthentication },
         { "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
         { "kbdinteractivedevices", oKbdInteractiveDevices },
@@ -29,10 +29,10 @@ index d2a3d4b..559e4c7 100644
         { "pubkeyauthentication", oPubkeyAuthentication },
         { "dsaauthentication", oPubkeyAuthentication },             /* alias */
 diff --git a/servconf.c b/servconf.c
-index b8af6dd..fad7c92 100644
+index 9b06281..bf9f8f7 100644
 --- a/servconf.c
 +++ b/servconf.c
-@@ -533,6 +533,7 @@ static struct {
+@@ -541,6 +541,7 @@ static struct {
         { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL },
         { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL },
         { "strictmodes", sStrictModes, SSHCFG_GLOBAL },
diff --git a/debian/patches/syslog-level-silent.patch b/debian/patches/syslog-level-silent.patch
index 6bc3911f7..3e46d03c8 100644
--- a/debian/patches/syslog-level-silent.patch
+++ b/debian/patches/syslog-level-silent.patch
@@ -1,4 +1,4 @@
-From 68388fa20403834f5559486542b1baf4ad36141a Mon Sep 17 00:00:00 2001
+From 21fb55231ad0422fa0e5f0c2f67093cb5f29dd47 Mon Sep 17 00:00:00 2001
 From: Jonathan David Amery <jdamery@ysolde.ucam.org>
 Date: Sun, 9 Feb 2014 16:09:54 +0000
 Subject: "LogLevel SILENT" compatibility
@@ -21,7 +21,7 @@ Patch-Name: syslog-level-silent.patch
  2 files changed, 2 insertions(+), 1 deletion(-)
 
 diff --git a/log.c b/log.c
-index ad12930..e68b84a 100644
+index 2b59c42..ffc8ffb 100644
 --- a/log.c
 +++ b/log.c
 @@ -93,6 +93,7 @@ static struct {
@@ -33,10 +33,10 @@ index ad12930..e68b84a 100644
         { "FATAL",      SYSLOG_LEVEL_FATAL },
         { "ERROR",      SYSLOG_LEVEL_ERROR },
 diff --git a/ssh.c b/ssh.c
-index f9ff91f..314dd52 100644
+index 03a23fb..1febb04 100644
 --- a/ssh.c
 +++ b/ssh.c
-@@ -1119,7 +1119,7 @@ main(int ac, char **av)
+@@ -1167,7 +1167,7 @@ main(int ac, char **av)
         /* Do not allocate a tty if stdin is not a tty. */
         if ((!isatty(fileno(stdin)) || stdin_null_flag) &&
             options.request_tty != REQUEST_TTY_FORCE) {
diff --git a/debian/patches/systemd-readiness.patch b/debian/patches/systemd-readiness.patch
index ab3445fcc..deee48460 100644
--- a/debian/patches/systemd-readiness.patch
+++ b/debian/patches/systemd-readiness.patch
@@ -1,4 +1,4 @@
-From 643bc17ada741a9ee5b86170ad313f83278e1f72 Mon Sep 17 00:00:00 2001
+From fe97848e044743f0bac019a491ddf0138f84e14a Mon Sep 17 00:00:00 2001
 From: Michael Biebl <biebl@debian.org>
 Date: Mon, 21 Dec 2015 16:08:47 +0000
 Subject: Add systemd readiness notification support
@@ -14,10 +14,10 @@ Patch-Name: systemd-readiness.patch
  2 files changed, 33 insertions(+)
 
 diff --git a/configure.ac b/configure.ac
-index 5d720f7..c978c11 100644
+index f822fb3..6cafb15 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -4263,6 +4263,29 @@ AC_ARG_WITH([kerberos5],
+@@ -4319,6 +4319,29 @@ AC_ARG_WITH([kerberos5],
  AC_SUBST([GSSLIBS])
  AC_SUBST([K5LIBS])
  
@@ -47,7 +47,7 @@ index 5d720f7..c978c11 100644
  # Looking for programs, paths and files
  
  PRIVSEP_PATH=/var/empty
-@@ -5065,6 +5088,7 @@ echo "                   libedit support: $LIBEDIT_MSG"
+@@ -5121,6 +5144,7 @@ echo "                   libedit support: $LIBEDIT_MSG"
  echo "  Solaris process contract support: $SPC_MSG"
  echo "           Solaris project support: $SP_MSG"
  echo "         Solaris privilege support: $SPP_MSG"
@@ -56,7 +56,7 @@ index 5d720f7..c978c11 100644
  echo "           Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
  echo "                  BSD Auth support: $BSD_AUTH_MSG"
 diff --git a/sshd.c b/sshd.c
-index c2d42f5..8802d18 100644
+index 837409b..868df9e 100644
 --- a/sshd.c
 +++ b/sshd.c
 @@ -85,6 +85,10 @@
@@ -70,7 +70,7 @@ index c2d42f5..8802d18 100644
  #include "xmalloc.h"
  #include "ssh.h"
  #include "ssh1.h"
-@@ -2058,6 +2062,11 @@ main(int ac, char **av)
+@@ -2117,6 +2121,11 @@ main(int ac, char **av)
                         unsetenv("SSH_SIGSTOP");
                 }
  
diff --git a/debian/patches/unbreak-certificate-auth.patch b/debian/patches/unbreak-certificate-auth.patch
deleted file mode 100644
index cbf7c1800..000000000
--- a/debian/patches/unbreak-certificate-auth.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From 43a633de1cabe77e652125dac394a99ad9cac3b4 Mon Sep 17 00:00:00 2001
-From: "djm@openbsd.org" <djm@openbsd.org>
-Date: Mon, 14 Mar 2016 16:20:54 +0000
-Subject: upstream commit
-
-unbreak authentication using lone certificate keys in
- ssh-agent: when attempting pubkey auth with a certificate, if no separate
- private key is found among the keys then try with the certificate key itself.
-
-bz#2550 reported by Peter Moody
-
-Upstream-ID: f939cd76d68e6a9a3d1711b5a943d6ed1e623966
-
-Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=c38905ba391434834da86abfc988a2b8b9b62477
-Bug-Ubuntu: https://bugs.launchpad.net/bugs/1575961
-Last-Update: 2016-04-28
-
-Patch-Name: unbreak-certificate-auth.patch
----
- sshconnect2.c | 8 ++------
- 1 file changed, 2 insertions(+), 6 deletions(-)
-
-diff --git a/sshconnect2.c b/sshconnect2.c
-index b452eae..40facda 100644
---- a/sshconnect2.c
-+++ b/sshconnect2.c
-@@ -1,4 +1,4 @@
--/* $OpenBSD: sshconnect2.c,v 1.239 2016/02/23 01:34:14 djm Exp $ */
-+/* $OpenBSD: sshconnect2.c,v 1.240 2016/03/14 16:20:54 djm Exp $ */
- /*
-  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
-  * Copyright (c) 2008 Damien Miller.  All rights reserved.
-@@ -1224,12 +1224,8 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id)
-                            "certificate", __func__, id->filename,
-                            id->agent_fd != -1 ? " from agent" : "");
-                } else {
--                       /* XXX maybe verbose/error? */
--                       debug("%s: no private key for certificate "
-+                       debug("%s: no separate private key for certificate "
-                            "\"%s\"", __func__, id->filename);
--                       free(blob);
--                       buffer_free(&b);
--                       return 0;
-                }
-        }
- 
diff --git a/debian/patches/user-group-modes.patch b/debian/patches/user-group-modes.patch
index c64e141f8..3bd2fd91f 100644
--- a/debian/patches/user-group-modes.patch
+++ b/debian/patches/user-group-modes.patch
@@ -1,4 +1,4 @@
-From bf0d87583a842b9e8aaf2a9cd9dbc3e976df2af4 Mon Sep 17 00:00:00 2001
+From 563974a78e937c4844e1198b5f6d79b8b2b5c600 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:09:58 +0000
 Subject: Allow harmless group-writability
@@ -22,16 +22,16 @@ Patch-Name: user-group-modes.patch
  misc.c        | 69 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
  misc.h        |  2 ++
  platform.c    | 16 --------------
- readconf.c    |  5 +++--
+ readconf.c    |  3 +--
  ssh.1         |  2 ++
  ssh_config.5  |  2 ++
- 8 files changed, 82 insertions(+), 29 deletions(-)
+ 8 files changed, 80 insertions(+), 29 deletions(-)
 
 diff --git a/auth-rhosts.c b/auth-rhosts.c
-index ee9e827..2ff2cff 100644
+index 0ef3447..c17c13c 100644
 --- a/auth-rhosts.c
 +++ b/auth-rhosts.c
-@@ -271,8 +271,7 @@ auth_rhosts2_raw(struct passwd *pw, const char *client_user, const char *hostnam
+@@ -273,8 +273,7 @@ auth_rhosts2_raw(struct passwd *pw, const char *client_user, const char *hostnam
                 return 0;
         }
         if (options.strict_modes &&
@@ -41,7 +41,7 @@ index ee9e827..2ff2cff 100644
                 logit("Rhosts authentication refused for %.100s: "
                     "bad ownership or modes for home directory.", pw->pw_name);
                 auth_debug_add("Rhosts authentication refused for %.100s: "
-@@ -298,8 +297,7 @@ auth_rhosts2_raw(struct passwd *pw, const char *client_user, const char *hostnam
+@@ -300,8 +299,7 @@ auth_rhosts2_raw(struct passwd *pw, const char *client_user, const char *hostnam
                  * allowing access to their account by anyone.
                  */
                 if (options.strict_modes &&
@@ -52,10 +52,10 @@ index ee9e827..2ff2cff 100644
                             pw->pw_name, buf);
                         auth_debug_add("Bad file modes for %.200s", buf);
 diff --git a/auth.c b/auth.c
-index bd6a026..782b7f8 100644
+index f56dcc6..3f8b348 100644
 --- a/auth.c
 +++ b/auth.c
-@@ -425,8 +425,7 @@ check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host,
+@@ -435,8 +435,7 @@ check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host,
                 user_hostfile = tilde_expand_filename(userfile, pw->pw_uid);
                 if (options.strict_modes &&
                     (stat(user_hostfile, &st) == 0) &&
@@ -65,7 +65,7 @@ index bd6a026..782b7f8 100644
                         logit("Authentication refused for %.100s: "
                             "bad owner or modes for %.200s",
                             pw->pw_name, user_hostfile);
-@@ -488,8 +487,7 @@ auth_secure_path(const char *name, struct stat *stp, const char *pw_dir,
+@@ -498,8 +497,7 @@ auth_secure_path(const char *name, struct stat *stp, const char *pw_dir,
                 snprintf(err, errlen, "%s is not a regular file", buf);
                 return -1;
         }
@@ -75,7 +75,7 @@ index bd6a026..782b7f8 100644
                 snprintf(err, errlen, "bad ownership or modes for file %s",
                     buf);
                 return -1;
-@@ -504,8 +502,7 @@ auth_secure_path(const char *name, struct stat *stp, const char *pw_dir,
+@@ -514,8 +512,7 @@ auth_secure_path(const char *name, struct stat *stp, const char *pw_dir,
                 strlcpy(buf, cp, sizeof(buf));
  
                 if (stat(buf, &st) < 0 ||
@@ -86,7 +86,7 @@ index bd6a026..782b7f8 100644
                             "bad ownership or modes for directory %s", buf);
                         return -1;
 diff --git a/misc.c b/misc.c
-index de7e1fa..5704fa6 100644
+index 9421b4d..68efb2b 100644
 --- a/misc.c
 +++ b/misc.c
 @@ -51,8 +51,9 @@
@@ -108,7 +108,7 @@ index de7e1fa..5704fa6 100644
  
  /* remove newline at end of string */
  char *
-@@ -647,6 +649,71 @@ read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz,
+@@ -708,6 +710,71 @@ read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz,
         return -1;
  }
  
@@ -181,10 +181,10 @@ index de7e1fa..5704fa6 100644
  tun_open(int tun, int mode)
  {
 diff --git a/misc.h b/misc.h
-index 374c33c..89e1f75 100644
+index 7c76a6a..42cd95e 100644
 --- a/misc.h
 +++ b/misc.h
-@@ -135,4 +135,6 @@ char        *read_passphrase(const char *, int);
+@@ -139,4 +139,6 @@ char        *read_passphrase(const char *, int);
  int     ask_permission(const char *, ...) __attribute__((format(printf, 1, 2)));
  int     read_keyfile_line(FILE *, const char *, char *, size_t, u_long *);
  
@@ -192,10 +192,10 @@ index 374c33c..89e1f75 100644
 +
  #endif /* _MISC_H */
 diff --git a/platform.c b/platform.c
-index f35ec39..9a23e6e 100644
+index 4831706..2ce4dbf 100644
 --- a/platform.c
 +++ b/platform.c
-@@ -197,19 +197,3 @@ platform_krb5_get_principal_name(const char *pw_name)
+@@ -199,19 +199,3 @@ platform_krb5_get_principal_name(const char *pw_name)
         return NULL;
  #endif
  }
@@ -216,19 +216,10 @@ index f35ec39..9a23e6e 100644
 -       return 0;
 -}
 diff --git a/readconf.c b/readconf.c
-index fde6b41..cc1a633 100644
+index 3a6c67b..f6b4c8f 100644
 --- a/readconf.c
 +++ b/readconf.c
-@@ -39,6 +39,8 @@
- #include <stdio.h>
- #include <string.h>
- #include <unistd.h>
-+#include <pwd.h>
-+#include <grp.h>
- #ifdef HAVE_UTIL_H
- #include <util.h>
- #endif
-@@ -1626,8 +1628,7 @@ read_config_file(const char *filename, struct passwd *pw, const char *host,
+@@ -1753,8 +1753,7 @@ read_config_file_depth(const char *filename, struct passwd *pw,
  
                 if (fstat(fileno(f), &sb) == -1)
                         fatal("fstat %s: %s", filename, strerror(errno));
@@ -239,10 +230,10 @@ index fde6b41..cc1a633 100644
         }
  
 diff --git a/ssh.1 b/ssh.1
-index cc53343..feb0e89 100644
+index 4011c65..feef81a 100644
 --- a/ssh.1
 +++ b/ssh.1
-@@ -1459,6 +1459,8 @@ The file format and configuration options are described in
+@@ -1484,6 +1484,8 @@ The file format and configuration options are described in
  .Xr ssh_config 5 .
  Because of the potential for abuse, this file must have strict permissions:
  read/write for the user, and not writable by others.
@@ -252,10 +243,10 @@ index cc53343..feb0e89 100644
  .It Pa ~/.ssh/environment
  Contains additional definitions for environment variables; see
 diff --git a/ssh_config.5 b/ssh_config.5
-index bbf638b..ab8f271 100644
+index efc265a..5dd26bc 100644
 --- a/ssh_config.5
 +++ b/ssh_config.5
-@@ -1830,6 +1830,8 @@ The format of this file is described above.
+@@ -1903,6 +1903,8 @@ The format of this file is described above.
  This file is used by the SSH client.
  Because of the potential for abuse, this file must have strict permissions:
  read/write for the user, and not accessible by others.