34 files changed, 570 insertions, 637 deletions

diff --git a/debian/.git-dpm b/debian/.git-dpm
index a3594adbc..5452ac780 100644
--- a/debian/.git-dpm
+++ b/debian/.git-dpm
@@ -1,8 +1,8 @@
 # see git-dpm(1) from git-dpm package
-9c88f6248e9da14cb7916527862f2eac7f55b12a
-9c88f6248e9da14cb7916527862f2eac7f55b12a
-a8ed8d256b2e2c05b0c15565a7938028c5192277
-a8ed8d256b2e2c05b0c15565a7938028c5192277
-openssh_7.3p1.orig.tar.gz
-bfade84283fcba885e2084343ab19a08c7d123a5
-1522617
+2103d3e5566c54e08a59be750579a249e46747d7
+2103d3e5566c54e08a59be750579a249e46747d7
+971a7653746a6972b907dfe0ce139c06e4a6f482
+971a7653746a6972b907dfe0ce139c06e4a6f482
+openssh_7.4p1.orig.tar.gz
+2330bbf82ed08cf3ac70e0acf00186ef3eeb97e0
+1511780
diff --git a/debian/NEWS b/debian/NEWS
index 6f4564ba7..3a331e1fd 100644
--- a/debian/NEWS
+++ b/debian/NEWS
@@ -1,3 +1,34 @@
+openssh (1:7.4p1-1) UNRELEASED; urgency=medium
+
+  OpenSSH 7.4 includes a number of changes that may affect existing
+  configurations:
+
+   * ssh(1): Remove 3des-cbc from the client's default proposal.  64-bit
+     block ciphers are not safe in 2016 and we don't want to wait until
+     attacks like SWEET32 are extended to SSH.  As 3des-cbc was the only
+     mandatory cipher in the SSH RFCs, this may cause problems connecting to
+     older devices using the default configuration, but it's highly likely
+     that such devices already need explicit configuration for key exchange
+     and hostkey algorithms already anyway.
+   * sshd(8): Remove support for pre-authentication compression.  Doing
+     compression early in the protocol probably seemed reasonable in the
+     1990s, but today it's clearly a bad idea in terms of both cryptography
+     (cf. multiple compression oracle attacks in TLS) and attack surface.
+     Pre-auth compression support has been disabled by default for >10
+     years.  Support remains in the client.
+   * ssh-agent will refuse to load PKCS#11 modules outside a whitelist of
+     trusted paths by default.  The path whitelist may be specified at
+     run-time.
+   * sshd(8): When a forced-command appears in both a certificate and an
+     authorized keys/principals command= restriction, sshd will now refuse
+     to accept the certificate unless they are identical.  The previous
+     (documented) behaviour of having the certificate forced-command
+     override the other could be a bit confusing and error-prone.
+   * sshd(8): Remove the UseLogin configuration directive and support for
+     having /bin/login manage login sessions.
+
+ -- Colin Watson <cjwatson@debian.org>  Tue, 20 Dec 2016 22:21:15 +0000
+
 openssh (1:7.2p1-1) unstable; urgency=medium
 
   OpenSSH 7.2 disables a number of legacy cryptographic algorithms by
diff --git a/debian/changelog b/debian/changelog
index 8e094ecdb..c2065c580 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,119 @@
-openssh (1:7.3p1-6) UNRELEASED; urgency=medium
-
+openssh (1:7.4p1-1) UNRELEASED; urgency=medium
+
+  * New upstream release (http://www.openssh.com/txt/release-7.4):
+    - ssh(1): Remove 3des-cbc from the client's default proposal.  64-bit
+      block ciphers are not safe in 2016 and we don't want to wait until
+      attacks like SWEET32 are extended to SSH.  As 3des-cbc was the only
+      mandatory cipher in the SSH RFCs, this may cause problems connecting
+      to older devices using the default configuration, but it's highly
+      likely that such devices already need explicit configuration for key
+      exchange and hostkey algorithms already anyway.
+    - sshd(8): When a forced-command appears in both a certificate and an
+      authorized keys/principals command= restriction, sshd will now refuse
+      to accept the certificate unless they are identical.  The previous
+      (documented) behaviour of having the certificate forced-command
+      override the other could be a bit confusing and error-prone.
+    - sshd(8): Remove the UseLogin configuration directive and support for
+      having /bin/login manage login sessions.
+    - CVE-2016-10009: ssh-agent(1): Will now refuse to load PKCS#11 modules
+      from paths outside a trusted whitelist (run-time configurable).
+      Requests to load modules could be passed via agent forwarding and an
+      attacker could attempt to load a hostile PKCS#11 module across the
+      forwarded agent channel: PKCS#11 modules are shared libraries, so this
+      would result in code execution on the system running the ssh-agent if
+      the attacker has control of the forwarded agent-socket (on the host
+      running the sshd server) and the ability to write to the filesystem of
+      the host running ssh-agent (usually the host running the ssh client)
+      (closes: #848714).
+    - CVE-2016-10010: sshd(8): When privilege separation is disabled,
+      forwarded Unix-domain sockets would be created by sshd(8) with the
+      privileges of 'root' instead of the authenticated user.  This release
+      refuses Unix-domain socket forwarding when privilege separation is
+      disabled (Privilege separation has been enabled by default for 14
+      years) (closes: #848715).
+    - CVE-2016-10011: sshd(8): Avoid theoretical leak of host private key
+      material to privilege-separated child processes via realloc() when
+      reading keys.  No such leak was observed in practice for normal-sized
+      keys, nor does a leak to the child processes directly expose key
+      material to unprivileged users (closes: #848716).
+    - CVE-2016-10012: sshd(8): The shared memory manager used by
+      pre-authentication compression support had a bounds checks that could
+      be elided by some optimising compilers.  Additionally, this memory
+      manager was incorrectly accessible when pre-authentication compression
+      was disabled.  This could potentially allow attacks against the
+      privileged monitor process from the sandboxed privilege-separation
+      process (a compromise of the latter would be required first).  This
+      release removes support for pre-authentication compression from
+      sshd(8) (closes: #848717).
+    - SECURITY: sshd(8): Validate address ranges for AllowUser and DenyUsers
+      directives at configuration load time and refuse to accept invalid
+      ones.  It was previously possible to specify invalid CIDR address
+      ranges (e.g. user@127.1.2.3/55) and these would always match, possibly
+      resulting in granting access where it was not intended.
+    - ssh(1): Add a proxy multiplexing mode to ssh(1) inspired by the
+      version in PuTTY by Simon Tatham.  This allows a multiplexing client
+      to communicate with the master process using a subset of the SSH
+      packet and channels protocol over a Unix-domain socket, with the main
+      process acting as a proxy that translates channel IDs, etc.  This
+      allows multiplexing mode to run on systems that lack file-descriptor
+      passing (used by current multiplexing code) and potentially, in
+      conjunction with Unix-domain socket forwarding, with the client and
+      multiplexing master process on different machines.  Multiplexing proxy
+      mode may be invoked using "ssh -O proxy ...".
+    - sshd(8): Add a sshd_config DisableForwarding option that disables X11,
+      agent, TCP, tunnel and Unix domain socket forwarding, as well as
+      anything else we might implement in the future.  Like the 'restrict'
+      authorized_keys flag, this is intended to be a simple and future-proof
+      way of restricting an account.
+    - sshd(8), ssh(1): Support the "curve25519-sha256" key exchange method.
+      This is identical to the currently-supported method named
+      "curve25519-sha256@libssh.org".
+    - sshd(8): Improve handling of SIGHUP by checking to see if sshd is
+      already daemonised at startup and skipping the call to daemon(3) if it
+      is.  This ensures that a SIGHUP restart of sshd(8) will retain the
+      same process-ID as the initial execution.  sshd(8) will also now
+      unlink the PidFile prior to SIGHUP restart and re-create it after a
+      successful restart, rather than leaving a stale file in the case of a
+      configuration error.
+    - sshd(8): Allow ClientAliveInterval and ClientAliveCountMax directives
+      to appear in sshd_config Match blocks.
+    - sshd(8): Add %-escapes to AuthorizedPrincipalsCommand to match those
+      supported by AuthorizedKeysCommand (key, key type, fingerprint, etc.)
+      and a few more to provide access to the contents of the certificate
+      being offered.
+    - ssh(1): Allow IdentityFile to successfully load and use certificates
+      that have no corresponding bare public key.
+    - ssh(1): Fix public key authentication when multiple authentication is
+      in use and publickey is not just the first method attempted.
+    - ssh(1): Improve reporting when attempting to load keys from PKCS#11
+      tokens with fewer useless log messages and more detail in debug
+      messages.
+    - ssh(1): When tearing down ControlMaster connections, don't pollute
+      stderr when LogLevel=quiet.
+    - sftp(1): On ^Z wait for underlying ssh(1) to suspend before suspending
+      sftp(1) to ensure that ssh(1) restores the terminal mode correctly if
+      suspended during a password prompt.
+    - ssh(1): Avoid busy-wait when ssh(1) is suspended during a password
+      prompt (LP: #1646813).
+    - ssh(1), sshd(8): Correctly report errors during sending of ext-info
+      messages.
+    - sshd(8): Fix NULL-deref crash if sshd(8) received an out-of-sequence
+      NEWKEYS message.
+    - sshd(8): Correct list of supported signature algorithms sent in the
+      server-sig-algs extension.
+    - sshd(8): Fix sending ext_info message if privsep is disabled.
+    - sshd(8): More strictly enforce the expected ordering of privilege
+      separation monitor calls used for authentication and allow them only
+      when their respective authentication methods are enabled in the
+      configuration.
+    - sshd_config(5): Use 2001:db8::/32, the official IPv6 subnet for
+      configuration examples.
+    - On environments configured with Turkish locales, fall back to the
+      C/POSIX locale to avoid errors in configuration parsing caused by that
+      locale's unique handling of the letters 'i' and 'I' (LP: #1638338).
+    - contrib: Add a gnome-ssh-askpass3 with GTK+3 support.
+    - sshd(8): Improve PRNG reseeding across privilege separation and force
+      libcrypto to obtain a high-quality seed before chroot or sandboxing.
   * Apply "wrap-and-sort -at -f debian/control -f debian/tests/control".
 
  -- Colin Watson <cjwatson@debian.org>  Mon, 05 Dec 2016 19:31:33 +0000
diff --git a/debian/patches/auth-log-verbosity.patch b/debian/patches/auth-log-verbosity.patch
index 7abed3704..55c5e84ff 100644
--- a/debian/patches/auth-log-verbosity.patch
+++ b/debian/patches/auth-log-verbosity.patch
@@ -1,4 +1,4 @@
-From b4b79ae5a16f73426b54c6394a29b2b49da4dc16 Mon Sep 17 00:00:00 2001
+From 69e0307a3bc73d5d360c19aeb61133c126cf63bf Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:02 +0000
 Subject: Quieten logs when multiple from= restrictions are used
@@ -11,12 +11,11 @@ Patch-Name: auth-log-verbosity.patch
 ---
  auth-options.c | 35 ++++++++++++++++++++++++++---------
  auth-options.h |  1 +
- auth-rsa.c     |  2 ++
  auth2-pubkey.c |  3 +++
- 4 files changed, 32 insertions(+), 9 deletions(-)
+ 3 files changed, 30 insertions(+), 9 deletions(-)
 
 diff --git a/auth-options.c b/auth-options.c
-index b399b91..a9d9a81 100644
+index 57b49f7f..7eb87b35 100644
 --- a/auth-options.c
 +++ b/auth-options.c
 @@ -59,9 +59,20 @@ int forced_tun_device = -1;
@@ -79,7 +78,7 @@ index b399b91..a9d9a81 100644
                                             "is not permitted to use this "
                                             "certificate for login.",
 diff --git a/auth-options.h b/auth-options.h
-index 34852e5..1653855 100644
+index 52cbb42a..82355276 100644
 --- a/auth-options.h
 +++ b/auth-options.h
 @@ -33,6 +33,7 @@ extern int forced_tun_device;
@@ -89,22 +88,9 @@ index 34852e5..1653855 100644
 +void   auth_start_parse_options(void);
  int    auth_parse_options(struct passwd *, char *, char *, u_long);
  void   auth_clear_options(void);
- int    auth_cert_options(struct sshkey *, struct passwd *);
-diff --git a/auth-rsa.c b/auth-rsa.c
-index cbd971b..4cf2163 100644
---- a/auth-rsa.c
-+++ b/auth-rsa.c
-@@ -181,6 +181,8 @@ rsa_key_allowed_in_file(struct passwd *pw, char *file,
-        if ((f = auth_openkeyfile(file, pw, options.strict_modes)) == NULL)
-                return 0;
- 
-+       auth_start_parse_options();
-+
-        /*
-         * Go though the accepted keys, looking for the current key.  If
-         * found, perform a challenge-response dialog to verify that the
+ int    auth_cert_options(struct sshkey *, struct passwd *, const char **);
 diff --git a/auth2-pubkey.c b/auth2-pubkey.c
-index 41b34ae..aace7ca 100644
+index 20f3309e..add77136 100644
 --- a/auth2-pubkey.c
 +++ b/auth2-pubkey.c
 @@ -566,6 +566,7 @@ process_principals(FILE *f, char *file, struct passwd *pw,
@@ -115,19 +101,19 @@ index 41b34ae..aace7ca 100644
         while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
                 /* Skip leading whitespace. */
                 for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
-@@ -731,6 +732,7 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw)
+@@ -764,6 +765,7 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw)
         found_key = 0;
  
         found = NULL;
 +       auth_start_parse_options();
         while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
-                char *cp, *key_options = NULL;
-                if (found != NULL)
-@@ -878,6 +880,7 @@ user_cert_trusted_ca(struct passwd *pw, Key *key)
+                char *cp, *key_options = NULL, *fp = NULL;
+                const char *reason = NULL;
+@@ -911,6 +913,7 @@ user_cert_trusted_ca(struct passwd *pw, Key *key)
         if (key_cert_check_authority(key, 0, 1,
             use_authorized_principals ? NULL : pw->pw_name, &reason) != 0)
                 goto fail_reason;
 +       auth_start_parse_options();
-        if (auth_cert_options(key, pw) != 0)
-                goto out;
+        if (auth_cert_options(key, pw, &reason) != 0)
+                goto fail_reason;
  
diff --git a/debian/patches/authorized-keys-man-symlink.patch b/debian/patches/authorized-keys-man-symlink.patch
index d75494fa6..145e667ba 100644
--- a/debian/patches/authorized-keys-man-symlink.patch
+++ b/debian/patches/authorized-keys-man-symlink.patch
@@ -1,4 +1,4 @@
-From 724283a55e8928a5564722ebe9c133033b51809d Mon Sep 17 00:00:00 2001
+From 59a369094592ce96510bb421d6e494b6f36eb7b7 Mon Sep 17 00:00:00 2001
 From: Tomas Pospisek <tpo_deb@sourcepole.ch>
 Date: Sun, 9 Feb 2014 16:10:07 +0000
 Subject: Install authorized_keys(5) as a symlink to sshd(8)
@@ -13,10 +13,10 @@ Patch-Name: authorized-keys-man-symlink.patch
  1 file changed, 1 insertion(+)
 
 diff --git a/Makefile.in b/Makefile.in
-index 51817df..21948dd 100644
+index 00a320e1..a6eb81ec 100644
 --- a/Makefile.in
 +++ b/Makefile.in
-@@ -327,6 +327,7 @@ install-files:
+@@ -335,6 +335,7 @@ install-files:
         $(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5
         $(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh_config.5
         $(INSTALL) -m 644 sshd.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8
diff --git a/debian/patches/debian-banner.patch b/debian/patches/debian-banner.patch
index cf4bfad50..ad842c23f 100644
--- a/debian/patches/debian-banner.patch
+++ b/debian/patches/debian-banner.patch
@@ -1,4 +1,4 @@
-From 277ad2acedde81dce324e711da116d100b47f445 Mon Sep 17 00:00:00 2001
+From 02a077d3c8f8491d277b2291d5ae538379c7ed44 Mon Sep 17 00:00:00 2001
 From: Kees Cook <kees@debian.org>
 Date: Sun, 9 Feb 2014 16:10:06 +0000
 Subject: Add DebianBanner server configuration option
@@ -19,43 +19,43 @@ Patch-Name: debian-banner.patch
  4 files changed, 18 insertions(+), 1 deletion(-)
 
 diff --git a/servconf.c b/servconf.c
-index bf9f8f7..a98b309 100644
+index 49d3bdc8..1cee3d6c 100644
 --- a/servconf.c
 +++ b/servconf.c
-@@ -171,6 +171,7 @@ initialize_server_options(ServerOptions *options)
-        options->ip_qos_bulk = -1;
+@@ -166,6 +166,7 @@ initialize_server_options(ServerOptions *options)
         options->version_addendum = NULL;
         options->fingerprint_hash = -1;
+        options->disable_forwarding = -1;
 +       options->debian_banner = -1;
  }
  
  /* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */
-@@ -359,6 +360,8 @@ fill_default_server_options(ServerOptions *options)
-                options->fwd_opts.streamlocal_bind_unlink = 0;
-        if (options->fingerprint_hash == -1)
+@@ -339,6 +340,8 @@ fill_default_server_options(ServerOptions *options)
                 options->fingerprint_hash = SSH_FP_HASH_DEFAULT;
+        if (options->disable_forwarding == -1)
+                options->disable_forwarding = 0;
 +       if (options->debian_banner == -1)
 +               options->debian_banner = 1;
  
         assemble_algorithms(options);
  
-@@ -445,6 +448,7 @@ typedef enum {
+@@ -425,6 +428,7 @@ typedef enum {
         sAuthenticationMethods, sHostKeyAgent, sPermitUserRC,
         sStreamLocalBindMask, sStreamLocalBindUnlink,
-        sAllowStreamLocalForwarding, sFingerprintHash,
+        sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding,
 +       sDebianBanner,
-        sDeprecated, sUnsupported
+        sDeprecated, sIgnore, sUnsupported
  } ServerOpCodes;
  
-@@ -596,6 +600,7 @@ static struct {
-        { "streamlocalbindunlink", sStreamLocalBindUnlink, SSHCFG_ALL },
+@@ -577,6 +581,7 @@ static struct {
         { "allowstreamlocalforwarding", sAllowStreamLocalForwarding, SSHCFG_ALL },
         { "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL },
+        { "disableforwarding", sDisableForwarding, SSHCFG_ALL },
 +       { "debianbanner", sDebianBanner, SSHCFG_GLOBAL },
         { NULL, sBadOption, 0 }
  };
  
-@@ -1903,6 +1908,10 @@ process_server_config_line(ServerOptions *options, char *line,
+@@ -1860,6 +1865,10 @@ process_server_config_line(ServerOptions *options, char *line,
                         options->fingerprint_hash = value;
                 break;
  
@@ -64,13 +64,13 @@ index bf9f8f7..a98b309 100644
 +               goto parse_int;
 +
         case sDeprecated:
-                logit("%s line %d: Deprecated option %s",
-                    filename, linenum, arg);
+        case sIgnore:
+        case sUnsupported:
 diff --git a/servconf.h b/servconf.h
-index 778ba17..161fa37 100644
+index 90dfa4c2..913a21b3 100644
 --- a/servconf.h
 +++ b/servconf.h
-@@ -197,6 +197,8 @@ typedef struct {
+@@ -191,6 +191,8 @@ typedef struct {
         char   *auth_methods[MAX_AUTH_METHODS];
  
         int     fingerprint_hash;
@@ -80,32 +80,32 @@ index 778ba17..161fa37 100644
  
  /* Information about the incoming connection as used by Match */
 diff --git a/sshd.c b/sshd.c
-index e873557..71fad9e 100644
+index 39e4699c..747beec8 100644
 --- a/sshd.c
 +++ b/sshd.c
-@@ -443,7 +443,8 @@ sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out)
-        }
+@@ -378,7 +378,8 @@ sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out)
+        char remote_version[256];       /* Must be at least as big as buf. */
  
         xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s",
--           major, minor, SSH_RELEASE,
-+           major, minor,
+-           PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE,
++           PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2,
 +           options.debian_banner ? SSH_RELEASE : SSH_RELEASE_MINIMUM,
             *options.version_addendum == '\0' ? "" : " ",
             options.version_addendum, newline);
  
 diff --git a/sshd_config.5 b/sshd_config.5
-index e05cdbe..ac9b1f0 100644
+index 283ba889..4ea0a9c3 100644
 --- a/sshd_config.5
 +++ b/sshd_config.5
-@@ -541,6 +541,11 @@ or
- .Dq no .
+@@ -526,6 +526,11 @@ or
+ .Cm no .
  The default is
- .Dq delayed .
+ .Cm yes .
 +.It Cm DebianBanner
 +Specifies whether the distribution-specified extra version suffix is
 +included during initial protocol handshake.
 +The default is
-+.Dq yes .
++.Cm yes .
  .It Cm DenyGroups
  This keyword can be followed by a list of group name patterns, separated
  by spaces.
diff --git a/debian/patches/debian-config.patch b/debian/patches/debian-config.patch
index 1d9efcbbf..8129c1e58 100644
--- a/debian/patches/debian-config.patch
+++ b/debian/patches/debian-config.patch
@@ -1,4 +1,4 @@
-From 4c914ccd85bbf391c4dc61b85e3c178fef465e3f Mon Sep 17 00:00:00 2001
+From 2103d3e5566c54e08a59be750579a249e46747d7 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:18 +0000
 Subject: Various Debian-specific configuration changes
@@ -32,10 +32,10 @@ Patch-Name: debian-config.patch
  6 files changed, 72 insertions(+), 4 deletions(-)
 
 diff --git a/readconf.c b/readconf.c
-index f6b4c8f..5cd51f3 100644
+index c02cdf63..d1091cbd 100644
 --- a/readconf.c
 +++ b/readconf.c
-@@ -1928,7 +1928,7 @@ fill_default_options(Options * options)
+@@ -1927,7 +1927,7 @@ fill_default_options(Options * options)
         if (options->forward_x11 == -1)
                 options->forward_x11 = 0;
         if (options->forward_x11_trusted == -1)
@@ -45,7 +45,7 @@ index f6b4c8f..5cd51f3 100644
                 options->forward_x11_timeout = 1200;
         /*
 diff --git a/ssh.1 b/ssh.1
-index 22e56a7..6aa57c4 100644
+index 22e56a7b..6aa57c46 100644
 --- a/ssh.1
 +++ b/ssh.1
 @@ -785,6 +785,16 @@ directive in
@@ -84,7 +84,7 @@ index 22e56a7..6aa57c4 100644
  Send log information using the
  .Xr syslog 3
 diff --git a/ssh_config b/ssh_config
-index 4e879cd..5190b06 100644
+index 4e879cd2..5190b06b 100644
 --- a/ssh_config
 +++ b/ssh_config
 @@ -17,9 +17,10 @@
@@ -108,7 +108,7 @@ index 4e879cd..5190b06 100644
 +    GSSAPIAuthentication yes
 +    GSSAPIDelegateCredentials no
 diff --git a/ssh_config.5 b/ssh_config.5
-index 30c97a9..c967258 100644
+index 40617be4..8dce757e 100644
 --- a/ssh_config.5
 +++ b/ssh_config.5
 @@ -74,6 +74,22 @@ Since the first obtained value for each parameter is used, more
@@ -131,24 +131,28 @@ index 30c97a9..c967258 100644
 +.Cm GSSAPIAuthentication No yes
 +.El
 +.Pp
- The configuration file has the following format:
+ The file contains keyword-argument pairs, one per line.
+ Lines starting with
+ .Ql #
+@@ -711,11 +727,12 @@ elapsed.
+ .It Cm ForwardX11Trusted
+ If this option is set to
+ .Cm yes ,
++(the Debian-specific default),
+ remote X11 clients will have full access to the original X11 display.
  .Pp
- Empty lines and lines starting with
-@@ -799,7 +815,8 @@ token used for the session will be set to expire after 20 minutes.
- Remote clients will be refused access after this time.
- .Pp
- The default is
--.Dq no .
-+.Dq yes
-+(Debian-specific).
- .Pp
- See the X11 SECURITY extension specification for full details on
- the restrictions imposed on untrusted clients.
+ If this option is set to
+ .Cm no
+-(the default),
++(the upstream default),
+ remote X11 clients will be considered untrusted and prevented
+ from stealing or tampering with data belonging to trusted X11
+ clients.
 diff --git a/sshd_config b/sshd_config
-index 3fe3e01..ec8ff8f 100644
+index 00e5a728..c0b84f8e 100644
 --- a/sshd_config
 +++ b/sshd_config
-@@ -124,7 +124,7 @@ AuthorizedKeysFile  .ssh/authorized_keys
+@@ -111,7 +111,7 @@ AuthorizedKeysFile  .ssh/authorized_keys
  #Banner none
  
  # override default of no subsystems
@@ -158,7 +162,7 @@ index 3fe3e01..ec8ff8f 100644
  # Example of overriding settings on a per-user basis
  #Match User anoncvs
 diff --git a/sshd_config.5 b/sshd_config.5
-index b2b349e..79f2d61 100644
+index e45a8937..d6911a98 100644
 --- a/sshd_config.5
 +++ b/sshd_config.5
 @@ -57,6 +57,31 @@ Arguments may optionally be enclosed in double quotes
diff --git a/debian/patches/dnssec-sshfp.patch b/debian/patches/dnssec-sshfp.patch
index e4498fb48..f85eaadd9 100644
--- a/debian/patches/dnssec-sshfp.patch
+++ b/debian/patches/dnssec-sshfp.patch
@@ -1,4 +1,4 @@
-From 9d9a37bb0c2d7546253ff2b0b67e314d8475bfc7 Mon Sep 17 00:00:00 2001
+From cb15899de8dc5d2e8b3869d743307d252af69643 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:01 +0000
 Subject: Force use of DNSSEC even if "options edns0" isn't in resolv.conf
@@ -18,7 +18,7 @@ Patch-Name: dnssec-sshfp.patch
  3 files changed, 21 insertions(+), 6 deletions(-)
 
 diff --git a/dns.c b/dns.c
-index e813afe..fce2e30 100644
+index e813afea..fce2e308 100644
 --- a/dns.c
 +++ b/dns.c
 @@ -206,6 +206,7 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address,
@@ -51,7 +51,7 @@ index e813afe..fce2e30 100644
                 verbose("DNS lookup error: %s", dns_result_totext(result));
                 return -1;
 diff --git a/openbsd-compat/getrrsetbyname.c b/openbsd-compat/getrrsetbyname.c
-index dc6fe05..e061a29 100644
+index dc6fe053..e061a290 100644
 --- a/openbsd-compat/getrrsetbyname.c
 +++ b/openbsd-compat/getrrsetbyname.c
 @@ -209,8 +209,8 @@ getrrsetbyname(const char *hostname, unsigned int rdclass,
@@ -79,7 +79,7 @@ index dc6fe05..e061a29 100644
  
         /* make query */
 diff --git a/openbsd-compat/getrrsetbyname.h b/openbsd-compat/getrrsetbyname.h
-index 1283f55..dbbc85a 100644
+index 1283f550..dbbc85a2 100644
 --- a/openbsd-compat/getrrsetbyname.h
 +++ b/openbsd-compat/getrrsetbyname.h
 @@ -72,6 +72,9 @@
diff --git a/debian/patches/doc-hash-tab-completion.patch b/debian/patches/doc-hash-tab-completion.patch
index 5f91cadfe..9d03ff54e 100644
--- a/debian/patches/doc-hash-tab-completion.patch
+++ b/debian/patches/doc-hash-tab-completion.patch
@@ -1,4 +1,4 @@
-From bfea780bba64294541d98efcc26b01392ff64c60 Mon Sep 17 00:00:00 2001
+From 9d1bb4df39e51955442e82d8764827abdd2651c9 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:11 +0000
 Subject: Document that HashKnownHosts may break tab-completion
@@ -13,10 +13,10 @@ Patch-Name: doc-hash-tab-completion.patch
  1 file changed, 3 insertions(+)
 
 diff --git a/ssh_config.5 b/ssh_config.5
-index 5dd26bc..30c97a9 100644
+index f62ea6b8..40617be4 100644
 --- a/ssh_config.5
 +++ b/ssh_config.5
-@@ -883,6 +883,9 @@ Note that existing names and addresses in known hosts files
+@@ -805,6 +805,9 @@ Note that existing names and addresses in known hosts files
  will not be converted automatically,
  but may be manually hashed using
  .Xr ssh-keygen 1 .
diff --git a/debian/patches/doc-upstart.patch b/debian/patches/doc-upstart.patch
index 8f093d80c..67906f19a 100644
--- a/debian/patches/doc-upstart.patch
+++ b/debian/patches/doc-upstart.patch
@@ -1,4 +1,4 @@
-From e4ba4e1616d372522de9e18f0973ed49a5521b95 Mon Sep 17 00:00:00 2001
+From d52a0f1744dde27a36c3ee8314fbbab8c1a2216f Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@ubuntu.com>
 Date: Sun, 9 Feb 2014 16:10:12 +0000
 Subject: Refer to ssh's Upstart job as well as its init script
@@ -12,10 +12,10 @@ Patch-Name: doc-upstart.patch
  1 file changed, 4 insertions(+), 1 deletion(-)
 
 diff --git a/sshd.8 b/sshd.8
-index 58eefe9..4e75567 100644
+index e6915141..38a72540 100644
 --- a/sshd.8
 +++ b/sshd.8
-@@ -67,7 +67,10 @@ over an insecure network.
+@@ -65,7 +65,10 @@ over an insecure network.
  .Nm
  listens for connections from clients.
  It is normally started at boot from
diff --git a/debian/patches/fix-putty-interop-tests.patch b/debian/patches/fix-putty-interop-tests.patch
deleted file mode 100644
index c33c24acc..000000000
--- a/debian/patches/fix-putty-interop-tests.patch
+++ /dev/null
@@ -1,113 +0,0 @@
-From 9c88f6248e9da14cb7916527862f2eac7f55b12a Mon Sep 17 00:00:00 2001
-From: Colin Watson <cjwatson@debian.org>
-Date: Sat, 19 Nov 2016 16:02:49 +0000
-Subject: Fix PuTTY interop tests
-
-A while back I got a patch into PuTTY (although it hasn't yet made it
-into an upstream release) to add passphrase-file options to puttygen.
-Use these to make the PuTTY interop tests non-interactive.
-
-Fix up a few details of the saved session.
-
-When plink is given a saved session name, it expects that *instead* of
-the host name (or IP address), not in addition to it.  Drop "127.0.0.1"
-from the various plink test command lines.
-
-(It is possible that the last two of these represent compatibility
-breaks of some kind; but if they are, then that ship sailed sufficiently
-long ago - at least seven years, possibly more - that it's no longer
-worth worrying about it.  It's more useful to test interoperability with
-current versions.)
-
-Origin: https://bugzilla.mindrot.org/attachment.cgi?id=2891
-Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=2639
-Last-Update: 2016-11-19
-
-Patch-Name: fix-putty-interop-tests.patch
----
- regress/putty-ciphers.sh  |  2 +-
- regress/putty-kex.sh      |  3 +--
- regress/putty-transfer.sh |  4 ++--
- regress/test-exec.sh      | 10 ++++++++--
- 4 files changed, 12 insertions(+), 7 deletions(-)
-
-diff --git a/regress/putty-ciphers.sh b/regress/putty-ciphers.sh
-index 724a98c..3775b1d 100644
---- a/regress/putty-ciphers.sh
-+++ b/regress/putty-ciphers.sh
-@@ -16,7 +16,7 @@ for c in aes blowfish 3des arcfour aes128-ctr aes192-ctr aes256-ctr ; do
- 
-        rm -f ${COPY}
-        env HOME=$PWD ${PLINK} -load cipher_$c -batch -i putty.rsa2 \
--           127.0.0.1 cat ${DATA} > ${COPY}
-+           cat ${DATA} > ${COPY}
-        if [ $? -ne 0 ]; then
-                fail "ssh cat $DATA failed"
-        fi
-diff --git a/regress/putty-kex.sh b/regress/putty-kex.sh
-index 1844d65..6ae2290 100644
---- a/regress/putty-kex.sh
-+++ b/regress/putty-kex.sh
-@@ -14,8 +14,7 @@ for k in dh-gex-sha1 dh-group1-sha1 dh-group14-sha1 ; do
-            ${OBJ}/.putty/sessions/kex_$k
-        echo "KEX=$k" >> ${OBJ}/.putty/sessions/kex_$k
- 
--       env HOME=$PWD ${PLINK} -load kex_$k -batch -i putty.rsa2 \
--           127.0.0.1 true
-+       env HOME=$PWD ${PLINK} -load kex_$k -batch -i putty.rsa2 true
-        if [ $? -ne 0 ]; then
-                fail "KEX $k failed"
-        fi
-diff --git a/regress/putty-transfer.sh b/regress/putty-transfer.sh
-index aec0e04..cb1da94 100644
---- a/regress/putty-transfer.sh
-+++ b/regress/putty-transfer.sh
-@@ -17,7 +17,7 @@ for p in 2; do
-                    ${OBJ}/.putty/sessions/compression_$c
-                echo "Compression=$c" >> ${OBJ}/.putty/sessions/kex_$k
-                env HOME=$PWD ${PLINK} -load compression_$c -batch \
--                   -i putty.rsa$p 127.0.0.1 cat ${DATA} > ${COPY}
-+                   -i putty.rsa$p cat ${DATA} > ${COPY}
-                if [ $? -ne 0 ]; then
-                        fail "ssh cat $DATA failed"
-                fi
-@@ -28,7 +28,7 @@ for p in 2; do
-                        rm -f ${COPY}
-                        dd if=$DATA obs=${s} 2> /dev/null | \
-                                env HOME=$PWD ${PLINK} -load compression_$c \
--                                   -batch -i putty.rsa$p 127.0.0.1 \
-+                                   -batch -i putty.rsa$p \
-                                    "cat > ${COPY}"
-                        if [ $? -ne 0 ]; then
-                                fail "ssh cat $DATA failed"
-diff --git a/regress/test-exec.sh b/regress/test-exec.sh
-index 1b6526d..74b365c 100644
---- a/regress/test-exec.sh
-+++ b/regress/test-exec.sh
-@@ -513,7 +513,11 @@ if test "$REGRESS_INTEROP_PUTTY" = "yes" ; then
- 
-        # Add a PuTTY key to authorized_keys
-        rm -f ${OBJ}/putty.rsa2
--       puttygen -t rsa -o ${OBJ}/putty.rsa2 < /dev/null > /dev/null
-+       if ! puttygen -t rsa -o ${OBJ}/putty.rsa2 \
-+           --new-passphrase /dev/null < /dev/null > /dev/null; then
-+               echo "Your installed version of PuTTY is too old to support --new-passphrase; trying without (may require manual interaction) ..." >&2
-+               puttygen -t rsa -o ${OBJ}/putty.rsa2 < /dev/null > /dev/null
-+       fi
-        puttygen -O public-openssh ${OBJ}/putty.rsa2 \
-            >> $OBJ/authorized_keys_$USER
- 
-@@ -526,10 +530,12 @@ if test "$REGRESS_INTEROP_PUTTY" = "yes" ; then
-        # Setup proxied session
-        mkdir -p ${OBJ}/.putty/sessions
-        rm -f ${OBJ}/.putty/sessions/localhost_proxy
--       echo "Hostname=127.0.0.1" >> ${OBJ}/.putty/sessions/localhost_proxy
-+       echo "Protocol=ssh" >> ${OBJ}/.putty/sessions/localhost_proxy
-+       echo "HostName=127.0.0.1" >> ${OBJ}/.putty/sessions/localhost_proxy
-        echo "PortNumber=$PORT" >> ${OBJ}/.putty/sessions/localhost_proxy
-        echo "ProxyMethod=5" >> ${OBJ}/.putty/sessions/localhost_proxy
-        echo "ProxyTelnetCommand=sh ${SRC}/sshd-log-wrapper.sh ${TEST_SSHD_LOGFILE} ${SSHD} -i -f $OBJ/sshd_proxy" >> ${OBJ}/.putty/sessions/localhost_proxy
-+       echo "ProxyLocalhost=1" >> ${OBJ}/.putty/sessions/localhost_proxy
- 
-        REGRESS_INTEROP_PUTTY=yes
- fi
diff --git a/debian/patches/gnome-ssh-askpass2-icon.patch b/debian/patches/gnome-ssh-askpass2-icon.patch
index c34441df3..8d4199907 100644
--- a/debian/patches/gnome-ssh-askpass2-icon.patch
+++ b/debian/patches/gnome-ssh-askpass2-icon.patch
@@ -1,4 +1,4 @@
-From db85bf41862b80b0447777d942a091cd3ac5f1c1 Mon Sep 17 00:00:00 2001
+From 39cb522642f428a818ef2cd56c39de4783da0b6e Mon Sep 17 00:00:00 2001
 From: Vincent Untz <vuntz@ubuntu.com>
 Date: Sun, 9 Feb 2014 16:10:16 +0000
 Subject: Give the ssh-askpass-gnome window a default icon
@@ -12,10 +12,10 @@ Patch-Name: gnome-ssh-askpass2-icon.patch
  1 file changed, 2 insertions(+)
 
 diff --git a/contrib/gnome-ssh-askpass2.c b/contrib/gnome-ssh-askpass2.c
-index 9d97c30..04b3a11 100644
+index 535a6927..e37a1338 100644
 --- a/contrib/gnome-ssh-askpass2.c
 +++ b/contrib/gnome-ssh-askpass2.c
-@@ -209,6 +209,8 @@ main(int argc, char **argv)
+@@ -211,6 +211,8 @@ main(int argc, char **argv)
  
         gtk_init(&argc, &argv);
  
diff --git a/debian/patches/gssapi.patch b/debian/patches/gssapi.patch
index 8e946aa88..ea56167d7 100644
--- a/debian/patches/gssapi.patch
+++ b/debian/patches/gssapi.patch
@@ -1,4 +1,4 @@
-From eecddf8b72fcad83ccca43b1badb03782704f6b7 Mon Sep 17 00:00:00 2001
+From 9f717de15a8e113f7c6a3db52d75ce0172885f95 Mon Sep 17 00:00:00 2001
 From: Simon Wilkinson <simon@sxw.org.uk>
 Date: Sun, 9 Feb 2014 16:09:48 +0000
 Subject: GSSAPI key exchange support
@@ -39,7 +39,7 @@ Patch-Name: gssapi.patch
  kex.h            |  14 +++
  kexgssc.c        | 338 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
  kexgsss.c        | 295 ++++++++++++++++++++++++++++++++++++++++++++++++
- monitor.c        | 108 +++++++++++++++++-
+ monitor.c        | 115 +++++++++++++++++--
  monitor.h        |   3 +
  monitor_wrap.c   |  47 +++++++-
  monitor_wrap.h   |   4 +-
@@ -56,14 +56,14 @@ Patch-Name: gssapi.patch
  sshd_config.5    |  10 ++
  sshkey.c         |   3 +-
  sshkey.h         |   1 +
- 35 files changed, 2054 insertions(+), 139 deletions(-)
+ 35 files changed, 2053 insertions(+), 147 deletions(-)
  create mode 100644 ChangeLog.gssapi
  create mode 100644 kexgssc.c
  create mode 100644 kexgsss.c
 
 diff --git a/ChangeLog.gssapi b/ChangeLog.gssapi
 new file mode 100644
-index 0000000..f117a33
+index 00000000..f117a336
 --- /dev/null
 +++ b/ChangeLog.gssapi
 @@ -0,0 +1,113 @@
@@ -181,7 +181,7 @@ index 0000000..f117a33
 +    (from jbasney AT ncsa.uiuc.edu)
 +    <gssapi-with-mic support is Bugzilla #1008>
 diff --git a/Makefile.in b/Makefile.in
-index 12991cd..51817df 100644
+index e10f3742..00a320e1 100644
 --- a/Makefile.in
 +++ b/Makefile.in
 @@ -92,6 +92,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
@@ -192,17 +192,17 @@ index 12991cd..51817df 100644
         platform-pledge.o platform-tracing.o
  
  SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
-@@ -105,7 +106,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
+@@ -105,7 +106,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o \
         auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o \
         auth2-none.o auth2-passwd.o auth2-pubkey.o \
-        monitor_mm.o monitor.o monitor_wrap.o auth-krb5.o \
+        monitor.o monitor_wrap.o auth-krb5.o \
 -       auth2-gss.o gss-serv.o gss-serv-krb5.o \
 +       auth2-gss.o gss-serv.o gss-serv-krb5.o kexgsss.o \
         loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
         sftp-server.o sftp-common.o \
         sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
 diff --git a/auth-krb5.c b/auth-krb5.c
-index a5a81ed..38e7fee 100644
+index a5a81ed2..38e7fee2 100644
 --- a/auth-krb5.c
 +++ b/auth-krb5.c
 @@ -182,8 +182,13 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
@@ -253,10 +253,10 @@ index a5a81ed..38e7fee 100644
         return (krb5_cc_resolve(ctx, ccname, ccache));
  }
 diff --git a/auth.c b/auth.c
-index 24527dd..f56dcc6 100644
+index 6ee6116d..c6390687 100644
 --- a/auth.c
 +++ b/auth.c
-@@ -363,7 +363,8 @@ auth_root_allowed(const char *method)
+@@ -372,7 +372,8 @@ auth_root_allowed(const char *method)
         case PERMIT_NO_PASSWD:
                 if (strcmp(method, "publickey") == 0 ||
                     strcmp(method, "hostbased") == 0 ||
@@ -266,7 +266,7 @@ index 24527dd..f56dcc6 100644
                         return 1;
                 break;
         case PERMIT_FORCED_ONLY:
-@@ -786,99 +787,6 @@ fakepw(void)
+@@ -795,99 +796,6 @@ fakepw(void)
  }
  
  /*
@@ -367,7 +367,7 @@ index 24527dd..f56dcc6 100644
   * connection.  The host name is cached, so it is efficient to call this
   * several times.
 diff --git a/auth2-gss.c b/auth2-gss.c
-index 1ca8357..3b5036d 100644
+index 1ca83577..3b5036df 100644
 --- a/auth2-gss.c
 +++ b/auth2-gss.c
 @@ -1,7 +1,7 @@
@@ -454,7 +454,7 @@ index 1ca8357..3b5036d 100644
         "gssapi-with-mic",
         userauth_gssapi,
 diff --git a/auth2.c b/auth2.c
-index 9108b86..ce0d376 100644
+index 9108b861..ce0d3760 100644
 --- a/auth2.c
 +++ b/auth2.c
 @@ -70,6 +70,7 @@ extern Authmethod method_passwd;
@@ -474,7 +474,7 @@ index 9108b86..ce0d376 100644
  #endif
         &method_passwd,
 diff --git a/canohost.c b/canohost.c
-index f71a085..404731d 100644
+index f71a0856..404731d2 100644
 --- a/canohost.c
 +++ b/canohost.c
 @@ -35,6 +35,99 @@
@@ -578,7 +578,7 @@ index f71a085..404731d 100644
  ipv64_normalise_mapped(struct sockaddr_storage *addr, socklen_t *len)
  {
 diff --git a/canohost.h b/canohost.h
-index 26d6285..0cadc9f 100644
+index 26d62855..0cadc9f1 100644
 --- a/canohost.h
 +++ b/canohost.h
 @@ -15,6 +15,9 @@
@@ -592,10 +592,10 @@ index 26d6285..0cadc9f 100644
  int             get_peer_port(int);
  char           *get_local_ipaddr(int);
 diff --git a/clientloop.c b/clientloop.c
-index 2c44f5d..421241f 100644
+index 4289a408..99c68b69 100644
 --- a/clientloop.c
 +++ b/clientloop.c
-@@ -114,6 +114,10 @@
+@@ -113,6 +113,10 @@
  #include "ssherr.h"
  #include "hostfile.h"
  
@@ -606,7 +606,7 @@ index 2c44f5d..421241f 100644
  /* import options */
  extern Options options;
  
-@@ -1666,9 +1670,18 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
+@@ -1664,9 +1668,18 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
                         break;
  
                 /* Do channel operations unless rekeying in progress. */
@@ -627,10 +627,10 @@ index 2c44f5d..421241f 100644
                 client_process_net_input(readset);
  
 diff --git a/config.h.in b/config.h.in
-index 39d018f..d7caf9a 100644
+index 75e02ab4..afe540e9 100644
 --- a/config.h.in
 +++ b/config.h.in
-@@ -1668,6 +1668,9 @@
+@@ -1667,6 +1667,9 @@
  /* Use btmp to log bad logins */
  #undef USE_BTMP
  
@@ -640,7 +640,7 @@ index 39d018f..d7caf9a 100644
  /* Use libedit for sftp */
  #undef USE_LIBEDIT
  
-@@ -1683,6 +1686,9 @@
+@@ -1682,6 +1685,9 @@
  /* Use PIPES instead of a socketpair() */
  #undef USE_PIPES
  
@@ -651,10 +651,10 @@ index 39d018f..d7caf9a 100644
  #undef USE_SOLARIS_PRIVS
  
 diff --git a/configure.ac b/configure.ac
-index 373d21b..894ec3b 100644
+index eb9f45dc..5fdc696c 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -632,6 +632,30 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
+@@ -623,6 +623,30 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
             [Use tunnel device compatibility to OpenBSD])
         AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
             [Prepend the address family to IP tunnel traffic])
@@ -686,11 +686,11 @@ index 373d21b..894ec3b 100644
         AC_CHECK_DECL([AU_IPv4], [],
             AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records])
 diff --git a/gss-genr.c b/gss-genr.c
-index d617d60..b4eca3f 100644
+index 62559ed9..0b3ae073 100644
 --- a/gss-genr.c
 +++ b/gss-genr.c
 @@ -1,7 +1,7 @@
- /* $OpenBSD: gss-genr.c,v 1.23 2015/01/20 23:14:00 deraadt Exp $ */
+ /* $OpenBSD: gss-genr.c,v 1.24 2016/09/12 01:22:38 deraadt Exp $ */
  
  /*
 - * Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved.
@@ -698,7 +698,7 @@ index d617d60..b4eca3f 100644
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
-@@ -41,12 +41,167 @@
+@@ -40,12 +40,167 @@
  #include "buffer.h"
  #include "log.h"
  #include "ssh2.h"
@@ -866,7 +866,7 @@ index d617d60..b4eca3f 100644
  /* Check that the OID in a data stream matches that in the context */
  int
  ssh_gssapi_check_oid(Gssctxt *ctx, void *data, size_t len)
-@@ -199,7 +354,7 @@ ssh_gssapi_init_ctx(Gssctxt *ctx, int deleg_creds, gss_buffer_desc *recv_tok,
+@@ -198,7 +353,7 @@ ssh_gssapi_init_ctx(Gssctxt *ctx, int deleg_creds, gss_buffer_desc *recv_tok,
         }
  
         ctx->major = gss_init_sec_context(&ctx->minor,
@@ -875,7 +875,7 @@ index d617d60..b4eca3f 100644
             GSS_C_MUTUAL_FLAG | GSS_C_INTEG_FLAG | deleg_flag,
             0, NULL, recv_tok, NULL, send_tok, flags, NULL);
  
-@@ -229,8 +384,42 @@ ssh_gssapi_import_name(Gssctxt *ctx, const char *host)
+@@ -228,8 +383,42 @@ ssh_gssapi_import_name(Gssctxt *ctx, const char *host)
  }
  
  OM_uint32
@@ -918,7 +918,7 @@ index d617d60..b4eca3f 100644
         if ((ctx->major = gss_get_mic(&ctx->minor, ctx->context,
             GSS_C_QOP_DEFAULT, buffer, hash)))
                 ssh_gssapi_error(ctx);
-@@ -238,6 +427,19 @@ ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_t buffer, gss_buffer_t hash)
+@@ -237,6 +426,19 @@ ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_t buffer, gss_buffer_t hash)
         return (ctx->major);
  }
  
@@ -938,7 +938,7 @@ index d617d60..b4eca3f 100644
  void
  ssh_gssapi_buildmic(Buffer *b, const char *user, const char *service,
      const char *context)
-@@ -251,11 +453,16 @@ ssh_gssapi_buildmic(Buffer *b, const char *user, const char *service,
+@@ -250,11 +452,16 @@ ssh_gssapi_buildmic(Buffer *b, const char *user, const char *service,
  }
  
  int
@@ -956,7 +956,7 @@ index d617d60..b4eca3f 100644
  
         /* RFC 4462 says we MUST NOT do SPNEGO */
         if (oid->length == spnego_oid.length && 
-@@ -265,6 +472,10 @@ ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host)
+@@ -264,6 +471,10 @@ ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host)
         ssh_gssapi_build_ctx(ctx);
         ssh_gssapi_set_oid(*ctx, oid);
         major = ssh_gssapi_import_name(*ctx, host);
@@ -967,7 +967,7 @@ index d617d60..b4eca3f 100644
         if (!GSS_ERROR(major)) {
                 major = ssh_gssapi_init_ctx(*ctx, 0, GSS_C_NO_BUFFER, &token, 
                     NULL);
-@@ -274,10 +485,66 @@ ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host)
+@@ -273,10 +484,66 @@ ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host)
                             GSS_C_NO_BUFFER);
         }
  
@@ -1036,7 +1036,7 @@ index d617d60..b4eca3f 100644
 +
  #endif /* GSSAPI */
 diff --git a/gss-serv-krb5.c b/gss-serv-krb5.c
-index 795992d..fd8b371 100644
+index 795992d9..fd8b3718 100644
 --- a/gss-serv-krb5.c
 +++ b/gss-serv-krb5.c
 @@ -1,7 +1,7 @@
@@ -1162,7 +1162,7 @@ index 795992d..fd8b371 100644
  
  #endif /* KRB5 */
 diff --git a/gss-serv.c b/gss-serv.c
-index 53993d6..2f6baf7 100644
+index 53993d67..2f6baf70 100644
 --- a/gss-serv.c
 +++ b/gss-serv.c
 @@ -1,7 +1,7 @@
@@ -1434,10 +1434,10 @@ index 53993d6..2f6baf7 100644
  
  #endif
 diff --git a/kex.c b/kex.c
-index 50c7a0f..c17d652 100644
+index 6a94bc53..d8708684 100644
 --- a/kex.c
 +++ b/kex.c
-@@ -55,6 +55,10 @@
+@@ -54,6 +54,10 @@
  #include "sshbuf.h"
  #include "digest.h"
  
@@ -1474,7 +1474,7 @@ index 50c7a0f..c17d652 100644
         return NULL;
  }
  
-@@ -587,6 +603,9 @@ kex_free(struct kex *kex)
+@@ -597,6 +613,9 @@ kex_free(struct kex *kex)
         sshbuf_free(kex->peer);
         sshbuf_free(kex->my);
         free(kex->session_id);
@@ -1485,10 +1485,10 @@ index 50c7a0f..c17d652 100644
         free(kex->server_version_string);
         free(kex->failed_choice);
 diff --git a/kex.h b/kex.h
-index c351955..8ed459a 100644
+index 3794f212..fd56171d 100644
 --- a/kex.h
 +++ b/kex.h
-@@ -98,6 +98,9 @@ enum kex_exchange {
+@@ -99,6 +99,9 @@ enum kex_exchange {
         KEX_DH_GEX_SHA256,
         KEX_ECDH_SHA2,
         KEX_C25519_SHA256,
@@ -1498,7 +1498,7 @@ index c351955..8ed459a 100644
         KEX_MAX
  };
  
-@@ -146,6 +149,12 @@ struct kex {
+@@ -147,6 +150,12 @@ struct kex {
         u_int   flags;
         int     hash_alg;
         int     ec_nid;
@@ -1511,7 +1511,7 @@ index c351955..8ed459a 100644
         char    *client_version_string;
         char    *server_version_string;
         char    *failed_choice;
-@@ -196,6 +205,11 @@ int         kexecdh_server(struct ssh *);
+@@ -197,6 +206,11 @@ int         kexecdh_server(struct ssh *);
  int     kexc25519_client(struct ssh *);
  int     kexc25519_server(struct ssh *);
  
@@ -1525,7 +1525,7 @@ index c351955..8ed459a 100644
      const BIGNUM *, const BIGNUM *, const BIGNUM *, u_char *, size_t *);
 diff --git a/kexgssc.c b/kexgssc.c
 new file mode 100644
-index 0000000..10447f2
+index 00000000..10447f2b
 --- /dev/null
 +++ b/kexgssc.c
 @@ -0,0 +1,338 @@
@@ -1869,7 +1869,7 @@ index 0000000..10447f2
 +#endif /* GSSAPI */
 diff --git a/kexgsss.c b/kexgsss.c
 new file mode 100644
-index 0000000..38ca082
+index 00000000..38ca082b
 --- /dev/null
 +++ b/kexgsss.c
 @@ -0,0 +1,295 @@
@@ -2169,10 +2169,10 @@ index 0000000..38ca082
 +}
 +#endif /* GSSAPI */
 diff --git a/monitor.c b/monitor.c
-index cb57bd0..05bb48a 100644
+index 43f48470..76d9e346 100644
 --- a/monitor.c
 +++ b/monitor.c
-@@ -158,6 +158,8 @@ int mm_answer_gss_setup_ctx(int, Buffer *);
+@@ -157,6 +157,8 @@ int mm_answer_gss_setup_ctx(int, Buffer *);
  int mm_answer_gss_accept_ctx(int, Buffer *);
  int mm_answer_gss_userok(int, Buffer *);
  int mm_answer_gss_checkmic(int, Buffer *);
@@ -2181,10 +2181,10 @@ index cb57bd0..05bb48a 100644
  #endif
  
  #ifdef SSH_AUDIT_EVENTS
-@@ -235,11 +237,18 @@ struct mon_table mon_dispatch_proto20[] = {
-     {MONITOR_REQ_GSSSTEP, MON_ISAUTH, mm_answer_gss_accept_ctx},
-     {MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok},
-     {MONITOR_REQ_GSSCHECKMIC, MON_ISAUTH, mm_answer_gss_checkmic},
+@@ -230,11 +232,18 @@ struct mon_table mon_dispatch_proto20[] = {
+     {MONITOR_REQ_GSSSTEP, 0, mm_answer_gss_accept_ctx},
+     {MONITOR_REQ_GSSUSEROK, MON_ONCE|MON_AUTHDECIDE, mm_answer_gss_userok},
+     {MONITOR_REQ_GSSCHECKMIC, MON_ONCE, mm_answer_gss_checkmic},
 +    {MONITOR_REQ_GSSSIGN, MON_ONCE, mm_answer_gss_sign},
  #endif
      {0, 0, NULL}
@@ -2200,29 +2200,29 @@ index cb57bd0..05bb48a 100644
  #ifdef WITH_OPENSSL
      {MONITOR_REQ_MODULI, 0, mm_answer_moduli},
  #endif
-@@ -354,6 +363,10 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
-                /* Permit requests for moduli and signatures */
-                monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);
-                monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);
+@@ -301,6 +310,10 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
+        /* Permit requests for moduli and signatures */
+        monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);
+        monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);
 +#ifdef GSSAPI
-+               /* and for the GSSAPI key exchange */
-+               monitor_permit(mon_dispatch, MONITOR_REQ_GSSSETUP, 1);
++       /* and for the GSSAPI key exchange */
++       monitor_permit(mon_dispatch, MONITOR_REQ_GSSSETUP, 1);
 +#endif
-        } else {
-                mon_dispatch = mon_dispatch_proto15;
  
-@@ -462,6 +475,10 @@ monitor_child_postauth(struct monitor *pmonitor)
-                monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);
-                monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);
-                monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1);
+        /* The first few requests do not require asynchronous access */
+        while (!authenticated) {
+@@ -400,6 +413,10 @@ monitor_child_postauth(struct monitor *pmonitor)
+        monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);
+        monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);
+        monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1);
 +#ifdef GSSAPI
-+               /* and for the GSSAPI key exchange */
-+               monitor_permit(mon_dispatch, MONITOR_REQ_GSSSETUP, 1);
++       /* and for the GSSAPI key exchange */
++       monitor_permit(mon_dispatch, MONITOR_REQ_GSSSETUP, 1);
 +#endif         
-        } else {
-                mon_dispatch = mon_dispatch_postauth15;
-                monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1);
-@@ -1876,6 +1893,13 @@ monitor_apply_keystate(struct monitor *pmonitor)
+ 
+        if (!no_pty_flag) {
+                monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1);
+@@ -1601,6 +1618,13 @@ monitor_apply_keystate(struct monitor *pmonitor)
  # endif
  #endif /* WITH_OPENSSL */
                 kex->kex[KEX_C25519_SHA256] = kexc25519_server;
@@ -2236,27 +2236,29 @@ index cb57bd0..05bb48a 100644
                 kex->load_host_public_key=&get_hostkey_public_by_type;
                 kex->load_host_private_key=&get_hostkey_private_by_type;
                 kex->host_key_index=&get_hostkey_index;
-@@ -1975,6 +1999,9 @@ mm_answer_gss_setup_ctx(int sock, Buffer *m)
+@@ -1680,8 +1704,8 @@ mm_answer_gss_setup_ctx(int sock, Buffer *m)
         OM_uint32 major;
         u_int len;
  
+-       if (!options.gss_authentication)
+-               fatal("%s: GSSAPI authentication not enabled", __func__);
 +       if (!options.gss_authentication && !options.gss_keyex)
-+               fatal("In GSSAPI monitor when GSSAPI is disabled");
-+
++               fatal("%s: GSSAPI not enabled", __func__);
+ 
         goid.elements = buffer_get_string(m, &len);
         goid.length = len;
- 
-@@ -2002,6 +2029,9 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m)
+@@ -1710,8 +1734,8 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m)
         OM_uint32 flags = 0; /* GSI needs this */
         u_int len;
  
+-       if (!options.gss_authentication)
+-               fatal("%s: GSSAPI authentication not enabled", __func__);
 +       if (!options.gss_authentication && !options.gss_keyex)
-+               fatal("In GSSAPI monitor when GSSAPI is disabled");
-+
++               fatal("%s: GSSAPI not enabled", __func__);
+ 
         in.value = buffer_get_string(m, &len);
         in.length = len;
-        major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags);
-@@ -2019,6 +2049,7 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m)
+@@ -1730,6 +1754,7 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m)
                 monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0);
                 monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1);
                 monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1);
@@ -2264,30 +2266,33 @@ index cb57bd0..05bb48a 100644
         }
         return (0);
  }
-@@ -2030,6 +2061,9 @@ mm_answer_gss_checkmic(int sock, Buffer *m)
+@@ -1741,8 +1766,8 @@ mm_answer_gss_checkmic(int sock, Buffer *m)
         OM_uint32 ret;
         u_int len;
  
+-       if (!options.gss_authentication)
+-               fatal("%s: GSSAPI authentication not enabled", __func__);
 +       if (!options.gss_authentication && !options.gss_keyex)
-+               fatal("In GSSAPI monitor when GSSAPI is disabled");
-+
++               fatal("%s: GSSAPI not enabled", __func__);
+ 
         gssbuf.value = buffer_get_string(m, &len);
         gssbuf.length = len;
-        mic.value = buffer_get_string(m, &len);
-@@ -2056,7 +2090,11 @@ mm_answer_gss_userok(int sock, Buffer *m)
+@@ -1770,10 +1795,11 @@ mm_answer_gss_userok(int sock, Buffer *m)
  {
         int authenticated;
  
--       authenticated = authctxt->valid && ssh_gssapi_userok(authctxt->user);
+-       if (!options.gss_authentication)
+-               fatal("%s: GSSAPI authentication not enabled", __func__);
 +       if (!options.gss_authentication && !options.gss_keyex)
-+               fatal("In GSSAPI monitor when GSSAPI is disabled");
-+
++               fatal("%s: GSSAPI not enabled", __func__);
+ 
+-       authenticated = authctxt->valid && ssh_gssapi_userok(authctxt->user);
 +       authenticated = authctxt->valid && 
 +           ssh_gssapi_userok(authctxt->user, authctxt->pw);
  
         buffer_clear(m);
         buffer_put_int(m, authenticated);
-@@ -2069,5 +2107,73 @@ mm_answer_gss_userok(int sock, Buffer *m)
+@@ -1786,5 +1812,76 @@ mm_answer_gss_userok(int sock, Buffer *m)
         /* Monitor loop will terminate if authenticated */
         return (authenticated);
  }
@@ -2301,7 +2306,7 @@ index cb57bd0..05bb48a 100644
 +       u_int len;
 +
 +       if (!options.gss_authentication && !options.gss_keyex)
-+               fatal("In GSSAPI monitor when GSSAPI is disabled");
++               fatal("%s: GSSAPI not enabled", __func__);
 +
 +       data.value = buffer_get_string(m, &len);
 +       data.length = len;
@@ -2341,6 +2346,9 @@ index cb57bd0..05bb48a 100644
 +       ssh_gssapi_ccache store;
 +       int ok;
 +
++       if (!options.gss_authentication && !options.gss_keyex)
++               fatal("%s: GSSAPI not enabled", __func__);
++
 +       store.filename = buffer_get_string(m, NULL);
 +       store.envvar   = buffer_get_string(m, NULL);
 +       store.envval   = buffer_get_string(m, NULL);
@@ -2362,7 +2370,7 @@ index cb57bd0..05bb48a 100644
  #endif /* GSSAPI */
  
 diff --git a/monitor.h b/monitor.h
-index 93b8b66..bc50ade 100644
+index d68f6745..ec41404c 100644
 --- a/monitor.h
 +++ b/monitor.h
 @@ -65,6 +65,9 @@ enum monitor_reqtype {
@@ -2374,12 +2382,12 @@ index 93b8b66..bc50ade 100644
 +
  };
  
- struct mm_master;
+ struct monitor {
 diff --git a/monitor_wrap.c b/monitor_wrap.c
-index 99dc13b..5a9f1b5 100644
+index 64ff9288..d5cb640a 100644
 --- a/monitor_wrap.c
 +++ b/monitor_wrap.c
-@@ -1073,7 +1073,7 @@ mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic)
+@@ -924,7 +924,7 @@ mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic)
  }
  
  int
@@ -2388,7 +2396,7 @@ index 99dc13b..5a9f1b5 100644
  {
         Buffer m;
         int authenticated = 0;
-@@ -1090,5 +1090,50 @@ mm_ssh_gssapi_userok(char *user)
+@@ -941,5 +941,50 @@ mm_ssh_gssapi_userok(char *user)
         debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not ");
         return (authenticated);
  }
@@ -2440,10 +2448,10 @@ index 99dc13b..5a9f1b5 100644
  #endif /* GSSAPI */
  
 diff --git a/monitor_wrap.h b/monitor_wrap.h
-index 9fd02b3..b5414c2 100644
+index db5902f5..8f9dd896 100644
 --- a/monitor_wrap.h
 +++ b/monitor_wrap.h
-@@ -60,8 +60,10 @@ BIGNUM *mm_auth_rsa_generate_challenge(Key *);
+@@ -55,8 +55,10 @@ int mm_key_verify(Key *, u_char *, u_int, u_char *, u_int);
  OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **, gss_OID);
  OM_uint32 mm_ssh_gssapi_accept_ctx(Gssctxt *,
     gss_buffer_desc *, gss_buffer_desc *, OM_uint32 *);
@@ -2456,7 +2464,7 @@ index 9fd02b3..b5414c2 100644
  
  #ifdef USE_PAM
 diff --git a/readconf.c b/readconf.c
-index c177202..e019195 100644
+index fa3fab8f..7902ef26 100644
 --- a/readconf.c
 +++ b/readconf.c
 @@ -160,6 +160,8 @@ typedef enum {
@@ -2488,7 +2496,7 @@ index c177202..e019195 100644
  #endif
         { "fallbacktorsh", oDeprecated },
         { "usersh", oDeprecated },
-@@ -962,10 +973,30 @@ parse_time:
+@@ -961,10 +972,30 @@ parse_time:
                 intptr = &options->gss_authentication;
                 goto parse_flag;
  
@@ -2519,7 +2527,7 @@ index c177202..e019195 100644
         case oBatchMode:
                 intptr = &options->batch_mode;
                 goto parse_flag;
-@@ -1777,7 +1808,12 @@ initialize_options(Options * options)
+@@ -1776,7 +1807,12 @@ initialize_options(Options * options)
         options->pubkey_authentication = -1;
         options->challenge_response_authentication = -1;
         options->gss_authentication = -1;
@@ -2532,7 +2540,7 @@ index c177202..e019195 100644
         options->password_authentication = -1;
         options->kbd_interactive_authentication = -1;
         options->kbd_interactive_devices = NULL;
-@@ -1921,8 +1957,14 @@ fill_default_options(Options * options)
+@@ -1920,8 +1956,14 @@ fill_default_options(Options * options)
                 options->challenge_response_authentication = 1;
         if (options->gss_authentication == -1)
                 options->gss_authentication = 0;
@@ -2548,7 +2556,7 @@ index c177202..e019195 100644
                 options->password_authentication = 1;
         if (options->kbd_interactive_authentication == -1)
 diff --git a/readconf.h b/readconf.h
-index cef55f7..fd3d7c7 100644
+index cef55f71..fd3d7c75 100644
 --- a/readconf.h
 +++ b/readconf.h
 @@ -45,7 +45,12 @@ typedef struct {
@@ -2565,10 +2573,10 @@ index cef55f7..fd3d7c7 100644
                                                  * authentication. */
         int     kbd_interactive_authentication; /* Try keyboard-interactive auth. */
 diff --git a/servconf.c b/servconf.c
-index 873b0d0..9b06281 100644
+index 795ddbab..14c81fa9 100644
 --- a/servconf.c
 +++ b/servconf.c
-@@ -117,8 +117,10 @@ initialize_server_options(ServerOptions *options)
+@@ -113,8 +113,10 @@ initialize_server_options(ServerOptions *options)
         options->kerberos_ticket_cleanup = -1;
         options->kerberos_get_afs_token = -1;
         options->gss_authentication=-1;
@@ -2579,7 +2587,7 @@ index 873b0d0..9b06281 100644
         options->password_authentication = -1;
         options->kbd_interactive_authentication = -1;
         options->challenge_response_authentication = -1;
-@@ -287,10 +289,14 @@ fill_default_server_options(ServerOptions *options)
+@@ -267,10 +269,14 @@ fill_default_server_options(ServerOptions *options)
                 options->kerberos_get_afs_token = 0;
         if (options->gss_authentication == -1)
                 options->gss_authentication = 0;
@@ -2595,7 +2603,7 @@ index 873b0d0..9b06281 100644
         if (options->password_authentication == -1)
                 options->password_authentication = 1;
         if (options->kbd_interactive_authentication == -1)
-@@ -427,6 +433,7 @@ typedef enum {
+@@ -407,6 +413,7 @@ typedef enum {
         sHostKeyAlgorithms,
         sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile,
         sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
@@ -2603,7 +2611,7 @@ index 873b0d0..9b06281 100644
         sAcceptEnv, sPermitTunnel,
         sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
         sUsePrivilegeSeparation, sAllowAgentForwarding,
-@@ -500,12 +507,20 @@ static struct {
+@@ -480,12 +487,20 @@ static struct {
  #ifdef GSSAPI
         { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
         { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
@@ -2624,7 +2632,7 @@ index 873b0d0..9b06281 100644
         { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
         { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
         { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL },
-@@ -1251,6 +1266,10 @@ process_server_config_line(ServerOptions *options, char *line,
+@@ -1207,6 +1222,10 @@ process_server_config_line(ServerOptions *options, char *line,
                 intptr = &options->gss_authentication;
                 goto parse_flag;
  
@@ -2635,7 +2643,7 @@ index 873b0d0..9b06281 100644
         case sGssCleanupCreds:
                 intptr = &options->gss_cleanup_creds;
                 goto parse_flag;
-@@ -1259,6 +1278,10 @@ process_server_config_line(ServerOptions *options, char *line,
+@@ -1215,6 +1234,10 @@ process_server_config_line(ServerOptions *options, char *line,
                 intptr = &options->gss_strict_acceptor;
                 goto parse_flag;
  
@@ -2646,7 +2654,7 @@ index 873b0d0..9b06281 100644
         case sPasswordAuthentication:
                 intptr = &options->password_authentication;
                 goto parse_flag;
-@@ -2308,7 +2331,10 @@ dump_config(ServerOptions *o)
+@@ -2248,7 +2271,10 @@ dump_config(ServerOptions *o)
  #endif
  #ifdef GSSAPI
         dump_cfg_fmtint(sGssAuthentication, o->gss_authentication);
@@ -2658,10 +2666,10 @@ index 873b0d0..9b06281 100644
         dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication);
         dump_cfg_fmtint(sKbdInteractiveAuthentication,
 diff --git a/servconf.h b/servconf.h
-index f4137af..778ba17 100644
+index 5853a974..90dfa4c2 100644
 --- a/servconf.h
 +++ b/servconf.h
-@@ -118,8 +118,10 @@ typedef struct {
+@@ -112,8 +112,10 @@ typedef struct {
         int     kerberos_get_afs_token;         /* If true, try to get AFS token if
                                                  * authenticated with Kerberos. */
         int     gss_authentication;     /* If true, permit GSSAPI authentication */
@@ -2673,7 +2681,7 @@ index f4137af..778ba17 100644
                                                  * authentication. */
         int     kbd_interactive_authentication; /* If true, permit */
 diff --git a/ssh-gss.h b/ssh-gss.h
-index a99d7f0..914701b 100644
+index a99d7f08..914701bc 100644
 --- a/ssh-gss.h
 +++ b/ssh-gss.h
 @@ -1,6 +1,6 @@
@@ -2776,7 +2784,7 @@ index a99d7f0..914701b 100644
  
  #endif /* _SSH_GSS_H */
 diff --git a/ssh_config b/ssh_config
-index 90fb63f..4e879cd 100644
+index 90fb63f0..4e879cd2 100644
 --- a/ssh_config
 +++ b/ssh_config
 @@ -26,6 +26,8 @@
@@ -2789,18 +2797,18 @@ index 90fb63f..4e879cd 100644
  #   CheckHostIP yes
  #   AddressFamily any
 diff --git a/ssh_config.5 b/ssh_config.5
-index 7630e7b..707d0e1 100644
+index 591365f3..a7703fc7 100644
 --- a/ssh_config.5
 +++ b/ssh_config.5
-@@ -826,10 +826,42 @@ The default is
+@@ -748,10 +748,42 @@ The default is
  Specifies whether user authentication based on GSSAPI is allowed.
  The default is
- .Dq no .
+ .Cm no .
 +.It Cm GSSAPIKeyExchange
 +Specifies whether key exchange based on GSSAPI may be used. When using
 +GSSAPI key exchange the server need not have a host key.
 +The default is
-+.Dq no .
++.Cm no .
 +.It Cm GSSAPIClientIdentity
 +If set, specifies the GSSAPI client identity that ssh should use when 
 +connecting to the server. The default is unset, which means that the default 
@@ -2813,30 +2821,30 @@ index 7630e7b..707d0e1 100644
  .It Cm GSSAPIDelegateCredentials
  Forward (delegate) credentials to the server.
  The default is
- .Dq no .
+ .Cm no .
 +.It Cm GSSAPIRenewalForcesRekey
 +If set to 
-+.Dq yes
++.Cm yes
 +then renewal of the client's GSSAPI credentials will force the rekeying of the
 +ssh connection. With a compatible server, this can delegate the renewed 
 +credentials to a session on the server.
 +The default is
-+.Dq no .
++.Cm no .
 +.It Cm GSSAPITrustDns
 +Set to 
-+.Dq yes
++.Cm yes
 +to indicate that the DNS is trusted to securely canonicalize
 +the name of the host being connected to. If 
-+.Dq no ,
++.Cm no ,
 +the hostname entered on the
 +command line will be passed untouched to the GSSAPI library.
 +The default is
-+.Dq no .
++.Cm no .
  .It Cm HashKnownHosts
  Indicates that
  .Xr ssh 1
 diff --git a/sshconnect2.c b/sshconnect2.c
-index fae8b0f..34b9d30 100644
+index 103a2b36..d534e619 100644
 --- a/sshconnect2.c
 +++ b/sshconnect2.c
 @@ -162,6 +162,11 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
@@ -2923,7 +2931,7 @@ index fae8b0f..34b9d30 100644
  #endif
  
  void   userauth(Authctxt *, char *);
-@@ -326,6 +378,11 @@ static char *authmethods_get(void);
+@@ -327,6 +379,11 @@ static char *authmethods_get(void);
  
  Authmethod authmethods[] = {
  #ifdef GSSAPI
@@ -2935,7 +2943,7 @@ index fae8b0f..34b9d30 100644
         {"gssapi-with-mic",
                 userauth_gssapi,
                 NULL,
-@@ -650,25 +707,40 @@ userauth_gssapi(Authctxt *authctxt)
+@@ -652,25 +709,40 @@ userauth_gssapi(Authctxt *authctxt)
         static u_int mech = 0;
         OM_uint32 min;
         int ok = 0;
@@ -2978,7 +2986,7 @@ index fae8b0f..34b9d30 100644
         if (!ok)
                 return 0;
  
-@@ -759,8 +831,8 @@ input_gssapi_response(int type, u_int32_t plen, void *ctxt)
+@@ -761,8 +833,8 @@ input_gssapi_response(int type, u_int32_t plen, void *ctxt)
  {
         Authctxt *authctxt = ctxt;
         Gssctxt *gssctxt;
@@ -2989,7 +2997,7 @@ index fae8b0f..34b9d30 100644
  
         if (authctxt == NULL)
                 fatal("input_gssapi_response: no authentication context");
-@@ -873,6 +945,48 @@ input_gssapi_error(int type, u_int32_t plen, void *ctxt)
+@@ -875,6 +947,48 @@ input_gssapi_error(int type, u_int32_t plen, void *ctxt)
         free(lang);
         return 0;
  }
@@ -3039,10 +3047,10 @@ index fae8b0f..34b9d30 100644
  
  int
 diff --git a/sshd.c b/sshd.c
-index 799c771..ebb88c7 100644
+index 1dc4d182..ec2cf976 100644
 --- a/sshd.c
 +++ b/sshd.c
-@@ -125,6 +125,10 @@
+@@ -123,6 +123,10 @@
  #include "version.h"
  #include "ssherr.h"
  
@@ -3050,24 +3058,24 @@ index 799c771..ebb88c7 100644
 +#include <Security/AuthSession.h>
 +#endif
 +
- #ifndef O_NOCTTY
- #define O_NOCTTY       0
- #endif
-@@ -1892,10 +1896,13 @@ main(int ac, char **av)
-                logit("Disabling protocol version 1. Could not load host key");
-                options.protocol &= ~SSH_PROTO_1;
+ /* Re-exec fds */
+ #define REEXEC_DEVCRYPTO_RESERVED_FD   (STDERR_FILENO + 1)
+ #define REEXEC_STARTUP_PIPE_FD         (STDERR_FILENO + 2)
+@@ -1705,10 +1709,13 @@ main(int ac, char **av)
+                    key ? "private" : "agent", i, sshkey_ssh_name(pubkey), fp);
+                free(fp);
         }
 +#ifndef GSSAPI
 +       /* The GSSAPI key exchange can run without a host key */
-        if ((options.protocol & SSH_PROTO_2) && !sensitive_data.have_ssh2_key) {
-                logit("Disabling protocol version 2. Could not load host key");
-                options.protocol &= ~SSH_PROTO_2;
-        }
-+#endif
-        if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) {
+        if (!sensitive_data.have_ssh2_key) {
                 logit("sshd: no hostkeys available -- exiting.");
                 exit(1);
-@@ -2207,6 +2214,60 @@ main(int ac, char **av)
+        }
++#endif
+ 
+        /*
+         * Load certificates. They are stored in an array at identical
+@@ -1978,6 +1985,60 @@ main(int ac, char **av)
             remote_ip, remote_port, laddr,  ssh_local_port(ssh));
         free(laddr);
  
@@ -3128,7 +3136,7 @@ index 799c771..ebb88c7 100644
         /*
          * We don't want to listen forever unless the other side
          * successfully authenticates itself.  So we set up an alarm which is
-@@ -2631,6 +2692,48 @@ do_ssh2_kex(void)
+@@ -2159,6 +2220,48 @@ do_ssh2_kex(void)
         myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(
             list_hostkey_types());
  
@@ -3177,7 +3185,7 @@ index 799c771..ebb88c7 100644
         /* start key exchange */
         if ((r = kex_setup(active_state, myproposal)) != 0)
                 fatal("kex_setup: %s", ssh_err(r));
-@@ -2648,6 +2751,13 @@ do_ssh2_kex(void)
+@@ -2176,6 +2279,13 @@ do_ssh2_kex(void)
  # endif
  #endif
         kex->kex[KEX_C25519_SHA256] = kexc25519_server;
@@ -3192,10 +3200,10 @@ index 799c771..ebb88c7 100644
         kex->client_version_string=client_version_string;
         kex->server_version_string=server_version_string;
 diff --git a/sshd_config b/sshd_config
-index 75ae8e7..3fe3e01 100644
+index 9f09e4a6..00e5a728 100644
 --- a/sshd_config
 +++ b/sshd_config
-@@ -83,6 +83,8 @@ AuthorizedKeysFile    .ssh/authorized_keys
+@@ -70,6 +70,8 @@ AuthorizedKeysFile    .ssh/authorized_keys
  # GSSAPI options
  #GSSAPIAuthentication no
  #GSSAPICleanupCredentials yes
@@ -3205,38 +3213,38 @@ index 75ae8e7..3fe3e01 100644
  # Set this to 'yes' to enable PAM authentication, account processing,
  # and session processing. If this is enabled, PAM authentication will
 diff --git a/sshd_config.5 b/sshd_config.5
-index 1bc26ec..3b4cba9 100644
+index 32b29d24..dd765b39 100644
 --- a/sshd_config.5
 +++ b/sshd_config.5
-@@ -632,6 +632,11 @@ The default is
+@@ -623,6 +623,11 @@ The default is
  Specifies whether user authentication based on GSSAPI is allowed.
  The default is
- .Dq no .
+ .Cm no .
 +.It Cm GSSAPIKeyExchange
 +Specifies whether key exchange based on GSSAPI is allowed. GSSAPI key exchange
 +doesn't rely on ssh keys to verify host identity.
 +The default is
-+.Dq no .
++.Cm no .
  .It Cm GSSAPICleanupCredentials
  Specifies whether to automatically destroy the user's credentials cache
  on logout.
-@@ -652,6 +657,11 @@ machine's default store.
+@@ -642,6 +647,11 @@ machine's default store.
  This facility is provided to assist with operation on multi homed machines.
  The default is
- .Dq yes .
+ .Cm yes .
 +.It Cm GSSAPIStoreCredentialsOnRekey
 +Controls whether the user's GSSAPI credentials should be updated following a 
 +successful connection rekeying. This option can be used to accepted renewed 
 +or updated credentials from a compatible client. The default is
-+.Dq no .
++.Cm no .
  .It Cm HostbasedAcceptedKeyTypes
  Specifies the key types that will be accepted for hostbased authentication
  as a comma-separated pattern list.
 diff --git a/sshkey.c b/sshkey.c
-index c9f04cd..558bbbe 100644
+index c01da6c3..377d72fa 100644
 --- a/sshkey.c
 +++ b/sshkey.c
-@@ -115,6 +115,7 @@ static const struct keytype keytypes[] = {
+@@ -114,6 +114,7 @@ static const struct keytype keytypes[] = {
  #  endif /* OPENSSL_HAS_NISTP521 */
  # endif /* OPENSSL_HAS_ECC */
  #endif /* WITH_OPENSSL */
@@ -3244,7 +3252,7 @@ index c9f04cd..558bbbe 100644
         { NULL, NULL, -1, -1, 0, 0 }
  };
  
-@@ -203,7 +204,7 @@ key_alg_list(int certs_only, int plain_only)
+@@ -202,7 +203,7 @@ sshkey_alg_list(int certs_only, int plain_only, char sep)
         const struct keytype *kt;
  
         for (kt = keytypes; kt->type != -1; kt++) {
@@ -3254,7 +3262,7 @@ index c9f04cd..558bbbe 100644
                 if ((certs_only && !kt->cert) || (plain_only && kt->cert))
                         continue;
 diff --git a/sshkey.h b/sshkey.h
-index 8c3d866..e0caa37 100644
+index f3936384..7eb2a139 100644
 --- a/sshkey.h
 +++ b/sshkey.h
 @@ -62,6 +62,7 @@ enum sshkey_types {
diff --git a/debian/patches/helpful-wait-terminate.patch b/debian/patches/helpful-wait-terminate.patch
deleted file mode 100644
index a990ca1ea..000000000
--- a/debian/patches/helpful-wait-terminate.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From 173d65e72989cba82502604da3f1336766c0cf0f Mon Sep 17 00:00:00 2001
-From: Matthew Vernon <matthew@debian.org>
-Date: Sun, 9 Feb 2014 16:09:56 +0000
-Subject: Mention ~& when waiting for forwarded connections to terminate
-
-Bug-Debian: http://bugs.debian.org/50308
-Last-Update: 2010-02-27
-
-Patch-Name: helpful-wait-terminate.patch
----
- serverloop.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/serverloop.c b/serverloop.c
-index 3563e5d..c4e1d1d 100644
---- a/serverloop.c
-+++ b/serverloop.c
-@@ -687,7 +687,7 @@ server_loop(pid_t pid, int fdin_arg, int fdout_arg, int fderr_arg)
-                        if (!channel_still_open())
-                                break;
-                        if (!waiting_termination) {
--                               const char *s = "Waiting for forwarded connections to terminate...\r\n";
-+                               const char *s = "Waiting for forwarded connections to terminate... (press ~& to background)\r\n";
-                                char *cp;
-                                waiting_termination = 1;
-                                buffer_append(&stderr_buffer, s, strlen(s));
diff --git a/debian/patches/keepalive-extensions.patch b/debian/patches/keepalive-extensions.patch
index 14ab7d34f..11378586d 100644
--- a/debian/patches/keepalive-extensions.patch
+++ b/debian/patches/keepalive-extensions.patch
@@ -1,4 +1,4 @@
-From 67c34f23edbcd0f39ebc2aadae9d33950bd1f98a Mon Sep 17 00:00:00 2001
+From 8f60ff6d23d4a1f8c347cf4b95267e00116f74fa Mon Sep 17 00:00:00 2001
 From: Richard Kettlewell <rjk@greenend.org.uk>
 Date: Sun, 9 Feb 2014 16:09:52 +0000
 Subject: Various keepalive extensions
@@ -26,7 +26,7 @@ Patch-Name: keepalive-extensions.patch
  3 files changed, 34 insertions(+), 4 deletions(-)
 
 diff --git a/readconf.c b/readconf.c
-index c0b7822..3a6c67b 100644
+index c1c3aae0..3efba242 100644
 --- a/readconf.c
 +++ b/readconf.c
 @@ -173,6 +173,7 @@ typedef enum {
@@ -46,7 +46,7 @@ index c0b7822..3a6c67b 100644
  
         { NULL, oBadOption }
  };
-@@ -1403,6 +1406,8 @@ parse_keytypes:
+@@ -1402,6 +1405,8 @@ parse_keytypes:
                 goto parse_flag;
  
         case oServerAliveInterval:
@@ -55,7 +55,7 @@ index c0b7822..3a6c67b 100644
                 intptr = &options->server_alive_interval;
                 goto parse_time;
  
-@@ -2048,8 +2053,13 @@ fill_default_options(Options * options)
+@@ -2047,8 +2052,13 @@ fill_default_options(Options * options)
                 options->rekey_interval = 0;
         if (options->verify_host_key_dns == -1)
                 options->verify_host_key_dns = 0;
@@ -72,12 +72,12 @@ index c0b7822..3a6c67b 100644
                 options->server_alive_count_max = 3;
         if (options->control_master == -1)
 diff --git a/ssh_config.5 b/ssh_config.5
-index 707d0e1..efc265a 100644
+index a7703fc7..32fd100d 100644
 --- a/ssh_config.5
 +++ b/ssh_config.5
-@@ -268,8 +268,12 @@ The default is
+@@ -250,8 +250,12 @@ Valid arguments are
  If set to
- .Dq yes ,
+ .Cm yes ,
  passphrase/password querying will be disabled.
 +In addition, the
 +.Cm ServerAliveInterval
@@ -87,9 +87,9 @@ index 707d0e1..efc265a 100644
 +is present to supply the password,
 +and where it is desirable to detect a broken network swiftly.
  The argument must be
- .Dq yes
+ .Cm yes
  or
-@@ -1624,7 +1628,14 @@ from the server,
+@@ -1485,7 +1489,14 @@ from the server,
  will send a message through the encrypted
  channel to request a response from the server.
  The default
@@ -105,7 +105,7 @@ index 707d0e1..efc265a 100644
  .It Cm StreamLocalBindMask
  Sets the octal file creation mode mask
  .Pq umask
-@@ -1690,6 +1701,12 @@ Specifies whether the system should send TCP keepalive messages to the
+@@ -1544,6 +1555,12 @@ Specifies whether the system should send TCP keepalive messages to the
  other side.
  If they are sent, death of the connection or crash of one
  of the machines will be properly noticed.
@@ -119,13 +119,13 @@ index 707d0e1..efc265a 100644
  connections will die if the route is down temporarily, and some people
  find it annoying.
 diff --git a/sshd_config.5 b/sshd_config.5
-index 3b4cba9..e05cdbe 100644
+index dd765b39..283ba889 100644
 --- a/sshd_config.5
 +++ b/sshd_config.5
-@@ -1530,6 +1530,9 @@ This avoids infinitely hanging sessions.
+@@ -1427,6 +1427,9 @@ This avoids infinitely hanging sessions.
  .Pp
  To disable TCP keepalive messages, the value should be set to
- .Dq no .
+ .Cm no .
 +.Pp
 +This option was formerly called
 +.Cm KeepAlive .
diff --git a/debian/patches/mention-ssh-keygen-on-keychange.patch b/debian/patches/mention-ssh-keygen-on-keychange.patch
index 12dbaf853..943fc901d 100644
--- a/debian/patches/mention-ssh-keygen-on-keychange.patch
+++ b/debian/patches/mention-ssh-keygen-on-keychange.patch
@@ -1,4 +1,4 @@
-From 6a1979d97fbde734a745b5123130fed669bfb145 Mon Sep 17 00:00:00 2001
+From e39bf0e814394fb5a14094b651f3bf9ddec0a782 Mon Sep 17 00:00:00 2001
 From: Scott Moser <smoser@ubuntu.com>
 Date: Sun, 9 Feb 2014 16:10:03 +0000
 Subject: Mention ssh-keygen in ssh fingerprint changed warning
@@ -13,10 +13,10 @@ Patch-Name: mention-ssh-keygen-on-keychange.patch
  1 file changed, 7 insertions(+), 1 deletion(-)
 
 diff --git a/sshconnect.c b/sshconnect.c
-index 8b8e760..fd67727 100644
+index 698a0711..1cc556e8 100644
 --- a/sshconnect.c
 +++ b/sshconnect.c
-@@ -1081,9 +1081,13 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
+@@ -1080,9 +1080,13 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
                         error("%s. This could either mean that", key_msg);
                         error("DNS SPOOFING is happening or the IP address for the host");
                         error("and its host key have changed at the same time.");
@@ -31,7 +31,7 @@ index 8b8e760..fd67727 100644
                 }
                 /* The host key has changed. */
                 warn_changed_key(host_key);
-@@ -1091,6 +1095,8 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
+@@ -1090,6 +1094,8 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
                     user_hostfiles[0]);
                 error("Offending %s key in %s:%lu", key_type(host_found->key),
                     host_found->file, host_found->line);
diff --git a/debian/patches/no-openssl-version-status.patch b/debian/patches/no-openssl-version-status.patch
index 8503c5854..682455fe9 100644
--- a/debian/patches/no-openssl-version-status.patch
+++ b/debian/patches/no-openssl-version-status.patch
@@ -1,4 +1,4 @@
-From e7d4050d9077603c20a93bdfd6b99cd419d69f1c Mon Sep 17 00:00:00 2001
+From 27710ce6deb6e9a820235ac44dd82333ab330047 Mon Sep 17 00:00:00 2001
 From: Kurt Roeckx <kurt@roeckx.be>
 Date: Sun, 9 Feb 2014 16:10:14 +0000
 Subject: Don't check the status field of the OpenSSL version
@@ -23,10 +23,10 @@ Patch-Name: no-openssl-version-status.patch
  2 files changed, 4 insertions(+), 3 deletions(-)
 
 diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c
-index 63a660c..3f62403 100644
+index 259fccbe..aaa953f2 100644
 --- a/openbsd-compat/openssl-compat.c
 +++ b/openbsd-compat/openssl-compat.c
-@@ -36,7 +36,7 @@
+@@ -34,7 +34,7 @@
  /*
   * OpenSSL version numbers: MNNFFPPS: major minor fix patch status
   * We match major, minor, fix and status (not patch) for <1.0.0.
@@ -35,9 +35,9 @@ index 63a660c..3f62403 100644
   * allow 1.0.1 to work with 1.0.0). Going backwards is only allowed
   * within a patch series.
   */
-@@ -57,10 +57,10 @@ ssh_compatible_openssl(long headerver, long libver)
+@@ -55,10 +55,10 @@ ssh_compatible_openssl(long headerver, long libver)
         }
-        
+ 
         /*
 -        * For versions >= 1.0.0, major,minor,status must match and library
 +        * For versions >= 1.0.0, major,minor must match and library
@@ -49,7 +49,7 @@ index 63a660c..3f62403 100644
         lfix = (libver & 0x000ff000) >> 12;
         if ( (headerver & mask) == (libver & mask) && lfix >= hfix)
 diff --git a/openbsd-compat/regress/opensslvertest.c b/openbsd-compat/regress/opensslvertest.c
-index 5d019b5..5847487 100644
+index 5d019b59..58474873 100644
 --- a/openbsd-compat/regress/opensslvertest.c
 +++ b/openbsd-compat/regress/opensslvertest.c
 @@ -35,6 +35,7 @@ struct version_test {
diff --git a/debian/patches/openbsd-docs.patch b/debian/patches/openbsd-docs.patch
index 771e77216..5a6428a16 100644
--- a/debian/patches/openbsd-docs.patch
+++ b/debian/patches/openbsd-docs.patch
@@ -1,4 +1,4 @@
-From ab7ae820a882c8a51b06ec0b3522813b4e90eeff Mon Sep 17 00:00:00 2001
+From 57a5ec3553730b373c96e8457815c42733304427 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:09 +0000
 Subject: Adjust various OpenBSD-specific references in manual pages
@@ -22,7 +22,7 @@ Patch-Name: openbsd-docs.patch
  5 files changed, 13 insertions(+), 15 deletions(-)
 
 diff --git a/moduli.5 b/moduli.5
-index ef0de08..149846c 100644
+index ef0de085..149846c8 100644
 --- a/moduli.5
 +++ b/moduli.5
 @@ -21,7 +21,7 @@
@@ -44,7 +44,7 @@ index ef0de08..149846c 100644
  .Sh SEE ALSO
  .Xr ssh-keygen 1 ,
 diff --git a/ssh-keygen.1 b/ssh-keygen.1
-index ce2213c..01711df 100644
+index ce2213c7..01711dff 100644
 --- a/ssh-keygen.1
 +++ b/ssh-keygen.1
 @@ -178,9 +178,7 @@ key in
@@ -88,7 +88,7 @@ index ce2213c..01711df 100644
  The file format is described in
  .Xr moduli 5 .
 diff --git a/ssh.1 b/ssh.1
-index feef81a..b1f128c 100644
+index feef81a5..b1f128c2 100644
 --- a/ssh.1
 +++ b/ssh.1
 @@ -877,6 +877,10 @@ implements public key authentication protocol automatically,
@@ -103,10 +103,10 @@ index feef81a..b1f128c 100644
  .Pp
  The file
 diff --git a/sshd.8 b/sshd.8
-index 589841f..58eefe9 100644
+index c6784602..e6915141 100644
 --- a/sshd.8
 +++ b/sshd.8
-@@ -67,7 +67,7 @@ over an insecure network.
+@@ -65,7 +65,7 @@ over an insecure network.
  .Nm
  listens for connections from clients.
  It is normally started at boot from
@@ -115,7 +115,7 @@ index 589841f..58eefe9 100644
  It forks a new
  daemon for each incoming connection.
  The forked daemons handle
-@@ -891,7 +891,7 @@ This file is for host-based authentication (see
+@@ -836,7 +836,7 @@ This file is for host-based authentication (see
  .Xr ssh 1 ) .
  It should only be writable by root.
  .Pp
@@ -124,7 +124,7 @@ index 589841f..58eefe9 100644
  Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange"
  key exchange method.
  The file format is described in
-@@ -993,7 +993,6 @@ The content of this file is not sensitive; it can be world-readable.
+@@ -936,7 +936,6 @@ The content of this file is not sensitive; it can be world-readable.
  .Xr ssh-keyscan 1 ,
  .Xr chroot 2 ,
  .Xr hosts_access 5 ,
@@ -133,10 +133,10 @@ index 589841f..58eefe9 100644
  .Xr sshd_config 5 ,
  .Xr inetd 8 ,
 diff --git a/sshd_config.5 b/sshd_config.5
-index ac9b1f0..b2b349e 100644
+index 4ea0a9c3..e45a8937 100644
 --- a/sshd_config.5
 +++ b/sshd_config.5
-@@ -382,8 +382,7 @@ then no banner is displayed.
+@@ -372,8 +372,7 @@ then no banner is displayed.
  By default, no banner is displayed.
  .It Cm ChallengeResponseAuthentication
  Specifies whether challenge-response authentication is allowed (e.g. via
@@ -144,5 +144,5 @@ index ac9b1f0..b2b349e 100644
 -.Xr login.conf 5 )
 +PAM).
  The default is
- .Dq yes .
+ .Cm yes .
  .It Cm ChrootDirectory
diff --git a/debian/patches/package-versioning.patch b/debian/patches/package-versioning.patch
index efc629b71..7b14bcc09 100644
--- a/debian/patches/package-versioning.patch
+++ b/debian/patches/package-versioning.patch
@@ -1,4 +1,4 @@
-From c8105413361d3c97b6a2f72c9f1c85da830bed2c Mon Sep 17 00:00:00 2001
+From cdce59c8c54d6d19ca0aa86cb4a62f6df94c7245 Mon Sep 17 00:00:00 2001
 From: Matthew Vernon <matthew@debian.org>
 Date: Sun, 9 Feb 2014 16:10:05 +0000
 Subject: Include the Debian version in our identification
@@ -19,10 +19,10 @@ Patch-Name: package-versioning.patch
  3 files changed, 9 insertions(+), 4 deletions(-)
 
 diff --git a/sshconnect.c b/sshconnect.c
-index fd67727..07dfc9d 100644
+index 1cc556e8..c64c51bb 100644
 --- a/sshconnect.c
 +++ b/sshconnect.c
-@@ -527,10 +527,10 @@ send_client_banner(int connection_out, int minor1)
+@@ -526,10 +526,10 @@ send_client_banner(int connection_out, int minor1)
         /* Send our own protocol version identification. */
         if (compat20) {
                 xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n",
@@ -36,24 +36,24 @@ index fd67727..07dfc9d 100644
         if (atomicio(vwrite, connection_out, client_version_string,
             strlen(client_version_string)) != strlen(client_version_string))
 diff --git a/sshd.c b/sshd.c
-index 76306da..e873557 100644
+index 5a3f796d..39e4699c 100644
 --- a/sshd.c
 +++ b/sshd.c
-@@ -443,7 +443,7 @@ sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out)
-        }
+@@ -378,7 +378,7 @@ sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out)
+        char remote_version[256];       /* Must be at least as big as buf. */
  
         xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s",
--           major, minor, SSH_VERSION,
-+           major, minor, SSH_RELEASE,
+-           PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION,
++           PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE,
             *options.version_addendum == '\0' ? "" : " ",
             options.version_addendum, newline);
  
 diff --git a/version.h b/version.h
-index 617ab62..fb81655 100644
+index 269ebcda..850a2f7d 100644
 --- a/version.h
 +++ b/version.h
 @@ -3,4 +3,9 @@
- #define SSH_VERSION    "OpenSSH_7.3"
+ #define SSH_VERSION    "OpenSSH_7.4"
  
  #define SSH_PORTABLE   "p1"
 -#define SSH_RELEASE    SSH_VERSION SSH_PORTABLE
diff --git a/debian/patches/quieter-signals.patch b/debian/patches/quieter-signals.patch
index 36c366d95..49f1daf1c 100644
--- a/debian/patches/quieter-signals.patch
+++ b/debian/patches/quieter-signals.patch
@@ -1,4 +1,4 @@
-From 8eeec10866f78acd021824225e9d62e4a18fc2c3 Mon Sep 17 00:00:00 2001
+From 7083ae25ccce8bbdad40e7c7500f69f2c0cbce34 Mon Sep 17 00:00:00 2001
 From: Peter Samuelson <peter@p12n.org>
 Date: Sun, 9 Feb 2014 16:09:55 +0000
 Subject: Reduce severity of "Killed by signal %d"
@@ -22,10 +22,10 @@ Patch-Name: quieter-signals.patch
  1 file changed, 4 insertions(+), 2 deletions(-)
 
 diff --git a/clientloop.c b/clientloop.c
-index 421241f..e5cc3f8 100644
+index 99c68b69..5876cc9a 100644
 --- a/clientloop.c
 +++ b/clientloop.c
-@@ -1757,8 +1757,10 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
+@@ -1755,8 +1755,10 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
                 exit_status = 0;
         }
  
diff --git a/debian/patches/restore-tcp-wrappers.patch b/debian/patches/restore-tcp-wrappers.patch
index bf3a575ad..e41b99d6e 100644
--- a/debian/patches/restore-tcp-wrappers.patch
+++ b/debian/patches/restore-tcp-wrappers.patch
@@ -1,4 +1,4 @@
-From c027de5eb3e6cb1718990841c2a9cbc89fd53151 Mon Sep 17 00:00:00 2001
+From 6a15c9b672c5833f21ed7e0cea3a25dd8de966c4 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Tue, 7 Oct 2014 13:22:41 +0100
 Subject: Restore TCP wrappers support
@@ -28,10 +28,10 @@ Patch-Name: restore-tcp-wrappers.patch
  3 files changed, 89 insertions(+)
 
 diff --git a/configure.ac b/configure.ac
-index 894ec3b..f822fb3 100644
+index 5fdc696c..4747ce4a 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -1510,6 +1510,62 @@ AC_ARG_WITH([skey],
+@@ -1491,6 +1491,62 @@ AC_ARG_WITH([skey],
         ]
  )
  
@@ -94,7 +94,7 @@ index 894ec3b..f822fb3 100644
  # Check whether user wants to use ldns
  LDNS_MSG="no"
  AC_ARG_WITH(ldns,
-@@ -5059,6 +5115,7 @@ echo "                 KerberosV support: $KRB5_MSG"
+@@ -5105,6 +5161,7 @@ echo "                 KerberosV support: $KRB5_MSG"
  echo "                   SELinux support: $SELINUX_MSG"
  echo "                 Smartcard support: $SCARD_MSG"
  echo "                     S/KEY support: $SKEY_MSG"
@@ -103,10 +103,10 @@ index 894ec3b..f822fb3 100644
  echo "                   libedit support: $LIBEDIT_MSG"
  echo "  Solaris process contract support: $SPC_MSG"
 diff --git a/sshd.8 b/sshd.8
-index 6c521f2..589841f 100644
+index 41fc5051..c6784602 100644
 --- a/sshd.8
 +++ b/sshd.8
-@@ -880,6 +880,12 @@ the user's home directory becomes accessible.
+@@ -825,6 +825,12 @@ the user's home directory becomes accessible.
  This file should be writable only by the user, and need not be
  readable by anyone else.
  .Pp
@@ -119,7 +119,7 @@ index 6c521f2..589841f 100644
  .It Pa /etc/hosts.equiv
  This file is for host-based authentication (see
  .Xr ssh 1 ) .
-@@ -986,6 +992,7 @@ The content of this file is not sensitive; it can be world-readable.
+@@ -929,6 +935,7 @@ The content of this file is not sensitive; it can be world-readable.
  .Xr ssh-keygen 1 ,
  .Xr ssh-keyscan 1 ,
  .Xr chroot 2 ,
@@ -128,10 +128,10 @@ index 6c521f2..589841f 100644
  .Xr moduli 5 ,
  .Xr sshd_config 5 ,
 diff --git a/sshd.c b/sshd.c
-index ebb88c7..982e545 100644
+index ec2cf976..4f791b92 100644
 --- a/sshd.c
 +++ b/sshd.c
-@@ -129,6 +129,13 @@
+@@ -127,6 +127,13 @@
  #include <Security/AuthSession.h>
  #endif
  
@@ -142,10 +142,10 @@ index ebb88c7..982e545 100644
 +int deny_severity;
 +#endif /* LIBWRAP */
 +
- #ifndef O_NOCTTY
- #define O_NOCTTY       0
- #endif
-@@ -2207,6 +2214,24 @@ main(int ac, char **av)
+ /* Re-exec fds */
+ #define REEXEC_DEVCRYPTO_RESERVED_FD   (STDERR_FILENO + 1)
+ #define REEXEC_STARTUP_PIPE_FD         (STDERR_FILENO + 2)
+@@ -1978,6 +1985,24 @@ main(int ac, char **av)
  #ifdef SSH_AUDIT_EVENTS
         audit_connection_from(remote_ip, remote_port);
  #endif
diff --git a/debian/patches/scp-quoting.patch b/debian/patches/scp-quoting.patch
index 2efc40e07..8e426db77 100644
--- a/debian/patches/scp-quoting.patch
+++ b/debian/patches/scp-quoting.patch
@@ -1,4 +1,4 @@
-From 119936d7b64829f81cbc84c2e81bf23373c6ed37 Mon Sep 17 00:00:00 2001
+From 43205c71be413d2225ce3ea5cf81d79afd420b81 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Nicolas=20Valc=C3=A1rcel?= <nvalcarcel@ubuntu.com>
 Date: Sun, 9 Feb 2014 16:09:59 +0000
 Subject: Adjust scp quoting in verbose mode
@@ -17,10 +17,10 @@ Patch-Name: scp-quoting.patch
  1 file changed, 10 insertions(+), 2 deletions(-)
 
 diff --git a/scp.c b/scp.c
-index 43ca3fa..4a7f73a 100644
+index b4db8519..18c27720 100644
 --- a/scp.c
 +++ b/scp.c
-@@ -192,8 +192,16 @@ do_local_cmd(arglist *a)
+@@ -191,8 +191,16 @@ do_local_cmd(arglist *a)
  
         if (verbose_mode) {
                 fprintf(stderr, "Executing:");
diff --git a/debian/patches/selinux-role.patch b/debian/patches/selinux-role.patch
index bcb61480d..9ab9394b3 100644
--- a/debian/patches/selinux-role.patch
+++ b/debian/patches/selinux-role.patch
@@ -1,4 +1,4 @@
-From 7a7851c903e5dbb58a85014deb2c88cb718068c9 Mon Sep 17 00:00:00 2001
+From 5e4ebd6472d995738a2c67d618c4bd1ee2c00968 Mon Sep 17 00:00:00 2001
 From: Manoj Srivastava <srivasta@debian.org>
 Date: Sun, 9 Feb 2014 16:09:49 +0000
 Subject: Handle SELinux authorisation roles
@@ -14,7 +14,6 @@ Last-Update: 2015-08-19
 Patch-Name: selinux-role.patch
 ---
  auth.h                      |  1 +
- auth1.c                     |  8 +++++++-
  auth2.c                     | 10 ++++++++--
  monitor.c                   | 32 +++++++++++++++++++++++++++++---
  monitor.h                   |  2 ++
@@ -29,10 +28,10 @@ Patch-Name: selinux-role.patch
  sshd.c                      |  2 +-
  sshpty.c                    |  4 ++--
  sshpty.h                    |  2 +-
- 16 files changed, 104 insertions(+), 31 deletions(-)
+ 15 files changed, 97 insertions(+), 30 deletions(-)
 
 diff --git a/auth.h b/auth.h
-index 55170af..50baeaa 100644
+index 338a62da..8c658d16 100644
 --- a/auth.h
 +++ b/auth.h
 @@ -62,6 +62,7 @@ struct Authctxt {
@@ -43,39 +42,8 @@ index 55170af..50baeaa 100644
         void            *kbdintctxt;
         char            *info;          /* Extra info for next auth_log */
  #ifdef BSD_AUTH
-diff --git a/auth1.c b/auth1.c
-index 5073c49..dd00648 100644
---- a/auth1.c
-+++ b/auth1.c
-@@ -383,7 +383,7 @@ void
- do_authentication(Authctxt *authctxt)
- {
-        u_int ulen;
--       char *user, *style = NULL;
-+       char *user, *style = NULL, *role = NULL;
- 
-        /* Get the name of the user that we wish to log in as. */
-        packet_read_expect(SSH_CMSG_USER);
-@@ -392,11 +392,17 @@ do_authentication(Authctxt *authctxt)
-        user = packet_get_cstring(&ulen);
-        packet_check_eom();
- 
-+       if ((role = strchr(user, '/')) != NULL)
-+               *role++ = '\0';
-+
-        if ((style = strchr(user, ':')) != NULL)
-                *style++ = '\0';
-+       else if (role && (style = strchr(role, ':')) != NULL)
-+               *style++ = '\0';
- 
-        authctxt->user = user;
-        authctxt->style = style;
-+       authctxt->role = role;
- 
-        /* Verify that the user is a valid user. */
-        if ((authctxt->pw = PRIVSEP(getpwnamallow(user))) != NULL)
 diff --git a/auth2.c b/auth2.c
-index ce0d376..461311b 100644
+index ce0d3760..461311bd 100644
 --- a/auth2.c
 +++ b/auth2.c
 @@ -216,7 +216,7 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
@@ -113,10 +81,10 @@ index ce0d376..461311b 100644
                 if (auth2_setup_methods_lists(authctxt) != 0)
                         packet_disconnect("no authentication methods enabled");
 diff --git a/monitor.c b/monitor.c
-index 05bb48a..e91054e 100644
+index 76d9e346..64286a12 100644
 --- a/monitor.c
 +++ b/monitor.c
-@@ -128,6 +128,7 @@ int mm_answer_sign(int, Buffer *);
+@@ -127,6 +127,7 @@ int mm_answer_sign(int, Buffer *);
  int mm_answer_pwnamallow(int, Buffer *);
  int mm_answer_auth2_read_banner(int, Buffer *);
  int mm_answer_authserv(int, Buffer *);
@@ -124,7 +92,7 @@ index 05bb48a..e91054e 100644
  int mm_answer_authpassword(int, Buffer *);
  int mm_answer_bsdauthquery(int, Buffer *);
  int mm_answer_bsdauthrespond(int, Buffer *);
-@@ -209,6 +210,7 @@ struct mon_table mon_dispatch_proto20[] = {
+@@ -204,6 +205,7 @@ struct mon_table mon_dispatch_proto20[] = {
      {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign},
      {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},
      {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv},
@@ -132,15 +100,15 @@ index 05bb48a..e91054e 100644
      {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner},
      {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
  #ifdef USE_PAM
-@@ -880,6 +882,7 @@ mm_answer_pwnamallow(int sock, Buffer *m)
-        else {
-                /* Allow service/style information on the auth context */
-                monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1);
-+               monitor_permit(mon_dispatch, MONITOR_REQ_AUTHROLE, 1);
-                monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1);
-        }
+@@ -786,6 +788,7 @@ mm_answer_pwnamallow(int sock, Buffer *m)
+ 
+        /* Allow service/style information on the auth context */
+        monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1);
++       monitor_permit(mon_dispatch, MONITOR_REQ_AUTHROLE, 1);
+        monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1);
+ 
  #ifdef USE_PAM
-@@ -910,14 +913,37 @@ mm_answer_authserv(int sock, Buffer *m)
+@@ -816,14 +819,37 @@ mm_answer_authserv(int sock, Buffer *m)
  
         authctxt->service = buffer_get_string(m, NULL);
         authctxt->style = buffer_get_string(m, NULL);
@@ -180,7 +148,7 @@ index 05bb48a..e91054e 100644
         return (0);
  }
  
-@@ -1553,7 +1579,7 @@ mm_answer_pty(int sock, Buffer *m)
+@@ -1458,7 +1484,7 @@ mm_answer_pty(int sock, Buffer *m)
         res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty));
         if (res == 0)
                 goto error;
@@ -190,7 +158,7 @@ index 05bb48a..e91054e 100644
         buffer_put_int(m, 1);
         buffer_put_cstring(m, s->tty);
 diff --git a/monitor.h b/monitor.h
-index bc50ade..2d82b8b 100644
+index ec41404c..4c7955d7 100644
 --- a/monitor.h
 +++ b/monitor.h
 @@ -68,6 +68,8 @@ enum monitor_reqtype {
@@ -201,12 +169,12 @@ index bc50ade..2d82b8b 100644
 +
  };
  
- struct mm_master;
+ struct monitor {
 diff --git a/monitor_wrap.c b/monitor_wrap.c
-index 5a9f1b5..11e3a69 100644
+index d5cb640a..2ff8064a 100644
 --- a/monitor_wrap.c
 +++ b/monitor_wrap.c
-@@ -328,10 +328,10 @@ mm_auth2_read_banner(void)
+@@ -327,10 +327,10 @@ mm_auth2_read_banner(void)
         return (banner);
  }
  
@@ -219,7 +187,7 @@ index 5a9f1b5..11e3a69 100644
  {
         Buffer m;
  
-@@ -340,12 +340,30 @@ mm_inform_authserv(char *service, char *style)
+@@ -339,12 +339,30 @@ mm_inform_authserv(char *service, char *style)
         buffer_init(&m);
         buffer_put_cstring(&m, service);
         buffer_put_cstring(&m, style ? style : "");
@@ -251,7 +219,7 @@ index 5a9f1b5..11e3a69 100644
  int
  mm_auth_password(Authctxt *authctxt, char *password)
 diff --git a/monitor_wrap.h b/monitor_wrap.h
-index b5414c2..d5b3334 100644
+index 8f9dd896..3e75867c 100644
 --- a/monitor_wrap.h
 +++ b/monitor_wrap.h
 @@ -41,7 +41,8 @@ void mm_log_handler(LogLevel, const char *, void *);
@@ -265,10 +233,10 @@ index b5414c2..d5b3334 100644
  char *mm_auth2_read_banner(void);
  int mm_auth_password(struct Authctxt *, char *);
 diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c
-index f36999d..f9cdc15 100644
+index e4c5d1b7..e26faf08 100644
 --- a/openbsd-compat/port-linux.c
 +++ b/openbsd-compat/port-linux.c
-@@ -29,6 +29,12 @@
+@@ -27,6 +27,12 @@
  #include <string.h>
  #include <stdio.h>
  
@@ -281,7 +249,7 @@ index f36999d..f9cdc15 100644
  #include "log.h"
  #include "xmalloc.h"
  #include "port-linux.h"
-@@ -58,7 +64,7 @@ ssh_selinux_enabled(void)
+@@ -56,7 +62,7 @@ ssh_selinux_enabled(void)
  
  /* Return the default security context for the given username */
  static security_context_t
@@ -290,7 +258,7 @@ index f36999d..f9cdc15 100644
  {
         security_context_t sc = NULL;
         char *sename = NULL, *lvl = NULL;
-@@ -73,9 +79,16 @@ ssh_selinux_getctxbyname(char *pwname)
+@@ -71,9 +77,16 @@ ssh_selinux_getctxbyname(char *pwname)
  #endif
  
  #ifdef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL
@@ -309,7 +277,7 @@ index f36999d..f9cdc15 100644
  #endif
  
         if (r != 0) {
-@@ -105,7 +118,7 @@ ssh_selinux_getctxbyname(char *pwname)
+@@ -103,7 +116,7 @@ ssh_selinux_getctxbyname(char *pwname)
  
  /* Set the execution context to the default for the specified user */
  void
@@ -318,7 +286,7 @@ index f36999d..f9cdc15 100644
  {
         security_context_t user_ctx = NULL;
  
-@@ -114,7 +127,7 @@ ssh_selinux_setup_exec_context(char *pwname)
+@@ -112,7 +125,7 @@ ssh_selinux_setup_exec_context(char *pwname)
  
         debug3("%s: setting execution context", __func__);
  
@@ -327,7 +295,7 @@ index f36999d..f9cdc15 100644
         if (setexeccon(user_ctx) != 0) {
                 switch (security_getenforce()) {
                 case -1:
-@@ -136,7 +149,7 @@ ssh_selinux_setup_exec_context(char *pwname)
+@@ -134,7 +147,7 @@ ssh_selinux_setup_exec_context(char *pwname)
  
  /* Set the TTY context for the specified user */
  void
@@ -336,7 +304,7 @@ index f36999d..f9cdc15 100644
  {
         security_context_t new_tty_ctx = NULL;
         security_context_t user_ctx = NULL;
-@@ -147,7 +160,7 @@ ssh_selinux_setup_pty(char *pwname, const char *tty)
+@@ -145,7 +158,7 @@ ssh_selinux_setup_pty(char *pwname, const char *tty)
  
         debug3("%s: setting TTY context on %s", __func__, tty);
  
@@ -346,10 +314,10 @@ index f36999d..f9cdc15 100644
         /* XXX: should these calls fatal() upon failure in enforcing mode? */
  
 diff --git a/openbsd-compat/port-linux.h b/openbsd-compat/port-linux.h
-index e3d1004..80ce13a 100644
+index 3c22a854..c8812942 100644
 --- a/openbsd-compat/port-linux.h
 +++ b/openbsd-compat/port-linux.h
-@@ -21,8 +21,8 @@
+@@ -19,8 +19,8 @@
  
  #ifdef WITH_SELINUX
  int ssh_selinux_enabled(void);
@@ -361,10 +329,10 @@ index e3d1004..80ce13a 100644
  void ssh_selinux_setfscreatecon(const char *);
  #endif
 diff --git a/platform.c b/platform.c
-index acf8554..4831706 100644
+index 973a63e4..cd7bf566 100644
 --- a/platform.c
 +++ b/platform.c
-@@ -145,7 +145,7 @@ platform_setusercontext(struct passwd *pw)
+@@ -143,7 +143,7 @@ platform_setusercontext(struct passwd *pw)
   * called if sshd is running as root.
   */
  void
@@ -373,7 +341,7 @@ index acf8554..4831706 100644
  {
  #if !defined(HAVE_LOGIN_CAP) && defined(USE_PAM)
         /*
-@@ -186,7 +186,7 @@ platform_setusercontext_post_groups(struct passwd *pw)
+@@ -184,7 +184,7 @@ platform_setusercontext_post_groups(struct passwd *pw)
         }
  #endif /* HAVE_SETPCRED */
  #ifdef WITH_SELINUX
@@ -383,10 +351,10 @@ index acf8554..4831706 100644
  }
  
 diff --git a/platform.h b/platform.h
-index e97ecd9..5b72304 100644
+index ea4f9c58..60d72ffe 100644
 --- a/platform.h
 +++ b/platform.h
-@@ -27,7 +27,7 @@ void platform_post_fork_parent(pid_t child_pid);
+@@ -25,7 +25,7 @@ void platform_post_fork_parent(pid_t child_pid);
  void platform_post_fork_child(void);
  int  platform_privileged_uidswap(void);
  void platform_setusercontext(struct passwd *);
@@ -396,10 +364,10 @@ index e97ecd9..5b72304 100644
  char *platform_krb5_get_principal_name(const char *);
  int platform_sys_dir_uid(uid_t);
 diff --git a/session.c b/session.c
-index 2235f26..6dfcf84 100644
+index a08aa69d..ea3871eb 100644
 --- a/session.c
 +++ b/session.c
-@@ -1517,7 +1517,7 @@ safely_chroot(const char *path, uid_t uid)
+@@ -1325,7 +1325,7 @@ safely_chroot(const char *path, uid_t uid)
  
  /* Set login name, uid, gid, and groups. */
  void
@@ -408,7 +376,7 @@ index 2235f26..6dfcf84 100644
  {
         char *chroot_path, *tmp;
  
-@@ -1545,7 +1545,7 @@ do_setusercontext(struct passwd *pw)
+@@ -1353,7 +1353,7 @@ do_setusercontext(struct passwd *pw)
                 endgrent();
  #endif
  
@@ -417,7 +385,7 @@ index 2235f26..6dfcf84 100644
  
                 if (!in_chroot && options.chroot_directory != NULL &&
                     strcasecmp(options.chroot_directory, "none") != 0) {
-@@ -1703,7 +1703,7 @@ do_child(Session *s, const char *command)
+@@ -1489,7 +1489,7 @@ do_child(Session *s, const char *command)
  
         /* Force a password change */
         if (s->authctxt->force_pwchange) {
@@ -426,16 +394,16 @@ index 2235f26..6dfcf84 100644
                 child_close_fds();
                 do_pwchange(s);
                 exit(1);
-@@ -1730,7 +1730,7 @@ do_child(Session *s, const char *command)
-                /* When PAM is enabled we rely on it to do the nologin check */
-                if (!options.use_pam)
-                        do_nologin(pw);
--               do_setusercontext(pw);
-+               do_setusercontext(pw, s->authctxt->role);
-                /*
-                 * PAM session modules in do_setusercontext may have
-                 * generated messages, so if this in an interactive
-@@ -2141,7 +2141,7 @@ session_pty_req(Session *s)
+@@ -1511,7 +1511,7 @@ do_child(Session *s, const char *command)
+        /* When PAM is enabled we rely on it to do the nologin check */
+        if (!options.use_pam)
+                do_nologin(pw);
+-       do_setusercontext(pw);
++       do_setusercontext(pw, s->authctxt->role);
+        /*
+         * PAM session modules in do_setusercontext may have
+         * generated messages, so if this in an interactive
+@@ -1903,7 +1903,7 @@ session_pty_req(Session *s)
         tty_parse_modes(s->ttyfd, &n_bytes);
  
         if (!use_privsep)
@@ -445,10 +413,10 @@ index 2235f26..6dfcf84 100644
         /* Set window size from the packet. */
         pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel);
 diff --git a/session.h b/session.h
-index f18eaf3..2b7d939 100644
+index 98e1dafe..0a31dce4 100644
 --- a/session.h
 +++ b/session.h
-@@ -77,7 +77,7 @@ void   session_pty_cleanup2(Session *);
+@@ -76,7 +76,7 @@ void   session_pty_cleanup2(Session *);
  Session        *session_new(void);
  Session        *session_by_tty(char *);
  void    session_close(Session *);
@@ -458,11 +426,11 @@ index f18eaf3..2b7d939 100644
                        const char *value);
  
 diff --git a/sshd.c b/sshd.c
-index 982e545..76306da 100644
+index 4f791b92..5a3f796d 100644
 --- a/sshd.c
 +++ b/sshd.c
-@@ -787,7 +787,7 @@ privsep_postauth(Authctxt *authctxt)
-        explicit_bzero(rnd, sizeof(rnd));
+@@ -678,7 +678,7 @@ privsep_postauth(Authctxt *authctxt)
+        reseed_prngs();
  
         /* Drop privileges */
 -       do_setusercontext(authctxt->pw);
@@ -471,7 +439,7 @@ index 982e545..76306da 100644
   skip:
         /* It is safe now to apply the key state */
 diff --git a/sshpty.c b/sshpty.c
-index 15da8c6..e89efb7 100644
+index fe2fb5aa..feb22b06 100644
 --- a/sshpty.c
 +++ b/sshpty.c
 @@ -187,7 +187,7 @@ pty_change_window_size(int ptyfd, u_int row, u_int col,
@@ -493,12 +461,13 @@ index 15da8c6..e89efb7 100644
  
         if (st.st_uid != pw->pw_uid || st.st_gid != gid) {
 diff --git a/sshpty.h b/sshpty.h
-index cfa3224..edf2436 100644
+index 9ec7e9a1..de7e000a 100644
 --- a/sshpty.h
 +++ b/sshpty.h
-@@ -24,4 +24,4 @@ int    pty_allocate(int *, int *, char *, size_t);
+@@ -24,5 +24,5 @@ int    pty_allocate(int *, int *, char *, size_t);
  void    pty_release(const char *);
  void    pty_make_controlling_tty(int *, const char *);
  void    pty_change_window_size(int, u_int, u_int, u_int, u_int);
 -void    pty_setowner(struct passwd *, const char *);
 +void    pty_setowner(struct passwd *, const char *, const char *);
+ void    disconnect_controlling_tty(void);
diff --git a/debian/patches/series b/debian/patches/series
index 8dfd83f16..f7dded322 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -5,7 +5,6 @@ ssh-vulnkey-compat.patch
 keepalive-extensions.patch
 syslog-level-silent.patch
 quieter-signals.patch
-helpful-wait-terminate.patch
 user-group-modes.patch
 scp-quoting.patch
 shell-path.patch
@@ -25,5 +24,3 @@ gnome-ssh-askpass2-icon.patch
 sigstop.patch
 systemd-readiness.patch
 debian-config.patch
-unregister-kexinit.patch
-fix-putty-interop-tests.patch
diff --git a/debian/patches/shell-path.patch b/debian/patches/shell-path.patch
index 506ba3f7a..82203e0d8 100644
--- a/debian/patches/shell-path.patch
+++ b/debian/patches/shell-path.patch
@@ -1,4 +1,4 @@
-From ac283605e244f9dab676b039986f137f86284291 Mon Sep 17 00:00:00 2001
+From f6973171005fc513fa25540a1561ca1128e488e1 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:00 +0000
 Subject: Look for $SHELL on the path for ProxyCommand/LocalCommand
@@ -16,10 +16,10 @@ Patch-Name: shell-path.patch
  1 file changed, 2 insertions(+), 2 deletions(-)
 
 diff --git a/sshconnect.c b/sshconnect.c
-index 356ec79..8b8e760 100644
+index 96b91ce1..698a0711 100644
 --- a/sshconnect.c
 +++ b/sshconnect.c
-@@ -232,7 +232,7 @@ ssh_proxy_connect(const char *host, u_short port, const char *proxy_command)
+@@ -231,7 +231,7 @@ ssh_proxy_connect(const char *host, u_short port, const char *proxy_command)
                 /* Execute the proxy command.  Note that we gave up any
                    extra privileges above. */
                 signal(SIGPIPE, SIG_DFL);
@@ -28,7 +28,7 @@ index 356ec79..8b8e760 100644
                 perror(argv[0]);
                 exit(1);
         }
-@@ -1499,7 +1499,7 @@ ssh_local_cmd(const char *args)
+@@ -1498,7 +1498,7 @@ ssh_local_cmd(const char *args)
         if (pid == 0) {
                 signal(SIGPIPE, SIG_DFL);
                 debug3("Executing %s -c \"%s\"", shell, args);
diff --git a/debian/patches/sigstop.patch b/debian/patches/sigstop.patch
index 7ae7f3558..5e07bf023 100644
--- a/debian/patches/sigstop.patch
+++ b/debian/patches/sigstop.patch
@@ -1,4 +1,4 @@
-From 8d765e441787d024e76369496316105fe736d3ba Mon Sep 17 00:00:00 2001
+From 7140d94420542a8af7459d08436af2fc950cd810 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:17 +0000
 Subject: Support synchronisation with service supervisor using SIGSTOP
@@ -13,10 +13,10 @@ Patch-Name: sigstop.patch
  1 file changed, 10 insertions(+)
 
 diff --git a/sshd.c b/sshd.c
-index 71fad9e..837409b 100644
+index 747beec8..414e19ee 100644
 --- a/sshd.c
 +++ b/sshd.c
-@@ -2107,6 +2107,16 @@ main(int ac, char **av)
+@@ -1878,6 +1878,16 @@ main(int ac, char **av)
                         }
                 }
  
diff --git a/debian/patches/ssh-agent-setgid.patch b/debian/patches/ssh-agent-setgid.patch
index 2d1dabfd3..4e087e47d 100644
--- a/debian/patches/ssh-agent-setgid.patch
+++ b/debian/patches/ssh-agent-setgid.patch
@@ -1,4 +1,4 @@
-From 172bb48ec4cb3b65d26d4f3bd8bc0e82ddaf6ca1 Mon Sep 17 00:00:00 2001
+From 42a3ec898a2dc3a752d675f48585109ab8a592f2 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:13 +0000
 Subject: Document consequences of ssh-agent being setgid in ssh-agent(1)
@@ -13,10 +13,10 @@ Patch-Name: ssh-agent-setgid.patch
  1 file changed, 15 insertions(+)
 
 diff --git a/ssh-agent.1 b/ssh-agent.1
-index c4b50bb..2fe2201 100644
+index 83b2b41c..7230704a 100644
 --- a/ssh-agent.1
 +++ b/ssh-agent.1
-@@ -193,6 +193,21 @@ environment variable holds the agent's process ID.
+@@ -206,6 +206,21 @@ environment variable holds the agent's process ID.
  .Pp
  The agent exits automatically when the command given on the command
  line terminates.
@@ -37,4 +37,4 @@ index c4b50bb..2fe2201 100644
 +so in the program executed by ssh-agent.
  .Sh FILES
  .Bl -tag -width Ds
- .It Pa $TMPDIR/ssh-XXXXXXXXXX/agent.\*(Ltppid\*(Gt
+ .It Pa $TMPDIR/ssh-XXXXXXXXXX/agent.<ppid>
diff --git a/debian/patches/ssh-argv0.patch b/debian/patches/ssh-argv0.patch
index 614ed8195..70b13cd47 100644
--- a/debian/patches/ssh-argv0.patch
+++ b/debian/patches/ssh-argv0.patch
@@ -1,4 +1,4 @@
-From ccfb71ca70b73f6d5a2873b31d0140c7cb5f4430 Mon Sep 17 00:00:00 2001
+From 45d82ddb03e248dae4775ce1693654ea69d050ad Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:10 +0000
 Subject: ssh(1): Refer to ssh-argv0(1)
@@ -18,7 +18,7 @@ Patch-Name: ssh-argv0.patch
  1 file changed, 1 insertion(+)
 
 diff --git a/ssh.1 b/ssh.1
-index b1f128c..22e56a7 100644
+index b1f128c2..22e56a7b 100644
 --- a/ssh.1
 +++ b/ssh.1
 @@ -1586,6 +1586,7 @@ if an error occurred.
diff --git a/debian/patches/ssh-vulnkey-compat.patch b/debian/patches/ssh-vulnkey-compat.patch
index 0492c84fe..29a876cd8 100644
--- a/debian/patches/ssh-vulnkey-compat.patch
+++ b/debian/patches/ssh-vulnkey-compat.patch
@@ -1,4 +1,4 @@
-From e35c0bb4c3997b8ef885c6afdcc600b403eb878b Mon Sep 17 00:00:00 2001
+From 01e8999cc86a0b2ffed5f98abed624b0e7c2707f Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@ubuntu.com>
 Date: Sun, 9 Feb 2014 16:09:50 +0000
 Subject: Accept obsolete ssh-vulnkey configuration options
@@ -17,7 +17,7 @@ Patch-Name: ssh-vulnkey-compat.patch
  2 files changed, 2 insertions(+)
 
 diff --git a/readconf.c b/readconf.c
-index e019195..c0b7822 100644
+index 7902ef26..c1c3aae0 100644
 --- a/readconf.c
 +++ b/readconf.c
 @@ -194,6 +194,7 @@ static struct {
@@ -29,14 +29,14 @@ index e019195..c0b7822 100644
         { "pubkeyauthentication", oPubkeyAuthentication },
         { "dsaauthentication", oPubkeyAuthentication },             /* alias */
 diff --git a/servconf.c b/servconf.c
-index 9b06281..bf9f8f7 100644
+index 14c81fa9..49d3bdc8 100644
 --- a/servconf.c
 +++ b/servconf.c
-@@ -541,6 +541,7 @@ static struct {
+@@ -521,6 +521,7 @@ static struct {
         { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL },
         { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL },
         { "strictmodes", sStrictModes, SSHCFG_GLOBAL },
 +       { "permitblacklistedkeys", sDeprecated, SSHCFG_GLOBAL },
         { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL },
         { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL },
-        { "uselogin", sUseLogin, SSHCFG_GLOBAL },
+        { "uselogin", sDeprecated, SSHCFG_GLOBAL },
diff --git a/debian/patches/syslog-level-silent.patch b/debian/patches/syslog-level-silent.patch
index 3e46d03c8..9fd4e96d3 100644
--- a/debian/patches/syslog-level-silent.patch
+++ b/debian/patches/syslog-level-silent.patch
@@ -1,4 +1,4 @@
-From 21fb55231ad0422fa0e5f0c2f67093cb5f29dd47 Mon Sep 17 00:00:00 2001
+From 3ffb3874831f9f4a0a2d02c82c3505166593f1c1 Mon Sep 17 00:00:00 2001
 From: Jonathan David Amery <jdamery@ysolde.ucam.org>
 Date: Sun, 9 Feb 2014 16:09:54 +0000
 Subject: "LogLevel SILENT" compatibility
@@ -21,7 +21,7 @@ Patch-Name: syslog-level-silent.patch
  2 files changed, 2 insertions(+), 1 deletion(-)
 
 diff --git a/log.c b/log.c
-index 2b59c42..ffc8ffb 100644
+index 2b59c427..ffc8ffbb 100644
 --- a/log.c
 +++ b/log.c
 @@ -93,6 +93,7 @@ static struct {
@@ -33,7 +33,7 @@ index 2b59c42..ffc8ffb 100644
         { "FATAL",      SYSLOG_LEVEL_FATAL },
         { "ERROR",      SYSLOG_LEVEL_ERROR },
 diff --git a/ssh.c b/ssh.c
-index 03a23fb..1febb04 100644
+index ee0b16dc..39609e79 100644
 --- a/ssh.c
 +++ b/ssh.c
 @@ -1167,7 +1167,7 @@ main(int ac, char **av)
diff --git a/debian/patches/systemd-readiness.patch b/debian/patches/systemd-readiness.patch
index deee48460..a2ecd7e99 100644
--- a/debian/patches/systemd-readiness.patch
+++ b/debian/patches/systemd-readiness.patch
@@ -1,4 +1,4 @@
-From fe97848e044743f0bac019a491ddf0138f84e14a Mon Sep 17 00:00:00 2001
+From 6ea90cd25e0275c4153691a962bcc89007e77261 Mon Sep 17 00:00:00 2001
 From: Michael Biebl <biebl@debian.org>
 Date: Mon, 21 Dec 2015 16:08:47 +0000
 Subject: Add systemd readiness notification support
@@ -14,10 +14,10 @@ Patch-Name: systemd-readiness.patch
  2 files changed, 33 insertions(+)
 
 diff --git a/configure.ac b/configure.ac
-index f822fb3..6cafb15 100644
+index 4747ce4a..9f59794b 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -4319,6 +4319,29 @@ AC_ARG_WITH([kerberos5],
+@@ -4364,6 +4364,29 @@ AC_ARG_WITH([kerberos5],
  AC_SUBST([GSSLIBS])
  AC_SUBST([K5LIBS])
  
@@ -47,7 +47,7 @@ index f822fb3..6cafb15 100644
  # Looking for programs, paths and files
  
  PRIVSEP_PATH=/var/empty
-@@ -5121,6 +5144,7 @@ echo "                   libedit support: $LIBEDIT_MSG"
+@@ -5167,6 +5190,7 @@ echo "                   libedit support: $LIBEDIT_MSG"
  echo "  Solaris process contract support: $SPC_MSG"
  echo "           Solaris project support: $SP_MSG"
  echo "         Solaris privilege support: $SPP_MSG"
@@ -56,7 +56,7 @@ index f822fb3..6cafb15 100644
  echo "           Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
  echo "                  BSD Auth support: $BSD_AUTH_MSG"
 diff --git a/sshd.c b/sshd.c
-index 837409b..868df9e 100644
+index 414e19ee..8b793480 100644
 --- a/sshd.c
 +++ b/sshd.c
 @@ -85,6 +85,10 @@
@@ -69,8 +69,8 @@ index 837409b..868df9e 100644
 +
  #include "xmalloc.h"
  #include "ssh.h"
- #include "ssh1.h"
-@@ -2117,6 +2121,11 @@ main(int ac, char **av)
+ #include "ssh2.h"
+@@ -1888,6 +1892,11 @@ main(int ac, char **av)
                         unsetenv("SSH_SIGSTOP");
                 }
  
diff --git a/debian/patches/unregister-kexinit.patch b/debian/patches/unregister-kexinit.patch
deleted file mode 100644
index 48da43273..000000000
--- a/debian/patches/unregister-kexinit.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From b139635512b1af75e82252c0c71ac66e08b78774 Mon Sep 17 00:00:00 2001
-From: "markus@openbsd.org" <markus@openbsd.org>
-Date: Mon, 10 Oct 2016 19:28:48 +0000
-Subject: upstream commit
-
-Unregister the KEXINIT handler after message has been
-received. Otherwise an unauthenticated peer can repeat the KEXINIT and cause
-allocation of up to 128MB -- until the connection is closed. Reported by
-shilei-c at 360.cn
-
-Upstream-ID: 43649ae12a27ef94290db16d1a98294588b75c05
-
-Origin: https://anongit.mindrot.org/openssh.git/commit/?id=ec165c392ca54317dbe3064a8c200de6531e89ad
-Bug-Debian: https://bugs.debian.org/841884
-Bug-Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=1384860
-Last-Update: 2016-10-24
-
-Patch-Name: unregister-kexinit.patch
----
- kex.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/kex.c b/kex.c
-index c17d652..7ab72ba 100644
---- a/kex.c
-+++ b/kex.c
-@@ -488,6 +488,7 @@ kex_input_kexinit(int type, u_int32_t seq, void *ctxt)
-        if (kex == NULL)
-                return SSH_ERR_INVALID_ARGUMENT;
- 
-+       ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, NULL);
-        ptr = sshpkt_ptr(ssh, &dlen);
-        if ((r = sshbuf_put(kex->peer, ptr, dlen)) != 0)
-                return r;
diff --git a/debian/patches/user-group-modes.patch b/debian/patches/user-group-modes.patch
index 3bd2fd91f..e08b6c7b7 100644
--- a/debian/patches/user-group-modes.patch
+++ b/debian/patches/user-group-modes.patch
@@ -1,4 +1,4 @@
-From 563974a78e937c4844e1198b5f6d79b8b2b5c600 Mon Sep 17 00:00:00 2001
+From df060c830ad66289a93be24268f3f70e7021be29 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:09:58 +0000
 Subject: Allow harmless group-writability
@@ -28,10 +28,10 @@ Patch-Name: user-group-modes.patch
  8 files changed, 80 insertions(+), 29 deletions(-)
 
 diff --git a/auth-rhosts.c b/auth-rhosts.c
-index 0ef3447..c17c13c 100644
+index ecf956f0..4dccd5e6 100644
 --- a/auth-rhosts.c
 +++ b/auth-rhosts.c
-@@ -273,8 +273,7 @@ auth_rhosts2_raw(struct passwd *pw, const char *client_user, const char *hostnam
+@@ -261,8 +261,7 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname,
                 return 0;
         }
         if (options.strict_modes &&
@@ -41,7 +41,7 @@ index 0ef3447..c17c13c 100644
                 logit("Rhosts authentication refused for %.100s: "
                     "bad ownership or modes for home directory.", pw->pw_name);
                 auth_debug_add("Rhosts authentication refused for %.100s: "
-@@ -300,8 +299,7 @@ auth_rhosts2_raw(struct passwd *pw, const char *client_user, const char *hostnam
+@@ -288,8 +287,7 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname,
                  * allowing access to their account by anyone.
                  */
                 if (options.strict_modes &&
@@ -52,10 +52,10 @@ index 0ef3447..c17c13c 100644
                             pw->pw_name, buf);
                         auth_debug_add("Bad file modes for %.200s", buf);
 diff --git a/auth.c b/auth.c
-index f56dcc6..3f8b348 100644
+index c6390687..90390724 100644
 --- a/auth.c
 +++ b/auth.c
-@@ -435,8 +435,7 @@ check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host,
+@@ -444,8 +444,7 @@ check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host,
                 user_hostfile = tilde_expand_filename(userfile, pw->pw_uid);
                 if (options.strict_modes &&
                     (stat(user_hostfile, &st) == 0) &&
@@ -65,7 +65,7 @@ index f56dcc6..3f8b348 100644
                         logit("Authentication refused for %.100s: "
                             "bad owner or modes for %.200s",
                             pw->pw_name, user_hostfile);
-@@ -498,8 +497,7 @@ auth_secure_path(const char *name, struct stat *stp, const char *pw_dir,
+@@ -507,8 +506,7 @@ auth_secure_path(const char *name, struct stat *stp, const char *pw_dir,
                 snprintf(err, errlen, "%s is not a regular file", buf);
                 return -1;
         }
@@ -75,7 +75,7 @@ index f56dcc6..3f8b348 100644
                 snprintf(err, errlen, "bad ownership or modes for file %s",
                     buf);
                 return -1;
-@@ -514,8 +512,7 @@ auth_secure_path(const char *name, struct stat *stp, const char *pw_dir,
+@@ -523,8 +521,7 @@ auth_secure_path(const char *name, struct stat *stp, const char *pw_dir,
                 strlcpy(buf, cp, sizeof(buf));
  
                 if (stat(buf, &st) < 0 ||
@@ -86,7 +86,7 @@ index f56dcc6..3f8b348 100644
                             "bad ownership or modes for directory %s", buf);
                         return -1;
 diff --git a/misc.c b/misc.c
-index 9421b4d..68efb2b 100644
+index 65c9222a..bf9153a6 100644
 --- a/misc.c
 +++ b/misc.c
 @@ -51,8 +51,9 @@
@@ -181,21 +181,23 @@ index 9421b4d..68efb2b 100644
  tun_open(int tun, int mode)
  {
 diff --git a/misc.h b/misc.h
-index 7c76a6a..42cd95e 100644
+index c242f901..8b223b55 100644
 --- a/misc.h
 +++ b/misc.h
-@@ -139,4 +139,6 @@ char        *read_passphrase(const char *, int);
+@@ -143,6 +143,8 @@ char        *read_passphrase(const char *, int);
  int     ask_permission(const char *, ...) __attribute__((format(printf, 1, 2)));
  int     read_keyfile_line(FILE *, const char *, char *, size_t, u_long *);
  
 +int     secure_permissions(struct stat *st, uid_t uid);
 +
- #endif /* _MISC_H */
+ #define MINIMUM(a, b)  (((a) < (b)) ? (a) : (b))
+ #define MAXIMUM(a, b)  (((a) > (b)) ? (a) : (b))
+ #define ROUNDUP(x, y)   ((((x)+((y)-1))/(y))*(y))
 diff --git a/platform.c b/platform.c
-index 4831706..2ce4dbf 100644
+index cd7bf566..380ee3a4 100644
 --- a/platform.c
 +++ b/platform.c
-@@ -199,19 +199,3 @@ platform_krb5_get_principal_name(const char *pw_name)
+@@ -197,19 +197,3 @@ platform_krb5_get_principal_name(const char *pw_name)
         return NULL;
  #endif
  }
@@ -216,10 +218,10 @@ index 4831706..2ce4dbf 100644
 -       return 0;
 -}
 diff --git a/readconf.c b/readconf.c
-index 3a6c67b..f6b4c8f 100644
+index 3efba242..c02cdf63 100644
 --- a/readconf.c
 +++ b/readconf.c
-@@ -1753,8 +1753,7 @@ read_config_file_depth(const char *filename, struct passwd *pw,
+@@ -1752,8 +1752,7 @@ read_config_file_depth(const char *filename, struct passwd *pw,
  
                 if (fstat(fileno(f), &sb) == -1)
                         fatal("fstat %s: %s", filename, strerror(errno));
@@ -230,7 +232,7 @@ index 3a6c67b..f6b4c8f 100644
         }
  
 diff --git a/ssh.1 b/ssh.1
-index 4011c65..feef81a 100644
+index 4011c65a..feef81a5 100644
 --- a/ssh.1
 +++ b/ssh.1
 @@ -1484,6 +1484,8 @@ The file format and configuration options are described in
@@ -243,10 +245,10 @@ index 4011c65..feef81a 100644
  .It Pa ~/.ssh/environment
  Contains additional definitions for environment variables; see
 diff --git a/ssh_config.5 b/ssh_config.5
-index efc265a..5dd26bc 100644
+index 32fd100d..f62ea6b8 100644
 --- a/ssh_config.5
 +++ b/ssh_config.5
-@@ -1903,6 +1903,8 @@ The format of this file is described above.
+@@ -1803,6 +1803,8 @@ The format of this file is described above.
  This file is used by the SSH client.
  Because of the potential for abuse, this file must have strict permissions:
  read/write for the user, and not accessible by others.
diff --git a/debian/rules b/debian/rules
index 76e71ecf1..86d15a0d0 100755
--- a/debian/rules
+++ b/debian/rules
@@ -153,12 +153,7 @@ override_dh_auto_build-indep:
 override_dh_auto_test-arch:
 ifeq ($(RUN_TESTS),yes)
         $(MAKE) -C debian/build-deb regress-prep
-        $(MAKE) -C debian/build-deb $(PARALLEL) \
-                regress/unittests/sshbuf/test_sshbuf \
-                regress/unittests/sshkey/test_sshkey \
-                regress/unittests/bitmap/test_bitmap \
-                regress/unittests/hostkeys/test_hostkeys \
-                regress/unittests/kex/test_kex
+        $(MAKE) -C debian/build-deb $(PARALLEL) regress-binaries
         $(MAKE) -C debian/build-deb/regress \
                 .OBJDIR="$(CURDIR)/debian/build-deb/regress" \
                 .CURDIR="$(CURDIR)/regress" \