1 files changed, 12 insertions, 2 deletions

diff --git a/sshd.c b/sshd.c
index 4eddeb8d8..72e9eaf47 100644
--- a/sshd.c
+++ b/sshd.c
@@ -440,7 +440,8 @@ sshd_exchange_identification(int sock_in, int sock_out)
         }
 
         xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s",
-            major, minor, SSH_VERSION,
+            major, minor,
+            options.debian_banner ? SSH_RELEASE : SSH_RELEASE_MINIMUM,
             *options.version_addendum == '\0' ? "" : " ",
             options.version_addendum, newline);
 
@@ -753,7 +754,7 @@ privsep_postauth(Authctxt *authctxt)
         RAND_seed(rnd, sizeof(rnd));
 
         /* Drop privileges */
-        do_setusercontext(authctxt->pw);
+        do_setusercontext(authctxt->pw, authctxt->role);
 
  skip:
         /* It is safe now to apply the key state */
@@ -1688,6 +1689,11 @@ main(int ac, char **av)
                         sensitive_data.host_pubkeys[i] = NULL;
                         continue;
                 }
+                if (auth_key_is_revoked(key != NULL ? key : pubkey, 1)) {
+                        sensitive_data.host_keys[i] = NULL;
+                        sensitive_data.host_pubkeys[i] = NULL;
+                        continue;
+                }
 
                 switch (keytype) {
                 case KEY_RSA1:
@@ -1908,6 +1914,10 @@ main(int ac, char **av)
                         }
                 }
 
+                if (getenv("SSH_SIGSTOP"))
+                        /* Tell service supervisor that we are ready. */
+                        kill(getpid(), SIGSTOP);
+
                 /* Accept a connection and return in a forked child */
                 server_accept_loop(&sock_in, &sock_out,
                     &newsock, config_s);