This commit was generated by cvs2svn to compensate for changes in r147001,

which included commits to RCS files with non-trunk default branches.

24 files changed, 246 insertions, 57 deletions

diff --git a/crypto/openssh/ChangeLog b/crypto/openssh/ChangeLog
index 046e32e8a9dc..15ce35ce762f 100644
--- a/crypto/openssh/ChangeLog
+++ b/crypto/openssh/ChangeLog
@@ -1,3 +1,178 @@
+20050524
+ - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
+         [contrib/suse/openssh.spec] Update spec file versions to 4.1p1
+ - (dtucker) [auth-pam.c] Since people don't seem to be getting the message
+   that USE_POSIX_THREADS is unsupported, not recommended and generally a bad
+   idea, it is now known as UNSUPPORTED_POSIX_THREADS_HACK.  Attempting to use
+   USE_POSIX_THREADS will now generate an error so we don't silently change
+   behaviour.  ok djm@
+ - (dtucker) [openbsd-compat/bsd-cygwin_util.c] Ensure sufficient memory
+   allocation when retrieving core Windows environment.  Add CYGWIN variable
+   to propagated variables.  Patch from vinschen at redhat.com, ok djm@
+ - (djm) Release 4.1p1
+
+20050524
+ - (djm) [openbsd-compat/readpassphrase.c] bz #950: Retry tcsetattr to ensure
+   terminal modes are reset correctly. Fix from peak AT argo.troja.mff.cuni.cz;
+   "looks ok" dtucker@
+
+20050512
+ - (tim) [buildpkg.sh.in] missing ${PKG_INSTALL_ROOT} in init script
+   hard link section. Bug 1038.
+
+20050509
+ - (dtucker) [contrib/cygwin/ssh-host-config] Add a test and warning for a
+   user-mode mounts in Cygwin installation.  Patch from vinschen at redhat.com.
+
+20050504
+ - (djm) [ssh.c] some systems return EADDRINUSE on a bind to an already-used
+   unix domain socket, so catch that too; from jakob@ ok dtucker@
+
+20050503
+ - (dtucker) [canohost.c] normalise socket addresses returned by
+   get_remote_hostname().  This means that IPv4 addresses in log messages
+   on IPv6 enabled machines will no longer be prefixed by "::ffff:" and
+   AllowUsers, DenyUsers, AllowGroups, DenyGroups will match IPv4-style
+   addresses only for 4-in-6 mapped connections, regardless of whether
+   or not the machine is IPv6 enabled.  ok djm@
+
+20050425
+ - (dtucker) [regress/multiplex.sh] Use "kill -0 $pid" to check for the
+   existence of a process since it's more portable.  Found by jbasney at
+   ncsa.uiuc.edu; ok tim@
+ - (dtucker) [regress/multiplex.sh] Remove cleanup call since test-exec.sh
+   will clean up anyway.  From tim@
+ - (dtucker) [regress/multiplex.sh] Put control socket in /tmp so running
+   "make tests" works even if you're building on a filesystem that doesn't
+   support sockets.  From deengert at anl.gov, ok djm@
+
+20050424
+ - (dtucker) [INSTALL configure.ac] Make zlib version check test for 1.1.4 or
+   1.2.1.2 or higher.  With tim@, ok djm@
+
+20050423
+ - (tim) [config.guess] Add support for OpenServer 6.
+
+20050421
+ - (dtucker) [session.c] Bug #1024: Don't check pam_session_is_open if
+   UseLogin is set as PAM is not used to establish credentials in that
+   case.  Found by Michael Selvesteen, ok djm@
+
+20050419
+ - (dtucker) [INSTALL] Reference README.privsep for the privilege separation
+   requirements.  Pointed out by Bengt Svensson.
+ - (dtucker) [INSTALL] Put the s/key text and URL back together.
+ - (dtucker) [INSTALL] Fix s/key text too.
+
+20050411
+ - (tim) [configure.ac] UnixWare needs PASSWD_NEEDS_USERNAME
+
+20050405
+ - (dtucker) [configure.ac] Define HAVE_SO_PEERCRED if we have it.  ok djm@
+ - (dtucker) [auth-sia.c] Constify sys_auth_passwd, fixes build error on
+   Tru64.  Patch from cmadams at hiwaay.net.
+ - (dtucker) [auth-passwd.c auth-sia.h] Remove duplicate definitions of
+   sys_auth_passwd, pointed out by cmadams at hiwaay.net.
+
+20050403
+ - (djm) OpenBSD CVS Sync
+   - deraadt@cvs.openbsd.org 2005/03/31 18:39:21
+     [scp.c]
+     copy argv[] element instead of smashing the one that ps will see; ok otto
+   - djm@cvs.openbsd.org 2005/04/02 12:41:16
+     [scp.c]
+     since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror
+     build
+ - (dtucker) [monitor.c] Don't free buffers in audit functions, monitor_read
+   will free as needed.  ok tim@ djm@
+
+20050331
+ - (dtucker) OpenBSD CVS Sync
+   - jmc@cvs.openbsd.org 2005/03/16 11:10:38
+     [ssh_config.5]
+     get the syntax right for {Local,Remote}Forward;
+     based on a diff from markus;
+     problem report from ponraj;
+     ok dtucker@ markus@ deraadt@
+   - markus@cvs.openbsd.org 2005/03/16 21:17:39
+     [version.h]
+     4.1
+   - jmc@cvs.openbsd.org 2005/03/18 17:05:00
+     [sshd_config.5]
+     typo;
+ - (dtucker) [auth.h sshd.c openbsd-compat/port-aix.c] Bug #1006: fix bug in
+   handling of password expiry messages returned by AIX's authentication
+   routines, originally reported by robvdwal at sara.nl.
+ - (dtucker) [ssh.c] Prevent null pointer deref in port forwarding debug
+   message on some platforms.  Patch from pete at seebeyond.com via djm.
+ - (dtucker) [monitor.c] Remaining part of fix for bug #1006.
+
+20050329
+ - (dtucker) [contrib/aix/buildbff.sh] Bug #1005: Look up only the user we're
+   interested in which is much faster in large (eg LDAP or NIS) environments.
+   Patch from dleonard at vintela.com.
+
+20050321
+ - (dtucker) [configure.ac] Prevent configure --with-zlib from adding -Iyes
+   and -Lyes to CFLAGS and LIBS.  Pointed out by peter at slagheap.net,
+   with & ok tim@
+ - (dtucker) [configure.ac] Make configure error out if the user specifies
+   --with-libedit but the required libs can't be found, rather than silently
+   ignoring and continuing.  ok tim@
+ - (dtucker) [configure.ac openbsd-compat/port-aix.h] Prevent redefinitions
+   of setauthdb on AIX 5.3, reported by anders.liljegren at its.uu.se.
+
+20050317
+ - (tim) [configure.ac] Bug 998. Make path for --with-opensc optional.
+   Make --without-opensc work.
+ - (tim) [configure.ac] portability changes on test statements. Some shells
+   have problems with -a operator.
+ - (tim) [configure.ac] make some configure options a little more error proof.
+ - (tim) [configure.ac] remove trailing white space.
+
+20050314
+ - (dtucker) OpenBSD CVS Sync
+   - dtucker@cvs.openbsd.org 2005/03/10 10:15:02
+     [readconf.c]
+     Check listen addresses for null, prevents xfree from dying during
+     ClearAllForwardings (bz #996).  From  Craig Leres, ok markus@
+   - deraadt@cvs.openbsd.org 2005/03/10 22:01:05
+     [misc.c ssh-keygen.c servconf.c clientloop.c auth-options.c ssh-add.c
+     monitor.c sftp-client.c bufaux.h hostfile.c ssh.c sshconnect.c channels.c
+     readconf.c bufaux.c sftp.c]
+     spacing
+   - deraadt@cvs.openbsd.org 2005/03/10 22:40:38
+     [auth-options.c]
+     spacing
+   - markus@cvs.openbsd.org 2005/03/11 14:59:06
+     [ssh-keygen.c]
+     typo, missing \n; mpech
+   - jmc@cvs.openbsd.org 2005/03/12 11:55:03
+     [ssh_config.5]
+     escape `.' at eol to avoid double spacing issues;
+   - dtucker@cvs.openbsd.org 2005/03/14 10:09:03
+     [ssh-keygen.1]
+     Correct description of -H (bz #997);  ok markus@, punctuation jmc@
+   - dtucker@cvs.openbsd.org 2005/03/14 11:44:42
+     [auth.c]
+     Populate host for log message for logins denied by AllowUsers and
+     DenyUsers (bz #999); ok markus@ (patch by tryponraj at gmail.com)
+   - markus@cvs.openbsd.org 2005/03/14 11:46:56
+     [buffer.c buffer.h channels.c]
+     limit input buffer size for channels; bugzilla #896; with and ok dtucker@
+ - (tim) [contrib/caldera/openssh.spec] links in rc?.d were getting trashed
+   with a rpm -F
+
+20050313
+ - (dtucker) [contrib/cygwin/ssh-host-config] Makes the query for the
+   localized name of the local administrators group more reliable.  From
+   vinschen at redhat.com.
+
+20050312
+ - (dtucker) [regress/test-exec.sh] DEBUG can cause problems where debug
+   output ends up in the client's output, causing regress failures.  Found
+   by Corinna Vinschen.
+
 20050309
  - (dtucker) [regress/test-exec.sh] Set BIN_SH=xpg4 on OSF1/Digital Unix/Tru64
    so that regress tests behave.  From Chris Adams.
@@ -2321,4 +2496,4 @@
    - (djm) Trim deprecated options from INSTALL. Mention UsePAM
    - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
 
-$Id: ChangeLog,v 1.3707.2.1 2005/03/09 04:52:09 djm Exp $
+$Id: ChangeLog,v 1.3758.2.2 2005/05/25 12:24:56 djm Exp $
diff --git a/crypto/openssh/INSTALL b/crypto/openssh/INSTALL
index 4fc3744f383a..753d2d06183d 100644
--- a/crypto/openssh/INSTALL
+++ b/crypto/openssh/INSTALL
@@ -3,7 +3,7 @@
 
 You will need working installations of Zlib and OpenSSL.
 
-Zlib 1.1.4 or greater:
+Zlib 1.1.4 or 1.2.1.2 or greater (ealier 1.2.x versions have problems):
 http://www.gzip.org/zlib/
 
 OpenSSL 0.9.6 or greater:
@@ -50,20 +50,20 @@ lacks /dev/random and don't want to use OpenSSH's internal entropy collection.
 http://www.lothar.com/tech/crypto/
 
 S/Key Libraries:
+
+If you wish to use --with-skey then you will need the library below
+installed.  No other S/Key library is currently known to be supported.
+
 http://www.sparc.spb.su/solaris/skey/
 
 LibEdit:
-
 sftp now supports command-line editing via NetBSD's libedit.  If your
 platform has it available natively you can use that, alternatively
 you might try these multi-platform ports:
+
 http://www.thrysoee.dk/editline/
 http://sourceforge.net/projects/libedit/
 
-If you wish to use --with-skey then you will need the above library
-installed.  No other current S/Key library is currently known to be
-supported.
-
 2. Building / Installation
 --------------------------
 
@@ -91,6 +91,10 @@ make install
 This will install the binaries in /opt/{bin,lib,sbin}, but will place the
 configuration files in /etc/ssh.
 
+If you are using Privilege Separation (which is enabled by default)
+then you will also need to create the user, group and directory used by
+sshd for privilege separation.  See README.privsep for details.
+
 If you are using PAM, you may need to manually install a PAM control
 file as "/etc/pam.d/sshd" (or wherever your system prefers to keep
 them).  Note that the service name used to start PAM is __progname,
@@ -221,4 +225,4 @@ Please refer to the "reporting bugs" section of the webpage at
 http://www.openssh.com/
 
 
-$Id: INSTALL,v 1.66 2005/01/18 01:05:18 dtucker Exp $
+$Id: INSTALL,v 1.70 2005/04/24 07:52:23 dtucker Exp $
diff --git a/crypto/openssh/README b/crypto/openssh/README
index 0c5335ff5b03..93682c3cbb42 100644
--- a/crypto/openssh/README
+++ b/crypto/openssh/README
@@ -61,4 +61,4 @@ References -
 [6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9
 [7] http://www.openssh.com/faq.html
 
-$Id: README,v 1.56.4.1 2005/03/09 03:12:09 djm Exp $
+$Id: README,v 1.57 2005/03/09 03:32:28 dtucker Exp $
diff --git a/crypto/openssh/auth-options.c b/crypto/openssh/auth-options.c
index 04d12d66e48c..a85e408359ee 100644
--- a/crypto/openssh/auth-options.c
+++ b/crypto/openssh/auth-options.c
@@ -10,7 +10,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth-options.c,v 1.29 2005/03/01 10:09:52 djm Exp $");
+RCSID("$OpenBSD: auth-options.c,v 1.31 2005/03/10 22:40:38 deraadt Exp $");
 
 #include "xmalloc.h"
 #include "match.h"
@@ -247,7 +247,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
 			host = hpdelim(&p);
 			if (host == NULL || strlen(host) >= NI_MAXHOST) {
 				debug("%.100s, line %lu: Bad permitopen "
-				    "specification <%.100s>", file, linenum, 
+				    "specification <%.100s>", file, linenum,
 				    patterns);
 				auth_debug_add("%.100s, line %lu: "
 				    "Bad permitopen specification", file,
@@ -255,8 +255,8 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
 				xfree(patterns);
 				goto bad_option;
 			}
- 			host = cleanhostname(host);
- 			if (p == NULL || (port = a2port(p)) == 0) {
+			host = cleanhostname(host);
+			if (p == NULL || (port = a2port(p)) == 0) {
 				debug("%.100s, line %lu: Bad permitopen port "
 				    "<%.100s>", file, linenum, p ? p : "");
 				auth_debug_add("%.100s, line %lu: "
diff --git a/crypto/openssh/auth-sia.c b/crypto/openssh/auth-sia.c
index 63f55d07f2d1..af7182b4834e 100644
--- a/crypto/openssh/auth-sia.c
+++ b/crypto/openssh/auth-sia.c
@@ -47,7 +47,7 @@ extern int saved_argc;
 extern char **saved_argv;
 
 int
-sys_auth_passwd(Authctxt *authctxt, char *pass)
+sys_auth_passwd(Authctxt *authctxt, const char *pass)
 {
 	int ret;
 	SIAENTITY *ent = NULL;
diff --git a/crypto/openssh/auth-sia.h b/crypto/openssh/auth-sia.h
index ca55e913ed58..27cbb93f12da 100644
--- a/crypto/openssh/auth-sia.h
+++ b/crypto/openssh/auth-sia.h
@@ -26,7 +26,6 @@
 
 #ifdef HAVE_OSF_SIA
 
-int	sys_auth_passwd(Authctxt *, char *);
 void	session_setup_sia(struct passwd *, char *);
 
 #endif /* HAVE_OSF_SIA */
diff --git a/crypto/openssh/bufaux.h b/crypto/openssh/bufaux.h
index e30911ddc176..f5efaed3edd7 100644
--- a/crypto/openssh/bufaux.h
+++ b/crypto/openssh/bufaux.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: bufaux.h,v 1.20 2004/10/29 23:56:17 djm Exp $	*/
+/*	$OpenBSD: bufaux.h,v 1.21 2005/03/10 22:01:05 deraadt Exp $	*/
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -40,7 +40,7 @@ void    buffer_put_string(Buffer *, const void *, u_int);
 void	buffer_put_cstring(Buffer *, const char *);
 
 #define buffer_skip_string(b) \
-    do { u_int l = buffer_get_int(b); buffer_consume(b, l); } while(0)
+    do { u_int l = buffer_get_int(b); buffer_consume(b, l); } while (0)
 
 int	buffer_put_bignum_ret(Buffer *, const BIGNUM *);
 int	buffer_get_bignum_ret(Buffer *, BIGNUM *);
diff --git a/crypto/openssh/buffer.c b/crypto/openssh/buffer.c
index 1a25004ba2b2..487e0810598a 100644
--- a/crypto/openssh/buffer.c
+++ b/crypto/openssh/buffer.c
@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: buffer.c,v 1.22 2004/10/29 23:56:17 djm Exp $");
+RCSID("$OpenBSD: buffer.c,v 1.23 2005/03/14 11:46:56 markus Exp $");
 
 #include "xmalloc.h"
 #include "buffer.h"
@@ -78,7 +78,7 @@ buffer_append_space(Buffer *buffer, u_int len)
 	u_int newlen;
 	void *p;
 
-	if (len > 0x100000)
+	if (len > BUFFER_MAX_CHUNK)
 		fatal("buffer_append_space: len %u not supported", len);
 
 	/* If the buffer is empty, start using it from the beginning. */
@@ -97,7 +97,7 @@ restart:
 	 * If the buffer is quite empty, but all data is at the end, move the
 	 * data to the beginning and retry.
 	 */
-	if (buffer->offset > buffer->alloc / 2) {
+	if (buffer->offset > MIN(buffer->alloc, BUFFER_MAX_CHUNK)) {
 		memmove(buffer->buf, buffer->buf + buffer->offset,
 			buffer->end - buffer->offset);
 		buffer->end -= buffer->offset;
@@ -107,7 +107,7 @@ restart:
 	/* Increase the size of the buffer and retry. */
 
 	newlen = buffer->alloc + len + 32768;
-	if (newlen > 0xa00000)
+	if (newlen > BUFFER_MAX_LEN)
 		fatal("buffer_append_space: alloc %u not supported",
 		    newlen);
 	buffer->buf = xrealloc(buffer->buf, newlen);
diff --git a/crypto/openssh/buffer.h b/crypto/openssh/buffer.h
index 9c09d4f43f75..2b20eed52acf 100644
--- a/crypto/openssh/buffer.h
+++ b/crypto/openssh/buffer.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: buffer.h,v 1.12 2004/10/29 23:56:17 djm Exp $	*/
+/*	$OpenBSD: buffer.h,v 1.13 2005/03/14 11:46:56 markus Exp $	*/
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -23,6 +23,9 @@ typedef struct {
 	u_int	 end;		/* Offset of last byte containing data. */
 }       Buffer;
 
+#define	BUFFER_MAX_CHUNK	0x100000
+#define	BUFFER_MAX_LEN		0xa00000
+
 void	 buffer_init(Buffer *);
 void	 buffer_clear(Buffer *);
 void	 buffer_free(Buffer *);
diff --git a/crypto/openssh/buildpkg.sh.in b/crypto/openssh/buildpkg.sh.in
index f243e90bf98c..f90ae6e8113e 100644
--- a/crypto/openssh/buildpkg.sh.in
+++ b/crypto/openssh/buildpkg.sh.in
@@ -282,11 +282,11 @@ installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SY
 	installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
 else
 	[ "$RCS_D" = yes ]  &&  \
-installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
-	installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
+installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
+	installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
 	[ "$RC1_D" = no ]  ||  \
-	installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
-	installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
+	installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
+	installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
 fi
 
 # If piddir doesn't exist we add it. (Ie. --with-pid-dir=/var/opt/ssh)
diff --git a/crypto/openssh/clientloop.c b/crypto/openssh/clientloop.c
index 1e250883f182..1591215bdabf 100644
--- a/crypto/openssh/clientloop.c
+++ b/crypto/openssh/clientloop.c
@@ -59,7 +59,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: clientloop.c,v 1.135 2005/03/01 10:09:52 djm Exp $");
+RCSID("$OpenBSD: clientloop.c,v 1.136 2005/03/10 22:01:05 deraadt Exp $");
 
 #include "ssh.h"
 #include "ssh1.h"
@@ -627,7 +627,7 @@ client_process_control(fd_set * readset)
 			    "to %s? ", host);
 		if (allowed)
 			quit_pending = 1;
-		/* FALLTHROUGH */	
+		/* FALLTHROUGH */
 	case SSHMUX_COMMAND_ALIVE_CHECK:
 		/* Reply for SSHMUX_COMMAND_TERMINATE and ALIVE_CHECK */
 		buffer_clear(&m);
diff --git a/crypto/openssh/config.guess b/crypto/openssh/config.guess
index 500ee74b047e..5adbef1f9eac 100755
--- a/crypto/openssh/config.guess
+++ b/crypto/openssh/config.guess
@@ -995,7 +995,8 @@ EOF
 		echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL}
 	fi
 	exit 0 ;;
-    i*86:*:5:[78]*)
+    i*86:*:5:[678]*)
+	# Unixware 7.x, OpenUNIX 8, & OpenServer 6
 	case `/bin/uname -X | grep "^Machine"` in
 	    *486*)	     UNAME_MACHINE=i486 ;;
 	    *Pentium)	     UNAME_MACHINE=i586 ;;
diff --git a/crypto/openssh/log.c b/crypto/openssh/log.c
index e55a54f167a7..96ab24b04b43 100644
--- a/crypto/openssh/log.c
+++ b/crypto/openssh/log.c
@@ -196,6 +196,7 @@ log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr)
 #if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT)
 	struct syslog_data sdata = SYSLOG_DATA_INIT;
 #endif
+
 	argv0 = av0;
 
 	switch (level) {
diff --git a/crypto/openssh/misc.c b/crypto/openssh/misc.c
index 2e366f81b270..7adbcea1c19a 100644
--- a/crypto/openssh/misc.c
+++ b/crypto/openssh/misc.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: misc.c,v 1.28 2005/03/01 10:09:52 djm Exp $");
+RCSID("$OpenBSD: misc.c,v 1.29 2005/03/10 22:01:05 deraadt Exp $");
 
 #include "misc.h"
 #include "log.h"
@@ -303,13 +303,13 @@ hpdelim(char **cp)
 	case '\0':
 		*cp = NULL;	/* no more fields*/
 		break;
-	
+
 	case ':':
 	case '/':
 		*s = '\0';	/* terminate */
 		*cp = s + 1;
 		break;
-	
+
 	default:
 		return NULL;
 	}
@@ -391,7 +391,7 @@ read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz,
 			debug("%s: %s line %lu exceeds size limit", __func__,
 			    filename, *lineno);
 			/* discard remainder of line */
-			while(fgetc(f) != '\n' && !feof(f))
+			while (fgetc(f) != '\n' && !feof(f))
 				;	/* nothing */
 		}
 	}
diff --git a/crypto/openssh/openbsd-compat/bsd-cygwin_util.c b/crypto/openssh/openbsd-compat/bsd-cygwin_util.c
index f53abb6e2f92..ff394ec17279 100644
--- a/crypto/openssh/openbsd-compat/bsd-cygwin_util.c
+++ b/crypto/openssh/openbsd-compat/bsd-cygwin_util.c
@@ -29,7 +29,7 @@
 
 #include "includes.h"
 
-RCSID("$Id: bsd-cygwin_util.c,v 1.13 2004/08/30 10:42:08 dtucker Exp $");
+RCSID("$Id: bsd-cygwin_util.c,v 1.13.4.1 2005/05/25 09:42:40 dtucker Exp $");
 
 #ifdef HAVE_CYGWIN
 
@@ -247,6 +247,7 @@ static struct wenv {
 	{ NL("COMMONPROGRAMFILES=") },
 	{ NL("COMPUTERNAME=") },
 	{ NL("COMSPEC=") },
+	{ NL("CYGWIN=") },
 	{ NL("NUMBER_OF_PROCESSORS=") },
 	{ NL("OS=") },
 	{ NL("PATH=") },
@@ -260,7 +261,7 @@ static struct wenv {
 	{ NL("SYSTEMROOT=") },
 	{ NL("TMP=") },
 	{ NL("TEMP=") },
-	{ NL("WINDIR=") },
+	{ NL("WINDIR=") }
 };
 
 char **
@@ -269,7 +270,7 @@ fetch_windows_environment(void)
 	char **e, **p;
 	int i, idx = 0;
 
-	p = xmalloc(WENV_SIZ * sizeof(char *));
+	p = xmalloc((WENV_SIZ + 1) * sizeof(char *));
 	for (e = environ; *e != NULL; ++e) {
 		for (i = 0; i < WENV_SIZ; ++i) {
 			if (!strncmp(*e, wenv_arr[i].name, wenv_arr[i].namelen))
diff --git a/crypto/openssh/openbsd-compat/port-aix.c b/crypto/openssh/openbsd-compat/port-aix.c
index fa6a4ff7b45e..cf5d4b9a34e6 100644
--- a/crypto/openssh/openbsd-compat/port-aix.c
+++ b/crypto/openssh/openbsd-compat/port-aix.c
@@ -151,7 +151,7 @@ aix_valid_authentications(const char *user)
  * returns 0.
  */
 int
-sys_auth_passwd(Authctxt *ctxt, const char *password, Buffer *loginmsg)
+sys_auth_passwd(Authctxt *ctxt, const char *password)
 {
 	char *authmsg = NULL, *msg, *name = ctxt->pw->pw_name;
 	int authsuccess = 0, expired, reenter, result;
@@ -181,7 +181,7 @@ sys_auth_passwd(Authctxt *ctxt, const char *password, Buffer *loginmsg)
 		 */
 		expired = passwdexpired(name, &msg);
 		if (msg && *msg) {
-			buffer_append(loginmsg, msg, strlen(msg));
+			buffer_append(ctxt->loginmsg, msg, strlen(msg));
 			aix_remove_embedded_newlines(msg);
 		}
 		debug3("AIX/passwdexpired returned %d msg %.100s", expired, msg);
diff --git a/crypto/openssh/openbsd-compat/port-aix.h b/crypto/openssh/openbsd-compat/port-aix.h
index a05ce97038d5..9e3dce4dd2c5 100644
--- a/crypto/openssh/openbsd-compat/port-aix.h
+++ b/crypto/openssh/openbsd-compat/port-aix.h
@@ -1,4 +1,4 @@
-/* $Id: port-aix.h,v 1.24 2005/02/16 11:49:31 dtucker Exp $ */
+/* $Id: port-aix.h,v 1.25 2005/03/21 11:46:34 dtucker Exp $ */
 
 /*
  *
@@ -47,7 +47,9 @@
 
 /* These should be in the system headers but are not. */
 int usrinfo(int, char *, int);
+#if (HAVE_DECL_SETAUTHDB == 0)
 int setauthdb(const char *, char *);
+#endif
 /* these may or may not be in the headers depending on the version */
 #if (HAVE_DECL_AUTHENTICATE == 0)
 int authenticate(char *, char *, int *, char **);
diff --git a/crypto/openssh/openbsd-compat/readpassphrase.c b/crypto/openssh/openbsd-compat/readpassphrase.c
index 4ee1be5de283..eb060bdbfbc0 100644
--- a/crypto/openssh/openbsd-compat/readpassphrase.c
+++ b/crypto/openssh/openbsd-compat/readpassphrase.c
@@ -137,8 +137,11 @@ restart:
 		(void)write(output, "\n", 1);
 
 	/* Restore old terminal settings and signals. */
-	if (memcmp(&term, &oterm, sizeof(term)) != 0)
-		(void)tcsetattr(input, _T_FLUSH, &oterm);
+	if (memcmp(&term, &oterm, sizeof(term)) != 0) {
+		while (tcsetattr(input, _T_FLUSH, &oterm) == -1 &&
+		    errno == EINTR)
+			continue;
+	}
 	(void)sigaction(SIGALRM, &savealrm, NULL);
 	(void)sigaction(SIGHUP, &savehup, NULL);
 	(void)sigaction(SIGINT, &saveint, NULL);
diff --git a/crypto/openssh/regress/multiplex.sh b/crypto/openssh/regress/multiplex.sh
index e8cc1ac53190..a172e579052d 100644
--- a/crypto/openssh/regress/multiplex.sh
+++ b/crypto/openssh/regress/multiplex.sh
@@ -1,7 +1,7 @@
 #	$OpenBSD: multiplex.sh,v 1.10 2005/02/27 11:33:30 dtucker Exp $
 #	Placed in the Public Domain.
 
-CTL=$OBJ/ctl-sock
+CTL=/tmp/openssh.regress.ctl-sock.$$
 
 tid="connection multiplexing"
 
@@ -89,6 +89,4 @@ ${SSH} -S $CTL -Oexit otherhost || fail "send exit command failed"
 # Wait for master to exit
 sleep 2
 
-ps -p $MASTER_PID >/dev/null && fail "exit command failed" 
-
-cleanup
+kill -0 $MASTER_PID >/dev/null 2>&1 && fail "exit command failed" 
diff --git a/crypto/openssh/regress/test-exec.sh b/crypto/openssh/regress/test-exec.sh
index 4e53449bedeb..bd0c025ba2b1 100644
--- a/crypto/openssh/regress/test-exec.sh
+++ b/crypto/openssh/regress/test-exec.sh
@@ -197,7 +197,7 @@ cat << EOF > $OBJ/sshd_config
 	#ListenAddress		::1
 	PidFile			$PIDFILE
 	AuthorizedKeysFile	$OBJ/authorized_keys_%u
-	LogLevel		DEBUG
+	LogLevel		VERBOSE
 	AcceptEnv		_XXX_TEST_*
 	AcceptEnv		_XXX_TEST
 	Subsystem	sftp	$SFTPSERVER
diff --git a/crypto/openssh/sftp-client.c b/crypto/openssh/sftp-client.c
index d894a11f20ce..92df427515f9 100644
--- a/crypto/openssh/sftp-client.c
+++ b/crypto/openssh/sftp-client.c
@@ -20,7 +20,7 @@
 /* XXX: copy between two remote sites */
 
 #include "includes.h"
-RCSID("$OpenBSD: sftp-client.c,v 1.52 2004/11/25 22:22:14 markus Exp $");
+RCSID("$OpenBSD: sftp-client.c,v 1.53 2005/03/10 22:01:05 deraadt Exp $");
 
 #include "openbsd-compat/sys-queue.h"
 
@@ -856,7 +856,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
 		debug3("Received reply T:%u I:%u R:%d", type, id, max_req);
 
 		/* Find the request in our queue */
-		for(req = TAILQ_FIRST(&requests);
+		for (req = TAILQ_FIRST(&requests);
 		    req != NULL && req->id != id;
 		    req = TAILQ_NEXT(req, tq))
 			;
@@ -1109,7 +1109,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
 			debug3("SSH2_FXP_STATUS %d", status);
 
 			/* Find the request in our queue */
-			for(ack = TAILQ_FIRST(&acks);
+			for (ack = TAILQ_FIRST(&acks);
 			    ack != NULL && ack->id != r_id;
 			    ack = TAILQ_NEXT(ack, tq))
 				;
diff --git a/crypto/openssh/sftp.c b/crypto/openssh/sftp.c
index f8553ed82104..16a6cf0c62f3 100644
--- a/crypto/openssh/sftp.c
+++ b/crypto/openssh/sftp.c
@@ -16,7 +16,7 @@
 
 #include "includes.h"
 
-RCSID("$OpenBSD: sftp.c,v 1.62 2005/02/20 22:59:06 djm Exp $");
+RCSID("$OpenBSD: sftp.c,v 1.63 2005/03/10 22:01:05 deraadt Exp $");
 
 #ifdef USE_LIBEDIT
 #include <histedit.h>
@@ -357,7 +357,7 @@ parse_ls_flags(const char **cpp, int *lflag)
 
 	/* Check for flags */
 	if (cp++[0] == '-') {
-		for(; strchr(WHITESPACE, *cp) == NULL; cp++) {
+		for (; strchr(WHITESPACE, *cp) == NULL; cp++) {
 			switch (*cp) {
 			case 'l':
 				*lflag &= ~VIEW_FLAGS;
diff --git a/crypto/openssh/ssh-keygen.1 b/crypto/openssh/ssh-keygen.1
index 3987b1e66615..c14eed14e81b 100644
--- a/crypto/openssh/ssh-keygen.1
+++ b/crypto/openssh/ssh-keygen.1
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: ssh-keygen.1,v 1.66 2005/03/01 18:15:56 jmc Exp $
+.\"	$OpenBSD: ssh-keygen.1,v 1.67 2005/03/14 10:09:03 dtucker Exp $
 .\"
 .\"  -*- nroff -*-
 .\"
@@ -232,8 +232,10 @@ command.
 .It Fl H
 Hash a
 .Pa known_hosts
-file, printing the result to standard output.
-This replaces all hostnames and addresses with hashed representations.
+file.
+This replaces all hostnames and addresses with hashed representations
+within the specified file; the original content is moved to a file with
+a .old suffix.
 These hashes may be used normally by
 .Nm ssh
 and
diff --git a/crypto/openssh/ssh-keygen.c b/crypto/openssh/ssh-keygen.c
index a9931d4d846a..92885506a9d6 100644
--- a/crypto/openssh/ssh-keygen.c
+++ b/crypto/openssh/ssh-keygen.c
@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-keygen.c,v 1.120 2005/03/02 01:27:41 djm Exp $");
+RCSID("$OpenBSD: ssh-keygen.c,v 1.122 2005/03/11 14:59:06 markus Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/pem.h>
@@ -684,7 +684,7 @@ do_known_hosts(struct passwd *pw, const char *name)
 				if (delete_host && !c)
 					print_host(out, cp, public, 0);
 			} else if (hash_hosts) {
-				for(cp2 = strsep(&cp, ",");
+				for (cp2 = strsep(&cp, ",");
 				    cp2 != NULL && *cp2 != '\0';
 				    cp2 = strsep(&cp, ",")) {
 					if (strcspn(cp2, "*?!") != strlen(cp2))
@@ -707,7 +707,7 @@ do_known_hosts(struct passwd *pw, const char *name)
 		    identity_file);
 		if (inplace) {
 			fprintf(stderr, "Not replacing existing known_hosts "
-			    "file beacuse of errors");
+			    "file because of errors\n");
 			fclose(out);
 			unlink(tmp);
 		}