24525860 upgrade OpenSSH to 7.3p1
authorTomas Kuthan <tomas.kuthan@oracle.com>
Tue, 20 Sep 2016 03:54:40 -0700
changeset 6930 31ef2580c45d
parent 6929 e7955ccacd45
child 6931 f6f7269f85a9
24525860 upgrade OpenSSH to 7.3p1 24320031 problem in UTILITY/OPENSSH 24461706 problem in UTILITY/OPENSSH
components/openssh/Makefile
components/openssh/patches/014-disable_banner.patch
components/openssh/patches/015-pam_conversation_fix.patch
components/openssh/patches/023-gsskex.patch
components/openssh/patches/033-without_cast128.patch
components/openssh/patches/034-getaddrinfo_with_ai_addrconfig.patch
components/openssh/patches/035-fips.patch
components/openssh/patches/036-fipsrandom.patch
components/openssh/patches/040-default_config_files.patch
components/openssh/patches/041-pam_ctx_preserve.patch
components/openssh/patches/043-protect_agent_sftpserver.patch
components/openssh/patches/045-remove_unacceptable_algs.patch
components/openssh/patches/046-73_solaris_build_issue.patch
components/openssh/sources/kexgssc.c
components/openssh/sources/kexgsss.c
--- a/components/openssh/Makefile	Mon Sep 19 14:01:08 2016 -0700
+++ b/components/openssh/Makefile	Tue Sep 20 03:54:40 2016 -0700
@@ -27,19 +27,19 @@
 include ../../make-rules/shared-macros.mk
 
 COMPONENT_NAME=		openssh
-COMPONENT_VERSION=	7.2p2
+COMPONENT_VERSION=	7.3p1
 HUMAN_VERSION=		$(COMPONENT_VERSION)
 
 # Version for IPS.  The encoding rules are:
 #   OpenSSH <x>.<y>p<n>     => IPS <x>.<y>.0.<n>
 #   OpenSSH <x>.<y>.<z>p<n> => IPS <x>.<y>.<z>.<n>
-IPS_COMPONENT_VERSION=	7.2.0.2
+IPS_COMPONENT_VERSION=	7.3.0.1
 
 COMPONENT_PROJECT_URL=	http://www.openssh.org/
-COMPONENT_ARCHIVE_HASH=	sha256:a72781d1a043876a224ff1b0032daa4094d87565a68528759c1c2cab5482548c
+COMPONENT_ARCHIVE_HASH=	sha256:3ffb989a6dcaa69594c3b550d4855a5a2e1718ccdde7f5e36387b424220fbecc
 COMPONENT_ARCHIVE_URL=	http://mirrors.sonic.net/pub/OpenBSD/OpenSSH/portable/$(COMPONENT_ARCHIVE)
 
-TPNO_OPENSSH=		27414
+TPNO_OPENSSH=		30602
 TPNO_GSSKEX=		20377
 
 # Because of set up requirements, test suite is in stc gate.
@@ -64,9 +64,9 @@
 CFLAGS += -DPAM_BUGFIX
 CFLAGS += -DOPTION_DEFAULT_VALUE
 CFLAGS += -DPER_SESSION_XAUTHFILE
-CFLAGS += -DWITHOUT_CAST128
+CFLAGS += -DOPENSSL_NO_CAST
 CFLAGS += -DENABLE_OPENSSL_FIPS
-CFLAGS += -DWITHOUT_ARCFOUR
+CFLAGS += -DOPENSSL_NO_RC4
 CFLAGS += -DWITHOUT_HMAC_MD5
 
 # We need to disable lazyloading of dynamic dependent libraries. During the
--- a/components/openssh/patches/014-disable_banner.patch	Mon Sep 19 14:01:08 2016 -0700
+++ b/components/openssh/patches/014-disable_banner.patch	Tue Sep 20 03:54:40 2016 -0700
@@ -6,54 +6,54 @@
 # In the future, if this feature is accepted by the upsteam in a later release,
 # we will remove this patch when we upgrade to that release.  
 #
-diff -pur old/readconf.c new/readconf.c
---- old/readconf.c	2015-03-28 21:57:35.551727235 +0100
-+++ new/readconf.c	2015-03-28 22:06:01.694836272 +0100
[email protected]@ -150,6 +150,9 @@ typedef enum {
+--- orig/readconf.c	Mon Aug 15 15:45:25 2016
++++ new/readconf.c	Mon Aug 15 15:53:23 2016
[email protected]@ -163,6 +163,9 @@
  	oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
  	oSendEnv, oControlPath, oControlMaster, oControlPersist,
  	oHashKnownHosts,
 +#ifdef DISABLE_BANNER 
-+	oDisableBanner,
++        oDisableBanner,
 +#endif
  	oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
- 	oVisualHostKey, oUseRoaming,
+ 	oVisualHostKey,
  	oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass,
[email protected]@ -254,6 +257,9 @@ static struct {
[email protected]@ -271,6 +274,9 @@
  	{ "controlmaster", oControlMaster },
  	{ "controlpersist", oControlPersist },
  	{ "hashknownhosts", oHashKnownHosts },
 +#ifdef DISABLE_BANNER
-+	{ "disablebanner", oDisableBanner },
++        { "disablebanner", oDisableBanner },
 +#endif
+ 	{ "include", oInclude },
  	{ "tunnel", oTunnel },
  	{ "tunneldevice", oTunnelDevice },
- 	{ "localcommand", oLocalCommand },
[email protected]@ -754,6 +760,17 @@ static const struct multistate multistat
[email protected]@ -794,6 +800,18 @@
  	{ NULL, -1 }
  };
  
++ 
 +#ifdef DISABLE_BANNER
 +static const struct multistate multistate_disablebanner[] = {
-+	{ "true",			SSH_DISABLEBANNER_YES },
-+	{ "false",			SSH_DISABLEBANNER_NO },
-+	{ "yes",			SSH_DISABLEBANNER_YES },
-+	{ "no",				SSH_DISABLEBANNER_NO },
-+	{ "in-exec-mode",		SSH_DISABLEBANNER_INEXECMODE },
-+	{ NULL, -1 }
++        { "true",                       SSH_DISABLEBANNER_YES },
++        { "false",                      SSH_DISABLEBANNER_NO },
++        { "yes",                        SSH_DISABLEBANNER_YES },
++        { "no",                         SSH_DISABLEBANNER_NO },
++        { "in-exec-mode",               SSH_DISABLEBANNER_INEXECMODE },
++        { NULL, -1 }
 +}; 
 +#endif
 +
  /*
   * Processes a single option line as used in the configuration files. This
   * only sets those values that have not already been set.
[email protected]@ -1514,6 +1531,13 @@ parse_int:
- 			*charptr = xstrdup(arg);
- 		break;
[email protected]@ -1657,6 +1675,13 @@
+ 		charptr = &options->identity_agent;
+ 		goto parse_string;
  
 +#ifdef DISABLE_BANNER
-+	case oDisableBanner:
-+	        intptr = &options->disable_banner;
++        case oDisableBanner:
++                intptr = &options->disable_banner;
 +                multistate_ptr = multistate_disablebanner;
 +                goto parse_multistate; 
 +#endif
@@ -61,32 +61,31 @@
  	case oDeprecated:
  		debug("%s line %d: Deprecated option \"%s\"",
  		    filename, linenum, keyword);
[email protected]@ -1684,6 +1708,9 @@ initialize_options(Options * options)
[email protected]@ -1847,6 +1872,9 @@
  	options->ip_qos_bulk = -1;
  	options->request_tty = -1;
  	options->proxy_use_fdpass = -1;
 +#ifdef DISABLE_BANNER
-+	options->disable_banner = -1;
++        options->disable_banner = -1;
 +#endif
  	options->ignored_unknown = NULL;
  	options->num_canonical_domains = 0;
  	options->num_permitted_cnames = 0;
[email protected]@ -1871,6 +1898,10 @@ fill_default_options(Options * options)
[email protected]@ -2041,6 +2069,10 @@
  		options->canonicalize_fallback_local = 1;
  	if (options->canonicalize_hostname == -1)
  		options->canonicalize_hostname = SSH_CANONICALISE_NO;
 +#ifdef DISABLE_BANNER
-+	if (options->disable_banner == -1)
-+		options->disable_banner = 0;
++        if (options->disable_banner == -1)
++                options->disable_banner = 0;
 +#endif
  	if (options->fingerprint_hash == -1)
  		options->fingerprint_hash = SSH_FP_HASH_DEFAULT;
  	if (options->update_hostkeys == -1)
-diff -pur old/readconf.h new/readconf.h
---- old/readconf.h	2015-03-17 06:49:20.000000000 +0100
-+++ new/readconf.h	2015-03-28 21:57:35.684348892 +0100
[email protected]@ -153,6 +153,9 @@ typedef struct {
- 	char	*hostbased_key_types;
+--- orig/readconf.h	Mon Aug 15 15:45:28 2016
++++ new/readconf.h	Mon Aug 15 15:55:00 2016
[email protected]@ -169,6 +169,9 @@
+ 	char   *jump_extra;
  
  	char	*ignored_unknown; /* Pattern list of unknown tokens to ignore */
 +#ifdef DISABLE_BANNER
@@ -95,23 +94,22 @@
  }       Options;
  
  #define SSH_CANONICALISE_NO	0
[email protected]@ -178,6 +181,12 @@ typedef struct {
[email protected]@ -195,6 +198,12 @@
  #define SSH_UPDATE_HOSTKEYS_YES	1
  #define SSH_UPDATE_HOSTKEYS_ASK	2
  
 +#ifdef DISABLE_BANNER
-+#define SSH_DISABLEBANNER_NO		0
-+#define SSH_DISABLEBANNER_YES		1
-+#define SSH_DISABLEBANNER_INEXECMODE	2
++#define SSH_DISABLEBANNER_NO            0
++#define SSH_DISABLEBANNER_YES           1
++#define SSH_DISABLEBANNER_INEXECMODE    2
 +#endif
 +
  void     initialize_options(Options *);
  void     fill_default_options(Options *);
  void	 fill_default_options_for_canonicalization(Options *);
-diff -pur old/ssh_config.5 new/ssh_config.5
---- old/ssh_config.5	2015-03-28 21:57:35.544033907 +0100
-+++ new/ssh_config.5	2015-03-28 21:57:35.684635985 +0100
[email protected]@ -566,6 +566,14 @@ If set to a time in seconds, or a time i
+--- orig/ssh_config.5	Mon Aug 15 15:45:37 2016
++++ new/ssh_config.5	Mon Aug 15 15:57:36 2016
[email protected]@ -643,6 +643,14 @@
  then the backgrounded master connection will automatically terminate
  after it has remained idle (with no client connections) for the
  specified time.
@@ -122,14 +120,13 @@
 +.Pp
 +The default value is no, which means that the banner is displayed unless the 
 +log level  is  QUIET, FATAL, or ERROR. See also the Banner option in
-+.Xr sshd_config 4 . This option applies to protocol version 2 only.
+++.Xr sshd_config 5 . This option applies to protocol version 2 only.
  .It Cm DynamicForward
  Specifies that a TCP port on the local machine be forwarded
  over the secure channel, and the application
-diff -pur old/sshconnect2.c new/sshconnect2.c
---- old/sshconnect2.c	2015-03-17 06:49:20.000000000 +0100
-+++ new/sshconnect2.c	2015-03-28 21:57:35.684940995 +0100
[email protected]@ -81,6 +81,10 @@ extern char *client_version_string;
+--- orig/sshconnect2.c	Mon Aug 15 15:45:44 2016
++++ new/sshconnect2.c	Thu Aug 18 18:28:20 2016
[email protected]@ -82,6 +82,10 @@
  extern char *server_version_string;
  extern Options options;
  
@@ -140,24 +137,24 @@
  /*
   * SSH2 key exchange
   */
[email protected]@ -480,7 +484,20 @@ input_userauth_banner(int type, u_int32_
- 	debug3("input_userauth_banner");
- 	raw = packet_get_string(&len);
[email protected]@ -502,7 +506,20 @@
+ 	debug3("%s", __func__);
+ 	msg = packet_get_string(&len);
  	lang = packet_get_string(NULL);
 +
 +#ifdef DISABLE_BANNER
-+	/*
-+	 * Banner is a warning message according to RFC 4252. So, never print
-+	 * a banner in error log level or lower. If the log level is higher,
-+	 * use DisableBanner option to decide whether to display it or not.
-+	 */
-+	if (len > 0 && options.log_level >= SYSLOG_LEVEL_INFO && 
++        /*
++         * Banner is a warning message according to RFC 4252. So, never print
++         * a banner in error log level or lower. If the log level is higher,
++         * use DisableBanner option to decide whether to display it or not.
++         */
++        if (len > 0 && options.log_level >= SYSLOG_LEVEL_INFO && 
 +            (options.disable_banner == SSH_DISABLEBANNER_NO ||
 +            (options.disable_banner == SSH_DISABLEBANNER_INEXECMODE &&
-+            buffer_len(&command) == 0))) {
++            buffer_len(&command) == 0))) 
 +#else
- 	if (len > 0 && options.log_level >= SYSLOG_LEVEL_INFO) {
+ 	if (len > 0 && options.log_level >= SYSLOG_LEVEL_INFO)
 +#endif
- 		if (len > 65536)
- 			len = 65536;
- 		msg = xmalloc(len * 4 + 1); /* max expansion from strnvis() */
+ 		fmprintf(stderr, "%s", msg);
+ 	free(msg);
+ 	free(lang);
--- a/components/openssh/patches/015-pam_conversation_fix.patch	Mon Sep 19 14:01:08 2016 -0700
+++ b/components/openssh/patches/015-pam_conversation_fix.patch	Tue Sep 20 03:54:40 2016 -0700
@@ -4,9 +4,9 @@
 # 2009, but it was not accepted by the upstream.  For more information, see
 # https://bugzilla.mindrot.org/show_bug.cgi?id=1681.
 #
---- orig/auth-pam.c	Mon Oct 27 14:40:01 2014
-+++ new/auth-pam.c	Tue Oct 28 12:40:59 2014
[email protected]@ -1111,11 +1111,13 @@
+--- orig/auth-pam.c	Mon Aug 15 16:16:17 2016
++++ new/auth-pam.c	Mon Aug 15 16:26:40 2016
[email protected]@ -1138,11 +1138,13 @@
  	free(env);
  }
  
@@ -20,25 +20,25 @@
  static int
  sshpam_passwd_conv(int n, sshpam_const struct pam_message **msg,
      struct pam_response **resp, void *data)
[email protected]@ -1137,6 +1139,17 @@
[email protected]@ -1164,6 +1166,17 @@
  	for (i = 0; i < n; ++i) {
  		switch (PAM_MSG_MEMBER(msg, i, msg_style)) {
  		case PAM_PROMPT_ECHO_OFF:
 +#ifdef PAM_BUGFIX
 +                       /*
 +                        * PAM conversation function for the password userauth
-+			* method (non-interactive) really cannot do any 
-+			* prompting.  We set the PAM_AUTHTOK item in 
++                        * method (non-interactive) really cannot do any 
++                        * prompting.  We set the PAM_AUTHTOK item in 
 +                        * sshpam_auth_passwd()to avoid conversation. If some
-+			* modules still try to converse, then the password
-+			* userauth will fail.
-+			*/
-+			goto fail;
++                        * modules still try to converse, then the password
++                        * userauth will fail.
++                        */
++                        goto fail;
 +#else
  			if (sshpam_password == NULL)
  				goto fail;
  			if ((reply[i].resp = strdup(sshpam_password)) == NULL)
[email protected]@ -1143,6 +1156,7 @@
[email protected]@ -1170,6 +1183,7 @@
  				goto fail;
  			reply[i].resp_retcode = PAM_SUCCESS;
  			break;
@@ -46,7 +46,7 @@
  		case PAM_ERROR_MSG:
  		case PAM_TEXT_INFO:
  			len = strlen(PAM_MSG_MEMBER(msg, i, msg));
[email protected]@ -1178,6 +1192,9 @@
[email protected]@ -1205,6 +1219,9 @@
  int
  sshpam_auth_passwd(Authctxt *authctxt, const char *password)
  {
@@ -55,35 +55,35 @@
 +#endif
  	int flags = (options.permit_empty_passwd == 0 ?
  	    PAM_DISALLOW_NULL_AUTHTOK : 0);
- 
[email protected]@ -1197,6 +1214,15 @@
+ 	char *fake = NULL;
[email protected]@ -1225,6 +1242,15 @@
  	    options.permit_root_login != PERMIT_YES))
- 		sshpam_password = badpw;
+ 		sshpam_password = fake = fake_password(password);
  
 +#ifdef PAM_BUGFIX
-+  	sshpam_err = pam_set_item(sshpam_handle, PAM_AUTHTOK, password);
-+	if (sshpam_err != PAM_SUCCESS) {
-+		debug("PAM: %s: failed to set PAM_AUTHTOK: %s", __func__,
-+		    pam_strerror(sshpam_handle, sshpam_err));
-+		return 0;
-+	}
++        sshpam_err = pam_set_item(sshpam_handle, PAM_AUTHTOK, password);
++        if (sshpam_err != PAM_SUCCESS) {
++                debug("PAM: %s: failed to set PAM_AUTHTOK: %s", __func__,
++                    pam_strerror(sshpam_handle, sshpam_err));
++                return 0;
++        }
 +#endif
 +
  	sshpam_err = pam_set_item(sshpam_handle, PAM_CONV,
  	    (const void *)&passwd_conv);
  	if (sshpam_err != PAM_SUCCESS)
[email protected]@ -1205,6 +1231,16 @@
- 
- 	sshpam_err = pam_authenticate(sshpam_handle, flags);
- 	sshpam_password = NULL;
[email protected]@ -1236,6 +1262,16 @@
+ 	free(fake);
+ 	if (sshpam_err == PAM_MAXTRIES)
+ 		sshpam_set_maxtries_reached(1);
 +
 +#ifdef PAM_BUGFIX
 +        set_item_rtn = pam_set_item(sshpam_handle, PAM_AUTHTOK, NULL);
-+	if (set_item_rtn != PAM_SUCCESS) {
-+		debug("PAM: %s: failed to set PAM_AUTHTOK: %s", __func__,
-+		    pam_strerror(sshpam_handle, set_item_rtn));
-+		return 0;
-+	}
++        if (set_item_rtn != PAM_SUCCESS) {
++                debug("PAM: %s: failed to set PAM_AUTHTOK: %s", __func__,
++                    pam_strerror(sshpam_handle, set_item_rtn));
++                return 0;
++        }
 +#endif
 +
  	if (sshpam_err == PAM_SUCCESS && authctxt->valid) {
--- a/components/openssh/patches/023-gsskex.patch	Mon Sep 19 14:01:08 2016 -0700
+++ b/components/openssh/patches/023-gsskex.patch	Tue Sep 20 03:54:40 2016 -0700
@@ -6,6 +6,17 @@
 # Default value for GSSAPIKeyExchange changed to yes to match SunSSH behavior.
 # New files kexgssc.c and kexgsss.c moved to ../sources/ and made cstyle clean.
 #
+# Update Sep 5, 2016:
+# Upstream renamed and moved canohost.c`get_canonical_hostname to sshd-specific
+# auth.c`auth_get_canonical_hostname. In Solaris specific GSS-API key exchange
+# code we need this functionality on the client side too, for canonicalizing
+# server hostbased service principal. We have moved remote_hostname back to
+# canohost.c.
+#
+# TODO:
+# When we upgrade Kerberos in Solaris to future version 1.15, we will use
+# krb5_expand_hostname for hostname canonicalization instead.
+#
 # Upstream rejected GSS-API key exchange several times before.
 #
 diff -pur old/Makefile.in new/Makefile.in
@@ -28,6 +39,109 @@
  	loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
  	sftp-server.o sftp-common.o sftp_provider.o \
  	sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
+diff -pur old/auth.c new/auth.c
+--- old/auth.c
++++ new/auth.c
[email protected]@ -786,99 +786,6 @@ fakepw(void)
+ }
+ 
+ /*
+- * Returns the remote DNS hostname as a string. The returned string must not
+- * be freed. NB. this will usually trigger a DNS query the first time it is
+- * called.
+- * This function does additional checks on the hostname to mitigate some
+- * attacks on legacy rhosts-style authentication.
+- * XXX is RhostsRSAAuthentication vulnerable to these?
+- * XXX Can we remove these checks? (or if not, remove RhostsRSAAuthentication?)
+- */
+-
+-static char *
+-remote_hostname(struct ssh *ssh)
+-{
+-	struct sockaddr_storage from;
+-	socklen_t fromlen;
+-	struct addrinfo hints, *ai, *aitop;
+-	char name[NI_MAXHOST], ntop2[NI_MAXHOST];
+-	const char *ntop = ssh_remote_ipaddr(ssh);
+-
+-	/* Get IP address of client. */
+-	fromlen = sizeof(from);
+-	memset(&from, 0, sizeof(from));
+-	if (getpeername(ssh_packet_get_connection_in(ssh),
+-	    (struct sockaddr *)&from, &fromlen) < 0) {
+-		debug("getpeername failed: %.100s", strerror(errno));
+-		return strdup(ntop);
+-	}
+-
+-	ipv64_normalise_mapped(&from, &fromlen);
+-	if (from.ss_family == AF_INET6)
+-		fromlen = sizeof(struct sockaddr_in6);
+-
+-	debug3("Trying to reverse map address %.100s.", ntop);
+-	/* Map the IP address to a host name. */
+-	if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name),
+-	    NULL, 0, NI_NAMEREQD) != 0) {
+-		/* Host name not found.  Use ip address. */
+-		return strdup(ntop);
+-	}
+-
+-	/*
+-	 * if reverse lookup result looks like a numeric hostname,
+-	 * someone is trying to trick us by PTR record like following:
+-	 *	1.1.1.10.in-addr.arpa.	IN PTR	2.3.4.5
+-	 */
+-	memset(&hints, 0, sizeof(hints));
+-	hints.ai_socktype = SOCK_DGRAM;	/*dummy*/
+-	hints.ai_flags = AI_NUMERICHOST;
+-	if (getaddrinfo(name, NULL, &hints, &ai) == 0) {
+-		logit("Nasty PTR record \"%s\" is set up for %s, ignoring",
+-		    name, ntop);
+-		freeaddrinfo(ai);
+-		return strdup(ntop);
+-	}
+-
+-	/* Names are stored in lowercase. */
+-	lowercase(name);
+-
+-	/*
+-	 * Map it back to an IP address and check that the given
+-	 * address actually is an address of this host.  This is
+-	 * necessary because anyone with access to a name server can
+-	 * define arbitrary names for an IP address. Mapping from
+-	 * name to IP address can be trusted better (but can still be
+-	 * fooled if the intruder has access to the name server of
+-	 * the domain).
+-	 */
+-	memset(&hints, 0, sizeof(hints));
+-	hints.ai_family = from.ss_family;
+-	hints.ai_socktype = SOCK_STREAM;
+-	if (getaddrinfo(name, NULL, &hints, &aitop) != 0) {
+-		logit("reverse mapping checking getaddrinfo for %.700s "
+-		    "[%s] failed.", name, ntop);
+-		return strdup(ntop);
+-	}
+-	/* Look for the address from the list of addresses. */
+-	for (ai = aitop; ai; ai = ai->ai_next) {
+-		if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop2,
+-		    sizeof(ntop2), NULL, 0, NI_NUMERICHOST) == 0 &&
+-		    (strcmp(ntop, ntop2) == 0))
+-				break;
+-	}
+-	freeaddrinfo(aitop);
+-	/* If we reached the end of the list, the address was not there. */
+-	if (ai == NULL) {
+-		/* Address not found for the host name. */
+-		logit("Address %.100s maps to %.600s, but this does not "
+-		    "map back to the address.", ntop, name);
+-		return strdup(ntop);
+-	}
+-	return strdup(name);
+-}
+-
+-/*
+  * Return the canonical name of the host in the other side of the current
+  * connection.  The host name is cached, so it is efficient to call this
+  * several times.
 diff -pur old/auth2-gss.c new/auth2-gss.c
 --- old/auth2-gss.c
 +++ new/auth2-gss.c
@@ -112,6 +226,120 @@
  	&method_gssapi,
  #endif
  	&method_passwd,
+diff -pur old/canohost.c new/canohost.c
+--- old/canohost.c
++++ new/canohost.c
[email protected]@ -202,3 +202,97 @@ get_local_port(int sock)
+ {
+ 	return get_sock_port(sock, 1);
+ }
++
++/*
++ * Returns the remote DNS hostname as a string. The returned string must not
++ * be freed. NB. this will usually trigger a DNS query the first time it is
++ * called.
++ * This function does additional checks on the hostname to mitigate some
++ * attacks on legacy rhosts-style authentication.
++ * XXX is RhostsRSAAuthentication vulnerable to these?
++ * XXX Can we remove these checks? (or if not, remove RhostsRSAAuthentication?)
++ */
++
++/* Oracle Solaris - moved out of auth.c for use in GSSKEX in sshconnect2.c */
++char *
++remote_hostname(struct ssh *ssh)
++{
++	struct sockaddr_storage from;
++	socklen_t fromlen;
++	struct addrinfo hints, *ai, *aitop;
++	char name[NI_MAXHOST], ntop2[NI_MAXHOST];
++	const char *ntop = ssh_remote_ipaddr(ssh);
++
++	/* Get IP address of client. */
++	fromlen = sizeof(from);
++	memset(&from, 0, sizeof(from));
++	if (getpeername(ssh_packet_get_connection_in(ssh),
++	    (struct sockaddr *)&from, &fromlen) < 0) {
++		debug("getpeername failed: %.100s", strerror(errno));
++		return strdup(ntop);
++	}
++
++	ipv64_normalise_mapped(&from, &fromlen);
++	if (from.ss_family == AF_INET6)
++		fromlen = sizeof(struct sockaddr_in6);
++
++	debug3("Trying to reverse map address %.100s.", ntop);
++	/* Map the IP address to a host name. */
++	if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name),
++	    NULL, 0, NI_NAMEREQD) != 0) {
++		/* Host name not found.  Use ip address. */
++		return strdup(ntop);
++	}
++
++	/*
++	 * if reverse lookup result looks like a numeric hostname,
++	 * someone is trying to trick us by PTR record like following:
++	 *	1.1.1.10.in-addr.arpa.	IN PTR	2.3.4.5
++	 */
++	memset(&hints, 0, sizeof(hints));
++	hints.ai_socktype = SOCK_DGRAM;	/*dummy*/
++	hints.ai_flags = AI_NUMERICHOST;
++	if (getaddrinfo(name, NULL, &hints, &ai) == 0) {
++		logit("Nasty PTR record \"%s\" is set up for %s, ignoring",
++		    name, ntop);
++		freeaddrinfo(ai);
++		return strdup(ntop);
++	}
++
++	/* Names are stored in lowercase. */
++	lowercase(name);
++
++	/*
++	 * Map it back to an IP address and check that the given
++	 * address actually is an address of this host.  This is
++	 * necessary because anyone with access to a name server can
++	 * define arbitrary names for an IP address. Mapping from
++	 * name to IP address can be trusted better (but can still be
++	 * fooled if the intruder has access to the name server of
++	 * the domain).
++	 */
++	memset(&hints, 0, sizeof(hints));
++	hints.ai_family = from.ss_family;
++	hints.ai_socktype = SOCK_STREAM;
++	if (getaddrinfo(name, NULL, &hints, &aitop) != 0) {
++		logit("reverse mapping checking getaddrinfo for %.700s "
++		    "[%s] failed.", name, ntop);
++		return strdup(ntop);
++	}
++	/* Look for the address from the list of addresses. */
++	for (ai = aitop; ai; ai = ai->ai_next) {
++		if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop2,
++		    sizeof(ntop2), NULL, 0, NI_NUMERICHOST) == 0 &&
++		    (strcmp(ntop, ntop2) == 0))
++				break;
++	}
++	freeaddrinfo(aitop);
++	/* If we reached the end of the list, the address was not there. */
++	if (ai == NULL) {
++		/* Address not found for the host name. */
++		logit("Address %.100s maps to %.600s, but this does not "
++		    "map back to the address.", ntop, name);
++		return strdup(ntop);
++	}
++	return strdup(name);
++}
+diff -pur old/canohost.h new/canohost.h
+--- old/canohost.h
++++ new/canohost.h
[email protected]@ -21,6 +21,9 @@ char		*get_local_ipaddr(int);
+ char		*get_local_name(int);
+ int		get_local_port(int);
+ 
++#include "packet.h"
++char		*remote_hostname(struct ssh *);
++
+ #endif /* _CANOHOST_H */
+ 
+ void		 ipv64_normalise_mapped(struct sockaddr_storage *, socklen_t *);
 diff -pur old/gss-genr.c new/gss-genr.c
 --- old/gss-genr.c
 +++ new/gss-genr.c
@@ -420,7 +648,7 @@
 diff -pur old/kex.c new/kex.c
 --- old/kex.c
 +++ new/kex.c
[email protected]@ -54,6 +54,10 @@
[email protected]@ -55,6 +55,10 @@
  #include "sshbuf.h"
  #include "digest.h"
  
@@ -431,7 +659,7 @@
  #if OPENSSL_VERSION_NUMBER >= 0x00907000L
  # if defined(HAVE_EVP_SHA256)
  # define evp_ssh_sha256 EVP_sha256
[email protected]@ -107,6 +111,11 @@ static const struct kexalg kexalgs[] = {
[email protected]@ -111,6 +115,11 @@ static const struct kexalg kexalgs[] = {
  #if defined(HAVE_EVP_SHA256) || !defined(WITH_OPENSSL)
  	{ KEX_CURVE25519_SHA256, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 },
  #endif /* HAVE_EVP_SHA256 || !WITH_OPENSSL */
@@ -443,7 +671,7 @@
  	{ NULL, -1, -1, -1},
  };
  
[email protected]@ -138,7 +147,7 @@ kex_alg_by_name(const char *name)
[email protected]@ -142,7 +151,7 @@ kex_alg_by_name(const char *name)
  	const struct kexalg *k;
  
  	for (k = kexalgs; k->name != NULL; k++) {
@@ -455,7 +683,7 @@
 diff -pur old/kex.h new/kex.h
 --- old/kex.h
 +++ new/kex.h
[email protected]@ -92,6 +92,9 @@ enum kex_exchange {
[email protected]@ -98,6 +98,9 @@ enum kex_exchange {
  	KEX_DH_GEX_SHA256,
  	KEX_ECDH_SHA2,
  	KEX_C25519_SHA256,
@@ -465,7 +693,7 @@
  	KEX_MAX
  };
  
[email protected]@ -140,6 +143,10 @@ struct kex {
[email protected]@ -146,6 +149,10 @@ struct kex {
  	u_int	flags;
  	int	hash_alg;
  	int	ec_nid;
@@ -476,7 +704,7 @@
  	char	*client_version_string;
  	char	*server_version_string;
  	char	*failed_choice;
[email protected]@ -189,6 +196,10 @@ int	 kexecdh_client(struct ssh *);
[email protected]@ -195,6 +202,10 @@ int	 kexecdh_client(struct ssh *);
  int	 kexecdh_server(struct ssh *);
  int	 kexc25519_client(struct ssh *);
  int	 kexc25519_server(struct ssh *);
@@ -485,12 +713,12 @@
 +int	 kexgss_server(struct ssh *);
 +#endif
  
- int	 kex_dh_hash(const char *, const char *,
+ int	 kex_dh_hash(int, const char *, const char *,
      const u_char *, size_t, const u_char *, size_t, const u_char *, size_t,
 diff -pur old/monitor.c new/monitor.c
 --- old/monitor.c
 +++ new/monitor.c
[email protected]@ -159,6 +159,7 @@ int mm_answer_gss_setup_ctx(int, Buffer
[email protected]@ -161,6 +161,7 @@ int mm_answer_gss_setup_ctx(int, Buffer
  int mm_answer_gss_accept_ctx(int, Buffer *);
  int mm_answer_gss_userok(int, Buffer *);
  int mm_answer_gss_checkmic(int, Buffer *);
@@ -498,7 +726,7 @@
  #endif
  
  #ifdef SSH_AUDIT_EVENTS
[email protected]@ -243,11 +244,17 @@ struct mon_table mon_dispatch_proto20[]
[email protected]@ -245,11 +246,17 @@ struct mon_table mon_dispatch_proto20[]
      {MONITOR_REQ_GSSSTEP, MON_ISAUTH, mm_answer_gss_accept_ctx},
      {MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok},
      {MONITOR_REQ_GSSCHECKMIC, MON_ISAUTH, mm_answer_gss_checkmic},
@@ -516,7 +744,7 @@
  #ifdef WITH_OPENSSL
      {MONITOR_REQ_MODULI, 0, mm_answer_moduli},
  #endif
[email protected]@ -362,6 +369,10 @@ monitor_child_preauth(Authctxt *_authctx
[email protected]@ -364,6 +371,10 @@ monitor_child_preauth(Authctxt *_authctx
  		/* Permit requests for moduli and signatures */
  		monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);
  		monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);
@@ -527,7 +755,7 @@
  	} else {
  		mon_dispatch = mon_dispatch_proto15;
  
[email protected]@ -501,6 +512,10 @@ monitor_child_postauth(struct monitor *p
[email protected]@ -503,6 +514,10 @@ monitor_child_postauth(struct monitor *p
  		monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);
  		monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);
  		monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1);
@@ -538,7 +766,7 @@
  	} else {
  		mon_dispatch = mon_dispatch_postauth15;
  		monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1);
[email protected]@ -1924,6 +1939,13 @@ monitor_apply_keystate(struct monitor *p
[email protected]@ -1939,6 +1954,13 @@ monitor_apply_keystate(struct monitor *p
  # endif
  #endif /* WITH_OPENSSL */
  		kex->kex[KEX_C25519_SHA256] = kexc25519_server;
@@ -552,7 +780,7 @@
  		kex->load_host_public_key=&get_hostkey_public_by_type;
  		kex->load_host_private_key=&get_hostkey_private_by_type;
  		kex->host_key_index=&get_hostkey_index;
[email protected]@ -2023,6 +2045,9 @@ mm_answer_gss_setup_ctx(int sock, Buffer
[email protected]@ -2038,6 +2060,9 @@ mm_answer_gss_setup_ctx(int sock, Buffer
  	OM_uint32 major;
  	u_int len;
  
@@ -562,7 +790,7 @@
  	goid.elements = buffer_get_string(m, &len);
  	goid.length = len;
  
[email protected]@ -2050,6 +2075,9 @@ mm_answer_gss_accept_ctx(int sock, Buffe
[email protected]@ -2065,6 +2090,9 @@ mm_answer_gss_accept_ctx(int sock, Buffe
  	OM_uint32 flags = 0; /* GSI needs this */
  	u_int len;
  
@@ -572,7 +800,7 @@
  	in.value = buffer_get_string(m, &len);
  	in.length = len;
  	major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags);
[email protected]@ -2067,6 +2095,7 @@ mm_answer_gss_accept_ctx(int sock, Buffe
[email protected]@ -2082,6 +2110,7 @@ mm_answer_gss_accept_ctx(int sock, Buffe
  		monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0);
  		monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1);
  		monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1);
@@ -580,7 +808,7 @@
  	}
  	return (0);
  }
[email protected]@ -2078,6 +2107,9 @@ mm_answer_gss_checkmic(int sock, Buffer
[email protected]@ -2093,6 +2122,9 @@ mm_answer_gss_checkmic(int sock, Buffer
  	OM_uint32 ret;
  	u_int len;
  
@@ -590,7 +818,7 @@
  	gssbuf.value = buffer_get_string(m, &len);
  	gssbuf.length = len;
  	mic.value = buffer_get_string(m, &len);
[email protected]@ -2104,6 +2136,9 @@ mm_answer_gss_userok(int sock, Buffer *m
[email protected]@ -2119,6 +2151,9 @@ mm_answer_gss_userok(int sock, Buffer *m
  {
  	int authenticated;
  
@@ -600,7 +828,7 @@
  	authenticated = authctxt->valid && ssh_gssapi_userok(authctxt->user);
  
  	buffer_clear(m);
[email protected]@ -2117,5 +2152,47 @@ mm_answer_gss_userok(int sock, Buffer *m
[email protected]@ -2132,5 +2167,47 @@ mm_answer_gss_userok(int sock, Buffer *m
  	/* Monitor loop will terminate if authenticated */
  	return (authenticated);
  }
@@ -664,7 +892,7 @@
 diff -pur old/monitor_wrap.c new/monitor_wrap.c
 --- old/monitor_wrap.c
 +++ new/monitor_wrap.c
[email protected]@ -1103,5 +1103,28 @@ mm_ssh_gssapi_userok(char *user)
[email protected]@ -1108,5 +1108,28 @@ mm_ssh_gssapi_userok(char *user)
  	debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not ");
  	return (authenticated);
  }
@@ -696,7 +924,7 @@
 diff -pur old/monitor_wrap.h new/monitor_wrap.h
 --- old/monitor_wrap.h
 +++ new/monitor_wrap.h
[email protected]@ -60,6 +60,7 @@ OM_uint32 mm_ssh_gssapi_accept_ctx(Gssct
[email protected]@ -62,6 +62,7 @@ OM_uint32 mm_ssh_gssapi_accept_ctx(Gssct
     gss_buffer_desc *, gss_buffer_desc *, OM_uint32 *);
  int mm_ssh_gssapi_userok(char *user);
  OM_uint32 mm_ssh_gssapi_checkmic(Gssctxt *, gss_buffer_t, gss_buffer_t);
@@ -707,7 +935,7 @@
 diff -pur old/readconf.c new/readconf.c
 --- old/readconf.c
 +++ new/readconf.c
[email protected]@ -148,6 +148,7 @@ typedef enum {
[email protected]@ -160,6 +160,7 @@ typedef enum {
  	oClearAllForwardings, oNoHostAuthenticationForLocalhost,
  	oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
  	oAddressFamily, oGssAuthentication, oGssDelegateCreds,
@@ -715,7 +943,7 @@
  	oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
  	oSendEnv, oControlPath, oControlMaster, oControlPersist,
  	oHashKnownHosts,
[email protected]@ -199,11 +200,15 @@ static struct {
[email protected]@ -211,11 +212,15 @@ static struct {
  	{ "gssauthentication", oGssAuthentication },                /* alias */
  	{ "gssapidelegatecredentials", oGssDelegateCreds },
  	{ "gssdelegatecreds", oGssDelegateCreds },                  /* alias */
@@ -731,7 +959,7 @@
  #endif
  	{ "fallbacktorsh", oDeprecated },
  	{ "usersh", oDeprecated },
[email protected]@ -965,6 +970,10 @@ parse_time:
[email protected]@ -1002,6 +1007,10 @@ parse_time:
  		intptr = &options->gss_authentication;
  		goto parse_flag;
  
@@ -742,7 +970,7 @@
  	case oGssDelegateCreds:
  		intptr = &options->gss_deleg_creds;
  		goto parse_flag;
[email protected]@ -1694,6 +1703,7 @@ initialize_options(Options * options)
[email protected]@ -1824,6 +1833,7 @@ initialize_options(Options * options)
  	options->pubkey_authentication = -1;
  	options->challenge_response_authentication = -1;
  	options->gss_authentication = -1;
@@ -750,7 +978,7 @@
  	options->gss_deleg_creds = -1;
  	options->password_authentication = -1;
  	options->kbd_interactive_authentication = -1;
[email protected]@ -1834,6 +1844,12 @@ fill_default_options(Options * options)
[email protected]@ -1979,6 +1989,12 @@ fill_default_options(Options * options)
  #else
  		options->gss_authentication = 0;
  #endif
@@ -798,7 +1026,7 @@
  	if (options->gss_cleanup_creds == -1)
  		options->gss_cleanup_creds = 1;
  	if (options->gss_strict_acceptor == -1)
[email protected]@ -449,6 +456,7 @@ typedef enum {
[email protected]@ -457,6 +464,7 @@ typedef enum {
  	sHostbasedUsesNameFromPacketOnly, sHostbasedAcceptedKeyTypes,
  	sHostKeyAlgorithms,
  	sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile,
@@ -806,7 +1034,7 @@
  	sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
  	sAcceptEnv, sPermitTunnel,
  	sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
[email protected]@ -526,6 +534,8 @@ static struct {
[email protected]@ -534,6 +542,8 @@ static struct {
  #ifdef GSSAPI
  	{ "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
  	{ "gssauthentication", sGssAuthentication, SSHCFG_ALL },   /* alias */
@@ -815,7 +1043,7 @@
  #ifdef USE_GSS_STORE_CRED
  	{ "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
  #else /* USE_GSS_STORE_CRED */
[email protected]@ -535,6 +545,8 @@ static struct {
[email protected]@ -543,6 +553,8 @@ static struct {
  #else
  	{ "gssapiauthentication", sUnsupported, SSHCFG_ALL },
  	{ "gssauthentication", sUnsupported, SSHCFG_ALL },          /* alias */
@@ -824,7 +1052,7 @@
  	{ "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
  	{ "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL },
  #endif
[email protected]@ -1319,6 +1331,10 @@ process_server_config_line(ServerOptions
[email protected]@ -1328,6 +1340,10 @@ process_server_config_line(ServerOptions
  		intptr = &options->gss_authentication;
  		goto parse_flag;
  
@@ -835,7 +1063,7 @@
  	case sGssCleanupCreds:
  		intptr = &options->gss_cleanup_creds;
  		goto parse_flag;
[email protected]@ -2373,6 +2389,7 @@ dump_config(ServerOptions *o)
[email protected]@ -2416,6 +2432,7 @@ dump_config(ServerOptions *o)
  #endif
  #ifdef GSSAPI
  	dump_cfg_fmtint(sGssAuthentication, o->gss_authentication);
@@ -923,7 +1151,7 @@
 diff -pur old/sshconnect2.c new/sshconnect2.c
 --- old/sshconnect2.c
 +++ new/sshconnect2.c
[email protected]@ -164,11 +164,35 @@ ssh_kex2(char *host, struct sockaddr *ho
[email protected]@ -165,11 +165,35 @@ ssh_kex2(char *host, struct sockaddr *ho
  	char *s;
  	struct kex *kex;
  	int r;
@@ -945,7 +1173,7 @@
 +		 * client to the key exchange algorithm proposal */
 +		orig = myproposal[PROPOSAL_KEX_ALGS];
 +
-+		gss_host = (char *)get_canonical_hostname(1);
++		gss_host = (char *)remote_hostname(active_state);
 +
 +		gss = ssh_gssapi_client_mechanisms(gss_host);
 +		if (gss) {
@@ -960,7 +1188,7 @@
  		fatal("%s: kex_names_cat", __func__);
  	myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(s);
  	myproposal[PROPOSAL_ENC_ALGS_CTOS] =
[email protected]@ -199,6 +223,17 @@ ssh_kex2(char *host, struct sockaddr *ho
[email protected]@ -196,6 +220,17 @@ ssh_kex2(char *host, struct sockaddr *ho
  		    order_hostkeyalgs(host, hostaddr, port));
  	}
  
@@ -1021,7 +1249,7 @@
  	{"gssapi-with-mic",
  		userauth_gssapi,
  		NULL,
[email protected]@ -678,7 +732,10 @@ userauth_gssapi(Authctxt *authctxt)
[email protected]@ -672,7 +726,10 @@ userauth_gssapi(Authctxt *authctxt)
  	 * once. */
  
  	if (gss_supported == NULL)
@@ -1033,7 +1261,7 @@
  
  	/* Check to see if the mechanism is usable before we offer it */
  	while (mech < gss_supported->count && !ok) {
[email protected]@ -782,8 +839,8 @@ input_gssapi_response(int type, u_int32_
[email protected]@ -776,8 +833,8 @@ input_gssapi_response(int type, u_int32_
  {
  	Authctxt *authctxt = ctxt;
  	Gssctxt *gssctxt;
@@ -1044,7 +1272,7 @@
  
  	if (authctxt == NULL)
  		fatal("input_gssapi_response: no authentication context");
[email protected]@ -896,6 +953,48 @@ input_gssapi_error(int type, u_int32_t p
[email protected]@ -890,6 +947,48 @@ input_gssapi_error(int type, u_int32_t p
  	free(lang);
  	return 0;
  }
@@ -1096,7 +1324,7 @@
 diff -pur old/sshd.c new/sshd.c
 --- old/sshd.c
 +++ new/sshd.c
[email protected]@ -1833,10 +1833,13 @@ main(int ac, char **av)
[email protected]@ -1892,10 +1892,13 @@ main(int ac, char **av)
  		logit("Disabling protocol version 1. Could not load host key");
  		options.protocol &= ~SSH_PROTO_1;
  	}
@@ -1110,7 +1338,7 @@
  	if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) {
  		logit("sshd: no hostkeys available -- exiting.");
  		exit(1);
[email protected]@ -2596,6 +2599,48 @@ do_ssh2_kex(void)
[email protected]@ -2656,6 +2659,48 @@ do_ssh2_kex(void)
  	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(
  	    list_hostkey_types());
  
@@ -1159,7 +1387,7 @@
  	/* start key exchange */
  	if ((r = kex_setup(active_state, myproposal)) != 0)
  		fatal("kex_setup: %s", ssh_err(r));
[email protected]@ -2610,6 +2655,13 @@ do_ssh2_kex(void)
[email protected]@ -2673,6 +2718,13 @@ do_ssh2_kex(void)
  # endif
  #endif
  	kex->kex[KEX_C25519_SHA256] = kexc25519_server;
@@ -1176,7 +1404,7 @@
 diff -pur old/sshd_config.5 new/sshd_config.5
 --- old/sshd_config.5
 +++ new/sshd_config.5
[email protected]@ -623,6 +623,11 @@ The default is
[email protected]@ -632,6 +632,11 @@ The default is
  Specifies whether user authentication based on GSSAPI is allowed.
  The default on Solaris is
  .Dq yes .
--- a/components/openssh/patches/033-without_cast128.patch	Mon Sep 19 14:01:08 2016 -0700
+++ b/components/openssh/patches/033-without_cast128.patch	Tue Sep 20 03:54:40 2016 -0700
@@ -12,26 +12,16 @@
 # relevant ssh implementations also provide several more common encryption
 # algorithms (aes256-ctr, aes128-cbc, ...) on top of cast128-cbc.
 #
+# Update Aug 29, 2016:
+# This used to be implemented by Solaris specific macro WITHOUT_CAST,
+# but now upstream OPENSSL_NO_CAST is used instead. This patch now just
+# removes cast references from manpages.
+#
 # This is a Solaris specific patch and it is not likely to be accepted upstream.
 #
-diff -pur old/cipher.c new/cipher.c
---- old/cipher.c
-+++ new/cipher.c
[email protected]@ -88,8 +88,10 @@ static const struct sshcipher ciphers[]
- 	{ "3des-cbc",	SSH_CIPHER_SSH2, 8, 24, 0, 0, 0, 1, EVP_des_ede3_cbc },
- 	{ "blowfish-cbc",
- 			SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_bf_cbc },
-+#ifndef WITHOUT_CAST128
- 	{ "cast128-cbc",
- 			SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_cast5_cbc },
-+#endif
- 	{ "arcfour",	SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 0, EVP_rc4 },
- 	{ "arcfour128",	SSH_CIPHER_SSH2, 8, 16, 0, 0, 1536, 0, EVP_rc4 },
- 	{ "arcfour256",	SSH_CIPHER_SSH2, 8, 32, 0, 0, 1536, 0, EVP_rc4 },
-diff -pur old/ssh_config.5 new/ssh_config.5
---- old/ssh_config.5
-+++ new/ssh_config.5
[email protected]@ -478,8 +478,6 @@ arcfour256
+--- orig/ssh_config.5	Mon Aug 15 17:22:20 2016
++++ new/ssh_config.5	Mon Aug 15 17:25:28 2016
[email protected]@ -478,8 +478,6 @@
  .It
  blowfish-cbc
  .It
@@ -40,10 +30,20 @@
  [email protected]
  .El
  .Pp
-diff -pur old/sshd.8 new/sshd.8
---- old/sshd.8
-+++ new/sshd.8
[email protected]@ -307,7 +307,7 @@ For protocol 2,
+--- orig/sshd_config.5	Mon Aug 15 17:22:29 2016
++++ new/sshd_config.5	Mon Aug 15 17:25:58 2016
[email protected]@ -479,8 +479,6 @@
+ .It
+ blowfish-cbc
+ .It
+-cast128-cbc
+-.It
+ [email protected]
+ .El
+ .Pp
+--- orig/sshd.8	Mon Aug 15 17:22:36 2016
++++ new/sshd.8	Mon Aug 15 17:26:48 2016
[email protected]@ -307,7 +307,7 @@
  forward security is provided through a Diffie-Hellman key agreement.
  This key agreement results in a shared session key.
  The rest of the session is encrypted using a symmetric cipher, currently
@@ -52,15 +52,3 @@
  The client selects the encryption algorithm
  to use from those offered by the server.
  Additionally, session integrity is provided
-diff -pur old/sshd_config.5 new/sshd_config.5
---- old/sshd_config.5
-+++ new/sshd_config.5
[email protected]@ -472,8 +472,6 @@ arcfour256
- .It
- blowfish-cbc
- .It
--cast128-cbc
--.It
- [email protected]
- .El
- .Pp
--- a/components/openssh/patches/034-getaddrinfo_with_ai_addrconfig.patch	Mon Sep 19 14:01:08 2016 -0700
+++ b/components/openssh/patches/034-getaddrinfo_with_ai_addrconfig.patch	Tue Sep 20 03:54:40 2016 -0700
@@ -8,9 +8,10 @@
 # In the future, if this fix is accepted by the upsteam in a later release, we
 # will remove this patch when we upgrade to that release.
 #
---- a/canohost.c	Sun Oct 25 20:11:35 2015
-+++ b/canohost.c	Sun Oct 25 20:11:57 2015
[email protected]@ -113,6 +113,10 @@
+diff -pur old/canohost.c new/canohost.c
+--- old/canohost.c
++++ new/canohost.c
[email protected]@ -274,6 +274,10 @@ remote_hostname(struct ssh *ssh)
  	memset(&hints, 0, sizeof(hints));
  	hints.ai_family = from.ss_family;
  	hints.ai_socktype = SOCK_STREAM;
@@ -20,10 +21,11 @@
 +#endif /* AI_ADDRCONFIG */
  	if (getaddrinfo(name, NULL, &hints, &aitop) != 0) {
  		logit("reverse mapping checking getaddrinfo for %.700s "
- 		    "[%s] failed - POSSIBLE BREAK-IN ATTEMPT!", name, ntop);
---- a/channels.c	Sun Oct 25 19:30:33 2015
-+++ b/channels.c	Sun Oct 25 19:54:36 2015
[email protected]@ -2853,8 +2853,12 @@
+ 		    "[%s] failed.", name, ntop);
+diff -pur old/channels.c new/channels.c
+--- old/channels.c
++++ new/channels.c
[email protected]@ -2856,8 +2856,12 @@ channel_setup_fwd_listener_tcpip(int typ
  	 */
  	memset(&hints, 0, sizeof(hints));
  	hints.ai_family = IPv4or6;
@@ -37,7 +39,7 @@
  	snprintf(strport, sizeof strport, "%d", fwd->listen_port);
  	if ((r = getaddrinfo(addr, strport, &hints, &aitop)) != 0) {
  		if (addr == NULL) {
[email protected]@ -3736,6 +3740,10 @@
[email protected]@ -3740,6 +3744,10 @@ connect_to(const char *name, int port, c
  		memset(&hints, 0, sizeof(hints));
  		hints.ai_family = IPv4or6;
  		hints.ai_socktype = SOCK_STREAM;
@@ -48,7 +50,7 @@
  		snprintf(strport, sizeof strport, "%d", port);
  		if ((gaierr = getaddrinfo(name, strport, &hints, &cctx.aitop)) != 0) {
  			error("connect_to %.100s: unknown host (%s)", name,
[email protected]@ -3908,8 +3916,12 @@
[email protected]@ -3912,8 +3920,12 @@ x11_create_display_inet(int x11_display_
  		port = 6000 + display_number;
  		memset(&hints, 0, sizeof(hints));
  		hints.ai_family = IPv4or6;
@@ -62,7 +64,7 @@
  		snprintf(strport, sizeof strport, "%d", port);
  		if ((gaierr = getaddrinfo(NULL, strport, &hints, &aitop)) != 0) {
  			error("getaddrinfo: %.100s", ssh_gai_strerror(gaierr));
[email protected]@ -4090,6 +4102,10 @@
[email protected]@ -4094,6 +4106,10 @@ x11_connect_display(void)
  	memset(&hints, 0, sizeof(hints));
  	hints.ai_family = IPv4or6;
  	hints.ai_socktype = SOCK_STREAM;
@@ -73,72 +75,10 @@
  	snprintf(strport, sizeof strport, "%u", 6000 + display_number);
  	if ((gaierr = getaddrinfo(buf, strport, &hints, &aitop)) != 0) {
  		error("%.100s: unknown host. (%s)", buf,
---- a/servconf.c	Sun Oct 25 19:39:38 2015
-+++ b/servconf.c	Sun Oct 25 19:45:16 2015
[email protected]@ -722,6 +722,10 @@
- 	hints.ai_family = options->address_family;
- 	hints.ai_socktype = SOCK_STREAM;
- 	hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
-+#ifdef AI_ADDRCONFIG
-+	if (hints.ai_family == AF_UNSPEC)
-+		hints.ai_flags |= AI_ADDRCONFIG;
-+#endif /* AI_ADDRCONFIG */
- 	snprintf(strport, sizeof strport, "%d", port);
- 	if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
- 		fatal("bad addr or host: %s (%s)",
---- a/ssh-keyscan.c	Sun Oct 25 19:46:28 2015
-+++ b/ssh-keyscan.c	Sun Oct 25 19:54:55 2015
[email protected]@ -326,6 +326,10 @@
- 	memset(&hints, 0, sizeof(hints));
- 	hints.ai_family = IPv4or6;
- 	hints.ai_socktype = SOCK_STREAM;
-+#ifdef AI_ADDRCONFIG
-+	if (hints.ai_family == AF_UNSPEC)
-+		hints.ai_flags = AI_ADDRCONFIG;
-+#endif /* AI_ADDRCONFIG */
- 	if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0) {
- 		error("getaddrinfo %s: %s", host, ssh_gai_strerror(gaierr));
- 		return -1;
---- a/ssh.c	Sun Oct 25 19:49:46 2015
-+++ b/ssh.c	Sun Oct 25 19:55:15 2015
[email protected]@ -259,6 +259,10 @@
- 	hints.ai_socktype = SOCK_STREAM;
- 	if (cname != NULL)
- 		hints.ai_flags = AI_CANONNAME;
-+#ifdef AI_ADDRCONFIG
-+	if (hints.ai_family == AF_UNSPEC)
-+		hints.ai_flags |= AI_ADDRCONFIG;
-+#endif /* AI_ADDRCONFIG */
- 	if ((gaierr = getaddrinfo(name, strport, &hints, &res)) != 0) {
- 		if (logerr || (gaierr != EAI_NONAME && gaierr != EAI_NODATA))
- 			loglevel = SYSLOG_LEVEL_ERROR;
[email protected]@ -298,6 +302,10 @@
- 	    AF_UNSPEC : options.address_family;
- 	hints.ai_socktype = SOCK_STREAM;
- 	hints.ai_flags = AI_NUMERICHOST|AI_NUMERICSERV;
-+#ifdef AI_ADDRCONFIG
-+	if (hints.ai_family == AF_UNSPEC)
-+		hints.ai_flags |= AI_ADDRCONFIG;
-+#endif /* AI_ADDRCONFIG */
- 	if ((gaierr = getaddrinfo(name, strport, &hints, &res)) != 0) {
- 		debug2("%s: could not resolve name %.100s as address: %s",
- 		    __func__, name, ssh_gai_strerror(gaierr));
---- a/sshconnect.c	Sun Oct 25 19:57:46 2015
-+++ b/sshconnect.c	Sun Oct 25 19:58:19 2015
[email protected]@ -292,6 +292,10 @@
- 		hints.ai_socktype = ai->ai_socktype;
- 		hints.ai_protocol = ai->ai_protocol;
- 		hints.ai_flags = AI_PASSIVE;
-+#ifdef AI_ADDRCONFIG
-+		if (hints.ai_family == AF_UNSPEC)
-+			hints.ai_flags |= AI_ADDRCONFIG;
-+#endif /* AI_ADDRCONFIG */
- 		gaierr = getaddrinfo(options.bind_address, NULL, &hints, &res);
- 		if (gaierr) {
- 			error("getaddrinfo: %s: %s", options.bind_address,
---- a/regress/netcat.c	Sun Oct 25 19:59:44 2015
-+++ b/regress/netcat.c	Sun Oct 25 20:07:05 2015
[email protected]@ -371,6 +371,10 @@
+diff -pur old/regress/netcat.c new/regress/netcat.c
+--- old/regress/netcat.c
++++ new/regress/netcat.c
[email protected]@ -334,6 +334,10 @@ main(int argc, char *argv[])
  		hints.ai_protocol = uflag ? IPPROTO_UDP : IPPROTO_TCP;
  		if (nflag)
  			hints.ai_flags |= AI_NUMERICHOST;
@@ -149,7 +89,7 @@
  	}
  
  	if (xflag) {
[email protected]@ -399,6 +403,10 @@
[email protected]@ -362,6 +366,10 @@ main(int argc, char *argv[])
  		proxyhints.ai_protocol = IPPROTO_TCP;
  		if (nflag)
  			proxyhints.ai_flags |= AI_NUMERICHOST;
@@ -160,7 +100,7 @@
  	}
  
  	if (lflag) {
[email protected]@ -673,6 +681,10 @@
[email protected]@ -636,6 +644,10 @@ remote_connect(const char *host, const c
  			ahints.ai_socktype = uflag ? SOCK_DGRAM : SOCK_STREAM;
  			ahints.ai_protocol = uflag ? IPPROTO_UDP : IPPROTO_TCP;
  			ahints.ai_flags = AI_PASSIVE;
@@ -171,7 +111,7 @@
  			if ((error = getaddrinfo(sflag, pflag, &ahints, &ares)))
  				errx(1, "getaddrinfo: %s", gai_strerror(error));
  
[email protected]@ -1422,8 +1434,12 @@
[email protected]@ -1385,8 +1397,12 @@ decode_addrport(const char *h, const cha
  
  	bzero(&hints, sizeof(hints));
  	hints.ai_family = v4only ? PF_INET : PF_UNSPEC;
@@ -185,3 +125,70 @@
  	r = getaddrinfo(h, p, &hints, &res);
  	/* Don't fatal when attempting to convert a numeric address */
  	if (r != 0) {
+diff -pur old/servconf.c new/servconf.c
+--- old/servconf.c
++++ new/servconf.c
[email protected]@ -735,6 +735,10 @@ add_one_listen_addr(ServerOptions *optio
+ 	hints.ai_family = options->address_family;
+ 	hints.ai_socktype = SOCK_STREAM;
+ 	hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
++#ifdef AI_ADDRCONFIG
++        if (hints.ai_family == AF_UNSPEC)
++                hints.ai_flags |= AI_ADDRCONFIG;
++#endif /* AI_ADDRCONFIG */
+ 	snprintf(strport, sizeof strport, "%d", port);
+ 	if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
+ 		fatal("bad addr or host: %s (%s)",
+diff -pur old/ssh-keyscan.c new/ssh-keyscan.c
+--- old/ssh-keyscan.c
++++ new/ssh-keyscan.c
[email protected]@ -365,6 +365,10 @@ tcpconnect(char *host)
+ 	memset(&hints, 0, sizeof(hints));
+ 	hints.ai_family = IPv4or6;
+ 	hints.ai_socktype = SOCK_STREAM;
++#ifdef AI_ADDRCONFIG
++	if (hints.ai_family == AF_UNSPEC)
++		hints.ai_flags = AI_ADDRCONFIG;
++#endif /* AI_ADDRCONFIG */
+ 	if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0) {
+ 		error("getaddrinfo %s: %s", host, ssh_gai_strerror(gaierr));
+ 		return -1;
+diff -pur old/ssh.c new/ssh.c
+--- old/ssh.c
++++ new/ssh.c
[email protected]@ -254,6 +254,10 @@ resolve_host(const char *name, int port,
+ 	hints.ai_socktype = SOCK_STREAM;
+ 	if (cname != NULL)
+ 		hints.ai_flags = AI_CANONNAME;
++#ifdef AI_ADDRCONFIG
++	if (hints.ai_family == AF_UNSPEC)
++		hints.ai_flags |= AI_ADDRCONFIG;
++#endif /* AI_ADDRCONFIG */
+ 	if ((gaierr = getaddrinfo(name, strport, &hints, &res)) != 0) {
+ 		if (logerr || (gaierr != EAI_NONAME && gaierr != EAI_NODATA))
+ 			loglevel = SYSLOG_LEVEL_ERROR;
[email protected]@ -293,6 +297,10 @@ resolve_addr(const char *name, int port,
+ 	    AF_UNSPEC : options.address_family;
+ 	hints.ai_socktype = SOCK_STREAM;
+ 	hints.ai_flags = AI_NUMERICHOST|AI_NUMERICSERV;
++#ifdef AI_ADDRCONFIG
++	if (hints.ai_family == AF_UNSPEC)
++		hints.ai_flags |= AI_ADDRCONFIG;
++#endif /* AI_ADDRCONFIG */
+ 	if ((gaierr = getaddrinfo(name, strport, &hints, &res)) != 0) {
+ 		debug2("%s: could not resolve name %.100s as address: %s",
+ 		    __func__, name, ssh_gai_strerror(gaierr));
+diff -pur old/sshconnect.c new/sshconnect.c
+--- old/sshconnect.c
++++ new/sshconnect.c
[email protected]@ -293,6 +293,10 @@ ssh_create_socket(int privileged, struct
+ 		hints.ai_socktype = ai->ai_socktype;
+ 		hints.ai_protocol = ai->ai_protocol;
+ 		hints.ai_flags = AI_PASSIVE;
++#ifdef AI_ADDRCONFIG
++		if (hints.ai_family == AF_UNSPEC)
++			hints.ai_flags |= AI_ADDRCONFIG;
++#endif /* AI_ADDRCONFIG */
+ 		gaierr = getaddrinfo(options.bind_address, NULL, &hints, &res);
+ 		if (gaierr) {
+ 			error("getaddrinfo: %s: %s", options.bind_address,
--- a/components/openssh/patches/035-fips.patch	Mon Sep 19 14:01:08 2016 -0700
+++ b/components/openssh/patches/035-fips.patch	Tue Sep 20 03:54:40 2016 -0700
@@ -45,7 +45,15 @@
 diff -pur old/digest-openssl.c new/digest-openssl.c
 --- old/digest-openssl.c
 +++ new/digest-openssl.c
[email protected]@ -53,8 +53,22 @@ struct ssh_digest {
[email protected]@ -31,6 +31,7 @@
+ #include "sshbuf.h"
+ #include "digest.h"
+ #include "ssherr.h"
++#include "misc.h"
+ 
+ #ifndef HAVE_EVP_RIPEMD160
+ # define EVP_ripemd160 NULL
[email protected]@ -53,8 +54,22 @@ struct ssh_digest {
  	const EVP_MD *(*mdfunc)(void);
  };
  
@@ -68,7 +76,7 @@
  	{ SSH_DIGEST_MD5,	"MD5",	 	16,	EVP_md5 },
  	{ SSH_DIGEST_RIPEMD160,	"RIPEMD160",	20,	EVP_ripemd160 },
  	{ SSH_DIGEST_SHA1,	"SHA1",	 	20,	EVP_sha1 },
[email protected]@ -67,6 +81,9 @@ const struct ssh_digest digests[] = {
[email protected]@ -67,6 +82,9 @@ const struct ssh_digest digests[] = {
  static const struct ssh_digest *
  ssh_digest_by_alg(int alg)
  {
@@ -78,7 +86,7 @@
  	if (alg < 0 || alg >= SSH_DIGEST_MAX)
  		return NULL;
  	if (digests[alg].id != alg) /* sanity */
[email protected]@ -79,6 +96,9 @@ ssh_digest_by_alg(int alg)
[email protected]@ -79,6 +97,9 @@ ssh_digest_by_alg(int alg)
  int
  ssh_digest_alg_by_name(const char *name)
  {
@@ -91,7 +99,15 @@
 diff -pur old/gss-genr.c new/gss-genr.c
 --- old/gss-genr.c
 +++ new/gss-genr.c
[email protected]@ -100,6 +100,7 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup
[email protected]@ -44,6 +44,7 @@
+ #include "cipher.h"
+ #include "key.h"
+ #include "kex.h"
++#include "misc.h"
+ #include <openssl/evp.h>
+ 
+ #include "ssh-gss.h"
[email protected]@ -100,6 +101,7 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup
  	char deroid[2];
  	const EVP_MD *evp_md = EVP_md5();
  	EVP_MD_CTX md;
@@ -99,7 +115,7 @@
  
  	if (gss_enc2oid != NULL) {
  		for (i = 0; gss_enc2oid[i].encoded != NULL; i++)
[email protected]@ -112,6 +113,14 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup
[email protected]@ -112,6 +114,14 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup
  
  	buffer_init(&buf);
  
@@ -114,7 +130,7 @@
  	oidpos = 0;
  	for (i = 0; i < gss_supported->count; i++) {
  		if (gss_supported->elements[i].length < 128 &&
[email protected]@ -119,7 +128,6 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup
[email protected]@ -119,7 +129,6 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup
  
  			deroid[0] = SSH_GSS_OIDTYPE;
  			deroid[1] = gss_supported->elements[i].length;
@@ -122,7 +138,7 @@
  			EVP_DigestInit(&md, evp_md);
  			EVP_DigestUpdate(&md, deroid, 2);
  			EVP_DigestUpdate(&md,
[email protected]@ -151,6 +159,12 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup
[email protected]@ -151,6 +160,12 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup
  			oidpos++;
  		}
  	}
@@ -138,7 +154,7 @@
 diff -pur old/kex.c new/kex.c
 --- old/kex.c
 +++ new/kex.c
[email protected]@ -89,7 +89,40 @@ struct kexalg {
[email protected]@ -90,7 +90,43 @@ struct kexalg {
  	int ec_nid;
  	int hash_alg;
  };
@@ -149,7 +165,10 @@
 +static const struct kexalg kexalgs_fips[] = {
 +#ifdef WITH_OPENSSL
 +	{ KEX_DH1, KEX_DH_GRP1_SHA1, 0, SSH_DIGEST_SHA1 },
-+	{ KEX_DH14, KEX_DH_GRP14_SHA1, 0, SSH_DIGEST_SHA1 },
++	{ KEX_DH14_SHA1, KEX_DH_GRP14_SHA1, 0, SSH_DIGEST_SHA1 },
++	{ KEX_DH14_SHA256, KEX_DH_GRP14_SHA256, 0, SSH_DIGEST_SHA256 },
++	{ KEX_DH16_SHA512, KEX_DH_GRP16_SHA512, 0, SSH_DIGEST_SHA512 },
++	{ KEX_DH18_SHA512, KEX_DH_GRP18_SHA512, 0, SSH_DIGEST_SHA512 },
 +	{ KEX_DHGEX_SHA1, KEX_DH_GEX_SHA1, 0, SSH_DIGEST_SHA1 },
 +#ifdef HAVE_EVP_SHA256
 +	{ KEX_DHGEX_SHA256, KEX_DH_GEX_SHA256, 0, SSH_DIGEST_SHA256 },
@@ -178,7 +197,7 @@
 +#endif 
  #ifdef WITH_OPENSSL
  	{ KEX_DH1, KEX_DH_GRP1_SHA1, 0, SSH_DIGEST_SHA1 },
- 	{ KEX_DH14, KEX_DH_GRP14_SHA1, 0, SSH_DIGEST_SHA1 },
+ 	{ KEX_DH14_SHA1, KEX_DH_GRP14_SHA1, 0, SSH_DIGEST_SHA1 },
 diff -pur old/mac.c new/mac.c
 --- old/mac.c
 +++ new/mac.c
@@ -219,7 +238,7 @@
 diff -pur old/misc.c new/misc.c
 --- old/misc.c
 +++ new/misc.c
[email protected]@ -39,12 +39,15 @@
[email protected]@ -39,12 +39,16 @@
  #include <string.h>
  #include <time.h>
  #include <unistd.h>
@@ -231,11 +250,12 @@
  #include <netinet/tcp.h>
  
 +#include <openssl/crypto.h>
++#include <openssl/err.h>
 +
  #include <ctype.h>
  #include <errno.h>
  #include <fcntl.h>
[email protected]@ -78,6 +81,60 @@ chop(char *s)
[email protected]@ -78,6 +82,60 @@ chop(char *s)
  
  }
  
@@ -299,7 +319,7 @@
 diff -pur old/misc.h new/misc.h
 --- old/misc.h
 +++ new/misc.h
[email protected]@ -38,6 +38,11 @@ struct ForwardOptions {
[email protected]@ -40,6 +40,11 @@ struct ForwardOptions {
  
  char	*chop(char *);
  char	*strdelim(char **);
@@ -314,7 +334,7 @@
 diff -pur old/myproposal.h new/myproposal.h
 --- old/myproposal.h
 +++ new/myproposal.h
[email protected]@ -83,19 +83,31 @@
[email protected]@ -88,21 +88,33 @@
  # else
  #  define KEX_CURVE25519_METHODS ""
  # endif
@@ -323,21 +343,23 @@
 +#define KEX_COMMON_KEX_DFLT \
  	KEX_CURVE25519_METHODS \
  	KEX_ECDH_METHODS \
- 	KEX_SHA256_METHODS
+ 	KEX_SHA2_METHODS
  
 -#define KEX_SERVER_KEX KEX_COMMON_KEX \
 +#define KEX_SERVER_KEX_DFLT KEX_COMMON_KEX_DFLT \
+ 	KEX_SHA2_GROUP14 \
  	"diffie-hellman-group14-sha1" \
  
 -#define KEX_CLIENT_KEX KEX_COMMON_KEX \
 +#define KEX_CLIENT_KEX_DFLT KEX_COMMON_KEX_DFLT \
  	"diffie-hellman-group-exchange-sha1," \
+ 	KEX_SHA2_GROUP14 \
  	"diffie-hellman-group14-sha1"
  
 -#define	KEX_DEFAULT_PK_ALG	\
 +#define KEX_COMMON_KEX_FIPS \
 +	KEX_ECDH_METHODS \
-+	KEX_SHA256_METHODS
++	KEX_SHA2_METHODS
 +
 +#define KEX_SERVER_KEX_FIPS KEX_COMMON_KEX_FIPS \
 +	"diffie-hellman-group14-sha1" \
@@ -350,7 +372,7 @@
  	HOSTKEY_ECDSA_CERT_METHODS \
  	"[email protected]," \
  	"[email protected]," \
[email protected]@ -105,17 +117,32 @@
[email protected]@ -112,17 +124,32 @@
  	"rsa-sha2-256," \
  	"ssh-rsa"
  
@@ -386,7 +408,7 @@
  	"[email protected]," \
  	"[email protected]," \
  	"[email protected]," \
[email protected]@ -127,7 +154,42 @@
[email protected]@ -134,7 +161,42 @@
  	"hmac-sha2-512," \
  	"hmac-sha1"
  
@@ -473,7 +495,7 @@
 diff -pur old/ssh-agent.c new/ssh-agent.c
 --- old/ssh-agent.c
 +++ new/ssh-agent.c
[email protected]@ -1199,6 +1199,7 @@ main(int ac, char **av)
[email protected]@ -1196,6 +1196,7 @@ main(int ac, char **av)
  	struct timeval *tvp = NULL;
  	size_t len;
  	mode_t prev_mask;
@@ -481,9 +503,9 @@
  
  	ssh_malloc_init();	/* must be called before any mallocs */
  	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
[email protected]@ -1213,6 +1214,9 @@ main(int ac, char **av)
- 	prctl(PR_SET_DUMPABLE, 0);
- #endif
[email protected]@ -1207,6 +1208,9 @@ main(int ac, char **av)
+ 
+ 	platform_disable_tracing(0);	/* strict=no */
  
 +#ifdef ENABLE_OPENSSL_FIPS
 +	fips_err = ssh_FIPS_mode_set_if_capable();
@@ -491,7 +513,7 @@
  #ifdef WITH_OPENSSL
  	OpenSSL_add_all_algorithms();
  #endif
[email protected]@ -1343,8 +1347,19 @@ main(int ac, char **av)
[email protected]@ -1337,8 +1341,19 @@ main(int ac, char **av)
  		printf(format, SSH_AUTHSOCKET_ENV_NAME, socket_name,
  		    SSH_AUTHSOCKET_ENV_NAME);
  		printf("echo Agent pid %ld;\n", (long)parent_pid);
@@ -514,7 +536,7 @@
 diff -pur old/ssh-keygen.1 new/ssh-keygen.1
 --- old/ssh-keygen.1
 +++ new/ssh-keygen.1
[email protected]@ -283,6 +283,8 @@ and
[email protected]@ -284,6 +284,8 @@ and
  .Dq sha256 .
  The default is
  .Dq sha256 .
@@ -526,7 +548,7 @@
 diff -pur old/ssh-keygen.c new/ssh-keygen.c
 --- old/ssh-keygen.c
 +++ new/ssh-keygen.c
[email protected]@ -2267,11 +2267,18 @@ main(int argc, char **argv)
[email protected]@ -2273,11 +2273,18 @@ main(int argc, char **argv)
  
  	__progname = ssh_get_progname(argv[0]);
  
@@ -576,7 +598,7 @@
 diff -pur old/ssh.1 new/ssh.1
 --- old/ssh.1
 +++ new/ssh.1
[email protected]@ -91,6 +91,9 @@ If
[email protected]@ -92,6 +92,9 @@ If
  is specified,
  it is executed on the remote host instead of a login shell.
  .Pp
@@ -589,7 +611,7 @@
 diff -pur old/ssh.c new/ssh.c
 --- old/ssh.c
 +++ new/ssh.c
[email protected]@ -606,6 +606,11 @@ main(int ac, char **av)
[email protected]@ -609,6 +609,11 @@ main(int ac, char **av)
  	 */
  	initialize_options(&options);
  
@@ -601,7 +623,7 @@
  	/* Parse command-line arguments. */
  	host = NULL;
  	use_syslog = 0;
[email protected]@ -1016,6 +1021,10 @@ main(int ac, char **av)
[email protected]@ -1028,6 +1033,10 @@ main(int ac, char **av)
  #endif
  		);
  
@@ -615,7 +637,7 @@
 diff -pur old/ssh_api.c new/ssh_api.c
 --- old/ssh_api.c
 +++ new/ssh_api.c
[email protected]@ -81,6 +81,10 @@ ssh_init(struct ssh **sshp, int is_serve
[email protected]@ -79,6 +79,10 @@ ssh_init(struct ssh **sshp, int is_serve
  	int r;
  
  	if (!called) {
@@ -652,7 +674,7 @@
  .It Cm ForwardAgent
  Specifies whether the connection to the authentication agent (if any)
  will be forwarded to the remote machine.
[email protected]@ -1200,6 +1209,16 @@ [email protected],[email protected]
[email protected]@ -1249,6 +1258,16 @@ [email protected],[email protected]
  hmac-sha2-256,hmac-sha2-512,hmac-sha1
  .Ed
  .Pp
@@ -703,7 +725,7 @@
 diff -pur old/sshd.c new/sshd.c
 --- old/sshd.c
 +++ new/sshd.c
[email protected]@ -430,10 +430,18 @@ sshd_exchange_identification(int sock_in
[email protected]@ -431,10 +431,18 @@ sshd_exchange_identification(struct ssh
  		minor = PROTOCOL_MINOR_1;
  	}
  
@@ -722,7 +744,7 @@
  
  	/* Send our protocol version identification. */
  	if (atomicio(vwrite, sock_out, server_version_string,
[email protected]@ -1503,6 +1511,10 @@ main(int ac, char **av)
[email protected]@ -1562,6 +1570,10 @@ main(int ac, char **av)
  	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
  	sanitise_stdfd();
  
@@ -733,7 +755,7 @@
  	/* Initialize configuration options to their default values. */
  	initialize_server_options(&options);
  
[email protected]@ -1653,6 +1665,10 @@ main(int ac, char **av)
[email protected]@ -1712,6 +1724,10 @@ main(int ac, char **av)
  	    SYSLOG_FACILITY_AUTH : options.log_facility,
  	    log_stderr || !inetd_flag);
  
@@ -747,7 +769,7 @@
 diff -pur old/sshd_config.5 new/sshd_config.5
 --- old/sshd_config.5
 +++ new/sshd_config.5
[email protected]@ -482,6 +482,13 @@ aes128-ctr,aes192-ctr,aes256-ctr,
[email protected]@ -489,6 +489,13 @@ aes128-ctr,aes192-ctr,aes256-ctr,
  [email protected],[email protected]
  .Ed
  .Pp
@@ -761,7 +783,7 @@
  The list of available ciphers may also be obtained using the
  .Fl Q
  option of
[email protected]@ -576,6 +583,8 @@ and
[email protected]@ -585,6 +592,8 @@ and
  .Dq sha256 .
  The default is
  .Dq sha256 .
@@ -770,7 +792,7 @@
  .It Cm ForceCommand
  Forces the execution of the command specified by
  .Cm ForceCommand ,
[email protected]@ -1025,6 +1034,16 @@ [email protected],[email protected]
[email protected]@ -1034,6 +1043,16 @@ [email protected],[email protected]
  hmac-sha2-256,hmac-sha2-512,hmac-sha1
  .Ed
  .Pp
--- a/components/openssh/patches/036-fipsrandom.patch	Mon Sep 19 14:01:08 2016 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,119 +0,0 @@
-#
-# Replace arc4random* calls with FIPS compliant implementation in FIPS mode.
-#
-# Once libc:arc4random* are FIPS compliant (20816957), this patch will be
-# dropped.
-#
-# This is a temporary patch and is not intented for upstream contribution.
-#
-diff -pur old/misc.c new/misc.c
---- old/misc.c
-+++ new/misc.c
[email protected]@ -1164,3 +1164,87 @@ sock_set_v6only(int s)
- 		error("setsockopt IPV6_V6ONLY: %s", strerror(errno));
- #endif
- }
-+
-+#ifdef ENABLE_OPENSSL_FIPS
-+/* cancel arc4random* -> fips_arc4random* defines from misc.h */
-+#undef	arc4random
-+#undef	arc4random_buf
-+#undef	arc4random_stir
-+#undef	arc4random_uniform
-+
-+/* FIPS compliant alternative for arc4random */
-+static uint32_t
-+fips_arc4random_impl()
-+{
-+	unsigned int r = 0;
-+
-+	if (RAND_bytes((unsigned char *)&r, sizeof (r)) <= 0) {
-+		fatal("RAND_bytes() failed. Aborting the process");
-+	}
-+
-+	return (r);
-+}
-+
-+uint32_t
-+fips_arc4random()
-+{
-+	if (!ssh_FIPS_mode())
-+		return arc4random();
-+	else
-+		return fips_arc4random_impl();
-+}
-+
-+/* implementation taken from openbsd-compat/arc4random.c */
-+void
-+fips_arc4random_buf(void *_buf, size_t n)
-+{
-+	size_t i;
-+	uint32_t r = 0;
-+	char *buf = (char *)_buf;
-+
-+	if (!ssh_FIPS_mode())
-+		return arc4random_buf(_buf, n);
-+
-+	for (i = 0; i < n; i++) {
-+		if (i % 4 == 0)
-+			r = fips_arc4random_impl();
-+		buf[i] = r & 0xff;
-+		r >>= 8;
-+	}
-+	explicit_bzero(&r, sizeof(r));
-+}
-+
-+void
-+fips_arc4random_stir(void)
-+{
-+	if (!ssh_FIPS_mode())
-+		return arc4random_stir();
-+}
-+
-+/* implementation taken from openbsd-compat/arc4random.c */
-+uint32_t
-+fips_arc4random_uniform(uint32_t upper_bound)
-+{
-+	uint32_t r, min;
-+
-+	if (upper_bound < 2)
-+		return 0;
-+
-+	/* 2**32 % x == (2**32 - x) % x */
-+	min = -upper_bound % upper_bound;
-+
-+	/*
-+	 * This could theoretically loop forever but each retry has
-+	 * p > 0.5 (worst case, usually far better) of selecting a
-+	 * number inside the range we need, so it should rarely need
-+	 * to re-roll.
-+	 */
-+	for (;;) {
-+		r = fips_arc4random_impl();
-+		if (r >= min)
-+			break;
-+	}
-+
-+	return r % upper_bound;
-+}
-+#endif /* ENABLE_OPENSSL_FIPS */
-diff -pur old/misc.h new/misc.h
---- old/misc.h
-+++ new/misc.h
[email protected]@ -140,4 +140,16 @@ char	*read_passphrase(const char *, int)
- int	 ask_permission(const char *, ...) __attribute__((format(printf, 1, 2)));
- int	 read_keyfile_line(FILE *, const char *, char *, size_t, u_long *);
- 
-+#ifdef ENABLE_OPENSSL_FIPS
-+/* arc4random* FIPS alternatives */
-+uint32_t fips_arc4random(void);
-+void	 fips_arc4random_buf(void *, size_t);
-+void	 fips_arc4random_stir(void);
-+uint32_t fips_arc4random_uniform(uint32_t upper_bound);
-+#define	arc4random fips_arc4random
-+#define	arc4random_buf fips_arc4random_buf
-+#define	arc4random_stir fips_arc4random_stir
-+#define	arc4random_uniform fips_arc4random_uniform
-+#endif /* ENABLE_OPENSSL_FIPS */
-+
- #endif /* _MISC_H */
--- a/components/openssh/patches/040-default_config_files.patch	Mon Sep 19 14:01:08 2016 -0700
+++ b/components/openssh/patches/040-default_config_files.patch	Tue Sep 20 03:54:40 2016 -0700
@@ -30,9 +30,9 @@
 diff -pur old/sshd_config new/sshd_config
 --- old/sshd_config
 +++ new/sshd_config
[email protected]@ -1,133 +1,96 @@
--#	$OpenBSD: sshd_config,v 1.98 2016/02/17 05:29:04 djm Exp $
-+#	$OpenBSD: sshd_config,v 1.97 2015/08/06 14:53:21 deraadt Exp $
[email protected]@ -1,132 +1,96 @@
+-#	$OpenBSD: sshd_config,v 1.99 2016/07/11 03:19:44 tedu Exp $
++#       $OpenBSD: sshd_config,v 1.99 2016/07/11 03:19:44 tedu Exp $
  
  # This is the sshd server system-wide configuration file.  See
  # sshd_config(5) for more information.
@@ -79,7 +79,6 @@
 -#RekeyLimit default none
 -
 -# Logging
--# obsoletes QuietMode and FascistLogging
 -#SyslogFacility AUTH
 -#LogLevel INFO
 +# X11 tunneling options
--- a/components/openssh/patches/041-pam_ctx_preserve.patch	Mon Sep 19 14:01:08 2016 -0700
+++ b/components/openssh/patches/041-pam_ctx_preserve.patch	Tue Sep 20 03:54:40 2016 -0700
@@ -22,11 +22,10 @@
 # Reported upstream:
 # https://bugzilla.mindrot.org/show_bug.cgi?id=2548
 #
-
 diff -pur old/auth-pam.c new/auth-pam.c
 --- old/auth-pam.c
 +++ new/auth-pam.c
[email protected]@ -97,6 +97,7 @@
[email protected]@ -98,6 +98,7 @@
  #include "ssh-gss.h"
  #endif
  #include "monitor_wrap.h"
@@ -34,7 +33,7 @@
  
  extern ServerOptions options;
  extern Buffer loginmsg;
[email protected]@ -109,38 +110,26 @@ extern u_int utmp_len;
[email protected]@ -110,38 +111,26 @@ extern u_int utmp_len;
  #endif
  
  /*
@@ -83,7 +82,7 @@
  static mysig_t sshpam_oldsig;
  
  static void
[email protected]@ -149,78 +138,22 @@ sshpam_sigchld_handler(int sig)
[email protected]@ -150,85 +139,25 @@ sshpam_sigchld_handler(int sig)
  	signal(SIGCHLD, SIG_DFL);
  	if (cleanup_ctxt == NULL)
  		return;	/* handler called after PAM cleanup, shouldn't happen */
@@ -92,12 +91,16 @@
  	    <= 0) {
 -		/* PAM thread has not exitted, privsep slave must have */
 -		kill(cleanup_ctxt->pam_thread, SIGTERM);
--		if (waitpid(cleanup_ctxt->pam_thread, &sshpam_thread_status, 0)
+-		while (waitpid(cleanup_ctxt->pam_thread,
+-		    &sshpam_thread_status, 0) == -1) {
 +		/* callback child has not exited, privsep slave must have */
 +		kill(cleanup_ctxt->pam_child, SIGTERM);
-+		if (waitpid(cleanup_ctxt->pam_child, &sshpam_child_status, 0)
- 		    <= 0)
- 			return; /* could not wait */
++		while (waitpid(cleanup_ctxt->pam_child,
++		    &sshpam_child_status, 0) == -1) {
+ 			if (errno == EINTR)
+ 				continue;
+ 			return;
+ 		}
  	}
 -	if (WIFSIGNALED(sshpam_thread_status) &&
 -	    WTERMSIG(sshpam_thread_status) == SIGTERM)
@@ -158,7 +161,11 @@
 -	if (sshpam_thread_status != -1)
 -		return (sshpam_thread_status);
 -	signal(SIGCHLD, sshpam_oldsig);
--	waitpid(thread, &status, 0);
+-	while (waitpid(thread, &status, 0) == -1) {
+-		if (errno == EINTR)
+-			continue;
+-		fatal("%s: waitpid: %s", __func__, strerror(errno));
+-	}
 -	return (status);
 +	if (WIFSIGNALED(sshpam_child_status) &&
 +	    WTERMSIG(sshpam_child_status) == SIGTERM)
@@ -173,7 +180,7 @@
  
  static pam_handle_t *sshpam_handle = NULL;
  static int sshpam_err = 0;
[email protected]@ -290,55 +223,11 @@ sshpam_password_change_required(int reqd
[email protected]@ -298,55 +227,11 @@ sshpam_password_change_required(int reqd
  	}
  }
  
@@ -231,7 +238,7 @@
      struct pam_response **resp, void *data)
  {
  	Buffer buffer;
[email protected]@ -420,48 +309,84 @@ sshpam_thread_conv(int n, sshpam_const s
[email protected]@ -411,48 +296,85 @@ sshpam_thread_conv(int n, sshpam_const s
  }
  
  /*
@@ -310,15 +317,15 @@
 +	close(ctxt->pam_csock);
 +	ctxt->pam_csock = -1;
 +}
-+
+ 
+-	sshpam_conv.conv = sshpam_thread_conv;
 +int
 +get_pam_done(void *ctxt)
 +{
 +	struct pam_ctxt *pctxt = (struct pam_ctxt *)ctxt;
 +	return (pctxt->pam_done);
 +}
- 
--	sshpam_conv.conv = sshpam_thread_conv;
++
 +/*
 + * Perform PAM authentication.
 + *
@@ -333,6 +340,7 @@
 +	struct pam_conv sshpam_conv;
 +	int flags = (options.permit_empty_passwd == 0 ?
 +	    PAM_DISALLOW_NULL_AUTHTOK : 0);
++	struct ssh *ssh = active_state; /* XXX */
 +
 +	sshpam_conv.conv = sshpam_child_conv;
  	sshpam_conv.appdata_ptr = ctxt;
@@ -346,7 +354,7 @@
  	sshpam_err = pam_set_item(sshpam_handle, PAM_CONV,
  	    (const void *)&sshpam_conv);
  	if (sshpam_err != PAM_SUCCESS)
[email protected]@ -484,60 +409,34 @@ sshpam_thread(void *ctxtp)
[email protected]@ -477,63 +399,35 @@ sshpam_thread(void *ctxtp)
  		}
  	}
  
@@ -385,6 +393,8 @@
 -	/* XXX - can't do much about an error here */
 -	if (sshpam_err == PAM_ACCT_EXPIRED)
 -		ssh_msg_send(ctxt->pam_csock, PAM_ACCT_EXPIRED, &buffer);
+-	else if (sshpam_maxtries_reached)
+-		ssh_msg_send(ctxt->pam_csock, PAM_MAXTRIES, &buffer);
 -	else
 -		ssh_msg_send(ctxt->pam_csock, PAM_AUTH_ERR, &buffer);
 -	buffer_free(&buffer);
@@ -396,7 +406,7 @@
 +		    pam_strerror(sshpam_handle, sshpam_err),
 +		    sshpam_authctxt->valid ? "" : "illegal user ",
 +		    sshpam_authctxt->user,
-+		    get_remote_name_or_ip(utmp_len, options.use_dns));
++		    auth_get_canonical_hostname(ssh, options.use_dns));
 +	relieve_from_duty(ctxt);
  }
  
@@ -413,6 +423,7 @@
 -		close(ctxt->pam_psock);
 -		close(ctxt->pam_csock);
 -		memset(ctxt, 0, sizeof(*ctxt));
+-		cleanup_ctxt = NULL;
 +	if (ctxt != NULL && ctxt->pam_child != 0) {
 +		signal(SIGCHLD, sshpam_oldsig);
 +		/* callback child should have had exited by now */
@@ -423,18 +434,19 @@
 +			close(ctxt->pam_csock);
 +		if (sshpam_child_status == -1)
 +			waitpid(ctxt->pam_child, &sshpam_child_status, 0);
- 		cleanup_ctxt = NULL;
++ 		cleanup_ctxt = NULL;
  	}
  }
[email protected]@ -686,7 +585,6 @@ derive_pam_service_name(Authctxt *authct
+ 
[email protected]@ -681,7 +575,6 @@ derive_pam_service_name(Authctxt *authct
  static int
  sshpam_init(Authctxt *authctxt)
  {
 -	extern char *__progname;
  	const char *pam_rhost, *pam_user, *user = authctxt->user;
  	const char **ptr_pam_user = &pam_user;
- 
[email protected]@ -792,6 +690,7 @@ sshpam_init_ctx(Authctxt *authctxt)
+ 	struct ssh *ssh = active_state; /* XXX */
[email protected]@ -788,6 +681,7 @@ sshpam_init_ctx(Authctxt *authctxt)
  {
  	struct pam_ctxt *ctxt;
  	int socks[2];
@@ -442,7 +454,7 @@
  
  	debug3("PAM: %s entering", __func__);
  	/*
[email protected]@ -809,7 +708,7 @@ sshpam_init_ctx(Authctxt *authctxt)
[email protected]@ -805,7 +699,7 @@ sshpam_init_ctx(Authctxt *authctxt)
  
  	ctxt = xcalloc(1, sizeof *ctxt);
  
@@ -451,7 +463,7 @@
  	if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, socks) == -1) {
  		error("PAM: failed create sockets: %s", strerror(errno));
  		free(ctxt);
[email protected]@ -817,15 +716,29 @@ sshpam_init_ctx(Authctxt *authctxt)
[email protected]@ -813,15 +707,29 @@ sshpam_init_ctx(Authctxt *authctxt)
  	}
  	ctxt->pam_psock = socks[0];
  	ctxt->pam_csock = socks[1];
@@ -485,11 +497,10 @@
  	return (ctxt);
  }
  
[email protected]@ -839,8 +752,11 @@ sshpam_query(void *ctx, char **name, cha
[email protected]@ -836,8 +744,10 @@ sshpam_query(void *ctx, char **name, cha
  	u_char type;
  	char *msg;
  	size_t len, mlen;
-+	struct ssh *ssh;
 +	int r;
  
  	debug3("PAM: %s entering", __func__);
@@ -497,7 +508,7 @@
  	buffer_init(&buffer);
  	*name = xstrdup("");
  	*info = xstrdup("");
[email protected]@ -848,6 +764,17 @@ sshpam_query(void *ctx, char **name, cha
[email protected]@ -845,6 +755,17 @@ sshpam_query(void *ctx, char **name, cha
  	**prompts = NULL;
  	plen = 0;
  	*echo_on = xmalloc(sizeof(u_int));
@@ -515,7 +526,7 @@
  	while (ssh_msg_recv(ctxt->pam_psock, &buffer) == 0) {
  		type = buffer_get_char(&buffer);
  		msg = buffer_get_string(&buffer, NULL);
[email protected]@ -879,15 +806,6 @@ sshpam_query(void *ctx, char **name, cha
[email protected]@ -880,15 +801,6 @@ sshpam_query(void *ctx, char **name, cha
  			/* FALLTHROUGH */
  		case PAM_AUTH_ERR:
  			debug3("PAM: %s", pam_strerror(sshpam_handle, type));
@@ -531,7 +542,7 @@
  			/* FALLTHROUGH */
  		case PAM_SUCCESS:
  			if (**prompts != NULL) {
[email protected]@ -898,25 +816,21 @@ sshpam_query(void *ctx, char **name, cha
[email protected]@ -899,25 +811,20 @@ sshpam_query(void *ctx, char **name, cha
  				free(**prompts);
  				**prompts = NULL;
  			}
@@ -553,16 +564,15 @@
 +			buffer_put_cstring(&buffer, buffer_ptr(&loginmsg));
 +			if (!use_privsep) {
 +				/* sync packet state with parrent */
-+				ssh = active_state;
 +				r = ssh_packet_get_state(ssh, &buffer);
 +				if (r != 0)
 +					fatal("%s: get_state failed: %s",
-+					   __func__, ssh_err(r));
++					    __func__, ssh_err(r));
  			}
 -			error("PAM: %s for %s%.100s from %.100s", msg,
 -			    sshpam_authctxt->valid ? "" : "illegal user ",
 -			    sshpam_authctxt->user,
--			    get_remote_name_or_ip(utmp_len, options.use_dns));
+-			    auth_get_canonical_hostname(ssh, options.use_dns));
 -			/* FALLTHROUGH */
 +			ssh_msg_send(ctxt->pam_psock, type, &buffer);
 +			/* callback child ends here */
@@ -571,7 +581,7 @@
  		default:
  			*num = 0;
  			**echo_on = 0;
[email protected]@ -970,7 +884,7 @@ sshpam_free_ctx(void *ctxtp)
[email protected]@ -997,7 +904,7 @@ sshpam_free_ctx(void *ctxtp)
  	struct pam_ctxt *ctxt = ctxtp;
  
  	debug3("PAM: %s entering", __func__);
@@ -583,22 +593,20 @@
 diff -pur old/auth-pam.h new/auth-pam.h
 --- old/auth-pam.h
 +++ new/auth-pam.h
[email protected]@ -45,9 +45,10 @@ int do_pam_putenv(char *, char *);
[email protected]@ -45,7 +45,8 @@ int do_pam_putenv(char *, char *);
  char ** fetch_pam_environment(void);
  char ** fetch_pam_child_environment(void);
  void free_pam_environment(char **);
 -void sshpam_thread_cleanup(void);
 +void sshpam_child_cleanup(void);
++int get_pam_done(void *);
  void sshpam_cleanup(void);
  int sshpam_auth_passwd(Authctxt *, const char *);
- int is_pam_session_open(void);
-+int get_pam_done(void *);
- 
- #endif /* USE_PAM */
+ int sshpam_get_maxtries_reached(void);
 diff -pur old/monitor.c new/monitor.c
 --- old/monitor.c
 +++ new/monitor.c
[email protected]@ -1179,12 +1179,38 @@ mm_answer_pam_init_ctx(int sock, Buffer
[email protected]@ -1184,12 +1184,39 @@ mm_answer_pam_init_ctx(int sock, Buffer
  	sshpam_ctxt = (sshpam_device.init_ctx)(authctxt);
  	sshpam_authok = NULL;
  	buffer_clear(m);
@@ -629,6 +637,7 @@
 +			    buffer_len(&loginmsg));
 +			buffer_clear(&loginmsg);
 +		}
++		buffer_put_int(m, sshpam_get_maxtries_reached());
 +		buffer_put_int(m, 0);		/* num */
 +		mm_request_send(sock, MONITOR_ANS_PAM_QUERY, m);
 +		return (0);
@@ -637,7 +646,7 @@
  	mm_request_send(sock, MONITOR_ANS_PAM_INIT_CTX, m);
  	return (0);
  }
[email protected]@ -1938,7 +1964,8 @@ monitor_apply_keystate(struct monitor *p
[email protected]@ -1947,7 +1974,8 @@ monitor_apply_keystate(struct monitor *p
  	int r;
  
  	debug3("%s: packet_set_state", __func__);
@@ -650,7 +659,7 @@
 diff -pur old/packet.c new/packet.c
 --- old/packet.c
 +++ new/packet.c
[email protected]@ -2345,7 +2345,7 @@ ssh_packet_restore_state(struct ssh *ssh
[email protected]@ -2449,7 +2449,7 @@ ssh_packet_get_output(struct ssh *ssh)
  }
  
  /* Reset after_authentication and reset compression in post-auth privsep */
@@ -659,7 +668,7 @@
  ssh_packet_set_postauth(struct ssh *ssh)
  {
  	struct sshcomp *comp;
[email protected]@ -2682,8 +2682,7 @@ ssh_packet_set_state(struct ssh *ssh, st
[email protected]@ -2775,8 +2775,7 @@ ssh_packet_set_state(struct ssh *ssh, st
  	cipher_set_keycontext(&state->send_context, keyout);
  	cipher_set_keycontext(&state->receive_context, keyin);
  
@@ -672,18 +681,18 @@
 diff -pur old/packet.h new/packet.h
 --- old/packet.h
 +++ new/packet.h
[email protected]@ -141,6 +141,7 @@ u_int	 ssh_packet_get_maxsize(struct ssh
[email protected]@ -144,6 +144,7 @@ u_int	 ssh_packet_get_maxsize(struct ssh
  
  int	 ssh_packet_get_state(struct ssh *, struct sshbuf *);
  int	 ssh_packet_set_state(struct ssh *, struct sshbuf *);
 +int	 ssh_packet_set_postauth(struct ssh *ssh);
  
  const char *ssh_remote_ipaddr(struct ssh *);
- 
+ int	 ssh_remote_port(struct ssh *);
 diff -pur old/servconf.c new/servconf.c
 --- old/servconf.c
 +++ new/servconf.c
[email protected]@ -433,6 +433,18 @@ fill_default_server_options(ServerOption
[email protected]@ -435,6 +435,18 @@ fill_default_server_options(ServerOption
  		options->compression = 0;
  	}
  #endif
@@ -705,7 +714,7 @@
 diff -pur old/session.c new/session.c
 --- old/session.c
 +++ new/session.c
[email protected]@ -2850,7 +2850,7 @@ do_cleanup(Authctxt *authctxt)
[email protected]@ -2890,7 +2890,7 @@ do_cleanup(Authctxt *authctxt)
  #ifdef USE_PAM
  	if (options.use_pam) {
  		sshpam_cleanup();
--- a/components/openssh/patches/043-protect_agent_sftpserver.patch	Mon Sep 19 14:01:08 2016 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,96 +0,0 @@
-#
-# This patch is to make ssh-agent and sftp-server untraceable on Solaris
-# without using the sgid bit.  The OpenSSH upstream contains code for 
-# Linux to disable ptrace on these two programs. This patch provides the
-# equivalent Solaris implementation.
-#
-# This Solaris-specific patch has been contributed back to OpenSSH upstream.
-# For more information, see https://bugzilla.mindrot.org/show_bug.cgi?id=2584.
-# In the future, if this is accepted by the upsteam in a later release, we will
-# remove this patch when we upgrade to that release.
-#
---- orig/config.h.in	Mon Jun  6 19:22:23 2016
-+++ new/config.h.in	Mon Jun  6 19:25:05 2016
[email protected]@ -962,6 +962,9 @@
- /* Define to 1 if you have the `setpcred' function. */
- #undef HAVE_SETPCRED
- 
-+/* Define to 1 if you have the `setpflags' function. */
-+#undef HAVE_SETPFLAGS
-+
- /* Define to 1 if you have the `setppriv' function. */
- #undef HAVE_SETPPRIV
- 
---- orig/configure.ac	Mon Jun  6 16:03:27 2016
-+++ new/configure.ac	Mon Jun  6 19:17:06 2016
[email protected]@ -899,6 +899,8 @@
- 	else
- 		AC_MSG_RESULT([no])
- 	fi
-+      
-+	AC_CHECK_FUNCS([setpflags])
- 	AC_CHECK_FUNCS([setppriv])
- 	AC_CHECK_FUNCS([priv_basicset])
- 	AC_CHECK_HEADERS([priv.h])
---- orig/sftp-server.c	Tue Jun  7 11:16:34 2016
-+++ new/sftp-server.c	Tue Jun  7 16:48:09 2016
[email protected]@ -32,6 +32,9 @@
- #ifdef HAVE_SYS_PRCTL_H
- #include <sys/prctl.h>
- #endif
-+#ifdef HAVE_PRIV_H
-+#include <priv.h> /* For setpflags() and __PROC_PROTECT  */
-+#endif
- 
- #include <dirent.h>
- #include <errno.h>
[email protected]@ -1588,6 +1591,11 @@
- 
- 	log_init(__progname, log_level, log_facility, log_stderr);
- 
-+#if defined(HAVE_SETPFLAGS) && defined(__PROC_PROTECT)
-+	/* On Solaris, we should make this process untraceable */
-+	if (setpflags(__PROC_PROTECT, 1) != 0)
-+		fatal("unable to make the process untraceable");
-+#else 
- #if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
- 	/*
- 	 * On Linux, we should try to avoid making /proc/self/{mem,maps}
[email protected]@ -1598,6 +1606,7 @@
- 	if (prctl(PR_SET_DUMPABLE, 0) != 0)
- 		fatal("unable to make the process undumpable");
- #endif /* defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) */
-+#endif
- 
- 	/* Drop any fine-grained privileges we don't need */
- 	platform_pledge_sftp_server();
---- orig/ssh-agent.c	Mon Jun  6 19:04:38 2016
-+++ new/ssh-agent.c	Tue Jun  7 12:18:11 2016
[email protected]@ -92,6 +92,10 @@
- #include <sys/prctl.h>	/* For prctl() and PR_SET_DUMPABLE */
- #endif
- 
-+#if defined(HAVE_PRIV_H)
-+#include <priv.h> /* For setpflags() and __PROC_PROTECT  */
-+#endif
-+
- typedef enum {
- 	AUTH_UNUSED,
- 	AUTH_SOCKET,
[email protected]@ -1209,10 +1213,16 @@
- 	setegid(getgid());
- 	setgid(getgid());
- 
-+#if defined(HAVE_SETPFLAGS) && defined(__PROC_PROTECT)
-+	/* make it untraceable on Solaris */
-+ 	(void) setpflags(__PROC_PROTECT, 1); 
-+
-+#else
- #if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
- 	/* Disable ptrace on Linux without sgid bit */
- 	prctl(PR_SET_DUMPABLE, 0);
- #endif
-+#endif 
- 
- #ifdef ENABLE_OPENSSL_FIPS
- 	fips_err = ssh_FIPS_mode_set_if_capable();
--- a/components/openssh/patches/045-remove_unacceptable_algs.patch	Mon Sep 19 14:01:08 2016 -0700
+++ b/components/openssh/patches/045-remove_unacceptable_algs.patch	Tue Sep 20 03:54:40 2016 -0700
@@ -4,23 +4,12 @@
 # and hmac-md5 Messages Authentication Codes (MACs). Besides that, disable
 # deprecated 3des-cbc by default on client (already disabled on the server).
 #
+# Update Aug 29, 2016:
+# Disabling arcfour used to be implemented by Solaris specific macro
+# WITHOUT_ARCFOUR, but now upstream OPENSSL_NO_RC4 is used instead.
+#
 # Patch source: in-house
 #
-diff -pur old/cipher.c new/cipher.c
---- old/cipher.c
-+++ new/cipher.c
[email protected]@ -119,9 +119,11 @@ static const struct sshcipher ciphers[]
- 	{ "cast128-cbc",
- 			SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_cast5_cbc },
- #endif
-+#ifndef WITHOUT_ARCFOUR
- 	{ "arcfour",	SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 0, EVP_rc4 },
- 	{ "arcfour128",	SSH_CIPHER_SSH2, 8, 16, 0, 0, 1536, 0, EVP_rc4 },
- 	{ "arcfour256",	SSH_CIPHER_SSH2, 8, 32, 0, 0, 1536, 0, EVP_rc4 },
-+#endif
- 	{ "aes128-cbc",	SSH_CIPHER_SSH2, 16, 16, 0, 0, 0, 1, EVP_aes_128_cbc },
- 	{ "aes192-cbc",	SSH_CIPHER_SSH2, 16, 24, 0, 0, 0, 1, EVP_aes_192_cbc },
- 	{ "aes256-cbc",	SSH_CIPHER_SSH2, 16, 32, 0, 0, 0, 1, EVP_aes_256_cbc },
 diff -pur old/mac.c new/mac.c
 --- old/mac.c
 +++ new/mac.c
@@ -49,7 +38,7 @@
 diff -pur old/myproposal.h new/myproposal.h
 --- old/myproposal.h
 +++ new/myproposal.h
[email protected]@ -133,14 +133,14 @@
[email protected]@ -140,14 +140,14 @@
  	AESGCM_CIPHER_MODES
  
  #define KEX_CLIENT_ENCRYPT_DFLT KEX_SERVER_ENCRYPT_DFLT "," \
@@ -91,44 +80,6 @@
  .Ed
  .Pp
  The following ciphers are FIPS-140 approved and are supported in FIPS-140 mode:
-diff -pur old/sshd_config.5 new/sshd_config.5
---- old/sshd_config.5
-+++ new/sshd_config.5
[email protected]@ -464,12 +464,6 @@ [email protected]
- .It
- [email protected]
- .It
--arcfour
--.It
--arcfour128
--.It
--arcfour256
--.It
- blowfish-cbc
- .It
- [email protected]
[email protected]@ -988,10 +982,6 @@ The supported MACs are:
- .Pp
- .Bl -item -compact -offset indent
- .It
--hmac-md5
--.It
--hmac-md5-96
--.It
- hmac-ripemd160
- .It
- hmac-sha1
[email protected]@ -1006,10 +996,6 @@ [email protected]
- .It
- [email protected]
- .It
[email protected]
--.It
[email protected]
--.It
- [email protected]
- .It
- [email protected]
 diff -pur old/sshd.8 new/sshd.8
 --- old/sshd.8
 +++ new/sshd.8
@@ -147,3 +98,41 @@
  hmac-sha2-256 or hmac-sha2-512).
  .Pp
  Finally, the server and the client enter an authentication dialog.
+diff -pur old/sshd_config.5 new/sshd_config.5
+--- old/sshd_config.5
++++ new/sshd_config.5
[email protected]@ -471,12 +471,6 @@ [email protected]
+ .It
+ [email protected]
+ .It
+-arcfour
+-.It
+-arcfour128
+-.It
+-arcfour256
+-.It
+ blowfish-cbc
+ .It
+ [email protected]
[email protected]@ -1009,10 +1003,6 @@ The supported MACs are:
+ .Pp
+ .Bl -item -compact -offset indent
+ .It
+-hmac-md5
+-.It
+-hmac-md5-96
+-.It
+ hmac-ripemd160
+ .It
+ hmac-sha1
[email protected]@ -1027,10 +1017,6 @@ [email protected]
+ .It
+ [email protected]
+ .It
[email protected]
+-.It
[email protected]
+-.It
+ [email protected]
+ .It
+ [email protected]
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssh/patches/046-73_solaris_build_issue.patch	Tue Sep 20 03:54:40 2016 -0700
@@ -0,0 +1,31 @@
+#
+# Unbreak ./configure on Solaris.
+#
+# Patch source: upstream
+# https://marc.info/?l=openssh-unix-dev&m=147011381114561&w=2
+#
+--- orig/configure.ac	Thu Aug 18 14:41:57 2016
++++ new/configure.ac	Thu Aug 18 14:44:59 2016
[email protected]@ -751,6 +751,9 @@
+ 	use_pie=auto
+ 	check_for_libcrypt_later=1
+ 	check_for_openpty_ctty_bug=1
++        dnl Target SUSv3/POSIX.1-2001 plus BSD specifics.
++        dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE
++        CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE"
+ 	AC_DEFINE([PAM_TTY_KLUDGE], [1],
+ 		[Work around problematic Linux PAM modules handling of PAM_TTY])
+ 	AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"],
[email protected]@ -1790,11 +1793,8 @@
+ 	warn \
+ ])
+ 
+-dnl Wide character support.  Linux man page says it needs _XOPEN_SOURCE.
+-saved_CFLAGS="$CFLAGS"
+-CFLAGS="$CFLAGS -D_XOPEN_SOURCE"
++dnl Wide character support.
+ AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth])
+-CFLAGS="$saved_CFLAGS"
+ 
+ AC_LINK_IFELSE(
+         [AC_LANG_PROGRAM(
--- a/components/openssh/sources/kexgssc.c	Mon Sep 19 14:01:08 2016 -0700
+++ b/components/openssh/sources/kexgssc.c	Tue Sep 20 03:54:40 2016 -0700
@@ -63,7 +63,6 @@
 	Gssctxt *ctxt;
 	OM_uint32 maj_status, min_status, ret_flags;
 	uint_t klen, kout, slen = 0, strlen;
-	DH *dh;
 	BIGNUM *dh_server_pub = NULL;
 	BIGNUM *shared_secret = NULL;
 	BIGNUM *p = NULL;
@@ -284,7 +283,9 @@
 	switch (kex->kex_type) {
 	case KEX_GSS_GRP1_SHA1:
 	case KEX_GSS_GRP14_SHA1:
-		kex_dh_hash(kex->client_version_string,
+		kex_dh_hash(
+		    kex->hash_alg,
+		    kex->client_version_string,
 		    kex->server_version_string,
 		    buffer_ptr(kex->my), buffer_len(kex->my),
 		    buffer_ptr(kex->peer), buffer_len(kex->peer),
--- a/components/openssh/sources/kexgsss.c	Mon Sep 19 14:01:08 2016 -0700
+++ b/components/openssh/sources/kexgsss.c	Tue Sep 20 03:54:40 2016 -0700
@@ -76,7 +76,6 @@
 	Gssctxt *ctxt = NULL;
 	uint_t slen, klen, kout;
 	uchar_t *kbuf;
-	DH *dh;
 	int min = -1, max = -1, nbits = -1;
 	BIGNUM *shared_secret = NULL;
 	BIGNUM *dh_client_pub = NULL;
@@ -236,6 +235,7 @@
 	case KEX_GSS_GRP1_SHA1:
 	case KEX_GSS_GRP14_SHA1:
 		kex_dh_hash(
+		    kex->hash_alg,
 		    kex->client_version_string, kex->server_version_string,
 		    buffer_ptr(kex->peer), buffer_len(kex->peer),
 		    buffer_ptr(kex->my), buffer_len(kex->my),