PSARC/2015/395 OpenSSH 7.1p1
authorTomas Kuthan <tomas.kuthan@oracle.com>
Thu, 29 Oct 2015 02:40:10 -0700
changeset 5025 bdd7dc7d2af4
parent 5023 93fb5351ff40
child 5026 12114fad0da4
PSARC/2015/395 OpenSSH 7.1p1 21696247 upgrade OpenSSH to 7.1p1
components/openssh/Makefile
components/openssh/openssh.p5m
components/openssh/patches/003-last_login.patch
components/openssh/patches/007-manpages.patch
components/openssh/patches/010-gss_store_cred.patch
components/openssh/patches/023-gsskex.patch
components/openssh/patches/024-disable_ed25519.patch
components/openssh/patches/027-missing_include.patch
components/openssh/patches/028-relax_bits_needed_check.patch
components/openssh/patches/030-auth_limits_bypass_fix.patch
components/openssh/patches/033-superfluous_error.patch
--- a/components/openssh/Makefile	Wed Oct 28 12:22:49 2015 -0700
+++ b/components/openssh/Makefile	Thu Oct 29 02:40:10 2015 -0700
@@ -23,22 +23,22 @@
 include ../../make-rules/shared-macros.mk
 
 COMPONENT_NAME=		openssh
-COMPONENT_VERSION=	6.8p1
+COMPONENT_VERSION=	7.1p1
 HUMAN_VERSION=		$(COMPONENT_VERSION)
 COMPONENT_SRC=		$(COMPONENT_NAME)-$(COMPONENT_VERSION)
 
 # Version for IPS.  The encoding rules are:
 #   OpenSSH <x>.<y>p<n>     => IPS <x>.<y>.0.<n>
 #   OpenSSH <x>.<y>.<z>p<n> => IPS <x>.<y>.<z>.<n>
-IPS_COMPONENT_VERSION=	6.8.0.1
+IPS_COMPONENT_VERSION=	7.1.0.1
 
 COMPONENT_PROJECT_URL=	http://www.openssh.org/
 COMPONENT_ARCHIVE=	$(COMPONENT_SRC).tar.gz
-COMPONENT_ARCHIVE_HASH=	sha256:3ff64ce73ee124480b5bf767b9830d7d3c03bbcb6abe716b78f0192c37ce160e
+COMPONENT_ARCHIVE_HASH=	sha256:fc0a6d2d1d063d5c66dffd952493d0cda256cad204f681de0f84ef85b2ad8428
 COMPONENT_ARCHIVE_URL=	http://mirror.team-cymru.org/pub/OpenBSD/OpenSSH/portable/$(COMPONENT_ARCHIVE)
 COMPONENT_BUGDB=utility/openssh
 
-TPNO_OPENSSH=		21980
+TPNO_OPENSSH=		24282
 TPNO_GSSKEX=		20377
 
 include $(WS_MAKE_RULES)/prep.mk
--- a/components/openssh/openssh.p5m	Wed Oct 28 12:22:49 2015 -0700
+++ b/components/openssh/openssh.p5m	Thu Oct 29 02:40:10 2015 -0700
@@ -20,7 +20,7 @@
 #
 # Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
 #
-<transform file path=usr.*/man/.+ -> default mangler.man.stability uncommitted>
+<transform file path=usr.*/man/.+ -> default mangler.man.stability "Pass-through Uncommitted">
 set name=pkg.fmri \
     value=pkg:/network/[email protected]$(IPS_COMPONENT_VERSION),$(BUILD_VERSION)
 set name=pkg.summary value=OpenSSH
--- a/components/openssh/patches/003-last_login.patch	Wed Oct 28 12:22:49 2015 -0700
+++ b/components/openssh/patches/003-last_login.patch	Thu Oct 29 02:40:10 2015 -0700
@@ -12,58 +12,52 @@
 # can't be changed so we update sshd's configuration parsing to flag
 # this as unsupported and update the man page here.
 #
-*** old/servconf.c Wed Sep 17 02:54:26 2014
---- new/servconf.c Wed Sep 17 02:56:55 2014
-***************
-*** 432,438 ****
---- 432,442 ----
-  	{ "listenaddress", sListenAddress, SSHCFG_GLOBAL },
-  	{ "addressfamily", sAddressFamily, SSHCFG_GLOBAL },
-  	{ "printmotd", sPrintMotd, SSHCFG_GLOBAL },
-+ #ifdef DISABLE_LASTLOG
-+ 	{ "printlastlog", sUnsupported, SSHCFG_GLOBAL },
-+ #else
-  	{ "printlastlog", sPrintLastLog, SSHCFG_GLOBAL },
-+ #endif
-  	{ "ignorerhosts", sIgnoreRhosts, SSHCFG_GLOBAL },
-  	{ "ignoreuserknownhosts", sIgnoreUserKnownHosts, SSHCFG_GLOBAL },
-  	{ "x11forwarding", sX11Forwarding, SSHCFG_ALL },
-*** old/sshd_config.5	Tue Sep 16 06:24:13 2014
---- new/sshd_config.5	Tue Sep 16 06:47:47 2014
-***************
-*** 1008,1015 ****
-  .Xr sshd 1M
-  should print the date and time of the last user login when a user logs
-  in interactively.
-! The default is
-! .Dq yes .
-  .It Cm PrintMotd
-  Specifies whether
-  .Xr sshd 1M
---- 1008,1015 ----
-  .Xr sshd 1M
-  should print the date and time of the last user login when a user logs
-  in interactively.
-! On Solaris this option is always ignored since pam_unix_session(5)
-! reports the last login time.
-  .It Cm PrintMotd
-  Specifies whether
-  .Xr sshd 1M
-***************
-*** 1349,1355 ****
-  (though not necessary) that it be world-readable.
-  .El
-  .Sh SEE ALSO
-! .Xr sshd 8
-  .Sh AUTHORS
-  OpenSSH is a derivative of the original and free
-  ssh 1.2.12 release by Tatu Ylonen.
---- 1349,1356 ----
-  (though not necessary) that it be world-readable.
-  .El
-  .Sh SEE ALSO
-! .Xr sshd 8 ,
-! .Xr pam_unix_session 5
-  .Sh AUTHORS
-  OpenSSH is a derivative of the original and free
-  ssh 1.2.12 release by Tatu Ylonen.
+diff -pur old/servconf.c new/servconf.c
+--- old/servconf.c
++++ new/servconf.c
[email protected]@ -504,7 +504,11 @@ static struct {
+ 	{ "listenaddress", sListenAddress, SSHCFG_GLOBAL },
+ 	{ "addressfamily", sAddressFamily, SSHCFG_GLOBAL },
+ 	{ "printmotd", sPrintMotd, SSHCFG_GLOBAL },
++#ifdef DISABLE_LASTLOG
++	{ "printlastlog", sUnsupported, SSHCFG_GLOBAL },
++#else
+ 	{ "printlastlog", sPrintLastLog, SSHCFG_GLOBAL },
++#endif
+ 	{ "ignorerhosts", sIgnoreRhosts, SSHCFG_GLOBAL },
+ 	{ "ignoreuserknownhosts", sIgnoreUserKnownHosts, SSHCFG_GLOBAL },
+ 	{ "x11forwarding", sX11Forwarding, SSHCFG_ALL },
[email protected]@ -2268,7 +2272,9 @@ dump_config(ServerOptions *o)
+ 	dump_cfg_fmtint(sChallengeResponseAuthentication,
+ 	    o->challenge_response_authentication);
+ 	dump_cfg_fmtint(sPrintMotd, o->print_motd);
++#ifndef DISABLE_LASTLOG
+ 	dump_cfg_fmtint(sPrintLastLog, o->print_lastlog);
++#endif /* !DISABLE_LASTLOG */
+ 	dump_cfg_fmtint(sX11Forwarding, o->x11_forwarding);
+ 	dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost);
+ 	dump_cfg_fmtint(sPermitTTY, o->permit_tty);
+diff -pur old/sshd_config.5 new/sshd_config.5
+--- old/sshd_config.5
++++ new/sshd_config.5
[email protected]@ -1300,8 +1300,8 @@ Specifies whether
+ .Xr sshd 8
+ should print the date and time of the last user login when a user logs
+ in interactively.
+-The default is
+-.Dq yes .
++On Solaris this option is always ignored since pam_unix_session(5)
++reports the last login time.
+ .It Cm PrintMotd
+ Specifies whether
+ .Xr sshd 8
[email protected]@ -1721,7 +1721,8 @@ This file should be writable by root onl
+ (though not necessary) that it be world-readable.
+ .El
+ .Sh SEE ALSO
+-.Xr sshd 8
++.Xr sshd 8 ,
++.Xr pam_unix_session 5
+ .Sh AUTHORS
+ OpenSSH is a derivative of the original and free
+ ssh 1.2.12 release by Tatu Ylonen.
--- a/components/openssh/patches/007-manpages.patch	Wed Oct 28 12:22:49 2015 -0700
+++ b/components/openssh/patches/007-manpages.patch	Thu Oct 29 02:40:10 2015 -0700
@@ -8,8 +8,8 @@
 # same as their corresponding ones in SunSSH.
 #
 diff -pur old/moduli.5 new/moduli.5
---- old/moduli.5	2015-03-17 06:49:20.000000000 +0100
-+++ new/moduli.5	2015-03-28 05:37:09.205577491 +0100
+--- old/moduli.5
++++ new/moduli.5
 @@ -14,7 +14,7 @@
  .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
@@ -67,8 +67,8 @@
  .Rs
  .%A M. Friedl
 diff -pur old/sftp-server.8 new/sftp-server.8
---- old/sftp-server.8	2015-03-17 06:49:20.000000000 +0100
-+++ new/sftp-server.8	2015-03-28 05:38:55.972453415 +0100
+--- old/sftp-server.8
++++ new/sftp-server.8
 @@ -23,7 +23,7 @@
  .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  .\"
@@ -117,8 +117,8 @@
  .%A T. Ylonen
  .%A S. Lehtinen
 diff -pur old/ssh-keysign.8 new/ssh-keysign.8
---- old/ssh-keysign.8	2015-03-17 06:49:20.000000000 +0100
-+++ new/ssh-keysign.8	2015-03-28 05:37:09.206625270 +0100
+--- old/ssh-keysign.8
++++ new/ssh-keysign.8
 @@ -23,7 +23,7 @@
  .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  .\"
@@ -149,8 +149,8 @@
  .Nm
  first appeared in
 diff -pur old/ssh-pkcs11-helper.8 new/ssh-pkcs11-helper.8
---- old/ssh-pkcs11-helper.8	2015-03-17 06:49:20.000000000 +0100
-+++ new/ssh-pkcs11-helper.8	2015-03-28 05:37:09.206699277 +0100
+--- old/ssh-pkcs11-helper.8
++++ new/ssh-pkcs11-helper.8
 @@ -15,7 +15,7 @@
  .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  .\"
@@ -161,18 +161,18 @@
  .Sh NAME
  .Nm ssh-pkcs11-helper
 diff -pur old/ssh_config.5 new/ssh_config.5
---- old/ssh_config.5	2015-03-17 06:49:20.000000000 +0100
-+++ new/ssh_config.5	2015-03-28 05:39:45.895250783 +0100
+--- old/ssh_config.5
++++ new/ssh_config.5
 @@ -35,7 +35,7 @@
  .\"
- .\" $OpenBSD: ssh_config.5,v 1.205 2015/02/20 22:17:21 djm Exp $
- .Dd $Mdocdate: February 20 2015 $
+ .\" $OpenBSD: ssh_config.5,v 1.215 2015/08/14 15:32:41 jmc Exp $
+ .Dd $Mdocdate: August 14 2015 $
 -.Dt SSH_CONFIG 5
 +.Dt SSH_CONFIG 4
  .Os
  .Sh NAME
  .Nm ssh_config
[email protected]@ -562,7 +562,7 @@ then the master connection will remain i
[email protected]@ -568,7 +568,7 @@ then the master connection will remain i
  .Dq Fl O No exit
  option).
  If set to a time in seconds, or a time in any of the formats documented in
@@ -181,7 +181,7 @@
  then the backgrounded master connection will automatically terminate
  after it has remained idle (with no client connections) for the
  specified time.
[email protected]@ -689,7 +689,7 @@ option is also enabled.
[email protected]@ -695,7 +695,7 @@ option is also enabled.
  Specify a timeout for untrusted X11 forwarding
  using the format described in the
  TIME FORMATS section of
@@ -190,7 +190,7 @@
  X11 connections received by
  .Xr ssh 1
  after this time will be refused.
[email protected]@ -756,7 +756,7 @@ should hash host names and addresses whe
[email protected]@ -762,7 +762,7 @@ should hash host names and addresses whe
  These hashed names may be used normally by
  .Xr ssh 1
  and
@@ -199,7 +199,7 @@
  but they do not reveal identifying information should the file's contents
  be disclosed.
  The default is
[email protected]@ -1233,7 +1233,7 @@ depending on the cipher.
[email protected]@ -1286,7 +1286,7 @@ depending on the cipher.
  The optional second value is specified in seconds and may use any of the
  units documented in the
  TIME FORMATS section of
@@ -208,7 +208,7 @@
  The default value for
  .Cm RekeyLimit
  is
[email protected]@ -1277,7 +1277,7 @@ Specifying a remote
[email protected]@ -1330,7 +1330,7 @@ Specifying a remote
  will only succeed if the server's
  .Cm GatewayPorts
  option is enabled (see
@@ -217,7 +217,7 @@
  .It Cm RequestTTY
  Specifies whether to request a pseudo-tty for the session.
  The argument may be one of:
[email protected]@ -1339,7 +1339,7 @@ accept these environment variables.
[email protected]@ -1396,7 +1396,7 @@ pseudo-terminal is requested as it is re
  Refer to
  .Cm AcceptEnv
  in
@@ -227,12 +227,12 @@
  Variables are specified by name, which may contain wildcard characters.
  Multiple environment variables may be separated by whitespace or spread
 diff -pur old/sshd.8 new/sshd.8
---- old/sshd.8	2015-03-17 06:49:20.000000000 +0100
-+++ new/sshd.8	2015-03-28 05:41:50.762749417 +0100
+--- old/sshd.8
++++ new/sshd.8
 @@ -35,7 +35,7 @@
  .\"
- .\" $OpenBSD: sshd.8,v 1.278 2014/11/15 14:41:03 bentley Exp $
- .Dd $Mdocdate: November 15 2014 $
+ .\" $OpenBSD: sshd.8,v 1.280 2015/07/03 03:49:45 djm Exp $
+ .Dd $Mdocdate: July 3 2015 $
 -.Dt SSHD 8
 +.Dt SSHD 1M
  .Os
@@ -247,7 +247,7 @@
  command-line options override values specified in the
  configuration file.
  .Nm
[email protected]@ -207,7 +207,7 @@ Can be used to give options in the forma
[email protected]@ -204,7 +204,7 @@ Can be used to give options in the forma
  This is useful for specifying options for which there is no separate
  command-line flag.
  For full details of the options, and their values, see
@@ -256,7 +256,7 @@
  .It Fl p Ar port
  Specifies the port on which the server listens for connections
  (default 22).
[email protected]@ -277,7 +277,7 @@ The default is to use protocol 2 only,
[email protected]@ -274,7 +274,7 @@ The default is to use protocol 2 only,
  though this can be changed via the
  .Cm Protocol
  option in
@@ -265,7 +265,7 @@
  Protocol 2 supports DSA, ECDSA, Ed25519 and RSA keys;
  protocol 1 only supports RSA keys.
  For both protocols,
[email protected]@ -402,7 +402,7 @@ if it exists, and users are allowed to c
[email protected]@ -399,7 +399,7 @@ if it exists, and users are allowed to c
  See the
  .Cm PermitUserEnvironment
  option in
@@ -274,7 +274,7 @@
  .It
  Changes to user's home directory.
  .It
[email protected]@ -550,7 +550,7 @@ The command originally supplied by the c
[email protected]@ -549,7 +549,7 @@ The command originally supplied by the c
  environment variable.
  Note that this option applies to shell, command or subsystem execution.
  Also note that this command may be superseded by either a
@@ -283,7 +283,7 @@
  .Cm ForceCommand
  directive or a command embedded in a certificate.
  .It Cm environment="NAME=value"
[email protected]@ -571,7 +571,7 @@ Specifies that in addition to public key
[email protected]@ -570,7 +570,7 @@ Specifies that in addition to public key
  name of the remote host or its IP address must be present in the
  comma-separated list of patterns.
  See PATTERNS in
@@ -292,7 +292,7 @@
  for more information on patterns.
  .Pp
  In addition to the wildcard matching that may be applied to hostnames or
[email protected]@ -859,7 +859,7 @@ It should only be writable by root.
[email protected]@ -858,7 +858,7 @@ It should only be writable by root.
  .It Pa /etc/moduli
  Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange".
  The file format is described in
@@ -301,7 +301,7 @@
  .Pp
  .It Pa /etc/motd
  See
[email protected]@ -920,7 +920,7 @@ should be world-readable.
[email protected]@ -919,7 +919,7 @@ should be world-readable.
  Contains configuration data for
  .Nm sshd .
  The file format and configuration options are described in
@@ -310,7 +310,7 @@
  .Pp
  .It Pa /etc/ssh/sshrc
  Similar to
[email protected]@ -955,10 +955,10 @@ The content of this file is not sensitiv
[email protected]@ -954,10 +954,10 @@ The content of this file is not sensitiv
  .Xr ssh-keyscan 1 ,
  .Xr chroot 2 ,
  .Xr login.conf 5 ,
@@ -326,12 +326,12 @@
  OpenSSH is a derivative of the original and free
  ssh 1.2.12 release by Tatu Ylonen.
 diff -pur old/sshd_config.5 new/sshd_config.5
---- old/sshd_config.5	2015-03-28 05:37:09.175994877 +0100
-+++ new/sshd_config.5	2015-03-28 05:42:07.245709990 +0100
+--- old/sshd_config.5
++++ new/sshd_config.5
 @@ -35,7 +35,7 @@
  .\"
- .\" $OpenBSD: sshd_config.5,v 1.194 2015/02/20 23:46:01 djm Exp $
- .Dd $Mdocdate: February 20 2015 $
+ .\" $OpenBSD: sshd_config.5,v 1.211 2015/08/14 15:32:41 jmc Exp $
+ .Dd $Mdocdate: August 14 2015 $
 -.Dt SSHD_CONFIG 5
 +.Dt SSHD_CONFIG 4
  .Os
@@ -353,9 +353,9 @@
 -.Xr ssh_config 5
 +.Xr ssh_config 4
  for how to configure the client.
- Note that environment passing is only supported for protocol 2.
- Variables are specified by name, which may contain the wildcard characters
[email protected]@ -85,7 +85,7 @@ For this reason, care should be taken in
+ Note that environment passing is only supported for protocol 2, and
+ that the
[email protected]@ -89,7 +89,7 @@ For this reason, care should be taken in
  The default is not to accept any environment variables.
  .It Cm AddressFamily
  Specifies which address family should be used by
@@ -364,7 +364,7 @@
  Valid arguments are
  .Dq any ,
  .Dq inet
[email protected]@ -118,7 +118,7 @@ and finally
[email protected]@ -122,7 +122,7 @@ and finally
  .Cm AllowGroups .
  .Pp
  See PATTERNS in
@@ -373,7 +373,7 @@
  for more information on patterns.
  .It Cm AllowTcpForwarding
  Specifies whether TCP forwarding is permitted.
[email protected]@ -178,7 +178,7 @@ and finally
[email protected]@ -182,7 +182,7 @@ and finally
  .Cm AllowGroups .
  .Pp
  See PATTERNS in
@@ -382,16 +382,16 @@
  for more information on patterns.
  .It Cm AuthenticationMethods
  Specifies the authentication methods that must be successfully completed
[email protected]@ -234,7 +234,7 @@ The program must be owned by root and no
- It will be invoked with a single argument of the username
- being authenticated, and should produce on standard output zero or
[email protected]@ -250,7 +250,7 @@ will be supplied.
+ .Pp
+ The program should produce on standard output zero or
  more lines of authorized_keys output (see AUTHORIZED_KEYS in
 -.Xr sshd 8 ) .
 +.Xr sshd 1M ) .
  If a key supplied by AuthorizedKeysCommand does not successfully authenticate
  and authorize the user then public key authentication continues using the usual
  .Cm AuthorizedKeysFile
[email protected]@ -257,7 +257,7 @@ for user authentication.
[email protected]@ -273,7 +273,7 @@ for user authentication.
  The format is described in the
  AUTHORIZED_KEYS FILE FORMAT
  section of
@@ -400,7 +400,7 @@
  .Cm AuthorizedKeysFile
  may contain tokens of the form %T which are substituted during connection
  setup.
[email protected]@ -280,7 +280,7 @@ this file lists names, one of which must
[email protected]@ -332,7 +332,7 @@ this file lists names, one of which must
  to be accepted for authentication.
  Names are listed one per line preceded by key options (as described
  in AUTHORIZED_KEYS FILE FORMAT in
@@ -409,7 +409,7 @@
  Empty lines and comments starting with
  .Ql #
  are ignored.
[email protected]@ -310,7 +310,7 @@ and is not consulted for certification a
[email protected]@ -362,7 +362,7 @@ and is not consulted for certification a
  though the
  .Cm principals=
  key option offers a similar facility (see
@@ -418,7 +418,7 @@
  for details).
  .It Cm Banner
  The contents of the specified file are sent to the remote user before
[email protected]@ -335,7 +335,7 @@ At session startup
[email protected]@ -387,7 +387,7 @@ At session startup
  checks that all components of the pathname are root-owned directories
  which are not writable by any other user or group.
  After the chroot,
@@ -427,7 +427,7 @@
  changes the working directory to the user's home directory.
  .Pp
  The pathname may contain the following tokens that are expanded at runtime once
[email protected]@ -433,7 +433,7 @@ with an argument of
[email protected]@ -490,7 +490,7 @@ with an argument of
  .It Cm ClientAliveCountMax
  Sets the number of client alive messages (see below) which may be
  sent without
@@ -436,7 +436,7 @@
  receiving any messages back from the client.
  If this threshold is reached while client alive messages are being sent,
  sshd will disconnect the client, terminating the session.
[email protected]@ -460,7 +460,7 @@ This option applies to protocol version 
[email protected]@ -517,7 +517,7 @@ This option applies to protocol version
  .It Cm ClientAliveInterval
  Sets a timeout interval in seconds after which if no data has been received
  from the client,
@@ -445,7 +445,7 @@
  will send a message through the encrypted
  channel to request a response from the client.
  The default
[email protected]@ -491,7 +491,7 @@ and finally
[email protected]@ -548,7 +548,7 @@ and finally
  .Cm AllowGroups .
  .Pp
  See PATTERNS in
@@ -454,7 +454,7 @@
  for more information on patterns.
  .It Cm DenyUsers
  This keyword can be followed by a list of user name patterns, separated
[email protected]@ -510,7 +510,7 @@ and finally
[email protected]@ -567,7 +567,7 @@ and finally
  .Cm AllowGroups .
  .Pp
  See PATTERNS in
@@ -463,7 +463,7 @@
  for more information on patterns.
  .It Cm FingerprintHash
  Specifies the hash algorithm used when logging key fingerprints.
[email protected]@ -543,7 +543,7 @@ files when used with
[email protected]@ -600,7 +600,7 @@ files when used with
  Specifies whether remote hosts are allowed to connect to ports
  forwarded for the client.
  By default,
@@ -472,7 +472,7 @@
  binds remote port forwardings to the loopback address.
  This prevents other remote hosts from connecting to forwarded ports.
  .Cm GatewayPorts
[email protected]@ -602,7 +602,7 @@ files during
[email protected]@ -686,7 +686,7 @@ files during
  A setting of
  .Dq yes
  means that
@@ -481,7 +481,7 @@
  uses the name supplied by the client rather than
  attempting to resolve the name from the TCP connection itself.
  The default is
[email protected]@ -613,7 +613,7 @@ The certificate's public key must match 
[email protected]@ -697,7 +697,7 @@ The certificate's public key must match
  by
  .Cm HostKey .
  The default behaviour of
@@ -490,16 +490,7 @@
  is not to load any certificates.
  .It Cm HostKey
  Specifies a file containing a private host key
[email protected]@ -628,7 +628,7 @@ and
- .Pa /etc/ssh/ssh_host_rsa_key
- for protocol version 2.
- Note that
--.Xr sshd 8
-+.Xr sshd 1M
- will refuse to use a file if it is group/world-accessible.
- It is possible to have multiple host key files.
- .Dq rsa1
[email protected]@ -669,7 +669,7 @@ The default is
[email protected]@ -779,7 +779,7 @@ The default is
  .Dq yes .
  .It Cm IgnoreUserKnownHosts
  Specifies whether
@@ -508,7 +499,7 @@
  should ignore the user's
  .Pa ~/.ssh/known_hosts
  during
[email protected]@ -800,7 +800,7 @@ If the value is 0, the key is never rege
[email protected]@ -914,7 +914,7 @@ If the value is 0, the key is never rege
  The default is 3600 (seconds).
  .It Cm ListenAddress
  Specifies the local addresses
@@ -517,7 +508,7 @@
  should listen on.
  The following forms may be used:
  .Pp
[email protected]@ -843,7 +843,7 @@ If the value is 0, there is no time limi
[email protected]@ -954,7 +954,7 @@ If the value is 0, there is no time limi
  The default is 120 seconds.
  .It Cm LogLevel
  Gives the verbosity level that is used when logging messages from
@@ -526,7 +517,7 @@
  The possible values are:
  QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3.
  The default is INFO.
[email protected]@ -943,7 +943,7 @@ and
[email protected]@ -1059,7 +1059,7 @@ and
  The match patterns may consist of single entries or comma-separated
  lists and may use the wildcard and negation operators described in the
  PATTERNS section of
@@ -535,7 +526,7 @@
  .Pp
  The patterns in an
  .Cm Address
[email protected]@ -1032,7 +1032,7 @@ Alternatively, random early drop can be 
[email protected]@ -1148,7 +1148,7 @@ Alternatively, random early drop can be
  the three colon separated values
  .Dq start:rate:full
  (e.g. "10:30:60").
@@ -544,7 +535,7 @@
  will refuse connection attempts with a probability of
  .Dq rate/100
  (30%)
[email protected]@ -1149,7 +1149,7 @@ and
[email protected]@ -1268,7 +1268,7 @@ and
  options in
  .Pa ~/.ssh/authorized_keys
  are processed by
@@ -553,7 +544,7 @@
  The default is
  .Dq no .
  Enabling environment processing may enable users to bypass access
[email protected]@ -1168,7 +1168,7 @@ The default is
[email protected]@ -1289,7 +1289,7 @@ The default is
  .Pa /var/run/sshd.pid .
  .It Cm Port
  Specifies the port number that
@@ -562,7 +553,7 @@
  listens on.
  The default is 22.
  Multiple options of this type are permitted.
[email protected]@ -1176,14 +1176,14 @@ See also
[email protected]@ -1297,14 +1297,14 @@ See also
  .Cm ListenAddress .
  .It Cm PrintLastLog
  Specifies whether
@@ -579,7 +570,7 @@
  should print
  .Pa /etc/motd
  when a user logs in interactively.
[email protected]@ -1194,7 +1194,7 @@ The default is
[email protected]@ -1315,7 +1315,7 @@ The default is
  .Dq yes .
  .It Cm Protocol
  Specifies the protocol versions
@@ -588,7 +579,7 @@
  supports.
  The possible values are
  .Sq 1
[email protected]@ -1305,7 +1305,7 @@ The default is
[email protected]@ -1440,7 +1440,7 @@ The default is
  .Dq no .
  .It Cm StrictModes
  Specifies whether
@@ -597,7 +588,7 @@
  should check file modes and ownership of the
  user's files and home directory before accepting login.
  This is normally desirable because novices sometimes accidentally leave their
[email protected]@ -1339,7 +1339,7 @@ By default no subsystems are defined.
[email protected]@ -1474,7 +1474,7 @@ By default no subsystems are defined.
  Note that this option applies to protocol version 2 only.
  .It Cm SyslogFacility
  Gives the facility code that is used when logging messages from
@@ -606,16 +597,7 @@
  The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
  LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
  The default is AUTH.
[email protected]@ -1380,7 +1380,7 @@ For more details on certificates, see th
- .Xr ssh-keygen 1 .
- .It Cm UseDNS
- Specifies whether
--.Xr sshd 8
-+.Xr sshd 1M
- should look up the remote host name and check that
- the resolved host name for the remote IP address maps back to the
- very same IP address.
[email protected]@ -1425,13 +1425,13 @@ or
[email protected]@ -1571,13 +1571,13 @@ or
  If
  .Cm UsePAM
  is enabled, you will not be able to run
@@ -631,7 +613,7 @@
  separates privileges by creating an unprivileged child process
  to deal with incoming network traffic.
  After successful authentication, another process will be created that has
[email protected]@ -1453,7 +1453,7 @@ The default is
[email protected]@ -1599,7 +1599,7 @@ The default is
  .Dq none .
  .It Cm X11DisplayOffset
  Specifies the first display number available for
@@ -640,7 +622,7 @@
  X11 forwarding.
  This prevents sshd from interfering with real X11 servers.
  The default is 10.
[email protected]@ -1468,7 +1468,7 @@ The default is
[email protected]@ -1614,7 +1614,7 @@ The default is
  .Pp
  When X11 forwarding is enabled, there may be additional exposure to
  the server and to client displays if the
@@ -649,7 +631,7 @@
  proxy display is configured to listen on the wildcard address (see
  .Cm X11UseLocalhost
  below), though this is not the default.
[email protected]@ -1479,7 +1479,7 @@ display server may be exposed to attack 
[email protected]@ -1625,7 +1625,7 @@ display server may be exposed to attack
  forwarding (see the warnings for
  .Cm ForwardX11
  in
@@ -658,7 +640,7 @@
  A system administrator may have a stance in which they want to
  protect clients that may expose themselves to attack by unwittingly
  requesting X11 forwarding, which can warrant a
[email protected]@ -1493,7 +1493,7 @@ X11 forwarding is automatically disabled
[email protected]@ -1639,7 +1639,7 @@ X11 forwarding is automatically disabled
  is enabled.
  .It Cm X11UseLocalhost
  Specifies whether
@@ -667,7 +649,7 @@
  should bind the X11 forwarding server to the loopback address or to
  the wildcard address.
  By default,
[email protected]@ -1524,7 +1524,7 @@ The default is
[email protected]@ -1672,7 +1672,7 @@ The default is
  .Pa /usr/X11R6/bin/xauth .
  .El
  .Sh TIME FORMATS
@@ -676,7 +658,7 @@
  command-line arguments and configuration file options that specify time
  may be expressed using a sequence of the form:
  .Sm off
[email protected]@ -1568,12 +1568,12 @@ Time format examples:
[email protected]@ -1716,12 +1716,12 @@ Time format examples:
  .Bl -tag -width Ds
  .It Pa /etc/ssh/sshd_config
  Contains configuration data for
--- a/components/openssh/patches/010-gss_store_cred.patch	Wed Oct 28 12:22:49 2015 -0700
+++ b/components/openssh/patches/010-gss_store_cred.patch	Thu Oct 29 02:40:10 2015 -0700
@@ -16,9 +16,10 @@
 # The patch is implemented as Solaris-specific using USE_GSS_STORE_CRED
 # and GSSAPI_STORECREDS_NEEDS_RUID macros.
 #
---- orig/config.h.in	Fri Mar 21 11:42:17 2014
-+++ new/config.h.in	Fri Mar 21 11:46:26 2014
[email protected]@ -1616,6 +1616,12 @@
+diff -pur old/config.h.in new/config.h.in
+--- old/config.h.in
++++ new/config.h.in
[email protected]@ -1623,6 +1623,12 @@
  /* Use btmp to log bad logins */
  #undef USE_BTMP
  
@@ -31,9 +32,10 @@
  /* Use libedit for sftp */
  #undef USE_LIBEDIT
  
---- orig/configure	Fri Mar 21 11:42:24 2014
-+++ new/configure	Fri Mar 21 11:49:51 2014
[email protected]@ -7797,6 +7797,9 @@
+diff -pur old/configure new/configure
+--- old/configure
++++ new/configure
[email protected]@ -10944,6 +10944,9 @@ fi
  
  fi
  
@@ -43,9 +45,10 @@
  	TEST_SHELL=$SHELL	# let configure find us a capable shell
  	;;
  *-*-sunos4*)
---- orig/configure.ac	Fri Mar 21 11:42:28 2014
-+++ new/configure.ac	Fri Mar 21 16:32:28 2014
[email protected]@ -866,6 +866,8 @@
+diff -pur old/configure.ac new/configure.ac
+--- old/configure.ac
++++ new/configure.ac
[email protected]@ -910,6 +910,8 @@ mips-sony-bsd|mips-sony-newsos4)
  		],
  	)
  	TEST_SHELL=$SHELL	# let configure find us a capable shell
@@ -54,9 +57,10 @@
  	;;
  *-*-sunos4*)
  	CPPFLAGS="$CPPFLAGS -DSUNOS4"
---- orig/gss-serv-krb5.c	Fri Mar 21 11:42:46 2014
-+++ new/gss-serv-krb5.c	Fri Mar 21 11:54:48 2014
[email protected]@ -109,7 +109,7 @@
+diff -pur old/gss-serv-krb5.c new/gss-serv-krb5.c
+--- old/gss-serv-krb5.c
++++ new/gss-serv-krb5.c
[email protected]@ -110,7 +110,7 @@ ssh_gssapi_krb5_userok(ssh_gssapi_client
  	return retval;
  }
  
@@ -65,7 +69,7 @@
  /* This writes out any forwarded credentials from the structure populated
   * during userauth. Called after we have setuid to the user */
  
[email protected]@ -195,6 +195,7 @@
[email protected]@ -196,6 +196,7 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_cl
  
  	return;
  }
@@ -73,7 +77,7 @@
  
  ssh_gssapi_mech gssapi_kerberos_mech = {
  	"toWM5Slw5Ew8Mqkay+al2g==",
[email protected]@ -203,7 +204,11 @@
[email protected]@ -204,7 +205,11 @@ ssh_gssapi_mech gssapi_kerberos_mech = {
  	NULL,
  	&ssh_gssapi_krb5_userok,
  	NULL,
@@ -85,9 +89,10 @@
  };
  
  #endif /* KRB5 */
---- orig/gss-serv.c	Fri Mar 21 11:42:53 2014
-+++ new/gss-serv.c	Fri Mar 21 15:59:43 2014
[email protected]@ -292,6 +292,9 @@
+diff -pur old/gss-serv.c new/gss-serv.c
+--- old/gss-serv.c
++++ new/gss-serv.c
[email protected]@ -320,22 +320,66 @@ ssh_gssapi_getclient(Gssctxt *ctx, ssh_g
  void
  ssh_gssapi_cleanup_creds(void)
  {
@@ -97,7 +102,6 @@
  	if (gssapi_client.store.filename != NULL) {
  		/* Unlink probably isn't sufficient */
  		debug("removing gssapi cred file\"%s\"",
[email protected]@ -298,6 +301,7 @@
  		    gssapi_client.store.filename);
  		unlink(gssapi_client.store.filename);
  	}
@@ -105,7 +109,6 @@
  }
  
  /* As user */
[email protected]@ -304,10 +308,50 @@
  void
  ssh_gssapi_storecreds(void)
  {
@@ -156,23 +159,36 @@
  }
  
  /* This allows GSSAPI methods to do things to the childs environment based
---- orig/servconf.c	Fri Mar 21 11:43:02 2014
-+++ new/servconf.c	Fri Mar 21 16:02:54 2014
[email protected]@ -409,7 +409,11 @@
+diff -pur old/servconf.c new/servconf.c
+--- old/servconf.c
++++ new/servconf.c
[email protected]@ -489,7 +489,11 @@ static struct {
  	{ "afstokenpassing", sUnsupported, SSHCFG_GLOBAL },
  #ifdef GSSAPI
  	{ "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
+-	{ "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
 +#ifdef USE_GSS_STORE_CRED
 +	{ "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
 +#else /* USE_GSS_STORE_CRED */
- 	{ "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
++ 	{ "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
 +#endif /* USE_GSS_STORE_CRED */
+ 	{ "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL },
  #else
  	{ "gssapiauthentication", sUnsupported, SSHCFG_ALL },
- 	{ "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
---- orig/sshd.c	Fri Mar 21 11:43:08 2014
-+++ new/sshd.c	Mon Mar 24 15:05:30 2014
[email protected]@ -2126,9 +2126,23 @@
[email protected]@ -2264,7 +2268,9 @@ dump_config(ServerOptions *o)
+ #endif
+ #ifdef GSSAPI
+ 	dump_cfg_fmtint(sGssAuthentication, o->gss_authentication);
++#ifndef USE_GSS_STORE_CRED
+ 	dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds);
++#endif /* !USE_GSS_STORE_CRED */
+ #endif
+ 	dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication);
+ 	dump_cfg_fmtint(sKbdInteractiveAuthentication,
+diff -pur old/sshd.c new/sshd.c
+--- old/sshd.c
++++ new/sshd.c
[email protected]@ -2228,9 +2228,23 @@ main(int ac, char **av)
  
  #ifdef GSSAPI
  	if (options.gss_authentication) {
--- a/components/openssh/patches/023-gsskex.patch	Wed Oct 28 12:22:49 2015 -0700
+++ b/components/openssh/patches/023-gsskex.patch	Thu Oct 29 02:40:10 2015 -0700
@@ -9,8 +9,8 @@
 # Upstream rejected GSS-API key exchange several times before.
 #
 diff -pur old/Makefile.in new/Makefile.in
---- old/Makefile.in	2015-05-21 02:51:54.413234716 -0700
-+++ new/Makefile.in	2015-05-21 02:51:54.513293268 -0700
+--- old/Makefile.in
++++ new/Makefile.in
 @@ -87,6 +87,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
  	monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \
  	msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o umac128.o \
@@ -29,8 +29,8 @@
  	sftp-server.o sftp-common.o \
  	roaming_common.o roaming_serv.o \
 diff -pur old/auth2-gss.c new/auth2-gss.c
---- old/auth2-gss.c	2015-03-16 22:49:20.000000000 -0700
-+++ new/auth2-gss.c	2015-05-21 02:51:54.513863282 -0700
+--- old/auth2-gss.c
++++ new/auth2-gss.c
 @@ -1,7 +1,7 @@
  /* $OpenBSD: auth2-gss.c,v 1.22 2015/01/19 20:07:45 markus Exp $ */
  
@@ -94,8 +94,8 @@
  	"gssapi-with-mic",
  	userauth_gssapi,
 diff -pur old/auth2.c new/auth2.c
---- old/auth2.c	2015-05-21 02:51:54.362963450 -0700
-+++ new/auth2.c	2015-05-21 02:51:54.514409021 -0700
+--- old/auth2.c
++++ new/auth2.c
 @@ -70,6 +70,7 @@ extern Authmethod method_passwd;
  extern Authmethod method_kbdint;
  extern Authmethod method_hostbased;
@@ -113,9 +113,9 @@
  #endif
  	&method_passwd,
 diff -pur old/configure new/configure
---- old/configure	2015-05-21 02:51:54.418977239 -0700
-+++ new/configure	2015-05-21 04:08:21.689628474 -0700
[email protected]@ -10869,8 +10869,10 @@ fi
+--- old/configure
++++ new/configure
[email protected]@ -10944,8 +10944,10 @@ fi
  
  fi
  
@@ -129,8 +129,8 @@
  	TEST_SHELL=$SHELL	# let configure find us a capable shell
  	;;
 diff -pur old/gss-genr.c new/gss-genr.c
---- old/gss-genr.c	2015-03-16 22:49:20.000000000 -0700
-+++ new/gss-genr.c	2015-05-21 02:51:54.515221154 -0700
+--- old/gss-genr.c
++++ new/gss-genr.c
 @@ -1,7 +1,7 @@
  /* $OpenBSD: gss-genr.c,v 1.23 2015/01/20 23:14:00 deraadt Exp $ */
  
@@ -140,7 +140,7 @@
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
[email protected]@ -40,12 +40,167 @@
[email protected]@ -41,12 +41,167 @@
  #include "buffer.h"
  #include "log.h"
  #include "ssh2.h"
@@ -308,7 +308,7 @@
  /* Check that the OID in a data stream matches that in the context */
  int
  ssh_gssapi_check_oid(Gssctxt *ctx, void *data, size_t len)
[email protected]@ -230,6 +385,9 @@ ssh_gssapi_import_name(Gssctxt *ctx, con
[email protected]@ -231,6 +386,9 @@ ssh_gssapi_import_name(Gssctxt *ctx, con
  OM_uint32
  ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_t buffer, gss_buffer_t hash)
  {
@@ -318,7 +318,7 @@
  	if ((ctx->major = gss_get_mic(&ctx->minor, ctx->context,
  	    GSS_C_QOP_DEFAULT, buffer, hash)))
  		ssh_gssapi_error(ctx);
[email protected]@ -237,6 +395,19 @@ ssh_gssapi_sign(Gssctxt *ctx, gss_buffer
[email protected]@ -238,6 +396,19 @@ ssh_gssapi_sign(Gssctxt *ctx, gss_buffer
  	return (ctx->major);
  }
  
@@ -338,7 +338,7 @@
  void
  ssh_gssapi_buildmic(Buffer *b, const char *user, const char *service,
      const char *context)
[email protected]@ -255,6 +426,10 @@ ssh_gssapi_check_mechanism(Gssctxt **ctx
[email protected]@ -256,6 +427,10 @@ ssh_gssapi_check_mechanism(Gssctxt **ctx
  	gss_buffer_desc token = GSS_C_EMPTY_BUFFER;
  	OM_uint32 major, minor;
  	gss_OID_desc spnego_oid = {6, (void *)"\x2B\x06\x01\x05\x05\x02"};
@@ -349,7 +349,7 @@
  
  	/* RFC 4462 says we MUST NOT do SPNEGO */
  	if (oid->length == spnego_oid.length && 
[email protected]@ -273,7 +448,7 @@ ssh_gssapi_check_mechanism(Gssctxt **ctx
[email protected]@ -274,7 +449,7 @@ ssh_gssapi_check_mechanism(Gssctxt **ctx
  			    GSS_C_NO_BUFFER);
  	}
  
@@ -359,10 +359,10 @@
  
  	return (!GSS_ERROR(major));
 diff -pur old/gss-serv.c new/gss-serv.c
---- old/gss-serv.c	2015-05-21 02:51:54.328370202 -0700
-+++ new/gss-serv.c	2015-05-21 02:51:54.515853684 -0700
+--- old/gss-serv.c
++++ new/gss-serv.c
 @@ -1,7 +1,7 @@
- /* $OpenBSD: gss-serv.c,v 1.28 2015/01/20 23:14:00 deraadt Exp $ */
+ /* $OpenBSD: gss-serv.c,v 1.29 2015/05/22 03:50:02 djm Exp $ */
  
  /*
 - * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@@ -370,15 +370,15 @@
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
[email protected]@ -46,6 +46,7 @@
- #include "misc.h"
[email protected]@ -47,6 +47,7 @@
+ #include "servconf.h"
  
  #include "ssh-gss.h"
 +#include "monitor_wrap.h"
  
- static ssh_gssapi_client gssapi_client =
-     { GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER,
[email protected]@ -132,6 +133,28 @@ ssh_gssapi_server_ctx(Gssctxt **ctx, gss
+ extern ServerOptions options;
+ 
[email protected]@ -142,6 +143,28 @@ ssh_gssapi_server_ctx(Gssctxt **ctx, gss
  }
  
  /* Unprivileged */
@@ -407,7 +407,7 @@
  void
  ssh_gssapi_supported_oids(gss_OID_set *oidset)
  {
[email protected]@ -141,7 +164,9 @@ ssh_gssapi_supported_oids(gss_OID_set *o
[email protected]@ -151,7 +174,9 @@ ssh_gssapi_supported_oids(gss_OID_set *o
  	gss_OID_set supported;
  
  	gss_create_empty_oid_set(&min_status, oidset);
@@ -418,7 +418,7 @@
  
  	while (supported_mechs[i]->name != NULL) {
  		if (GSS_ERROR(gss_test_oid_set_member(&min_status,
[email protected]@ -417,14 +442,4 @@ ssh_gssapi_userok(char *user)
[email protected]@ -427,14 +452,4 @@ ssh_gssapi_userok(char *user)
  	return (0);
  }
  
@@ -434,8 +434,8 @@
 -
  #endif
 diff -pur old/kex.c new/kex.c
---- old/kex.c	2015-03-16 22:49:20.000000000 -0700
-+++ new/kex.c	2015-05-21 02:51:54.516546804 -0700
+--- old/kex.c
++++ new/kex.c
 @@ -55,6 +55,10 @@
  #include "sshbuf.h"
  #include "digest.h"
@@ -469,8 +469,8 @@
  	}
  	return NULL;
 diff -pur old/kex.h new/kex.h
---- old/kex.h	2015-03-16 22:49:20.000000000 -0700
-+++ new/kex.h	2015-05-21 04:13:55.764501761 -0700
+--- old/kex.h
++++ new/kex.h
 @@ -93,6 +93,9 @@ enum kex_exchange {
  	KEX_DH_GEX_SHA256,
  	KEX_ECDH_SHA2,
@@ -491,8 +491,8 @@
 +#endif
  	char	*client_version_string;
  	char	*server_version_string;
- 	int	(*verify_host_key)(struct sshkey *, struct ssh *);
[email protected]@ -183,6 +190,10 @@ int	 kexecdh_client(struct ssh *);
+ 	char	*failed_choice;
[email protected]@ -186,6 +193,10 @@ int	 kexecdh_client(struct ssh *);
  int	 kexecdh_server(struct ssh *);
  int	 kexc25519_client(struct ssh *);
  int	 kexc25519_server(struct ssh *);
@@ -504,8 +504,8 @@
  int	 kex_dh_hash(const char *, const char *,
      const u_char *, size_t, const u_char *, size_t, const u_char *, size_t,
 diff -pur old/monitor.c new/monitor.c
---- old/monitor.c	2015-05-21 02:51:54.364298135 -0700
-+++ new/monitor.c	2015-05-21 02:51:54.518833104 -0700
+--- old/monitor.c
++++ new/monitor.c
 @@ -160,6 +160,7 @@ int mm_answer_gss_setup_ctx(int, Buffer
  int mm_answer_gss_accept_ctx(int, Buffer *);
  int mm_answer_gss_userok(int, Buffer *);
@@ -554,7 +554,7 @@
  	} else {
  		mon_dispatch = mon_dispatch_postauth15;
  		monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1);
[email protected]@ -1923,6 +1938,13 @@ monitor_apply_keystate(struct monitor *p
[email protected]@ -1927,6 +1942,13 @@ monitor_apply_keystate(struct monitor *p
  # endif
  #endif /* WITH_OPENSSL */
  		kex->kex[KEX_C25519_SHA256] = kexc25519_server;
@@ -568,7 +568,7 @@
  		kex->load_host_public_key=&get_hostkey_public_by_type;
  		kex->load_host_private_key=&get_hostkey_private_by_type;
  		kex->host_key_index=&get_hostkey_index;
[email protected]@ -2022,6 +2044,9 @@ mm_answer_gss_setup_ctx(int sock, Buffer
[email protected]@ -2026,6 +2048,9 @@ mm_answer_gss_setup_ctx(int sock, Buffer
  	OM_uint32 major;
  	u_int len;
  
@@ -578,7 +578,7 @@
  	goid.elements = buffer_get_string(m, &len);
  	goid.length = len;
  
[email protected]@ -2049,6 +2074,9 @@ mm_answer_gss_accept_ctx(int sock, Buffe
[email protected]@ -2053,6 +2078,9 @@ mm_answer_gss_accept_ctx(int sock, Buffe
  	OM_uint32 flags = 0; /* GSI needs this */
  	u_int len;
  
@@ -588,7 +588,7 @@
  	in.value = buffer_get_string(m, &len);
  	in.length = len;
  	major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags);
[email protected]@ -2066,6 +2094,7 @@ mm_answer_gss_accept_ctx(int sock, Buffe
[email protected]@ -2070,6 +2098,7 @@ mm_answer_gss_accept_ctx(int sock, Buffe
  		monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0);
  		monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1);
  		monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1);
@@ -596,7 +596,7 @@
  	}
  	return (0);
  }
[email protected]@ -2077,6 +2106,9 @@ mm_answer_gss_checkmic(int sock, Buffer
[email protected]@ -2081,6 +2110,9 @@ mm_answer_gss_checkmic(int sock, Buffer
  	OM_uint32 ret;
  	u_int len;
  
@@ -606,7 +606,7 @@
  	gssbuf.value = buffer_get_string(m, &len);
  	gssbuf.length = len;
  	mic.value = buffer_get_string(m, &len);
[email protected]@ -2103,6 +2135,9 @@ mm_answer_gss_userok(int sock, Buffer *m
[email protected]@ -2107,6 +2139,9 @@ mm_answer_gss_userok(int sock, Buffer *m
  {
  	int authenticated;
  
@@ -616,7 +616,7 @@
  	authenticated = authctxt->valid && ssh_gssapi_userok(authctxt->user);
  
  	buffer_clear(m);
[email protected]@ -2116,5 +2151,47 @@ mm_answer_gss_userok(int sock, Buffer *m
[email protected]@ -2120,5 +2155,47 @@ mm_answer_gss_userok(int sock, Buffer *m
  	/* Monitor loop will terminate if authenticated */
  	return (authenticated);
  }
@@ -665,8 +665,8 @@
  #endif /* GSSAPI */
  
 diff -pur old/monitor.h new/monitor.h
---- old/monitor.h	2015-05-21 02:51:54.364660946 -0700
-+++ new/monitor.h	2015-05-21 02:51:54.519394748 -0700
+--- old/monitor.h
++++ new/monitor.h
 @@ -68,6 +68,9 @@ enum monitor_reqtype {
  #ifdef PAM_ENHANCEMENT
          MONITOR_REQ_AUTHMETHOD = 114,
@@ -678,8 +678,8 @@
  
  struct mm_master;
 diff -pur old/monitor_wrap.c new/monitor_wrap.c
---- old/monitor_wrap.c	2015-05-21 02:51:54.365259156 -0700
-+++ new/monitor_wrap.c	2015-05-21 02:51:54.519982413 -0700
+--- old/monitor_wrap.c
++++ new/monitor_wrap.c
 @@ -1103,5 +1103,28 @@ mm_ssh_gssapi_userok(char *user)
  	debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not ");
  	return (authenticated);
@@ -710,8 +710,8 @@
  #endif /* GSSAPI */
  
 diff -pur old/monitor_wrap.h new/monitor_wrap.h
---- old/monitor_wrap.h	2015-03-16 22:49:20.000000000 -0700
-+++ new/monitor_wrap.h	2015-05-21 02:51:54.520316939 -0700
+--- old/monitor_wrap.h
++++ new/monitor_wrap.h
 @@ -60,6 +60,7 @@ OM_uint32 mm_ssh_gssapi_accept_ctx(Gssct
     gss_buffer_desc *, gss_buffer_desc *, OM_uint32 *);
  int mm_ssh_gssapi_userok(char *user);
@@ -721,8 +721,8 @@
  
  #ifdef USE_PAM
 diff -pur old/readconf.c new/readconf.c
---- old/readconf.c	2015-05-21 02:51:54.384748072 -0700
-+++ new/readconf.c	2015-05-21 02:51:54.521602190 -0700
+--- old/readconf.c
++++ new/readconf.c
 @@ -147,6 +147,7 @@ typedef enum {
  	oClearAllForwardings, oNoHostAuthenticationForLocalhost,
  	oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
@@ -731,7 +731,7 @@
  	oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
  	oSendEnv, oControlPath, oControlMaster, oControlPersist,
  	oHashKnownHosts,
[email protected]@ -195,9 +196,11 @@ static struct {
[email protected]@ -196,9 +197,11 @@ static struct {
  #if defined(GSSAPI)
  	{ "gssapiauthentication", oGssAuthentication },
  	{ "gssapidelegatecredentials", oGssDelegateCreds },
@@ -743,7 +743,7 @@
  #endif
  	{ "fallbacktorsh", oDeprecated },
  	{ "usersh", oDeprecated },
[email protected]@ -927,6 +930,10 @@ parse_time:
[email protected]@ -929,6 +932,10 @@ parse_time:
  		intptr = &options->gss_authentication;
  		goto parse_flag;
  
@@ -762,7 +762,7 @@
  	options->gss_deleg_creds = -1;
  	options->password_authentication = -1;
  	options->kbd_interactive_authentication = -1;
[email protected]@ -1781,6 +1789,12 @@ fill_default_options(Options * options)
[email protected]@ -1782,6 +1790,12 @@ fill_default_options(Options * options)
  #else
  		options->gss_authentication = 0;
  #endif
@@ -776,8 +776,8 @@
  		options->gss_deleg_creds = 0;
  	if (options->password_authentication == -1)
 diff -pur old/readconf.h new/readconf.h
---- old/readconf.h	2015-05-21 02:51:54.348366942 -0700
-+++ new/readconf.h	2015-05-21 02:51:54.521966549 -0700
+--- old/readconf.h
++++ new/readconf.h
 @@ -45,6 +45,7 @@ typedef struct {
  	int     challenge_response_authentication;
  					/* Try S/Key or TIS, authentication. */
@@ -787,17 +787,17 @@
  	int     password_authentication;	/* Try password
  						 * authentication. */
 diff -pur old/servconf.c new/servconf.c
---- old/servconf.c	2015-05-21 02:51:54.410086670 -0700
-+++ new/servconf.c	2015-05-21 02:51:54.523417320 -0700
[email protected]@ -114,6 +114,7 @@ initialize_server_options(ServerOptions
+--- old/servconf.c
++++ new/servconf.c
[email protected]@ -117,6 +117,7 @@ initialize_server_options(ServerOptions
  	options->kerberos_ticket_cleanup = -1;
  	options->kerberos_get_afs_token = -1;
  	options->gss_authentication=-1;
 +	options->gss_keyex = -1;
  	options->gss_cleanup_creds = -1;
+ 	options->gss_strict_acceptor = -1;
  	options->password_authentication = -1;
- 	options->kbd_interactive_authentication = -1;
[email protected]@ -294,6 +295,12 @@ fill_default_server_options(ServerOption
[email protected]@ -300,6 +301,12 @@ fill_default_server_options(ServerOption
  #else
  		options->gss_authentication = 0;
  #endif
@@ -809,16 +809,16 @@
 +#endif
  	if (options->gss_cleanup_creds == -1)
  		options->gss_cleanup_creds = 1;
- 	if (options->password_authentication == -1)
[email protected]@ -422,6 +429,7 @@ typedef enum {
- 	sBanner, sUseDNS, sHostbasedAuthentication,
+ 	if (options->gss_strict_acceptor == -1)
[email protected]@ -442,6 +449,7 @@ typedef enum {
  	sHostbasedUsesNameFromPacketOnly, sHostbasedAcceptedKeyTypes,
+ 	sHostKeyAlgorithms,
  	sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile,
 +	sGssKeyEx,
- 	sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
+ 	sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
+ 	sAcceptEnv, sPermitTunnel,
  	sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
- 	sUsePrivilegeSeparation, sAllowAgentForwarding,
[email protected]@ -495,6 +503,7 @@ static struct {
[email protected]@ -518,6 +526,7 @@ static struct {
  	{ "afstokenpassing", sUnsupported, SSHCFG_GLOBAL },
  #ifdef GSSAPI
  	{ "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
@@ -826,15 +826,15 @@
  #ifdef USE_GSS_STORE_CRED
  	{ "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
  #else /* USE_GSS_STORE_CRED */
[email protected]@ -502,6 +511,7 @@ static struct {
- #endif /* USE_GSS_STORE_CRED */
[email protected]@ -526,6 +535,7 @@ static struct {
+ 	{ "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL },
  #else
  	{ "gssapiauthentication", sUnsupported, SSHCFG_ALL },
 +	{ "gssapikeyexchange", sUnsupported, SSHCFG_ALL },
  	{ "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
+ 	{ "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL },
  #endif
- 	{ "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
[email protected]@ -1243,6 +1253,10 @@ process_server_config_line(ServerOptions
[email protected]@ -1309,6 +1319,10 @@ process_server_config_line(ServerOptions
  		intptr = &options->gss_authentication;
  		goto parse_flag;
  
@@ -845,28 +845,28 @@
  	case sGssCleanupCreds:
  		intptr = &options->gss_cleanup_creds;
  		goto parse_flag;
[email protected]@ -2233,6 +2247,7 @@ dump_config(ServerOptions *o)
[email protected]@ -2355,6 +2369,7 @@ dump_config(ServerOptions *o)
  #endif
  #ifdef GSSAPI
  	dump_cfg_fmtint(sGssAuthentication, o->gss_authentication);
 +	dump_cfg_fmtint(sGssKeyEx, o->gss_keyex);
+ #ifndef USE_GSS_STORE_CRED
  	dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds);
- #endif
- 	dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication);
+ #endif /* !USE_GSS_STORE_CRED */
 diff -pur old/servconf.h new/servconf.h
---- old/servconf.h	2015-05-21 02:51:54.367009782 -0700
-+++ new/servconf.h	2015-05-21 02:51:54.524007042 -0700
[email protected]@ -119,6 +119,7 @@ typedef struct {
+--- old/servconf.h
++++ new/servconf.h
[email protected]@ -122,6 +122,7 @@ typedef struct {
  	int     kerberos_get_afs_token;		/* If true, try to get AFS token if
  						 * authenticated with Kerberos. */
  	int     gss_authentication;	/* If true, permit GSSAPI authentication */
 +	int     gss_keyex;		/* If true, permit GSSAPI key exchange */
  	int     gss_cleanup_creds;	/* If true, destroy cred cache on logout */
+ 	int     gss_strict_acceptor;	/* If true, restrict the GSSAPI acceptor name */
  	int     password_authentication;	/* If true, permit password
- 						 * authentication. */
 diff -pur old/ssh-gss.h new/ssh-gss.h
---- old/ssh-gss.h	2015-03-16 22:49:20.000000000 -0700
-+++ new/ssh-gss.h	2015-05-21 02:51:54.524497644 -0700
+--- old/ssh-gss.h
++++ new/ssh-gss.h
 @@ -61,6 +61,17 @@
  
  #define SSH_GSS_OIDTYPE 0x06
@@ -915,8 +915,8 @@
  
  #endif /* _SSH_GSS_H */
 diff -pur old/ssh_config new/ssh_config
---- old/ssh_config	2015-03-16 22:49:20.000000000 -0700
-+++ new/ssh_config	2015-05-21 02:51:54.524781493 -0700
+--- old/ssh_config
++++ new/ssh_config
 @@ -26,6 +26,7 @@
  #   HostbasedAuthentication no
  #   GSSAPIAuthentication no
@@ -926,9 +926,9 @@
  #   CheckHostIP yes
  #   AddressFamily any
 diff -pur old/ssh_config.5 new/ssh_config.5
---- old/ssh_config.5	2015-05-21 02:51:54.385795947 -0700
-+++ new/ssh_config.5	2015-05-21 02:51:54.525539849 -0700
[email protected]@ -751,6 +751,12 @@ Specifies whether user authentication ba
+--- old/ssh_config.5
++++ new/ssh_config.5
[email protected]@ -757,6 +757,12 @@ Specifies whether user authentication ba
  The default on Solaris is
  .Dq yes .
  Note that this option applies to protocol version 2 only.
@@ -942,20 +942,24 @@
  Forward (delegate) credentials to the server.
  The default is
 diff -pur old/sshconnect2.c new/sshconnect2.c
---- old/sshconnect2.c	2015-05-21 02:51:54.349037357 -0700
-+++ new/sshconnect2.c	2015-05-21 02:51:54.526742914 -0700
[email protected]@ -164,9 +164,31 @@ ssh_kex2(char *host, struct sockaddr *ho
+--- old/sshconnect2.c
++++ new/sshconnect2.c
[email protected]@ -163,12 +163,37 @@ ssh_kex2(char *host, struct sockaddr *ho
+ 	char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT };
  	struct kex *kex;
  	int r;
- 
 +#ifdef GSSAPI
 +	char *orig = NULL, *gss = NULL;
 +	char *gss_host = NULL;
 +#endif
 +
+ 
  	xxx_host = host;
  	xxx_hostaddr = hostaddr;
  
++	if (options.kex_algorithms != NULL)
++		myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms;
++
 +#ifdef GSSAPI
 +	if (options.gss_keyex) {
 +		/* Add the GSSAPI mechanisms currently supported on this 
@@ -973,12 +977,15 @@
 +	}
 +#endif
 +
- 	if (options.ciphers == (char *)-1) {
- 		logit("No valid ciphers for protocol version 2 given, using defaults.");
- 		options.ciphers = NULL;
[email protected]@ -204,6 +226,17 @@ ssh_kex2(char *host, struct sockaddr *ho
  	myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(
- 	    myproposal[PROPOSAL_KEX_ALGS]);
+-	    options.kex_algorithms);
++	    myproposal[PROPOSAL_KEX_ALGS]);
+ 	myproposal[PROPOSAL_ENC_ALGS_CTOS] =
+ 	    compat_cipher_proposal(options.ciphers);
+ 	myproposal[PROPOSAL_ENC_ALGS_STOC] =
[email protected]@ -197,6 +222,17 @@ ssh_kex2(char *host, struct sockaddr *ho
+ 		    order_hostkeyalgs(host, hostaddr, port));
+ 	}
  
 +#ifdef GSSAPI
 +	/* If we've got GSSAPI algorithms, then we also support the
@@ -994,7 +1001,7 @@
  	if (options.rekey_limit || options.rekey_interval)
  		packet_set_rekey_limits((u_int32_t)options.rekey_limit,
  		    (time_t)options.rekey_interval);
[email protected]@ -222,9 +255,22 @@ ssh_kex2(char *host, struct sockaddr *ho
[email protected]@ -215,9 +251,22 @@ ssh_kex2(char *host, struct sockaddr *ho
  # endif
  #endif
  	kex->kex[KEX_C25519_SHA256] = kexc25519_client;
@@ -1017,7 +1024,7 @@
  
  	dispatch_run(DISPATCH_BLOCK, &kex->done, active_state);
  
[email protected]@ -317,6 +363,7 @@ int	input_gssapi_token(int type, u_int32
[email protected]@ -310,6 +359,7 @@ int	input_gssapi_token(int type, u_int32
  int	input_gssapi_hash(int type, u_int32_t, void *);
  int	input_gssapi_error(int, u_int32_t, void *);
  int	input_gssapi_errtok(int, u_int32_t, void *);
@@ -1025,7 +1032,7 @@
  #endif
  
  void	userauth(Authctxt *, char *);
[email protected]@ -332,6 +379,11 @@ static char *authmethods_get(void);
[email protected]@ -325,6 +375,11 @@ static char *authmethods_get(void);
  
  Authmethod authmethods[] = {
  #ifdef GSSAPI
@@ -1037,7 +1044,7 @@
  	{"gssapi-with-mic",
  		userauth_gssapi,
  		NULL,
[email protected]@ -656,7 +708,10 @@ userauth_gssapi(Authctxt *authctxt)
[email protected]@ -649,7 +704,10 @@ userauth_gssapi(Authctxt *authctxt)
  	 * once. */
  
  	if (gss_supported == NULL)
@@ -1049,7 +1056,7 @@
  
  	/* Check to see if the mechanism is usable before we offer it */
  	while (mech < gss_supported->count && !ok) {
[email protected]@ -760,8 +815,8 @@ input_gssapi_response(int type, u_int32_
[email protected]@ -753,8 +811,8 @@ input_gssapi_response(int type, u_int32_
  {
  	Authctxt *authctxt = ctxt;
  	Gssctxt *gssctxt;
@@ -1060,7 +1067,7 @@
  
  	if (authctxt == NULL)
  		fatal("input_gssapi_response: no authentication context");
[email protected]@ -874,6 +929,48 @@ input_gssapi_error(int type, u_int32_t p
[email protected]@ -867,6 +925,48 @@ input_gssapi_error(int type, u_int32_t p
  	free(lang);
  	return 0;
  }
@@ -1110,9 +1117,9 @@
  
  int
 diff -pur old/sshd.c new/sshd.c
---- old/sshd.c	2015-05-21 02:51:54.419878113 -0700
-+++ new/sshd.c	2015-05-21 02:51:54.528004659 -0700
[email protected]@ -1815,10 +1815,13 @@ main(int ac, char **av)
+--- old/sshd.c
++++ new/sshd.c
[email protected]@ -1827,10 +1827,13 @@ main(int ac, char **av)
  		logit("Disabling protocol version 1. Could not load host key");
  		options.protocol &= ~SSH_PROTO_1;
  	}
@@ -1126,7 +1133,7 @@
  	if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) {
  		logit("sshd: no hostkeys available -- exiting.");
  		exit(1);
[email protected]@ -2586,6 +2589,48 @@ do_ssh2_kex(void)
[email protected]@ -2588,6 +2591,48 @@ do_ssh2_kex(void)
  	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(
  	    list_hostkey_types());
  
@@ -1175,7 +1182,7 @@
  	/* start key exchange */
  	if ((r = kex_setup(active_state, myproposal)) != 0)
  		fatal("kex_setup: %s", ssh_err(r));
[email protected]@ -2600,6 +2645,13 @@ do_ssh2_kex(void)
[email protected]@ -2602,6 +2647,13 @@ do_ssh2_kex(void)
  # endif
  #endif
  	kex->kex[KEX_C25519_SHA256] = kexc25519_server;
@@ -1190,8 +1197,8 @@
  	kex->client_version_string=client_version_string;
  	kex->server_version_string=server_version_string;
 diff -pur old/sshd_config new/sshd_config
---- old/sshd_config	2015-03-16 22:49:20.000000000 -0700
-+++ new/sshd_config	2015-05-21 02:51:54.528526236 -0700
+--- old/sshd_config
++++ new/sshd_config
 @@ -82,8 +82,9 @@ AuthorizedKeysFile	.ssh/authorized_keys
  #KerberosGetAFSToken no
  
@@ -1204,9 +1211,9 @@
  # Set this to 'yes' to enable PAM authentication, account processing,
  # and session processing. If this is enabled, PAM authentication will
 diff -pur old/sshd_config.5 new/sshd_config.5
---- old/sshd_config.5	2015-05-21 02:51:54.386222371 -0700
-+++ new/sshd_config.5	2015-05-21 02:51:54.529252300 -0700
[email protected]@ -564,6 +564,12 @@ Specifies whether user authentication ba
+--- old/sshd_config.5
++++ new/sshd_config.5
[email protected]@ -621,6 +621,12 @@ Specifies whether user authentication ba
  The default on Solaris is
  .Dq yes .
  Note that this option applies to protocol version 2 only.
@@ -1220,23 +1227,23 @@
  Specifies whether to automatically destroy the user's credentials cache
  on logout.
 diff -pur old/sshkey.c new/sshkey.c
---- old/sshkey.c	2015-03-16 22:49:20.000000000 -0700
-+++ new/sshkey.c	2015-05-21 02:51:54.530693373 -0700
[email protected]@ -116,6 +116,7 @@ static const struct keytype keytypes[] =
- 	{ "[email protected]", "DSA-CERT-V00",
- 	    KEY_DSA_CERT_V00, 0, 1 },
+--- old/sshkey.c
++++ new/sshkey.c
[email protected]@ -112,6 +112,7 @@ static const struct keytype keytypes[] =
+ #  endif /* OPENSSL_HAS_NISTP521 */
+ # endif /* OPENSSL_HAS_ECC */
  #endif /* WITH_OPENSSL */
 +	{ "null", "null", KEY_NULL, 0, 0 },
  	{ NULL, NULL, -1, -1, 0 }
  };
  
 diff -pur old/sshkey.h new/sshkey.h
---- old/sshkey.h	2015-03-16 22:49:20.000000000 -0700
-+++ new/sshkey.h	2015-05-21 02:51:54.531066246 -0700
[email protected]@ -64,6 +64,7 @@ enum sshkey_types {
+--- old/sshkey.h
++++ new/sshkey.h
[email protected]@ -62,6 +62,7 @@ enum sshkey_types {
+ 	KEY_DSA_CERT,
+ 	KEY_ECDSA_CERT,
  	KEY_ED25519_CERT,
- 	KEY_RSA_CERT_V00,
- 	KEY_DSA_CERT_V00,
 +	KEY_NULL,
  	KEY_UNSPEC
  };
--- a/components/openssh/patches/024-disable_ed25519.patch	Wed Oct 28 12:22:49 2015 -0700
+++ b/components/openssh/patches/024-disable_ed25519.patch	Thu Oct 29 02:40:10 2015 -0700
@@ -6,8 +6,8 @@
 #     https://bugzilla.mindrot.org/show_bug.cgi?id=2376
 #
 diff -pur old/Makefile.in new/Makefile.in
---- old/Makefile.in	2015-05-12 06:57:55.737824435 -0700
-+++ new/Makefile.in	2015-05-12 06:57:55.859410671 -0700
+--- old/Makefile.in
++++ new/Makefile.in
 @@ -155,7 +155,7 @@ $(SSHDOBJS): Makefile.in config.h
  	$(CC) $(CFLAGS) $(CPPFLAGS) -c $< -o [email protected]
  
@@ -18,9 +18,9 @@
  always:
  
 diff -pur old/authfd.c new/authfd.c
---- old/authfd.c	2015-03-16 22:49:20.000000000 -0700
-+++ new/authfd.c	2015-05-12 06:57:55.860206664 -0700
[email protected]@ -569,8 +569,10 @@ ssh_add_identity_constrained(int sock, s
+--- old/authfd.c
++++ new/authfd.c
[email protected]@ -565,8 +565,10 @@ ssh_add_identity_constrained(int sock, s
  	case KEY_ECDSA:
  	case KEY_ECDSA_CERT:
  #endif
@@ -32,23 +32,21 @@
  		    SSH2_AGENTC_ADD_ID_CONSTRAINED :
  		    SSH2_AGENTC_ADD_IDENTITY;
 diff -pur old/authfile.c new/authfile.c
---- old/authfile.c	2015-03-16 22:49:20.000000000 -0700
-+++ new/authfile.c	2015-05-12 06:57:55.860669228 -0700
[email protected]@ -446,8 +446,10 @@ sshkey_load_private_cert(int type, const
- 	case KEY_RSA:
+--- old/authfile.c
++++ new/authfile.c
[email protected]@ -449,7 +449,9 @@ sshkey_load_private_cert(int type, const
  	case KEY_DSA:
  	case KEY_ECDSA:
--	case KEY_ED25519:
  #endif /* WITH_OPENSSL */
 +#ifndef WITHOUT_ED25519
-+	case KEY_ED25519:
+ 	case KEY_ED25519:
 +#endif /* WITHOUT_ED25519 */
  	case KEY_UNSPEC:
  		break;
  	default:
 diff -pur old/dns.c new/dns.c
---- old/dns.c	2015-03-16 22:49:20.000000000 -0700
-+++ new/dns.c	2015-05-12 06:57:55.861065113 -0700
+--- old/dns.c
++++ new/dns.c
 @@ -100,11 +100,13 @@ dns_read_key(u_int8_t *algorithm, u_int8
  		if (!*digest_type)
  			*digest_type = SSHFP_HASH_SHA256;
@@ -64,21 +62,22 @@
  		*algorithm = SSHFP_KEY_RESERVED; /* 0 */
  		*digest_type = SSHFP_HASH_RESERVED; /* 0 */
 diff -pur old/dns.h new/dns.h
---- old/dns.h	2015-03-16 22:49:20.000000000 -0700
-+++ new/dns.h	2015-05-12 06:57:55.861358245 -0700
+--- old/dns.h
++++ new/dns.h
 @@ -33,7 +33,9 @@ enum sshfp_types {
  	SSHFP_KEY_RSA = 1,
  	SSHFP_KEY_DSA = 2,
  	SSHFP_KEY_ECDSA = 3,
+-	SSHFP_KEY_ED25519 = 4
 +#ifndef WITHOUT_ED25519
- 	SSHFP_KEY_ED25519 = 4 
++ 	SSHFP_KEY_ED25519 = 4 
 +#endif /* WITHOUT_ED25519 */
  };
  
  enum sshfp_hashes {
 diff -pur old/ed25519.c new/ed25519.c
---- old/ed25519.c	2015-03-16 22:49:20.000000000 -0700
-+++ new/ed25519.c	2015-05-12 06:57:55.861707517 -0700
+--- old/ed25519.c
++++ new/ed25519.c
 @@ -7,6 +7,7 @@
   */
  
@@ -93,8 +92,8 @@
  }
 +#endif /* WITHOUT_ED25519 */
 diff -pur old/fe25519.c new/fe25519.c
---- old/fe25519.c	2015-03-16 22:49:20.000000000 -0700
-+++ new/fe25519.c	2015-05-12 06:57:55.862124169 -0700
+--- old/fe25519.c
++++ new/fe25519.c
 @@ -8,6 +8,7 @@
  
  #include "includes.h"
@@ -109,8 +108,8 @@
  }
 +#endif /* WITHOUT_ED25519 */
 diff -pur old/fe25519.h new/fe25519.h
---- old/fe25519.h	2015-03-16 22:49:20.000000000 -0700
-+++ new/fe25519.h	2015-05-12 06:57:55.862460867 -0700
+--- old/fe25519.h
++++ new/fe25519.h
 @@ -8,6 +8,7 @@
  
  #ifndef FE25519_H
@@ -126,8 +125,8 @@
 +#endif /* WITHOUT_ED25519 */
  #endif
 diff -pur old/ge25519.c new/ge25519.c
---- old/ge25519.c	2015-03-16 22:49:20.000000000 -0700
-+++ new/ge25519.c	2015-05-12 06:57:55.862878000 -0700
+--- old/ge25519.c
++++ new/ge25519.c
 @@ -7,6 +7,7 @@
   */
  
@@ -142,8 +141,8 @@
  }
 +#endif /* WITHOUT_ED25519 */
 diff -pur old/ge25519.h new/ge25519.h
---- old/ge25519.h	2015-03-16 22:49:20.000000000 -0700
-+++ new/ge25519.h	2015-05-12 06:57:55.863212105 -0700
+--- old/ge25519.h
++++ new/ge25519.h
 @@ -8,6 +8,7 @@
  
  #ifndef GE25519_H
@@ -159,8 +158,8 @@
 +#endif /* WITHOUT_ED25519 */
  #endif
 diff -pur old/kex.c new/kex.c
---- old/kex.c	2015-05-12 06:57:55.741193024 -0700
-+++ new/kex.c	2015-05-12 07:00:10.308904895 -0700
+--- old/kex.c
++++ new/kex.c
 @@ -96,9 +96,11 @@ static const struct kexalg kexalgs[] = {
  # endif /* OPENSSL_HAS_NISTP521 */
  #endif /* OPENSSL_HAS_ECC */
@@ -174,8 +173,8 @@
  	{ KEX_GSS_GEX_SHA1_ID, KEX_GSS_GEX_SHA1, 0, SSH_DIGEST_SHA1 },
  	{ KEX_GSS_GRP1_SHA1_ID, KEX_GSS_GRP1_SHA1, 0, SSH_DIGEST_SHA1 },
 diff -pur old/kex.h new/kex.h
---- old/kex.h	2015-05-12 06:57:55.741694192 -0700
-+++ new/kex.h	2015-05-12 07:01:49.320801815 -0700
+--- old/kex.h
++++ new/kex.h
 @@ -58,13 +58,17 @@
  #define	KEX_ECDH_SHA2_NISTP256	"ecdh-sha2-nistp256"
  #define	KEX_ECDH_SHA2_NISTP384	"ecdh-sha2-nistp384"
@@ -204,7 +203,7 @@
  	KEX_GSS_GRP1_SHA1,
  	KEX_GSS_GRP14_SHA1,
  	KEX_GSS_GEX_SHA1,
[email protected]@ -160,8 +166,10 @@ struct kex {
[email protected]@ -161,8 +167,10 @@ struct kex {
  	u_int	min, max, nbits;	/* GEX */
  	EC_KEY	*ec_client_key;		/* ECDH */
  	const EC_GROUP *ec_group;	/* ECDH */
@@ -215,7 +214,7 @@
  };
  
  int	 kex_names_valid(const char *);
[email protected]@ -188,8 +196,10 @@ int	 kexgex_client(struct ssh *);
[email protected]@ -191,8 +199,10 @@ int	 kexgex_client(struct ssh *);
  int	 kexgex_server(struct ssh *);
  int	 kexecdh_client(struct ssh *);
  int	 kexecdh_server(struct ssh *);
@@ -224,9 +223,9 @@
  int	 kexc25519_server(struct ssh *);
 +#endif /* WITHOUT_ED25519 */
  #ifdef GSSAPI
- int	 kexgss_client(Kex *);
- void	 kexgss_server(Kex *);
[email protected]@ -210,6 +220,7 @@ int kex_ecdh_hash(int, const EC_GROUP *,
+ int	 kexgss_client(struct ssh *);
+ int	 kexgss_server(struct ssh *);
[email protected]@ -213,6 +223,7 @@ int kex_ecdh_hash(int, const EC_GROUP *,
      const u_char *, size_t, const u_char *, size_t, const u_char *, size_t,
      const EC_POINT *, const EC_POINT *, const BIGNUM *, u_char *, size_t *);
  
@@ -234,7 +233,7 @@
  int	 kex_c25519_hash(int, const char *, const char *, const char *, size_t,
      const char *, size_t, const u_char *, size_t, const u_char *, const u_char *,
      const u_char *, size_t, u_char *, size_t *);
[email protected]@ -221,6 +232,7 @@ int	kexc25519_shared_key(const u_char ke
[email protected]@ -224,6 +235,7 @@ int	kexc25519_shared_key(const u_char ke
      const u_char pub[CURVE25519_SIZE], struct sshbuf *out)
  	__attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE)))
  	__attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE)));
@@ -243,8 +242,8 @@
  int
  derive_ssh1_session_id(BIGNUM *, BIGNUM *, u_int8_t[8], u_int8_t[16]);
 diff -pur old/kexc25519.c new/kexc25519.c
---- old/kexc25519.c	2015-03-16 22:49:20.000000000 -0700
-+++ new/kexc25519.c	2015-05-12 06:57:55.865837542 -0700
+--- old/kexc25519.c
++++ new/kexc25519.c
 @@ -27,6 +27,7 @@
  
  #include "includes.h"
@@ -253,14 +252,14 @@
  #include <sys/types.h>
  
  #include <signal.h>
[email protected]@ -126,3 +127,4 @@ kex_c25519_hash(
[email protected]@ -131,3 +132,4 @@ kex_c25519_hash(
  #endif
  	return 0;
  }
 +#endif /* WITHOUT_ED25519 */
 diff -pur old/kexc25519c.c new/kexc25519c.c
---- old/kexc25519c.c	2015-03-16 22:49:20.000000000 -0700
-+++ new/kexc25519c.c	2015-05-12 06:57:55.866212606 -0700
+--- old/kexc25519c.c
++++ new/kexc25519c.c
 @@ -27,6 +27,7 @@
  
  #include "includes.h"
@@ -275,8 +274,8 @@
  }
 +#endif /* WITHOUT_ED25519 */
 diff -pur old/kexc25519s.c new/kexc25519s.c
---- old/kexc25519s.c	2015-03-16 22:49:20.000000000 -0700
-+++ new/kexc25519s.c	2015-05-12 06:57:55.866584623 -0700
+--- old/kexc25519s.c
++++ new/kexc25519s.c
 @@ -26,6 +26,8 @@
  
  #include "includes.h"
@@ -284,17 +283,17 @@
 +#ifndef WITHOUT_ED25519
 +
  #include <sys/types.h>
+ #include <stdio.h>
  #include <string.h>
- #include <signal.h>
[email protected]@ -156,3 +158,4 @@ out:
[email protected]@ -157,3 +159,4 @@ out:
  	sshbuf_free(shared_secret);
  	return r;
  }
 +#endif /* WITHOUT_ED25519 */
 diff -pur old/monitor.c new/monitor.c
---- old/monitor.c	2015-05-12 06:57:55.743678816 -0700
-+++ new/monitor.c	2015-05-12 07:02:27.111640142 -0700
[email protected]@ -1937,7 +1937,9 @@ monitor_apply_keystate(struct monitor *p
+--- old/monitor.c
++++ new/monitor.c
[email protected]@ -1941,7 +1941,9 @@ monitor_apply_keystate(struct monitor *p
  		kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
  # endif
  #endif /* WITH_OPENSSL */
@@ -305,8 +304,8 @@
  		if (options.gss_keyex) {
  			kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server;
 diff -pur old/myproposal.h new/myproposal.h
---- old/myproposal.h	2015-03-16 22:49:20.000000000 -0700
-+++ new/myproposal.h	2015-06-05 02:29:36.569958448 -0700
+--- old/myproposal.h
++++ new/myproposal.h
 @@ -59,6 +59,20 @@
  # define HOSTKEY_ECDSA_METHODS
  #endif
@@ -327,7 +326,7 @@
 +
  #ifdef OPENSSL_HAVE_EVPGCM
  # define AESGCM_CIPHER_MODES \
- 	"[email protected],[email protected],"
+ 	",[email protected],[email protected]"
 @@ -78,11 +92,6 @@
  #endif
  
@@ -337,26 +336,23 @@
 -# else
 -#  define KEX_CURVE25519_METHODS ""
 -# endif
- #define KEX_SERVER_KEX \
+ #define KEX_COMMON_KEX \
  	KEX_CURVE25519_METHODS \
  	KEX_ECDH_METHODS \
[email protected]@ -95,13 +104,13 @@
[email protected]@ -97,10 +106,10 @@
  
  #define	KEX_DEFAULT_PK_ALG	\
  	HOSTKEY_ECDSA_CERT_METHODS \
 -	"[email protected]," \
 +	HOSTKEY_CURVE25519_CERT_METHODS \
  	"[email protected]," \
- 	"[email protected]," \
- 	"[email protected]," \
- 	"[email protected]," \
  	HOSTKEY_ECDSA_METHODS \
 -	"ssh-ed25519," \
 +	HOSTKEY_CURVE25519_METHODS \
- 	"ssh-rsa," \
- 	"ssh-dss"
+ 	"ssh-rsa" \
  
[email protected]@ -143,10 +152,10 @@
+ /* the actual algorithms */
[email protected]@ -141,10 +150,10 @@
  #else
  
  #define KEX_SERVER_KEX		\
@@ -368,11 +364,11 @@
 +	HOSTKEY_CURVE25519_CERT_METHODS \
 +	HOSTKEY_CURVE25519_METHODS
  #define	KEX_SERVER_ENCRYPT \
- 	"aes128-ctr,aes192-ctr,aes256-ctr," \
- 	"[email protected]"
+ 	"[email protected]," \
+ 	"aes128-ctr,aes192-ctr,aes256-ctr"
 diff -pur old/openbsd-compat/Makefile.in new/openbsd-compat/Makefile.in
---- old/openbsd-compat/Makefile.in	2015-03-16 22:49:20.000000000 -0700
-+++ new/openbsd-compat/Makefile.in	2015-05-12 06:57:55.869383953 -0700
+--- old/openbsd-compat/Makefile.in
++++ new/openbsd-compat/Makefile.in
 @@ -32,7 +32,7 @@ $(OPENBSD): ../config.h
  $(PORTS): ../config.h
  
@@ -383,8 +379,8 @@
  
  clean:
 diff -pur old/pathnames.h new/pathnames.h
---- old/pathnames.h	2015-03-16 22:49:20.000000000 -0700
-+++ new/pathnames.h	2015-05-12 06:57:55.869773325 -0700
+--- old/pathnames.h
++++ new/pathnames.h
 @@ -39,7 +39,9 @@
  #define _PATH_HOST_KEY_FILE		SSHDIR "/ssh_host_key"
  #define _PATH_HOST_DSA_KEY_FILE		SSHDIR "/ssh_host_dsa_key"
@@ -406,9 +402,9 @@
  /*
   * Configuration file in user's home directory.  This file need not be
 diff -pur old/readconf.c new/readconf.c
---- old/readconf.c	2015-05-12 06:57:55.746561528 -0700
-+++ new/readconf.c	2015-05-12 06:57:55.870873194 -0700
[email protected]@ -1848,8 +1848,10 @@ fill_default_options(Options * options)
+--- old/readconf.c
++++ new/readconf.c
[email protected]@ -1846,8 +1846,10 @@ fill_default_options(Options * options)
  			add_identity_file(options, "~/",
  			    _PATH_SSH_CLIENT_ID_ECDSA, 0);
  #endif
@@ -420,9 +416,9 @@
  	}
  	if (options->escape_char == -1)
 diff -pur old/servconf.c new/servconf.c
---- old/servconf.c	2015-05-12 06:57:55.748493685 -0700
-+++ new/servconf.c	2015-05-12 06:57:55.872093181 -0700
[email protected]@ -216,8 +216,10 @@ fill_default_server_options(ServerOption
+--- old/servconf.c
++++ new/servconf.c
[email protected]@ -222,8 +222,10 @@ fill_default_server_options(ServerOption
  			options->host_key_files[options->num_host_key_files++] =
  			    _PATH_HOST_ECDSA_KEY_FILE;
  #endif
@@ -434,8 +430,8 @@
  	}
  	/* No certificates by default */
 diff -pur old/smult_curve25519_ref.c new/smult_curve25519_ref.c
---- old/smult_curve25519_ref.c	2015-03-16 22:49:20.000000000 -0700
-+++ new/smult_curve25519_ref.c	2015-05-12 06:57:55.872682983 -0700
+--- old/smult_curve25519_ref.c
++++ new/smult_curve25519_ref.c
 @@ -6,6 +6,8 @@ Public domain.
  Derived from public domain code by D. J. Bernstein.
  */
@@ -451,8 +447,8 @@
  }
 +#endif /* WITHOUT_ED25519 */
 diff -pur old/ssh-add.0 new/ssh-add.0
---- old/ssh-add.0	2015-03-17 21:26:35.000000000 -0700
-+++ new/ssh-add.0	2015-05-12 07:37:37.356166396 -0700
+--- old/ssh-add.0
++++ new/ssh-add.0
 @@ -11,7 +11,7 @@ SYNOPSIS
  DESCRIPTION
       ssh-add adds private key identities to the authentication agent,
@@ -462,7 +458,7 @@
       ~/.ssh/identity.  After loading a private key, ssh-add will try to load
       corresponding certificate information from the filename obtained by
       appending -cert.pub to the name of the private key file.  Alternative
[email protected]@ -96,14 +96,6 @@ FILES
[email protected]@ -97,14 +97,6 @@ FILES
               Contains the protocol version 2 DSA authentication identity of
               the user.
  
@@ -478,8 +474,8 @@
               Contains the protocol version 2 RSA authentication identity of
               the user.
 diff -pur old/ssh-add.1 new/ssh-add.1
---- old/ssh-add.1	2015-03-16 22:49:20.000000000 -0700
-+++ new/ssh-add.1	2015-05-12 07:47:42.099918141 -0700
+--- old/ssh-add.1
++++ new/ssh-add.1
 @@ -58,8 +58,6 @@ adds private key identities to the authe
  When run without arguments, it adds the files
  .Pa ~/.ssh/id_rsa ,
@@ -489,7 +485,7 @@
  and
  .Pa ~/.ssh/identity .
  After loading a private key,
[email protected]@ -177,10 +175,6 @@ socket used to communicate with the agen
[email protected]@ -178,10 +176,6 @@ socket used to communicate with the agen
  Contains the protocol version 1 RSA authentication identity of the user.
  .It Pa ~/.ssh/id_dsa
  Contains the protocol version 2 DSA authentication identity of the user.
@@ -501,21 +497,22 @@
  Contains the protocol version 2 RSA authentication identity of the user.
  .El
 diff -pur old/ssh-add.c new/ssh-add.c
---- old/ssh-add.c	2015-03-16 22:49:20.000000000 -0700
-+++ new/ssh-add.c	2015-05-12 06:57:55.873128238 -0700
+--- old/ssh-add.c
++++ new/ssh-add.c
 @@ -78,7 +78,9 @@ static char *default_files[] = {
  	_PATH_SSH_CLIENT_ID_ECDSA,
  #endif
  #endif /* WITH_OPENSSL */
+-	_PATH_SSH_CLIENT_ID_ED25519,
 +#ifndef WITHOUT_ED25519
- 	_PATH_SSH_CLIENT_ID_ED25519,
++ 	_PATH_SSH_CLIENT_ID_ED25519,
 +#endif /* WITHOUT_ED25519 */
+ #ifdef WITH_SSH1
  	_PATH_SSH_CLIENT_IDENTITY,
- 	NULL
- };
+ #endif
 diff -pur old/ssh-agent.0 new/ssh-agent.0
---- old/ssh-agent.0	2015-03-17 21:26:35.000000000 -0700
-+++ new/ssh-agent.0	2015-05-12 07:37:55.617194120 -0700
+--- old/ssh-agent.0
++++ new/ssh-agent.0
 @@ -10,7 +10,7 @@ SYNOPSIS
  
  DESCRIPTION
@@ -526,8 +523,8 @@
       windows or programs are started as clients to the ssh-agent program.
       Through use of environment variables the agent can be located and
 diff -pur old/ssh-agent.1 new/ssh-agent.1
---- old/ssh-agent.1	2015-03-16 22:49:20.000000000 -0700
-+++ new/ssh-agent.1	2015-05-12 07:47:53.707510271 -0700
+--- old/ssh-agent.1
++++ new/ssh-agent.1
 @@ -54,7 +54,7 @@
  .Sh DESCRIPTION
  .Nm
@@ -538,8 +535,8 @@
  is usually started in the beginning of an X-session or a login session, and
  all other windows or programs are started as clients to the ssh-agent
 diff -pur old/ssh-ed25519.c new/ssh-ed25519.c
---- old/ssh-ed25519.c	2015-03-16 22:49:20.000000000 -0700
-+++ new/ssh-ed25519.c	2015-05-12 06:57:55.873512963 -0700
+--- old/ssh-ed25519.c
++++ new/ssh-ed25519.c
 @@ -17,6 +17,8 @@
  
  #include "includes.h"
@@ -555,8 +552,8 @@
  }
 +#endif /* WITHOUT_ED25519 */
 diff -pur old/ssh-keygen.0 new/ssh-keygen.0
---- old/ssh-keygen.0	2015-03-17 21:26:35.000000000 -0700
-+++ new/ssh-keygen.0	2015-05-12 07:40:51.445122062 -0700
+--- old/ssh-keygen.0
++++ new/ssh-keygen.0
 @@ -4,7 +4,7 @@ NAME
       ssh-keygen M-bM-^@M-^S authentication key generation, management and conversion
  
@@ -603,7 +600,7 @@
               used.  Higher numbers result in slower passphrase verification
 @@ -103,12 +103,7 @@ DESCRIPTION
               Specifies the number of bits in the key to create.  For RSA keys,
-              the minimum size is 768 bits and the default is 2048 bits.
+              the minimum size is 1024 bits and the default is 2048 bits.
               Generally, 2048 bits is considered sufficient.  DSA keys must be
 -             exactly 1024 bits as specified by FIPS 186-2.  For ECDSA keys,
 -             the -b flag determines the key length by selecting from one of
@@ -661,8 +658,8 @@
               added to ~/.ssh/authorized_keys on all machines where the user
               wishes to log in using public key authentication.  There is no
 diff -pur old/ssh-keygen.1 new/ssh-keygen.1
---- old/ssh-keygen.1	2015-03-16 22:49:20.000000000 -0700
-+++ new/ssh-keygen.1	2015-05-12 07:49:52.125219558 -0700
+--- old/ssh-keygen.1
++++ new/ssh-keygen.1
 @@ -46,7 +46,7 @@
  .Nm ssh-keygen
  .Op Fl q
@@ -709,7 +706,7 @@
  .Fl o
  flag is set), this option specifies the number of KDF (key derivation function)
 @@ -247,15 +245,6 @@ Specifies the number of bits in the key
- For RSA keys, the minimum size is 768 bits and the default is 2048 bits.
+ For RSA keys, the minimum size is 1024 bits and the default is 2048 bits.
  Generally, 2048 bits is considered sufficient.
  DSA keys must be exactly 1024 bits as specified by FIPS 186-2.
 -For ECDSA keys, the
@@ -773,22 +770,22 @@
  The contents of this file should be added to
  .Pa ~/.ssh/authorized_keys
 diff -pur old/ssh-keygen.c new/ssh-keygen.c
---- old/ssh-keygen.c	2015-03-16 22:49:20.000000000 -0700
-+++ new/ssh-keygen.c	2015-05-12 06:57:55.874834232 -0700
[email protected]@ -214,7 +214,11 @@ type_bits_valid(int type, const char *na
- 	}
+--- old/ssh-keygen.c
++++ new/ssh-keygen.c
[email protected]@ -217,7 +217,11 @@ type_bits_valid(int type, const char *na
+ 		fatal("key bits exceeds maximum %d", maxbits);
  	if (type == KEY_DSA && *bitsp != 1024)
  		fatal("DSA keys must be 1024 bits");
--	else if (type != KEY_ECDSA && type != KEY_ED25519 && *bitsp < 768)
+-	else if (type != KEY_ECDSA && type != KEY_ED25519 && *bitsp < 1024)
 +	else if (type != KEY_ECDSA &&
 +#ifndef WITHOUT_ED25519
 +		 type != KEY_ED25519 &&
 +#endif /* WITHOUT_ED25519 */
-+		 *bitsp < 768)
- 		fatal("Key must at least be 768 bits");
++		 *bitsp < 1024)
+ 		fatal("Key must at least be 1024 bits");
  	else if (type == KEY_ECDSA && sshkey_ecdsa_bits_to_nid(*bitsp) == -1)
  		fatal("Invalid ECDSA key length - valid lengths are "
[email protected]@ -251,10 +255,12 @@ ask_filename(struct passwd *pw, const ch
[email protected]@ -252,10 +256,12 @@ ask_filename(struct passwd *pw, const ch
  		case KEY_RSA:
  			name = _PATH_SSH_CLIENT_ID_RSA;
  			break;
@@ -799,19 +796,20 @@
  			break;
 +#endif /* WITHOUT_ED25519 */
  		default:
- 			fprintf(stderr, "bad key type\n");
- 			exit(1);
[email protected]@ -954,7 +960,9 @@ do_gen_all_hostkeys(struct passwd *pw)
- #ifdef OPENSSL_HAS_ECC
+ 			fatal("bad key type");
+ 		}
[email protected]@ -939,7 +945,9 @@ do_gen_all_hostkeys(struct passwd *pw)
  		{ "ecdsa", "ECDSA",_PATH_HOST_ECDSA_KEY_FILE },
- #endif
+ #endif /* OPENSSL_HAS_ECC */
+ #endif /* WITH_OPENSSL */
+-		{ "ed25519", "ED25519",_PATH_HOST_ED25519_KEY_FILE },
 +#ifndef WITHOUT_ED25519
- 		{ "ed25519", "ED25519",_PATH_HOST_ED25519_KEY_FILE },
++ 		{ "ed25519", "ED25519",_PATH_HOST_ED25519_KEY_FILE },
 +#endif /* WITHOUT_ED25519 */
  		{ NULL, NULL, NULL }
  	};
  
[email protected]@ -1643,7 +1651,10 @@ do_ca_sign(struct passwd *pw, int argc,
[email protected]@ -1605,7 +1613,10 @@ do_ca_sign(struct passwd *pw, int argc,
  			fatal("%s: unable to open \"%s\": %s",
  			    __func__, tmp, ssh_err(r));
  		if (public->type != KEY_RSA && public->type != KEY_DSA &&
@@ -823,7 +821,7 @@
  			fatal("%s: key \"%s\" type %s cannot be certified",
  			    __func__, tmp, sshkey_type(public));
  
[email protected]@ -2558,8 +2569,10 @@ main(int argc, char **argv)
[email protected]@ -2502,8 +2513,10 @@ main(int argc, char **argv)
  			    _PATH_HOST_DSA_KEY_FILE, rr_hostname);
  			n += do_print_resource_record(pw,
  			    _PATH_HOST_ECDSA_KEY_FILE, rr_hostname);
@@ -835,8 +833,8 @@
  				fatal("no keys found.");
  			exit(0);
 diff -pur old/ssh-keyscan.0 new/ssh-keyscan.0
---- old/ssh-keyscan.0	2015-03-17 21:26:35.000000000 -0700
-+++ new/ssh-keyscan.0	2015-05-12 07:42:45.592281964 -0700
+--- old/ssh-keyscan.0
++++ new/ssh-keyscan.0
 @@ -48,9 +48,9 @@ DESCRIPTION
       -t type
               Specifies the type of the key to fetch from the scanned hosts.
@@ -874,8 +872,8 @@
  
  SEE ALSO
 diff -pur old/ssh-keyscan.1 new/ssh-keyscan.1
---- old/ssh-keyscan.1	2015-03-16 22:49:20.000000000 -0700
-+++ new/ssh-keyscan.1	2015-05-12 07:50:53.173745820 -0700
+--- old/ssh-keyscan.1
++++ new/ssh-keyscan.1
 @@ -90,18 +90,13 @@ Specifies the type of the key to fetch f
  The possible values are
  .Dq rsa1
@@ -927,8 +925,8 @@
  .Ed
  .Sh SEE ALSO
 diff -pur old/ssh-keyscan.c new/ssh-keyscan.c
---- old/ssh-keyscan.c	2015-03-16 22:49:20.000000000 -0700
-+++ new/ssh-keyscan.c	2015-05-12 06:57:55.875467494 -0700
+--- old/ssh-keyscan.c
++++ new/ssh-keyscan.c
 @@ -286,7 +286,9 @@ keygrab_ssh2(con *c)
  	c->c_ssh->kex->kex[KEX_ECDH_SHA2] = kexecdh_client;
  # endif
@@ -939,7 +937,7 @@
  	ssh_set_verify_host_key_callback(c->c_ssh, key_print_wrapper);
  	/*
  	 * do the key-exchange until an error occurs or until
[email protected]@ -609,10 +611,15 @@ do_host(char *host)
[email protected]@ -612,10 +614,15 @@ do_host(char *host)
  {
  	char *name = strnnsep(&host, " \t\n");
  	int j;
@@ -956,7 +954,7 @@
  		if (get_keytypes & j) {
  			while (ncon >= MAXCON)
  				conloop();
[email protected]@ -716,9 +723,11 @@ main(int argc, char **argv)
[email protected]@ -719,9 +726,11 @@ main(int argc, char **argv)
  				case KEY_RSA:
  					get_keytypes |= KT_RSA;
  					break;
@@ -969,8 +967,8 @@
  					fatal("unknown key type %s", tname);
  				}
 diff -pur old/ssh-keysign.0 new/ssh-keysign.0
---- old/ssh-keysign.0	2015-03-17 21:26:36.000000000 -0700
-+++ new/ssh-keysign.0	2015-05-12 07:42:57.261187576 -0700
+--- old/ssh-keysign.0
++++ new/ssh-keysign.0
 @@ -24,8 +24,6 @@ FILES
               Controls whether ssh-keysign is enabled.
  
@@ -990,8 +988,8 @@
               If these files exist they are assumed to contain public
               certificate information corresponding with the private keys
 diff -pur old/ssh-keysign.8 new/ssh-keysign.8
---- old/ssh-keysign.8	2015-05-12 06:57:55.609219058 -0700
-+++ new/ssh-keysign.8	2015-05-12 07:52:35.880504667 -0700
+--- old/ssh-keysign.8
++++ new/ssh-keysign.8
 @@ -62,8 +62,6 @@ Controls whether
  is enabled.
  .Pp
@@ -1011,8 +1009,8 @@
  If these files exist they are assumed to contain public certificate
  information corresponding with the private keys above.
 diff -pur old/ssh-keysign.c new/ssh-keysign.c
---- old/ssh-keysign.c	2015-03-16 22:49:20.000000000 -0700
-+++ new/ssh-keysign.c	2015-05-25 04:37:07.788045828 -0700
+--- old/ssh-keysign.c
++++ new/ssh-keysign.c
 @@ -168,7 +168,7 @@ main(int argc, char **argv)
  {
  	struct sshbuf *b;
@@ -1022,8 +1020,8 @@
  	struct sshkey *keys[NUM_KEYTYPES], *key = NULL;
  	struct passwd *pw;
  	int r, key_fd[NUM_KEYTYPES], i, found, version = 2, fd;
[email protected]@ -189,7 +189,9 @@ main(int argc, char **argv)
- 	i = 0;
[email protected]@ -190,7 +190,9 @@ main(int argc, char **argv)
+ 	/* XXX This really needs to read sshd_config for the paths */
  	key_fd[i++] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY);
  	key_fd[i++] = open(_PATH_HOST_ECDSA_KEY_FILE, O_RDONLY);
 +#ifndef WITHOUT_ED25519
@@ -1033,9 +1031,9 @@
  
  	original_real_uid = getuid();	/* XXX readconf.c needs this */
 diff -pur old/ssh.0 new/ssh.0
---- old/ssh.0	2015-03-17 21:26:35.000000000 -0700
-+++ new/ssh.0	2015-05-12 07:44:32.393217723 -0700
[email protected]@ -141,8 +141,8 @@ DESCRIPTION
+--- old/ssh.0
++++ new/ssh.0
[email protected]@ -140,8 +140,8 @@ DESCRIPTION
       -i identity_file
               Selects a file from which the identity (private key) for public
               key authentication is read.  The default is ~/.ssh/identity for
@@ -1046,7 +1044,7 @@
               Identity files may also be specified on a per-host basis in the
               configuration file.  It is possible to have multiple -i options
               (and multiple identities specified in configuration files).  ssh
[email protected]@ -451,7 +451,7 @@ AUTHENTICATION
[email protected]@ -463,7 +463,7 @@ AUTHENTICATION
       creates a public/private key pair for authentication purposes.  The
       server knows the public key, and only the user knows the private key.
       ssh implements public key authentication protocol automatically, using
@@ -1055,7 +1053,7 @@
       restricted to using only RSA keys, but protocol 2 may use any.  The
       HISTORY section of ssl(8) contains a brief discussion of the DSA and RSA
       algorithms.
[email protected]@ -464,11 +464,9 @@ AUTHENTICATION
[email protected]@ -476,11 +476,9 @@ AUTHENTICATION
  
       The user creates his/her key pair by running ssh-keygen(1).  This stores
       the private key in ~/.ssh/identity (protocol 1), ~/.ssh/id_dsa (protocol
@@ -1070,7 +1068,7 @@
       directory.  The user should then copy the public key to
       ~/.ssh/authorized_keys in his/her home directory on the remote machine.
       The authorized_keys file corresponds to the conventional ~/.rhosts file,
[email protected]@ -804,7 +802,7 @@ FILES
[email protected]@ -825,7 +823,7 @@ FILES
               for the user, and not accessible by others.
  
       ~/.ssh/authorized_keys
@@ -1079,7 +1077,7 @@
               for logging in as this user.  The format of this file is
               described in the sshd(8) manual page.  This file is not highly
               sensitive, but the recommended permissions are read/write for the
[email protected]@ -822,8 +820,6 @@ FILES
[email protected]@ -843,8 +841,6 @@ FILES
  
       ~/.ssh/identity
       ~/.ssh/id_dsa
@@ -1088,7 +1086,7 @@
       ~/.ssh/id_rsa
               Contains the private key for authentication.  These files contain
               sensitive data and should be readable by the user but not
[email protected]@ -835,8 +831,6 @@ FILES
[email protected]@ -856,8 +852,6 @@ FILES
  
       ~/.ssh/identity.pub
       ~/.ssh/id_dsa.pub
@@ -1097,7 +1095,7 @@
       ~/.ssh/id_rsa.pub
               Contains the public key for authentication.  These files are not
               sensitive and can (but need not) be readable by anyone.
[email protected]@ -867,8 +861,6 @@ FILES
[email protected]@ -888,8 +882,6 @@ FILES
  
       /etc/ssh/ssh_host_key
       /etc/ssh/ssh_host_dsa_key
@@ -1107,9 +1105,9 @@
               These files contain the private parts of the host keys and are
               used for host-based authentication.  If protocol version 1 is
 diff -pur old/ssh.1 new/ssh.1
---- old/ssh.1	2015-03-16 22:49:20.000000000 -0700
-+++ new/ssh.1	2015-05-12 07:51:38.403098490 -0700
[email protected]@ -274,9 +274,7 @@ public key authentication is read.
+--- old/ssh.1
++++ new/ssh.1
[email protected]@ -292,9 +292,7 @@ public key authentication is read.
  The default is
  .Pa ~/.ssh/identity
  for protocol version 1, and
@@ -1120,7 +1118,7 @@
  and
  .Pa ~/.ssh/id_rsa
  for protocol version 2.
[email protected]@ -761,7 +759,7 @@ key pair for authentication purposes.
[email protected]@ -848,7 +846,7 @@ key pair for authentication purposes.
  The server knows the public key, and only the user knows the private key.
  .Nm
  implements public key authentication protocol automatically,
@@ -1129,7 +1127,7 @@
  Protocol 1 is restricted to using only RSA keys,
  but protocol 2 may use any.
  The HISTORY section of
[email protected]@ -786,10 +784,6 @@ This stores the private key in
[email protected]@ -873,10 +871,6 @@ This stores the private key in
  (protocol 1),
  .Pa ~/.ssh/id_dsa
  (protocol 2 DSA),
@@ -1140,7 +1138,7 @@
  or
  .Pa ~/.ssh/id_rsa
  (protocol 2 RSA)
[email protected]@ -798,10 +792,6 @@ and stores the public key in
[email protected]@ -885,10 +879,6 @@ and stores the public key in
  (protocol 1),
  .Pa ~/.ssh/id_dsa.pub
  (protocol 2 DSA),
@@ -1151,7 +1149,7 @@
  or
  .Pa ~/.ssh/id_rsa.pub
  (protocol 2 RSA)
[email protected]@ -1341,7 +1331,7 @@ secret, but the recommended permissions
[email protected]@ -1444,7 +1434,7 @@ secret, but the recommended permissions
  and not accessible by others.
  .Pp
  .It Pa ~/.ssh/authorized_keys
@@ -1160,7 +1158,7 @@
  that can be used for logging in as this user.
  The format of this file is described in the
  .Xr sshd 8
[email protected]@ -1363,8 +1353,6 @@ above.
[email protected]@ -1466,8 +1456,6 @@ above.
  .Pp
  .It Pa ~/.ssh/identity
  .It Pa ~/.ssh/id_dsa
@@ -1169,7 +1167,7 @@
  .It Pa ~/.ssh/id_rsa
  Contains the private key for authentication.
  These files
[email protected]@ -1378,8 +1366,6 @@ sensitive part of this file using 3DES.
[email protected]@ -1481,8 +1469,6 @@ sensitive part of this file using 3DES.
  .Pp
  .It Pa ~/.ssh/identity.pub
  .It Pa ~/.ssh/id_dsa.pub
@@ -1178,7 +1176,7 @@
  .It Pa ~/.ssh/id_rsa.pub
  Contains the public key for authentication.
  These files are not
[email protected]@ -1418,8 +1404,6 @@ The file format and configuration option
[email protected]@ -1521,8 +1507,6 @@ The file format and configuration option
  .Pp
  .It Pa /etc/ssh/ssh_host_key
  .It Pa /etc/ssh/ssh_host_dsa_key
@@ -1188,9 +1186,9 @@
  These files contain the private parts of the host keys
  and are used for host-based authentication.
 diff -pur old/ssh.c new/ssh.c
---- old/ssh.c	2015-03-16 22:49:20.000000000 -0700
-+++ new/ssh.c	2015-05-12 06:57:55.876878130 -0700
[email protected]@ -1234,8 +1234,10 @@ main(int ac, char **av)
+--- old/ssh.c
++++ new/ssh.c
[email protected]@ -1233,8 +1233,10 @@ main(int ac, char **av)
  		sensitive_data.keys[1] = key_load_private_cert(KEY_ECDSA,
  		    _PATH_HOST_ECDSA_KEY_FILE, "", NULL);
  #endif
@@ -1201,7 +1199,7 @@
  		sensitive_data.keys[3] = key_load_private_cert(KEY_RSA,
  		    _PATH_HOST_RSA_KEY_FILE, "", NULL);
  		sensitive_data.keys[4] = key_load_private_cert(KEY_DSA,
[email protected]@ -1244,8 +1246,10 @@ main(int ac, char **av)
[email protected]@ -1243,8 +1245,10 @@ main(int ac, char **av)
  		sensitive_data.keys[5] = key_load_private_type(KEY_ECDSA,
  		    _PATH_HOST_ECDSA_KEY_FILE, "", NULL, NULL);
  #endif
@@ -1212,7 +1210,7 @@
  		sensitive_data.keys[7] = key_load_private_type(KEY_RSA,
  		    _PATH_HOST_RSA_KEY_FILE, "", NULL, NULL);
  		sensitive_data.keys[8] = key_load_private_type(KEY_DSA,
[email protected]@ -1262,8 +1266,10 @@ main(int ac, char **av)
[email protected]@ -1261,8 +1265,10 @@ main(int ac, char **av)
  			sensitive_data.keys[1] = key_load_cert(
  			    _PATH_HOST_ECDSA_KEY_FILE);
  #endif
@@ -1223,7 +1221,7 @@
  			sensitive_data.keys[3] = key_load_cert(
  			    _PATH_HOST_RSA_KEY_FILE);
  			sensitive_data.keys[4] = key_load_cert(
[email protected]@ -1272,8 +1278,10 @@ main(int ac, char **av)
[email protected]@ -1271,8 +1277,10 @@ main(int ac, char **av)
  			sensitive_data.keys[5] = key_load_public(
  			    _PATH_HOST_ECDSA_KEY_FILE, NULL);
  #endif
@@ -1235,8 +1233,8 @@
  			    _PATH_HOST_RSA_KEY_FILE, NULL);
  			sensitive_data.keys[8] = key_load_public(
 diff -pur old/ssh_api.c new/ssh_api.c
---- old/ssh_api.c	2015-03-16 22:49:20.000000000 -0700
-+++ new/ssh_api.c	2015-05-12 06:57:55.877368137 -0700
+--- old/ssh_api.c
++++ new/ssh_api.c
 @@ -109,7 +109,9 @@ ssh_init(struct ssh **sshp, int is_serve
  		ssh->kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
  # endif
@@ -1258,24 +1256,39 @@
  	}
  	*sshp = ssh;
 diff -pur old/ssh_config.0 new/ssh_config.0
---- old/ssh_config.0	2015-03-17 21:26:36.000000000 -0700
-+++ new/ssh_config.0	2015-05-12 07:45:14.754320503 -0700
[email protected]@ -443,14 +443,8 @@ DESCRIPTION
-              client wants to use in order of preference.  The default for this
-              option is:
+--- old/ssh_config.0
++++ new/ssh_config.0
[email protected]@ -444,13 +444,8 @@ DESCRIPTION
+              specified key types will be appended to the default set instead
+              of replacing them.  The default for this option is:
  
 -                [email protected],
 -                [email protected],
 -                [email protected],
 -                [email protected],
-                 [email protected],[email protected],
-                 [email protected],[email protected],
+                 [email protected],
 -                ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
--                ssh-ed25519,ssh-rsa,ssh-dss
+-                ssh-ed25519,ssh-rsa
++                ssh-rsa
+ 
+              The -Q option of ssh(1) may be used to list supported key types.
+ 
[email protected]@ -461,13 +456,8 @@ DESCRIPTION
+              key types will be appended to the default set instead of
+              replacing them.  The default for this option is:
+ 
+-                [email protected],
+-                [email protected],
+-                [email protected],
+-                [email protected],
+                 [email protected],
+-                ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+-                ssh-ed25519,ssh-rsa
++                ssh-rsa
  
               If hostkeys are known for the destination host then this default
               is modified to prefer their algorithms.
[email protected]@ -486,10 +480,10 @@ DESCRIPTION
[email protected]@ -503,10 +493,10 @@ DESCRIPTION
               default is M-bM-^@M-^\noM-bM-^@M-^].
  
       IdentityFile
@@ -1289,33 +1302,63 @@
               Additionally, any identities represented by the authentication
               agent will be used for authentication unless IdentitiesOnly is
               set.  ssh(1) will try to load certificate information from the
[email protected]@ -549,7 +543,6 @@ DESCRIPTION
-              Specifies the available KEX (Key Exchange) algorithms.  Multiple
-              algorithms must be comma-separated.  The default is:
[email protected]@ -569,7 +559,6 @@ DESCRIPTION
+              will be appended to the default set instead of replacing them.
+              The default is:
  
 -                   [email protected],
                     ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
                     diffie-hellman-group-exchange-sha256,
-                    diffie-hellman-group14-sha1,
+                    diffie-hellman-group-exchange-sha1,
[email protected]@ -727,13 +716,8 @@ DESCRIPTION
+              types after it will be appended to the default instead of
+              replacing it.  The default for this option is:
+ 
+-                [email protected],
+-                [email protected],
+-                [email protected],
+-                [email protected],
+                 [email protected],
+-                ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+-                ssh-ed25519,ssh-rsa
++                ssh-rsa
+ 
+              The -Q option of ssh(1) may be used to list supported key types.
+ 
 diff -pur old/ssh_config.5 new/ssh_config.5
---- old/ssh_config.5	2015-05-12 06:57:55.750682668 -0700
-+++ new/ssh_config.5	2015-05-12 07:52:05.483411337 -0700
[email protected]@ -807,14 +807,8 @@ Specifies the protocol version 2 host ke
- that the client wants to use in order of preference.
+--- old/ssh_config.5
++++ new/ssh_config.5
[email protected]@ -806,13 +806,8 @@ character, then the specified key types
+ instead of replacing them.
  The default for this option is:
  .Bd -literal -offset 3n
 [email protected],
 [email protected],
 [email protected],
 [email protected],
- [email protected],[email protected],
- [email protected],[email protected],
+ [email protected],
 -ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
--ssh-ed25519,ssh-rsa,ssh-dss
+-ssh-ed25519,ssh-rsa
++ssh-rsa
+ .Ed
+ .Pp
+ The
[email protected]@ -829,13 +824,8 @@ character, then the specified key types
+ instead of replacing them.
+ The default for this option is:
+ .Bd -literal -offset 3n
[email protected],
[email protected],
[email protected],
[email protected],
+ [email protected],
+-ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+-ssh-ed25519,ssh-rsa
++ssh-rsa
  .Ed
  .Pp
  If hostkeys are known for the destination host then this default is modified
[email protected]@ -869,14 +863,12 @@ offers many different identities.
[email protected]@ -890,14 +880,12 @@ offers many different identities.
  The default is
  .Dq no .
  .It Cm IdentityFile
@@ -1331,18 +1374,33 @@
  and
  .Pa ~/.ssh/id_rsa
  for protocol version 2.
[email protected]@ -989,7 +981,6 @@ Specifies the available KEX (Key Exchang
- Multiple algorithms must be comma-separated.
[email protected]@ -1014,7 +1002,6 @@ character, then the specified methods wi
+ instead of replacing them.
  The default is:
  .Bd -literal -offset indent
 [email protected],
  ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
  diffie-hellman-group-exchange-sha256,
- diffie-hellman-group14-sha1,
+ diffie-hellman-group-exchange-sha1,
[email protected]@ -1259,13 +1246,8 @@ character, then the key types after it w
+ instead of replacing it.
+ The default for this option is:
+ .Bd -literal -offset 3n
[email protected],
[email protected],
[email protected],
[email protected],
+ [email protected],
+-ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+-ssh-ed25519,ssh-rsa
++ssh-rsa
+ .Ed
+ .Pp
+ The
 diff -pur old/sshconnect.c new/sshconnect.c
---- old/sshconnect.c	2015-03-16 22:49:20.000000000 -0700
-+++ new/sshconnect.c	2015-05-12 06:57:55.878078115 -0700
[email protected]@ -1391,7 +1391,9 @@ show_other_keys(struct hostkeys *hostkey
+--- old/sshconnect.c
++++ new/sshconnect.c
[email protected]@ -1392,7 +1392,9 @@ show_other_keys(struct hostkeys *hostkey
  		KEY_RSA,
  		KEY_DSA,
  		KEY_ECDSA,
@@ -1353,9 +1411,9 @@
  	};
  	int i, ret = 0;
 diff -pur old/sshconnect2.c new/sshconnect2.c
---- old/sshconnect2.c	2015-05-12 06:57:55.751927078 -0700
-+++ new/sshconnect2.c	2015-05-12 07:03:03.597484825 -0700
[email protected]@ -254,7 +254,9 @@ ssh_kex2(char *host, struct sockaddr *ho
+--- old/sshconnect2.c
++++ new/sshconnect2.c
[email protected]@ -247,7 +247,9 @@ ssh_kex2(char *host, struct sockaddr *ho
  	kex->kex[KEX_ECDH_SHA2] = kexecdh_client;
  # endif
  #endif
@@ -1366,8 +1424,8 @@
  	if (options.gss_keyex) {
  		kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_client;
 diff -pur old/sshd.0 new/sshd.0
---- old/sshd.0	2015-03-17 21:26:35.000000000 -0700
-+++ new/sshd.0	2015-05-12 07:46:43.700877984 -0700
+--- old/sshd.0
++++ new/sshd.0
 @@ -81,8 +81,7 @@ DESCRIPTION
               be given if sshd is not run as root (as the normal host key files
               are normally not readable by anyone but root).  The default is
@@ -1378,7 +1436,7 @@
               protocol version 2.  It is possible to have multiple host key
               files for the different protocol versions and host key
               algorithms.
[email protected]@ -147,7 +146,7 @@ DESCRIPTION
[email protected]@ -146,7 +145,7 @@ DESCRIPTION
  AUTHENTICATION
       The OpenSSH SSH daemon supports SSH protocols 1 and 2.  The default is to
       use protocol 2 only, though this can be changed via the Protocol option
@@ -1387,7 +1445,7 @@
       protocol 1 only supports RSA keys.  For both protocols, each host has a
       host-specific key, normally 2048 bits, used to identify the host.
  
[email protected]@ -278,15 +277,13 @@ AUTHORIZED_KEYS FILE FORMAT
[email protected]@ -279,15 +278,13 @@ AUTHORIZED_KEYS FILE FORMAT
       starts with a number).  The bits, exponent, modulus, and comment fields
       give the RSA key for protocol version 1; the comment field is not used
       for anything (but may be convenient for the user to identify the key).
@@ -1405,7 +1463,7 @@
       file and edit it.
  
       sshd enforces a minimum RSA key modulus size for protocol 1 and protocol
[email protected]@ -513,7 +510,7 @@ FILES
[email protected]@ -514,7 +511,7 @@ FILES
               for the user, and not accessible by others.
  
       ~/.ssh/authorized_keys
@@ -1414,7 +1472,7 @@
               for logging in as this user.  The format of this file is
               described above.  The content of the file is not highly
               sensitive, but the recommended permissions are read/write for the
[email protected]@ -569,8 +566,6 @@ FILES
[email protected]@ -570,8 +567,6 @@ FILES
  
       /etc/ssh/ssh_host_key
       /etc/ssh/ssh_host_dsa_key
@@ -1423,7 +1481,7 @@
       /etc/ssh/ssh_host_rsa_key
               These files contain the private parts of the host keys.  These
               files should only be owned by root, readable only by root, and
[email protected]@ -579,8 +574,6 @@ FILES
[email protected]@ -580,8 +575,6 @@ FILES
  
       /etc/ssh/ssh_host_key.pub
       /etc/ssh/ssh_host_dsa_key.pub
@@ -1433,8 +1491,8 @@
               These files contain the public parts of the host keys.  These
               files should be world-readable but writable only by root.  Their
 diff -pur old/sshd.8 new/sshd.8
---- old/sshd.8	2015-05-12 06:57:55.682941332 -0700
-+++ new/sshd.8	2015-05-12 07:53:14.229250081 -0700
+--- old/sshd.8
++++ new/sshd.8
 @@ -172,8 +172,6 @@ The default is
  .Pa /etc/ssh/ssh_host_key
  for protocol version 1, and
@@ -1444,7 +1502,7 @@
  and
  .Pa /etc/ssh/ssh_host_rsa_key
  for protocol version 2.
[email protected]@ -278,7 +276,7 @@ though this can be changed via the
[email protected]@ -275,7 +273,7 @@ though this can be changed via the
  .Cm Protocol
  option in
  .Xr sshd_config 4 .
@@ -1453,7 +1511,7 @@
  protocol 1 only supports RSA keys.
  For both protocols,
  each host has a host-specific key,
[email protected]@ -492,10 +490,6 @@ protocol version 1; the
[email protected]@ -491,10 +489,6 @@ protocol version 1; the
  comment field is not used for anything (but may be convenient for the
  user to identify the key).
  For protocol version 2 the keytype is
@@ -1464,7 +1522,7 @@
  .Dq ssh-dss
  or
  .Dq ssh-rsa .
[email protected]@ -507,8 +501,6 @@ keys up to 16 kilobits.
[email protected]@ -506,8 +500,6 @@ keys up to 16 kilobits.
  You don't want to type them in; instead, copy the
  .Pa identity.pub ,
  .Pa id_dsa.pub ,
@@ -1473,7 +1531,7 @@
  or the
  .Pa id_rsa.pub
  file and edit it.
[email protected]@ -808,7 +800,7 @@ secret, but the recommended permissions
[email protected]@ -807,7 +799,7 @@ secret, but the recommended permissions
  and not accessible by others.
  .Pp
  .It Pa ~/.ssh/authorized_keys
@@ -1482,7 +1540,7 @@
  that can be used for logging in as this user.
  The format of this file is described above.
  The content of the file is not highly sensitive, but the recommended
[email protected]@ -882,8 +874,6 @@ rlogin/rsh.
[email protected]@ -881,8 +873,6 @@ rlogin/rsh.
  .Pp
  .It Pa /etc/ssh/ssh_host_key
  .It Pa /etc/ssh/ssh_host_dsa_key
@@ -1491,7 +1549,7 @@
  .It Pa /etc/ssh/ssh_host_rsa_key
  These files contain the private parts of the host keys.
  These files should only be owned by root, readable only by root, and not
[email protected]@ -894,8 +884,6 @@ does not start if these files are group/
[email protected]@ -893,8 +883,6 @@ does not start if these files are group/
  .Pp
  .It Pa /etc/ssh/ssh_host_key.pub
  .It Pa /etc/ssh/ssh_host_dsa_key.pub
@@ -1501,9 +1559,9 @@
  These files contain the public parts of the host keys.
  These files should be world-readable but writable only by
 diff -pur old/sshd.c new/sshd.c
---- old/sshd.c	2015-05-12 06:57:55.753246429 -0700
-+++ new/sshd.c	2015-05-12 07:03:44.715843663 -0700
[email protected]@ -803,7 +803,9 @@ list_hostkey_types(void)
+--- old/sshd.c
++++ new/sshd.c
[email protected]@ -811,7 +811,9 @@ list_hostkey_types(void)
  		case KEY_RSA:
  		case KEY_DSA:
  		case KEY_ECDSA:
@@ -1513,7 +1571,7 @@
  			if (buffer_len(&b) > 0)
  				buffer_append(&b, ",", 1);
  			p = key_ssh_name(key);
[email protected]@ -820,7 +822,9 @@ list_hostkey_types(void)
[email protected]@ -826,7 +828,9 @@ list_hostkey_types(void)
  		case KEY_RSA_CERT:
  		case KEY_DSA_CERT:
  		case KEY_ECDSA_CERT:
@@ -1523,7 +1581,7 @@
  			if (buffer_len(&b) > 0)
  				buffer_append(&b, ",", 1);
  			p = key_ssh_name(key);
[email protected]@ -848,7 +852,9 @@ get_hostkey_by_type(int type, int nid, i
[email protected]@ -852,7 +856,9 @@ get_hostkey_by_type(int type, int nid, i
  		case KEY_RSA_CERT:
  		case KEY_DSA_CERT:
  		case KEY_ECDSA_CERT:
@@ -1533,7 +1591,7 @@
  			key = sensitive_data.host_certificates[i];
  			break;
  		default:
[email protected]@ -1798,7 +1804,9 @@ main(int ac, char **av)
[email protected]@ -1810,7 +1816,9 @@ main(int ac, char **av)
  		case KEY_RSA:
  		case KEY_DSA:
  		case KEY_ECDSA:
@@ -1543,7 +1601,7 @@
  			if (have_agent || key != NULL)
  				sensitive_data.have_ssh2_key = 1;
  			break;
[email protected]@ -2644,7 +2652,9 @@ do_ssh2_kex(void)
[email protected]@ -2646,7 +2654,9 @@ do_ssh2_kex(void)
  	kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
  # endif
  #endif
@@ -1554,33 +1612,66 @@
  	if (options.gss_keyex) {
  		kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server;
 diff -pur old/sshd_config.0 new/sshd_config.0
---- old/sshd_config.0	2015-03-17 21:26:36.000000000 -0700
-+++ new/sshd_config.0	2015-05-12 07:47:28.488941581 -0700
[email protected]@ -375,12 +375,11 @@ DESCRIPTION
+--- old/sshd_config.0
++++ new/sshd_config.0
[email protected]@ -403,13 +403,8 @@ DESCRIPTION
+              specified key types will be appended to the default set instead
+              of replacing them.  The default for this option is:
+ 
+-                [email protected],
+-                [email protected],
+-                [email protected],
+-                [email protected],
+                 [email protected],
+-                ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+-                ssh-ed25519,ssh-rsa
++                ssh-rsa
+ 
+              The -Q option of ssh(1) may be used to list supported key types.
+ 
[email protected]@ -438,8 +433,7 @@ DESCRIPTION
       HostKey
               Specifies a file containing a private host key used by SSH.  The
               default is /etc/ssh/ssh_host_key for protocol version 1, and
 -             /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_ecdsa_key,
 -             /etc/ssh/ssh_host_ed25519_key and /etc/ssh/ssh_host_rsa_key for
-+             /etc/ssh/ssh_host_dsa_key and /etc/ssh/ssh_host_rsa_key for
-              protocol version 2.  Note that sshd(8) will refuse to use a file
-              if it is group/world-accessible.  It is possible to have multiple
--             host key files.  M-bM-^@M-^\rsa1M-bM-^@M-^] keys are used for version 1 and M-bM-^@M-^\dsaM-bM-^@M-^],
--             M-bM-^@M-^\ecdsaM-bM-^@M-^], M-bM-^@M-^\ed25519M-bM-^@M-^] or M-bM-^@M-^\rsaM-bM-^@M-^] are used for version 2 of the SSH
-+             host key files.  M-bM-^@M-^\rsa1M-bM-^@M-^] keys are used for version 1 and M-bM-^@M-^\dsaM-bM-^@M-^]
-+             or M-bM-^@M-^\rsaM-bM-^@M-^] are used for version 2 of the SSH
-              protocol.  It is also possible to specify public host key files
-              instead.  In this case operations on the private key will be
-              delegated to an ssh-agent(1).
[email protected]@ -448,7 +447,6 @@ DESCRIPTION
-              algorithms must be comma-separated.  The supported algorithms
-              are:
++             /etc/ssh/ssh_host_dsa_key, and /etc/ssh/ssh_host_rsa_key for
+              protocol version 2.
+ 
+              Note that sshd(8) will refuse to use a file if it is group/world-
[email protected]@ -447,7 +441,7 @@ DESCRIPTION
+              of the keys are actually used by sshd(8).
+ 
+              It is possible to have multiple host key files.  M-bM-^@M-^\rsa1M-bM-^@M-^] keys are
+-             used for version 1 and M-bM-^@M-^\dsaM-bM-^@M-^], M-bM-^@M-^\ecdsaM-bM-^@M-^], M-bM-^@M-^\ed25519M-bM-^@M-^] or M-bM-^@M-^\rsaM-bM-^@M-^] are
++             used for version 1 and M-bM-^@M-^\dsaM-bM-^@M-^], or M-bM-^@M-^\rsaM-bM-^@M-^] are
+              used for version 2 of the SSH protocol.  It is also possible to
+              specify public host key files instead.  In this case operations
+              on the private key will be delegated to an ssh-agent(1).
[email protected]@ -462,13 +456,8 @@ DESCRIPTION
+              Specifies the protocol version 2 host key algorithms that the
+              server offers.  The default for this option is:
+ 
+-                [email protected],
+-                [email protected],
+-                [email protected],
+-                [email protected],
+                 [email protected],
+-                ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+-                ssh-ed25519,ssh-rsa
++                ssh-rsa
+ 
+              The list of available key types may also be obtained using the -Q
+              option of ssh(1) with an argument of M-bM-^@M-^\keyM-bM-^@M-^].
[email protected]@ -532,7 +521,6 @@ DESCRIPTION
+              will be appended to the default set instead of replacing them.
+              The supported algorithms are:
  
 -                   [email protected]
                     diffie-hellman-group1-sha1
                     diffie-hellman-group14-sha1
                     diffie-hellman-group-exchange-sha1
[email protected]@ -459,7 +457,6 @@ DESCRIPTION
[email protected]@ -543,7 +531,6 @@ DESCRIPTION
  
               The default is:
  
@@ -1588,10 +1679,25 @@
                     ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
                     diffie-hellman-group-exchange-sha256,
                     diffie-hellman-group14-sha1
[email protected]@ -787,13 +774,8 @@ DESCRIPTION
+              specified key types will be appended to the default set instead
+              of replacing them.  The default for this option is:
+ 
+-                [email protected],
+-                [email protected],
+-                [email protected],
+-                [email protected],
+                 [email protected],
+-                ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+-                ssh-ed25519,ssh-rsa
++                ssh-rsa
+ 
+              The -Q option of ssh(1) may be used to list supported key types.
+ 
 diff -pur old/sshd_config.5 new/sshd_config.5
---- old/sshd_config.5	2015-05-12 06:57:55.754541097 -0700
-+++ new/sshd_config.5	2015-05-12 07:52:26.170307089 -0700
[email protected]@ -628,8 +628,6 @@ The default is
+--- old/sshd_config.5
++++ new/sshd_config.5
[email protected]@ -712,8 +712,6 @@ The default is
  .Pa /etc/ssh/ssh_host_key
  for protocol version 1, and
  .Pa /etc/ssh/ssh_host_dsa_key ,
@@ -1600,7 +1706,7 @@
  and
  .Pa /etc/ssh/ssh_host_rsa_key
  for protocol version 2.
[email protected]@ -640,8 +638,6 @@ It is possible to have multiple host key
[email protected]@ -730,8 +728,6 @@ It is possible to have multiple host key
  .Dq rsa1
  keys are used for version 1 and
  .Dq dsa ,
@@ -1609,7 +1715,7 @@
  or
  .Dq rsa
  are used for version 2 of the SSH protocol.
[email protected]@ -764,8 +760,6 @@ The supported algorithms are:
[email protected]@ -878,8 +874,6 @@ The supported algorithms are:
  .Pp
  .Bl -item -compact -offset indent
  .It
@@ -1618,7 +1724,7 @@
  diffie-hellman-group1-sha1
  .It
  diffie-hellman-group14-sha1
[email protected]@ -783,7 +777,6 @@ ecdh-sha2-nistp521
[email protected]@ -897,7 +891,6 @@ ecdh-sha2-nistp521
  .Pp
  The default is:
  .Bd -literal -offset indent
@@ -1627,8 +1733,8 @@
  diffie-hellman-group-exchange-sha256,
  diffie-hellman-group14-sha1
 diff -pur old/sshkey.c new/sshkey.c
---- old/sshkey.c	2015-05-12 06:57:55.756061267 -0700
-+++ new/sshkey.c	2015-05-27 03:34:57.475875579 -0700
+--- old/sshkey.c
++++ new/sshkey.c
 @@ -85,9 +85,11 @@ struct keytype {
  	int cert;
  };
@@ -1641,7 +1747,7 @@
  #ifdef WITH_OPENSSL
  	{ NULL, "RSA1", KEY_RSA1, 0, 0 },
  	{ "ssh-rsa", "RSA", KEY_RSA, 0, 0 },
[email protected]@ -284,8 +286,10 @@ sshkey_size(const struct sshkey *k)
[email protected]@ -278,8 +280,10 @@ sshkey_size(const struct sshkey *k)
  	case KEY_ECDSA_CERT:
  		return sshkey_curve_nid_to_bits(k->ecdsa_nid);
  #endif /* WITH_OPENSSL */
@@ -1652,7 +1758,7 @@
  		return 256;	/* XXX */
  	}
  	return 0;
[email protected]@ -310,7 +314,9 @@ sshkey_type_is_valid_ca(int type)
[email protected]@ -292,7 +296,9 @@ sshkey_type_is_valid_ca(int type)
  	case KEY_RSA:
  	case KEY_DSA:
  	case KEY_ECDSA:
@@ -1662,7 +1768,7 @@
  		return 1;
  	default:
  		return 0;
[email protected]@ -338,8 +344,10 @@ sshkey_type_plain(int type)
[email protected]@ -318,8 +324,10 @@ sshkey_type_plain(int type)
  		return KEY_DSA;
  	case KEY_ECDSA_CERT:
  		return KEY_ECDSA;
@@ -1673,7 +1779,7 @@
  	default:
  		return type;
  	}
[email protected]@ -492,8 +500,10 @@ sshkey_new(int type)
[email protected]@ -472,8 +480,10 @@ sshkey_new(int type)
  	k->dsa = NULL;
  	k->rsa = NULL;
  	k->cert = NULL;
@@ -1684,7 +1790,7 @@
  	switch (k->type) {
  #ifdef WITH_OPENSSL
  	case KEY_RSA1:
[email protected]@ -530,10 +540,12 @@ sshkey_new(int type)
[email protected]@ -508,10 +518,12 @@ sshkey_new(int type)
  		/* Cannot do anything until we know the group */
  		break;
  #endif /* WITH_OPENSSL */
@@ -1697,7 +1803,7 @@
  	case KEY_UNSPEC:
  		break;
  	default:
[email protected]@ -582,10 +594,12 @@ sshkey_add_private(struct sshkey *k)
[email protected]@ -558,10 +570,12 @@ sshkey_add_private(struct sshkey *k)
  		/* Cannot do anything until we know the group */
  		break;
  #endif /* WITH_OPENSSL */
@@ -1710,7 +1816,7 @@
  	case KEY_UNSPEC:
  		break;
  	default:
[email protected]@ -639,6 +653,7 @@ sshkey_free(struct sshkey *k)
[email protected]@ -613,6 +627,7 @@ sshkey_free(struct sshkey *k)
  		break;
  # endif /* OPENSSL_HAS_ECC */
  #endif /* WITH_OPENSSL */
@@ -1718,7 +1824,7 @@
  	case KEY_ED25519:
  	case KEY_ED25519_CERT:
  		if (k->ed25519_pk) {
[email protected]@ -652,6 +667,7 @@ sshkey_free(struct sshkey *k)
[email protected]@ -626,6 +641,7 @@ sshkey_free(struct sshkey *k)
  			k->ed25519_sk = NULL;
  		}
  		break;
@@ -1726,7 +1832,7 @@
  	case KEY_UNSPEC:
  		break;
  	default:
[email protected]@ -731,10 +747,12 @@ sshkey_equal_public(const struct sshkey
[email protected]@ -703,10 +719,12 @@ sshkey_equal_public(const struct sshkey
  		return 1;
  # endif /* OPENSSL_HAS_ECC */
  #endif /* WITH_OPENSSL */
@@ -1739,7 +1845,7 @@
  	default:
  		return 0;
  	}
[email protected]@ -773,7 +791,9 @@ to_blob_buf(const struct sshkey *key, st
[email protected]@ -749,7 +767,9 @@ to_blob_buf(const struct sshkey *key, st
  	case KEY_ECDSA_CERT:
  	case KEY_RSA_CERT:
  #endif /* WITH_OPENSSL */
@@ -1749,7 +1855,7 @@
  		/* Use the existing blob */
  		/* XXX modified flag? */
  		if ((ret = sshbuf_putb(b, key->cert->certblob)) != 0)
[email protected]@ -810,6 +830,7 @@ to_blob_buf(const struct sshkey *key, st
[email protected]@ -786,6 +806,7 @@ to_blob_buf(const struct sshkey *key, st
  			return ret;
  		break;
  #endif /* WITH_OPENSSL */
@@ -1757,7 +1863,7 @@
  	case KEY_ED25519:
  		if (key->ed25519_pk == NULL)
  			return SSH_ERR_INVALID_ARGUMENT;
[email protected]@ -818,6 +839,7 @@ to_blob_buf(const struct sshkey *key, st
[email protected]@ -794,6 +815,7 @@ to_blob_buf(const struct sshkey *key, st
  		    key->ed25519_pk, ED25519_PK_SZ)) != 0)
  			return ret;
  		break;
@@ -1765,25 +1871,23 @@
  	default:
  		return SSH_ERR_KEY_TYPE_UNKNOWN;
  	}
[email protected]@ -1291,13 +1313,17 @@ sshkey_read(struct sshkey *ret, char **c
[email protected]@ -1267,11 +1289,13 @@ sshkey_read(struct sshkey *ret, char **c
  	case KEY_RSA:
  	case KEY_DSA:
  	case KEY_ECDSA:
+-	case KEY_ED25519:
 +#ifndef WITHOUT_ED25519
- 	case KEY_ED25519:
++ 	case KEY_ED25519:
++	case KEY_ED25519_CERT:
 +#endif /* WITHOUT_ED25519 */
- 	case KEY_DSA_CERT_V00:
- 	case KEY_RSA_CERT_V00:
  	case KEY_DSA_CERT:
  	case KEY_ECDSA_CERT:
  	case KEY_RSA_CERT:
-+#ifndef WITHOUT_ED25519
- 	case KEY_ED25519_CERT:
-+#endif /* WITHOUT_ED25519 */
+-	case KEY_ED25519_CERT:
  		space = strchr(cp, ' ');
  		if (space == NULL)
  			return SSH_ERR_INVALID_FORMAT;
[email protected]@ -1389,6 +1415,7 @@ sshkey_read(struct sshkey *ret, char **c
[email protected]@ -1363,6 +1387,7 @@ sshkey_read(struct sshkey *ret, char **c
  		}
  # endif /* OPENSSL_HAS_ECC */
  #endif /* WITH_OPENSSL */
@@ -1791,7 +1895,7 @@
  		if (sshkey_type_plain(ret->type) == KEY_ED25519) {
  			free(ret->ed25519_pk);
  			ret->ed25519_pk = k->ed25519_pk;
[email protected]@ -1397,6 +1424,7 @@ sshkey_read(struct sshkey *ret, char **c
[email protected]@ -1371,6 +1396,7 @@ sshkey_read(struct sshkey *ret, char **c
  			/* XXX */
  #endif
  		}
@@ -1799,18 +1903,7 @@
  		retval = 0;
  /*XXXX*/
  		sshkey_free(k);
[email protected]@ -1460,8 +1488,10 @@ sshkey_write(const struct sshkey *key, F
- 	case KEY_RSA_CERT_V00:
- 	case KEY_RSA_CERT:
- #endif /* WITH_OPENSSL */
-+#ifndef WITHOUT_ED25519
- 	case KEY_ED25519:
- 	case KEY_ED25519_CERT:
-+#endif /* WITHOUT_ED25519 */
- 		if ((bb = sshbuf_new()) == NULL) {
- 			ret = SSH_ERR_ALLOC_FAIL;
- 			goto out;
[email protected]@ -1671,7 +1701,8 @@ sshkey_generate(int type, u_int bits, st
[email protected]@ -1662,7 +1688,8 @@ sshkey_generate(int type, u_int bits, st
  	if ((k = sshkey_new(KEY_UNSPEC)) == NULL)
  		return SSH_ERR_ALLOC_FAIL;
  	switch (type) {
@@ -1820,7 +1913,7 @@
  		if ((k->ed25519_pk = malloc(ED25519_PK_SZ)) == NULL ||
  		    (k->ed25519_sk = malloc(ED25519_SK_SZ)) == NULL) {
  			ret = SSH_ERR_ALLOC_FAIL;
[email protected]@ -1680,6 +1711,7 @@ sshkey_generate(int type, u_int bits, st
[email protected]@ -1671,6 +1698,7 @@ sshkey_generate(int type, u_int bits, st
  		crypto_sign_ed25519_keypair(k->ed25519_pk, k->ed25519_sk);
  		ret = 0;
  		break;
@@ -1828,7 +1921,7 @@
  #ifdef WITH_OPENSSL
  	case KEY_DSA:
  		ret = dsa_generate_private_key(bits, &k->dsa);
[email protected]@ -1817,6 +1849,7 @@ sshkey_from_private(const struct sshkey
[email protected]@ -1806,6 +1834,7 @@ sshkey_from_private(const struct sshkey
  		}
  		break;
  #endif /* WITH_OPENSSL */
@@ -1836,7 +1929,7 @@
  	case KEY_ED25519:
  	case KEY_ED25519_CERT:
  		if ((n = sshkey_new(k->type)) == NULL)
[email protected]@ -1829,6 +1862,7 @@ sshkey_from_private(const struct sshkey
[email protected]@ -1818,6 +1847,7 @@ sshkey_from_private(const struct sshkey
  			memcpy(n->ed25519_pk, k->ed25519_pk, ED25519_PK_SZ);
  		}
  		break;
@@ -1844,7 +1937,7 @@
  	default:
  		return SSH_ERR_KEY_TYPE_UNKNOWN;
  	}
[email protected]@ -2100,6 +2134,7 @@ sshkey_from_blob_internal(struct sshbuf
[email protected]@ -2084,6 +2114,7 @@ sshkey_from_blob_internal(struct sshbuf
  		break;
  # endif /* OPENSSL_HAS_ECC */
  #endif /* WITH_OPENSSL */
@@ -1852,7 +1945,7 @@
  	case KEY_ED25519_CERT:
  		/* Skip nonce */
  		if (sshbuf_get_string_direct(b, NULL, NULL) != 0) {
[email protected]@ -2121,6 +2156,7 @@ sshkey_from_blob_internal(struct sshbuf
[email protected]@ -2105,6 +2136,7 @@ sshkey_from_blob_internal(struct sshbuf
  		key->ed25519_pk = pk;
  		pk = NULL;
  		break;
@@ -1860,7 +1953,7 @@
  	case KEY_UNSPEC:
  		if ((key = sshkey_new(type)) == NULL) {
  			ret = SSH_ERR_ALLOC_FAIL;
[email protected]@ -2215,9 +2251,11 @@ sshkey_sign(const struct sshkey *key,
[email protected]@ -2197,9 +2229,11 @@ sshkey_sign(const struct sshkey *key,
  	case KEY_RSA:
  		return ssh_rsa_sign(key, sigp, lenp, data, datalen, compat);
  #endif /* WITH_OPENSSL */
@@ -1872,7 +1965,7 @@
  	default:
  		return SSH_ERR_KEY_TYPE_UNKNOWN;
  	}
[email protected]@ -2249,9 +2287,11 @@ sshkey_verify(const struct sshkey *key,
[email protected]@ -2229,9 +2263,11 @@ sshkey_verify(const struct sshkey *key,
  	case KEY_RSA:
  		return ssh_rsa_verify(key, sig, siglen, data, dlen, compat);
  #endif /* WITH_OPENSSL */
@@ -1884,7 +1977,7 @@
  	default:
  		return SSH_ERR_KEY_TYPE_UNKNOWN;
  	}
[email protected]@ -2275,8 +2315,10 @@ sshkey_demote(const struct sshkey *k, st
[email protected]@ -2255,8 +2291,10 @@ sshkey_demote(const struct sshkey *k, st
  	pk->dsa = NULL;
  	pk->ecdsa = NULL;
  	pk->rsa = NULL;
@@ -1895,7 +1988,7 @@
  
  	switch (k->type) {
  #ifdef WITH_OPENSSL
[email protected]@ -2328,6 +2370,7 @@ sshkey_demote(const struct sshkey *k, st
[email protected]@ -2306,6 +2344,7 @@ sshkey_demote(const struct sshkey *k, st
  		break;
  # endif /* OPENSSL_HAS_ECC */
  #endif /* WITH_OPENSSL */
@@ -1903,7 +1996,7 @@
  	case KEY_ED25519_CERT:
  		if ((ret = sshkey_cert_copy(k, pk)) != 0)
  			goto fail;
[email protected]@ -2341,6 +2384,7 @@ sshkey_demote(const struct sshkey *k, st
[email protected]@ -2319,6 +2358,7 @@ sshkey_demote(const struct sshkey *k, st
  			memcpy(pk->ed25519_pk, k->ed25519_pk, ED25519_PK_SZ);
  		}
  		break;
@@ -1911,21 +2004,19 @@
  	default:
  		ret = SSH_ERR_KEY_TYPE_UNKNOWN;
   fail:
[email protected]@ -2371,11 +2415,13 @@ sshkey_to_certified(struct sshkey *k, in
[email protected]@ -2347,9 +2387,11 @@ sshkey_to_certified(struct sshkey *k)
  		newtype = KEY_ECDSA_CERT;
  		break;
  #endif /* WITH_OPENSSL */
 +#ifndef WITHOUT_ED25519
  	case KEY_ED25519:
- 		if (legacy)
- 			return SSH_ERR_INVALID_ARGUMENT;
  		newtype = KEY_ED25519_CERT;
  		break;
 +#endif /* WITHOUT_ED25519 */
  	default:
  		return SSH_ERR_INVALID_ARGUMENT;
  	}
[email protected]@ -2458,11 +2504,13 @@ sshkey_certify(struct sshkey *k, struct
[email protected]@ -2428,11 +2470,13 @@ sshkey_certify(struct sshkey *k, struct
  			goto out;
  		break;
  #endif /* WITH_OPENSSL */
@@ -1939,7 +2030,7 @@
  	default:
  		ret = SSH_ERR_INVALID_ARGUMENT;
  		goto out;
[email protected]@ -2657,6 +2705,7 @@ sshkey_private_serialize(const struct ss
[email protected]@ -2607,6 +2651,7 @@ sshkey_private_serialize(const struct ss
  		break;
  # endif /* OPENSSL_HAS_ECC */
  #endif /* WITH_OPENSSL */
@@ -1947,7 +2038,7 @@
  	case KEY_ED25519:
  		if ((r = sshbuf_put_string(b, key->ed25519_pk,
  		    ED25519_PK_SZ)) != 0 ||
[email protected]@ -2676,6 +2725,7 @@ sshkey_private_serialize(const struct ss
[email protected]@ -2626,6 +2671,7 @@ sshkey_private_serialize(const struct ss
  		    ED25519_SK_SZ)) != 0)
  			goto out;
  		break;
@@ -1955,7 +2046,7 @@
  	default:
  		r = SSH_ERR_INVALID_ARGUMENT;
  		goto out;
[email protected]@ -2802,6 +2852,7 @@ sshkey_private_deserialize(struct sshbuf
[email protected]@ -2750,6 +2796,7 @@ sshkey_private_deserialize(struct sshbuf
  			goto out;
  		break;
  #endif /* WITH_OPENSSL */
@@ -1963,7 +2054,7 @@
  	case KEY_ED25519:
  		if ((k = sshkey_new_private(type)) == NULL) {
  			r = SSH_ERR_ALLOC_FAIL;
[email protected]@ -2832,6 +2883,7 @@ sshkey_private_deserialize(struct sshbuf
[email protected]@ -2780,6 +2827,7 @@ sshkey_private_deserialize(struct sshbuf
  		k->ed25519_sk = ed25519_sk;
  		ed25519_pk = ed25519_sk = NULL;
  		break;
@@ -1971,7 +2062,7 @@
  	default:
  		r = SSH_ERR_KEY_TYPE_UNKNOWN;
  		goto out;
[email protected]@ -3591,9 +3643,11 @@ sshkey_private_to_fileblob(struct sshkey
[email protected]@ -3545,9 +3593,11 @@ sshkey_private_to_fileblob(struct sshkey
  		return sshkey_private_pem_to_blob(key, blob,
  		    passphrase, comment);
  #endif /* WITH_OPENSSL */
@@ -1983,7 +2074,7 @@
  	default:
  		return SSH_ERR_KEY_TYPE_UNKNOWN;
  	}
[email protected]@ -3899,9 +3953,11 @@ sshkey_parse_private_fileblob_type(struc
[email protected]@ -3853,9 +3903,11 @@ sshkey_parse_private_fileblob_type(struc
  		return sshkey_parse_private_pem_fileblob(blob, type,
  		    passphrase, keyp);
  #endif /* WITH_OPENSSL */
@@ -1996,14 +2087,15 @@
  		if ((r = sshkey_parse_private2(blob, type, passphrase, keyp,
  		    commentp)) == 0)
 diff -pur old/sshkey.h new/sshkey.h
---- old/sshkey.h	2015-05-12 06:57:55.756485788 -0700
-+++ new/sshkey.h	2015-05-12 06:57:55.885805405 -0700
+--- old/sshkey.h
++++ new/sshkey.h
 @@ -57,11 +57,15 @@ enum sshkey_types {
  	KEY_RSA,
  	KEY_DSA,
  	KEY_ECDSA,
+-	KEY_ED25519,
 +#ifndef WITHOUT_ED25519
- 	KEY_ED25519,
++ 	KEY_ED25519,
 +#endif /* WITHOUT_ED25519 */
  	KEY_RSA_CERT,
  	KEY_DSA_CERT,
@@ -2011,10 +2103,10 @@
 +#ifndef WITHOUT_ED25519
  	KEY_ED25519_CERT,
 +#endif /* WITHOUT_ED25519 */
- 	KEY_RSA_CERT_V00,
- 	KEY_DSA_CERT_V00,
  	KEY_NULL,
[email protected]@ -106,13 +110,17 @@ struct sshkey {
+ 	KEY_UNSPEC
+ };
[email protected]@ -104,13 +108,17 @@ struct sshkey {
  	DSA	*dsa;
  	int	 ecdsa_nid;	/* NID of curve */
  	EC_KEY	*ecdsa;
@@ -2032,7 +2124,7 @@
  
  struct sshkey	*sshkey_new(int);
  int		 sshkey_add_private(struct sshkey *);
[email protected]@ -210,11 +218,13 @@ int ssh_ecdsa_sign(const struct sshkey *
[email protected]@ -208,11 +216,13 @@ int ssh_ecdsa_sign(const struct sshkey *
  int ssh_ecdsa_verify(const struct sshkey *key,
      const u_char *signature, size_t signaturelen,
      const u_char *data, size_t datalen, u_int compat);
--- a/components/openssh/patches/027-missing_include.patch	Wed Oct 28 12:22:49 2015 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,27 +0,0 @@
-#
-# This patch adds a missing include to avoid compilation error.
-#
-# Recently, OpenSSH includes were refactored, so that header files no longer
-# include system header files. System header files are now included in
-# sources only.
-#
-# kex.h references sig_atomic_t, but no longer includes signal.h.
-# Now every file including kex.h must include signal.h. gss-genr.c failed
-# to do so, which resulted in unknown type compilation error.
-#
-# The patch has been accepted by upstream and will be part of 6.9 release.
-#    https://bugzilla.mindrot.org/show_bug.cgi?id=2402
-#
-# When upgrading to some release >=6.9, this patch will be dropped.
-#
---- a/gss-genr.c	
-+++ a/gss-genr.c	
[email protected]@ -34,6 +34,7 @@ 
- #include <limits.h>
- #include <stdarg.h>
- #include <string.h>
-+#include <signal.h>
- #include <unistd.h>
- 
- #include "xmalloc.h"
-
--- a/components/openssh/patches/028-relax_bits_needed_check.patch	Wed Oct 28 12:22:49 2015 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,23 +0,0 @@
-#
-# Relax bits needed check to allow diffie-hellman-group1-sha1 key exchange to
-# complete when chacha20-poly1305 was selected as the cipher.
-# 
-# OpenSSH 6.8 regression causing test case failure.
-# 
-# Fixed in 6.9:
-# https://github.com/openssh/openssh-portable/commit/b8afbe2c1aaf573565e4da775261dfafc8b1ba9c
-# 
-# This patch will be removed when upgrading to 6.9 or higher.
-# 
-diff -pur old/dh.c new/dh.c
---- old/dh.c	2015-03-16 22:49:20.000000000 -0700
-+++ new/dh.c	2015-06-01 05:24:39.007860187 -0700
[email protected]@ -261,7 +261,7 @@ dh_gen_key(DH *dh, int need)
- 
- 	if (need < 0 || dh->p == NULL ||
- 	    (pbits = BN_num_bits(dh->p)) <= 0 ||
--	    need > INT_MAX / 2 || 2 * need >= pbits)
-+	    need > INT_MAX / 2 || 2 * need > pbits)
- 		return SSH_ERR_INVALID_ARGUMENT;
- 	dh->length = MIN(need * 2, pbits - 1);
- 	if (DH_generate_key(dh) == 0 ||
--- a/components/openssh/patches/030-auth_limits_bypass_fix.patch	Wed Oct 28 12:22:49 2015 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,35 +0,0 @@
-#
-# This is to fix a keyboard-interactive authentication brute force
-# vulnerability (MaxAuthTries bypass). A CVE number (CVE-2015-5600) has been
-# reserved for this problem, but not officially issued yet. This fix came from
-# OpenSSH upstream, which will be included in the future OpenSSH 7.0p1 release.
-# When we upgrade OpenSSH to 7.0 in the future, we will remove this patch.
-#
---- orig/auth2-chall.c	Fri Jul 24 17:36:37 2015
-+++ new/auth2-chall.c	Fri Jul 24 17:47:21 2015
[email protected]@ -83,6 +83,7 @@
- 	void *ctxt;
- 	KbdintDevice *device;
- 	u_int nreq;
-+        u_int devices_done;
- };
- 
- #ifdef USE_PAM
[email protected]@ -169,11 +170,15 @@
- 		if (len == 0)
- 			break;
- 		for (i = 0; devices[i]; i++) {
--			if (!auth2_method_allowed(authctxt,
-+			if ((kbdintctxt->devices_done & (1 << i)) != 0 ||
-+			    !auth2_method_allowed(authctxt,
- 			    "keyboard-interactive", devices[i]->name))
- 				continue;
--			if (strncmp(kbdintctxt->devices, devices[i]->name, len) == 0)
-+			if (strncmp(kbdintctxt->devices, devices[i]->name,
-+			    len) == 0) {
- 				kbdintctxt->device = devices[i];
-+				kbdintctxt->devices_done |= 1 << i;
-+			}
- 		}
- 		t = kbdintctxt->devices;
- 		kbdintctxt->devices = t[len] ? xstrdup(t+len+1) : NULL;
--- a/components/openssh/patches/033-superfluous_error.patch	Wed Oct 28 12:22:49 2015 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,22 +0,0 @@
-Remove error() accidentally inserted for debugging.
-
-OpenSSH 6.8 regression, already fixed in OpenSSH 6.9:
-https://github.com/openssh/openssh-portable/commit/4d24b3b6
-
-Remove this patch when upgrading to OpenSSH 6.9 or higher.
-
-diff -pur old/monitor_wrap.c new/monitor_wrap.c
---- old/monitor_wrap.c
-+++ new/monitor_wrap.c
[email protected]@ -153,10 +153,8 @@ mm_request_receive(int sock, Buffer *m)
- 	debug3("%s entering", __func__);
- 
- 	if (atomicio(read, sock, buf, sizeof(buf)) != sizeof(buf)) {
--		if (errno == EPIPE) {
--			error("%s: socket closed", __func__);
-+		if (errno == EPIPE)
- 			cleanup_exit(255);
--		}
- 		fatal("%s: read: %s", __func__, strerror(errno));
- 	}
- 	msg_len = get_u32(buf);