Update openssh package to 4.4.1 (openssh-4.4p1).

- A few pkglint warning clean up.
- Major changes are here.  For complete changes,
  see http://www.openssh.com/txt/release-4.4.

Changes since OpenSSH 4.3:
============================

Security bugs resolved in this release:

 * Fix a pre-authentication denial of service found by Tavis Ormandy,
   that would cause sshd(8) to spin until the login grace time
   expired.

 * Fix an unsafe signal hander reported by Mark Dowd. The signal
   handler was vulnerable to a race condition that could be exploited
   to perform a pre-authentication denial of service. On portable
   OpenSSH, this vulnerability could theoretically lead to
   pre-authentication remote code execution if GSSAPI authentication
   is enabled, but the likelihood of successful exploitation appears
   remote.

 * On portable OpenSSH, fix a GSSAPI authentication abort that could
   be used to determine the validity of usernames on some platforms.

This release includes the following new functionality and fixes:

 * Implemented conditional configuration in sshd_config(5) using the
   "Match" directive. This allows some configuration options to be
   selectively overridden if specific criteria (based on user, group,
   hostname and/or address) are met. So far a useful subset of post-
   authentication options are supported and more are expected to be
   added in future releases.

 * Add support for Diffie-Hellman group exchange key agreement with a
   final hash of SHA256.

 * Added a "ForceCommand" directive to sshd_config(5). Similar to the
   command="..." option accepted in ~/.ssh/authorized_keys, this forces
   the execution of the specified command regardless of what the user
   requested. This is very useful in conjunction with the new "Match"
   option.

 * Add a "PermitOpen" directive to sshd_config(5). This mirrors the
   permitopen="..." authorized_keys option, allowing fine-grained
   control over the port-forwardings that a user is allowed to
   establish.

 * Add optional logging of transactions to sftp-server(8).

 * ssh(1) will now record port numbers for hosts stored in
   ~/.ssh/authorized_keys when a non-standard port has been requested.

 * Add an "ExitOnForwardFailure" option to cause ssh(1) to exit (with
   a non-zero exit code) when requested port forwardings could not be
   established.

 * Extend sshd_config(5) "SubSystem" declarations to allow the
   specification of command-line arguments.

 * Replacement of all integer overflow susceptible invocations of
   malloc(3) and realloc(3) with overflow-checking equivalents.

 * Many manpage fixes and improvements

 * New portable OpenSSH-specific features:

   - Add optional support for SELinux, controlled using the
     --with-selinux configure option (experimental)

   - Add optional support for Solaris process contracts, enabled
     using the --with-solaris-contracts configure option (experimental)
     This option will also include SMF metadata in Solaris packages
     built using the "make package" target

   - Add optional support for OpenSSL hardware accelerators (engines),
     enabled using the --with-ssl-engine configure option.

30 files changed, 218 insertions, 359 deletions

diff --git a/security/openssh/Makefile b/security/openssh/Makefile
index e3386ed606f..516102eb423 100644
--- a/security/openssh/Makefile
+++ b/security/openssh/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.171 2006/09/28 10:10:52 taca Exp $
+# $NetBSD: Makefile,v 1.172 2006/10/31 03:31:19 taca Exp $
 
-DISTNAME=		openssh-4.3p2
-PKGNAME=		openssh-4.3.2
+DISTNAME=		openssh-4.4p1
+PKGNAME=		openssh-4.4.1
 #PKGREVISION=		1
 SVR4_PKGNAME=		ossh
 CATEGORIES=		security
@@ -31,6 +31,9 @@ CRYPTO=			yes
 # retain the following line, for IPv6-ready pkgsrc webpage
 BUILD_DEFS+=		USE_INET6
 
+BUILD_DEFS+=		OPENSSH_CHROOT OPENSSH_GROUP OPENSSH_USER
+BUILD_DEFS+=		VARBASE
+
 INSTALL_TARGET=		install-nokeys
 PLIST_SRC=		# empty
 
@@ -135,8 +138,8 @@ PLIST_SRC+=		${.CURDIR}/PLIST.prng
 
 EGDIR=			${PREFIX}/share/examples/${PKGBASE}
 CONF_FILES=		# empty
-.for FILE in ${CONFS}
-CONF_FILES+=		${EGDIR}/${FILE} ${PKG_SYSCONFDIR}/${FILE}
+.for f in ${CONFS}
+CONF_FILES+=		${EGDIR}/${f} ${PKG_SYSCONFDIR}/${f}
 .endfor
 OWN_DIRS=		${OPENSSH_CHROOT}
 RCD_SCRIPTS=		sshd
@@ -144,6 +147,12 @@ RCD_SCRIPTS=		sshd
 PLIST_SRC+=		${.CURDIR}/PLIST
 FILES_SUBST+=		SSH_PID_DIR=${SSH_PID_DIR:Q}
 
+SUBST_CLASSES+=		patch
+SUBST_STAGE.patch=	pre-configure
+SUBST_FILES.patch=	session.c
+SUBST_SED.patch=	-e '/channel_input_port_forward_request/s/0/ROOTUID/'
+SUBST_MESSAGE.patch=	More patch a file.
+
 .include "../../devel/zlib/buildlink3.mk"
 .include "../../security/openssl/buildlink3.mk"
 .include "../../security/tcp_wrappers/buildlink3.mk"
diff --git a/security/openssh/distinfo b/security/openssh/distinfo
index 12ebff2a1c5..2c7d2ef0625 100644
--- a/security/openssh/distinfo
+++ b/security/openssh/distinfo
@@ -1,34 +1,30 @@
-$NetBSD: distinfo,v 1.54 2006/09/28 10:10:52 taca Exp $
+$NetBSD: distinfo,v 1.55 2006/10/31 03:31:19 taca Exp $
 
-SHA1 (openssh-4.3p1-hpn11.diff) = 22f2c99d314abc400bd1731d9c35b0540cbf2eae
-RMD160 (openssh-4.3p1-hpn11.diff) = c3b807437fd9f40f2ab73c52586de194b84cce6e
-Size (openssh-4.3p1-hpn11.diff) = 11024 bytes
-SHA1 (openssh-4.3p2.tar.gz) = 2b5b0751fd578283ba7b106025c0ba391fd72f1f
-RMD160 (openssh-4.3p2.tar.gz) = ccd5967e3296347e6dd2be43c3d6caacde2b6833
-Size (openssh-4.3p2.tar.gz) = 941455 bytes
-SHA1 (patch-aa) = 213f5f5a3c7ae0bceafac1b169063fc71806dc7c
-SHA1 (patch-ab) = 6c71ad1a39a1d6f7e48fc244993a4189c2cd9ef7
-SHA1 (patch-ac) = 8c625fdaca4d73c27e4e68b5bb3aa54327eb61ff
-SHA1 (patch-ad) = 23f73b7ce008c6ccd431d3d80692e59fcf33aa14
-SHA1 (patch-ae) = 0ea1559a47f536fe7bf758f78a2cae672285875f
-SHA1 (patch-af) = abb711b840d58b499de961b72df7550b9298134a
-SHA1 (patch-ag) = b8b454c107e4e35473265489445e8918113d8ea8
-SHA1 (patch-ah) = 5435b5d55c3a728f05243bbaade94bf6c3b7a6ef
-SHA1 (patch-ai) = f4ac9340c106c30434cd017bc91a06c9bc83258c
-SHA1 (patch-aj) = 44f2b11949a4dea6a8760b8397db5360b64bf01f
-SHA1 (patch-ak) = 99f789676e606d4a51effc2abc02a50776f4e781
-SHA1 (patch-al) = 2843c7c6e8b3d93a03b2d66d71c894a9e302f987
-SHA1 (patch-am) = 19f8c2f251354995d5efc041023dca0290caf171
-SHA1 (patch-an) = 6242250d2393b2ac4041f117fe4539a29e1cadeb
-SHA1 (patch-ao) = 9721181847cc8cab0458d84a45e0384da9d34679
-SHA1 (patch-ap) = 05f53408ea224ddd6934ae64ec7698f604ecf8cd
-SHA1 (patch-aq) = 3786a41a974d6583f379350068a762a725b8334d
-SHA1 (patch-ar) = fe7d5b715ac51bece44d6f3ba9c3c6245d27d00d
-SHA1 (patch-as) = 6af976b7c018c1a9b0841617edbffdb8b977a2d6
-SHA1 (patch-at) = ffbcb38cf8578f05319b2af9cfcdb5ada2a57e78
-SHA1 (patch-au) = 052b0b6d8869ad09144e4fc9e1b3c5e03c669c44
-SHA1 (patch-av) = 5543fcf94eaad26e27043c1527921e23ecfefc77
-SHA1 (patch-aw) = 95d49965b0f24bf117e790785d3a8ef553865bda
-SHA1 (patch-ax) = 2c6923c767e7549d746d35358ecef2156012b227
-SHA1 (patch-ay) = e64d4266556ce05a5fd5e14ee4e988e7bf075576
-SHA1 (patch-az) = 341c42c82ddb6177bd8ac41813d6ad1e4b6e3839
+SHA1 (openssh-4.4p1-hpn.diff.gz) = 20aabe012378cbb6462b685baf118f2f286ccaa8
+RMD160 (openssh-4.4p1-hpn.diff.gz) = 6cf2dba89154fc3475f4321911d8f1a307551965
+Size (openssh-4.4p1-hpn.diff.gz) = 16258 bytes
+SHA1 (openssh-4.4p1.tar.gz) = 6a52b1dee1c2c9862923c0008d201d98a7fd9d6c
+RMD160 (openssh-4.4p1.tar.gz) = 13eb79a54e95037fff1902b659319df1c5f79bbc
+Size (openssh-4.4p1.tar.gz) = 1044334 bytes
+SHA1 (patch-aa) = f29644c520908ed5489890515c0f8cea1b871480
+SHA1 (patch-ab) = 81d7c002eb83147ef80513b16bd3041af0b07ddc
+SHA1 (patch-ac) = dfb054ef02fbb5d206f6adaf82944f16da20eaf9
+SHA1 (patch-ad) = 7921e029b56c0e4769a7ada03dff3eb2e275db7d
+SHA1 (patch-ae) = 9585221f9e49b4ebea31c374066d70e11aa804a1
+SHA1 (patch-af) = ca3224af0b648803404776a8c12ed678db4f8ff6
+SHA1 (patch-ag) = b6f92a5394a3442fcc0c2a2ee204c10df5a4aea5
+SHA1 (patch-ah) = bc0d7c2903ecf264e62b53f3864812af5f2f04ce
+SHA1 (patch-ai) = becad6262e5daeef2a6db14097a8971c40088403
+SHA1 (patch-aj) = 4f477f40d1d891dcda9083cec5521e80410ebd54
+SHA1 (patch-ak) = 3720afb4e95356d5310762cda881820d524dcffc
+SHA1 (patch-al) = d312a068047a375e52180026554bab745efdcdb7
+SHA1 (patch-am) = 4e2278b20e87e530e1819efde976d4414e160e38
+SHA1 (patch-an) = 283b17f27224dad853091d5145f2dab342132f8f
+SHA1 (patch-ao) = a70da4f5942553a42fa935b82172e601b29951df
+SHA1 (patch-ap) = 2c0c092637661328046b71292a7412d09e92bb2a
+SHA1 (patch-aq) = a619b57361b04d5ab3d41375c18f7b99d71c8b34
+SHA1 (patch-ar) = fce4dc1011a124f02b8e14980cda1d633b36aa7d
+SHA1 (patch-as) = 19660f5983931ea3b053e6f4289cf6fae2ce50f3
+SHA1 (patch-au) = 6cfdfc531e2267017a15e66ea48c7ecfa2a3926f
+SHA1 (patch-av) = 2e7b36f234f38c0f9e5b5d453574ff3844d466f8
+SHA1 (patch-aw) = 2a88b7563c6f52163c6c5f716e437ecaea613a30
diff --git a/security/openssh/hacks.mk b/security/openssh/hacks.mk
index 69587da1f6f..584370a649a 100644
--- a/security/openssh/hacks.mk
+++ b/security/openssh/hacks.mk
@@ -1,4 +1,4 @@
-# $NetBSD: hacks.mk,v 1.1 2006/05/14 21:13:42 schwarz Exp $
+# $NetBSD: hacks.mk,v 1.2 2006/10/31 03:31:19 taca Exp $
 
 .if !defined(OPENSSH_HACKS_MK)
 OPENSSH_HACKS_MK=	# defined
@@ -6,7 +6,7 @@ OPENSSH_HACKS_MK=	# defined
 ### [Sun May 14 15:09:28 CDT 2006 : schwarz]
 ### work around a definition conflict for _res present in openssh
 ### 4.3p1 and 4.3p2 (should be fixed with later releases)
-### 
+###
 .if !empty(LOWER_OPSYS:Mirix5*)
 PKG_HACKS+=		_res-conflict
 CPPFLAGS+=		-D_res=_compat_res
diff --git a/security/openssh/options.mk b/security/openssh/options.mk
index 8c887c41e68..a2754b84d9a 100644
--- a/security/openssh/options.mk
+++ b/security/openssh/options.mk
@@ -1,4 +1,4 @@
-# $NetBSD: options.mk,v 1.8 2006/02/12 00:13:55 salo Exp $
+# $NetBSD: options.mk,v 1.9 2006/10/31 03:31:19 taca Exp $
 
 .include "../../mk/bsd.prefs.mk"
 
@@ -17,7 +17,7 @@ CONFIGURE_ARGS+=        --with-kerberos5=${KRB5BASE:Q}
 .endif
 
 .if !empty(PKG_OPTIONS:Mhpn-patch)
-PATCHFILES=		openssh-4.3p1-hpn11.diff
+PATCHFILES=		openssh-4.4p1-hpn.diff.gz
 PATCH_SITES=		http://www.psc.edu/networking/projects/hpn-ssh/
 PATCH_DIST_STRIP=	-p1
 .endif
diff --git a/security/openssh/patches/patch-aa b/security/openssh/patches/patch-aa
index 06382a4b831..0dd61a862d3 100644
--- a/security/openssh/patches/patch-aa
+++ b/security/openssh/patches/patch-aa
@@ -1,8 +1,8 @@
-$NetBSD: patch-aa,v 1.41 2006/02/12 00:13:55 salo Exp $
+$NetBSD: patch-aa,v 1.42 2006/10/31 03:31:19 taca Exp $
 
---- configure.orig	2006-02-01 05:33:51.000000000 -0600
-+++ configure	2006-02-08 22:02:30.000000000 -0600
-@@ -5417,6 +5417,36 @@
+--- configure.orig	2006-09-26 20:03:41.000000000 +0900
++++ configure
+@@ -7326,6 +7326,36 @@ _ACEOF
  		;;
  	esac
  	;;
@@ -39,7 +39,7 @@ $NetBSD: patch-aa,v 1.41 2006/02/12 00:13:55 salo Exp $
  *-*-irix5*)
  	PATH="$PATH:/usr/etc"
  
-@@ -6233,7 +6263,7 @@
+@@ -7931,7 +7961,7 @@ cat >>confdefs.h <<\_ACEOF
  _ACEOF
  
  	;;
@@ -48,7 +48,7 @@ $NetBSD: patch-aa,v 1.41 2006/02/12 00:13:55 salo Exp $
  	check_for_libcrypt_later=1
  
  cat >>confdefs.h <<\_ACEOF
-@@ -7269,6 +7299,9 @@
+@@ -9144,6 +9174,9 @@ _ACEOF
          ;;
  esac
  
@@ -57,9 +57,17 @@ $NetBSD: patch-aa,v 1.41 2006/02/12 00:13:55 salo Exp $
 +
  # Allow user to specify flags
  
- # Check whether --with-cflags or --without-cflags was given.
-@@ -26694,14 +26727,21 @@
- rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+ # Check whether --with-cflags was given.
+@@ -9344,6 +9377,7 @@ for ac_header in \
+ 	maillock.h \
+ 	ndir.h \
+ 	net/if_tun.h \
++	net/tun/if_tun.h \
+ 	netdb.h \
+ 	netgroup.h \
+ 	pam/pam_appl.h \
+@@ -32055,14 +32089,21 @@ fi
+ rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
  if test -z "$conf_utmpx_location"; then
  	if test x"$system_utmpx_path" = x"no" ; then
 -		cat >>confdefs.h <<\_ACEOF
@@ -84,8 +92,8 @@ $NetBSD: patch-aa,v 1.41 2006/02/12 00:13:55 salo Exp $
  #define CONF_UTMPX_FILE "$conf_utmpx_location"
  _ACEOF
  
-@@ -26769,14 +26809,20 @@
- rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+@@ -32143,14 +32184,20 @@ fi
+ rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
  if test -z "$conf_wtmpx_location"; then
  	if test x"$system_wtmpx_path" = x"no" ; then
 -		cat >>confdefs.h <<\_ACEOF
@@ -110,7 +118,7 @@ $NetBSD: patch-aa,v 1.41 2006/02/12 00:13:55 salo Exp $
  #define CONF_WTMPX_FILE "$conf_wtmpx_location"
  _ACEOF
  
-@@ -28002,7 +28048,7 @@
+@@ -33383,7 +33430,7 @@ echo "OpenSSH has been configured with t
  echo "                     User binaries: $B"
  echo "                   System binaries: $C"
  echo "               Configuration files: $D"
diff --git a/security/openssh/patches/patch-ab b/security/openssh/patches/patch-ab
index 6820ed2f6b0..6e8f34f8387 100644
--- a/security/openssh/patches/patch-ab
+++ b/security/openssh/patches/patch-ab
@@ -1,8 +1,8 @@
-$NetBSD: patch-ab,v 1.23 2006/02/12 00:13:55 salo Exp $
+$NetBSD: patch-ab,v 1.24 2006/10/31 03:31:20 taca Exp $
 
---- configure.ac.orig	2006-01-29 07:22:39.000000000 -0600
-+++ configure.ac	2006-02-08 20:55:34.000000000 -0600
-@@ -277,6 +277,15 @@
+--- configure.ac.orig	2006-09-25 04:08:59.000000000 +0900
++++ configure.ac
+@@ -324,6 +324,15 @@ main() { if (NSVersionOfRunTimeLibrary("
  		;;
  	esac
  	;;
@@ -18,7 +18,7 @@ $NetBSD: patch-ab,v 1.23 2006/02/12 00:13:55 salo Exp $
  *-*-irix5*)
  	PATH="$PATH:/usr/etc"
  	AC_DEFINE(BROKEN_INET_NTOA, 1,
-@@ -597,6 +606,9 @@
+@@ -663,6 +672,9 @@ mips-sony-bsd|mips-sony-newsos4)
          ;;
  esac
  
@@ -28,7 +28,15 @@ $NetBSD: patch-ab,v 1.23 2006/02/12 00:13:55 salo Exp $
  # Allow user to specify flags
  AC_ARG_WITH(cflags,
  	[  --with-cflags           Specify additional flags to pass to compiler],
-@@ -3668,9 +3680,17 @@
+@@ -745,6 +757,7 @@ AC_CHECK_HEADERS( \
+ 	maillock.h \
+ 	ndir.h \
+ 	net/if_tun.h \
++	net/tun/if_tun.h \
+ 	netdb.h \
+ 	netgroup.h \
+ 	pam/pam_appl.h \
+@@ -3873,9 +3886,17 @@ AC_TRY_COMPILE([
  )
  if test -z "$conf_utmpx_location"; then
  	if test x"$system_utmpx_path" = x"no" ; then
@@ -48,7 +56,7 @@ $NetBSD: patch-ab,v 1.23 2006/02/12 00:13:55 salo Exp $
  	AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
  		[Define if you want to specify the path to your utmpx file])
  fi
-@@ -3694,9 +3714,17 @@
+@@ -3899,9 +3920,17 @@ AC_TRY_COMPILE([
  )
  if test -z "$conf_wtmpx_location"; then
  	if test x"$system_wtmpx_path" = x"no" ; then
@@ -68,7 +76,7 @@ $NetBSD: patch-ab,v 1.23 2006/02/12 00:13:55 salo Exp $
  	AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
  		[Define if you want to specify the path to your wtmpx file])
  fi
-@@ -3743,7 +3771,7 @@
+@@ -3941,7 +3970,7 @@ echo "OpenSSH has been configured with t
  echo "                     User binaries: $B"
  echo "                   System binaries: $C"
  echo "               Configuration files: $D"
diff --git a/security/openssh/patches/patch-ac b/security/openssh/patches/patch-ac
index 946429ead91..d1859243214 100644
--- a/security/openssh/patches/patch-ac
+++ b/security/openssh/patches/patch-ac
@@ -1,7 +1,7 @@
-$NetBSD: patch-ac,v 1.15 2006/02/12 00:13:55 salo Exp $
+$NetBSD: patch-ac,v 1.16 2006/10/31 03:31:20 taca Exp $
 
---- defines.h.orig	2005-12-17 05:04:09.000000000 -0600
-+++ defines.h	2006-02-08 20:58:45.000000000 -0600
+--- defines.h.orig	2006-09-21 22:13:30.000000000 +0900
++++ defines.h
 @@ -30,6 +30,15 @@
  
  /* Constants */
@@ -15,10 +15,10 @@ $NetBSD: patch-ac,v 1.15 2006/02/12 00:13:55 salo Exp $
 +# define ROOTGID	0
 +#endif
 +
- #ifndef SHUT_RDWR
+ #if defined(HAVE_DECL_SHUT_RD) && HAVE_DECL_SHUT_RD == 0
  enum
  {
-@@ -442,10 +451,6 @@
+@@ -437,10 +446,6 @@ struct winsize {
  # define __attribute__(x)
  #endif /* !defined(__GNUC__) || (__GNUC__ < 2) */
  
@@ -29,7 +29,7 @@ $NetBSD: patch-ac,v 1.15 2006/02/12 00:13:55 salo Exp $
  #if !defined(HAVE_ATTRIBUTE__SENTINEL__) && !defined(__sentinel__)
  # define __sentinel__
  #endif
-@@ -639,6 +644,24 @@
+@@ -643,6 +648,24 @@ struct winsize {
  #    endif
  #  endif
  #endif
diff --git a/security/openssh/patches/patch-ad b/security/openssh/patches/patch-ad
index 06259b5c89b..12ae915a4e4 100644
--- a/security/openssh/patches/patch-ad
+++ b/security/openssh/patches/patch-ad
@@ -1,8 +1,8 @@
-$NetBSD: patch-ad,v 1.11 2005/09/21 18:07:09 reed Exp $
+$NetBSD: patch-ad,v 1.12 2006/10/31 03:31:20 taca Exp $
 
---- loginrec.c.orig	2005-07-17 02:26:44.000000000 -0500
+--- loginrec.c.orig	2006-09-07 21:57:54.000000000 +0900
 +++ loginrec.c
-@@ -414,8 +414,8 @@
+@@ -430,8 +430,8 @@ login_set_addr(struct logininfo *li, con
  int
  login_write(struct logininfo *li)
  {
@@ -13,7 +13,7 @@ $NetBSD: patch-ad,v 1.11 2005/09/21 18:07:09 reed Exp $
  		logit("Attempt to write login records by non-root user (aborting)");
  		return (1);
  	}
-@@ -423,7 +423,7 @@
+@@ -439,7 +439,7 @@ login_write(struct logininfo *li)
  
  	/* set the timestamp */
  	login_set_current_time(li);
@@ -22,7 +22,7 @@ $NetBSD: patch-ad,v 1.11 2005/09/21 18:07:09 reed Exp $
  	syslogin_write_entry(li);
  #endif
  #ifdef USE_LASTLOG
-@@ -603,7 +603,7 @@
+@@ -619,7 +619,7 @@ line_abbrevname(char *dst, const char *s
   ** into account.
   **/
  
@@ -31,7 +31,7 @@ $NetBSD: patch-ad,v 1.11 2005/09/21 18:07:09 reed Exp $
  
  /* build the utmp structure */
  void
-@@ -740,10 +740,6 @@
+@@ -756,10 +756,6 @@ construct_utmpx(struct logininfo *li, st
  	set_utmpx_time(li, utx);
  	utx->ut_pid = li->pid;
  
@@ -42,7 +42,7 @@ $NetBSD: patch-ad,v 1.11 2005/09/21 18:07:09 reed Exp $
  	if (li->type == LTYPE_LOGOUT)
  		return;
  
-@@ -752,6 +748,8 @@
+@@ -768,6 +764,8 @@ construct_utmpx(struct logininfo *li, st
  	 * for logouts.
  	 */
  
@@ -51,7 +51,7 @@ $NetBSD: patch-ad,v 1.11 2005/09/21 18:07:09 reed Exp $
  # ifdef HAVE_HOST_IN_UTMPX
  	strncpy(utx->ut_host, li->hostname,
  	    MIN_SIZEOF(utx->ut_host, li->hostname));
-@@ -1381,7 +1379,7 @@
+@@ -1397,7 +1395,7 @@ wtmpx_get_entry(struct logininfo *li)
   ** Low-level libutil login() functions
   **/
  
diff --git a/security/openssh/patches/patch-ae b/security/openssh/patches/patch-ae
index e77ef625ee5..a4541a50b6e 100644
--- a/security/openssh/patches/patch-ae
+++ b/security/openssh/patches/patch-ae
@@ -1,8 +1,8 @@
-$NetBSD: patch-ae,v 1.11 2006/02/12 00:13:55 salo Exp $
+$NetBSD: patch-ae,v 1.12 2006/10/31 03:31:20 taca Exp $
 
---- includes.h.orig	2006-01-02 06:40:10.000000000 -0600
-+++ includes.h	2006-02-08 21:01:39.000000000 -0600
-@@ -165,6 +165,10 @@
+--- includes.h.orig	2006-09-01 19:29:11.000000000 +0900
++++ includes.h
+@@ -123,6 +123,10 @@
  #ifdef HAVE_READPASSPHRASE_H
  # include <readpassphrase.h>
  #endif
diff --git a/security/openssh/patches/patch-af b/security/openssh/patches/patch-af
index 5a48b6632c2..8eb186e3542 100644
--- a/security/openssh/patches/patch-af
+++ b/security/openssh/patches/patch-af
@@ -1,8 +1,8 @@
-$NetBSD: patch-af,v 1.9 2005/11/07 19:35:23 tv Exp $
+$NetBSD: patch-af,v 1.10 2006/10/31 03:31:20 taca Exp $
 
---- auth-passwd.c.orig	2005-07-26 06:54:12.000000000 -0500
+--- auth-passwd.c.orig	2006-08-05 11:39:39.000000000 +0900
 +++ auth-passwd.c
-@@ -78,7 +78,7 @@
+@@ -87,7 +87,7 @@ auth_password(Authctxt *authctxt, const 
  #endif
  
  #ifndef HAVE_CYGWIN
@@ -11,7 +11,7 @@ $NetBSD: patch-af,v 1.9 2005/11/07 19:35:23 tv Exp $
  		ok = 0;
  #endif
  	if (*password == '\0' && options.permit_empty_passwd == 0)
-@@ -113,7 +113,12 @@
+@@ -122,7 +122,12 @@ auth_password(Authctxt *authctxt, const 
  			authctxt->force_pwchange = 1;
  	}
  #endif
diff --git a/security/openssh/patches/patch-ag b/security/openssh/patches/patch-ag
index ea563bd5898..b647b6f6dcf 100644
--- a/security/openssh/patches/patch-ag
+++ b/security/openssh/patches/patch-ag
@@ -1,7 +1,7 @@
-$NetBSD: patch-ag,v 1.8 2006/02/12 00:13:55 salo Exp $
+$NetBSD: patch-ag,v 1.9 2006/10/31 03:31:20 taca Exp $
 
---- config.h.in.orig	2006-02-01 05:33:49.000000000 -0600
-+++ config.h.in	2006-02-08 21:02:59.000000000 -0600
+--- config.h.in.orig	2006-09-26 20:03:33.000000000 +0900
++++ config.h.in
 @@ -32,6 +32,9 @@
     */
  #undef BROKEN_ONE_BYTE_DIRENT_D_NAME
@@ -12,3 +12,13 @@ $NetBSD: patch-ag,v 1.8 2006/02/12 00:13:55 salo Exp $
  /* Define if you have a broken realpath. */
  #undef BROKEN_REALPATH
  
+@@ -573,6 +576,9 @@
+ /* Define to 1 if you have the <net/if_tun.h> header file. */
+ #undef HAVE_NET_IF_TUN_H
+ 
++/* Define to 1 if you have the <net/tun/if_tun.h> header file. */
++#undef HAVE_NET_TUN_IF_TUN_H
++
+ /* Define if you are on NeXT */
+ #undef HAVE_NEXT
+ 
diff --git a/security/openssh/patches/patch-ah b/security/openssh/patches/patch-ah
index 51898964cb2..0899809e42a 100644
--- a/security/openssh/patches/patch-ah
+++ b/security/openssh/patches/patch-ah
@@ -1,8 +1,8 @@
-$NetBSD: patch-ah,v 1.23 2005/09/23 15:45:14 taca Exp $
+$NetBSD: patch-ah,v 1.24 2006/10/31 03:31:20 taca Exp $
 
---- Makefile.in.orig	2005-05-29 00:22:29.000000000 -0700
-+++ Makefile.in	2005-09-21 10:18:46.000000000 -0700
-@@ -21,7 +21,7 @@
+--- Makefile.in.orig	2006-09-12 20:54:10.000000000 +0900
++++ Makefile.in
+@@ -21,7 +21,7 @@ top_srcdir=@top_srcdir@
  DESTDIR=
  VPATH=@srcdir@
  SSH_PROGRAM=@bindir@/ssh
@@ -11,7 +11,7 @@ $NetBSD: patch-ah,v 1.23 2005/09/23 15:45:14 taca Exp $
  SFTP_SERVER=$(libexecdir)/sftp-server
  SSH_KEYSIGN=$(libexecdir)/ssh-keysign
  RAND_HELPER=$(libexecdir)/ssh-rand-helper
-@@ -231,7 +231,7 @@
+@@ -234,7 +234,7 @@ distprep: catman-do
  	(cd scard && $(MAKE) -f Makefile.in distprep)
  
  install: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files install-sysconf host-key check-config
@@ -20,7 +20,7 @@ $NetBSD: patch-ah,v 1.23 2005/09/23 15:45:14 taca Exp $
  install-nosysconf: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files
  
  check-config:
-@@ -240,7 +240,7 @@
+@@ -243,7 +243,7 @@ check-config:
  scard-install:
  	(cd scard && $(MAKE) DESTDIR=$(DESTDIR) install)
  
diff --git a/security/openssh/patches/patch-ai b/security/openssh/patches/patch-ai
index f14f4625ffa..8957e922c93 100644
--- a/security/openssh/patches/patch-ai
+++ b/security/openssh/patches/patch-ai
@@ -1,8 +1,8 @@
-$NetBSD: patch-ai,v 1.9 2005/11/04 14:47:17 tv Exp $
+$NetBSD: patch-ai,v 1.10 2006/10/31 03:31:20 taca Exp $
 
---- openbsd-compat/openbsd-compat.h.orig	2005-08-26 16:15:20.000000000 -0400
+--- openbsd-compat/openbsd-compat.h.orig	2006-09-03 21:44:50.000000000 +0900
 +++ openbsd-compat/openbsd-compat.h
-@@ -78,6 +78,10 @@ size_t strlcat(char *dst, const char *sr
+@@ -83,6 +83,10 @@ size_t strlcat(char *dst, const char *sr
  int setenv(register const char *name, register const char *value, int rewrite);
  #endif
  
diff --git a/security/openssh/patches/patch-aj b/security/openssh/patches/patch-aj
index a76b5e4a3bc..e403be88acf 100644
--- a/security/openssh/patches/patch-aj
+++ b/security/openssh/patches/patch-aj
@@ -1,8 +1,8 @@
-$NetBSD: patch-aj,v 1.6 2005/03/07 23:29:50 tv Exp $
+$NetBSD: patch-aj,v 1.7 2006/10/31 03:31:20 taca Exp $
 
---- auth-rhosts.c.orig	2003-11-17 05:13:41.000000000 -0500
+--- auth-rhosts.c.orig	2006-08-05 11:39:39.000000000 +0900
 +++ auth-rhosts.c
-@@ -198,7 +198,7 @@ auth_rhosts2_raw(struct passwd *pw, cons
+@@ -212,7 +212,7 @@ auth_rhosts2_raw(struct passwd *pw, cons
  		return 0;
  
  	/* If not logging in as superuser, try /etc/hosts.equiv and shosts.equiv. */
@@ -11,7 +11,7 @@ $NetBSD: patch-aj,v 1.6 2005/03/07 23:29:50 tv Exp $
  		if (check_rhosts_file(_PATH_RHOSTS_EQUIV, hostname, ipaddr,
  		    client_user, pw->pw_name)) {
  			auth_debug_add("Accepted for %.100s [%.100s] by /etc/hosts.equiv.",
-@@ -224,7 +224,7 @@ auth_rhosts2_raw(struct passwd *pw, cons
+@@ -238,7 +238,7 @@ auth_rhosts2_raw(struct passwd *pw, cons
  		return 0;
  	}
  	if (options.strict_modes &&
@@ -20,7 +20,7 @@ $NetBSD: patch-aj,v 1.6 2005/03/07 23:29:50 tv Exp $
  	    (st.st_mode & 022) != 0)) {
  		logit("Rhosts authentication refused for %.100s: "
  		    "bad ownership or modes for home directory.", pw->pw_name);
-@@ -251,7 +251,7 @@ auth_rhosts2_raw(struct passwd *pw, cons
+@@ -265,7 +265,7 @@ auth_rhosts2_raw(struct passwd *pw, cons
  		 * allowing access to their account by anyone.
  		 */
  		if (options.strict_modes &&
diff --git a/security/openssh/patches/patch-ak b/security/openssh/patches/patch-ak
index 294ebd26865..8f219befee9 100644
--- a/security/openssh/patches/patch-ak
+++ b/security/openssh/patches/patch-ak
@@ -1,8 +1,8 @@
-$NetBSD: patch-ak,v 1.7 2005/09/21 18:07:09 reed Exp $
+$NetBSD: patch-ak,v 1.8 2006/10/31 03:31:20 taca Exp $
 
---- auth.c.orig	2005-08-31 11:59:49.000000000 -0500
+--- auth.c.orig	2006-09-07 09:36:43.000000000 +0900
 +++ auth.c
-@@ -388,7 +388,7 @@
+@@ -377,7 +377,7 @@ check_key_in_hostfiles(struct passwd *pw
  		user_hostfile = tilde_expand_filename(userfile, pw->pw_uid);
  		if (options.strict_modes &&
  		    (stat(user_hostfile, &st) == 0) &&
@@ -11,7 +11,7 @@ $NetBSD: patch-ak,v 1.7 2005/09/21 18:07:09 reed Exp $
  		    (st.st_mode & 022) != 0)) {
  			logit("Authentication refused for %.100s: "
  			    "bad owner or modes for %.200s",
-@@ -441,7 +441,7 @@
+@@ -430,7 +430,7 @@ secure_filename(FILE *f, const char *fil
  
  	/* check the open file to avoid races */
  	if (fstat(fileno(f), &st) < 0 ||
@@ -20,7 +20,7 @@ $NetBSD: patch-ak,v 1.7 2005/09/21 18:07:09 reed Exp $
  	    (st.st_mode & 022) != 0) {
  		snprintf(err, errlen, "bad ownership or modes for file %s",
  		    buf);
-@@ -458,7 +458,7 @@
+@@ -447,7 +447,7 @@ secure_filename(FILE *f, const char *fil
  
  		debug3("secure_filename: checking '%s'", buf);
  		if (stat(buf, &st) < 0 ||
diff --git a/security/openssh/patches/patch-al b/security/openssh/patches/patch-al
index f1fbc22d859..3e8b49202b2 100644
--- a/security/openssh/patches/patch-al
+++ b/security/openssh/patches/patch-al
@@ -1,8 +1,8 @@
-$NetBSD: patch-al,v 1.6 2005/09/21 18:07:09 reed Exp $
+$NetBSD: patch-al,v 1.7 2006/10/31 03:31:20 taca Exp $
 
---- auth1.c.orig	2005-07-17 02:26:44.000000000 -0500
+--- auth1.c.orig	2006-09-01 14:38:36.000000000 +0900
 +++ auth1.c
-@@ -307,7 +307,7 @@
+@@ -325,7 +325,7 @@ do_authloop(Authctxt *authctxt)
  		}
  #else
  		/* Special handling for root */
@@ -11,7 +11,7 @@ $NetBSD: patch-al,v 1.6 2005/09/21 18:07:09 reed Exp $
  		    !auth_root_allowed(meth->name)) {
   			authenticated = 0;
  # ifdef SSH_AUDIT_EVENTS
-@@ -405,8 +405,8 @@
+@@ -423,8 +423,8 @@ do_authentication(Authctxt *authctxt)
  	 * If we are not running as root, the user must have the same uid as
  	 * the server.
  	 */
diff --git a/security/openssh/patches/patch-am b/security/openssh/patches/patch-am
index 417c7d6bade..6b4cf1f9a92 100644
--- a/security/openssh/patches/patch-am
+++ b/security/openssh/patches/patch-am
@@ -1,8 +1,8 @@
-$NetBSD: patch-am,v 1.6 2006/02/12 00:13:55 salo Exp $
+$NetBSD: patch-am,v 1.7 2006/10/31 03:31:20 taca Exp $
 
---- auth2.c.orig	2005-09-23 21:43:51.000000000 -0500
-+++ auth2.c	2006-02-08 21:05:04.000000000 -0600
-@@ -212,7 +212,7 @@
+--- auth2.c.orig	2006-08-05 11:39:39.000000000 +0900
++++ auth2.c
+@@ -223,7 +223,7 @@ userauth_finish(Authctxt *authctxt, int 
  		    authctxt->user);
  
  	/* Special handling for root */
diff --git a/security/openssh/patches/patch-an b/security/openssh/patches/patch-an
index 318b2827609..929a983dc72 100644
--- a/security/openssh/patches/patch-an
+++ b/security/openssh/patches/patch-an
@@ -1,8 +1,8 @@
-$NetBSD: patch-an,v 1.7 2006/02/12 00:13:55 salo Exp $
+$NetBSD: patch-an,v 1.8 2006/10/31 03:31:20 taca Exp $
 
---- scp.c.orig	2006-01-31 05:11:38.000000000 -0600
-+++ scp.c	2006-02-08 21:06:37.000000000 -0600
-@@ -345,7 +345,11 @@
+--- scp.c.orig	2006-10-29 12:02:30.000000000 +0900
++++ scp.c
+@@ -375,7 +375,11 @@ main(int argc, char **argv)
  	argc -= optind;
  	argv += optind;
  
@@ -14,7 +14,7 @@ $NetBSD: patch-an,v 1.7 2006/02/12 00:13:55 salo Exp $
  		fatal("unknown user %u", (u_int) userid);
  
  	if (!isatty(STDERR_FILENO))
-@@ -695,8 +699,10 @@
+@@ -722,8 +726,10 @@ rsource(char *name, struct stat *statp)
  		return;
  	}
  	while ((dp = readdir(dirp)) != NULL) {
@@ -25,7 +25,7 @@ $NetBSD: patch-an,v 1.7 2006/02/12 00:13:55 salo Exp $
  		if (!strcmp(dp->d_name, ".") || !strcmp(dp->d_name, ".."))
  			continue;
  		if (strlen(name) + 1 + strlen(dp->d_name) >= sizeof(path) - 1) {
-@@ -1145,7 +1151,9 @@
+@@ -1173,7 +1179,9 @@ okname(char *cp0)
  			case '\'':
  			case '"':
  			case '`':
diff --git a/security/openssh/patches/patch-ao b/security/openssh/patches/patch-ao
index 010b7f61f1c..5533c0d999f 100644
--- a/security/openssh/patches/patch-ao
+++ b/security/openssh/patches/patch-ao
@@ -1,17 +1,8 @@
-$NetBSD: patch-ao,v 1.8 2006/02/12 00:13:55 salo Exp $
+$NetBSD: patch-ao,v 1.9 2006/10/31 03:31:20 taca Exp $
 
---- session.c.orig	2005-12-23 21:59:12.000000000 -0600
-+++ session.c	2006-02-08 21:07:01.000000000 -0600
-@@ -322,7 +322,7 @@
- 				break;
- 			}
- 			debug("Received TCP/IP port forwarding request.");
--			channel_input_port_forward_request(s->pw->pw_uid == 0, options.gateway_ports);
-+			channel_input_port_forward_request(s->pw->pw_uid == ROOTUID, options.gateway_ports);
- 			success = 1;
- 			break;
- 
-@@ -921,7 +921,7 @@
+--- session.c.orig	2006-10-29 17:01:29.000000000 +0900
++++ session.c
+@@ -956,7 +956,7 @@ read_etc_default_login(char ***env, u_in
  	if (tmpenv == NULL)
  		return;
  
@@ -20,7 +11,7 @@ $NetBSD: patch-ao,v 1.8 2006/02/12 00:13:55 salo Exp $
  		var = child_get_env(tmpenv, "SUPATH");
  	else
  		var = child_get_env(tmpenv, "PATH");
-@@ -1027,7 +1027,7 @@
+@@ -1065,7 +1065,7 @@ do_setup_env(Session *s, const char *she
  #  endif /* HAVE_ETC_DEFAULT_LOGIN */
  		if (path == NULL || *path == '\0') {
  			child_set_env(&env, &envsize, "PATH",
@@ -29,7 +20,7 @@ $NetBSD: patch-ao,v 1.8 2006/02/12 00:13:55 salo Exp $
  				SUPERUSER_PATH : _PATH_STDPATH);
  		}
  # endif /* HAVE_CYGWIN */
-@@ -1141,6 +1141,18 @@
+@@ -1179,6 +1179,18 @@ do_setup_env(Session *s, const char *she
  		    strcmp(pw->pw_dir, "/") ? pw->pw_dir : "");
  		read_environment_file(&env, &envsize, buf);
  	}
@@ -48,7 +39,7 @@ $NetBSD: patch-ao,v 1.8 2006/02/12 00:13:55 salo Exp $
  	if (debug_flag) {
  		/* dump the environment */
  		fprintf(stderr, "Environment:\n");
-@@ -1251,9 +1263,9 @@
+@@ -1289,9 +1301,9 @@ do_nologin(struct passwd *pw)
  void
  do_setusercontext(struct passwd *pw)
  {
@@ -60,7 +51,7 @@ $NetBSD: patch-ao,v 1.8 2006/02/12 00:13:55 salo Exp $
  	{
  
  #ifdef HAVE_SETPCRED
-@@ -1295,11 +1307,13 @@
+@@ -1333,11 +1345,13 @@ do_setusercontext(struct passwd *pw)
  			perror("setgid");
  			exit(1);
  		}
@@ -74,7 +65,7 @@ $NetBSD: patch-ao,v 1.8 2006/02/12 00:13:55 salo Exp $
  		endgrent();
  #ifdef GSSAPI
  		if (options.gss_authentication) {
-@@ -2045,7 +2059,7 @@
+@@ -2095,7 +2109,7 @@ session_pty_cleanup2(Session *s)
  		record_logout(s->pid, s->tty, s->pw->pw_name);
  
  	/* Release the pseudo-tty. */
diff --git a/security/openssh/patches/patch-ap b/security/openssh/patches/patch-ap
index b531a18d2cb..8155f7cb536 100644
--- a/security/openssh/patches/patch-ap
+++ b/security/openssh/patches/patch-ap
@@ -1,8 +1,8 @@
-$NetBSD: patch-ap,v 1.7 2006/02/12 00:13:55 salo Exp $
+$NetBSD: patch-ap,v 1.8 2006/10/31 03:31:20 taca Exp $
 
---- ssh.c.orig	2005-12-30 23:33:37.000000000 -0600
-+++ ssh.c	2006-02-08 21:07:24.000000000 -0600
-@@ -648,7 +648,7 @@
+--- ssh.c.orig	2006-10-29 12:02:30.000000000 +0900
++++ ssh.c
+@@ -684,7 +684,7 @@ main(int ac, char **av)
  	/* Open a connection to the remote host. */
  	if (ssh_connect(host, &hostaddr, options.port,
  	    options.address_family, options.connection_attempts,
diff --git a/security/openssh/patches/patch-aq b/security/openssh/patches/patch-aq
index a92d3e287c9..2501dc65c6e 100644
--- a/security/openssh/patches/patch-aq
+++ b/security/openssh/patches/patch-aq
@@ -1,8 +1,8 @@
-$NetBSD: patch-aq,v 1.5 2005/03/07 23:29:50 tv Exp $
+$NetBSD: patch-aq,v 1.6 2006/10/31 03:31:20 taca Exp $
 
---- sshpty.c.orig	2004-06-21 22:56:02.000000000 -0400
+--- sshpty.c.orig	2006-08-05 11:39:41.000000000 +0900
 +++ sshpty.c
-@@ -62,7 +62,7 @@ pty_allocate(int *ptyfd, int *ttyfd, cha
+@@ -78,7 +78,7 @@ pty_allocate(int *ptyfd, int *ttyfd, cha
  void
  pty_release(const char *tty)
  {
@@ -11,7 +11,7 @@ $NetBSD: patch-aq,v 1.5 2005/03/07 23:29:50 tv Exp $
  		error("chown %.100s 0 0 failed: %.100s", tty, strerror(errno));
  	if (chmod(tty, (mode_t) 0666) < 0)
  		error("chmod %.100s 0666 failed: %.100s", tty, strerror(errno));
-@@ -203,7 +203,7 @@ pty_setowner(struct passwd *pw, const ch
+@@ -224,7 +224,7 @@ pty_setowner(struct passwd *pw, const ch
  	if (st.st_uid != pw->pw_uid || st.st_gid != gid) {
  		if (chown(tty, pw->pw_uid, gid) < 0) {
  			if (errno == EROFS &&
diff --git a/security/openssh/patches/patch-ar b/security/openssh/patches/patch-ar
index 33b5ed33c47..b60e7466dae 100644
--- a/security/openssh/patches/patch-ar
+++ b/security/openssh/patches/patch-ar
@@ -1,8 +1,8 @@
-$NetBSD: patch-ar,v 1.6 2005/11/04 14:47:17 tv Exp $
+$NetBSD: patch-ar,v 1.7 2006/10/31 03:31:20 taca Exp $
 
---- uidswap.c.orig	2005-02-22 01:57:13.000000000 -0500
+--- uidswap.c.orig	2006-08-05 11:39:41.000000000 +0900
 +++ uidswap.c
-@@ -57,13 +57,13 @@ temporarily_use_uid(struct passwd *pw)
+@@ -66,13 +66,13 @@ temporarily_use_uid(struct passwd *pw)
  	    (u_int)pw->pw_uid, (u_int)pw->pw_gid,
  	    (u_int)saved_euid, (u_int)saved_egid);
  #ifndef HAVE_CYGWIN
@@ -18,7 +18,7 @@ $NetBSD: patch-ar,v 1.6 2005/11/04 14:47:17 tv Exp $
  		privileged = 0;
  		return;
  	}
-@@ -87,9 +87,11 @@ temporarily_use_uid(struct passwd *pw)
+@@ -96,9 +96,11 @@ temporarily_use_uid(struct passwd *pw)
  
  	/* set and save the user's groups */
  	if (user_groupslen == -1) {
@@ -30,7 +30,7 @@ $NetBSD: patch-ar,v 1.6 2005/11/04 14:47:17 tv Exp $
  
  		user_groupslen = getgroups(0, NULL);
  		if (user_groupslen < 0)
-@@ -104,9 +106,11 @@ temporarily_use_uid(struct passwd *pw)
+@@ -113,9 +115,11 @@ temporarily_use_uid(struct passwd *pw)
  				xfree(user_groups);
  		}
  	}
@@ -42,7 +42,7 @@ $NetBSD: patch-ar,v 1.6 2005/11/04 14:47:17 tv Exp $
  #ifndef SAVED_IDS_WORK_WITH_SETEUID
  	/* Propagate the privileged gid to all of our gids. */
  	if (setgid(getegid()) < 0)
-@@ -154,8 +158,10 @@ restore_uid(void)
+@@ -198,8 +202,10 @@ restore_uid(void)
  	setgid(getgid());
  #endif /* SAVED_IDS_WORK_WITH_SETEUID */
  
@@ -53,7 +53,7 @@ $NetBSD: patch-ar,v 1.6 2005/11/04 14:47:17 tv Exp $
  	temporarily_use_uid_effective = 0;
  }
  
-@@ -174,6 +180,10 @@ permanently_set_uid(struct passwd *pw)
+@@ -220,6 +226,10 @@ permanently_set_uid(struct passwd *pw)
  	debug("permanently_set_uid: %u/%u", (u_int)pw->pw_uid,
  	    (u_int)pw->pw_gid);
  
@@ -64,7 +64,7 @@ $NetBSD: patch-ar,v 1.6 2005/11/04 14:47:17 tv Exp $
  #if defined(HAVE_SETRESGID) && !defined(BROKEN_SETRESGID)
  	if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) < 0)
  		fatal("setresgid %u: %.100s", (u_int)pw->pw_gid, strerror(errno));
-@@ -222,6 +232,7 @@ permanently_set_uid(struct passwd *pw)
+@@ -268,6 +278,7 @@ permanently_set_uid(struct passwd *pw)
  	    (setuid(old_uid) != -1 || seteuid(old_uid) != -1))
  		fatal("%s: was able to restore old [e]uid", __func__);
  #endif
diff --git a/security/openssh/patches/patch-as b/security/openssh/patches/patch-as
index 715c09f3619..aaa954ff6cb 100644
--- a/security/openssh/patches/patch-as
+++ b/security/openssh/patches/patch-as
@@ -1,17 +1,17 @@
-$NetBSD: patch-as,v 1.4 2005/11/04 15:45:03 tv Exp $
+$NetBSD: patch-as,v 1.5 2006/10/31 03:31:20 taca Exp $
 
---- log.h.orig	2004-06-21 22:57:44.000000000 -0400
+--- log.h.orig	2006-08-18 23:32:21.000000000 +0900
 +++ log.h
-@@ -53,7 +53,7 @@ void     log_init(char *, LogLevel, Sysl
+@@ -51,7 +51,7 @@ void     log_init(char *, LogLevel, Sysl
  SyslogFacility	log_facility_number(char *);
  LogLevel log_level_number(char *);
  
 -void     fatal(const char *, ...) __dead __attribute__((format(printf, 1, 2)));
 +void     fatal(const char *, ...) __attribute__((noreturn)) __attribute__((format(printf, 1, 2)));
  void     error(const char *, ...) __attribute__((format(printf, 1, 2)));
+ void     sigdie(const char *, ...) __attribute__((format(printf, 1, 2)));
  void     logit(const char *, ...) __attribute__((format(printf, 1, 2)));
- void     verbose(const char *, ...) __attribute__((format(printf, 1, 2)));
-@@ -62,5 +62,5 @@ void     debug2(const char *, ...) __att
+@@ -61,5 +61,5 @@ void     debug2(const char *, ...) __att
  void     debug3(const char *, ...) __attribute__((format(printf, 1, 2)));
  
  void	 do_log(LogLevel, const char *, va_list);
diff --git a/security/openssh/patches/patch-at b/security/openssh/patches/patch-at
deleted file mode 100644
index c3065ac48ce..00000000000
--- a/security/openssh/patches/patch-at
+++ /dev/null
@@ -1,16 +0,0 @@
-$NetBSD: patch-at,v 1.3 2006/02/12 00:13:55 salo Exp $
-
---- servconf.c.orig	2005-12-13 02:33:20.000000000 -0600
-+++ servconf.c	2006-02-08 21:07:59.000000000 -0600
-@@ -235,7 +235,11 @@
- 
- 	/* Turn privilege separation on by default */
- 	if (use_privsep == -1)
-+#ifdef HAVE_INTERIX
-+		use_privsep = 0;
-+#else
- 		use_privsep = 1;
-+#endif
- 
- #ifndef HAVE_MMAP
- 	if (use_privsep && options->compression == 1) {
diff --git a/security/openssh/patches/patch-au b/security/openssh/patches/patch-au
index 7c67de63b1f..8f981492ab3 100644
--- a/security/openssh/patches/patch-au
+++ b/security/openssh/patches/patch-au
@@ -1,8 +1,8 @@
-$NetBSD: patch-au,v 1.2 2005/09/21 18:07:09 reed Exp $
+$NetBSD: patch-au,v 1.3 2006/10/31 03:31:20 taca Exp $
 
---- openbsd-compat/bsd-openpty.c.orig	2005-02-25 17:04:29.000000000 -0600
+--- openbsd-compat/bsd-openpty.c.orig	2006-08-24 18:52:30.000000000 +0900
 +++ openbsd-compat/bsd-openpty.c
-@@ -102,15 +102,17 @@
+@@ -121,15 +121,17 @@ openpty(int *amaster, int *aslave, char 
  		return (-1);
  	}
  
diff --git a/security/openssh/patches/patch-av b/security/openssh/patches/patch-av
index 6c1e379d1f0..2513a3d0ecb 100644
--- a/security/openssh/patches/patch-av
+++ b/security/openssh/patches/patch-av
@@ -1,24 +1,36 @@
-$NetBSD: patch-av,v 1.4 2006/02/12 00:13:55 salo Exp $
+$NetBSD: patch-av,v 1.5 2006/10/31 03:31:20 taca Exp $
 
---- sshd.c.orig	2005-12-23 21:59:12.000000000 -0600
-+++ sshd.c	2006-02-08 21:08:46.000000000 -0600
-@@ -574,10 +574,15 @@
+--- sshd.c.orig	2006-10-29 17:01:29.000000000 +0900
++++ sshd.c
+@@ -232,7 +232,11 @@ int *startup_pipes = NULL;
+ int startup_pipe;		/* in child */
+ 
+ /* variables used for privilege separation */
++#ifdef HAVE_INTERIX
+ int use_privsep = -1;
++#else
++int use_privsep = 0;
++#endif
+ struct monitor *pmonitor = NULL;
+ 
+ /* global authentication context */
+@@ -608,10 +612,15 @@ privsep_preauth_child(void)
  	/* XXX not ready, too heavy after chroot */
- 	do_setusercontext(pw);
+ 	do_setusercontext(privsep_pw);
  #else
 +#ifdef HAVE_INTERIX
 +	if (setuser(pw->pw_name, NULL, SU_COMPLETE))
 +		fatal("setuser: %.100s", strerror(errno));
 +#else
- 	gidset[0] = pw->pw_gid;
+ 	gidset[0] = privsep_pw->pw_gid;
  	if (setgroups(1, gidset) < 0)
  		fatal("setgroups: %.100s", strerror(errno));
- 	permanently_set_uid(pw);
+ 	permanently_set_uid(privsep_pw);
 +#endif /* HAVE_INTERIX */
  #endif
  }
  
-@@ -617,7 +622,7 @@
+@@ -651,7 +660,7 @@ privsep_preauth(Authctxt *authctxt)
  		close(pmonitor->m_sendfd);
  
  		/* Demote the child */
@@ -27,7 +39,7 @@ $NetBSD: patch-av,v 1.4 2006/02/12 00:13:55 salo Exp $
  			privsep_preauth_child();
  		setproctitle("%s", "[net]");
  	}
-@@ -630,7 +635,7 @@
+@@ -664,7 +673,7 @@ privsep_postauth(Authctxt *authctxt)
  #ifdef DISABLE_FD_PASSING
  	if (1) {
  #else
@@ -36,7 +48,7 @@ $NetBSD: patch-av,v 1.4 2006/02/12 00:13:55 salo Exp $
  #endif
  		/* File descriptor passing is broken or root login */
  		use_privsep = 0;
-@@ -914,8 +919,10 @@
+@@ -1256,8 +1265,10 @@ main(int ac, char **av)
  	av = saved_argv;
  #endif
  
@@ -48,7 +60,7 @@ $NetBSD: patch-av,v 1.4 2006/02/12 00:13:55 salo Exp $
  
  	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
  	sanitise_stdfd();
-@@ -1174,7 +1181,7 @@
+@@ -1519,7 +1530,7 @@ main(int ac, char **av)
  		    (st.st_uid != getuid () ||
  		    (st.st_mode & (S_IWGRP|S_IWOTH)) != 0))
  #else
@@ -57,7 +69,7 @@ $NetBSD: patch-av,v 1.4 2006/02/12 00:13:55 salo Exp $
  #endif
  			fatal("%s must be owned by root and not group or "
  			    "world-writable.", _PATH_PRIVSEP_CHROOT_DIR);
-@@ -1191,8 +1198,10 @@
+@@ -1536,8 +1547,10 @@ main(int ac, char **av)
  	 * to create a file, and we can't control the code in every
  	 * module which might be used).
  	 */
@@ -67,4 +79,4 @@ $NetBSD: patch-av,v 1.4 2006/02/12 00:13:55 salo Exp $
 +#endif
  
  	if (rexec_flag) {
- 		rexec_argv = xmalloc(sizeof(char *) * (rexec_argc + 2));
+ 		rexec_argv = xcalloc(rexec_argc + 2, sizeof(char *));
diff --git a/security/openssh/patches/patch-aw b/security/openssh/patches/patch-aw
index db42bf74833..3af175388fb 100644
--- a/security/openssh/patches/patch-aw
+++ b/security/openssh/patches/patch-aw
@@ -1,16 +1,15 @@
-$NetBSD: patch-aw,v 1.1 2006/02/23 19:02:50 joerg Exp $
+$NetBSD: patch-aw,v 1.2 2006/10/31 03:31:20 taca Exp $
 
---- openbsd-compat/port-tun.c.orig	2006-02-23 18:42:44.000000000 +0000
+--- openbsd-compat/port-tun.c.orig	2006-09-02 14:32:40.000000000 +0900
 +++ openbsd-compat/port-tun.c
-@@ -93,7 +93,11 @@ sys_tun_open(int tun, int mode)
- #ifdef SSH_TUN_FREEBSD
+@@ -109,6 +109,10 @@ sys_tun_open(int tun, int mode)
  #include <sys/socket.h>
  #include <net/if.h>
-+#if defined(__DragonFly__)
+ 
++#ifdef HAVE_NET_TUN_IF_TUN_H
 +#include <net/tun/if_tun.h>
-+#else
- #include <net/if_tun.h>
 +#endif
- 
- int
- sys_tun_open(int tun, int mode)
++
+ #ifdef HAVE_NET_IF_TUN_H
+ #include <net/if_tun.h>
+ #endif
diff --git a/security/openssh/patches/patch-ax b/security/openssh/patches/patch-ax
deleted file mode 100644
index 4f5282ce59f..00000000000
--- a/security/openssh/patches/patch-ax
+++ /dev/null
@@ -1,107 +0,0 @@
-$NetBSD: patch-ax,v 1.1 2006/09/27 16:10:59 taca Exp $
-
-Secunia Advisory SA22091
-
---- deattack.c.orig	Mon Sep 22 20:04:23 2003
-+++ deattack.c
-@@ -27,6 +27,24 @@ RCSID("$OpenBSD: deattack.c,v 1.19 2003/
- #include "xmalloc.h"
- #include "deattack.h"
- 
-+/*
-+ * CRC attack detection has a worst-case behaviour that is O(N^3) over
-+ * the number of identical blocks in a packet. This behaviour can be 
-+ * exploited to create a limited denial of service attack. 
-+ * 
-+ * However, because we are dealing with encrypted data, identical
-+ * blocks should only occur every 2^35 maximally-sized packets or so. 
-+ * Consequently, we can detect this DoS by looking for identical blocks
-+ * in a packet.
-+ *
-+ * The parameter below determines how many identical blocks we will
-+ * accept in a single packet, trading off between attack detection and
-+ * likelihood of terminating a legitimate connection. A value of 32 
-+ * corresponds to an average of 2^40 messages before an attack is
-+ * misdetected
-+ */
-+#define MAX_IDENTICAL	32
-+
- /* SSH Constants */
- #define SSH_MAXBLOCKS	(32 * 1024)
- #define SSH_BLOCKSIZE	(8)
-@@ -56,17 +74,12 @@ crc_update(u_int32_t *a, u_int32_t b)
- 
- /* detect if a block is used in a particular pattern */
- static int
--check_crc(u_char *S, u_char *buf, u_int32_t len,
--	  u_char *IV)
-+check_crc(u_char *S, u_char *buf, u_int32_t len)
- {
- 	u_int32_t crc;
- 	u_char *c;
- 
- 	crc = 0;
--	if (IV && !CMP(S, IV)) {
--		crc_update(&crc, 1);
--		crc_update(&crc, 0);
--	}
- 	for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
- 		if (!CMP(S, c)) {
- 			crc_update(&crc, 1);
-@@ -82,12 +95,12 @@ check_crc(u_char *S, u_char *buf, u_int3
- 
- /* Detect a crc32 compensation attack on a packet */
- int
--detect_attack(u_char *buf, u_int32_t len, u_char *IV)
-+detect_attack(u_char *buf, u_int32_t len)
- {
- 	static u_int16_t *h = (u_int16_t *) NULL;
- 	static u_int32_t n = HASH_MINSIZE / HASH_ENTRYSIZE;
- 	u_int32_t i, j;
--	u_int32_t l;
-+	u_int32_t l, same;
- 	u_char *c;
- 	u_char *d;
- 
-@@ -111,15 +124,9 @@ detect_attack(u_char *buf, u_int32_t len
- 
- 	if (len <= HASH_MINBLOCKS) {
- 		for (c = buf; c < buf + len; c += SSH_BLOCKSIZE) {
--			if (IV && (!CMP(c, IV))) {
--				if ((check_crc(c, buf, len, IV)))
--					return (DEATTACK_DETECTED);
--				else
--					break;
--			}
- 			for (d = buf; d < c; d += SSH_BLOCKSIZE) {
- 				if (!CMP(c, d)) {
--					if ((check_crc(c, buf, len, IV)))
-+					if ((check_crc(c, buf, len)))
- 						return (DEATTACK_DETECTED);
- 					else
- 						break;
-@@ -130,21 +137,11 @@ detect_attack(u_char *buf, u_int32_t len
- 	}
- 	memset(h, HASH_UNUSEDCHAR, n * HASH_ENTRYSIZE);
- 
--	if (IV)
--		h[HASH(IV) & (n - 1)] = HASH_IV;
--
--	for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
-+	for (c = buf, same = j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
- 		for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
- 		    i = (i + 1) & (n - 1)) {
--			if (h[i] == HASH_IV) {
--				if (!CMP(c, IV)) {
--					if (check_crc(c, buf, len, IV))
--						return (DEATTACK_DETECTED);
--					else
--						break;
--				}
--			} else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
--				if (check_crc(c, buf, len, IV))
-+			if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
-+				if (check_crc(c, buf, len))
- 					return (DEATTACK_DETECTED);
- 				else
- 					break;
diff --git a/security/openssh/patches/patch-ay b/security/openssh/patches/patch-ay
deleted file mode 100644
index ec36f5da855..00000000000
--- a/security/openssh/patches/patch-ay
+++ /dev/null
@@ -1,15 +0,0 @@
-$NetBSD: patch-ay,v 1.1 2006/09/27 16:10:59 taca Exp $
-
-Secunia Advisory SA22091
-
---- deattack.h.orig	Wed Jul  4 13:46:57 2001
-+++ deattack.h
-@@ -25,6 +25,7 @@
- /* Return codes */
- #define DEATTACK_OK		0
- #define DEATTACK_DETECTED	1
-+#define DEATTACK_DOS_DETECTED	2
- 
--int	 detect_attack(u_char *, u_int32_t, u_char[8]);
-+int	 detect_attack(u_char *, u_int32_t);
- #endif
diff --git a/security/openssh/patches/patch-az b/security/openssh/patches/patch-az
deleted file mode 100644
index ee002ae4158..00000000000
--- a/security/openssh/patches/patch-az
+++ /dev/null
@@ -1,36 +0,0 @@
-$NetBSD: patch-az,v 1.1 2006/09/27 16:10:59 taca Exp $
-
-Secunia Advisory SA22091 + one more OpenBSD's CVS update 1.144-1.145
-
---- packet.c.orig	Sat Nov  5 13:15:00 2005
-+++ packet.c
-@@ -669,6 +669,9 @@ packet_enable_delayed_compress(void)
- 	 */
- 	after_authentication = 1;
- 	for (mode = 0; mode < MODE_MAX; mode++) {
-+		/* protocol error: USERAUTH_SUCCESS received before NEWKEYS */
-+		if (newkeys[mode] == NULL)
-+			continue;
- 		comp = &newkeys[mode]->comp;
- 		if (comp && !comp->enabled && comp->type == COMP_DELAYED) {
- 			packet_init_compression();
-@@ -978,9 +981,16 @@ packet_read_poll1(void)
- 	 * (C)1998 CORE-SDI, Buenos Aires Argentina
- 	 * Ariel Futoransky(futo@core-sdi.com)
- 	 */
--	if (!receive_context.plaintext &&
--	    detect_attack(buffer_ptr(&input), padded_len, NULL) == DEATTACK_DETECTED)
--		packet_disconnect("crc32 compensation attack: network attack detected");
-+	if (!receive_context.plaintext) {
-+		switch (detect_attack(buffer_ptr(&input), padded_len)) {
-+		case DEATTACK_DETECTED:
-+			packet_disconnect("crc32 compensation attack: "
-+			    "network attack detected");
-+		case DEATTACK_DOS_DETECTED:
-+			packet_disconnect("deattack denial of "
-+			    "service detected");
-+		}
-+	}
- 
- 	/* Decrypt data to incoming_packet. */
- 	buffer_clear(&incoming_packet);