upgrading package: openssh 7.2p2 -> 7.3p1

openssh/openssh.patch

@@ -49,8 +49,8 @@ Index: version.h
 --- version.h.orig	2016-03-09 19:04:48.000000000 +0100
 +++ version.h	2016-03-10 19:55:10.192519494 +0100
 @@ -3,4 +3,4 @@
- #define SSH_VERSION	"OpenSSH_7.2"
+ #define SSH_VERSION	"OpenSSH_7.3"
  
- #define SSH_PORTABLE	"p2"
+ #define SSH_PORTABLE	"p1"
 -#define SSH_RELEASE	SSH_VERSION SSH_PORTABLE
 +#define SSH_RELEASE	SSH_VERSION SSH_PORTABLE " @l_openpkg_release@"

openssh/openssh.patch.alias

@@ -1,6 +1,6 @@
 Index: auth1.c
---- auth1.c.orig	2016-03-09 19:04:48.000000000 +0100
-+++ auth1.c	2016-03-10 19:55:21.082559988 +0100
+--- auth1.c.orig	2016-07-28 00:54:27.000000000 +0200
++++ auth1.c	2016-08-01 19:49:23.802246430 +0200
 @@ -43,6 +43,9 @@
  #endif
  #include "monitor_wrap.h"
@@ -49,8 +49,8 @@ Index: auth1.c
  	authctxt->style = style;
  
 Index: auth2.c
---- auth2.c.orig	2016-03-09 19:04:48.000000000 +0100
-+++ auth2.c	2016-03-10 19:55:21.082559988 +0100
+--- auth2.c.orig	2016-07-28 00:54:27.000000000 +0200
++++ auth2.c	2016-08-01 19:49:23.802246430 +0200
 @@ -50,6 +50,9 @@
  #include "dispatch.h"
  #include "pathnames.h"
@@ -99,8 +99,8 @@ Index: auth2.c
  		/* setup auth context */
  		authctxt->pw = PRIVSEP(getpwnamallow(user));
 Index: servconf.c
---- servconf.c.orig	2016-03-09 19:04:48.000000000 +0100
-+++ servconf.c	2016-03-10 19:55:21.082559988 +0100
+--- servconf.c.orig	2016-07-28 00:54:27.000000000 +0200
++++ servconf.c	2016-08-01 19:49:23.802246430 +0200
 @@ -169,6 +169,9 @@
  	options->ip_qos_bulk = -1;
  	options->version_addendum = NULL;
@@ -111,7 +111,7 @@ Index: servconf.c
  }
  
  /* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */
-@@ -430,6 +433,9 @@
+@@ -438,6 +441,9 @@
  	sAuthenticationMethods, sHostKeyAgent, sPermitUserRC,
  	sStreamLocalBindMask, sStreamLocalBindUnlink,
  	sAllowStreamLocalForwarding, sFingerprintHash,
@@ -121,7 +121,7 @@ Index: servconf.c
  	sDeprecated, sUnsupported
  } ServerOpCodes;
  
-@@ -572,6 +578,9 @@
+@@ -580,6 +586,9 @@
  	{ "streamlocalbindunlink", sStreamLocalBindUnlink, SSHCFG_ALL },
  	{ "allowstreamlocalforwarding", sAllowStreamLocalForwarding, SSHCFG_ALL },
  	{ "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL },
@@ -131,7 +131,7 @@ Index: servconf.c
  	{ NULL, sBadOption, 0 }
  };
  
-@@ -1857,6 +1866,26 @@
+@@ -1886,6 +1895,26 @@
  		    arg = strdelim(&cp);
  		break;
  
@@ -159,8 +159,8 @@ Index: servconf.c
  		logit("%s line %d: Unsupported option %s",
  		    filename, linenum, arg);
 Index: servconf.h
---- servconf.h.orig	2016-03-09 19:04:48.000000000 +0100
-+++ servconf.h	2016-03-10 19:55:21.082559988 +0100
+--- servconf.h.orig	2016-07-28 00:54:27.000000000 +0200
++++ servconf.h	2016-08-01 19:49:23.802246430 +0200
 @@ -195,6 +195,14 @@
  	char   *auth_methods[MAX_AUTH_METHODS];
  
@@ -177,8 +177,8 @@ Index: servconf.h
  
  /* Information about the incoming connection as used by Match */
 Index: sshd_config.5
---- sshd_config.5.orig	2016-03-09 19:04:48.000000000 +0100
-+++ sshd_config.5	2016-03-10 19:55:21.082559988 +0100
+--- sshd_config.5.orig	2016-07-28 00:54:27.000000000 +0200
++++ sshd_config.5	2016-08-01 19:49:23.812124291 +0200
 @@ -106,6 +106,15 @@
  Note that disabling agent forwarding does not improve security
  unless users are also denied shell access, as they can always install

openssh/openssh.patch.chroot

@@ -1,7 +1,7 @@
 Index: scp.c
---- scp.c.orig	2016-03-09 19:04:48.000000000 +0100
-+++ scp.c	2016-03-10 19:55:31.292697170 +0100
-@@ -148,6 +148,11 @@
+--- scp.c.orig	2016-07-28 00:54:27.000000000 +0200
++++ scp.c	2016-08-01 19:49:39.362264183 +0200
+@@ -150,6 +150,11 @@
  /* This is the program to execute for the secured connection. ("ssh" or -S) */
  char *ssh_program = _PATH_SSH_PROGRAM;
  
@@ -13,7 +13,7 @@ Index: scp.c
  /* This is used to store the pid of ssh_program */
  pid_t do_cmd_pid = -1;
  
-@@ -396,7 +401,11 @@
+@@ -400,7 +405,11 @@
  	addargs(&args, "-oClearAllForwardings=yes");
  
  	fflag = tflag = 0;
@@ -25,7 +25,7 @@ Index: scp.c
  		switch (ch) {
  		/* User-visible flags. */
  		case '1':
-@@ -472,6 +481,11 @@
+@@ -476,6 +485,11 @@
  			setmode(0, O_BINARY);
  #endif
  			break;
@@ -37,7 +37,7 @@ Index: scp.c
  		default:
  			usage();
  		}
-@@ -497,6 +511,19 @@
+@@ -501,6 +515,19 @@
  	remin = STDIN_FILENO;
  	remout = STDOUT_FILENO;
  
@@ -58,9 +58,9 @@ Index: scp.c
  		/* Follow "protocol", send data. */
  		(void) response();
 Index: session.c
---- session.c.orig	2016-03-09 19:04:48.000000000 +0100
-+++ session.c	2016-03-10 19:55:31.292697170 +0100
-@@ -1555,6 +1555,25 @@
+--- session.c.orig	2016-07-28 00:54:27.000000000 +0200
++++ session.c	2016-08-01 19:49:39.373802940 +0200
+@@ -1561,6 +1561,25 @@
  			options.chroot_directory = NULL;
  			in_chroot = 1;
  		}
@@ -87,9 +87,9 @@ Index: session.c
  #ifdef HAVE_LOGIN_CAP
  		if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUSER) < 0) {
 Index: sftp-server.c
---- sftp-server.c.orig	2016-03-09 19:04:48.000000000 +0100
-+++ sftp-server.c	2016-03-10 19:55:31.292697170 +0100
-@@ -1616,6 +1616,38 @@
+--- sftp-server.c.orig	2016-07-28 00:54:27.000000000 +0200
++++ sftp-server.c	2016-08-01 19:49:39.373802940 +0200
+@@ -1610,6 +1610,38 @@
  	logit("session opened for local user %s from [%s]",
  	    pw->pw_name, client_addr);
  

openssh/openssh.patch.lpk

@@ -1,6 +1,6 @@
 Index: Makefile.in
---- Makefile.in.orig	2016-03-09 19:04:48.000000000 +0100
-+++ Makefile.in	2016-03-10 19:55:44.792556230 +0100
+--- Makefile.in.orig	2016-07-28 00:54:27.000000000 +0200
++++ Makefile.in	2016-08-01 19:49:56.178956249 +0200
 @@ -110,7 +110,7 @@
  	sftp-server.o sftp-common.o \
  	sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
@@ -11,8 +11,8 @@ Index: Makefile.in
  MANPAGES	= moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out
  MANPAGES_IN	= moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5
 Index: README.lpk
---- README.lpk.orig	2016-03-10 19:55:44.792556230 +0100
-+++ README.lpk	2016-03-10 19:55:44.792556230 +0100
+--- README.lpk.orig	2016-08-01 19:49:56.178956249 +0200
++++ README.lpk	2016-08-01 19:49:56.178956249 +0200
 @@ -0,0 +1,267 @@
 +OpenSSH LDAP PUBLIC KEY PATCH 
 +Copyright (c) 2003 Eric AUGE (eau@phear.org)
@@ -282,8 +282,8 @@ Index: README.lpk
 +  - Eric AUGE <eau@phear.org>
 +  - Andrea Barisani <andrea@inversepath.com>
 Index: auth-rsa.c
---- auth-rsa.c.orig	2016-03-09 19:04:48.000000000 +0100
-+++ auth-rsa.c	2016-03-10 19:55:44.792556230 +0100
+--- auth-rsa.c.orig	2016-07-28 00:54:27.000000000 +0200
++++ auth-rsa.c	2016-08-01 19:49:56.182129488 +0200
 @@ -176,6 +176,93 @@
  	FILE *f;
  	u_long linenum = 0;
@@ -379,8 +379,8 @@ Index: auth-rsa.c
  	debug("trying public RSA key file %s", file);
  	if ((f = auth_openkeyfile(file, pw, options.strict_modes)) == NULL)
 Index: auth2-pubkey.c
---- auth2-pubkey.c.orig	2016-03-09 19:04:48.000000000 +0100
-+++ auth2-pubkey.c	2016-03-10 19:55:44.792556230 +0100
+--- auth2-pubkey.c.orig	2016-07-28 00:54:27.000000000 +0200
++++ auth2-pubkey.c	2016-08-01 19:49:56.182129488 +0200
 @@ -69,6 +69,10 @@
  #include "channels.h" /* XXX for session.h */
  #include "session.h" /* XXX for child_set_env(); refactor? */
@@ -471,9 +471,9 @@ Index: auth2-pubkey.c
  		char *cp, *key_options = NULL;
  		if (found != NULL)
 Index: config.h.in
---- config.h.in.orig	2016-03-09 19:52:44.000000000 +0100
-+++ config.h.in	2016-03-10 19:55:44.792556230 +0100
-@@ -727,6 +727,9 @@
+--- config.h.in.orig	2016-08-01 04:01:58.000000000 +0200
++++ config.h.in	2016-08-01 19:49:56.182129488 +0200
+@@ -739,6 +739,9 @@
  /* Define to 1 if you have the <locale.h> header file. */
  #undef HAVE_LOCALE_H
  
@@ -484,9 +484,9 @@ Index: config.h.in
  #undef HAVE_LOGIN
  
 Index: configure.ac
---- configure.ac.orig	2016-03-09 19:04:48.000000000 +0100
-+++ configure.ac	2016-03-10 19:55:44.792556230 +0100
-@@ -1646,6 +1646,37 @@
+--- configure.ac.orig	2016-07-28 00:54:27.000000000 +0200
++++ configure.ac	2016-08-01 19:49:56.182129488 +0200
+@@ -1675,6 +1675,37 @@
  	fi
  fi
  
@@ -524,7 +524,7 @@ Index: configure.ac
  dnl    Checks for library functions. Please keep in alphabetical order
  AC_CHECK_FUNCS([ \
  	Blowfish_initstate \
-@@ -4979,6 +5010,7 @@
+@@ -5035,6 +5066,7 @@
  echo "                   SELinux support: $SELINUX_MSG"
  echo "                 Smartcard support: $SCARD_MSG"
  echo "                     S/KEY support: $SKEY_MSG"
@@ -533,9 +533,9 @@ Index: configure.ac
  echo "                   libedit support: $LIBEDIT_MSG"
  echo "  Solaris process contract support: $SPC_MSG"
 Index: configure
---- configure.orig	2016-03-09 19:52:41.000000000 +0100
-+++ configure	2016-03-10 19:55:44.802563228 +0100
-@@ -1339,6 +1339,7 @@
+--- configure.orig	2016-08-01 04:01:55.000000000 +0200
++++ configure	2016-08-01 19:49:56.182129488 +0200
+@@ -1340,6 +1340,7 @@
    --with-ldns[=PATH]      Use ldns for DNSSEC support (optionally in PATH)
    --with-libedit[=PATH]   Enable libedit support for sftp
    --with-audit=module     Enable audit support (modules=debug,bsm,linux)
@@ -543,7 +543,7 @@ Index: configure
    --with-pie              Build Position Independent Executables if possible
    --with-ssl-dir=PATH     Specify path to OpenSSL installation
    --without-openssl-header-check Disable OpenSSL version consistency check
-@@ -16895,6 +16896,57 @@
+@@ -17082,6 +17083,57 @@
  
  
  
@@ -601,7 +601,7 @@ Index: configure
  for ac_func in  \
  	Blowfish_initstate \
  	Blowfish_expandstate \
-@@ -37205,6 +37257,7 @@
+@@ -37516,6 +37568,7 @@
  echo "                   SELinux support: $SELINUX_MSG"
  echo "                 Smartcard support: $SCARD_MSG"
  echo "                     S/KEY support: $SKEY_MSG"
@@ -610,8 +610,8 @@ Index: configure
  echo "                   libedit support: $LIBEDIT_MSG"
  echo "  Solaris process contract support: $SPC_MSG"
 Index: ldapauth.c
---- ldapauth.c.orig	2016-03-10 19:55:44.802563228 +0100
-+++ ldapauth.c	2016-03-10 19:55:44.802563228 +0100
+--- ldapauth.c.orig	2016-08-01 19:49:56.192186562 +0200
++++ ldapauth.c	2016-08-01 19:49:56.182129488 +0200
 @@ -0,0 +1,579 @@
 +/* 
 + * $Id: openssh-lpk-4.3p1-0.3.7.patch,v 1.3 2006/04/18 15:29:09 eau Exp $
@@ -1193,8 +1193,8 @@ Index: ldapauth.c
 +
 +#endif /* WITH_LDAP_PUBKEY */
 Index: ldapauth.h
---- ldapauth.h.orig	2016-03-10 19:55:44.802563228 +0100
-+++ ldapauth.h	2016-03-10 19:55:44.802563228 +0100
+--- ldapauth.h.orig	2016-08-01 19:49:56.192186562 +0200
++++ ldapauth.h	2016-08-01 19:49:56.192186562 +0200
 @@ -0,0 +1,130 @@
 +/*
 + * $Id: openssh-lpk-4.3p1-0.3.7.patch,v 1.3 2006/04/18 15:29:09 eau Exp $ 
@@ -1327,8 +1327,8 @@ Index: ldapauth.h
 +
 +#endif
 Index: lpk-user-example.txt
---- lpk-user-example.txt.orig	2016-03-10 19:55:44.802563228 +0100
-+++ lpk-user-example.txt	2016-03-10 19:55:44.802563228 +0100
+--- lpk-user-example.txt.orig	2016-08-01 19:49:56.192186562 +0200
++++ lpk-user-example.txt	2016-08-01 19:49:56.192186562 +0200
 @@ -0,0 +1,117 @@
 +
 +Post to ML -> User Made Quick Install Doc.
@@ -1448,8 +1448,8 @@ Index: lpk-user-example.txt
 +
 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 Index: openssh-lpk_openldap.schema
---- openssh-lpk_openldap.schema.orig	2016-03-10 19:55:44.802563228 +0100
-+++ openssh-lpk_openldap.schema	2016-03-10 19:55:44.802563228 +0100
+--- openssh-lpk_openldap.schema.orig	2016-08-01 19:49:56.192186562 +0200
++++ openssh-lpk_openldap.schema	2016-08-01 19:49:56.192186562 +0200
 @@ -0,0 +1,19 @@
 +#
 +# LDAP Public Key Patch schema for use with openssh-ldappubkey
@@ -1471,8 +1471,8 @@ Index: openssh-lpk_openldap.schema
 +	MUST ( sshPublicKey $ uid ) 
 +	)
 Index: openssh-lpk_sun.schema
---- openssh-lpk_sun.schema.orig	2016-03-10 19:55:44.802563228 +0100
-+++ openssh-lpk_sun.schema	2016-03-10 19:55:44.802563228 +0100
+--- openssh-lpk_sun.schema.orig	2016-08-01 19:49:56.192186562 +0200
++++ openssh-lpk_sun.schema	2016-08-01 19:49:56.192186562 +0200
 @@ -0,0 +1,21 @@
 +#
 +# LDAP Public Key Patch schema for use with openssh-ldappubkey
@@ -1496,8 +1496,8 @@ Index: openssh-lpk_sun.schema
 +	MUST ( sshPublicKey $ uid ) 
 +	)
 Index: servconf.c
---- servconf.c.orig	2016-03-09 19:04:48.000000000 +0100
-+++ servconf.c	2016-03-10 19:55:44.802563228 +0100
+--- servconf.c.orig	2016-07-28 00:54:27.000000000 +0200
++++ servconf.c	2016-08-01 19:49:56.192186562 +0200
 @@ -58,6 +58,10 @@
  #include "myproposal.h"
  #include "digest.h"
@@ -1573,7 +1573,7 @@ Index: servconf.c
  
  	assemble_algorithms(options);
  
-@@ -431,6 +485,12 @@
+@@ -439,6 +493,12 @@
  	sStreamLocalBindMask, sStreamLocalBindUnlink,
  	sAllowStreamLocalForwarding, sFingerprintHash,
  	sDeprecated, sUnsupported
@@ -1586,7 +1586,7 @@ Index: servconf.c
  } ServerOpCodes;
  
  #define SSHCFG_GLOBAL	0x01	/* allowed in main section of sshd_config */
-@@ -547,6 +607,22 @@
+@@ -555,6 +615,22 @@
  	{ "clientalivecountmax", sClientAliveCountMax, SSHCFG_GLOBAL },
  	{ "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL },
  	{ "authorizedkeysfile2", sDeprecated, SSHCFG_ALL },
@@ -1609,7 +1609,7 @@ Index: servconf.c
  	{ "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL},
  	{ "acceptenv", sAcceptEnv, SSHCFG_ALL },
  	{ "permittunnel", sPermitTunnel, SSHCFG_ALL },
-@@ -970,6 +1046,7 @@
+@@ -979,6 +1055,7 @@
  	int cmdline = 0, *intptr, value, value2, n, port;
  	SyslogFacility *log_facility_ptr;
  	LogLevel *log_level_ptr;
@@ -1617,7 +1617,7 @@ Index: servconf.c
  	ServerOpCodes opcode;
  	u_int i, flags = 0;
  	size_t len;
-@@ -985,6 +1062,7 @@
+@@ -994,6 +1071,7 @@
  	if (!arg || !*arg || *arg == '#')
  		return 0;
  	intptr = NULL;
@@ -1625,7 +1625,7 @@ Index: servconf.c
  	charptr = NULL;
  	opcode = parse_token(arg, filename, linenum, &flags);
  
-@@ -1863,6 +1941,133 @@
+@@ -1892,6 +1970,133 @@
  		while (arg)
  		    arg = strdelim(&cp);
  		break;
@@ -1760,8 +1760,8 @@ Index: servconf.c
  	default:
  		fatal("%s line %d: Missing handler for opcode %s (%d)",
 Index: servconf.h
---- servconf.h.orig	2016-03-09 19:04:48.000000000 +0100
-+++ servconf.h	2016-03-10 19:55:44.802563228 +0100
+--- servconf.h.orig	2016-07-28 00:54:27.000000000 +0200
++++ servconf.h	2016-08-01 19:49:56.192186562 +0200
 @@ -16,6 +16,10 @@
  #ifndef SERVCONF_H
  #define SERVCONF_H
@@ -1784,8 +1784,8 @@ Index: servconf.h
  	int	num_permitted_opens;
  
 Index: sshd.c
---- sshd.c.orig	2016-03-09 19:04:48.000000000 +0100
-+++ sshd.c	2016-03-10 19:55:44.802563228 +0100
+--- sshd.c.orig	2016-07-28 00:54:27.000000000 +0200
++++ sshd.c	2016-08-01 19:49:56.192186562 +0200
 @@ -125,6 +125,10 @@
  #include "version.h"
  #include "ssherr.h"
@@ -1797,7 +1797,7 @@ Index: sshd.c
  #ifndef O_NOCTTY
  #define O_NOCTTY	0
  #endif
-@@ -1744,6 +1748,17 @@
+@@ -1803,6 +1807,17 @@
  		exit(1);
  	}
  
@@ -1816,9 +1816,9 @@ Index: sshd.c
  #ifdef WITH_OPENSSL
  	    SSLeay_version(SSLEAY_VERSION)
 Index: sshd_config.5
---- sshd_config.5.orig	2016-03-09 19:04:48.000000000 +0100
-+++ sshd_config.5	2016-03-10 19:55:44.802563228 +0100
-@@ -1684,6 +1684,62 @@
+--- sshd_config.5.orig	2016-07-28 00:54:27.000000000 +0200
++++ sshd_config.5	2016-08-01 19:49:56.192186562 +0200
+@@ -1696,6 +1696,62 @@
  to not use one.
  The default is
  .Pa /usr/X11R6/bin/xauth .
@@ -1882,9 +1882,9 @@ Index: sshd_config.5
  .Sh TIME FORMATS
  .Xr sshd 8
 Index: sshd_config
---- sshd_config.orig	2016-03-09 19:04:48.000000000 +0100
-+++ sshd_config	2016-03-10 19:55:44.813280093 +0100
-@@ -122,6 +122,22 @@
+--- sshd_config.orig	2016-07-28 00:54:27.000000000 +0200
++++ sshd_config	2016-08-01 19:49:56.192186562 +0200
+@@ -121,6 +121,22 @@
  # no default banner path
  #Banner none
  

openssh/openssh.patch.scpbindir

@@ -1,6 +1,6 @@
 Index: session.c
---- session.c.orig	2016-03-09 19:04:48.000000000 +0100
-+++ session.c	2016-03-10 19:55:56.232589251 +0100
+--- session.c.orig	2016-07-28 00:54:27.000000000 +0200
++++ session.c	2016-08-01 19:50:13.152126093 +0200
 @@ -110,6 +110,10 @@
  	  c[sizeof(INTERNAL_SFTP_NAME) - 1] == ' ' || \
  	  c[sizeof(INTERNAL_SFTP_NAME) - 1] == '\t'))
@@ -12,7 +12,7 @@ Index: session.c
  /* func */
  
  Session *session_new(void);
-@@ -803,6 +807,20 @@
+@@ -805,6 +809,20 @@
  	int ret;
  	const char *forced = NULL, *tty = NULL;
  	char session_type[1024];
@@ -33,7 +33,7 @@ Index: session.c
  
  	if (options.adm_forced_command) {
  		original_command = command;
-@@ -863,6 +881,8 @@
+@@ -865,6 +883,8 @@
  		ret = do_exec_no_pty(s, command);
  
  	original_command = NULL;

openssh/openssh.patch.watchdog

@@ -1,7 +1,7 @@
 Index: clientloop.c
---- clientloop.c.orig	2016-03-09 19:04:48.000000000 +0100
-+++ clientloop.c	2016-03-10 19:56:07.622629256 +0100
-@@ -161,6 +161,7 @@
+--- clientloop.c.orig	2016-07-28 00:54:27.000000000 +0200
++++ clientloop.c	2016-08-01 19:50:27.782128510 +0200
+@@ -164,6 +164,7 @@
  static u_int buffer_high;	/* Soft max buffer size. */
  static int connection_in;	/* Connection to server (input). */
  static int connection_out;	/* Connection to server (output). */
@@ -9,7 +9,7 @@ Index: clientloop.c
  static int need_rekeying;	/* Set to non-zero if rekeying is requested. */
  static int session_closed;	/* In SSH2: login session closed. */
  static u_int x11_refuse_time;	/* If >0, refuse x11 opens after this time. */
-@@ -679,8 +680,11 @@
+@@ -682,8 +683,11 @@
  	}
  	if (minwait_secs != 0)
  		timeout_secs = MIN(timeout_secs, (int)minwait_secs);
@@ -23,7 +23,7 @@ Index: clientloop.c
  	else {
  		tv.tv_sec = timeout_secs;
  		tv.tv_usec = 0;
-@@ -714,6 +718,38 @@
+@@ -717,6 +721,38 @@
  			server_alive_check();
  	}
  
@@ -62,7 +62,7 @@ Index: clientloop.c
  }
  
  static void
-@@ -1540,6 +1576,7 @@
+@@ -1544,6 +1580,7 @@
  	}
  
  	start_time = get_current_time();
@@ -71,9 +71,9 @@ Index: clientloop.c
  	/* Initialize variables. */
  	escape_pending1 = 0;
 Index: readconf.c
---- readconf.c.orig	2016-03-09 19:04:48.000000000 +0100
-+++ readconf.c	2016-03-10 19:56:07.622629256 +0100
-@@ -139,7 +139,7 @@
+--- readconf.c.orig	2016-07-28 00:54:27.000000000 +0200
++++ readconf.c	2016-08-01 19:50:27.782128510 +0200
+@@ -151,7 +151,7 @@
  	oUser, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
  	oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
  	oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
@@ -82,7 +82,7 @@ Index: readconf.c
  	oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs,
  	oPubkeyAuthentication,
  	oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
-@@ -231,6 +231,7 @@
+@@ -244,6 +244,7 @@
  	{ "compressionlevel", oCompressionLevel },
  	{ "tcpkeepalive", oTCPKeepAlive },
  	{ "keepalive", oTCPKeepAlive },				/* obsolete */
@@ -90,7 +90,7 @@ Index: readconf.c
  	{ "numberofpasswordprompts", oNumberOfPasswordPrompts },
  	{ "loglevel", oLogLevel },
  	{ "dynamicforward", oDynamicForward },
-@@ -960,6 +961,10 @@
+@@ -996,6 +997,10 @@
  		intptr = &options->no_host_authentication_for_localhost;
  		goto parse_flag;
  
@@ -101,7 +101,7 @@ Index: readconf.c
  	case oNumberOfPasswordPrompts:
  		intptr = &options->number_of_password_prompts;
  		goto parse_int;
-@@ -1659,6 +1664,7 @@
+@@ -1788,6 +1793,7 @@
  	options->strict_host_key_checking = -1;
  	options->compression = -1;
  	options->tcp_keep_alive = -1;
@@ -109,7 +109,7 @@ Index: readconf.c
  	options->compression_level = -1;
  	options->port = -1;
  	options->address_family = -1;
-@@ -1797,6 +1803,8 @@
+@@ -1941,6 +1947,8 @@
  		options->compression = 0;
  	if (options->tcp_keep_alive == -1)
  		options->tcp_keep_alive = 1;
@@ -119,8 +119,8 @@ Index: readconf.c
  		options->compression_level = 6;
  	if (options->port == -1)
 Index: readconf.h
---- readconf.h.orig	2016-03-09 19:04:48.000000000 +0100
-+++ readconf.h	2016-03-10 19:56:07.632530654 +0100
+--- readconf.h.orig	2016-07-28 00:54:27.000000000 +0200
++++ readconf.h	2016-08-01 19:50:27.782128510 +0200
 @@ -59,6 +59,9 @@
  	int     tcp_keep_alive;	/* Set SO_KEEPALIVE. */
  	int	ip_qos_interactive;	/* IP ToS/DSCP/class for interactive */
@@ -132,8 +132,8 @@ Index: readconf.h
  
  	int     port;		/* Port to connect. */
 Index: servconf.c
---- servconf.c.orig	2016-03-09 19:04:48.000000000 +0100
-+++ servconf.c	2016-03-10 19:56:07.632530654 +0100
+--- servconf.c.orig	2016-07-28 00:54:27.000000000 +0200
++++ servconf.c	2016-08-01 19:50:27.782128510 +0200
 @@ -102,6 +102,8 @@
  	options->xauth_location = NULL;
  	options->strict_modes = -1;
@@ -154,7 +154,7 @@ Index: servconf.c
  	if (options->log_facility == SYSLOG_FACILITY_NOT_SET)
  		options->log_facility = SYSLOG_FACILITY_AUTH;
  	if (options->log_level == SYSLOG_LEVEL_NOT_SET)
-@@ -408,7 +414,7 @@
+@@ -416,7 +422,7 @@
  	sListenAddress, sAddressFamily,
  	sPrintMotd, sPrintLastLog, sIgnoreRhosts,
  	sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
@@ -163,7 +163,7 @@ Index: servconf.c
  	sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,
  	sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
  	sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
-@@ -525,6 +531,8 @@
+@@ -533,6 +539,8 @@
  	{ "rekeylimit", sRekeyLimit, SSHCFG_ALL },
  	{ "tcpkeepalive", sTCPKeepAlive, SSHCFG_GLOBAL },
  	{ "keepalive", sTCPKeepAlive, SSHCFG_GLOBAL },	/* obsolete alias */
@@ -172,7 +172,7 @@ Index: servconf.c
  	{ "allowtcpforwarding", sAllowTcpForwarding, SSHCFG_ALL },
  	{ "allowagentforwarding", sAllowAgentForwarding, SSHCFG_ALL },
  	{ "allowusers", sAllowUsers, SSHCFG_ALL },
-@@ -1302,6 +1310,14 @@
+@@ -1311,6 +1319,14 @@
  		intptr = &options->tcp_keep_alive;
  		goto parse_flag;
  
@@ -188,8 +188,8 @@ Index: servconf.c
  		intptr = &options->permit_empty_passwd;
  		goto parse_flag;
 Index: servconf.h
---- servconf.h.orig	2016-03-09 19:04:48.000000000 +0100
-+++ servconf.h	2016-03-10 19:56:07.632530654 +0100
+--- servconf.h.orig	2016-07-28 00:54:27.000000000 +0200
++++ servconf.h	2016-08-01 19:50:27.782128510 +0200
 @@ -90,6 +90,10 @@
  	int     tcp_keep_alive;	/* If true, set SO_KEEPALIVE. */
  	int	ip_qos_interactive;	/* IP ToS/DSCP/class for interactive */
@@ -202,8 +202,8 @@ Index: servconf.h
  	char   *macs;		/* Supported SSH2 macs. */
  	char   *kex_algorithms;	/* SSH2 kex methods in order of preference. */
 Index: serverloop.c
---- serverloop.c.orig	2016-03-09 19:04:48.000000000 +0100
-+++ serverloop.c	2016-03-10 19:56:07.632530654 +0100
+--- serverloop.c.orig	2016-07-28 00:54:27.000000000 +0200
++++ serverloop.c	2016-08-01 19:51:10.172127658 +0200
 @@ -106,6 +106,8 @@
  static int connection_closed = 0;	/* Connection to client closed. */
  static u_int buffer_high;	/* "Soft" max buffer size. */
@@ -221,9 +221,9 @@ Index: serverloop.c
  	time_t minwait_secs = 0;
  	int client_alive_scheduled = 0;
  	int program_alive_scheduled = 0;
-@@ -356,6 +359,19 @@
- 		if (max_time_milliseconds == 0 || client_alive_scheduled)
- 			max_time_milliseconds = 100;
+@@ -350,6 +353,19 @@
+ 	if (packet_have_data_to_write())
+ 		FD_SET(connection_out, *writesetp);
  
 +	/* When the watchdog is needed, set the maximum length
 +	 * of timeout to 0.25sec.
@@ -238,10 +238,10 @@ Index: serverloop.c
 +		}
 +	}
 +
- 	if (max_time_milliseconds == 0)
- 		tvp = NULL;
- 	else {
-@@ -383,6 +399,23 @@
+ 	/*
+ 	 * If child has terminated and there is enough buffer space to read
+ 	 * from it, then read as much as is available and exit.
+@@ -385,6 +401,23 @@
  		}
  	}
  
@@ -265,7 +265,7 @@ Index: serverloop.c
  	notify_done(*readsetp);
  }
  
-@@ -563,7 +596,9 @@
+@@ -567,7 +600,9 @@
  	u_int64_t max_time_milliseconds;
  	u_int previous_stdout_buffer_bytes;
  	u_int stdout_buffer_bytes;
@@ -276,7 +276,7 @@ Index: serverloop.c
  
  	debug("Entering interactive session.");
  
-@@ -630,6 +665,8 @@
+@@ -634,6 +669,8 @@
  
  	server_init_dispatch();
  
@@ -285,7 +285,7 @@ Index: serverloop.c
  	/* Main loop of the server for the interactive session mode. */
  	for (;;) {
  
-@@ -710,6 +747,9 @@
+@@ -714,6 +751,9 @@
  			cleanup_exit(255);
  		}
  
@@ -295,7 +295,7 @@ Index: serverloop.c
  		/* Process any channel events. */
  		channel_after_select(readset, writeset);
  
-@@ -719,13 +759,33 @@
+@@ -723,13 +763,33 @@
  		/* Process output to the client and to program stdin. */
  		process_output(writeset);
  	}
@@ -330,7 +330,7 @@ Index: serverloop.c
  
  	debug("End of interactive session; stdin %ld, stdout (read %ld, sent %ld), stderr %ld bytes.",
  	    stdin_bytes, fdout_bytes, stdout_bytes, stderr_bytes);
-@@ -753,6 +813,12 @@
+@@ -757,6 +817,12 @@
  	/* We no longer want our SIGCHLD handler to be called. */
  	mysignal(SIGCHLD, SIG_DFL);
  
@@ -343,7 +343,7 @@ Index: serverloop.c
  	while ((wait_pid = waitpid(-1, &wait_status, 0)) < 0)
  		if (errno != EINTR)
  			packet_disconnect("wait: %.100s", strerror(errno));
-@@ -828,6 +894,7 @@
+@@ -832,6 +898,7 @@
  
  	mysignal(SIGCHLD, sigchld_handler);
  	child_terminated = 0;
@@ -351,7 +351,7 @@ Index: serverloop.c
  	connection_in = packet_get_connection_in();
  	connection_out = packet_get_connection_out();
  
-@@ -844,6 +911,8 @@
+@@ -848,6 +915,8 @@
  
  	server_init_dispatch();
  
@@ -360,7 +360,7 @@ Index: serverloop.c
  	for (;;) {
  		process_buffered_input_packets();
  
-@@ -865,6 +934,12 @@
+@@ -869,6 +938,12 @@
  			cleanup_exit(255);
  		}
  
@@ -374,9 +374,9 @@ Index: serverloop.c
  		if (!ssh_packet_is_rekeying(active_state))
  			channel_after_select(readset, writeset);
 Index: ssh.1
---- ssh.1.orig	2016-03-09 19:04:48.000000000 +0100
-+++ ssh.1	2016-03-10 19:56:07.632530654 +0100
-@@ -495,6 +495,7 @@
+--- ssh.1.orig	2016-07-28 00:54:27.000000000 +0200
++++ ssh.1	2016-08-01 19:50:27.792125590 +0200
+@@ -514,6 +514,7 @@
  .It GSSAPIAuthentication
  .It GSSAPIDelegateCredentials
  .It HashKnownHosts
@@ -385,8 +385,8 @@ Index: ssh.1
  .It HostbasedAuthentication
  .It HostbasedKeyTypes
 Index: ssh_config.5
---- ssh_config.5.orig	2016-03-09 19:04:48.000000000 +0100
-+++ ssh_config.5	2016-03-10 19:56:07.632530654 +0100
+--- ssh_config.5.orig	2016-07-28 00:54:27.000000000 +0200
++++ ssh_config.5	2016-08-01 19:50:27.792125590 +0200
 @@ -847,6 +847,23 @@
  will not be converted automatically,
  but may be manually hashed using
@@ -412,9 +412,9 @@ Index: ssh_config.5
  Specifies whether to try rhosts based authentication with public key
  authentication.
 Index: sshd_config.5
---- sshd_config.5.orig	2016-03-09 19:04:48.000000000 +0100
-+++ sshd_config.5	2016-03-10 19:56:07.632530654 +0100
-@@ -1611,6 +1611,30 @@
+--- sshd_config.5.orig	2016-07-28 00:54:27.000000000 +0200
++++ sshd_config.5	2016-08-01 19:50:27.792125590 +0200
+@@ -1623,6 +1623,30 @@
  sent by the server upon connection.
  The default is
  .Dq none .

openssh/openssh.spec

@@ -22,8 +22,8 @@
 ##
 
 #   package versions
-%define       V_base        7.2
-%define       V_portable    p2
+%define       V_base        7.3
+%define       V_portable    p1
 %define       V_connect     100
 %define       V_hpn         6.6p1-hpnssh14v5
 
@@ -38,7 +38,7 @@ Class:        CORE
 Group:        SSH
 License:      BSD
 Version:      %{V_base}%{V_portable}
-Release:      20160310
+Release:      20160801
 
 #   package options
 %option       with_fsl          yes
@@ -57,7 +57,7 @@ Release:      20160310
 %option       with_ssh1         no
 
 #   list of sources
-Source0:      ftp://ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
+Source0:      ftp://ftp3.usa.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
 Source1:      rc.openssh
 Source2:      fsl.openssh
 Source3:      sshd_config
@@ -123,7 +123,7 @@ PreReq:       libedit
 %track
     prog openssh = {
         version   = %{version}
-        url       = ftp://ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/
+        url       = ftp://ftp3.usa.openbsd.org/pub/OpenBSD/OpenSSH/portable/
         regex     = openssh-(\d+\.\d+p\d+)\.tar\.gz
     }
     prog openssh:hpn = {