rebase to openssh-6.0p1

6.0p1-1 + 0.9.3-2
2012-08-06 21:32:10 +02:00 · 2012-08-06 21:32:10 +02:00 · 65ba94ef1a
commit 65ba94ef1a
parent 90e11f338c
9 changed files with 1936 additions and 996 deletions
--- a/.gitignore
+++ b/.gitignore
@ -6,3 +6,4 @@ pam_ssh_agent_auth-0.9.2.tar.bz2
 /openssh-5.8p2-noacss.tar.bz2
 /openssh-5.9p1-noacss.tar.bz2
 /pam_ssh_agent_auth-0.9.3.tar.bz2
 /openssh-6.0p1-noacss.tar.bz2
--- a/openssh-6.0p1-audit1.patch
+++ b/openssh-6.0p1-audit1.patch
@ -1,7 +1,7 @@
-diff -up openssh-5.9p0/audit-bsm.c.audit1 openssh-5.9p0/audit-bsm.c
+diff -up openssh-6.0p1/audit-bsm.c.audit1 openssh-6.0p1/audit-bsm.c
--- openssh-5.9p0/audit-bsm.c.audit1	2011-01-17 11:15:29.000000000 +0100
+--- openssh-6.0p1/audit-bsm.c.audit1	2012-02-24 00:40:43.000000000 +0100
-+++ openssh-5.9p0/audit-bsm.c	2011-08-30 10:46:57.704148875 +0200
+++ openssh-6.0p1/audit-bsm.c	2012-08-06 20:33:24.416382804 +0200
-@@ -298,10 +298,23 @@ audit_connection_from(const char *host,
+@@ -375,10 +375,23 @@ audit_connection_from(const char *host,
 #endif
 }
@ -26,9 +26,78 @@ diff -up openssh-5.9p0/audit-bsm.c.audit1 openssh-5.9p0/audit-bsm.c
 }
 void
-diff -up openssh-5.9p0/audit-linux.c.audit1 openssh-5.9p0/audit-linux.c
+diff -up openssh-6.0p1/audit.c.audit1 openssh-6.0p1/audit.c
--- openssh-5.9p0/audit-linux.c.audit1	2011-01-17 11:15:30.000000000 +0100
+--- openssh-6.0p1/audit.c.audit1	2011-01-17 11:15:30.000000000 +0100
-+++ openssh-5.9p0/audit-linux.c	2011-08-30 10:46:58.059024733 +0200
+++ openssh-6.0p1/audit.c	2012-08-06 20:33:24.417382801 +0200
@@ -140,6 +140,17 @@ audit_event(ssh_audit_event_t event)
 }
 /*
 + * Called when a child process has called, or will soon call,
 + * audit_session_open.
 + */
 +void
 +audit_count_session_open(void)
 +{
 +	debug("audit count session open euid %d user %s", geteuid(),
 +	      audit_username());
 +}
 +
 +/*
  * Called when a user session is started.  Argument is the tty allocated to
  * the session, or NULL if no tty was allocated.
  *
@@ -174,13 +185,29 @@ audit_session_close(struct logininfo *li
 /*
  * This will be called when a user runs a non-interactive command.  Note that
  * it may be called multiple times for a single connection since SSH2 allows
 - * multiple sessions within a single connection.
 + * multiple sessions within a single connection.  Returns a "handle" for
 + * audit_end_command.
  */
 -void
 +int
 audit_run_command(const char *command)
 {
 	debug("audit run command euid %d user %s command '%.200s'", geteuid(),
 	    audit_username(), command);
 +	return 0;
 +}
 +
 +/*
 + * This will be called when the non-interactive command finishes.  Note that
 + * it may be called multiple times for a single connection since SSH2 allows
 + * multiple sessions within a single connection.  "handle" should come from
 + * the corresponding audit_run_command.
 + */
 +void
 +audit_end_command(int handle, const char *command)
 +{
 +	debug("audit end nopty exec  euid %d user %s command '%.200s'", geteuid(),
 +	    audit_username(), command);
 }
 +
 # endif  /* !defined CUSTOM_SSH_AUDIT_EVENTS */
 #endif /* SSH_AUDIT_EVENTS */
 diff -up openssh-6.0p1/audit.h.audit1 openssh-6.0p1/audit.h
 --- openssh-6.0p1/audit.h.audit1	2011-01-17 11:15:30.000000000 +0100
 +++ openssh-6.0p1/audit.h	2012-08-06 20:33:24.417382801 +0200
@@ -49,9 +49,11 @@ typedef enum ssh_audit_event_type ssh_au
 void	audit_connection_from(const char *, int);
 void	audit_event(ssh_audit_event_t);
 +void	audit_count_session_open(void);
 void	audit_session_open(struct logininfo *);
 void	audit_session_close(struct logininfo *);
 -void	audit_run_command(const char *);
 +int	audit_run_command(const char *);
 +void 	audit_end_command(int, const char *);
 ssh_audit_event_t audit_classify_auth(const char *);
 #endif /* _SSH_AUDIT_H */
 diff -up openssh-6.0p1/audit-linux.c.audit1 openssh-6.0p1/audit-linux.c
 --- openssh-6.0p1/audit-linux.c.audit1	2011-01-17 11:15:30.000000000 +0100
 +++ openssh-6.0p1/audit-linux.c	2012-08-06 20:33:24.416382804 +0200
@@ -35,13 +35,20 @@
 #include "log.h"
@ -244,78 +313,9 @@ diff -up openssh-5.9p0/audit-linux.c.audit1 openssh-5.9p0/audit-linux.c
 		break;
 	default:
-diff -up openssh-5.9p0/audit.c.audit1 openssh-5.9p0/audit.c
+diff -up openssh-6.0p1/monitor.c.audit1 openssh-6.0p1/monitor.c
--- openssh-5.9p0/audit.c.audit1	2011-01-17 11:15:30.000000000 +0100
+--- openssh-6.0p1/monitor.c.audit1	2012-08-06 20:33:24.410382828 +0200
-+++ openssh-5.9p0/audit.c	2011-08-30 10:46:57.822025769 +0200
+++ openssh-6.0p1/monitor.c	2012-08-06 20:33:24.418382797 +0200
@@ -140,6 +140,17 @@ audit_event(ssh_audit_event_t event)
 }
 /*
 + * Called when a child process has called, or will soon call,
 + * audit_session_open.
 + */
 +void
 +audit_count_session_open(void)
 +{
 +	debug("audit count session open euid %d user %s", geteuid(),
 +	      audit_username());
 +}
 +
 +/*
  * Called when a user session is started.  Argument is the tty allocated to
  * the session, or NULL if no tty was allocated.
  *
@@ -174,13 +185,29 @@ audit_session_close(struct logininfo *li
 /*
  * This will be called when a user runs a non-interactive command.  Note that
  * it may be called multiple times for a single connection since SSH2 allows
 - * multiple sessions within a single connection.
 + * multiple sessions within a single connection.  Returns a "handle" for
 + * audit_end_command.
  */
 -void
 +int
 audit_run_command(const char *command)
 {
 	debug("audit run command euid %d user %s command '%.200s'", geteuid(),
 	    audit_username(), command);
 +	return 0;
 +}
 +
 +/*
 + * This will be called when the non-interactive command finishes.  Note that
 + * it may be called multiple times for a single connection since SSH2 allows
 + * multiple sessions within a single connection.  "handle" should come from
 + * the corresponding audit_run_command.
 + */
 +void
 +audit_end_command(int handle, const char *command)
 +{
 +	debug("audit end nopty exec  euid %d user %s command '%.200s'", geteuid(),
 +	    audit_username(), command);
 }
 +
 # endif  /* !defined CUSTOM_SSH_AUDIT_EVENTS */
 #endif /* SSH_AUDIT_EVENTS */
 diff -up openssh-5.9p0/audit.h.audit1 openssh-5.9p0/audit.h
 --- openssh-5.9p0/audit.h.audit1	2011-01-17 11:15:30.000000000 +0100
 +++ openssh-5.9p0/audit.h	2011-08-30 10:46:57.952035525 +0200
@@ -49,9 +49,11 @@ typedef enum ssh_audit_event_type ssh_au
 void	audit_connection_from(const char *, int);
 void	audit_event(ssh_audit_event_t);
 +void	audit_count_session_open(void);
 void	audit_session_open(struct logininfo *);
 void	audit_session_close(struct logininfo *);
 -void	audit_run_command(const char *);
 +int	audit_run_command(const char *);
 +void 	audit_end_command(int, const char *);
 ssh_audit_event_t audit_classify_auth(const char *);
 #endif /* _SSH_AUDIT_H */
 diff -up openssh-5.9p0/monitor.c.audit1 openssh-5.9p0/monitor.c
 --- openssh-5.9p0/monitor.c.audit1	2011-08-05 22:15:18.000000000 +0200
 +++ openssh-5.9p0/monitor.c	2011-08-30 10:50:47.074038891 +0200
@@ -185,6 +185,7 @@ int mm_answer_gss_checkmic(int, Buffer *
 #ifdef SSH_AUDIT_EVENTS
 int mm_answer_audit_event(int, Buffer *);
@ -324,7 +324,7 @@ diff -up openssh-5.9p0/monitor.c.audit1 openssh-5.9p0/monitor.c
 #endif
 static int monitor_read_log(struct monitor *);
-@@ -271,6 +272,7 @@ struct mon_table mon_dispatch_postauth20
+@@ -272,6 +273,7 @@ struct mon_table mon_dispatch_postauth20
 #ifdef SSH_AUDIT_EVENTS
     {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
     {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command},
@ -332,7 +332,7 @@ diff -up openssh-5.9p0/monitor.c.audit1 openssh-5.9p0/monitor.c
 #endif
     {0, 0, NULL}
 };
-@@ -313,6 +315,7 @@ struct mon_table mon_dispatch_postauth15
+@@ -314,6 +316,7 @@ struct mon_table mon_dispatch_postauth15
 #ifdef SSH_AUDIT_EVENTS
     {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
     {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT|MON_ONCE, mm_answer_audit_command},
@ -340,7 +340,7 @@ diff -up openssh-5.9p0/monitor.c.audit1 openssh-5.9p0/monitor.c
 #endif
     {0, 0, NULL}
 };
-@@ -1398,6 +1401,12 @@ mm_session_close(Session *s)
+@@ -1427,6 +1430,12 @@ mm_session_close(Session *s)
 		debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ptyfd);
 		session_pty_cleanup2(s);
 	}
@ -353,7 +353,7 @@ diff -up openssh-5.9p0/monitor.c.audit1 openssh-5.9p0/monitor.c
 	session_unused(s->self);
 }
-@@ -1720,11 +1729,44 @@ mm_answer_audit_command(int socket, Buff
+@@ -1751,11 +1760,44 @@ mm_answer_audit_command(int socket, Buff
 {
 	u_int len;
 	char *cmd;
@ -399,9 +399,9 @@ diff -up openssh-5.9p0/monitor.c.audit1 openssh-5.9p0/monitor.c
 	xfree(cmd);
 	return (0);
 }
-diff -up openssh-5.9p0/monitor.h.audit1 openssh-5.9p0/monitor.h
+diff -up openssh-6.0p1/monitor.h.audit1 openssh-6.0p1/monitor.h
--- openssh-5.9p0/monitor.h.audit1	2011-06-20 06:42:23.000000000 +0200
+--- openssh-6.0p1/monitor.h.audit1	2011-06-20 06:42:23.000000000 +0200
-+++ openssh-5.9p0/monitor.h	2011-08-30 10:46:58.392112520 +0200
+++ openssh-6.0p1/monitor.h	2012-08-06 20:33:24.418382797 +0200
@@ -60,6 +60,7 @@ enum monitor_reqtype {
 	MONITOR_REQ_PAM_RESPOND, MONITOR_ANS_PAM_RESPOND,
 	MONITOR_REQ_PAM_FREE_CTX, MONITOR_ANS_PAM_FREE_CTX,
@ -410,9 +410,9 @@ diff -up openssh-5.9p0/monitor.h.audit1 openssh-5.9p0/monitor.h
 	MONITOR_REQ_TERM,
 	MONITOR_REQ_JPAKE_STEP1, MONITOR_ANS_JPAKE_STEP1,
 	MONITOR_REQ_JPAKE_GET_PWDATA, MONITOR_ANS_JPAKE_GET_PWDATA,
-diff -up openssh-5.9p0/monitor_wrap.c.audit1 openssh-5.9p0/monitor_wrap.c
+diff -up openssh-6.0p1/monitor_wrap.c.audit1 openssh-6.0p1/monitor_wrap.c
--- openssh-5.9p0/monitor_wrap.c.audit1	2011-06-20 06:42:23.000000000 +0200
+--- openssh-6.0p1/monitor_wrap.c.audit1	2012-08-06 20:33:24.384382930 +0200
-+++ openssh-5.9p0/monitor_wrap.c	2011-08-30 10:46:58.505031574 +0200
+++ openssh-6.0p1/monitor_wrap.c	2012-08-06 20:33:24.419382793 +0200
@@ -1188,10 +1188,11 @@ mm_audit_event(ssh_audit_event_t event)
 	buffer_free(&m);
 }
@ -453,9 +453,9 @@ diff -up openssh-5.9p0/monitor_wrap.c.audit1 openssh-5.9p0/monitor_wrap.c
 	buffer_free(&m);
 }
 #endif /* SSH_AUDIT_EVENTS */
-diff -up openssh-5.9p0/monitor_wrap.h.audit1 openssh-5.9p0/monitor_wrap.h
+diff -up openssh-6.0p1/monitor_wrap.h.audit1 openssh-6.0p1/monitor_wrap.h
--- openssh-5.9p0/monitor_wrap.h.audit1	2011-06-20 06:42:23.000000000 +0200
+--- openssh-6.0p1/monitor_wrap.h.audit1	2011-06-20 06:42:23.000000000 +0200
-+++ openssh-5.9p0/monitor_wrap.h	2011-08-30 10:46:58.616212835 +0200
+++ openssh-6.0p1/monitor_wrap.h	2012-08-06 20:33:24.419382793 +0200
@@ -74,7 +74,8 @@ void mm_sshpam_free_ctx(void *);
 #ifdef SSH_AUDIT_EVENTS
 #include "audit.h"
@ -466,9 +466,9 @@ diff -up openssh-5.9p0/monitor_wrap.h.audit1 openssh-5.9p0/monitor_wrap.h
 #endif
 struct Session;
-diff -up openssh-5.9p0/session.c.audit1 openssh-5.9p0/session.c
+diff -up openssh-6.0p1/session.c.audit1 openssh-6.0p1/session.c
--- openssh-5.9p0/session.c.audit1	2011-05-20 03:23:10.000000000 +0200
+--- openssh-6.0p1/session.c.audit1	2011-11-04 00:55:24.000000000 +0100
-+++ openssh-5.9p0/session.c	2011-08-30 10:46:58.756024849 +0200
+++ openssh-6.0p1/session.c	2012-08-06 20:33:24.420382789 +0200
@@ -742,6 +742,14 @@ do_exec_pty(Session *s, const char *comm
 	/* Parent.  Close the slave side of the pseudo tty. */
 	close(ttyfd);
@ -599,9 +599,9 @@ diff -up openssh-5.9p0/session.c.audit1 openssh-5.9p0/session.c
 -		session_destroy_all(session_pty_cleanup2);
 +		session_destroy_all(do_cleanup_one_session);
 }
-diff -up openssh-5.9p0/session.h.audit1 openssh-5.9p0/session.h
+diff -up openssh-6.0p1/session.h.audit1 openssh-6.0p1/session.h
--- openssh-5.9p0/session.h.audit1	2008-05-19 07:34:50.000000000 +0200
+--- openssh-6.0p1/session.h.audit1	2008-05-19 07:34:50.000000000 +0200
-+++ openssh-5.9p0/session.h	2011-08-30 10:46:58.884024597 +0200
+++ openssh-6.0p1/session.h	2012-08-06 20:33:24.420382789 +0200
@@ -60,6 +60,12 @@ struct Session {
 		char	*name;
 		char	*val;
@ -626,11 +626,11 @@ diff -up openssh-5.9p0/session.h.audit1 openssh-5.9p0/session.h
 Session	*session_by_tty(char *);
 void	 session_close(Session *);
 void	 do_setusercontext(struct passwd *);
-diff -up openssh-5.9p0/sshd.c.audit1 openssh-5.9p0/sshd.c
+diff -up openssh-6.0p1/sshd.c.audit1 openssh-6.0p1/sshd.c
--- openssh-5.9p0/sshd.c.audit1	2011-06-23 11:45:51.000000000 +0200
+--- openssh-6.0p1/sshd.c.audit1	2012-08-06 20:33:24.392382898 +0200
-+++ openssh-5.9p0/sshd.c	2011-08-30 10:46:59.009025421 +0200
+++ openssh-6.0p1/sshd.c	2012-08-06 20:33:24.421382785 +0200
-@@ -2364,7 +2364,8 @@ cleanup_exit(int i)
+@@ -2381,7 +2381,8 @@ cleanup_exit(int i)
- 		do_cleanup(the_authctxt);
+ 	}
 #ifdef SSH_AUDIT_EVENTS
 	/* done after do_cleanup so it can cancel the PAM auth 'thread' */
 -	if (!use_privsep || mm_is_monitor())
--- a/openssh-6.0p1-audit4.patch
+++ b/openssh-6.0p1-audit4.patch
@ -1,7 +1,7 @@
-diff -up openssh-5.9p1/audit-bsm.c.audit4 openssh-5.9p1/audit-bsm.c
+diff -up openssh-6.0p1/audit-bsm.c.audit4 openssh-6.0p1/audit-bsm.c
--- openssh-5.9p1/audit-bsm.c.audit4	2012-07-27 14:27:56.149474798 +0200
+--- openssh-6.0p1/audit-bsm.c.audit4	2012-08-06 20:35:56.306789054 +0200
-+++ openssh-5.9p1/audit-bsm.c	2012-07-27 14:27:56.164474882 +0200
+++ openssh-6.0p1/audit-bsm.c	2012-08-06 20:35:56.314789022 +0200
-@@ -408,4 +408,10 @@ audit_kex_body(int ctos, char *enc, char
+@@ -485,4 +485,10 @@ audit_kex_body(int ctos, char *enc, char
 {
 	/* not implemented */
 }
@ -12,9 +12,9 @@ diff -up openssh-5.9p1/audit-bsm.c.audit4 openssh-5.9p1/audit-bsm.c
 +	/* not implemented */
 +}
 #endif /* BSM */
-diff -up openssh-5.9p1/audit.c.audit4 openssh-5.9p1/audit.c
+diff -up openssh-6.0p1/audit.c.audit4 openssh-6.0p1/audit.c
--- openssh-5.9p1/audit.c.audit4	2012-07-27 14:27:56.150474804 +0200
+--- openssh-6.0p1/audit.c.audit4	2012-08-06 20:35:56.307789050 +0200
-+++ openssh-5.9p1/audit.c	2012-07-27 14:27:56.165474888 +0200
+++ openssh-6.0p1/audit.c	2012-08-06 20:35:56.315789018 +0200
@@ -143,6 +143,12 @@ audit_kex(int ctos, char *enc, char *mac
 	PRIVSEP(audit_kex_body(ctos, enc, mac, comp, getpid(), getuid()));
 }
@ -44,9 +44,9 @@ diff -up openssh-5.9p1/audit.c.audit4 openssh-5.9p1/audit.c
 +}
 # endif  /* !defined CUSTOM_SSH_AUDIT_EVENTS */
 #endif /* SSH_AUDIT_EVENTS */
-diff -up openssh-5.9p1/audit.h.audit4 openssh-5.9p1/audit.h
+diff -up openssh-6.0p1/audit.h.audit4 openssh-6.0p1/audit.h
--- openssh-5.9p1/audit.h.audit4	2012-07-27 14:27:56.151474810 +0200
+--- openssh-6.0p1/audit.h.audit4	2012-08-06 20:35:56.308789046 +0200
-+++ openssh-5.9p1/audit.h	2012-07-27 14:27:56.165474888 +0200
+++ openssh-6.0p1/audit.h	2012-08-06 20:35:56.315789018 +0200
@@ -62,5 +62,7 @@ void	audit_unsupported(int);
 void	audit_kex(int, char *, char *, char *);
 void	audit_unsupported_body(int);
@ -55,9 +55,9 @@ diff -up openssh-5.9p1/audit.h.audit4 openssh-5.9p1/audit.h
 +void	audit_session_key_free_body(int ctos, pid_t, uid_t);
 #endif /* _SSH_AUDIT_H */
-diff -up openssh-5.9p1/audit-linux.c.audit4 openssh-5.9p1/audit-linux.c
+diff -up openssh-6.0p1/audit-linux.c.audit4 openssh-6.0p1/audit-linux.c
--- openssh-5.9p1/audit-linux.c.audit4	2012-07-27 14:27:56.149474798 +0200
+--- openssh-6.0p1/audit-linux.c.audit4	2012-08-06 20:35:56.307789050 +0200
-+++ openssh-5.9p1/audit-linux.c	2012-07-27 14:27:56.166474894 +0200
+++ openssh-6.0p1/audit-linux.c	2012-08-06 20:35:56.315789018 +0200
@@ -294,6 +294,8 @@ audit_unsupported_body(int what)
 #endif
 }
@ -108,9 +108,9 @@ diff -up openssh-5.9p1/audit-linux.c.audit4 openssh-5.9p1/audit-linux.c
 +}
 +
 #endif /* USE_LINUX_AUDIT */
-diff -up openssh-5.9p1/auditstub.c.audit4 openssh-5.9p1/auditstub.c
+diff -up openssh-6.0p1/auditstub.c.audit4 openssh-6.0p1/auditstub.c
--- openssh-5.9p1/auditstub.c.audit4	2012-07-27 14:27:56.151474810 +0200
+--- openssh-6.0p1/auditstub.c.audit4	2012-08-06 20:35:56.308789046 +0200
-+++ openssh-5.9p1/auditstub.c	2012-07-27 14:27:56.166474894 +0200
+++ openssh-6.0p1/auditstub.c	2012-08-06 20:35:56.316789015 +0200
@@ -27,6 +27,8 @@
  * Red Hat author: Jan F. Chadima <jchadima@redhat.com>
  */
@ -133,9 +133,9 @@ diff -up openssh-5.9p1/auditstub.c.audit4 openssh-5.9p1/auditstub.c
 +audit_session_key_free_body(int ctos, pid_t pid, uid_t uid)
 +{
 +}
-diff -up openssh-5.9p1/kex.c.audit4 openssh-5.9p1/kex.c
+diff -up openssh-6.0p1/kex.c.audit4 openssh-6.0p1/kex.c
--- openssh-5.9p1/kex.c.audit4	2012-07-27 14:27:56.153474822 +0200
+--- openssh-6.0p1/kex.c.audit4	2012-08-06 20:35:56.309789042 +0200
-+++ openssh-5.9p1/kex.c	2012-07-27 14:27:56.167474900 +0200
+++ openssh-6.0p1/kex.c	2012-08-06 20:35:56.317789011 +0200
@@ -624,3 +624,34 @@ dump_digest(char *msg, u_char *digest, i
 	fprintf(stderr, "\n");
 }
@ -171,9 +171,9 @@ diff -up openssh-5.9p1/kex.c.audit4 openssh-5.9p1/kex.c
 +	memset(&newkeys->comp, 0, sizeof(newkeys->comp));
 +}
 +
-diff -up openssh-5.9p1/kex.h.audit4 openssh-5.9p1/kex.h
+diff -up openssh-6.0p1/kex.h.audit4 openssh-6.0p1/kex.h
--- openssh-5.9p1/kex.h.audit4	2010-09-24 14:11:14.000000000 +0200
+--- openssh-6.0p1/kex.h.audit4	2010-09-24 14:11:14.000000000 +0200
-+++ openssh-5.9p1/kex.h	2012-07-27 14:27:56.168474905 +0200
+++ openssh-6.0p1/kex.h	2012-08-06 20:35:56.317789011 +0200
@@ -156,6 +156,8 @@ void	 kexgex_server(Kex *);
 void	 kexecdh_client(Kex *);
 void	 kexecdh_server(Kex *);
@ -183,10 +183,10 @@ diff -up openssh-5.9p1/kex.h.audit4 openssh-5.9p1/kex.h
 void
 kex_dh_hash(char *, char *, char *, int, char *, int, u_char *, int,
     BIGNUM *, BIGNUM *, BIGNUM *, u_char **, u_int *);
-diff -up openssh-5.9p1/mac.c.audit4 openssh-5.9p1/mac.c
+diff -up openssh-6.0p1/mac.c.audit4 openssh-6.0p1/mac.c
--- openssh-5.9p1/mac.c.audit4	2011-08-17 02:29:03.000000000 +0200
+--- openssh-6.0p1/mac.c.audit4	2012-01-17 04:03:38.000000000 +0100
-+++ openssh-5.9p1/mac.c	2012-07-27 14:27:56.168474905 +0200
+++ openssh-6.0p1/mac.c	2012-08-06 20:35:56.318789007 +0200
-@@ -168,6 +168,20 @@ mac_clear(Mac *mac)
+@@ -171,6 +171,20 @@ mac_clear(Mac *mac)
 	mac->umac_ctx = NULL;
 }
@ -207,17 +207,17 @@ diff -up openssh-5.9p1/mac.c.audit4 openssh-5.9p1/mac.c
 /* XXX copied from ciphers_valid */
 #define	MAC_SEP	","
 int
-diff -up openssh-5.9p1/mac.h.audit4 openssh-5.9p1/mac.h
+diff -up openssh-6.0p1/mac.h.audit4 openssh-6.0p1/mac.h
--- openssh-5.9p1/mac.h.audit4	2007-06-11 06:01:42.000000000 +0200
+--- openssh-6.0p1/mac.h.audit4	2007-06-11 06:01:42.000000000 +0200
-+++ openssh-5.9p1/mac.h	2012-07-27 14:27:56.169474910 +0200
+++ openssh-6.0p1/mac.h	2012-08-06 20:35:56.318789007 +0200
@@ -28,3 +28,4 @@ int	 mac_setup(Mac *, char *);
 int	 mac_init(Mac *);
 u_char	*mac_compute(Mac *, u_int32_t, u_char *, int);
 void	 mac_clear(Mac *);
 +void	 mac_destroy(Mac *);
-diff -up openssh-5.9p1/monitor.c.audit4 openssh-5.9p1/monitor.c
+diff -up openssh-6.0p1/monitor.c.audit4 openssh-6.0p1/monitor.c
--- openssh-5.9p1/monitor.c.audit4	2012-07-27 14:27:56.154474827 +0200
+--- openssh-6.0p1/monitor.c.audit4	2012-08-06 20:35:56.310789038 +0200
-+++ openssh-5.9p1/monitor.c	2012-07-27 14:31:20.311655098 +0200
+++ openssh-6.0p1/monitor.c	2012-08-06 20:35:56.319789003 +0200
@@ -189,6 +189,7 @@ int mm_answer_audit_command(int, Buffer
 int mm_answer_audit_end_command(int, Buffer *);
 int mm_answer_audit_unsupported_body(int, Buffer *);
@ -269,7 +269,7 @@ diff -up openssh-5.9p1/monitor.c.audit4 openssh-5.9p1/monitor.c
 	if (!authctxt->valid)
 		fatal("%s: authenticated invalid user", __func__);
 	if (strcmp(auth_method, "unknown") == 0)
-@@ -1952,11 +1953,13 @@ mm_get_keystate(struct monitor *pmonitor
+@@ -1953,11 +1954,13 @@ mm_get_keystate(struct monitor *pmonitor
 	blob = buffer_get_string(&m, &bloblen);
 	current_keys[MODE_OUT] = mm_newkeys_from_blob(blob, bloblen);
@ -283,7 +283,7 @@ diff -up openssh-5.9p1/monitor.c.audit4 openssh-5.9p1/monitor.c
 	xfree(blob);
 	/* Now get sequence numbers for the packets */
-@@ -2002,6 +2005,21 @@ mm_get_keystate(struct monitor *pmonitor
+@@ -2003,6 +2006,21 @@ mm_get_keystate(struct monitor *pmonitor
 	}
 	buffer_free(&m);
@ -305,7 +305,7 @@ diff -up openssh-5.9p1/monitor.c.audit4 openssh-5.9p1/monitor.c
 }
-@@ -2448,4 +2466,22 @@ mm_answer_audit_kex_body(int sock, Buffe
+@@ -2449,4 +2467,22 @@ mm_answer_audit_kex_body(int sock, Buffe
 	return 0;
 }
@ -328,9 +328,9 @@ diff -up openssh-5.9p1/monitor.c.audit4 openssh-5.9p1/monitor.c
 +	return 0;
 +}
 #endif /* SSH_AUDIT_EVENTS */
-diff -up openssh-5.9p1/monitor.h.audit4 openssh-5.9p1/monitor.h
+diff -up openssh-6.0p1/monitor.h.audit4 openssh-6.0p1/monitor.h
--- openssh-5.9p1/monitor.h.audit4	2012-07-27 14:27:56.155474832 +0200
+--- openssh-6.0p1/monitor.h.audit4	2012-08-06 20:35:56.310789038 +0200
-+++ openssh-5.9p1/monitor.h	2012-07-27 14:27:56.171474920 +0200
+++ openssh-6.0p1/monitor.h	2012-08-06 20:35:56.319789003 +0200
@@ -63,6 +63,7 @@ enum monitor_reqtype {
 	MONITOR_ANS_AUDIT_COMMAND, MONITOR_REQ_AUDIT_END_COMMAND,
 	MONITOR_REQ_AUDIT_UNSUPPORTED, MONITOR_ANS_AUDIT_UNSUPPORTED,
@ -339,9 +339,9 @@ diff -up openssh-5.9p1/monitor.h.audit4 openssh-5.9p1/monitor.h
 	MONITOR_REQ_TERM,
 	MONITOR_REQ_JPAKE_STEP1, MONITOR_ANS_JPAKE_STEP1,
 	MONITOR_REQ_JPAKE_GET_PWDATA, MONITOR_ANS_JPAKE_GET_PWDATA,
-diff -up openssh-5.9p1/monitor_wrap.c.audit4 openssh-5.9p1/monitor_wrap.c
+diff -up openssh-6.0p1/monitor_wrap.c.audit4 openssh-6.0p1/monitor_wrap.c
--- openssh-5.9p1/monitor_wrap.c.audit4	2012-07-27 14:27:56.156474837 +0200
+--- openssh-6.0p1/monitor_wrap.c.audit4	2012-08-06 20:35:56.311789034 +0200
-+++ openssh-5.9p1/monitor_wrap.c	2012-07-27 14:27:56.172474926 +0200
+++ openssh-6.0p1/monitor_wrap.c	2012-08-06 20:35:56.320788999 +0200
@@ -653,12 +653,14 @@ mm_send_keystate(struct monitor *monitor
 		fatal("%s: conversion of newkeys failed", __func__);
@ -377,9 +377,9 @@ diff -up openssh-5.9p1/monitor_wrap.c.audit4 openssh-5.9p1/monitor_wrap.c
 +	buffer_free(&m);
 +}
 #endif /* SSH_AUDIT_EVENTS */
-diff -up openssh-5.9p1/monitor_wrap.h.audit4 openssh-5.9p1/monitor_wrap.h
+diff -up openssh-6.0p1/monitor_wrap.h.audit4 openssh-6.0p1/monitor_wrap.h
--- openssh-5.9p1/monitor_wrap.h.audit4	2012-07-27 14:27:56.157474843 +0200
+--- openssh-6.0p1/monitor_wrap.h.audit4	2012-08-06 20:35:56.311789034 +0200
-+++ openssh-5.9p1/monitor_wrap.h	2012-07-27 14:27:56.173474932 +0200
+++ openssh-6.0p1/monitor_wrap.h	2012-08-06 20:35:56.320788999 +0200
@@ -79,6 +79,7 @@ int mm_audit_run_command(const char *);
 void mm_audit_end_command(int, const char *);
 void mm_audit_unsupported_body(int);
@ -388,9 +388,9 @@ diff -up openssh-5.9p1/monitor_wrap.h.audit4 openssh-5.9p1/monitor_wrap.h
 #endif
 struct Session;
-diff -up openssh-5.9p1/packet.c.audit4 openssh-5.9p1/packet.c
+diff -up openssh-6.0p1/packet.c.audit4 openssh-6.0p1/packet.c
--- openssh-5.9p1/packet.c.audit4	2012-07-27 14:27:56.099474520 +0200
+--- openssh-6.0p1/packet.c.audit4	2012-08-06 20:35:56.282789147 +0200
-+++ openssh-5.9p1/packet.c	2012-07-27 14:27:56.174474938 +0200
+++ openssh-6.0p1/packet.c	2012-08-06 20:35:56.321788995 +0200
@@ -60,6 +60,7 @@
 #include <signal.h>
@ -399,7 +399,7 @@ diff -up openssh-5.9p1/packet.c.audit4 openssh-5.9p1/packet.c
 #include "buffer.h"
 #include "packet.h"
 #include "crc32.h"
-@@ -472,6 +473,13 @@ packet_get_connection_out(void)
+@@ -470,6 +471,13 @@ packet_get_connection_out(void)
 	return active_state->connection_out;
 }
@ -413,7 +413,7 @@ diff -up openssh-5.9p1/packet.c.audit4 openssh-5.9p1/packet.c
 /* Closes the connection and clears and frees internal data structures. */
 void
-@@ -480,13 +488,6 @@ packet_close(void)
+@@ -478,13 +486,6 @@ packet_close(void)
 	if (!active_state->initialized)
 		return;
 	active_state->initialized = 0;
@ -427,7 +427,7 @@ diff -up openssh-5.9p1/packet.c.audit4 openssh-5.9p1/packet.c
 	buffer_free(&active_state->input);
 	buffer_free(&active_state->output);
 	buffer_free(&active_state->outgoing_packet);
-@@ -495,8 +496,18 @@ packet_close(void)
+@@ -493,8 +494,18 @@ packet_close(void)
 		buffer_free(&active_state->compression_buffer);
 		buffer_compress_uninit();
 	}
@ -448,7 +448,7 @@ diff -up openssh-5.9p1/packet.c.audit4 openssh-5.9p1/packet.c
 }
 /* Sets remote side protocol flags. */
-@@ -731,6 +742,23 @@ packet_send1(void)
+@@ -729,6 +740,23 @@ packet_send1(void)
 	 */
 }
@ -472,7 +472,7 @@ diff -up openssh-5.9p1/packet.c.audit4 openssh-5.9p1/packet.c
 void
 set_newkeys(int mode)
 {
-@@ -756,18 +784,9 @@ set_newkeys(int mode)
+@@ -754,18 +782,9 @@ set_newkeys(int mode)
 	}
 	if (active_state->newkeys[mode] != NULL) {
 		debug("set_newkeys: rekeying");
@ -493,7 +493,7 @@ diff -up openssh-5.9p1/packet.c.audit4 openssh-5.9p1/packet.c
 	}
 	active_state->newkeys[mode] = kex_get_newkeys(mode);
 	if (active_state->newkeys[mode] == NULL)
-@@ -1927,6 +1946,47 @@ packet_get_newkeys(int mode)
+@@ -1921,6 +1940,47 @@ packet_get_newkeys(int mode)
 	return (void *)active_state->newkeys[mode];
 }
@ -541,7 +541,7 @@ diff -up openssh-5.9p1/packet.c.audit4 openssh-5.9p1/packet.c
 /*
  * Save the state for the real connection, and use a separate state when
  * resuming a suspended connection.
-@@ -1934,18 +1994,12 @@ packet_get_newkeys(int mode)
+@@ -1928,18 +1988,12 @@ packet_get_newkeys(int mode)
 void
 packet_backup_state(void)
 {
@ -561,7 +561,7 @@ diff -up openssh-5.9p1/packet.c.audit4 openssh-5.9p1/packet.c
 }
 /*
-@@ -1962,9 +2016,7 @@ packet_restore_state(void)
+@@ -1956,9 +2010,7 @@ packet_restore_state(void)
 	backup_state = active_state;
 	active_state = tmp;
 	active_state->connection_in = backup_state->connection_in;
@ -571,7 +571,7 @@ diff -up openssh-5.9p1/packet.c.audit4 openssh-5.9p1/packet.c
 	len = buffer_len(&backup_state->input);
 	if (len > 0) {
 		buf = buffer_ptr(&backup_state->input);
-@@ -1972,4 +2024,10 @@ packet_restore_state(void)
+@@ -1966,4 +2018,10 @@ packet_restore_state(void)
 		buffer_clear(&backup_state->input);
 		add_recv_bytes(len);
 	}
@ -582,18 +582,18 @@ diff -up openssh-5.9p1/packet.c.audit4 openssh-5.9p1/packet.c
 +	backup_state = NULL;
 }
 +
-diff -up openssh-5.9p1/packet.h.audit4 openssh-5.9p1/packet.h
+diff -up openssh-6.0p1/packet.h.audit4 openssh-6.0p1/packet.h
--- openssh-5.9p1/packet.h.audit4	2011-05-15 00:43:13.000000000 +0200
+--- openssh-6.0p1/packet.h.audit4	2012-02-10 22:19:21.000000000 +0100
-+++ openssh-5.9p1/packet.h	2012-07-27 14:27:56.175474944 +0200
+++ openssh-6.0p1/packet.h	2012-08-06 20:35:56.321788995 +0200
-@@ -124,4 +124,5 @@ void	 packet_restore_state(void);
+@@ -123,4 +123,5 @@ void	 packet_restore_state(void);
 void	*packet_get_input(void);
 void	*packet_get_output(void);
 +void	 packet_destroy_all(int, int);
 #endif				/* PACKET_H */
-diff -up openssh-5.9p1/session.c.audit4 openssh-5.9p1/session.c
+diff -up openssh-6.0p1/session.c.audit4 openssh-6.0p1/session.c
--- openssh-5.9p1/session.c.audit4	2012-07-27 14:27:56.130474693 +0200
+--- openssh-6.0p1/session.c.audit4	2012-08-06 20:35:56.296789093 +0200
-+++ openssh-5.9p1/session.c	2012-07-27 14:27:56.176474950 +0200
+++ openssh-6.0p1/session.c	2012-08-06 20:35:56.322788991 +0200
@@ -1634,6 +1634,9 @@ do_child(Session *s, const char *command
 	/* remove hostkey from the child's memory */
@ -604,10 +604,10 @@ diff -up openssh-5.9p1/session.c.audit4 openssh-5.9p1/session.c
 	/* Force a password change */
 	if (s->authctxt->force_pwchange) {
-diff -up openssh-5.9p1/sshd.c.audit4 openssh-5.9p1/sshd.c
+diff -up openssh-6.0p1/sshd.c.audit4 openssh-6.0p1/sshd.c
--- openssh-5.9p1/sshd.c.audit4	2012-07-27 14:27:56.159474855 +0200
+--- openssh-6.0p1/sshd.c.audit4	2012-08-06 20:35:56.312789030 +0200
-+++ openssh-5.9p1/sshd.c	2012-07-27 14:27:56.178474961 +0200
+++ openssh-6.0p1/sshd.c	2012-08-06 20:35:56.323788987 +0200
-@@ -686,6 +686,8 @@ privsep_preauth(Authctxt *authctxt)
+@@ -690,6 +690,8 @@ privsep_preauth(Authctxt *authctxt)
 	}
 }
@ -616,7 +616,7 @@ diff -up openssh-5.9p1/sshd.c.audit4 openssh-5.9p1/sshd.c
 static void
 privsep_postauth(Authctxt *authctxt)
 {
-@@ -710,6 +712,10 @@ privsep_postauth(Authctxt *authctxt)
+@@ -714,6 +716,10 @@ privsep_postauth(Authctxt *authctxt)
 	else if (pmonitor->m_pid != 0) {
 		verbose("User child is on pid %ld", (long)pmonitor->m_pid);
 		buffer_clear(&loginmsg);
@ -627,7 +627,7 @@ diff -up openssh-5.9p1/sshd.c.audit4 openssh-5.9p1/sshd.c
 		monitor_child_postauth(pmonitor);
 		/* NEVERREACHED */
-@@ -2001,6 +2007,7 @@ main(int ac, char **av)
+@@ -2005,6 +2011,7 @@ main(int ac, char **av)
 	 */
 	if (use_privsep) {
 		mm_send_keystate(pmonitor);
@ -635,7 +635,7 @@ diff -up openssh-5.9p1/sshd.c.audit4 openssh-5.9p1/sshd.c
 		exit(0);
 	}
-@@ -2053,6 +2060,8 @@ main(int ac, char **av)
+@@ -2057,6 +2064,8 @@ main(int ac, char **av)
 	do_authenticated(authctxt);
 	/* The connection has been terminated. */
@ -644,7 +644,7 @@ diff -up openssh-5.9p1/sshd.c.audit4 openssh-5.9p1/sshd.c
 	packet_get_state(MODE_IN, NULL, NULL, NULL, &ibytes);
 	packet_get_state(MODE_OUT, NULL, NULL, NULL, &obytes);
 	verbose("Transferred: sent %llu, received %llu bytes",
-@@ -2370,8 +2379,20 @@ do_ssh2_kex(void)
+@@ -2374,6 +2383,16 @@ do_ssh2_kex(void)
 void
 cleanup_exit(int i)
 {
@ -658,8 +658,13 @@ diff -up openssh-5.9p1/sshd.c.audit4 openssh-5.9p1/sshd.c
 +		_exit(i);
 +	in_cleanup = 1;
 +
- 	if (the_authctxt)
+ 	if (the_authctxt) {
 		do_cleanup(the_authctxt);
 		if (use_privsep && privsep_is_preauth && pmonitor->m_pid > 1) {
@@ -2384,6 +2403,8 @@ cleanup_exit(int i)
 				    pmonitor->m_pid, strerror(errno));
 		}
 	}
 +	is_privsep_child = use_privsep && pmonitor != NULL && !mm_is_monitor();
 +	packet_destroy_all(1, is_privsep_child);
 #ifdef SSH_AUDIT_EVENTS
--- a/openssh-6.0p1-audit5.patch
+++ b/openssh-6.0p1-audit5.patch
@ -1,7 +1,7 @@
-diff -up openssh-5.9p1/audit-bsm.c.audit5 openssh-5.9p1/audit-bsm.c
+diff -up openssh-6.0p1/audit-bsm.c.audit5 openssh-6.0p1/audit-bsm.c
--- openssh-5.9p1/audit-bsm.c.audit5	2011-09-13 22:07:31.262575526 +0200
+--- openssh-6.0p1/audit-bsm.c.audit5	2012-08-06 20:37:50.036345216 +0200
-+++ openssh-5.9p1/audit-bsm.c	2011-09-13 22:07:33.268491813 +0200
+++ openssh-6.0p1/audit-bsm.c	2012-08-06 20:37:50.046345177 +0200
-@@ -414,4 +414,22 @@ audit_session_key_free_body(int ctos, pi
+@@ -491,4 +491,22 @@ audit_session_key_free_body(int ctos, pi
 {
 	/* not implemented */
 }
@ -24,10 +24,58 @@ diff -up openssh-5.9p1/audit-bsm.c.audit5 openssh-5.9p1/audit-bsm.c
 +	/* not implemented */
 +}
 #endif /* BSM */
-diff -up openssh-5.9p1/audit-linux.c.audit5 openssh-5.9p1/audit-linux.c
+diff -up openssh-6.0p1/audit.c.audit5 openssh-6.0p1/audit.c
--- openssh-5.9p1/audit-linux.c.audit5	2011-09-13 22:07:31.400584308 +0200
+--- openssh-6.0p1/audit.c.audit5	2012-08-06 20:37:50.036345216 +0200
-+++ openssh-5.9p1/audit-linux.c	2011-09-13 22:07:33.357460348 +0200
+++ openssh-6.0p1/audit.c	2012-08-06 20:37:50.047345173 +0200
-@@ -350,4 +350,50 @@ audit_session_key_free_body(int ctos, pi
+@@ -290,5 +290,24 @@ audit_session_key_free_body(int ctos, pi
 	debug("audit session key discard euid %u direction %d from pid %ld uid %u",
 		(unsigned)geteuid(), ctos, (long)pid, (unsigned)uid);
 }
 +
 +/*
 + * This will be called on destroy private part of the server key
 + */
 +void
 +audit_destroy_sensitive_data(const char *fp, pid_t pid, uid_t uid)
 +{
 +	debug("audit destroy sensitive data euid %d fingerprint %s from pid %ld uid %u",
 +		geteuid(), fp, (long)pid, (unsigned)uid);
 +}
 +
 +/*
 + * This will be called on generation of the ephemeral server key
 + */
 +void
 +audit_generate_ephemeral_server_key(const char *)
 +{
 +	debug("audit create ephemeral server key euid %d fingerprint %s", geteuid(), fp);
 +}
 # endif  /* !defined CUSTOM_SSH_AUDIT_EVENTS */
 #endif /* SSH_AUDIT_EVENTS */
 diff -up openssh-6.0p1/audit.h.audit5 openssh-6.0p1/audit.h
 --- openssh-6.0p1/audit.h.audit5	2012-08-06 20:37:50.037345212 +0200
 +++ openssh-6.0p1/audit.h	2012-08-06 20:37:50.047345173 +0200
@@ -48,6 +48,8 @@ enum ssh_audit_event_type {
 };
 typedef enum ssh_audit_event_type ssh_audit_event_t;
 +int	listening_for_clients(void);
 +
 void	audit_connection_from(const char *, int);
 void	audit_event(ssh_audit_event_t);
 void	audit_count_session_open(void);
@@ -64,5 +66,7 @@ void	audit_unsupported_body(int);
 void	audit_kex_body(int, char *, char *, char *, pid_t, uid_t);
 void	audit_session_key_free(int ctos);
 void	audit_session_key_free_body(int ctos, pid_t, uid_t);
 +void	audit_destroy_sensitive_data(const char *, pid_t, uid_t);
 +void	audit_generate_ephemeral_server_key(const char *);
 #endif /* _SSH_AUDIT_H */
 diff -up openssh-6.0p1/audit-linux.c.audit5 openssh-6.0p1/audit-linux.c
 --- openssh-6.0p1/audit-linux.c.audit5	2012-08-06 20:37:50.037345212 +0200
 +++ openssh-6.0p1/audit-linux.c	2012-08-06 20:37:50.046345177 +0200
@@ -356,4 +356,50 @@ audit_session_key_free_body(int ctos, pi
 		error("cannot write into audit");
 }
@ -78,58 +126,10 @@ diff -up openssh-5.9p1/audit-linux.c.audit5 openssh-5.9p1/audit-linux.c
 +		error("cannot write into audit");
 +}
 #endif /* USE_LINUX_AUDIT */
-diff -up openssh-5.9p1/audit.c.audit5 openssh-5.9p1/audit.c
+diff -up openssh-6.0p1/key.c.audit5 openssh-6.0p1/key.c
--- openssh-5.9p1/audit.c.audit5	2011-09-13 22:07:31.495458797 +0200
+--- openssh-6.0p1/key.c.audit5	2012-08-06 20:37:49.992345388 +0200
-+++ openssh-5.9p1/audit.c	2011-09-13 22:07:33.478458341 +0200
+++ openssh-6.0p1/key.c	2012-08-06 20:37:50.048345169 +0200
-@@ -290,5 +290,24 @@ audit_session_key_free_body(int ctos, pi
+@@ -1794,6 +1794,30 @@ key_demote(const Key *k)
 	debug("audit session key discard euid %u direction %d from pid %ld uid %u",
 		(unsigned)geteuid(), ctos, (long)pid, (unsigned)uid);
 }
 +
 +/*
 + * This will be called on destroy private part of the server key
 + */
 +void
 +audit_destroy_sensitive_data(const char *fp, pid_t pid, uid_t uid)
 +{
 +	debug("audit destroy sensitive data euid %d fingerprint %s from pid %ld uid %u",
 +		geteuid(), fp, (long)pid, (unsigned)uid);
 +}
 +
 +/*
 + * This will be called on generation of the ephemeral server key
 + */
 +void
 +audit_generate_ephemeral_server_key(const char *)
 +{
 +	debug("audit create ephemeral server key euid %d fingerprint %s", geteuid(), fp);
 +}
 # endif  /* !defined CUSTOM_SSH_AUDIT_EVENTS */
 #endif /* SSH_AUDIT_EVENTS */
 diff -up openssh-5.9p1/audit.h.audit5 openssh-5.9p1/audit.h
 --- openssh-5.9p1/audit.h.audit5	2011-09-13 22:07:31.616459125 +0200
 +++ openssh-5.9p1/audit.h	2011-09-13 22:07:33.612458074 +0200
@@ -48,6 +48,8 @@ enum ssh_audit_event_type {
 };
 typedef enum ssh_audit_event_type ssh_audit_event_t;
 +int	listening_for_clients(void);
 +
 void	audit_connection_from(const char *, int);
 void	audit_event(ssh_audit_event_t);
 void	audit_count_session_open(void);
@@ -64,5 +66,7 @@ void	audit_unsupported_body(int);
 void	audit_kex_body(int, char *, char *, char *, pid_t, uid_t);
 void	audit_session_key_free(int ctos);
 void	audit_session_key_free_body(int ctos, pid_t, uid_t);
 +void	audit_destroy_sensitive_data(const char *, pid_t, uid_t);
 +void	audit_generate_ephemeral_server_key(const char *);
 #endif /* _SSH_AUDIT_H */
 diff -up openssh-5.9p1/key.c.audit5 openssh-5.9p1/key.c
 --- openssh-5.9p1/key.c.audit5	2011-09-13 22:07:23.054490740 +0200
 +++ openssh-5.9p1/key.c	2011-09-13 22:07:33.721583661 +0200
@@ -1799,6 +1799,30 @@ key_demote(const Key *k)
 }
 int
@ -160,9 +160,9 @@ diff -up openssh-5.9p1/key.c.audit5 openssh-5.9p1/key.c
 key_is_cert(const Key *k)
 {
 	if (k == NULL)
-diff -up openssh-5.9p1/key.h.audit5 openssh-5.9p1/key.h
+diff -up openssh-6.0p1/key.h.audit5 openssh-6.0p1/key.h
--- openssh-5.9p1/key.h.audit5	2011-09-13 22:07:23.160459285 +0200
+--- openssh-6.0p1/key.h.audit5	2012-08-06 20:37:49.993345384 +0200
-+++ openssh-5.9p1/key.h	2011-09-13 22:07:33.847459341 +0200
+++ openssh-6.0p1/key.h	2012-08-06 20:37:50.049345165 +0200
@@ -109,6 +109,7 @@ Key	*key_generate(int, u_int);
 Key	*key_from_private(const Key *);
 int	 key_type_from_name(char *);
@ -171,9 +171,9 @@ diff -up openssh-5.9p1/key.h.audit5 openssh-5.9p1/key.h
 int	 key_type_plain(int);
 int	 key_to_certified(Key *, int);
 int	 key_drop_cert(Key *);
-diff -up openssh-5.9p1/monitor.c.audit5 openssh-5.9p1/monitor.c
+diff -up openssh-6.0p1/monitor.c.audit5 openssh-6.0p1/monitor.c
--- openssh-5.9p1/monitor.c.audit5	2011-09-13 22:07:32.285495537 +0200
+--- openssh-6.0p1/monitor.c.audit5	2012-08-06 20:37:50.040345200 +0200
-+++ openssh-5.9p1/monitor.c	2011-09-13 22:10:04.148554239 +0200
+++ openssh-6.0p1/monitor.c	2012-08-06 20:37:50.049345165 +0200
@@ -114,6 +114,8 @@ extern Buffer auth_debug;
 extern int auth_debug_init;
 extern Buffer loginmsg;
@ -183,7 +183,7 @@ diff -up openssh-5.9p1/monitor.c.audit5 openssh-5.9p1/monitor.c
 /* State exported from the child */
 struct {
-@@ -191,6 +193,7 @@ int mm_answer_audit_end_command(int, Buf
+@@ -190,6 +192,7 @@ int mm_answer_audit_end_command(int, Buf
 int mm_answer_audit_unsupported_body(int, Buffer *);
 int mm_answer_audit_kex_body(int, Buffer *);
 int mm_answer_audit_session_key_free_body(int, Buffer *);
@ -199,7 +199,7 @@ diff -up openssh-5.9p1/monitor.c.audit5 openssh-5.9p1/monitor.c
 #endif
 #ifdef BSD_AUTH
     {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery},
-@@ -285,6 +289,7 @@ struct mon_table mon_dispatch_postauth20
+@@ -284,6 +288,7 @@ struct mon_table mon_dispatch_postauth20
     {MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body},
     {MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body},
     {MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MON_PERMIT, mm_answer_audit_session_key_free_body},
@ -207,7 +207,7 @@ diff -up openssh-5.9p1/monitor.c.audit5 openssh-5.9p1/monitor.c
 #endif
     {0, 0, NULL}
 };
-@@ -319,6 +324,7 @@ struct mon_table mon_dispatch_proto15[]
+@@ -318,6 +323,7 @@ struct mon_table mon_dispatch_proto15[]
     {MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body},
     {MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body},
     {MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MON_PERMIT, mm_answer_audit_session_key_free_body},
@ -215,7 +215,7 @@ diff -up openssh-5.9p1/monitor.c.audit5 openssh-5.9p1/monitor.c
 #endif
     {0, 0, NULL}
 };
-@@ -334,6 +340,7 @@ struct mon_table mon_dispatch_postauth15
+@@ -333,6 +339,7 @@ struct mon_table mon_dispatch_postauth15
     {MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body},
     {MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body},
     {MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MON_PERMIT, mm_answer_audit_session_key_free_body},
@ -223,7 +223,7 @@ diff -up openssh-5.9p1/monitor.c.audit5 openssh-5.9p1/monitor.c
 #endif
     {0, 0, NULL}
 };
-@@ -1716,6 +1723,8 @@ mm_answer_term(int sock, Buffer *req)
+@@ -1744,6 +1751,8 @@ mm_answer_term(int sock, Buffer *req)
 		sshpam_cleanup();
 #endif
@ -232,7 +232,7 @@ diff -up openssh-5.9p1/monitor.c.audit5 openssh-5.9p1/monitor.c
 	while (waitpid(pmonitor->m_pid, &status, 0) == -1)
 		if (errno != EINTR)
 			exit(1);
-@@ -2470,4 +2479,25 @@ mm_answer_audit_session_key_free_body(in
+@@ -2485,4 +2494,25 @@ mm_answer_audit_session_key_free_body(in
 	mm_request_send(sock, MONITOR_ANS_AUDIT_SESSION_KEY_FREE, m);
 	return 0;
 }
@ -258,9 +258,9 @@ diff -up openssh-5.9p1/monitor.c.audit5 openssh-5.9p1/monitor.c
 +	return 0;
 +}
 #endif /* SSH_AUDIT_EVENTS */
-diff -up openssh-5.9p1/monitor.h.audit5 openssh-5.9p1/monitor.h
+diff -up openssh-6.0p1/monitor.h.audit5 openssh-6.0p1/monitor.h
--- openssh-5.9p1/monitor.h.audit5	2011-09-13 22:07:32.385522626 +0200
+--- openssh-6.0p1/monitor.h.audit5	2012-08-06 20:37:50.040345200 +0200
-+++ openssh-5.9p1/monitor.h	2011-09-13 22:07:34.098459356 +0200
+++ openssh-6.0p1/monitor.h	2012-08-06 20:37:50.050345161 +0200
@@ -64,6 +64,7 @@ enum monitor_reqtype {
 	MONITOR_REQ_AUDIT_UNSUPPORTED, MONITOR_ANS_AUDIT_UNSUPPORTED,
 	MONITOR_REQ_AUDIT_KEX, MONITOR_ANS_AUDIT_KEX,
@ -269,10 +269,10 @@ diff -up openssh-5.9p1/monitor.h.audit5 openssh-5.9p1/monitor.h
 	MONITOR_REQ_TERM,
 	MONITOR_REQ_JPAKE_STEP1, MONITOR_ANS_JPAKE_STEP1,
 	MONITOR_REQ_JPAKE_GET_PWDATA, MONITOR_ANS_JPAKE_GET_PWDATA,
-diff -up openssh-5.9p1/monitor_wrap.c.audit5 openssh-5.9p1/monitor_wrap.c
+diff -up openssh-6.0p1/monitor_wrap.c.audit5 openssh-6.0p1/monitor_wrap.c
--- openssh-5.9p1/monitor_wrap.c.audit5	2011-09-13 22:07:32.510521163 +0200
+--- openssh-6.0p1/monitor_wrap.c.audit5	2012-08-06 20:37:50.041345196 +0200
-+++ openssh-5.9p1/monitor_wrap.c	2011-09-13 22:07:34.610458275 +0200
+++ openssh-6.0p1/monitor_wrap.c	2012-08-06 20:37:50.050345161 +0200
-@@ -1559,4 +1559,20 @@ mm_audit_session_key_free_body(int ctos,
+@@ -1539,4 +1539,20 @@ mm_audit_session_key_free_body(int ctos,
 				  &m);
 	buffer_free(&m);
 }
@ -293,10 +293,10 @@ diff -up openssh-5.9p1/monitor_wrap.c.audit5 openssh-5.9p1/monitor_wrap.c
 +	buffer_free(&m);
 +}
 #endif /* SSH_AUDIT_EVENTS */
-diff -up openssh-5.9p1/monitor_wrap.h.audit5 openssh-5.9p1/monitor_wrap.h
+diff -up openssh-6.0p1/monitor_wrap.h.audit5 openssh-6.0p1/monitor_wrap.h
--- openssh-5.9p1/monitor_wrap.h.audit5	2011-09-13 22:07:32.607520810 +0200
+--- openssh-6.0p1/monitor_wrap.h.audit5	2012-08-06 20:37:50.041345196 +0200
-+++ openssh-5.9p1/monitor_wrap.h	2011-09-13 22:07:34.716458214 +0200
+++ openssh-6.0p1/monitor_wrap.h	2012-08-06 20:37:50.051345157 +0200
-@@ -81,6 +81,7 @@ void mm_audit_end_command(int, const cha
+@@ -80,6 +80,7 @@ void mm_audit_end_command(int, const cha
 void mm_audit_unsupported_body(int);
 void mm_audit_kex_body(int, char *, char *, char *, pid_t, uid_t);
 void mm_audit_session_key_free_body(int, pid_t, uid_t);
@ -304,9 +304,9 @@ diff -up openssh-5.9p1/monitor_wrap.h.audit5 openssh-5.9p1/monitor_wrap.h
 #endif
 struct Session;
-diff -up openssh-5.9p1/session.c.audit5 openssh-5.9p1/session.c
+diff -up openssh-6.0p1/session.c.audit5 openssh-6.0p1/session.c
--- openssh-5.9p1/session.c.audit5	2011-09-13 22:07:32.973544819 +0200
+--- openssh-6.0p1/session.c.audit5	2012-08-06 20:37:50.043345189 +0200
-+++ openssh-5.9p1/session.c	2011-09-13 22:07:34.849585578 +0200
+++ openssh-6.0p1/session.c	2012-08-06 20:37:50.052345153 +0200
@@ -136,7 +136,7 @@ extern int log_stderr;
 extern int debug_flag;
 extern u_int utmp_len;
@ -325,10 +325,10 @@ diff -up openssh-5.9p1/session.c.audit5 openssh-5.9p1/session.c
 	/* Don't audit this - both us and the parent would be talking to the
 	   monitor over a single socket, with no synchronization. */
 	packet_destroy_all(0, 1);
-diff -up openssh-5.9p1/sshd.c.audit5 openssh-5.9p1/sshd.c
+diff -up openssh-6.0p1/sshd.c.audit5 openssh-6.0p1/sshd.c
--- openssh-5.9p1/sshd.c.audit5	2011-09-13 22:07:33.106516378 +0200
+--- openssh-6.0p1/sshd.c.audit5	2012-08-06 20:37:50.044345185 +0200
-+++ openssh-5.9p1/sshd.c	2011-09-13 22:07:34.989470331 +0200
+++ openssh-6.0p1/sshd.c	2012-08-06 20:37:50.053345149 +0200
-@@ -254,7 +254,7 @@ Buffer loginmsg;
+@@ -255,7 +255,7 @@ Buffer loginmsg;
 struct passwd *privsep_pw = NULL;
 /* Prototypes for various functions defined later in this file. */
@ -337,7 +337,7 @@ diff -up openssh-5.9p1/sshd.c.audit5 openssh-5.9p1/sshd.c
 void demote_sensitive_data(void);
 static void do_ssh1_kex(void);
-@@ -273,6 +273,15 @@ close_listen_socks(void)
+@@ -274,6 +274,15 @@ close_listen_socks(void)
 	num_listen_socks = -1;
 }
@ -353,7 +353,7 @@ diff -up openssh-5.9p1/sshd.c.audit5 openssh-5.9p1/sshd.c
 static void
 close_startup_pipes(void)
 {
-@@ -533,22 +542,47 @@ sshd_exchange_identification(int sock_in
+@@ -534,22 +543,47 @@ sshd_exchange_identification(int sock_in
 	}
 }
@ -404,7 +404,7 @@ diff -up openssh-5.9p1/sshd.c.audit5 openssh-5.9p1/sshd.c
 			key_free(sensitive_data.host_certificates[i]);
 			sensitive_data.host_certificates[i] = NULL;
 		}
-@@ -562,6 +596,8 @@ void
+@@ -563,6 +597,8 @@ void
 demote_sensitive_data(void)
 {
 	Key *tmp;
@ -413,7 +413,7 @@ diff -up openssh-5.9p1/sshd.c.audit5 openssh-5.9p1/sshd.c
 	int i;
 	if (sensitive_data.server_key) {
-@@ -570,13 +606,27 @@ demote_sensitive_data(void)
+@@ -571,13 +607,27 @@ demote_sensitive_data(void)
 		sensitive_data.server_key = tmp;
 	}
@ -441,7 +441,7 @@ diff -up openssh-5.9p1/sshd.c.audit5 openssh-5.9p1/sshd.c
 		}
 		/* Certs do not need demotion */
 	}
-@@ -1145,6 +1195,7 @@ server_accept_loop(int *sock_in, int *so
+@@ -1149,6 +1199,7 @@ server_accept_loop(int *sock_in, int *so
 		if (received_sigterm) {
 			logit("Received signal %d; terminating.",
 			    (int) received_sigterm);
@ -449,7 +449,7 @@ diff -up openssh-5.9p1/sshd.c.audit5 openssh-5.9p1/sshd.c
 			close_listen_socks();
 			unlink(options.pid_file);
 			exit(received_sigterm == SIGTERM ? 0 : 255);
-@@ -2050,7 +2101,7 @@ main(int ac, char **av)
+@@ -2054,7 +2105,7 @@ main(int ac, char **av)
 		privsep_postauth(authctxt);
 		/* the monitor process [priv] will not return */
 		if (!compat20)
@ -458,7 +458,7 @@ diff -up openssh-5.9p1/sshd.c.audit5 openssh-5.9p1/sshd.c
 	}
 	packet_set_timeout(options.client_alive_interval,
-@@ -2061,6 +2112,7 @@ main(int ac, char **av)
+@@ -2065,6 +2116,7 @@ main(int ac, char **av)
 	/* The connection has been terminated. */
 	packet_destroy_all(1, 1);
@ -466,7 +466,7 @@ diff -up openssh-5.9p1/sshd.c.audit5 openssh-5.9p1/sshd.c
 	packet_get_state(MODE_IN, NULL, NULL, NULL, &ibytes);
 	packet_get_state(MODE_OUT, NULL, NULL, NULL, &obytes);
-@@ -2289,7 +2341,7 @@ do_ssh1_kex(void)
+@@ -2293,7 +2345,7 @@ do_ssh1_kex(void)
 			session_id[i] = session_key[i] ^ session_key[i + 16];
 	}
 	/* Destroy the private and public keys. No longer. */
@ -475,9 +475,9 @@ diff -up openssh-5.9p1/sshd.c.audit5 openssh-5.9p1/sshd.c
 	if (use_privsep)
 		mm_ssh1_session_id(session_id);
-@@ -2392,6 +2444,8 @@ cleanup_exit(int i)
+@@ -2404,6 +2456,8 @@ cleanup_exit(int i)
- 	if (the_authctxt)
+ 		}
- 		do_cleanup(the_authctxt);
+ 	}
 	is_privsep_child = use_privsep && pmonitor != NULL && !mm_is_monitor();
 +	if (sensitive_data.host_keys != NULL)
 +		destroy_sensitive_data(is_privsep_child);
--- a/openssh-6.0p1-entropy.patch
+++ b/openssh-6.0p1-entropy.patch
@ -1,7 +1,7 @@
-diff -up openssh-5.9p0/entropy.c.entropy openssh-5.9p0/entropy.c
+diff -up openssh-6.0p1/entropy.c.entropy openssh-6.0p1/entropy.c
--- openssh-5.9p0/entropy.c.entropy	2011-08-31 13:20:59.660150441 +0200
+--- openssh-6.0p1/entropy.c.entropy	2012-08-06 20:51:59.131033413 +0200
-+++ openssh-5.9p0/entropy.c	2011-08-31 13:21:05.072024970 +0200
+++ openssh-6.0p1/entropy.c	2012-08-06 20:51:59.171033257 +0200
-@@ -232,6 +232,9 @@ seed_rng(void)
+@@ -237,6 +237,9 @@ seed_rng(void)
 	memset(buf, '\0', sizeof(buf));
 #endif /* OPENSSL_PRNG_ONLY */
@ -11,21 +11,21 @@ diff -up openssh-5.9p0/entropy.c.entropy openssh-5.9p0/entropy.c
 	if (RAND_status() != 1)
 		fatal("PRNG is not seeded");
 }
-diff -up openssh-5.9p0/openbsd-compat/Makefile.in.entropy openssh-5.9p0/openbsd-compat/Makefile.in
+diff -up openssh-6.0p1/openbsd-compat/Makefile.in.entropy openssh-6.0p1/openbsd-compat/Makefile.in
--- openssh-5.9p0/openbsd-compat/Makefile.in.entropy	2011-08-31 13:20:54.000000000 +0200
+--- openssh-6.0p1/openbsd-compat/Makefile.in.entropy	2012-08-06 20:51:59.100033534 +0200
-+++ openssh-5.9p0/openbsd-compat/Makefile.in	2011-08-31 13:44:25.138151565 +0200
+++ openssh-6.0p1/openbsd-compat/Makefile.in	2012-08-06 20:51:59.171033257 +0200
@@ -20,7 +20,7 @@ OPENBSD=base64.o basename.o bindresvport
- COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o
+ COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o
 -PORTS=port-aix.o port-irix.o port-linux.o port-linux_part_2.o port-solaris.o port-tun.o port-uw.o
 +PORTS=port-aix.o port-irix.o port-linux.o port-linux_part_2.o port-linux-prng.o port-solaris.o port-tun.o port-uw.o
 .c.o:
 	$(CC) $(CFLAGS) $(CPPFLAGS) -c $<
-diff -up openssh-5.9p0/openbsd-compat/port-linux-prng.c.entropy openssh-5.9p0/openbsd-compat/port-linux-prng.c
+diff -up openssh-6.0p1/openbsd-compat/port-linux-prng.c.entropy openssh-6.0p1/openbsd-compat/port-linux-prng.c
--- openssh-5.9p0/openbsd-compat/port-linux-prng.c.entropy	2011-08-31 13:21:05.382024083 +0200
+--- openssh-6.0p1/openbsd-compat/port-linux-prng.c.entropy	2012-08-06 20:51:59.171033257 +0200
-+++ openssh-5.9p0/openbsd-compat/port-linux-prng.c	2011-08-31 13:21:05.386024776 +0200
+++ openssh-6.0p1/openbsd-compat/port-linux-prng.c	2012-08-06 20:51:59.171033257 +0200
@@ -0,0 +1,59 @@
 +/* $Id: port-linux.c,v 1.11.4.2 2011/02/04 00:43:08 djm Exp $ */
 +
@ -86,10 +86,37 @@ diff -up openssh-5.9p0/openbsd-compat/port-linux-prng.c.entropy openssh-5.9p0/op
 +			fatal ("EOF reading %s", random);
 +	}
 +}
-diff -up openssh-5.9p0/ssh-add.1.entropy openssh-5.9p0/ssh-add.1
+diff -up openssh-6.0p1/ssh.1.entropy openssh-6.0p1/ssh.1
--- openssh-5.9p0/ssh-add.1.entropy	2010-11-05 00:20:14.000000000 +0100
+--- openssh-6.0p1/ssh.1.entropy	2012-08-06 20:51:59.139033382 +0200
-+++ openssh-5.9p0/ssh-add.1	2011-08-31 13:21:05.597122030 +0200
+++ openssh-6.0p1/ssh.1	2012-08-06 20:51:59.174033245 +0200
-@@ -158,6 +158,20 @@ Identifies the path of a
+@@ -1269,6 +1269,23 @@ For more information, see the
 .Cm PermitUserEnvironment
 option in
 .Xr sshd_config 5 .
 +.Sh ENVIRONMENT
 +.Bl -tag -width Ds -compact
 +.It Ev SSH_USE_STRONG_RNG
 +The reseeding of the OpenSSL random generator is usually done from
 +.Cm /dev/urandom .
 +If the 
 +.Cm SSH_USE_STRONG_RNG
 +environment variable is set to value other than
 +.Cm 0
 +the OpenSSL random generator is reseeded from
 +.Cm /dev/random .
 +The number of bytes read is defined by the SSH_USE_STRONG_RNG value. 
 +Minimum is 6 bytes.
 +This setting is not recommended on the computers without the hardware
 +random generator because insufficient entropy causes the connection to 
 +be blocked until enough entropy is available.
 +.El
 .Sh FILES
 .Bl -tag -width Ds -compact
 .It Pa ~/.rhosts
 diff -up openssh-6.0p1/ssh-add.1.entropy openssh-6.0p1/ssh-add.1
 --- openssh-6.0p1/ssh-add.1.entropy	2011-10-18 07:06:33.000000000 +0200
 +++ openssh-6.0p1/ssh-add.1	2012-08-06 20:51:59.172033253 +0200
@@ -161,6 +161,20 @@ Identifies the path of a
 .Ux Ns -domain
 socket used to communicate with the agent.
 .El
@ -110,9 +137,9 @@ diff -up openssh-5.9p0/ssh-add.1.entropy openssh-5.9p0/ssh-add.1
 .Sh FILES
 .Bl -tag -width Ds
 .It Pa ~/.ssh/identity
-diff -up openssh-5.9p0/ssh-agent.1.entropy openssh-5.9p0/ssh-agent.1
+diff -up openssh-6.0p1/ssh-agent.1.entropy openssh-6.0p1/ssh-agent.1
--- openssh-5.9p0/ssh-agent.1.entropy	2010-12-01 01:50:35.000000000 +0100
+--- openssh-6.0p1/ssh-agent.1.entropy	2010-12-01 01:50:35.000000000 +0100
-+++ openssh-5.9p0/ssh-agent.1	2011-08-31 13:21:05.735150196 +0200
+++ openssh-6.0p1/ssh-agent.1	2012-08-06 20:51:59.172033253 +0200
@@ -198,6 +198,24 @@ sockets used to contain the connection t
 These sockets should only be readable by the owner.
 The sockets should get automatically removed when the agent exits.
@ -138,10 +165,38 @@ diff -up openssh-5.9p0/ssh-agent.1.entropy openssh-5.9p0/ssh-agent.1
 .Sh SEE ALSO
 .Xr ssh 1 ,
 .Xr ssh-add 1 ,
-diff -up openssh-5.9p0/ssh-keygen.1.entropy openssh-5.9p0/ssh-keygen.1
+diff -up openssh-6.0p1/sshd.8.entropy openssh-6.0p1/sshd.8
--- openssh-5.9p0/ssh-keygen.1.entropy	2011-08-31 13:20:59.200212619 +0200
+--- openssh-6.0p1/sshd.8.entropy	2012-08-06 20:51:59.139033382 +0200
-+++ openssh-5.9p0/ssh-keygen.1	2011-08-31 13:21:06.077150115 +0200
+++ openssh-6.0p1/sshd.8	2012-08-06 20:51:59.174033245 +0200
-@@ -669,6 +669,24 @@ Contains Diffie-Hellman groups used for
+@@ -943,6 +943,24 @@ concurrently for different ports, this c
 started last).
 The content of this file is not sensitive; it can be world-readable.
 .El
 +.Sh ENVIRONMENT
 +.Bl -tag -width Ds -compact
 +.Pp
 +.It Pa SSH_USE_STRONG_RNG
 +The reseeding of the OpenSSL random generator is usually done from
 +.Cm /dev/urandom .
 +If the 
 +.Cm SSH_USE_STRONG_RNG
 +environment variable is set to value other than
 +.Cm 0
 +the OpenSSL random generator is reseeded from
 +.Cm /dev/random .
 +The number of bytes read is defined by the SSH_USE_STRONG_RNG value. 
 +Minimum is 6 bytes.
 +This setting is not recommended on the computers without the hardware
 +random generator because insufficient entropy causes the connection to 
 +be blocked until enough entropy is available.
 +.El
 .Sh IPV6
 IPv6 address can be used everywhere where IPv4 address. In all entries must be the IPv6 address enclosed in square brackets. Note: The square brackets are metacharacters for the shell and must be escaped in shell.
 .Sh SEE ALSO
 diff -up openssh-6.0p1/ssh-keygen.1.entropy openssh-6.0p1/ssh-keygen.1
 --- openssh-6.0p1/ssh-keygen.1.entropy	2011-10-18 07:05:21.000000000 +0200
 +++ openssh-6.0p1/ssh-keygen.1	2012-08-06 20:51:59.173033249 +0200
@@ -675,6 +675,24 @@ Contains Diffie-Hellman groups used for
 The file format is described in
 .Xr moduli 5 .
 .El
@ -166,9 +221,9 @@ diff -up openssh-5.9p0/ssh-keygen.1.entropy openssh-5.9p0/ssh-keygen.1
 .Sh SEE ALSO
 .Xr ssh 1 ,
 .Xr ssh-add 1 ,
-diff -up openssh-5.9p0/ssh-keysign.8.entropy openssh-5.9p0/ssh-keysign.8
+diff -up openssh-6.0p1/ssh-keysign.8.entropy openssh-6.0p1/ssh-keysign.8
--- openssh-5.9p0/ssh-keysign.8.entropy	2010-08-31 14:41:14.000000000 +0200
+--- openssh-6.0p1/ssh-keysign.8.entropy	2010-08-31 14:41:14.000000000 +0200
-+++ openssh-5.9p0/ssh-keysign.8	2011-08-31 13:21:06.207024356 +0200
+++ openssh-6.0p1/ssh-keysign.8	2012-08-06 20:51:59.173033249 +0200
@@ -78,6 +78,24 @@ must be set-uid root if host-based authe
 If these files exist they are assumed to contain public certificate
 information corresponding with the private keys above.
@ -194,58 +249,3 @@ diff -up openssh-5.9p0/ssh-keysign.8.entropy openssh-5.9p0/ssh-keysign.8
 .Sh SEE ALSO
 .Xr ssh 1 ,
 .Xr ssh-keygen 1 ,
 diff -up openssh-5.9p0/ssh.1.entropy openssh-5.9p0/ssh.1
 --- openssh-5.9p0/ssh.1.entropy	2011-08-31 13:21:00.835103535 +0200
 +++ openssh-5.9p0/ssh.1	2011-08-31 13:21:05.482032754 +0200
@@ -1255,6 +1255,23 @@ For more information, see the
 .Cm PermitUserEnvironment
 option in
 .Xr sshd_config 5 .
 +.Sh ENVIRONMENT
 +.Bl -tag -width Ds -compact
 +.It Ev SSH_USE_STRONG_RNG
 +The reseeding of the OpenSSL random generator is usually done from
 +.Cm /dev/urandom .
 +If the 
 +.Cm SSH_USE_STRONG_RNG
 +environment variable is set to value other than
 +.Cm 0
 +the OpenSSL random generator is reseeded from
 +.Cm /dev/random .
 +The number of bytes read is defined by the SSH_USE_STRONG_RNG value. 
 +Minimum is 6 bytes.
 +This setting is not recommended on the computers without the hardware
 +random generator because insufficient entropy causes the connection to 
 +be blocked until enough entropy is available.
 +.El
 .Sh FILES
 .Bl -tag -width Ds -compact
 .It Pa ~/.rhosts
 diff -up openssh-5.9p0/sshd.8.entropy openssh-5.9p0/sshd.8
 --- openssh-5.9p0/sshd.8.entropy	2011-08-31 13:21:00.000000000 +0200
 +++ openssh-5.9p0/sshd.8	2011-08-31 13:46:27.341025537 +0200
@@ -940,6 +940,24 @@ concurrently for different ports, this c
 started last).
 The content of this file is not sensitive; it can be world-readable.
 .El
 +.Sh ENVIRONMENT
 +.Bl -tag -width Ds -compact
 +.Pp
 +.It Pa SSH_USE_STRONG_RNG
 +The reseeding of the OpenSSL random generator is usually done from
 +.Cm /dev/urandom .
 +If the 
 +.Cm SSH_USE_STRONG_RNG
 +environment variable is set to value other than
 +.Cm 0
 +the OpenSSL random generator is reseeded from
 +.Cm /dev/random .
 +The number of bytes read is defined by the SSH_USE_STRONG_RNG value. 
 +Minimum is 6 bytes.
 +This setting is not recommended on the computers without the hardware
 +random generator because insufficient entropy causes the connection to 
 +be blocked until enough entropy is available.
 +.El
 .Sh IPV6
 IPv6 address can be used everywhere where IPv4 address. In all entries must be the IPv6 address enclosed in square brackets. Note: The square brackets are metacharacters for the shell and must be escaped in shell.
 .Sh SEE ALSO
--- a/openssh-6.0p1-ldap.patch
+++ b/openssh-6.0p1-ldap.patch
--- a/openssh-6.0p1-role-mls.patch
+++ b/openssh-6.0p1-role-mls.patch
@ -0,0 +1,934 @@
 diff -up openssh-6.0p1/auth.h.role-mls openssh-6.0p1/auth.h
 --- openssh-6.0p1/auth.h.role-mls	2012-06-24 16:57:17.540262700 +0200
 +++ openssh-6.0p1/auth.h	2012-06-24 16:49:35.802071204 +0200
@@ -59,6 +59,9 @@ struct Authctxt {
 	char		*service;
 	struct passwd	*pw;		/* set if 'valid' */
 	char		*style;
 +#ifdef WITH_SELINUX
 +	char		*role;
 +#endif
 	void		*kbdintctxt;
 	void		*jpake_ctx;
 #ifdef BSD_AUTH
 diff -up openssh-6.0p1/auth-pam.c.role-mls openssh-6.0p1/auth-pam.c
 --- openssh-6.0p1/auth-pam.c.role-mls	2012-06-24 16:57:17.532262382 +0200
 +++ openssh-6.0p1/auth-pam.c	2012-06-24 16:49:35.803071166 +0200
@@ -1074,7 +1074,7 @@ is_pam_session_open(void)
  * during the ssh authentication process.
  */
 int
 -do_pam_putenv(char *name, char *value)
 +do_pam_putenv(char *name, const char *value)
 {
 	int ret = 1;
 #ifdef HAVE_PAM_PUTENV
 diff -up openssh-6.0p1/auth-pam.h.role-mls openssh-6.0p1/auth-pam.h
 --- openssh-6.0p1/auth-pam.h.role-mls	2012-06-24 16:57:17.515261702 +0200
 +++ openssh-6.0p1/auth-pam.h	2012-06-24 16:49:35.804071128 +0200
@@ -38,7 +38,7 @@ void do_pam_session(void);
 void do_pam_set_tty(const char *);
 void do_pam_setcred(int );
 void do_pam_chauthtok(void);
 -int do_pam_putenv(char *, char *);
 +int do_pam_putenv(char *, const char *);
 char ** fetch_pam_environment(void);
 char ** fetch_pam_child_environment(void);
 void free_pam_environment(char **);
 diff -up openssh-6.0p1/auth1.c.role-mls openssh-6.0p1/auth1.c
 --- openssh-6.0p1/auth1.c.role-mls	2012-06-24 16:57:17.505261305 +0200
 +++ openssh-6.0p1/auth1.c	2012-06-24 16:49:35.805071090 +0200
@@ -468,6 +468,9 @@ do_authentication(Authctxt *authctxt)
 {
 	u_int ulen;
 	char *user, *style = NULL;
 +#ifdef WITH_SELINUX
 +	char *role=NULL;
 +#endif
 	/* Get the name of the user that we wish to log in as. */
 	packet_read_expect(SSH_CMSG_USER);
@@ -476,11 +479,24 @@ do_authentication(Authctxt *authctxt)
 	user = packet_get_cstring(&ulen);
 	packet_check_eom();
 +#ifdef WITH_SELINUX
 +	if ((role = strchr(user, '/')) != NULL)
 +		*role++ = '\0';
 +#endif
 +
 	if ((style = strchr(user, ':')) != NULL)
 		*style++ = '\0';
 +#ifdef WITH_SELINUX
 +	else
 +		if (role && (style = strchr(role, ':')) != NULL)
 +			*style++ = '\0';
 +#endif
 	authctxt->user = user;
 	authctxt->style = style;
 +#ifdef WITH_SELINUX
 +	authctxt->role = role;
 +#endif
 	/* Verify that the user is a valid user. */
 	if ((authctxt->pw = PRIVSEP(getpwnamallow(user))) != NULL)
 diff -up openssh-6.0p1/auth2.c.role-mls openssh-6.0p1/auth2.c
 --- openssh-6.0p1/auth2.c.role-mls	2012-06-24 16:57:17.507261384 +0200
 +++ openssh-6.0p1/auth2.c	2012-06-24 16:49:35.806071052 +0200
@@ -216,6 +216,9 @@ input_userauth_request(int type, u_int32
 	Authctxt *authctxt = ctxt;
 	Authmethod *m = NULL;
 	char *user, *service, *method, *active_methods, *style = NULL;
 +#ifdef WITH_SELINUX
 +	char *role = NULL;
 +#endif
 	int authenticated = 0;
 	if (authctxt == NULL)
@@ -227,6 +230,11 @@ input_userauth_request(int type, u_int32
 	debug("userauth-request for user %s service %s method %s", user, service, method);
 	debug("attempt %d failures %d", authctxt->attempt, authctxt->failures);
 +#ifdef WITH_SELINUX
 +	if ((role = strchr(user, '/')) != NULL)
 +		*role++ = 0;
 +#endif
 +
 	if ((style = strchr(user, ':')) != NULL)
 		*style++ = 0;
@@ -249,8 +257,15 @@ input_userauth_request(int type, u_int32
 		    use_privsep ? " [net]" : "");
 		authctxt->service = xstrdup(service);
 		authctxt->style = style ? xstrdup(style) : NULL;
 -		if (use_privsep)
 +#ifdef WITH_SELINUX
 +		authctxt->role = role ? xstrdup(role) : NULL;
 +#endif
 +		if (use_privsep) {
 			mm_inform_authserv(service, style);
 +#ifdef WITH_SELINUX
 +			mm_inform_authrole(role);
 +#endif
 +		}
 		userauth_banner();
 	} else if (strcmp(user, authctxt->user) != 0 ||
 	    strcmp(service, authctxt->service) != 0) {
 diff -up openssh-6.0p1/auth2-gss.c.role-mls openssh-6.0p1/auth2-gss.c
 --- openssh-6.0p1/auth2-gss.c.role-mls	2012-06-24 16:57:17.522261982 +0200
 +++ openssh-6.0p1/auth2-gss.c	2012-06-24 16:49:35.806071052 +0200
@@ -260,6 +260,7 @@ input_gssapi_mic(int type, u_int32_t ple
 	Authctxt *authctxt = ctxt;
 	Gssctxt *gssctxt;
 	int authenticated = 0;
 +	char *micuser;
 	Buffer b;
 	gss_buffer_desc mic, gssbuf;
 	u_int len;
@@ -272,7 +273,13 @@ input_gssapi_mic(int type, u_int32_t ple
 	mic.value = packet_get_string(&len);
 	mic.length = len;
 -	ssh_gssapi_buildmic(&b, authctxt->user, authctxt->service,
 +#ifdef WITH_SELINUX
 +	if (authctxt->role && (strlen(authctxt->role) > 0))
 +		xasprintf(&micuser, "%s/%s", authctxt->user, authctxt->role);
 +	else
 +#endif
 +		micuser = authctxt->user;
 +	ssh_gssapi_buildmic(&b, micuser, authctxt->service,
 	    "gssapi-with-mic");
 	gssbuf.value = buffer_ptr(&b);
@@ -284,6 +291,8 @@ input_gssapi_mic(int type, u_int32_t ple
 		logit("GSSAPI MIC check failed");
 	buffer_free(&b);
 +	if (micuser != authctxt->user)
 +		xfree(micuser);
 	xfree(mic.value);
 	authctxt->postponed = 0;
 diff -up openssh-6.0p1/auth2-hostbased.c.role-mls openssh-6.0p1/auth2-hostbased.c
 --- openssh-6.0p1/auth2-hostbased.c.role-mls	2012-06-24 16:57:17.535262501 +0200
 +++ openssh-6.0p1/auth2-hostbased.c	2012-06-24 16:49:35.807071014 +0200
@@ -106,7 +106,15 @@ userauth_hostbased(Authctxt *authctxt)
 	buffer_put_string(&b, session_id2, session_id2_len);
 	/* reconstruct packet */
 	buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
 -	buffer_put_cstring(&b, authctxt->user);
 +#ifdef WITH_SELINUX
 +	if (authctxt->role) {
 +		buffer_put_int(&b, strlen(authctxt->user)+strlen(authctxt->role)+1);
 +		buffer_append(&b, authctxt->user, strlen(authctxt->user));
 +		buffer_put_char(&b, '/');
 +		buffer_append(&b, authctxt->role, strlen(authctxt->role));
 +	} else 
 +#endif
 +		buffer_put_cstring(&b, authctxt->user);
 	buffer_put_cstring(&b, service);
 	buffer_put_cstring(&b, "hostbased");
 	buffer_put_string(&b, pkalg, alen);
 diff -up openssh-6.0p1/auth2-pubkey.c.role-mls openssh-6.0p1/auth2-pubkey.c
 --- openssh-6.0p1/auth2-pubkey.c.role-mls	2012-06-24 16:57:17.517261782 +0200
 +++ openssh-6.0p1/auth2-pubkey.c	2012-06-24 16:49:35.807071014 +0200
@@ -121,7 +121,15 @@ userauth_pubkey(Authctxt *authctxt)
 		}
 		/* reconstruct packet */
 		buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
 -		buffer_put_cstring(&b, authctxt->user);
 +#ifdef WITH_SELINUX
 +		if (authctxt->role) {
 +			buffer_put_int(&b, strlen(authctxt->user)+strlen(authctxt->role)+1);
 +			buffer_append(&b, authctxt->user, strlen(authctxt->user));
 +			buffer_put_char(&b, '/');
 +			buffer_append(&b, authctxt->role, strlen(authctxt->role));
 +		} else 
 +#endif
 +			buffer_put_cstring(&b, authctxt->user);
 		buffer_put_cstring(&b,
 		    datafellows & SSH_BUG_PKSERVICE ?
 		    "ssh-userauth" :
 diff -up openssh-6.0p1/misc.c.role-mls openssh-6.0p1/misc.c
 --- openssh-6.0p1/misc.c.role-mls	2012-06-24 17:02:27.116348979 +0200
 +++ openssh-6.0p1/misc.c	2012-06-24 16:58:09.631883672 +0200
@@ -427,6 +427,7 @@ char *
 colon(char *cp)
 {
 	int flag = 0;
 +	int start = 1;
 	if (*cp == ':')		/* Leading colon is part of file name. */
 		return NULL;
@@ -442,6 +443,13 @@ colon(char *cp)
 			return (cp);
 		if (*cp == '/')
 			return NULL;
 +		if (start) {
 +		/* Slash on beginning or after dots only denotes file name. */
 +			if (*cp == '/')
 +				return (0);
 +			if (*cp != '.')
 +				start = 0;
 +		}
 	}
 	return NULL;
 }
 diff -up openssh-6.0p1/monitor.c.role-mls openssh-6.0p1/monitor.c
 --- openssh-6.0p1/monitor.c.role-mls	2012-06-24 16:57:17.510261504 +0200
 +++ openssh-6.0p1/monitor.c	2012-06-24 16:49:35.809070938 +0200
@@ -148,6 +148,9 @@ int mm_answer_sign(int, Buffer *);
 int mm_answer_pwnamallow(int, Buffer *);
 int mm_answer_auth2_read_banner(int, Buffer *);
 int mm_answer_authserv(int, Buffer *);
 +#ifdef WITH_SELINUX
 +int mm_answer_authrole(int, Buffer *);
 +#endif
 int mm_answer_authpassword(int, Buffer *);
 int mm_answer_bsdauthquery(int, Buffer *);
 int mm_answer_bsdauthrespond(int, Buffer *);
@@ -232,6 +235,9 @@ struct mon_table mon_dispatch_proto20[]
     {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign},
     {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},
     {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv},
 +#ifdef WITH_SELINUX
 +    {MONITOR_REQ_AUTHROLE, MON_ONCE, mm_answer_authrole},
 +#endif
     {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner},
     {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
 #ifdef USE_PAM
@@ -835,6 +841,9 @@ mm_answer_pwnamallow(int sock, Buffer *m
 	else {
 		/* Allow service/style information on the auth context */
 		monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1);
 +#ifdef WITH_SELINUX
 +		monitor_permit(mon_dispatch, MONITOR_REQ_AUTHROLE, 1);
 +#endif
 		monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1);
 	}
 #ifdef USE_PAM
@@ -878,6 +887,25 @@ mm_answer_authserv(int sock, Buffer *m)
 	return (0);
 }
 +#ifdef WITH_SELINUX
 +int
 +mm_answer_authrole(int sock, Buffer *m)
 +{
 +	monitor_permit_authentications(1);
 +
 +	authctxt->role = buffer_get_string(m, NULL);
 +	debug3("%s: role=%s",
 +	    __func__, authctxt->role);
 +
 +	if (strlen(authctxt->role) == 0) {
 +		xfree(authctxt->role);
 +		authctxt->role = NULL;
 +	}
 +
 +	return (0);
 +}
 +#endif
 +
 int
 mm_answer_authpassword(int sock, Buffer *m)
 {
@@ -1254,7 +1282,7 @@ static int
 monitor_valid_userblob(u_char *data, u_int datalen)
 {
 	Buffer b;
 -	char *p;
 +	char *p, *r;
 	u_int len;
 	int fail = 0;
@@ -1280,6 +1308,8 @@ monitor_valid_userblob(u_char *data, u_i
 	if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST)
 		fail++;
 	p = buffer_get_string(&b, NULL);
 +	if ((r = strchr(p, '/')) != NULL)
 +		*r = '\0';
 	if (strcmp(authctxt->user, p) != 0) {
 		logit("wrong user name passed to monitor: expected %s != %.100s",
 		    authctxt->user, p);
@@ -1311,7 +1341,7 @@ monitor_valid_hostbasedblob(u_char *data
     char *chost)
 {
 	Buffer b;
 -	char *p;
 +	char *p, *r;
 	u_int len;
 	int fail = 0;
@@ -1328,6 +1358,8 @@ monitor_valid_hostbasedblob(u_char *data
 	if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST)
 		fail++;
 	p = buffer_get_string(&b, NULL);
 +	if ((r = strchr(p, '/')) != NULL)
 +		*r = '\0';
 	if (strcmp(authctxt->user, p) != 0) {
 		logit("wrong user name passed to monitor: expected %s != %.100s",
 		    authctxt->user, p);
 diff -up openssh-6.0p1/monitor.h.role-mls openssh-6.0p1/monitor.h
 --- openssh-6.0p1/monitor.h.role-mls	2012-06-24 16:57:17.520261902 +0200
 +++ openssh-6.0p1/monitor.h	2012-06-24 16:49:35.809070938 +0200
@@ -31,6 +31,9 @@
 enum monitor_reqtype {
 	MONITOR_REQ_MODULI, MONITOR_ANS_MODULI,
 	MONITOR_REQ_FREE, MONITOR_REQ_AUTHSERV,
 +#ifdef WITH_SELINUX
 +	MONITOR_REQ_AUTHROLE,
 +#endif
 	MONITOR_REQ_SIGN, MONITOR_ANS_SIGN,
 	MONITOR_REQ_PWNAM, MONITOR_ANS_PWNAM,
 	MONITOR_REQ_AUTH2_READ_BANNER, MONITOR_ANS_AUTH2_READ_BANNER,
 diff -up openssh-6.0p1/monitor_wrap.c.role-mls openssh-6.0p1/monitor_wrap.c
 --- openssh-6.0p1/monitor_wrap.c.role-mls	2012-06-24 16:57:17.537262580 +0200
 +++ openssh-6.0p1/monitor_wrap.c	2012-06-24 16:49:35.810070900 +0200
@@ -336,6 +336,25 @@ mm_inform_authserv(char *service, char *
 	buffer_free(&m);
 }
 +/* Inform the privileged process about role */
 +
 +#ifdef WITH_SELINUX
 +void
 +mm_inform_authrole(char *role)
 +{
 +	Buffer m;
 +
 +	debug3("%s entering", __func__);
 +
 +	buffer_init(&m);
 +	buffer_put_cstring(&m, role ? role : "");
 +
 +	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHROLE, &m);
 +
 +	buffer_free(&m);
 +}
 +#endif
 +
 /* Do the password authentication */
 int
 mm_auth_password(Authctxt *authctxt, char *password)
 diff -up openssh-6.0p1/monitor_wrap.h.role-mls openssh-6.0p1/monitor_wrap.h
 --- openssh-6.0p1/monitor_wrap.h.role-mls	2012-06-24 16:57:17.513261623 +0200
 +++ openssh-6.0p1/monitor_wrap.h	2012-06-24 16:49:35.811070862 +0200
@@ -42,6 +42,9 @@ int mm_is_monitor(void);
 DH *mm_choose_dh(int, int, int);
 int mm_key_sign(Key *, u_char **, u_int *, u_char *, u_int);
 void mm_inform_authserv(char *, char *);
 +#ifdef WITH_SELINUX
 +void mm_inform_authrole(char *);
 +#endif
 struct passwd *mm_getpwnamallow(const char *);
 char *mm_auth2_read_banner(void);
 int mm_auth_password(struct Authctxt *, char *);
 diff -up openssh-6.0p1/openbsd-compat/Makefile.in.role-mls openssh-6.0p1/openbsd-compat/Makefile.in
 --- openssh-6.0p1/openbsd-compat/Makefile.in.role-mls	2012-06-24 16:57:17.525262102 +0200
 +++ openssh-6.0p1/openbsd-compat/Makefile.in	2012-06-24 16:51:38.087889399 +0200
@@ -20,7 +20,7 @@ OPENBSD=base64.o basename.o bindresvport
 COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o
 -PORTS=port-aix.o port-irix.o port-linux.o port-solaris.o port-tun.o port-uw.o
 +PORTS=port-aix.o port-irix.o port-linux.o port-linux_part_2.o port-solaris.o port-tun.o port-uw.o
 .c.o:
 	$(CC) $(CFLAGS) $(CPPFLAGS) -c $<
 diff -up openssh-6.0p1/openbsd-compat/port-linux.c.role-mls openssh-6.0p1/openbsd-compat/port-linux.c
 --- openssh-6.0p1/openbsd-compat/port-linux.c.role-mls	2012-06-24 16:57:17.527262182 +0200
 +++ openssh-6.0p1/openbsd-compat/port-linux.c	2012-06-24 17:00:55.621978528 +0200
@@ -31,68 +31,271 @@
 #include "log.h"
 #include "xmalloc.h"
 +#include "servconf.h"
 #include "port-linux.h"
 +#include "key.h"
 +#include "hostfile.h"
 +#include "auth.h"
 #ifdef WITH_SELINUX
 #include <selinux/selinux.h>
 #include <selinux/flask.h>
 +#include <selinux/context.h>
 #include <selinux/get_context_list.h>
 +#include <selinux/get_default_type.h>
 +#include <selinux/av_permissions.h>
 +
 +#ifdef HAVE_LINUX_AUDIT
 +#include <libaudit.h>
 +#include <unistd.h>
 +#endif
 #ifndef SSH_SELINUX_UNCONFINED_TYPE
 # define SSH_SELINUX_UNCONFINED_TYPE ":unconfined_t:"
 #endif
 -/* Wrapper around is_selinux_enabled() to log its return value once only */
 -int
 -ssh_selinux_enabled(void)
 +extern ServerOptions options;
 +extern Authctxt *the_authctxt;
 +extern int inetd_flag;
 +extern int rexeced_flag;
 +
 +/* Send audit message */
 +static int
 +send_audit_message(int success, security_context_t default_context,
 +		       security_context_t selected_context)
 +{
 +	int rc=0;
 +#ifdef HAVE_LINUX_AUDIT
 +	char *msg = NULL;
 +	int audit_fd = audit_open();
 +	security_context_t default_raw=NULL;
 +	security_context_t selected_raw=NULL;
 +	rc = -1;
 +	if (audit_fd < 0) {
 +		if (errno == EINVAL || errno == EPROTONOSUPPORT ||
 +					errno == EAFNOSUPPORT)
 +				return 0; /* No audit support in kernel */
 +		error("Error connecting to audit system.");
 +		return rc;
 +	}
 +	if (selinux_trans_to_raw_context(default_context, &default_raw) < 0) {
 +		error("Error translating default context.");
 +		default_raw = NULL;
 +	}
 +	if (selinux_trans_to_raw_context(selected_context, &selected_raw) < 0) {
 +		error("Error translating selected context.");
 +		selected_raw = NULL;
 +	}
 +	if (asprintf(&msg, "sshd: default-context=%s selected-context=%s",
 +		     default_raw ? default_raw : (default_context ? default_context: "?"),
 +		     selected_context ? selected_raw : (selected_context ? selected_context :"?")) < 0) {
 +		error("Error allocating memory.");
 +		goto out;
 +	}
 +	if (audit_log_user_message(audit_fd, AUDIT_USER_ROLE_CHANGE,
 +				   msg, NULL, NULL, NULL, success) <= 0) {
 +		error("Error sending audit message.");
 +		goto out;
 +	}
 +	rc = 0;
 +      out:
 +	free(msg);
 +	freecon(default_raw);
 +	freecon(selected_raw);
 +	close(audit_fd);
 +#endif
 +	return rc;
 +}
 +
 +static int
 +mls_range_allowed(security_context_t src, security_context_t dst)
 {
 -	static int enabled = -1;
 +	struct av_decision avd;
 +	int retval;
 +	unsigned int bit = CONTEXT__CONTAINS;
 +
 +	debug("%s: src:%s dst:%s", __func__, src, dst);
 +	retval = security_compute_av(src, dst, SECCLASS_CONTEXT, bit, &avd);
 +	if (retval || ((bit & avd.allowed) != bit))
 +		return 0;
 +
 +	return 1;
 +}
 +
 +static int
 +get_user_context(const char *sename, const char *role, const char *lvl,
 +	security_context_t *sc) {
 +#ifdef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL
 +	if (lvl == NULL || lvl[0] == '\0' || get_default_context_with_level(sename, lvl, NULL, sc) != 0) {
 +	        /* User may have requested a level completely outside of his 
 +	           allowed range. We get a context just for auditing as the
 +	           range check below will certainly fail for default context. */
 +#endif
 +		if (get_default_context(sename, NULL, sc) != 0) {
 +			*sc = NULL;
 +			return -1;
 +		}
 +#ifdef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL
 +	}
 +#endif
 +	if (role != NULL && role[0]) {
 +		context_t con;
 +		char *type=NULL;
 +		if (get_default_type(role, &type) != 0) {
 +			error("get_default_type: failed to get default type for '%s'",
 +				role);
 +			goto out;
 +		}
 +		con = context_new(*sc);
 +		if (!con) {
 +			goto out;
 +		}
 +		context_role_set(con, role);
 +		context_type_set(con, type);
 +		freecon(*sc);
 +		*sc = strdup(context_str(con));
 +		context_free(con);
 +		if (!*sc) 
 +			return -1;
 +	}
 +#ifdef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL
 +	if (lvl != NULL && lvl[0]) {
 +		/* verify that the requested range is obtained */
 +		context_t con;
 +		security_context_t obtained_raw;
 +		security_context_t requested_raw;
 +		con = context_new(*sc);
 +		if (!con) {
 +			goto out;
 +		}
 +		context_range_set(con, lvl);
 +		if (selinux_trans_to_raw_context(*sc, &obtained_raw) < 0) {
 +			context_free(con);
 +			goto out;
 +		}
 +		if (selinux_trans_to_raw_context(context_str(con), &requested_raw) < 0) {
 +			freecon(obtained_raw);
 +			context_free(con);
 +			goto out;
 +		}
 -	if (enabled == -1) {
 -		enabled = (is_selinux_enabled() == 1);
 -		debug("SELinux support %s", enabled ? "enabled" : "disabled");
 +		debug("get_user_context: obtained context '%s' requested context '%s'",
 +			obtained_raw, requested_raw);
 +		if (strcmp(obtained_raw, requested_raw)) {
 +			/* set the context to the real requested one but fail */
 +			freecon(requested_raw);
 +			freecon(obtained_raw);
 +			freecon(*sc);
 +			*sc = strdup(context_str(con));
 +			context_free(con);
 +			return -1;
 +		}
 +		freecon(requested_raw);
 +		freecon(obtained_raw);
 +		context_free(con);
 	}
 +#endif
 +	return 0;
 +      out:
 +	freecon(*sc);
 +	*sc = NULL;
 +	return -1;
 +}
 -	return (enabled);
 +static void
 +ssh_selinux_get_role_level(char **role, const char **level)
 +{
 +	*role = NULL;
 +	*level = NULL;
 +	if (the_authctxt) {
 +		if (the_authctxt->role != NULL) {
 +			char *slash;
 +			*role = xstrdup(the_authctxt->role);
 +			if ((slash = strchr(*role, '/')) != NULL) {
 +				*slash = '\0';
 +				*level = slash + 1;
 +			}
 +		}
 +	}
 }
 /* Return the default security context for the given username */
 static security_context_t
 -ssh_selinux_getctxbyname(char *pwname)
 +ssh_selinux_getctxbyname(char *pwname,
 +	security_context_t *default_sc, security_context_t *user_sc)
 {
 -	security_context_t sc = NULL;
 -	char *sename = NULL, *lvl = NULL;
 -	int r;
 +	char *sename, *lvl;
 +	char *role;
 +	const char *reqlvl;
 +	int r = 0;
 +	context_t con = NULL;
 + 
 +	ssh_selinux_get_role_level(&role, &reqlvl);
 #ifdef HAVE_GETSEUSERBYNAME
 -	if (getseuserbyname(pwname, &sename, &lvl) != 0)
 -		return NULL;
 +	if ((r=getseuserbyname(pwname, &sename, &lvl)) != 0) {
 +		sename = NULL;
 +		lvl = NULL;
 +	}
 #else
 	sename = pwname;
 -	lvl = NULL;
 +	lvl = "";
 #endif
 +	if (r == 0) {
 #ifdef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL
 -	r = get_default_context_with_level(sename, lvl, NULL, &sc);
 +		r = get_default_context_with_level(sename, lvl, NULL, default_sc);
 #else
 -	r = get_default_context(sename, NULL, &sc);
 +		r = get_default_context(sename, NULL, default_sc);
 #endif
 +	}
 +
 +	if (r == 0) {
 +		/* If launched from xinetd, we must use current level */
 +		if (inetd_flag && !rexeced_flag) {
 +			security_context_t sshdsc=NULL;
 +
 +			if (getcon_raw(&sshdsc) < 0)
 +				fatal("failed to allocate security context");
 +
 +			if ((con=context_new(sshdsc)) == NULL)
 +				fatal("failed to allocate selinux context");
 +			reqlvl = context_range_get(con);
 +			freecon(sshdsc);
 +			if (reqlvl !=NULL && lvl != NULL && strcmp(reqlvl, lvl) == 0)
 +			    /* we actually don't change level */
 +			    reqlvl = "";
 +
 +			debug("%s: current connection level '%s'", __func__, reqlvl);
 -	if (r != 0) {
 -		switch (security_getenforce()) {
 -		case -1:
 -			fatal("%s: ssh_selinux_getctxbyname: "
 -			    "security_getenforce() failed", __func__);
 -		case 0:
 -			error("%s: Failed to get default SELinux security "
 -			    "context for %s", __func__, pwname);
 -			sc = NULL;
 -			break;
 -		default:
 -			fatal("%s: Failed to get default SELinux security "
 -			    "context for %s (in enforcing mode)",
 -			    __func__, pwname);
 		}
 +		
 +		if ((reqlvl != NULL && reqlvl[0]) || (role != NULL && role[0])) {
 +			r = get_user_context(sename, role, reqlvl, user_sc);
 +		
 +			if (r == 0 && reqlvl != NULL && reqlvl[0]) {
 +				security_context_t default_level_sc = *default_sc;
 +				if (role != NULL && role[0]) {
 +					if (get_user_context(sename, role, lvl, &default_level_sc) < 0)
 +						default_level_sc = *default_sc;
 +				}
 +				/* verify that the requested range is contained in the user range */
 +				if (mls_range_allowed(default_level_sc, *user_sc)) {
 +					logit("permit MLS level %s (user range %s)", reqlvl, lvl);
 +				} else {
 +					r = -1;
 +					error("deny MLS level %s (user range %s)", reqlvl, lvl);
 +				}
 +				if (default_level_sc != *default_sc)
 +					freecon(default_level_sc);
 +			}
 +		} else {
 +			*user_sc = *default_sc;
 +		}
 +	}
 +	if (r != 0) {
 +		error("%s: Failed to get default SELinux security "
 +		    "context for %s", __func__, pwname);
 	}
 #ifdef HAVE_GETSEUSERBYNAME
@@ -102,7 +305,42 @@ ssh_selinux_getctxbyname(char *pwname)
 		xfree(lvl);
 #endif
 -	return sc;
 +	if (role != NULL)
 +		xfree(role);
 +	if (con)
 +		context_free(con);
 + 
 +	return (r);
 +}
 +
 +/* Setup environment variables for pam_selinux */
 +static int
 +ssh_selinux_setup_pam_variables(void)
 +{
 +	const char *reqlvl;
 +	char *role;
 +	char *use_current;
 +	int rv;
 +
 +	debug3("%s: setting execution context", __func__);
 +
 +	ssh_selinux_get_role_level(&role, &reqlvl);
 +
 +	rv = do_pam_putenv("SELINUX_ROLE_REQUESTED", role ? role : "");
 +	
 +	if (inetd_flag && !rexeced_flag) {
 +		use_current = "1";
 +	} else {
 +		use_current = "";
 +		rv = rv || do_pam_putenv("SELINUX_LEVEL_REQUESTED", reqlvl ? reqlvl: "");
 +	}
 +
 +	rv = rv || do_pam_putenv("SELINUX_USE_CURRENT_RANGE", use_current);
 +
 +	if (role != NULL)
 +		xfree(role);
 +	
 +	return rv;
 }
 /* Set the execution context to the default for the specified user */
@@ -110,28 +348,71 @@ void
 ssh_selinux_setup_exec_context(char *pwname)
 {
 	security_context_t user_ctx = NULL;
 +	int r = 0;
 +	security_context_t default_ctx = NULL;
 	if (!ssh_selinux_enabled())
 		return;
 +	if (options.use_pam) {
 +		/* do not compute context, just setup environment for pam_selinux */
 +		if (ssh_selinux_setup_pam_variables()) {
 +			switch (security_getenforce()) {
 +			case -1:
 +				fatal("%s: security_getenforce() failed", __func__);
 +			case 0:
 +				error("%s: SELinux PAM variable setup failure. Continuing in permissive mode.",
 +				    __func__);
 +			break;
 +			default:
 +				fatal("%s: SELinux PAM variable setup failure. Aborting connection.",
 +				    __func__);
 +			}
 +		}
 +		return;
 +	}
 +
 	debug3("%s: setting execution context", __func__);
 -	user_ctx = ssh_selinux_getctxbyname(pwname);
 -	if (setexeccon(user_ctx) != 0) {
 +	r = ssh_selinux_getctxbyname(pwname, &default_ctx, &user_ctx);
 +	if (r >= 0) {
 +		r = setexeccon(user_ctx);
 +		if (r < 0) {
 +			error("%s: Failed to set SELinux execution context %s for %s",
 +			    __func__, user_ctx, pwname);
 +		} 
 +#ifdef HAVE_SETKEYCREATECON
 +		else if (setkeycreatecon(user_ctx) < 0) {
 +			error("%s: Failed to set SELinux keyring creation context %s for %s",
 +			    __func__, user_ctx, pwname);
 +		}
 +#endif
 +	}
 +	if (user_ctx == NULL) {
 +		user_ctx = default_ctx;
 +	}
 +	if (r < 0 || user_ctx != default_ctx) {
 +		/* audit just the case when user changed a role or there was
 +		   a failure */
 +		send_audit_message(r >= 0, default_ctx, user_ctx);
 +	}
 +	if (r < 0) {
 		switch (security_getenforce()) {
 		case -1:
 			fatal("%s: security_getenforce() failed", __func__);
 		case 0:
 -			error("%s: Failed to set SELinux execution "
 -			    "context for %s", __func__, pwname);
 +			error("%s: SELinux failure. Continuing in permissive mode.",
 +			    __func__);
 			break;
 		default:
 -			fatal("%s: Failed to set SELinux execution context "
 -			    "for %s (in enforcing mode)", __func__, pwname);
 +			fatal("%s: SELinux failure. Aborting connection.",
 +			    __func__);
 		}
 	}
 -	if (user_ctx != NULL)
 +	if (user_ctx != NULL && user_ctx != default_ctx)
 		freecon(user_ctx);
 +	if (default_ctx != NULL)
 +		freecon(default_ctx);
 	debug3("%s: done", __func__);
 }
@@ -149,7 +430,10 @@ ssh_selinux_setup_pty(char *pwname, cons
 	debug3("%s: setting TTY context on %s", __func__, tty);
 -	user_ctx = ssh_selinux_getctxbyname(pwname);
 +	if (getexeccon(&user_ctx) < 0) {
 +		error("%s: getexeccon: %s", __func__, strerror(errno));
 +		goto out;
 +	}
 	/* XXX: should these calls fatal() upon failure in enforcing mode? */
@@ -221,21 +505,6 @@ ssh_selinux_change_context(const char *n
 	xfree(newctx);
 }
 -void
 -ssh_selinux_setfscreatecon(const char *path)
 -{
 -	security_context_t context;
 -
 -	if (!ssh_selinux_enabled())
 -		return;
 -	if (path == NULL) {
 -		setfscreatecon(NULL);
 -		return;
 -	}
 -	if (matchpathcon(path, 0700, &context) == 0)
 -		setfscreatecon(context);
 -}
 -
 #endif /* WITH_SELINUX */
 #ifdef LINUX_OOM_ADJUST
 diff -up openssh-6.0p1/openbsd-compat/port-linux_part_2.c.role-mls openssh-6.0p1/openbsd-compat/port-linux_part_2.c
 --- openssh-6.0p1/openbsd-compat/port-linux_part_2.c.role-mls	2012-06-24 16:57:17.530262302 +0200
 +++ openssh-6.0p1/openbsd-compat/port-linux_part_2.c	2012-06-24 16:49:35.813070786 +0200
@@ -0,0 +1,75 @@
 +/* $Id: port-linux.c,v 1.11.4.2 2011/02/04 00:43:08 djm Exp $ */
 +
 +/*
 + * Copyright (c) 2005 Daniel Walsh <dwalsh@redhat.com>
 + * Copyright (c) 2006 Damien Miller <djm@openbsd.org>
 + *
 + * Permission to use, copy, modify, and distribute this software for any
 + * purpose with or without fee is hereby granted, provided that the above
 + * copyright notice and this permission notice appear in all copies.
 + *
 + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 + */
 +
 +/*
 + * Linux-specific portability code - just SELinux support at present
 + */
 +
 +#include "includes.h"
 +
 +#if defined(WITH_SELINUX) || defined(LINUX_OOM_ADJUST)
 +#include <errno.h>
 +#include <stdarg.h>
 +#include <string.h>
 +#include <stdio.h>
 +
 +#include "log.h"
 +#include "xmalloc.h"
 +#include "port-linux.h"
 +#include "key.h"
 +#include "hostfile.h"
 +#include "auth.h"
 +
 +#ifdef WITH_SELINUX
 +#include <selinux/selinux.h>
 +#include <selinux/flask.h>
 +#include <selinux/get_context_list.h>
 +
 +/* Wrapper around is_selinux_enabled() to log its return value once only */
 +int
 +ssh_selinux_enabled(void)
 +{
 +	static int enabled = -1;
 +
 +	if (enabled == -1) {
 +		enabled = (is_selinux_enabled() == 1);
 +		debug("SELinux support %s", enabled ? "enabled" : "disabled");
 +	}
 +
 +	return (enabled);
 +}
 +
 +void
 +ssh_selinux_setfscreatecon(const char *path)
 +{
 +	security_context_t context;
 +
 +	if (!ssh_selinux_enabled())
 +		return;
 +	if (path == NULL) {
 +		setfscreatecon(NULL);
 +		return;
 +	}
 +	if (matchpathcon(path, 0700, &context) == 0)
 +		setfscreatecon(context);
 +}
 +
 +#endif /* WITH_SELINUX */
 +
 +#endif /* WITH_SELINUX || LINUX_OOM_ADJUST */
 diff -up openssh-6.0p1/sshd.c.role-mls openssh-6.0p1/sshd.c
 --- openssh-6.0p1/sshd.c.role-mls	2012-06-24 17:02:56.543257378 +0200
 +++ openssh-6.0p1/sshd.c	2012-06-24 16:58:09.634883844 +0200
@@ -2090,6 +2090,9 @@ main(int ac, char **av)
 		restore_uid();
 	}
 #endif
 +#ifdef WITH_SELINUX
 +	ssh_selinux_setup_exec_context(authctxt->pw->pw_name);
 +#endif
 #ifdef USE_PAM
 	if (options.use_pam) {
 		do_pam_setcred(1);
--- a/openssh.spec
+++ b/openssh.spec
@ -74,10 +74,10 @@
 %endif
 # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
-%define openssh_ver 5.9p1
+%define openssh_ver 6.0p1
-%define openssh_rel 26
+%define openssh_rel 1
 %define pam_ssh_agent_ver 0.9.3
-%define pam_ssh_agent_rel 1
+%define pam_ssh_agent_rel 2
 Summary: An open source implementation of SSH protocol versions 1 and 2
 Name: openssh
@ -123,15 +123,15 @@ Patch104: openssh-5.9p1-required-authentications.patch
 #https://bugzilla.mindrot.org/show_bug.cgi?id=1402
 Patch200: openssh-5.8p1-audit0.patch
 # -"-
-Patch201: openssh-5.9p1-audit1.patch
+Patch201: openssh-6.0p1-audit1.patch
 # -"-
 Patch202: openssh-5.9p1-audit2.patch
 # -"-
 Patch203: openssh-5.9p1-audit3.patch
 # -"-
-Patch204: openssh-5.9p1-audit4.patch
+Patch204: openssh-6.0p1-audit4.patch
 # -"-
-Patch205: openssh-5.9p1-audit5.patch
+Patch205: openssh-6.0p1-audit5.patch
 # --- pam_ssh-agent ---
 # make it build reusing the openssh sources
@ -140,27 +140,24 @@ Patch300: pam_ssh_agent_auth-0.9.3-build.patch
 Patch301: pam_ssh_agent_auth-0.9.2-seteuid.patch
 # explicitly make pam callbacks visible
 Patch302: pam_ssh_agent_auth-0.9.2-visibility.patch
 #https://bugzilla.mindrot.org/show_bug.cgi?id=1641 (WONTFIX)
-Patch400: openssh-5.9p1-role.patch
+Patch400: openssh-6.0p1-role-mls.patch
 #?
 Patch401: openssh-5.9p1-mls.patch
 #?
 Patch402: openssh-5.9p1-sftp-chroot.patch
 #https://bugzilla.mindrot.org/show_bug.cgi?id=1940
-Patch403: openssh-5.9p1-sesandbox.patch
+#Patch403: openssh-5.9p1-sesandbox.patch
 #https://bugzilla.redhat.com/show_bug.cgi?id=781634
 Patch404: openssh-5.9p1-privsep-selinux.patch
 #https://bugzilla.mindrot.org/show_bug.cgi?id=1663
 Patch500: openssh-5.9p1-akc.patch
 #?-- unwanted child :(
-Patch501: openssh-5.9p1-ldap.patch
+Patch501: openssh-6.0p1-ldap.patch
 #?
 Patch502: openssh-5.9p1-keycat.patch
 #https://bugzilla.mindrot.org/show_bug.cgi?id=1668
-Patch600: openssh-5.9p1-keygen.patch
+#Patch600: openssh-5.9p1-keygen.patch
 #http6://bugzilla.mindrot.org/show_bug.cgi?id=1644
 Patch601: openssh-5.2p1-allow-ip-opts.patch
 #https://bugzilla.mindrot.org/show_bug.cgi?id=1701
@ -197,7 +194,7 @@ Patch706: openssh-5.8p1-localdomain.patch
 #https://bugzilla.mindrot.org/show_bug.cgi?id=1635 (WONTFIX)
 Patch707: openssh-5.9p1-redhat.patch
 #https://bugzilla.mindrot.org/show_bug.cgi?id=1890 (WONTFIX) need integration to prng helper which is discontinued :)
-Patch708: openssh-5.9p1-entropy.patch
+Patch708: openssh-6.0p1-entropy.patch
 #https://bugzilla.mindrot.org/show_bug.cgi?id=1640 (WONTFIX)
 Patch709: openssh-5.9p1-vendor.patch
 #?
@ -424,10 +421,9 @@ popd
 %endif
 %if %{WITH_SELINUX}
-%patch400 -p1 -b .role
+%patch400 -p1 -b .role-mls
 %patch401 -p1 -b .mls
 %patch402 -p1 -b .sftp-chroot
-%patch403 -p1 -b .sesandbox
+#%patch403 -p1 -b .sesandbox
 %patch404 -p1 -b .privsep-selinux
 %endif
@ -437,7 +433,7 @@ popd
 %endif
 %patch502 -p1 -b .keycat
-%patch600 -p1 -b .keygen
+#%patch600 -p1 -b .keygen
 %patch601 -p1 -b .ip-opts
 %patch602 -p1 -b .randclean
 %patch603 -p1 -b .glob
@ -542,10 +538,11 @@ fi
 %endif
 %if %{WITH_SELINUX}
 	--with-selinux --with-audit=linux \
-%if 1
+%if 0
-	--with-sandbox=selinux \
+#seccomp_filter cannot be build right now
 	--with-sandbox=seccomp_filter \
 %else
-	--with-sandbox=no \
+	--with-sandbox=rlimit \
 %endif
 %endif
 %if %{kerberos5}
@ -807,6 +804,9 @@ fi
 %endif
 %changelog
 * Mon Aug 06 2012 Petr Lautrbach <plautrba@redhat.com> 6.0p1-1 + 0.9.3-2
 - new upstream release
 * Mon Aug 06 2012 Petr Lautrbach <plautrba@redhat.com> 5.9p1-26 + 0.9.3-1
 - change SELinux context also for root user (#827109)
--- a/2
+++ b/2
@ -1,2 +1,2 @@
-085cfbb262f1b8b875aadea6fba60b1b  openssh-5.9p1-noacss.tar.bz2
+a7223e1a501bdd60a183bed87b6ce485  openssh-6.0p1-noacss.tar.bz2
 9872ca1983e566ff5a89c240529e223d  pam_ssh_agent_auth-0.9.3.tar.bz2
`@ -1,2 +1,2 @@`
	`085cfbb262f1b8b875aadea6fba60b1b openssh-5.9p1-noacss.tar.bz2`	`a7223e1a501bdd60a183bed87b6ce485 openssh-6.0p1-noacss.tar.bz2`
	`9872ca1983e566ff5a89c240529e223d pam_ssh_agent_auth-0.9.3.tar.bz2`	`9872ca1983e566ff5a89c240529e223d pam_ssh_agent_auth-0.9.3.tar.bz2`