Coverity second pass

Reenable akc patch

openssh-5.9p1-akc.patch

@@ -1,6 +1,6 @@
 diff -up openssh-5.9p1/auth2-pubkey.c.akc openssh-5.9p1/auth2-pubkey.c
---- openssh-5.9p1/auth2-pubkey.c.akc	2011-09-09 17:26:31.000000000 +0200
+--- openssh-5.9p1/auth2-pubkey.c.akc	2011-09-09 19:27:15.369501615 +0200
-+++ openssh-5.9p1/auth2-pubkey.c	2011-09-09 17:28:15.000000000 +0200
++++ openssh-5.9p1/auth2-pubkey.c	2011-09-09 19:30:32.958509941 +0200
 @@ -27,6 +27,7 @@
  
  #include <sys/types.h>
@@ -47,7 +47,7 @@ diff -up openssh-5.9p1/auth2-pubkey.c.akc openssh-5.9p1/auth2-pubkey.c
  	key_free(found);
  	if (!found_key)
  		debug2("key not found");
-@@ -452,13 +439,191 @@ user_cert_trusted_ca(struct passwd *pw, 
+@@ -452,13 +439,191 @@ user_cert_trusted_ca(struct passwd *pw,
  	return ret;
  }
  
@@ -242,7 +242,7 @@ diff -up openssh-5.9p1/auth2-pubkey.c.akc openssh-5.9p1/auth2-pubkey.c
  	if (key_is_cert(key) && auth_key_is_revoked(key->cert->signature_key))
 diff -up openssh-5.9p1/configure.ac.akc openssh-5.9p1/configure.ac
 --- openssh-5.9p1/configure.ac.akc	2011-08-18 06:48:24.000000000 +0200
-+++ openssh-5.9p1/configure.ac	2011-09-09 17:26:31.000000000 +0200
++++ openssh-5.9p1/configure.ac	2011-09-09 19:27:17.548440048 +0200
 @@ -1421,6 +1421,18 @@ AC_ARG_WITH([audit],
  	esac ]
  )
@@ -271,9 +271,9 @@ diff -up openssh-5.9p1/configure.ac.akc openssh-5.9p1/configure.ac
  echo "                   libedit support: $LIBEDIT_MSG"
  echo "  Solaris process contract support: $SPC_MSG"
 diff -up openssh-5.9p1/servconf.c.akc openssh-5.9p1/servconf.c
---- openssh-5.9p1/servconf.c.akc	2011-09-09 17:26:30.000000000 +0200
+--- openssh-5.9p1/servconf.c.akc	2011-09-09 19:27:03.490455245 +0200
-+++ openssh-5.9p1/servconf.c	2011-09-09 17:26:31.000000000 +0200
++++ openssh-5.9p1/servconf.c	2011-09-09 19:27:17.666565662 +0200
-@@ -139,6 +139,8 @@ initialize_server_options(ServerOptions 
+@@ -139,6 +139,8 @@ initialize_server_options(ServerOptions
  	options->num_permitted_opens = -1;
  	options->adm_forced_command = NULL;
  	options->chroot_directory = NULL;
@@ -344,8 +344,8 @@ diff -up openssh-5.9p1/servconf.c.akc openssh-5.9p1/servconf.c
  	/* string arguments requiring a lookup */
  	dump_cfg_string(sLogLevel, log_level_name(o->log_level));
 diff -up openssh-5.9p1/servconf.h.akc openssh-5.9p1/servconf.h
---- openssh-5.9p1/servconf.h.akc	2011-09-09 17:26:30.000000000 +0200
+--- openssh-5.9p1/servconf.h.akc	2011-09-09 19:27:03.614494286 +0200
-+++ openssh-5.9p1/servconf.h	2011-09-09 17:26:31.000000000 +0200
++++ openssh-5.9p1/servconf.h	2011-09-09 19:27:18.043502934 +0200
 @@ -174,6 +174,8 @@ typedef struct {
  	char   *revoked_keys_file;
  	char   *trusted_user_ca_keys;
@@ -355,22 +355,9 @@ diff -up openssh-5.9p1/servconf.h.akc openssh-5.9p1/servconf.h
  }       ServerOptions;
  
  /*
-diff -up openssh-5.9p1/sshd_config.akc openssh-5.9p1/sshd_config
---- openssh-5.9p1/sshd_config.akc	2011-09-09 17:26:30.000000000 +0200
-+++ openssh-5.9p1/sshd_config	2011-09-09 17:26:31.000000000 +0200
-@@ -49,6 +49,9 @@
- # but this is overridden so installations will only check .ssh/authorized_keys
- AuthorizedKeysFile	.ssh/authorized_keys
- 
-+#AuthorizedKeysCommand none
-+#AuthorizedKeysCommandRunAs nobody
-+
- # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
- #RhostsRSAAuthentication no
- # similar for protocol version 2
 diff -up openssh-5.9p1/sshd_config.0.akc openssh-5.9p1/sshd_config.0
 --- openssh-5.9p1/sshd_config.0.akc	2011-09-07 01:16:30.000000000 +0200
-+++ openssh-5.9p1/sshd_config.0	2011-09-09 17:26:31.000000000 +0200
++++ openssh-5.9p1/sshd_config.0	2011-09-09 19:27:18.168626976 +0200
 @@ -71,6 +71,23 @@ DESCRIPTION
  
               See PATTERNS in ssh_config(5) for more information on patterns.
@@ -406,8 +393,8 @@ diff -up openssh-5.9p1/sshd_config.0.akc openssh-5.9p1/sshd_config.0
               GSSAPIAuthentication, HostbasedAuthentication,
               HostbasedUsesNameFromPacketOnly, KbdInteractiveAuthentication,
 diff -up openssh-5.9p1/sshd_config.5.akc openssh-5.9p1/sshd_config.5
---- openssh-5.9p1/sshd_config.5.akc	2011-09-09 17:26:30.000000000 +0200
+--- openssh-5.9p1/sshd_config.5.akc	2011-09-09 19:27:03.912515059 +0200
-+++ openssh-5.9p1/sshd_config.5	2011-09-09 17:26:31.000000000 +0200
++++ openssh-5.9p1/sshd_config.5	2011-09-09 19:27:18.292494317 +0200
 @@ -706,6 +706,8 @@ Available keywords are
  .Cm AllowAgentForwarding ,
  .Cm AllowTcpForwarding ,
@@ -446,3 +433,16 @@ diff -up openssh-5.9p1/sshd_config.5.akc openssh-5.9p1/sshd_config.5
  .It Cm RhostsRSAAuthentication
  Specifies whether rhosts or /etc/hosts.equiv authentication together
  with successful RSA host authentication is allowed.
+diff -up openssh-5.9p1/sshd_config.akc openssh-5.9p1/sshd_config
+--- openssh-5.9p1/sshd_config.akc	2011-09-09 19:27:03.754502770 +0200
++++ openssh-5.9p1/sshd_config	2011-09-09 19:27:18.446471121 +0200
+@@ -49,6 +49,9 @@
+ # but this is overridden so installations will only check .ssh/authorized_keys
+ AuthorizedKeysFile	.ssh/authorized_keys
+ 
++#AuthorizedKeysCommand none
++#AuthorizedKeysCommandRunAs nobody
++
+ # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+ #RhostsRSAAuthentication no
+ # similar for protocol version 2

openssh-5.9p1-coverity.patch

@@ -1,6 +1,6 @@
 diff -up openssh-5.9p1/auth-pam.c.coverity openssh-5.9p1/auth-pam.c
 --- openssh-5.9p1/auth-pam.c.coverity	2009-07-12 14:07:21.000000000 +0200
-+++ openssh-5.9p1/auth-pam.c	2011-09-08 14:13:59.596485750 +0200
++++ openssh-5.9p1/auth-pam.c	2011-09-09 15:13:32.820565436 +0200
 @@ -216,7 +216,7 @@ pthread_join(sp_pthread_t thread, void *
  	if (sshpam_thread_status != -1)
  		return (sshpam_thread_status);
@@ -12,7 +12,7 @@ diff -up openssh-5.9p1/auth-pam.c.coverity openssh-5.9p1/auth-pam.c
  #endif
 diff -up openssh-5.9p1/channels.c.coverity openssh-5.9p1/channels.c
 --- openssh-5.9p1/channels.c.coverity	2011-06-23 00:31:57.000000000 +0200
-+++ openssh-5.9p1/channels.c	2011-09-08 14:13:59.724564062 +0200
++++ openssh-5.9p1/channels.c	2011-09-09 15:13:32.911439569 +0200
 @@ -229,11 +229,11 @@ channel_register_fds(Channel *c, int rfd
  	channel_max_fd = MAX(channel_max_fd, wfd);
  	channel_max_fd = MAX(channel_max_fd, efd);
@@ -45,7 +45,7 @@ diff -up openssh-5.9p1/channels.c.coverity openssh-5.9p1/channels.c
  }
 diff -up openssh-5.9p1/clientloop.c.coverity openssh-5.9p1/clientloop.c
 --- openssh-5.9p1/clientloop.c.coverity	2011-06-23 00:31:58.000000000 +0200
-+++ openssh-5.9p1/clientloop.c	2011-09-08 14:13:59.829450205 +0200
++++ openssh-5.9p1/clientloop.c	2011-09-09 15:13:33.017564323 +0200
 @@ -1970,6 +1970,7 @@ client_input_global_request(int type, u_
  	char *rtype;
  	int want_reply;
@@ -56,7 +56,7 @@ diff -up openssh-5.9p1/clientloop.c.coverity openssh-5.9p1/clientloop.c
  	want_reply = packet_get_char();
 diff -up openssh-5.9p1/key.c.coverity openssh-5.9p1/key.c
 --- openssh-5.9p1/key.c.coverity	2011-05-20 11:03:08.000000000 +0200
-+++ openssh-5.9p1/key.c	2011-09-08 14:13:59.959563856 +0200
++++ openssh-5.9p1/key.c	2011-09-09 15:13:33.145442605 +0200
 @@ -803,8 +803,10 @@ key_read(Key *ret, char **cpp)
  		success = 1;
  /*XXXX*/
@@ -68,9 +68,45 @@ diff -up openssh-5.9p1/key.c.coverity openssh-5.9p1/key.c
  		/* advance cp: skip whitespace and data */
  		while (*cp == ' ' || *cp == '\t')
  			cp++;
+diff -up openssh-5.9p1/monitor.c.coverity openssh-5.9p1/monitor.c
+--- openssh-5.9p1/monitor.c.coverity	2011-09-09 17:13:15.937439833 +0200
++++ openssh-5.9p1/monitor.c	2011-09-09 17:15:18.625466696 +0200
+@@ -1161,6 +1161,10 @@ mm_answer_keyallowed(int sock, Buffer *m
+ 			break;
+ 		}
+ 	}
++
++	debug3("%s: key %p is %s",
++	    __func__, key, allowed ? "allowed" : "not allowed");
++
+ 	if (key != NULL)
+ 		key_free(key);
+ 
+@@ -1182,9 +1186,6 @@ mm_answer_keyallowed(int sock, Buffer *m
+ 		xfree(chost);
+ 	}
+ 
+-	debug3("%s: key %p is %s",
+-	    __func__, key, allowed ? "allowed" : "not allowed");
+-
+ 	buffer_clear(m);
+ 	buffer_put_int(m, allowed);
+ 	buffer_put_int(m, forced_command != NULL);
+diff -up openssh-5.9p1/openbsd-compat/bindresvport.c.coverity openssh-5.9p1/openbsd-compat/bindresvport.c
+--- openssh-5.9p1/openbsd-compat/bindresvport.c.coverity	2011-09-09 17:29:14.709442881 +0200
++++ openssh-5.9p1/openbsd-compat/bindresvport.c	2011-09-09 17:32:48.770563974 +0200
+@@ -58,7 +58,7 @@ bindresvport_sa(int sd, struct sockaddr
+ 	struct sockaddr_in6 *in6;
+ 	u_int16_t *portp;
+ 	u_int16_t port;
+-	socklen_t salen;
++	socklen_t salen = sizeof(struct sockaddr_storage);
+ 	int i;
+ 
+ 	if (sa == NULL) {
 diff -up openssh-5.9p1/packet.c.coverity openssh-5.9p1/packet.c
 --- openssh-5.9p1/packet.c.coverity	2011-05-15 00:58:15.000000000 +0200
-+++ openssh-5.9p1/packet.c	2011-09-08 14:14:00.075501777 +0200
++++ openssh-5.9p1/packet.c	2011-09-09 15:13:33.263447887 +0200
 @@ -1177,6 +1177,7 @@ packet_read_poll1(void)
  		case DEATTACK_DETECTED:
  			packet_disconnect("crc32 compensation attack: "
@@ -90,7 +126,7 @@ diff -up openssh-5.9p1/packet.c.coverity openssh-5.9p1/packet.c
  	setp = (fd_set *)xcalloc(howmany(active_state->connection_out + 1,
 diff -up openssh-5.9p1/progressmeter.c.coverity openssh-5.9p1/progressmeter.c
 --- openssh-5.9p1/progressmeter.c.coverity	2006-08-05 04:39:40.000000000 +0200
-+++ openssh-5.9p1/progressmeter.c	2011-09-08 14:14:00.186620217 +0200
++++ openssh-5.9p1/progressmeter.c	2011-09-09 15:13:33.382566039 +0200
 @@ -65,7 +65,7 @@ static void update_progress_meter(int);
  
  static time_t start;		/* start progress */
@@ -111,7 +147,7 @@ diff -up openssh-5.9p1/progressmeter.c.coverity openssh-5.9p1/progressmeter.c
  	file = f;
 diff -up openssh-5.9p1/progressmeter.h.coverity openssh-5.9p1/progressmeter.h
 --- openssh-5.9p1/progressmeter.h.coverity	2006-03-26 05:30:02.000000000 +0200
-+++ openssh-5.9p1/progressmeter.h	2011-09-08 14:14:00.299626834 +0200
++++ openssh-5.9p1/progressmeter.h	2011-09-09 15:13:33.501438992 +0200
 @@ -23,5 +23,5 @@
   * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
   */
@@ -121,7 +157,7 @@ diff -up openssh-5.9p1/progressmeter.h.coverity openssh-5.9p1/progressmeter.h
  void	stop_progress_meter(void);
 diff -up openssh-5.9p1/scp.c.coverity openssh-5.9p1/scp.c
 --- openssh-5.9p1/scp.c.coverity	2011-01-06 12:41:21.000000000 +0100
-+++ openssh-5.9p1/scp.c	2011-09-08 14:14:00.404502349 +0200
++++ openssh-5.9p1/scp.c	2011-09-09 15:13:33.607564009 +0200
 @@ -155,7 +155,7 @@ killchild(int signo)
  {
  	if (do_cmd_pid > 1) {
@@ -131,9 +167,21 @@ diff -up openssh-5.9p1/scp.c.coverity openssh-5.9p1/scp.c
  	}
  
  	if (signo)
+diff -up openssh-5.9p1/servconf.c.coverity openssh-5.9p1/servconf.c
+--- openssh-5.9p1/servconf.c.coverity	2011-09-09 17:24:09.333561142 +0200
++++ openssh-5.9p1/servconf.c	2011-09-09 17:26:41.488502345 +0200
+@@ -1171,7 +1171,7 @@ process_server_config_line(ServerOptions
+ 			fatal("%s line %d: Missing subsystem name.",
+ 			    filename, linenum);
+ 		if (!*activep) {
+-			arg = strdelim(&cp);
++			/*arg =*/ (void) strdelim(&cp);
+ 			break;
+ 		}
+ 		for (i = 0; i < options->num_subsystems; i++)
 diff -up openssh-5.9p1/serverloop.c.coverity openssh-5.9p1/serverloop.c
 --- openssh-5.9p1/serverloop.c.coverity	2011-05-20 11:02:50.000000000 +0200
-+++ openssh-5.9p1/serverloop.c	2011-09-08 14:14:00.516501505 +0200
++++ openssh-5.9p1/serverloop.c	2011-09-09 15:13:33.723564433 +0200
 @@ -147,13 +147,13 @@ notify_setup(void)
  static void
  notify_parent(void)
@@ -245,7 +293,7 @@ diff -up openssh-5.9p1/serverloop.c.coverity openssh-5.9p1/serverloop.c
  		tun = forced_tun_device;
 diff -up openssh-5.9p1/sftp-client.c.coverity openssh-5.9p1/sftp-client.c
 --- openssh-5.9p1/sftp-client.c.coverity	2010-12-04 23:02:48.000000000 +0100
-+++ openssh-5.9p1/sftp-client.c	2011-09-08 14:14:00.640502358 +0200
++++ openssh-5.9p1/sftp-client.c	2011-09-09 15:13:33.845564522 +0200
 @@ -149,7 +149,7 @@ get_msg(struct sftp_conn *conn, Buffer *
  }
  
@@ -470,7 +518,7 @@ diff -up openssh-5.9p1/sftp-client.c.coverity openssh-5.9p1/sftp-client.c
  	size_t len = strlen(p1) + strlen(p2) + 2;
 diff -up openssh-5.9p1/sftp-client.h.coverity openssh-5.9p1/sftp-client.h
 --- openssh-5.9p1/sftp-client.h.coverity	2010-12-04 23:02:48.000000000 +0100
-+++ openssh-5.9p1/sftp-client.h	2011-09-08 14:14:00.750502818 +0200
++++ openssh-5.9p1/sftp-client.h	2011-09-09 15:13:33.954567073 +0200
 @@ -56,49 +56,49 @@ struct sftp_conn *do_init(int, int, u_in
  u_int sftp_proto_version(struct sftp_conn *);
  
@@ -570,7 +618,16 @@ diff -up openssh-5.9p1/sftp-client.h.coverity openssh-5.9p1/sftp-client.h
  #endif
 diff -up openssh-5.9p1/sftp.c.coverity openssh-5.9p1/sftp.c
 --- openssh-5.9p1/sftp.c.coverity	2010-12-04 23:02:48.000000000 +0100
-+++ openssh-5.9p1/sftp.c	2011-09-08 14:25:08.647440423 +0200
++++ openssh-5.9p1/sftp.c	2011-09-09 15:13:34.086441893 +0200
+@@ -206,7 +206,7 @@ killchild(int signo)
+ {
+ 	if (sshpid > 1) {
+ 		kill(sshpid, SIGTERM);
+-		waitpid(sshpid, NULL, 0);
++		(void) waitpid(sshpid, NULL, 0);
+ 	}
+ 
+ 	_exit(1);
 @@ -316,7 +316,7 @@ local_do_ls(const char *args)
  
  /* Strip one path (usually the pwd) from the start of another */
@@ -674,9 +731,23 @@ diff -up openssh-5.9p1/sftp.c.coverity openssh-5.9p1/sftp.c
  {
  	struct sftp_statvfs st;
  	char s_used[FMT_SCALED_STRSIZE];
+diff -up openssh-5.9p1/ssh-agent.c.coverity openssh-5.9p1/ssh-agent.c
+--- openssh-5.9p1/ssh-agent.c.coverity	2011-06-03 06:14:16.000000000 +0200
++++ openssh-5.9p1/ssh-agent.c	2011-09-09 15:13:34.203567987 +0200
+@@ -1147,8 +1147,8 @@ main(int ac, char **av)
+ 	sanitise_stdfd();
+ 
+ 	/* drop */
+-	setegid(getgid());
+-	setgid(getgid());
++	(void) setegid(getgid());
++	(void) setgid(getgid());
+ 
+ #if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
+ 	/* Disable ptrace on Linux without sgid bit */
 diff -up openssh-5.9p1/sshd.c.coverity openssh-5.9p1/sshd.c
 --- openssh-5.9p1/sshd.c.coverity	2011-06-23 11:45:51.000000000 +0200
-+++ openssh-5.9p1/sshd.c	2011-09-08 14:14:01.018565321 +0200
++++ openssh-5.9p1/sshd.c	2011-09-09 15:13:34.317564195 +0200
 @@ -1302,6 +1302,9 @@ server_accept_loop(int *sock_in, int *so
  		if (num_listen_socks < 0)
  			break;

openssh-5.9p1-edns.patch

@@ -1,7 +1,7 @@
-diff -up openssh-5.2p1/dns.c.rh205842 openssh-5.2p1/dns.c
+diff -up openssh-5.9p1/dns.c.edns openssh-5.9p1/dns.c
---- openssh-5.2p1/dns.c.rh205842	2009-07-27 16:25:28.000000000 +0200
+--- openssh-5.9p1/dns.c.edns	2010-08-31 14:41:14.000000000 +0200
-+++ openssh-5.2p1/dns.c	2009-07-27 16:40:59.000000000 +0200
++++ openssh-5.9p1/dns.c	2011-09-09 08:05:27.782440497 +0200
-@@ -176,6 +176,7 @@ verify_host_key_dns(const char *hostname
+@@ -177,6 +177,7 @@ verify_host_key_dns(const char *hostname
  {
  	u_int counter;
  	int result;
@@ -9,7 +9,7 @@ diff -up openssh-5.2p1/dns.c.rh205842 openssh-5.2p1/dns.c
  	struct rrsetinfo *fingerprints = NULL;
  
  	u_int8_t hostkey_algorithm;
-@@ -199,8 +200,19 @@ verify_host_key_dns(const char *hostname
+@@ -200,8 +201,19 @@ verify_host_key_dns(const char *hostname
  		return -1;
  	}
  
@@ -30,9 +30,9 @@ diff -up openssh-5.2p1/dns.c.rh205842 openssh-5.2p1/dns.c
  	if (result) {
  		verbose("DNS lookup error: %s", dns_result_totext(result));
  		return -1;
-diff -up openssh-5.2p1/openbsd-compat/getrrsetbyname.c.rh205842 openssh-5.2p1/openbsd-compat/getrrsetbyname.c
+diff -up openssh-5.9p1/openbsd-compat/getrrsetbyname.c.edns openssh-5.9p1/openbsd-compat/getrrsetbyname.c
---- openssh-5.2p1/openbsd-compat/getrrsetbyname.c.rh205842	2009-07-27 16:22:23.000000000 +0200
+--- openssh-5.9p1/openbsd-compat/getrrsetbyname.c.edns	2009-07-13 03:38:23.000000000 +0200
-+++ openssh-5.2p1/openbsd-compat/getrrsetbyname.c	2009-07-27 16:41:55.000000000 +0200
++++ openssh-5.9p1/openbsd-compat/getrrsetbyname.c	2011-09-09 15:03:39.930500801 +0200
 @@ -209,8 +209,8 @@ getrrsetbyname(const char *hostname, uns
  		goto fail;
  	}
@@ -40,7 +40,7 @@ diff -up openssh-5.2p1/openbsd-compat/getrrsetbyname.c.rh205842 openssh-5.2p1/op
 -	/* don't allow flags yet, unimplemented */
 -	if (flags) {
 +	/* Allow RRSET_FORCE_EDNS0 flag only. */
-+	if ((flags & !RRSET_FORCE_EDNS0) != 0) {
++	if ((flags & ~RRSET_FORCE_EDNS0) != 0) {
  		result = ERRSET_INVAL;
  		goto fail;
  	}
@@ -57,9 +57,9 @@ diff -up openssh-5.2p1/openbsd-compat/getrrsetbyname.c.rh205842 openssh-5.2p1/op
  #endif /* RES_USE_DNSEC */
  
  	/* make query */
-diff -up openssh-5.2p1/openbsd-compat/getrrsetbyname.h.rh205842 openssh-5.2p1/openbsd-compat/getrrsetbyname.h
+diff -up openssh-5.9p1/openbsd-compat/getrrsetbyname.h.edns openssh-5.9p1/openbsd-compat/getrrsetbyname.h
---- openssh-5.2p1/openbsd-compat/getrrsetbyname.h.rh205842	2009-07-27 16:35:02.000000000 +0200
+--- openssh-5.9p1/openbsd-compat/getrrsetbyname.h.edns	2007-10-26 08:26:50.000000000 +0200
-+++ openssh-5.2p1/openbsd-compat/getrrsetbyname.h	2009-07-27 16:36:09.000000000 +0200
++++ openssh-5.9p1/openbsd-compat/getrrsetbyname.h	2011-09-09 08:05:27.965438689 +0200
 @@ -72,6 +72,9 @@
  #ifndef RRSET_VALIDATED
  # define RRSET_VALIDATED	1

openssh.spec

@@ -79,7 +79,7 @@
 
 # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
 %define openssh_ver 5.9p1
-%define openssh_rel 2
+%define openssh_rel 3
 %define pam_ssh_agent_ver 0.9.2
 %define pam_ssh_agent_rel 32
 
@@ -183,7 +183,7 @@ Patch702: openssh-5.1p1-askpass-progress.patch
 #?
 Patch703: openssh-4.3p2-askpass-grab-info.patch
 #?
-Patch704: openssh-5.2p1-edns.patch
+Patch704: openssh-5.9p1-edns.patch
 #?
 Patch705: openssh-5.1p1-scp-manpage.patch
 #?
@@ -785,6 +785,10 @@ fi
 %endif
 
 %changelog
+* Fri Sep  9 2011 Jan F. Chadima <jchadima@redhat.com> - 5.9p1-3 + 0.9.2-32
+- Coverity second pass
+- Reenable akc patch
+
 * Thu Sep  8 2011 Jan F. Chadima <jchadima@redhat.com> - 5.9p1-2 + 0.9.2-32
 - Coverity first pass