diff -ruN --exclude CVS ssh-openbsd-2002030700/.cvsignore openssh-3.1p1/.cvsignore
--- ssh-openbsd-2002030700/.cvsignore	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/.cvsignore	Sat Dec 29 18:00:08 2001
@@ -0,0 +1,23 @@
+ssh
+scp
+sshd
+ssh-add
+ssh-keygen
+ssh-keyscan
+ssh-agent
+sftp-server
+sftp
+configure
+config.h.in
+config.h
+config.status
+config.cache
+config.log
+stamp-h.in
+Makefile
+ssh_prng_cmds
+*.out
+*.0
+buildit.sh
+autom4te.cache
+ssh-rand-helper
diff -ruN --exclude CVS ssh-openbsd-2002030700/CREDITS openssh-3.1p1/CREDITS
--- ssh-openbsd-2002030700/CREDITS	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/CREDITS	Tue Mar  5 14:38:35 2002
@@ -0,0 +1,94 @@
+Tatu Ylonen <ylo@cs.hut.fi> - Creator of SSH
+
+Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, 
+Theo de Raadt, and Dug Song - Creators of OpenSSH
+
+Alain St-Denis <Alain.St-Denis@ec.gc.ca> - Irix fix
+Alexandre Oliva <oliva@lsd.ic.unicamp.br> - AIX fixes
+Andre Lucas <andre.lucas@dial.pipex.com> - new login code, many fixes
+Andreas Steinmetz <ast@domdv.de> - Shadow password expiry support
+Andrew McGill <andrewm@datrix.co.za> - SCO fixes
+Andrew Morgan <morgan@transmeta.com> - PAM bugfixes
+Andrew Stribblehill <a.d.stribblehill@durham.ac.uk> - Bugfixes
+Andy Sloane <andy@guildsoftware.com> - bugfixes
+Aran Cox <acox@cv.telegroup.com> - SCO bugfixes
+Arkadiusz Miskiewicz <misiek@pld.org.pl> - IPv6 compat fixes
+Ben Lindstrom <mouring@eviladmin.org> - NeXT support
+Ben Taylor <bent@clark.net> - Solaris debugging and fixes
+Bratislav ILICH <bilic@zepter.ru> - Configure fix
+Charles Levert <charles@comm.polymtl.ca> - SunOS 4 & bug fixes
+Chip Salzenberg <chip@valinux.com> - Assorted patches
+Chris Adams <cmadams@hiwaay.net> - OSF SIA support
+Chris Saia <csaia@wtower.com> - SuSE packaging
+Chris, the Young One <cky@pobox.com> - Password auth fixes
+Christos Zoulas <christos@zoulas.com> - Autoconf fixes
+Chun-Chung Chen <cjj@u.washington.edu> - RPM fixes
+Corinna Vinschen <vinschen@cygnus.com> - Cygwin support
+Dan Brosemer <odin@linuxfreak.com> - Autoconf support, build fixes
+Darren Hall <dhall@virage.org> - AIX patches
+Darren Tucker <dtucker@zip.com.au> - AIX BFF package scripts
+David Agraz <dagraz@jahoopa.com> - Build fixes
+David Del Piero <David.DelPiero@qed.qld.gov.au> - bug fixes
+David Hesprich <darkgrue@gue-tech.org> - Configure fixes
+David Rankin <drankin@bohemians.lexington.ky.us> - libwrap, AIX, NetBSD fixes
+Ed Eden <ede370@stl.rural.usda.gov> - configure fixes
+Garrick James <garrick@james.net> - configure fixes
+Gary E. Miller <gem@rellim.com> - SCO support
+Ged Lodder <lodder@yacc.com.au> - HPUX fixes and enhancements
+Gert Doering <gd@hilb1.medat.de> - bug and portability fixes
+HARUYAMA Seigo <haruyama@unixuser.org> - Translations & doc fixes
+Hideaki YOSHIFUJI <yoshfuji@ecei.tohoku.ac.jp> - IPv6 and bug fixes
+Hiroshi Takekawa <takekawa@sr3.t.u-tokyo.ac.jp> - Configure fixes
+Holger Trapp <Holger.Trapp@Informatik.TU-Chemnitz.DE> - KRB4/AFS config patch
+IWAMURO Motonori <iwa@mmp.fujitsu.co.jp> - bugfixes
+Jani Hakala <jahakala@cc.jyu.fi> - Patches
+Jarno Huuskonen <jhuuskon@hytti.uku.fi> - Bugfixes
+Jim Knoble <jmknoble@jmknoble.cx> - Many patches
+Jonchen (email unknown) - the original author of PAM support of SSH
+Juergen Keil <jk@tools.de> - scp bugfixing
+KAMAHARA Junzo <kamahara@cc.kshosen.ac.jp> - Configure fixes
+Kees Cook <cook@cpoint.net> - scp fixes
+Kenji Miyake <kenji@miyake.org> - Configure fixes
+Kevin O'Connor <kevin_oconnor@standardandpoors.com> - RSAless operation
+Kevin Steves <stevesk@pobox.com> - HP support, bugfixes, improvements
+Kiyokazu SUTO <suto@ks-and-ks.ne.jp> - Bugfixes
+Larry Jones <larry.jones@sdrc.com> - Bugfixes
+Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE> - Bugfixes
+Marc G. Fournier <marc.fournier@acadiau.ca> - Solaris patches
+Mark D. Baushke <mdb@juniper.net> - bug fixes
+Martin Johansson <fatbob@acc.umu.se> - Linux fixes
+Mark D. Roth <roth+openssh@feep.net> - Features, bug fixes
+Mark Miller <markm@swoon.net> - Bugfixes
+Matt Richards <v2matt@btv.ibm.com> - AIX patches
+Michael Stone <mstone@cs.loyola.edu> - Irix enhancements
+Nakaji Hiroyuki <nakaji@tutrp.tut.ac.jp> - Sony News-OS patch
+Nalin Dahyabhai <nalin.dahyabhai@pobox.com> - PAM environment patch
+Nate Itkin <nitkin@europa.com> - SunOS 4.1.x fixes
+Niels Kristian Bech Jensen <nkbj@image.dk> - Assorted patches
+Pavel Kankovsky <peak@argo.troja.mff.cuni.cz> - Security fixes
+Pavel Troller <patrol@omni.sinus.cz> - Bugfixes
+Pekka Savola <pekkas@netcore.fi> - Bugfixes
+Peter Kocks <peter.kocks@baygate.com> - Makefile fixes
+Phil Hands <phil@hands.com> - Debian scripts, assorted patches
+Phil Karn <karn@ka9q.ampr.org> - Autoconf fixes
+Philippe WILLEM <Philippe.WILLEM@urssaf.fr> - Bugfixes
+Phill Camp <P.S.S.Camp@ukc.ac.uk> - login code fix
+Rip Loomis <loomisg@cist.saic.com> - Solaris package support, fixes
+SAKAI Kiyotaka <ksakai@kso.netwk.ntt-at.co.jp> - Multiple bugfixes
+Simon Wilkinson <sxw@dcs.ed.ac.uk> - PAM fixes
+Svante Signell <svante.signell@telia.com> - Bugfixes
+Thomas Neumann <tom@smart.ruhr.de> - Shadow passwords
+Tim Rice <tim@multitalents.net> - Portability & SCO fixes
+Tobias Oetiker <oetiker@ee.ethz.ch> - Bugfixes
+Tom Bertelson's <tbert@abac.com> - AIX auth fixes
+Tor-Ake Fransson <torake@hotmail.com> - AIX support
+Tudor Bosman <tudorb@jm.nu> - MD5 password support
+Udo Schweigert <ust@cert.siemens.de> - ReliantUNIX support
+Zack Weinberg <zack@wolery.cumb.org> - GNOME askpass enhancement
+
+Apologies to anyone I have missed.
+
+Damien Miller <djm@mindrot.org>
+
+$Id: CREDITS,v 1.65 2002/03/05 03:38:35 mouring Exp $
+
diff -ruN --exclude CVS ssh-openbsd-2002030700/ChangeLog openssh-3.1p1/ChangeLog
--- ssh-openbsd-2002030700/ChangeLog	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/ChangeLog	Thu Mar  7 13:04:37 2002
@@ -0,0 +1,7817 @@
+20020307
+ - (djm) OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2002/03/06 00:20:54
+     [compat.c dh.c]
+     compat.c
+   - markus@cvs.openbsd.org 2002/03/06 00:23:27
+     [compat.c dh.c]
+     undo
+   - markus@cvs.openbsd.org 2002/03/06 00:24:39
+     [compat.c]
+     compat.c
+   - markus@cvs.openbsd.org 2002/03/06 00:25:55
+     [version.h]
+     OpenSSH_3.1
+ - (djm) Update RPM spec files with new version number
+
+20020305
+   - stevesk@cvs.openbsd.org 2002/03/02 09:34:42
+     [LICENCE]
+     correct copyright dates for scp license; ok markus@
+
+20020304
+ - OpenBSD CVS Sync
+   - deraadt@cvs.openbsd.org 2002/02/26 18:52:32
+     [sftp.1]
+     Ic cannot have that many arguments; spotted by mouring@etoh.eviladmin.org
+   - mouring@cvs.openbsd.org 2002/02/26 19:04:37
+     [sftp.1]
+     > Ic cannot have that many arguments; spotted by mouring@etoh.eviladmin.org
+     Last Ic on the first line should not have a space between it and the final
+     comma.
+   - deraadt@cvs.openbsd.org 2002/02/26 19:06:43
+     [sftp.1]
+     no, look closely.  the comma was highlighted. split .Ic even more
+   - stevesk@cvs.openbsd.org 2002/02/26 20:03:51
+     [misc.c]
+     use socklen_t
+   - stevesk@cvs.openbsd.org 2002/02/27 21:23:13
+     [canohost.c channels.c packet.c sshd.c]
+     remove unneeded casts in [gs]etsockopt(); ok markus@
+   - markus@cvs.openbsd.org 2002/02/28 15:46:33
+     [authfile.c kex.c kexdh.c kexgex.c key.c ssh-dss.c]
+     add some const EVP_MD for openssl-0.9.7
+   - stevesk@cvs.openbsd.org 2002/02/28 19:36:28
+     [auth.c match.c match.h]
+     delay hostname lookup until we see a ``@'' in DenyUsers and AllowUsers
+     for sshd -u0; ok markus@
+   - stevesk@cvs.openbsd.org 2002/02/28 20:36:42
+     [sshd.8]
+     DenyUsers allows user@host pattern also
+   - stevesk@cvs.openbsd.org 2002/02/28 20:46:10
+     [sshd.8]
+     -u0 DNS for user@host
+   - stevesk@cvs.openbsd.org 2002/02/28 20:56:00
+     [auth.c]
+     log user not allowed details, from dwd@bell-labs.com; ok markus@
+   - markus@cvs.openbsd.org 2002/03/01 13:12:10
+     [auth.c match.c match.h]
+     undo the 'delay hostname lookup' change
+     match.c must not use compress.c (via canonhost.c/packet.c)
+     thanks to wilfried@
+   - markus@cvs.openbsd.org 2002/03/04 12:43:06
+     [auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
+   - markus@cvs.openbsd.org 2002/03/04 13:10:46
+     [misc.c]
+     error-> debug, because O_NONBLOCK for /dev/null causes too many different 
+     errnos; ok stevesk@, deraadt@
+     unused include
+   - stevesk@cvs.openbsd.org 2002/03/04 17:27:39
+     [auth-krb5.c auth-options.h auth.h authfd.h authfile.h bufaux.h buffer.h 
+      channels.h cipher.h compat.h compress.h crc32.h deattack.c getput.h 
+      groupaccess.c misc.c mpaux.h packet.h readconf.h rsa.h scard.h 
+      servconf.h ssh-agent.c ssh.h ssh2.h sshpty.h sshtty.c ttymodes.h 
+      uuencode.c xmalloc.h]
+     $OpenBSD$ and RCSID() cleanup: don't use RCSID() in .h files; add
+     missing RCSID() to .c files and remove dup /*$OpenBSD$*/ from .c
+     files.  ok markus@
+   - stevesk@cvs.openbsd.org 2002/03/04 18:30:23
+     [ssh-keyscan.c]
+     handle connection close during read of protocol version string.
+     fixes erroneous "bad greeting".  ok markus@
+   - markus@cvs.openbsd.org 2002/03/04 19:37:58
+     [channels.c]
+     off by one; thanks to joost@pine.nl
+ - (bal) Added contrib/aix/ to support BFF package generation provided
+   by Darren Tucker <dtucker@zip.com.au>
+20020226
+ - (tim) Bug 12 [configure.ac] add sys/bitypes.h to int64_t tests
+   based on patch by mooney@dogbert.cc.ndsu.nodak.edu (Tim Mooney)
+   Bug 45 [configure.ac] modify skey test to work around conflict with autoconf
+   reported by nolan@naic.edu (Michael Nolan)
+   patch by  Pekka Savola <pekkas@netcore.fi>
+   Bug 74 [configure.ac defines.h] add sig_atomic_t test
+   reported by dwd@bell-labs.com (Dave Dykstra)
+   Bug 102 [defines.h] UNICOS fixes. patch by wendyp@cray.com
+   [configure.ac Makefile.in] link libwrap only with sshd
+   based on patch by Maciej W. Rozycki <macro@ds2.pg.gda.pl>
+   Bug 123 link libpam only with sshd
+   reported by peak@argo.troja.mff.cuni.cz (Pavel Kankovsky)
+   [configure.ac defines.h] modify previous SCO3 fix to not break Solaris 7
+   [acconfig.h] remove unused HAVE_REGCOMP
+   [configure.ac] put back in search for prngd-socket
+ - (stevesk) openbsd-compat/base64.h: typo in comment
+ - (bal) Update sshd_config CVSID
+ - (bal) OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2002/02/15 23:54:10
+     [auth-krb5.c]
+     krb5_get_err_text() does not like context==NULL; he@nordu.net via google; 
+     ok provos@
+   - markus@cvs.openbsd.org 2002/02/22 12:20:34
+     [log.c log.h ssh-keyscan.c]
+     overwrite fatal() in ssh-keyscan.c; fixes pr 2354; ok provos@
+   - markus@cvs.openbsd.org 2002/02/23 17:59:02
+     [kex.c kexdh.c kexgex.c]
+     don't allow garbage after payload.
+   - stevesk@cvs.openbsd.org 2002/02/24 16:09:52
+     [sshd.c]
+     use u_char* here; ok markus@
+   - markus@cvs.openbsd.org 2002/02/24 16:57:19
+     [sftp-client.c]
+     early close(), missing free; ok stevesk@
+   - markus@cvs.openbsd.org 2002/02/24 16:58:32
+     [packet.c]
+     make 'cp' unsigned and merge with 'ucp'; ok stevesk@
+   - markus@cvs.openbsd.org 2002/02/24 18:31:09
+     [uuencode.c]
+     typo in comment
+   - markus@cvs.openbsd.org 2002/02/24 19:14:59
+     [auth2.c authfd.c authfd.h authfile.c kexdh.c kexgex.c key.c key.h 
+      ssh-dss.c ssh-dss.h ssh-keygen.c ssh-rsa.c ssh-rsa.h sshconnect2.c]
+     signed vs. unsigned: make size arguments u_int, ok stevesk@
+   - stevesk@cvs.openbsd.org 2002/02/24 19:59:42
+     [channels.c misc.c]
+     disable Nagle in connect_to() and channel_post_port_listener() (port
+     forwarding endpoints).  the intention is to preserve the on-the-wire
+     appearance to applications at either end; the applications can then
+     enable TCP_NODELAY according to their requirements. ok markus@
+   - markus@cvs.openbsd.org 2002/02/25 16:33:27
+     [ssh-keygen.c sshconnect2.c uuencode.c uuencode.h]
+     more u_* fixes
+ - (bal) Imported missing fatal.c and fixed up Makefile.in
+ - (tim) [configure.ac] correction to Bug 123 fix
+     [configure.ac] correction to sig_atomic_t test
+
+20020225
+ - (bal) Last AIX patch.  Moved aix_usrinfo() outside of do_setuserconext()
+   since we need more session information than provided by that function.
+
+20020224
+ - (bal) Drop Session *s usage in ports-aix.[ch] and pass just what we
+   need to do the jobs (AIX still does not fully compile, but that is
+   coming).
+ - (bal) Part two.. Drop unused AIX header, fix up missing char *cp.  All
+   that is left is handling aix_usrinfo().
+ - (tim) [loginrec.c session.c sshlogin.c sshlogin.h] Bug 84
+   patch by wknox@mitre.org (William Knox).
+   [sshlogin.h] declare record_utmp_only for session.c
+
+20020221
+ - (bal) Minor session.c fixup for cygwin.  mispelt 'is_winnt' variable.
+
+20020219
+ - (djm) OpenBSD CVS Sync
+   - mpech@cvs.openbsd.org 2002/02/13 08:33:47
+     [ssh-keyscan.1]
+     When you give command examples and etc., in a manual page prefix them with:     $ command
+     or
+     # command
+   - markus@cvs.openbsd.org 2002/02/14 23:27:59
+     [channels.c]
+     increase the SSH v2 window size to 4 packets. comsumes a little
+     bit more memory for slow receivers but increases througput.
+   - markus@cvs.openbsd.org 2002/02/14 23:28:00
+     [channels.h session.c ssh.c]
+     increase the SSH v2 window size to 4 packets. comsumes a little
+     bit more memory for slow receivers but increases througput.
+   - markus@cvs.openbsd.org 2002/02/14 23:41:01
+     [authfile.c cipher.c cipher.h kex.c kex.h packet.c]
+     hide some more implementation details of cipher.[ch] and prepares for move
+     to EVP, ok deraadt@
+   - stevesk@cvs.openbsd.org 2002/02/16 14:53:37
+     [ssh-keygen.1]
+     -t required now for key generation
+   - stevesk@cvs.openbsd.org 2002/02/16 20:40:08
+     [ssh-keygen.c]
+     default to rsa keyfile path for non key generation operations where
+     keyfile not specified.  fixes core dump in those cases.  ok markus@
+   - millert@cvs.openbsd.org 2002/02/16 21:27:53
+     [auth.h]
+     Part one of userland __P removal.  Done with a simple regexp with 
+     some minor hand editing to make comments line up correctly.  Another 
+     pass is forthcoming that handles the cases that could not be done 
+     automatically.
+   - millert@cvs.openbsd.org 2002/02/17 19:42:32
+     [auth.h]
+     Manual cleanup of remaining userland __P use (excluding packages 
+     maintained outside the tree)
+   - markus@cvs.openbsd.org 2002/02/18 13:05:32
+     [cipher.c cipher.h]
+     switch to EVP, ok djm@ deraadt@
+   - markus@cvs.openbsd.org 2002/02/18 17:55:20
+     [ssh.1]
+     -q: Fatal errors are _not_ displayed.
+   - deraadt@cvs.openbsd.org 2002/02/19 02:50:59
+     [sshd_config]
+     stategy is not an english word
+ - (bal) Migrated IRIX jobs/projects/audit/etc code to 
+   openbsd-compat/port-irix.[ch] to improve readiblity of do_child()
+ - (bal) Migrated AIX getuserattr and usrinfo code to 
+   openbsd-compat/port-aix.[c] to improve readilbity of do_child() and
+   simplify our diffs against upstream source.
+ - (bal) OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2002/02/15 23:11:26
+     [session.c]
+     split do_child(), ok mouring@
+   - markus@cvs.openbsd.org 2002/02/16 00:51:44
+     [session.c]
+     typo
+ - (bal) CVS ID sync since the last two patches were merged mistakenly
+
+20020218
+ - (tim) newer config.guess from ftp://ftp.gnu.org/gnu/config/config.guess
+
+20020213
+ - (djm) Don't use system sys/queue.h on AIX. Report from 
+   gert@greenie.muc.de
+ - (djm) Bug #114 - not starting PAM for SSH protocol 1 invalid users
+
+20020213
+ - (djm) OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2002/02/11 16:10:15
+     [kex.c]
+     restore kexinit handler if we reset the dispatcher, this unbreaks
+     rekeying s/kex_clear_dispatch/kex_reset_dispatch/
+   - markus@cvs.openbsd.org 2002/02/11 16:15:46
+     [sshconnect1.c]
+     include md5.h, not evp.h
+   - markus@cvs.openbsd.org 2002/02/11 16:17:55
+     [sshd.c]
+     do not complain about port > 1024 if rhosts-auth is disabled
+   - markus@cvs.openbsd.org 2002/02/11 16:19:39
+     [sshd.c]
+     include md5.h not hmac.h
+   - markus@cvs.openbsd.org 2002/02/11 16:21:42
+     [match.c]
+     support up to 40 algorithms per proposal
+   - djm@cvs.openbsd.org 2002/02/12 12:32:27
+     [sftp.1 sftp.c sftp-client.c sftp-client.h sftp-int.c]
+     Perform multiple overlapping read/write requests in file transfer. Mostly
+     done by Tobias Ringstrom <tori@ringstrom.mine.nu>; ok markus@
+   - djm@cvs.openbsd.org 2002/02/12 12:44:46
+     [sftp-client.c]
+     Let overlapped upload path handle servers which reorder ACKs. This may be
+     permitted by the protocol spec; ok markus@
+   - markus@cvs.openbsd.org 2002/02/13 00:28:13
+     [sftp-server.c]
+     handle SSH2_FILEXFER_ATTR_SIZE in SSH2_FXP_(F)SETSTAT; ok djm@
+   - markus@cvs.openbsd.org 2002/02/13 00:39:15
+     [readpass.c]
+     readpass.c is not longer from UCB, since we now use readpassphrase(3)
+   - djm@cvs.openbsd.org 2002/02/13 00:59:23
+     [sftp-client.c sftp-client.h sftp-glob.c sftp-glob.h sftp.h]
+     [sftp-int.c sftp-int.h]
+     API cleanup and backwards compat for filexfer v.0 servers; ok markus@
+ - (djm) Sync openbsd-compat with OpenBSD CVS too
+ - (djm) Bug #106: Add --without-rpath configure option. Patch from 
+   Nicolas.Williams@ubsw.com
+ - (tim) [configure.ac, defines.h ] add rpc/rpc.h for INADDR_LOOPBACK
+    on SCO OSR3
+
+20020210
+ - (djm) OpenBSD CVS Sync
+   - deraadt@cvs.openbsd.org 2002/02/09 17:37:34
+     [pathnames.h session.c ssh.1 sshd.8 sshd_config ssh-keyscan.1]
+     move ssh config files to /etc/ssh
+ - (djm) Adjust portable Makefile.in tnd ssh-rand-helper.c o match
+   - deraadt@cvs.openbsd.org 2002/02/10 01:07:05
+     [readconf.h sshd.8]
+     more /etc/ssh; openbsd@davidkrause.com
+
+20020208
+ - (djm) OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2002/02/04 12:15:25
+     [sshd.c]
+     add SYSLOG_FACILITY_NOT_SET = -1, SYSLOG_LEVEL_NOT_SET = -1,
+     fixes arm/netbsd; based on patch from bjh21@netbsd.org; ok djm@
+   - stevesk@cvs.openbsd.org 2002/02/04 20:41:16
+     [ssh-agent.1]
+     more sync for default ssh-add identities; ok markus@
+   - djm@cvs.openbsd.org 2002/02/05 00:00:46
+     [sftp.1 sftp.c sftp-client.c sftp-client.h sftp-int.c]
+     Add "-B" option to specify copy buffer length (default 32k); ok markus@
+   - markus@cvs.openbsd.org 2002/02/05 14:32:55
+     [channels.c channels.h ssh.c]
+     merge channel_request() into channel_request_start()
+   - markus@cvs.openbsd.org 2002/02/06 14:22:42
+     [sftp.1]
+     sort options; ok mpech@, stevesk@
+   - mpech@cvs.openbsd.org 2002/02/06 14:27:23
+     [sftp.c]
+     sync usage() with manual.
+   - markus@cvs.openbsd.org 2002/02/06 14:37:22
+     [session.c]
+     minor KNF
+   - markus@cvs.openbsd.org 2002/02/06 14:55:16
+     [channels.c clientloop.c serverloop.c ssh.c]
+     channel_new never returns NULL, mouring@; ok djm@
+   - markus@cvs.openbsd.org 2002/02/07 09:35:39
+     [ssh.c]
+     remove bogus comments
+
+20020205
+ - (djm) Cleanup after sync:
+   - :%s/reverse_mapping_check/verify_reverse_mapping/g
+ - (djm) OpenBSD CVS Sync
+   - stevesk@cvs.openbsd.org 2002/01/24 21:09:25
+     [channels.c misc.c misc.h packet.c]
+     add set_nodelay() to set TCP_NODELAY on a socket (prep for nagle tuning).
+     no nagle changes just yet; ok djm@ markus@
+   - stevesk@cvs.openbsd.org 2002/01/24 21:13:23
+     [packet.c]
+     need misc.h for set_nodelay()
+   - markus@cvs.openbsd.org 2002/01/25 21:00:24
+     [sshconnect2.c]
+     unused include
+   - markus@cvs.openbsd.org 2002/01/25 21:42:11
+     [ssh-dss.c ssh-rsa.c]
+     use static EVP_MAX_MD_SIZE buffers for EVP_DigestFinal; ok stevesk@
+     don't use evp_md->md_size, it's not public.
+   - markus@cvs.openbsd.org 2002/01/25 22:07:40
+     [kex.c kexdh.c kexgex.c key.c mac.c]
+     use EVP_MD_size(evp_md) and not evp_md->md_size; ok steveks@
+   - stevesk@cvs.openbsd.org 2002/01/26 16:44:22
+     [includes.h session.c]
+     revert code to add x11 localhost display authorization entry for
+     hostname/unix:d and uts.nodename/unix:d if nodename was different than
+     hostname.  just add entry for unix:d instead.  ok markus@
+   - stevesk@cvs.openbsd.org 2002/01/27 14:57:46
+     [channels.c servconf.c servconf.h session.c sshd.8 sshd_config]
+     add X11UseLocalhost; ok markus@
+   - stevesk@cvs.openbsd.org 2002/01/27 18:08:17
+     [ssh.c]
+     handle simple case to identify FamilyLocal display; ok markus@
+   - markus@cvs.openbsd.org 2002/01/29 14:27:57
+     [ssh-add.c]
+     exit 2 if no agent, exit 1 if list fails; debian#61078; ok djm@
+   - markus@cvs.openbsd.org 2002/01/29 14:32:03
+     [auth2.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c canohost.c]
+     [servconf.c servconf.h session.c sshd.8 sshd_config]
+     s/ReverseMappingCheck/VerifyReverseMapping/ and avoid confusion; 
+     ok stevesk@
+   - stevesk@cvs.openbsd.org 2002/01/29 16:29:02
+     [session.c]
+     limit subsystem length in log; ok markus@
+   - markus@cvs.openbsd.org 2002/01/29 16:41:19
+     [ssh-add.1]
+     add DIAGNOSTICS; ok stevesk@
+   - markus@cvs.openbsd.org 2002/01/29 22:46:41
+     [session.c]
+     don't depend on servconf.c; ok djm@
+   - markus@cvs.openbsd.org 2002/01/29 23:50:37
+     [scp.1 ssh.1]
+     mention exit status; ok stevesk@
+   - markus@cvs.openbsd.org 2002/01/31 13:35:11
+     [kexdh.c kexgex.c]
+     cross check announced key type and type from key blob
+   - markus@cvs.openbsd.org 2002/01/31 15:00:05
+     [serverloop.c]
+     no need for WNOHANG; ok stevesk@
+   - markus@cvs.openbsd.org 2002/02/03 17:53:25
+     [auth1.c serverloop.c session.c session.h]
+     don't use channel_input_channel_request and callback
+     use new server_input_channel_req() instead:
+     	server_input_channel_req does generic request parsing on server side
+     	session_input_channel_req handles just session specific things now
+     ok djm@
+   - markus@cvs.openbsd.org 2002/02/03 17:55:55
+     [channels.c channels.h]
+     remove unused channel_input_channel_request
+   - markus@cvs.openbsd.org 2002/02/03 17:58:21
+     [channels.c channels.h ssh.c]
+     generic callbacks are not really used, remove and
+     add a callback for msg of type SSH2_MSG_CHANNEL_OPEN_CONFIRMATION
+     ok djm@
+   - markus@cvs.openbsd.org 2002/02/03 17:59:23
+     [sshconnect2.c]
+     more cross checking if announced vs. used key type; ok stevesk@
+   - stevesk@cvs.openbsd.org 2002/02/03 22:35:57
+     [ssh.1 sshd.8]
+     some KeepAlive cleanup/clarify; ok markus@
+   - stevesk@cvs.openbsd.org 2002/02/03 23:22:59
+     [ssh-agent.1]
+     ssh-add also adds $HOME/.ssh/id_rsa and $HOME/.ssh/id_dsa now.
+   - stevesk@cvs.openbsd.org 2002/02/04 00:53:39
+     [ssh-agent.c]
+     unneeded includes
+   - markus@cvs.openbsd.org 2002/02/04 11:58:10
+     [auth2.c]
+     cross checking of announced vs actual pktype in pubkey/hostbaed auth; 
+     ok stevesk@
+   - markus@cvs.openbsd.org 2002/02/04 12:15:25
+     [log.c log.h readconf.c servconf.c]
+     add SYSLOG_FACILITY_NOT_SET = -1, SYSLOG_LEVEL_NOT_SET = -1,
+     fixes arm/netbsd; based on patch from bjh21@netbsd.org; ok djm@
+   - stevesk@cvs.openbsd.org 2002/02/04 20:41:16
+     [ssh-add.1]
+     more sync for default ssh-add identities; ok markus@
+   - djm@cvs.openbsd.org 2002/02/04 21:53:12
+     [sftp.1 sftp.c]
+     Add "-P" option to directly connect to a local sftp-server. Should be 
+     useful for regression testing; ok markus@
+   - djm@cvs.openbsd.org 2002/02/05 00:00:46
+     [sftp.1 sftp.c sftp-client.c sftp-client.h sftp-int.c]
+     Add "-B" option to specify copy buffer length (default 32k); ok markus@
+
+20020130
+ - (djm) Delay PRNG seeding until we need it in ssh-keygen, from markus@
+ - (tim) [configure.ac] fix logic on when ssh-rand-helper is installed.
+   [sshd_config] put back in line that tells what PATH was compiled into sshd.
+
+20020125
+ - (djm) Don't grab Xserver or pointer by default. x11-ssh-askpass doesn't 
+   and grabbing can cause deadlocks with kinput2. 
+
+20020124
+ - (stevesk) Makefile.in: bug #61; delete commented line for now.
+
+20020123
+ - (djm) Fix non-standard shell syntax in autoconf. Patch from 
+   Dave Dykstra <dwd@bell-labs.com>
+ - (stevesk) fix --with-zlib=
+ - (djm) Use case statements in autoconf to clean up some tests
+ - (bal) reverted out of 5/2001 change to atexit().  I assume I
+   did it to handle SonyOS.  If that is the case than we will
+   do a special case for them.
+
+20020122
+ - (djm) autoconf hacking:
+   - We don't support --without-zlib currently, so don't allow it.
+   - Rework cryptographic random number support detection. We now detect 
+     whether OpenSSL seeds itself. If it does, then we don't bother with 
+     the ssh-rand-helper program. You can force the use of ssh-rand-helper
+     using the --with-rand-helper configure argument
+   - Simplify and clean up ssh-rand-helper configuration
+   - Add OpenSSL sanity check: verify that header version matches version
+     reported by library
+ - (djm) Fix some bugs I introduced into ssh-rand-helper yesterday
+ - OpenBSD CVS Sync
+   - djm@cvs.openbsd.org 2001/12/21 08:52:22
+     [ssh-keygen.1 ssh-keygen.c]
+     Remove default (rsa1) key type; ok markus@
+   - djm@cvs.openbsd.org 2001/12/21 08:53:45
+     [readpass.c]
+     Avoid interruptable passphrase read; ok markus@
+   - djm@cvs.openbsd.org 2001/12/21 10:06:43
+     [ssh-add.1 ssh-add.c]
+     Try all standard key files (id_rsa, id_dsa, identity) when invoked with
+     no arguments; ok markus@
+   - markus@cvs.openbsd.org 2001/12/21 12:17:33
+     [serverloop.c]
+     remove ifdef for USE_PIPES since fdin != fdout; ok djm@
+   - deraadt@cvs.openbsd.org 2001/12/24 07:29:43
+     [ssh-add.c]
+     try all listed keys.. how did this get broken?
+   - markus@cvs.openbsd.org 2001/12/25 18:49:56
+     [key.c]
+     be more careful on allocation
+   - markus@cvs.openbsd.org 2001/12/25 18:53:00
+     [auth1.c]
+     be more carefull on allocation
+   - markus@cvs.openbsd.org 2001/12/27 18:10:29
+     [ssh-keygen.c]
+     -t is only needed for key generation (unbreaks -i, -e, etc).
+   - markus@cvs.openbsd.org 2001/12/27 18:22:16
+     [auth1.c authfile.c auth-rsa.c dh.c kexdh.c kexgex.c key.c rsa.c]
+     [scard.c ssh-agent.c sshconnect1.c sshd.c ssh-dss.c]
+     call fatal() for openssl allocation failures
+   - stevesk@cvs.openbsd.org 2001/12/27 18:22:53
+     [sshd.8]
+     clarify -p; ok markus@
+   - markus@cvs.openbsd.org 2001/12/27 18:26:13
+     [authfile.c]
+     missing include
+   - markus@cvs.openbsd.org 2001/12/27 19:37:23
+     [dh.c kexdh.c kexgex.c]
+     always use BN_clear_free instead of BN_free
+   - markus@cvs.openbsd.org 2001/12/27 19:54:53
+     [auth1.c auth.h auth-rh-rsa.c]
+     auth_rhosts_rsa now accept generic keys.
+   - markus@cvs.openbsd.org 2001/12/27 20:39:58
+     [auth1.c auth-rsa.c channels.c clientloop.c packet.c packet.h]
+     [serverloop.c session.c ssh.c sshconnect1.c sshd.c ttymodes.c]
+     get rid of packet_integrity_check, use packet_done() instead.
+   - markus@cvs.openbsd.org 2001/12/28 12:14:27
+     [auth1.c auth2.c auth2-chall.c auth-rsa.c channels.c clientloop.c]
+     [kex.c kexdh.c kexgex.c packet.c packet.h serverloop.c session.c]
+     [ssh.c sshconnect1.c sshconnect2.c sshd.c]
+     s/packet_done/packet_check_eom/ (end-of-message); ok djm@
+   - markus@cvs.openbsd.org 2001/12/28 13:57:33
+     [auth1.c kexdh.c kexgex.c packet.c packet.h sshconnect1.c sshd.c]
+     packet_get_bignum* no longer returns a size
+   - markus@cvs.openbsd.org 2001/12/28 14:13:13
+     [bufaux.c bufaux.h packet.c]
+     buffer_get_bignum: int -> void
+   - markus@cvs.openbsd.org 2001/12/28 14:50:54
+     [auth1.c auth-rsa.c channels.c dispatch.c kex.c kexdh.c kexgex.c]
+     [packet.c packet.h serverloop.c session.c ssh.c sshconnect1.c]
+     [sshconnect2.c sshd.c]
+     packet_read* no longer return the packet length, since it's not used.
+   - markus@cvs.openbsd.org 2001/12/28 15:06:00
+     [auth2.c auth2-chall.c channels.c channels.h clientloop.c dispatch.c]
+     [dispatch.h kex.c kex.h serverloop.c ssh.c sshconnect2.c]
+     remove plen from the dispatch fn. it's no longer used.
+   - stevesk@cvs.openbsd.org 2001/12/28 22:37:48
+     [ssh.1 sshd.8]
+     document LogLevel DEBUG[123]; ok markus@
+   - stevesk@cvs.openbsd.org 2001/12/29 21:56:01
+     [authfile.c channels.c compress.c packet.c sftp-server.c]
+     [ssh-agent.c ssh-keygen.c]
+     remove unneeded casts and some char->u_char cleanup; ok markus@
+   - stevesk@cvs.openbsd.org 2002/01/03 04:11:08
+     [ssh_config]
+     grammar in comment
+   - stevesk@cvs.openbsd.org 2002/01/04 17:59:17
+     [readconf.c servconf.c]
+     remove #ifdef _PATH_XAUTH/#endif; ok markus@
+   - stevesk@cvs.openbsd.org 2002/01/04 18:14:16
+     [servconf.c sshd.8]
+     protocol 2 HostKey code default is now /etc/ssh_host_rsa_key and
+     /etc/ssh_host_dsa_key like we have in sshd_config.  ok markus@
+   - markus@cvs.openbsd.org 2002/01/05 10:43:40
+     [channels.c]
+     fix hanging x11 channels for rejected cookies (e.g. 
+     XAUTHORITY=/dev/null xbiff) bug #36, based on patch from
+     djast@cs.toronto.edu
+   - stevesk@cvs.openbsd.org 2002/01/05 21:51:56
+     [ssh.1 sshd.8]
+     some missing and misplaced periods
+   - markus@cvs.openbsd.org 2002/01/09 13:49:27
+     [ssh-keygen.c]
+     append \n only for public keys
+   - markus@cvs.openbsd.org 2002/01/09 17:16:00
+     [channels.c]
+     merge channel_pre_open_15/channel_pre_open_20; ok provos@
+   - markus@cvs.openbsd.org 2002/01/09 17:26:35
+     [channels.c nchan.c]
+     replace buffer_consume(b, buffer_len(b)) with buffer_clear(b); 
+     ok provos@
+   - markus@cvs.openbsd.org 2002/01/10 11:13:29
+     [serverloop.c]
+     skip client_alive_check until there are channels; ok beck@
+   - markus@cvs.openbsd.org 2002/01/10 11:24:04
+     [clientloop.c]
+     handle SSH2_MSG_GLOBAL_REQUEST (just reply with failure); ok djm@
+   - markus@cvs.openbsd.org 2002/01/10 12:38:26
+     [nchan.c]
+     remove dead code (skip drain)
+   - markus@cvs.openbsd.org 2002/01/10 12:47:59
+     [nchan.c]
+     more unused code (with channels.c:1.156)
+   - markus@cvs.openbsd.org 2002/01/11 10:31:05
+     [packet.c]
+     handle received SSH2_MSG_UNIMPLEMENTED messages; ok djm@
+   - markus@cvs.openbsd.org 2002/01/11 13:36:43
+     [ssh2.h]
+     add defines for msg type ranges
+   - markus@cvs.openbsd.org 2002/01/11 13:39:36
+     [auth2.c dispatch.c dispatch.h kex.c]
+     a single dispatch_protocol_error() that sends a message of 
+     type 'UNIMPLEMENTED'
+     dispatch_range(): set handler for a ranges message types
+     use dispatch_protocol_ignore() for authentication requests after
+     successful authentication (the drafts requirement).
+     serverloop/clientloop now send a 'UNIMPLEMENTED' message instead 
+     of exiting.
+   - markus@cvs.openbsd.org 2002/01/11 20:14:11
+     [auth2-chall.c auth-skey.c]
+     use strlcpy not strlcat; mouring@
+   - markus@cvs.openbsd.org 2002/01/11 23:02:18
+     [readpass.c]
+     use _PATH_TTY
+   - markus@cvs.openbsd.org 2002/01/11 23:02:51
+     [auth2-chall.c]
+     use snprintf; mouring@
+   - markus@cvs.openbsd.org 2002/01/11 23:26:30
+     [auth-skey.c]
+     use snprintf; mouring@
+   - markus@cvs.openbsd.org 2002/01/12 13:10:29
+     [auth-skey.c]
+     undo local change
+   - provos@cvs.openbsd.org 2002/01/13 17:27:07
+     [ssh-agent.c]
+     change to use queue.h macros; okay markus@
+   - markus@cvs.openbsd.org 2002/01/13 17:57:37
+     [auth2.c auth2-chall.c compat.c sshconnect2.c sshd.c]
+     use buffer API and avoid static strings of fixed size; 
+     ok provos@/mouring@
+   - markus@cvs.openbsd.org 2002/01/13 21:31:20
+     [channels.h nchan.c]
+     add chan_set_[io]state(), order states, state is now an u_int,
+     simplifies debugging messages; ok provos@
+   - markus@cvs.openbsd.org 2002/01/14 13:22:35
+     [nchan.c]
+     chan_send_oclose1() no longer calls chan_shutdown_write(); ok provos@
+   - markus@cvs.openbsd.org 2002/01/14 13:34:07
+     [nchan.c]
+     merge chan_[io]buf_empty[12]; ok provos@
+   - markus@cvs.openbsd.org 2002/01/14 13:40:10
+     [nchan.c]
+     correct fn names for ssh2, do not switch from closed to closed; 
+     ok provos@
+   - markus@cvs.openbsd.org 2002/01/14 13:41:13
+     [nchan.c]
+     remove duplicated code; ok provos@
+   - markus@cvs.openbsd.org 2002/01/14 13:55:55
+     [channels.c channels.h nchan.c]
+     remove function pointers for events, remove chan_init*; ok provos@
+   - markus@cvs.openbsd.org 2002/01/14 13:57:03
+     [channels.h nchan.c]
+     (c) 2002
+   - markus@cvs.openbsd.org 2002/01/16 13:17:51
+     [channels.c channels.h serverloop.c ssh.c]
+     wrapper for channel_setup_fwd_listener
+   - stevesk@cvs.openbsd.org 2002/01/16 17:40:23
+     [sshd_config]
+     The stategy now used for options in the default sshd_config shipped
+     with OpenSSH is to specify options with their default value where
+     possible, but leave them commented.  Uncommented options change a
+     default value.  Subsystem is currently the only default option
+     changed.  ok markus@
+   - stevesk@cvs.openbsd.org 2002/01/16 17:42:33
+     [ssh.1]
+     correct defaults for -i/IdentityFile; ok markus@
+   - stevesk@cvs.openbsd.org 2002/01/16 17:55:33
+     [ssh_config]
+     correct some commented defaults.  add Ciphers default.  ok markus@
+   - stevesk@cvs.openbsd.org 2002/01/17 04:27:37
+     [log.c]
+     casts to silence enum type warnings for bugzilla bug 37; ok markus@
+   - stevesk@cvs.openbsd.org 2002/01/18 17:14:16
+     [sshd.8]
+     correct Ciphers default; paola.mannaro@ubs.com
+   - stevesk@cvs.openbsd.org 2002/01/18 18:14:17
+     [authfd.c bufaux.c buffer.c cipher.c packet.c ssh-agent.c ssh-keygen.c]
+     unneeded cast cleanup; ok markus@
+   - stevesk@cvs.openbsd.org 2002/01/18 20:46:34
+     [sshd.8]
+     clarify Allow(Groups|Users) and Deny(Groups|Users); suggestion from
+     allard@oceanpark.com; ok markus@
+   - markus@cvs.openbsd.org 2002/01/21 15:13:51
+     [sshconnect.c]
+     use read_passphrase+ECHO in confirm(), allows use of ssh-askpass
+     for hostkey confirm.
+   - markus@cvs.openbsd.org 2002/01/21 22:30:12
+     [cipher.c compat.c myproposal.h]
+     remove "rijndael-*", just use "aes-" since this how rijndael is called
+     in the drafts; ok stevesk@
+   - markus@cvs.openbsd.org 2002/01/21 23:27:10
+     [channels.c nchan.c]
+     cleanup channels faster if the are empty and we are in drain-state; 
+     ok deraadt@
+   - stevesk@cvs.openbsd.org 2002/01/22 02:52:41
+     [servconf.c]
+     typo in error message; from djast@cs.toronto.edu
+ - (djm) Make auth2-pam.c compile again after dispatch.h and packet.h 
+   changes
+ - (djm) Recent Glibc includes an incompatible sys/queue.h. Treat it as 
+   bogus in configure
+ - (djm) Use local sys/queue.h if necessary in ssh-agent.c
+
+20020121
+ - (djm) Rework ssh-rand-helper:
+   - Reduce quantity of ifdef code, in preparation for ssh_rand_conf
+   - Always seed from system calls, even when doing PRNGd seeding
+   - Tidy and comment #define knobs
+   - Remove unused facility for multiple runs through command list
+   - KNF, cleanup, update copyright
+
+20020114
+ - (djm) Bug #50 - make autoconf entropy path checks more robust
+
+20020108
+ - (djm) Merge Cygwin copy_environment with do_pam_environment, removing 
+   fixed env var size limit in the process. Report from Corinna Vinschen 
+   <vinschen@redhat.com>
+ - (stevesk) defines.h: use "/var/spool/sockets/X11/%u" for HP-UX.  does
+   not depend on transition links.  from Lutz Jaenicke.
+
+20020106
+ - (stevesk) defines.h: determine _PATH_UNIX_X; currently "/tmp/.X11-unix/X%u"
+   for all platforms except HP-UX, which is "/usr/spool/sockets/X11/%u".
+
+20020105
+ - (bal) NCR requies use_pipes to operate correctly.
+ - (stevesk) fix spurious ; from NCR change.
+
+20020103
+ - (djm) Use bigcrypt() on systems with SCO_PROTECTED_PW. Patch from 
+   Roger Cornelius <rac@tenzing.org>
+
+20011229
+ - (djm) Apply Cygwin pointer deref fix from Corinna Vinschen 
+   <vinschen@redhat.com> Could be abused to guess valid usernames
+ - (djm) Typo in contrib/cygwin/README Fix from Corinna Vinschen
+   <vinschen@redhat.com>
+
+20011228
+ - (djm) Remove recommendation to use GNU make, we should support most
+   make programs.
+
+20011225
+ - (stevesk) [Makefile.in ssh-rand-helper.c]
+   portable lib and __progname support for ssh-rand-helper; ok djm@
+
+20011223
+ - (bal) Removed contrib/chroot.diff and noted in contrib/README that it
+   was not being maintained.
+
+20011222
+ - (djm) Ignore fix & patchlevel in OpenSSL version check. Patch from 
+   solar@openwall.com
+ - (djm) Rework entropy code. If the OpenSSL PRNG is has not been 
+   internally seeded, execute a subprogram "ssh-rand-helper" to obtain
+   some entropy for us. Rewrite the old in-process entropy collecter as
+   an example ssh-rand-helper.
+ - (djm) Always perform ssh_prng_cmds path lookups in configure, even if
+   we don't end up using ssh_prng_cmds (so we always get a valid file) 
+      
+20011221
+ - (djm) Add option to gnome-ssh-askpass to stop it from grabbing the X
+   server. I have found this necessary to avoid server hangs with X input
+   extensions (e.g. kinput2). Enable by setting the environment variable
+   "GNOME_SSH_ASKPASS_NOGRAB"
+  - OpenBSD CVS Sync
+   - stevesk@cvs.openbsd.org 2001/12/08 17:49:28
+     [channels.c pathnames.h]
+     use only one path to X11 UNIX domain socket vs. an array of paths
+     to try.  report from djast@cs.toronto.edu.  ok markus@
+   - markus@cvs.openbsd.org 2001/12/09 18:45:56
+     [auth2.c auth2-chall.c auth.h]
+     add auth2_challenge_stop(), simplifies cleanup of kbd-int sessions,
+     fixes memleak.
+   - stevesk@cvs.openbsd.org 2001/12/10 16:45:04
+     [sshd.c]
+     possible fd leak on error; ok markus@
+   - markus@cvs.openbsd.org 2001/12/10 20:34:31
+     [ssh-keyscan.c]
+     check that server supports v1 for -t rsa1, report from wirth@dfki.de
+   - jakob@cvs.openbsd.org 2001/12/18 10:04:21
+     [auth.h hostfile.c hostfile.h]
+     remove auth_rsa_read_key, make hostfile_ready_key non static; ok markus@
+   - jakob@cvs.openbsd.org 2001/12/18 10:05:15
+     [auth2.c]
+     log fingerprint on successful public key authentication; ok markus@
+   - jakob@cvs.openbsd.org 2001/12/18 10:06:24
+     [auth-rsa.c]
+     log fingerprint on successful public key authentication, simplify 
+     usage of key structs; ok markus@
+   - deraadt@cvs.openbsd.org 2001/12/19 07:18:56
+     [auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h]
+     [auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c]
+     [cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c]
+     [match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c]
+     [servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c]
+     [sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c]
+     [sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config]
+     [ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c]
+     basic KNF done while i was looking for something else
+   - markus@cvs.openbsd.org 2001/12/19 16:09:39
+     [serverloop.c]
+     fix race between SIGCHLD and select with an additional pipe.  writing
+     to the pipe on SIGCHLD wakes up select(). using pselect() is not
+     portable and siglongjmp() ugly. W. R. Stevens suggests similar solution.
+     initial idea by pmenage@ensim.com; ok deraadt@, djm@
+   - stevesk@cvs.openbsd.org 2001/12/19 17:16:13
+     [authfile.c bufaux.c bufaux.h buffer.c buffer.h packet.c packet.h ssh.c]
+     change the buffer/packet interface to use void* vs. char*; ok markus@
+   - markus@cvs.openbsd.org 2001/12/20 16:37:29
+     [channels.c channels.h session.c]
+     setup x11 listen socket for just one connect if the client requests so.
+     (v2 only, but the openssh client does not support this feature).
+   - djm@cvs.openbsd.org 2001/12/20 22:50:24
+     [auth2.c auth2-chall.c channels.c channels.h clientloop.c dispatch.c]
+     [dispatch.h kex.c kex.h packet.c packet.h serverloop.c ssh.c]
+     [sshconnect2.c]
+     Conformance fix: we should send failing packet sequence number when
+     responding with a SSH_MSG_UNIMPLEMENTED message. Spotted by
+     yakk@yakk.dot.net; ok markus@
+
+20011219
+ - (stevesk) OpenBSD CVS sync X11 localhost display
+   - stevesk@cvs.openbsd.org 2001/11/29 14:10:51
+     [channels.h channels.c session.c]
+     sshd X11 fake server will now listen on localhost by default:
+     $ echo $DISPLAY
+     localhost:12.0
+     $ netstat -an|grep 6012
+     tcp        0      0  127.0.0.1.6012         *.*                    LISTEN
+     tcp6       0      0  ::1.6012               *.*                    LISTEN
+     sshd_config gatewayports=yes can be used to revert back to the old
+     behavior.  will control this with another option later.  ok markus@
+   - stevesk@cvs.openbsd.org 2001/12/19 08:43:11
+     [includes.h session.c]
+     handle utsname.nodename case for FamilyLocal X authorization; ok markus@
+	
+20011207
+ - (bal) PCRE no longer required.  Banished from the source along with
+   fake-regex.h
+ - (bal) OpenBSD CVS Sync
+   - stevesk@cvs.openbsd.org 2001/12/06 18:02:32
+     [channels.c sshconnect.c]
+     shutdown(sock, SHUT_RDWR) not needed here; ok markus@
+   - stevesk@cvs.openbsd.org 2001/12/06 18:09:23
+     [channels.c session.c]
+     strncpy->strlcpy.  remaining strncpy's are necessary.  ok markus@
+   - stevesk@cvs.openbsd.org 2001/12/06 18:20:32
+     [channels.c]
+     disable nagle for X11 fake server and client TCPs.  from netbsd.
+     ok markus@
+
+20011206
+ - (bal) OpenBSD CVS Sync
+   - deraadt@cvs.openbsd.org 2001/11/14 20:45:08
+     [sshd.c]
+     errno saving wrapping in a signal handler
+   - markus@cvs.openbsd.org 2001/11/16 12:46:13
+     [ssh-keyscan.c]
+     handle empty lines instead of dumping core; report from sha@sha-1.net
+   - stevesk@cvs.openbsd.org 2001/11/17 19:14:34
+     [auth2.c auth.c readconf.c servconf.c ssh-agent.c ssh-keygen.c]
+     enum/int type cleanup where it made sense to do so; ok markus@
+   - markus@cvs.openbsd.org 2001/11/19 11:20:21
+     [sshd.c]
+     fd leak on HUP; ok stevesk@
+   - stevesk@cvs.openbsd.org 2001/11/19 18:40:46
+     [ssh-agent.1]
+     clarify/state that private keys are not exposed to clients using the 
+     agent; ok markus@
+   - mpech@cvs.openbsd.org 2001/11/19 19:02:16
+     [deattack.c radix.c]
+     kill more registers
+     millert@ ok
+   - markus@cvs.openbsd.org 2001/11/21 15:51:24
+     [key.c]
+     mem leak
+   - stevesk@cvs.openbsd.org 2001/11/21 18:49:14
+     [ssh-keygen.1]
+     more on passphrase construction; ok markus@
+   - stevesk@cvs.openbsd.org 2001/11/22 05:27:29
+     [ssh-keyscan.c]
+     don't use "\n" in fatal()
+   - markus@cvs.openbsd.org 2001/11/22 12:34:22
+     [clientloop.c serverloop.c sshd.c]
+     volatile sig_atomic_t
+   - stevesk@cvs.openbsd.org 2001/11/29 19:06:39
+     [channels.h]
+     remove dead function prototype; ok markus@
+   - markus@cvs.openbsd.org 2001/11/29 22:08:48
+     [auth-rsa.c]
+     fix protocol error: send 'failed' message instead of a 2nd challenge
+     (happens if the same key is in authorized_keys twice).
+     reported Ralf_Meister@genua.de; ok djm@
+   - stevesk@cvs.openbsd.org 2001/11/30 20:39:28
+     [ssh.c]
+     sscanf() length dependencies are clearer now; can also shrink proto
+     and data if desired, but i have not done that.  ok markus@
+   - markus@cvs.openbsd.org 2001/12/01 21:41:48
+     [session.c sshd.8]
+     don't pass user defined variables to /usr/bin/login
+   - deraadt@cvs.openbsd.org 2001/12/02 02:08:32
+     [sftp-common.c]
+     zap };
+   - itojun@cvs.openbsd.org 2001/12/05 03:50:01
+     [clientloop.c serverloop.c sshd.c]
+     deal with LP64 printf issue with sig_atomic_t.  from thorpej
+   - itojun@cvs.openbsd.org 2001/12/05 03:56:39
+     [auth1.c auth2.c canohost.c channels.c deattack.c packet.c scp.c 
+      sshconnect2.c]
+     make it compile with more strict prototype checking
+   - deraadt@cvs.openbsd.org 2001/12/05 10:06:12
+     [authfd.c authfile.c bufaux.c channels.c compat.c kex.c kexgex.c 
+      key.c misc.c packet.c servconf.c ssh-agent.c sshconnect2.c 
+      sshconnect.c sshd.c ssh-dss.c ssh-keygen.c ssh-rsa.c]
+     minor KNF
+   - markus@cvs.openbsd.org 2001/12/05 15:04:48
+     [version.h]
+     post 3.0.2
+   - markus@cvs.openbsd.org 2001/12/05 16:54:51
+     [compat.c match.c match.h]
+     make theo and djm happy: bye bye regexp
+   - markus@cvs.openbsd.org 2001/12/06 13:30:06
+     [servconf.c servconf.h sshd.8 sshd.c]
+     add -o to sshd, too. ok deraadt@
+ - (bal) Minor white space fix up in servconf.c
+
+20011126
+ - (tim) [contrib/cygwin/README, openbsd-compat/bsd-cygwin_util.c,
+   openbsd-compat/bsd-cygwin_util.h, openbsd-compat/daemon.c]
+   Allow SSHD to install as service under WIndows 9x/Me
+   [configure.ac] Fix to allow linking against PCRE on Cygwin
+   Patches by Corinna Vinschen <vinschen@redhat.com>
+
+20011115
+ - (djm) Fix IPv4 default in ssh-keyscan. Spotted by Dan Astoorian 
+   <djast@cs.toronto.edu> Fix from markus@
+ - (djm) Release 3.0.1p1
+
+20011113
+ - (djm) Fix early (and double) free of remote user when using Kerberos. 
+   Patch from Simon Wilkinson <simon@sxw.org.uk>
+ - (djm) AIX login{success,failed} changes. Move loginsuccess call to 
+   do_authenticated. Call loginfailed for protocol 2 failures > MAX like 
+   we do for protocol 1. Reports from Ralf Wenk <wera0003@fh-karlsruhe.de>,
+   K.Wolkersdorfer@fz-juelich.de and others
+ - (djm) OpenBSD CVS Sync
+   - dugsong@cvs.openbsd.org 2001/11/11 18:47:10
+     [auth-krb5.c]
+     fix krb5 authorization check. found by <jhawk@MIT.EDU>. from 
+     art@, deraadt@ ok
+   - markus@cvs.openbsd.org  2001/11/12 11:17:07
+     [servconf.c]
+     enable authorized_keys2 again. tested by fries@
+   - markus@cvs.openbsd.org  2001/11/13 02:03:57
+     [version.h]
+     enter 3.0.1
+ - (djm) Bump RPM package versions
+
+20011112
+ - (djm) Makefile correctness fix from Mark D. Baushke <mdb@juniper.net>
+ - (djm) Cygwin config patch from Corinna Vinschen <vinschen@redhat.com>
+ - OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/10/24 08:41:41
+     [sshd.c]
+     mention remote port in debug message
+   - markus@cvs.openbsd.org 2001/10/24 08:41:20
+     [ssh.c]
+     remove unused
+   - markus@cvs.openbsd.org 2001/10/24 08:51:35
+     [clientloop.c ssh.c]
+     ignore SIGPIPE early, makes ssh work if agent dies, netbsd-pr via itojun@
+   - markus@cvs.openbsd.org 2001/10/24 19:57:40
+     [clientloop.c]
+     make ~& (backgrounding) work again for proto v1; add support ~& for v2, too
+   - markus@cvs.openbsd.org 2001/10/25 21:14:32
+     [ssh-keygen.1 ssh-keygen.c]
+     better docu for fingerprinting, ok deraadt@
+   - markus@cvs.openbsd.org 2001/10/29 19:27:15
+     [sshconnect2.c]
+     hostbased: check for client hostkey before building chost
+   - markus@cvs.openbsd.org 2001/10/30 20:29:09
+     [ssh.1]
+     ssh.1
+   - markus@cvs.openbsd.org 2001/11/07 16:03:17
+     [packet.c packet.h sshconnect2.c]
+     pad using the padding field from the ssh2 packet instead of sending
+     extra ignore messages. tested against several other ssh servers.
+   - markus@cvs.openbsd.org 2001/11/07 21:40:21
+     [ssh-rsa.c]
+     ssh_rsa_sign/verify: SSH_BUG_SIGBLOB not supported
+   - markus@cvs.openbsd.org 2001/11/07 22:10:28
+     [ssh-dss.c ssh-rsa.c]
+     missing free and sync dss/rsa code.
+   - markus@cvs.openbsd.org 2001/11/07 22:12:01
+     [sshd.8]
+     s/Keepalive/KeepAlive/; from openbsd@davidkrause.com
+   - markus@cvs.openbsd.org 2001/11/07 22:41:51
+     [auth2.c auth-rh-rsa.c]
+     unused includes
+   - markus@cvs.openbsd.org 2001/11/07 22:53:21
+     [channels.h]
+     crank c->path to 256 so they can hold a full hostname; dwd@bell-labs.com
+   - markus@cvs.openbsd.org 2001/11/08 10:51:08
+     [readpass.c]
+     don't strdup too much data; from gotoh@taiyo.co.jp; ok millert.
+   - markus@cvs.openbsd.org 2001/11/08 17:49:53
+     [ssh.1]
+     mention setuid root requirements; noted by cnorris@csc.UVic.ca; ok stevesk@
+   - markus@cvs.openbsd.org 2001/11/08 20:02:24
+     [auth.c]
+     don't print ROOT in CAPS for the authentication messages, i.e.
+     	Accepted publickey for ROOT from 127.0.0.1 port 42734 ssh2
+     becomes
+     	Accepted publickey for root from 127.0.0.1 port 42734 ssh2
+   - markus@cvs.openbsd.org 2001/11/09 18:59:23
+     [clientloop.c serverloop.c]
+     don't memset too much memory, ok millert@
+     original patch from jlk@kamens.brookline.ma.us via nalin@redhat.com
+   - markus@cvs.openbsd.org 2001/11/10 13:19:45
+     [sshd.c]
+     cleanup libwrap support (remove bogus comment, bogus close(), add 
+     debug, etc).
+   - markus@cvs.openbsd.org 2001/11/10 13:22:42
+     [ssh-rsa.c]
+     KNF (unexpand)
+   - markus@cvs.openbsd.org 2001/11/10 13:37:20
+     [packet.c]
+     remove extra debug()
+   - markus@cvs.openbsd.org 2001/11/11 13:02:31
+     [servconf.c]
+     make AuthorizedKeysFile2 fallback to AuthorizedKeysFile if 
+     AuthorizedKeysFile is specified.
+ - (djm) Reorder portable-specific server options so that they come first. 
+   This should help reduce diff collisions for new server options (as they
+   will appear at the end)
+
+20011109
+ - (stevesk) auth-pam.c: use do_pam_authenticate(PAM_DISALLOW_NULL_AUTHTOK)
+   if permit_empty_passwd == 0 so null password check cannot be bypassed.
+   jayaraj@amritapuri.com OpenBSD bug 2168
+   - markus@cvs.openbsd.org 2001/11/09 19:08:35
+     [sshd.c]
+     remove extra trailing dot from log message; pilot@naughty.monkey.org
+
+20011103
+ - (tim) [ contrib/caldera/openssh.spec contrib/caldera/sshd.init] Updates 
+   from Raymund Will <ray@caldera.de>
+   [acconfig.h configure.in] Clean up login checks.
+   Problem reported by Jim Knoble <jmknoble@pobox.com>
+
+20011101
+ - (djm) Compat define for OpenSSL < 0.9.6 (No OPENSSL_free)
+
+20011031
+ - (djm) Unsmoke drugs: config files should be noreplace.
+
+20011030
+ - (djm) Redhat RPM spec: remove noreplace from config files, allow IPv6 
+   by default (can force IPv4 using --define "noipv6 1")
+
+20011029
+ - (tim) [TODO defines.h loginrec.c] Change the references to configure.in
+   to configure.ac
+
+20011028
+ - (djm) Avoid bug in Solaris PAM libs
+ - (djm) Disconnect if no tty and PAM reports password expired
+ - (djm) Fix for PAM password changes being echoed (from stevesk)
+ - (stevesk) Fix compile problem with PAM password change fix
+ - (stevesk) README: zlib location is http://www.gzip.org/zlib/
+
+20011027
+ - (tim) [configure.ac] Fixes for ReliantUNIX (don't use libucb)
+   Patch by Robert Dahlem <Robert.Dahlem@siemens.com>
+
+20011026
+ - (bal) Set the correct current time in login_utmp_only().  Patch by
+   Wayne Davison <wayned@users.sourceforge.net>
+ - (tim) [scard/Makefile.in] Fix install: when building outside of source
+	 tree and using --src=/full_path/to/openssh
+	 Patch by Mark D. Baushke <mdb@juniper.net>
+
+20011025
+ - (bal) Use VDISABLE if _POSIX_VDISABLE is set in readpassphrase.c.  Patch
+   by todd@
+ - (tim) [configure.ac] Give path given in --with-xxx= for pcre,zlib, and
+	 tcp-wrappers precedence over system libraries and includes.
+	 Report from Dave Dykstra <dwd@bell-labs.com>
+
+20011024
+ - (bal) Should be 3.0p1 not 3.0p2.  Corrected version.h already.
+ - (tim) configure.in -> configure.ac
+
+20011023
+ - (bal) Updated version to 3.0p1 in preparing for release.
+ - (bal) Added 'PAM_TTY_KLUDGE' to Solaris platform.
+ - (tim) [configure.in] Fix test for broken dirname. Based on patch from
+	 Dave Dykstra <dwd@bell-labs.com>. Remove un-needed test for zlib.h.
+	 [contrib/caldera/openssh.spec, contrib/redhat/openssh.spec,
+	 contrib/suse/openssh.spec] Update version to match version.h
+
+20011022
+ - (djm) Fix fd leak in loginrec.c (ro fd to lastlog was left open).
+   Report from Michal Zalewski <lcamtuf@coredump.cx>
+
+20011021
+ - (tim) [configure.in] Clean up library testing. Add optional PATH to
+	 --with-pcre, --with-zlib, and --with-tcp-wrappers. Based on
+	 patch by albert chin (china@thewrittenword.com)
+	 Re-arange AC_CHECK_HEADERS and AC_CHECK_FUNCS for eaiser reading
+	 of patches to configure.in. Replace obsolete AC_STRUCT_ST_BLKSIZE
+	 with AC_CHECK_MEMBERS. Add test for broken dirname() on
+	 Solaris 2.5.1 by Dan Astoorian <djast@cs.toronto.edu>
+	 [acconfig.h aclocal.m4 defines.h configure.in] Better socklen_t test.
+	 patch by albert chin (china@thewrittenword.com)
+	 [scp.c] Replace obsolete HAVE_ST_BLKSIZE with
+	 HAVE_STRUCT_STAT_ST_BLKSIZE.
+	 [Makefile.in] When running make in top level, always do make
+	 in openbsd-compat. patch by Dave Dykstra <dwd@bell-labs.com>
+
+20011019
+ - (bal) Fixed up init.d symlink issue and piddir stuff.  Patches by
+   Zoran Milojevic <Zoran.Milojevic@SS8.com> and j.petersen@msh.de 
+
+20011012
+ - (djm) OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/10/10 22:18:47
+     [channels.c channels.h clientloop.c nchan.c serverloop.c]
+     [session.c session.h]
+     try to keep channels open until an exit-status message is sent.
+     don't kill the login shells if the shells stdin/out/err is closed.
+     this should now work:
+     ssh -2n localhost 'exec > /dev/null 2>&1; sleep 10; exit 5'; echo ?
+   - markus@cvs.openbsd.org 2001/10/11 13:45:21
+     [session.c]
+     delay detach of session if a channel gets closed but the child is 
+     still alive.  however, release pty, since the fd's to the child are 
+     already closed.
+   - markus@cvs.openbsd.org 2001/10/11 15:24:00
+     [clientloop.c]
+     clear select masks if we return before calling select().
+ - (djm) "make veryclean" fix from Tom Holroyd <tomh@po.crl.go.jp>
+ - (djm) Clean some autoconf-2.52 junk when doing "make distclean"
+ - (djm) Cleanup sshpty.c a little
+ - (bal) First wave of contrib/solaris/ package upgrades.  Still more
+   work needs to be done, but it is a 190% better then the stuff we
+   had before!
+ - (bal) Minor bug fix in contrib/solaris/opensshd.in .. $etcdir was not
+   set right.
+
+20011010
+ - (djm) OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/10/04 14:34:16
+     [key.c]
+     call OPENSSL_free() for memory allocated by openssl; from chombier@mac.com
+   - markus@cvs.openbsd.org 2001/10/04 15:05:40
+     [channels.c serverloop.c]
+     comment out bogus conditions for selecting on connection_in
+   - markus@cvs.openbsd.org 2001/10/04 15:12:37
+     [serverloop.c]
+     client_alive_check cleanup
+   - markus@cvs.openbsd.org 2001/10/06 00:14:50
+     [sshconnect.c]
+     remove unused argument
+   - markus@cvs.openbsd.org 2001/10/06 00:36:42
+     [session.c]
+     fix typo in error message, sync with do_exec_nopty
+   - markus@cvs.openbsd.org 2001/10/06 11:18:19
+     [sshconnect1.c sshconnect2.c sshconnect.c]
+     unify hostkey check error messages, simplify prompt.
+   - markus@cvs.openbsd.org 2001/10/07 10:29:52
+     [authfile.c]
+     grammer; Matthew_Clarke@mindlink.bc.ca
+   - markus@cvs.openbsd.org 2001/10/07 17:49:40
+     [channels.c channels.h]
+     avoid possible FD_ISSET overflow for channels established
+     during channnel_after_select() (used for dynamic channels).
+   - markus@cvs.openbsd.org 2001/10/08 11:48:57
+     [channels.c]
+     better debug
+   - markus@cvs.openbsd.org 2001/10/08 16:15:47
+     [sshconnect.c]
+     use correct family for -b option
+   - markus@cvs.openbsd.org 2001/10/08 19:05:05
+     [ssh.c sshconnect.c sshconnect.h ssh-keyscan.c]
+     some more IPv4or6 cleanup
+   - markus@cvs.openbsd.org 2001/10/09 10:12:08
+     [session.c]
+     chdir $HOME after krb_afslog(); from bbense@networking.stanford.edu
+   - markus@cvs.openbsd.org 2001/10/09 19:32:49
+     [session.c]
+     stat subsystem command before calling do_exec, and return error to client.
+   - markus@cvs.openbsd.org 2001/10/09 19:51:18
+     [serverloop.c]
+     close all channels if the connection to the remote host has been closed,
+     should fix sshd's hanging with WCHAN==wait
+   - markus@cvs.openbsd.org 2001/10/09 21:59:41
+     [channels.c channels.h serverloop.c session.c session.h]
+     simplify session close: no more delayed session_close, no more 
+     blocking wait() calls.
+ - (bal) removed two unsed headers in openbsd-compat/bsd-misc.c 
+ - (bal) seed_init() and seed_rng() required in ssh-keyscan.c
+
+20011007
+ - (bal) ssh-copy-id corrected permissions for .ssh/ and authorized_keys.
+   Prompted by Matthew Vernon <matthew@sel.cam.ac.uk> 
+
+20011005
+ - (bal) AES works under Cray, no more hack. 
+
+20011004
+ - (bal) nchan2.ms resync.  BSD License applied.
+
+20011003
+ - (bal) CVS ID fix up in version.h
+ - (bal) OpenBSD CVS Sync:
+   - markus@cvs.openbsd.org 2001/09/27 11:58:16
+     [compress.c]
+     mem leak; chombier@mac.com
+   - markus@cvs.openbsd.org 2001/09/27 11:59:37
+     [packet.c]
+     missing called=1; chombier@mac.com
+   - markus@cvs.openbsd.org 2001/09/27 15:31:17
+     [auth2.c auth2-chall.c sshconnect1.c]
+     typos; from solar
+   - camield@cvs.openbsd.org 2001/09/27 17:53:24
+     [sshd.8]
+     don't talk about compile-time options
+     ok markus@
+   - djm@cvs.openbsd.org 2001/09/28 12:07:09
+     [ssh-keygen.c]
+     bzero private key after loading to smartcard; ok markus@
+   - markus@cvs.openbsd.org 2001/09/28 15:46:29
+     [ssh.c]
+     bug: read user config first; report kaukasoi@elektroni.ee.tut.fi
+   - markus@cvs.openbsd.org 2001/10/01 08:06:28
+     [scp.c]
+     skip filenames containing \n; report jdamery@chiark.greenend.org.uk
+     and matthew@debian.org
+   - markus@cvs.openbsd.org 2001/10/01 21:38:53
+     [channels.c channels.h ssh.c sshd.c]
+     remove ugliness; vp@drexel.edu via angelos
+   - markus@cvs.openbsd.org 2001/10/01 21:51:16
+     [readconf.c readconf.h ssh.1 sshconnect.c]
+     add NoHostAuthenticationForLocalhost; note that the hostkey is
+     now check for localhost, too.
+   - djm@cvs.openbsd.org 2001/10/02 08:38:50
+     [ssh-add.c]
+     return non-zero exit code on error; ok markus@
+   - stevesk@cvs.openbsd.org 2001/10/02 22:56:09
+     [sshd.c]
+     #include "channels.h" for channel_set_af()
+   - markus@cvs.openbsd.org 2001/10/03 10:01:20
+     [auth.c]
+     use realpath() for homedir, too. from jinmei@isl.rdc.toshiba.co.jp
+
+20011001
+ - (stevesk) loginrec.c: fix type conversion problems exposed when using
+   64-bit off_t.
+	
+20010929
+ - (bal) move reading 'config.h' up higher.  Patch by albert chin
+   <china@thewrittenword.com)
+
+20010928
+ - (djm) OpenBSD CVS sync:
+   - djm@cvs.openbsd.org 2001/09/28 09:49:31
+     [scard.c]
+     Fix segv when smartcard communication error occurs during key load. 
+     ok markus@
+ - (djm) Update spec files for new x11-askpass
+
+20010927
+ - (stevesk) session.c: declare do_pre_login() before use
+   wayned@users.sourceforge.net
+
+20010925
+ - (djm) Pull in auth-krb5.c from OpenBSD CVS. NB. it is not currently used.
+ - (djm) Sync $sysconfdir/moduli
+ - (djm) Add AC_SYS_LARGEFILE configure test
+ - (djm) Avoid bad and unportable sprintf usage in compat code
+
+20010923
+ - (bal) updated ssh.c to mirror minor getopts 'extern int' formating done
+   by stevesk@
+ - (bal) Removed 'extern int optopt;' since it is dead wood.
+ - (bal) Updated all *.specs for 2.9.9p1 and updated version.h
+
+20010923
+ - (bal) OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/09/23 11:09:13
+     [authfile.c]
+     relax permission check for private key files.
+   - markus@cvs.openbsd.org 2001/09/23 09:58:13
+     [LICENCE]
+     new rijndael implementation
+
+20010920
+ - (tim) [scard/Makefile.in] Don't strip the Java binary
+ - (stevesk) sun_len, SUN_LEN() configure stuff no longer required
+ - (bal) OpenBSD CVS Sync
+   - stevesk@cvs.openbsd.org 2001/09/20 00:15:54
+     [sshd.8]
+     fix ClientAliveCountMax
+   - markus@cvs.openbsd.org 2001/09/20 13:46:48
+     [auth2.c]
+     key_read returns now -1 or 1
+   - markus@cvs.openbsd.org 2001/09/20 13:50:40
+     [compat.c compat.h ssh.c]
+     bug compat: request a dummy channel for -N (no shell) sessions + 
+     cleanup; vinschen@redhat.com
+   - mouring@cvs.openbsd.org 2001/09/20 20:57:51
+     [sshd_config]
+     CheckMail removed.  OKed stevesk@
+
+20010919
+ - (bal) OpenBSD Sync
+   - markus@cvs.openbsd.org 2001/09/19 10:08:51
+     [sshd.8]
+     command=xxx applies to subsystem now, too
+   - markus@cvs.openbsd.org 2001/09/19 13:23:29
+     [key.c]
+     key_read() now returns -1 on type mismatch, too
+   - stevesk@cvs.openbsd.org 2001/09/19 19:24:19
+     [readconf.c readconf.h scp.c sftp.c ssh.1]
+     add ClearAllForwardings ssh option and set it in scp and sftp; ok 
+     markus@
+   - stevesk@cvs.openbsd.org 2001/09/19 19:35:30
+     [authfd.c]
+     use sizeof addr vs. SUN_LEN(addr) for sockaddr_un.  Stevens 
+     blesses this and we do it this way elsewhere.  this helps in 
+     portable because not all systems have SUN_LEN() and 
+     sockaddr_un.sun_len.  ok markus@
+   - stevesk@cvs.openbsd.org 2001/09/19 21:04:53
+     [sshd.8]
+     missing -t in usage
+   - stevesk@cvs.openbsd.org 2001/09/19 21:41:57
+     [sshd.8]
+     don't advertise -V in usage; ok markus@
+ - (bal) openbsd-compat/vis.[ch] is dead wood.  Removed.
+
+20010918
+ - (djm) Configure support for smartcards. Based on Ben's work.
+ - (djm) Revert setgroups call, it causes problems on OS-X
+ - (djm) Avoid warning on BSDgetopt
+ - (djm) More makefile infrastructre for smartcard support, also based
+   on Ben's work
+ - (djm) Specify --datadir in RPM spec files so smartcard applet gets
+    put somewhere sane. Add Ssh.bin to manifest.
+ - (djm) Make smartcard support conditional in Redhat RPM spec
+ - (bal) LICENCE update.  Has not been done in a while.
+ - (stevesk) nchan.c: we use X/Open Sockets on HP-UX now so shutdown(2)
+   returns ENOTCONN vs. EINVAL for socket not connected; remove EINVAL
+   check. ok Lutz Jaenicke
+ - (bal) OpenBSD CVS Sync
+   - stevesk@cvs.openbsd.org 2001/09/17 17:57:57
+     [scp.1 scp.c sftp.1 sftp.c]
+     add -Fssh_config option; ok markus@
+   - stevesk@cvs.openbsd.org 2001/09/17 19:27:15
+     [kexdh.c kexgex.c key.c key.h ssh-dss.c ssh-keygen.c ssh-rsa.c]
+     u_char*/char* cleanup; ok markus
+   - markus@cvs.openbsd.org 2001/09/17 20:22:14
+     [scard.c]
+     never keep a connection to the smartcard open.
+     allows ssh-keygen -D U while the agent is running; report from 
+     jakob@
+   - stevesk@cvs.openbsd.org 2001/09/17 20:38:09
+     [sftp.1 sftp.c]
+     cleanup and document -1, -s and -S; ok markus@
+   - markus@cvs.openbsd.org 2001/09/17 20:50:22
+     [key.c ssh-keygen.c]
+     better error handling if you try to export a bad key to ssh.com
+   - markus@cvs.openbsd.org 2001/09/17 20:52:47
+     [channels.c channels.h clientloop.c]
+     try to fix agent-forwarding-backconnection-bug, as seen on HPUX, 
+     for example; with Lutz.Jaenicke@aet.TU-Cottbus.DE,
+   - markus@cvs.openbsd.org 2001/09/17 21:04:02
+     [channels.c serverloop.c]
+     don't send fake dummy packets on CR (\r)
+     bugreport from yyua@cs.sfu.ca via solar@@openwall.com
+   - markus@cvs.openbsd.org 2001/09/17 21:09:47
+     [compat.c]
+     more versions suffering the SSH_BUG_DEBUG bug;
+     3.0.x reported by dbutts@maddog.storability.com
+   - stevesk@cvs.openbsd.org 2001/09/17 23:56:07
+     [scp.1]
+     missing -B in usage string
+
+20010917
+ - (djm) x11-ssh-askpass-1.2.4 in RPM spec, revert workarounds
+ - (tim) [includes.h openbsd-compat/getopt.c openbsd-compat/getopt.h]
+	 rename getopt() to BSDgetopt() to keep form conflicting with
+	 system getopt().
+	 [Makefile.in configure.in] disable filepriv until I can add
+	 missing procpriv calls.
+
+20010916
+ - (djm) Workaround XFree breakage in RPM spec file
+ - (bal) OpenBSD CVS Sync
+    - markus@cvs.openbsd.org 2001/09/16 14:46:54
+      [session.c]
+      calls krb_afslog() after setting $HOME; mattiasa@e.kth.se; fixes
+      pr 1943b
+
+20010915
+ - (djm) Make do_pre_login static to avoid prototype #ifdef hell
+ - (djm) Sync scard/ stuff
+ - (djm) Redhat spec file cleanups from Pekka Savola <pekkas@netcore.fi> and
+   Redhat
+ - (djm) Redhat initscript config sanity checking from Pekka Savola 
+   <pekkas@netcore.fi>
+ - (djm) Clear supplemental groups at sshd start to prevent them from 
+   being propogated to random PAM modules. Based on patch from Redhat via
+   Pekka Savola <pekkas@netcore.fi>
+ - (djm) Make sure rijndael.c picks config.h
+ - (djm) Ensure that u_char gets defined
+
+20010914
+ - (bal) OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/09/13
+     [rijndael.c rijndael.h]
+     missing $OpenBSD
+   - markus@cvs.openbsd.org 2001/09/14
+     [session.c]
+     command=xxx overwrites subsystems, too
+   - markus@cvs.openbsd.org 2001/09/14
+     [sshd.c]
+     typo
+
+20010913
+ - (bal) OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/08/23 11:31:59
+     [cipher.c cipher.h]
+     switch to the optimised AES reference code from
+     http://www.esat.kuleuven.ac.be/~rijmen/rijndael/rijndael-fst-3.0.zip
+
+20010912
+ - (bal) OpenBSD CVS Sync
+   - jakob@cvs.openbsd.org 2001/08/16 19:18:34
+     [servconf.c servconf.h session.c sshd.8]
+     deprecate CheckMail. ok markus@
+   - stevesk@cvs.openbsd.org 2001/08/16 20:14:57
+     [ssh.1 sshd.8]
+     document case sensitivity for ssh, sshd and key file
+     options and arguments; ok markus@
+   - stevesk@cvs.openbsd.org 2001/08/17 18:59:47
+     [servconf.h]
+     typo in comment
+   - stevesk@cvs.openbsd.org 2001/08/21 21:47:42
+     [ssh.1 sshd.8]
+     minor typos and cleanup
+   - stevesk@cvs.openbsd.org 2001/08/22 16:21:21
+     [ssh.1]
+     hostname not optional; ok markus@
+   - stevesk@cvs.openbsd.org 2001/08/22 16:30:02
+     [sshd.8]
+     no rexd; ok markus@
+   - stevesk@cvs.openbsd.org 2001/08/22 17:45:16
+     [ssh.1]
+     document cipher des for protocol 1; ok deraadt@
+   - camield@cvs.openbsd.org 2001/08/23 17:59:31
+     [sshd.c]
+     end request with 0, not NULL
+     ok markus@
+   - stevesk@cvs.openbsd.org 2001/08/23 18:02:48
+     [ssh-agent.1]
+     fix usage; ok markus@
+   - stevesk@cvs.openbsd.org 2001/08/23 18:08:59
+     [ssh-add.1 ssh-keyscan.1]
+     minor cleanup
+   - danh@cvs.openbsd.org 2001/08/27 22:02:13
+     [ssh-keyscan.c]
+     fix memory fault if non-existent filename is given to the -f option
+     ok markus@
+   - markus@cvs.openbsd.org 2001/08/28 09:51:26
+     [readconf.c]
+     don't set DynamicForward unless Host matches
+   - markus@cvs.openbsd.org 2001/08/28 15:39:48
+     [ssh.1 ssh.c]
+     allow: ssh -F configfile host
+   - markus@cvs.openbsd.org 2001/08/29 20:44:03
+     [scp.c]
+     clear the malloc'd buffer, otherwise source() will leak malloc'd 
+     memory; ok theo@
+   - stevesk@cvs.openbsd.org 2001/08/29 23:02:21
+     [sshd.8]
+     add text about -u0 preventing DNS requests; ok markus@
+   - stevesk@cvs.openbsd.org 2001/08/29 23:13:10
+     [ssh.1 ssh.c]
+     document -D and DynamicForward; ok markus@
+   - stevesk@cvs.openbsd.org 2001/08/29 23:27:23
+     [ssh.c]
+     validate ports for -L/-R; ok markus@
+   - stevesk@cvs.openbsd.org 2001/08/29 23:39:40
+     [ssh.1 sshd.8]
+     additional documentation for GatewayPorts; ok markus@
+   - naddy@cvs.openbsd.org 2001/08/30 15:42:36
+     [ssh.1]
+     add -D to synopsis line; ok markus@
+   - stevesk@cvs.openbsd.org 2001/08/30 16:04:35
+     [readconf.c ssh.1]
+     validate ports for LocalForward/RemoteForward.
+     add host/port alternative syntax for IPv6 (like -L/-R).
+     ok markus@
+   - stevesk@cvs.openbsd.org 2001/08/30 20:36:34
+     [auth-options.c sshd.8]
+     validate ports for permitopen key file option. add host/port
+     alternative syntax for IPv6. ok markus@
+   - markus@cvs.openbsd.org 2001/08/30 22:22:32
+     [ssh-keyscan.c]
+     do not pass pointers to longjmp; fix from wayne@blorf.net
+   - markus@cvs.openbsd.org 2001/08/31 11:46:39
+     [sshconnect2.c]
+     disable kbd-interactive if we don't get SSH2_MSG_USERAUTH_INFO_REQUEST
+     messages
+   - stevesk@cvs.openbsd.org 2001/09/03 20:58:33
+     [readconf.c readconf.h ssh.c]
+     fatal() for nonexistent -Fssh_config. ok markus@
+   - deraadt@cvs.openbsd.org 2001/09/05 06:23:07
+     [scp.1 sftp.1 ssh.1 ssh-agent.1 sshd.8 ssh-keygen.1 ssh-keyscan.1]
+     avoid first person in manual pages
+   - stevesk@cvs.openbsd.org 2001/09/12 18:18:25
+     [scp.c]
+     don't forward agent for non third-party copies; ok markus@
+
+20010815
+ - (bal) Fixed stray code in readconf.c that went in by mistake.
+ - OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/08/07 10:37:46
+     [authfd.c authfd.h]
+     extended failure messages from galb@vandyke.com
+   - deraadt@cvs.openbsd.org 2001/08/08 07:16:58
+     [scp.1]
+     when describing the -o option, give -o Protocol=1 as the specific example
+     since we are SICK AND TIRED of clueless people who cannot have difficulty
+     thinking on their own.
+   - markus@cvs.openbsd.org 2001/08/08 18:20:15
+     [uidswap.c]
+     permanently_set_uid is a noop if user is not privilegued;
+     fixes bug on solaris; from sbi@uchicago.edu
+   - markus@cvs.openbsd.org 2001/08/08 21:34:19
+     [uidswap.c]
+     undo last change; does not work for sshd
+   - jakob@cvs.openbsd.org 2001/08/11 22:51:27
+     [ssh.c tildexpand.c]
+     fix more paths beginning with "//"; <bradshaw@staff.crosswalk.com>. 
+     ok markus@
+   - stevesk@cvs.openbsd.org 2001/08/13 23:38:54
+     [scp.c]
+     don't need main prototype (also sync with rcp); ok markus@
+   - markus@cvs.openbsd.org 2001/08/14 09:23:02
+     [sftp.1 sftp-int.c]
+     "bye"; hk63a@netscape.net
+   - stevesk@cvs.openbsd.org 2001/08/14 17:54:29
+     [scp.1 sftp.1 ssh.1]
+     consistent documentation and example of ``-o ssh_option'' for sftp and
+     scp; document keyword=argument for ssh.
+ - (bal) QNX resync.   OK tim@
+
+20010814
+ - (stevesk) sshpty.c, cray.[ch]: whitespace, formatting and cleanup
+   for some #ifdef _CRAY code; ok wendyp@cray.com
+ - (stevesk) sshpty.c: return 0 on error in cray pty code;
+   ok wendyp@cray.com
+ - (stevesk) bsd-cray.c: utmp strings are not C strings
+ - (stevesk) bsd-cray.c: more cleanup; ok wendyp@cray.com
+
+20010812
+ - (djm) Fix detection of long long int support. Based on patch from 
+   Michael Stone <mstone@cs.loyola.edu>. ok stevesk, tim
+
+20010808
+ - (bal) Minor correction to inet_ntop.h.  _BSD_RRESVPORT_H should be
+   _BSD_INET_NTOP_H.  Pointed out by Mark Miller <markm@swoon.net> 
+
+20010807
+ - (tim) [configure.in sshconnect.c openbsd-compat/Makefile.in
+	 openbsd-compat/openbsd-compat.h ] Add inet_ntop.c inet_ntop.h back
+	 in. Needed for sshconnect.c
+	 [sshconnect.c] fix INET6_ADDRSTRLEN for non IPv6 machines
+	 [configure.in] make tests with missing libraries fail
+	 patch by Wendy Palm <wendyp@cray.com>
+	 Added openbsd-compat/bsd-cray.h. Selective patches from
+	 William L. Jones <jones@mail.utexas.edu> 
+
+20010806
+ - OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/07/22 21:32:27
+     [sshpty.c]
+     update comment
+   - pvalchev@cvs.openbsd.org 2001/07/22 21:32:42
+     [ssh.1]
+     There is no option "Compress", point to "Compression" instead; ok 
+     markus
+   - markus@cvs.openbsd.org 2001/07/22 22:04:19
+     [readconf.c ssh.1]
+     enable challenge-response auth by default; ok millert@
+   - markus@cvs.openbsd.org 2001/07/22 22:24:16
+     [sshd.8]
+     Xr login.conf
+   - markus@cvs.openbsd.org 2001/07/23 09:06:28
+     [sshconnect2.c]
+     reorder default sequence of userauth methods to match ssh behaviour:
+     hostbased,publickey,keyboard-interactive,password
+   - markus@cvs.openbsd.org 2001/07/23 12:47:05
+     [ssh.1]
+     sync PreferredAuthentications
+   - aaron@cvs.openbsd.org 2001/07/23 14:14:18
+     [ssh-keygen.1]
+     Fix typo.
+   - stevesk@cvs.openbsd.org 2001/07/23 18:14:58
+     [auth2.c auth-rsa.c]
+     use %lu; ok markus@
+   - stevesk@cvs.openbsd.org 2001/07/23 18:21:46
+     [xmalloc.c]
+     no zero size xstrdup() error; ok markus@
+   - markus@cvs.openbsd.org 2001/07/25 11:59:35
+     [scard.c]
+     typo in comment
+   - markus@cvs.openbsd.org 2001/07/25 14:35:18
+     [readconf.c ssh.1 ssh.c sshconnect.c]
+     cleanup connect(); connection_attempts 4 -> 1; from 
+     eivind@freebsd.org
+   - stevesk@cvs.openbsd.org 2001/07/26 17:18:22
+     [sshd.8 sshd.c]
+     add -t option to test configuration file and keys; pekkas@netcore.fi
+     ok markus@
+   - rees@cvs.openbsd.org 2001/07/26 20:04:27
+     [scard.c ssh-keygen.c]
+     Inquire Cyberflex class for 0xf0 cards
+     change aid to conform to 7816-5
+     remove gratuitous fid selects
+   - millert@cvs.openbsd.org 2001/07/27 14:50:45
+     [ssh.c]
+     If smart card support is compiled in and a smart card is being used
+     for authentication, make it the first method used.  markus@ OK
+   - deraadt@cvs.openbsd.org 2001/07/27 17:26:16
+     [scp.c]
+     shorten lines
+   - markus@cvs.openbsd.org 2001/07/28 09:21:15
+     [sshd.8]
+     cleanup some RSA vs DSA vs SSH1 vs SSH2 notes
+   - mouring@cvs.openbsd.org 2001/07/29 17:02:46
+     [scp.1]
+     Clarified -o option in scp.1  OKed by Markus@
+   - jakob@cvs.openbsd.org 2001/07/30 16:06:07
+     [scard.c scard.h]
+     better errorcodes from sc_*; ok markus@
+   - stevesk@cvs.openbsd.org 2001/07/30 16:23:30
+     [rijndael.c rijndael.h]
+     new BSD-style license:
+     Brian Gladman <brg@gladman.plus.com>:
+     >I have updated my code at:
+     >http://fp.gladman.plus.com/cryptography_technology/rijndael/index.htm
+     >with a copyright notice as follows:
+     >[...]
+     >I am not sure which version of my old code you are using but I am
+     >happy for the notice above to be substituted for my existing copyright
+     >intent if this meets your purpose.
+   - jakob@cvs.openbsd.org 2001/07/31 08:41:10
+     [scard.c]
+     do not complain about missing smartcards. ok markus@
+   - jakob@cvs.openbsd.org 2001/07/31 09:28:44
+     [readconf.c readconf.h ssh.1 ssh.c]
+     add 'SmartcardDevice' client option to specify which smartcard device 
+     is used to access a smartcard used for storing the user's private RSA 
+     key. ok markus@.
+   - jakob@cvs.openbsd.org 2001/07/31 12:42:50
+     [sftp-int.c sftp-server.c]
+     avoid paths beginning with "//"; <vinschen@redhat.com>
+     ok markus@
+   - jakob@cvs.openbsd.org 2001/07/31 12:53:34
+     [scard.c]
+     close smartcard connection if card is missing
+   - markus@cvs.openbsd.org 2001/08/01 22:03:33
+     [authfd.c authfd.h readconf.c readconf.h scard.c scard.h ssh-add.c 
+      ssh-agent.c ssh.c]
+     use strings instead of ints for smartcard reader ids
+   - markus@cvs.openbsd.org 2001/08/01 22:16:45
+     [ssh.1 sshd.8]
+     refer to current ietf drafts for protocol v2
+   - markus@cvs.openbsd.org 2001/08/01 23:33:09
+     [ssh-keygen.c]
+     allow uploading RSA keys for non-default AUT0 (sha1 over passphrase 
+     like sectok).
+  - markus@cvs.openbsd.org 2001/08/01 23:38:45
+     [scard.c ssh.c]
+     support finish rsa keys.
+     free public keys after login -> call finish -> close smartcard.
+   - markus@cvs.openbsd.org 2001/08/02 00:10:17
+     [ssh-keygen.c]
+     add -D readerid option (download, i.e. print public RSA key to stdout).
+     check for card present when uploading keys.
+     use strings instead of ints for smartcard reader ids, too.
+   - jakob@cvs.openbsd.org 2001/08/02 08:58:35
+     [ssh-keygen.c]
+     change -u (upload smartcard key) to -U. ok markus@
+   - jakob@cvs.openbsd.org 2001/08/02 15:06:52
+     [ssh-keygen.c]
+     more verbose usage(). ok markus@
+   - jakob@cvs.openbsd.org 2001/08/02 15:07:23
+     [ssh-keygen.1]
+     document smartcard upload/download. ok markus@
+   - jakob@cvs.openbsd.org 2001/08/02 15:32:10
+     [ssh.c]
+     add smartcard to usage(). ok markus@
+   - jakob@cvs.openbsd.org 2001/08/02 15:43:57
+     [ssh-agent.c ssh.c ssh-keygen.c]
+     add /* SMARTCARD */ to #else/#endif. ok markus@
+  - jakob@cvs.openbsd.org 2001/08/02 16:14:05
+     [scard.c ssh-agent.c ssh.c ssh-keygen.c]
+     clean up some /* SMARTCARD */. ok markus@
+   - mpech@cvs.openbsd.org 2001/08/02 18:37:35
+     [ssh-keyscan.1]
+     o) .Sh AUTHOR -> .Sh AUTHORS;
+     o) .Sh EXAMPLE -> .Sh EXAMPLES;
+     o) Delete .Sh OPTIONS. Text moved to .Sh DESCRIPTION;
+ 
+     millert@ ok
+   - jakob@cvs.openbsd.org 2001/08/03 10:31:19
+     [ssh-add.1]
+     document smartcard options. ok markus@
+   - jakob@cvs.openbsd.org 2001/08/03 10:31:30
+     [ssh-add.c ssh-agent.c ssh-keyscan.c]
+     improve usage(). ok markus@
+   - markus@cvs.openbsd.org 2001/08/05 23:18:20
+     [ssh-keyscan.1 ssh-keyscan.c]
+     ssh 2 support; from wayned@users.sourceforge.net
+   - markus@cvs.openbsd.org 2001/08/05 23:29:58
+     [ssh-keyscan.c]
+     make -t dsa work with commercial servers, too
+   - stevesk@cvs.openbsd.org 2001/08/06 19:47:05
+     [scp.c]
+     use alarm vs. setitimer for portable; ok markus@
+ - (bal) ssh-keyscan double -lssh hack due to seed_rng().
+ - (bal) Second around of UNICOS patches.  A few other things left. 
+   Patches by William L. Jones <jones@mail.utexas.edu> 
+
+20010803
+ - (djm) Fix interrupted read in entropy gatherer. Spotted by markus@ on
+   a fast UltraSPARC.
+
+20010726
+ - (stevesk) use mysignal() in protocol 1 loop now that the SIGCHLD
+   handler has converged.
+
+20010725
+ - (bal) Added 'install-nokeys' to Makefile to assist package builders.
+
+20010724
+ - (bal) 4711 not 04711 for ssh binary.
+
+20010722
+ - (bal) Starting the Unicossmk merger.  File merged TODO, configure.in,
+ 	 myproposal.h, ssh_prng_cmds.in, and openbsd-compat/Makefile.in.
+	 Added openbsd-compat/bsd-cray.c.  Rest will be merged after
+	 approval.  Selective patches from William L. Jones 
+	 <jones@mail.utexas.edu> 
+ - OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/07/18 21:10:43
+     [sshpty.c]
+     pr #1946, allow sshd if /dev is readonly
+   - stevesk@cvs.openbsd.org 2001/07/18 21:40:40
+     [ssh-agent.c]
+     chdir("/") from bbraun@synack.net; ok markus@
+   - stevesk@cvs.openbsd.org 2001/07/19 00:41:44
+     [ssh.1]
+     escape chars are below now
+   - markus@cvs.openbsd.org 2001/07/20 14:46:11
+     [ssh-agent.c]
+     do not exit() from signal handlers; ok deraadt@
+   - stevesk@cvs.openbsd.org 2001/07/20 18:41:51
+     [ssh.1]
+     "the" command line
+
+20010719
+ - (tim) [configure.in] put inet_aton back in AC_CHECK_FUNCS.
+	 report from Mark Miller <markm@swoon.net>
+
+20010718
+ - OpenBSD CVS Sync
+   - stevesk@cvs.openbsd.org 2001/07/14 15:10:17
+     [readpass.c sftp-client.c sftp-common.c sftp-glob.c]
+     delete spurious #includes; ok deraadt@ markus@
+   - markus@cvs.openbsd.org 2001/07/15 16:17:08
+     [serverloop.c]
+     schedule client alive for ssh2 only, greg@cheers.bungi.com
+   - stevesk@cvs.openbsd.org 2001/07/15 16:57:21
+     [ssh-agent.1]
+     -d will not fork; ok markus@
+   - stevesk@cvs.openbsd.org 2001/07/15 16:58:29
+     [ssh-agent.c]
+     typo in usage; ok markus@
+   - markus@cvs.openbsd.org 2001/07/17 20:48:42
+     [ssh-agent.c]
+     update maxfd if maxfd is closed; report from jmcelroy@dtgnet.com
+   - markus@cvs.openbsd.org 2001/07/17 21:04:58
+     [channels.c channels.h clientloop.c nchan.c serverloop.c]
+     keep track of both maxfd and the size of the malloc'ed fdsets.
+     update maxfd if maxfd gets closed.
+   - mouring@cvs.openbsd.org 2001/07/18 16:45:52
+     [scp.c]
+     Missing -o in scp usage()
+ - (bal) Cleaned up trailing spaces in ChangeLog.
+ - (bal) Allow sshd to switch user context without password for Cygwin.
+         Patch by Corinna Vinschen <vinschen@redhat.com>
+ - (bal) Updated cygwin README and ssh-host-config.  Patch by
+ 	 Corinna Vinschen <vinschen@redhat.com>
+
+20010715
+ - (bal) Set "BROKEN_GETADDRINFO" for darwin platform.  Reported by
+   Josh Larios <jdlarios@cac.washington.edu>
+ - (tim) put openssh/openbsd-compat/inet_aton.[ch] back in.
+	 needed by openbsd-compat/fake-getaddrinfo.c
+
+20010714
+ - (stevesk) change getopt() declaration
+ - (stevesk) configure.in: use ll suffix for long long constant
+   in snprintf() test
+
+20010713
+ - (djm) Enable /etc/nologin check on PAM systems, as some lack the
+   pam_nologin module. Report from William Yodlowsky
+   <bsd@openbsd.rutgers.edu>
+ - (djm) Revert dirname fix, a better one is on its way.
+ - OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/07/04 22:47:19
+     [ssh-agent.c]
+     ignore SIGPIPE when debugging, too
+   - markus@cvs.openbsd.org 2001/07/04 23:13:10
+     [scard.c scard.h ssh-agent.c]
+     handle card removal more gracefully, add sc_close() to scard.h
+   - markus@cvs.openbsd.org 2001/07/04 23:39:07
+     [ssh-agent.c]
+     for smartcards remove both RSA1/2 keys
+   - markus@cvs.openbsd.org 2001/07/04 23:49:27
+     [ssh-agent.c]
+     handle mutiple adds of the same smartcard key
+   - espie@cvs.openbsd.org 2001/07/05 11:43:33
+     [sftp-glob.c]
+     Directly cast to the right type. Ok markus@
+   - stevesk@cvs.openbsd.org 2001/07/05 20:32:47
+     [sshconnect1.c]
+     statement after label; ok dugsong@
+   - stevesk@cvs.openbsd.org 2001/07/08 15:23:38
+     [servconf.c]
+     fix ``MaxStartups max''; ok markus@
+   - fgsch@cvs.openbsd.org 2001/07/09 05:58:47
+     [ssh.c]
+     Use getopt(3); markus@ ok.
+   - deraadt@cvs.openbsd.org 2001/07/09 07:04:53
+     [session.c sftp-int.c]
+     correct type on last arg to execl(); nordin@cse.ogi.edu
+   - markus@cvs.openbsd.org 2001/07/10 21:49:12
+     [readpass.c]
+     don't panic if fork or pipe fail (just return an empty passwd).
+   - itojun@cvs.openbsd.org 2001/07/11 00:24:53
+     [servconf.c]
+     make it compilable in all 4 combination of KRB4/KRB5 settings.
+     dugsong ok
+     XXX isn't it sensitive to the order of -I/usr/include/kerberosIV and
+     -I/usr/include/kerberosV?
+   - markus@cvs.openbsd.org 2001/07/11 16:29:59
+     [ssh.c]
+     sort options string, fix -p, add -k
+   - markus@cvs.openbsd.org 2001/07/11 18:26:15
+     [auth.c]
+     no need to call dirname(pw->pw_dir).
+     note that dirname(3) modifies its argument on some systems.
+ - (djm) Reorder Makefile.in so clean targets work a little better when
+   run directly from Makefile.in
+ - (djm) Pull in getopt(3) from OpenBSD libc for the optreset extension.
+
+20010711
+ - (djm) dirname(3) may modify its argument on glibc and other systems.
+   Patch from markus@, spotted by Tom Holroyd <tomh@po.crl.go.jp>
+
+20010704
+ - OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/06/25 08:25:41
+     [channels.c channels.h cipher.c clientloop.c compat.c compat.h
+      hostfile.c kex.c kex.h key.c key.h nchan.c packet.c serverloop.c
+      session.c session.h sftp-server.c ssh-add.c ssh-agent.c uuencode.h]
+     update copyright for 2001
+   - markus@cvs.openbsd.org 2001/06/25 17:18:27
+     [ssh-keygen.1]
+     sshd(8) will never read the private keys, but ssh(1) does;
+     hugh@mimosa.com
+   - provos@cvs.openbsd.org 2001/06/25 17:54:47
+     [auth.c auth.h auth-rsa.c]
+     terminate secure_filename checking after checking homedir.  that way
+     it works on AFS.  okay markus@
+   - stevesk@cvs.openbsd.org 2001/06/25 20:26:37
+     [auth2.c sshconnect2.c]
+     prototype cleanup; ok markus@
+   - markus@cvs.openbsd.org 2001/06/26 02:47:07
+     [ssh-keygen.c]
+     allow loading a private RSA key to a cyberflex card.
+   - markus@cvs.openbsd.org 2001/06/26 04:07:06
+     [ssh-agent.1 ssh-agent.c]
+     add debug flag
+   - markus@cvs.openbsd.org 2001/06/26 04:59:59
+     [authfd.c authfd.h ssh-add.c]
+     initial support for smartcards in the agent
+   - markus@cvs.openbsd.org 2001/06/26 05:07:43
+     [ssh-agent.c]
+     update usage
+   - markus@cvs.openbsd.org 2001/06/26 05:33:34
+     [ssh-agent.c]
+     more smartcard support.
+   - mpech@cvs.openbsd.org 2001/06/26 05:48:07
+     [sshd.8]
+     remove unnecessary .Pp between .It;
+     millert@ ok
+   - markus@cvs.openbsd.org 2001/06/26 05:50:11
+     [auth2.c]
+     new interface for secure_filename()
+   - itojun@cvs.openbsd.org 2001/06/26 06:32:58
+     [atomicio.h authfd.h authfile.h auth.h auth-options.h bufaux.h
+      buffer.h canohost.h channels.h cipher.h clientloop.h compat.h
+      compress.h crc32.h deattack.h dh.h dispatch.h groupaccess.h
+      hostfile.h kex.h key.h log.h mac.h match.h misc.h mpaux.h packet.h
+      radix.h readconf.h readpass.h rsa.h]
+     prototype pedant.  not very creative...
+     - () -> (void)
+     - no variable names
+   - itojun@cvs.openbsd.org 2001/06/26 06:33:07
+     [servconf.h serverloop.h session.h sftp-client.h sftp-common.h
+      sftp-glob.h sftp-int.h sshconnect.h ssh-dss.h sshlogin.h sshpty.h
+      ssh-rsa.h tildexpand.h uidswap.h uuencode.h xmalloc.h]
+     prototype pedant.  not very creative...
+     - () -> (void)
+     - no variable names
+   - dugsong@cvs.openbsd.org 2001/06/26 16:15:25
+     [auth1.c auth.h auth-krb4.c auth-passwd.c readconf.c readconf.h
+      servconf.c servconf.h session.c sshconnect1.c sshd.c]
+     Kerberos v5 support for SSH1, mostly from Assar Westerlund
+     <assar@freebsd.org> and Bjorn Gronvall <bg@sics.se>. markus@ ok
+   - markus@cvs.openbsd.org 2001/06/26 17:25:34
+     [ssh.1]
+     document SSH_ASKPASS; fubob@MIT.EDU
+   - markus@cvs.openbsd.org 2001/06/26 17:27:25
+     [authfd.h authfile.h auth.h auth-options.h bufaux.h buffer.h
+      canohost.h channels.h cipher.h clientloop.h compat.h compress.h
+      crc32.h deattack.h dh.h dispatch.h groupaccess.c groupaccess.h
+      hostfile.h kex.h key.h log.c log.h mac.h misc.c misc.h mpaux.h
+      packet.h radix.h readconf.h readpass.h rsa.h servconf.h serverloop.h
+      session.h sftp-common.c sftp-common.h sftp-glob.h sftp-int.h
+      sshconnect.h ssh-dss.h sshlogin.h sshpty.h ssh-rsa.h sshtty.h
+      tildexpand.h uidswap.h uuencode.h xmalloc.h]
+     remove comments from .h, since they are cut&paste from the .c files
+     and out of sync
+   - dugsong@cvs.openbsd.org 2001/06/26 17:41:49
+     [servconf.c]
+     #include <kafs.h>
+   - markus@cvs.openbsd.org 2001/06/26 20:14:11
+     [key.c key.h ssh.c sshconnect1.c sshconnect2.c]
+     add smartcard support to the client, too (now you can use both
+     the agent and the client).
+   - markus@cvs.openbsd.org 2001/06/27 02:12:54
+     [serverloop.c serverloop.h session.c session.h]
+     quick hack to make ssh2 work again.
+   - markus@cvs.openbsd.org 2001/06/27 04:48:53
+     [auth.c match.c sshd.8]
+     tridge@samba.org
+   - markus@cvs.openbsd.org 2001/06/27 05:35:42
+     [ssh-keygen.c]
+     use cyberflex_inq_class to inquire class.
+   - markus@cvs.openbsd.org 2001/06/27 05:42:25
+     [rsa.c rsa.h ssh-agent.c ssh-keygen.c]
+     s/generate_additional_parameters/rsa_generate_additional_parameters/
+     http://www.humppa.com/
+   - markus@cvs.openbsd.org 2001/06/27 06:26:36
+     [ssh-add.c]
+     convert to getopt(3)
+   - stevesk@cvs.openbsd.org 2001/06/28 19:57:35
+     [ssh-keygen.c]
+     '\0' terminated data[] is ok; ok markus@
+   - markus@cvs.openbsd.org 2001/06/29 07:06:34
+     [ssh-keygen.c]
+     new error handling for cyberflex_*
+   - markus@cvs.openbsd.org 2001/06/29 07:11:01
+     [ssh-keygen.c]
+     initialize early
+   - stevesk@cvs.openbsd.org 2001/06/29 18:38:44
+     [clientloop.c]
+     sync function definition with declaration; ok markus@
+   - stevesk@cvs.openbsd.org 2001/06/29 18:40:28
+     [channels.c]
+     use socklen_t for getsockopt arg #5; ok markus@
+   - stevesk@cvs.openbsd.org 2001/06/30 18:08:40
+     [channels.c channels.h clientloop.c]
+     adress -> address; ok markus@
+   - markus@cvs.openbsd.org 2001/07/02 13:59:15
+     [serverloop.c session.c session.h]
+     wait until !session_have_children(); bugreport from
+     Lutz.Jaenicke@aet.TU-Cottbus.DE
+   - markus@cvs.openbsd.org 2001/07/02 22:29:20
+     [readpass.c]
+     do not return NULL, use "" instead.
+   - markus@cvs.openbsd.org 2001/07/02 22:40:18
+     [ssh-keygen.c]
+     update for sectok.h interface changes.
+   - markus@cvs.openbsd.org 2001/07/02 22:52:57
+     [channels.c channels.h serverloop.c]
+     improve cleanup/exit logic in ssh2:
+     stop listening to channels, detach channel users (e.g. sessions).
+     wait for children (i.e. dying sessions), send exit messages,
+     cleanup all channels.
+ - (bal) forget a few new files in sync up.
+ - (bal) Makefile fix up requires scard.c
+ - (stevesk) sync misc.h
+ - (stevesk) more sync for session.c
+ - (stevesk) sync servconf.h (comments)
+ - (tim) [contrib/caldera/openssh.spec] sync with Caldera
+ - (tim) [openbsd-compat/dirname.h] Remove ^M causing some compilers to
+	 issue warning (line 1: tokens ignored at end of directive line)
+ - (tim) [sshconnect1.c] give the compiler something to do for success:
+	 if KRB5 and AFS are not defined
+	 (ERROR: "sshconnect1.c", line 1274: Syntax error before or at: })
+
+20010629
+ - (bal) Removed net_aton() since we don't use it any more
+ - (bal) Fixed _DISABLE_VPOSIX in readpassphrase.c.
+ - (bal) Updated zlib's home.  Thanks to David Howe <DaveHowe@gmx.co.uk>.
+ - (stevesk) remove _REENTRANT #define
+ - (stevesk) session.c: use u_int for envsize
+ - (stevesk) remove cli.[ch]
+
+20010628
+ - (djm) Sync openbsd-compat with -current libc
+ - (djm) Fix from Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE> for my
+   broken makefile
+ - (bal) Removed strtok_r() and inet_ntop() since they are no longer used.
+ - (bal) Remove getusershell() since it's no longer used.
+
+20010627
+ - (djm) Reintroduce pam_session call for non-pty sessions.
+ - (djm) Remove redundant and incorrect test for max auth attempts in
+   PAM kbdint code. Based on fix from Matthew Melvin
+  <matthewm@webcentral.com.au>
+ - (djm) Rename sysconfdir/primes => sysconfdir/moduli
+ - (djm) Oops, forgot make logic for primes=>moduli. Also try to rename
+   existing primes->moduli if it exists.
+ - (djm) Sync with -current openbsd-compat/readpassphrase.c:
+   - djm@cvs.openbsd.org 2001/06/27 13:23:30
+     typo, spotted by Tom Holroyd <tomh@po.crl.go.jp>; ok deraadt@
+ - (djm) Turn up warnings if gcc or egcs detected
+ - (stevesk) for HP-UX 11.X use X/Open socket interface;
+    pulls in modern socket prototypes and eliminates a number of compiler
+    warnings.  see xopen_networking(7).
+ - (stevesk) fix x11 forwarding from _PATH_XAUTH change
+ - (stevesk) use X/Open socket interface for HP-UX 10.X also
+
+20010625
+ - OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/06/21 21:08:25
+     [session.c]
+     don't reset forced_command (we allow multiple login shells in
+     ssh2); dwd@bell-labs.com
+   - mpech@cvs.openbsd.org 2001/06/22 10:17:51
+     [ssh.1 sshd.8 ssh-keyscan.1]
+     o) .Sh AUTHOR -> .Sh AUTHORS;
+     o) remove unnecessary .Pp;
+     o) better -mdoc style;
+     o) typo;
+     o) sort SEE ALSO;
+     aaron@ ok
+   - provos@cvs.openbsd.org 2001/06/22 21:27:08
+     [dh.c pathnames.h]
+     use /etc/moduli instead of /etc/primes, okay markus@
+   - provos@cvs.openbsd.org 2001/06/22 21:28:53
+     [sshd.8]
+     document /etc/moduli
+   - markus@cvs.openbsd.org 2001/06/22 21:55:49
+     [auth2.c auth-rsa.c pathnames.h ssh.1 sshd.8 sshd_config
+      ssh-keygen.1]
+     merge authorized_keys2 into authorized_keys.
+     authorized_keys2 is used for backward compat.
+     (just append authorized_keys2 to authorized_keys).
+   - provos@cvs.openbsd.org 2001/06/22 21:57:59
+     [dh.c]
+     increase linebuffer to deal with larger moduli; use rewind instead of
+     close/open
+   - markus@cvs.openbsd.org 2001/06/22 22:21:20
+     [sftp-server.c]
+     allow long usernames/groups in readdir
+   - markus@cvs.openbsd.org 2001/06/22 23:35:21
+     [ssh.c]
+     don't overwrite argv (fixes ssh user@host in 'ps'), report by ericj@
+   - deraadt@cvs.openbsd.org 2001/06/23 00:16:16
+     [scp.c]
+     slightly better care
+   - markus@cvs.openbsd.org 2001/06/23 00:20:57
+     [auth2.c auth.c auth.h auth-rh-rsa.c]
+     *known_hosts2 is obsolete for hostbased authentication and
+     only used for backward compat. merge ssh1/2 hostkey check
+     and move it to auth.c
+   - deraadt@cvs.openbsd.org 2001/06/23 02:33:05
+     [sftp.1 sftp-server.8 ssh-keygen.1]
+     join .%A entries; most by bk@rt.fm
+   - markus@cvs.openbsd.org 2001/06/23 02:34:33
+     [kexdh.c kexgex.c kex.h pathnames.h readconf.c servconf.h ssh.1
+      sshconnect1.c sshconnect2.c sshconnect.c sshconnect.h sshd.8]
+     get rid of known_hosts2, use it for hostkey lookup, but do not
+     modify.
+   - markus@cvs.openbsd.org 2001/06/23 03:03:59
+     [sshd.8]
+     draft-ietf-secsh-dh-group-exchange-01.txt
+   - markus@cvs.openbsd.org 2001/06/23 03:04:42
+     [auth2.c auth-rh-rsa.c]
+     restore correct ignore_user_known_hosts logic.
+   - markus@cvs.openbsd.org 2001/06/23 05:26:02
+     [key.c]
+     handle sigature of size 0 (some broken clients send this).
+   - deraadt@cvs.openbsd.org 2001/06/23 05:57:09
+     [sftp.1 sftp-server.8 ssh-keygen.1]
+     ok, tmac is now fixed
+   - markus@cvs.openbsd.org 2001/06/23 06:41:10
+     [ssh-keygen.c]
+     try to decode ssh-3.0.0 private rsa keys
+     (allow migration to openssh, not vice versa), #910
+   - itojun@cvs.openbsd.org 2001/06/23 15:12:20
+     [auth1.c auth2.c auth2-chall.c authfd.c authfile.c auth-rhosts.c
+      canohost.c channels.c cipher.c clientloop.c deattack.c dh.c
+      hostfile.c kex.c kexdh.c kexgex.c key.c nchan.c packet.c radix.c
+      readpass.c scp.c servconf.c serverloop.c session.c sftp.c
+      sftp-client.c sftp-glob.c sftp-int.c sftp-server.c ssh-add.c
+      ssh-agent.c ssh.c sshconnect1.c sshconnect2.c sshconnect.c sshd.c
+      ssh-keygen.c ssh-keyscan.c]
+     more strict prototypes.  raise warning level in Makefile.inc.
+     markus ok'ed
+     TODO; cleanup headers
+   - markus@cvs.openbsd.org 2001/06/23 17:05:22
+     [ssh-keygen.c]
+     fix import for (broken?) ssh.com/f-secure private keys
+     (i tested > 1000 RSA keys)
+   - itojun@cvs.openbsd.org 2001/06/23 17:48:18
+     [sftp.1 ssh.1 sshd.8 ssh-keyscan.1]
+     kill whitespace at EOL.
+   - markus@cvs.openbsd.org 2001/06/23 19:12:43
+     [sshd.c]
+     pidfile/sigterm race; bbraun@synack.net
+   - markus@cvs.openbsd.org 2001/06/23 22:37:46
+     [sshconnect1.c]
+     consistent with ssh2: skip key if empty passphrase is entered,
+     retry num_of_passwd_prompt times if passphrase is wrong. ok fgsch@
+   - markus@cvs.openbsd.org 2001/06/24 05:25:10
+     [auth-options.c match.c match.h]
+     move ip+hostname check to match.c
+   - markus@cvs.openbsd.org 2001/06/24 05:35:33
+     [readpass.c readpass.h ssh-add.c sshconnect2.c ssh-keygen.c]
+     switch to readpassphrase(3)
+     2.7/8-stable needs readpassphrase.[ch] from libc
+   - markus@cvs.openbsd.org 2001/06/24 05:47:13
+     [sshconnect2.c]
+     oops, missing format string
+   - markus@cvs.openbsd.org 2001/06/24 17:18:31
+     [ttymodes.c]
+     passing modes works fine: debug2->3
+ - (djm) -Wall fix for session.c
+ - (djm) Bring in readpassphrase() from OpenBSD libc. Compiles OK on Linux and
+   Solaris
+
+20010622
+ - (stevesk) handle systems without pw_expire and pw_change.
+
+20010621
+ - OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/06/16 08:49:38
+     [misc.c]
+     typo; dunlap@apl.washington.edu
+   - markus@cvs.openbsd.org 2001/06/16 08:50:39
+     [channels.h]
+     bad //-style comment; thx to stevev@darkwing.uoregon.edu
+   - markus@cvs.openbsd.org 2001/06/16 08:57:35
+     [scp.c]
+     no stdio or exit() in signal handlers.
+   - markus@cvs.openbsd.org 2001/06/16 08:58:34
+     [misc.c]
+     copy pw_expire and pw_change, too.
+   - markus@cvs.openbsd.org 2001/06/19 12:34:09
+     [session.c]
+     cleanup forced command handling, from dwd@bell-labs.com
+   - markus@cvs.openbsd.org 2001/06/19 14:09:45
+     [session.c sshd.8]
+     disable x11-fwd if use_login is enabled; from lukem@wasabisystems.com
+   - markus@cvs.openbsd.org 2001/06/19 15:40:45
+     [session.c]
+     allocate and free at the same level.
+   - markus@cvs.openbsd.org 2001/06/20 13:56:39
+     [channels.c channels.h clientloop.c packet.c serverloop.c]
+     move from channel_stop_listening to channel_free_all,
+     call channel_free_all before calling waitpid() in serverloop.
+     fixes the utmp handling; report from Lutz.Jaenicke@aet.TU-Cottbus.DE
+
+20010615
+ - (stevesk) don't set SA_RESTART and set SIGCHLD to SIG_DFL
+   around grantpt().
+ - (stevesk) update TODO: STREAMS pty systems don't call vhangup() now
+
+20010614
+ - OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/06/13 09:10:31
+     [session.c]
+     typo, use pid not s->pid, mstone@cs.loyola.edu
+
+20010613
+ - OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/06/12 10:58:29
+     [session.c]
+     merge session_free into session_close()
+     merge pty_cleanup_proc into session_pty_cleanup()
+   - markus@cvs.openbsd.org 2001/06/12 16:10:38
+     [session.c]
+     merge ssh1/ssh2 tty msg parse and alloc code
+   - markus@cvs.openbsd.org 2001/06/12 16:11:26
+     [packet.c]
+     do not log() packet_set_maxsize
+   - markus@cvs.openbsd.org 2001/06/12 21:21:29
+     [session.c]
+     remove xauth-cookie-in-tmp handling. use default $XAUTHORITY, since
+     we do already trust $HOME/.ssh
+     you can use .ssh/sshrc and .ssh/environment if you want to customize
+     the location of the xauth cookies
+   - markus@cvs.openbsd.org 2001/06/12 21:30:57
+     [session.c]
+     unused
+
+20010612
+ - scp.c ID update (upstream synced vfsprintf() from us)
+ - OpenBSD CVS Sync
+  - markus@cvs.openbsd.org 2001/06/10 11:29:20
+     [dispatch.c]
+     we support rekeying
+     protocol errors are fatal.
+   - markus@cvs.openbsd.org 2001/06/11 10:18:24
+     [session.c]
+     reset pointer to NULL after xfree(); report from solar@openwall.com
+   - markus@cvs.openbsd.org 2001/06/11 16:04:38
+     [sshd.8]
+     typo; bdubreuil@crrel.usace.army.mil
+
+20010611
+ - (bal) NeXT/MacOS X lack libgen.h and dirname().  Patch by Mark Miller
+   <markm@swoon.net>
+ - (bal) Handle broken krb4 issues on Solaris with multiple defined u_*_t
+   types.  Patch by Jan IVEN <Jan.Iven@cern.ch>
+ - (bal) Fixed Makefile.in so that 'configure; make install' works.
+
+20010610
+ - (bal) Missed two files in major resync.  auth-bsdauth.c and auth-skey.c
+
+20010609
+ - OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/05/30 12:55:13
+     [auth-options.c auth2.c channels.c channels.h clientloop.c nchan.c
+      packet.c serverloop.c session.c ssh.c ssh1.h]
+     channel layer cleanup: merge header files and split .c files
+   - markus@cvs.openbsd.org 2001/05/30 15:20:10
+     [ssh.c]
+     merge functions, simplify.
+   - markus@cvs.openbsd.org 2001/05/31 10:30:17
+     [auth-options.c auth2.c channels.c channels.h clientloop.c nchan.c
+      packet.c serverloop.c session.c ssh.c]
+     undo the .c file split, just merge the header and keep the cvs
+     history
+ - (bal) Channels.c and Channels.h -- "Merge Functions, simplify" (draged
+   out of ssh Attic)
+ - (bal) Ooops.. nchan.c (and remove nchan.h) resync from OpenBSD ssh
+   Attic.
+ - OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/05/31 13:08:04
+     [sshd_config]
+     group options and add some more comments
+   - markus@cvs.openbsd.org 2001/06/03 14:55:39
+     [channels.c channels.h session.c]
+     use fatal_register_cleanup instead of atexit, sync with x11 authdir
+     handling
+   - markus@cvs.openbsd.org 2001/06/03 19:36:44
+     [ssh-keygen.1]
+     1-2 bits of entrophy per character (not per word), ok stevesk@
+   - markus@cvs.openbsd.org 2001/06/03 19:38:42
+     [scp.c]
+     pass -v to ssh; from slade@shore.net
+   - markus@cvs.openbsd.org 2001/06/03 20:06:11
+     [auth2-chall.c]
+     the challenge response device decides how to handle non-existing
+     users.
+     -> fake challenges for skey and cryptocard
+   - markus@cvs.openbsd.org 2001/06/04 21:59:43
+     [channels.c channels.h session.c]
+     switch uid when cleaning up tmp files and sockets; reported by
+     zen-parse@gmx.net on bugtraq
+   - markus@cvs.openbsd.org 2001/06/04 23:07:21
+     [clientloop.c serverloop.c sshd.c]
+     set flags in the signal handlers, do real work in the main loop,
+     ok provos@
+   - markus@cvs.openbsd.org 2001/06/04 23:16:16
+     [session.c]
+     merge ssh1/2 x11-fwd setup, create listener after tmp-dir
+   - pvalchev@cvs.openbsd.org 2001/06/05 05:05:39
+     [ssh-keyscan.1 ssh-keyscan.c]
+     License clarification from David Mazieres, ok deraadt@
+   - markus@cvs.openbsd.org 2001/06/05 10:24:32
+     [channels.c]
+     don't delete the auth socket in channel_stop_listening()
+     auth_sock_cleanup_proc() will take care of this.
+   - markus@cvs.openbsd.org 2001/06/05 16:46:19
+     [session.c]
+     let session_close() delete the pty.  deny x11fwd if xauthfile is set.
+   - markus@cvs.openbsd.org 2001/06/06 23:13:54
+     [ssh-dss.c ssh-rsa.c]
+     cleanup, remove old code
+   - markus@cvs.openbsd.org 2001/06/06 23:19:35
+     [ssh-add.c]
+     remove debug message; Darren.Moffat@eng.sun.com
+   - markus@cvs.openbsd.org 2001/06/07 19:57:53
+     [auth2.c]
+     style is used for bsdauth.
+     disconnect on user/service change (ietf-drafts)
+   - markus@cvs.openbsd.org 2001/06/07 20:23:05
+     [authfd.c authfile.c channels.c kexdh.c kexgex.c packet.c ssh.c
+      sshconnect.c sshconnect1.c]
+     use xxx_put_cstring()
+   - markus@cvs.openbsd.org 2001/06/07 22:25:02
+     [session.c]
+     don't overwrite errno
+     delay deletion of the xauth cookie
+   - markus@cvs.openbsd.org 2001/06/08 15:25:40
+     [includes.h pathnames.h readconf.c servconf.c]
+     move the path for xauth to pathnames.h
+ - (bal) configure.in fix for Tru64 (forgeting to reset $LIB)
+ - (bal) ANSIify strmode()
+ - (bal) --with-catman should be --with-mantype patch by Dave
+   Dykstra <dwd@bell-labs.com>
+
+20010606
+ - OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/05/17 21:34:15
+     [ssh.1]
+     no spaces in PreferredAuthentications;
+     meixner@rbg.informatik.tu-darmstadt.de
+   - markus@cvs.openbsd.org 2001/05/18 14:13:29
+     [auth-chall.c auth.h auth1.c auth2-chall.c auth2.c readconf.c
+      readconf.h servconf.c servconf.h sshconnect1.c sshconnect2.c sshd.c]
+     improved kbd-interactive support. work by per@appgate.com and me
+   - djm@cvs.openbsd.org 2001/05/19 00:36:40
+     [session.c]
+     Disable X11 forwarding if xauth binary is not found. Patch from Nalin
+     Dahyabhai <nalin@redhat.com>; ok markus@
+   - markus@cvs.openbsd.org 2001/05/19 16:05:41
+     [scp.c]
+     ftruncate() instead of open()+O_TRUNC like rcp.c does
+     allows scp /path/to/file localhost:/path/to/file
+   - markus@cvs.openbsd.org 2001/05/19 16:08:43
+     [sshd.8]
+     sort options; Matthew.Stier@fnc.fujitsu.com
+   - markus@cvs.openbsd.org 2001/05/19 16:32:16
+     [ssh.1 sshconnect2.c]
+     change preferredauthentication order to
+        publickey,hostbased,password,keyboard-interactive
+     document that hostbased defaults to no, document order
+   - markus@cvs.openbsd.org 2001/05/19 16:46:19
+     [ssh.1 sshd.8]
+     document MACs defaults with .Dq
+   - stevesk@cvs.openbsd.org 2001/05/19 19:43:57
+     [misc.c misc.h servconf.c sshd.8 sshd.c]
+     sshd command-line arguments and configuration file options that
+     specify time may be expressed using a sequence of the form:
+     time[qualifier], where time is a positive integer value and qualifier
+     is one of the following:
+         <none>,s,m,h,d,w
+     Examples:
+         600     600 seconds (10 minutes)
+         10m     10 minutes
+         1h30m   1 hour 30 minutes (90 minutes)
+     ok markus@
+   - stevesk@cvs.openbsd.org 2001/05/19 19:57:09
+     [channels.c]
+     typo in error message
+   - markus@cvs.openbsd.org 2001/05/20 17:20:36
+     [auth-rsa.c auth.c auth.h auth2.c servconf.c servconf.h sshd.8
+      sshd_config]
+     configurable authorized_keys{,2} location; originally from peter@;
+     ok djm@
+   - markus@cvs.openbsd.org 2001/05/24 11:12:42
+     [auth.c]
+     fix comment; from jakob@
+   - stevesk@cvs.openbsd.org 2001/05/24 18:57:53
+     [clientloop.c readconf.c ssh.c ssh.h]
+     don't perform escape processing when ``EscapeChar none''; ok markus@
+   - markus@cvs.openbsd.org 2001/05/25 14:37:32
+     [ssh-keygen.c]
+     use -P for -e and -y, too.
+   - markus@cvs.openbsd.org 2001/05/28 08:04:39
+     [ssh.c]
+     fix usage()
+   - markus@cvs.openbsd.org 2001/05/28 10:08:55
+     [authfile.c]
+     key_load_private: set comment to filename for PEM keys
+   - markus@cvs.openbsd.org 2001/05/28 22:51:11
+     [cipher.c cipher.h]
+     simpler 3des for ssh1
+   - markus@cvs.openbsd.org 2001/05/28 23:14:49
+     [channels.c channels.h nchan.c]
+     undo broken channel fix and try a different one. there
+     should be still some select errors...
+   - markus@cvs.openbsd.org 2001/05/28 23:25:24
+     [channels.c]
+     cleanup, typo
+   - markus@cvs.openbsd.org 2001/05/28 23:58:35
+     [packet.c packet.h sshconnect.c sshd.c]
+     remove some lines, simplify.
+   - markus@cvs.openbsd.org 2001/05/29 12:31:27
+     [authfile.c]
+     typo
+
+20010528
+ - (tim) [conifgure.in] add setvbuf test needed for sftp-int.c
+   Patch by Corinna Vinschen <vinschen@redhat.com>
+
+20010517
+ - OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/05/12 19:53:13
+     [sftp-server.c]
+     readlink does not NULL-terminate; mhe@home.se
+   - deraadt@cvs.openbsd.org 2001/05/15 22:04:01
+     [ssh.1]
+     X11 forwarding details improved
+   - markus@cvs.openbsd.org 2001/05/16 20:51:57
+     [authfile.c]
+     return comments for private pem files, too; report from nolan@naic.edu
+   - markus@cvs.openbsd.org 2001/05/16 21:53:53
+     [clientloop.c]
+     check for open sessions before we call select(); fixes the x11 client
+     bug reported by bowman@math.ualberta.ca
+   - markus@cvs.openbsd.org 2001/05/16 22:09:21
+     [channels.c nchan.c]
+     more select() error fixes (don't set rfd/wfd to -1).
+ - (bal) Enabled USE_PIPES for Cygwin on Corinna Vinschen <vinschen@redhat.com>
+ - (bal) Corrected on_exit() emulation via atexit().
+
+20010512
+ - OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/05/11 14:59:56
+     [clientloop.c misc.c misc.h]
+     add unset_nonblock for stdout/err flushing in client_loop().
+ - (bal) Patch to partial sync up contrib/solaris/ packaging software.
+   Patch by pete <ninjaz@webexpress.com>
+
+20010511
+ - OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/05/09 22:51:57
+     [channels.c]
+     fix -R for protocol 2, noticed by greg@nest.cx.
+     bug was introduced with experimental dynamic forwarding.
+   - markus@cvs.openbsd.org 2001/05/09 23:01:31
+     [rijndael.h]
+     fix prototype; J.S.Peatfield@damtp.cam.ac.uk
+
+20010509
+  - OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/05/06 21:23:31
+     [cli.c]
+     cli_read() fails to catch SIGINT + overflow; from obdb@zzlevo.net
+   - markus@cvs.openbsd.org 2001/05/08 19:17:31
+     [channels.c serverloop.c clientloop.c]
+     adds correct error reporting to async connect()s
+     fixes the server-discards-data-before-connected-bug found by
+     onoe@sm.sony.co.jp
+   - mouring@cvs.openbsd.org 2001/05/08 19:45:25
+     [misc.c misc.h scp.c sftp.c]
+     Use addargs() in sftp plus some clean up of addargs().  OK Markus
+   - markus@cvs.openbsd.org 2001/05/06 21:45:14
+     [clientloop.c]
+     use atomicio for flushing stdout/stderr bufs. thanks to
+     jbw@izanami.cee.hw.ac.uk
+   - markus@cvs.openbsd.org 2001/05/08 22:48:07
+     [atomicio.c]
+     no need for xmalloc.h, thanks to espie@
+ - (bal) UseLogin patch for Solaris/UNICOS.  Patch by Wayne Davison
+   <wayne@blorf.net>
+ - (bal) ./configure support to disable SIA on OSF1.  Patch by
+   Chris Adams <cmadams@hiwaay.net>
+ - (bal) Updates from the Sony NEWS-OS platform by NAKAJI Hiroyuki
+   <nakaji@tutrp.tut.ac.jp>
+
+20010508
+ - (bal) Fixed configure test for USE_SIA.
+
+20010506
+ - (djm) Update config.guess and config.sub with latest versions (from
+   ftp://ftp.gnu.org/gnu/config/) to allow configure on ia64-hpux.
+   Suggested by Jason Mader <jason@ncac.gwu.edu>
+ - (bal) White Space and #ifdef sync with OpenBSD
+ - (bal) Add 'seed_rng()' to ssh-add.c
+ - (bal) CVS ID updates for readpass.c, readpass.h, cli.c, and cli.h
+ - OpenBSD CVS Sync
+   - stevesk@cvs.openbsd.org 2001/05/05 13:42:52
+     [sftp.1 ssh-add.1 ssh-keygen.1]
+     typos, grammar
+
+20010505
+ - OpenBSD CVS Sync
+   - stevesk@cvs.openbsd.org 2001/05/04 14:21:56
+     [ssh.1 sshd.8]
+     typos
+   - markus@cvs.openbsd.org 2001/05/04 14:34:34
+     [channels.c]
+     channel_new() reallocs channels[], we cannot use Channel *c after
+     calling channel_new(), XXX fix this in the future...
+   - markus@cvs.openbsd.org 2001/05/04 23:47:34
+     [channels.c channels.h clientloop.c nchan.c nchan.h serverloop.c ssh.c]
+     move to Channel **channels (instead of Channel *channels), fixes realloc
+     problems.  channel_new now returns a Channel *, favour Channel * over
+     channel id.  remove old channel_allocate interface.
+
+20010504
+ - OpenBSD CVS Sync
+   - stevesk@cvs.openbsd.org 2001/05/03 15:07:39
+     [channels.c]
+     typo in debug() string
+   - markus@cvs.openbsd.org 2001/05/03 15:45:15
+     [session.c]
+     exec shell -c /bin/sh .ssh/sshrc, from abartlet@pcug.org.au
+   - stevesk@cvs.openbsd.org 2001/05/03 21:43:01
+     [servconf.c]
+     remove "\n" from fatal()
+   - mouring@cvs.openbsd.org 2001/05/03 23:09:53
+     [misc.c misc.h scp.c sftp.c]
+     Move colon() and cleanhost() to misc.c where I should I have put it in
+     the first place
+ - (bal) Updated Cygwin README by Corinna Vinschen <vinschen@redhat.com>
+ - (bal) Avoid socket file security issues in ssh-agent for Cygwin.
+   Patch by Egor Duda <deo@logos-m.ru>
+
+20010503
+ - OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/05/02 16:41:20
+     [ssh-add.c]
+     fix prompt for ssh-add.
+
+20010502
+ - OpenBSD CVS Sync
+   - mouring@cvs.openbsd.org 2001/05/02 01:25:39
+     [readpass.c]
+     Put the 'const' back into ssh_askpass() function.  Pointed out
+     by Mark Miller <markm@swoon.net>.  OK Markus
+
+20010501
+ - OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/04/30 11:18:52
+     [readconf.c readconf.h ssh.1 ssh.c sshconnect.c]
+     implement 'ssh -b bind_address' like 'telnet -b'
+   - markus@cvs.openbsd.org 2001/04/30 15:50:46
+     [compat.c compat.h kex.c]
+     allow interop with weaker key generation used by ssh-2.0.x, x < 10
+   - markus@cvs.openbsd.org 2001/04/30 16:02:49
+     [compat.c]
+     ssh-2.0.10 has the weak-key-bug, too.
+ - (tim) [contrib/caldera/openssh.spec] add Requires line for Caldera 3.1
+
+20010430
+ - OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/04/29 18:32:52
+     [serverloop.c]
+     fix whitespace
+   - markus@cvs.openbsd.org 2001/04/29 19:16:52
+     [channels.c clientloop.c compat.c compat.h serverloop.c]
+     more ssh.com-2.0.x bug-compat; from per@appgate.com
+ - (tim) New version of mdoc2man.pl from Mark D. Roth <roth+openssh@feep.net>
+ - (djm) Add .cvsignore files, suggested by Wayne Davison <wayne@blorf.net>
+
+20010429
+ - (bal) Updated INSTALL.  PCRE moved to a new place.
+ - (djm) Release OpenSSH-2.9p1
+
+20010427
+ - (bal) Fixed uidswap.c so it should work on non-posix complient systems.
+   patch based on 2.5.2 version by djm.
+ - (bal) Build manpages and config files once unless changed.  Patch by
+   Carson Gaspar <carson@taltos.org>
+ - (bal) arpa/nameser.h does not exist on Cygwin.  Patch by Corinna
+   Vinschen <vinschen@redhat.com>
+ - (bal) Add /etc/sysconfig/sshd support to redhat's sshd.init. Patch by
+   Pekka Savola <pekkas@netcore.fi>
+ - (bal) Cygwin lacks setgroups() API.  Patch by Corinna Vinschen
+   <vinschen@redhat.com>
+ - (bal) version.h synced, RPM specs updated for 2.9
+ - (tim) update contrib/caldera files with what Caldera is using.
+   <sps@caldera.de>
+
+20010425
+ - OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/04/23 21:57:07
+     [ssh-keygen.1 ssh-keygen.c]
+     allow public key for -e, too
+   - markus@cvs.openbsd.org 2001/04/23 22:14:13
+     [ssh-keygen.c]
+     remove debug
+ - (bal) Whitespace resync w/ OpenBSD for uidswap.c
+ - (djm) Add new server configuration directive 'PAMAuthenticationViaKbdInt'
+   (default: off), implies KbdInteractiveAuthentication. Suggestion from
+   markus@
+ - (djm) Include crypt.h if available in auth-passwd.c
+ - tim@mindrot.org 2001/04/25 21:38:01 [configure.in]
+   man page detection fixes for SCO
+
+20010424
+ - OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/04/22 23:58:36
+     [ssh-keygen.1 ssh.1 sshd.8]
+     document hostbased and other cleanup
+ - (stevesk) start_pam() doesn't use DNS now for sshd -u0.
+ - (stevesk) auth-pam.c: use PERMIT_NO_PASSWD
+ - (bal) sys/queue.h is bogus for NCR platform.  Patch by Daniel Carroll
+   <dan@mesastate.edu>
+ - (bal) Fixed contrib/postinstall.in.  Patch by wsanders@wsanders.net
+
+20010422
+ - OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/04/20 16:32:22
+     [uidswap.c]
+     set non-privileged gid before uid; tholo@ and deraadt@
+   - mouring@cvs.openbsd.org 2001/04/21 00:55:57
+     [sftp.1]
+     Spelling
+   - djm@cvs.openbsd.org 2001/04/22 08:13:30
+     [ssh.1]
+     typos spotted by stevesk@; ok deraadt@
+   - markus@cvs.openbsd.org 2001/04/22 12:34:05
+     [scp.c]
+     scp > 2GB; niles@scyld.com; ok deraadt@, djm@
+   - markus@cvs.openbsd.org 2001/04/22 13:25:37
+     [ssh-keygen.1 ssh-keygen.c]
+     rename arguments -x -> -e (export key), -X -> -i (import key)
+     xref draft-ietf-secsh-publickeyfile-01.txt
+   - markus@cvs.openbsd.org 2001/04/22 13:32:27
+     [sftp-server.8 sftp.1 ssh.1 sshd.8]
+     xref draft-ietf-secsh-*
+   - markus@cvs.openbsd.org 2001/04/22 13:41:02
+     [ssh-keygen.1 ssh-keygen.c]
+     style, noted by stevesk; sort flags in usage
+
+20010421
+ - OpenBSD CVS Sync
+   - djm@cvs.openbsd.org 2001/04/20 07:17:51
+     [clientloop.c ssh.1]
+     Split out and improve escape character documentation, mention ~R in
+     ~? help text; ok markus@
+ - Update RPM spec files for CVS version.h
+ - (stevesk) set the default PAM service name to __progname instead
+   of the hard-coded value "sshd"; from Mark D. Roth <roth@feep.net>
+ - (stevesk) document PAM service name change in INSTALL
+ - tim@mindrot.org 2001/04/21 14:25:57 [Makefile.in configure.in]
+   fix perl test, fix nroff test, fix Makefile to build outside source tree
+
+20010420
+ - OpenBSD CVS Sync
+   - ian@cvs.openbsd.org 2001/04/18 16:21:05
+     [ssh-keyscan.1]
+     Fix typo reported in PR/1779
+   - markus@cvs.openbsd.org 2001/04/18 21:57:42
+     [readpass.c ssh-add.c]
+     call askpass from ssh, too, based on work by roth@feep.net, ok deraadt
+   - markus@cvs.openbsd.org 2001/04/18 22:03:45
+     [auth2.c sshconnect2.c]
+     use FDQN with trailing dot in the hostbased auth packets, ok deraadt@
+   - markus@cvs.openbsd.org 2001/04/18 22:48:26
+     [auth2.c]
+     no longer const
+   - markus@cvs.openbsd.org 2001/04/18 23:43:26
+     [auth2.c compat.c sshconnect2.c]
+     more ssh v2 hostbased-auth interop: ssh.com >= 2.1.0 works now
+     (however the 2.1.0 server seems to work only if debug is enabled...)
+   - markus@cvs.openbsd.org 2001/04/18 23:44:51
+     [authfile.c]
+     error->debug; noted by fries@
+   - markus@cvs.openbsd.org 2001/04/19 00:05:11
+     [auth2.c]
+     use local variable, no function call needed.
+     (btw, hostbased works now with ssh.com >= 2.0.13)
+  - (bal) Put scp-common.h back into scp.c (it exists in the upstream
+    tree) pointed out by Tom Holroyd <tomh@po.crl.go.jp>
+
+20010418
+  - OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/04/17 19:34:25
+     [session.c]
+     move auth_approval to do_authenticated().
+     do_child(): nuke hostkeys from memory
+     don't source .ssh/rc for subsystems.
+   - markus@cvs.openbsd.org 2001/04/18 14:15:00
+     [canohost.c]
+     debug->debug3
+  - (bal) renabled 'catman-do:' and fixed it.  So now catman pages should
+    be working again.
+  - (bal) Makfile day... Cleaned up multiple mantype support (Patch by
+    Mark D. Roth <roth+openssh@feep.net>), and fixed PIDDIR support.
+
+20010417
+  - (bal) Add perl5 check for HP/UX, Removed GNUness from Makefile.in
+    and temporary commented out 'catman-do:' since it is broken.  Patches
+    for the first two by Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
+  - OpenBSD CVS Sync
+   - deraadt@cvs.openbsd.org 2001/04/16 08:26:04
+     [key.c]
+     better safe than sorry in later mods; yongari@kt-is.co.kr
+   - markus@cvs.openbsd.org 2001/04/17 08:14:01
+     [sshconnect1.c]
+     check for key!=NULL, thanks to costa
+   - markus@cvs.openbsd.org 2001/04/17 09:52:48
+     [clientloop.c]
+     handle EINTR/EAGAIN on read; ok deraadt@
+   - markus@cvs.openbsd.org 2001/04/17 10:53:26
+     [key.c key.h readconf.c readconf.h ssh.1 sshconnect2.c]
+     add HostKeyAlgorithms; based on patch from res@shore.net; ok provos@
+   - markus@cvs.openbsd.org 2001/04/17 12:55:04
+     [channels.c ssh.c]
+     undo socks5 and https support since they are not really used and
+     only bloat ssh.  remove -D from usage(), since '-D' is experimental.
+
+20010416
+  - OpenBSD CVS Sync
+   - stevesk@cvs.openbsd.org 2001/04/15 01:35:22
+     [ttymodes.c]
+     fix comments
+   - markus@cvs.openbsd.org 2001/04/15 08:43:47
+     [dh.c sftp-glob.c sftp-glob.h sftp-int.c sshconnect2.c sshd.c]
+     some unused variable and typos; from tomh@po.crl.go.jp
+   - markus@cvs.openbsd.org 2001/04/15 16:58:03
+     [authfile.c ssh-keygen.c sshd.c]
+     don't use errno for key_{load,save}_private; discussion w/ solar@openwall
+   - markus@cvs.openbsd.org 2001/04/15 17:16:00
+     [clientloop.c]
+     set stdin/out/err to nonblocking in SSH proto 1, too. suggested by ho@
+     should fix some of the blocking problems for rsync over SSH-1
+   - stevesk@cvs.openbsd.org 2001/04/15 19:41:21
+     [sshd.8]
+     some ClientAlive cleanup; ok markus@
+   - stevesk@cvs.openbsd.org 2001/04/15 21:28:35
+     [readconf.c servconf.c]
+     use fatal() or error() vs. fprintf(); ok markus@
+ - (djm) Convert mandoc manpages to man automatically. Patch from Mark D.
+   Roth <roth+openssh@feep.net>
+ - (bal) CVS ID fix up and slight manpage fix from OpenBSD tree.
+  - (djm) OpenBSD CVS Sync
+   - mouring@cvs.openbsd.org 2001/04/16 02:31:44
+     [scp.c sftp.c]
+     IPv6 support for sftp (which I bungled in my last patch) which is
+     borrowed from scp.c.  Thanks to Markus@ for pointing it out.
+   - deraadt@cvs.openbsd.org 2001/04/16 08:05:34
+     [xmalloc.c]
+     xrealloc dealing with ptr == nULL; mouring
+   - djm@cvs.openbsd.org 2001/04/16 08:19:31
+     [session.c]
+     Split motd and hushlogin checks into seperate functions, helps for
+     portable. From Chris Adams <cmadams@hiwaay.net>; ok markus@
+ - Fix OSF SIA support displaying too much information for quiet
+   logins and logins where access was denied by SIA. Patch from Chris Adams
+   <cmadams@hiwaay.net>
+
+20010415
+ - OpenBSD CVS Sync
+   - deraadt@cvs.openbsd.org 2001/04/14 04:31:01
+     [ssh-add.c]
+     do not double free
+   - markus@cvs.openbsd.org 2001/04/14 16:17:14
+     [channels.c]
+     remove some channels that are not appropriate for keepalive.
+   - markus@cvs.openbsd.org 2001/04/14 16:27:57
+     [ssh-add.c]
+     use clear_pass instead of xfree()
+   - stevesk@cvs.openbsd.org 2001/04/14 16:33:20
+     [clientloop.c packet.h session.c ssh.c ttymodes.c ttymodes.h]
+     protocol 2 tty modes support; ok markus@
+   - stevesk@cvs.openbsd.org 2001/04/14 17:04:42
+     [scp.c]
+     'T' handling rcp/scp sync; ok markus@
+ - Missed sshtty.[ch] in Sync.
+
+20010414
+ - Sync with OpenBSD glob.c, strlcat.c and vis.c changes
+ - Cygwin sftp/sftp-server binary mode patch from Corinna Vinschen
+   <vinschen@redhat.com>
+ - OpenBSD CVS Sync
+   - beck@cvs.openbsd.org 2001/04/13 22:46:54
+     [channels.c channels.h servconf.c servconf.h serverloop.c sshd.8]
+     Add options ClientAliveInterval and ClientAliveCountMax to sshd.
+     This gives the ability to do a "keepalive" via the encrypted channel
+     which can't be spoofed (unlike TCP keepalives). Useful for when you want
+     to use ssh connections to authenticate people for something, and know
+     relatively quickly when they are no longer authenticated. Disabled
+     by default (of course). ok markus@
+
+20010413
+ - OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/04/12 14:29:09
+     [ssh.c]
+     show debug output during option processing, report from
+     pekkas@netcore.fi
+   - markus@cvs.openbsd.org 2001/04/12 19:15:26
+     [auth-rhosts.c auth.h auth2.c buffer.c canohost.c canohost.h
+      compat.c compat.h hostfile.c pathnames.h readconf.c readconf.h
+      servconf.c servconf.h ssh.c sshconnect.c sshconnect.h sshconnect1.c
+      sshconnect2.c sshd_config]
+     implement HostbasedAuthentication (= RhostRSAAuthentication for ssh v2)
+     similar to RhostRSAAuthentication unless you enable (the experimental)
+     HostbasedUsesNameFromPacketOnly option.  please test. :)
+   - markus@cvs.openbsd.org 2001/04/12 19:39:27
+     [readconf.c]
+     typo
+   - stevesk@cvs.openbsd.org 2001/04/12 20:09:38
+     [misc.c misc.h readconf.c servconf.c ssh.c sshd.c]
+     robust port validation; ok markus@ jakob@
+   - mouring@cvs.openbsd.org 2001/04/12 23:17:54
+     [sftp-int.c sftp-int.h sftp.1 sftp.c]
+     Add support for:
+        sftp [user@]host[:file [file]]  - Fetch remote file(s)
+        sftp [user@]host[:dir[/]]       - Start in remote dir/
+     OK deraadt@
+   - stevesk@cvs.openbsd.org 2001/04/13 01:26:17
+     [ssh.c]
+     missing \n in error message
+ - (bal) Added openbsd-compat/inet_ntop.[ch] since HP/UX (and others)
+   lack it.
+
+20010412
+ - OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/04/10 07:46:58
+     [channels.c]
+     cleanup socks4 handling
+   - itojun@cvs.openbsd.org 2001/04/10 09:13:22
+     [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
+     document id_rsa{.pub,}.  markus ok
+   - markus@cvs.openbsd.org 2001/04/10 12:15:23
+     [channels.c]
+     debug cleanup
+   - djm@cvs.openbsd.org 2001/04/11 07:06:22
+     [sftp-int.c]
+     'mget' and 'mput' aliases; ok markus@
+   - markus@cvs.openbsd.org 2001/04/11 10:59:01
+     [ssh.c]
+     use strtol() for ports, thanks jakob@
+   - markus@cvs.openbsd.org 2001/04/11 13:56:13
+     [channels.c ssh.c]
+     https-connect and socks5 support. i feel so bad.
+   - lebel@cvs.openbsd.org 2001/04/11 16:25:30
+     [sshd.8 sshd.c]
+     implement the -e option into sshd:
+      -e      When this option is specified, sshd will send the output to the
+              standard error instead of the system log.
+     markus@ OK.
+
+20010410
+ - OpenBSD CVS Sync
+   - deraadt@cvs.openbsd.org 2001/04/08 20:52:55
+     [sftp.c]
+     do not modify an actual argv[] entry
+   - stevesk@cvs.openbsd.org 2001/04/08 23:28:27
+     [sshd.8]
+     spelling
+   - stevesk@cvs.openbsd.org 2001/04/09 00:42:05
+     [sftp.1]
+     spelling
+   - markus@cvs.openbsd.org 2001/04/09 15:12:23
+     [ssh-add.c]
+     passphrase caching: ssh-add tries last passphrase, clears passphrase if
+     not successful and after last try.
+     based on discussions with espie@, jakob@, ... and code from jakob@ and
+     wolfgang@wsrcc.com
+   - markus@cvs.openbsd.org 2001/04/09 15:19:49
+     [ssh-add.1]
+     ssh-add retries the last passphrase...
+   - stevesk@cvs.openbsd.org 2001/04/09 18:00:15
+     [sshd.8]
+     ListenAddress mandoc from aaron@
+
+20010409
+ - (stevesk) use setresgid() for setegid() if needed
+ - (stevesk) configure.in: typo
+ - OpenBSD CVS Sync
+   - stevesk@cvs.openbsd.org 2001/04/08 16:01:36
+     [sshd.8]
+     document ListenAddress addr:port
+   - markus@cvs.openbsd.org 2001/04/08 13:03:00
+     [ssh-add.c]
+     init pointers with NULL, thanks to danimal@danimal.org
+   - markus@cvs.openbsd.org 2001/04/08 11:27:33
+     [clientloop.c]
+     leave_raw_mode if ssh2 "session" is closed
+   - markus@cvs.openbsd.org 2001/04/06 21:00:17
+     [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth2.c channels.c session.c
+      ssh.c sshconnect.c sshconnect.h uidswap.c uidswap.h]
+     do gid/groups-swap in addition to uid-swap, should help if /home/group
+     is chmod 750 + chgrp grp /home/group/, work be deraadt and me, thanks
+     to olar@openwall.com is comments.  we had many requests for this.
+   - markus@cvs.openbsd.org 2001/04/07 08:55:18
+     [buffer.c channels.c channels.h readconf.c ssh.c]
+     allow the ssh client act as a SOCKS4 proxy (dynamic local
+     portforwarding).  work by Dan Kaminsky <dankamin@cisco.com> and me.
+     thanks to Dan for this great patch: use 'ssh -D 1080 host' and make
+     netscape use localhost:1080 as a socks proxy.
+   - markus@cvs.openbsd.org 2001/04/08 11:24:33
+     [uidswap.c]
+     KNF
+
+20010408
+ - OpenBSD CVS Sync
+   - stevesk@cvs.openbsd.org 2001/04/06 22:12:47
+     [hostfile.c]
+     unused; typo in comment
+   - stevesk@cvs.openbsd.org 2001/04/06 22:25:25
+     [servconf.c]
+     in addition to:
+     ListenAddress host|ipv4_addr|ipv6_addr
+     permit:
+     ListenAddress [host|ipv4_addr|ipv6_addr]:port
+     ListenAddress host|ipv4_addr:port
+     sshd.8 updates coming.  ok markus@
+
+20010407
+ - (bal) CVS ID Resync of version.h
+ - OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/04/05 23:39:20
+     [serverloop.c]
+     keep the ssh session even if there is no active channel.
+     this is more in line with the protocol spec and makes
+        ssh -N -L 1234:server:110 host
+     more useful.
+     based on discussion with <mats@mindbright.se> long time ago
+     and recent mail from <res@shore.net>
+   - deraadt@cvs.openbsd.org 2001/04/06 16:46:59
+     [scp.c]
+     remove trailing / from source paths; fixes pr#1756
+
+20010406
+ - (stevesk) logintest.c: fix for systems without __progname
+ - (stevesk) Makefile.in: log.o is in libssh.a
+ - OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/04/05 10:00:06
+     [compat.c]
+     2.3.x does old  GEX, too; report jakob@
+   - markus@cvs.openbsd.org 2001/04/05 10:39:03
+     [compress.c compress.h packet.c]
+     reset compress state per direction when rekeying.
+   - markus@cvs.openbsd.org 2001/04/05 10:39:48
+     [version.h]
+     temporary version 2.5.4 (supports rekeying).
+     this is not an official release.
+   - markus@cvs.openbsd.org 2001/04/05 10:42:57
+     [auth-chall.c authfd.c channels.c clientloop.c kex.c kexgex.c key.c
+      mac.c packet.c serverloop.c sftp-client.c sftp-client.h sftp-glob.c
+      sftp-glob.h sftp-int.c sftp-server.c sftp.c ssh-keygen.c sshconnect.c
+      sshconnect2.c sshd.c]
+     fix whitespace: unexpand + trailing spaces.
+   - markus@cvs.openbsd.org 2001/04/05 11:09:17
+     [clientloop.c compat.c compat.h]
+     add SSH_BUG_NOREKEY and detect broken (=all old) openssh versions.
+   - markus@cvs.openbsd.org 2001/04/05 15:45:43
+     [ssh.1]
+     ssh defaults to protocol v2; from quisar@quisar.ambre.net
+   - stevesk@cvs.openbsd.org 2001/04/05 15:48:18
+     [canohost.c canohost.h session.c]
+     move get_remote_name_or_ip() to canohost.[ch]; for portable.  ok markus@
+   - markus@cvs.openbsd.org 2001/04/05 20:01:10
+     [clientloop.c]
+     for ~R print message if server does not support rekeying. (and fix ~R).
+   - markus@cvs.openbsd.org 2001/04/05 21:02:46
+     [buffer.c]
+     better error message
+   - markus@cvs.openbsd.org 2001/04/05 21:05:24
+     [clientloop.c ssh.c]
+     don't request a session for 'ssh -N', pointed out slade@shore.net
+
+20010405
+ - OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/04/04 09:48:35
+     [kex.c kex.h kexdh.c kexgex.c packet.c sshconnect2.c sshd.c]
+     don't sent multiple kexinit-requests.
+     send newkeys, block while waiting for newkeys.
+     fix comments.
+   - markus@cvs.openbsd.org 2001/04/04 14:34:58
+     [clientloop.c kex.c kex.h serverloop.c sshconnect2.c sshd.c]
+     enable server side rekeying + some rekey related clientup.
+     todo: we should not send any non-KEX messages after we send KEXINIT
+   - markus@cvs.openbsd.org 2001/04/04 15:50:55
+     [compat.c]
+     f-secure 1.3.2 does not handle IGNORE; from milliondl@ornl.gov
+   - markus@cvs.openbsd.org 2001/04/04 20:25:38
+     [channels.c channels.h clientloop.c kex.c kex.h serverloop.c
+      sshconnect2.c sshd.c]
+     more robust rekeying
+     don't send channel data after rekeying is started.
+   - markus@cvs.openbsd.org 2001/04/04 20:32:56
+     [auth2.c]
+     we don't care about missing bannerfiles; from tsoome@ut.ee, ok deraadt@
+   - markus@cvs.openbsd.org 2001/04/04 22:04:35
+     [kex.c kexgex.c serverloop.c]
+     parse full kexinit packet.
+     make server-side more robust, too.
+   - markus@cvs.openbsd.org 2001/04/04 23:09:18
+     [dh.c kex.c packet.c]
+     clear+free keys,iv for rekeying.
+     + fix DH mem leaks. ok niels@
+ - (stevesk) don't use vhangup() if defined(HAVE_DEV_PTMX); also removes
+    BROKEN_VHANGUP
+
+20010404
+ - OpenBSD CVS Sync
+   - deraadt@cvs.openbsd.org 2001/04/02 17:32:23
+     [ssh-agent.1]
+     grammar; slade@shore.net
+   - stevesk@cvs.openbsd.org 2001/04/03 13:56:11
+     [sftp-glob.c ssh-agent.c ssh-keygen.c]
+     free() -> xfree()
+   - markus@cvs.openbsd.org 2001/04/03 19:53:29
+     [dh.c dh.h kex.c kex.h sshconnect2.c sshd.c]
+     move kex to kex*.c, used dispatch_set() callbacks for kex. should
+     make rekeying easier.
+   - todd@cvs.openbsd.org 2001/04/03 21:19:38
+     [ssh_config]
+     id_rsa1/2 -> id_rsa; ok markus@
+   - markus@cvs.openbsd.org 2001/04/03 23:32:12
+     [kex.c kex.h packet.c sshconnect2.c sshd.c]
+     undo parts of recent my changes: main part of keyexchange does not
+     need dispatch-callbacks, since application data is delayed until
+     the keyexchange completes (if i understand the drafts correctly).
+     add some infrastructure for re-keying.
+   - markus@cvs.openbsd.org 2001/04/04 00:06:54
+     [clientloop.c sshconnect2.c]
+     enable client rekeying
+        (1) force rekeying with ~R, or
+        (2) if the server requests rekeying.
+     works against ssh-2.0.12/2.0.13/2.1.0/2.2.0/2.3.0/2.3.1/2.4.0
+ - (bal) Oops.. Missed including kexdh.c and kexgex.c in OpenBSD sync.
+
+20010403
+ - OpenBSD CVS Sync
+   - stevesk@cvs.openbsd.org 2001/04/02 14:15:31
+     [sshd.8]
+     typo; ok markus@
+   - stevesk@cvs.openbsd.org 2001/04/02 14:20:23
+     [readconf.c servconf.c]
+     correct comment; ok markus@
+ - (stevesk) nchan.c: remove ostate checks and add EINVAL to
+    shutdown(SHUT_RD) error() bypass for HP-UX.
+
+20010402
+ - (stevesk) log.c openbsd sync; missing newlines
+ - (stevesk) sshpty.h openbsd sync; PTY_H -> SSHPTY_H
+
+20010330
+ - (djm) Another openbsd-compat/glob.c sync
+ - (djm) OpenBSD CVS Sync
+   - provos@cvs.openbsd.org 2001/03/28 21:59:41
+     [kex.c kex.h sshconnect2.c sshd.c]
+     forgot to include min and max params in hash, okay markus@
+   - provos@cvs.openbsd.org 2001/03/28 22:04:57
+     [dh.c]
+     more sanity checking on primes file
+   - markus@cvs.openbsd.org 2001/03/28 22:43:31
+     [auth.h auth2.c auth2-chall.c]
+     check auth_root_allowed for kbd-int auth, too.
+   - provos@cvs.openbsd.org 2001/03/29 14:24:59
+     [sshconnect2.c]
+     use recommended defaults
+   - stevesk@cvs.openbsd.org 2001/03/29 21:06:21
+     [sshconnect2.c sshd.c]
+     need to set both STOC and CTOS for SSH_BUG_BIGENDIANAES; ok markus@
+   - markus@cvs.openbsd.org 2001/03/29 21:17:40
+     [dh.c dh.h kex.c kex.h]
+     prepare for rekeying: move DH code to dh.c
+   - djm@cvs.openbsd.org 2001/03/29 23:42:01
+     [sshd.c]
+     Protocol 1 key regeneration log => verbose, some KNF; ok markus@
+
+20010329
+ - OpenBSD CVS Sync
+   - stevesk@cvs.openbsd.org 2001/03/26 15:47:59
+     [ssh.1]
+     document more defaults; misc. cleanup.  ok markus@
+   - markus@cvs.openbsd.org 2001/03/26 23:12:42
+     [authfile.c]
+     KNF
+   - markus@cvs.openbsd.org 2001/03/26 23:23:24
+     [rsa.c rsa.h ssh-agent.c ssh-keygen.c]
+     try to read private f-secure ssh v2 rsa keys.
+   - markus@cvs.openbsd.org 2001/03/27 10:34:08
+     [ssh-rsa.c sshd.c]
+     use EVP_get_digestbynid, reorder some calls and fix missing free.
+   - markus@cvs.openbsd.org 2001/03/27 10:57:00
+     [compat.c compat.h ssh-rsa.c]
+     some older systems use NID_md5 instead of NID_sha1 for RSASSA-PKCS1-v1_5
+     signatures in SSH protocol 2, ok djm@
+   - provos@cvs.openbsd.org 2001/03/27 17:46:50
+     [compat.c compat.h dh.c dh.h ssh2.h sshconnect2.c sshd.c version.h]
+     make dh group exchange more flexible, allow min and max group size,
+     okay markus@, deraadt@
+   - stevesk@cvs.openbsd.org 2001/03/28 19:56:23
+     [scp.c]
+     start to sync scp closer to rcp; ok markus@
+   - stevesk@cvs.openbsd.org 2001/03/28 20:04:38
+     [scp.c]
+     usage more like rcp and add missing -B to usage; ok markus@
+   - markus@cvs.openbsd.org 2001/03/28 20:50:45
+     [sshd.c]
+     call refuse() before close(); from olemx@ans.pl
+
+20010328
+ - (djm) Reorder tests and library inclusion for Krb4/AFS to try to
+   resolve linking conflicts with libcrypto. Report and suggested fix
+   from Holger Trapp <Holger.Trapp@Informatik.TU-Chemnitz.DE>
+ - (djm) Work around Solaris' broken struct dirent. Diagnosis and suggested
+   fix from Philippe Levan <levan@epix.net>
+ - (djm) Rework krbIV tests to get us closer to building on Redhat. Still
+   doesn't work because of conflicts between krbIV's and OpenSSL's des.h
+ - (djm) Sync openbsd-compat/glob.c
+
+20010327
+ - Attempt sync with sshlogin.c w/ OpenBSD (mainly CVS ID)
+ - Fix pointer issues in waitpid() and wait() replaces.  Patch by Lutz
+   Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
+ - OpenBSD CVS Sync
+   - djm@cvs.openbsd.org 2001/03/25 00:01:34
+     [session.c]
+     shorten; ok markus@
+   - stevesk@cvs.openbsd.org 2001/03/25 13:16:11
+     [servconf.c servconf.h session.c sshd.8 sshd_config]
+     PrintLastLog option; from chip@valinux.com with some minor
+     changes by me.  ok markus@
+   - markus@cvs.openbsd.org 2001/03/26 08:07:09
+     [authfile.c authfile.h ssh-add.c ssh-keygen.c ssh.c sshconnect.c
+      sshconnect.h sshconnect1.c sshconnect2.c sshd.c]
+     simpler key load/save interface, see authfile.h
+ - (djm) Reestablish PAM credentials (which can be supplemental group
+   memberships) after initgroups() blows them away. Report and suggested
+   fix from Nalin Dahyabhai <nalin@redhat.com>
+
+20010324
+ - Fixed permissions ssh-keyscan.  Thanks to Christopher Linn <celinn@mtu.edu>.
+ - OpenBSD CVS Sync
+   - djm@cvs.openbsd.org 2001/03/23 11:04:07
+     [compat.c compat.h sshconnect2.c sshd.c]
+     Compat for OpenSSH with broken Rijndael/AES. ok markus@
+   - markus@cvs.openbsd.org 2001/03/23 12:02:49
+     [auth1.c]
+     authctxt is now passed to do_authenticated
+   - markus@cvs.openbsd.org 2001/03/23 13:10:57
+     [sftp-int.c]
+     fix put, upload to _absolute_ path, ok djm@
+   - markus@cvs.openbsd.org 2001/03/23 14:28:32
+     [session.c sshd.c]
+     ignore SIGPIPE, restore in child, fixes x11-fwd crashes; with djm@
+ - (djm) Pull out our own SIGPIPE hacks
+
+20010323
+ - OpenBSD CVS Sync
+   - deraadt@cvs.openbsd.org 2001/03/22 20:22:55
+     [sshd.c]
+     do not place linefeeds in buffer
+
+20010322
+ - (djm) Better AIX no tty fix, spotted by Gert Doering <gert@greenie.muc.de>
+ - (bal) version.c CVS ID resync
+ - (bal) auth-chall.c auth-passwd.c auth.h auth1.c auth2.c session.c CVS ID
+   resync
+ - (bal) scp.c CVS ID resync
+ - OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/03/20 19:10:16
+     [readconf.c]
+     default to SSH protocol version 2
+   - markus@cvs.openbsd.org 2001/03/20 19:21:21
+     [session.c]
+     remove unused arg
+   - markus@cvs.openbsd.org 2001/03/20 19:21:21
+     [session.c]
+     remove unused arg
+   - markus@cvs.openbsd.org 2001/03/21 11:43:45
+     [auth1.c auth2.c session.c session.h]
+     merge common ssh v1/2 code
+   - jakob@cvs.openbsd.org 2001/03/21 14:20:45
+     [ssh-keygen.c]
+     add -B flag to usage
+   - markus@cvs.openbsd.org 2001/03/21 21:06:30
+     [session.c]
+     missing init; from mib@unimelb.edu.au
+
+20010321
+ - (djm) Fix ttyname breakage for AIX and Tru64. Patch from Steve
+   VanDevender <stevev@darkwing.uoregon.edu>
+ - (djm) Make sure pam_retval is initialised on call to pam_end. Patch
+   from Solar Designer <solar@openwall.com>
+ - (djm) Don't loop forever when changing password via PAM. Patch
+   from Solar Designer <solar@openwall.com>
+ - (djm) Generate config files before build
+ - (djm) Correctly handle SIA and AIX when no tty present. Spotted and
+   suggested fix from Mike Battersby <mib@unimelb.edu.au>
+
+20010320
+ - (bal) glob.c update to added GLOB_LIMITS (OpenBSD CVS).
+ - (bal) glob.c update to set gl_pathv to NULL (OpenBSD CVS).
+ - (bal) Oops.  Missed globc.h change (OpenBSD CVS).
+ - (djm) OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/03/19 17:07:23
+     [auth.c readconf.c]
+     undo /etc/shell and proto 2,1 change for openssh-2.5.2
+   - markus@cvs.openbsd.org 2001/03/19 17:12:10
+     [version.h]
+     version 2.5.2
+ - (djm) Update RPM spec version
+ - (djm) Release 2.5.2p1
+- tim@mindrot.org 2001/03/19 18:33:47 [defines.h]
+  change S_ISLNK macro to work for UnixWare 2.03
+- tim@mindrot.org 2001/03/19 20:45:11 [openbsd-compat/glob.c]
+  add get_arg_max(). Use sysconf() if ARG_MAX is not defined
+
+20010319
+ - (djm) Seed PRNG at startup, rather than waiting for arc4random calls to
+   do it implicitly.
+ - (djm) Add getusershell() functions from OpenBSD CVS
+ - OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/03/18 12:07:52
+     [auth-options.c]
+     ignore permitopen="host:port" if AllowTcpForwarding==no
+ - (djm) Make scp work on systems without 64-bit ints
+ - tim@mindrot.org 2001/03/18 18:28:39 [defines.h]
+   move HAVE_LONG_LONG_INT where it works
+ - (bal) Use 'NGROUPS' for NeXT Since 'MAX_NGROUPS' is wrapped up in -lposix
+   stuff.  Change suggested by Mark Miller <markm@swoon.net>
+ - (bal) Small fix to scp.  %lu vs %ld
+ - (bal) NeXTStep lacks S_ISLNK.  Plus split up S_IS*
+ - (djm) OpenBSD CVS Sync
+   - djm@cvs.openbsd.org     2001/03/19 03:52:51
+     [sftp-client.c]
+     Report ssh connection closing correctly; ok deraadt@
+   - deraadt@cvs.openbsd.org 2001/03/18 23:30:55
+     [compat.c compat.h sshd.c]
+     specifically version match on ssh scanners.  do not log scan
+     information to the console
+   - djm@cvs.openbsd.org      2001/03/19 12:10:17
+     [sshd.8]
+     Document permitopen authorized_keys option; ok markus@
+   - djm@cvs.openbsd.org     2001/03/19 05:49:52
+     [ssh.1]
+     document PreferredAuthentications option; ok markus@
+ - (bal) Minor NeXT fixed.  Forgot to #undef NGROUPS_MAX
+
+20010318
+ - (bal) Fixed scp type casing issue which causes "scp: protocol error:
+   size not delimited" fatal errors when tranfering.
+ - OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/03/17 17:27:59
+     [auth.c]
+     check /etc/shells, too
+ - tim@mindrot.org 2001/03/17 18:45:25 [compat.c]
+     openbsd-compat/fake-regex.h
+
+20010317
+ - Support usrinfo() on AIX. Based on patch from Gert Doering
+   <gert@greenie.muc.de>
+ - OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/03/15 15:05:59
+     [scp.c]
+     use %lld in printf, ok millert@/deraadt@; report from ssh@client.fi
+   - markus@cvs.openbsd.org 2001/03/15 22:07:08
+     [session.c]
+     pass Session to do_child + KNF
+   - djm@cvs.openbsd.org 2001/03/16 08:16:18
+     [sftp-client.c sftp-client.h sftp-glob.c sftp-int.c]
+     Revise globbing for get/put to be more shell-like. In particular,
+     "get/put file* directory/" now works. ok markus@
+   - markus@cvs.openbsd.org 2001/03/16 09:55:53
+     [sftp-int.c]
+     fix memset and whitespace
+   - markus@cvs.openbsd.org 2001/03/16 13:44:24
+     [sftp-int.c]
+     discourage strcat/strcpy
+   - markus@cvs.openbsd.org 2001/03/16 19:06:30
+     [auth-options.c channels.c channels.h serverloop.c session.c]
+     implement "permitopen" key option, restricts -L style forwarding to
+     to specified host:port pairs. based on work by harlan@genua.de
+ - Check for gl_matchc support in glob_t and fall back to the
+   openbsd-compat/glob.[ch] support if it does not exist.
+
+20010315
+ - OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/03/14 08:57:14
+     [sftp-client.c]
+     Wall
+   - markus@cvs.openbsd.org 2001/03/14 15:15:58
+     [sftp-int.c]
+     add version command
+   - deraadt@cvs.openbsd.org 2001/03/14 22:50:25
+     [sftp-server.c]
+     note no getopt()
+ - (stevesk) ssh-keyscan.c: specify "openbsd-compat/fake-queue.h"
+ - (bal) Cygwin README change by Corinna Vinschen <vinschen@redhat.com>
+
+20010314
+ - OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/03/13 17:34:42
+     [auth-options.c]
+     missing xfree, deny key on parse error; ok stevesk@
+   - djm@cvs.openbsd.org 2001/03/13 22:42:54
+     [sftp-client.c sftp-client.h sftp-glob.c sftp-glob.h sftp-int.c]
+     sftp client filename globbing for get, put, ch{mod,grp,own}. ok markus@
+ - (bal) Fix strerror() in bsd-misc.c
+ - (djm) Add replacement glob() from OpenBSD libc if the system glob is
+   missing or lacks the GLOB_ALTDIRFUNC extension
+ - (djm) Remove -I$(srcdir)/openbsd-compat from CFLAGS, refer to headers
+   relatively. Avoids conflict between glob.h and /usr/include/glob.h
+
+20010313
+ - OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/03/12 22:02:02
+     [key.c key.h ssh-add.c ssh-keygen.c sshconnect.c sshconnect2.c]
+     remove old key_fingerprint interface, s/_ex//
+
+20010312
+ - OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/03/11 13:25:36
+     [auth2.c key.c]
+     debug
+   - jakob@cvs.openbsd.org 2001/03/11 15:03:16
+     [key.c key.h]
+     add improved fingerprint functions. based on work by Carsten
+     Raskgaard <cara@int.tele.dk> and modified by me. ok markus@.
+   - jakob@cvs.openbsd.org 2001/03/11 15:04:16
+     [ssh-keygen.1 ssh-keygen.c]
+     print both md5, sha1 and bubblebabble fingerprints when using
+     ssh-keygen -l -v. ok markus@.
+   - jakob@cvs.openbsd.org 2001/03/11 15:13:09
+     [key.c]
+     cleanup & shorten some var names key_fingerprint_bubblebabble.
+   - deraadt@cvs.openbsd.org 2001/03/11 16:39:03
+     [ssh-keygen.c]
+     KNF, and SHA1 binary output is just creeping featurism
+ - tim@mindrot.org 2001/03/11 17:29:32 [configure.in]
+   test if snprintf() supports %ll
+   add /dev to search path for PRNGD/EGD socket
+   fix my mistake in USER_PATH test program
+ - OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/03/11 18:29:51
+     [key.c]
+     style+cleanup
+   - markus@cvs.openbsd.org 2001/03/11 22:33:24
+     [ssh-keygen.1 ssh-keygen.c]
+     remove -v again. use -B instead for bubblebabble. make -B consistent
+     with -l and make -B work with /path/to/known_hosts. ok deraadt@
+ - (djm) Bump portable version number for generating test RPMs
+ - (djm) Add "static_openssl" RPM build option, remove rsh build dependency
+ - (bal) Reorder includes in Makefile.
+
+20010311
+ - OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/03/10 12:48:27
+     [sshconnect2.c]
+     ignore nonexisting private keys; report rjmooney@mediaone.net
+   - deraadt@cvs.openbsd.org 2001/03/10 12:53:51
+     [readconf.c ssh_config]
+     default to SSH2, now that m68k runs fast
+   - stevesk@cvs.openbsd.org 2001/03/10 15:02:05
+     [ttymodes.c ttymodes.h]
+     remove unused sgtty macros; ok markus@
+   - deraadt@cvs.openbsd.org 2001/03/10 15:31:00
+     [compat.c compat.h sshconnect.c]
+     all known netscreen ssh versions, and older versions of OSU ssh cannot
+     handle password padding (newer OSU is fixed)
+ - tim@mindrot.org 2001/03/10 16:33:42 [configure.in Makefile.in sshd_config]
+   make sure $bindir is in USER_PATH so scp will work
+ - OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2001/03/10 17:51:04
+     [kex.c match.c match.h readconf.c readconf.h sshconnect2.c]
+     add PreferredAuthentications
+
+20010310
+ - OpenBSD CVS Sync
+   - deraadt@cvs.openbsd.org 2001/03/09 03:14:39
+     [ssh-keygen.c]
+     create *.pub files with umask 0644, so that you can mv them to
+     authorized_keys
+   - deraadt@cvs.openbsd.org 2001/03/09 12:30:29
+     [sshd.c]
+     typo; slade@shore.net
+ - Removed log.o from sftp client.  Not needed.
+
+20010309
+ - OpenBSD CVS Sync
+   - stevesk@cvs.openbsd.org 2001/03/08 18:47:12
+     [auth1.c]
+     unused; ok markus@
+   - stevesk@cvs.openbsd.org 2001/03/08 20:44:48
+     [sftp.1]
+     spelling, cleanup; ok deraadt@
+   - markus@cvs.openbsd.org 2001/03/08 21:42:33
+     [compat.c compat.h readconf.h ssh.c sshconnect1.c sshconnect2.c]
+     implement client side of SSH2_MSG_USERAUTH_PK_OK (test public key ->
+     no need to do enter passphrase or do expensive sign operations if the
+     server does not accept key).
+
+20010308
+ - OpenBSD CVS Sync
+   - djm@cvs.openbsd.org 2001/03/07 10:11:23
+     [sftp-client.c sftp-client.h sftp-int.c sftp-server.c sftp.1 sftp.c sftp.h]
+     Support for new draft (draft-ietf-secsh-filexfer-01). New symlink handling
+     functions and small protocol change.
+   - markus@cvs.openbsd.org 2001/03/08 00:15:48
+     [readconf.c ssh.1]
+     turn off useprivilegedports by default. only rhost-auth needs
+     this. older sshd's may need this, too.
+ - (stevesk) Reliant Unix (SNI) needs HAVE_BOGUS_SYS_QUEUE_H;
+   Dirk Markwardt <D.Markwardt@tu-bs.de>
+
+20010307
+ - (bal) OpenBSD CVS Sync
+   - deraadt@cvs.openbsd.org 2001/03/06 06:11:18
+     [ssh-keyscan.c]
+     appease gcc
+   - deraadt@cvs.openbsd.org 2001/03/06 06:11:44
+     [sftp-int.c sftp.1 sftp.c]
+     sftp -b batchfile; mouring@etoh.eviladmin.org
+   - deraadt@cvs.openbsd.org 2001/03/06 15:10:42
+     [sftp.1]
+     order things
+   - deraadt@cvs.openbsd.org 2001/03/07 01:19:06
+     [ssh.1 sshd.8]
+     the name "secure shell" is boring, noone ever uses it
+   - deraadt@cvs.openbsd.org 2001/03/07 04:05:58
+     [ssh.1]
+     removed dated comment
+ - Cygwin contrib improvements from Corinna Vinschen <vinschen@redhat.com>
+
+20010306
+ - (bal) OpenBSD CVS Sync
+   - deraadt@cvs.openbsd.org 2001/03/05 14:28:47
+     [sshd.8]
+     alpha order; jcs@rt.fm
+   - stevesk@cvs.openbsd.org 2001/03/05 15:44:51
+     [servconf.c]
+     sync error message; ok markus@
+   - deraadt@cvs.openbsd.org 2001/03/05 15:56:16
+     [myproposal.h ssh.1]
+     switch to aes128-cbc/hmac-md5 by default in SSH2 -- faster;
+     provos & markus ok
+   - deraadt@cvs.openbsd.org 2001/03/05 16:07:15
+     [sshd.8]
+     detail default hmac setup too
+   - markus@cvs.openbsd.org 2001/03/05 17:17:21
+     [kex.c kex.h sshconnect2.c sshd.c]
+     generate a 2*need size (~300 instead of 1024/2048) random private
+     exponent during the DH key agreement. according to Niels (the great
+     german advisor) this is safe since /etc/primes contains strong
+     primes only.
+
+     References:
+             P. C. van Oorschot and M. J. Wiener, On Diffie-Hellman key
+             agreement with short exponents, In Advances in Cryptology
+             - EUROCRYPT'96, LNCS 1070, Springer-Verlag, 1996, pp.332-343.
+   - stevesk@cvs.openbsd.org 2001/03/05 17:40:48
+     [ssh.1]
+     more ssh_known_hosts2 documentation; ok markus@
+   - stevesk@cvs.openbsd.org 2001/03/05 17:58:22
+     [dh.c]
+     spelling
+   - deraadt@cvs.openbsd.org 2001/03/06 00:33:04
+     [authfd.c cli.c ssh-agent.c]
+     EINTR/EAGAIN handling is required in more cases
+   - millert@cvs.openbsd.org 2001/03/06 01:06:03
+     [ssh-keyscan.c]
+     Don't assume we wil get the version string all in one read().
+     deraadt@ OK'd
+   - millert@cvs.openbsd.org 2001/03/06 01:08:27
+     [clientloop.c]
+     If read() fails with EINTR deal with it the same way we treat EAGAIN
+
+20010305
+ - (bal) CVS ID touch up on sshpty.[ch] and sshlogin.[ch]
+ - (bal) CVS ID touch up on sftp-int.c
+ - (bal) CVS ID touch up on uuencode.c
+ - (bal) CVS ID touch up on auth2.c, serverloop.c, session.c & sshd.c
+ - (bal) OpenBSD CVS Sync
+   - deraadt@cvs.openbsd.org 2001/02/17 23:48:48
+     [sshd.8]
+     it's the OpenSSH one
+   - deraadt@cvs.openbsd.org 2001/02/21 07:37:04
+     [ssh-keyscan.c]
+     inline -> __inline__, and some indent
+   - deraadt@cvs.openbsd.org 2001/02/21 09:05:54
+     [authfile.c]
+     improve fd handling
+   - deraadt@cvs.openbsd.org 2001/02/21 09:12:56
+     [sftp-server.c]
+     careful with & and &&; markus ok
+   - stevesk@cvs.openbsd.org 2001/02/21 21:14:04
+     [ssh.c]
+     -i supports DSA identities now; ok markus@
+   - deraadt@cvs.openbsd.org 2001/02/22 04:29:37
+     [servconf.c]
+     grammar; slade@shore.net
+   - deraadt@cvs.openbsd.org 2001/02/22 06:43:55
+     [ssh-keygen.1 ssh-keygen.c]
+     document -d, and -t defaults to rsa1
+   - deraadt@cvs.openbsd.org 2001/02/22 08:03:51
+     [ssh-keygen.1 ssh-keygen.c]
+     bye bye -d
+   - deraadt@cvs.openbsd.org 2001/02/22 18:09:06
+     [sshd_config]
+     activate RSA 2 key
+   - markus@cvs.openbsd.org 2001/02/22 21:57:27
+     [ssh.1 sshd.8]
+     typos/grammar from matt@anzen.com
+   - markus@cvs.openbsd.org 2001/02/22 21:59:44
+     [auth.c auth.h auth1.c auth2.c misc.c misc.h ssh.c]
+     use pwcopy in ssh.c, too
+   - markus@cvs.openbsd.org 2001/02/23 15:34:53
+     [serverloop.c]
+     debug2->3
+   - markus@cvs.openbsd.org 2001/02/23 18:15:13
+     [sshd.c]
+     the random session key depends now on the session_key_int
+     sent by the 'attacker'
+             dig1 = md5(cookie|session_key_int);
+             dig2 = md5(dig1|cookie|session_key_int);
+             fake_session_key = dig1|dig2;
+     this change is caused by a mail from anakin@pobox.com
+     patch based on discussions with my german advisor niels@openbsd.org
+   - deraadt@cvs.openbsd.org 2001/02/24 10:37:55
+     [readconf.c]
+     look for id_rsa by default, before id_dsa
+   - deraadt@cvs.openbsd.org 2001/02/24 10:37:26
+     [sshd_config]
+     ssh2 rsa key before dsa key
+   - markus@cvs.openbsd.org 2001/02/27 10:35:27
+     [packet.c]
+     fix random padding
+   - markus@cvs.openbsd.org 2001/02/27 11:00:11
+     [compat.c]
+     support SSH-2.0-2.1 ; from Christophe_Moret@hp.com
+   - deraadt@cvs.openbsd.org 2001/02/28 05:34:28
+     [misc.c]
+     pull in protos
+   - deraadt@cvs.openbsd.org 2001/02/28 05:36:28
+     [sftp.c]
+     do not kill the subprocess on termination (we will see if this helps
+     things or hurts things)
+   - markus@cvs.openbsd.org 2001/02/28 08:45:39
+     [clientloop.c]
+     fix byte counts for ssh protocol v1
+   - markus@cvs.openbsd.org 2001/02/28 08:54:55
+     [channels.c nchan.c nchan.h]
+     make sure remote stderr does not get truncated.
+     remove closed fd's from the select mask.
+   - markus@cvs.openbsd.org 2001/02/28 09:57:07
+     [packet.c packet.h sshconnect2.c]
+     in ssh protocol v2 use ignore messages for padding (instead of
+     trailing \0).
+   - markus@cvs.openbsd.org 2001/02/28 12:55:07
+     [channels.c]
+     unify debug messages
+   - deraadt@cvs.openbsd.org 2001/02/28 17:52:54
+     [misc.c]
+     for completeness, copy pw_gecos too
+   - markus@cvs.openbsd.org 2001/02/28 21:21:41
+     [sshd.c]
+     generate a fake session id, too
+   - markus@cvs.openbsd.org 2001/02/28 21:27:48
+     [channels.c packet.c packet.h serverloop.c]
+     use ignore message to simulate a SSH2_MSG_CHANNEL_DATA message
+     use random content in ignore messages.
+   - markus@cvs.openbsd.org 2001/02/28 21:31:32
+     [channels.c]
+     typo
+   - deraadt@cvs.openbsd.org 2001/03/01 02:11:25
+     [authfd.c]
+     split line so that p will have an easier time next time around
+   - deraadt@cvs.openbsd.org 2001/03/01 02:29:04
+     [ssh.c]
+     shorten usage by a line
+   - deraadt@cvs.openbsd.org 2001/03/01 02:45:10
+     [auth-rsa.c auth2.c deattack.c packet.c]
+     KNF
+   - deraadt@cvs.openbsd.org 2001/03/01 03:38:33
+     [cli.c cli.h rijndael.h ssh-keyscan.1]
+     copyright notices on all source files
+   - markus@cvs.openbsd.org 2001/03/01 22:46:37
+     [ssh.c]
+     don't truncate remote ssh-2 commands; from mkubita@securities.cz
+     use min, not max for logging, fixes overflow.
+   - deraadt@cvs.openbsd.org 2001/03/02 06:21:01
+     [sshd.8]
+     explain SIGHUP better
+   - deraadt@cvs.openbsd.org 2001/03/02 09:42:49
+     [sshd.8]
+     doc the dsa/rsa key pair files
+   - deraadt@cvs.openbsd.org 2001/03/02 18:54:31
+     [atomicio.c atomicio.h auth-chall.c auth.c auth2-chall.c crc32.h
+      scp.c serverloop.c session.c sftp-server.8 sftp.1 ssh-add.1 ssh-add.c
+      ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh.1 sshd.8]
+     make copyright lines the same format
+   - deraadt@cvs.openbsd.org 2001/03/03 06:53:12
+     [ssh-keyscan.c]
+     standard theo sweep
+   - millert@cvs.openbsd.org 2001/03/03 21:19:41
+     [ssh-keyscan.c]
+     Dynamically allocate read_wait and its copies.  Since maxfd is
+     based on resource limits it is often (usually?) larger than FD_SETSIZE.
+   - millert@cvs.openbsd.org 2001/03/03 21:40:30
+     [sftp-server.c]
+     Dynamically allocate fd_set; deraadt@ OK
+   - millert@cvs.openbsd.org 2001/03/03 21:41:07
+     [packet.c]
+     Dynamically allocate fd_set; deraadt@ OK
+   - deraadt@cvs.openbsd.org 2001/03/03 22:07:50
+     [sftp-server.c]
+     KNF
+   - markus@cvs.openbsd.org 2001/03/03 23:52:22
+     [sftp.c]
+     clean up arg processing. based on work by Christophe_Moret@hp.com
+   - markus@cvs.openbsd.org 2001/03/03 23:59:34
+     [log.c ssh.c]
+     log*.c -> log.c
+   - markus@cvs.openbsd.org 2001/03/04 00:03:59
+     [channels.c]
+     debug1->2
+   - stevesk@cvs.openbsd.org 2001/03/04 10:57:53
+     [ssh.c]
+     add -m to usage; ok markus@
+   - stevesk@cvs.openbsd.org 2001/03/04 11:04:41
+     [sshd.8]
+     small cleanup and clarify for PermitRootLogin; ok markus@
+   - stevesk@cvs.openbsd.org 2001/03/04 11:16:06
+     [servconf.c sshd.8]
+     kill obsolete RandomSeed; ok markus@ deraadt@
+   - stevesk@cvs.openbsd.org 2001/03/04 12:54:04
+     [sshd.8]
+     spelling
+   - millert@cvs.openbsd.org 2001/03/04 17:42:28
+     [authfd.c channels.c dh.c log.c readconf.c servconf.c sftp-int.c
+      ssh.c sshconnect.c sshd.c]
+     log functions should not be passed strings that end in newline as they
+     get passed on to syslog() and when logging to stderr, do_log() appends
+     its own newline.
+   - deraadt@cvs.openbsd.org 2001/03/04 18:21:28
+     [sshd.8]
+     list SSH2 ciphers
+ - (bal) Put HAVE_PW_CLASS_IN_PASSWD back into pwcopy()
+ - (bal) Fix up logging since it changed.  removed log-*.c
+ - (djm) Fix up LOG_AUTHPRIV for systems that have it
+ - (stevesk) OpenBSD sync:
+   - deraadt@cvs.openbsd.org 2001/03/05 08:37:27
+     [ssh-keyscan.c]
+     skip inlining, why bother
+ - (stevesk) sftp.c: handle __progname
+
+20010304
+ - (bal) Remove make-ssh-known-hosts.1 since it's no longer valid.
+ - (bal) Updated contrib/README to remove 'make-ssh-known-hosts' and
+   give Mark Roth credit for mdoc2man.pl
+
+20010303
+ - (djm) Remove make-ssh-known-hosts.pl, ssh-keyscan is better.
+ - (djm) Document PAM ChallengeResponseAuthentication in sshd.8
+ - (djm) Disable and comment ChallengeResponseAuthentication in sshd_config
+ - (djm) Allow PRNGd entropy collection from localhost TCP socket. Replace
+   "--with-egd-pool" configure option with "--with-prngd-socket" and
+   "--with-prngd-port" options. Debugged and improved by Lutz Jaenicke
+   <Lutz.Jaenicke@aet.TU-Cottbus.DE>
+
+20010301
+ - (djm) Properly add -lcrypt if needed.
+ - (djm) Force standard PAM conversation function in a few more places.
+   Patch from Redhat 2.5.1p1-2 RPM, probably Nalin Dahyabhai
+   <nalin@redhat.com>
+ - (djm) Cygwin needs pw->pw_gecos copied too. Patch from Corinna Vinschen
+   <vinschen@redhat.com>
+ - (djm) Released 2.5.1p2
+
+20010228
+ - (djm) Detect endianness in configure and use it in rijndael.c. Fixes
+   "Bad packet length" bugs.
+ - (djm) Fully revert PAM session patch (again). All PAM session init is
+   now done before the final fork().
+ - (djm) EGD detection patch from Tim Rice <tim@multitalents.net>
+ - (djm) Remove /tmp from EGD socket search list
+
+20010227
+ - (bal) Applied shutdown() patch for sftp.c by  Corinna Vinschen
+   <vinschen@redhat.com>
+ - (bal) OpenBSD Sync
+   - markus@cvs.openbsd.org 2001/02/23 15:37:45
+     [session.c]
+     handle SSH_PROTOFLAG_SCREEN_NUMBER for buggy clients
+ - (bal) sshd.init support for all Redhat release.  Patch by Jim Knoble
+   <jmknoble@jmknoble.cx>
+ - (djm) Fix up POSIX saved uid support. Report from Mark Miller
+   <markm@swoon.net>
+ - (djm) Search for -lcrypt on FreeBSD too
+ - (djm) fatal() on OpenSSL version mismatch
+ - (djm) Move PAM init to after fork for non-Solaris derived PAMs
+ - (djm) Warning fix on entropy.c saved uid stuff. Patch from Mark Miller
+   <markm@swoon.net>
+ - (djm) Fix PAM fix
+ - (djm) Remove 'noreplace' flag from sshd_config in RPM spec files. This
+   change is being made as 2.5.x configfiles are not back-compatible with
+   2.3.x.
+ - (djm) Avoid warnings for missing broken IP_TOS. Patch from Mark Miller
+   <markm@swoon.net>
+ - (djm) Open Server 5 doesn't need BROKEN_SAVED_UIDS. Patch from Tim Rice
+   <tim@multitalents.net>
+ - (djm) Avoid multiple definition of _PATH_LS. Patch from Tim Rice
+   <tim@multitalents.net>
+
+20010226
+ - (bal) Fixed bsd-snprinf.c so it now honors 'BROKEN_SNPRINTF' again.
+ - (djm) Some systems (SCO3, NeXT) have weird saved uid semantics.
+   Based on patch from Tim Rice <tim@multitalents.net>
+
+20010225
+ - (djm) Use %{_libexecdir} rather than hardcoded path in RPM specfile
+   Patch from Adrian Ho <lexfiend@usa.net>
+ - (bal) Replace 'unsigned long long' to 'u_int64_t' since not every
+   platform defines u_int64_t as being that.
+
+20010224
+ - (bal) Missed part of the UNIX sockets patch.  Patch by Corinna
+   Vinschen <vinschen@redhat.com>
+ - (bal) Reorder where 'strftime' is detected to resolve linking
+   issues on SCO.  Patch by Tim Rice <tim@multitalents.net>
+
+20010224
+ - (bal) pam_stack fix to correctly detect between RH7 and older RHs.
+   Patch by Pekka Savola <pekkas@netcore.fi>
+ - (bal) Renamed sigaction.[ch] to sigact.[ch].  Causes problems with
+   some platforms.
+ - (bal) Generalize lack of UNIX sockets since this also effects Cray
+   not just Cygwin.  Based on patch by Wendy Palm <wendyp@cray.com>
+
+20010223
+ - (bal) Fix --define rh7 in openssh.spec file.  Patch by Steve Tell
+   <tell@telltronics.org>
+ - (bal) Patch to force OpenSSH rpm to require the same version of OpenSSL
+   that it was compiled against.  Patch by Pekka Savola <pekkas@netcore.fi>
+ - (bal) Double -I for OpenSSL on SCO.  Patch by Tim Rice
+   <tim@multitalents.net>
+
+20010222
+ - (bal) Corrected SCO luid patch by svaughan <svaughan@asterion.com>
+ - (bal) Added mdoc2man.pl from Mark Roth <roth@feep.net>
+ - (bal) Removed reference to liblogin from contrib/README.  It was
+   integrated into OpenSSH a long while ago.
+ - (stevesk) remove erroneous #ifdef sgi code.
+   Michael Stone <mstone@cs.loyola.edu>
+
+20010221
+ - (bal) Removed -L/usr/ucblib -R/usr/ucblib for Solaris platform.
+ - (bal) Fixed OpenSSL rework to use $saved_*.  Patch by Tim Rice
+   <tim@multitalents.net>
+ - (bal) Reverted out of 2001/02/15 patch by djm below because it
+   breaks Solaris.
+	- (djm) Move PAM session setup back to before setuid to user.
+	  fixes problems on Solaris-drived PAMs.
+ - (stevesk) session.c: back out to where we were before:
+    - (djm) Move PAM session initialisation until after fork in sshd. Patch
+      from Nalin Dahyabhai <nalin@redhat.com>
+
+20010220
+ - (bal) Fix mixed up params to memmove() from Jan 5th in setenv.c and
+   getcwd.c.
+ - (bal) OpenBSD CVS Sync:
+   - deraadt@cvs.openbsd.org 2001/02/19 23:09:05
+     [sshd.c]
+     clarify message to make it not mention "ident"
+
+20010219
+ - (bal) Markus' blessing to rename login.[ch] -> sshlogin.[ch] and
+   pty.[ch] -> sshpty.[ch]
+ - (djm) Rework search for OpenSSL location. Skip directories which don't
+   exist, don't add -L$ssldir/lib if it doesn't exist. Should help SCO
+   with its limit of 6 -L options.
+ - OpenBSD CVS Sync:
+   - reinhard@cvs.openbsd.org        2001/02/17 08:24:40
+     [sftp.1]
+     typo
+   - deraadt@cvs.openbsd.org 2001/02/17 16:28:58
+     [ssh.c]
+     cleanup -V output; noted by millert
+   - deraadt@cvs.openbsd.org 2001/02/17 16:48:48
+     [sshd.8]
+     it's the OpenSSH one
+   - markus@cvs.openbsd.org  2001/02/18 11:33:54
+     [dispatch.c]
+     typo, SSH2_MSG_KEXINIT, from aspa@kronodoc.fi
+   - markus@cvs.openbsd.org  2001/02/19 02:53:32
+     [compat.c compat.h serverloop.c]
+     ssh-1.2.{18-22} has broken handling of ignore messages; report from
+     itojun@
+   - markus@cvs.openbsd.org  2001/02/19 03:35:23
+     [version.h]
+     OpenSSH_2.5.1 adds bug compat with 1.2.{18-22}
+   - deraadt@cvs.openbsd.org 2001/02/19 03:36:25
+     [scp.c]
+     np is changed by recursion; vinschen@redhat.com
+ - Update versions in RPM spec files
+ - Release 2.5.1p1
+
+20010218
+ - (bal) Patch for fix FCHMOD reference in ftp-client.c by Tim Rice
+   <tim@multitalents.net>
+ - (Bal) Patch for lack of RA_RESTART in misc.c for mysignal by
+   stevesk
+ - (djm) Fix my breaking of cygwin builds, Patch from Corinna Vinschen
+   <vinschen@redhat.com> and myself.
+ - (djm) Close listen_sock on bind() failures. Patch from Arkadiusz
+   Miskiewicz <misiek@pld.ORG.PL>
+ - (djm) Robustify EGD/PRNGd code in face of socket closures. Patch from
+   Todd C. Miller <Todd.Miller@courtesan.com>
+ - (djm) Use ttyname() to determine name of tty returned by openpty()
+   rather then risking overflow. Patch from Marek Michalkiewicz
+   <marekm@amelek.gda.pl>
+ - (djm) Swapped tests for no_libsocket and no_libnsl in configure.in.
+   Patch from Marek Michalkiewicz <marekm@amelek.gda.pl>
+ - (djm) Doc fixes from Pekka Savola <pekkas@netcore.fi>
+ - (djm) Use SA_INTERRUPT along SA_RESTART if present (equivalent for
+   SunOS)
+ - (djm) SCO needs librpc for libwrap. Patch from Tim Rice
+   <tim@multitalents.net>
+ - (stevesk) misc.c: cpp rework of SA_(INTERRUPT|RESTART) handling.
+ - (stevesk) scp.c: use mysignal() for updateprogressmeter() handler.
+ - (djm) SA_INTERRUPT is the converse of SA_RESTART, apply it only for
+   SIGALRM.
+ - (djm) Move entropy.c over to mysignal()
+ - (djm) SunOS 4.x also needs to define HAVE_BOGUS_SYS_QUEUE_H as it has
+   a <sys/queue.h> that lacks the TAILQ_* macros. Patch from Todd C.
+   Miller <Todd.Miller@courtesan.com>
+ - (djm) Update RPM spec files for 2.5.0p1
+ - (djm) Merge BSD_AUTH support from Markus Friedl and David J. MacKenzie
+   enable with --with-bsd-auth.
+ - (stevesk) entropy.c: typo; should be SIGPIPE
+
+20010217
+ - (bal) OpenBSD Sync:
+   - markus@cvs.openbsd.org 2001/02/16 13:38:18
+     [channel.c]
+     remove debug
+   - markus@cvs.openbsd.org 2001/02/16 14:03:43
+     [session.c]
+     proper payload-length check for x11 w/o screen-number
+
+20010216
+ - (bal) added '--with-prce'  to allow overriding of system regex when
+   required (tested by David Dulek <ddulek@fastenal.com>)
+ - (bal) Added DG/UX case and set that they have a broken IPTOS.
+ - (djm) Mini-configure reorder patch from Tim Rice <tim@multitalents.net>
+   Fixes linking on SCO.
+ - (djm) Make gnome-ssh-askpass handle multi-line prompts. Patch from
+   Nalin Dahyabhai <nalin@redhat.com>
+ - (djm) BSD license for gnome-ssh-askpass (was X11)
+ - (djm) KNF on gnome-ssh-askpass
+ - (djm) USE_PIPES for a few more sysv platforms
+ - (djm) Cleanup configure.in a little
+ - (djm) Ask users to check config.log when we can't find necessary libs
+ - (djm) Set "login ID" on systems with setluid. Only enabled for SCO
+   OpenServer for now. Based on patch from svaughan <svaughan@asterion.com>
+ - (djm) OpenBSD CVS:
+   - markus@cvs.openbsd.org  2001/02/15 16:19:59
+     [channels.c channels.h serverloop.c sshconnect.c sshconnect.h]
+     [sshconnect1.c sshconnect2.c]
+     genericize password padding function for SSH1 and SSH2.
+     add stylized echo to 2, too.
+ - (djm) Add roundup() macro to defines.h
+ - (stevesk) set SA_RESTART flag in mysignal() for SIGCHLD;
+   needed on Unixware 2.x.
+
+20010215
+ - (djm) Move PAM session setup back to before setuid to user. Fixes
+   problems on Solaris-derived PAMs.
+ - (djm) Clean up PAM namespace. Suggested by Darren Moffat
+   <Darren.Moffat@eng.sun.com>
+ - (bal) Sync w/ OpenSSH for new release
+   - markus@cvs.openbsd.org 2001/02/12 12:45:06
+     [sshconnect1.c]
+     fix xmalloc(0), ok dugsong@
+   - markus@cvs.openbsd.org 2001/02/11 12:59:25
+     [Makefile.in sshd.8 sshconnect2.c readconf.h readconf.c packet.c
+      sshd.c ssh.c ssh.1 servconf.h servconf.c myproposal.h kex.h kex.c]
+     1) clean up the MAC support for SSH-2
+     2) allow you to specify the MAC with 'ssh -m'
+     3) or the 'MACs' keyword in ssh(d)_config
+     4) add hmac-{md5,sha1}-96
+             ok stevesk@, provos@
+   - markus@cvs.openbsd.org 2001/02/12 16:16:23
+     [auth-passwd.c auth.c auth.h auth1.c auth2.c servconf.c servconf.h
+      ssh-keygen.c sshd.8]
+     PermitRootLogin={yes,without-password,forced-commands-only,no}
+     (before this change, root could login even if PermitRootLogin==no)
+   - deraadt@cvs.openbsd.org 2001/02/12 22:56:09
+     [clientloop.c packet.c ssh-keyscan.c]
+     deal with EAGAIN/EINTR selects which were skipped
+   - markus@cvs.openssh.org 2001/02/13 22:49:40
+     [auth1.c auth2.c]
+     setproctitle(user) only if getpwnam succeeds
+   - markus@cvs.openbsd.org 2001/02/12 23:26:20
+     [sshd.c]
+     missing memset; from solar@openwall.com
+   - stevesk@cvs.openbsd.org 2001/02/12 20:53:33
+     [sftp-int.c]
+     lumask now works with 1 numeric arg; ok markus@, djm@
+   - djm@cvs.openbsd.org 2001/02/14 9:46:03
+     [sftp-client.c sftp-int.c sftp.1]
+     Fix and document 'preserve modes & times' option ('-p' flag in sftp);
+     ok markus@
+ - (bal) replaced PATH_MAX in sftp-int.c w/ MAXPATHLEN.
+ - (djm) Move to Jim's 1.2.0 X11 askpass program
+ - (stevesk) OpenBSD sync:
+   - deraadt@cvs.openbsd.org 2001/02/15 01:38:04
+     [serverloop.c]
+     indent
+
+20010214
+ - (djm) Don't try to close PAM session or delete credentials if the
+   session has not been open or credentials not set. Based on patch from
+   Andrew Bartlett <abartlet@pcug.org.au>
+ - (djm) Move PAM session initialisation until after fork in sshd. Patch
+   from Nalin Dahyabhai <nalin@redhat.com>
+ - (bal) Missing function prototype in bsd-snprintf.c patch by
+   Mark Miller <markm@swoon.net>
+ - (djm) Split out and improve OSF SIA auth code. Patch from Chris Adams
+   <cmadams@hiwaay.net> with a little modification and KNF.
+ - (stevesk) fix for SIA patch, misplaced session_setup_sia()
+
+20010213
+ - (djm) Only test -S potential EGD sockets if they exist and are readable.
+ - (bal) Cleaned out bsd-snprintf.c.  VARARGS have been banished and
+   I did a base KNF over the whe whole file to make it more acceptable.
+   (backed out of original patch and removed it from ChangeLog)
+ - (bal) Use chown() if fchown() does not exist in ftp-server.c patch by
+   Tim Rice <tim@multitalents.net>
+ - (stevesk) auth1.c: fix PAM passwordless check.
+
+20010212
+ - (djm) Update Redhat specfile to allow --define "skip_x11_askpass 1",
+   --define "skip_gnome_askpass 1", --define "rh7 1" and make the
+   implicit rpm-3.0.5 dependancy explicit. Patch and suggestions from
+   Pekka Savola <pekkas@netcore.fi>
+ - (djm) Clean up PCRE text in INSTALL
+ - (djm) Fix OSF SIA auth NULL pointer deref. Report from Mike Battersby
+   <mib@unimelb.edu.au>
+ - (bal) NCR SVR4 compatiblity provide by Don Bragg <thewizarddon@yahoo.com>
+ - (stevesk) session.c: remove debugging code.
+
+20010211
+ - (bal) OpenBSD Sync
+   - markus@cvs.openbsd.org 2001/02/07 22:35:46
+     [auth1.c auth2.c sshd.c]
+     move k_setpag() to a central place; ok dugsong@
+   - markus@cvs.openbsd.org 2001/02/10 12:52:02
+     [auth2.c]
+     offer passwd before s/key
+   - markus@cvs.openbsd.org 2001/02/8 22:37:10
+     [canohost.c]
+     remove last call to sprintf; ok deraadt@
+   - markus@cvs.openbsd.org 2001/02/10 1:33:32
+     [canohost.c]
+     add debug message, since sshd blocks here if DNS is not available
+   - markus@cvs.openbsd.org 2001/02/10 12:44:02
+     [cli.c]
+     don't call vis() for \r
+   - danh@cvs.openbsd.org 2001/02/10 0:12:43
+     [scp.c]
+     revert a small change to allow -r option to work again; ok deraadt@
+   - danh@cvs.openbsd.org 2001/02/10 15:14:11
+     [scp.c]
+     fix memory leak; ok markus@
+   - djm@cvs.openbsd.org 2001/02/10 0:45:52
+     [scp.1]
+     Mention that you can quote pathnames with spaces in them
+   - markus@cvs.openbsd.org 2001/02/10 1:46:28
+     [ssh.c]
+     remove mapping of argv[0] -> hostname
+   - markus@cvs.openbsd.org 2001/02/06 22:26:17
+     [sshconnect2.c]
+     do not ask for passphrase in batch mode; report from ejb@ql.org
+   - itojun@cvs.opebsd.org 2001/02/08 10:47:05
+     [sshconnect.c sshconnect1.c sshconnect2.c]
+     %.30s is too short for IPv6 numeric address.  use %.128s for now.
+     markus ok
+   - markus@cvs.openbsd.org 2001/02/09 12:28:35
+     [sshconnect2.c]
+     do not free twice, thanks to /etc/malloc.conf
+   - markus@cvs.openbsd.org 2001/02/09 17:10:53
+     [sshconnect2.c]
+     partial success: debug->log; "Permission denied" if no more auth methods
+   - markus@cvs.openbsd.org 2001/02/10 12:09:21
+     [sshconnect2.c]
+     remove some lines
+   - markus@cvs.openbsd.org 2001/02/09 13:38:07
+     [auth-options.c]
+     reset options if no option is given; from han.holl@prismant.nl
+   - markus@cvs.openbsd.org 2001/02/08 21:58:28
+     [channels.c]
+     nuke sprintf, ok deraadt@
+   - markus@cvs.openbsd.org 2001/02/08 21:58:28
+     [channels.c]
+     nuke sprintf, ok deraadt@
+   - markus@cvs.openbsd.org 2001/02/06 22:43:02
+     [clientloop.h]
+     remove confusing callback code
+   - deraadt@cvs.openbsd.org 2001/02/08 14:39:36
+     [readconf.c]
+     snprintf
+   - itojun@cvs.openbsd.org 2001/02/08 19:30:52
+     sync with netbsd tree changes.
+     - more strict prototypes, include necessary headers
+     - use paths.h/pathnames.h decls
+     - size_t typecase to int -> u_long
+   - itojun@cvs.openbsd.org 2001/02/07 18:04:50
+     [ssh-keyscan.c]
+     fix size_t -> int cast (use u_long).  markus ok
+   - markus@cvs.openbsd.org 2001/02/07 22:43:16
+     [ssh-keyscan.c]
+     s/getline/Linebuf_getline/; from roumen.petrov@skalasoft.com
+   - itojun@cvs.openbsd.org 2001/02/09 9:04:59
+     [ssh-keyscan.c]
+     do not assume malloc() returns zero-filled region.  found by
+     malloc.conf=AJ.
+   - markus@cvs.openbsd.org 2001/02/08 22:35:30
+     [sshconnect.c]
+     don't connect if batch_mode is true and stricthostkeychecking set to
+    'ask'
+   - djm@cvs.openbsd.org 2001/02/04 21:26:07
+     [sshd_config]
+     type: ok markus@
+   - deraadt@cvs.openbsd.org 2001/02/06 22:07:50
+     [sshd_config]
+     enable sftp-server by default
+   - deraadt 2001/02/07 8:57:26
+     [xmalloc.c]
+     deal with new ANSI malloc stuff
+   - markus@cvs.openbsd.org 2001/02/07 16:46:08
+     [xmalloc.c]
+     typo in fatal()
+   - itojun@cvs.openbsd.org 2001/02/07 18:04:50
+     [xmalloc.c]
+     fix size_t -> int cast (use u_long).  markus ok
+   - 1.47 Thu Feb 8 23:11:42 GMT 2001 by dugsong
+     [serverloop.c sshconnect1.c]
+     mitigate SSH1 traffic analysis - from Solar Designer
+     <solar@openwall.com>, ok provos@
+ - (bal) fixed sftp-client.c.  Return 'status' instead of '0'
+   (from the OpenBSD tree)
+ - (bal) Synced ssh.1, ssh-add.1 and sshd.8 w/ OpenBSD
+ - (bal) sftp-sever.c  '%8lld' to '%8llu' (OpenBSD Sync)
+ - (bal) uuencode.c resync w/ OpenBSD tree, plus whitespace.
+ - (bal) A bit more whitespace cleanup
+ - (djm) Set PAM_RHOST earlier, patch from Andrew Bartlett
+   <abartlet@pcug.org.au>
+ - (stevesk) misc.c: ssh.h not needed.
+ - (stevesk) compat.c: more friendly cpp error
+ - (stevesk) OpenBSD sync:
+   - stevesk@cvs.openbsd.org 2001/02/11 06:15:57
+     [LICENSE]
+     typos and small cleanup; ok deraadt@
+
+20010210
+ - (djm) Sync sftp and scp stuff from OpenBSD:
+   - djm@cvs.openbsd.org     2001/02/07 03:55:13
+     [sftp-client.c]
+     Don't free handles before we are done with them. Based on work from
+     Corinna Vinschen <vinschen@redhat.com>. ok markus@
+   - djm@cvs.openbsd.org     2001/02/06 22:32:53
+     [sftp.1]
+     Punctuation fix from Pekka Savola <pekkas@netcore.fi>
+   - deraadt@cvs.openbsd.org 2001/02/07 04:07:29
+     [sftp.1]
+     pretty up significantly
+   - itojun@cvs.openbsd.org  2001/02/07 06:49:42
+     [sftp.1]
+     .Bl-.El mismatch.  markus ok
+   - djm@cvs.openbsd.org     2001/02/07 06:12:30
+     [sftp-int.c]
+     Check that target is a directory before doing ls; ok markus@
+   - itojun@cvs.openbsd.org  2001/02/07 11:01:18
+     [scp.c sftp-client.c sftp-server.c]
+     unsigned long long -> %llu, not %qu.  markus ok
+   - stevesk@cvs.openbsd.org 2001/02/07 11:10:39
+     [sftp.1 sftp-int.c]
+     more man page cleanup and sync of help text with man page; ok markus@
+   - markus@cvs.openbsd.org  2001/02/07 14:58:34
+     [sftp-client.c]
+     older servers reply with SSH2_FXP_NAME + count==0 instead of EOF
+   - djm@cvs.openbsd.org     2001/02/07 15:27:19
+     [sftp.c]
+     Don't forward agent and X11 in sftp. Suggestion from Roumen Petrov
+     <roumen.petrov@skalasoft.com>
+   - stevesk@cvs.openbsd.org 2001/02/07 15:36:04
+     [sftp-int.c]
+     portable; ok markus@
+   - stevesk@cvs.openbsd.org 2001/02/07 15:55:47
+     [sftp-int.c]
+     lowercase cmds[].c also; ok markus@
+   - markus@cvs.openbsd.org  2001/02/07 17:04:52
+     [pathnames.h sftp.c]
+     allow sftp over ssh protocol 1; ok djm@
+   - deraadt@cvs.openbsd.org 2001/02/08 07:38:55
+     [scp.c]
+     memory leak fix, and snprintf throughout
+   - deraadt@cvs.openbsd.org 2001/02/08 08:02:02
+     [sftp-int.c]
+     plug a memory leak
+   - stevesk@cvs.openbsd.org 2001/02/08 10:11:23
+     [session.c sftp-client.c]
+     %i -> %d
+   - stevesk@cvs.openbsd.org 2001/02/08 10:57:59
+     [sftp-int.c]
+     typo
+   - stevesk@cvs.openbsd.org 2001/02/08 15:28:07
+     [sftp-int.c pathnames.h]
+     _PATH_LS; ok markus@
+   - djm@cvs.openbsd.org     2001/02/09 04:46:25
+     [sftp-int.c]
+     Check for NULL attribs for chown, chmod & chgrp operations, only send
+     relevant attribs back to server; ok markus@
+   - djm@cvs.openbsd.org     2001/02/06 15:05:25
+     [sftp.c]
+     Use getopt to process commandline arguments
+   - djm@cvs.openbsd.org     2001/02/06 15:06:21
+     [sftp.c ]
+     Wait for ssh subprocess at exit
+   - djm@cvs.openbsd.org     2001/02/06 15:18:16
+     [sftp-int.c]
+     stat target for remote chdir before doing chdir
+   - djm@cvs.openbsd.org     2001/02/06 15:32:54
+     [sftp.1]
+     Punctuation fix from Pekka Savola <pekkas@netcore.fi>
+   - provos@cvs.openbsd.org  2001/02/05 22:22:02
+     [sftp-int.c]
+     cleanup get_pathname, fix pwd after failed cd. okay djm@
+ - (djm) Update makefile.in for _PATH_SFTP_SERVER
+ - (bal) sftp-client.c replace NULL w/ 0 in do_ls() (pending in OpenBSD tree)
+
+20010209
+ - (bal) patch to vis.c to deal with HAVE_VIS right by Robert Mooney
+   <rjmooney@mediaone.net>
+ - (bal) .c.o rule in openbsd-compat/Makefile.in did not make it to the
+   main tree while porting forward.  Pointed out by Lutz Jaenicke
+   <Lutz.Jaenicke@aet.TU-Cottbus.DE>
+ - (bal) double entry in configure.in.  Pointed out by Lutz Jaenicke
+   <Lutz.Jaenicke@aet.TU-Cottbus.DE>
+ - (stevesk) OpenBSD sync:
+   - markus@cvs.openbsd.org  2001/02/08 11:20:01
+     [auth2.c]
+     strict checking
+   - markus@cvs.openbsd.org  2001/02/08 11:15:22
+     [version.h]
+     update to 2.3.2
+   - markus@cvs.openbsd.org  2001/02/08 11:12:30
+     [auth2.c]
+     fix typo
+ - (djm) Update spec files
+ - (bal) OpenBSD sync:
+   - deraadt@cvs.openbsd.org 2001/02/08 14:38:54
+     [scp.c]
+     memory leak fix, and snprintf throughout
+   - markus@cvs.openbsd.org 2001/02/06 22:43:02
+     [clientloop.c]
+     remove confusing callback code
+ - (djm) Add CVS Id's to files that we have missed
+ - (bal) OpenBSD Sync (more):
+   - itojun@cvs.openbsd.org 2001/02/08 19:30:52
+     sync with netbsd tree changes.
+     - more strict prototypes, include necessary headers
+     - use paths.h/pathnames.h decls
+     - size_t typecase to int -> u_long
+   - markus@cvs.openbsd.org 2001/02/06 22:07:42
+     [ssh.c]
+     fatal() if subsystem fails
+   - markus@cvs.openbsd.org 2001/02/06 22:43:02
+     [ssh.c]
+     remove confusing callback code
+   - jakob@cvs.openbsd.org 2001/02/06 23:03:24
+     [ssh.c]
+     add -1 option (force protocol version 1). ok markus@
+   - jakob@cvs.openbsd.org 2001/02/06 23:06:21
+     [ssh.c]
+     reorder -{1,2,4,6} options. ok markus@
+ - (bal) Missing 'const' in readpass.h
+ - (bal) OpenBSD Sync (so at least the thing compiles for 2.3.2 =)
+   - djm@cvs.openbsd.org 2001/02/06 23:30:28
+     [sftp-client.c]
+     replace arc4random with counter for request ids; ok markus@
+ - (djm) Define _PATH_TTY for systems that don't. Report from Lutz
+   Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
+
+20010208
+ - (djm) Don't delete external askpass program in make uninstall target.
+   Report and fix from Roumen Petrov <roumen.petrov@skalasoft.com>
+ - (djm) Fix linking of sftp, don't need arc4random any more.
+ - (djm) Try to use shell that supports "test -S" for EGD socket search.
+   Based on patch from Tim Rice <tim@multitalents.net>
+
+20010207
+ - (bal) Save the whole path to AR in configure.  Some Solaris 2.7 installs
+   seem lose track of it while in openbsd-compat/  (two confirmed reports)
+ - (djm) Much KNF on PAM code
+ - (djm) Revise auth-pam.c conversation function to be a little more
+   readable.
+ - (djm) Revise kbd-int PAM conversation function to fold all text messages
+   to before first prompt. Fixes hangs if last pam_message did not require
+   a reply.
+ - (djm) Fix password changing when using PAM kbd-int authentication
+
+20010205
+ - (bal) Disable groupaccess by setting NGROUPS_MAX to 0 for platforms
+   that don't have NGROUPS_MAX.
+ - (bal) AIX patch for auth1.c by William L. Jones <jones@hpc.utexas.edu>
+ - (stevesk) OpenBSD sync:
+   - stevesk@cvs.openbsd.org 2001/02/04 08:32:27
+     [many files; did this manually to our top-level source dir]
+     unexpand and remove end-of-line whitespace; ok markus@
+   - stevesk@cvs.openbsd.org 2001/02/04 15:21:19
+     [sftp-server.c]
+     SSH2_FILEXFER_ATTR_UIDGID support; ok markus@
+   - deraadt@cvs.openbsd.org 2001/02/04 17:02:32
+     [sftp-int.c]
+     ? == help
+   - deraadt@cvs.openbsd.org 2001/02/04 16:47:46
+     [sftp-int.c]
+     sort commands, so that abbreviations work as expected
+   - stevesk@cvs.openbsd.org 2001/02/04 15:17:52
+     [sftp-int.c]
+     debugging sftp: precedence and missing break.  chmod, chown, chgrp
+     seem to be working now.
+   - markus@cvs.openbsd.org 2001/02/04 14:41:21
+     [sftp-int.c]
+     use base 8 for umask/chmod
+   - markus@cvs.openbsd.org 2001/02/04 11:11:54
+     [sftp-int.c]
+     fix LCD
+   - markus@cvs.openbsd.org  2001/02/04 08:10:44
+     [ssh.1]
+     typo; dpo@club-internet.fr
+   - stevesk@cvs.openbsd.org 2001/02/04 06:30:12
+     [auth2.c authfd.c packet.c]
+     remove duplicate #include's; ok markus@
+   - deraadt@cvs.openbsd.org 2001/02/04 16:56:23
+     [scp.c sshd.c]
+     alpha happiness
+   - stevesk@cvs.openbsd.org 2001/02/04 15:12:17
+     [sshd.c]
+     precedence; ok markus@
+   - deraadt@cvs.openbsd.org 2001/02/04 08:14:15
+     [ssh.c sshd.c]
+     make the alpha happy
+   - markus@cvs.openbsd.org  2001/01/31 13:37:24
+     [channels.c channels.h serverloop.c ssh.c]
+     do not disconnect if local port forwarding fails, e.g. if port is
+     already in use
+   - markus@cvs.openbsd.org  2001/02/01 14:58:09
+     [channels.c]
+     use ipaddr in channel messages, ietf-secsh wants this
+   - markus@cvs.openbsd.org  2001/01/31 12:26:20
+     [channels.c]
+     ssh.com-2.0.1x does not send additional info in CHANNEL_OPEN_FAILURE
+     messages; bug report from edmundo@rano.org
+   - markus@cvs.openbsd.org  2001/01/31 13:48:09
+     [sshconnect2.c]
+     unused
+   - deraadt@cvs.openbsd.org 2001/02/04 08:23:08
+     [sftp-client.c sftp-server.c]
+     make gcc on the alpha even happier
+
+20010204
+ - (bal) I think this is the last of the bsd-*.h that don't belong.
+ - (bal) Minor Makefile fix
+ - (bal) openbsd-compat/Makefile minor fix.  Ensure dependancies are done
+   right.
+ - (bal) Changed order of LIB="" in -with-skey due to library resolving.
+ - (bal) next-posix.h changed to bsd-nextstep.h
+ - (djm) OpenBSD CVS sync:
+   - markus@cvs.openbsd.org  2001/02/03 03:08:38
+     [auth-options.c auth-rh-rsa.c auth-rhosts.c auth.c canohost.c]
+     [canohost.h servconf.c servconf.h session.c sshconnect1.c sshd.8]
+     [sshd_config]
+     make ReverseMappingCheck optional in sshd_config; ok djm@,dugsong@
+   - markus@cvs.openbsd.org  2001/02/03 03:19:51
+     [ssh.1 sshd.8 sshd_config]
+     Skey is now called ChallengeResponse
+   - markus@cvs.openbsd.org  2001/02/03 03:43:09
+     [sshd.8]
+     use no-pty option in .ssh/authorized_keys* if you need a 8-bit clean
+     channel. note from Erik.Anggard@cygate.se (pr/1659)
+   - stevesk@cvs.openbsd.org 2001/02/03 10:03:06
+     [ssh.1]
+     typos; ok markus@
+   - djm@cvs.openbsd.org     2001/02/04 04:11:56
+     [scp.1 sftp-server.c ssh.1 sshd.8 sftp-client.c sftp-client.h]
+     [sftp-common.c sftp-common.h sftp-int.c sftp-int.h sftp.1 sftp.c]
+     Basic interactive sftp client; ok theo@
+ - (djm) Update RPM specs for new sftp binary
+ - (djm) Update several bits for new optional reverse lookup stuff. I
+   think I got them all.
+ - (djm) Makefile.in fixes
+ - (stevesk) add mysignal() wrapper and use it for the protocol 2
+   SIGCHLD handler.
+ - (djm) Use setvbuf() instead of setlinebuf(). Suggest from stevesk@
+
+20010203
+ - (bal) Cygwin clean up by Corinna Vinschen <vinschen@redhat.com>
+ - (bal) renamed queue.h to fake-queue.h (even if it's an OpenBSD
+   based file) to ensure #include space does not get confused.
+ - (bal) Minor Makefile.in tweak.  dirname may not exist on some
+   platforms so builds fail.  (NeXT being a well known one)
+
+20010202
+ - (bal) Makefile fix where sourcedir != builddir by Corinna Vinschen
+   <vinschen@redhat.com>
+ - (bal) Makefile fix to use $(MAKE) instead of 'make'  for platforms
+   that use 'gmake'.   Patch by Tim Rice <tim@multitalents.net>
+
+20010201
+ - (bal) Minor fix to Makefile to stop rebuilding executables if no
+   changes have occured to any of the supporting code.  Patch by
+   Roumen Petrov <roumen.petrov@skalasoft.com>
+
+20010131
+ - (djm) OpenBSD CVS Sync:
+   - djm@cvs.openbsd.org     2001/01/30 15:48:53
+     [sshconnect.c]
+     Make warning message a little more consistent. ok markus@
+ - (djm) Fix autoconf logic for --with-lastlog=no Report and diagnosis from
+   Philipp Buehler <lists@fips.de> and Kevin Steves <stevesk@sweden.hp.com>
+   respectively.
+ - (djm) Don't log SSH2 PAM KbdInt responses to debug, they may contain
+   passwords.
+ - (bal) Reorder.  Move all bsd-*, fake-*, next-*, and cygwin* stuff to
+   openbsd-compat/.  And resolve all ./configure and Makefile.in issues
+   assocated.
+
+20010130
+ - (djm) OpenBSD CVS Sync:
+   - markus@cvs.openbsd.org  2001/01/29 09:55:37
+     [channels.c channels.h clientloop.c serverloop.c]
+     fix select overflow; ok deraadt@ and stevesk@
+   - markus@cvs.openbsd.org  2001/01/29 12:42:35
+     [canohost.c canohost.h channels.c clientloop.c]
+     add get_peer_ipaddr(socket), x11-fwd in ssh2 requires ipaddr, not DNS
+   - markus@cvs.openbsd.org  2001/01/29 12:47:32
+     [rsa.c rsa.h ssh-agent.c sshconnect1.c sshd.c]
+     handle rsa_private_decrypt failures; helps against the Bleichenbacher
+     pkcs#1 attack
+   - djm@cvs.openbsd.org     2001/01/29 05:36:11
+     [ssh.1 ssh.c]
+     Allow invocation of sybsystem by commandline (-s); ok markus@
+ - (stevesk) configure.in: remove duplicate PROG_LS
+
+20010129
+ - (stevesk) sftp-server.c: use %lld vs. %qd
+
+20010128
+ - (bal) Put USE_PIPES back into sco3.2v5
+ - (bal) OpenBSD Sync
+   - markus@cvs.openbsd.org 2001/01/28 10:15:34
+     [dispatch.c]
+     re-keying is not supported; ok deraadt@
+   - markus@cvs.openbsd.org 2001/01/28 10:24:04
+     [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
+     cleanup AUTHORS sections
+   - markus@cvs.openbsd.org 2001/01/28 10:37:26
+     [sshd.c sshd.8]
+     remove -Q, no longer needed
+   - stevesk@cvs.openbsd.org 2001/01/28 20:36:16
+     [readconf.c ssh.1]
+     ``StrictHostKeyChecking ask'' documentation and small cleanup.
+     ok markus@
+   - stevesk@cvs.openbsd.org 2001/01/28 20:43:25
+     [sshd.8]
+     spelling.  ok markus@
+   - stevesk@cvs.openbsd.org 2001/01/28 20:53:21
+     [xmalloc.c]
+     use size_t for strlen() return.  ok markus@
+   - stevesk@cvs.openbsd.org 2001/01/28 22:27:05
+     [authfile.c]
+     spelling.  use sizeof vs. strlen().  ok markus@
+   - niklas@cvs.openbsd.org 2001/01/29 1:59:14
+     [atomicio.h canohost.h clientloop.h deattack.h dh.h dispatch.h
+      groupaccess.c groupaccess.h hmac.h hostfile.h includes.h kex.h
+      key.h log.h login.h match.h misc.h myproposal.h nchan.ms pathnames.h
+      radix.h readpass.h rijndael.h serverloop.h session.h sftp.h ssh-add.1
+      ssh-dss.h ssh-keygen.1 ssh-keyscan.1 ssh-rsa.h ssh1.h ssh_config
+      sshconnect.h sshd_config tildexpand.h uidswap.h uuencode.h]
+     $OpenBSD$
+  - (bal) Minor auth2.c resync.  Whitespace and moving of an #include.
+
+20010126
+ - (bal) SSH_PROGRAM vs _PATH_SSH_PROGRAM fix pointed out by Roumen
+   Petrov <roumen.petrov@skalasoft.com>
+ - (bal) OpenBSD Sync
+   - deraadt@cvs.openbsd.org 2001/01/25 8:06:33
+     [ssh-agent.c]
+     call _exit() in signal handler
+
+20010125
+ - (djm) Sync bsd-* support files:
+   - deraadt@cvs.openbsd.org 2000/01/26 03:43:20
+     [rresvport.c bindresvport.c]
+     new bindresvport() semantics that itojun, shin, jean-luc and i have
+     agreed on, which will be happy for the future. bindresvport_sa() for
+     sockaddr *, too.  docs later..
+   - deraadt@cvs.openbsd.org 2000/01/24 02:24:21
+     [bindresvport.c]
+     in bindresvport(), if sin is non-NULL, example sin->sin_family for
+     the actual family being processed
+ - (djm) Mention PRNGd in documentation, it is nicer than EGD
+ - (djm) Automatically search for "well-known" EGD/PRNGd sockets in autoconf
+ - (bal) AC_FUNC_STRFTIME added to autoconf
+ - (bal) OpenBSD Resync
+   - stevesk@cvs.openbsd.org 2001/01/24 21:03:50
+     [channels.c]
+     missing freeaddrinfo(); ok markus@
+
+20010124
+ - (bal) OpenBSD Resync
+   - markus@cvs.openbsd.org 2001/01/23 10:45:10
+     [ssh.h]
+     nuke comment
+ - (bal) no 64bit support patch from Tim Rice <tim@multitalents.net>
+ - (bal) #ifdef around S_IFSOCK if platform does not support it.
+   patch by Tim Rice <tim@multitalents.net>
+ - (bal) fake-regex.h cleanup based on Tim Rice's patch.
+ - (stevesk) sftp-server.c: fix chmod() mode mask
+
+20010123
+ - (bal) regexp.h typo in configure.in.  Should have been regex.h
+ - (bal) SSH_USER_DIR to _PATH_SSH_USER_DIR patch by stevesk@
+ - (bal) SSH_ASKPASS_DEFAULT to _PATH_SSH_ASKPASS_DEFAULT
+ - (bal) OpenBSD Resync
+   - markus@cvs.openbsd.org 2001/01/22 8:15:00
+     [auth-krb4.c sshconnect1.c]
+     only AFS needs radix.[ch]
+   - markus@cvs.openbsd.org 2001/01/22 8:32:53
+     [auth2.c]
+     no need to include; from mouring@etoh.eviladmin.org
+   - stevesk@cvs.openbsd.org 2001/01/22 16:55:21
+     [key.c]
+     free() -> xfree(); ok markus@
+   - stevesk@cvs.openbsd.org 2001/01/22 17:22:28
+     [sshconnect2.c sshd.c]
+     fix memory leaks in SSH2 key exchange; ok markus@
+   - markus@cvs.openbsd.org 2001/01/22 23:06:39
+     [auth1.c auth2.c readconf.c readconf.h servconf.c servconf.h
+      sshconnect1.c sshconnect2.c sshd.c]
+     rename skey -> challenge response.
+     auto-enable kbd-interactive for ssh2 if challenge-reponse is enabled.
+
+
+20010122
+ - (bal) OpenBSD Resync
+   - markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus
+     [servconf.c ssh.h sshd.c]
+     only auth-chall.c needs #ifdef SKEY
+   - markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus
+     [auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
+      auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c
+      packet.c pathname.h readconf.c scp.c servconf.c serverloop.c
+      session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h
+      ssh1.h sshconnect1.c sshd.c ttymodes.c]
+     move ssh1 definitions to ssh1.h, pathnames to pathnames.h
+   - markus@cvs.openbsd.org 2001/01/19 16:48:14
+     [sshd.8]
+     fix typo; from stevesk@
+   - markus@cvs.openbsd.org 2001/01/19 16:50:58
+     [ssh-dss.c]
+     clear and free digest, make consistent with other code (use dlen); from
+     stevesk@
+   - markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus
+     [auth-options.c auth-options.h auth-rsa.c auth2.c]
+     pass the filename to auth_parse_options()
+   - markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001
+     [readconf.c]
+     fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com
+   - stevesk@cvs.openbsd.org 2001/01/20 18:20:29
+     [sshconnect2.c]
+     dh_new_group() does not return NULL.  ok markus@
+   - markus@cvs.openbsd.org 2001/01/20 21:33:42
+     [ssh-add.c]
+     do not loop forever if askpass does not exist; from
+     andrew@pimlott.ne.mediaone.net
+   - djm@cvs.openbsd.org 2001/01/20 23:00:56
+     [servconf.c]
+     Check for NULL return from strdelim; ok markus
+   - djm@cvs.openbsd.org 2001/01/20 23:02:07
+     [readconf.c]
+     KNF; ok markus
+   - jakob@cvs.openbsd.org 2001/01/21 9:00:33
+     [ssh-keygen.1]
+     remove -R flag; ok markus@
+   - markus@cvs.openbsd.org 2001/01/21 19:05:40
+     [atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c
+      auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
+      auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c
+      bufaux.c  bufaux.h buffer.c canahost.c canahost.h channels.c
+      cipher.c cli.c clientloop.c clientloop.h compat.c compress.c
+      deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c
+      key.c key.h log-client.c log-server.c log.c log.h login.c login.h
+      match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c
+      readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h
+      session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c
+      ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h
+      sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h
+      ttysmodes.c uidswap.c xmalloc.c]
+     split ssh.h and try to cleanup the #include mess. remove unnecessary
+     #includes.  rename util.[ch] -> misc.[ch]
+ - (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree
+ - (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve
+   conflict when compiling for non-kerb install
+ - (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes
+   on 1/19.
+
+20010120
+ - (bal) OpenBSD Resync
+   - markus@cvs.openbsd.org 2001/01/19 12:45:26
+     [ssh-chall.c servconf.c servconf.h ssh.h sshd.c]
+     only auth-chall.c needs #ifdef SKEY
+ - (bal) Slight auth2-pam.c clean up.
+ - (bal) Includes a fake-regexp.h to be only used if regcomp() is found,
+   but no 'regexp.h' found (SCO OpenServer 3 lacks the header).
+
+20010119
+ - (djm) Update versions in RPM specfiles
+ - (bal) OpenBSD Resync
+   - markus@cvs.openbsd.org 2001/01/18 16:20:21
+     [log-client.c log-server.c log.c readconf.c servconf.c ssh.1 ssh.h
+      sshd.8 sshd.c]
+     log() is at pri=LOG_INFO, since LOG_NOTICE goes to /dev/console on many
+     systems
+   - markus@cvs.openbsd.org 2001/01/18 16:59:59
+     [auth-passwd.c auth.c auth.h auth1.c auth2.c serverloop.c session.c
+      session.h sshconnect1.c]
+     1) removes fake skey from sshd, since this will be much
+        harder with /usr/libexec/auth/login_XXX
+     2) share/unify code used in ssh-1 and ssh-2 authentication (server side)
+     3) make addition of BSD_AUTH and other challenge reponse methods
+        easier.
+   - markus@cvs.openbsd.org 2001/01/18 17:12:43
+     [auth-chall.c auth2-chall.c]
+     rename *-skey.c *-chall.c since the files are not skey specific
+ - (djm) Merge patch from Tim Waugh (via Nalin Dahyabhai <nalin@redhat.com>)
+   to fix NULL pointer deref and fake authloop breakage in PAM code.
+ - (bal) Updated contrib/cygwin/ by Corinna Vinschen <vinschen@redhat.com>
+ - (bal) Minor cygwin patch to auth1.c.  Suggested by djm.
+
+20010118
+ - (bal) Super Sized OpenBSD Resync
+   - markus@cvs.openbsd.org 2001/01/11 22:14:20 GMT 2001 by markus
+     [sshd.c]
+     maxfd+1
+   - markus@cvs.openbsd.org 2001/01/13 17:59:18
+     [ssh-keygen.1]
+     small ssh-keygen manpage cleanup; stevesk@pobox.com
+   - markus@cvs.openbsd.org 2001/01/13 18:03:07
+     [scp.c ssh-keygen.c sshd.c]
+     getopt() returns -1 not EOF; stevesk@pobox.com
+   - markus@cvs.openbsd.org 2001/01/13 18:06:54
+     [ssh-keyscan.c]
+     use SSH_DEFAULT_PORT; from stevesk@pobox.com
+   - markus@cvs.openbsd.org 2001/01/13 18:12:47
+     [ssh-keyscan.c]
+     free() -> xfree(); fix memory leak; from stevesk@pobox.com
+   - markus@cvs.openbsd.org 2001/01/13 18:14:13
+     [ssh-add.c]
+     typo, from stevesk@sweden.hp.com
+   - markus@cvs.openbsd.org 2001/01/13 18:32:50
+     [packet.c session.c ssh.c sshconnect.c sshd.c]
+     split out keepalive from packet_interactive (from dale@accentre.com)
+     set IPTOS_LOWDELAY TCP_NODELAY IPTOS_THROUGHPUT for ssh2, too.
+   - markus@cvs.openbsd.org 2001/01/13 18:36:45
+     [packet.c packet.h]
+     reorder, typo
+   - markus@cvs.openbsd.org 2001/01/13 18:38:00
+     [auth-options.c]
+     fix comment
+   - markus@cvs.openbsd.org 2001/01/13 18:43:31
+     [session.c]
+     Wall
+   - markus@cvs.openbsd.org 2001/01/13 19:14:08
+     [clientloop.h clientloop.c ssh.c]
+     move callback to headerfile
+   - markus@cvs.openbsd.org 2001/01/15 21:40:10
+     [ssh.c]
+     use log() instead of stderr
+   - markus@cvs.openbsd.org 2001/01/15 21:43:51
+     [dh.c]
+     use error() not stderr!
+   - markus@cvs.openbsd.org 2001/01/15 21:45:29
+     [sftp-server.c]
+     rename must fail if newpath exists, debug off by default
+   - markus@cvs.openbsd.org 2001/01/15 21:46:38
+     [sftp-server.c]
+     readable long listing for sftp-server, ok deraadt@
+   - markus@cvs.openbsd.org 2001/01/16 19:20:06
+     [key.c ssh-rsa.c]
+     make "ssh-rsa" key format for ssh2 confirm to the ietf-drafts; from
+     galb@vandyke.com.  note that you have to delete older ssh2-rsa keys,
+     since they are in the wrong format, too. they must be removed from
+     .ssh/authorized_keys2 and .ssh/known_hosts2, etc.
+     (cd; grep -v ssh-rsa .ssh/authorized_keys2 > TMP && mv TMP
+     .ssh/authorized_keys2) additionally, we now check that
+     BN_num_bits(rsa->n) >= 768.
+   - markus@cvs.openbsd.org 2001/01/16 20:54:27
+     [sftp-server.c]
+     remove some statics. simpler handles; idea from nisse@lysator.liu.se
+   - deraadt@cvs.openbsd.org 2001/01/16 23:58:08
+     [bufaux.c radix.c sshconnect.h sshconnect1.c]
+     indent
+ - (bal) Added bsd-strmode.[ch] since some non-OpenBSD platforms may
+   be missing such feature.
+
+
+20010117
+ - (djm) Only write random seed file at exit
+ - (djm) Make PAM support optional, enable with --with-pam
+ - (djm) Try to use libcrypt on Linux, but link it after OpenSSL (which
+   provides a crypt() of its own)
+ - (djm) Avoid a warning in bsd-bindresvport.c
+ - (djm) Try to avoid adding -I/usr/include to CPPFLAGS during SSL tests. This
+   can cause weird segfaults errors on Solaris
+ - (djm) Avoid warning in PAM code by making read_passphrase arguments const
+ - (djm) Add --with-pam to RPM spec files
+
+20010115
+ - (bal) sftp-server.c change to use chmod() if fchmod() does not exist.
+ - (bal) utimes() support via utime() interface on machine that lack utimes().
+
+20010114
+ - (stevesk) initial work for OpenBSD "support supplementary group in
+   {Allow,Deny}Groups" patch:
+   - import getgrouplist.c from OpenBSD (bsd-getgrouplist.c)
+   - add bsd-getgrouplist.h
+   - new files groupaccess.[ch]
+   - build but don't use yet (need to merge auth.c changes)
+ - (stevesk) complete:
+   - markus@cvs.openbsd.org  2001/01/13 11:56:48
+     [auth.c sshd.8]
+     support supplementary group in {Allow,Deny}Groups
+     from stevesk@pobox.com
+
+20010112
+ - (bal) OpenBSD Sync
+   - markus@cvs.openbsd.org 2001/01/10 22:56:22
+     [bufaux.h bufaux.c sftp-server.c sftp.h getput.h]
+     cleanup sftp-server implementation:
+     add buffer_get_int64, buffer_put_int64, GET_64BIT, PUT_64BIT
+     parse SSH2_FILEXFER_ATTR_EXTENDED
+     send SSH2_FX_EOF if readdir returns no more entries
+     reply to SSH2_FXP_EXTENDED message
+     use #defines from the draft
+     move #definations to sftp.h
+     more info:
+     http://www.ietf.org/internet-drafts/draft-ietf-secsh-filexfer-00.txt
+   - markus@cvs.openbsd.org 2001/01/10 19:43:20
+     [sshd.c]
+     XXX - generate_empheral_server_key() is not safe against races,
+     because it calls log()
+   - markus@cvs.openbsd.org 2001/01/09 21:19:50
+     [packet.c]
+     allow TCP_NDELAY for ipv6; from netbsd via itojun@
+
+20010110
+ - (djm) SNI/Reliant Unix needs USE_PIPES and $DISPLAY hack. Report from
+   Bladt Norbert <Norbert.Bladt@adi.ch>
+
+20010109
+ - (bal) Resync CVS ID of cli.c
+ - (stevesk) auth1.c: free should be after WITH_AIXAUTHENTICATE
+   code.
+ - (bal) OpenBSD Sync
+   - markus@cvs.openbsd.org 2001/01/08 22:29:05
+     [auth2.c compat.c compat.h servconf.c servconf.h sshd.8
+      sshd_config version.h]
+     implement option 'Banner /etc/issue.net' for ssh2, move version to
+     2.3.1 (needed for bugcompat detection, 2.3.0 would fail if Banner
+     is enabled).
+   - markus@cvs.openbsd.org 2001/01/08 22:03:23
+     [channels.c ssh-keyscan.c]
+     O_NDELAY -> O_NONBLOCK; thanks stevesk@pobox.com
+   - markus@cvs.openbsd.org 2001/01/08 21:55:41
+     [sshconnect1.c]
+     more cleanups and fixes from stevesk@pobox.com:
+     1) try_agent_authentication() for loop will overwrite key just
+        allocated with key_new(); don't alloc
+     2) call ssh_close_authentication_connection() before exit
+        try_agent_authentication()
+     3) free mem on bad passphrase in try_rsa_authentication()
+   - markus@cvs.openbsd.org 2001/01/08 21:48:17
+     [kex.c]
+     missing free; thanks stevesk@pobox.com
+  - (bal) Detect if clock_t structure exists, if not define it.
+  - (bal) Detect if O_NONBLOCK exists, if not define it.
+  - (bal) removed news4-posix.h (now empty)
+  - (bal) changed bsd-bindresvport.c and bsd-rresvport.c to use 'socklen_t'
+    instead of 'int'
+ - (stevesk) sshd_config: sync
+ - (stevesk) defines.h: remove spurious ``;''
+
+20010108
+ - (bal) Fixed another typo in cli.c
+ - (bal) OpenBSD Sync
+   - markus@cvs.openbsd.org 2001/01/07 21:26:55
+     [cli.c]
+     typo
+   - markus@cvs.openbsd.org 2001/01/07 21:26:55
+     [cli.c]
+     missing free, stevesk@pobox.com
+   - markus@cvs.openbsd.org 2001/01/07 19:06:25
+     [auth1.c]
+     missing free, stevesk@pobox.com
+   - markus@cvs.openbsd.org 2001/01/07 11:28:04
+     [log-client.c log-server.c log.c readconf.c servconf.c ssh.1
+      ssh.h sshd.8 sshd.c]
+     rename SYSLOG_LEVEL_INFO->SYSLOG_LEVEL_NOTICE
+     syslog priority changes:
+             fatal() LOG_ERR  -> LOG_CRIT
+             log()   LOG_INFO -> LOG_NOTICE
+ - Updated TODO
+
+20010107
+ - (bal) OpenBSD Sync
+   - markus@cvs.openbsd.org 2001/01/06 11:23:27
+     [ssh-rsa.c]
+     remove unused
+   - itojun@cvs.openbsd.org 2001/01/05 08:23:29
+     [ssh-keyscan.1]
+     missing .El
+   - markus@cvs.openbsd.org 2001/01/04 22:41:03
+     [session.c sshconnect.c]
+     consistent use of _PATH_BSHELL; from stevesk@pobox.com
+   - djm@cvs.openbsd.org 2001/01/04 22:35:32
+     [ssh.1 sshd.8]
+     Mention AES as available SSH2 Cipher; ok markus
+   - markus@cvs.openbsd.org 2001/01/04 22:25:58
+     [sshd.c]
+     sync usage()/man with defaults; from stevesk@pobox.com
+   - markus@cvs.openbsd.org 2001/01/04 22:21:26
+     [sshconnect2.c]
+     handle SSH2_MSG_USERAUTH_BANNER; fixes bug when connecting to a server
+     that prints a banner (e.g. /etc/issue.net)
+
+20010105
+ - (bal) contrib/caldera/ provided by Tim Rice <tim@multitalents.net>
+ - (bal) bsd-getcwd.c and bsd-setenv.c changed from bcopy() to memmove()
+
+20010104
+ - (djm) Fix memory leak on systems with BROKEN_GETADDRINFO. Based on
+   work by Chris Vaughan <vaughan99@yahoo.com>
+
+20010103
+ - (bal) fixed up sshconnect.c so it was closer inline with the OpenBSD
+   tree (mainly positioning)
+ - (bal) OpenSSH CVS Update
+   - markus@cvs.openbsd.org 2001/01/02 20:41:02
+     [packet.c]
+     log remote ip on disconnect; PR 1600 from jcs@rt.fm
+   - markus@cvs.openbsd.org 2001/01/02 20:50:56
+     [sshconnect.c]
+     strict_host_key_checking for host_status != HOST_CHANGED &&
+     ip_status == HOST_CHANGED
+ - (bal) authfile.c: Synced CVS ID tag
+ - (bal) UnixWare 2.0 fixes by Tim Rice <tim@multitalents.net>
+ - (bal) Disable sftp-server if no 64bit int support exists.  Based on
+   patch by Tim Rice <tim@multitalents.net>
+ - (bal) Makefile.in changes to uninstall: target to remove sftp-server
+   and sftp-server.8 manpage.
+
+20010102
+ - (bal) OpenBSD CVS Update
+   - markus@cvs.openbsd.org 2001/01/01 14:52:49
+     [scp.c]
+     use shared fatal(); from stevesk@pobox.com
+
+20001231
+ - (bal) Reverted out of MAXHOSTNAMELEN.  This should be set per OS.
+   for multiple reasons.
+ - (bal) Reverted out of a partial NeXT patch.
+
+20001230
+ - (bal) OpenBSD CVS Update
+   - markus@cvs.openbsd.org 2000/12/28 18:58:30
+     [ssh-keygen.c]
+     enable 'ssh-keygen -l -f ~/.ssh/{authorized_keys,known_hosts}{,2}
+   - markus@cvs.openbsd.org 2000/12/29 22:19:13
+     [channels.c]
+     missing xfree; from vaughan99@yahoo.com
+ - (bal) Resynced CVS ID with OpenBSD for channel.c and uidswap.c
+ - (bal) if no MAXHOSTNAMELEN is defined.  Default to 64 character defination.
+   Suggested by Christian Kurz <shorty@debian.org>
+ - (bal) Add in '.c.o' section to Makefile.in to address make programs that
+    don't honor CPPFLAGS by default.  Suggested by Lutz Jaenicke
+    <Lutz.Jaenicke@aet.TU-Cottbus.DE>
+
+20001229
+ - (bal) Fixed spelling of 'authorized_keys' in ssh-copy-id.1 by Christian
+   Kurz <shorty@debian.org>
+ - (bal) OpenBSD CVS Update
+   - markus@cvs.openbsd.org 2000/12/28 14:25:51
+     [auth.h auth2.c]
+     count authentication failures only
+   - markus@cvs.openbsd.org 2000/12/28 14:25:03
+     [sshconnect.c]
+     fingerprint for MITM attacks, too.
+   - markus@cvs.openbsd.org 2000/12/28 12:03:57
+     [sshd.8 sshd.c]
+     document -D
+   - markus@cvs.openbsd.org 2000/12/27 14:19:21
+     [serverloop.c]
+     less chatty
+   - markus@cvs.openbsd.org 2000/12/27 12:34
+     [auth1.c sshconnect2.c sshd.c]
+     typo
+   - markus@cvs.openbsd.org 2000/12/27 12:30:19
+     [readconf.c readconf.h ssh.1 sshconnect.c]
+     new option: HostKeyAlias: allow the user to record the host key
+     under a different name. This is useful for ssh tunneling over
+     forwarded connections or if you run multiple sshd's on different
+     ports on the same machine.
+   - markus@cvs.openbsd.org 2000/12/27 11:51:53
+     [ssh.1 ssh.c]
+     multiple -t force pty allocation, document ORIGINAL_COMMAND
+   - markus@cvs.openbsd.org 2000/12/27 11:41:31
+     [sshd.8]
+     update for ssh-2
+ - (stevesk) compress.[ch] sync with openbsd; missed in prototype
+   fix merge.
+
+20001228
+ - (bal) Patch to add libutil.h to loginrec.c only if the platform has
+   libutil.h.  Suggested by Pekka Savola <pekka@netcore.fi>
+ - (djm) Update to new x11-askpass in RPM spec
+ - (bal) SCO patch to not include <sys/queue.h> since it's unrelated
+   header.  Patch by Tim Rice <tim@multitalents.net>
+ - Updated TODO w/ known HP/UX issue
+ - (bal) removed extra <netdb.h> noticed by Kevin Steves and removed the
+   bad reference to 'NeXT including it else were' on the #ifdef version.
+
+20001227
+ - (bal) Typo in configure.in: entut?ent should be endut?ent.  Suggested by
+   Takumi Yamane <yamtak@b-session.com>
+ - (bal) Checks for getrlimit(), sysconf(), and setdtablesize().  Patch
+   by Corinna Vinschen <vinschen@redhat.com>
+ - (djm) Fix catman-do target for non-bash
+ - (bal) Typo in configure.in: entut?ent should be endut?ent.  Suggested by
+   Takumi Yamane <yamtak@b-session.com>
+ - (bal) Checks for getrlimit(), sysconf(), and setdtablesize().  Patch
+   by Corinna Vinschen <vinschen@redhat.com>
+ - (djm) Fix catman-do target for non-bash
+ - (bal) Fixed NeXT's lack of CPPFLAGS honoring.
+ - (bal) ssh-keyscan.c: NeXT (and older BSDs) don't support getrlimit() w/
+   'RLIMIT_NOFILE'
+ - (djm) Remove *.Ylonen files. They are no longer in the OpenBSD tree,
+   the info in COPYING.Ylonen has been moved to the start of each
+   SSH1-derived file and README.Ylonen is well out of date.
+
+20001223
+ - (bal) Fixed Makefile.in to support recompile of all ssh and sshd objects
+   if a change to config.h has occurred.  Suggested by Gert Doering
+   <gert@greenie.muc.de>
+ - (bal) OpenBSD CVS Update:
+   - markus@cvs.openbsd.org 2000/12/22 16:49:40
+     [ssh-keygen.c]
+     fix ssh-keygen -x -t type > file; from Roumen.Petrov@skalasoft.com
+
+20001222
+ - Updated RCSID for pty.c
+ - (bal) OpenBSD CVS Updates:
+  - markus@cvs.openbsd.org 2000/12/21 15:10:16
+    [auth-rh-rsa.c hostfile.c hostfile.h sshconnect.c]
+    print keyfile:line for changed hostkeys, for deraadt@, ok deraadt@
+  - markus@cvs.openbsd.org 2000/12/20 19:26:56
+    [authfile.c]
+    allow ssh -i userkey for root
+  - markus@cvs.openbsd.org 2000/12/20 19:37:21
+    [authfd.c authfd.h kex.c sshconnect2.c sshd.c uidswap.c uidswap.h]
+    fix prototypes; from stevesk@pobox.com
+  - markus@cvs.openbsd.org 2000/12/20 19:32:08
+    [sshd.c]
+    init pointer to NULL; report from Jan.Ivan@cern.ch
+  - markus@cvs.openbsd.org 2000/12/19 23:17:54
+    [auth-krb4.c auth-options.c auth-options.h auth-rhosts.c auth-rsa.c
+     auth1.c auth2-skey.c auth2.c authfd.c authfd.h authfile.c bufaux.c
+     bufaux.h buffer.c canohost.c channels.c clientloop.c compress.c
+     crc32.c deattack.c getput.h hmac.c hmac.h hostfile.c kex.c kex.h
+     key.c key.h log.c login.c match.c match.h mpaux.c mpaux.h packet.c
+     packet.h radix.c readconf.c rsa.c scp.c servconf.c servconf.h
+     serverloop.c session.c sftp-server.c ssh-agent.c ssh-dss.c ssh-dss.h
+     ssh-keygen.c ssh-keyscan.c ssh-rsa.c ssh-rsa.h ssh.c ssh.h  uuencode.c
+     uuencode.h sshconnect1.c sshconnect2.c sshd.c tildexpand.c]
+    replace 'unsigned bla' with 'u_bla' everywhere. also replace 'char
+    unsigned' with u_char.
+
+20001221
+ - (stevesk) OpenBSD CVS updates:
+   - markus@cvs.openbsd.org 2000/12/19 15:43:45
+     [authfile.c channels.c sftp-server.c ssh-agent.c]
+     remove() -> unlink() for consistency
+   - markus@cvs.openbsd.org 2000/12/19 15:48:09
+     [ssh-keyscan.c]
+     replace <ssl/x.h> with <openssl/x.h>
+   - markus@cvs.openbsd.org 2000/12/17 02:33:40
+     [uidswap.c]
+     typo; from wsanchez@apple.com
+
+20001220
+ - (djm) Workaround PAM inconsistencies between Solaris derived PAM code
+   and Linux-PAM. Based on report and fix from Andrew Morgan
+   <morgan@transmeta.com>
+
+20001218
+ - (stevesk) rsa.c: entropy.h not needed.
+ - (bal) split CFLAGS into CFLAGS and CPPFLAGS in configure.in and Makefile.
+   Suggested by Wilfredo Sanchez <wsanchez@apple.com>
+
+20001216
+ - (stevesk) OpenBSD CVS updates:
+   - markus@cvs.openbsd.org 2000/12/16 02:53:57
+     [scp.c]
+     allow + in usernames; request from Florian.Weimer@RUS.Uni-Stuttgart.DE
+   - markus@cvs.openbsd.org 2000/12/16 02:39:57
+     [scp.c]
+     unused; from stevesk@pobox.com
+
+20001215
+ - (stevesk) Old OpenBSD patch wasn't completely applied:
+   - markus@cvs.openbsd.org 2000/01/24 22:11:20
+     [scp.c]
+     allow '.' in usernames; from jedgar@fxp.org
+ - (stevesk) OpenBSD CVS updates:
+   - markus@cvs.openbsd.org 2000/12/13 16:26:53
+     [ssh-keyscan.c]
+     fatal already adds \n; from stevesk@pobox.com
+   - markus@cvs.openbsd.org 2000/12/13 16:25:44
+     [ssh-agent.c]
+     remove redundant spaces; from stevesk@pobox.com
+   - ho@cvs.openbsd.org 2000/12/12 15:50:21
+     [pty.c]
+     When failing to set tty owner and mode on a read-only filesystem, don't
+     abort if the tty already has correct owner and reasonably sane modes.
+     Example; permit 'root' to login to a firewall with read-only root fs.
+     (markus@ ok)
+   - deraadt@cvs.openbsd.org 2000/12/13 06:36:05
+     [pty.c]
+     KNF
+   - markus@cvs.openbsd.org 2000/12/12 14:45:21
+     [sshd.c]
+     source port < 1024 is no longer required for rhosts-rsa since it
+     adds no additional security.
+   - markus@cvs.openbsd.org 2000/12/12 16:11:49
+     [ssh.1 ssh.c]
+     rhosts-rsa is no longer automagically disabled if ssh is not privileged.
+     UsePrivilegedPort=no disables rhosts-rsa _only_ for old servers.
+     these changes should not change the visible default behaviour of the ssh client.
+   - deraadt@cvs.openbsd.org 2000/12/11 10:27:33
+     [scp.c]
+     when copying 0-sized files, do not re-print ETA time at completion
+   - provos@cvs.openbsd.org 2000/12/15 10:30:15
+     [kex.c kex.h sshconnect2.c sshd.c]
+     compute diffie-hellman in parallel between server and client. okay markus@
+
+20001213
+ - (djm) Make sure we reset the SIGPIPE disposition after we fork. Report
+   from Andreas M. Kirchwitz <amk@krell.zikzak.de>
+ - (stevesk) OpenBSD CVS update:
+   - markus@cvs.openbsd.org 2000/12/12 15:30:02
+     [ssh-keyscan.c ssh.c sshd.c]
+     consistently use __progname; from stevesk@pobox.com
+
+20001211
+ - (bal) Applied patch to include ssh-keyscan into Redhat's package, and
+   patch to install ssh-keyscan manpage.  Patch by Pekka Savola
+   <pekka@netcore.fi>
+ - (bal) OpenbSD CVS update
+   - markus@cvs.openbsd.org 2000/12/10 17:01:53
+     [sshconnect1.c]
+     always request new challenge for skey/tis-auth, fixes interop with
+     other implementations; report from roth@feep.net
+
+20001210
+ - (bal) OpenBSD CVS updates
+   - markus@cvs.openbsd.org 2000/12/09 13:41:51
+     [cipher.c cipher.h rijndael.c rijndael.h rijndael_boxes.h]
+     undo rijndael changes
+   - markus@cvs.openbsd.org 2000/12/09 13:48:31
+     [rijndael.c]
+     fix byte order bug w/o introducing new implementation
+   - markus@cvs.openbsd.org 2000/12/09 14:08:27
+     [sftp-server.c]
+     "" -> "." for realpath; from vinschen@redhat.com
+   - markus@cvs.openbsd.org 2000/12/09 14:06:54
+     [ssh-agent.c]
+     extern int optind; from stevesk@sweden.hp.com
+   - provos@cvs.openbsd.org 2000/12/09 23:51:11
+     [compat.c]
+     remove unnecessary '\n'
+
+20001209
+ - (bal) OpenBSD CVS updates:
+   - djm@cvs.openbsd.org 2000/12/07 4:24:59
+     [ssh.1]
+     Typo fix from Wilfredo Sanchez <wsanchez@apple.com>; ok theo
+
+20001207
+ - (bal) OpenBSD CVS updates:
+   - markus@cvs.openbsd.org 2000/12/06 22:58:14
+     [compat.c compat.h packet.c]
+     disable debug messages for ssh.com/f-secure 2.0.1x, 2.1.0
+   - markus@cvs.openbsd.org 2000/12/06 23:10:39
+     [rijndael.c]
+     unexpand(1)
+   - markus@cvs.openbsd.org 2000/12/06 23:05:43
+     [cipher.c cipher.h rijndael.c rijndael.h rijndael_boxes.h]
+     new rijndael implementation. fixes endian bugs
+
+20001206
+ - (bal) OpenBSD CVS updates:
+   - markus@cvs.openbsd.org 2000/12/05 20:34:09
+     [channels.c channels.h clientloop.c serverloop.c]
+     async connects for -R/-L; ok deraadt@
+   - todd@cvs.openssh.org 2000/12/05 16:47:28
+     [sshd.c]
+     tweak comment to reflect real location of pid file; ok provos@
+ - (stevesk) Import <sys/queue.h> from OpenBSD for systems that don't
+   have it (used in ssh-keyscan).
+ - (stevesk) OpenBSD CVS update:
+   - markus@cvs.openbsd.org 2000/12/06 19:57:48
+     [ssh-keyscan.c]
+     err(3) -> internal error(), from stevesk@sweden.hp.com
+
+20001205
+ - (bal) OpenBSD CVS updates:
+   - markus@cvs.openbsd.org 2000/12/04 19:24:02
+     [ssh-keyscan.c ssh-keyscan.1]
+     David Maziere's ssh-keyscan, ok niels@
+ - (bal) Updated Makefile.in to include ssh-keyscan that was just added
+   to the recent OpenBSD source tree.
+ - (stevesk) fix typos in contrib/hpux/README
+
+20001204
+ - (bal) More C functions defined in NeXT that are unaccessable without
+   defining -POSIX.
+ - (bal) OpenBSD CVS updates:
+   - markus@cvs.openbsd.org 2000/12/03 11:29:04
+     [compat.c]
+     remove fallback to SSH_BUG_HMAC now that the drafts are updated
+   - markus@cvs.openbsd.org 2000/12/03 11:27:55
+     [compat.c]
+     correctly match "2.1.0.pl2 SSH" etc; from
+     pekkas@netcore.fi/bugzilla.redhat
+   - markus@cvs.openbsd.org 2000/12/03 11:15:03
+     [auth2.c compat.c compat.h sshconnect2.c]
+     support f-secure/ssh.com 2.0.12; ok niels@
+
+20001203
+ - (bal) OpenBSD CVS updates:
+  - markus@cvs.openbsd.org 2000/11/30 22:54:31
+    [channels.c]
+    debug->warn if tried to do -R style fwd w/o client requesting this;
+    ok neils@
+  - markus@cvs.openbsd.org 2000/11/29 20:39:17
+    [cipher.c]
+    des_cbc_encrypt -> des_ncbc_encrypt since it already updates the IV
+  - markus@cvs.openbsd.org 2000/11/30 18:33:05
+    [ssh-agent.c]
+    agents must not dump core, ok niels@
+  - markus@cvs.openbsd.org 2000/11/30 07:04:02
+    [ssh.1]
+    T is for both protocols
+  - markus@cvs.openbsd.org 2000/12/01 00:00:51
+    [ssh.1]
+    typo; from green@FreeBSD.org
+  - markus@cvs.openbsd.org 2000/11/30 07:02:35
+    [ssh.c]
+    check -T before isatty()
+  - provos@cvs.openbsd.org 2000/11/29 13:51:27
+    [sshconnect.c]
+    show IP address and hostname when new key is encountered. okay markus@
+  - markus@cvs.openbsd.org 2000/11/30 22:53:35
+    [sshconnect.c]
+    disable agent/x11/port fwding if hostkey has changed; ok niels@
+  - marksu@cvs.openbsd.org 2000/11/29 21:11:59
+    [sshd.c]
+    sshd -D, startup w/o deamon(), for monitoring scripts or inittab;
+    from handler@sub-rosa.com and eric@urbanrange.com; ok niels@
+ - (djm) Added patch from Nalin Dahyabhai <nalin@redhat.com> to enable
+   PAM authentication using KbdInteractive.
+ - (djm) Added another TODO
+
+20001202
+ - (bal) Backed out of part of Alain St-Denis' loginrec.c patch.
+ - (bal) Irix need some sort of mansubdir, patch by Michael Stone
+   <mstone@cs.loyola.edu>
+
+20001129
+ - (djm) Back out all the serverloop.c hacks. sshd will now hang again
+   if there are background children with open fds.
+ - (djm) bsd-rresvport.c bzero -> memset
+ - (djm) Don't fail in defines.h on absence of 64 bit types (we will
+   still fail during compilation of sftp-server).
+ - (djm) Fail if ar is not found during configure
+ - (djm) OpenBSD CVS updates:
+   - provos@cvs.openbsd.org  2000/11/22 08:38:31
+     [sshd.8]
+     talk about /etc/primes, okay markus@
+   - markus@cvs.openbsd.org  2000/11/23 14:03:48
+     [ssh.c sshconnect1.c sshconnect2.c]
+     complain about invalid ciphers for ssh1/ssh2, fall back to reasonable
+     defaults
+   - markus@cvs.openbsd.org  2000/11/25 09:42:53
+     [sshconnect1.c]
+     reorder check for illegal ciphers, bugreport from espie@
+   - markus@cvs.openbsd.org  2000/11/25 10:19:34
+     [ssh-keygen.c ssh.h]
+     print keytype when generating a key.
+     reasonable defaults for RSA1/RSA/DSA keys.
+ - (djm) Patch from Pekka Savola <Pekka.Savola@netcore.fi> to include a few
+   more manpage paths in fixpaths calls
+ - (djm) Also add xauth path at Pekka's suggestion.
+ - (djm) Add Redhat RPM patch for AUTHPRIV SyslogFacility
+
+20001125
+ - (djm) Give up privs when reading seed file
+
+20001123
+ - (bal) Merge OpenBSD changes:
+   - markus@cvs.openbsd.org  2000/11/15 22:31:36
+     [auth-options.c]
+     case insensitive key options; from stevesk@sweeden.hp.com
+   - markus@cvs.openbsd.org  2000/11/16 17:55:43
+     [dh.c]
+     do not use perror() in sshd, after child is forked()
+   - markus@cvs.openbsd.org  2000/11/14 23:42:40
+     [auth-rsa.c]
+     parse option only if key matches; fix some confusing seen by the client
+   - markus@cvs.openbsd.org  2000/11/14 23:44:19
+     [session.c]
+     check no_agent_forward_flag for ssh-2, too
+   - markus@cvs.openbsd.org  2000/11/15
+     [ssh-agent.1]
+     reorder SYNOPSIS; typo, use .It
+   - markus@cvs.openbsd.org  2000/11/14 23:48:55
+     [ssh-agent.c]
+     do not reorder keys if a key is removed
+   - markus@cvs.openbsd.org  2000/11/15 19:58:08
+     [ssh.c]
+     just ignore non existing user keys
+   - millert@cvs.openbsd.org  200/11/15 20:24:43
+     [ssh-keygen.c]
+     Add missing \n at end of error message.
+
+20001122
+ - (bal) Minor patch to ensure platforms lacking IRIX job limit supports
+   are compilable.
+ - (bal) Updated TODO as of 11/18/2000 with known things to resolve.
+
+20001117
+ - (bal) Changed from 'primes' to 'primes.out' for consistancy sake.  It
+   has no affect the output.  Patch by Corinna Vinschen <vinschen@redhat.com>
+ - (stevesk) Reworked progname support.
+ - (bal) Misplaced #include "includes.h" in bsd-setproctitle.c.  Patch by
+   Shinichi Maruyama <marya@st.jip.co.jp>
+
+20001116
+ - (bal) Added in MAXSYMLINK test in bsd-realpath.c.  Required for some SCO
+   releases.
+ - (bal) Make builds work outside of source tree.  Patch by Mark D. Roth
+   <roth@feep.net>
+
+20001113
+ - (djm) Add pointer to http://www.imasy.or.jp/~gotoh/connect.c to
+   contrib/README
+ - (djm) Merge OpenBSD changes:
+   - markus@cvs.openbsd.org  2000/11/06 16:04:56
+     [channels.c channels.h clientloop.c nchan.c serverloop.c]
+     [session.c ssh.c]
+     agent forwarding and -R for ssh2, based on work from
+     jhuuskon@messi.uku.fi
+   - markus@cvs.openbsd.org  2000/11/06 16:13:27
+     [ssh.c sshconnect.c sshd.c]
+     do not disabled rhosts(rsa) if server port > 1024; from
+     pekkas@netcore.fi
+   - markus@cvs.openbsd.org  2000/11/06 16:16:35
+     [sshconnect.c]
+     downgrade client to 1.3 if server is 1.4; help from mdb@juniper.net
+   - markus@cvs.openbsd.org  2000/11/09 18:04:40
+     [auth1.c]
+     typo; from mouring@pconline.com
+   - markus@cvs.openbsd.org  2000/11/12 12:03:28
+     [ssh-agent.c]
+     off-by-one when removing a key from the agent
+   - markus@cvs.openbsd.org  2000/11/12 12:50:39
+     [auth-rh-rsa.c auth2.c authfd.c authfd.h]
+     [authfile.c hostfile.c kex.c kex.h key.c key.h myproposal.h]
+     [readconf.c readconf.h rsa.c rsa.h servconf.c servconf.h ssh-add.c]
+     [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config]
+     [sshconnect1.c sshconnect2.c sshd.8 sshd.c sshd_config ssh-dss.c]
+     [ssh-dss.h ssh-rsa.c ssh-rsa.h dsa.c dsa.h]
+     add support for RSA to SSH2.  please test.
+     there are now 3 types of keys: RSA1 is used by ssh-1 only,
+     RSA and DSA are used by SSH2.
+     you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA
+     keys for SSH2 and use the RSA keys for hostkeys or for user keys.
+     SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before.
+ - (djm) Fix up Makefile and Redhat init script to create RSA host keys
+ - (djm) Change to interim version
+ - (djm) Fix RPM spec file stupidity
+ - (djm) fixpaths to DSA and RSA keys too
+
+20001112
+ - (bal) SCO Patch to add needed libraries for configure.in.  Patch by
+   Phillips Porch <root@theporch.com>
+ - (bal) IRIX patch to adding Job Limits.  Patch by Denis Parker
+   <dcp@sgi.com>
+ - (stevesk) pty.c: HP-UX 10 and 11 don't define TIOCSCTTY.  Add error() to
+   failed ioctl(TIOCSCTTY) call.
+
+20001111
+ - (djm) Added /etc/primes for kex DH group neg, fixup Makefile.in and
+   packaging files
+ - (djm) Fix new Makefile.in warnings
+ - (djm) Fix vsprintf("%h") in bsd-snprintf.c, short int va_args are
+   promoted to type int. Report and fix from Dan Astoorian
+   <djast@cs.toronto.edu>
+ - (djm) Hardwire sysconfdir in RPM spec files as some RPM versions get
+   it wrong. Report from Bennett Todd <bet@rahul.net>
+
+20001110
+ - (bal) Fixed dropped answer from skey_keyinfo() in auth1.c
+ - (bal) Changed from --with-skey to --with-skey=PATH in configure.in
+ - (bal) Added in check to verify S/Key library is being detected in
+   configure.in
+ - (bal) next-posix.h - added another prototype wrapped in POSIX ifdef/endif.
+   Patch by Mark Miller <markm@swoon.net>
+ - (bal) Added 'util.h' header to loginrec.c only if HAVE_UTIL_H is defined
+   to remove warnings under MacOS X.  Patch by Mark Miller <markm@swoon.net>
+ - (bal) Fixed LDFLAG mispelling in configure.in for --with-afs
+
+20001107
+ - (bal) acconfig.in - removed the double "USE_PIPES" entry. Patch by
+   Mark Miller <markm@swoon.net>
+ - (bal) sshd.init files corrected to assign $? to RETVAL.  Patch by
+   Jarno Huuskonen <jhuuskon@messi.uku.fi>
+ - (bal) fixpaths fixed to stop it from quitely failing. Patch by
+   Mark D. Roth <roth@feep.net>
+
+20001106
+ - (djm) Use Jim's new 1.0.3 askpass in Redhat RPMs
+ - (djm) Manually fix up missed diff hunks (mainly RCS idents)
+ - (djm) Remove UPGRADING document in favour of a link to the better
+   maintained FAQ on www.openssh.com
+ - (djm) Fix multiple dependancy on gnome-libs from Pekka Savola
+   <pekkas@netcore.fi>
+ - (djm) Don't need X11-askpass in RPM spec file if building without it
+   from Pekka Savola <pekkas@netcore.fi>
+ - (djm) Release 2.3.0p1
+ - (bal) typo in configure.in in regards to --with-ldflags from Marko
+   Asplund <aspa@kronodoc.fi>
+ - (bal) fixed next-posix.h.  Forgot prototype of getppid().
+
+20001105
+ - (bal) Sync with OpenBSD:
+   - markus@cvs.openbsd.org 2000/10/31 9:31:58
+     [compat.c]
+     handle all old openssh versions
+   - markus@cvs.openbsd.org 2000/10/31 13:1853
+     [deattack.c]
+     so that large packets do not wrap "n"; from netbsd
+ - (bal) rijndel.c - fix up RCSID to match OpenBSD tree
+ - (bal) auth2-skey.c - Checked in.  Missing from portable tree.
+ - (bal) Reworked NEWS-OS and NeXT ports to extract waitpid() and
+   setsid() into more common files
+ - (stevesk) pty.c: use __hpux to identify HP-UX.
+ - (bal) Missed auth-skey.o in Makefile.in and minor correction to
+   bsd-waitpid.c
+
+20001029
+ - (stevesk) Fix typo in auth.c: USE_PAM not PAM
+ - (stevesk) Create contrib/cygwin/ directory; patch from
+   Corinna Vinschen <vinschen@redhat.com>
+ - (bal) Resolved more $xno and $xyes issues in configure.in
+ - (bal) next-posix.h - spelling and forgot a prototype
+
+20001028
+ - (djm) fix select hack in serverloop.c from Philippe WILLEM
+   <Philippe.WILLEM@urssaf.fr>
+ - (djm) Fix mangled AIXAUTHENTICATE code
+ - (djm) authctxt->pw may be NULL. Fix from Markus Friedl
+   <markus.friedl@informatik.uni-erlangen.de>
+ - (djm) Sync with OpenBSD:
+   - markus@cvs.openbsd.org  2000/10/16 15:46:32
+     [ssh.1]
+     fixes from pekkas@netcore.fi
+   - markus@cvs.openbsd.org  2000/10/17 14:28:11
+     [atomicio.c]
+     return number of characters processed; ok deraadt@
+   - markus@cvs.openbsd.org  2000/10/18 12:04:02
+     [atomicio.c]
+     undo
+   - markus@cvs.openbsd.org  2000/10/18 12:23:02
+     [scp.c]
+     replace atomicio(read,...) with read(); ok deraadt@
+   - markus@cvs.openbsd.org  2000/10/18 12:42:00
+     [session.c]
+     restore old record login behaviour
+   - deraadt@cvs.openbsd.org 2000/10/19 10:41:13
+     [auth-skey.c]
+     fmt string problem in unused code
+   - provos@cvs.openbsd.org  2000/10/19 10:45:16
+     [sshconnect2.c]
+     don't reference freed memory. okay deraadt@
+   - markus@cvs.openbsd.org  2000/10/21 11:04:23
+     [canohost.c]
+     typo, eramore@era-t.ericsson.se; ok niels@
+   - markus@cvs.openbsd.org  2000/10/23 13:31:55
+     [cipher.c]
+     non-alignment dependent swap_bytes(); from
+     simonb@wasabisystems.com/netbsd
+   - markus@cvs.openbsd.org  2000/10/26 12:38:28
+     [compat.c]
+     add older vandyke products
+   - markus@cvs.openbsd.org  2000/10/27 01:32:19
+     [channels.c channels.h clientloop.c serverloop.c session.c]
+     [ssh.c util.c]
+     enable non-blocking IO on channels, and tty's (except for the
+     client ttys).
+
+20001027
+ - (djm) Increase REKEY_BYTES to 2^24 for arc4random
+
+20001025
+ - (djm) Added WARNING.RNG file and modified configure to ask users of the
+   builtin entropy code to read it.
+ - (djm) Prefer builtin regex to PCRE.
+ - (bal) Added USE_PIPS defined to NeXT configure.in since scp hangs randomly.
+ - (bal) Apply fixes to configure.in pointed out by Pavel Roskin
+   <proski@gnu.org>
+
+20001020
+ - (djm) Don't define _REENTRANT for SNI/Reliant Unix
+ - (bal) Imported NEWS-OS waitpid() macros into NeXT.  Since implementation
+   is more correct then current version.
+
+20001018
+ - (stevesk) Add initial support for setproctitle().  Current
+   support is for the HP-UX pstat(PSTAT_SETCMD, ...) method.
+ - (stevesk) Add egd startup scripts to contrib/hpux/
+
+20001017
+ - (djm) Add -lregex to cywin libs from Corinna Vinschen
+   <vinschen@cygnus.com>
+ - (djm) Don't rely on atomicio's retval to determine length of askpass
+   supplied passphrase. Problem report from Lutz Jaenicke
+   <Lutz.Jaenicke@aet.TU-Cottbus.DE>
+ - (bal) Changed from GNU rx to PCRE on suggestion from djm.
+ - (bal) Integrated Sony NEWS-OS patches from NAKAJI Hirouyuki
+   <nakaji@tutrp.tut.ac.jp>
+
+20001016
+ - (djm) Sync with OpenBSD:
+   - markus@cvs.openbsd.org  2000/10/14 04:01:15
+     [cipher.c]
+     debug3
+   - markus@cvs.openbsd.org  2000/10/14 04:07:23
+     [scp.c]
+     remove spaces from arguments; from djm@mindrot.org
+   - markus@cvs.openbsd.org  2000/10/14 06:09:46
+     [ssh.1]
+     Cipher is for SSH-1 only
+   - markus@cvs.openbsd.org  2000/10/14 06:12:09
+     [servconf.c servconf.h serverloop.c session.c sshd.8]
+     AllowTcpForwarding; from naddy@
+   - markus@cvs.openbsd.org  2000/10/14 06:16:56
+     [auth2.c compat.c compat.h sshconnect2.c version.h]
+     OpenSSH_2.3; note that is is not complete, but the version number
+     needs to be changed for interoperability reasons
+   - markus@cvs.openbsd.org  2000/10/14 06:19:45
+     [auth-rsa.c]
+     do not send RSA challenge if key is not allowed by key-options; from
+     eivind@ThinkSec.com
+   - markus@cvs.openbsd.org  2000/10/15 08:14:01
+     [rijndael.c session.c]
+     typos; from stevesk@sweden.hp.com
+   - markus@cvs.openbsd.org  2000/10/15 08:18:31
+     [rijndael.c]
+     typo
+ - (djm) Copy manpages back over from OpenBSD - too tedious to wade
+   through diffs
+ - (djm) Added condrestart to Redhat init script. Patch from Pekka Savola
+   <pekkas@netcore.fi>
+ - (djm) Update version in Redhat spec file
+ - (djm) Merge some of Nalin Dahyabhai <nalin@redhat.com> changes from the
+   Redhat 7.0 spec file
+ - (djm) Make inability to read/write PRNG seedfile non-fatal
+
+
+20001015
+ - (djm) Fix ssh2 hang on background processes at logout.
+
+20001014
+ - (bal) Add support for realpath and getcwd for platforms with broken
+   or missing realpath implementations for sftp-server.
+ - (bal) Corrected mistake in INSTALL in regards to GNU rx library
+ - (bal) Add support for GNU rx library for those lacking regexp support
+ - (djm) Don't accept PAM_PROMPT_ECHO_ON messages during initial auth
+ - (djm) Revert SSH2 serverloop hack, will find a better way.
+ - (djm) Add workaround for Linux 2.4's gratuitious errno change. Patch
+   from Martin Johansson <fatbob@acc.umu.se>
+ - (djm) Big OpenBSD sync:
+   - markus@cvs.openbsd.org  2000/09/30 10:27:44
+     [log.c]
+     allow loglevel debug
+   - markus@cvs.openbsd.org  2000/10/03 11:59:57
+     [packet.c]
+     hmac->mac
+   - markus@cvs.openbsd.org  2000/10/03 12:03:03
+     [auth-krb4.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth1.c]
+     move fake-auth from auth1.c to individual auth methods, disables s/key in
+     debug-msg
+   - markus@cvs.openbsd.org  2000/10/03 12:16:48
+     ssh.c
+     do not resolve canonname, i have no idea why this was added oin ossh
+   - markus@cvs.openbsd.org  2000/10/09 15:30:44
+     ssh-keygen.1 ssh-keygen.c
+     -X now reads private ssh.com DSA keys, too.
+   - markus@cvs.openbsd.org  2000/10/09 15:32:34
+     auth-options.c
+     clear options on every call.
+   - markus@cvs.openbsd.org  2000/10/09 15:51:00
+     authfd.c authfd.h
+     interop with ssh-agent2, from <res@shore.net>
+   - markus@cvs.openbsd.org  2000/10/10 14:20:45
+     compat.c
+     use rexexp for version string matching
+   - provos@cvs.openbsd.org  2000/10/10 22:02:18
+     [kex.c kex.h myproposal.h ssh.h ssh2.h sshconnect2.c sshd.c dh.c dh.h]
+     First rough implementation of the diffie-hellman group exchange.  The
+     client can ask the server for bigger groups to perform the diffie-hellman
+     in, thus increasing the attack complexity when using ciphers with longer
+     keys.  University of Windsor provided network, T the company.
+   - markus@cvs.openbsd.org  2000/10/11 13:59:52
+     [auth-rsa.c auth2.c]
+     clear auth options unless auth sucessfull
+   - markus@cvs.openbsd.org  2000/10/11 14:00:27
+     [auth-options.h]
+     clear auth options unless auth sucessfull
+   - markus@cvs.openbsd.org  2000/10/11 14:03:27
+     [scp.1 scp.c]
+     support 'scp -o' with help from mouring@pconline.com
+   - markus@cvs.openbsd.org  2000/10/11 14:11:35
+     [dh.c]
+     Wall
+   - markus@cvs.openbsd.org  2000/10/11 14:14:40
+     [auth.h auth2.c readconf.c readconf.h readpass.c servconf.c servconf.h]
+     [ssh.h sshconnect2.c sshd_config auth2-skey.c cli.c cli.h]
+     add support for s/key (kbd-interactive) to ssh2, based on work by
+     mkiernan@avantgo.com and me
+   - markus@cvs.openbsd.org  2000/10/11 14:27:24
+     [auth.c auth1.c auth2.c authfile.c cipher.c cipher.h kex.c kex.h]
+     [myproposal.h packet.c readconf.c session.c ssh.c ssh.h sshconnect1.c]
+     [sshconnect2.c sshd.c]
+     new cipher framework
+   - markus@cvs.openbsd.org  2000/10/11 14:45:21
+     [cipher.c]
+     remove DES
+   - markus@cvs.openbsd.org  2000/10/12 03:59:20
+     [cipher.c cipher.h sshconnect1.c sshconnect2.c sshd.c]
+     enable DES in SSH-1 clients only
+   - markus@cvs.openbsd.org  2000/10/12 08:21:13
+     [kex.h packet.c]
+     remove unused
+   - markus@cvs.openbsd.org  2000/10/13 12:34:46
+     [sshd.c]
+     Kludge for F-Secure Macintosh < 1.0.2; appro@fy.chalmers.se
+   - markus@cvs.openbsd.org  2000/10/13 12:59:15
+     [cipher.c cipher.h myproposal.h  rijndael.c rijndael.h]
+     rijndael/aes support
+   - markus@cvs.openbsd.org  2000/10/13 13:10:54
+     [sshd.8]
+     more info about -V
+   - markus@cvs.openbsd.org  2000/10/13 13:12:02
+     [myproposal.h]
+     prefer no compression
+ - (djm) Fix scp user@host handling
+ - (djm) Don't clobber ssh_prng_cmds on install
+ - (stevesk) Include config.h in rijndael.c so we define intXX_t and
+   u_intXX_t types on all platforms.
+ - (stevesk) rijndael.c: cleanup missing declaration warnings.
+ - (stevesk) ~/.hushlogin shouldn't cause required password change to
+   be bypassed.
+ - (stevesk) Display correct path to ssh-askpass in configure output.
+   Report from Lutz Jaenicke.
+
+20001007
+ - (stevesk) Print PAM return value in PAM log messages to aid
+   with debugging.
+ - (stevesk) Fix detection of pw_class struct member in configure;
+   patch from KAMAHARA Junzo <kamahara@cc.kshosen.ac.jp>
+
+20001002
+ - (djm) Fix USER_PATH, report from Kevin Steves <stevesk@sweden.hp.com>
+ - (djm) Add host system and CC to end-of-configure report. Suggested by
+   Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
+
+20000931
+ - (djm) Cygwin fixes from Corinna Vinschen <vinschen@cygnus.com>
+
+20000930
+ - (djm) Irix ssh_prng_cmds path fix from Pekka Savola <pekkas@netcore.fi>
+ - (djm) Support in bsd-snprintf.c for long long conversions from
+   Ben Lindstrom <mouring@pconline.com>
+ - (djm) Cleanup NeXT support from Ben Lindstrom <mouring@pconline.com>
+ - (djm) Ignore SIGPIPEs from serverloop to child. Fixes crashes with
+   very short lived X connections. Bug report from Tobias Oetiker
+   <oetiker@ee.ethz.ch>. Fix from Markus Friedl <markus@cvs.openbsd.org>
+ - (djm) Add recent InitScripts as a RPM dependancy for openssh-server
+   patch from Pekka Savola <pekkas@netcore.fi>
+ - (djm) Forgot to cvs add LICENSE file
+ - (djm) Add LICENSE to RPM spec files
+ - (djm) CVS OpenBSD sync:
+   - markus@cvs.openbsd.org  2000/09/26 13:59:59
+     [clientloop.c]
+     use debug2
+   - markus@cvs.openbsd.org  2000/09/27 15:41:34
+     [auth2.c sshconnect2.c]
+     use key_type()
+   - markus@cvs.openbsd.org  2000/09/28 12:03:18
+     [channels.c]
+     debug -> debug2 cleanup
+ - (djm) Irix strips "/dev/tty" from [uw]tmp entries (other systems only
+   strip "/dev/"). Fix loginrec.c based on patch from Alain St-Denis
+   <Alain.St-Denis@ec.gc.ca>
+ - (djm) Fix 9 character passphrase failure with gnome-ssh-askpass.
+   Problem was caused by interrupted read in ssh-add. Report from Donald
+   J. Barry <don@astro.cornell.edu>
+
+20000929
+ - (djm) Fix SSH2 not terminating until all background tasks done problem.
+ - (djm) Another off-by-one fix from Pavel Kankovsky
+   <peak@argo.troja.mff.cuni.cz>
+ - (djm) Clean up. Strip some unnecessary differences with OpenBSD's code,
+   tidy necessary differences. Use Markus' new debugN() in entropy.c
+ - (djm) Merged big SCO portability patch from Tim Rice
+   <tim@multitalents.net>
+
+20000926
+ - (djm) Update X11-askpass to 1.0.2 in RPM spec file
+ - (djm) Define _REENTRANT to pickup strtok_r() on HP/UX
+ - (djm) Security: fix off-by-one buffer overrun in fake-getnameinfo.c.
+   Report and fix from Pavel Kankovsky <peak@argo.troja.mff.cuni.cz>
+
+20000924
+ - (djm) Merged cleanup patch from Mark Miller <markm@swoon.net>
+ - (djm) A bit more cleanup - created cygwin_util.h
+ - (djm) Include strtok_r() from OpenBSD libc. Fixes report from Mark Miller
+   <markm@swoon.net>
+
+20000923
+ - (djm) Fix address logging in utmp from Kevin Steves
+   <stevesk@sweden.hp.com>
+ - (djm) Redhat spec and manpage fixes from Pekka Savola <pekkas@netcore.fi>
+ - (djm) Seperate tests for int64_t and u_int64_t types
+ - (djm) Tweak password expiry checking at suggestion of Kevin Steves
+   <stevesk@sweden.hp.com>
+ - (djm) NeXT patch from Ben Lindstrom <mouring@pconline.com>
+ - (djm) Use printf %lld instead of %qd in sftp-server.c. Fix from
+   Michael Stone <mstone@cs.loyola.edu>
+ - (djm) OpenBSD CVS sync:
+   - markus@cvs.openbsd.org  2000/09/17 09:38:59
+     [sshconnect2.c sshd.c]
+     fix DEBUG_KEXDH
+   - markus@cvs.openbsd.org  2000/09/17 09:52:51
+     [sshconnect.c]
+     yes no; ok niels@
+   - markus@cvs.openbsd.org  2000/09/21 04:55:11
+     [sshd.8]
+     typo
+   - markus@cvs.openbsd.org  2000/09/21 05:03:54
+     [serverloop.c]
+     typo
+   - markus@cvs.openbsd.org  2000/09/21 05:11:42
+     scp.c
+     utime() to utimes(); mouring@pconline.com
+   - markus@cvs.openbsd.org  2000/09/21 05:25:08
+     sshconnect2.c
+     change login logic in ssh2, allows plugin of other auth methods
+   - markus@cvs.openbsd.org  2000/09/21 05:25:35
+     [auth2.c channels.c channels.h clientloop.c dispatch.c dispatch.h]
+     [serverloop.c]
+     add context to dispatch_run
+   - markus@cvs.openbsd.org  2000/09/21 05:07:52
+     authfd.c authfd.h ssh-agent.c
+     bug compat for old ssh.com software
+
+20000920
+ - (djm) Fix bad path substitution. Report from Andrew Miner
+   <asminer@cs.iastate.edu>
+
+20000916
+ - (djm) Fix SSL search order from Lutz Jaenicke
+   <Lutz.Jaenicke@aet.TU-Cottbus.DE>
+ - (djm) New SuSE spec from Corinna Vinschen <corinna@vinschen.de>
+ - (djm) Update CygWin support from Corinna Vinschen <vinschen@cygnus.com>
+ - (djm) Use a real struct sockaddr inside the fake struct sockaddr_storage.
+   Patch from Larry Jones <larry.jones@sdrc.com>
+ - (djm) Add Steve VanDevender's <stevev@darkwing.uoregon.edu> PAM
+   password change patch.
+ - (djm) Bring licenses on my stuff in line with OpenBSD's
+ - (djm) Cleanup auth-passwd.c and unify HP/UX authentication. Patch from
+   Kevin Steves <stevesk@sweden.hp.com>
+ - (djm) Shadow expiry check fix from Pavel Troller <patrol@omni.sinus.cz>
+ - (djm) Re-enable int64_t types - we need them for sftp
+ - (djm) Use libexecdir from configure , rather than libexecdir/ssh
+ - (djm) Update Redhat SPEC file accordingly
+ - (djm) Add Kevin Steves <stevesk@sweden.hp.com> HP/UX contrib files
+ - (djm) Add Charles Levert <charles@comm.polymtl.ca> getpgrp patch
+ - (djm) Fix password auth on HP/UX 10.20. Patch from Dirk De Wachter
+   <Dirk.DeWachter@rug.ac.be>
+ - (djm) Fixprogs and entropy list fixes from Larry Jones
+   <larry.jones@sdrc.com>
+ - (djm) Fix for SuSE spec file from Takashi YOSHIDA
+   <tyoshida@gemini.rc.kyushu-u.ac.jp>
+ - (djm) Merge OpenBSD changes:
+   - markus@cvs.openbsd.org  2000/09/05 02:59:57
+     [session.c]
+     print hostname (not hushlogin)
+   - markus@cvs.openbsd.org  2000/09/05 13:18:48
+     [authfile.c ssh-add.c]
+     enable ssh-add -d for DSA keys
+   - markus@cvs.openbsd.org  2000/09/05 13:20:49
+     [sftp-server.c]
+     cleanup
+   - markus@cvs.openbsd.org  2000/09/06 03:46:41
+     [authfile.h]
+     prototype
+   - deraadt@cvs.openbsd.org 2000/09/07 14:27:56
+     [ALL]
+     cleanup copyright notices on all files.  I have attempted to be
+     accurate with the details.  everything is now under Tatu's licence
+     (which I copied from his readme), and/or the core-sdi bsd-ish thing
+     for deattack, or various openbsd developers under a 2-term bsd
+     licence.  We're not changing any rules, just being accurate.
+   - markus@cvs.openbsd.org  2000/09/07 14:40:30
+     [channels.c channels.h clientloop.c serverloop.c ssh.c]
+     cleanup window and packet sizes for ssh2 flow control; ok niels
+   - markus@cvs.openbsd.org  2000/09/07 14:53:00
+     [scp.c]
+     typo
+   - markus@cvs.openbsd.org  2000/09/07 15:13:37
+     [auth-options.c auth-options.h auth-rh-rsa.c auth-rsa.c auth.c]
+     [authfile.h canohost.c channels.h compat.c hostfile.h log.c match.h]
+     [pty.c readconf.c]
+     some more Copyright fixes
+   - markus@cvs.openbsd.org  2000/09/08 03:02:51
+     [README.openssh2]
+     bye bye
+   - deraadt@cvs.openbsd.org 2000/09/11 18:38:33
+     [LICENCE cipher.c]
+     a few more comments about it being ARC4 not RC4
+   - markus@cvs.openbsd.org  2000/09/12 14:53:11
+     [log-client.c log-server.c log.c ssh.1 ssh.c ssh.h sshd.8 sshd.c]
+     multiple debug levels
+   - markus@cvs.openbsd.org  2000/09/14 14:25:15
+     [clientloop.c]
+     typo
+   - deraadt@cvs.openbsd.org 2000/09/15 01:13:51
+     [ssh-agent.c]
+     check return value for setenv(3) for failure, and deal appropriately
+
+20000913
+ - (djm) Fix server not exiting with jobs in background.
+
+20000905
+ - (djm) Import OpenBSD CVS changes
+   - markus@cvs.openbsd.org  2000/08/31 15:52:24
+     [Makefile sshd.8 sshd_config sftp-server.8 sftp-server.c]
+     implement a SFTP server. interops with sftp2, scp2 and the windows
+     client from ssh.com
+   - markus@cvs.openbsd.org  2000/08/31 15:56:03
+     [README.openssh2]
+     sync
+   - markus@cvs.openbsd.org  2000/08/31 16:05:42
+     [session.c]
+     Wall
+   - markus@cvs.openbsd.org  2000/08/31 16:09:34
+     [authfd.c ssh-agent.c]
+     add a flag to SSH2_AGENTC_SIGN_REQUEST for future extensions
+   - deraadt@cvs.openbsd.org 2000/09/01 09:25:13
+     [scp.1 scp.c]
+     cleanup and fix -S support; stevesk@sweden.hp.com
+   - markus@cvs.openbsd.org  2000/09/01 16:29:32
+     [sftp-server.c]
+     portability fixes
+   - markus@cvs.openbsd.org  2000/09/01 16:32:41
+     [sftp-server.c]
+     fix cast; mouring@pconline.com
+   - itojun@cvs.openbsd.org  2000/09/03 09:23:28
+     [ssh-add.1 ssh.1]
+     add missing .El against .Bl.
+   - markus@cvs.openbsd.org  2000/09/04 13:03:41
+     [session.c]
+     missing close; ok theo
+   - markus@cvs.openbsd.org  2000/09/04 13:07:21
+     [session.c]
+     fix get_last_login_time order; from andre@van-veen.de
+   - markus@cvs.openbsd.org  2000/09/04 13:10:09
+     [sftp-server.c]
+     more cast fixes; from mouring@pconline.com
+   - markus@cvs.openbsd.org  2000/09/04 13:06:04
+     [session.c]
+     set SSH_ORIGINAL_COMMAND; from Leakin@dfw.nostrum.com, bet@rahul.net
+ - (djm) Cleanup after import. Fix sftp-server compilation, Makefile
+ - (djm) Merge cygwin support from Corinna Vinschen <vinschen@cygnus.com>
+
+20000903
+ - (djm) Fix Redhat init script
+
+20000901
+ - (djm) Pick up Jim's new X11-askpass
+ - (djm) Release 2.2.0p1
+
+20000831
+ - (djm) Workaround SIGPIPE problems on SCO. Fix from Aran Cox
+   <acox@cv.telegroup.com>
+ - (djm) Pick up new version (2.2.0) from OpenBSD CVS
+
+20000830
+ - (djm) Compile warning fixes from Mark Miller <markm@swoon.net>
+ - (djm) Periodically rekey arc4random
+ - (djm) Clean up diff against OpenBSD.
+ - (djm) HPUX 11 needs USE_PIPES as well: Kevin Steves
+   <stevesk@sweden.hp.com>
+ - (djm) Quieten the pam delete credentials error message
+ - (djm) Fix printing of $DISPLAY hack if set by system type. Report from
+   Kevin Steves <stevesk@sweden.hp.com>
+ - (djm) NeXT patch from Ben Lindstrom <mouring@pconline.com>
+ - (djm) Fix doh in bsd-arc4random.c
+
+20000829
+ - (djm) Fix ^C ignored issue on Solaris. Diagnosis from Gert
+   Doering <gert@greenie.muc.de>, John Horne <J.Horne@plymouth.ac.uk> and
+   Garrick James <garrick@james.net>
+ - (djm) Check for SCO pty naming style (ptyp%d/ttyp%d). Based on fix from
+   Bastian Trompetter <btrompetter@firemail.de>
+ - (djm) NeXT tweaks from Ben Lindstrom <mouring@pconline.com>
+ - More OpenBSD updates:
+   - deraadt@cvs.openbsd.org 2000/08/24 15:46:59
+     [scp.c]
+     off_t in sink, to fix files > 2GB, i think, test is still running ;-)
+   - deraadt@cvs.openbsd.org 2000/08/25 10:10:06
+     [session.c]
+     Wall
+   - markus@cvs.openbsd.org  2000/08/26 04:33:43
+     [compat.c]
+     ssh.com-2.3.0
+   - markus@cvs.openbsd.org  2000/08/27 12:18:05
+     [compat.c]
+     compatibility with future ssh.com versions
+   - deraadt@cvs.openbsd.org 2000/08/27 21:50:55
+     [auth-krb4.c session.c ssh-add.c sshconnect.c uidswap.c]
+     print uid/gid as unsigned
+   - markus@cvs.openbsd.org  2000/08/28 13:51:00
+     [ssh.c]
+     enable -n and -f for ssh2
+   - markus@cvs.openbsd.org  2000/08/28 14:19:53
+     [ssh.c]
+     allow combination of -N and -f
+   - markus@cvs.openbsd.org  2000/08/28 14:20:56
+     [util.c]
+     util.c
+   - markus@cvs.openbsd.org  2000/08/28 14:22:02
+     [util.c]
+     undo
+   - markus@cvs.openbsd.org  2000/08/28 14:23:38
+     [util.c]
+     don't complain if setting NONBLOCK fails with ENODEV
+
+20000823
+ - (djm) Define USE_PIPES to avoid socketpair problems on HPUX 10 and SunOS 4
+   Avoids "scp never exits" problem. Reports from Lutz Jaenicke
+   <Lutz.Jaenicke@aet.TU-Cottbus.DE> and Tamito KAJIYAMA
+   <kajiyama@grad.sccs.chukyo-u.ac.jp>
+ - (djm) Pick up LOGIN_PROGRAM from environment or PATH if not set by headers
+ - (djm) Add local version to version.h
+ - (djm) Don't reseed arc4random everytime it is used
+ - (djm) OpenBSD CVS updates:
+   - deraadt@cvs.openbsd.org 2000/08/18 20:07:23
+     [ssh.c]
+     accept remsh as a valid name as well; roman@buildpoint.com
+   - deraadt@cvs.openbsd.org 2000/08/18 20:17:13
+     [deattack.c crc32.c packet.c]
+     rename crc32() to ssh_crc32() to avoid zlib name clash.  do not move to
+     libz crc32 function yet, because it has ugly "long"'s in it;
+     oneill@cs.sfu.ca
+   - deraadt@cvs.openbsd.org 2000/08/18 20:26:08
+     [scp.1 scp.c]
+     -S prog support; tv@debian.org
+   - deraadt@cvs.openbsd.org 2000/08/18 20:50:07
+     [scp.c]
+     knf
+   - deraadt@cvs.openbsd.org 2000/08/18 20:57:33
+     [log-client.c]
+     shorten
+   - markus@cvs.openbsd.org  2000/08/19 12:48:11
+     [channels.c channels.h clientloop.c ssh.c ssh.h]
+     support for ~. in ssh2
+   - deraadt@cvs.openbsd.org 2000/08/19 15:29:40
+     [crc32.h]
+     proper prototype
+   - markus@cvs.openbsd.org  2000/08/19 15:34:44
+     [authfd.c authfd.h key.c key.h ssh-add.1 ssh-add.c ssh-agent.1]
+     [ssh-agent.c ssh-keygen.c sshconnect1.c sshconnect2.c Makefile]
+     [fingerprint.c fingerprint.h]
+     add SSH2/DSA support to the agent and some other DSA related cleanups.
+     (note that we cannot talk to ssh.com's ssh2 agents)
+   - markus@cvs.openbsd.org  2000/08/19 15:55:52
+     [channels.c channels.h clientloop.c]
+     more ~ support for ssh2
+   - markus@cvs.openbsd.org  2000/08/19 16:21:19
+     [clientloop.c]
+     oops
+   - millert@cvs.openbsd.org 2000/08/20 12:25:53
+     [session.c]
+     We have to stash the result of get_remote_name_or_ip() before we
+     close our socket or getpeername() will get EBADF and the process
+     will exit.  Only a problem for "UseLogin yes".
+   - millert@cvs.openbsd.org 2000/08/20 12:30:59
+     [session.c]
+     Only check /etc/nologin if "UseLogin no" since login(1) may have its
+     own policy on determining who is allowed to login when /etc/nologin
+     is present.  Also use the _PATH_NOLOGIN define.
+   - millert@cvs.openbsd.org 2000/08/20 12:42:43
+     [auth1.c auth2.c session.c ssh.c]
+     Add calls to setusercontext() and login_get*().  We basically call
+     setusercontext() in most places where previously we did a setlogin().
+     Add default login.conf file and put root in the "daemon" login class.
+   - millert@cvs.openbsd.org 2000/08/21 10:23:31
+     [session.c]
+     Fix incorrect PATH setting; noted by Markus.
+
+20000818
+ - (djm) OpenBSD CVS changes:
+   - markus@cvs.openbsd.org  2000/07/22 03:14:37
+     [servconf.c servconf.h sshd.8 sshd.c sshd_config]
+     random early drop; ok theo, niels
+   - deraadt@cvs.openbsd.org 2000/07/26 11:46:51
+     [ssh.1]
+     typo
+   - deraadt@cvs.openbsd.org 2000/08/01 11:46:11
+     [sshd.8]
+     many fixes from pepper@mail.reppep.com
+   - provos@cvs.openbsd.org  2000/08/01 13:01:42
+     [Makefile.in util.c aux.c]
+     rename aux.c to util.c to help with cygwin port
+   - deraadt@cvs.openbsd.org 2000/08/02 00:23:31
+     [authfd.c]
+     correct sun_len; Alexander@Leidinger.net
+   - provos@cvs.openbsd.org  2000/08/02 10:27:17
+     [readconf.c sshd.8]
+     disable kerberos authentication by default
+   - provos@cvs.openbsd.org  2000/08/02 11:27:05
+     [sshd.8 readconf.c auth-krb4.c]
+     disallow kerberos authentication if we can't verify the TGT; from
+     dugsong@
+     kerberos authentication is on by default only if you have a srvtab.
+   - markus@cvs.openbsd.org  2000/08/04 14:30:07
+     [auth.c]
+     unused
+   - markus@cvs.openbsd.org  2000/08/04 14:30:35
+     [sshd_config]
+     MaxStartups
+   - markus@cvs.openbsd.org  2000/08/15 13:20:46
+     [authfd.c]
+     cleanup; ok niels@
+   - markus@cvs.openbsd.org  2000/08/17 14:05:10
+     [session.c]
+     cleanup login(1)-like jobs, no duplicate utmp entries
+   - markus@cvs.openbsd.org  2000/08/17 14:06:34
+     [session.c sshd.8 sshd.c]
+      sshd -u len, similar to telnetd
+ - (djm) Lastlog was not getting closed after writing login entry
+ - (djm) Add Solaris package support from Rip Loomis <loomisg@cist.saic.com>
+
+20000816
+ - (djm) Replacement for inet_ntoa for Irix (which breaks on gcc)
+ - (djm) Fix strerror replacement for old SunOS. Based on patch from
+   Charles Levert <charles@comm.polymtl.ca>
+ - (djm) Seperate arc4random into seperate file and use OpenSSL's RC4
+   implementation.
+ - (djm) SUN_LEN macro for systems which lack it
+
+20000815
+ - (djm) More SunOS 4.1.x fixes from Nate Itkin <nitkin@europa.com>
+ - (djm) Avoid failures on Irix when ssh is not setuid. Fix from
+   Michael Stone <mstone@cs.loyola.edu>
+ - (djm) Don't seek in directory based lastlogs
+ - (djm) Fix --with-ipaddr-display configure option test. Patch from
+   Jarno Huuskonen <jhuuskon@messi.uku.fi>
+ - (djm) Fix AIX limits from Alexandre Oliva <oliva@lsd.ic.unicamp.br>
+
+20000813
+ - (djm) Add $(srcdir) to includes when compiling (for VPATH). Report from
+   Fabrice bacchella <fabrice.bacchella@marchfirst.fr>
+
+20000809
+ - (djm) Define AIX hard limits if headers don't. Report from
+   Bill Painter <william.t.painter@lmco.com>
+ - (djm) utmp direct write & SunOS 4 patch from Charles Levert
+   <charles@comm.polymtl.ca>
+
+20000808
+ - (djm) Cleanup Redhat RPMs. Generate keys at runtime rather than install
+   time, spec file cleanup.
+
+20000807
+ - (djm) Set 0755 on binaries during install. Report from Lutz Jaenicke
+ - (djm) Suppress error messages on channel close shutdown() failurs
+   works around Linux bug. Patch from Zack Weinberg <zack@wolery.cumb.org>
+ - (djm) Add some more entropy collection commands from Lutz Jaenicke
+
+20000725
+ - (djm) Fix autoconf typo: HAVE_BINRESVPORT_AF -> HAVE_BINDRESVPORT_AF
+
+20000721
+ - (djm) OpenBSD CVS updates:
+   - markus@cvs.openbsd.org  2000/07/16 02:27:22
+     [authfd.c authfd.h channels.c clientloop.c ssh-add.c ssh-agent.c ssh.c]
+     [sshconnect1.c sshconnect2.c]
+     make ssh-add accept dsa keys (the agent does not)
+   - djm@cvs.openbsd.org     2000/07/17 19:25:02
+     [sshd.c]
+     Another closing of stdin; ok deraadt
+   - markus@cvs.openbsd.org  2000/07/19 18:33:12
+     [dsa.c]
+     missing free, reorder
+   - markus@cvs.openbsd.org  2000/07/20 16:23:14
+     [ssh-keygen.1]
+     document input and output files
+
+20000720
+ - (djm) Spec file fix from Petr Novotny <Petr.Novotny@antek.cz>
+
+20000716
+ - (djm) Release 2.1.1p4
+
+20000715
+ - (djm) OpenBSD CVS updates
+   - provos@cvs.openbsd.org  2000/07/13 16:53:22
+     [aux.c readconf.c servconf.c ssh.h]
+     allow multiple whitespace but only one '=' between tokens, bug report from
+     Ralf S. Engelschall <rse@engelschall.com> but different fix. okay deraadt@
+   - provos@cvs.openbsd.org  2000/07/13 17:14:09
+     [clientloop.c]
+     typo; todd@fries.net
+   - provos@cvs.openbsd.org  2000/07/13 17:19:31
+     [scp.c]
+     close can fail on AFS, report error; from Greg Hudson <ghudson@mit.edu>
+   - markus@cvs.openbsd.org  2000/07/14 16:59:46
+     [readconf.c servconf.c]
+     allow leading whitespace. ok niels
+   - djm@cvs.openbsd.org     2000/07/14 22:01:38
+     [ssh-keygen.c ssh.c]
+     Always create ~/.ssh with mode 700; ok Markus
+ - Fixes for SunOS 4.1.4 from Gordon Atwood <gordon@cs.ualberta.ca>
+   - Include floatingpoint.h for entropy.c
+   - strerror replacement
+
+20000712
+ - (djm) Remove -lresolve for Reliant Unix
+ - (djm) OpenBSD CVS Updates:
+   - deraadt@cvs.openbsd.org 2000/07/11 02:11:34
+     [session.c sshd.c ]
+     make MaxStartups code still work with -d; djm
+   - deraadt@cvs.openbsd.org 2000/07/11 13:17:45
+     [readconf.c ssh_config]
+     disable FallBackToRsh by default
+ - (djm) Replace in_addr_t with u_int32_t in bsd-inet_aton.c. Report from
+   Ben Lindstrom <mouring@pconline.com>
+ - (djm) Make building of X11-Askpass and GNOME-Askpass optional in RPM
+   spec file.
+ - (djm) Released 2.1.1p3
+
+20000711
+ - (djm) Fixup for AIX getuserattr() support from Tom Bertelson
+   <tbert@abac.com>
+ - (djm) ReliantUNIX support from Udo Schweigert <ust@cert.siemens.de>
+ - (djm) NeXT: dirent structures to get scp working from Ben Lindstrom
+   <mouring@pconline.com>
+ - (djm) Fix broken inet_ntoa check and ut_user/ut_name confusion, report
+   from Jim Watt <jimw@peisj.pebio.com>
+ - (djm) Replaced bsd-snprintf.c with one from Mutt source tree, it is known
+   to compile on more platforms (incl NeXT).
+ - (djm) Added bsd-inet_aton and configure support for NeXT
+ - (djm) Misc NeXT fixes from Ben Lindstrom <mouring@pconline.com>
+ - (djm) OpenBSD CVS updates:
+   - markus@cvs.openbsd.org  2000/06/26 03:22:29
+     [authfd.c]
+     cleanup, less cut&paste
+   - markus@cvs.openbsd.org  2000/06/26 15:59:19
+     [servconf.c servconf.h session.c sshd.8 sshd.c]
+     MaxStartups: limit number of unauthenticated connections, work by
+     theo and me
+   - deraadt@cvs.openbsd.org 2000/07/05 14:18:07
+     [session.c]
+     use no_x11_forwarding_flag correctly; provos ok
+   - provos@cvs.openbsd.org  2000/07/05 15:35:57
+     [sshd.c]
+     typo
+   - aaron@cvs.openbsd.org   2000/07/05 22:06:58
+     [scp.1 ssh-agent.1 ssh-keygen.1 sshd.8]
+     Insert more missing .El directives. Our troff really should identify
+     these and spit out a warning.
+   - todd@cvs.openbsd.org    2000/07/06 21:55:04
+     [auth-rsa.c auth2.c ssh-keygen.c]
+     clean code is good code
+   - deraadt@cvs.openbsd.org 2000/07/07 02:14:29
+     [serverloop.c]
+     sense of port forwarding flag test was backwards
+   - provos@cvs.openbsd.org  2000/07/08 17:17:31
+     [compat.c readconf.c]
+     replace strtok with strsep; from David Young <dyoung@onthejob.net>
+   - deraadt@cvs.openbsd.org 2000/07/08 19:21:15
+     [auth.h]
+     KNF
+   - ho@cvs.openbsd.org      2000/07/08 19:27:33
+     [compat.c readconf.c]
+     Better conditions for strsep() ending.
+   - ho@cvs.openbsd.org      2000/07/10 10:27:05
+     [readconf.c]
+     Get the correct message on errors. (niels@ ok)
+   - ho@cvs.openbsd.org      2000/07/10 10:30:25
+     [cipher.c kex.c servconf.c]
+     strtok() --> strsep(). (niels@ ok)
+ - (djm) Fix problem with debug mode and MaxStartups
+ - (djm) Don't generate host keys when $(DESTDIR) is set (e.g. during RPM
+   builds)
+ - (djm) Add strsep function from OpenBSD libc for systems that lack it
+
+20000709
+ - (djm) Only enable PAM_TTY kludge for Linux. Problem report from
+   Kevin Steves <stevesk@sweden.hp.com>
+ - (djm) Match prototype and function declaration for rresvport_af.
+   Problem report from Niklas Edmundsson <nikke@ing.umu.se>
+ - (djm) Missing $(DESTDIR) on host-key target causing problems with RPM
+   builds. Problem report from Gregory Leblanc <GLeblanc@cu-portland.edu>
+ - (djm) Replace ut_name with ut_user. Patch from Jim Watt
+   <jimw@peisj.pebio.com>
+ - (djm) Fix pam sprintf fix
+ - (djm) Cleanup entropy collection code a little more. Split initialisation
+   from seeding, perform intialisation immediatly at start, be careful with
+   uids. Based on problem report from Jim Watt <jimw@peisj.pebio.com>
+ - (djm) More NeXT compatibility from Ben Lindstrom <mouring@pconline.com>
+   Including sigaction() et al. replacements
+ - (djm) AIX getuserattr() session initialisation from Tom Bertelson
+   <tbert@abac.com>
+
+20000708
+ - (djm) Fix bad fprintf format handling in auth-pam.c. Patch from
+   Aaron Hopkins <aaron@die.net>
+ - (djm) Fix incorrect configure handling of --with-rsh-path option. Fix from
+   Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
+ - (djm) Fixed undefined variables for OSF SIA. Report from
+   Baars, Henk <Hendrik.Baars@nl.origin-it.com>
+ - (djm) Handle EWOULDBLOCK returns from read() and write() in atomicio.c
+   Fix from Marquess, Steve Mr JMLFDC <Steve.Marquess@DET.AMEDD.ARMY.MIL>
+ - (djm) Don't use inet_addr.
+
+20000702
+ - (djm) Fix brace mismatch from Corinna Vinschen <vinschen@cygnus.com>
+ - (djm) Stop shadow expiry checking from preventing logins with NIS. Based
+   on fix from HARUYAMA Seigo <haruyama@nt.phys.s.u-tokyo.ac.jp>
+ - (djm) Use standard OpenSSL functions in auth-skey.c. Patch from
+   Chris, the Young One <cky@pobox.com>
+ - (djm) Fix scp progress meter on really wide terminals. Based on patch
+   from James H. Cloos Jr. <cloos@jhcloos.com>
+
+20000701
+ - (djm) Fix Tru64 SIA problems reported by John P Speno <speno@isc.upenn.edu>
+ - (djm) Login fixes from Tom Bertelson <tbert@abac.com>
+ - (djm) Replace "/bin/sh" with _PATH_BSHELL. Report from Corinna Vinschen
+   <vinschen@cygnus.com>
+ - (djm) Replace "/usr/bin/login" with LOGIN_PROGRAM
+ - (djm) Added check for broken snprintf() functions which do not correctly
+   terminate output string and attempt to use replacement.
+ - (djm) Released 2.1.1p2
+
+20000628
+ - (djm) Fixes to lastlog code for Irix
+ - (djm) Use atomicio in loginrec
+ - (djm) Patch from Michael Stone <mstone@cs.loyola.edu> to add support for
+   Irix 6.x array sessions, project id's, and system audit trail id.
+ - (djm) Added 'distprep' make target to simplify packaging
+ - (djm) Added patch from Chris Adams <cmadams@hiwaay.net> to add OSF SIA
+   support. Enable using "USE_SIA=1 ./configure [options]"
+
+20000627
+ - (djm) Fixes to login code - not setting li->uid, cleanups
+ - (djm) Formatting
+
+20000626
+ - (djm) Better fix to aclocal tests from Garrick James <garrick@james.net>
+ - (djm) Account expiry support from Andreas Steinmetz <ast@domdv.de>
+ - (djm) Added password expiry checking (no password change support)
+ - (djm) Make EGD failures non-fatal if OpenSSL's entropy pool is still OK
+   based on patch from Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
+ - (djm) Fix fixed EGD code.
+ - OpenBSD CVS update
+   - provos@cvs.openbsd.org  2000/06/25 14:17:58
+     [channels.c]
+     correct check for bad channel ids; from Wei Dai <weidai@eskimo.com>
+
+20000623
+ - (djm) Use sa_family_t in prototype for rresvport_af. Patch from
+   Svante Signell <svante.signell@telia.com>
+ - (djm) Autoconf logic to define sa_family_t if it is missing
+ - OpenBSD CVS Updates:
+   - markus@cvs.openbsd.org  2000/06/22 10:32:27
+     [sshd.c]
+     missing atomicio; report from Steve.Marquess@DET.AMEDD.ARMY.MIL
+   - djm@cvs.openbsd.org     2000/06/22 17:55:00
+     [auth-krb4.c key.c radix.c uuencode.c]
+     Missing CVS idents; ok markus
+
+20000622
+ - (djm) Automatically generate host key during "make install". Suggested
+   by Gary E. Miller <gem@rellim.com>
+ - (djm) Paranoia before kill() system call
+ - OpenBSD CVS Updates:
+   - markus@cvs.openbsd.org  2000/06/18 18:50:11
+     [auth2.c compat.c compat.h sshconnect2.c]
+     make userauth+pubkey interop with ssh.com-2.2.0
+   - markus@cvs.openbsd.org  2000/06/18 20:56:17
+     [dsa.c]
+     mem leak + be more paranoid in dsa_verify.
+   - markus@cvs.openbsd.org  2000/06/18 21:29:50
+     [key.c]
+     cleanup fingerprinting, less hardcoded sizes
+   - markus@cvs.openbsd.org  2000/06/19 19:39:45
+     [atomicio.c auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
+     [auth-rsa.c auth-skey.c authfd.c authfd.h authfile.c bufaux.c bufaux.h]
+     [buffer.c buffer.h canohost.c channels.c channels.h cipher.c cipher.h]
+     [clientloop.c compat.c compat.h compress.c compress.h crc32.c crc32.h]
+     [deattack.c dispatch.c dsa.c fingerprint.c fingerprint.h getput.h hmac.c]
+     [kex.c log-client.c log-server.c login.c match.c mpaux.c mpaux.h nchan.c]
+     [nchan.h packet.c packet.h pty.c pty.h readconf.c readconf.h readpass.c]
+     [rsa.c rsa.h scp.c servconf.c servconf.h ssh-add.c ssh-keygen.c ssh.c]
+     [ssh.h tildexpand.c ttymodes.c ttymodes.h uidswap.c xmalloc.c xmalloc.h]
+     OpenBSD tag
+   - markus@cvs.openbsd.org  2000/06/21 10:46:10
+     sshconnect2.c missing free; nuke old comment
+
+20000620
+ - (djm) Replace use of '-o' and '-a' logical operators in configure tests
+   with '||' and '&&'. As suggested by Jim Knoble <jmknoble@jmknoble.cx>
+   to fix SCO Unixware problem reported by Gary E. Miller <gem@rellim.com>
+ - (djm) Typo in loginrec.c
+
+20000618
+ - (djm) Add summary of configure options to end of ./configure run
+ - (djm) Not all systems define RUSAGE_SELF & RUSAGE_CHILDREN. Report from
+   Michael Stone <mstone@cs.loyola.edu>
+ - (djm) rusage is a privileged operation on some Unices (incl.
+   Solaris 2.5.1). Report from Paul D. Smith <pausmith@nortelnetworks.com>
+ - (djm) Avoid PAM failures when running without a TTY. Report from
+   Martin Petrak <petrak@spsknm.schools.sk>
+ - (djm) Include sys/types.h when including netinet/in.h in configure tests.
+   Patch from Jun-ichiro itojun Hagino <itojun@iijlab.net>
+ - (djm) Started merge of Ben Lindstrom's <mouring@pconline.com> NeXT support
+ - OpenBSD CVS updates:
+   - deraadt@cvs.openbsd.org 2000/06/17 09:58:46
+     [channels.c]
+     everyone says "nix it" (remove protocol 2 debugging message)
+   - markus@cvs.openbsd.org  2000/06/17 13:24:34
+     [sshconnect.c]
+     allow extended server banners
+   - markus@cvs.openbsd.org  2000/06/17 14:30:10
+     [sshconnect.c]
+     missing atomicio, typo
+   - jakob@cvs.openbsd.org   2000/06/17 16:52:34
+     [servconf.c servconf.h session.c sshd.8 sshd_config]
+     add support for ssh v2 subsystems. ok markus@.
+   - deraadt@cvs.openbsd.org 2000/06/17 18:57:48
+     [readconf.c servconf.c]
+     include = in WHITESPACE; markus ok
+   - markus@cvs.openbsd.org  2000/06/17 19:09:10
+     [auth2.c]
+     implement bug compatibility with ssh-2.0.13 pubkey, server side
+   - markus@cvs.openbsd.org  2000/06/17 21:00:28
+     [compat.c]
+     initial support for ssh.com's 2.2.0
+   - markus@cvs.openbsd.org  2000/06/17 21:16:09
+     [scp.c]
+     typo
+   - markus@cvs.openbsd.org  2000/06/17 22:05:02
+     [auth-rsa.c auth2.c serverloop.c session.c auth-options.c auth-options.h]
+     split auth-rsa option parsing into auth-options
+     add options support to authorized_keys2
+   - markus@cvs.openbsd.org  2000/06/17 22:42:54
+     [session.c]
+     typo
+
+20000613
+ - (djm) Fixes from Andrew McGill <andrewm@datrix.co.za>:
+  - Platform define for SCO 3.x which breaks on /dev/ptmx
+  - Detect and try to fix missing MAXPATHLEN
+ - (djm) Fix short copy in loginrec.c (based on patch from Phill Camp
+   <P.S.S.Camp@ukc.ac.uk>
+
+20000612
+ - (djm) Glob manpages in RPM spec files to catch compressed files
+ - (djm) Full license in auth-pam.c
+ - (djm) Configure fixes from SAKAI Kiyotaka <ksakai@kso.netwk.ntt-at.co.jp>
+ - (andre) AIX, lastlog, configure fixes from Tom Bertelson <tbert@abac.com>:
+  - Don't try to retrieve lastlog from wtmp/wtmpx if DISABLE_LASTLOG is
+     def'd
+  - Set AIX to use preformatted manpages
+
+20000610
+ - (djm) Minor doc tweaks
+ - (djm) Fix for configure on bash2 from Jim Knoble <jmknoble@jmknoble.cx>
+
+20000609
+ - (djm) Patch from Kenji Miyake <kenji@miyake.org> to disable utmp usage
+   (in favour of utmpx) on Solaris 8
+
+20000606
+ - (djm) Cleanup of entropy.c. Reorganised code, removed second pass through
+   list of commands (by default). Removed verbose debugging (by default).
+ - (djm) Increased command entropy estimates and default entropy collection
+   timeout
+ - (djm) Remove duplicate headers from loginrec.c
+ - (djm) Don't add /usr/local/lib to library search path on Irix
+ - (djm) Fix rsh path in RPMs. Report from Jason L Tibbitts III
+   <tibbs@math.uh.edu>
+ - (djm) Warn user if grabs fail in GNOME askpass. Patch from Zack Weinberg
+   <zack@wolery.cumb.org>
+ - (djm) OpenBSD CVS updates:
+  - todd@cvs.openbsd.org
+    [sshconnect2.c]
+    teach protocol v2 to count login failures properly and also enable an
+    explanation of why the password prompt comes up again like v1; this is NOT
+    crypto
+  - markus@cvs.openbsd.org
+    [readconf.c readconf.h servconf.c servconf.h session.c ssh.1 ssh.c sshd.8]
+    xauth_location support; pr 1234
+    [readconf.c sshconnect2.c]
+    typo, unused
+    [session.c]
+    allow use_login only for login sessions, otherwise remote commands are
+    execed with uid==0
+    [sshd.8]
+    document UseLogin better
+    [version.h]
+    OpenSSH 2.1.1
+    [auth-rsa.c]
+    fix match_hostname() logic for auth-rsa: deny access if we have a
+    negative match or no match at all
+    [channels.c hostfile.c match.c]
+    don't panic if mkdtemp fails for authfwd; jkb@yahoo-inc.com via
+    kris@FreeBSD.org
+
+20000606
+ - (djm) Added --with-cflags, --with-ldflags and --with-libs options to
+   configure.
+
+20000604
+ - Configure tweaking for new login code on Irix 5.3
+ - (andre) login code changes based on djm feedback
+
+20000603
+ - (andre) New login code
+    - Remove bsd-login.[ch] and all the OpenBSD-derived code in login.c
+    - Add loginrec.[ch], logintest.c and autoconf code
+
+20000531
+ - Cleanup of auth.c, login.c and fake-*
+ - Cleanup of auth-pam.c, save and print "account expired" error messages
+ - Fix EGD read bug by IWAMURO Motonori <iwa@mmp.fujitsu.co.jp>
+ - Rewrote bsd-login to use proper utmp API if available. Major cleanup
+   of fallback DIY code.
+
+20000530
+ - Define atexit for old Solaris
+ - Fix buffer overrun in login.c for systems which use syslen in utmpx.
+   patch from YOSHIFUJI Hideaki <yoshfuji@cerberus.nemoto.ecei.tohoku.ac.jp>
+ - OpenBSD CVS updates:
+  - markus@cvs.openbsd.org
+    [session.c]
+    make x11-fwd work w/ localhost (xauth add host/unix:11)
+    [cipher.c compat.c readconf.c servconf.c]
+    check strtok() != NULL; ok niels@
+    [key.c]
+    fix key_read() for uuencoded keys w/o '='
+    [serverloop.c]
+    group ssh1 vs. ssh2 in serverloop
+    [kex.c kex.h myproposal.h sshconnect2.c sshd.c]
+    split kexinit/kexdh, factor out common code
+    [readconf.c ssh.1 ssh.c]
+    forwardagent defaults to no, add ssh -A
+  - theo@cvs.openbsd.org
+    [session.c]
+    just some line shortening
+ - Released 2.1.0p3
+
+20000520
+ - Xauth fix from Markus Friedl <markus.friedl@informatik.uni-erlangen.de>
+ - Don't touch utmp if USE_UTMPX defined
+ - SunOS 4.x support from Todd C. Miller <Todd.Miller@courtesan.com>
+ - SIGCHLD fix for AIX and HPUX from Tom Bertelson <tbert@abac.com>
+ - HPUX and Configure fixes from Lutz Jaenicke
+   <Lutz.Jaenicke@aet.TU-Cottbus.DE>
+ - Use mkinstalldirs script to make directories instead of non-portable
+   "install -d". Suggested by Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
+ - Doc cleanup
+
+20000518
+ - Include Andre Lucas' fixprogs script. Forgot to "cvs add" it yesterday
+ - OpenBSD CVS updates:
+  - markus@cvs.openbsd.org
+    [sshconnect.c]
+    copy only ai_addrlen bytes; misiek@pld.org.pl
+    [auth.c]
+    accept an empty shell in authentication; bug reported by
+    chris@tinker.ucr.edu
+    [serverloop.c]
+    we don't have stderr for interactive terminal sessions (fcntl errors)
+
+20000517
+ - Fix from Andre Lucas <andre.lucas@dial.pipex.com>
+  - Fixes command line printing segfaults (spotter: Bladt Norbert)
+  - Fixes erroneous printing of debug messages to syslog
+  - Fixes utmp for MacOS X (spotter: Aristedes Maniatis)
+  - Gives useful error message if PRNG initialisation fails
+  - Reduced ssh startup delay
+  - Measures cumulative command time rather than the time between reads
+    after select()
+  - 'fixprogs' perl script to eliminate non-working entropy commands, and
+    optionally run 'ent' to measure command entropy
+ - Applied Tom Bertelson's <tbert@abac.com> AIX authentication fix
+ - Avoid WCOREDUMP complation errors for systems that lack it
+ - Avoid SIGCHLD warnings from entropy commands
+ - Fix HAVE_PAM_GETENVLIST setting from Simon Wilkinson <sxw@dcs.ed.ac.uk>
+ - OpenBSD CVS update:
+  - markus@cvs.openbsd.org
+    [ssh.c]
+    fix usage()
+    [ssh2.h]
+    draft-ietf-secsh-architecture-05.txt
+    [ssh.1]
+    document ssh -T -N (ssh2 only)
+    [channels.c serverloop.c ssh.h sshconnect.c sshd.c aux.c]
+    enable nonblocking IO for sshd w/ proto 1, too; split out common code
+    [aux.c]
+    missing include
+ - Several patches from SAKAI Kiyotaka <ksakai@kso.netwk.ntt-at.co.jp>
+  - INSTALL typo and URL fix
+  - Makefile fix
+  - Solaris fixes
+ - Checking for ssize_t and memmove. Based on patch from SAKAI Kiyotaka
+   <ksakai@kso.netwk.ntt-at.co.jp>
+ - RSAless operation patch from kevin_oconnor@standardandpoors.com
+ - Detect OpenSSL seperatly from RSA
+ - Better test for RSA (more compatible with RSAref). Based on work by
+   Ed Eden <ede370@stl.rural.usda.gov>
+
+20000513
+ - Fix for non-recognised DSA keys from Arkadiusz Miskiewicz
+   <misiek@pld.org.pl>
+
+20000511
+ - Fix for prng_seed permissions checking from Lutz Jaenicke
+   <Lutz.Jaenicke@aet.TU-Cottbus.DE>
+ - "make host-key" fix for Irix
+
+20000509
+ - OpenBSD CVS update
+  - markus@cvs.openbsd.org
+    [cipher.h myproposal.h readconf.c readconf.h servconf.c ssh.1 ssh.c]
+    [ssh.h sshconnect1.c sshconnect2.c sshd.8]
+    - complain about invalid ciphers in SSH1 (e.g. arcfour is SSH2 only)
+  - hugh@cvs.openbsd.org
+    [ssh.1]
+    - zap typo
+    [ssh-keygen.1]
+    - One last nit fix. (markus approved)
+    [sshd.8]
+    - some markus certified spelling adjustments
+  - markus@cvs.openbsd.org
+    [auth2.c channels.c clientloop.c compat compat.h dsa.c kex.c]
+    [sshconnect2.c ]
+    - bug compat w/ ssh-2.0.13 x11, split out bugs
+    [nchan.c]
+    - no drain if ibuf_empty, fixes x11fwd problems; tests by fries@
+    [ssh-keygen.c]
+    - handle escapes in real and original key format, ok millert@
+    [version.h]
+    - OpenSSH-2.1
+ - Moved all the bsd-* and fake-* stuff into new libopenbsd-compat.a
+ - Doc updates
+ - Cleanup of bsd-base64 headers, bugfix definitions of __b64_*. Reported
+   by Andre Lucas <andre.lucas@dial.pipex.com>
+
+20000508
+ - Makefile and RPM spec fixes
+ - Generate DSA host keys during "make key" or RPM installs
+ - OpenBSD CVS update
+  - markus@cvs.openbsd.org
+    [clientloop.c sshconnect2.c]
+    - make x11-fwd interop w/ ssh-2.0.13
+    [README.openssh2]
+    - interop w/ SecureFX
+ - Release 2.0.0beta2
+
+ - Configure caching and cleanup patch from Andre Lucas'
+   <andre.lucas@dial.pipex.com>
+
+20000507
+ - Remove references to SSLeay.
+ - Big OpenBSD CVS update
+  - markus@cvs.openbsd.org
+    [clientloop.c]
+    - typo
+    [session.c]
+    - update proctitle on pty alloc/dealloc, e.g. w/ windows client
+    [session.c]
+    - update proctitle for proto 1, too
+    [channels.h nchan.c serverloop.c session.c sshd.c]
+    - use c-style comments
+  - deraadt@cvs.openbsd.org
+    [scp.c]
+    - more atomicio
+  - markus@cvs.openbsd.org
+    [channels.c]
+    - set O_NONBLOCK
+    [ssh.1]
+    - update AUTHOR
+    [readconf.c ssh-keygen.c ssh.h]
+    - default DSA key file ~/.ssh/id_dsa
+    [clientloop.c]
+    - typo, rm verbose debug
+  - deraadt@cvs.openbsd.org
+    [ssh-keygen.1]
+    - document DSA use of ssh-keygen
+    [sshd.8]
+    - a start at describing what i understand of the DSA side
+    [ssh-keygen.1]
+    - document -X and -x
+    [ssh-keygen.c]
+    - simplify usage
+  - markus@cvs.openbsd.org
+    [sshd.8]
+    - there is no rhosts_dsa
+    [ssh-keygen.1]
+    - document -y, update -X,-x
+    [nchan.c]
+    - fix close for non-open ssh1 channels
+    [servconf.c servconf.h ssh.h sshd.8 sshd.c ]
+    - s/DsaKey/HostDSAKey/, document option
+    [sshconnect2.c]
+    - respect number_of_password_prompts
+    [channels.c channels.h servconf.c servconf.h session.c sshd.8]
+    - GatewayPorts for sshd, ok deraadt@
+    [ssh-add.1 ssh-agent.1 ssh.1]
+    - more doc on: DSA, id_dsa, known_hosts2, authorized_keys2
+    [ssh.1]
+    - more info on proto 2
+    [sshd.8]
+    - sync AUTHOR w/ ssh.1
+    [key.c key.h sshconnect.c]
+    - print key type when talking about host keys
+    [packet.c]
+    - clear padding in ssh2
+    [dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h]
+    - replace broken uuencode w/ libc b64_ntop
+    [auth2.c]
+    - log failure before sending the reply
+    [key.c radix.c uuencode.c]
+    - remote trailing comments before calling __b64_pton
+    [auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1]
+    [sshconnect2.c sshd.8]
+    - add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8
+ - Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch])
+
+20000502
+ - OpenBSD CVS update
+   [channels.c]
+   - init all fds, close all fds.
+   [sshconnect2.c]
+   - check whether file exists before asking for passphrase
+   [servconf.c servconf.h sshd.8 sshd.c]
+   - PidFile, pr 1210
+   [channels.c]
+   - EINTR
+   [channels.c]
+   - unbreak, ok niels@
+   [sshd.c]
+   - unlink pid file, ok niels@
+   [auth2.c]
+   - Add missing #ifdefs; ok - markus
+ - Add Andre Lucas' <andre.lucas@dial.pipex.com> patch to read entropy
+   gathering commands from a text file
+ - Release 2.0.0beta1
+
+20000501
+ - OpenBSD CVS update
+   [packet.c]
+   - send debug messages in SSH2 format
+   [scp.c]
+   - fix very rare EAGAIN/EINTR issues; based on work by djm
+   [packet.c]
+   - less debug, rm unused
+   [auth2.c]
+   - disable kerb,s/key in ssh2
+   [sshd.8]
+   - Minor tweaks and typo fixes.
+   [ssh-keygen.c]
+   - Put -d into usage and reorder. markus ok.
+ - Include missing headers for OpenSSL tests. Fix from Phil Karn
+   <karn@ka9q.ampr.org>
+ - Fixed __progname symbol collisions reported by Andre Lucas
+   <andre.lucas@dial.pipex.com>
+ - Merged bsd-login ttyslot and AIX utmp patch from Gert Doering
+   <gd@hilb1.medat.de>
+ - Add some missing ifdefs to auth2.c
+ - Deprecate perl-tk askpass.
+ - Irix portability fixes - don't include netinet headers more than once
+ - Make sure we don't save PRNG seed more than once
+
+20000430
+ - Merge HP-UX fixes and TCB support from Ged Lodder <lodder@yacc.com.au>
+ - Integrate Andre Lucas' <andre.lucas@dial.pipex.com> entropy collection
+   patch.
+   - Adds timeout to entropy collection
+   - Disables slow entropy sources
+   - Load and save seed file
+ - Changed entropy seed code to user per-user seeds only (server seed is
+   saved in root's .ssh directory)
+ - Use atexit() and fatal cleanups to save seed on exit
+ - More OpenBSD updates:
+   [session.c]
+   - don't call chan_write_failed() if we are not writing
+   [auth-rsa.c auth1.c authfd.c hostfile.c ssh-agent.c]
+   - keysize warnings error() -> log()
+
+20000429
+ - Merge big update to OpenSSH-2.0 from OpenBSD CVS
+   [README.openssh2]
+   - interop w/ F-secure windows client
+   - sync documentation
+   - ssh_host_dsa_key not ssh_dsa_key
+   [auth-rsa.c]
+   - missing fclose
+   [auth.c authfile.c compat.c dsa.c dsa.h hostfile.c key.c key.h radix.c]
+   [readconf.c readconf.h ssh-add.c ssh-keygen.c ssh.c ssh.h sshconnect.c]
+   [sshd.c uuencode.c uuencode.h authfile.h]
+   - add DSA pubkey auth and other SSH2 fixes.  use ssh-keygen -[xX]
+     for trading keys with the real and the original SSH, directly from the
+     people who invented the SSH protocol.
+   [auth.c auth.h authfile.c sshconnect.c auth1.c auth2.c sshconnect.h]
+   [sshconnect1.c sshconnect2.c]
+   - split auth/sshconnect in one file per protocol version
+   [sshconnect2.c]
+   - remove debug
+   [uuencode.c]
+   - add trailing =
+   [version.h]
+   - OpenSSH-2.0
+   [ssh-keygen.1 ssh-keygen.c]
+   - add -R flag: exit code indicates if RSA is alive
+   [sshd.c]
+   - remove unused
+     silent if -Q is specified
+   [ssh.h]
+   - host key becomes /etc/ssh_host_dsa_key
+   [readconf.c servconf.c ]
+   - ssh/sshd default to proto 1 and 2
+   [uuencode.c]
+   - remove debug
+   [auth2.c ssh-keygen.c sshconnect2.c sshd.c]
+   - xfree DSA blobs
+   [auth2.c serverloop.c session.c]
+   - cleanup logging for sshd/2, respect PasswordAuth no
+   [sshconnect2.c]
+   - less debug, respect .ssh/config
+   [README.openssh2 channels.c channels.h]
+   - clientloop.c session.c ssh.c
+   - support for x11-fwding, client+server
+
+20000421
+ - Merge fix from OpenBSD CVS
+  [ssh-agent.c]
+  - Fix memory leak per connection. Report from Andy Spiegl <Andy@Spiegl.de>
+    via Debian bug #59926
+ - Define __progname in session.c if libc doesn't
+ - Remove indentation on autoconf #include statements to avoid bug in
+   DEC Tru64 compiler. Report and fix from David Del Piero
+   <David.DelPiero@qed.qld.gov.au>
+
+20000420
+ - Make fixpaths work with perl4, patch from Andre Lucas
+   <andre.lucas@dial.pipex.com>
+ - Sync with OpenBSD CVS:
+  [clientloop.c login.c serverloop.c ssh-agent.c ssh.h sshconnect.c sshd.c]
+  - pid_t
+  [session.c]
+  - remove bogus chan_read_failed. this could cause data
+    corruption (missing data) at end of a SSH2 session.
+ - Merge fixes from Debian patch from Phil Hands <phil@hands.com>
+  - Allow setting of PAM service name through CFLAGS (SSHD_PAM_SERVICE)
+  - Use vhangup to clean up Linux ttys
+  - Force posix getopt processing on GNU libc systems
+ - Debian bug #55910 - remove references to ssl(8) manpages
+ - Debian bug #58031 - ssh_config lies about default cipher
+
+20000419
+ - OpenBSD CVS updates
+   [channels.c]
+   - fix pr 1196, listen_port and port_to_connect interchanged
+   [scp.c]
+   - after completion, replace the progress bar ETA counter with a final
+     elapsed time; my idea, aaron wrote the patch
+   [ssh_config sshd_config]
+   - show 'Protocol' as an example, ok markus@
+   [sshd.c]
+   - missing xfree()
+ - Add missing header to bsd-misc.c
+
+20000416
+ - Reduce diff against OpenBSD source
+   - All OpenSSL includes are now unconditionally referenced as
+     openssl/foo.h
+   - Pick up formatting changes
+   - Other minor changed (typecasts, etc) that I missed
+
+20000415
+ - OpenBSD CVS updates.
+   [ssh.1 ssh.c]
+   - ssh -2
+   [auth.c channels.c clientloop.c packet.c packet.h serverloop.c]
+   [session.c sshconnect.c]
+   - check payload for (illegal) extra data
+   [ALL]
+   whitespace cleanup
+
+20000413
+ - INSTALL doc updates
+ - Merged OpenBSD updates to include paths.
+
+20000412
+ - OpenBSD CVS updates:
+   - [channels.c]
+     repair x11-fwd
+   - [sshconnect.c]
+     fix passwd prompt for ssh2, less debugging output.
+   - [clientloop.c compat.c dsa.c kex.c sshd.c]
+     less debugging output
+   - [kex.c kex.h sshconnect.c sshd.c]
+     check for reasonable public DH values
+   - [README.openssh2 cipher.c cipher.h compat.c compat.h readconf.c]
+     [readconf.h servconf.c servconf.h ssh.c ssh.h sshconnect.c sshd.c]
+     add Cipher and Protocol options to ssh/sshd, e.g.:
+     ssh -o 'Protocol 1,2' if you prefer proto 1, ssh -o 'Ciphers
+     arcfour,3des-cbc'
+   - [sshd.c]
+     print 1.99 only if server supports both
+
+20000408
+ - Avoid some compiler warnings in fake-get*.c
+ - Add IPTOS macros for systems which lack them
+ - Only set define entropy collection macros if they are found
+ - More large OpenBSD CVS updates:
+   - [auth.c auth.h servconf.c servconf.h serverloop.c session.c]
+     [session.h ssh.h sshd.c README.openssh2]
+     ssh2 server side, see README.openssh2; enable with 'sshd -2'
+   - [channels.c]
+     no adjust after close
+   - [sshd.c compat.c ]
+     interop w/ latest ssh.com windows client.
+
+20000406
+ - OpenBSD CVS update:
+   - [channels.c]
+     close efd on eof
+   - [clientloop.c compat.c ssh.c sshconnect.c myproposal.h]
+     ssh2 client implementation, interops w/ ssh.com and lsh servers.
+   - [sshconnect.c]
+     missing free.
+   - [authfile.c cipher.c cipher.h packet.c sshconnect.c sshd.c]
+     remove unused argument, split cipher_mask()
+   - [clientloop.c]
+     re-order: group ssh1 vs. ssh2
+ - Make Redhat spec require openssl >= 0.9.5a
+
+20000404
+ - Add tests for RAND_add function when searching for OpenSSL
+ - OpenBSD CVS update:
+   - [packet.h packet.c]
+     ssh2 packet format
+   - [packet.h packet.c nchan2.ms nchan.h compat.h compat.c]
+     [channels.h channels.c]
+     channel layer support for ssh2
+   - [kex.h kex.c hmac.h hmac.c dsa.c dsa.h]
+     DSA, keyexchange, algorithm agreement for ssh2
+ - Generate manpages before make install not at the end of make all
+ - Don't seed the rng quite so often
+ - Always reseed rng when requested
+
+20000403
+ - Wrote entropy collection routines for systems that lack /dev/random
+   and EGD
+ - Disable tests and typedefs for 64 bit types. They are currently unused.
+
+20000401
+ - Big OpenBSD CVS update (mainly beginnings of SSH2 infrastructure)
+   - [auth.c session.c sshd.c auth.h]
+     split sshd.c -> auth.c session.c sshd.c plus cleanup and goto-removal
+   - [bufaux.c bufaux.h]
+     support ssh2 bignums
+   - [channels.c channels.h clientloop.c sshd.c nchan.c nchan.h packet.c]
+     [readconf.c ssh.c ssh.h serverloop.c]
+     replace big switch() with function tables (prepare for ssh2)
+   - [ssh2.h]
+     ssh2 message type codes
+   - [sshd.8]
+     reorder Xr to avoid cutting
+   - [serverloop.c]
+     close(fdin) if fdin != fdout, shutdown otherwise, ok theo@
+   - [channels.c]
+     missing close
+     allow bigger packets
+   - [cipher.c cipher.h]
+     support ssh2 ciphers
+   - [compress.c]
+     cleanup, less code
+   - [dispatch.c dispatch.h]
+     function tables for different message types
+   - [log-server.c]
+     do not log() if debuggin to stderr
+     rename a cpp symbol, to avoid param.h collision
+   - [mpaux.c]
+     KNF
+   - [nchan.c]
+     sync w/ channels.c
+
+20000326
+ - Better tests for OpenSSL w/ RSAref
+ - Added replacement setenv() function from OpenBSD libc. Suggested by
+   Ben Lindstrom <mouring@pconline.com>
+ - OpenBSD CVS update
+   - [auth-krb4.c]
+     -Wall
+   - [auth-rh-rsa.c auth-rsa.c hostfile.c hostfile.h key.c key.h match.c]
+     [match.h ssh.c ssh.h sshconnect.c sshd.c]
+     initial support for DSA keys. ok deraadt@, niels@
+   - [cipher.c cipher.h]
+     remove unused cipher_attack_detected code
+   - [scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
+     Fix some formatting problems I missed before.
+   - [ssh.1 sshd.8]
+     fix spelling errors, From: FreeBSD
+   - [ssh.c]
+     switch to raw mode only if he _get_ a pty (not if we _want_ a pty).
+
+20000324
+ - Released 1.2.3
+
+20000317
+ - Clarified --with-default-path option.
+ - Added -blibpath handling for AIX to work around stupid runtime linking.
+   Problem elucidated by gshapiro@SENDMAIL.ORG by way of Jim Knoble
+   <jmknoble@jmknoble.cx>
+ - Checks for 64 bit int types. Problem report from Mats Fredholm
+   <matsf@init.se>
+ - OpenBSD CVS updates:
+   - [atomicio.c auth-krb4.c bufaux.c channels.c compress.c fingerprint.c]
+     [packet.h radix.c rsa.c scp.c ssh-agent.c ssh-keygen.c sshconnect.c]
+     [sshd.c]
+     pedantic: signed vs. unsigned, void*-arithm, etc
+   - [ssh.1 sshd.8]
+     Various cleanups and standardizations.
+ - Runtime error fix for HPUX from Otmar Stahl
+   <O.Stahl@lsw.uni-heidelberg.de>
+
+20000316
+ - Fixed configure not passing LDFLAGS to Solaris. Report from David G.
+   Hesprich <dghespri@sprintparanet.com>
+ - Propogate LD through to Makefile
+ - Doc cleanups
+ - Added blurb about "scp: command not found" errors to UPGRADING
+
+20000315
+ - Fix broken CFLAGS handling during search for OpenSSL. Fixes va_list
+   problems with gcc/Solaris.
+ - Don't free argument to putenv() after use (in setenv() replacement).
+   Report from Seigo Tanimura <tanimura@r.dl.itc.u-tokyo.ac.jp>
+ - Created contrib/ subdirectory. Included helpers from Phil Hands'
+   Debian package, README file and chroot patch from Ricardo Cerqueira
+   <rmcc@clix.pt>
+ - Moved gnome-ssh-askpass.c to contrib directory and removed config
+   option.
+ - Slight cleanup to doc files
+ - Configure fix from Bratislav ILICH <bilic@zepter.ru>
+
+20000314
+ - Include macro for IN6_IS_ADDR_V4MAPPED. Report from
+   peter@frontierflying.com
+ - Include /usr/local/include and /usr/local/lib for systems that don't
+   do it themselves
+ - -R/usr/local/lib for Solaris
+ - Fix RSAref detection
+ - Fix IN6_IS_ADDR_V4MAPPED macro
+
+20000311
+ - Detect RSAref
+ - OpenBSD CVS change
+   [sshd.c]
+    - disallow guessing of root password
+ - More configure fixes
+ - IPv6 workarounds from Hideaki YOSHIFUJI <yoshfuji@ecei.tohoku.ac.jp>
+
+20000309
+ - OpenBSD CVS updates to v1.2.3
+   [ssh.h atomicio.c]
+    - int atomicio -> ssize_t (for alpha). ok deraadt@
+   [auth-rsa.c]
+    - delay MD5 computation until client sends response, free() early, cleanup.
+   [cipher.c]
+    - void* -> unsigned char*, ok niels@
+   [hostfile.c]
+    - remove unused variable 'len'. fix comments.
+    - remove unused variable
+   [log-client.c log-server.c]
+    - rename a cpp symbol, to avoid param.h collision
+   [packet.c]
+    - missing xfree()
+    - getsockname() requires initialized tolen; andy@guildsoftware.com
+    - use getpeername() in packet_connection_is_on_socket(), fixes sshd -i;
+   from Holger.Trapp@Informatik.TU-Chemnitz.DE
+   [pty.c pty.h]
+    - register cleanup for pty earlier. move code for pty-owner handling to
+      pty.c ok provos@, dugsong@
+   [readconf.c]
+    - turn off x11-fwd for the client, too.
+   [rsa.c]
+    - PKCS#1 padding
+   [scp.c]
+    - allow '.' in usernames; from jedgar@fxp.org
+   [servconf.c]
+    - typo: ignore_user_known_hosts int->flag; naddy@mips.rhein-neckar.de
+    - sync with sshd_config
+   [ssh-keygen.c]
+    - enable ssh-keygen -l -f ~/.ssh/known_hosts, ok deraadt@
+   [ssh.1]
+    - Change invalid 'CHAT' loglevel to 'VERBOSE'
+   [ssh.c]
+    - suppress AAAA query host when '-4' is used; from shin@nd.net.fujitsu.co.jp
+    - turn off x11-fwd for the client, too.
+   [sshconnect.c]
+    - missing xfree()
+    - retry rresvport_af(), too. from sumikawa@ebina.hitachi.co.jp.
+    - read error vs. "Connection closed by remote host"
+   [sshd.8]
+    - ie. -> i.e.,
+    - do not link to a commercial page..
+    - sync with sshd_config
+   [sshd.c]
+    - no need for poll.h; from bright@wintelcom.net
+    - log with level log() not fatal() if peer behaves badly.
+    - don't panic if client behaves strange. ok deraadt@
+    - make no-port-forwarding for RSA keys deny both -L and -R style fwding
+    - delay close() of pty until the pty has been chowned back to root
+    - oops, fix comment, too.
+    - missing xfree()
+    - move XAUTHORITY to subdir. ok dugsong@. fixes debian bug #57907, too.
+      (http://cgi.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=57907)
+    - register cleanup for pty earlier. move code for pty-owner handling to
+      pty.c ok provos@, dugsong@
+    - create x11 cookie file
+    - fix pr 1113, fclose() -> pclose(), todo: remote popen()
+    - version 1.2.3
+ - Cleaned up
+ - Removed warning workaround for Linux and devpts filesystems (no longer
+   required after OpenBSD updates)
+
+20000308
+ - Configure fix from Hiroshi Takekawa <takekawa@sr3.t.u-tokyo.ac.jp>
+
+20000307
+ - Released 1.2.2p1
+
+20000305
+ - Fix DEC compile fix
+ - Explicitly seed OpenSSL's PRNG before checking rsa_alive()
+ - Check for getpagesize in libucb.a if not found in libc. Fix for old
+   Solaris from Andre Lucas <andre.lucas@dial.pipex.com>
+ - Check for libwrap if --with-tcp-wrappers option specified. Suggestion
+   Mate Wierdl <mw@moni.msci.memphis.edu>
+
+20000303
+ - Added "make host-key" target, Suggestion from Dominik Brettnacher
+ <domi@saargate.de>
+ - Don't permanently fail on bind() if getaddrinfo has more choices left for
+   us. Needed to work around messy IPv6 on Linux. Patch from Arkadiusz
+   Miskiewicz <misiek@pld.org.pl>
+ - DEC Unix compile fix from David Del Piero <David.DelPiero@qed.qld.gov.au>
+ - Manpage fix from David Del Piero <David.DelPiero@qed.qld.gov.au>
+
+20000302
+ - Big cleanup of autoconf code
+   - Rearranged to be a little more logical
+   - Added -R option for Solaris
+   - Rewrote OpenSSL detection code. Now uses AC_TRY_RUN with a test program
+     to detect library and header location _and_ ensure library has proper
+     RSA support built in (this is a problem with OpenSSL 0.9.5).
+ - Applied pty cleanup patch from markus.friedl@informatik.uni-erlangen.de
+ - Avoid warning message with Unix98 ptys
+ - Warning was valid - possible race condition on PTYs. Avoided using
+   platform-specific code.
+ - Document some common problems
+ - Allow root access to any key. Patch from
+   markus.friedl@informatik.uni-erlangen.de
+
+20000207
+ - Removed SOCKS code. Will support through a ProxyCommand.
+
+20000203
+ - Fixed SEGVs in authloop, fix from vbzoli@hbrt.hu
+ - Add --with-ssl-dir option
+
+20000202
+ - Fix lastlog code for directory based lastlogs. Fix from Josh Durham
+   <jmd@aoe.vt.edu>
+ - Documentation fixes from HARUYAMA Seigo <haruyama@nt.phys.s.u-tokyo.ac.jp>
+ - Added URLs to Japanese translations of documents by HARUYAMA Seigo
+   <haruyama@nt.phys.s.u-tokyo.ac.jp>
+
+20000201
+ - Use socket pairs by default (instead of pipes). Prevents race condition
+   on several (buggy) OSs. Report and fix from tridge@linuxcare.com
+
+20000127
+ - Seed OpenSSL's random number generator before generating RSA keypairs
+ - Split random collector into seperate file
+ - Compile fix from Andre Lucas <andre.lucas@dial.pipex.com>
+
+20000126
+ - Released 1.2.2 stable
+
+ - NeXT keeps it lastlog in /usr/adm. Report from
+   mouring@newton.pconline.com
+ - Added note in UPGRADING re interop with commercial SSH using idea.
+   Report from Jim Knoble <jmknoble@jmknoble.cx>
+ - Fix linking order for Kerberos/AFS. Fix from Holget Trapp
+   <Holger.Trapp@Informatik.TU-Chemnitz.DE>
+
+20000125
+ - Fix NULL pointer dereference in login.c. Fix from Andre Lucas
+   <andre.lucas@dial.pipex.com>
+ - Reorder PAM initialisation so it does not mess up lastlog. Reported
+   by Andre Lucas <andre.lucas@dial.pipex.com>
+ - Use preformatted manpages on SCO, report from Gary E. Miller
+   <gem@rellim.com>
+ - New URL for x11-ssh-askpass.
+ - Fixpaths was missing /etc/ssh_known_hosts. Report from Jim Knoble
+   <jmknoble@jmknoble.cx>
+ - Added 'DESTDIR' option to Makefile to ease package building. Patch from
+   Jim Knoble <jmknoble@jmknoble.cx>
+ - Updated RPM spec files to use DESTDIR
+
+20000124
+ - Pick up version 1.2.2 from OpenBSD CVS (no changes, just version number
+   increment)
+
+20000123
+ - OpenBSD CVS:
+   - [packet.c]
+     getsockname() requires initialized tolen; andy@guildsoftware.com
+ - AIX patch from Matt Richards <v2matt@btv.ibm.com> and David Rankin
+   <drankin@bohemians.lexington.ky.us>
+ - Fix lastlog support, patch from Andre Lucas <andre.lucas@dial.pipex.com>
+
+20000122
+ - Fix compilation of bsd-snprintf.c on Solaris, fix from Ben Taylor
+   <bent@clark.net>
+ - Merge preformatted manpage patch from Andre Lucas
+   <andre.lucas@dial.pipex.com>
+ - Make IPv4 use the default in RPM packages
+ - Irix uses preformatted manpages
+ - Missing htons() in bsd-bindresvport.c, fix from Holger Trapp
+   <Holger.Trapp@Informatik.TU-Chemnitz.DE>
+ - OpenBSD CVS updates:
+   - [packet.c]
+     use getpeername() in packet_connection_is_on_socket(), fixes sshd -i;
+     from Holger.Trapp@Informatik.TU-Chemnitz.DE
+   - [sshd.c]
+     log with level log() not fatal() if peer behaves badly.
+   - [readpass.c]
+     instead of blocking SIGINT, catch it ourselves, so that we can clean
+     the tty modes up and kill ourselves -- instead of our process group
+     leader (scp, cvs, ...) going away and leaving us in noecho mode.
+     people with cbreak shells never even noticed..
+   - [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
+     ie. -> i.e.,
+
+20000120
+ - Don't use getaddrinfo on AIX
+ - Update to latest OpenBSD CVS:
+   - [auth-rsa.c]
+     - fix user/1056, sshd keeps restrictions; dbt@meat.net
+   - [sshconnect.c]
+     - disable agent fwding for proto 1.3, remove abuse of auth-rsa flags.
+     - destroy keys earlier
+     - split key exchange (kex) and user authentication (user-auth),
+       ok: provos@
+   - [sshd.c]
+     - no need for poll.h; from bright@wintelcom.net
+     - disable agent fwding for proto 1.3, remove abuse of auth-rsa flags.
+     - split key exchange (kex) and user authentication (user-auth),
+       ok: provos@
+ - Big manpage and config file cleanup from Andre Lucas
+   <andre.lucas@dial.pipex.com>
+   - Re-added latest (unmodified) OpenBSD manpages
+ - Doc updates
+ - NetBSD patch from David Rankin <drankin@bohemians.lexington.ky.us> and
+   Christos Zoulas <christos@netbsd.org>
+
+20000119
+ - SCO compile fixes from Gary E. Miller <gem@rellim.com>
+ - Compile fix from Darren_Hall@progressive.com
+ - Linux/glibc-2.1.2 takes a *long* time to look up names for AF_UNSPEC
+   addresses using getaddrinfo(). Added a configure switch to make the
+   default lookup mode AF_INET
+
+20000118
+ - Fixed --with-pid-dir option
+ - Makefile fix from Gary E. Miller <gem@rellim.com>
+ - Compile fix for HPUX and Solaris from Andre Lucas
+   <andre.lucas@dial.pipex.com>
+
+20000117
+ - Clean up bsd-bindresvport.c. Use arc4random() for picking initial
+   port, ignore EINVAL errors (Linux) when searching for free port.
+ - Revert __snprintf -> snprintf aliasing. Apparently Solaris
+   __snprintf isn't. Report from Theo de Raadt <theo@cvs.openbsd.org>
+ - Document location of Redhat PAM file in INSTALL.
+ - Fixed X11 forwarding bug on Linux. libc advertises AF_INET6
+   INADDR_ANY_INIT addresses via getaddrinfo, but may not be able to
+   deliver (no IPv6 kernel support)
+ - Released 1.2.1pre27
+
+ - Fix rresvport_af failure errors (logic error in bsd-bindresvport.c)
+ - Fix --with-ipaddr-display option test. Fix from Jarno Huuskonen
+   <jhuuskon@hytti.uku.fi>
+ - Fix hang on logout if processes are still using the pty. Needs
+   further testing.
+ - Patch from Christos Zoulas <christos@zoulas.com>
+   - Try $prefix first when looking for OpenSSL.
+   - Include sys/types.h when including sys/socket.h in test programs
+ - Substitute PID directory in sshd.8. Suggestion from Andrew
+   Stribblehill <a.d.stribblehill@durham.ac.uk>
+
+20000116
+ - Renamed --with-xauth-path to --with-xauth
+ - Added --with-pid-dir option
+ - Released 1.2.1pre26
+
+ - Compilation fix from Kiyokazu SUTO <suto@ks-and-ks.ne.jp>
+ - Fixed broken bugfix for /dev/ptmx on Linux systems which lack
+   openpty(). Report from Kiyokazu SUTO <suto@ks-and-ks.ne.jp>
+
+20000115
+ - Add --with-xauth-path configure directive and explicit test for
+   /usr/openwin/bin/xauth for Solaris systems. Report from Anders
+   Nordby <anders@fix.no>
+ - Fix incorrect detection of /dev/ptmx on Linux systems that lack
+   openpty. Report from John Seifarth <john@waw.be>
+ - Look for intXX_t and u_intXX_t in sys/bitypes.h if they are not in
+   sys/types.h. Fixes problems on SCO, report from Gary E. Miller
+   <gem@rellim.com>
+ - Use __snprintf and __vnsprintf if they are found where snprintf and
+   vnsprintf are lacking. Suggested by Ben Taylor <bent@shell.clark.net>
+   and others.
+
+20000114
+ - Merged OpenBSD IPv6 patch:
+   - [sshd.c sshd.8 sshconnect.c ssh.h ssh.c servconf.h servconf.c scp.1]
+     [scp.c packet.h packet.c login.c log.c canohost.c channels.c]
+     [hostfile.c sshd_config]
+     ipv6 support: mostly gethostbyname->getaddrinfo/getnameinfo, new
+     features: sshd allows multiple ListenAddress and Port options. note
+     that libwrap is not IPv6-ready. (based on patches from
+     fujiwara@rcac.tdi.co.jp)
+   - [ssh.c canohost.c]
+     more hints (hints.ai_socktype=SOCK_STREAM) for getaddrinfo,
+     from itojun@
+   - [channels.c]
+     listen on _all_ interfaces for X11-Fwd (hints.ai_flags = AI_PASSIVE)
+   - [packet.h]
+     allow auth-kerberos for IPv4 only
+   - [scp.1 sshd.8 servconf.h scp.c]
+     document -4, -6, and 'ssh -L 2022/::1/22'
+   - [ssh.c]
+     'ssh @host' is illegal (null user name), from
+     karsten@gedankenpolizei.de
+   - [sshconnect.c]
+     better error message
+   - [sshd.c]
+     allow auth-kerberos for IPv4 only
+ - Big IPv6 merge:
+   - Cleanup overrun in sockaddr copying on RHL 6.1
+   - Replacements for getaddrinfo, getnameinfo, etc based on versions
+     from patch from KIKUCHI Takahiro <kick@kyoto.wide.ad.jp>
+   - Replacement for missing structures on systems that lack IPv6
+   - record_login needed to know about AF_INET6 addresses
+   - Borrowed more code from OpenBSD: rresvport_af and requisites
+
+20000110
+ - Fixes to auth-skey to enable it to use the standard OpenSSL libraries
+
+20000107
+ - New config.sub and config.guess to fix problems on SCO. Supplied
+   by Gary E. Miller <gem@rellim.com>
+ - SCO build fix from Gary E. Miller <gem@rellim.com>
+ - Released 1.2.1pre25
+
+20000106
+ - Documentation update & cleanup
+ - Better KrbIV / AFS detection, based on patch from:
+   Holger Trapp <Holger.Trapp@Informatik.TU-Chemnitz.DE>
+
+20000105
+ - Fixed annoying DES corruption problem. libcrypt has been
+   overriding symbols in libcrypto. Removed libcrypt and crypt.h
+   altogether (libcrypto includes its own crypt(1) replacement)
+ - Added platform-specific rules for Irix 6.x. Included warning that
+   they are untested.
+
+20000103
+ - Add explicit make rules for files proccessed by fixpaths.
+ - Fix "make install" in RPM spec files. Report from Tenkou N. Hattori
+   <tnh@kondara.org>
+ - Removed "nullok" directive from default PAM configuration files.
+   Added information on enabling EmptyPasswords on openssh+PAM in
+   UPGRADING file.
+ - OpenBSD CVS updates
+   - [ssh-agent.c]
+     cleanup_exit() for SIGTERM/SIGHUP, too. from fgsch@ and
+     dgaudet@arctic.org
+   - [sshconnect.c]
+     compare correct version for 1.3 compat mode
+
+20000102
+ - Prevent multiple inclusion of config.h and defines.h. Suggested
+   by Andre Lucas <andre.lucas@dial.pipex.com>
+ - Properly clean up on exit of ssh-agent. Patch from Dean Gaudet
+   <dgaudet@arctic.org>
+
+19991231
+ - Fix password support on systems with a mixture of shadowed and
+   non-shadowed passwords (e.g. NIS). Report and fix from
+   HARUYAMA Seigo <haruyama@nt.phys.s.u-tokyo.ac.jp>
+ - Fix broken autoconf typedef detection. Report from Marc G.
+   Fournier <marc.fournier@acadiau.ca>
+ - Fix occasional crash on LinuxPPC. Patch from Franz Sirl
+   <Franz.Sirl-kernel@lauterbach.com>
+ - Prevent typedefs from being compiled more than once. Report from
+   Marc G. Fournier <marc.fournier@acadiau.ca>
+ - Fill in ut_utaddr utmp field. Report from Benjamin Charron
+   <iretd@bigfoot.com>
+ - Really fix broken default path. Fix from Jim Knoble
+   <jmknoble@jmknoble.cx>
+ - Remove test for quad_t. No longer needed.
+ - Released 1.2.1pre24
+
+ - Added support for directory-based lastlogs
+ - Really fix typedefs, patch from Ben Taylor <bent@clark.net>
+
+19991230
+ - OpenBSD CVS updates:
+   - [auth-passwd.c]
+     check for NULL 1st
+ - Removed most of the pam code into its own file auth-pam.[ch]. This
+   cleaned up sshd.c up significantly.
+ - PAM authentication was incorrectly interpreting
+   "PermitRootLogin without-password". Report from Matthias Andree
+   <ma@dt.e-technik.uni-dortmund.de
+ - Several other cleanups
+ - Merged Dante SOCKS support patch from David Rankin
+  <drankin@bohemians.lexington.ky.us>
+ - Updated documentation with ./configure options
+ - Released 1.2.1pre23
+
+19991229
+ - Applied another NetBSD portability patch from David Rankin
+   <drankin@bohemians.lexington.ky.us>
+ - Fix --with-default-path option.
+ - Autodetect perl, patch from David Rankin
+   <drankin@bohemians.lexington.ky.us>
+ - Print whether OpenSSH was compiled with RSARef, patch from
+   Nalin Dahyabhai <nalin@thermo.stat.ncsu.edu>
+ - Calls to pam_setcred, patch from Nalin Dahyabhai
+   <nalin@thermo.stat.ncsu.edu>
+ - Detect missing size_t and typedef it.
+ - Rename helper.[ch] to (more appropriate) bsd-misc.[ch]
+ - Minor Makefile cleaning
+
+19991228
+ - Replacement for getpagesize() for systems which lack it
+ - NetBSD login.c compile fix from David Rankin
+  <drankin@bohemians.lexington.ky.us>
+ - Fully set ut_tv if present in utmp or utmpx
+ - Portability fixes for Irix 5.3 (now compiles OK!)
+ - autoconf and other misc cleanups
+ - Merged AIX patch from Darren Hall <dhall@virage.org>
+ - Cleaned up defines.h
+ - Released 1.2.1pre22
+
+19991227
+ - Automatically correct paths in manpages and configuration files. Patch
+   and script from Andre Lucas <andre.lucas@dial.pipex.com>
+ - Removed credits from README to CREDITS file, updated.
+ - Added --with-default-path to specify custom path for server
+ - Removed #ifdef trickery from acconfig.h into defines.h
+ - PAM bugfix. PermitEmptyPassword was being ignored.
+ - Fixed PAM config files to allow empty passwords if server does.
+ - Explained spurious PAM auth warning workaround in UPGRADING
+ - Use last few chars of tty line as ut_id
+ - New SuSE RPM spec file from Chris Saia <csaia@wtower.com>
+ - OpenBSD CVS updates:
+   - [packet.h auth-rhosts.c]
+     check format string for packet_disconnect and packet_send_debug, too
+   - [channels.c]
+     use packet_get_maxsize for channels. consistence.
+
+19991226
+ - Enabled utmpx support by default for Solaris
+ - Cleanup sshd.c PAM a little more
+ - Revised RPM package to include Jim Knoble's <jmknoble@jmknoble.cx>
+   X11 ssh-askpass program.
+ - Disable logging of PAM success and failures, PAM is verbose enough.
+   Unfortunatly there is currently no way to disable auth failure
+   messages. Mention this in UPGRADING file and sent message to PAM
+   developers
+ - OpenBSD CVS update:
+   - [ssh-keygen.1 ssh.1]
+     remove ref to .ssh/random_seed, mention .ssh/environment in
+     .Sh FILES, too
+ - Released 1.2.1pre21
+ - Fixed implicit '.' in default path, report from Jim Knoble
+   <jmknoble@jmknoble.cx>
+ - Redhat RPM spec fixes from Jim Knoble <jmknoble@jmknoble.cx>
+
+19991225
+ - More fixes from Andre Lucas <andre.lucas@dial.pipex.com>
+ - Cleanup of auth-passwd.c for shadow and MD5 passwords
+ - Cleanup and bugfix of PAM authentication code
+ - Released 1.2.1pre20
+
+ - Merged fixes from Ben Taylor <bent@clark.net>
+ - Fixed configure support for PAM. Reported by Naz <96na@eng.cam.ac.uk>
+ - Disabled logging of PAM password authentication failures when password
+   is empty. (e.g start of authentication loop). Reported by Naz
+   <96na@eng.cam.ac.uk>)
+
+19991223
+ - Merged later HPUX patch from Andre Lucas
+   <andre.lucas@dial.pipex.com>
+ - Above patch included better utmpx support from Ben Taylor
+   <bent@clark.net>
+
+19991222
+ - Fix undefined fd_set type in ssh.h from Povl H. Pedersen
+   <pope@netguide.dk>
+ - Fix login.c breakage on systems which lack ut_host in struct
+   utmp. Reported by Willard Dawson <willard.dawson@sbs.siemens.com>
+
+19991221
+ - Integration of large HPUX patch from Andre Lucas
+   <andre.lucas@dial.pipex.com>. Integrating it had a few other
+   benefits:
+   - Ability to disable shadow passwords at configure time
+   - Ability to disable lastlog support at configure time
+   - Support for IP address in $DISPLAY
+ - OpenBSD CVS update:
+   - [sshconnect.c]
+   say "REMOTE HOST IDENTIFICATION HAS CHANGED"
+ - Fix DISABLE_SHADOW support
+ - Allow MD5 passwords even if shadow passwords are disabled
+ - Release 1.2.1pre19
+
+19991218
+ - Redhat init script patch from Chun-Chung Chen
+   <cjj@u.washington.edu>
+ - Avoid breakage on systems without IPv6 headers
+
+19991216
+ - Makefile changes for Solaris from Peter Kocks
+   <peter.kocks@baygate.com>
+ - Minor updates to docs
+ - Merged OpenBSD CVS changes:
+   - [authfd.c ssh-agent.c]
+     keysize warnings talk about identity files
+   - [packet.c]
+     "Connection closed by x.x.x.x": fatal() -> log()
+ - Correctly handle empty passwords in shadow file. Patch from:
+   "Chris, the Young One" <cky@pobox.com>
+ - Released 1.2.1pre18
+
+19991215
+ - Integrated patchs from Juergen Keil <jk@tools.de>
+   - Avoid void* pointer arithmatic
+   - Use LDFLAGS correctly
+   - Fix SIGIO error in scp
+   - Simplify status line printing in scp
+ - Added better test for inline functions compiler support from
+   Darren_Hall@progressive.com
+
+19991214
+ - OpenBSD CVS Changes
+   - [canohost.c]
+     fix get_remote_port() and friends for sshd -i;
+     Holger.Trapp@Informatik.TU-Chemnitz.DE
+   - [mpaux.c]
+     make code simpler. no need for memcpy. niels@ ok
+   - [pty.c]
+     namebuflen not sizeof namebuflen; bnd@ep-ag.com via djm@mindrot.org
+     fix proto; markus
+   - [ssh.1]
+      typo; mark.baushke@solipsa.com
+   - [channels.c ssh.c ssh.h sshd.c]
+     type conflict for 'extern Type *options' in channels.c; dot@dotat.at
+   - [sshconnect.c]
+     move checking of hostkey into own function.
+   - [version.h]
+     OpenSSH-1.2.1
+ - Clean up broken includes in pty.c
+ - Some older systems don't have poll.h, they use sys/poll.h instead
+ - Doc updates
+
+19991211
+ - Fix compilation on systems with AFS. Reported by
+   aloomis@glue.umd.edu
+ - Fix installation on Solaris. Reported by
+   Gordon Rowell <gordonr@gormand.com.au>
+ - Fix gccisms (__attribute__ and inline). Report by edgy@us.ibm.com,
+   patch from Markus Friedl <markus.friedl@informatik.uni-erlangen.de>
+ - Auto-locate xauth. Patch from David Agraz <dagraz@jahoopa.com>
+ - Compile fix from David Agraz <dagraz@jahoopa.com>
+ - Avoid compiler warning in bsd-snprintf.c
+ - Added pam_limits.so to default PAM config. Suggested by
+   Jim Knoble <jmknoble@jmknoble.cx>
+
+19991209
+ - Import of patch from Ben Taylor <bent@clark.net>:
+   - Improved PAM support
+   - "uninstall" rule for Makefile
+   - utmpx support
+   - Should fix PAM problems on Solaris
+ - OpenBSD CVS updates:
+   - [readpass.c]
+     avoid stdio; based on work by markus, millert, and I
+   - [sshd.c]
+     make sure the client selects a supported cipher
+   - [sshd.c]
+     fix sighup handling.  accept would just restart and daemon handled
+     sighup only after the next connection was accepted. use poll on
+     listen sock now.
+   - [sshd.c]
+     make that a fatal
+ - Applied patch from David Rankin <drankin@bohemians.lexington.ky.us>
+   to fix libwrap support on NetBSD
+ - Released 1.2pre17
+
+19991208
+ - Compile fix for Solaris with /dev/ptmx from
+   David Agraz <dagraz@jahoopa.com>
+
+19991207
+ - sshd Redhat init script patch from Jim Knoble <jmknoble@jmknoble.cx>
+   fixes compatability with 4.x and 5.x
+ - Fixed default SSH_ASKPASS
+ - Fix PAM account and session being called multiple times. Problem
+   reported by Adrian Baugh <adrian@merlin.keble.ox.ac.uk>
+ - Merged more OpenBSD changes:
+   - [atomicio.c authfd.c scp.c serverloop.c ssh.h sshconnect.c sshd.c]
+     move atomicio into it's own file.  wrap all socket write()s which
+     were doing write(sock, buf, len) != len, with atomicio() calls.
+   - [auth-skey.c]
+     fd leak
+   - [authfile.c]
+     properly name fd variable
+   - [channels.c]
+     display great hatred towards strcpy
+   - [pty.c pty.h sshd.c]
+     use openpty() if it exists (it does on BSD4_4)
+   - [tildexpand.c]
+     check for ~ expansion past MAXPATHLEN
+ - Modified helper.c to use new atomicio function.
+ - Reformat Makefile a little
+ - Moved RC4 routines from rc4.[ch] into helper.c
+ - Added autoconf code to detect /dev/ptmx (Solaris) and /dev/ptc (AIX)
+ - Updated SuSE spec from Chris Saia <csaia@wtower.com>
+ - Tweaked Redhat spec
+ - Clean up bad imports of a few files (forgot -kb)
+ - Released 1.2pre16
+
+19991204
+ - Small cleanup of PAM code in sshd.c
+ - Merged OpenBSD CVS changes:
+   - [auth-krb4.c auth-passwd.c auth-skey.c ssh.h]
+     move skey-auth from auth-passwd.c to auth-skey.c, same for krb4
+   - [auth-rsa.c]
+     warn only about mismatch if key is _used_
+     warn about keysize-mismatch with log() not error()
+     channels.c readconf.c readconf.h ssh.c ssh.h sshconnect.c
+     ports are u_short
+   - [hostfile.c]
+     indent, shorter warning
+   - [nchan.c]
+     use error() for internal errors
+   - [packet.c]
+     set loglevel for SSH_MSG_DISCONNECT to log(), not fatal()
+     serverloop.c
+     indent
+   - [ssh-add.1 ssh-add.c ssh.h]
+     document $SSH_ASKPASS, reasonable default
+   - [ssh.1]
+     CheckHostIP is not available for connects via proxy command
+   - [sshconnect.c]
+     typo
+     easier to read client code for passwd and skey auth
+     turn of checkhostip for proxy connects, since we don't know the remote ip
+
+19991126
+ - Add definition for __P()
+ - Added [v]snprintf() replacement for systems that lack it
+
+19991125
+ - More reformatting merged from OpenBSD CVS
+ - Merged OpenBSD CVS changes:
+   - [channels.c]
+     fix packet_integrity_check() for !have_hostname_in_open.
+     report from mrwizard@psu.edu via djm@ibs.com.au
+   - [channels.c]
+     set SO_REUSEADDR and SO_LINGER for forwarded ports.
+     chip@valinux.com via damien@ibs.com.au
+   - [nchan.c]
+     it's not an error() if shutdown_write failes in nchan.
+   - [readconf.c]
+     remove dead #ifdef-0-code
+   - [readconf.c servconf.c]
+     strcasecmp instead of tolower
+   - [scp.c]
+     progress meter overflow fix from damien@ibs.com.au
+   - [ssh-add.1 ssh-add.c]
+     SSH_ASKPASS support
+   - [ssh.1 ssh.c]
+     postpone fork_after_authentication until command execution,
+     request/patch from jahakala@cc.jyu.fi via damien@ibs.com.au
+     plus: use daemon() for backgrounding
+ - Added BSD compatible install program and autoconf test, thanks to
+   Niels Kristian Bech Jensen <nkbj@image.dk>
+ - Solaris fixing, thanks to Ben Taylor <bent@clark.net>
+ - Merged beginnings of AIX support from Tor-Ake Fransson <torake@hotmail.com>
+ - Release 1.2pre15
+
+19991124
+ - Merged very large OpenBSD source code reformat
+ - OpenBSD CVS updates
+   - [channels.c cipher.c compat.c log-client.c scp.c serverloop.c]
+     [ssh.h sshd.8 sshd.c]
+     syslog changes:
+     * Unified Logmessage for all auth-types, for success and for failed
+     * Standard connections get only ONE line in the LOG when level==LOG:
+       Auth-attempts are logged only, if authentication is:
+          a) successfull or
+          b) with passwd or
+          c) we had more than AUTH_FAIL_LOG failues
+     * many log() became verbose()
+     * old behaviour with level=VERBOSE
+   - [readconf.c readconf.h ssh.1 ssh.h sshconnect.c sshd.c]
+     tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE
+     messages. allows use of s/key in windows (ttssh, securecrt) and
+     ssh-1.2.27 clients without 'ssh -v', ok: niels@
+   - [sshd.8]
+     -V, for fallback to openssh in SSH2 compatibility mode
+   - [sshd.c]
+     fix sigchld race; cjc5@po.cwru.edu
+
+19991123
+ - Added SuSE package files from Chris Saia <csaia@wtower.com>
+ - Restructured package-related files under packages/*
+ - Added generic PAM config
+ - Numerous little Solaris fixes
+ - Add recommendation to use GNU make to INSTALL document
+
+19991122
+ - Make <enter> close gnome-ssh-askpass (Debian bug #50299)
+ - OpenBSD CVS Changes
+   - [ssh-keygen.c]
+     don't create ~/.ssh only if the user wants to store the private
+     key there. show fingerprint instead of public-key after
+     keygeneration. ok niels@
+ - Added OpenBSD bsd-strlcat.c, created bsd-strlcat.h
+ - Added timersub() macro
+ - Tidy RCSIDs of bsd-*.c
+ - Added autoconf test and macro to deal with old PAM libraries
+   pam_strerror definition (one arg vs two).
+ - Fix EGD problems (Thanks to Ben Taylor <bent@clark.net>)
+ - Retry /dev/urandom reads interrupted by signal (report from
+   Robert Hardy <rhardy@webcon.net>)
+ - Added a setenv replacement for systems which lack it
+ - Only display public key comment when presenting ssh-askpass dialog
+ - Released 1.2pre14
+
+ - Configure, Make and changelog corrections from Tudor Bosman
+   <tudorb@jm.nu> and Niels Kristian Bech Jensen <nkbj@image.dk>
+
+19991121
+ - OpenBSD CVS Changes:
+   - [channels.c]
+     make this compile, bad markus
+   - [log.c readconf.c servconf.c ssh.h]
+     bugfix: loglevels are per host in clientconfig,
+     factor out common log-level parsing code.
+   - [servconf.c]
+     remove unused index (-Wall)
+   - [ssh-agent.c]
+     only one 'extern char *__progname'
+   - [sshd.8]
+     document SIGHUP, -Q to synopsis
+   - [sshconnect.c serverloop.c sshd.c packet.c packet.h]
+     [channels.c clientloop.c]
+     SSH_CMSG_MAX_PACKET_SIZE, some clients use this, some need this, niels@
+     [hope this time my ISP stays alive during commit]
+   - [OVERVIEW README] typos; green@freebsd
+   - [ssh-keygen.c]
+     replace xstrdup+strcat with strlcat+fixed buffer, fixes OF (bad me)
+     exit if writing the key fails (no infinit loop)
+     print usage() everytime we get bad options
+   - [ssh-keygen.c] overflow, djm@mindrot.org
+   - [sshd.c] fix sigchld race; cjc5@po.cwru.edu
+
+19991120
+ - Merged more Solaris support from Marc G. Fournier
+   <marc.fournier@acadiau.ca>
+ - Wrote autoconf tests for integer bit-types
+ - Fixed enabling kerberos support
+ - Fix segfault in ssh-keygen caused by buffer overrun in filename
+   handling.
+
+19991119
+ - Merged PAM buffer overrun patch from Chip Salzenberg <chip@valinux.com>
+ - Merged OpenBSD CVS changes
+   - [auth-rhosts.c auth-rsa.c ssh-agent.c sshconnect.c sshd.c]
+     more %d vs. %s in fmt-strings
+   - [authfd.c]
+     Integers should not be printed with %s
+ - EGD uses a socket, not a named pipe. Duh.
+ - Fix includes in fingerprint.c
+ - Fix scp progress bar bug again.
+ - Move ssh-askpass from ${libdir}/ssh to ${libexecdir}/ssh at request of
+   David Rankin <drankin@bohemians.lexington.ky.us>
+ - Added autoconf option to enable Kerberos 4 support (untested)
+ - Added autoconf option to enable AFS support (untested)
+ - Added autoconf option to enable S/Key support (untested)
+ - Added autoconf option to enable TCP wrappers support (compiles OK)
+ - Renamed BSD helper function files to bsd-*
+ - Added tests for login and daemon and enable OpenBSD replacements for
+   when they are absent.
+ - Added non-PAM MD5 password support patch from Tudor Bosman <tudorb@jm.nu>
+
+19991118
+ - Merged OpenBSD CVS changes
+   - [scp.c] foregroundproc() in scp
+   - [sshconnect.h] include fingerprint.h
+   - [sshd.c] bugfix: the log() for passwd-auth escaped during logging
+     changes.
+   - [ssh.1] Spell my name right.
+ - Added openssh.com info to README
+
+19991117
+ - Merged OpenBSD CVS changes
+   - [ChangeLog.Ylonen] noone needs this anymore
+   - [authfd.c] close-on-exec for auth-socket, ok deraadt
+   - [hostfile.c]
+     in known_hosts key lookup the entry for the bits does not need
+     to match, all the information is contained in n and e. This
+     solves the problem with buggy servers announcing the wrong
+     modulus length.  markus and me.
+   - [serverloop.c]
+     bugfix: check for space if child has terminated, from:
+     iedowse@maths.tcd.ie
+   - [ssh-add.1 ssh-add.c ssh-keygen.1 ssh-keygen.c sshconnect.c]
+     [fingerprint.c fingerprint.h]
+     rsa key fingerprints, idea from Bjoern Groenvall <bg@sics.se>
+   - [ssh-agent.1] typo
+   - [ssh.1] add OpenSSH information to AUTHOR section. okay markus@
+   - [sshd.c]
+     force logging to stderr while loading private key file
+     (lost while converting to new log-levels)
+
+19991116
+ - Fix some Linux libc5 problems reported by Miles Wilson <mw@mctitle.com>
+ - Merged OpenBSD CVS changes:
+   - [auth-rh-rsa.c auth-rsa.c authfd.c authfd.h hostfile.c mpaux.c]
+     [mpaux.h ssh-add.c ssh-agent.c ssh.h ssh.c sshd.c]
+     the keysize of rsa-parameter 'n' is passed implizit,
+     a few more checks and warnings about 'pretended' keysizes.
+   - [cipher.c cipher.h packet.c packet.h sshd.c]
+     remove support for cipher RC4
+   - [ssh.c]
+     a note for legay systems about secuity issues with permanently_set_uid(),
+     the private hostkey and ptrace()
+   - [sshconnect.c]
+     more detailed messages about adding and checking hostkeys
+
+19991115
+ - Merged OpenBSD CVS changes:
+   - [ssh-add.c] change passphrase loop logic and remove ref to
+     $DISPLAY, ok niels
+ - Changed to ssh-add.c broke askpass support. Revised it to be a little more
+   modular.
+ - Revised autoconf support for enabling/disabling askpass support.
+ - Merged more OpenBSD CVS changes:
+   [auth-krb4.c]
+     - disconnect if getpeername() fails
+     - missing xfree(*client)
+   [canohost.c]
+     - disconnect if getpeername() fails
+     - fix comment: we _do_ disconnect if ip-options are set
+   [sshd.c]
+     - disconnect if getpeername() fails
+     - move checking of remote port to central place
+   [auth-rhosts.c] move checking of remote port to central place
+   [log-server.c] avoid extra fd per sshd, from millert@
+   [readconf.c] print _all_ bad config-options in ssh(1), too
+   [readconf.h] print _all_ bad config-options in ssh(1), too
+   [ssh.c] print _all_ bad config-options in ssh(1), too
+   [sshconnect.c] disconnect if getpeername() fails
+ - OpenBSD's changes to sshd.c broke the PAM stuff, re-merged it.
+ - Various small cleanups to bring diff (against OpenBSD) size down.
+ - Merged more Solaris compability from Marc G. Fournier
+   <marc.fournier@acadiau.ca>
+ - Wrote autoconf tests for __progname symbol
+ - RPM spec file fixes from Jim Knoble <jmknoble@jmknoble.cx>
+ - Released 1.2pre12
+
+ - Another OpenBSD CVS update:
+   - [ssh-keygen.1] fix .Xr
+
+19991114
+ - Solaris compilation fixes (still imcomplete)
+
+19991113
+ - Build patch from Niels Kristian Bech Jensen <nkbj@image.dk>
+   - Don't install config files if they already exist
+   - Fix inclusion of additional preprocessor directives from acconfig.h
+ - Removed redundant inclusions of config.h
+ - Added 'Obsoletes' lines to RPM spec file
+ - Merged OpenBSD CVS changes:
+   - [bufaux.c] save a view malloc/memcpy/memset/free's, ok niels
+   - [scp.c] fix overflow reported by damien@ibs.com.au: off_t
+     totalsize, ok niels,aaron
+ - Delay fork (-f option) in ssh until after port forwarded connections
+   have been initialised. Patch from Jani Hakala <jahakala@cc.jyu.fi>
+ - Added shadow password patch from Thomas Neumann <tom@smart.ruhr.de>
+ - Added ifdefs to auth-passwd.c to exclude it when PAM is enabled
+ - Tidied default config file some more
+ - Revised Redhat initscript to fix bug: sshd (re)start would fail
+   if executed from inside a ssh login.
+
+19991112
+ - Merged changes from OpenBSD CVS
+   - [sshd.c] session_key_int may be zero
+   - [auth-rh-rsa.c servconf.c servconf.h ssh.h sshd.8 sshd.c sshd_config]
+     IgnoreUserKnownHosts(default=no), used for RhostRSAAuth, ok
+     deraadt,millert
+ - Brought default sshd_config more in line with OpenBSD's
+ - Grab server in gnome-ssh-askpass (Debian bug #49872)
+ - Released 1.2pre10
+
+ - Added INSTALL documentation
+ - Merged yet more changes from OpenBSD CVS
+   - [auth-rh-rsa.c auth-rhosts.c auth-rsa.c channels.c clientloop.c]
+     [ssh.c ssh.h sshconnect.c sshd.c]
+     make all access to options via 'extern Options options'
+     and 'extern ServerOptions options' respectively;
+     options are no longer passed as arguments:
+      * make options handling more consistent
+      * remove #include "readconf.h" from ssh.h
+      * readconf.h is only included if necessary
+   - [mpaux.c] clear temp buffer
+   - [servconf.c] print _all_ bad options found in configfile
+ - Make ssh-askpass support optional through autoconf
+ - Fix nasty division-by-zero error in scp.c
+ - Released 1.2pre11
+
+19991111
+ - Added (untested) Entropy Gathering Daemon (EGD) support
+ - Fixed /dev/urandom fd leak (Debian bug #49722)
+ - Merged OpenBSD CVS changes:
+   - [auth-rh-rsa.c] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
+   - [ssh.1] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
+   - [sshd.8] user/958: check ~/.ssh/known_hosts for rhosts-rsa, too
+ - Fix integer overflow which was messing up scp's progress bar for large
+   file transfers. Fix submitted to OpenBSD developers. Report and fix
+   from Kees Cook <cook@cpoint.net>
+ - Merged more OpenBSD CVS changes:
+   - [auth-krb4.c auth-passwd.c] remove x11- and krb-cleanup from fatal()
+     + krb-cleanup cleanup
+   - [clientloop.c log-client.c log-server.c ]
+     [readconf.c readconf.h servconf.c servconf.h ]
+     [ssh.1 ssh.c ssh.h sshd.8]
+     add LogLevel {QUIET, FATAL, ERROR, INFO, CHAT, DEBUG} to ssh/sshd,
+     obsoletes QuietMode and FascistLogging in sshd.
+   - [sshd.c] fix fatal/assert() bug reported by damien@ibs.com.au:
+     allow session_key_int != sizeof(session_key)
+     [this should fix the pre-assert-removal-core-files]
+ - Updated default config file to use new LogLevel option and to improve
+   readability
+
+19991110
+ - Merged several minor fixes:
+   - ssh-agent commandline parsing
+   - RPM spec file now installs ssh setuid root
+   - Makefile creates libdir
+   - Merged beginnings of Solaris compability from Marc G. Fournier
+     <marc.fournier@acadiau.ca>
+
+19991109
+ - Autodetection of SSL/Crypto library location via autoconf
+ - Fixed location of ssh-askpass to follow autoconf
+ - Integrated Makefile patch from Niels Kristian Bech Jensen <nkbj@image.dk>
+ - Autodetection of RSAref library for US users
+ - Minor doc updates
+ - Merged OpenBSD CVS changes:
+   - [rsa.c] bugfix: use correct size for memset()
+   - [sshconnect.c] warn if announced size of modulus 'n' != real size
+ - Added GNOME passphrase requestor (use --with-gnome-askpass)
+ - RPM build now creates subpackages
+ - Released 1.2pre9
+
+19991108
+ - Removed debian/ directory. This is now being maintained separately.
+ - Added symlinks for slogin in RPM spec file
+ - Fixed permissions on manpages in RPM spec file
+ - Added references to required libraries in README file
+ - Removed config.h.in from CVS
+ - Removed pwdb support (better pluggable auth is provided by glibc)
+ - Made PAM and requisite libdl optional
+ - Removed lots of unnecessary checks from autoconf
+ - Added support and autoconf test for openpty() function (Unix98 pty support)
+ - Fix for scp not finding ssh if not installed as /usr/bin/ssh
+ - Added TODO file
+ - Merged parts of Debian patch From Phil Hands <phil@hands.com>:
+   - Added ssh-askpass program
+   - Added ssh-askpass support to ssh-add.c
+   - Create symlinks for slogin on install
+   - Fix "distclean" target in makefile
+   - Added example for ssh-agent to manpage
+   - Added support for PAM_TEXT_INFO messages
+   - Disable internal /etc/nologin support if PAM enabled
+ - Merged latest OpenBSD CVS changes:
+   - [all] replace assert() with error, fatal or packet_disconnect
+   - [sshd.c] don't send fail-msg but disconnect if too many authentication
+     failures
+   - [sshd.c] remove unused argument. ok dugsong
+   - [sshd.c] typo
+   - [rsa.c] clear buffers used for encryption. ok: niels
+   - [rsa.c] replace assert() with error, fatal or packet_disconnect
+   - [auth-krb4.c] remove unused argument. ok dugsong
+ - Fixed coredump after merge of OpenBSD rsa.c patch
+ - Released 1.2pre8
+
+19991102
+ - Merged change from OpenBSD CVS
+  - One-line cleanup in sshd.c
+
+19991030
+ - Integrated debian package support from Dan Brosemer <odin@linuxfreak.com>
+ - Merged latest updates for OpenBSD CVS:
+   - channels.[ch] - remove broken x11 fix and document istate/ostate
+   - ssh-agent.c - call setsid() regardless of argv[]
+   - ssh.c - save a few lines when disabling rhosts-{rsa-}auth
+ - Documentation cleanups
+ - Renamed README -> README.Ylonen
+ - Renamed README.openssh ->README
+
+19991029
+ - Renamed openssh* back to ssh* at request of Theo de Raadt
+ - Incorporated latest changes from OpenBSD's CVS
+ - Integrated Makefile patch from  Niels Kristian Bech Jensen <nkbj@image.dk>
+ - Integrated PAM env patch from Nalin Dahyabhai <nalin.dahyabhai@pobox.com>
+ - Make distclean now removed configure script
+ - Improved PAM logging
+ - Added some debug() calls for PAM
+ - Removed redundant subdirectories
+ - Integrated part of a patch from Dan Brosemer <odin@linuxfreak.com> for
+   building on Debian.
+ - Fixed off-by-one error in PAM env patch
+ - Released 1.2pre6
+
+19991028
+ - Further PAM enhancements.
+   - Much cleaner
+   - Now uses account and session modules for all logins.
+ - Integrated patch from Dan Brosemer <odin@linuxfreak.com>
+   - Build fixes
+   - Autoconf
+   - Change binary names to open*
+ - Fixed autoconf script to detect PAM on RH6.1
+ - Added tests for libpwdb, and OpenBSD functions to autoconf
+ - Released 1.2pre4
+
+ - Imported latest OpenBSD CVS code
+ - Updated README.openssh
+ - Released 1.2pre5
+
+19991027
+ - Adapted PAM patch.
+ - Released 1.0pre2
+
+ - Excised my buggy replacements for strlcpy and mkdtemp
+ - Imported correct OpenBSD strlcpy and mkdtemp routines.
+ - Reduced arc4random_stir entropy read to 32 bytes (256 bits)
+ - Picked up correct version number from OpenBSD
+ - Added sshd.pam PAM configuration file
+ - Added sshd.init Redhat init script
+ - Added openssh.spec RPM spec file
+ - Released 1.2pre3
+
+19991026
+ - Fixed include paths of OpenSSL functions
+ - Use OpenSSL MD5 routines
+ - Imported RC4 code from nanocrypt
+ - Wrote replacements for OpenBSD arc4random* functions
+ - Wrote replacements for strlcpy and mkdtemp
+ - Released 1.0pre1
+
+$Id: ChangeLog,v 1.1913 2002/03/07 02:04:37 djm Exp $
diff -ruN --exclude CVS ssh-openbsd-2002030700/INSTALL openssh-3.1p1/INSTALL
--- ssh-openbsd-2002030700/INSTALL	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/INSTALL	Fri Dec 28 09:57:34 2001
@@ -0,0 +1,221 @@
+1. Prerequisites
+----------------
+
+You will need working installations of Zlib and OpenSSL.
+
+Zlib:
+http://www.gzip.org/zlib/ 
+
+OpenSSL 0.9.5a or greater:
+http://www.openssl.org/
+
+RPMs of OpenSSL are available at http://violet.ibs.com.au/openssh/files/support.
+For Red Hat Linux 6.2, they have been released as errata.  RHL7 includes
+these.
+
+OpenSSH can utilise Pluggable Authentication Modules (PAM) if your system
+supports it. PAM is standard on Redhat and Debian Linux, Solaris and
+HP-UX 11.
+
+PAM:
+http://www.kernel.org/pub/linux/libs/pam/
+
+If you wish to build the GNOME passphrase requester, you will need the GNOME
+libraries and headers.
+
+GNOME:
+http://www.gnome.org/
+
+Alternatively, Jim Knoble <jmknoble@jmknoble.cx> has written an excellent X11
+passphrase requester. This is maintained separately at:
+
+http://www.ntrnet.net/~jmknoble/software/x11-ssh-askpass/index.html
+
+PRNGD:
+
+If your system lacks Kernel based random collection, the use of Lutz 
+Jaenicke's PRNGd is recommended.
+
+http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html
+
+EGD:
+
+The Entropy Gathering Daemon (EGD) is supported if you have a system which
+lacks /dev/random and don't want to use OpenSSH's internal entropy collection.
+
+http://www.lothar.com/tech/crypto/
+
+S/Key Libraries:
+http://www.sparc.spb.su/solaris/skey/
+
+If you wish to use --with-skey then you will need the above library
+installed.  No other current S/Key library is currently known to be
+supported. 
+
+2. Building / Installation
+--------------------------
+
+To install OpenSSH with default options:
+
+./configure
+make
+make install
+
+This will install the OpenSSH binaries in /usr/local/bin, configuration files
+in /usr/local/etc, the server in /usr/local/sbin, etc. To specify a different
+installation prefix, use the --prefix option to configure:
+
+./configure --prefix=/opt
+make
+make install
+
+Will install OpenSSH in /opt/{bin,etc,lib,sbin}. You can also override 
+specific paths, for example:
+
+./configure --prefix=/opt --sysconfdir=/etc/ssh
+make
+make install
+
+This will install the binaries in /opt/{bin,lib,sbin}, but will place the
+configuration files in /etc/ssh.
+
+If you are using PAM, you may need to manually install a PAM control
+file as "/etc/pam.d/sshd" (or wherever your system prefers to keep
+them).  Note that the service name used to start PAM is __progname,
+which is the basename of the path of your sshd (e.g., the service name
+for /usr/sbin/osshd will be osshd).  If you have renamed your sshd
+executable, your PAM configuration may need to be modified.
+
+A generic PAM configuration is included as "contrib/sshd.pam.generic",
+you may need to edit it before using it on your system. If you are
+using a recent version of Red Hat Linux, the config file in
+contrib/redhat/sshd.pam should be more useful.  Failure to install a
+valid PAM file may result in an inability to use password
+authentication.  On HP-UX 11 and Solaris, the standard /etc/pam.conf
+configuration will work with sshd (sshd will match the other service
+name).
+
+There are a few other options to the configure script:
+
+--with-rsh=PATH allows you to specify the path to your rsh program. 
+Normally ./configure will search the current $PATH for 'rsh'. You 
+may need to specify this option if rsh is not in your path or has a
+different name.
+
+--with-pam enables PAM support.
+
+--enable-gnome-askpass will build the GNOME passphrase dialog. You
+need a working installation of GNOME, including the development
+headers, for this to work.
+
+--with-random=/some/file allows you to specify an alternate source of
+random numbers (the default is /dev/urandom). Unless you are absolutely
+sure of what you are doing, it is best to leave this alone.
+
+--with-prngd-socket=/some/file allows you to enable EGD or PRNGD 
+support and to specify a PRNGd socket. Use this if your Unix lacks 
+/dev/random and you don't want to use OpenSSH's builtin entropy 
+collection support.
+
+--with-prngd-port=portnum allows you to enable EGD or PRNGD support 
+and to specify a EGD localhost TCP port. Use this if your Unix lacks 
+/dev/random and you don't want to use OpenSSH's builtin entropy 
+collection support.
+
+--with-lastlog=FILE will specify the location of the lastlog file. 
+./configure searches a few locations for lastlog, but may not find
+it if lastlog is installed in a different place.
+
+--without-lastlog will disable lastlog support entirely.
+
+--with-sia, --without-sia will enable or disable OSF1's Security 
+Integration Architecture.  The default for OSF1 machines is enable.
+
+--with-kerberos4=PATH will enable Kerberos IV support. You will need
+to have the Kerberos libraries and header files installed for this
+to work. Use the optional PATH argument to specify the root of your
+Kerberos installation.
+
+--with-afs=PATH will enable AFS support. You will need to have the
+Kerberos IV and the AFS libraries and header files installed for this
+to work.  Use the optional PATH argument to specify the root of your
+AFS installation. AFS requires Kerberos support to be enabled.
+
+--with-skey=PATH will enable S/Key one time password support. You will 
+need the S/Key libraries and header files installed for this to work.
+
+--with-tcp-wrappers will enable TCP Wrappers (/etc/hosts.allow|deny)
+support. You will need libwrap.a and tcpd.h installed.
+
+--with-md5-passwords will enable the use of MD5 passwords. Enable this
+if your operating system uses MD5 passwords without using PAM.
+
+--with-utmpx enables utmpx support. utmpx support is automatic for 
+some platforms.
+
+--without-shadow disables shadow password support.
+
+--with-ipaddr-display forces the use of a numeric IP address in the 
+$DISPLAY environment variable. Some broken systems need this.
+
+--with-default-path=PATH allows you to specify a default $PATH for sessions
+started by sshd. This replaces the standard path entirely.
+
+--with-pid-dir=PATH specifies the directory in which the ssh.pid file is
+created.
+
+--with-xauth=PATH specifies the location of the xauth binary
+
+--with-ipv4-default instructs OpenSSH to use IPv4 by default for new
+connections. Normally OpenSSH will try attempt to lookup both IPv6 and
+IPv4 addresses. On Linux/glibc-2.1.2 this causes long delays in name
+resolution. If this option is specified, you can still attempt to 
+connect to IPv6 addresses using the command line option '-6'.
+
+--with-ssl-dir=DIR allows you to specify where your OpenSSL libraries
+are installed.
+
+--with-4in6 Check for IPv4 in IPv6 mapped addresses and convert them to
+real (AF_INET) IPv4 addresses. Works around some quirks on Linux.
+
+If you need to pass special options to the compiler or linker, you
+can specify these as environment variables before running ./configure.
+For example:
+
+CFLAGS="-O -m486" LDFLAGS="-s" LIBS="-lrubbish" LD="/usr/foo/ld" ./configure
+
+3. Configuration
+----------------
+
+The runtime configuration files are installed by in ${prefix}/etc or 
+whatever you specified as your --sysconfdir (/usr/local/etc by default).
+
+The default configuration should be instantly usable, though you should 
+review it to ensure that it matches your security requirements.
+
+To generate a host key, run "make host-key". Alternately you can do so
+manually using the following commands: 
+
+    ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N ""
+    ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ""
+    ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ""
+
+Replacing /etc/ssh with the correct path to the configuration directory.
+(${prefix}/etc or whatever you specified with --sysconfdir during 
+configuration)
+
+If you have configured OpenSSH with EGD support, ensure that EGD is
+running and has collected some Entropy.
+
+For more information on configuration, please refer to the manual pages 
+for sshd, ssh and ssh-agent.
+
+4. Problems?
+------------
+
+If you experience problems compiling, installing or running OpenSSH. 
+Please refer to the "reporting bugs" section of the webpage at
+http://www.openssh.com/
+
+
+$Id: INSTALL,v 1.48 2001/12/27 22:57:34 djm Exp $
diff -ruN --exclude CVS ssh-openbsd-2002030700/Makefile openssh-3.1p1/Makefile
--- ssh-openbsd-2002030700/Makefile	Sun Feb 10 17:43:26 2002
+++ openssh-3.1p1/Makefile	Thu Jan  1 10:00:00 1970
@@ -1,14 +0,0 @@
-#	$OpenBSD: Makefile,v 1.10 2002/02/09 17:37:34 deraadt Exp $
-
-.include <bsd.own.mk>
-
-SUBDIR=	lib ssh sshd ssh-add ssh-keygen ssh-agent scp sftp-server \
-	ssh-keyscan sftp scard
-
-distribution:
-	install -C -o root -g wheel -m 0644 ${.CURDIR}/ssh_config \
-	    ${DESTDIR}/etc/ssh/ssh_config
-	install -C -o root -g wheel -m 0644 ${.CURDIR}/sshd_config \
-	    ${DESTDIR}/etc/ssh/sshd_config
-
-.include <bsd.subdir.mk>
diff -ruN --exclude CVS ssh-openbsd-2002030700/Makefile.in openssh-3.1p1/Makefile.in
--- ssh-openbsd-2002030700/Makefile.in	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/Makefile.in	Wed Feb 27 06:24:22 2002
@@ -0,0 +1,313 @@
+# $Id: Makefile.in,v 1.197 2002/02/26 19:24:22 mouring Exp $
+
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+bindir=@bindir@
+sbindir=@sbindir@
+libexecdir=@libexecdir@
+datadir=@datadir@
+mandir=@mandir@
+mansubdir=@mansubdir@
+sysconfdir=@sysconfdir@
+piddir=@piddir@
+srcdir=@srcdir@
+top_srcdir=@top_srcdir@
+
+DESTDIR=
+VPATH=@srcdir@
+SSH_PROGRAM=@bindir@/ssh
+ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass
+SFTP_SERVER=$(libexecdir)/sftp-server
+
+PATHS= -DSSHDIR=\"$(sysconfdir)\" \
+	-D_PATH_SSH_PROGRAM=\"$(SSH_PROGRAM)\" \
+	-D_PATH_SSH_ASKPASS_DEFAULT=\"$(ASKPASS_PROGRAM)\" \
+	-D_PATH_SFTP_SERVER=\"$(SFTP_SERVER)\" \
+	-D_PATH_SSH_PIDDIR=\"$(piddir)\" \
+	-DSSH_RAND_HELPER=\"$(libexecdir)/ssh-rand-helper\"
+
+CC=@CC@
+LD=@LD@
+CFLAGS=@CFLAGS@
+CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
+LIBS=@LIBS@
+LIBPAM=@LIBPAM@
+LIBWRAP=@LIBWRAP@
+AR=@AR@
+RANLIB=@RANLIB@
+INSTALL=@INSTALL@
+PERL=@PERL@
+ENT=@ENT@
+XAUTH_PATH=@XAUTH_PATH@
+LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@
+EXEEXT=@EXEEXT@
+SSH_MODE= @SSHMODE@
+
+INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@
+INSTALL_SSH_RAND_HELPER=@INSTALL_SSH_RAND_HELPER@
+
+@NO_SFTP@SFTP_PROGS=sftp-server$(EXEEXT) sftp$(EXEEXT)
+
+TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-agent$(EXEEXT) scp$(EXEEXT) ssh-rand-helper${EXEEXT} $(SFTP_PROGS)
+
+LIBSSH_OBJS=atomicio.o authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o compat.o compress.o crc32.o deattack.o dh.o dispatch.o fatal.o mac.o hostfile.o key.o kex.o kexdh.o kexgex.o log.o match.o misc.o mpaux.o nchan.o packet.o radix.o rijndael.o entropy.o readpass.o rsa.o scard.o ssh-dss.o ssh-rsa.o tildexpand.o ttymodes.o uidswap.o uuencode.o xmalloc.o 
+
+SSHOBJS= ssh.o sshconnect.o sshconnect1.o sshconnect2.o sshtty.o readconf.o clientloop.o
+
+SSHDOBJS= sshd.o auth.o auth1.o auth2.o auth-chall.o auth2-chall.o auth-rhosts.o auth-options.o auth-krb4.o auth-pam.o auth2-pam.o auth-passwd.o auth-rsa.o auth-rh-rsa.o auth-sia.o sshpty.o sshlogin.o loginrec.o servconf.o serverloop.o md5crypt.o session.o groupaccess.o auth-skey.o auth-bsdauth.o
+
+MANPAGES	= scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out
+MANPAGES_IN	= scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1
+MANTYPE		= @MANTYPE@
+
+CONFIGFILES=sshd_config.out ssh_config.out moduli.out
+CONFIGFILES_IN=sshd_config ssh_config moduli
+
+PATHSUBS	= \
+	-D/etc/ssh/ssh_config=$(sysconfdir)/ssh_config \
+	-D/etc/ssh/ssh_known_hosts=$(sysconfdir)/ssh_known_hosts \
+	-D/etc/ssh/sshd_config=$(sysconfdir)/sshd_config \
+	-D/usr/libexec=$(libexecdir) \
+	-D/etc/shosts.equiv=$(sysconfdir)/shosts.equiv \
+	-D/etc/ssh/ssh_host_key=$(sysconfdir)/ssh_host_key \
+	-D/etc/ssh/ssh_host_dsa_key=$(sysconfdir)/ssh_host_dsa_key \
+	-D/etc/ssh/ssh_host_rsa_key=$(sysconfdir)/ssh_host_rsa_key \
+	-D/var/run/sshd.pid=$(piddir)/sshd.pid \
+	-D/etc/ssh/moduli=$(sysconfdir)/moduli \
+	-D/etc/ssh/sshrc=$(sysconfdir)/sshrc \
+	-D/usr/X11R6/bin/xauth=$(XAUTH_PATH) \
+	-D/usr/bin:/bin:/usr/sbin:/sbin=@user_path@
+
+FIXPATHSCMD	= $(PERL) $(srcdir)/fixpaths $(PATHSUBS)
+
+all: $(CONFIGFILES) $(MANPAGES) $(TARGETS)
+
+$(LIBSSH_OBJS): config.h
+$(SSHOBJS): config.h
+$(SSHDOBJS): config.h
+
+.c.o:
+	$(CC) $(CFLAGS) $(CPPFLAGS) -c $<
+
+LIBCOMPAT=openbsd-compat/libopenbsd-compat.a
+$(LIBCOMPAT): always
+	(cd openbsd-compat && $(MAKE))
+always:
+
+libssh.a: $(LIBSSH_OBJS)
+	$(AR) rv $@ $(LIBSSH_OBJS)
+	$(RANLIB) $@
+
+ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
+	$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+
+sshd$(EXEEXT): libssh.a	$(LIBCOMPAT) $(SSHDOBJS)
+	$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBWRAP) $(LIBPAM) $(LIBS)
+
+scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o
+	$(LD) -o $@ scp.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+
+ssh-add$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-add.o
+	$(LD) -o $@ ssh-add.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) 
+
+ssh-agent$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-agent.o
+	$(LD) -o $@ ssh-agent.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) 
+
+ssh-keygen$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keygen.o
+	$(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) 
+
+ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o
+	$(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) 
+
+sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o
+	$(LD) -o $@ sftp-server.o sftp-common.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) 
+
+sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-int.o sftp-common.o sftp-glob.o
+	$(LD) -o $@ sftp.o sftp-client.o sftp-common.o sftp-int.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+
+ssh-rand-helper${EXEEXT}: $(LIBCOMPAT) libssh.a ssh-rand-helper.o
+	$(LD) -o $@ ssh-rand-helper.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+
+# test driver for the loginrec code - not built by default
+logintest: logintest.o $(LIBCOMPAT) libssh.a loginrec.o
+	$(LD) -o $@ logintest.o $(LDFLAGS) loginrec.o -lopenbsd-compat -lssh $(LIBS)
+
+$(MANPAGES): $(MANPAGES_IN)
+	if test "$(MANTYPE)" = "cat"; then \
+		manpage=$(srcdir)/`echo $@ | sed 's/\.[1-9]\.out$$/\.0/'`; \
+	else \
+		manpage=$(srcdir)/`echo $@ | sed 's/\.out$$//'`; \
+	fi; \
+	if test "$(MANTYPE)" = "man"; then \
+		$(FIXPATHSCMD) $${manpage} | $(PERL) $(srcdir)/mdoc2man.pl > $@; \
+	else \
+		$(FIXPATHSCMD) $${manpage} > $@; \
+	fi
+
+$(CONFIGFILES): $(CONFIGFILES_IN)
+	conffile=`echo $@ | sed 's/.out$$//'`; \
+	$(FIXPATHSCMD) $(srcdir)/$${conffile} > $@
+
+clean:
+	rm -f *.o *.a $(TARGETS) logintest config.cache config.log 
+	rm -f *.out core 
+	(cd openbsd-compat && $(MAKE) clean)
+
+distclean:
+	rm -f *.o *.a $(TARGETS) logintest config.cache config.log 
+	rm -f *.out core
+	rm -f Makefile config.h config.status ssh_prng_cmds *~
+	rm -rf autom4te.cache
+	(cd openbsd-compat && $(MAKE) distclean)
+	(cd scard && $(MAKE) distclean)
+
+veryclean:
+	rm -f configure config.h.in *.0
+	rm -f *.o *.a $(TARGETS) logintest config.cache config.log 
+	rm -f *.out core
+	rm -f Makefile config.h config.status ssh_prng_cmds *~
+	(cd openbsd-compat && $(MAKE) distclean)
+	(cd scard && $(MAKE) distclean)
+
+mrproper: distclean
+
+catman-do:
+	@for f in $(MANPAGES_IN) ; do \
+		base=`echo $$f | sed 's/\..*$$//'` ; \
+		echo "$$f -> $$base.0" ; \
+		nroff -mandoc $$f | cat -v | sed -e 's/.\^H//g' \
+			>$$base.0 ; \
+	done
+
+distprep: catman-do
+	autoreconf
+	(cd scard && $(MAKE) -f Makefile.in distprep)
+
+install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files host-key
+install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files
+
+scard-install:
+	(cd scard && $(MAKE) DESTDIR=$(DESTDIR) install)
+
+install-files: scard-install
+	$(srcdir)/mkinstalldirs $(DESTDIR)$(bindir)
+	$(srcdir)/mkinstalldirs $(DESTDIR)$(sbindir)
+	$(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)
+	$(srcdir)/mkinstalldirs $(DESTDIR)$(datadir)
+	$(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)1
+	$(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8
+	$(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir)
+	$(INSTALL) -m $(SSH_MODE) -s ssh $(DESTDIR)$(bindir)/ssh
+	$(INSTALL) -m 0755 -s scp $(DESTDIR)$(bindir)/scp
+	$(INSTALL) -m 0755 -s ssh-add $(DESTDIR)$(bindir)/ssh-add
+	$(INSTALL) -m 0755 -s ssh-agent $(DESTDIR)$(bindir)/ssh-agent
+	$(INSTALL) -m 0755 -s ssh-keygen $(DESTDIR)$(bindir)/ssh-keygen
+	$(INSTALL) -m 0755 -s ssh-keyscan $(DESTDIR)$(bindir)/ssh-keyscan
+	$(INSTALL) -m 0755 -s sshd $(DESTDIR)$(sbindir)/sshd
+	if test ! -z "$(INSTALL_SSH_RAND_HELPER)" ; then \
+		$(INSTALL) -m 0755 -s ssh-rand-helper $(DESTDIR)$(libexecdir)/ssh-rand-helper ; \
+	fi
+	@NO_SFTP@$(INSTALL) -m 0755 -s sftp $(DESTDIR)$(bindir)/sftp
+	@NO_SFTP@$(INSTALL) -m 0755 -s sftp-server $(DESTDIR)$(SFTP_SERVER)
+	$(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
+	$(INSTALL) -m 644 scp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1
+	$(INSTALL) -m 644 ssh-add.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1
+	$(INSTALL) -m 644 ssh-agent.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-agent.1
+	$(INSTALL) -m 644 ssh-keygen.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keygen.1
+	$(INSTALL) -m 644 ssh-keyscan.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keyscan.1
+	$(INSTALL) -m 644 sshd.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8
+	@NO_SFTP@$(INSTALL) -m 644 sftp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1
+	@NO_SFTP@$(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
+	-rm -f $(DESTDIR)$(bindir)/slogin
+	ln -s ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin
+	-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
+	ln -s ssh.1 $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
+	if [ ! -d $(DESTDIR)$(sysconfdir) ]; then \
+		$(srcdir)/mkinstalldirs $(DESTDIR)$(sysconfdir); \
+	fi
+	if [ ! -f $(DESTDIR)$(sysconfdir)/ssh_config ]; then \
+		$(INSTALL) -m 644 ssh_config.out $(DESTDIR)$(sysconfdir)/ssh_config; \
+	else \
+		echo "$(DESTDIR)$(sysconfdir)/ssh_config already exists, install will not overwrite"; \
+	fi
+	if [ ! -f $(DESTDIR)$(sysconfdir)/sshd_config ]; then \
+		$(INSTALL) -m 644 sshd_config.out $(DESTDIR)$(sysconfdir)/sshd_config; \
+	else \
+		echo "$(DESTDIR)$(sysconfdir)/sshd_config already exists, install will not overwrite"; \
+	fi
+	if [ -f ssh_prng_cmds -a ! -z "$(INSTALL_SSH_PRNG_CMDS)" ]; then \
+		$(PERL) $(srcdir)/fixprogs ssh_prng_cmds $(ENT); \
+		if [ ! -f $(DESTDIR)$(sysconfdir)/ssh_prng_cmds ] ; then \
+			$(INSTALL) -m 644 ssh_prng_cmds.out $(DESTDIR)$(sysconfdir)/ssh_prng_cmds; \
+		else \
+			echo "$(DESTDIR)$(sysconfdir)/ssh_prng_cmds already exists, install will not overwrite"; \
+		fi ; \
+	fi
+	if [ ! -f $(DESTDIR)$(sysconfdir)/moduli ]; then \
+		if [ -f $(DESTDIR)$(sysconfdir)/primes ]; then \
+			echo "moving $(DESTDIR)$(sysconfdir)/primes to $(DESTDIR)$(sysconfdir)/moduli"; \
+			mv "$(DESTDIR)$(sysconfdir)/primes" "$(DESTDIR)$(sysconfdir)/moduli"; \
+		else \
+			$(INSTALL) -m 644 moduli.out $(DESTDIR)$(sysconfdir)/moduli; \
+		fi ; \
+	else \
+		echo "$(DESTDIR)$(sysconfdir)/moduli already exists, install will not overwrite"; \
+	fi
+
+host-key: ssh-keygen$(EXEEXT)
+	if [ -z "$(DESTDIR)" ] ; then \
+		if [ -f "$(DESTDIR)$(sysconfdir)/ssh_host_key" ] ; then \
+			echo "$(DESTDIR)$(sysconfdir)/ssh_host_key already exists, skipping." ; \
+		else \
+			./ssh-keygen -t rsa1 -f $(DESTDIR)$(sysconfdir)/ssh_host_key -N "" ; \
+		fi ; \
+		if [ -f $(DESTDIR)$(sysconfdir)/ssh_host_dsa_key ] ; then \
+			echo "$(DESTDIR)$(sysconfdir)/ssh_host_dsa_key already exists, skipping." ; \
+		else \
+			./ssh-keygen -t dsa -f $(DESTDIR)$(sysconfdir)/ssh_host_dsa_key -N "" ; \
+		fi ; \
+		if [ -f $(DESTDIR)$(sysconfdir)/ssh_host_rsa_key ] ; then \
+			echo "$(DESTDIR)$(sysconfdir)/ssh_host_rsa_key already exists, skipping." ; \
+		else \
+			./ssh-keygen -t rsa -f $(DESTDIR)$(sysconfdir)/ssh_host_rsa_key -N "" ; \
+		fi ; \
+	fi ;
+
+host-key-force: ssh-keygen$(EXEEXT)
+	./ssh-keygen -t rsa1 -f $(DESTDIR)$(sysconfdir)/ssh_host_key -N ""
+	./ssh-keygen -t dsa -f $(DESTDIR)$(sysconfdir)/ssh_host_dsa_key -N ""
+	./ssh-keygen -t rsa -f $(DESTDIR)$(sysconfdir)/ssh_host_rsa_key -N ""
+
+uninstallall:	uninstall
+	-rm -f $(DESTDIR)$(sysconfdir)/ssh_config
+	-rm -f $(DESTDIR)$(sysconfdir)/sshd_config
+	-rm -f $(DESTDIR)$(sysconfdir)/ssh_prng_cmds
+	-rmdir $(DESTDIR)$(sysconfdir)
+	-rmdir $(DESTDIR)$(bindir)
+	-rmdir $(DESTDIR)$(sbindir)
+	-rmdir $(DESTDIR)$(mandir)/$(mansubdir)1
+	-rmdir $(DESTDIR)$(mandir)/$(mansubdir)8
+	-rmdir $(DESTDIR)$(mandir)
+	-rmdir $(DESTDIR)$(libexecdir)
+
+uninstall: 
+	-rm -f $(DESTDIR)$(bindir)/slogin
+	-rm -f $(DESTDIR)$(bindir)/ssh$(EXEEXT)
+	-rm -f $(DESTDIR)$(bindir)/scp$(EXEEXT)
+	-rm -f $(DESTDIR)$(bindir)/ssh-add$(EXEEXT)
+	-rm -f $(DESTDIR)$(bindir)/ssh-agent$(EXEEXT)
+	-rm -f $(DESTDIR)$(bindir)/ssh-keygen$(EXEEXT)
+	-rm -f $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT)
+	-rm -f $(DESTDIR)$(bindir)/sftp$(EXEEXT)
+	-rm -f $(DESTDIR)$(sbindir)/sshd$(EXEEXT)
+	-rm -r $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
+	-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
+	-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1
+	-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1
+	-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-agent.1
+	-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keygen.1
+	-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1
+	-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keyscan.1
+	-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8
+	-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
+	-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
diff -ruN --exclude CVS ssh-openbsd-2002030700/Makefile.inc openssh-3.1p1/Makefile.inc
--- ssh-openbsd-2002030700/Makefile.inc	Thu Mar  7 12:02:03 2002
+++ openssh-3.1p1/Makefile.inc	Thu Jan  1 10:00:00 1970
@@ -1,26 +0,0 @@
-#	$OpenBSD: Makefile.inc,v 1.23 2002/03/06 00:23:27 markus Exp $
-
-CFLAGS+=	-I${.CURDIR}/..
-
-CDIAGFLAGS=	-Wall
-#CDIAGFLAGS+=	-Werror
-CDIAGFLAGS+=	-Wpointer-arith
-CDIAGFLAGS+=	-Wno-uninitialized
-#CDIAGFLAGS+=	-Wstrict-prototypes
-CDIAGFLAGS+=	-Wmissing-prototypes
-CDIAGFLAGS+=	-Wunused
-
-#DEBUG=-g
-
-#CFLAGS+=	-DSMARTCARD
-#LDADD+=	-lsectok
-
-.include <bsd.obj.mk>
-
-.if exists(${.CURDIR}/../lib/${__objdir})
-LDADD+=         -L${.CURDIR}/../lib/${__objdir} -lssh
-DPADD+=         ${.CURDIR}/../lib/${__objdir}/libssh.a
-.else
-LDADD+=         -L${.CURDIR}/../lib -lssh
-DPADD+=         ${.CURDIR}/../lib/libssh.a
-.endif
diff -ruN --exclude CVS ssh-openbsd-2002030700/README openssh-3.1p1/README
--- ssh-openbsd-2002030700/README	Sun Feb 10 17:43:26 2002
+++ openssh-3.1p1/README	Mon Dec 24 14:17:21 2001
@@ -1,25 +1,66 @@
-This release of OpenSSH is for OpenBSD systems only.
+- A Japanese translation of this document and of the OpenSSH FAQ is 
+- available at http://www.unixuser.org/~haruyama/security/openssh/index.html
+- Thanks to HARUYAMA Seigo <haruyama@unixuser.org>
 
-Please read
-        http://www.openssh.com/portable.html
-if you want to install OpenSSH on other operating systems.
-
-To extract and install this release on your OpenBSD system use:
-
-      # cd /usr/src/usr.bin
-      # tar xvfz .../openssh-x.y.tgz
-      # cd ssh
-      # make obj
-      # make cleandir
-      # make depend
-      # make
-      # make install
-      # cp ssh_config sshd_config /etc/ssh
-
-OpenSSH is a derivative of the original and free ssh 1.2.12 release
-by Tatu Ylonen.  Aaron Campbell, Bob Beck, Markus Friedl, Niels
-Provos, Theo de Raadt and Dug Song removed many bugs, re-added newer
-features and created OpenSSH.  Markus Friedl contributed the support
-for SSH protocol versions 1.5 and 2.0.
+This is the port of OpenBSD's excellent OpenSSH[0] to Linux and other
+Unices.
 
-See http://www.openssh.com/ for more information.
+OpenSSH is based on the last free version of Tatu Ylonen's sample
+implementation with all patent-encumbered algorithms removed (to
+external libraries), all known security bugs fixed, new features
+reintroduced and many other clean-ups.  OpenSSH has been created by
+Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo de Raadt,
+and Dug Song. It has a homepage at http://www.openssh.com/
+
+This port consists of the re-introduction of autoconf support, PAM
+support (for Linux and Solaris), EGD[1]/PRNGD[2] support and replacements 
+for OpenBSD library functions that are (regrettably) absent from other 
+unices. This port has been best tested on Linux, Solaris, HP-UX, NetBSD 
+and Irix. Support for AIX, SCO, NeXT and other Unices is underway. 
+This version actively tracks changes in the OpenBSD CVS repository.
+
+The PAM support is now more functional than the popular packages of
+commercial ssh-1.2.x. It checks "account" and "session" modules for
+all logins, not just when using password authentication.
+
+OpenSSH depends on Zlib[3], OpenSSL[4] and optionally PAM[5].
+
+There is now several mailing lists for this port of OpenSSH. Please
+refer to http://www.openssh.com/list.html for details on how to join.
+
+Please send bug reports and patches to the mailing list
+openssh-unix-dev@mindrot.org. The list is open to posting by
+unsubscribed users.
+
+If you are a citizen of an USA-embargoed country to which export of 
+cryptographic products is restricted, then please refrain from sending 
+crypto-related code or patches to the list. We cannot accept them.
+Other code contribution are accepted, but please follow the OpenBSD
+style guidelines[6].
+
+Please refer to the INSTALL document for information on how to install
+OpenSSH on your system. There are a number of differences between this 
+port of OpenSSH and F-Secure SSH 1.x, please refer to the OpenSSH FAQ[7]
+for details and general tips.
+
+Damien Miller <djm@mindrot.org>
+
+Miscellania - 
+
+This version of OpenSSH is based upon code retrieved from the OpenBSD
+CVS repository which in turn was based on the last free sample
+implementation released by Tatu Ylonen.
+
+References -
+
+[0] http://www.openssh.com/faq.html
+[1] http://www.lothar.com/tech/crypto/
+[2] http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html
+[3] http://www.gzip.org/zlib/
+[4] http://www.openssl.org/
+[5] http://www.kernel.org/pub/linux/libs/pam/ (PAM is standard on Solaris
+    and HP-UX 11)
+[6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9
+[7] http://www.openssh.com/faq.html
+
+$Id: README,v 1.50 2001/12/24 03:17:21 djm Exp $
diff -ruN --exclude CVS ssh-openbsd-2002030700/README.smartcard openssh-3.1p1/README.smartcard
--- ssh-openbsd-2002030700/README.smartcard	Thu Aug  2 18:58:35 2001
+++ openssh-3.1p1/README.smartcard	Tue Sep 25 10:21:28 2001
@@ -1,22 +1,25 @@
 How to use smartcards with OpenSSH?
 
 OpenSSH contains experimental support for authentication using
-Cyberflex smartcards and TODOS card readers. To enable this you
-need to:
+Cyberflex smartcards and TODOS card readers. 
+
+WARNING: Smartcard support is still in development. Keyfile formats, etc
+are still subject to change.
+
+To enable this you need to:
 
 (1) install sectok
 
-	$ cd /usr/src/lib/libsectok
-	$ make obj depend all install includes
-	$ cd /usr/src/usr.bin/sectok
-	$ make obj depend all install
+	Sources are instructions are available from
+	http://www.citi.umich.edu/projects/smartcard/sectok.html
 
 (2) enable SMARTCARD support in OpenSSH:
 
-	$ vi /usr/src/usr.bin/ssh/Makefile.inc
-	and uncomment
-		CFLAGS+=	-DSMARTCARD
-		LDADD+=	-lsectok
+	$ ./configure --with-smartcard [options]
+
+	You can also specify a path to libsectok:
+
+	$ ./configure --with-smartcard=/path/to/libsectok [options]
 
 (3) load the Java Cardlet to the Cyberflex card:
 
diff -ruN --exclude CVS ssh-openbsd-2002030700/TODO openssh-3.1p1/TODO
--- ssh-openbsd-2002030700/TODO	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/TODO	Tue Jan 22 22:26:20 2002
@@ -0,0 +1,90 @@
+Programming:
+- Grep for 'XXX' comments and fix
+
+- Link order is incorrect for some systems using Kerberos 4 and AFS. Result
+  is multiple inclusion of DES symbols. Holger Trapp 
+  <holger.trapp@hrz.tu-chemnitz.de> reports that changing the configure
+  generated link order from:
+	-lresolv -lkrb -lz -lnsl  -lutil -lkafs -lkrb -ldes -lcrypto
+  to:
+	-lresolv -lkrb -lz -lnsl  -lutil -lcrypto -lkafs -lkrb -ldes
+  fixing the problem.
+
+- Write a test program that calls stat() to search for EGD/PRNGd socket
+  rather than use the (non-portable) "test -S". 
+
+- Replacement for setproctitle() - HP-UX support only currently
+
+- Handle changing passwords for the non-PAM expired password case
+
+- Improve PAM support (a pam_lastlog module will cause sshd to exit)
+  and maybe support alternate forms of authenications like OPIE via
+  pam?
+
+- Rework PAM ChallengeResponseAuthentication
+ - Use kbdint request packet with 0 prompts for informational messages
+ - Use different PAM service name for kbdint vs regular auth (suggest from
+   Solar Designer)
+ - Ability to select which ChallengeResponseAuthentications may be used
+   and order to try them in e.g. "ChallengeResponseAuthentication skey, pam"
+
+- Complete Tru64 SIA support
+ - It looks like we could merge it into the password auth code to cut down
+   on diff size. Maybe PAM password auth too?
+
+- Finish integrating kernel-level auditing code for IRIX and SOLARIS
+  (Gilbert.r.loomis@saic.com)
+
+- sftp-server:  Rework to step down to 32bit ints if the platform
+  lacks 'long long' == 64bit (Notable SCO w/ SCO compiler)
+
+- Linux hangs for 20 seconds when you do "sleep 20&exit".  All current
+  solutions break scp or leaves processes hanging around after the ssh
+  connection has ended.  It seems to be linked to two things.  One
+  select() under Linux is not as nice as others, and two the children
+  of the shell are not killed on exiting the shell. Redhat have an excellent
+  description of this in their RPM package.
+
+- Build an automated test suite
+
+- 64-bit builds on HP-UX 11.X (stevesk@pobox.com):
+  - utmp/wtmp get corrupted (something in loginrec?)
+  - can't build with PAM (no 64-bit libpam yet)
+
+Documentation:
+- More and better
+
+- Install FAQ?
+
+- General FAQ on S/Key, TIS, RSA, RSA2, DSA, etc and suggestions on when it
+  would be best to use them.  
+
+- Create a Documentation/ directory?
+
+Clean up configure/makefiles:
+- Clean up configure.ac - There are a few double #defined variables
+  left to do.  HAVE_LOGIN is one of them.  Consider NOT looking for
+  information in wtmpx or utmpx or any of that stuff if it's not detected
+  from the start
+
+- Fails to compile when cross compile.
+  (vinschen@redhat.com)
+
+- Replace the whole u_intXX_t evilness in acconfig.h with something better???
+
+- Consider splitting the u_intXX_t test for sys/bitype.h  into seperate test
+  to allow people to (right/wrongfully) link against Bind directly.
+
+- Consider splitting configure.ac into seperate files which do logically
+  similar tests. E.g move all the type detection stuff into one file, 
+  entropy related stuff into another.
+
+Packaging:
+- Solaris: Update packaging scripts and build new sysv startup scripts
+  Ideally the package metadata should be generated by autoconf.
+  (gilbert.r.loomis@saic.com)
+
+- HP-UX: Provide DEPOT package scripts.
+  (gilbert.r.loomis@saic.com)
+
+$Id: TODO,v 1.46 2002/01/22 11:26:20 djm Exp $
diff -ruN --exclude CVS ssh-openbsd-2002030700/WARNING.RNG openssh-3.1p1/WARNING.RNG
--- ssh-openbsd-2002030700/WARNING.RNG	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/WARNING.RNG	Fri Feb  9 12:55:36 2001
@@ -0,0 +1,83 @@
+This document contains a description of portable OpenSSH's random
+number collection code. An alternate reading of this text could
+well be titled "Why I should pressure my system vendor to supply
+/dev/random in their OS".
+
+Why is this important? OpenSSH depends on good, unpredictable numbers
+for generating keys, performing digital signatures and forming
+cryptographic challenges. If the random numbers that it uses are
+predictable, then the strength of the whole system is compromised.
+
+A particularly pernicious problem arises with DSA keys (used by the
+ssh2 protocol). Performing a DSA signature (which is required for
+authentication), entails the use of a 160 bit random number.  If an
+attacker can predict this number, then they can deduce your *private*
+key and impersonate you or your hosts.
+
+If you are using the builtin random number support (configure will
+tell you if this is the case), then read this document in its entirety.
+Alternately, you can use Lutz Jaenicke's PRNGd - a small daemon which
+collects random numbers and makes them available by a socket.
+
+Please also request that your OS vendor provides a kernel-based random
+number collector (/dev/random) in future versions of your operating
+systems by default.
+
+On to the description...
+
+The portable OpenSSH contains random number collection support for
+systems which lack a kernel entropy pool (/dev/random).
+
+This collector operates by executing the programs listed in
+($etcdir)/ssh_prng_cmds, reading their output and adding it to the
+PRNG supplied by OpenSSL (which is hash-based). It also stirs in the
+output of several system calls and timings from the execution of the
+programs that it runs.
+
+The ssh_prng_cmds file also specifies a 'rate' for each program. This
+represents the number of bits of randomness per byte of output from
+the specified program.
+
+The random number code will also read and save a seed file to
+~/.ssh/prng_seed. This contents of this file are added to the random
+number generator at startup. The goal here is to maintain as much 
+randomness between sessions as possible.
+
+The entropy collection code has two main problems:
+
+1. It is slow.
+
+Executing each program in the list can take a large amount of time,   
+especially on slower machines. Additionally some program can take a   
+disproportionate time to execute.                                     
+
+This can be tuned by the administrator. To debug the entropy
+collection is great detail, turn on full debugging ("ssh -v -v -v" or
+"sshd -d -d -d"). This will list each program as it is executed, how
+long it took to execute, its exit status and whether and how much data
+it generated. You can the find the culprit programs which are causing
+the real slow-downs.
+
+The entropy collector will timeout programs which take too long
+to execute, the actual timeout used can be adjusted with the
+--with-entropy-timeout configure option. OpenSSH will not try to
+re-execute programs which have not been found, have had a non-zero
+exit status or have timed out more than a couple of times.
+
+2. Estimating the real 'rate' of program outputs is non-trivial
+
+The shear volume of the task is problematic: there are currently
+around 50 commands in the ssh_prng_cmds list, portable OpenSSH
+supports at least 12 different OSs. That is already 600 sets of data
+to be analysed, without taking into account the numerous differences
+between versions of each OS.
+
+On top of this, the different commands can produce varying amounts of
+usable data depending on how busy the machine is, how long it has been
+up and various other factors.
+
+To make matters even more complex, some of the commands are reporting
+largely the same data as other commands (eg. the various "ps" calls).
+
+$Id: WARNING.RNG,v 1.4 2001/02/09 01:55:36 djm Exp $
+
diff -ruN --exclude CVS ssh-openbsd-2002030700/acconfig.h openssh-3.1p1/acconfig.h
--- ssh-openbsd-2002030700/acconfig.h	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/acconfig.h	Wed Feb 27 03:40:49 2002
@@ -0,0 +1,332 @@
+/* $Id: acconfig.h,v 1.122 2002/02/26 16:40:49 tim Exp $ */
+
+#ifndef _CONFIG_H
+#define _CONFIG_H
+
+/* Generated automatically from acconfig.h by autoheader. */
+/* Please make your changes there */
+
+@TOP@
+
+/* Define to a Set Process Title type if your system is */
+/* supported by bsd-setproctitle.c */
+#undef SPT_TYPE
+
+/* SCO workaround */
+#undef BROKEN_SYS_TERMIO_H
+#undef HAVE_BOGUS_SYS_QUEUE_H
+
+/* Define if you have SCO protected password database */
+#undef HAVE_SCO_PROTECTED_PW
+
+/* If your header files don't define LOGIN_PROGRAM, then use this (detected) */
+/* from environment and PATH */
+#undef LOGIN_PROGRAM_FALLBACK
+
+/* Define if your password has a pw_class field */
+#undef HAVE_PW_CLASS_IN_PASSWD
+
+/* Define if your password has a pw_expire field */
+#undef HAVE_PW_EXPIRE_IN_PASSWD
+
+/* Define if your password has a pw_change field */
+#undef HAVE_PW_CHANGE_IN_PASSWD
+
+/* Define if you system's inet_ntoa is busted (e.g. Irix gcc issue) */
+#undef BROKEN_INET_NTOA
+
+/* Define if your system defines sys_errlist[] */
+#undef HAVE_SYS_ERRLIST
+
+/* Define if your system defines sys_nerr */
+#undef HAVE_SYS_NERR
+
+/* Define if your system choked on IP TOS setting */
+#undef IP_TOS_IS_BROKEN
+
+/* Define if you have the getuserattr function.  */
+#undef HAVE_GETUSERATTR
+
+/* Work around problematic Linux PAM modules handling of PAM_TTY */
+#undef PAM_TTY_KLUDGE
+
+/* Use PIPES instead of a socketpair() */
+#undef USE_PIPES
+
+/* Define if your snprintf is busted */
+#undef BROKEN_SNPRINTF
+
+/* Define if you are on Cygwin */
+#undef HAVE_CYGWIN
+
+/* Define if you have a broken realpath. */
+#undef BROKEN_REALPATH
+
+/* Define if you are on NeXT */
+#undef HAVE_NEXT
+
+/* Define if you are on NEWS-OS */
+#undef HAVE_NEWS4
+
+/* Define if you want to enable PAM support */
+#undef USE_PAM
+
+/* Define if you want to enable AIX4's authenticate function */
+#undef WITH_AIXAUTHENTICATE
+
+/* Define if you have/want arrays (cluster-wide session managment, not C arrays) */
+#undef WITH_IRIX_ARRAY
+
+/* Define if you want IRIX project management */
+#undef WITH_IRIX_PROJECT
+
+/* Define if you want IRIX audit trails */
+#undef WITH_IRIX_AUDIT
+
+/* Define if you want IRIX kernel jobs */
+#undef WITH_IRIX_JOBS
+
+/* Location of PRNGD/EGD random number socket */
+#undef PRNGD_SOCKET
+
+/* Port number of PRNGD/EGD random number socket */
+#undef PRNGD_PORT
+
+/* Builtin PRNG command timeout */
+#undef ENTROPY_TIMEOUT_MSEC
+
+/* Define if you want to install preformatted manpages.*/
+#undef MANTYPE
+
+/* Define if your ssl headers are included with #include <openssl/header.h>  */
+#undef HAVE_OPENSSL
+
+/* Define if you are linking against RSAref.  Used only to print the right
+ * message at run-time. */
+#undef RSAREF
+
+/* struct timeval */
+#undef HAVE_STRUCT_TIMEVAL
+
+/* struct utmp and struct utmpx fields */
+#undef HAVE_HOST_IN_UTMP
+#undef HAVE_HOST_IN_UTMPX
+#undef HAVE_ADDR_IN_UTMP
+#undef HAVE_ADDR_IN_UTMPX
+#undef HAVE_ADDR_V6_IN_UTMP
+#undef HAVE_ADDR_V6_IN_UTMPX
+#undef HAVE_SYSLEN_IN_UTMPX
+#undef HAVE_PID_IN_UTMP
+#undef HAVE_TYPE_IN_UTMP
+#undef HAVE_TYPE_IN_UTMPX
+#undef HAVE_TV_IN_UTMP
+#undef HAVE_TV_IN_UTMPX
+#undef HAVE_ID_IN_UTMP
+#undef HAVE_ID_IN_UTMPX
+#undef HAVE_EXIT_IN_UTMP
+#undef HAVE_TIME_IN_UTMP
+#undef HAVE_TIME_IN_UTMPX
+
+/* Define if you don't want to use your system's login() call */
+#undef DISABLE_LOGIN
+
+/* Define if you don't want to use pututline() etc. to write [uw]tmp */
+#undef DISABLE_PUTUTLINE
+
+/* Define if you don't want to use pututxline() etc. to write [uw]tmpx */
+#undef DISABLE_PUTUTXLINE
+
+/* Define if you don't want to use lastlog */
+#undef DISABLE_LASTLOG
+
+/* Define if you don't want to use utmp */
+#undef DISABLE_UTMP
+
+/* Define if you don't want to use utmpx */
+#undef DISABLE_UTMPX
+
+/* Define if you don't want to use wtmp */
+#undef DISABLE_WTMP
+
+/* Define if you don't want to use wtmpx */
+#undef DISABLE_WTMPX
+
+/* Some systems need a utmpx entry for /bin/login to work */
+#undef LOGIN_NEEDS_UTMPX
+
+/* Some versions of /bin/login need the TERM supplied on the commandline */
+#undef LOGIN_NEEDS_TERM
+
+/* Define if you want to specify the path to your lastlog file */
+#undef CONF_LASTLOG_FILE
+
+/* Define if you want to specify the path to your utmp file */
+#undef CONF_UTMP_FILE
+
+/* Define if you want to specify the path to your wtmp file */
+#undef CONF_WTMP_FILE
+
+/* Define if you want to specify the path to your utmpx file */
+#undef CONF_UTMPX_FILE
+
+/* Define if you want to specify the path to your wtmpx file */
+#undef CONF_WTMPX_FILE
+
+/* Define if you want external askpass support */
+#undef USE_EXTERNAL_ASKPASS
+
+/* Define if libc defines __progname */
+#undef HAVE___PROGNAME
+
+/* Define if you want Kerberos 4 support */
+#undef KRB4
+
+/* Define if you want AFS support */
+#undef AFS
+
+/* Define if you want S/Key support */
+#undef SKEY
+
+/* Define if you want TCP Wrappers support */
+#undef LIBWRAP
+
+/* Define if your libraries define login() */
+#undef HAVE_LOGIN
+
+/* Define if your libraries define daemon() */
+#undef HAVE_DAEMON
+
+/* Define if your libraries define getpagesize() */
+#undef HAVE_GETPAGESIZE
+
+/* Define if xauth is found in your path */
+#undef XAUTH_PATH
+
+/* Define if rsh is found in your path */
+#undef RSH_PATH
+
+/* Define if you want to allow MD5 passwords */
+#undef HAVE_MD5_PASSWORDS
+
+/* Define if you want to disable shadow passwords */
+#undef DISABLE_SHADOW
+
+/* Define if you want to use shadow password expire field */
+#undef HAS_SHADOW_EXPIRE
+
+/* Define if you have Digital Unix Security Integration Architecture */
+#undef HAVE_OSF_SIA
+
+/* Define if you have getpwanam(3) [SunOS 4.x] */
+#undef HAVE_GETPWANAM
+
+/* Defined if in_systm.h needs to be included with netinet/ip.h (HPUX - <sigh/>) */
+#undef NEED_IN_SYSTM_H
+
+/* Define if you have an old version of PAM which takes only one argument */
+/* to pam_strerror */
+#undef HAVE_OLD_PAM
+
+/* Define if you are using Solaris-derived PAM which passes pam_messages  */
+/* to the conversation function with an extra level of indirection */
+#undef PAM_SUN_CODEBASE
+
+/* Set this to your mail directory if you don't have maillock.h */
+#undef MAIL_DIRECTORY
+
+/* Data types */
+#undef HAVE_U_INT
+#undef HAVE_INTXX_T
+#undef HAVE_U_INTXX_T
+#undef HAVE_UINTXX_T
+#undef HAVE_INT64_T
+#undef HAVE_U_INT64_T
+#undef HAVE_U_CHAR
+#undef HAVE_SIZE_T
+#undef HAVE_SSIZE_T
+#undef HAVE_CLOCK_T
+#undef HAVE_MODE_T
+#undef HAVE_PID_T
+#undef HAVE_SA_FAMILY_T
+#undef HAVE_STRUCT_SOCKADDR_STORAGE
+#undef HAVE_STRUCT_ADDRINFO
+#undef HAVE_STRUCT_IN6_ADDR
+#undef HAVE_STRUCT_SOCKADDR_IN6
+
+/* Fields in struct sockaddr_storage */
+#undef HAVE_SS_FAMILY_IN_SS
+#undef HAVE___SS_FAMILY_IN_SS
+
+/* Define if you have /dev/ptmx */
+#undef HAVE_DEV_PTMX
+
+/* Define if you have /dev/ptc */
+#undef HAVE_DEV_PTS_AND_PTC
+
+/* Define if you need to use IP address instead of hostname in $DISPLAY */
+#undef IPADDR_IN_DISPLAY
+
+/* Specify default $PATH */
+#undef USER_PATH
+
+/* Specify location of ssh.pid */
+#undef _PATH_SSH_PIDDIR
+
+/* Use IPv4 for connection by default, IPv6 can still if explicity asked */
+#undef IPV4_DEFAULT
+
+/* If you have no atexit() but xatexit(), and want to use xatexit() */
+#undef HAVE_XATEXIT
+
+/* getaddrinfo is broken (if present) */
+#undef BROKEN_GETADDRINFO
+
+/* Workaround more Linux IPv6 quirks */
+#undef DONT_TRY_OTHER_AF
+
+/* Detect IPv4 in IPv6 mapped addresses and treat as IPv4 */
+#undef IPV4_IN_IPV6
+
+/* Define if you have BSD auth support */
+#undef BSD_AUTH
+
+/* Define if X11 doesn't support AF_UNIX sockets on that system */
+#undef NO_X11_UNIX_SOCKETS
+
+/* Needed for SCO and NeXT */
+#undef BROKEN_SAVED_UIDS
+
+/* Define if your system glob() function has the GLOB_ALTDIRFUNC extension */
+#undef GLOB_HAS_ALTDIRFUNC
+
+/* Define if your system glob() function has gl_matchc options in glob_t */
+#undef GLOB_HAS_GL_MATCHC
+
+/* Define in your struct dirent expects you to allocate extra space for d_name */
+#undef BROKEN_ONE_BYTE_DIRENT_D_NAME
+
+/* Define if your getopt(3) defines and uses optreset */
+#undef HAVE_GETOPT_OPTRESET
+
+/* Define on *nto-qnx systems */
+#undef MISSING_NFDBITS
+
+/* Define on *nto-qnx systems */
+#undef MISSING_HOWMANY
+
+/* Define on *nto-qnx systems */
+#undef MISSING_FD_MASK
+
+/* Define if you want smartcard support */
+#undef SMARTCARD
+
+/* Define if you want to use OpenSSL's internally seeded PRNG only */
+#undef OPENSSL_PRNG_ONLY
+
+@BOTTOM@
+
+/* ******************* Shouldn't need to edit below this line ************** */
+
+#include "defines.h"
+
+#endif /* _CONFIG_H */
diff -ruN --exclude CVS ssh-openbsd-2002030700/aclocal.m4 openssh-3.1p1/aclocal.m4
--- ssh-openbsd-2002030700/aclocal.m4	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/aclocal.m4	Mon Oct 22 10:53:59 2001
@@ -0,0 +1,86 @@
+dnl $Id: aclocal.m4,v 1.5 2001/10/22 00:53:59 tim Exp $
+dnl
+dnl OpenSSH-specific autoconf macros
+dnl
+
+
+dnl OSSH_CHECK_HEADER_FOR_FIELD(field, header, symbol)
+dnl Does AC_EGREP_HEADER on 'header' for the string 'field'
+dnl If found, set 'symbol' to be defined. Cache the result.
+dnl TODO: This is not foolproof, better to compile and read from there
+AC_DEFUN(OSSH_CHECK_HEADER_FOR_FIELD, [
+# look for field '$1' in header '$2'
+	dnl This strips characters illegal to m4 from the header filename
+	ossh_safe=`echo "$2" | sed 'y%./+-%__p_%'`
+	dnl
+	ossh_varname="ossh_cv_$ossh_safe""_has_"$1
+	AC_MSG_CHECKING(for $1 field in $2)
+	AC_CACHE_VAL($ossh_varname, [
+		AC_EGREP_HEADER($1, $2, [ dnl
+			eval "$ossh_varname=yes" dnl
+		], [ dnl
+			eval "$ossh_varname=no" dnl
+		]) dnl
+	])
+	ossh_result=`eval 'echo $'"$ossh_varname"`
+	if test -n "`echo $ossh_varname`"; then
+		AC_MSG_RESULT($ossh_result)
+		if test "x$ossh_result" = "xyes"; then
+			AC_DEFINE($3)
+		fi
+	else
+		AC_MSG_RESULT(no)
+	fi
+])
+
+dnl OSSH_PATH_ENTROPY_PROG(variablename, command):
+dnl Tidiness function, sets 'undef' if not found, and does the AC_SUBST
+AC_DEFUN(OSSH_PATH_ENTROPY_PROG, [
+	AC_PATH_PROG($1, $2)
+	if test -z "[$]$1" ; then
+		$1="undef"
+	fi
+	AC_SUBST($1)
+])
+
+dnl Check for socklen_t: historically on BSD it is an int, and in
+dnl POSIX 1g it is a type of its own, but some platforms use different
+dnl types for the argument to getsockopt, getpeername, etc.  So we
+dnl have to test to find something that will work.
+AC_DEFUN([TYPE_SOCKLEN_T],
+[
+   AC_CHECK_TYPE([socklen_t], ,[
+      AC_MSG_CHECKING([for socklen_t equivalent])
+      AC_CACHE_VAL([curl_cv_socklen_t_equiv],
+      [
+	 # Systems have either "struct sockaddr *" or
+	 # "void *" as the second argument to getpeername
+	 curl_cv_socklen_t_equiv=
+	 for arg2 in "struct sockaddr" void; do
+	    for t in int size_t unsigned long "unsigned long"; do
+	       AC_TRY_COMPILE([
+		  #include <sys/types.h>
+		  #include <sys/socket.h>
+
+		  int getpeername (int, $arg2 *, $t *);
+	       ],[
+		  $t len;
+		  getpeername(0,0,&len);
+	       ],[
+		  curl_cv_socklen_t_equiv="$t"
+		  break
+	       ])
+	    done
+	 done
+
+	 if test "x$curl_cv_socklen_t_equiv" = x; then
+	    AC_MSG_ERROR([Cannot find a type to use in place of socklen_t])
+	 fi
+      ])
+      AC_MSG_RESULT($curl_cv_socklen_t_equiv)
+      AC_DEFINE_UNQUOTED(socklen_t, $curl_cv_socklen_t_equiv,
+			[type to use in place of socklen_t if not defined])],
+      [#include <sys/types.h>
+#include <sys/socket.h>])
+])
+
diff -ruN --exclude CVS ssh-openbsd-2002030700/atomicio.c openssh-3.1p1/atomicio.c
--- ssh-openbsd-2002030700/atomicio.c	Wed May  9 08:48:07 2001
+++ openssh-3.1p1/atomicio.c	Wed May  9 10:02:52 2001
@@ -45,7 +45,11 @@
 		res = (f) (fd, s + pos, n - pos);
 		switch (res) {
 		case -1:
+#ifdef EWOULDBLOCK
+			if (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK)
+#else
 			if (errno == EINTR || errno == EAGAIN)
+#endif
 				continue;
 		case 0:
 			return (res);
diff -ruN --exclude CVS ssh-openbsd-2002030700/auth-pam.c openssh-3.1p1/auth-pam.c
--- ssh-openbsd-2002030700/auth-pam.c	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/auth-pam.c	Tue Feb  5 12:40:47 2002
@@ -0,0 +1,426 @@
+/*
+ * Copyright (c) 2000 Damien Miller.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+
+#ifdef USE_PAM
+#include "ssh.h"
+#include "xmalloc.h"
+#include "log.h"
+#include "auth-pam.h"
+#include "servconf.h"
+#include "canohost.h"
+#include "readpass.h"
+
+extern char *__progname;
+
+RCSID("$Id: auth-pam.c,v 1.42 2002/02/05 01:40:47 djm Exp $");
+
+#define NEW_AUTHTOK_MSG \
+	"Warning: Your password has expired, please change it now"
+
+static int do_pam_conversation(int num_msg, const struct pam_message **msg,
+	struct pam_response **resp, void *appdata_ptr);
+
+/* module-local variables */
+static struct pam_conv conv = {
+	do_pam_conversation,
+	NULL
+};
+static char *__pam_msg = NULL;
+static pam_handle_t *__pamh = NULL;
+static const char *__pampasswd = NULL;
+
+/* states for do_pam_conversation() */
+enum { INITIAL_LOGIN, OTHER } pamstate = INITIAL_LOGIN;
+/* remember whether pam_acct_mgmt() returned PAM_NEWAUTHTOK_REQD */
+static int password_change_required = 0;
+/* remember whether the last pam_authenticate() succeeded or not */
+static int was_authenticated = 0;
+
+/* Remember what has been initialised */
+static int session_opened = 0;
+static int creds_set = 0;
+
+/* accessor which allows us to switch conversation structs according to
+ * the authentication method being used */
+void do_pam_set_conv(struct pam_conv *conv)
+{
+	pam_set_item(__pamh, PAM_CONV, conv);
+}
+
+/* start an authentication run */
+int do_pam_authenticate(int flags)
+{
+	int retval = pam_authenticate(__pamh, flags);
+	was_authenticated = (retval == PAM_SUCCESS);
+	return retval;
+}
+
+/*
+ * PAM conversation function.
+ * There are two states this can run in.
+ *
+ * INITIAL_LOGIN mode simply feeds the password from the client into
+ * PAM in response to PAM_PROMPT_ECHO_OFF, and collects output
+ * messages with into __pam_msg.  This is used during initial
+ * authentication to bypass the normal PAM password prompt.
+ *
+ * OTHER mode handles PAM_PROMPT_ECHO_OFF with read_passphrase()
+ * and outputs messages to stderr. This mode is used if pam_chauthtok()
+ * is called to update expired passwords.
+ */
+static int do_pam_conversation(int num_msg, const struct pam_message **msg,
+	struct pam_response **resp, void *appdata_ptr)
+{
+	struct pam_response *reply;
+	int count;
+	char buf[1024];
+
+	/* PAM will free this later */
+	reply = malloc(num_msg * sizeof(*reply));
+	if (reply == NULL)
+		return PAM_CONV_ERR;
+
+	for (count = 0; count < num_msg; count++) {
+		if (pamstate == INITIAL_LOGIN) {
+			/*
+			 * We can't use stdio yet, queue messages for 
+			 * printing later
+			 */
+			switch(PAM_MSG_MEMBER(msg, count, msg_style)) {
+			case PAM_PROMPT_ECHO_ON:
+				free(reply);
+				return PAM_CONV_ERR;
+			case PAM_PROMPT_ECHO_OFF:
+				if (__pampasswd == NULL) {
+					free(reply);
+					return PAM_CONV_ERR;
+				}
+				reply[count].resp = xstrdup(__pampasswd);
+				reply[count].resp_retcode = PAM_SUCCESS;
+				break;
+			case PAM_ERROR_MSG:
+			case PAM_TEXT_INFO:
+				if ((*msg)[count].msg != NULL) {
+					message_cat(&__pam_msg, 
+					    PAM_MSG_MEMBER(msg, count, msg));
+				}
+				reply[count].resp = xstrdup("");
+				reply[count].resp_retcode = PAM_SUCCESS;
+				break;
+			default:
+				free(reply);
+				return PAM_CONV_ERR;
+			}
+		} else {
+			/*
+			 * stdio is connected, so interact directly
+			 */
+			switch(PAM_MSG_MEMBER(msg, count, msg_style)) {
+			case PAM_PROMPT_ECHO_ON:
+				fputs(PAM_MSG_MEMBER(msg, count, msg), stderr);
+				fgets(buf, sizeof(buf), stdin);
+				reply[count].resp = xstrdup(buf);
+				reply[count].resp_retcode = PAM_SUCCESS;
+				break;
+			case PAM_PROMPT_ECHO_OFF:
+				reply[count].resp = 
+				    read_passphrase(PAM_MSG_MEMBER(msg, count,
+					msg), RP_ALLOW_STDIN);
+				reply[count].resp_retcode = PAM_SUCCESS;
+				break;
+			case PAM_ERROR_MSG:
+			case PAM_TEXT_INFO:
+				if ((*msg)[count].msg != NULL)
+					fprintf(stderr, "%s\n", 
+					    PAM_MSG_MEMBER(msg, count, msg));
+				reply[count].resp = xstrdup("");
+				reply[count].resp_retcode = PAM_SUCCESS;
+				break;
+			default:
+				free(reply);
+				return PAM_CONV_ERR;
+			}
+		}
+	}
+
+	*resp = reply;
+
+	return PAM_SUCCESS;
+}
+
+/* Called at exit to cleanly shutdown PAM */
+void do_pam_cleanup_proc(void *context)
+{
+	int pam_retval = PAM_SUCCESS;
+
+	if (__pamh && session_opened) {
+		pam_retval = pam_close_session(__pamh, 0);
+		if (pam_retval != PAM_SUCCESS)
+			log("Cannot close PAM session[%d]: %.200s",
+			    pam_retval, PAM_STRERROR(__pamh, pam_retval));
+	}
+
+	if (__pamh && creds_set) {
+		pam_retval = pam_setcred(__pamh, PAM_DELETE_CRED);
+		if (pam_retval != PAM_SUCCESS)
+			debug("Cannot delete credentials[%d]: %.200s", 
+			    pam_retval, PAM_STRERROR(__pamh, pam_retval));
+	}
+
+	if (__pamh) {
+		pam_retval = pam_end(__pamh, pam_retval);
+		if (pam_retval != PAM_SUCCESS)
+			log("Cannot release PAM authentication[%d]: %.200s",
+			    pam_retval, PAM_STRERROR(__pamh, pam_retval));
+	}
+}
+
+/* Attempt password authentation using PAM */
+int auth_pam_password(struct passwd *pw, const char *password)
+{
+	extern ServerOptions options;
+	int pam_retval;
+
+	do_pam_set_conv(&conv);
+
+	/* deny if no user. */
+	if (pw == NULL)
+		return 0;
+	if (pw->pw_uid == 0 && options.permit_root_login == PERMIT_NO_PASSWD)
+		return 0;
+	if (*password == '\0' && options.permit_empty_passwd == 0)
+		return 0;
+
+	__pampasswd = password;
+
+	pamstate = INITIAL_LOGIN;
+	pam_retval = do_pam_authenticate(
+	    options.permit_empty_passwd == 0 ? PAM_DISALLOW_NULL_AUTHTOK : 0);
+	if (pam_retval == PAM_SUCCESS) {
+		debug("PAM Password authentication accepted for "
+		    "user \"%.100s\"", pw->pw_name);
+		return 1;
+	} else {
+		debug("PAM Password authentication for \"%.100s\" "
+		    "failed[%d]: %s", pw->pw_name, pam_retval, 
+		    PAM_STRERROR(__pamh, pam_retval));
+		return 0;
+	}
+}
+
+/* Do account management using PAM */
+int do_pam_account(char *username, char *remote_user)
+{
+	int pam_retval;
+
+	do_pam_set_conv(&conv);
+
+	if (remote_user) {
+		debug("PAM setting ruser to \"%.200s\"", remote_user);
+		pam_retval = pam_set_item(__pamh, PAM_RUSER, remote_user);
+		if (pam_retval != PAM_SUCCESS)
+			fatal("PAM set ruser failed[%d]: %.200s", pam_retval, 
+			    PAM_STRERROR(__pamh, pam_retval));
+	}
+
+	pam_retval = pam_acct_mgmt(__pamh, 0);
+	switch (pam_retval) {
+		case PAM_SUCCESS:
+			/* This is what we want */
+			break;
+		case PAM_NEW_AUTHTOK_REQD:
+			message_cat(&__pam_msg, NEW_AUTHTOK_MSG);
+			/* flag that password change is necessary */
+			password_change_required = 1;
+			break;
+		default:
+			log("PAM rejected by account configuration[%d]: "
+			    "%.200s", pam_retval, PAM_STRERROR(__pamh, 
+			    pam_retval));
+			return(0);
+	}
+
+	return(1);
+}
+
+/* Do PAM-specific session initialisation */
+void do_pam_session(char *username, const char *ttyname)
+{
+	int pam_retval;
+
+	do_pam_set_conv(&conv);
+
+	if (ttyname != NULL) {
+		debug("PAM setting tty to \"%.200s\"", ttyname);
+		pam_retval = pam_set_item(__pamh, PAM_TTY, ttyname);
+		if (pam_retval != PAM_SUCCESS)
+			fatal("PAM set tty failed[%d]: %.200s",
+			    pam_retval, PAM_STRERROR(__pamh, pam_retval));
+	}
+
+	pam_retval = pam_open_session(__pamh, 0);
+	if (pam_retval != PAM_SUCCESS)
+		fatal("PAM session setup failed[%d]: %.200s",
+		    pam_retval, PAM_STRERROR(__pamh, pam_retval));
+
+	session_opened = 1;
+}
+
+/* Set PAM credentials */
+void do_pam_setcred(int init)
+{
+	int pam_retval;
+
+	do_pam_set_conv(&conv);
+
+	debug("PAM establishing creds");
+	pam_retval = pam_setcred(__pamh, 
+	    init ? PAM_ESTABLISH_CRED : PAM_REINITIALIZE_CRED);
+	if (pam_retval != PAM_SUCCESS) {
+		if (was_authenticated)
+			fatal("PAM setcred failed[%d]: %.200s",
+			    pam_retval, PAM_STRERROR(__pamh, pam_retval));
+		else
+			debug("PAM setcred failed[%d]: %.200s",
+			    pam_retval, PAM_STRERROR(__pamh, pam_retval));
+	} else
+		creds_set = 1;
+}
+
+/* accessor function for file scope static variable */
+int is_pam_password_change_required(void)
+{
+	return password_change_required;
+}
+
+/*
+ * Have user change authentication token if pam_acct_mgmt() indicated
+ * it was expired.  This needs to be called after an interactive
+ * session is established and the user's pty is connected to
+ * stdin/stout/stderr.
+ */
+void do_pam_chauthtok(void)
+{
+	int pam_retval;
+
+	do_pam_set_conv(&conv);
+
+	if (password_change_required) {
+		pamstate = OTHER;
+		pam_retval = pam_chauthtok(__pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
+		if (pam_retval != PAM_SUCCESS)
+			fatal("PAM pam_chauthtok failed[%d]: %.200s",
+			    pam_retval, PAM_STRERROR(__pamh, pam_retval));
+	}
+}
+
+/* Cleanly shutdown PAM */
+void finish_pam(void)
+{
+	do_pam_cleanup_proc(NULL);
+	fatal_remove_cleanup(&do_pam_cleanup_proc, NULL);
+}
+
+/* Start PAM authentication for specified account */
+void start_pam(const char *user)
+{
+	int pam_retval;
+	extern ServerOptions options;
+	extern u_int utmp_len;
+	const char *rhost;
+
+	debug("Starting up PAM with username \"%.200s\"", user);
+
+	pam_retval = pam_start(SSHD_PAM_SERVICE, user, &conv, &__pamh);
+
+	if (pam_retval != PAM_SUCCESS)
+		fatal("PAM initialisation failed[%d]: %.200s",
+		    pam_retval, PAM_STRERROR(__pamh, pam_retval));
+
+	rhost = get_remote_name_or_ip(utmp_len, options.verify_reverse_mapping);
+	debug("PAM setting rhost to \"%.200s\"", rhost);
+
+	pam_retval = pam_set_item(__pamh, PAM_RHOST, rhost);
+	if (pam_retval != PAM_SUCCESS)
+		fatal("PAM set rhost failed[%d]: %.200s", pam_retval,
+		    PAM_STRERROR(__pamh, pam_retval));
+#ifdef PAM_TTY_KLUDGE
+	/*
+	 * Some PAM modules (e.g. pam_time) require a TTY to operate,
+	 * and will fail in various stupid ways if they don't get one.
+	 * sshd doesn't set the tty until too late in the auth process and may
+	 * not even need one (for tty-less connections)
+	 * Kludge: Set a fake PAM_TTY
+	 */
+	pam_retval = pam_set_item(__pamh, PAM_TTY, "NODEVssh");
+	if (pam_retval != PAM_SUCCESS)
+		fatal("PAM set tty failed[%d]: %.200s",
+		    pam_retval, PAM_STRERROR(__pamh, pam_retval));
+#endif /* PAM_TTY_KLUDGE */
+
+	fatal_add_cleanup(&do_pam_cleanup_proc, NULL);
+}
+
+/* Return list of PAM enviornment strings */
+char **fetch_pam_environment(void)
+{
+#ifdef HAVE_PAM_GETENVLIST
+	return(pam_getenvlist(__pamh));
+#else /* HAVE_PAM_GETENVLIST */
+	return(NULL);
+#endif /* HAVE_PAM_GETENVLIST */
+}
+
+/* Print any messages that have been generated during authentication */
+/* or account checking to stderr */
+void print_pam_messages(void)
+{
+	if (__pam_msg != NULL)
+		fputs(__pam_msg, stderr);
+}
+
+/* Append a message to buffer */
+void message_cat(char **p, const char *a)
+{
+	char *cp;
+	size_t new_len;
+
+	new_len = strlen(a);
+
+	if (*p) {
+		size_t len = strlen(*p);
+
+		*p = xrealloc(*p, new_len + len + 2);
+		cp = *p + len;
+	} else
+		*p = cp = xmalloc(new_len + 2);
+
+	memcpy(cp, a, new_len);
+	cp[new_len] = '\n';
+	cp[new_len + 1] = '\0';
+}
+
+#endif /* USE_PAM */
diff -ruN --exclude CVS ssh-openbsd-2002030700/auth-pam.h openssh-3.1p1/auth-pam.h
--- ssh-openbsd-2002030700/auth-pam.h	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/auth-pam.h	Tue Mar 27 16:12:24 2001
@@ -0,0 +1,22 @@
+/* $Id: auth-pam.h,v 1.11 2001/03/27 06:12:24 djm Exp $ */
+
+#include "includes.h"
+#ifdef USE_PAM
+
+#include <pwd.h> /* For struct passwd */
+
+void start_pam(const char *user);
+void finish_pam(void);
+int auth_pam_password(struct passwd *pw, const char *password);
+char **fetch_pam_environment(void);
+int do_pam_authenticate(int flags);
+int do_pam_account(char *username, char *remote_user);
+void do_pam_session(char *username, const char *ttyname);
+void do_pam_setcred(int init);
+void print_pam_messages(void);
+int is_pam_password_change_required(void);
+void do_pam_chauthtok(void);
+void do_pam_set_conv(struct pam_conv *);
+void message_cat(char **p, const char *a);
+
+#endif /* USE_PAM */
diff -ruN --exclude CVS ssh-openbsd-2002030700/auth-passwd.c openssh-3.1p1/auth-passwd.c
--- ssh-openbsd-2002030700/auth-passwd.c	Thu Mar  7 12:02:03 2002
+++ openssh-3.1p1/auth-passwd.c	Tue Mar  5 12:45:57 2002
@@ -38,11 +38,47 @@
 #include "includes.h"
 RCSID("$OpenBSD: auth-passwd.c,v 1.24 2002/03/04 12:43:06 markus Exp $");
 
+#if !defined(USE_PAM) && !defined(HAVE_OSF_SIA)
+
 #include "packet.h"
 #include "log.h"
 #include "servconf.h"
 #include "auth.h"
 
+#ifdef HAVE_CRYPT_H
+# include <crypt.h>
+#endif
+#ifdef WITH_AIXAUTHENTICATE
+# include <login.h>
+#endif
+#ifdef __hpux
+# include <hpsecurity.h>
+# include <prot.h>
+#endif
+#ifdef HAVE_SCO_PROTECTED_PW
+# include <sys/security.h>
+# include <sys/audit.h>
+# include <prot.h>
+#endif /* HAVE_SCO_PROTECTED_PW */
+#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
+# include <shadow.h>
+#endif
+#if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
+# include <sys/label.h>
+# include <sys/audit.h>
+# include <pwdadj.h>
+#endif
+#if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT)
+# include "md5crypt.h"
+#endif /* defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) */
+
+#ifdef HAVE_CYGWIN
+#undef ERROR
+#include <windows.h>
+#include <sys/cygwin.h>
+#define is_winnt       (GetVersion() < 0x80000000)
+#endif
+
 
 extern ServerOptions options;
 
@@ -55,12 +91,40 @@
 {
 	struct passwd * pw = authctxt->pw;
 	char *encrypted_password;
+	char *pw_password;
+	char *salt;
+#ifdef __hpux
+	struct pr_passwd *spw;
+#endif
+#ifdef HAVE_SCO_PROTECTED_PW
+	struct pr_passwd *spw;
+#endif /* HAVE_SCO_PROTECTED_PW */
+#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
+	struct spwd *spw;
+#endif
+#if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
+	struct passwd_adjunct *spw;
+#endif
+#ifdef WITH_AIXAUTHENTICATE
+	char *authmsg;
+	char *loginmsg;
+	int reenter = 1;
+#endif
 
 	/* deny if no user. */
 	if (pw == NULL)
 		return 0;
-	if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES)
+#ifndef HAVE_CYGWIN
+       if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES)
 		return 0;
+#endif
+#ifdef HAVE_CYGWIN
+	/*
+	 * Empty password is only possible on NT if the user has _really_
+	 * an empty password and authentication is done, though.
+	 */
+	if (!is_winnt)
+#endif
 	if (*password == '\0' && options.permit_empty_passwd == 0)
 		return 0;
 #ifdef KRB5
@@ -71,6 +135,19 @@
 		/* Fall back to ordinary passwd authentication. */
 	}
 #endif
+#ifdef HAVE_CYGWIN
+	if (is_winnt) {
+		HANDLE hToken = cygwin_logon_user(pw, password);
+
+		if (hToken == INVALID_HANDLE_VALUE)
+			return 0;
+		cygwin_set_impersonation_token(hToken);
+		return 1;
+	}
+#endif
+#ifdef WITH_AIXAUTHENTICATE
+	return (authenticate(pw->pw_name,password,&reenter,&authmsg) == 0);
+#endif
 #ifdef KRB4
 	if (options.kerberos_authentication == 1) {
 		int ret = auth_krb4_password(authctxt, password);
@@ -86,13 +163,63 @@
 	else
 		return 1;
 #endif
+	pw_password = pw->pw_passwd;
+
+	/*
+	 * Various interfaces to shadow or protected password data
+	 */
+#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
+	spw = getspnam(pw->pw_name);
+	if (spw != NULL)
+		pw_password = spw->sp_pwdp;
+#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
+
+#ifdef HAVE_SCO_PROTECTED_PW
+	spw = getprpwnam(pw->pw_name);
+	if (spw != NULL)
+		pw_password = spw->ufld.fd_encrypt;
+#endif /* HAVE_SCO_PROTECTED_PW */
+
+#if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
+	if (issecure() && (spw = getpwanam(pw->pw_name)) != NULL)
+		pw_password = spw->pwa_passwd;
+#endif /* defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) */
+
+#if defined(__hpux)
+	if (iscomsec() && (spw = getprpwnam(pw->pw_name)) != NULL)
+		pw_password = spw->ufld.fd_encrypt;
+#endif /* defined(__hpux) */
+
 	/* Check for users with no password. */
-	if (strcmp(password, "") == 0 && strcmp(pw->pw_passwd, "") == 0)
+	if ((password[0] == '\0') && (pw_password[0] == '\0'))
 		return 1;
-	/* Encrypt the candidate password using the proper salt. */
-	encrypted_password = crypt(password,
-	    (pw->pw_passwd[0] && pw->pw_passwd[1]) ? pw->pw_passwd : "xx");
+
+	if (pw_password[0] != '\0')
+		salt = pw_password;
+	else
+		salt = "xx";
+
+#ifdef HAVE_MD5_PASSWORDS
+	if (is_md5_salt(salt))
+		encrypted_password = md5_crypt(password, salt);
+	else
+		encrypted_password = crypt(password, salt);
+#else /* HAVE_MD5_PASSWORDS */
+# ifdef __hpux
+	if (iscomsec())
+		encrypted_password = bigcrypt(password, salt);
+	else
+		encrypted_password = crypt(password, salt);
+# else
+#  ifdef HAVE_SCO_PROTECTED_PW
+	encrypted_password = bigcrypt(password, salt);
+#  else
+	encrypted_password = crypt(password, salt);
+#  endif /* HAVE_SCO_PROTECTED_PW */
+# endif /* __hpux */
+#endif /* HAVE_MD5_PASSWORDS */
 
 	/* Authentication is accepted if the encrypted passwords are identical. */
-	return (strcmp(encrypted_password, pw->pw_passwd) == 0);
+	return (strcmp(encrypted_password, pw_password) == 0);
 }
+#endif /* !USE_PAM && !HAVE_OSF_SIA */
diff -ruN --exclude CVS ssh-openbsd-2002030700/auth-sia.c openssh-3.1p1/auth-sia.c
--- ssh-openbsd-2002030700/auth-sia.c	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/auth-sia.c	Tue Feb  5 12:40:47 2002
@@ -0,0 +1,107 @@
+#include "includes.h"
+
+#ifdef HAVE_OSF_SIA
+#include "ssh.h"
+#include "auth-sia.h"
+#include "log.h"
+#include "servconf.h"
+#include "canohost.h"
+
+#include <sia.h>
+#include <siad.h>
+#include <pwd.h>
+#include <signal.h>
+#include <setjmp.h>
+#include <sys/resource.h>
+#include <unistd.h>
+#include <string.h>
+
+extern ServerOptions options;
+extern int saved_argc;
+extern char **saved_argv;
+
+extern int errno;
+
+int
+auth_sia_password(char *user, char *pass)
+{
+	int ret;
+	SIAENTITY *ent = NULL;
+	const char *host;
+
+	host = get_canonical_hostname(options.verify_reverse_mapping);
+
+	if (!user || !pass)
+		return(0);
+
+	if (sia_ses_init(&ent, saved_argc, saved_argv, host, user, NULL, 0,
+	    NULL) != SIASUCCESS)
+		return(0);
+
+	if ((ret = sia_ses_authent(NULL, pass, ent)) != SIASUCCESS) {
+		error("couldn't authenticate %s from %s", user, host);
+		if (ret & SIASTOP)
+			sia_ses_release(&ent);
+		return(0);
+	}
+
+	sia_ses_release(&ent);
+
+	return(1);
+}
+
+void
+session_setup_sia(char *user, char *tty)
+{
+	int ret;
+	struct passwd *pw;
+	SIAENTITY *ent = NULL;
+	const char *host;
+
+	host = get_canonical_hostname (options.verify_reverse_mapping);
+
+	if (sia_ses_init(&ent, saved_argc, saved_argv, host, user, tty, 0,
+	    NULL) != SIASUCCESS) {
+		error("sia_ses_init failed");
+		exit(1);
+	}
+
+	if ((pw = getpwnam(user)) == NULL) {
+		sia_ses_release(&ent);
+		error("getpwnam(%s) failed: %s", user, strerror(errno));
+		exit(1);
+	}
+	if (sia_make_entity_pwd(pw, ent) != SIASUCCESS) {
+		sia_ses_release(&ent);
+		error("sia_make_entity_pwd failed");
+		exit(1);
+	}
+
+	ent->authtype = SIA_A_NONE;
+	if (sia_ses_estab(sia_collect_trm, ent) != SIASUCCESS) {
+		error("couldn't establish session for %s from %s", user,
+		    host);
+		exit(1);
+	}
+
+	if (setpriority(PRIO_PROCESS, 0, 0) == -1) {
+		sia_ses_release(&ent);
+		error("setpriority failed: %s", strerror (errno));
+		exit(1);
+	}
+
+	if (sia_ses_launch(sia_collect_trm, ent) != SIASUCCESS) {
+		error("couldn't launch session for %s from %s", user, host);
+		exit(1);
+	}
+	
+	sia_ses_release(&ent);
+
+	if (setreuid(geteuid(), geteuid()) < 0) {
+		error("setreuid failed: %s", strerror (errno));
+		exit(1);
+	}
+}
+
+#endif /* HAVE_OSF_SIA */
+
diff -ruN --exclude CVS ssh-openbsd-2002030700/auth-sia.h openssh-3.1p1/auth-sia.h
--- ssh-openbsd-2002030700/auth-sia.h	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/auth-sia.h	Wed Feb 14 01:25:23 2001
@@ -0,0 +1,8 @@
+#include "includes.h"
+
+#ifdef HAVE_OSF_SIA
+
+int	auth_sia_password(char *user, char *pass);
+void	session_setup_sia(char *user, char *tty);
+
+#endif /* HAVE_OSF_SIA */
diff -ruN --exclude CVS ssh-openbsd-2002030700/auth.c openssh-3.1p1/auth.c
--- ssh-openbsd-2002030700/auth.c	Thu Mar  7 12:02:03 2002
+++ openssh-3.1p1/auth.c	Tue Mar  5 12:42:43 2002
@@ -25,7 +25,16 @@
 #include "includes.h"
 RCSID("$OpenBSD: auth.c,v 1.35 2002/03/01 13:12:10 markus Exp $");
 
+#ifdef HAVE_LOGIN_H
+#include <login.h>
+#endif
+#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
+#include <shadow.h>
+#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
+
+#ifdef HAVE_LIBGEN_H
 #include <libgen.h>
+#endif
 
 #include "xmalloc.h"
 #include "match.h"
@@ -59,10 +68,35 @@
 	const char *hostname = NULL, *ipaddr = NULL;
 	char *shell;
 	int i;
+#ifdef WITH_AIXAUTHENTICATE
+	char *loginmsg;
+#endif /* WITH_AIXAUTHENTICATE */
+#if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \
+	!defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
+	struct spwd *spw;
+
+	/* Shouldn't be called if pw is NULL, but better safe than sorry... */
+	if (!pw || !pw->pw_name)
+		return 0;
+
+	spw = getspnam(pw->pw_name);
+	if (spw != NULL) {
+		int days = time(NULL) / 86400;
+
+		/* Check account expiry */
+		if ((spw->sp_expire >= 0) && (days > spw->sp_expire))
+			return 0;
 
+		/* Check password expiry */
+		if ((spw->sp_lstchg >= 0) && (spw->sp_max >= 0) &&
+		    (days > (spw->sp_lstchg + spw->sp_max)))
+			return 0;
+	}
+#else
 	/* Shouldn't be called if pw is NULL, but better safe than sorry... */
 	if (!pw || !pw->pw_name)
 		return 0;
+#endif
 
 	/*
 	 * Get the shell from the password data.  An empty shell field is
@@ -141,6 +175,24 @@
 			}
 		ga_free();
 	}
+
+#ifdef WITH_AIXAUTHENTICATE
+	if (loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &loginmsg) != 0) {
+		if (loginmsg && *loginmsg) {
+			/* Remove embedded newlines (if any) */
+			char *p;
+			for (p = loginmsg; *p; p++) {
+				if (*p == '\n')
+					*p = ' ';
+			}
+			/* Remove trailing newline */
+			*--p = '\0';
+			log("Login restricted for %s: %.100s", pw->pw_name, loginmsg);
+		}
+		return 0;
+	}
+#endif /* WITH_AIXAUTHENTICATE */
+
 	/* We found no reason not to let this user try to log on... */
 	return 1;
 }
diff -ruN --exclude CVS ssh-openbsd-2002030700/auth.h openssh-3.1p1/auth.h
--- ssh-openbsd-2002030700/auth.h	Thu Mar  7 12:02:03 2002
+++ openssh-3.1p1/auth.h	Tue Mar  5 12:53:04 2002
@@ -118,6 +118,9 @@
 void	krb5_cleanup_proc(void *authctxt);
 #endif /* KRB5 */
 
+#include "auth-pam.h"
+#include "auth2-pam.h"
+
 void	do_authentication(void);
 void	do_authentication2(void);
 
diff -ruN --exclude CVS ssh-openbsd-2002030700/auth1.c openssh-3.1p1/auth1.c
--- ssh-openbsd-2002030700/auth1.c	Tue Feb  5 08:15:38 2002
+++ openssh-3.1p1/auth1.c	Thu Feb 14 20:39:50 2002
@@ -84,7 +84,13 @@
 #if defined(KRB4) || defined(KRB5)
 	    (!options.kerberos_authentication || options.kerberos_or_local_passwd) &&
 #endif
+#ifdef USE_PAM
+	    auth_pam_password(pw, "")) {
+#elif defined(HAVE_OSF_SIA)
+	    0) {
+#else
 	    auth_password(authctxt, "")) {
+#endif
 		auth_log(authctxt, 1, "without authentication", "");
 		return;
 	}
@@ -94,6 +100,8 @@
 	packet_send();
 	packet_write_wait();
 
+	client_user = NULL;
+
 	for (;;) {
 		/* default to fail */
 		authenticated = 0;
@@ -127,7 +135,6 @@
 						snprintf(info, sizeof(info),
 						    " tktuser %.100s",
 						    client_user);
-						xfree(client_user);
 					}
 #endif /* KRB4 */
 				} else {
@@ -141,7 +148,6 @@
 						snprintf(info, sizeof(info),
 						    " tktuser %.100s",
 						    client_user);
-						xfree(client_user);
 					}
 #endif /* KRB5 */
 				}
@@ -180,7 +186,6 @@
 			authenticated = auth_rhosts(pw, client_user);
 
 			snprintf(info, sizeof info, " ruser %.100s", client_user);
-			xfree(client_user);
 			break;
 
 		case SSH_CMSG_AUTH_RHOSTS_RSA:
@@ -212,7 +217,6 @@
 			key_free(client_host_key);
 
 			snprintf(info, sizeof info, " ruser %.100s", client_user);
-			xfree(client_user);
 			break;
 
 		case SSH_CMSG_AUTH_RSA:
@@ -242,8 +246,17 @@
 			password = packet_get_string(&dlen);
 			packet_check_eom();
 
+#ifdef USE_PAM
+			/* Do PAM auth with password */
+			authenticated = auth_pam_password(pw, password);
+#elif defined(HAVE_OSF_SIA)
+			/* Do SIA auth with password */
+			authenticated = auth_sia_password(authctxt->user, 
+			    password);
+#else /* !USE_PAM && !HAVE_OSF_SIA */
 			/* Try authentication with the password. */
 			authenticated = auth_password(authctxt, password);
+#endif /* USE_PAM */
 
 			memset(password, 0, strlen(password));
 			xfree(password);
@@ -294,19 +307,43 @@
 			fatal("INTERNAL ERROR: authenticated invalid user %s",
 			    authctxt->user);
 
+#ifdef HAVE_CYGWIN
+		if (authenticated &&
+		    !check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD, pw)) {
+			packet_disconnect("Authentication rejected for uid %d.",
+			pw == NULL ? -1 : pw->pw_uid);
+			authenticated = 0;
+		}
+#else
 		/* Special handling for root */
 		if (authenticated && authctxt->pw->pw_uid == 0 &&
 		    !auth_root_allowed(get_authname(type)))
 			authenticated = 0;
+#endif
+#ifdef USE_PAM
+		if (authenticated && !do_pam_account(pw->pw_name, client_user))
+			authenticated = 0;
+#endif
 
 		/* Log before sending the reply */
 		auth_log(authctxt, authenticated, get_authname(type), info);
 
+		if (client_user != NULL) {
+			xfree(client_user);
+			client_user = NULL;
+		}
+
 		if (authenticated)
 			return;
 
-		if (authctxt->failures++ > AUTH_FAIL_MAX)
+		if (authctxt->failures++ > AUTH_FAIL_MAX) {
+#ifdef WITH_AIXAUTHENTICATE
+			loginfailed(authctxt->user,
+			    get_canonical_hostname(options.verify_reverse_mapping),
+			    "ssh");
+#endif /* WITH_AIXAUTHENTICATE */
 			packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
+		}
 
 		packet_start(SSH_SMSG_FAILURE);
 		packet_send();
@@ -357,12 +394,18 @@
 
 	setproctitle("%s", pw ? user : "unknown");
 
+#ifdef USE_PAM
+	start_pam(pw == NULL ? "NOUSER" : user);
+#endif
+
 	/*
 	 * If we are not running as root, the user must have the same uid as
-	 * the server.
+	 * the server. (Unless you are running Windows)
 	 */
+#ifndef HAVE_CYGWIN
 	if (getuid() != 0 && pw && pw->pw_uid != getuid())
 		packet_disconnect("Cannot change user when server not running as root.");
+#endif
 
 	/*
 	 * Loop until the user has been authenticated or the connection is
diff -ruN --exclude CVS ssh-openbsd-2002030700/auth2-pam.c openssh-3.1p1/auth2-pam.c
--- ssh-openbsd-2002030700/auth2-pam.c	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/auth2-pam.c	Tue Jan 22 23:43:13 2002
@@ -0,0 +1,158 @@
+#include "includes.h"
+RCSID("$Id: auth2-pam.c,v 1.12 2002/01/22 12:43:13 djm Exp $");
+
+#ifdef USE_PAM
+#include <security/pam_appl.h>
+
+#include "ssh.h"
+#include "ssh2.h"
+#include "auth.h"
+#include "auth-pam.h"
+#include "packet.h"
+#include "xmalloc.h"
+#include "dispatch.h"
+#include "log.h"
+
+static int do_pam_conversation_kbd_int(int num_msg, 
+    const struct pam_message **msg, struct pam_response **resp, 
+    void *appdata_ptr);
+void input_userauth_info_response_pam(int type, u_int32_t seqnr, void *ctxt);
+
+struct {
+	int finished, num_received, num_expected;
+	int *prompts;
+	struct pam_response *responses;
+} context_pam2 = {0, 0, 0, NULL};
+
+static struct pam_conv conv2 = {
+	do_pam_conversation_kbd_int,
+	NULL,
+};
+
+int
+auth2_pam(Authctxt *authctxt)
+{
+	int retval = -1;
+
+	if (authctxt->user == NULL)
+		fatal("auth2_pam: internal error: no user");
+
+	conv2.appdata_ptr = authctxt;
+	do_pam_set_conv(&conv2);
+
+	dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE,
+	    &input_userauth_info_response_pam);
+	retval = (do_pam_authenticate(0) == PAM_SUCCESS);
+	dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, NULL);
+
+	return retval;
+}
+
+static int
+do_pam_conversation_kbd_int(int num_msg, const struct pam_message **msg,
+    struct pam_response **resp, void *appdata_ptr)
+{
+	int i, j, done;
+	char *text;
+
+	context_pam2.finished = 0;
+	context_pam2.num_received = 0;
+	context_pam2.num_expected = 0;
+	context_pam2.prompts = xmalloc(sizeof(int) * num_msg);
+	context_pam2.responses = xmalloc(sizeof(struct pam_response) * num_msg);
+	memset(context_pam2.responses, 0, sizeof(struct pam_response) * num_msg);
+
+	text = NULL;
+	for (i = 0, context_pam2.num_expected = 0; i < num_msg; i++) {
+		int style = PAM_MSG_MEMBER(msg, i, msg_style);
+		switch (style) {
+		case PAM_PROMPT_ECHO_ON:
+		case PAM_PROMPT_ECHO_OFF:
+			context_pam2.num_expected++;
+			break;
+		case PAM_TEXT_INFO:
+		case PAM_ERROR_MSG:
+		default:
+			/* Capture all these messages to be sent at once */
+			message_cat(&text, PAM_MSG_MEMBER(msg, i, msg));
+			break;
+		}
+	}
+
+	if (context_pam2.num_expected == 0)
+		return PAM_SUCCESS;
+
+	packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST);
+	packet_put_cstring("");	/* Name */
+	packet_put_cstring("");	/* Instructions */
+	packet_put_cstring("");	/* Language */
+	packet_put_int(context_pam2.num_expected);
+	
+	for (i = 0, j = 0; i < num_msg; i++) {
+		int style = PAM_MSG_MEMBER(msg, i, msg_style);
+		
+		/* Skip messages which don't need a reply */
+		if (style != PAM_PROMPT_ECHO_ON && style != PAM_PROMPT_ECHO_OFF)
+			continue;
+		
+		context_pam2.prompts[j++] = i;
+		if (text) {
+			message_cat(&text, PAM_MSG_MEMBER(msg, i, msg));
+			packet_put_cstring(text);
+			text = NULL;
+		} else
+			packet_put_cstring(PAM_MSG_MEMBER(msg, i, msg));
+		packet_put_char(style == PAM_PROMPT_ECHO_ON);
+	}
+	packet_send();
+	packet_write_wait();
+
+	/*
+	 * Grabbing control of execution and spinning until we get what
+	 * we want is probably rude, but it seems to work properly, and
+	 * the client *should* be in lock-step with us, so the loop should
+	 * only be traversed once.
+	 */
+	while(context_pam2.finished == 0) {
+		done = 1;
+		dispatch_run(DISPATCH_BLOCK, &done, appdata_ptr);
+		if(context_pam2.finished == 0)
+			debug("extra packet during conversation");
+	}
+
+	if(context_pam2.num_received == context_pam2.num_expected) {
+		*resp = context_pam2.responses;
+		return PAM_SUCCESS;
+	} else
+		return PAM_CONV_ERR;
+}
+
+void
+input_userauth_info_response_pam(int type, u_int32_t seqnr, void *ctxt)
+{
+	Authctxt *authctxt = ctxt;
+	unsigned int nresp = 0, rlen = 0, i = 0;
+	char *resp;
+
+	if (authctxt == NULL)
+		fatal("input_userauth_info_response_pam: no authentication context");
+
+	nresp = packet_get_int();	/* Number of responses. */
+	debug("got %d responses", nresp);
+
+	for (i = 0; i < nresp; i++) {
+		int j = context_pam2.prompts[i];
+
+		resp = packet_get_string(&rlen);
+		context_pam2.responses[j].resp_retcode = PAM_SUCCESS;
+		context_pam2.responses[j].resp = xstrdup(resp);
+		xfree(resp);
+		context_pam2.num_received++;
+	}
+
+	context_pam2.finished = 1;
+
+	packet_check_eom();
+}
+
+#endif
diff -ruN --exclude CVS ssh-openbsd-2002030700/auth2-pam.h openssh-3.1p1/auth2-pam.h
--- ssh-openbsd-2002030700/auth2-pam.h	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/auth2-pam.h	Fri Feb  9 12:55:36 2001
@@ -0,0 +1,8 @@
+/* $Id: auth2-pam.h,v 1.2 2001/02/09 01:55:36 djm Exp $ */
+
+#include "includes.h"
+#ifdef USE_PAM
+
+int	auth2_pam(Authctxt *authctxt);
+
+#endif /* USE_PAM */
diff -ruN --exclude CVS ssh-openbsd-2002030700/auth2.c openssh-3.1p1/auth2.c
--- ssh-openbsd-2002030700/auth2.c	Tue Feb 26 22:39:27 2002
+++ openssh-3.1p1/auth2.c	Wed Feb 27 05:09:43 2002
@@ -119,6 +119,8 @@
 	/* challenge-response is implemented via keyboard interactive */
 	if (options.challenge_response_authentication)
 		options.kbd_interactive_authentication = 1;
+	if (options.pam_authentication_via_kbd_int)
+		options.kbd_interactive_authentication = 1;
 
 	dispatch_init(&dispatch_protocol_error);
 	dispatch_set(SSH2_MSG_SERVICE_REQUEST, &input_service_request);
@@ -187,8 +189,14 @@
 			authctxt->pw = pwcopy(pw);
 			authctxt->valid = 1;
 			debug2("input_userauth_request: setting up authctxt for %s", user);
+#ifdef USE_PAM
+			start_pam(pw->pw_name);
+#endif
 		} else {
 			log("input_userauth_request: illegal user %s", user);
+#ifdef USE_PAM
+			start_pam("NOUSER");
+#endif
 		}
 		setproctitle("%s", pw ? user : "unknown");
 		authctxt->user = xstrdup(user);
@@ -231,6 +239,12 @@
 	    !auth_root_allowed(method))
 		authenticated = 0;
 
+#ifdef USE_PAM
+	if (authenticated && authctxt->user && !do_pam_account(authctxt->user,
+	    NULL))
+		authenticated = 0;
+#endif /* USE_PAM */
+
 	/* Log before sending the reply */
 	auth_log(authctxt, authenticated, method, " ssh2");
 
@@ -247,8 +261,14 @@
 		/* now we can break out */
 		authctxt->success = 1;
 	} else {
-		if (authctxt->failures++ > AUTH_FAIL_MAX)
+		if (authctxt->failures++ > AUTH_FAIL_MAX) {
+#ifdef WITH_AIXAUTHENTICATE
+			loginfailed(authctxt->user,
+			    get_canonical_hostname(options.verify_reverse_mapping),
+			    "ssh");
+#endif /* WITH_AIXAUTHENTICATE */
 			packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
+		}
 		methods = authmethods_get();
 		packet_start(SSH2_MSG_USERAUTH_FAILURE);
 		packet_put_cstring(methods);
@@ -299,7 +319,21 @@
 		m->enabled = NULL;
 	packet_check_eom();
 	userauth_banner();
-	return authctxt->valid ? auth_password(authctxt, "") : 0;
+
+	if (authctxt->valid == 0)
+		return(0);
+
+#ifdef HAVE_CYGWIN
+	if (check_nt_auth(1, authctxt->pw) == 0)
+		return(0);
+#endif
+#ifdef USE_PAM
+	return auth_pam_password(authctxt->pw, "");
+#elif defined(HAVE_OSF_SIA)
+	return 0;
+#else /* !HAVE_OSF_SIA && !USE_PAM */
+	return auth_password(authctxt, "");
+#endif /* USE_PAM */
 }
 
 static int
@@ -315,7 +349,16 @@
 	password = packet_get_string(&len);
 	packet_check_eom();
 	if (authctxt->valid &&
+#ifdef HAVE_CYGWIN
+	    check_nt_auth(1, authctxt->pw) &&
+#endif
+#ifdef USE_PAM
+	    auth_pam_password(authctxt->pw, password) == 1)
+#elif defined(HAVE_OSF_SIA)
+	    auth_sia_password(authctxt->user, password) == 1)
+#else /* !USE_PAM && !HAVE_OSF_SIA */
 	    auth_password(authctxt, password) == 1)
+#endif /* USE_PAM */
 		authenticated = 1;
 	memset(password, 0, len);
 	xfree(password);
@@ -337,8 +380,16 @@
 	if (options.challenge_response_authentication)
 		authenticated = auth2_challenge(authctxt, devs);
 
+#ifdef USE_PAM
+	if (authenticated == 0 && options.pam_authentication_via_kbd_int)
+		authenticated = auth2_pam(authctxt);
+#endif
 	xfree(devs);
 	xfree(lang);
+#ifdef HAVE_CYGWIN
+	if (check_nt_auth(0, authctxt->pw) == 0)
+		return(0);
+#endif
 	return authenticated;
 }
 
@@ -450,6 +501,10 @@
 		key_free(key);
 	xfree(pkalg);
 	xfree(pkblob);
+#ifdef HAVE_CYGWIN
+	if (check_nt_auth(0, authctxt->pw) == 0)
+		return(0);
+#endif
 	return authenticated;
 }
 
diff -ruN --exclude CVS ssh-openbsd-2002030700/authfile.c openssh-3.1p1/authfile.c
--- ssh-openbsd-2002030700/authfile.c	Thu Mar  7 12:02:03 2002
+++ openssh-3.1p1/authfile.c	Tue Mar  5 12:33:38 2002
@@ -484,6 +484,9 @@
 	 * permissions of the file. if the key owned by a different user,
 	 * then we don't care.
 	 */
+#ifdef HAVE_CYGWIN
+	if (check_ntsec(filename))
+#endif
 	if ((st.st_uid == getuid()) && (st.st_mode & 077) != 0) {
 		error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
 		error("@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @");
diff -ruN --exclude CVS ssh-openbsd-2002030700/bufaux.c openssh-3.1p1/bufaux.c
--- ssh-openbsd-2002030700/bufaux.c	Sat Jan 19 05:14:17 2002
+++ openssh-3.1p1/bufaux.c	Tue Jan 22 23:33:32 2002
@@ -149,6 +149,7 @@
 	return GET_32BIT(buf);
 }
 
+#ifdef HAVE_U_INT64_T
 u_int64_t
 buffer_get_int64(Buffer *buffer)
 {
@@ -156,6 +157,7 @@
 	buffer_get(buffer, (char *) buf, 8);
 	return GET_64BIT(buf);
 }
+#endif
 
 /*
  * Stores an integer in the buffer in 4 bytes, msb first.
@@ -168,6 +170,7 @@
 	buffer_append(buffer, buf, 4);
 }
 
+#ifdef HAVE_U_INT64_T
 void
 buffer_put_int64(Buffer *buffer, u_int64_t value)
 {
@@ -175,6 +178,7 @@
 	PUT_64BIT(buf, value);
 	buffer_append(buffer, buf, 8);
 }
+#endif
 
 /*
  * Returns an arbitrary binary string from the buffer.  The string cannot
diff -ruN --exclude CVS ssh-openbsd-2002030700/bufaux.h openssh-3.1p1/bufaux.h
--- ssh-openbsd-2002030700/bufaux.h	Thu Mar  7 12:02:03 2002
+++ openssh-3.1p1/bufaux.h	Wed Mar  6 05:59:45 2002
@@ -26,8 +26,10 @@
 u_int	buffer_get_int(Buffer *);
 void    buffer_put_int(Buffer *, u_int);
 
+#ifdef HAVE_U_INT64_T
 u_int64_t buffer_get_int64(Buffer *);
 void	buffer_put_int64(Buffer *, u_int64_t);
+#endif
 
 int     buffer_get_char(Buffer *);
 void    buffer_put_char(Buffer *, int);
diff -ruN --exclude CVS ssh-openbsd-2002030700/canohost.c openssh-3.1p1/canohost.c
--- ssh-openbsd-2002030700/canohost.c	Thu Mar  7 12:02:04 2002
+++ openssh-3.1p1/canohost.c	Tue Mar  5 12:31:29 2002
@@ -42,6 +42,28 @@
 		debug("getpeername failed: %.100s", strerror(errno));
 		fatal_cleanup();
 	}
+#ifdef IPV4_IN_IPV6
+	if (from.ss_family == AF_INET6) {
+		struct sockaddr_in6 *from6 = (struct sockaddr_in6 *)&from;
+
+		/* Detect IPv4 in IPv6 mapped address and convert it to */
+		/* plain (AF_INET) IPv4 address */
+		if (IN6_IS_ADDR_V4MAPPED(&from6->sin6_addr)) {
+			struct sockaddr_in *from4 = (struct sockaddr_in *)&from;
+			struct in_addr addr;
+			u_int16_t port;
+
+			memcpy(&addr, ((char *)&from6->sin6_addr) + 12, sizeof(addr));
+			port = from6->sin6_port;
+
+			memset(&from, 0, sizeof(from));
+
+			from4->sin_family = AF_INET;
+			memcpy(&from4->sin_addr, &addr, sizeof(addr));
+			from4->sin_port = port;
+		}
+	}
+#endif
 	if (from.ss_family == AF_INET)
 		check_ip_options(socket, ntop);
 
diff -ruN --exclude CVS ssh-openbsd-2002030700/channels.c openssh-3.1p1/channels.c
--- ssh-openbsd-2002030700/channels.c	Thu Mar  7 12:02:04 2002
+++ openssh-3.1p1/channels.c	Tue Mar  5 12:57:45 2002
@@ -2044,7 +2044,11 @@
 		/* Bind the socket to the address. */
 		if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
 			/* address can be in use ipv6 address is already bound */
-			verbose("bind: %.100s", strerror(errno));
+			if (!ai->ai_next)
+				error("bind: %.100s", strerror(errno));
+			else
+				verbose("bind: %.100s", strerror(errno));
+
 			close(sock);
 			continue;
 		}
@@ -2163,6 +2167,7 @@
 	hostname = packet_get_string(NULL);
 	host_port = packet_get_int();
 
+#ifndef HAVE_CYGWIN
 	/*
 	 * Check that an unprivileged user is not trying to forward a
 	 * privileged port.
@@ -2170,6 +2175,7 @@
 	if (port < IPPORT_RESERVED && !is_root)
 		packet_disconnect("Requested forwarding of port %d but user is not root.",
 				  port);
+#endif
 	/* Initiate forwarding */
 	channel_setup_local_fwd_listener(port, hostname, host_port, gateway_ports);
 
@@ -2341,12 +2347,22 @@
 				continue;
 			sock = socket(ai->ai_family, SOCK_STREAM, 0);
 			if (sock < 0) {
-				error("socket: %.100s", strerror(errno));
-				return -1;
+				if ((errno != EINVAL) && (errno != EAFNOSUPPORT)) {
+					error("socket: %.100s", strerror(errno));
+					return -1;
+				} else {
+					debug("x11_create_display_inet: Socket family %d not supported",
+						 ai->ai_family);
+					continue;
+				}
 			}
 			if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
 				debug("bind port %d: %.100s", port, strerror(errno));
 				close(sock);
+
+				if (ai->ai_next)
+					continue;
+
 				for (n = 0; n < num_socks; n++) {
 					close(socks[n]);
 				}
@@ -2354,8 +2370,12 @@
 				break;
 			}
 			socks[num_socks++] = sock;
+#ifndef DONT_TRY_OTHER_AF
 			if (num_socks == NUM_SOCKS)
 				break;
+#else
+			break;
+#endif
 		}
 		freeaddrinfo(aitop);
 		if (num_socks > 0)
diff -ruN --exclude CVS ssh-openbsd-2002030700/config.guess openssh-3.1p1/config.guess
--- ssh-openbsd-2002030700/config.guess	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/config.guess	Tue Feb 19 10:18:57 2002
@@ -0,0 +1,1327 @@
+#! /bin/sh
+# Attempt to guess a canonical system name.
+#   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
+#   2000, 2001, 2002 Free Software Foundation, Inc.
+
+timestamp='2002-01-30'
+
+# This file is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# Originally written by Per Bothner <per@bothner.com>.
+# Please send patches to <config-patches@gnu.org>.  Submit a context
+# diff and a properly formatted ChangeLog entry.
+#
+# This script attempts to guess a canonical system name similar to
+# config.sub.  If it succeeds, it prints the system name on stdout, and
+# exits with 0.  Otherwise, it exits with 1.
+#
+# The plan is that this can be called by configure scripts if you
+# don't specify an explicit build system type.
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION]
+
+Output the configuration name of the system \`$me' is run on.
+
+Operation modes:
+  -h, --help         print this help, then exit
+  -t, --time-stamp   print date of last modification, then exit
+  -v, --version      print version number, then exit
+
+Report bugs and patches to <config-patches@gnu.org>."
+
+version="\
+GNU config.guess ($timestamp)
+
+Originally written by Per Bothner.
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001
+Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+  case $1 in
+    --time-stamp | --time* | -t )
+       echo "$timestamp" ; exit 0 ;;
+    --version | -v )
+       echo "$version" ; exit 0 ;;
+    --help | --h* | -h )
+       echo "$usage"; exit 0 ;;
+    -- )     # Stop option processing
+       shift; break ;;
+    - )	# Use stdin as input.
+       break ;;
+    -* )
+       echo "$me: invalid option $1$help" >&2
+       exit 1 ;;
+    * )
+       break ;;
+  esac
+done
+
+if test $# != 0; then
+  echo "$me: too many arguments$help" >&2
+  exit 1
+fi
+
+
+dummy=dummy-$$
+trap 'rm -f $dummy.c $dummy.o $dummy.rel $dummy; exit 1' 1 2 15
+
+# CC_FOR_BUILD -- compiler used by this script.
+# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still
+# use `HOST_CC' if defined, but it is deprecated.
+
+set_cc_for_build='case $CC_FOR_BUILD,$HOST_CC,$CC in
+ ,,)    echo "int dummy(){}" > $dummy.c ;
+	for c in cc gcc c89 ; do
+	  ($c $dummy.c -c -o $dummy.o) >/dev/null 2>&1 ;
+	  if test $? = 0 ; then
+	     CC_FOR_BUILD="$c"; break ;
+	  fi ;
+	done ;
+	rm -f $dummy.c $dummy.o $dummy.rel ;
+	if test x"$CC_FOR_BUILD" = x ; then
+	  CC_FOR_BUILD=no_compiler_found ;
+	fi
+	;;
+ ,,*)   CC_FOR_BUILD=$CC ;;
+ ,*,*)  CC_FOR_BUILD=$HOST_CC ;;
+esac'
+
+# This is needed to find uname on a Pyramid OSx when run in the BSD universe.
+# (ghazi@noc.rutgers.edu 1994-08-24)
+if (test -f /.attbin/uname) >/dev/null 2>&1 ; then
+	PATH=$PATH:/.attbin ; export PATH
+fi
+
+UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown
+UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown
+UNAME_SYSTEM=`(uname -s) 2>/dev/null`  || UNAME_SYSTEM=unknown
+UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
+
+# Note: order is significant - the case branches are not exclusive.
+
+case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
+    *:NetBSD:*:*)
+	# NetBSD (nbsd) targets should (where applicable) match one or
+	# more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*,
+	# *-*-netbsdecoff* and *-*-netbsd*.  For targets that recently
+	# switched to ELF, *-*-netbsd* would select the old
+	# object file format.  This provides both forward
+	# compatibility and a consistent mechanism for selecting the
+	# object file format.
+	#
+	# Note: NetBSD doesn't particularly care about the vendor
+	# portion of the name.  We always set it to "unknown".
+	UNAME_MACHINE_ARCH=`(uname -p) 2>/dev/null` || \
+	    UNAME_MACHINE_ARCH=unknown
+	case "${UNAME_MACHINE_ARCH}" in
+	    arm*) machine=arm-unknown ;;
+	    sh3el) machine=shl-unknown ;;
+	    sh3eb) machine=sh-unknown ;;
+	    *) machine=${UNAME_MACHINE_ARCH}-unknown ;;
+	esac
+	# The Operating System including object format, if it has switched
+	# to ELF recently, or will in the future.
+	case "${UNAME_MACHINE_ARCH}" in
+	    arm*|i386|m68k|ns32k|sh3*|sparc|vax)
+		eval $set_cc_for_build
+		if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
+			| grep __ELF__ >/dev/null
+		then
+		    # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout).
+		    # Return netbsd for either.  FIX?
+		    os=netbsd
+		else
+		    os=netbsdelf
+		fi
+		;;
+	    *)
+	        os=netbsd
+		;;
+	esac
+	# The OS release
+	release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
+	# Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
+	# contains redundant information, the shorter form:
+	# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
+	echo "${machine}-${os}${release}"
+	exit 0 ;;
+    amiga:OpenBSD:*:*)
+	echo m68k-unknown-openbsd${UNAME_RELEASE}
+	exit 0 ;;
+    arc:OpenBSD:*:*)
+	echo mipsel-unknown-openbsd${UNAME_RELEASE}
+	exit 0 ;;
+    hp300:OpenBSD:*:*)
+	echo m68k-unknown-openbsd${UNAME_RELEASE}
+	exit 0 ;;
+    mac68k:OpenBSD:*:*)
+	echo m68k-unknown-openbsd${UNAME_RELEASE}
+	exit 0 ;;
+    macppc:OpenBSD:*:*)
+	echo powerpc-unknown-openbsd${UNAME_RELEASE}
+	exit 0 ;;
+    mvme68k:OpenBSD:*:*)
+	echo m68k-unknown-openbsd${UNAME_RELEASE}
+	exit 0 ;;
+    mvme88k:OpenBSD:*:*)
+	echo m88k-unknown-openbsd${UNAME_RELEASE}
+	exit 0 ;;
+    mvmeppc:OpenBSD:*:*)
+	echo powerpc-unknown-openbsd${UNAME_RELEASE}
+	exit 0 ;;
+    pmax:OpenBSD:*:*)
+	echo mipsel-unknown-openbsd${UNAME_RELEASE}
+	exit 0 ;;
+    sgi:OpenBSD:*:*)
+	echo mipseb-unknown-openbsd${UNAME_RELEASE}
+	exit 0 ;;
+    sun3:OpenBSD:*:*)
+	echo m68k-unknown-openbsd${UNAME_RELEASE}
+	exit 0 ;;
+    wgrisc:OpenBSD:*:*)
+	echo mipsel-unknown-openbsd${UNAME_RELEASE}
+	exit 0 ;;
+    *:OpenBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-openbsd${UNAME_RELEASE}
+	exit 0 ;;
+    alpha:OSF1:*:*)
+	if test $UNAME_RELEASE = "V4.0"; then
+		UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
+	fi
+	# A Vn.n version is a released version.
+	# A Tn.n version is a released field test version.
+	# A Xn.n version is an unreleased experimental baselevel.
+	# 1.2 uses "1.2" for uname -r.
+	cat <<EOF >$dummy.s
+	.data
+\$Lformat:
+	.byte 37,100,45,37,120,10,0	# "%d-%x\n"
+
+	.text
+	.globl main
+	.align 4
+	.ent main
+main:
+	.frame \$30,16,\$26,0
+	ldgp \$29,0(\$27)
+	.prologue 1
+	.long 0x47e03d80 # implver \$0
+	lda \$2,-1
+	.long 0x47e20c21 # amask \$2,\$1
+	lda \$16,\$Lformat
+	mov \$0,\$17
+	not \$1,\$18
+	jsr \$26,printf
+	ldgp \$29,0(\$26)
+	mov 0,\$16
+	jsr \$26,exit
+	.end main
+EOF
+	eval $set_cc_for_build
+	$CC_FOR_BUILD $dummy.s -o $dummy 2>/dev/null
+	if test "$?" = 0 ; then
+		case `./$dummy` in
+			0-0)
+				UNAME_MACHINE="alpha"
+				;;
+			1-0)
+				UNAME_MACHINE="alphaev5"
+				;;
+			1-1)
+				UNAME_MACHINE="alphaev56"
+				;;
+			1-101)
+				UNAME_MACHINE="alphapca56"
+				;;
+			2-303)
+				UNAME_MACHINE="alphaev6"
+				;;
+			2-307)
+				UNAME_MACHINE="alphaev67"
+				;;
+			2-1307)
+				UNAME_MACHINE="alphaev68"
+				;;
+		esac
+	fi
+	rm -f $dummy.s $dummy
+	echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+	exit 0 ;;
+    Alpha\ *:Windows_NT*:*)
+	# How do we know it's Interix rather than the generic POSIX subsystem?
+	# Should we change UNAME_MACHINE based on the output of uname instead
+	# of the specific Alpha model?
+	echo alpha-pc-interix
+	exit 0 ;;
+    21064:Windows_NT:50:3)
+	echo alpha-dec-winnt3.5
+	exit 0 ;;
+    Amiga*:UNIX_System_V:4.0:*)
+	echo m68k-unknown-sysv4
+	exit 0;;
+    *:[Aa]miga[Oo][Ss]:*:*)
+	echo ${UNAME_MACHINE}-unknown-amigaos
+	exit 0 ;;
+    *:[Mm]orph[Oo][Ss]:*:*)
+	echo ${UNAME_MACHINE}-unknown-morphos
+	exit 0 ;;
+    *:OS/390:*:*)
+	echo i370-ibm-openedition
+	exit 0 ;;
+    arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
+	echo arm-acorn-riscix${UNAME_RELEASE}
+	exit 0;;
+    SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)
+	echo hppa1.1-hitachi-hiuxmpp
+	exit 0;;
+    Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*)
+	# akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE.
+	if test "`(/bin/universe) 2>/dev/null`" = att ; then
+		echo pyramid-pyramid-sysv3
+	else
+		echo pyramid-pyramid-bsd
+	fi
+	exit 0 ;;
+    NILE*:*:*:dcosx)
+	echo pyramid-pyramid-svr4
+	exit 0 ;;
+    sun4H:SunOS:5.*:*)
+	echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit 0 ;;
+    sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
+	echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit 0 ;;
+    i86pc:SunOS:5.*:*)
+	echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit 0 ;;
+    sun4*:SunOS:6*:*)
+	# According to config.sub, this is the proper way to canonicalize
+	# SunOS6.  Hard to guess exactly what SunOS6 will be like, but
+	# it's likely to be more like Solaris than SunOS4.
+	echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit 0 ;;
+    sun4*:SunOS:*:*)
+	case "`/usr/bin/arch -k`" in
+	    Series*|S4*)
+		UNAME_RELEASE=`uname -v`
+		;;
+	esac
+	# Japanese Language versions have a version number like `4.1.3-JL'.
+	echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'`
+	exit 0 ;;
+    sun3*:SunOS:*:*)
+	echo m68k-sun-sunos${UNAME_RELEASE}
+	exit 0 ;;
+    sun*:*:4.2BSD:*)
+	UNAME_RELEASE=`(head -1 /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
+	test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3
+	case "`/bin/arch`" in
+	    sun3)
+		echo m68k-sun-sunos${UNAME_RELEASE}
+		;;
+	    sun4)
+		echo sparc-sun-sunos${UNAME_RELEASE}
+		;;
+	esac
+	exit 0 ;;
+    aushp:SunOS:*:*)
+	echo sparc-auspex-sunos${UNAME_RELEASE}
+	exit 0 ;;
+    # The situation for MiNT is a little confusing.  The machine name
+    # can be virtually everything (everything which is not
+    # "atarist" or "atariste" at least should have a processor
+    # > m68000).  The system name ranges from "MiNT" over "FreeMiNT"
+    # to the lowercase version "mint" (or "freemint").  Finally
+    # the system name "TOS" denotes a system which is actually not
+    # MiNT.  But MiNT is downward compatible to TOS, so this should
+    # be no problem.
+    atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
+        echo m68k-atari-mint${UNAME_RELEASE}
+	exit 0 ;;
+    atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
+	echo m68k-atari-mint${UNAME_RELEASE}
+        exit 0 ;;
+    *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
+        echo m68k-atari-mint${UNAME_RELEASE}
+	exit 0 ;;
+    milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
+        echo m68k-milan-mint${UNAME_RELEASE}
+        exit 0 ;;
+    hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
+        echo m68k-hades-mint${UNAME_RELEASE}
+        exit 0 ;;
+    *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
+        echo m68k-unknown-mint${UNAME_RELEASE}
+        exit 0 ;;
+    powerpc:machten:*:*)
+	echo powerpc-apple-machten${UNAME_RELEASE}
+	exit 0 ;;
+    RISC*:Mach:*:*)
+	echo mips-dec-mach_bsd4.3
+	exit 0 ;;
+    RISC*:ULTRIX:*:*)
+	echo mips-dec-ultrix${UNAME_RELEASE}
+	exit 0 ;;
+    VAX*:ULTRIX*:*:*)
+	echo vax-dec-ultrix${UNAME_RELEASE}
+	exit 0 ;;
+    2020:CLIX:*:* | 2430:CLIX:*:*)
+	echo clipper-intergraph-clix${UNAME_RELEASE}
+	exit 0 ;;
+    mips:*:*:UMIPS | mips:*:*:RISCos)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+#ifdef __cplusplus
+#include <stdio.h>  /* for printf() prototype */
+	int main (int argc, char *argv[]) {
+#else
+	int main (argc, argv) int argc; char *argv[]; {
+#endif
+	#if defined (host_mips) && defined (MIPSEB)
+	#if defined (SYSTYPE_SYSV)
+	  printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0);
+	#endif
+	#if defined (SYSTYPE_SVR4)
+	  printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0);
+	#endif
+	#if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD)
+	  printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0);
+	#endif
+	#endif
+	  exit (-1);
+	}
+EOF
+	$CC_FOR_BUILD $dummy.c -o $dummy \
+	  && ./$dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \
+	  && rm -f $dummy.c $dummy && exit 0
+	rm -f $dummy.c $dummy
+	echo mips-mips-riscos${UNAME_RELEASE}
+	exit 0 ;;
+    Motorola:PowerMAX_OS:*:*)
+	echo powerpc-motorola-powermax
+	exit 0 ;;
+    Night_Hawk:Power_UNIX:*:*)
+	echo powerpc-harris-powerunix
+	exit 0 ;;
+    m88k:CX/UX:7*:*)
+	echo m88k-harris-cxux7
+	exit 0 ;;
+    m88k:*:4*:R4*)
+	echo m88k-motorola-sysv4
+	exit 0 ;;
+    m88k:*:3*:R3*)
+	echo m88k-motorola-sysv3
+	exit 0 ;;
+    AViiON:dgux:*:*)
+        # DG/UX returns AViiON for all architectures
+        UNAME_PROCESSOR=`/usr/bin/uname -p`
+	if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ]
+	then
+	    if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \
+	       [ ${TARGET_BINARY_INTERFACE}x = x ]
+	    then
+		echo m88k-dg-dgux${UNAME_RELEASE}
+	    else
+		echo m88k-dg-dguxbcs${UNAME_RELEASE}
+	    fi
+	else
+	    echo i586-dg-dgux${UNAME_RELEASE}
+	fi
+ 	exit 0 ;;
+    M88*:DolphinOS:*:*)	# DolphinOS (SVR3)
+	echo m88k-dolphin-sysv3
+	exit 0 ;;
+    M88*:*:R3*:*)
+	# Delta 88k system running SVR3
+	echo m88k-motorola-sysv3
+	exit 0 ;;
+    XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3)
+	echo m88k-tektronix-sysv3
+	exit 0 ;;
+    Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD)
+	echo m68k-tektronix-bsd
+	exit 0 ;;
+    *:IRIX*:*:*)
+	echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'`
+	exit 0 ;;
+    ????????:AIX?:[12].1:2)   # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.
+	echo romp-ibm-aix      # uname -m gives an 8 hex-code CPU id
+	exit 0 ;;              # Note that: echo "'`uname -s`'" gives 'AIX '
+    i*86:AIX:*:*)
+	echo i386-ibm-aix
+	exit 0 ;;
+    ia64:AIX:*:*)
+	if [ -x /usr/bin/oslevel ] ; then
+		IBM_REV=`/usr/bin/oslevel`
+	else
+		IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+	fi
+	echo ${UNAME_MACHINE}-ibm-aix${IBM_REV}
+	exit 0 ;;
+    *:AIX:2:3)
+	if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then
+		eval $set_cc_for_build
+		sed 's/^		//' << EOF >$dummy.c
+		#include <sys/systemcfg.h>
+
+		main()
+			{
+			if (!__power_pc())
+				exit(1);
+			puts("powerpc-ibm-aix3.2.5");
+			exit(0);
+			}
+EOF
+		$CC_FOR_BUILD $dummy.c -o $dummy && ./$dummy && rm -f $dummy.c $dummy && exit 0
+		rm -f $dummy.c $dummy
+		echo rs6000-ibm-aix3.2.5
+	elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
+		echo rs6000-ibm-aix3.2.4
+	else
+		echo rs6000-ibm-aix3.2
+	fi
+	exit 0 ;;
+    *:AIX:*:[45])
+	IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | head -1 | awk '{ print $1 }'`
+	if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then
+		IBM_ARCH=rs6000
+	else
+		IBM_ARCH=powerpc
+	fi
+	if [ -x /usr/bin/oslevel ] ; then
+		IBM_REV=`/usr/bin/oslevel`
+	else
+		IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+	fi
+	echo ${IBM_ARCH}-ibm-aix${IBM_REV}
+	exit 0 ;;
+    *:AIX:*:*)
+	echo rs6000-ibm-aix
+	exit 0 ;;
+    ibmrt:4.4BSD:*|romp-ibm:BSD:*)
+	echo romp-ibm-bsd4.4
+	exit 0 ;;
+    ibmrt:*BSD:*|romp-ibm:BSD:*)            # covers RT/PC BSD and
+	echo romp-ibm-bsd${UNAME_RELEASE}   # 4.3 with uname added to
+	exit 0 ;;                           # report: romp-ibm BSD 4.3
+    *:BOSX:*:*)
+	echo rs6000-bull-bosx
+	exit 0 ;;
+    DPX/2?00:B.O.S.:*:*)
+	echo m68k-bull-sysv3
+	exit 0 ;;
+    9000/[34]??:4.3bsd:1.*:*)
+	echo m68k-hp-bsd
+	exit 0 ;;
+    hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*)
+	echo m68k-hp-bsd4.4
+	exit 0 ;;
+    9000/[34678]??:HP-UX:*:*)
+	HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+	case "${UNAME_MACHINE}" in
+	    9000/31? )            HP_ARCH=m68000 ;;
+	    9000/[34]?? )         HP_ARCH=m68k ;;
+	    9000/[678][0-9][0-9])
+		if [ -x /usr/bin/getconf ]; then
+		    sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
+                    sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
+                    case "${sc_cpu_version}" in
+                      523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
+                      528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
+                      532)                      # CPU_PA_RISC2_0
+                        case "${sc_kernel_bits}" in
+                          32) HP_ARCH="hppa2.0n" ;;
+                          64) HP_ARCH="hppa2.0w" ;;
+			  '') HP_ARCH="hppa2.0" ;;   # HP-UX 10.20
+                        esac ;;
+                    esac
+		fi
+		if [ "${HP_ARCH}" = "" ]; then
+		    eval $set_cc_for_build
+		    sed 's/^              //' << EOF >$dummy.c
+
+              #define _HPUX_SOURCE
+              #include <stdlib.h>
+              #include <unistd.h>
+
+              int main ()
+              {
+              #if defined(_SC_KERNEL_BITS)
+                  long bits = sysconf(_SC_KERNEL_BITS);
+              #endif
+                  long cpu  = sysconf (_SC_CPU_VERSION);
+
+                  switch (cpu)
+              	{
+              	case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
+              	case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
+              	case CPU_PA_RISC2_0:
+              #if defined(_SC_KERNEL_BITS)
+              	    switch (bits)
+              		{
+              		case 64: puts ("hppa2.0w"); break;
+              		case 32: puts ("hppa2.0n"); break;
+              		default: puts ("hppa2.0"); break;
+              		} break;
+              #else  /* !defined(_SC_KERNEL_BITS) */
+              	    puts ("hppa2.0"); break;
+              #endif
+              	default: puts ("hppa1.0"); break;
+              	}
+                  exit (0);
+              }
+EOF
+		    (CCOPTS= $CC_FOR_BUILD $dummy.c -o $dummy 2>/dev/null) && HP_ARCH=`./$dummy`
+		    if test -z "$HP_ARCH"; then HP_ARCH=hppa; fi
+		    rm -f $dummy.c $dummy
+		fi ;;
+	esac
+	echo ${HP_ARCH}-hp-hpux${HPUX_REV}
+	exit 0 ;;
+    ia64:HP-UX:*:*)
+	HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+	echo ia64-hp-hpux${HPUX_REV}
+	exit 0 ;;
+    3050*:HI-UX:*:*)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#include <unistd.h>
+	int
+	main ()
+	{
+	  long cpu = sysconf (_SC_CPU_VERSION);
+	  /* The order matters, because CPU_IS_HP_MC68K erroneously returns
+	     true for CPU_PA_RISC1_0.  CPU_IS_PA_RISC returns correct
+	     results, however.  */
+	  if (CPU_IS_PA_RISC (cpu))
+	    {
+	      switch (cpu)
+		{
+		  case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break;
+		  case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break;
+		  case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break;
+		  default: puts ("hppa-hitachi-hiuxwe2"); break;
+		}
+	    }
+	  else if (CPU_IS_HP_MC68K (cpu))
+	    puts ("m68k-hitachi-hiuxwe2");
+	  else puts ("unknown-hitachi-hiuxwe2");
+	  exit (0);
+	}
+EOF
+	$CC_FOR_BUILD $dummy.c -o $dummy && ./$dummy && rm -f $dummy.c $dummy && exit 0
+	rm -f $dummy.c $dummy
+	echo unknown-hitachi-hiuxwe2
+	exit 0 ;;
+    9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* )
+	echo hppa1.1-hp-bsd
+	exit 0 ;;
+    9000/8??:4.3bsd:*:*)
+	echo hppa1.0-hp-bsd
+	exit 0 ;;
+    *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*)
+	echo hppa1.0-hp-mpeix
+	exit 0 ;;
+    hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* )
+	echo hppa1.1-hp-osf
+	exit 0 ;;
+    hp8??:OSF1:*:*)
+	echo hppa1.0-hp-osf
+	exit 0 ;;
+    i*86:OSF1:*:*)
+	if [ -x /usr/sbin/sysversion ] ; then
+	    echo ${UNAME_MACHINE}-unknown-osf1mk
+	else
+	    echo ${UNAME_MACHINE}-unknown-osf1
+	fi
+	exit 0 ;;
+    parisc*:Lites*:*:*)
+	echo hppa1.1-hp-lites
+	exit 0 ;;
+    C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
+	echo c1-convex-bsd
+        exit 0 ;;
+    C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
+	if getsysinfo -f scalar_acc
+	then echo c32-convex-bsd
+	else echo c2-convex-bsd
+	fi
+        exit 0 ;;
+    C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
+	echo c34-convex-bsd
+        exit 0 ;;
+    C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
+	echo c38-convex-bsd
+        exit 0 ;;
+    C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
+	echo c4-convex-bsd
+        exit 0 ;;
+    CRAY*X-MP:*:*:*)
+	echo xmp-cray-unicos
+        exit 0 ;;
+    CRAY*Y-MP:*:*:*)
+	echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit 0 ;;
+    CRAY*[A-Z]90:*:*:*)
+	echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \
+	| sed -e 's/CRAY.*\([A-Z]90\)/\1/' \
+	      -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \
+	      -e 's/\.[^.]*$/.X/'
+	exit 0 ;;
+    CRAY*TS:*:*:*)
+	echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit 0 ;;
+    CRAY*T3D:*:*:*)
+	echo alpha-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit 0 ;;
+    CRAY*T3E:*:*:*)
+	echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit 0 ;;
+    CRAY*SV1:*:*:*)
+	echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit 0 ;;
+    CRAY-2:*:*:*)
+	echo cray2-cray-unicos
+        exit 0 ;;
+    F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
+	FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+        FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+        FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
+        echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+        exit 0 ;;
+    i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
+	echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
+	exit 0 ;;
+    sparc*:BSD/OS:*:*)
+	echo sparc-unknown-bsdi${UNAME_RELEASE}
+	exit 0 ;;
+    *:BSD/OS:*:*)
+	echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
+	exit 0 ;;
+    *:FreeBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
+	exit 0 ;;
+    i*:CYGWIN*:*)
+	echo ${UNAME_MACHINE}-pc-cygwin
+	exit 0 ;;
+    i*:MINGW*:*)
+	echo ${UNAME_MACHINE}-pc-mingw32
+	exit 0 ;;
+    i*:PW*:*)
+	echo ${UNAME_MACHINE}-pc-pw32
+	exit 0 ;;
+    x86:Interix*:3*)
+	echo i386-pc-interix3
+	exit 0 ;;
+    i*:Windows_NT*:* | Pentium*:Windows_NT*:*)
+	# How do we know it's Interix rather than the generic POSIX subsystem?
+	# It also conflicts with pre-2.0 versions of AT&T UWIN. Should we
+	# UNAME_MACHINE based on the output of uname instead of i386?
+	echo i386-pc-interix
+	exit 0 ;;
+    i*:UWIN*:*)
+	echo ${UNAME_MACHINE}-pc-uwin
+	exit 0 ;;
+    p*:CYGWIN*:*)
+	echo powerpcle-unknown-cygwin
+	exit 0 ;;
+    prep*:SunOS:5.*:*)
+	echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit 0 ;;
+    *:GNU:*:*)
+	echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
+	exit 0 ;;
+    i*86:Minix:*:*)
+	echo ${UNAME_MACHINE}-pc-minix
+	exit 0 ;;
+    arm*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit 0 ;;
+    ia64:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux
+	exit 0 ;;
+    m68*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit 0 ;;
+    mips:Linux:*:*)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#undef CPU
+	#undef mips
+	#undef mipsel
+	#if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) 
+	CPU=mipsel 
+	#else
+	#if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) 
+	CPU=mips
+	#else
+	CPU=
+	#endif
+	#endif 
+EOF
+	eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=`
+	rm -f $dummy.c
+	test x"${CPU}" != x && echo "${CPU}-pc-linux-gnu" && exit 0
+	;;
+    ppc:Linux:*:*)
+	echo powerpc-unknown-linux-gnu
+	exit 0 ;;
+    ppc64:Linux:*:*)
+	echo powerpc64-unknown-linux-gnu
+	exit 0 ;;
+    alpha:Linux:*:*)
+	case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
+	  EV5)   UNAME_MACHINE=alphaev5 ;;
+	  EV56)  UNAME_MACHINE=alphaev56 ;;
+	  PCA56) UNAME_MACHINE=alphapca56 ;;
+	  PCA57) UNAME_MACHINE=alphapca56 ;;
+	  EV6)   UNAME_MACHINE=alphaev6 ;;
+	  EV67)  UNAME_MACHINE=alphaev67 ;;
+	  EV68*) UNAME_MACHINE=alphaev68 ;;
+        esac
+	objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null
+	if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
+	echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC}
+	exit 0 ;;
+    parisc:Linux:*:* | hppa:Linux:*:*)
+	# Look for CPU level
+	case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
+	  PA7*) echo hppa1.1-unknown-linux-gnu ;;
+	  PA8*) echo hppa2.0-unknown-linux-gnu ;;
+	  *)    echo hppa-unknown-linux-gnu ;;
+	esac
+	exit 0 ;;
+    parisc64:Linux:*:* | hppa64:Linux:*:*)
+	echo hppa64-unknown-linux-gnu
+	exit 0 ;;
+    s390:Linux:*:* | s390x:Linux:*:*)
+	echo ${UNAME_MACHINE}-ibm-linux
+	exit 0 ;;
+    sh*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit 0 ;;
+    sparc:Linux:*:* | sparc64:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit 0 ;;
+    x86_64:Linux:*:*)
+	echo x86_64-unknown-linux-gnu
+	exit 0 ;;
+    i*86:Linux:*:*)
+	# The BFD linker knows what the default object file format is, so
+	# first see if it will tell us. cd to the root directory to prevent
+	# problems with other programs or directories called `ld' in the path.
+	# Export LANG=C to prevent ld from outputting information in other
+	# languages.
+	ld_supported_targets=`LANG=C; export LANG; cd /; ld --help 2>&1 \
+			 | sed -ne '/supported targets:/!d
+				    s/[ 	][ 	]*/ /g
+				    s/.*supported targets: *//
+				    s/ .*//
+				    p'`
+        case "$ld_supported_targets" in
+	  elf32-i386)
+		TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu"
+		;;
+	  a.out-i386-linux)
+		echo "${UNAME_MACHINE}-pc-linux-gnuaout"
+		exit 0 ;;		
+	  coff-i386)
+		echo "${UNAME_MACHINE}-pc-linux-gnucoff"
+		exit 0 ;;
+	  "")
+		# Either a pre-BFD a.out linker (linux-gnuoldld) or
+		# one that does not give us useful --help.
+		echo "${UNAME_MACHINE}-pc-linux-gnuoldld"
+		exit 0 ;;
+	esac
+	# Determine whether the default compiler is a.out or elf
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#include <features.h>
+	#ifdef __ELF__
+	# ifdef __GLIBC__
+	#  if __GLIBC__ >= 2
+	LIBC=gnu
+	#  else
+	LIBC=gnulibc1
+	#  endif
+	# else
+	LIBC=gnulibc1
+	# endif
+	#else
+	#ifdef __INTEL_COMPILER
+	LIBC=gnu
+	#else
+	LIBC=gnuaout
+	#endif
+	#endif
+EOF
+	eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=`
+	rm -f $dummy.c
+	test x"${LIBC}" != x && echo "${UNAME_MACHINE}-pc-linux-${LIBC}" && exit 0
+	test x"${TENTATIVE}" != x && echo "${TENTATIVE}" && exit 0
+	;;
+    i*86:DYNIX/ptx:4*:*)
+	# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
+	# earlier versions are messed up and put the nodename in both
+	# sysname and nodename.
+	echo i386-sequent-sysv4
+	exit 0 ;;
+    i*86:UNIX_SV:4.2MP:2.*)
+        # Unixware is an offshoot of SVR4, but it has its own version
+        # number series starting with 2...
+        # I am not positive that other SVR4 systems won't match this,
+	# I just have to hope.  -- rms.
+        # Use sysv4.2uw... so that sysv4* matches it.
+	echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
+	exit 0 ;;
+    i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*)
+	UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'`
+	if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
+		echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL}
+	else
+		echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL}
+	fi
+	exit 0 ;;
+    i*86:*:5:[78]*)
+	case `/bin/uname -X | grep "^Machine"` in
+	    *486*)	     UNAME_MACHINE=i486 ;;
+	    *Pentium)	     UNAME_MACHINE=i586 ;;
+	    *Pent*|*Celeron) UNAME_MACHINE=i686 ;;
+	esac
+	echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}
+	exit 0 ;;
+    i*86:*:3.2:*)
+	if test -f /usr/options/cb.name; then
+		UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name`
+		echo ${UNAME_MACHINE}-pc-isc$UNAME_REL
+	elif /bin/uname -X 2>/dev/null >/dev/null ; then
+		UNAME_REL=`(/bin/uname -X|egrep Release|sed -e 's/.*= //')`
+		(/bin/uname -X|egrep i80486 >/dev/null) && UNAME_MACHINE=i486
+		(/bin/uname -X|egrep '^Machine.*Pentium' >/dev/null) \
+			&& UNAME_MACHINE=i586
+		(/bin/uname -X|egrep '^Machine.*Pent ?II' >/dev/null) \
+			&& UNAME_MACHINE=i686
+		(/bin/uname -X|egrep '^Machine.*Pentium Pro' >/dev/null) \
+			&& UNAME_MACHINE=i686
+		echo ${UNAME_MACHINE}-pc-sco$UNAME_REL
+	else
+		echo ${UNAME_MACHINE}-pc-sysv32
+	fi
+	exit 0 ;;
+    i*86:*DOS:*:*)
+	echo ${UNAME_MACHINE}-pc-msdosdjgpp
+	exit 0 ;;
+    pc:*:*:*)
+	# Left here for compatibility:
+        # uname -m prints for DJGPP always 'pc', but it prints nothing about
+        # the processor, so we play safe by assuming i386.
+	echo i386-pc-msdosdjgpp
+        exit 0 ;;
+    Intel:Mach:3*:*)
+	echo i386-pc-mach3
+	exit 0 ;;
+    paragon:*:*:*)
+	echo i860-intel-osf1
+	exit 0 ;;
+    i860:*:4.*:*) # i860-SVR4
+	if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then
+	  echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4
+	else # Add other i860-SVR4 vendors below as they are discovered.
+	  echo i860-unknown-sysv${UNAME_RELEASE}  # Unknown i860-SVR4
+	fi
+	exit 0 ;;
+    mini*:CTIX:SYS*5:*)
+	# "miniframe"
+	echo m68010-convergent-sysv
+	exit 0 ;;
+    M68*:*:R3V[567]*:*)
+	test -r /sysV68 && echo 'm68k-motorola-sysv' && exit 0 ;;
+    3[34]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0)
+	OS_REL=''
+	test -r /etc/.relid \
+	&& OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
+	/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+	  && echo i486-ncr-sysv4.3${OS_REL} && exit 0
+	/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
+	  && echo i586-ncr-sysv4.3${OS_REL} && exit 0 ;;
+    3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
+        /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+          && echo i486-ncr-sysv4 && exit 0 ;;
+    m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)
+	echo m68k-unknown-lynxos${UNAME_RELEASE}
+	exit 0 ;;
+    mc68030:UNIX_System_V:4.*:*)
+	echo m68k-atari-sysv4
+	exit 0 ;;
+    i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*)
+	echo i386-unknown-lynxos${UNAME_RELEASE}
+	exit 0 ;;
+    TSUNAMI:LynxOS:2.*:*)
+	echo sparc-unknown-lynxos${UNAME_RELEASE}
+	exit 0 ;;
+    rs6000:LynxOS:2.*:*)
+	echo rs6000-unknown-lynxos${UNAME_RELEASE}
+	exit 0 ;;
+    PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*)
+	echo powerpc-unknown-lynxos${UNAME_RELEASE}
+	exit 0 ;;
+    SM[BE]S:UNIX_SV:*:*)
+	echo mips-dde-sysv${UNAME_RELEASE}
+	exit 0 ;;
+    RM*:ReliantUNIX-*:*:*)
+	echo mips-sni-sysv4
+	exit 0 ;;
+    RM*:SINIX-*:*:*)
+	echo mips-sni-sysv4
+	exit 0 ;;
+    *:SINIX-*:*:*)
+	if uname -p 2>/dev/null >/dev/null ; then
+		UNAME_MACHINE=`(uname -p) 2>/dev/null`
+		echo ${UNAME_MACHINE}-sni-sysv4
+	else
+		echo ns32k-sni-sysv
+	fi
+	exit 0 ;;
+    PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
+                      # says <Richard.M.Bartel@ccMail.Census.GOV>
+        echo i586-unisys-sysv4
+        exit 0 ;;
+    *:UNIX_System_V:4*:FTX*)
+	# From Gerald Hewes <hewes@openmarket.com>.
+	# How about differentiating between stratus architectures? -djm
+	echo hppa1.1-stratus-sysv4
+	exit 0 ;;
+    *:*:*:FTX*)
+	# From seanf@swdc.stratus.com.
+	echo i860-stratus-sysv4
+	exit 0 ;;
+    *:VOS:*:*)
+	# From Paul.Green@stratus.com.
+	echo hppa1.1-stratus-vos
+	exit 0 ;;
+    mc68*:A/UX:*:*)
+	echo m68k-apple-aux${UNAME_RELEASE}
+	exit 0 ;;
+    news*:NEWS-OS:6*:*)
+	echo mips-sony-newsos6
+	exit 0 ;;
+    R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
+	if [ -d /usr/nec ]; then
+	        echo mips-nec-sysv${UNAME_RELEASE}
+	else
+	        echo mips-unknown-sysv${UNAME_RELEASE}
+	fi
+        exit 0 ;;
+    BeBox:BeOS:*:*)	# BeOS running on hardware made by Be, PPC only.
+	echo powerpc-be-beos
+	exit 0 ;;
+    BeMac:BeOS:*:*)	# BeOS running on Mac or Mac clone, PPC only.
+	echo powerpc-apple-beos
+	exit 0 ;;
+    BePC:BeOS:*:*)	# BeOS running on Intel PC compatible.
+	echo i586-pc-beos
+	exit 0 ;;
+    SX-4:SUPER-UX:*:*)
+	echo sx4-nec-superux${UNAME_RELEASE}
+	exit 0 ;;
+    SX-5:SUPER-UX:*:*)
+	echo sx5-nec-superux${UNAME_RELEASE}
+	exit 0 ;;
+    Power*:Rhapsody:*:*)
+	echo powerpc-apple-rhapsody${UNAME_RELEASE}
+	exit 0 ;;
+    *:Rhapsody:*:*)
+	echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE}
+	exit 0 ;;
+    *:Darwin:*:*)
+	echo `uname -p`-apple-darwin${UNAME_RELEASE}
+	exit 0 ;;
+    *:procnto*:*:* | *:QNX:[0123456789]*:*)
+	if test "${UNAME_MACHINE}" = "x86pc"; then
+		UNAME_MACHINE=pc
+		echo i386-${UNAME_MACHINE}-nto-qnx
+	else
+		echo `uname -p`-${UNAME_MACHINE}-nto-qnx
+	fi
+	exit 0 ;;
+    *:QNX:*:4*)
+	echo i386-pc-qnx
+	exit 0 ;;
+    NSR-[GKLNPTVW]:NONSTOP_KERNEL:*:*)
+	echo nsr-tandem-nsk${UNAME_RELEASE}
+	exit 0 ;;
+    *:NonStop-UX:*:*)
+	echo mips-compaq-nonstopux
+	exit 0 ;;
+    BS2000:POSIX*:*:*)
+	echo bs2000-siemens-sysv
+	exit 0 ;;
+    DS/*:UNIX_System_V:*:*)
+	echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE}
+	exit 0 ;;
+    *:Plan9:*:*)
+	# "uname -m" is not consistent, so use $cputype instead. 386
+	# is converted to i386 for consistency with other x86
+	# operating systems.
+	if test "$cputype" = "386"; then
+	    UNAME_MACHINE=i386
+	else
+	    UNAME_MACHINE="$cputype"
+	fi
+	echo ${UNAME_MACHINE}-unknown-plan9
+	exit 0 ;;
+    i*86:OS/2:*:*)
+	# If we were able to find `uname', then EMX Unix compatibility
+	# is probably installed.
+	echo ${UNAME_MACHINE}-pc-os2-emx
+	exit 0 ;;
+    *:TOPS-10:*:*)
+	echo pdp10-unknown-tops10
+	exit 0 ;;
+    *:TENEX:*:*)
+	echo pdp10-unknown-tenex
+	exit 0 ;;
+    KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*)
+	echo pdp10-dec-tops20
+	exit 0 ;;
+    XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*)
+	echo pdp10-xkl-tops20
+	exit 0 ;;
+    *:TOPS-20:*:*)
+	echo pdp10-unknown-tops20
+	exit 0 ;;
+    *:ITS:*:*)
+	echo pdp10-unknown-its
+	exit 0 ;;
+    i*86:XTS-300:*:STOP)
+	echo ${UNAME_MACHINE}-unknown-stop
+	exit 0 ;;
+    i*86:atheos:*:*)
+	echo ${UNAME_MACHINE}-unknown-atheos
+	exit 0 ;;
+esac
+
+#echo '(No uname command or uname output not recognized.)' 1>&2
+#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2
+
+eval $set_cc_for_build
+cat >$dummy.c <<EOF
+#ifdef _SEQUENT_
+# include <sys/types.h>
+# include <sys/utsname.h>
+#endif
+main ()
+{
+#if defined (sony)
+#if defined (MIPSEB)
+  /* BFD wants "bsd" instead of "newsos".  Perhaps BFD should be changed,
+     I don't know....  */
+  printf ("mips-sony-bsd\n"); exit (0);
+#else
+#include <sys/param.h>
+  printf ("m68k-sony-newsos%s\n",
+#ifdef NEWSOS4
+          "4"
+#else
+	  ""
+#endif
+         ); exit (0);
+#endif
+#endif
+
+#if defined (__arm) && defined (__acorn) && defined (__unix)
+  printf ("arm-acorn-riscix"); exit (0);
+#endif
+
+#if defined (hp300) && !defined (hpux)
+  printf ("m68k-hp-bsd\n"); exit (0);
+#endif
+
+#if defined (NeXT)
+#if !defined (__ARCHITECTURE__)
+#define __ARCHITECTURE__ "m68k"
+#endif
+  int version;
+  version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`;
+  if (version < 4)
+    printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version);
+  else
+    printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version);
+  exit (0);
+#endif
+
+#if defined (MULTIMAX) || defined (n16)
+#if defined (UMAXV)
+  printf ("ns32k-encore-sysv\n"); exit (0);
+#else
+#if defined (CMU)
+  printf ("ns32k-encore-mach\n"); exit (0);
+#else
+  printf ("ns32k-encore-bsd\n"); exit (0);
+#endif
+#endif
+#endif
+
+#if defined (__386BSD__)
+  printf ("i386-pc-bsd\n"); exit (0);
+#endif
+
+#if defined (sequent)
+#if defined (i386)
+  printf ("i386-sequent-dynix\n"); exit (0);
+#endif
+#if defined (ns32000)
+  printf ("ns32k-sequent-dynix\n"); exit (0);
+#endif
+#endif
+
+#if defined (_SEQUENT_)
+    struct utsname un;
+
+    uname(&un);
+
+    if (strncmp(un.version, "V2", 2) == 0) {
+	printf ("i386-sequent-ptx2\n"); exit (0);
+    }
+    if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */
+	printf ("i386-sequent-ptx1\n"); exit (0);
+    }
+    printf ("i386-sequent-ptx\n"); exit (0);
+
+#endif
+
+#if defined (vax)
+# if !defined (ultrix)
+#  include <sys/param.h>
+#  if defined (BSD)
+#   if BSD == 43
+      printf ("vax-dec-bsd4.3\n"); exit (0);
+#   else
+#    if BSD == 199006
+      printf ("vax-dec-bsd4.3reno\n"); exit (0);
+#    else
+      printf ("vax-dec-bsd\n"); exit (0);
+#    endif
+#   endif
+#  else
+    printf ("vax-dec-bsd\n"); exit (0);
+#  endif
+# else
+    printf ("vax-dec-ultrix\n"); exit (0);
+# endif
+#endif
+
+#if defined (alliant) && defined (i860)
+  printf ("i860-alliant-bsd\n"); exit (0);
+#endif
+
+  exit (1);
+}
+EOF
+
+$CC_FOR_BUILD $dummy.c -o $dummy 2>/dev/null && ./$dummy && rm -f $dummy.c $dummy && exit 0
+rm -f $dummy.c $dummy
+
+# Apollos put the system type in the environment.
+
+test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit 0; }
+
+# Convex versions that predate uname can use getsysinfo(1)
+
+if [ -x /usr/convex/getsysinfo ]
+then
+    case `getsysinfo -f cpu_type` in
+    c1*)
+	echo c1-convex-bsd
+	exit 0 ;;
+    c2*)
+	if getsysinfo -f scalar_acc
+	then echo c32-convex-bsd
+	else echo c2-convex-bsd
+	fi
+	exit 0 ;;
+    c34*)
+	echo c34-convex-bsd
+	exit 0 ;;
+    c38*)
+	echo c38-convex-bsd
+	exit 0 ;;
+    c4*)
+	echo c4-convex-bsd
+	exit 0 ;;
+    esac
+fi
+
+cat >&2 <<EOF
+$0: unable to guess system type
+
+This script, last modified $timestamp, has failed to recognize
+the operating system you are using. It is advised that you
+download the most up to date version of the config scripts from
+
+    ftp://ftp.gnu.org/pub/gnu/config/
+
+If the version you run ($0) is already up to date, please
+send the following data and any information you think might be
+pertinent to <config-patches@gnu.org> in order to provide the needed
+information to handle your system.
+
+config.guess timestamp = $timestamp
+
+uname -m = `(uname -m) 2>/dev/null || echo unknown`
+uname -r = `(uname -r) 2>/dev/null || echo unknown`
+uname -s = `(uname -s) 2>/dev/null || echo unknown`
+uname -v = `(uname -v) 2>/dev/null || echo unknown`
+
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null`
+/bin/uname -X     = `(/bin/uname -X) 2>/dev/null`
+
+hostinfo               = `(hostinfo) 2>/dev/null`
+/bin/universe          = `(/bin/universe) 2>/dev/null`
+/usr/bin/arch -k       = `(/usr/bin/arch -k) 2>/dev/null`
+/bin/arch              = `(/bin/arch) 2>/dev/null`
+/usr/bin/oslevel       = `(/usr/bin/oslevel) 2>/dev/null`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null`
+
+UNAME_MACHINE = ${UNAME_MACHINE}
+UNAME_RELEASE = ${UNAME_RELEASE}
+UNAME_SYSTEM  = ${UNAME_SYSTEM}
+UNAME_VERSION = ${UNAME_VERSION}
+EOF
+
+exit 1
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
diff -ruN --exclude CVS ssh-openbsd-2002030700/config.sub openssh-3.1p1/config.sub
--- ssh-openbsd-2002030700/config.sub	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/config.sub	Sun May  6 10:54:15 2001
@@ -0,0 +1,1362 @@
+#! /bin/sh
+# Configuration validation subroutine script.
+#   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001
+#   Free Software Foundation, Inc.
+
+timestamp='2001-04-20'
+
+# This file is (in principle) common to ALL GNU software.
+# The presence of a machine in this file suggests that SOME GNU software
+# can handle that machine.  It does not imply ALL GNU software can.
+#
+# This file is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330,
+# Boston, MA 02111-1307, USA.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# Please send patches to <config-patches@gnu.org>.
+#
+# Configuration subroutine to validate and canonicalize a configuration type.
+# Supply the specified configuration type as an argument.
+# If it is invalid, we print an error message on stderr and exit with code 1.
+# Otherwise, we print the canonical config type on stdout and succeed.
+
+# This file is supposed to be the same for all GNU packages
+# and recognize all the CPU types, system types and aliases
+# that are meaningful with *any* GNU software.
+# Each package is responsible for reporting which valid configurations
+# it does not support.  The user should be able to distinguish
+# a failure to support a valid configuration from a meaningless
+# configuration.
+
+# The goal of this file is to map all the various variations of a given
+# machine specification into a single specification in the form:
+#	CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM
+# or in some cases, the newer four-part form:
+#	CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM
+# It is wrong to echo any other type of specification.
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION] CPU-MFR-OPSYS
+       $0 [OPTION] ALIAS
+
+Canonicalize a configuration name.
+
+Operation modes:
+  -h, --help         print this help, then exit
+  -t, --time-stamp   print date of last modification, then exit
+  -v, --version      print version number, then exit
+
+Report bugs and patches to <config-patches@gnu.org>."
+
+version="\
+GNU config.sub ($timestamp)
+
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001
+Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+  case $1 in
+    --time-stamp | --time* | -t )
+       echo "$timestamp" ; exit 0 ;;
+    --version | -v )
+       echo "$version" ; exit 0 ;;
+    --help | --h* | -h )
+       echo "$usage"; exit 0 ;;
+    -- )     # Stop option processing
+       shift; break ;;
+    - )	# Use stdin as input.
+       break ;;
+    -* )
+       echo "$me: invalid option $1$help"
+       exit 1 ;;
+
+    *local*)
+       # First pass through any local machine types.
+       echo $1
+       exit 0;;
+
+    * )
+       break ;;
+  esac
+done
+
+case $# in
+ 0) echo "$me: missing argument$help" >&2
+    exit 1;;
+ 1) ;;
+ *) echo "$me: too many arguments$help" >&2
+    exit 1;;
+esac
+
+# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any).
+# Here we must recognize all the valid KERNEL-OS combinations.
+maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
+case $maybe_os in
+  nto-qnx* | linux-gnu* | storm-chaos* | os2-emx*)
+    os=-$maybe_os
+    basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
+    ;;
+  *)
+    basic_machine=`echo $1 | sed 's/-[^-]*$//'`
+    if [ $basic_machine != $1 ]
+    then os=`echo $1 | sed 's/.*-/-/'`
+    else os=; fi
+    ;;
+esac
+
+### Let's recognize common machines as not being operating systems so
+### that things like config.sub decstation-3100 work.  We also
+### recognize some manufacturers as not being operating systems, so we
+### can provide default operating systems below.
+case $os in
+	-sun*os*)
+		# Prevent following clause from handling this invalid input.
+		;;
+	-dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \
+	-att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \
+	-unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \
+	-convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
+	-c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
+	-harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
+	-apple | -axis)
+		os=
+		basic_machine=$1
+		;;
+	-sim | -cisco | -oki | -wec | -winbond)
+		os=
+		basic_machine=$1
+		;;
+	-scout)
+		;;
+	-wrs)
+		os=-vxworks
+		basic_machine=$1
+		;;
+	-hiux*)
+		os=-hiuxwe2
+		;;
+	-sco5)
+		os=-sco3.2v5
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco4)
+		os=-sco3.2v4
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco3.2.[4-9]*)
+		os=`echo $os | sed -e 's/sco3.2./sco3.2v/'`
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco3.2v[4-9]*)
+		# Don't forget version if it is 3.2v4 or newer.
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco*)
+		os=-sco3.2v2
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-udk*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-isc)
+		os=-isc2.2
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-clix*)
+		basic_machine=clipper-intergraph
+		;;
+	-isc*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-lynx*)
+		os=-lynxos
+		;;
+	-ptx*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'`
+		;;
+	-windowsnt*)
+		os=`echo $os | sed -e 's/windowsnt/winnt/'`
+		;;
+	-psos*)
+		os=-psos
+		;;
+	-mint | -mint[0-9]*)
+		basic_machine=m68k-atari
+		os=-mint
+		;;
+esac
+
+# Decode aliases for certain CPU-COMPANY combinations.
+case $basic_machine in
+	# Recognize the basic CPU types without company name.
+	# Some are omitted here because they have special meanings below.
+	tahoe | i860 | ia64 | m32r | m68k | m68000 | m88k | ns32k | arc \
+	        | arm | arme[lb] | arm[bl]e | armv[2345] | armv[345][lb] | strongarm | xscale \
+		| pyramid | mn10200 | mn10300 | tron | a29k \
+		| 580 | i960 | h8300 \
+		| x86 | ppcbe | mipsbe | mipsle | shbe | shle \
+		| hppa | hppa1.0 | hppa1.1 | hppa2.0 | hppa2.0w | hppa2.0n \
+		| hppa64 \
+		| alpha | alphaev[4-8] | alphaev56 | alphapca5[67] \
+		| alphaev6[78] \
+		| we32k | ns16k | clipper | i370 | sh | sh[34] \
+		| powerpc | powerpcle \
+		| 1750a | dsp16xx | pdp10 | pdp11 \
+		| mips16 | mips64 | mipsel | mips64el \
+		| mips64orion | mips64orionel | mipstx39 | mipstx39el \
+		| mips64vr4300 | mips64vr4300el | mips64vr4100 | mips64vr4100el \
+		| mips64vr5000 | miprs64vr5000el | mcore | s390 | s390x \
+		| sparc | sparclet | sparclite | sparc64 | sparcv9 | sparcv9b \
+		| v850 | c4x \
+		| thumb | d10v | d30v | fr30 | avr | openrisc | tic80 \
+		| pj | pjl | h8500)
+		basic_machine=$basic_machine-unknown
+		;;
+	m6811 | m68hc11 | m6812 | m68hc12)
+		# Motorola 68HC11/12.
+		basic_machine=$basic_machine-unknown
+		os=-none
+		;;
+	m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | z8k | v70 | w65)
+		;;
+
+	# We use `pc' rather than `unknown'
+	# because (1) that's what they normally are, and
+	# (2) the word "unknown" tends to confuse beginning users.
+	i*86 | x86_64)
+	  basic_machine=$basic_machine-pc
+	  ;;
+	# Object if more than one company name word.
+	*-*-*)
+		echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+		exit 1
+		;;
+	# Recognize the basic CPU types with company name.
+	# FIXME: clean up the formatting here.
+	vax-* | tahoe-* | i*86-* | i860-* | ia64-* | m32r-* | m68k-* | m68000-* \
+	      | m88k-* | sparc-* | ns32k-* | fx80-* | arc-* | c[123]* \
+	      | arm-*  | armbe-* | armle-* | armv*-* | strongarm-* | xscale-* \
+	      | mips-* | pyramid-* | tron-* | a29k-* | romp-* | rs6000-* \
+	      | power-* | none-* | 580-* | cray2-* | h8300-* | h8500-* | i960-* \
+	      | xmp-* | ymp-* \
+	      | x86-* | ppcbe-* | mipsbe-* | mipsle-* | shbe-* | shle-* \
+	      | hppa-* | hppa1.0-* | hppa1.1-* | hppa2.0-* | hppa2.0w-* \
+	      | hppa2.0n-* | hppa64-* \
+	      | alpha-* | alphaev[4-8]-* | alphaev56-* | alphapca5[67]-* \
+	      | alphaev6[78]-* \
+	      | we32k-* | cydra-* | ns16k-* | pn-* | np1-* | xps100-* \
+	      | clipper-* | orion-* \
+	      | sparclite-* | pdp10-* | pdp11-* | sh-* | powerpc-* | powerpcle-* \
+	      | sparc64-* | sparcv9-* | sparcv9b-* | sparc86x-* \
+	      | mips16-* | mips64-* | mipsel-* \
+	      | mips64el-* | mips64orion-* | mips64orionel-* \
+	      | mips64vr4100-* | mips64vr4100el-* | mips64vr4300-* | mips64vr4300el-* \
+	      | mipstx39-* | mipstx39el-* | mcore-* \
+	      | f30[01]-* | f700-* | s390-* | s390x-* | sv1-* | t3e-* \
+	      | [cjt]90-* \
+	      | m88110-* | m680[01234]0-* | m683?2-* | m68360-* | z8k-* | d10v-* \
+	      | thumb-* | v850-* | d30v-* | tic30-* | tic80-* | c30-* | fr30-* \
+	      | bs2000-* | tic54x-* | c54x-* | x86_64-* | pj-* | pjl-*)
+		;;
+	# Recognize the various machine names and aliases which stand
+	# for a CPU type and a company and sometimes even an OS.
+	386bsd)
+		basic_machine=i386-unknown
+		os=-bsd
+		;;
+	3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc)
+		basic_machine=m68000-att
+		;;
+	3b*)
+		basic_machine=we32k-att
+		;;
+	a29khif)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
+	adobe68k)
+		basic_machine=m68010-adobe
+		os=-scout
+		;;
+	alliant | fx80)
+		basic_machine=fx80-alliant
+		;;
+	altos | altos3068)
+		basic_machine=m68k-altos
+		;;
+	am29k)
+		basic_machine=a29k-none
+		os=-bsd
+		;;
+	amdahl)
+		basic_machine=580-amdahl
+		os=-sysv
+		;;
+	amiga | amiga-*)
+		basic_machine=m68k-unknown
+		;;
+	amigaos | amigados)
+		basic_machine=m68k-unknown
+		os=-amigaos
+		;;
+	amigaunix | amix)
+		basic_machine=m68k-unknown
+		os=-sysv4
+		;;
+	apollo68)
+		basic_machine=m68k-apollo
+		os=-sysv
+		;;
+	apollo68bsd)
+		basic_machine=m68k-apollo
+		os=-bsd
+		;;
+	aux)
+		basic_machine=m68k-apple
+		os=-aux
+		;;
+	balance)
+		basic_machine=ns32k-sequent
+		os=-dynix
+		;;
+	convex-c1)
+		basic_machine=c1-convex
+		os=-bsd
+		;;
+	convex-c2)
+		basic_machine=c2-convex
+		os=-bsd
+		;;
+	convex-c32)
+		basic_machine=c32-convex
+		os=-bsd
+		;;
+	convex-c34)
+		basic_machine=c34-convex
+		os=-bsd
+		;;
+	convex-c38)
+		basic_machine=c38-convex
+		os=-bsd
+		;;
+	cray | ymp)
+		basic_machine=ymp-cray
+		os=-unicos
+		;;
+	cray2)
+		basic_machine=cray2-cray
+		os=-unicos
+		;;
+	[cjt]90)
+		basic_machine=${basic_machine}-cray
+		os=-unicos
+		;;
+	crds | unos)
+		basic_machine=m68k-crds
+		;;
+	cris | cris-* | etrax*)
+		basic_machine=cris-axis
+		;;
+	da30 | da30-*)
+		basic_machine=m68k-da30
+		;;
+	decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn)
+		basic_machine=mips-dec
+		;;
+	delta | 3300 | motorola-3300 | motorola-delta \
+	      | 3300-motorola | delta-motorola)
+		basic_machine=m68k-motorola
+		;;
+	delta88)
+		basic_machine=m88k-motorola
+		os=-sysv3
+		;;
+	dpx20 | dpx20-*)
+		basic_machine=rs6000-bull
+		os=-bosx
+		;;
+	dpx2* | dpx2*-bull)
+		basic_machine=m68k-bull
+		os=-sysv3
+		;;
+	ebmon29k)
+		basic_machine=a29k-amd
+		os=-ebmon
+		;;
+	elxsi)
+		basic_machine=elxsi-elxsi
+		os=-bsd
+		;;
+	encore | umax | mmax)
+		basic_machine=ns32k-encore
+		;;
+	es1800 | OSE68k | ose68k | ose | OSE)
+		basic_machine=m68k-ericsson
+		os=-ose
+		;;
+	fx2800)
+		basic_machine=i860-alliant
+		;;
+	genix)
+		basic_machine=ns32k-ns
+		;;
+	gmicro)
+		basic_machine=tron-gmicro
+		os=-sysv
+		;;
+	go32)
+		basic_machine=i386-pc
+		os=-go32
+		;;
+	h3050r* | hiux*)
+		basic_machine=hppa1.1-hitachi
+		os=-hiuxwe2
+		;;
+	h8300hms)
+		basic_machine=h8300-hitachi
+		os=-hms
+		;;
+	h8300xray)
+		basic_machine=h8300-hitachi
+		os=-xray
+		;;
+	h8500hms)
+		basic_machine=h8500-hitachi
+		os=-hms
+		;;
+	harris)
+		basic_machine=m88k-harris
+		os=-sysv3
+		;;
+	hp300-*)
+		basic_machine=m68k-hp
+		;;
+	hp300bsd)
+		basic_machine=m68k-hp
+		os=-bsd
+		;;
+	hp300hpux)
+		basic_machine=m68k-hp
+		os=-hpux
+		;;
+	hp3k9[0-9][0-9] | hp9[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hp9k2[0-9][0-9] | hp9k31[0-9])
+		basic_machine=m68000-hp
+		;;
+	hp9k3[2-9][0-9])
+		basic_machine=m68k-hp
+		;;
+	hp9k6[0-9][0-9] | hp6[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hp9k7[0-79][0-9] | hp7[0-79][0-9])
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k78[0-9] | hp78[0-9])
+		# FIXME: really hppa2.0-hp
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893)
+		# FIXME: really hppa2.0-hp
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[0-9][13679] | hp8[0-9][13679])
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[0-9][0-9] | hp8[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hppa-next)
+		os=-nextstep3
+		;;
+	hppaosf)
+		basic_machine=hppa1.1-hp
+		os=-osf
+		;;
+	hppro)
+		basic_machine=hppa1.1-hp
+		os=-proelf
+		;;
+	i370-ibm* | ibm*)
+		basic_machine=i370-ibm
+		;;
+# I'm not sure what "Sysv32" means.  Should this be sysv3.2?
+	i*86v32)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv32
+		;;
+	i*86v4*)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv4
+		;;
+	i*86v)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv
+		;;
+	i*86sol2)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-solaris2
+		;;
+	i386mach)
+		basic_machine=i386-mach
+		os=-mach
+		;;
+	i386-vsta | vsta)
+		basic_machine=i386-unknown
+		os=-vsta
+		;;
+	iris | iris4d)
+		basic_machine=mips-sgi
+		case $os in
+		    -irix*)
+			;;
+		    *)
+			os=-irix4
+			;;
+		esac
+		;;
+	isi68 | isi)
+		basic_machine=m68k-isi
+		os=-sysv
+		;;
+	m88k-omron*)
+		basic_machine=m88k-omron
+		;;
+	magnum | m3230)
+		basic_machine=mips-mips
+		os=-sysv
+		;;
+	merlin)
+		basic_machine=ns32k-utek
+		os=-sysv
+		;;
+	mingw32)
+		basic_machine=i386-pc
+		os=-mingw32
+		;;
+	miniframe)
+		basic_machine=m68000-convergent
+		;;
+	*mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*)
+		basic_machine=m68k-atari
+		os=-mint
+		;;
+	mipsel*-linux*)
+		basic_machine=mipsel-unknown
+		os=-linux-gnu
+		;;
+	mips*-linux*)
+		basic_machine=mips-unknown
+		os=-linux-gnu
+		;;
+	mips3*-*)
+		basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`
+		;;
+	mips3*)
+		basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown
+		;;
+	mmix*)
+		basic_machine=mmix-knuth
+		os=-mmixware
+		;;
+	monitor)
+		basic_machine=m68k-rom68k
+		os=-coff
+		;;
+	msdos)
+		basic_machine=i386-pc
+		os=-msdos
+		;;
+	mvs)
+		basic_machine=i370-ibm
+		os=-mvs
+		;;
+	ncr3000)
+		basic_machine=i486-ncr
+		os=-sysv4
+		;;
+	netbsd386)
+		basic_machine=i386-unknown
+		os=-netbsd
+		;;
+	netwinder)
+		basic_machine=armv4l-rebel
+		os=-linux
+		;;
+	news | news700 | news800 | news900)
+		basic_machine=m68k-sony
+		os=-newsos
+		;;
+	news1000)
+		basic_machine=m68030-sony
+		os=-newsos
+		;;
+	news-3600 | risc-news)
+		basic_machine=mips-sony
+		os=-newsos
+		;;
+	necv70)
+		basic_machine=v70-nec
+		os=-sysv
+		;;
+	next | m*-next )
+		basic_machine=m68k-next
+		case $os in
+		    -nextstep* )
+			;;
+		    -ns2*)
+		      os=-nextstep2
+			;;
+		    *)
+		      os=-nextstep3
+			;;
+		esac
+		;;
+	nh3000)
+		basic_machine=m68k-harris
+		os=-cxux
+		;;
+	nh[45]000)
+		basic_machine=m88k-harris
+		os=-cxux
+		;;
+	nindy960)
+		basic_machine=i960-intel
+		os=-nindy
+		;;
+	mon960)
+		basic_machine=i960-intel
+		os=-mon960
+		;;
+	nonstopux)
+		basic_machine=mips-compaq
+		os=-nonstopux
+		;;
+	np1)
+		basic_machine=np1-gould
+		;;
+	nsr-tandem)
+		basic_machine=nsr-tandem
+		;;
+	op50n-* | op60c-*)
+		basic_machine=hppa1.1-oki
+		os=-proelf
+		;;
+	OSE68000 | ose68000)
+		basic_machine=m68000-ericsson
+		os=-ose
+		;;
+	os68k)
+		basic_machine=m68k-none
+		os=-os68k
+		;;
+	pa-hitachi)
+		basic_machine=hppa1.1-hitachi
+		os=-hiuxwe2
+		;;
+	paragon)
+		basic_machine=i860-intel
+		os=-osf
+		;;
+	pbd)
+		basic_machine=sparc-tti
+		;;
+	pbb)
+		basic_machine=m68k-tti
+		;;
+        pc532 | pc532-*)
+		basic_machine=ns32k-pc532
+		;;
+	pentium | p5 | k5 | k6 | nexgen)
+		basic_machine=i586-pc
+		;;
+	pentiumpro | p6 | 6x86 | athlon)
+		basic_machine=i686-pc
+		;;
+	pentiumii | pentium2)
+		basic_machine=i686-pc
+		;;
+	pentium-* | p5-* | k5-* | k6-* | nexgen-*)
+		basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentiumpro-* | p6-* | 6x86-* | athlon-*)
+		basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentiumii-* | pentium2-*)
+		basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pn)
+		basic_machine=pn-gould
+		;;
+	power)	basic_machine=power-ibm
+		;;
+	ppc)	basic_machine=powerpc-unknown
+	        ;;
+	ppc-*)	basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ppcle | powerpclittle | ppc-le | powerpc-little)
+		basic_machine=powerpcle-unknown
+	        ;;
+	ppcle-* | powerpclittle-*)
+		basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ps2)
+		basic_machine=i386-ibm
+		;;
+	pw32)
+		basic_machine=i586-unknown
+		os=-pw32
+		;;
+	rom68k)
+		basic_machine=m68k-rom68k
+		os=-coff
+		;;
+	rm[46]00)
+		basic_machine=mips-siemens
+		;;
+	rtpc | rtpc-*)
+		basic_machine=romp-ibm
+		;;
+	sa29200)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
+	sequent)
+		basic_machine=i386-sequent
+		;;
+	sh)
+		basic_machine=sh-hitachi
+		os=-hms
+		;;
+	sparclite-wrs)
+		basic_machine=sparclite-wrs
+		os=-vxworks
+		;;
+	sps7)
+		basic_machine=m68k-bull
+		os=-sysv2
+		;;
+	spur)
+		basic_machine=spur-unknown
+		;;
+	st2000)
+		basic_machine=m68k-tandem
+		;;
+	stratus)
+		basic_machine=i860-stratus
+		os=-sysv4
+		;;
+	sun2)
+		basic_machine=m68000-sun
+		;;
+	sun2os3)
+		basic_machine=m68000-sun
+		os=-sunos3
+		;;
+	sun2os4)
+		basic_machine=m68000-sun
+		os=-sunos4
+		;;
+	sun3os3)
+		basic_machine=m68k-sun
+		os=-sunos3
+		;;
+	sun3os4)
+		basic_machine=m68k-sun
+		os=-sunos4
+		;;
+	sun4os3)
+		basic_machine=sparc-sun
+		os=-sunos3
+		;;
+	sun4os4)
+		basic_machine=sparc-sun
+		os=-sunos4
+		;;
+	sun4sol2)
+		basic_machine=sparc-sun
+		os=-solaris2
+		;;
+	sun3 | sun3-*)
+		basic_machine=m68k-sun
+		;;
+	sun4)
+		basic_machine=sparc-sun
+		;;
+	sun386 | sun386i | roadrunner)
+		basic_machine=i386-sun
+		;;
+	sv1)
+		basic_machine=sv1-cray
+		os=-unicos
+		;;
+	symmetry)
+		basic_machine=i386-sequent
+		os=-dynix
+		;;
+	t3e)
+		basic_machine=t3e-cray
+		os=-unicos
+		;;
+	tic54x | c54x*)
+		basic_machine=tic54x-unknown
+		os=-coff
+		;;
+	tx39)
+		basic_machine=mipstx39-unknown
+		;;
+	tx39el)
+		basic_machine=mipstx39el-unknown
+		;;
+	tower | tower-32)
+		basic_machine=m68k-ncr
+		;;
+	udi29k)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
+	ultra3)
+		basic_machine=a29k-nyu
+		os=-sym1
+		;;
+	v810 | necv810)
+		basic_machine=v810-nec
+		os=-none
+		;;
+	vaxv)
+		basic_machine=vax-dec
+		os=-sysv
+		;;
+	vms)
+		basic_machine=vax-dec
+		os=-vms
+		;;
+	vpp*|vx|vx-*)
+               basic_machine=f301-fujitsu
+               ;;
+	vxworks960)
+		basic_machine=i960-wrs
+		os=-vxworks
+		;;
+	vxworks68)
+		basic_machine=m68k-wrs
+		os=-vxworks
+		;;
+	vxworks29k)
+		basic_machine=a29k-wrs
+		os=-vxworks
+		;;
+	w65*)
+		basic_machine=w65-wdc
+		os=-none
+		;;
+	w89k-*)
+		basic_machine=hppa1.1-winbond
+		os=-proelf
+		;;
+	xmp)
+		basic_machine=xmp-cray
+		os=-unicos
+		;;
+        xps | xps100)
+		basic_machine=xps100-honeywell
+		;;
+	z8k-*-coff)
+		basic_machine=z8k-unknown
+		os=-sim
+		;;
+	none)
+		basic_machine=none-none
+		os=-none
+		;;
+
+# Here we handle the default manufacturer of certain CPU types.  It is in
+# some cases the only manufacturer, in others, it is the most popular.
+	w89k)
+		basic_machine=hppa1.1-winbond
+		;;
+	op50n)
+		basic_machine=hppa1.1-oki
+		;;
+	op60c)
+		basic_machine=hppa1.1-oki
+		;;
+	mips)
+		if [ x$os = x-linux-gnu ]; then
+			basic_machine=mips-unknown
+		else
+			basic_machine=mips-mips
+		fi
+		;;
+	romp)
+		basic_machine=romp-ibm
+		;;
+	rs6000)
+		basic_machine=rs6000-ibm
+		;;
+	vax)
+		basic_machine=vax-dec
+		;;
+	pdp10)
+		# there are many clones, so DEC is not a safe bet
+		basic_machine=pdp10-unknown
+		;;
+	pdp11)
+		basic_machine=pdp11-dec
+		;;
+	we32k)
+		basic_machine=we32k-att
+		;;
+	sh3 | sh4)
+		basic_machine=sh-unknown
+		;;
+	sparc | sparcv9 | sparcv9b)
+		basic_machine=sparc-sun
+		;;
+        cydra)
+		basic_machine=cydra-cydrome
+		;;
+	orion)
+		basic_machine=orion-highlevel
+		;;
+	orion105)
+		basic_machine=clipper-highlevel
+		;;
+	mac | mpw | mac-mpw)
+		basic_machine=m68k-apple
+		;;
+	pmac | pmac-mpw)
+		basic_machine=powerpc-apple
+		;;
+	c4x*)
+		basic_machine=c4x-none
+		os=-coff
+		;;
+	*-unknown)
+		# Make sure to match an already-canonicalized machine name.
+		;;
+	*)
+		echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+		exit 1
+		;;
+esac
+
+# Here we canonicalize certain aliases for manufacturers.
+case $basic_machine in
+	*-digital*)
+		basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'`
+		;;
+	*-commodore*)
+		basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'`
+		;;
+	*)
+		;;
+esac
+
+# Decode manufacturer-specific aliases for certain operating systems.
+
+if [ x"$os" != x"" ]
+then
+case $os in
+        # First match some system type aliases
+        # that might get confused with valid system types.
+	# -solaris* is a basic system type, with this one exception.
+	-solaris1 | -solaris1.*)
+		os=`echo $os | sed -e 's|solaris1|sunos4|'`
+		;;
+	-solaris)
+		os=-solaris2
+		;;
+	-svr4*)
+		os=-sysv4
+		;;
+	-unixware*)
+		os=-sysv4.2uw
+		;;
+	-gnu/linux*)
+		os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'`
+		;;
+	# First accept the basic system types.
+	# The portable systems comes first.
+	# Each alternative MUST END IN A *, to match a version number.
+	# -sysv* is not here because it comes later, after sysvr4.
+	-gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
+	      | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\
+	      | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \
+	      | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
+	      | -aos* \
+	      | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
+	      | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
+	      | -hiux* | -386bsd* | -netbsd* | -openbsd* | -freebsd* | -riscix* \
+	      | -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
+	      | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
+	      | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
+	      | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
+	      | -mingw32* | -linux-gnu* | -uxpv* | -beos* | -mpeix* | -udk* \
+	      | -interix* | -uwin* | -rhapsody* | -darwin* | -opened* \
+	      | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
+	      | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* | -os2*)
+	# Remember, each alternative MUST END IN *, to match a version number.
+		;;
+	-qnx*)
+		case $basic_machine in
+		    x86-* | i*86-*)
+			;;
+		    *)
+			os=-nto$os
+			;;
+		esac
+		;;
+	-nto*)
+		os=-nto-qnx
+		;;
+	-sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \
+	      | -windows* | -osx | -abug | -netware* | -os9* | -beos* \
+	      | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*)
+		;;
+	-mac*)
+		os=`echo $os | sed -e 's|mac|macos|'`
+		;;
+	-linux*)
+		os=`echo $os | sed -e 's|linux|linux-gnu|'`
+		;;
+	-sunos5*)
+		os=`echo $os | sed -e 's|sunos5|solaris2|'`
+		;;
+	-sunos6*)
+		os=`echo $os | sed -e 's|sunos6|solaris3|'`
+		;;
+	-opened*)
+		os=-openedition
+		;;
+	-wince*)
+		os=-wince
+		;;
+	-osfrose*)
+		os=-osfrose
+		;;
+	-osf*)
+		os=-osf
+		;;
+	-utek*)
+		os=-bsd
+		;;
+	-dynix*)
+		os=-bsd
+		;;
+	-acis*)
+		os=-aos
+		;;
+	-386bsd)
+		os=-bsd
+		;;
+	-ctix* | -uts*)
+		os=-sysv
+		;;
+	-ns2 )
+	        os=-nextstep2
+		;;
+	-nsk*)
+		os=-nsk
+		;;
+	# Preserve the version number of sinix5.
+	-sinix5.*)
+		os=`echo $os | sed -e 's|sinix|sysv|'`
+		;;
+	-sinix*)
+		os=-sysv4
+		;;
+	-triton*)
+		os=-sysv3
+		;;
+	-oss*)
+		os=-sysv3
+		;;
+	-svr4)
+		os=-sysv4
+		;;
+	-svr3)
+		os=-sysv3
+		;;
+	-sysvr4)
+		os=-sysv4
+		;;
+	# This must come after -sysvr4.
+	-sysv*)
+		;;
+	-ose*)
+		os=-ose
+		;;
+	-es1800*)
+		os=-ose
+		;;
+	-xenix)
+		os=-xenix
+		;;
+        -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+	        os=-mint
+		;;
+	-none)
+		;;
+	*)
+		# Get rid of the `-' at the beginning of $os.
+		os=`echo $os | sed 's/[^-]*-//'`
+		echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2
+		exit 1
+		;;
+esac
+else
+
+# Here we handle the default operating systems that come with various machines.
+# The value should be what the vendor currently ships out the door with their
+# machine or put another way, the most popular os provided with the machine.
+
+# Note that if you're going to try to match "-MANUFACTURER" here (say,
+# "-sun"), then you have to tell the case statement up towards the top
+# that MANUFACTURER isn't an operating system.  Otherwise, code above
+# will signal an error saying that MANUFACTURER isn't an operating
+# system, and we'll never get to this point.
+
+case $basic_machine in
+	*-acorn)
+		os=-riscix1.2
+		;;
+	arm*-rebel)
+		os=-linux
+		;;
+	arm*-semi)
+		os=-aout
+		;;
+	pdp10-*)
+		os=-tops20
+		;;
+        pdp11-*)
+		os=-none
+		;;
+	*-dec | vax-*)
+		os=-ultrix4.2
+		;;
+	m68*-apollo)
+		os=-domain
+		;;
+	i386-sun)
+		os=-sunos4.0.2
+		;;
+	m68000-sun)
+		os=-sunos3
+		# This also exists in the configure program, but was not the
+		# default.
+		# os=-sunos4
+		;;
+	m68*-cisco)
+		os=-aout
+		;;
+	mips*-cisco)
+		os=-elf
+		;;
+	mips*-*)
+		os=-elf
+		;;
+	*-tti)	# must be before sparc entry or we get the wrong os.
+		os=-sysv3
+		;;
+	sparc-* | *-sun)
+		os=-sunos4.1.1
+		;;
+	*-be)
+		os=-beos
+		;;
+	*-ibm)
+		os=-aix
+		;;
+	*-wec)
+		os=-proelf
+		;;
+	*-winbond)
+		os=-proelf
+		;;
+	*-oki)
+		os=-proelf
+		;;
+	*-hp)
+		os=-hpux
+		;;
+	*-hitachi)
+		os=-hiux
+		;;
+	i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent)
+		os=-sysv
+		;;
+	*-cbm)
+		os=-amigaos
+		;;
+	*-dg)
+		os=-dgux
+		;;
+	*-dolphin)
+		os=-sysv3
+		;;
+	m68k-ccur)
+		os=-rtu
+		;;
+	m88k-omron*)
+		os=-luna
+		;;
+	*-next )
+		os=-nextstep
+		;;
+	*-sequent)
+		os=-ptx
+		;;
+	*-crds)
+		os=-unos
+		;;
+	*-ns)
+		os=-genix
+		;;
+	i370-*)
+		os=-mvs
+		;;
+	*-next)
+		os=-nextstep3
+		;;
+        *-gould)
+		os=-sysv
+		;;
+        *-highlevel)
+		os=-bsd
+		;;
+	*-encore)
+		os=-bsd
+		;;
+        *-sgi)
+		os=-irix
+		;;
+        *-siemens)
+		os=-sysv4
+		;;
+	*-masscomp)
+		os=-rtu
+		;;
+	f30[01]-fujitsu | f700-fujitsu)
+		os=-uxpv
+		;;
+	*-rom68k)
+		os=-coff
+		;;
+	*-*bug)
+		os=-coff
+		;;
+	*-apple)
+		os=-macos
+		;;
+	*-atari*)
+		os=-mint
+		;;
+	*)
+		os=-none
+		;;
+esac
+fi
+
+# Here we handle the case where we know the os, and the CPU type, but not the
+# manufacturer.  We pick the logical manufacturer.
+vendor=unknown
+case $basic_machine in
+	*-unknown)
+		case $os in
+			-riscix*)
+				vendor=acorn
+				;;
+			-sunos*)
+				vendor=sun
+				;;
+			-aix*)
+				vendor=ibm
+				;;
+			-beos*)
+				vendor=be
+				;;
+			-hpux*)
+				vendor=hp
+				;;
+			-mpeix*)
+				vendor=hp
+				;;
+			-hiux*)
+				vendor=hitachi
+				;;
+			-unos*)
+				vendor=crds
+				;;
+			-dgux*)
+				vendor=dg
+				;;
+			-luna*)
+				vendor=omron
+				;;
+			-genix*)
+				vendor=ns
+				;;
+			-mvs* | -opened*)
+				vendor=ibm
+				;;
+			-ptx*)
+				vendor=sequent
+				;;
+			-vxsim* | -vxworks*)
+				vendor=wrs
+				;;
+			-aux*)
+				vendor=apple
+				;;
+			-hms*)
+				vendor=hitachi
+				;;
+			-mpw* | -macos*)
+				vendor=apple
+				;;
+			-*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+				vendor=atari
+				;;
+		esac
+		basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"`
+		;;
+esac
+
+echo $basic_machine$os
+exit 0
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
diff -ruN --exclude CVS ssh-openbsd-2002030700/configure.ac openssh-3.1p1/configure.ac
--- ssh-openbsd-2002030700/configure.ac	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/configure.ac	Wed Feb 27 17:12:35 2002
@@ -0,0 +1,2338 @@
+# $Id: configure.ac,v 1.23 2002/02/27 06:12:35 tim Exp $
+
+AC_INIT
+AC_CONFIG_SRCDIR([ssh.c])
+
+AC_CONFIG_HEADER(config.h)
+AC_PROG_CC
+AC_CANONICAL_HOST
+AC_C_BIGENDIAN
+
+# Checks for programs.
+AC_PROG_CPP
+AC_PROG_RANLIB
+AC_PROG_INSTALL
+AC_PATH_PROG(AR, ar)
+AC_PATH_PROGS(PERL, perl5 perl)
+AC_SUBST(PERL)
+AC_PATH_PROG(ENT, ent)
+AC_SUBST(ENT)
+AC_PATH_PROGS(FILEPRIV, filepriv, true, /sbin:/usr/sbin)
+AC_PATH_PROG(TEST_MINUS_S_SH, bash)
+AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
+AC_PATH_PROG(TEST_MINUS_S_SH, sh)
+
+# System features
+AC_SYS_LARGEFILE
+
+if test -z "$AR" ; then
+	AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***])
+fi
+
+# Use LOGIN_PROGRAM from environment if possible
+if test ! -z "$LOGIN_PROGRAM" ; then
+	AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM")
+else
+	# Search for login
+	AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
+	if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
+		AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM_FALLBACK")
+	fi
+fi
+
+if test -z "$LD" ; then
+	LD=$CC
+fi
+AC_SUBST(LD)
+	
+AC_C_INLINE
+if test "$GCC" = "yes" || test "$GCC" = "egcs"; then 
+	CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wno-uninitialized"
+fi
+
+# Check for some target-specific stuff
+case "$host" in
+*-*-aix*)
+	AFS_LIBS="-lld"
+	CPPFLAGS="$CPPFLAGS -I/usr/local/include"
+	LDFLAGS="$LDFLAGS -L/usr/local/lib"
+	if (test "$LD" != "gcc" && test -z "$blibpath"); then
+		blibpath="/usr/lib:/lib:/usr/local/lib"
+	fi
+	AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)])
+	AC_DEFINE(BROKEN_GETADDRINFO)
+	dnl AIX handles lastlog as part of its login message
+	AC_DEFINE(DISABLE_LASTLOG)
+	AC_DEFINE(HAVE_BOGUS_SYS_QUEUE_H)
+	;;
+*-*-cygwin*)
+	LIBS="$LIBS /usr/lib/textmode.o"
+	AC_DEFINE(HAVE_CYGWIN)
+	AC_DEFINE(USE_PIPES)
+	AC_DEFINE(DISABLE_SHADOW)
+	AC_DEFINE(IPV4_DEFAULT)
+	AC_DEFINE(IP_TOS_IS_BROKEN)
+	AC_DEFINE(NO_X11_UNIX_SOCKETS)
+	;;
+*-*-dgux*)
+	AC_DEFINE(IP_TOS_IS_BROKEN)
+	;;
+*-*-darwin*)
+	AC_DEFINE(BROKEN_GETADDRINFO)
+	;;
+*-*-hpux10*)
+	if test -z "$GCC"; then
+		CFLAGS="$CFLAGS -Ae"
+	fi
+	CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
+	IPADDR_IN_DISPLAY=yes
+	AC_DEFINE(USE_PIPES)
+	AC_DEFINE(DISABLE_SHADOW)
+	AC_DEFINE(DISABLE_UTMP)
+	AC_DEFINE(SPT_TYPE,SPT_PSTAT)
+	LIBS="$LIBS -lxnet -lsec"
+	;;
+*-*-hpux11*)
+	CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
+	IPADDR_IN_DISPLAY=yes
+	AC_DEFINE(PAM_SUN_CODEBASE)
+	AC_DEFINE(USE_PIPES)
+	AC_DEFINE(DISABLE_SHADOW)
+	AC_DEFINE(DISABLE_UTMP)
+	AC_DEFINE(SPT_TYPE,SPT_PSTAT)
+	LIBS="$LIBS -lxnet -lsec"
+	;;
+*-*-irix5*)
+	CPPFLAGS="$CPPFLAGS -I/usr/local/include"
+	LDFLAGS="$LDFLAGS"
+	PATH="$PATH:/usr/etc"
+	AC_DEFINE(BROKEN_INET_NTOA)
+	;;
+*-*-irix6*)
+	CPPFLAGS="$CPPFLAGS -I/usr/local/include"
+	LDFLAGS="$LDFLAGS"
+	PATH="$PATH:/usr/etc"
+	AC_DEFINE(WITH_IRIX_ARRAY)
+	AC_DEFINE(WITH_IRIX_PROJECT)
+	AC_DEFINE(WITH_IRIX_AUDIT)
+	AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS)])
+	AC_DEFINE(BROKEN_INET_NTOA)
+	;;
+*-*-linux*)
+	no_dev_ptmx=1
+	check_for_libcrypt_later=1
+	AC_DEFINE(DONT_TRY_OTHER_AF)
+	AC_DEFINE(PAM_TTY_KLUDGE)
+	AC_DEFINE(HAVE_BOGUS_SYS_QUEUE_H)
+	inet6_default_4in6=yes
+	;;
+mips-sony-bsd|mips-sony-newsos4)
+	AC_DEFINE(HAVE_NEWS4)
+	SONY=1
+	AC_CHECK_LIB(iberty, xatexit, AC_DEFINE(HAVE_XATEXIT),
+		AC_MSG_ERROR([*** libiberty missing - please install first or check config.log ***])
+        )
+	;;
+*-*-netbsd*)
+	need_dash_r=1
+	;;
+*-*-freebsd*)
+	check_for_libcrypt_later=1
+	;;
+*-next-*)
+	conf_lastlog_location="/usr/adm/lastlog"
+	conf_utmp_location=/etc/utmp
+	conf_wtmp_location=/usr/adm/wtmp
+	MAIL=/usr/spool/mail
+	AC_DEFINE(HAVE_NEXT)
+	AC_DEFINE(BROKEN_REALPATH)
+	AC_DEFINE(USE_PIPES)
+	AC_DEFINE(BROKEN_SAVED_UIDS)
+	CPPFLAGS="$CPPFLAGS -I/usr/local/include"
+	CFLAGS="$CFLAGS"
+	;;
+*-*-solaris*)
+	CPPFLAGS="$CPPFLAGS -I/usr/local/include"
+	LDFLAGS="$LDFLAGS -L/usr/local/lib -R/usr/local/lib" 
+	need_dash_r=1
+	AC_DEFINE(PAM_SUN_CODEBASE)
+	AC_DEFINE(LOGIN_NEEDS_UTMPX)
+	AC_DEFINE(LOGIN_NEEDS_TERM)
+	AC_DEFINE(PAM_TTY_KLUDGE)
+	# hardwire lastlog location (can't detect it on some versions)
+	conf_lastlog_location="/var/adm/lastlog"
+	AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
+	sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
+	if test "$sol2ver" -ge 8; then
+		AC_MSG_RESULT(yes)
+		AC_DEFINE(DISABLE_UTMP)
+		AC_DEFINE(DISABLE_WTMP)
+	else
+		AC_MSG_RESULT(no)
+	fi
+	;;
+*-*-sunos4*)
+	CPPFLAGS="$CPPFLAGS -DSUNOS4"
+	AC_CHECK_FUNCS(getpwanam)
+	AC_DEFINE(PAM_SUN_CODEBASE)
+	AC_DEFINE(HAVE_BOGUS_SYS_QUEUE_H)
+	conf_utmp_location=/etc/utmp
+	conf_wtmp_location=/var/adm/wtmp
+	conf_lastlog_location=/var/adm/lastlog
+	AC_DEFINE(USE_PIPES)
+	;;
+*-ncr-sysv*)
+	CPPFLAGS="$CPPFLAGS -I/usr/local/include"
+	LDFLAGS="$LDFLAGS -L/usr/local/lib"
+	LIBS="$LIBS -lc89"
+	AC_DEFINE(HAVE_BOGUS_SYS_QUEUE_H)
+	AC_DEFINE(USE_PIPES)
+	;;
+*-sni-sysv*)
+	CPPFLAGS="$CPPFLAGS -I/usr/local/include"
+	# /usr/ucblib MUST NOT be searched on ReliantUNIX
+	LDFLAGS="$LDFLAGS -L/usr/local/lib"
+	IPADDR_IN_DISPLAY=yes
+	AC_DEFINE(USE_PIPES)
+	AC_DEFINE(IP_TOS_IS_BROKEN)
+	AC_DEFINE(HAVE_BOGUS_SYS_QUEUE_H)
+	# /usr/ucblib/libucb.a no longer needed on ReliantUNIX
+	# Attention: always take care to bind libsocket and libnsl before libc,
+	# otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
+	;;
+*-*-sysv4.2*)
+	CPPFLAGS="$CPPFLAGS -I/usr/local/include"
+	LDFLAGS="$LDFLAGS -L/usr/local/lib"
+#	enable_suid_ssh=no
+	AC_DEFINE(USE_PIPES)
+	;;
+*-*-sysv5*)
+	CPPFLAGS="$CPPFLAGS -I/usr/local/include"
+	LDFLAGS="$LDFLAGS -L/usr/local/lib"
+#	enable_suid_ssh=no
+	AC_DEFINE(USE_PIPES)
+	;;
+*-*-sysv*)
+	CPPFLAGS="$CPPFLAGS -I/usr/local/include"
+	LDFLAGS="$LDFLAGS -L/usr/local/lib"
+	;;
+*-*-sco3.2v4*)
+	CPPFLAGS="$CPPFLAGS -Dftruncate=chsize -I/usr/local/include"
+	LDFLAGS="$LDFLAGS -L/usr/local/lib"
+	LIBS="$LIBS -los -lprot -lx -ltinfo -lm"
+	rsh_path="/usr/bin/rcmd"
+	RANLIB=true
+	no_dev_ptmx=1
+	AC_DEFINE(BROKEN_SYS_TERMIO_H)
+	AC_DEFINE(USE_PIPES)
+	AC_DEFINE(HAVE_SCO_PROTECTED_PW)
+	AC_DEFINE(DISABLE_SHADOW)
+	AC_DEFINE(HAVE_BOGUS_SYS_QUEUE_H)
+	AC_DEFINE(BROKEN_SAVED_UIDS)
+	AC_CHECK_FUNCS(getluid setluid)
+	MANTYPE=man
+	do_sco3_extra_lib_check=yes
+	;;
+*-*-sco3.2v5*)
+	CPPFLAGS="$CPPFLAGS -I/usr/local/include"
+	LDFLAGS="$LDFLAGS -L/usr/local/lib"
+	LIBS="$LIBS -lprot -lx -ltinfo -lm"
+	no_dev_ptmx=1
+	rsh_path="/usr/bin/rcmd"
+	AC_DEFINE(USE_PIPES)
+	AC_DEFINE(HAVE_SCO_PROTECTED_PW)
+	AC_DEFINE(DISABLE_SHADOW)
+	AC_DEFINE(HAVE_BOGUS_SYS_QUEUE_H)
+	AC_CHECK_FUNCS(getluid setluid)
+	MANTYPE=man
+	;;
+*-*-unicos*)
+	no_libsocket=1
+	no_libnsl=1
+	AC_DEFINE(USE_PIPES)
+	LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal,-L/usr/local/lib"
+	LIBS="$LIBS -lgen -lrsc"
+	;;
+*-dec-osf*)
+	AC_MSG_CHECKING(for Digital Unix SIA)
+	no_osfsia=""
+	AC_ARG_WITH(osfsia,
+		[  --with-osfsia           Enable Digital Unix SIA],
+		[
+			if test "x$withval" = "xno" ; then
+				AC_MSG_RESULT(disabled)
+				no_osfsia=1
+			fi
+		],
+	)
+	if test -z "$no_osfsia" ; then
+		if test -f /etc/sia/matrix.conf; then
+			AC_MSG_RESULT(yes)
+			AC_DEFINE(HAVE_OSF_SIA)
+			AC_DEFINE(DISABLE_LOGIN)
+			LIBS="$LIBS -lsecurity -ldb -lm -laud"
+		else
+			AC_MSG_RESULT(no)
+		fi
+	fi
+	;;
+
+*-*-nto-qnx)
+	AC_DEFINE(USE_PIPES)
+	AC_DEFINE(NO_X11_UNIX_SOCKETS)
+	AC_DEFINE(MISSING_NFDBITS)
+	AC_DEFINE(MISSING_HOWMANY)
+	AC_DEFINE(MISSING_FD_MASK)
+	;;
+esac
+
+# Allow user to specify flags
+AC_ARG_WITH(cflags,
+	[  --with-cflags           Specify additional flags to pass to compiler],
+	[
+		if test "x$withval" != "xno" ; then
+			CFLAGS="$CFLAGS $withval"
+		fi
+	]	
+)
+AC_ARG_WITH(cppflags,
+	[  --with-cppflags         Specify additional flags to pass to preprocessor] ,
+	[
+		if test "x$withval" != "xno"; then
+			CPPFLAGS="$CPPFLAGS $withval"
+		fi
+	]
+)
+AC_ARG_WITH(ldflags,
+	[  --with-ldflags          Specify additional flags to pass to linker],
+	[
+		if test "x$withval" != "xno" ; then
+			LDFLAGS="$LDFLAGS $withval"
+		fi
+	]	
+)
+AC_ARG_WITH(libs,
+	[  --with-libs             Specify additional libraries to link with],
+	[
+		if test "x$withval" != "xno" ; then
+			LIBS="$LIBS $withval"
+		fi
+	]	
+)
+
+# Checks for header files.
+AC_CHECK_HEADERS(bstring.h crypt.h endian.h floatingpoint.h \
+	getopt.h glob.h lastlog.h limits.h login.h \
+	login_cap.h maillock.h netdb.h netgroup.h \
+	netinet/in_systm.h paths.h poll.h pty.h \
+	security/pam_appl.h shadow.h stddef.h stdint.h \
+	strings.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h \
+	sys/poll.h sys/queue.h sys/select.h sys/stat.h \
+	sys/stropts.h sys/sysmacros.h sys/time.h \
+	sys/ttcompat.h sys/un.h time.h ttyent.h usersec.h \
+	util.h utime.h utmp.h utmpx.h)
+
+# Checks for libraries.
+AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
+AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
+
+dnl SCO OS3 needs this for libwrap
+if test "x$with_tcp_wrappers" != "xno" ; then
+    if test "x$do_sco3_extra_lib_check" = "xyes" ; then
+	AC_CHECK_LIB(rpc, innetgr, LIBS="-lrpc -lyp -lrpc $LIBS" , , -lyp -lrpc)
+    fi
+fi
+
+AC_CHECK_FUNC(getspnam, ,
+	AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
+
+AC_ARG_WITH(rpath,
+	[  --without-rpath         Disable auto-added -R linker paths],
+	[
+		if test "x$withval" = "xno" ; then	
+			need_dash_r=""
+		fi
+		if test "x$withval" = "xyes" ; then
+			need_dash_r=1
+		fi
+	]
+)
+
+dnl zlib is required
+AC_ARG_WITH(zlib,
+	[  --with-zlib=PATH        Use zlib in PATH],
+	[
+		if test "x$withval" = "xno" ; then
+			AC_MSG_ERROR([*** zlib is required ***])
+		fi
+		if test -d "$withval/lib"; then
+			if test -n "${need_dash_r}"; then
+				LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
+			else
+				LDFLAGS="-L${withval}/lib ${LDFLAGS}"
+			fi
+		else
+			if test -n "${need_dash_r}"; then
+				LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
+			else
+				LDFLAGS="-L${withval} ${LDFLAGS}"
+			fi
+		fi
+		if test -d "$withval/include"; then
+			CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
+		else
+			CPPFLAGS="-I${withval} ${CPPFLAGS}"
+		fi
+	]
+)
+
+AC_CHECK_LIB(z, deflate, ,AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***]))
+
+dnl UnixWare 2.x
+AC_CHECK_FUNC(strcasecmp, 
+	[], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
+)
+AC_CHECK_FUNC(utimes, 
+	[], [ AC_CHECK_LIB(c89, utimes, LIBS="$LIBS -lc89") ]
+)
+
+dnl    Checks for libutil functions
+AC_CHECK_HEADERS(libutil.h)
+AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN)])
+AC_CHECK_FUNCS(logout updwtmp logwtmp)
+
+AC_FUNC_STRFTIME
+
+# Check for ALTDIRFUNC glob() extension
+AC_MSG_CHECKING(for GLOB_ALTDIRFUNC support)
+AC_EGREP_CPP(FOUNDIT,
+	[
+		#include <glob.h>
+		#ifdef GLOB_ALTDIRFUNC
+		FOUNDIT
+		#endif
+	], 
+	[
+		AC_DEFINE(GLOB_HAS_ALTDIRFUNC)
+		AC_MSG_RESULT(yes)
+	],
+	[
+		AC_MSG_RESULT(no)
+	]
+)
+
+# Check for g.gl_matchc glob() extension
+AC_MSG_CHECKING(for gl_matchc field in glob_t)
+AC_EGREP_CPP(FOUNDIT,
+        [
+                #include <glob.h>
+		int main(void){glob_t g; g.gl_matchc = 1;}
+        ],
+        [
+                AC_DEFINE(GLOB_HAS_GL_MATCHC)
+                AC_MSG_RESULT(yes)
+        ],
+        [
+                AC_MSG_RESULT(no)
+        ]
+)
+
+AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
+AC_TRY_RUN(
+	[
+#include <sys/types.h>
+#include <dirent.h>
+int main(void){struct dirent d;return(sizeof(d.d_name)<=sizeof(char));}
+	],
+	[AC_MSG_RESULT(yes)], 
+	[
+		AC_MSG_RESULT(no)
+		AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
+	]
+)
+
+# Check whether user wants S/Key support
+SKEY_MSG="no" 
+AC_ARG_WITH(skey,
+	[  --with-skey[[=PATH]]      Enable S/Key support
+                            (optionally in PATH)],
+	[
+		if test "x$withval" != "xno" ; then
+
+			if test "x$withval" != "xyes" ; then
+				CPPFLAGS="$CPPFLAGS -I${withval}/include"
+				LDFLAGS="$LDFLAGS -L${withval}/lib"
+			fi
+
+			AC_DEFINE(SKEY)
+			LIBS="-lskey $LIBS"
+			SKEY_MSG="yes" 
+	
+			AC_MSG_CHECKING([for s/key support])
+			AC_TRY_RUN(
+				[
+#include <stdio.h>
+#include <skey.h>
+int main() { char *ff = skey_keyinfo(""); ff=""; return 0; }
+				],
+				[AC_MSG_RESULT(yes)],
+				[
+					AC_MSG_RESULT(no)
+					AC_MSG_ERROR([** Incomplete or missing s/key libraries.])
+				])
+		fi
+	]
+)
+
+# Check whether user wants TCP wrappers support
+TCPW_MSG="no"
+AC_ARG_WITH(tcp-wrappers,
+	[  --with-tcp-wrappers[[=PATH]]      Enable tcpwrappers support
+                            (optionally in PATH)],
+	[
+		if test "x$withval" != "xno" ; then
+			saved_LIBS="$LIBS"
+			saved_LDFLAGS="$LDFLAGS"
+			saved_CPPFLAGS="$CPPFLAGS"
+			if test -n "${withval}" -a "${withval}" != "yes"; then
+				if test -d "${withval}/lib"; then
+					if test -n "${need_dash_r}"; then
+						LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
+					else
+						LDFLAGS="-L${withval}/lib ${LDFLAGS}"
+					fi
+				else
+					if test -n "${need_dash_r}"; then
+						LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
+					else
+						LDFLAGS="-L${withval} ${LDFLAGS}"
+					fi
+				fi
+				if test -d "${withval}/include"; then
+					CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
+				else
+					CPPFLAGS="-I${withval} ${CPPFLAGS}"
+				fi
+			fi
+			LIBWRAP="-lwrap"
+			LIBS="$LIBWRAP $LIBS"
+			AC_MSG_CHECKING(for libwrap)
+			AC_TRY_LINK(
+				[
+#include <tcpd.h>
+					int deny_severity = 0, allow_severity = 0;
+				],
+				[hosts_access(0);],
+				[
+					AC_MSG_RESULT(yes)
+					AC_DEFINE(LIBWRAP)
+					AC_SUBST(LIBWRAP)
+					TCPW_MSG="yes"
+				],
+				[
+					AC_MSG_ERROR([*** libwrap missing])
+				]
+			)
+			LIBS="$saved_LIBS"
+		fi
+	]
+)
+
+dnl    Checks for library functions.
+AC_CHECK_FUNCS(arc4random atexit b64_ntop bcopy bindresvport_sa \
+	clock fchmod fchown freeaddrinfo futimes gai_strerror \
+	getaddrinfo getcwd getgrouplist getnameinfo getopt \
+	getrlimit getrusage getttyent glob inet_aton inet_ntoa \
+	inet_ntop innetgr login_getcapbool md5_crypt memmove \
+	mkdtemp on_exit openpty readpassphrase realpath \
+	rresvport_af setdtablesize setegid setenv seteuid \
+	setlogin setproctitle setresgid setreuid setrlimit \
+	setsid setvbuf sigaction sigvec snprintf strerror \
+	strlcat strlcpy strmode strsep sysconf tcgetpgrp utimes \
+	vhangup vsnprintf waitpid __b64_ntop _getpty)
+
+dnl IRIX and Solaris 2.5.1 have dirname() in libgen
+AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
+	AC_CHECK_LIB(gen, dirname,[
+		AC_CACHE_CHECK([for broken dirname],
+			ac_cv_have_broken_dirname, [
+			save_LIBS="$LIBS"
+			LIBS="$LIBS -lgen"
+			AC_TRY_RUN(
+				[
+#include <libgen.h>
+#include <string.h>
+
+int main(int argc, char **argv) {
+    char *s, buf[32];
+
+    strncpy(buf,"/etc", 32);
+    s = dirname(buf);
+    if (!s || strncmp(s, "/", 32) != 0) {
+	exit(1);
+    } else {
+	exit(0);
+    }
+}
+				],
+				[ ac_cv_have_broken_dirname="no" ],
+				[ ac_cv_have_broken_dirname="yes" ]
+			)
+			LIBS="$save_LIBS"
+		])
+		if test "x$ac_cv_have_broken_dirname" = "xno" ; then
+			LIBS="$LIBS -lgen"
+			AC_DEFINE(HAVE_DIRNAME)
+			AC_CHECK_HEADERS(libgen.h)
+		fi
+	])
+])
+
+dnl    Checks for time functions
+AC_CHECK_FUNCS(gettimeofday time)
+dnl    Checks for utmp functions
+AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
+AC_CHECK_FUNCS(utmpname)
+dnl    Checks for utmpx functions
+AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
+AC_CHECK_FUNCS(setutxent utmpxname)
+
+AC_CHECK_FUNC(getuserattr, 
+	[AC_DEFINE(HAVE_GETUSERATTR)],
+	[AC_CHECK_LIB(s, getuserattr, [LIBS="$LIBS -ls"; AC_DEFINE(HAVE_GETUSERATTR)])]
+)
+
+AC_CHECK_FUNC(daemon, 
+	[AC_DEFINE(HAVE_DAEMON)],
+	[AC_CHECK_LIB(bsd, daemon, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
+)
+
+AC_CHECK_FUNC(getpagesize, 
+	[AC_DEFINE(HAVE_GETPAGESIZE)],
+	[AC_CHECK_LIB(ucb, getpagesize, [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
+)
+
+# Check for broken snprintf
+if test "x$ac_cv_func_snprintf" = "xyes" ; then
+	AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
+	AC_TRY_RUN(
+		[
+#include <stdio.h>
+int main(void){char b[5];snprintf(b,5,"123456789");return(b[4]!='\0');}
+		],
+		[AC_MSG_RESULT(yes)], 
+		[
+			AC_MSG_RESULT(no)
+			AC_DEFINE(BROKEN_SNPRINTF)
+			AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
+		]
+	)
+fi
+
+AC_FUNC_GETPGRP
+
+# Check for PAM libs
+PAM_MSG="no"
+AC_ARG_WITH(pam,
+	[  --with-pam              Enable PAM support ],
+	[
+		if test "x$withval" != "xno" ; then
+			if test "x$ac_cv_header_security_pam_appl_h" != "xyes" ; then
+				AC_MSG_ERROR([PAM headers not found])
+			fi
+
+			AC_CHECK_LIB(dl, dlopen, , )
+			AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
+			AC_CHECK_FUNCS(pam_getenvlist)
+
+			disable_shadow=yes
+			PAM_MSG="yes"
+
+			AC_DEFINE(USE_PAM)
+			if test $ac_cv_lib_dl_dlopen = yes; then
+				LIBPAM="-lpam -ldl"
+			else
+				LIBPAM="-lpam"
+			fi
+			AC_SUBST(LIBPAM)
+		fi
+	]
+)
+
+# Check for older PAM
+if test "x$PAM_MSG" = "xyes" ; then
+	# Check PAM strerror arguments (old PAM)
+	AC_MSG_CHECKING([whether pam_strerror takes only one argument])
+	AC_TRY_COMPILE(
+		[
+#include <stdlib.h>
+#include <security/pam_appl.h>
+		], 
+		[(void)pam_strerror((pam_handle_t *)NULL, -1);], 
+		[AC_MSG_RESULT(no)],
+		[
+			AC_DEFINE(HAVE_OLD_PAM)
+			AC_MSG_RESULT(yes)
+			PAM_MSG="yes (old library)"
+		]
+	)
+fi
+
+# The big search for OpenSSL
+AC_ARG_WITH(ssl-dir,
+	[  --with-ssl-dir=PATH     Specify path to OpenSSL installation ],
+	[
+		if test "x$withval" != "xno" ; then
+			tryssldir=$withval
+		fi
+	]
+)
+
+saved_LIBS="$LIBS"
+saved_LDFLAGS="$LDFLAGS"
+saved_CPPFLAGS="$CPPFLAGS"
+if test "x$prefix" != "xNONE" ; then
+	tryssldir="$tryssldir $prefix"
+fi
+AC_CACHE_CHECK([for OpenSSL directory], ac_cv_openssldir, [
+	for ssldir in $tryssldir "" /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /usr/pkg /opt /opt/openssl ; do
+		CPPFLAGS="$saved_CPPFLAGS"
+		LDFLAGS="$saved_LDFLAGS"
+		LIBS="$saved_LIBS -lcrypto"
+		
+		# Skip directories if they don't exist
+		if test ! -z "$ssldir" -a ! -d "$ssldir" ; then
+			continue;
+		fi
+		if test ! -z "$ssldir" -a "x$ssldir" != "x/usr"; then
+			# Try to use $ssldir/lib if it exists, otherwise 
+			# $ssldir
+			if test -d "$ssldir/lib" ; then
+				LDFLAGS="-L$ssldir/lib $saved_LDFLAGS"
+				if test ! -z "$need_dash_r" ; then
+					LDFLAGS="-R$ssldir/lib $LDFLAGS"
+				fi
+			else
+				LDFLAGS="-L$ssldir $saved_LDFLAGS"
+				if test ! -z "$need_dash_r" ; then
+					LDFLAGS="-R$ssldir $LDFLAGS"
+				fi
+			fi
+			# Try to use $ssldir/include if it exists, otherwise 
+			# $ssldir
+			if test -d "$ssldir/include" ; then
+				CPPFLAGS="-I$ssldir/include $saved_CPPFLAGS"
+			else
+				CPPFLAGS="-I$ssldir $saved_CPPFLAGS"
+			fi
+		fi
+
+		# Basic test to check for compatible version and correct linking
+		# *does not* test for RSA - that comes later.
+		AC_TRY_RUN(
+			[
+#include <string.h>
+#include <openssl/rand.h>
+int main(void) 
+{
+	char a[2048];
+	memset(a, 0, sizeof(a));
+	RAND_add(a, sizeof(a), sizeof(a));
+	return(RAND_status() <= 0);
+}
+			],
+			[
+				found_crypto=1
+				break;
+			], []
+		)
+
+		if test ! -z "$found_crypto" ; then
+			break;
+		fi
+	done
+
+	if test -z "$found_crypto" ; then
+		AC_MSG_ERROR([Could not find working OpenSSL library, please install or check config.log])	
+	fi
+	if test -z "$ssldir" ; then
+		ssldir="(system)"
+	fi
+
+	ac_cv_openssldir=$ssldir
+])
+
+if (test ! -z "$ac_cv_openssldir" && test "x$ac_cv_openssldir" != "x(system)") ; then
+	AC_DEFINE(HAVE_OPENSSL)
+	dnl Need to recover ssldir - test above runs in subshell
+	ssldir=$ac_cv_openssldir
+	if test ! -z "$ssldir" -a "x$ssldir" != "x/usr"; then
+		# Try to use $ssldir/lib if it exists, otherwise 
+		# $ssldir
+		if test -d "$ssldir/lib" ; then
+			LDFLAGS="-L$ssldir/lib $saved_LDFLAGS"
+			if test ! -z "$need_dash_r" ; then
+				LDFLAGS="-R$ssldir/lib $LDFLAGS"
+			fi
+		else
+			LDFLAGS="-L$ssldir $saved_LDFLAGS"
+			if test ! -z "$need_dash_r" ; then
+				LDFLAGS="-R$ssldir $LDFLAGS"
+			fi
+		fi
+		# Try to use $ssldir/include if it exists, otherwise 
+		# $ssldir
+		if test -d "$ssldir/include" ; then
+			CPPFLAGS="-I$ssldir/include $saved_CPPFLAGS"
+		else
+			CPPFLAGS="-I$ssldir $saved_CPPFLAGS"
+		fi
+	fi
+fi
+LIBS="$saved_LIBS -lcrypto"
+
+# Now test RSA support
+saved_LIBS="$LIBS"
+AC_MSG_CHECKING([for RSA support])
+for WANTS_RSAREF in "" 1 ; do
+	if test -z "$WANTS_RSAREF" ; then
+		LIBS="$saved_LIBS"
+	else
+		LIBS="$saved_LIBS -lRSAglue -lrsaref"
+	fi
+	AC_TRY_RUN([
+#include <string.h>
+#include <openssl/rand.h>
+#include <openssl/rsa.h>
+#include <openssl/bn.h>
+#include <openssl/sha.h>
+int main(void) 
+{
+	int num; RSA *key; static unsigned char p_in[] = "blahblah";
+	unsigned char c[256], p[256];
+	memset(c, 0, sizeof(c)); RAND_add(c, sizeof(c), sizeof(c));
+	if ((key=RSA_generate_key(512, 3, NULL, NULL))==NULL) return(1);
+	num = RSA_public_encrypt(sizeof(p_in) - 1, p_in, c, key, RSA_PKCS1_PADDING);
+	return(-1 == RSA_private_decrypt(num, c, p, key, RSA_PKCS1_PADDING));
+}
+	],
+	[
+		rsa_works=1
+		break;
+	], [])
+done
+LIBS="$saved_LIBS"
+
+if test ! -z "$no_rsa" ; then
+	AC_MSG_RESULT(disabled)
+	RSA_MSG="disabled"
+else
+	if test -z "$rsa_works" ; then
+		AC_MSG_WARN([*** No RSA support found *** ])
+		RSA_MSG="no"
+	else
+		if test -z "$WANTS_RSAREF" ; then
+			AC_MSG_RESULT(yes)
+			RSA_MSG="yes"
+		else
+			RSA_MSG="yes (using RSAref)"
+			AC_MSG_RESULT(using RSAref)
+			LIBS="$LIBS -lcrypto -lRSAglue -lrsaref"
+		fi
+	fi
+fi
+
+# Sanity check OpenSSL headers
+AC_MSG_CHECKING([whether OpenSSL's headers match the library])
+AC_TRY_RUN(
+	[
+#include <string.h>
+#include <openssl/opensslv.h>
+int main(void) { return(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
+	],
+	[
+		AC_MSG_RESULT(yes)
+	],
+	[
+		AC_MSG_RESULT(no)
+		AC_MSG_ERROR(Your OpenSSL headers do not match your library)
+	]
+)
+
+# Some Linux systems (Slackware) need crypt() from libcrypt, *not* the 
+# version in OpenSSL. Skip this for PAM
+if test "x$PAM_MSG" = "xno" -a "x$check_for_libcrypt_later" = "x1"; then
+	AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
+fi
+
+
+### Configure cryptographic random number support
+
+# Check wheter OpenSSL seeds itself
+AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
+AC_TRY_RUN(
+	[
+#include <string.h>
+#include <openssl/rand.h>
+int main(void) { return(RAND_status() == 1 ? 0 : 1); }
+	],
+	[
+		OPENSSL_SEEDS_ITSELF=yes
+		AC_MSG_RESULT(yes)
+	],
+	[
+		AC_MSG_RESULT(no)
+		# Default to use of the rand helper if OpenSSL doesn't
+		# seed itself
+		USE_RAND_HELPER=yes
+	]
+)
+
+
+# Do we want to force the use of the rand helper?
+AC_ARG_WITH(rand-helper,
+	[  --with-rand-helper      Use subprocess to gather strong randomness ],
+	[
+		if test "x$withval" = "xno" ; then
+			# Force use of OpenSSL's internal RNG, even if 
+			# the previous test showed it to be unseeded.
+			if test -z "$OPENSSL_SEEDS_ITSELF" ; then
+				AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG])
+				OPENSSL_SEEDS_ITSELF=yes
+				USE_RAND_HELPER=""
+			fi
+		else
+			USE_RAND_HELPER=yes
+		fi
+	],
+)	
+
+# Which randomness source do we use?
+if test ! -z "$OPENSSL_SEEDS_ITSELF" -a -z "$USE_RAND_HELPER" ; then
+	# OpenSSL only
+	AC_DEFINE(OPENSSL_PRNG_ONLY)
+	RAND_MSG="OpenSSL internal ONLY"
+	INSTALL_SSH_RAND_HELPER=""
+elif test ! -z "$USE_RAND_HELPER" ; then
+	# install rand helper
+	RAND_MSG="ssh-rand-helper"
+	INSTALL_SSH_RAND_HELPER="yes"
+fi
+AC_SUBST(INSTALL_SSH_RAND_HELPER)
+
+### Configuration of ssh-rand-helper
+
+# PRNGD TCP socket
+AC_ARG_WITH(prngd-port,
+	[  --with-prngd-port=PORT  read entropy from PRNGD/EGD TCP localhost:PORT],
+	[
+		case "$withval" in
+		no)
+			withval=""
+			;;
+		[[0-9]]*)
+			;;
+		*)
+			AC_MSG_ERROR(You must specify a numeric port number for --with-prngd-port)
+			;;
+		esac
+		if test ! -z "$withval" ; then
+			PRNGD_PORT="$withval"
+			AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT)
+		fi
+	]
+)
+
+# PRNGD Unix domain socket
+AC_ARG_WITH(prngd-socket,
+	[  --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)],
+	[
+		case "$withval" in
+		yes)
+			withval="/var/run/egd-pool"
+			;;
+		no)
+			withval=""
+			;;
+		/*)
+			;;
+		*)
+			AC_MSG_ERROR(You must specify an absolute path to the entropy socket)
+			;;
+		esac
+
+		if test ! -z "$withval" ; then
+			if test ! -z "$PRNGD_PORT" ; then
+				AC_MSG_ERROR(You may not specify both a PRNGD/EGD port and socket)
+			fi
+			if test ! -r "$withval" ; then
+				AC_MSG_WARN(Entropy socket is not readable)
+			fi
+			PRNGD_SOCKET="$withval"
+			AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
+		fi
+	],
+	[
+		# Check for existing socket only if we don't have a random device already
+		if test "$USE_RAND_HELPER" = yes ; then
+			AC_MSG_CHECKING(for PRNGD/EGD socket)
+			# Insert other locations here
+			for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
+				if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
+					PRNGD_SOCKET="$sock"
+					AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET")
+					break;
+				fi
+			done
+			if test ! -z "$PRNGD_SOCKET" ; then
+				AC_MSG_RESULT($PRNGD_SOCKET)
+			else
+				AC_MSG_RESULT(not found)
+			fi
+		fi
+	]
+)
+
+# Change default command timeout for hashing entropy source
+entropy_timeout=200
+AC_ARG_WITH(entropy-timeout,
+	[  --with-entropy-timeout  Specify entropy gathering command timeout (msec)],
+	[
+		if test "x$withval" != "xno" ; then
+			entropy_timeout=$withval
+		fi
+	]	
+)
+
+AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout)
+
+# These programs are used by the command hashing source to gather entropy 
+OSSH_PATH_ENTROPY_PROG(PROG_LS, ls)
+OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
+OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp)
+OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
+OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
+OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
+OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
+OSSH_PATH_ENTROPY_PROG(PROG_W, w)
+OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
+OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
+OSSH_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
+OSSH_PATH_ENTROPY_PROG(PROG_DF, df)
+OSSH_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
+OSSH_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
+OSSH_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
+OSSH_PATH_ENTROPY_PROG(PROG_TAIL, tail)
+
+# Where does ssh-rand-helper get its randomness from?
+INSTALL_SSH_PRNG_CMDS=""
+if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
+	if test ! -z "$PRNGD_PORT" ; then
+		RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
+	elif test ! -z "$PRNGD_SOCKET" ; then
+		RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
+	else
+		RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
+		RAND_HELPER_CMDHASH=yes
+		INSTALL_SSH_PRNG_CMDS="yes"
+	fi
+fi
+AC_SUBST(INSTALL_SSH_PRNG_CMDS)
+
+
+# Cheap hack to ensure NEWS-OS libraries are arranged right.
+if test ! -z "$SONY" ; then
+  LIBS="$LIBS -liberty";
+fi
+
+# Checks for data types
+AC_CHECK_SIZEOF(char, 1)
+AC_CHECK_SIZEOF(short int, 2)
+AC_CHECK_SIZEOF(int, 4)
+AC_CHECK_SIZEOF(long int, 4)
+AC_CHECK_SIZEOF(long long int, 8)
+
+# More checks for data types
+AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
+	AC_TRY_COMPILE(
+		[ #include <sys/types.h> ], 
+		[ u_int a; a = 1;], 
+		[ ac_cv_have_u_int="yes" ],
+		[ ac_cv_have_u_int="no" ]
+	)
+])
+if test "x$ac_cv_have_u_int" = "xyes" ; then
+	AC_DEFINE(HAVE_U_INT)
+	have_u_int=1
+fi
+
+AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
+	AC_TRY_COMPILE(
+		[ #include <sys/types.h> ], 
+		[ int8_t a; int16_t b; int32_t c; a = b = c = 1;], 
+		[ ac_cv_have_intxx_t="yes" ],
+		[ ac_cv_have_intxx_t="no" ]
+	)
+])
+if test "x$ac_cv_have_intxx_t" = "xyes" ; then
+	AC_DEFINE(HAVE_INTXX_T)
+	have_intxx_t=1
+fi
+
+if (test -z "$have_intxx_t" && \
+           test "x$ac_cv_header_stdint_h" = "xyes")
+then
+    AC_MSG_CHECKING([for intXX_t types in stdint.h])
+	AC_TRY_COMPILE(
+		[ #include <stdint.h> ], 
+		[ int8_t a; int16_t b; int32_t c; a = b = c = 1;], 
+		[
+			AC_DEFINE(HAVE_INTXX_T)
+			AC_MSG_RESULT(yes)
+		],
+		[ AC_MSG_RESULT(no) ]
+	)
+fi
+
+AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
+	AC_TRY_COMPILE(
+		[ #include <sys/types.h> ], 
+		[ int64_t a; a = 1;], 
+		[ ac_cv_have_int64_t="yes" ],
+		[ ac_cv_have_int64_t="no" ]
+	)
+])
+if test "x$ac_cv_have_int64_t" = "xyes" ; then
+	AC_DEFINE(HAVE_INT64_T)
+	have_int64_t=1
+fi
+	
+if test -z "$have_int64_t" ; then
+    AC_MSG_CHECKING([for int64_t type in sys/socket.h])
+	AC_TRY_COMPILE(
+		[ #include <sys/socket.h> ], 
+		[ int64_t a; a = 1],
+		[
+			AC_DEFINE(HAVE_INT64_T)
+			AC_MSG_RESULT(yes)
+		],
+		[ AC_MSG_RESULT(no) ]
+	)
+fi
+
+if test -z "$have_int64_t" ; then
+    AC_MSG_CHECKING([for int64_t type in sys/bitypes.h])
+	AC_TRY_COMPILE(
+		[ #include <sys/bitypes.h> ], 
+		[ int64_t a; a = 1],
+		[
+			AC_DEFINE(HAVE_INT64_T)
+			AC_MSG_RESULT(yes)
+		],
+		[ AC_MSG_RESULT(no) ]
+	)
+fi
+
+AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
+	AC_TRY_COMPILE(
+		[ #include <sys/types.h> ], 
+		[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;], 
+		[ ac_cv_have_u_intxx_t="yes" ],
+		[ ac_cv_have_u_intxx_t="no" ]
+	)
+])
+if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
+	AC_DEFINE(HAVE_U_INTXX_T)
+	have_u_intxx_t=1
+fi
+
+if test -z "$have_u_intxx_t" ; then
+    AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h])
+	AC_TRY_COMPILE(
+		[ #include <sys/socket.h> ], 
+		[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;], 
+		[
+			AC_DEFINE(HAVE_U_INTXX_T)
+			AC_MSG_RESULT(yes)
+		],
+		[ AC_MSG_RESULT(no) ]
+	)
+fi
+
+AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
+	AC_TRY_COMPILE(
+		[ #include <sys/types.h> ], 
+		[ u_int64_t a; a = 1;], 
+		[ ac_cv_have_u_int64_t="yes" ],
+		[ ac_cv_have_u_int64_t="no" ]
+	)
+])
+if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
+	AC_DEFINE(HAVE_U_INT64_T)
+	have_u_int64_t=1
+fi
+
+if test -z "$have_u_int64_t" ; then
+    AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h])
+	AC_TRY_COMPILE(
+		[ #include <sys/bitypes.h> ], 
+		[ u_int64_t a; a = 1],
+		[
+			AC_DEFINE(HAVE_U_INT64_T)
+			AC_MSG_RESULT(yes)
+		],
+		[ AC_MSG_RESULT(no) ]
+	)
+fi
+
+if test -z "$have_u_intxx_t" ; then
+	AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [
+		AC_TRY_COMPILE(
+			[
+#include <sys/types.h>
+			], 
+			[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ], 
+			[ ac_cv_have_uintxx_t="yes" ],
+			[ ac_cv_have_uintxx_t="no" ]
+		)
+	])
+	if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
+		AC_DEFINE(HAVE_UINTXX_T)
+	fi
+fi
+
+if test -z "$have_uintxx_t" ; then
+    AC_MSG_CHECKING([for uintXX_t types in stdint.h])
+	AC_TRY_COMPILE(
+		[ #include <stdint.h> ], 
+		[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;], 
+		[
+			AC_DEFINE(HAVE_UINTXX_T)
+			AC_MSG_RESULT(yes)
+		],
+		[ AC_MSG_RESULT(no) ]
+	)
+fi
+
+if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
+           test "x$ac_cv_header_sys_bitypes_h" = "xyes")
+then
+	AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h])
+	AC_TRY_COMPILE(
+		[
+#include <sys/bitypes.h>
+		], 
+		[
+			int8_t a; int16_t b; int32_t c;
+			u_int8_t e; u_int16_t f; u_int32_t g;
+			a = b = c = e = f = g = 1;
+		], 
+		[
+			AC_DEFINE(HAVE_U_INTXX_T)
+			AC_DEFINE(HAVE_INTXX_T)
+			AC_MSG_RESULT(yes)
+		],
+		[AC_MSG_RESULT(no)]
+	) 
+fi
+
+
+AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
+	AC_TRY_COMPILE(
+		[
+#include <sys/types.h>
+		],
+		[ u_char foo; foo = 125; ],
+		[ ac_cv_have_u_char="yes" ],
+		[ ac_cv_have_u_char="no" ]
+	)
+])
+if test "x$ac_cv_have_u_char" = "xyes" ; then
+	AC_DEFINE(HAVE_U_CHAR)
+fi
+
+TYPE_SOCKLEN_T
+
+AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
+
+AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
+	AC_TRY_COMPILE(
+		[
+#include <sys/types.h>
+		],
+		[ size_t foo; foo = 1235; ],
+		[ ac_cv_have_size_t="yes" ],
+		[ ac_cv_have_size_t="no" ]
+	)
+])
+if test "x$ac_cv_have_size_t" = "xyes" ; then
+	AC_DEFINE(HAVE_SIZE_T)
+fi
+
+AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
+	AC_TRY_COMPILE(
+		[
+#include <sys/types.h>
+		],
+		[ ssize_t foo; foo = 1235; ],
+		[ ac_cv_have_ssize_t="yes" ],
+		[ ac_cv_have_ssize_t="no" ]
+	)
+])
+if test "x$ac_cv_have_ssize_t" = "xyes" ; then
+	AC_DEFINE(HAVE_SSIZE_T)
+fi
+
+AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
+	AC_TRY_COMPILE(
+		[
+#include <time.h>
+		],
+		[ clock_t foo; foo = 1235; ],
+		[ ac_cv_have_clock_t="yes" ],
+		[ ac_cv_have_clock_t="no" ]
+	)
+])
+if test "x$ac_cv_have_clock_t" = "xyes" ; then
+	AC_DEFINE(HAVE_CLOCK_T)
+fi
+
+AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
+	AC_TRY_COMPILE(
+		[
+#include <sys/types.h>
+#include <sys/socket.h>
+		],
+		[ sa_family_t foo; foo = 1235; ],
+		[ ac_cv_have_sa_family_t="yes" ],
+		[ AC_TRY_COMPILE(
+		  [
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+		],
+		[ sa_family_t foo; foo = 1235; ],
+		[ ac_cv_have_sa_family_t="yes" ],
+
+		[ ac_cv_have_sa_family_t="no" ]
+	)]
+	)
+])
+if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
+	AC_DEFINE(HAVE_SA_FAMILY_T)
+fi
+
+AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
+	AC_TRY_COMPILE(
+		[
+#include <sys/types.h>
+		],
+		[ pid_t foo; foo = 1235; ],
+		[ ac_cv_have_pid_t="yes" ],
+		[ ac_cv_have_pid_t="no" ]
+	)
+])
+if test "x$ac_cv_have_pid_t" = "xyes" ; then
+	AC_DEFINE(HAVE_PID_T)
+fi
+
+AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
+	AC_TRY_COMPILE(
+		[
+#include <sys/types.h>
+		],
+		[ mode_t foo; foo = 1235; ],
+		[ ac_cv_have_mode_t="yes" ],
+		[ ac_cv_have_mode_t="no" ]
+	)
+])
+if test "x$ac_cv_have_mode_t" = "xyes" ; then
+	AC_DEFINE(HAVE_MODE_T)
+fi
+
+
+AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
+	AC_TRY_COMPILE(
+		[
+#include <sys/types.h>
+#include <sys/socket.h>
+		],
+		[ struct sockaddr_storage s; ],
+		[ ac_cv_have_struct_sockaddr_storage="yes" ],
+		[ ac_cv_have_struct_sockaddr_storage="no" ]
+	)
+])
+if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
+	AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE)
+fi
+
+AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
+	AC_TRY_COMPILE(
+		[
+#include <sys/types.h>
+#include <netinet/in.h>
+		],
+		[ struct sockaddr_in6 s; s.sin6_family = 0; ],
+		[ ac_cv_have_struct_sockaddr_in6="yes" ],
+		[ ac_cv_have_struct_sockaddr_in6="no" ]
+	)
+])
+if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
+	AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6)
+fi
+
+AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
+	AC_TRY_COMPILE(
+		[
+#include <sys/types.h>
+#include <netinet/in.h>
+		],
+		[ struct in6_addr s; s.s6_addr[0] = 0; ],
+		[ ac_cv_have_struct_in6_addr="yes" ],
+		[ ac_cv_have_struct_in6_addr="no" ]
+	)
+])
+if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
+	AC_DEFINE(HAVE_STRUCT_IN6_ADDR)
+fi
+
+AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
+	AC_TRY_COMPILE(
+		[
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netdb.h>
+		],
+		[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
+		[ ac_cv_have_struct_addrinfo="yes" ],
+		[ ac_cv_have_struct_addrinfo="no" ]
+	)
+])
+if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
+	AC_DEFINE(HAVE_STRUCT_ADDRINFO)
+fi
+
+AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
+	AC_TRY_COMPILE(
+		[ #include <sys/time.h> ], 
+		[ struct timeval tv; tv.tv_sec = 1;], 
+		[ ac_cv_have_struct_timeval="yes" ],
+		[ ac_cv_have_struct_timeval="no" ]
+	)
+])
+if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
+	AC_DEFINE(HAVE_STRUCT_TIMEVAL)
+	have_struct_timeval=1
+fi
+
+# If we don't have int64_t then we can't compile sftp-server.  So don't
+# even attempt to do it. 
+if test "x$ac_cv_have_int64_t" = "xno" -a \
+	"x$ac_cv_sizeof_long_int" != "x8" -a \
+	"x$ac_cv_sizeof_long_long_int" = "x0" ; then
+	NO_SFTP='#'
+else
+dnl test snprintf (broken on SCO w/gcc)
+	AC_TRY_RUN(
+		[
+#include <stdio.h>
+#include <string.h>
+#ifdef HAVE_SNPRINTF
+main()
+{
+	char buf[50];
+	char expected_out[50];
+	int mazsize = 50 ;
+#if (SIZEOF_LONG_INT == 8)
+	long int num = 0x7fffffffffffffff;
+#else
+	long long num = 0x7fffffffffffffffll;
+#endif
+	strcpy(expected_out, "9223372036854775807");
+	snprintf(buf, mazsize, "%lld", num);
+	if(strcmp(buf, expected_out) != 0)
+        	exit(1);
+	exit(0);
+}
+#else
+main() { exit(0); }
+#endif
+		], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ]
+	)
+fi
+AC_SUBST(NO_SFTP)
+
+dnl Checks for structure members
+OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
+OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
+OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
+OSSH_CHECK_HEADER_FOR_FIELD(ut_pid, utmp.h, HAVE_PID_IN_UTMP)
+OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmp.h, HAVE_TYPE_IN_UTMP)
+OSSH_CHECK_HEADER_FOR_FIELD(ut_type, utmpx.h, HAVE_TYPE_IN_UTMPX)
+OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmp.h, HAVE_TV_IN_UTMP)
+OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmp.h, HAVE_ID_IN_UTMP)
+OSSH_CHECK_HEADER_FOR_FIELD(ut_id, utmpx.h, HAVE_ID_IN_UTMPX)
+OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmp.h, HAVE_ADDR_IN_UTMP)
+OSSH_CHECK_HEADER_FOR_FIELD(ut_addr, utmpx.h, HAVE_ADDR_IN_UTMPX)
+OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmp.h, HAVE_ADDR_V6_IN_UTMP)
+OSSH_CHECK_HEADER_FOR_FIELD(ut_addr_v6, utmpx.h, HAVE_ADDR_V6_IN_UTMPX)
+OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
+OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
+OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
+OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
+
+AC_CHECK_MEMBERS([struct stat.st_blksize])
+
+AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
+		ac_cv_have_ss_family_in_struct_ss, [
+	AC_TRY_COMPILE(
+		[
+#include <sys/types.h>
+#include <sys/socket.h>
+		],
+		[ struct sockaddr_storage s; s.ss_family = 1; ],
+		[ ac_cv_have_ss_family_in_struct_ss="yes" ],
+		[ ac_cv_have_ss_family_in_struct_ss="no" ],
+	)
+])
+if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
+	AC_DEFINE(HAVE_SS_FAMILY_IN_SS)
+fi
+
+AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
+		ac_cv_have___ss_family_in_struct_ss, [
+	AC_TRY_COMPILE(
+		[
+#include <sys/types.h>
+#include <sys/socket.h>
+		],
+		[ struct sockaddr_storage s; s.__ss_family = 1; ],
+		[ ac_cv_have___ss_family_in_struct_ss="yes" ],
+		[ ac_cv_have___ss_family_in_struct_ss="no" ]
+	)
+])
+if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
+	AC_DEFINE(HAVE___SS_FAMILY_IN_SS)
+fi
+
+AC_CACHE_CHECK([for pw_class field in struct passwd],
+		ac_cv_have_pw_class_in_struct_passwd, [
+	AC_TRY_COMPILE(
+		[
+#include <pwd.h>
+		],
+		[ struct passwd p; p.pw_class = 0; ],
+		[ ac_cv_have_pw_class_in_struct_passwd="yes" ],
+		[ ac_cv_have_pw_class_in_struct_passwd="no" ]
+	)
+])
+if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
+	AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD)
+fi
+
+AC_CACHE_CHECK([for pw_expire field in struct passwd],
+		ac_cv_have_pw_expire_in_struct_passwd, [
+	AC_TRY_COMPILE(
+		[
+#include <pwd.h>
+		],
+		[ struct passwd p; p.pw_expire = 0; ],
+		[ ac_cv_have_pw_expire_in_struct_passwd="yes" ],
+		[ ac_cv_have_pw_expire_in_struct_passwd="no" ]
+	)
+])
+if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
+	AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD)
+fi
+
+AC_CACHE_CHECK([for pw_change field in struct passwd],
+		ac_cv_have_pw_change_in_struct_passwd, [
+	AC_TRY_COMPILE(
+		[
+#include <pwd.h>
+		],
+		[ struct passwd p; p.pw_change = 0; ],
+		[ ac_cv_have_pw_change_in_struct_passwd="yes" ],
+		[ ac_cv_have_pw_change_in_struct_passwd="no" ]
+	)
+])
+if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
+	AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD)
+fi
+
+AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
+	AC_TRY_LINK([], 
+		[ extern char *__progname; printf("%s", __progname); ], 
+		[ ac_cv_libc_defines___progname="yes" ],
+		[ ac_cv_libc_defines___progname="no" ]
+	)
+])
+if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
+	AC_DEFINE(HAVE___PROGNAME)
+fi
+
+AC_CACHE_CHECK([whether getopt has optreset support],
+		ac_cv_have_getopt_optreset, [
+	AC_TRY_LINK(
+		[
+#include <getopt.h>
+		],
+		[ extern int optreset; optreset = 0; ],
+		[ ac_cv_have_getopt_optreset="yes" ],
+		[ ac_cv_have_getopt_optreset="no" ]
+	)
+])
+if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
+	AC_DEFINE(HAVE_GETOPT_OPTRESET)
+fi
+
+AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
+	AC_TRY_LINK([], 
+		[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);], 
+		[ ac_cv_libc_defines_sys_errlist="yes" ],
+		[ ac_cv_libc_defines_sys_errlist="no" ]
+	)
+])
+if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
+	AC_DEFINE(HAVE_SYS_ERRLIST)
+fi
+
+
+AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
+	AC_TRY_LINK([], 
+		[ extern int sys_nerr; printf("%i", sys_nerr);], 
+		[ ac_cv_libc_defines_sys_nerr="yes" ],
+		[ ac_cv_libc_defines_sys_nerr="no" ]
+	)
+])
+if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
+	AC_DEFINE(HAVE_SYS_NERR)
+fi
+
+
+# Check whether user wants Kerberos support
+SCARD_MSG="no" 
+AC_ARG_WITH(smartcard,
+	[  --with-smartcard        Enable smartcard support],
+	[
+		if test "x$withval" != "xno" ; then
+			if test "x$withval" != "xyes" ; then
+				CPPFLAGS="$CPPFLAGS -I${withval}"
+				LDFLAGS="$LDFLAGS -L${withval}"
+				if test ! -z "$need_dash_r" ; then
+					LDFLAGS="$LDFLAGS -R${withval}"
+				fi
+				if test ! -z "$blibpath" ; then
+					blibpath="$blibpath:${withval}"
+				fi
+			fi
+			AC_CHECK_HEADERS(sectok.h)
+			if test "$ac_cv_header_sectok_h" != yes; then
+				AC_MSG_ERROR(Can't find sectok.h)
+			fi
+			AC_CHECK_LIB(sectok, sectok_open)
+			if test "$ac_cv_lib_sectok_sectok_open" != yes; then
+				AC_MSG_ERROR(Can't find libsectok)
+			fi
+			AC_DEFINE(SMARTCARD)
+			SCARD_MSG="yes" 
+		fi
+	]
+)
+
+# Check whether user wants Kerberos support
+KRB4_MSG="no" 
+AC_ARG_WITH(kerberos4,
+	[  --with-kerberos4=PATH   Enable Kerberos 4 support],
+	[
+		if test "x$withval" != "xno" ; then
+			if test "x$withval" != "xyes" ; then
+				CPPFLAGS="$CPPFLAGS -I${withval}/include"
+				LDFLAGS="$LDFLAGS -L${withval}/lib"
+				if test ! -z "$need_dash_r" ; then
+					LDFLAGS="$LDFLAGS -R${withval}/lib"
+				fi
+				if test ! -z "$blibpath" ; then
+					blibpath="$blibpath:${withval}/lib"
+				fi
+			else
+				if test -d /usr/include/kerberosIV ; then
+					CPPFLAGS="$CPPFLAGS -I/usr/include/kerberosIV"
+				fi
+			fi
+
+			AC_CHECK_HEADERS(krb.h)
+			if test "$ac_cv_header_krb_h" != yes; then
+				AC_MSG_WARN([Cannot find krb.h, build may fail])
+			fi
+			AC_CHECK_LIB(krb, main)
+			if test "$ac_cv_lib_krb_main" != yes; then
+				AC_CHECK_LIB(krb4, main)
+				if test "$ac_cv_lib_krb4_main" != yes; then
+					AC_MSG_WARN([Cannot find libkrb nor libkrb4, build may fail])
+				else
+					KLIBS="-lkrb4"
+				fi
+			else
+				KLIBS="-lkrb"
+			fi
+			AC_CHECK_LIB(des, des_cbc_encrypt)
+			if test "$ac_cv_lib_des_des_cbc_encrypt" != yes; then
+				AC_CHECK_LIB(des425, des_cbc_encrypt)
+				if test "$ac_cv_lib_des425_des_cbc_encrypt" != yes; then
+					AC_MSG_WARN([Cannot find libdes nor libdes425, build may fail])
+				else
+					KLIBS="-ldes425"
+				fi
+			else
+				KLIBS="-ldes"
+			fi
+			AC_CHECK_LIB(resolv, dn_expand, , )
+			KRB4=yes
+			KRB4_MSG="yes" 
+			AC_DEFINE(KRB4)
+		fi
+	]
+)
+
+# Check whether user wants AFS support
+AFS_MSG="no" 
+AC_ARG_WITH(afs,
+	[  --with-afs=PATH         Enable AFS support],
+	[
+		if test "x$withval" != "xno" ; then
+
+			if test "x$withval" != "xyes" ; then
+				CPPFLAGS="$CPPFLAGS -I${withval}/include"
+				LDFLAGS="$LDFLAGS -L${withval}/lib"
+			fi
+
+			if test -z "$KRB4" ; then
+				AC_MSG_WARN([AFS requires Kerberos IV support, build may fail])
+			fi
+
+			LIBS="-lkafs $LIBS"
+			if test ! -z "$AFS_LIBS" ; then
+				LIBS="$LIBS $AFS_LIBS"
+			fi
+			AC_DEFINE(AFS)
+			AFS_MSG="yes" 
+		fi
+	]
+)
+LIBS="$LIBS $KLIBS"
+
+# Looking for programs, paths and files
+AC_ARG_WITH(rsh,
+	[  --with-rsh=PATH         Specify path to remote shell program ],
+	[
+		if test "x$withval" != "$no" ; then
+			rsh_path=$withval
+		fi
+	],
+	[
+		AC_PATH_PROG(rsh_path, rsh)
+	]
+)
+
+AC_ARG_WITH(xauth,
+	[  --with-xauth=PATH       Specify path to xauth program ],
+	[
+		if test "x$withval" != "xno" ; then
+			xauth_path=$withval
+		fi
+	],
+	[
+		AC_PATH_PROG(xauth_path, xauth,,$PATH:/usr/X/bin:/usr/bin/X11:/usr/X11R6/bin:/usr/openwin/bin)
+		if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
+			xauth_path="/usr/openwin/bin/xauth"
+		fi
+	]
+)
+
+if test -z "$xauth_path" ; then
+	XAUTH_PATH="undefined"
+	AC_SUBST(XAUTH_PATH)
+else
+	AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path")
+	XAUTH_PATH=$xauth_path
+	AC_SUBST(XAUTH_PATH)
+fi
+if test ! -z "$rsh_path" ; then
+	AC_DEFINE_UNQUOTED(RSH_PATH, "$rsh_path")
+fi
+
+# Check for mail directory (last resort if we cannot get it from headers)
+if test ! -z "$MAIL" ; then
+	maildir=`dirname $MAIL`
+	AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir")
+fi
+
+if test -z "$no_dev_ptmx" ; then
+	AC_CHECK_FILE("/dev/ptmx", 
+		[
+			AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX)
+			have_dev_ptmx=1
+		]
+	)
+fi
+AC_CHECK_FILE("/dev/ptc", 
+	[
+		AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC)
+		have_dev_ptc=1
+	]
+)
+
+# Options from here on. Some of these are preset by platform above
+AC_ARG_WITH(mantype,
+	[  --with-mantype=man|cat|doc  Set man page type],
+	[
+		case "$withval" in
+		man|cat|doc)
+			MANTYPE=$withval
+			;;
+		*)
+			AC_MSG_ERROR(invalid man type: $withval)
+			;;
+		esac
+	]
+)
+if test -z "$MANTYPE"; then
+	AC_PATH_PROGS(NROFF, nroff awf, /bin/false, /usr/bin:/usr/ucb)
+	if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
+		MANTYPE=doc
+	elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
+		MANTYPE=man
+	else
+		MANTYPE=cat
+	fi
+fi
+AC_SUBST(MANTYPE)
+if test "$MANTYPE" = "doc"; then
+	mansubdir=man;
+else
+	mansubdir=$MANTYPE;
+fi
+AC_SUBST(mansubdir)
+
+# Check whether to enable MD5 passwords
+MD5_MSG="no" 
+AC_ARG_WITH(md5-passwords,
+	[  --with-md5-passwords    Enable use of MD5 passwords],
+	[
+		if test "x$withval" != "xno" ; then
+			AC_DEFINE(HAVE_MD5_PASSWORDS)
+			MD5_MSG="yes" 
+		fi
+	]
+)
+
+# Whether to disable shadow password support
+AC_ARG_WITH(shadow,
+	[  --without-shadow        Disable shadow password support],
+	[
+		if test "x$withval" = "xno" ; then	
+			AC_DEFINE(DISABLE_SHADOW)
+			disable_shadow=yes
+		fi
+	]
+)
+
+if test -z "$disable_shadow" ; then
+	AC_MSG_CHECKING([if the systems has expire shadow information])
+	AC_TRY_COMPILE(
+	[
+#include <sys/types.h>
+#include <shadow.h>
+	struct spwd sp;
+	],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ],
+	[ sp_expire_available=yes ], []
+	)
+
+	if test "x$sp_expire_available" = "xyes" ; then
+		AC_MSG_RESULT(yes)
+		AC_DEFINE(HAS_SHADOW_EXPIRE)
+	else
+		AC_MSG_RESULT(no)
+	fi
+fi
+
+# Use ip address instead of hostname in $DISPLAY
+if test ! -z "$IPADDR_IN_DISPLAY" ; then
+	DISPLAY_HACK_MSG="yes"
+	AC_DEFINE(IPADDR_IN_DISPLAY)
+else
+	DISPLAY_HACK_MSG="no" 
+	AC_ARG_WITH(ipaddr-display,
+		[  --with-ipaddr-display   Use ip address instead of hostname in \$DISPLAY],
+		[
+			if test "x$withval" != "xno" ; then	
+				AC_DEFINE(IPADDR_IN_DISPLAY)
+				DISPLAY_HACK_MSG="yes" 
+			fi
+		]
+	)
+fi
+
+# Whether to mess with the default path
+SERVER_PATH_MSG="(default)" 
+AC_ARG_WITH(default-path,
+	[  --with-default-path=PATH Specify default \$PATH environment for server],
+	[
+		if test "x$withval" != "xno" ; then	
+			user_path="$withval"
+			SERVER_PATH_MSG="$withval" 
+		fi
+	],
+	[
+	AC_TRY_RUN(
+		[
+/* find out what STDPATH is */
+#include <stdio.h>
+#ifdef HAVE_PATHS_H
+# include <paths.h>
+#endif
+#ifndef _PATH_STDPATH
+# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
+#endif
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#define DATA "conftest.stdpath"
+
+main()
+{
+	FILE *fd;
+	int rc;
+	
+	fd = fopen(DATA,"w");
+	if(fd == NULL)
+		exit(1);
+	
+	if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
+		exit(1);
+
+	exit(0);
+}
+		], [ user_path=`cat conftest.stdpath` ],
+		[ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
+		[ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
+	)
+# make sure $bindir is in USER_PATH so scp will work
+		t_bindir=`eval echo ${bindir}`
+		case $t_bindir in
+			NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
+		esac
+		case $t_bindir in
+			NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
+		esac
+		echo $user_path | grep ":$t_bindir"  > /dev/null 2>&1
+		if test $? -ne 0  ; then
+			echo $user_path | grep "^$t_bindir"  > /dev/null 2>&1
+			if test $? -ne 0  ; then
+				user_path=$user_path:$t_bindir
+				AC_MSG_RESULT(Adding $t_bindir to USER_PATH so scp will work)
+			fi
+		fi
+	]
+)
+AC_DEFINE_UNQUOTED(USER_PATH, "$user_path")
+AC_SUBST(user_path)
+
+# Whether to force IPv4 by default (needed on broken glibc Linux)
+IPV4_HACK_MSG="no" 
+AC_ARG_WITH(ipv4-default,
+	[  --with-ipv4-default     Use IPv4 by connections unless '-6' specified],
+	[
+		if test "x$withval" != "xno" ; then	
+			AC_DEFINE(IPV4_DEFAULT)
+			IPV4_HACK_MSG="yes" 
+		fi
+	]
+)
+
+AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
+IPV4_IN6_HACK_MSG="no" 
+AC_ARG_WITH(4in6,
+	[  --with-4in6             Check for and convert IPv4 in IPv6 mapped addresses],
+	[
+		if test "x$withval" != "xno" ; then
+			AC_MSG_RESULT(yes)
+			AC_DEFINE(IPV4_IN_IPV6)
+			IPV4_IN6_HACK_MSG="yes" 
+		else
+			AC_MSG_RESULT(no)
+		fi
+	],[
+		if test "x$inet6_default_4in6" = "xyes"; then
+			AC_MSG_RESULT([yes (default)])
+			AC_DEFINE(IPV4_IN_IPV6)
+			IPV4_IN6_HACK_MSG="yes" 
+		else
+			AC_MSG_RESULT([no (default)])
+		fi
+	]
+)
+
+# Whether to enable BSD auth support
+BSD_AUTH_MSG=no
+AC_ARG_WITH(bsd-auth,
+	[  --with-bsd-auth         Enable BSD auth support],
+	[
+		if test "x$withval" != "xno" ; then	
+			AC_DEFINE(BSD_AUTH)
+			BSD_AUTH_MSG=yes
+		fi
+	]
+)
+
+AC_MSG_CHECKING(whether to install ssh as suid root)
+AC_ARG_ENABLE(suid-ssh,
+[  --enable-suid-ssh       Install ssh as suid root (default)
+  --disable-suid-ssh      Install ssh without suid bit],
+[ case "$enableval" in
+  no)
+       AC_MSG_RESULT(no)
+       SSHMODE=0711
+       ;;
+  *)   AC_MSG_RESULT(yes)
+       SSHMODE=4711
+       ;;
+  esac ],
+  AC_MSG_RESULT(yes)
+  SSHMODE=4711
+)
+AC_SUBST(SSHMODE)
+
+
+# Where to place sshd.pid
+piddir=/var/run
+AC_ARG_WITH(pid-dir,
+	[  --with-pid-dir=PATH     Specify location of ssh.pid file],
+	[
+		if test "x$withval" != "xno" ; then	
+			piddir=$withval
+		fi
+	]
+)
+
+# make sure the directory exists
+if test ! -d $piddir ; then	
+	piddir=`eval echo ${sysconfdir}`
+	case $piddir in
+ 		NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
+	esac
+fi
+
+AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir")
+AC_SUBST(piddir)
+
+dnl allow user to disable some login recording features
+AC_ARG_ENABLE(lastlog,
+	[  --disable-lastlog       disable use of lastlog even if detected [no]],
+	[ AC_DEFINE(DISABLE_LASTLOG) ]
+)
+AC_ARG_ENABLE(utmp,
+	[  --disable-utmp          disable use of utmp even if detected [no]],
+	[ AC_DEFINE(DISABLE_UTMP) ]
+)
+AC_ARG_ENABLE(utmpx,
+	[  --disable-utmpx         disable use of utmpx even if detected [no]],
+	[ AC_DEFINE(DISABLE_UTMPX) ]
+)
+AC_ARG_ENABLE(wtmp,
+	[  --disable-wtmp          disable use of wtmp even if detected [no]],
+	[ AC_DEFINE(DISABLE_WTMP) ]
+)
+AC_ARG_ENABLE(wtmpx,
+	[  --disable-wtmpx         disable use of wtmpx even if detected [no]],
+	[ AC_DEFINE(DISABLE_WTMPX) ]
+)
+AC_ARG_ENABLE(libutil,
+	[  --disable-libutil       disable use of libutil (login() etc.) [no]],
+	[ AC_DEFINE(DISABLE_LOGIN) ]
+)
+AC_ARG_ENABLE(pututline,
+	[  --disable-pututline     disable use of pututline() etc. ([uw]tmp) [no]],
+	[ AC_DEFINE(DISABLE_PUTUTLINE) ]
+)
+AC_ARG_ENABLE(pututxline,
+	[  --disable-pututxline    disable use of pututxline() etc. ([uw]tmpx) [no]],
+	[ AC_DEFINE(DISABLE_PUTUTXLINE) ]
+)
+AC_ARG_WITH(lastlog,
+  [  --with-lastlog=FILE|DIR specify lastlog location [common locations]],
+	[
+		if test "x$withval" = "xno" ; then	
+			AC_DEFINE(DISABLE_LASTLOG)
+		else
+			conf_lastlog_location=$withval
+		fi
+	]
+)
+
+dnl lastlog, [uw]tmpx? detection
+dnl  NOTE: set the paths in the platform section to avoid the
+dnl   need for command-line parameters
+dnl lastlog and [uw]tmp are subject to a file search if all else fails
+
+dnl lastlog detection
+dnl  NOTE: the code itself will detect if lastlog is a directory
+AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
+AC_TRY_COMPILE([
+#include <sys/types.h>
+#include <utmp.h>
+#ifdef HAVE_LASTLOG_H
+#  include <lastlog.h>
+#endif
+#ifdef HAVE_PATHS_H
+#  include <paths.h>
+#endif
+#ifdef HAVE_LOGIN_H
+# include <login.h>
+#endif
+	],
+	[ char *lastlog = LASTLOG_FILE; ],
+	[ AC_MSG_RESULT(yes) ],
+	[
+		AC_MSG_RESULT(no)
+		AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
+		AC_TRY_COMPILE([
+#include <sys/types.h>
+#include <utmp.h>
+#ifdef HAVE_LASTLOG_H
+#  include <lastlog.h>
+#endif
+#ifdef HAVE_PATHS_H
+#  include <paths.h>
+#endif
+		],
+		[ char *lastlog = _PATH_LASTLOG; ],
+		[ AC_MSG_RESULT(yes) ],
+		[
+			AC_MSG_RESULT(no)
+			system_lastlog_path=no
+		])
+	]
+)
+
+if test -z "$conf_lastlog_location"; then
+	if test x"$system_lastlog_path" = x"no" ; then
+		for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
+				if (test -d "$f" || test -f "$f") ; then
+					conf_lastlog_location=$f
+				fi
+		done
+		if test -z "$conf_lastlog_location"; then
+			AC_MSG_WARN([** Cannot find lastlog **])
+			dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
+		fi
+	fi
+fi
+
+if test -n "$conf_lastlog_location"; then
+	AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location")
+fi	
+
+dnl utmp detection
+AC_MSG_CHECKING([if your system defines UTMP_FILE])
+AC_TRY_COMPILE([
+#include <sys/types.h>
+#include <utmp.h>
+#ifdef HAVE_PATHS_H
+#  include <paths.h>
+#endif
+	],
+	[ char *utmp = UTMP_FILE; ],
+	[ AC_MSG_RESULT(yes) ],
+	[ AC_MSG_RESULT(no)
+	  system_utmp_path=no ]
+)
+if test -z "$conf_utmp_location"; then
+	if test x"$system_utmp_path" = x"no" ; then
+		for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
+			if test -f $f ; then
+				conf_utmp_location=$f
+			fi
+		done
+		if test -z "$conf_utmp_location"; then
+			AC_DEFINE(DISABLE_UTMP)
+		fi
+	fi
+fi
+if test -n "$conf_utmp_location"; then
+	AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location")
+fi	
+
+dnl wtmp detection
+AC_MSG_CHECKING([if your system defines WTMP_FILE])
+AC_TRY_COMPILE([
+#include <sys/types.h>
+#include <utmp.h>
+#ifdef HAVE_PATHS_H
+#  include <paths.h>
+#endif
+	],
+	[ char *wtmp = WTMP_FILE; ],
+	[ AC_MSG_RESULT(yes) ],
+	[ AC_MSG_RESULT(no)
+	  system_wtmp_path=no ]
+)
+if test -z "$conf_wtmp_location"; then
+	if test x"$system_wtmp_path" = x"no" ; then
+		for f in /usr/adm/wtmp /var/log/wtmp; do
+			if test -f $f ; then
+				conf_wtmp_location=$f
+			fi
+		done
+		if test -z "$conf_wtmp_location"; then
+			AC_DEFINE(DISABLE_WTMP)
+		fi
+	fi
+fi
+if test -n "$conf_wtmp_location"; then
+	AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location")
+fi	
+
+
+dnl utmpx detection - I don't know any system so perverse as to require
+dnl  utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
+dnl  there, though.
+AC_MSG_CHECKING([if your system defines UTMPX_FILE])
+AC_TRY_COMPILE([
+#include <sys/types.h>
+#include <utmp.h>
+#ifdef HAVE_UTMPX_H
+#include <utmpx.h>
+#endif
+#ifdef HAVE_PATHS_H
+#  include <paths.h>
+#endif
+	],
+	[ char *utmpx = UTMPX_FILE; ],
+	[ AC_MSG_RESULT(yes) ],
+	[ AC_MSG_RESULT(no)
+	  system_utmpx_path=no ]
+)
+if test -z "$conf_utmpx_location"; then
+	if test x"$system_utmpx_path" = x"no" ; then
+		AC_DEFINE(DISABLE_UTMPX)
+	fi
+else
+	AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location")
+fi	
+
+dnl wtmpx detection
+AC_MSG_CHECKING([if your system defines WTMPX_FILE])
+AC_TRY_COMPILE([
+#include <sys/types.h>
+#include <utmp.h>
+#ifdef HAVE_UTMPX_H
+#include <utmpx.h>
+#endif
+#ifdef HAVE_PATHS_H
+#  include <paths.h>
+#endif
+	],
+	[ char *wtmpx = WTMPX_FILE; ],
+	[ AC_MSG_RESULT(yes) ],
+	[ AC_MSG_RESULT(no)
+	  system_wtmpx_path=no ]
+)
+if test -z "$conf_wtmpx_location"; then
+	if test x"$system_wtmpx_path" = x"no" ; then
+		AC_DEFINE(DISABLE_WTMPX)
+	fi
+else
+	AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location")
+fi	
+
+
+if test ! -z "$blibpath" ; then
+	LDFLAGS="$LDFLAGS -blibpath:$blibpath"
+	AC_MSG_WARN([Please check and edit -blibpath in LDFLAGS in Makefile])
+fi
+
+dnl remove pam and dl because they are in $LIBPAM
+if test "$PAM_MSG" = yes ; then
+	LIBS=`echo $LIBS | sed 's/-lpam //'`
+fi
+if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
+	LIBS=`echo $LIBS | sed 's/-ldl //'`
+fi
+
+AC_EXEEXT
+AC_CONFIG_FILES([Makefile openbsd-compat/Makefile scard/Makefile ssh_prng_cmds])
+AC_OUTPUT
+
+# Print summary of options
+
+# Someone please show me a better way :)
+A=`eval echo ${prefix}` ; A=`eval echo ${A}`
+B=`eval echo ${bindir}` ; B=`eval echo ${B}`
+C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
+D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
+E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
+F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
+G=`eval echo ${piddir}` ; G=`eval echo ${G}`
+H=`eval echo ${user_path}` ; H=`eval echo ${H}`
+
+echo ""
+echo "OpenSSH has been configured with the following options:"
+echo "                 User binaries: $B"
+echo "               System binaries: $C"
+echo "           Configuration files: $D"
+echo "               Askpass program: $E"
+echo "                  Manual pages: $F"
+echo "                      PID file: $G"
+echo "        sshd default user PATH: $H"
+echo "                Manpage format: $MANTYPE"
+echo "                   PAM support: ${PAM_MSG}"
+echo "            KerberosIV support: $KRB4_MSG"
+echo "             Smartcard support: $SCARD_MSG"
+echo "                   AFS support: $AFS_MSG"
+echo "                 S/KEY support: $SKEY_MSG"
+echo "          TCP Wrappers support: $TCPW_MSG"
+echo "          MD5 password support: $MD5_MSG"
+echo "   IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
+echo "      Use IPv4 by default hack: $IPV4_HACK_MSG"
+echo "       Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
+echo "              BSD Auth support: $BSD_AUTH_MSG"
+echo "          Random number source: $RAND_MSG"
+if test ! -z "$USE_RAND_HELPER" ; then
+	echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
+fi
+
+echo ""
+
+echo "              Host: ${host}"
+echo "          Compiler: ${CC}"
+echo "    Compiler flags: ${CFLAGS}"
+echo "Preprocessor flags: ${CPPFLAGS}"
+echo "      Linker flags: ${LDFLAGS}"
+echo "         Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
+
+echo ""
+
+if test "x$PAM_MSG" = "xyes" ; then
+	echo "PAM is enabled. You may need to install a PAM control file "
+	echo "for sshd, otherwise password authentication may fail. "
+	echo "Example PAM control files can be found in the contrib/ " 
+	echo "subdirectory"
+	echo ""
+fi
+
+if test ! -z "$NO_SFTP"; then
+	echo "sftp-server will be disabled.  Your compiler does not "
+	echo "support 64bit integers."
+	echo ""
+fi
+
+if test ! -z "$RAND_HELPER_CMDHASH" ; then
+	echo "WARNING: you are using the builtin random number collection "
+	echo "service. Please read WARNING.RNG and request that your OS "
+	echo "vendor includes kernel-based random number collection in "
+	echo "future versions of your OS."
+	echo ""
+fi
+
diff -ruN --exclude CVS ssh-openbsd-2002030700/contrib/README openssh-3.1p1/contrib/README
--- ssh-openbsd-2002030700/contrib/README	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/contrib/README	Mon Dec 24 13:59:20 2001
@@ -0,0 +1,61 @@
+Other patches and addons for OpenSSH. Please send submissions to 
+djm@ibs.com.au
+
+Elsewhere
+---------
+
+http://www.imasy.or.jp/~gotoh/connect.c is a Unix and Windows 
+ProxyCommand which allows OpenSSH to make connections through a SOCKS5
+or http proxy which supports the CONNECT method (eg. Squid).
+
+In this directory
+-----------------
+
+chroot.diff: 
+
+Due to the fact the patch is never in sync with the rest of the tree.  It was
+removed. 
+
+ssh-copy-id:
+
+Phil Hands' <phil@hands.com> shell script to automate the process of adding
+your public key to a remote machine's ~/.ssh/authorized_keys file.
+
+gnome-ssh-askpass:
+
+A GNOME passphrase requester of my own creation. Compilation instructions
+are in the top of the file.
+
+sshd.pam.generic:
+
+A generic PAM config file which may be useful on your system. YMMV
+
+sshd.pam.freebsd:
+
+A PAM config file which works with FreeBSD's PAM port. Contributed by
+Dominik Brettnacher <domi@saargate.de>
+
+mdoc2man.pl:
+
+Converts mdoc formated manpages into normal manpages.  This can be used
+on Solaris machines to provide manpages that are not preformated. 
+Contributed by Mark D. Roth <roth@feep.net>
+
+redhat:
+
+RPM spec file an scripts for building Redhat packages
+
+suse:
+
+RPM spec file an scripts for building SuSE packages
+
+
+Externally maintained
+---------------------
+
+X11 SSH Askpass:
+
+Jim Knoble <jmknoble@pobox.com> has written an excellent X11
+passphrase requester. This is highly recommended:
+
+http://www.ntrnet.net/~jmknoble/software/x11-ssh-askpass/index.html
diff -ruN --exclude CVS ssh-openbsd-2002030700/contrib/aix/README openssh-3.1p1/contrib/aix/README
--- ssh-openbsd-2002030700/contrib/aix/README	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/contrib/aix/README	Tue Mar  5 14:38:37 2002
@@ -0,0 +1,36 @@
+Overview:
+
+This directory contains files to build an AIX native (installp or SMIT
+installable) openssh package.
+
+
+Directions:
+
+./configure [options]
+cd contrib/aix; ./buildbff.sh
+
+
+Acknowledgements:
+
+The contents of this directory are based on Ben Lindstrom's Solaris
+buildpkg.sh. Ben also supplied inventory.sh.
+
+Jim Abbey's (GPL'ed) lppbuild-2.1 was used to learn how to build .bff's
+and for comparison with the output from this script, however no code
+from lppbuild is included and it is not required for operation.
+
+
+Other notes:
+
+The script treats all packages as USR packages (not ROOT+USR when
+appropriate).  It seems to work, though......
+
+
+Disclaimer:
+
+It is hoped that it is useful but there is no warranty. If it breaks
+you get to keep both pieces.
+
+
+	- Darren Tucker (dtucker at zip dot com dot au)
+	  2002/03/01
diff -ruN --exclude CVS ssh-openbsd-2002030700/contrib/aix/buildbff.sh openssh-3.1p1/contrib/aix/buildbff.sh
--- ssh-openbsd-2002030700/contrib/aix/buildbff.sh	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/contrib/aix/buildbff.sh	Tue Mar  5 14:38:37 2002
@@ -0,0 +1,187 @@
+#!/bin/sh
+#
+# buildbff.sh: Create AIX SMIT-installable OpenSSH packages
+#
+# Author: Darren Tucker (dtucker at zip dot com dot au)
+# This file is placed in the public domain and comes with absolutely
+# no warranty.
+# 
+# Based originally on Ben Lindstrom's buildpkg.sh for Solaris
+#
+
+umask 022
+PKGNAME=openssh
+
+PATH=$PATH:`pwd`		# set path for external tools
+export PATH
+
+## Extract common info requires for the 'info' part of the package.
+VERSION=`tail -1 ../../version.h | sed -e 's/.*_\([0-9]\)/\1/g' | sed 's/\"$//'`
+BFFVERSION=`echo $VERSION | sed 's/p/./g'`
+
+echo "Building BFF for $PKGNAME $VERSION (package version $BFFVERSION)"
+PKGDIR=package
+
+# Clean build directory and package file
+rm -rf $PKGDIR
+mkdir $PKGDIR
+rm -f $PKGNAME-$VERSION.bff
+
+if [ ! -f ../../Makefile ]
+then
+	echo "Top-level Makefile not found (did you run ./configure?)"
+	exit 1
+fi
+
+## Start by faking root install 
+echo "Faking root install..."
+START=`pwd`
+FAKE_ROOT=$START/$PKGDIR
+cd ../.. 
+make install-nokeys DESTDIR=$FAKE_ROOT
+
+#
+# Fill in some details, like prefix and sysconfdir
+#	the eval also expands variables like sysconfdir=${prefix}/etc
+#	provided they are eval'ed in the correct order
+#
+for confvar in prefix exec_prefix bindir sbindir libexecdir datadir mandir mansubdir sysconfdir piddir
+do
+	eval $confvar=`grep "^$confvar=" Makefile | cut -d = -f 2`
+done
+
+# Rename config files; postinstall script will copy them if necessary
+for cfgfile in ssh_config sshd_config ssh_prng_cmds
+do
+	mv $FAKE_ROOT/$sysconfdir/$cfgfile $FAKE_ROOT/$sysconfdir/$cfgfile.default
+done
+
+#
+# Generate lpp control files.
+#	working dir is $FAKE_ROOT but files are generated in contrib/aix
+#	and moved into place just before creation of .bff
+#
+cd $FAKE_ROOT
+echo Generating LPP control files
+find . ! -name . -print >../openssh.al
+inventory.sh >../openssh.inventory
+cp ../../../LICENCE ../openssh.copyright
+
+#
+# Create postinstall script
+#
+cat <<EOF >>../openssh.post_i
+#!/bin/sh
+
+# Create configs from defaults if necessary
+for cfgfile in ssh_config sshd_config ssh_prng_cmds
+do
+        if [ ! -f $sysconfdir/\$cfgfile ]
+        then
+                echo "Creating \$cfgfile from default"
+                cp $sysconfdir/\$cfgfile.default $sysconfdir/\$cfgfile
+        else
+                echo "\$cfgfile already exists."
+        fi
+done
+
+# Generate keys unless they already exist
+if [ -f "$sysconfdir/ssh_host_key" ] ; then
+        echo "$sysconfdir/ssh_host_key already exists, skipping."
+else
+        $bindir/ssh-keygen -t rsa1 -f $sysconfdir/ssh_host_key -N ""
+fi
+if [ -f $sysconfdir/ssh_host_dsa_key ] ; then
+        echo "$sysconfdir/ssh_host_dsa_key already exists, skipping."
+else
+        $bindir/ssh-keygen -t dsa -f $sysconfdir/ssh_host_dsa_key -N ""
+fi
+if [ -f $sysconfdir/ssh_host_rsa_key ] ; then
+        echo "$sysconfdir/ssh_host_rsa_key already exists, skipping."
+else 
+        $bindir/ssh-keygen -t rsa -f $sysconfdir/ssh_host_rsa_key -N ""
+fi
+
+# Add to system startup if required
+if grep $sbindir/sshd /etc/rc.tcpip >/dev/null
+then
+        echo "sshd found in rc.tcpip, not adding."
+else
+        echo >>/etc/rc.tcpip
+        echo "echo Starting sshd" >>/etc/rc.tcpip
+        echo "$sbindir/sshd" >>/etc/rc.tcpip
+fi
+EOF
+
+#
+# Create liblpp.a and move control files into it
+#
+echo Creating liblpp.a
+(
+	cd ..
+	for i in al copyright inventory post_i
+	do
+		ar -r liblpp.a openssh.$i
+		rm openssh.$i
+	done
+)
+
+#
+# Create lpp_name
+#
+# This will end up looking something like:
+# 4 R I OpenSSH {
+# OpenSSH 3.0.2.1 1 N U en_US OpenSSH 3.0.2p1 Portable for AIX
+# [
+# %
+# /usr/local/bin 8073
+# /usr/local/etc 189
+# /usr/local/libexec 185
+# /usr/local/man/man1 145
+# /usr/local/man/man8 83
+# /usr/local/sbin 2105
+# /usr/local/share 3
+# %
+# ]
+echo Creating lpp_name
+cat <<EOF >../lpp_name
+4 R I $PKGNAME {
+$PKGNAME $BFFVERSION 1 N U en_US OpenSSH $VERSION Portable for AIX
+[
+%
+EOF
+
+for i in $bindir $sysconfdir $libexecdir $mandir/man1 $mandir/man8 $sbindir $datadir
+do
+	# get size in 512 byte blocks
+	size=`du $FAKE_ROOT/$i | awk '{print $1}'`
+	echo "$i $size" >>../lpp_name
+done
+
+echo '%' >>../lpp_name
+echo ']' >>../lpp_name
+echo '}' >>../lpp_name
+
+#
+# Move pieces into place
+#
+mkdir -p usr/lpp/openssh
+mv ../liblpp.a usr/lpp/openssh
+mv ../lpp_name .
+
+#
+# Now invoke backup to create .bff file
+#	note: lpp_name needs to be the first file do we generate the
+#	file list on the fly and feed it to backup using -i
+#
+echo Creating $PKGNAME-$VERSION.bff with backup...
+(
+	echo "./lpp_name"
+	find . ! -name lpp_name -a ! -name . -print 
+) | backup  -i -q -f ../$PKGNAME-$VERSION.bff $filelist
+
+cd ..
+
+rm -rf $PKGDIR
+echo $0: done.
+
diff -ruN --exclude CVS ssh-openbsd-2002030700/contrib/aix/inventory.sh openssh-3.1p1/contrib/aix/inventory.sh
--- ssh-openbsd-2002030700/contrib/aix/inventory.sh	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/contrib/aix/inventory.sh	Tue Mar  5 14:38:37 2002
@@ -0,0 +1,61 @@
+#!/bin/sh
+#
+# inventory.sh
+#
+# Originall written by Ben Lindstrom, modified by Darren Tucker to use perl
+#
+# This will produced and AIX package inventory file, which looks like:
+#
+# /usr/local/bin:
+#          class=apply,inventory,openssh
+#          owner=root
+#          group=system
+#          mode=755
+#          type=DIRECTORY
+# /usr/local/bin/slogin:
+#          class=apply,inventory,openssh
+#          owner=root
+#          group=system
+#          mode=777
+#          type=SYMLINK
+#          target=ssh
+# /usr/local/share/Ssh.bin:
+#          class=apply,inventory,openssh
+#          owner=root
+#          group=system
+#          mode=644
+#          type=FILE
+#          size=VOLATILE
+#          checksum=VOLATILE
+
+find . ! -name . -print | perl -ne '{
+	chomp;
+	if ( -l $_ ) {
+		($dev,$ino,$mod,$nl,$uid,$gid,$rdev,$sz,$at,$mt,$ct,$bsz,$blk)=lstat;
+	} else {
+		($dev,$ino,$mod,$nl,$uid,$gid,$rdev,$sz,$at,$mt,$ct,$bsz,$blk)=stat;
+	}
+
+	# Start to display inventory information
+	$name = $_;
+	$name =~ s|^.||;	# Strip leading dot from path
+	print "$name:\n";
+	print "\tclass=apply,inventory,openssh\n";
+	print "\towner=root\n";
+	print "\tgroup=system\n";
+	printf "\tmode=%lo\n", $mod & 07777;	# Mask perm bits
+	
+	if ( -l $_ ) {
+		# Entry is SymLink
+		print "\ttype=SYMLINK\n";
+		printf "\ttarget=%s\n", readlink($_);
+	} elsif ( -f $_ ) {
+		# Entry is File
+		print "\ttype=FILE\n";
+		print "\tsize=VOLATILE\n";
+		print "\tchecksum=VOLATILE\n";
+	} elsif ( -d $_ ) {
+		# Entry is Directory
+		print "\ttype=DIRECTORY\n";
+	} 
+}'
diff -ruN --exclude CVS ssh-openbsd-2002030700/contrib/caldera/openssh.spec openssh-3.1p1/contrib/caldera/openssh.spec
--- ssh-openbsd-2002030700/contrib/caldera/openssh.spec	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/contrib/caldera/openssh.spec	Thu Mar  7 13:04:38 2002
@@ -0,0 +1,227 @@
+%define use-stable	1
+%if %{use-stable}
+  %define version 	3.1p1
+  %define cvs		%{nil}
+  %define release 	1
+%else
+  %define version 	3.0p1
+  %define cvs		cvs20011102
+  %define release 	0r1
+%endif
+%define xsa		x11-ssh-askpass		
+%define askpass		%{xsa}-1.2.4.1
+
+Name        	: openssh
+Version     	: %{version}%{cvs}
+Release     	: %{release}
+Group       	: System/Network
+
+Summary     	: OpenSSH free Secure Shell (SSH) implementation.
+
+Copyright   	: BSD
+Packager    	: Raymund Will <ray@caldera.de>
+URL         	: http://www.openssh.com/
+
+Obsoletes   	: ssh, ssh-clients, openssh-clients
+
+BuildRoot   	: /tmp/%{Name}-%{Version}
+
+# %{use-stable}==1:	ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable
+# %{use-stable}==0:	:pserver:cvs@bass.directhit.com:/cvs/openssh_cvs
+Source0: see-above:/.../openssh-%{Version}.tar.gz
+%if %{use-stable}
+Source1: see-above:/.../openssh-%{Version}.tar.gz.sig
+%endif
+Source2: http://www.ntrnet.net/~jmknoble/software/%{xsa}/%{askpass}.tar.gz
+Source3: http://www.openssh.com/faq.html
+
+
+%Package server
+Group       	: System/Network
+Requires    	: openssh = %{Version}
+Obsoletes   	: ssh-server
+
+Summary     	: OpenSSH Secure Shell protocol server (sshd).
+
+
+%Package askpass
+Group       	: System/Network
+Requires    	: openssh = %{Version}
+URL       	: http://www.ntrnet.net/~jmknoble/software/x11-ssh-askpass/
+Obsoletes   	: ssh-extras
+
+Summary     	: OpenSSH X11 pass-phrase dialog.
+
+
+%Prep
+%setup %([ -z "%{cvs}" ] || echo "-n %{Name}_cvs") -a2
+
+%if ! %{use-stable}
+  autoreconf
+%endif
+
+
+%Build
+CFLAGS="$RPM_OPT_FLAGS" \
+./configure \
+            --prefix=/usr \
+            --sysconfdir=/etc/ssh \
+            --libexecdir=/usr/lib/ssh \
+            --with-pam \
+            --with-tcp-wrappers \
+            --with-ipv4-default \
+
+make
+
+cd %{askpass}
+./configure
+xmkmf
+make includes
+make
+
+
+%Install
+%{mkDESTDIR}
+
+make DESTDIR="$DESTDIR" install
+
+make -C %{askpass} BINDIR="/usr/lib/ssh" install
+
+# OpenLinux specific configuration
+mkdir -p $DESTDIR/{etc/pam.d,%{SVIcdir},%{SVIdir}}
+
+# enabling X11 forwarding on the server is convenient and okay,
+# on the client side we consider it a potential security risk!
+%{fixUP} -vT  $DESTDIR/etc/ssh/sshd_config -e '
+   s/X11Forwarding no/X11Forwarding yes/i'
+
+install -m644 contrib/caldera/sshd.pam $DESTDIR/etc/pam.d/sshd
+# FIXME: disabled, find out why this doesn't work with NIS
+%{fixUP} -vT $DESTDIR/etc/pam.d/sshd -e 's/^(.*pam_limits.*)$/#$1/'
+
+install -m 0755 contrib/caldera/sshd.init $DESTDIR%{SVIdir}/sshd
+%{fixUP} -vT $DESTDIR/%{SVIdir} -e 's:\@SVIdir\@:%{SVIdir}: +
+   s:\@sysconfdir\@:/etc/ssh:'
+
+cat <<-EoD > $DESTDIR%{SVIcdir}/sshd
+	IDENT=sshd
+	DESCRIPTIVE="OpenSSH secure shell daemon"
+	# This service will be marked as 'skipped' on boot if there
+	# is no host key. Use ssh-host-keygen to generate one.
+	ONBOOT="yes"
+	OPTIONS=""
+EoD
+
+SKG=$DESTDIR/usr/sbin/ssh-host-keygen
+install -m 0755 contrib/caldera/ssh-host-keygen $SKG
+%{fixUP} -T $SKG -e 's:\@sysconfdir\@:/etc/ssh: +
+   s:\@sshkeygen\@:/usr/bin/ssh-keygen:'
+
+
+# install remaining docs
+DocD="$DESTDIR%{_defaultdocdir}/%{Name}-%{Version}"; mkdir -p $DocD/00-LEGAL
+cp -a LICENCE $DocD/00-LEGAL
+cp -a CREDITS ChangeLog OVERVIEW README* TODO  $DocD
+install -p -m 0444 -o 0 -g 0 %{SOURCE3}  $DocD/faq.html
+mkdir -p $DocD/%{askpass}
+cp -a %{askpass}/{README,ChangeLog,TODO,SshAskpass*.ad}  $DocD/%{askpass}
+
+cp -p %{askpass}/%{xsa}.man $DESTDIR/usr/man/man1/%{xsa}.1
+ln -s  %{xsa}.1 $DESTDIR/usr/man/man1/ssh-askpass.1
+
+%{fixManPages}
+
+
+# generate file lists
+%{mkLists} -c %{Name}
+%{mkLists} -d %{Name} << 'EOF'
+/etc/ssh				base
+^/etc/					IGNORED
+%{_defaultdocdir}/$			IGNORED
+askpass					askpass
+*					default
+EOF
+%{mkLists} -a -f %{Name} << 'EOF'
+^/etc					*		prefix(%%config)
+/usr/X11R6/lib/X11/app-defaults 	IGNORED
+Ssh.bin 				IGNORED		# for now
+[Aa]skpass				askpass
+%{_defaultdocdir}/%{Name}-%{Version}/	base
+ssh-keygen				base
+moduli					server
+sshd					server
+sftp-server				server
+.*					base
+EOF
+
+
+%Clean
+%{rmDESTDIR}
+
+
+%Post
+# Generate host key when none is present to get up and running,
+# both client and server require this for host-based auth!
+# ssh-host-keygen checks for existing keys.
+/usr/sbin/ssh-host-keygen
+: # to protect the rpm database
+
+
+%Post server
+if [ -x %{LSBinit}-install ]; then
+  %{LSBinit}-install sshd
+else
+  lisa --SysV-init install sshd S55 3:4:5 K45 0:1:2:6
+fi
+
+! %{SVIdir}/sshd status || %{SVIdir}/sshd restart
+: # to protect the rpm database
+
+
+%PreUn server
+[ "$1" = 0 ] || exit 0
+
+! %{SVIdir}/sshd status || %{SVIdir}/sshd stop
+: # to protect the rpm database
+
+
+%PostUn server
+if [ -x %{LSBinit}-remove ]; then
+  %{LSBinit}-remove sshd
+else
+  lisa --SysV-init remove sshd $1
+fi
+: # to protect the rpm database
+
+
+%Files -f files-%{Name}-base
+%defattr(-,root,root)
+
+
+%Files server -f files-%{Name}-server
+%defattr(-,root,root)
+
+
+%Files askpass -f files-%{Name}-askpass
+%defattr(-,root,root)
+
+
+%Description
+OpenSSH (Secure Shell) provides access to a remote system. It replaces
+telnet, rlogin,  rexec, and rsh, and provides secure encrypted 
+communications between two untrusted hosts over an insecure network.  
+X11 connections and arbitrary TCP/IP ports can also be forwarded over 
+the secure channel.
+
+%Description server
+This package installs the sshd, the server portion of OpenSSH. 
+
+%Description askpass
+This package contains an X11-based pass-phrase dialog used per
+default by ssh-add(1). It is based on %{askpass}
+by Jim Knoble <jmknoble@pobox.com>.
+
+%ChangeLog
+* Mon Jan 01 1998 ...
+
+$Id: openssh.spec,v 1.27 2002/03/07 02:04:38 djm Exp $
diff -ruN --exclude CVS ssh-openbsd-2002030700/contrib/caldera/ssh-host-keygen openssh-3.1p1/contrib/caldera/ssh-host-keygen
--- ssh-openbsd-2002030700/contrib/caldera/ssh-host-keygen	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/contrib/caldera/ssh-host-keygen	Fri Apr 27 15:50:50 2001
@@ -0,0 +1,36 @@
+#! /bin/sh
+#
+# $Id: ssh-host-keygen,v 1.1 2001/04/27 05:50:50 tim Exp $
+#
+# This script is normally run only *once* for a given host
+# (in a given period of time) -- on updates/upgrades/recovery
+# the ssh_host_key* files _should_ be retained! Otherwise false
+# "man-in-the-middle-attack" alerts will frighten unsuspecting
+# clients...
+
+keydir=@sysconfdir@
+keygen=@sshkeygen@
+
+if [ -f $keydir/ssh_host_key -o \
+             -f $keydir/ssh_host_key.pub ]; then
+  echo "You already have an SSH1 RSA host key in $keydir/ssh_host_key."
+else
+  echo "Generating 1024 bit SSH1 RSA host key."
+  $keygen -b 1024 -t rsa1 -f $keydir/ssh_host_key -C '' -N ''
+fi
+
+if [ -f $keydir/ssh_host_rsa_key -o \
+             -f $keydir/ssh_host_rsa_key.pub ]; then
+  echo "You already have an SSH2 RSA host key in $keydir/ssh_host_rsa_key."
+else
+  echo "Generating 1024 bit SSH2 RSA host key."
+  $keygen -b 1024 -t rsa -f $keydir/ssh_host_rsa_key -C '' -N ''
+fi
+
+if [ -f $keydir/ssh_host_dsa_key -o \
+             -f $keydir/ssh_host_dsa_key.pub ]; then
+  echo "You already have an SSH2 DSA host key in $keydir/ssh_host_dsa_key."
+else
+  echo "Generating SSH2 DSA host key."
+  $keygen -t dsa -f $keydir/ssh_host_dsa_key -C '' -N ''
+fi
diff -ruN --exclude CVS ssh-openbsd-2002030700/contrib/caldera/sshd.init openssh-3.1p1/contrib/caldera/sshd.init
--- ssh-openbsd-2002030700/contrib/caldera/sshd.init	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/contrib/caldera/sshd.init	Sun Nov  4 06:09:33 2001
@@ -0,0 +1,125 @@
+#! /bin/bash
+#
+# $Id: sshd.init,v 1.3 2001/11/03 19:09:33 tim Exp $
+#
+### BEGIN INIT INFO
+# Provides:
+# Required-Start: $network
+# Required-Stop:
+# Default-Start:  3 4 5
+# Default-Stop:   0 1 2 6
+# Description: sshd
+#                Bring up/down the OpenSSH secure shell daemon.
+### END INIT INFO
+#
+# Written by Miquel van Smoorenburg <miquels@drinkel.ow.org>.
+# Modified for Debian GNU/Linux by Ian Murdock <imurdock@gnu.ai.mit.edu>.
+# Modified for OpenLinux by Raymund Will <ray@caldera.de>
+
+NAME=sshd
+DAEMON=/usr/sbin/$NAME
+# Hack-Alert(TM)!  This is necessary to get around the 'reload'-problem
+# created by recent OpenSSH daemon/ssd combinations. See Caldera internal
+# PR [linux/8278] for details...
+PIDF=/var/run/$NAME.pid
+NAME=$DAEMON
+
+_status() {
+  [ -z "$1" ] || local pidf="$1"
+  local ret=-1
+  local pid
+  if [ -n "$pidf" ] && [  -r "$pidf" ]; then
+    pid=$(head -1 $pidf)
+  else
+    pid=$(pidof $NAME)
+  fi
+
+  if [ ! -e $SVIlock ]; then
+    # no lock-file => not started == stopped?
+    ret=3
+  elif [ -n "$pidf" -a ! -f "$pidf" ] || [ -z "$pid" ]; then
+    # pid-file given but not present or no pid => died, but was not stopped
+    ret=2
+  elif [ -r /proc/$pid/cmdline ] &&
+       echo -ne $NAME'\000' | cmp -s - /proc/$pid/cmdline; then
+    # pid-file given and present or pid found => check process...
+    # but don't compare exe, as this will fail after an update!
+    # compares OK => all's well, that ends well...
+    ret=0
+  else
+    # no such process or exe does not match => stale pid-file or process died
+    #   just recently...
+    ret=1
+  fi
+  return $ret
+}
+
+# Source function library (and set vital variables).
+. @SVIdir@/functions
+
+case "$1" in
+ start)
+  [ ! -e $SVIlock ] || exit 0
+  [ -x $DAEMON ] || exit 5
+  SVIemptyConfig @sysconfdir@/sshd_config && exit 6
+
+  if [ ! \( -f @sysconfdir@/ssh_host_key -a            \
+            -f @sysconfdir@/ssh_host_key.pub \) -a     \
+       ! \( -f @sysconfdir@/ssh_host_rsa_key -a        \
+            -f @sysconfdir@/ssh_host_rsa_key.pub \) -a \
+       ! \( -f @sysconfdir@/ssh_host_dsa_key -a        \
+            -f @sysconfdir@/ssh_host_dsa_key.pub \) ]; then
+
+    echo "$SVIsubsys: host key not initialized: skipped!"
+    echo "$SVIsubsys: use ssh-host-keygen to generate one!"
+    exit 6
+  fi
+
+  echo -n "Starting $SVIsubsys services: "
+  ssd -S -x $DAEMON -n $NAME -- $OPTIONS
+  ret=$?
+
+  echo  "."
+  touch $SVIlock
+  ;;
+
+ stop)
+  [ -e $SVIlock ] || exit 0
+
+  echo -n "Stopping $SVIsubsys services: "
+  ssd -K -p $PIDF -n $NAME
+  ret=$?
+
+  echo "."
+  rm -f $SVIlock
+  ;;
+
+ force-reload|reload)
+  [ -e $SVIlock ] || exit 0
+
+  echo "Reloading $SVIsubsys configuration files: "
+  ssd -K --signal 1 -q -p $PIDF -n $NAME
+  ret=$?
+  echo "done."
+  ;;
+
+ restart)
+  $0 stop
+  $0 start
+  ret=$?
+  ;;
+
+ status)
+  _status $PIDF
+  ret=$?
+  ;;
+
+ *)
+  echo "Usage: $SVIscript {[re]start|stop|[force-]reload|status}"
+  ret=2
+  ;;
+
+esac
+
+exit $ret
+
diff -ruN --exclude CVS ssh-openbsd-2002030700/contrib/caldera/sshd.pam openssh-3.1p1/contrib/caldera/sshd.pam
--- ssh-openbsd-2002030700/contrib/caldera/sshd.pam	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/contrib/caldera/sshd.pam	Fri Jan  5 09:54:51 2001
@@ -0,0 +1,8 @@
+#%PAM-1.0
+auth       required     /lib/security/pam_pwdb.so shadow nodelay
+auth       required     /lib/security/pam_nologin.so
+account    required     /lib/security/pam_pwdb.so
+password   required     /lib/security/pam_cracklib.so
+password   required     /lib/security/pam_pwdb.so shadow nullok use_authtok
+session    required     /lib/security/pam_pwdb.so
+session    required     /lib/security/pam_limits.so
diff -ruN --exclude CVS ssh-openbsd-2002030700/contrib/cygwin/README openssh-3.1p1/contrib/cygwin/README
--- ssh-openbsd-2002030700/contrib/cygwin/README	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/contrib/cygwin/README	Sat Dec 29 14:10:10 2001
@@ -0,0 +1,184 @@
+This package is the actual port of OpenSSH to Cygwin 1.3.
+
+===========================================================================
+Important change since 3.0.1p1-2:
+
+This version introduces the ability to register sshd as service on
+Windows 9x/Me systems.  This is done only when the options -D and/or
+-d are not given.
+===========================================================================
+
+===========================================================================
+Important change since 2.9p2:
+
+Since Cygwin is able to switch user context without password beginning
+with version 1.3.2, OpenSSH now allows to do so when it's running under
+a version >= 1.3.2. Keep in mind that `ntsec' has to be activated to
+allow that feature.
+===========================================================================
+
+===========================================================================
+Important change since 2.3.0p1:
+
+When using `ntea' or `ntsec' you now have to care for the ownership
+and permission bits of your host key files and your private key files.
+The host key files have to be owned by the NT account which starts
+sshd. The user key files have to be owned by the user. The permission
+bits of the private key files (host and user) have to be at least
+rw------- (0600)!
+
+Note that this is forced under `ntsec' only if the files are on a NTFS
+filesystem (which is recommended) due to the lack of any basic security
+features of the FAT/FAT32 filesystems.
+===========================================================================
+
+If you are installing OpenSSH the first time, you can generate global config
+files and server keys by running
+   
+   /usr/bin/ssh-host-config
+
+Note that this binary archive doesn't contain default config files in /etc.
+That files are only created if ssh-host-config is started.
+
+If you are updating your installation you may run the above ssh-host-config
+as well to move your configuration files to the new location and to
+erase the files at the old location.
+
+To support testing and unattended installation ssh-host-config got
+some options:
+
+usage: ssh-host-config [OPTION]...
+Options:
+    --debug      -d        Enable shell's debug output.
+    --yes        -y        Answer all questions with "yes" automatically.
+    --no         -n        Answer all questions with "no" automatically.
+    --port       -p <n>    sshd listens on port n.
+
+Additionally ssh-host-config now asks if it should install sshd as a
+service when running under NT/W2K. This requires cygrunsrv installed.
+
+You can create the private and public keys for a user now by running
+
+  /usr/bin/ssh-user-config
+
+under the users account.
+
+To support testing and unattended installation ssh-user-config got
+some options as well:
+
+usage: ssh-user-config [OPTION]...
+Options:
+    --debug      -d        Enable shell's debug output.
+    --yes        -y        Answer all questions with "yes" automatically.
+    --no         -n        Answer all questions with "no" automatically.
+    --passphrase -p word   Use "word" as passphrase automatically.
+
+Install sshd as daemon via cygrunsrv.exe (recommended on NT/W2K), via inetd
+(results in very slow deamon startup!) or from the command line (recommended
+on 9X/ME).
+
+If you start sshd as deamon via cygrunsrv.exe you MUST give the
+"-D" option to sshd. Otherwise the service can't get started at all.
+
+If starting via inetd, copy sshd to eg. /usr/sbin/in.sshd and add the
+following line to your inetd.conf file:
+
+ssh stream tcp nowait root /usr/sbin/in.sshd sshd -i
+
+Moreover you'll have to add the following line to your
+${SYSTEMROOT}/system32/drivers/etc/services file:
+
+   ssh         22/tcp          #SSH daemon
+
+===========================================================================
+The following restrictions only apply to Cygwin versions up to 1.3.1
+===========================================================================
+
+Authentication to sshd is possible in one of two ways.
+You'll have to decide before starting sshd!
+
+- If you want to authenticate via RSA and you want to login to that
+  machine to exactly one user account you can do so by running sshd
+  under that user account. You must change /etc/sshd_config
+  to contain the following:
+
+  RSAAuthentication yes
+
+  Moreover it's possible to use rhosts and/or rhosts with
+  RSA authentication by setting the following in sshd_config:
+
+  RhostsAuthentication yes
+  RhostsRSAAuthentication yes
+
+- If you want to be able to login to different user accounts you'll
+  have to start sshd under system account or any other account that
+  is able to switch user context. Note that administrators are _not_
+  able to do that by default! You'll have to give the following
+  special user rights to the user:
+  "Act as part of the operating system"
+  "Replace process level token"
+  "Increase quotas"
+  and if used via service manager
+  "Logon as a service".
+
+  The system account does of course own that user rights by default.
+
+  Unfortunately, if you choose that way, you can only logon with
+  NT password authentification and you should change
+  /etc/sshd_config to contain the following:
+
+    PasswordAuthentication yes
+    RhostsAuthentication no
+    RhostsRSAAuthentication no
+    RSAAuthentication no
+
+  However you can login to the user which has started sshd with
+  RSA authentication anyway. If you want that, change the RSA
+  authentication setting back to "yes":
+     
+    RSAAuthentication yes
+
+Please note that OpenSSH does never use the value of $HOME to
+search for the users configuration files! It always uses the
+value of the pw_dir field in /etc/passwd as the home directory.
+If no home diretory is set in /etc/passwd, the root directory
+is used instead!
+
+You may use all features of the CYGWIN=ntsec setting the same
+way as they are used by the `login' port on sources.redhat.com:
+
+  The pw_gecos field may contain an additional field, that begins
+  with (upper case!) "U-", followed by the domain and the username
+  separated by a backslash.
+  CAUTION: The SID _must_ remain the _last_ field in pw_gecos!
+  BTW: The field separator in pw_gecos is the comma.
+  The username in pw_name itself may be any nice name:
+
+    domuser::1104:513:John Doe,U-domain\user,S-1-5-21-...
+
+  Now you may use `domuser' as your login name with telnet!
+  This is possible additionally for local users, if you don't like
+  your NT login name ;-) You only have to leave out the domain:
+
+    locuser::1104:513:John Doe,U-user,S-1-5-21-...
+
+SSH2 server and user keys are generated by the `ssh-*-config' scripts
+as well.
+
+If you want to build from source, the following options to
+configure are used for the Cygwin binary distribution:
+
+	--prefix=/usr \
+	--sysconfdir=/etc \
+	--libexecdir='${exec_prefix}/sbin'
+
+You must have installed the zlib, openssl and regex packages to
+be able to build OpenSSH!
+
+Please send requests, error reports etc. to cygwin@cygwin.com.
+
+Have fun,
+
+Corinna Vinschen <vinschen@redhat.com>
+Cygwin Developer
+Red Hat Inc.
diff -ruN --exclude CVS ssh-openbsd-2002030700/contrib/cygwin/ssh-host-config openssh-3.1p1/contrib/cygwin/ssh-host-config
--- ssh-openbsd-2002030700/contrib/cygwin/ssh-host-config	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/contrib/cygwin/ssh-host-config	Mon Nov 12 10:36:21 2001
@@ -0,0 +1,495 @@
+#!/bin/sh
+#
+# ssh-host-config, Copyright 2000, Red Hat Inc.
+#
+# This file is part of the Cygwin port of OpenSSH.
+
+# Subdirectory where the new package is being installed
+PREFIX=/usr
+
+# Directory where the config files are stored
+SYSCONFDIR=/etc
+
+# Subdirectory where an old package might be installed
+OLDPREFIX=/usr/local
+OLDSYSCONFDIR=${OLDPREFIX}/etc
+
+progname=$0
+auto_answer=""
+port_number=22
+
+request()
+{
+  if [ "${auto_answer}" = "yes" ]
+  then
+    return 0
+  elif [ "${auto_answer}" = "no" ]
+  then
+    return 1
+  fi
+
+  answer=""
+  while [ "X${answer}" != "Xyes" -a "X${answer}" != "Xno" ]
+  do
+    echo -n "$1 (yes/no) "
+    read answer
+  done
+  if [ "X${answer}" = "Xyes" ]
+  then
+    return 0
+  else
+    return 1
+  fi
+}
+
+# Check options
+
+while :
+do
+  case $# in
+  0)
+    break
+    ;;
+  esac
+
+  option=$1
+  shift
+
+  case "$option" in
+  -d | --debug )
+    set -x
+    ;;
+
+  -y | --yes )
+    auto_answer=yes
+    ;;
+
+  -n | --no )
+    auto_answer=no
+    ;;
+
+  -p | --port )
+    port_number=$1
+    shift
+    ;;
+
+  *)
+    echo "usage: ${progname} [OPTION]..."
+    echo
+    echo "This script creates an OpenSSH host configuration."
+    echo
+    echo "Options:"
+    echo "    --debug  -d     Enable shell's debug output."
+    echo "    --yes    -y     Answer all questions with \"yes\" automatically."
+    echo "    --no     -n     Answer all questions with \"no\" automatically."
+    echo "    --port   -p <n> sshd listens on port n."
+    echo
+    exit 1
+    ;;
+
+  esac
+done
+
+# Check for running ssh/sshd processes first. Refuse to do anything while
+# some ssh processes are still running
+
+if ps -ef | grep -v grep | grep -q ssh
+then
+  echo
+  echo "There are still ssh processes running. Please shut them down first."
+  echo
+  #exit 1
+fi
+
+# Check for ${SYSCONFDIR} directory
+
+if [ -e "${SYSCONFDIR}" -a ! -d "${SYSCONFDIR}" ]
+then
+  echo
+  echo "${SYSCONFDIR} is existant but not a directory."
+  echo "Cannot create global configuration files."
+  echo
+  exit 1
+fi
+
+# Create it if necessary
+
+if [ ! -e "${SYSCONFDIR}" ]
+then
+  mkdir "${SYSCONFDIR}"
+  if [ ! -e "${SYSCONFDIR}" ]
+  then
+    echo
+    echo "Creating ${SYSCONFDIR} directory failed"
+    echo
+    exit 1
+  fi
+fi
+
+# Check for an old installation in ${OLDPREFIX} unless ${OLDPREFIX} isn't
+# the same as ${PREFIX}
+
+old_install=0
+if [ "${OLDPREFIX}" != "${PREFIX}" ]
+then
+  if [ -f "${OLDPREFIX}/sbin/sshd" ]
+  then
+    echo
+    echo "You seem to have an older installation in ${OLDPREFIX}."
+    echo
+    # Check if old global configuration files exist
+    if [ -f "${OLDSYSCONFDIR}/ssh_host_key" ]
+    then
+      if request "Do you want to copy your config files to your new installation?"
+      then
+        cp -f ${OLDSYSCONFDIR}/ssh_host_key ${SYSCONFDIR}
+        cp -f ${OLDSYSCONFDIR}/ssh_host_key.pub ${SYSCONFDIR}
+        cp -f ${OLDSYSCONFDIR}/ssh_host_dsa_key ${SYSCONFDIR}
+        cp -f ${OLDSYSCONFDIR}/ssh_host_dsa_key.pub ${SYSCONFDIR}
+        cp -f ${OLDSYSCONFDIR}/ssh_config ${SYSCONFDIR}
+        cp -f ${OLDSYSCONFDIR}/sshd_config ${SYSCONFDIR}
+      fi
+    fi
+    if request "Do you want to erase your old installation?"
+    then
+      rm -f ${OLDPREFIX}/bin/ssh.exe
+      rm -f ${OLDPREFIX}/bin/ssh-config
+      rm -f ${OLDPREFIX}/bin/scp.exe
+      rm -f ${OLDPREFIX}/bin/ssh-add.exe
+      rm -f ${OLDPREFIX}/bin/ssh-agent.exe
+      rm -f ${OLDPREFIX}/bin/ssh-keygen.exe
+      rm -f ${OLDPREFIX}/bin/slogin
+      rm -f ${OLDSYSCONFDIR}/ssh_host_key
+      rm -f ${OLDSYSCONFDIR}/ssh_host_key.pub
+      rm -f ${OLDSYSCONFDIR}/ssh_host_dsa_key
+      rm -f ${OLDSYSCONFDIR}/ssh_host_dsa_key.pub
+      rm -f ${OLDSYSCONFDIR}/ssh_config
+      rm -f ${OLDSYSCONFDIR}/sshd_config
+      rm -f ${OLDPREFIX}/man/man1/ssh.1
+      rm -f ${OLDPREFIX}/man/man1/scp.1
+      rm -f ${OLDPREFIX}/man/man1/ssh-add.1
+      rm -f ${OLDPREFIX}/man/man1/ssh-agent.1
+      rm -f ${OLDPREFIX}/man/man1/ssh-keygen.1
+      rm -f ${OLDPREFIX}/man/man1/slogin.1
+      rm -f ${OLDPREFIX}/man/man8/sshd.8
+      rm -f ${OLDPREFIX}/sbin/sshd.exe
+      rm -f ${OLDPREFIX}/sbin/sftp-server.exe
+    fi
+    old_install=1
+  fi
+fi
+
+# First generate host keys if not already existing
+
+if [ ! -f "${SYSCONFDIR}/ssh_host_key" ]
+then
+  echo "Generating ${SYSCONFDIR}/ssh_host_key"
+  ssh-keygen -t rsa1 -f ${SYSCONFDIR}/ssh_host_key -N '' > /dev/null
+fi
+
+if [ ! -f "${SYSCONFDIR}/ssh_host_rsa_key" ]
+then
+  echo "Generating ${SYSCONFDIR}/ssh_host_rsa_key"
+  ssh-keygen -t rsa -f ${SYSCONFDIR}/ssh_host_rsa_key -N '' > /dev/null
+fi
+
+if [ ! -f "${SYSCONFDIR}/ssh_host_dsa_key" ]
+then
+  echo "Generating ${SYSCONFDIR}/ssh_host_dsa_key"
+  ssh-keygen -t dsa -f ${SYSCONFDIR}/ssh_host_dsa_key -N '' > /dev/null
+fi
+
+# Check if ssh_config exists. If yes, ask for overwriting
+
+if [ -f "${SYSCONFDIR}/ssh_config" ]
+then
+  if request "Overwrite existing ${SYSCONFDIR}/ssh_config file?"
+  then
+    rm -f "${SYSCONFDIR}/ssh_config"
+    if [ -f "${SYSCONFDIR}/ssh_config" ]
+    then
+      echo "Can't overwrite. ${SYSCONFDIR}/ssh_config is write protected."
+    fi
+  fi
+fi
+
+# Create default ssh_config from here script
+
+if [ ! -f "${SYSCONFDIR}/ssh_config" ]
+then
+  echo "Generating ${SYSCONFDIR}/ssh_config file"
+  cat > ${SYSCONFDIR}/ssh_config << EOF
+# This is ssh client systemwide configuration file.  This file provides 
+# defaults for users, and the values can be changed in per-user configuration
+# files or on the command line.
+
+# Configuration data is parsed as follows:
+#  1. command line options
+#  2. user-specific file
+#  3. system-wide file
+# Any configuration value is only changed the first time it is set.
+# Thus, host-specific definitions should be at the beginning of the
+# configuration file, and defaults at the end.
+
+# Site-wide defaults for various options
+
+# Host *
+#   ForwardAgent no
+#   ForwardX11 no
+#   RhostsAuthentication no
+#   RhostsRSAAuthentication yes
+#   RSAAuthentication yes
+#   PasswordAuthentication yes
+#   FallBackToRsh no
+#   UseRsh no
+#   BatchMode no
+#   CheckHostIP yes
+#   StrictHostKeyChecking yes
+#   IdentityFile ~/.ssh/identity
+#   IdentityFile ~/.ssh/id_dsa
+#   IdentityFile ~/.ssh/id_rsa
+#   Port 22
+#   Protocol 2,1
+#   Cipher blowfish
+#   EscapeChar ~
+EOF
+  if [ "$port_number" != "22" ]
+  then
+    echo "Host localhost" >> ${SYSCONFDIR}/ssh_config
+    echo "    Port $port_number" >> ${SYSCONFDIR}/ssh_config
+  fi
+fi
+
+# Check if sshd_config exists. If yes, ask for overwriting
+
+if [ -f "${SYSCONFDIR}/sshd_config" ]
+then
+  if request "Overwrite existing ${SYSCONFDIR}/sshd_config file?"
+  then
+    rm -f "${SYSCONFDIR}/sshd_config"
+    if [ -f "${SYSCONFDIR}/sshd_config" ]
+    then
+      echo "Can't overwrite. ${SYSCONFDIR}/sshd_config is write protected."
+    fi
+  fi
+fi
+
+# Create default sshd_config from here script
+
+if [ ! -f "${SYSCONFDIR}/sshd_config" ]
+then
+  echo "Generating ${SYSCONFDIR}/sshd_config file"
+  cat > ${SYSCONFDIR}/sshd_config << EOF
+# This is the sshd server system-wide configuration file.  See sshd(8)
+# for more information.
+
+Port $port_number
+#Protocol 2,1
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+
+# HostKey for protocol version 1
+HostKey /etc/ssh_host_key
+# HostKeys for protocol version 2
+HostKey /etc/ssh_host_rsa_key
+HostKey /etc/ssh_host_dsa_key
+
+# Lifetime and size of ephemeral version 1 server ke
+KeyRegenerationInterval 3600
+ServerKeyBits 768
+
+# Logging
+SyslogFacility AUTH
+LogLevel INFO
+#obsoletes QuietMode and FascistLogging
+
+# Authentication:
+
+LoginGraceTime 600
+PermitRootLogin yes
+# The following setting overrides permission checks on host key files
+# and directories. For security reasons set this to "yes" when running
+# NT/W2K, NTFS and CYGWIN=ntsec.
+StrictModes no
+
+RSAAuthentication yes
+PubkeyAuthentication yes
+#AuthorizedKeysFile     %h/.ssh/authorized_keys
+
+# rhosts authentication should not be used
+RhostsAuthentication no
+# Don't read ~/.rhosts and ~/.shosts files
+IgnoreRhosts yes
+# For this to work you will also need host keys in /etc/ssh_known_hosts
+RhostsRSAAuthentication no
+# similar for protocol version 2
+HostbasedAuthentication no
+# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
+#IgnoreUserKnownHosts yes
+
+# To disable tunneled clear text passwords, change to no here!
+PasswordAuthentication yes
+PermitEmptyPasswords no
+
+X11Forwarding no
+X11DisplayOffset 10
+PrintMotd yes
+#PrintLastLog no
+KeepAlive yes
+#UseLogin no
+
+#MaxStartups 10:30:60
+#Banner /etc/issue.net
+#ReverseMappingCheck yes
+
+Subsystem      sftp    /usr/sbin/sftp-server
+EOF
+fi
+
+# Care for services file
+_sys="`uname -a`"
+_nt=`expr "$_sys" : "CYGWIN_NT"`
+if [ $_nt -gt 0 ]
+then
+  _wservices="${SYSTEMROOT}\\system32\\drivers\\etc\\services"
+  _wserv_tmp="${SYSTEMROOT}\\system32\\drivers\\etc\\srv.out.$$"
+else
+  _wservices="${WINDIR}\\SERVICES"
+  _wserv_tmp="${WINDIR}\\SERV.$$"
+fi
+_services=`cygpath -u "${_wservices}"`
+_serv_tmp=`cygpath -u "${_wserv_tmp}"`
+
+mount -t -f "${_wservices}" "${_services}"
+mount -t -f "${_wserv_tmp}" "${_serv_tmp}"
+
+# Remove sshd 22/port from services
+if [ `grep -q 'sshd[ \t][ \t]*22' "${_services}"; echo $?` -eq 0 ]
+then
+  grep -v 'sshd[ \t][ \t]*22' "${_services}" > "${_serv_tmp}"
+  if [ -f "${_serv_tmp}" ]
+  then 
+    if mv "${_serv_tmp}" "${_services}"
+    then
+      echo "Removing sshd from ${_services}"
+    else
+      echo "Removing sshd from ${_services} failed\!"
+    fi 
+    rm -f "${_serv_tmp}"
+  else
+    echo "Removing sshd from ${_services} failed\!"
+  fi
+fi
+
+# Add ssh 22/tcp  and ssh 22/udp to services
+if [ `grep -q 'ssh[ \t][ \t]*22' "${_services}"; echo $?` -ne 0 ]
+then
+  awk '{ if ( $2 ~ /^23\/tcp/ ) print "ssh                22/tcp                           #SSH Remote Login Protocol\nssh                22/udp                           #SSH Remote Login Protocol"; print $0; }' < "${_services}" > "${_serv_tmp}"
+  if [ -f "${_serv_tmp}" ]
+  then
+    if mv "${_serv_tmp}" "${_services}"
+    then
+      echo "Added ssh to ${_services}"
+    else
+      echo "Adding ssh to ${_services} failed\!"
+    fi
+    rm -f "${_serv_tmp}"
+  else
+    echo "Adding ssh to ${_services} failed\!"
+  fi
+fi
+
+umount "${_services}"
+umount "${_serv_tmp}"
+
+# Care for inetd.conf file
+_inetcnf="/etc/inetd.conf"
+_inetcnf_tmp="/etc/inetd.conf.$$"
+
+if [ -f "${_inetcnf}" ]
+then
+  # Check if ssh service is already in use as sshd
+  with_comment=1
+  grep -q '^[ \t]*sshd' "${_inetcnf}" && with_comment=0
+  # Remove sshd line from inetd.conf
+  if [ `grep -q '^[# \t]*sshd' "${_inetcnf}"; echo $?` -eq 0 ]
+  then
+    grep -v '^[# \t]*sshd' "${_inetcnf}" >> "${_inetcnf_tmp}"
+    if [ -f "${_inetcnf_tmp}" ]
+    then
+      if mv "${_inetcnf_tmp}" "${_inetcnf}"
+      then
+        echo "Removed sshd from ${_inetcnf}"
+      else
+        echo "Removing sshd from ${_inetcnf} failed\!"
+      fi
+      rm -f "${_inetcnf_tmp}"
+    else
+      echo "Removing sshd from ${_inetcnf} failed\!"
+    fi
+  fi
+
+  # Add ssh line to inetd.conf
+  if [ `grep -q '^[# \t]*ssh' "${_inetcnf}"; echo $?` -ne 0 ]
+  then
+    if [ "${with_comment}" -eq 0 ]
+    then
+      echo 'ssh  stream  tcp     nowait  root    /usr/sbin/sshd -i' >> "${_inetcnf}"
+    else
+      echo '# ssh  stream  tcp     nowait  root    /usr/sbin/sshd -i' >> "${_inetcnf}"
+    fi
+    echo "Added ssh to ${_inetcnf}"
+  fi
+fi
+
+# Create /var/log and /var/log/lastlog if not already existing
+
+if [ -f /var/log ]
+then
+  echo "Creating /var/log failed\!"
+else
+  if [ ! -d /var/log ]
+  then
+    mkdir /var/log
+  fi
+  if [ -d /var/log/lastlog ]
+  then
+    echo "Creating /var/log/lastlog failed\!"
+  elif [ ! -f /var/log/lastlog ]
+  then
+    cat /dev/null > /var/log/lastlog
+  fi
+fi
+
+# On NT ask if sshd should be installed as service
+if [ $_nt -gt 0 ]
+then
+  echo
+  echo "Do you want to install sshd as service?"
+  if request "(Say \"no\" if it's already installed as service)"
+  then
+    echo
+    echo "Which value should the environment variable CYGWIN have when"
+    echo "sshd starts? It's recommended to set at least \"ntsec\" to be"
+    echo "able to change user context without password."
+    echo -n "Default is \"binmode ntsec tty\".  CYGWIN="
+    read _cygwin
+    [ -z "${_cygwin}" ] && _cygwin="binmode ntsec tty"
+    if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a -D -e "CYGWIN=${_cygwin}"
+    then
+      chown system /etc/ssh*
+      echo
+      echo "The service has been installed under LocalSystem account."
+    fi
+  fi
+fi
+
+if [ "${old_install}" = "1" ]
+then
+  echo
+  echo "Note: If you have used sshd as service or from inetd, don't forget to"
+  echo "      change the path to sshd.exe in the service entry or in inetd.conf."
+fi
+
+echo
+echo "Host configuration finished. Have fun!"
diff -ruN --exclude CVS ssh-openbsd-2002030700/contrib/cygwin/ssh-user-config openssh-3.1p1/contrib/cygwin/ssh-user-config
--- ssh-openbsd-2002030700/contrib/cygwin/ssh-user-config	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/contrib/cygwin/ssh-user-config	Fri Jan 19 16:37:32 2001
@@ -0,0 +1,200 @@
+#!/bin/sh
+#
+# ssh-user-config, Copyright 2000, Red Hat Inc.
+#
+# This file is part of the Cygwin port of OpenSSH.
+
+progname=$0
+auto_answer=""
+auto_passphrase="no"
+passphrase=""
+
+request()
+{
+  if [ "${auto_answer}" = "yes" ]
+  then
+    return 0
+  elif [ "${auto_answer}" = "no" ]
+  then
+    return 1
+  fi
+
+  answer=""
+  while [ "X${answer}" != "Xyes" -a "X${answer}" != "Xno" ]
+  do
+    echo -n "$1 (yes/no) "
+    read answer
+  done
+  if [ "X${answer}" = "Xyes" ]
+  then
+    return 0
+  else
+    return 1
+  fi
+}
+
+# Check options
+
+while :
+do
+  case $# in
+  0)
+    break
+    ;;
+  esac
+
+  option=$1
+  shift
+
+  case "$option" in
+  -d | --debug )
+    set -x
+    ;;
+
+  -y | --yes )
+    auto_answer=yes
+    ;;
+
+  -n | --no )
+    auto_answer=no
+    ;;
+
+  -p | --passphrase )
+    with_passphrase="yes"
+    passphrase=$1
+    shift
+    ;;
+
+  *)
+    echo "usage: ${progname} [OPTION]..."
+    echo
+    echo "This script creates an OpenSSH user configuration."
+    echo
+    echo "Options:"
+    echo "    --debug      -d        Enable shell's debug output."
+    echo "    --yes        -y        Answer all questions with \"yes\" automatically."
+    echo "    --no         -n        Answer all questions with \"no\" automatically."
+    echo "    --passphrase -p word   Use \"word\" as passphrase automatically."
+    echo
+    exit 1
+    ;;
+
+  esac
+done
+
+# Ask user if user identity should be generated
+
+if [ ! -f /etc/passwd ]
+then
+  echo '/etc/passwd is nonexistant. Please generate an /etc/passwd file'
+  echo 'first using mkpasswd. Check if it contains an entry for you and'
+  echo 'please care for the home directory in your entry as well.'
+  exit 1
+fi
+
+uid=`id -u`
+pwdhome=`awk -F: '{ if ( $3 == '${uid}' ) print $6; }' < /etc/passwd`
+
+if [ "X${pwdhome}" = "X" ]
+then
+  echo 'There is no home directory set for you in /etc/passwd.'
+  echo 'Setting $HOME is not sufficient!'
+  exit 1
+fi
+
+if [ ! -d "${pwdhome}" ]
+then
+  echo "${pwdhome} is set in /etc/passwd as your home directory"
+  echo 'but it is not a valid directory. Cannot create user identity files.'
+  exit 1
+fi
+
+# If home is the root dir, set home to empty string to avoid error messages
+# in subsequent parts of that script.
+if [ "X${pwdhome}" = "X/" ]
+then
+  # But first raise a warning!
+  echo 'Your home directory in /etc/passwd is set to root (/). This is not recommended!'
+  if request "Would you like to proceed anyway?"
+  then
+    pwdhome=''
+  else
+    exit 1
+  fi
+fi
+
+if [ -e "${pwdhome}/.ssh" -a ! -d "${pwdhome}/.ssh" ]
+then
+  echo "${pwdhome}/.ssh is existant but not a directory. Cannot create user identity files."
+  exit 1
+fi
+
+if [ ! -e "${pwdhome}/.ssh" ]
+then
+  mkdir "${pwdhome}/.ssh"
+  if [ ! -e "${pwdhome}/.ssh" ]
+  then
+    echo "Creating users ${pwdhome}/.ssh directory failed"
+    exit 1
+  fi
+fi
+
+if [ ! -f "${pwdhome}/.ssh/identity" ]
+then
+  if request "Shall I create an SSH1 RSA identity file for you?"
+  then
+    echo "Generating ${pwdhome}/.ssh/identity"
+    if [ "${with_passphrase}" = "yes" ]
+    then
+      ssh-keygen -t rsa1 -N "${passphrase}" -f "${pwdhome}/.ssh/identity" > /dev/null
+    else
+      ssh-keygen -t rsa1 -f "${pwdhome}/.ssh/identity" > /dev/null
+    fi
+    if request "Do you want to use this identity to login to this machine?"
+    then
+      echo "Adding to ${pwdhome}/.ssh/authorized_keys"
+      cat "${pwdhome}/.ssh/identity.pub" >> "${pwdhome}/.ssh/authorized_keys"
+    fi
+  fi
+fi
+
+if [ ! -f "${pwdhome}/.ssh/id_rsa" ]
+then
+  if request "Shall I create an SSH2 RSA identity file for you? (yes/no) "
+  then
+    echo "Generating ${pwdhome}/.ssh/id_rsa"
+    if [ "${with_passphrase}" = "yes" ]
+    then
+      ssh-keygen -t rsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_rsa" > /dev/null
+    else
+      ssh-keygen -t rsa -f "${pwdhome}/.ssh/id_rsa" > /dev/null
+    fi
+    if request "Do you want to use this identity to login to this machine?"
+    then
+      echo "Adding to ${pwdhome}/.ssh/authorized_keys2"
+      cat "${pwdhome}/.ssh/id_rsa.pub" >> "${pwdhome}/.ssh/authorized_keys2"
+    fi
+  fi
+fi
+
+if [ ! -f "${pwdhome}/.ssh/id_dsa" ]
+then
+  if request "Shall I create an SSH2 DSA identity file for you? (yes/no) "
+  then
+    echo "Generating ${pwdhome}/.ssh/id_dsa"
+    if [ "${with_passphrase}" = "yes" ]
+    then
+      ssh-keygen -t dsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_dsa" > /dev/null
+    else
+      ssh-keygen -t dsa -f "${pwdhome}/.ssh/id_dsa" > /dev/null
+    fi
+    if request "Do you want to use this identity to login to this machine?"
+    then
+      echo "Adding to ${pwdhome}/.ssh/authorized_keys2"
+      cat "${pwdhome}/.ssh/id_dsa.pub" >> "${pwdhome}/.ssh/authorized_keys2"
+    fi
+  fi
+fi
+
+echo
+echo "Configuration finished. Have fun!"
diff -ruN --exclude CVS ssh-openbsd-2002030700/contrib/gnome-ssh-askpass.c openssh-3.1p1/contrib/gnome-ssh-askpass.c
--- ssh-openbsd-2002030700/contrib/gnome-ssh-askpass.c	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/contrib/gnome-ssh-askpass.c	Fri Jan 25 00:59:26 2002
@@ -0,0 +1,168 @@
+/*
+ * Copyright (c) 2000-2002 Damien Miller.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * This is a simple GNOME SSH passphrase grabber. To use it, set the 
+ * environment variable SSH_ASKPASS to point to the location of 
+ * gnome-ssh-askpass before calling "ssh-add < /dev/null". 
+ *
+ * There is only two run-time options: if you set the environment variable
+ * "GNOME_SSH_ASKPASS_GRAB_SERVER=true" then gnome-ssh-askpass will grab
+ * the X server. If you set "GNOME_SSH_ASKPASS_GRAB_POINTER=true", then the 
+ * pointer will be grabbed too. These may have some benefit to security if 
+ * you don't trust your X server. We grab the keyboard always.
+ */
+
+/*
+ * Compile with:
+ *
+ * cc `gnome-config --cflags gnome gnomeui` \
+ *    gnome-ssh-askpass.c -o gnome-ssh-askpass \
+ *    `gnome-config --libs gnome gnomeui`
+ *
+ */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <gnome.h>
+#include <X11/Xlib.h>
+#include <gdk/gdkx.h>
+
+void
+report_failed_grab (void)
+{
+	GtkWidget *err;
+
+	err = gnome_message_box_new("Could not grab keyboard or mouse.\n"
+		"A malicious client may be eavesdropping on your session.",
+				    GNOME_MESSAGE_BOX_ERROR, "EXIT", NULL);
+	gtk_window_set_position(GTK_WINDOW(err), GTK_WIN_POS_CENTER);
+	gtk_object_set(GTK_OBJECT(err), "type", GTK_WINDOW_POPUP, NULL);
+
+	gnome_dialog_run_and_close(GNOME_DIALOG(err));
+}
+
+void
+passphrase_dialog(char *message)
+{
+	char *passphrase;
+	char **messages;
+	int result, i, grab_server, grab_pointer;
+	GtkWidget *dialog, *entry, *label;
+
+	grab_server = (getenv("GNOME_SSH_ASKPASS_GRAB_SERVER") != NULL);
+	grab_pointer = (getenv("GNOME_SSH_ASKPASS_GRAB_POINTER") != NULL);
+
+	dialog = gnome_dialog_new("OpenSSH", GNOME_STOCK_BUTTON_OK,
+	    GNOME_STOCK_BUTTON_CANCEL, NULL);
+
+	messages = g_strsplit(message, "\\n", 0);
+	if (messages)
+		for(i = 0; messages[i]; i++) {
+			label = gtk_label_new(messages[i]);
+			gtk_box_pack_start(GTK_BOX(GNOME_DIALOG(dialog)->vbox),
+			    label, FALSE, FALSE, 0);
+		}
+
+	entry = gtk_entry_new();
+	gtk_box_pack_start(GTK_BOX(GNOME_DIALOG(dialog)->vbox), entry, FALSE, 
+	    FALSE, 0);
+	gtk_entry_set_visibility(GTK_ENTRY(entry), FALSE);
+	gtk_widget_grab_focus(entry);
+
+	/* Center window and prepare for grab */
+	gtk_object_set(GTK_OBJECT(dialog), "type", GTK_WINDOW_POPUP, NULL);
+	gnome_dialog_set_default(GNOME_DIALOG(dialog), 0);
+	gtk_window_set_position (GTK_WINDOW(dialog), GTK_WIN_POS_CENTER);
+	gtk_window_set_policy(GTK_WINDOW(dialog), FALSE, FALSE, TRUE);
+	gnome_dialog_close_hides(GNOME_DIALOG(dialog), TRUE);
+	gtk_container_set_border_width(GTK_CONTAINER(GNOME_DIALOG(dialog)->vbox),
+	    GNOME_PAD);
+	gtk_widget_show_all(dialog);
+
+	/* Grab focus */
+	if (grab_server)
+		XGrabServer(GDK_DISPLAY());
+	if (grab_pointer && gdk_pointer_grab(dialog->window, TRUE, 0, 
+	    NULL, NULL, GDK_CURRENT_TIME))
+		goto nograb;
+	if (gdk_keyboard_grab(dialog->window, FALSE, GDK_CURRENT_TIME))
+		goto nograbkb;
+
+	/* Make <enter> close dialog */
+	gnome_dialog_editable_enters(GNOME_DIALOG(dialog), GTK_EDITABLE(entry));
+
+	/* Run dialog */
+	result = gnome_dialog_run(GNOME_DIALOG(dialog));
+
+	/* Ungrab */
+	if (grab_server)
+		XUngrabServer(GDK_DISPLAY());
+	if (grab_pointer)
+		gdk_pointer_ungrab(GDK_CURRENT_TIME);
+	gdk_keyboard_ungrab(GDK_CURRENT_TIME);
+	gdk_flush();
+
+	/* Report passphrase if user selected OK */
+	passphrase = gtk_entry_get_text(GTK_ENTRY(entry));
+	if (result == 0)
+		puts(passphrase);
+		
+	/* Zero passphrase in memory */
+	memset(passphrase, '\0', strlen(passphrase));
+	gtk_entry_set_text(GTK_ENTRY(entry), passphrase);
+			
+	gnome_dialog_close(GNOME_DIALOG(dialog));
+	return;
+
+	/* At least one grab failed - ungrab what we got, and report
+	   the failure to the user.  Note that XGrabServer() cannot
+	   fail.  */
+ nograbkb:
+	gdk_pointer_ungrab(GDK_CURRENT_TIME);
+ nograb:
+	if (grab_server)
+		XUngrabServer(GDK_DISPLAY());
+	gnome_dialog_close(GNOME_DIALOG(dialog));
+	
+	report_failed_grab();
+}
+
+int
+main(int argc, char **argv)
+{
+	char *message;
+	
+	gnome_init("GNOME ssh-askpass", "0.1", argc, argv);
+
+	if (argc == 2)
+		message = argv[1];
+	else
+		message = "Enter your OpenSSH passphrase:";
+
+	setvbuf(stdout, 0, _IONBF, 0);
+	passphrase_dialog(message);
+	return 0;
+}
diff -ruN --exclude CVS ssh-openbsd-2002030700/contrib/hpux/README openssh-3.1p1/contrib/hpux/README
--- ssh-openbsd-2002030700/contrib/hpux/README	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/contrib/hpux/README	Tue Dec 12 11:08:12 2000
@@ -0,0 +1,45 @@
+README for OpenSSH HP-UX contrib files
+Kevin Steves <stevesk@pobox.com>
+
+sshd:		configuration file for sshd.rc
+sshd.rc:	SSH startup script
+egd:		configuration file for egd.rc
+egd.rc:		EGD (entropy gathering daemon) startup script
+
+To install:
+
+sshd.rc:
+
+o Verify paths in sshd.rc match your local installation
+  (WHAT_PATH and WHAT_PID)
+o Customize sshd if needed (SSHD_ARGS)
+o Install:
+
+  # cp sshd /etc/rc.config.d
+  # chmod 444 /etc/rc.config.d/sshd
+  # cp sshd.rc /sbin/init.d
+  # chmod 555 /sbin/init.d/sshd.rc
+  # ln -s /sbin/init.d/sshd.rc /sbin/rc1.d/K100sshd
+  # ln -s /sbin/init.d/sshd.rc /sbin/rc2.d/S900sshd
+
+egd.rc:
+
+o Verify egd.pl path in egd.rc matches your local installation
+  (WHAT_PATH)
+o Customize egd if needed (EGD_ARGS and EGD_LOG)
+o Add pseudo account:
+
+  # groupadd egd
+  # useradd -g egd egd
+  # mkdir -p /etc/opt/egd
+  # chown egd:egd /etc/opt/egd
+  # chmod 711 /etc/opt/egd
+
+o Install:
+
+  # cp egd /etc/rc.config.d
+  # chmod 444 /etc/rc.config.d/egd
+  # cp egd.rc /sbin/init.d
+  # chmod 555 /sbin/init.d/egd.rc
+  # ln -s /sbin/init.d/egd.rc /sbin/rc1.d/K600egd
+  # ln -s /sbin/init.d/egd.rc /sbin/rc2.d/S400egd
diff -ruN --exclude CVS ssh-openbsd-2002030700/contrib/hpux/egd openssh-3.1p1/contrib/hpux/egd
--- ssh-openbsd-2002030700/contrib/hpux/egd	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/contrib/hpux/egd	Thu Oct 19 00:45:40 2000
@@ -0,0 +1,15 @@
+# EGD_START:		Set to 1 to start entropy gathering daemon
+# EGD_ARGS:		Command line arguments to pass to egd
+# EGD_LOG:		EGD stdout and stderr log file (default /etc/opt/egd/egd.log)
+#
+# To configure the egd environment:
+
+# groupadd egd
+# useradd -g egd egd
+# mkdir -p /etc/opt/egd
+# chown egd:egd /etc/opt/egd
+# chmod 711 /etc/opt/egd
+
+EGD_START=1
+EGD_ARGS='/etc/opt/egd/entropy'
+EGD_LOG=
diff -ruN --exclude CVS ssh-openbsd-2002030700/contrib/hpux/egd.rc openssh-3.1p1/contrib/hpux/egd.rc
--- ssh-openbsd-2002030700/contrib/hpux/egd.rc	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/contrib/hpux/egd.rc	Thu Oct 19 00:45:40 2000
@@ -0,0 +1,98 @@
+#!/sbin/sh
+
+#
+# egd.rc: EGD start-up and shutdown script
+#
+
+# Allowed exit values:
+#       0 = success; causes "OK" to show up in checklist.
+#       1 = failure; causes "FAIL" to show up in checklist.
+#       2 = skip; causes "N/A" to show up in the checklist.
+#           Use this value if execution of this script is overridden
+#           by the use of a control variable, or if this script is not
+#           appropriate to execute for some other reason.
+#       3 = reboot; causes the system to be rebooted after execution.
+
+# Input and output:
+#       stdin is redirected from /dev/null
+#
+#       stdout and stderr are redirected to the /etc/rc.log file
+#       during checklist mode, or to the console in raw mode.
+
+umask 022
+
+PATH=/usr/sbin:/usr/bin:/sbin
+export PATH
+
+WHAT='EGD (entropy gathering daemon)'
+WHAT_PATH=/opt/perl/bin/egd.pl
+WHAT_CONFIG=/etc/rc.config.d/egd
+WHAT_LOG=/etc/opt/egd/egd.log
+
+# NOTE: If your script executes in run state 0 or state 1, then /usr might
+#       not be available.  Do not attempt to access commands or files in
+#       /usr unless your script executes in run state 2 or greater.  Other
+#       file systems typically not mounted until run state 2 include /var
+#       and /opt.
+
+rval=0
+
+# Check the exit value of a command run by this script.  If non-zero, the
+# exit code is echoed to the log file and the return value of this script
+# is set to indicate failure.
+
+set_return() {
+	x=$?
+	if [ $x -ne 0 ]; then
+		echo "EXIT CODE: $x"
+		rval=1	# script FAILed
+	fi
+}
+
+case $1 in
+'start_msg')
+	echo "Starting $WHAT"
+	;;
+
+'stop_msg')
+	echo "Stopping $WHAT"
+	;;
+
+'start')
+	if [ -f $WHAT_CONFIG ] ; then
+		. $WHAT_CONFIG
+	else
+		echo "ERROR: $WHAT_CONFIG defaults file MISSING"
+	fi
+	
+
+	if [ "$EGD_START" -eq 1 -a -x $WHAT_PATH ]; then
+		EGD_LOG=${EGD_LOG:-$WHAT_LOG}
+		su egd -c "nohup $WHAT_PATH $EGD_ARGS >$EGD_LOG 2>&1" &&
+			echo $WHAT started
+		set_return
+	else
+		rval=2
+	fi
+	;;
+
+'stop')
+	pid=`ps -fuegd | awk '$1 == "egd" { print $2 }'`
+	if [ "X$pid" != "X" ]; then
+		if kill "$pid"; then
+			echo "$WHAT stopped"
+		else
+			rval=1
+			echo "Unable to stop $WHAT"
+		fi
+	fi
+	set_return
+	;;
+
+*)
+	echo "usage: $0 {start|stop|start_msg|stop_msg}"
+	rval=1
+	;;
+esac
+
+exit $rval
diff -ruN --exclude CVS ssh-openbsd-2002030700/contrib/hpux/sshd openssh-3.1p1/contrib/hpux/sshd
--- ssh-openbsd-2002030700/contrib/hpux/sshd	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/contrib/hpux/sshd	Sat Sep 16 15:39:57 2000
@@ -0,0 +1,5 @@
+# SSHD_START:		Set to 1 to start SSH daemon
+# SSHD_ARGS:		Command line arguments to pass to sshd
+#
+SSHD_START=1
+SSHD_ARGS=
diff -ruN --exclude CVS ssh-openbsd-2002030700/contrib/hpux/sshd.rc openssh-3.1p1/contrib/hpux/sshd.rc
--- ssh-openbsd-2002030700/contrib/hpux/sshd.rc	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/contrib/hpux/sshd.rc	Sat Sep 16 15:39:57 2000
@@ -0,0 +1,90 @@
+#!/sbin/sh
+
+#
+# sshd.rc: SSH daemon start-up and shutdown script
+#
+
+# Allowed exit values:
+#	0 = success; causes "OK" to show up in checklist.
+#	1 = failure; causes "FAIL" to show up in checklist.
+#	2 = skip; causes "N/A" to show up in the checklist.
+#           Use this value if execution of this script is overridden
+#	    by the use of a control variable, or if this script is not
+#	    appropriate to execute for some other reason.
+#       3 = reboot; causes the system to be rebooted after execution.
+
+# Input and output:
+#	stdin is redirected from /dev/null
+#
+#	stdout and stderr are redirected to the /etc/rc.log file
+#	during checklist mode, or to the console in raw mode.
+
+PATH=/usr/sbin:/usr/bin:/sbin
+export PATH
+
+WHAT='OpenSSH'
+WHAT_PATH=/opt/openssh/sbin/sshd
+WHAT_PID=/var/run/sshd.pid
+WHAT_CONFIG=/etc/rc.config.d/sshd
+
+# NOTE: If your script executes in run state 0 or state 1, then /usr might
+#	not be available.  Do not attempt to access commands or files in
+#	/usr unless your script executes in run state 2 or greater.  Other
+#	file systems typically not mounted until run state 2 include /var
+#	and /opt.
+
+rval=0
+
+# Check the exit value of a command run by this script.  If non-zero, the
+# exit code is echoed to the log file and the return value of this script
+# is set to indicate failure.
+
+set_return() {
+	x=$?
+	if [ $x -ne 0 ]; then
+		echo "EXIT CODE: $x"
+		rval=1	# script FAILed
+	fi
+}
+
+case $1 in
+'start_msg')
+	echo "Starting $WHAT"
+	;;
+
+'stop_msg')
+	echo "Stopping $WHAT"
+	;;
+
+'start')
+	if [ -f $WHAT_CONFIG ] ; then
+		. $WHAT_CONFIG
+	else
+		echo "ERROR: $WHAT_CONFIG defaults file MISSING"
+	fi
+	
+	if [ "$SSHD_START" -eq 1 -a -x "$WHAT_PATH" ]; then
+		$WHAT_PATH $SSHD_ARGS && echo "$WHAT started"
+		set_return
+	else
+		rval=2
+	fi
+	;;
+
+'stop')
+	if kill `cat $WHAT_PID`; then
+		echo "$WHAT stopped"
+	else
+		rval=1
+		echo "Unable to stop $WHAT"
+	fi
+	set_return
+	;;
+
+*)
+	echo "usage: $0 {start|stop|start_msg|stop_msg}"
+	rval=1
+	;;
+esac
+
+exit $rval
diff -ruN --exclude CVS ssh-openbsd-2002030700/contrib/redhat/openssh.spec openssh-3.1p1/contrib/redhat/openssh.spec
--- ssh-openbsd-2002030700/contrib/redhat/openssh.spec	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/contrib/redhat/openssh.spec	Thu Mar  7 13:04:38 2002
@@ -0,0 +1,335 @@
+# Version of OpenSSH
+%define oversion 3.1p1
+
+# Version of ssh-askpass
+%define aversion 1.2.4.1
+
+# Do we want to disable building of x11-askpass? (1=yes 0=no)
+%define no_x11_askpass 0
+
+# Do we want to disable building of gnome-askpass? (1=yes 0=no)
+%define no_gnome_askpass 0
+
+# Do we want to link against a static libcrypto? (1=yes 0=no)
+%define static_libcrypto 0
+
+# Do we want smartcard support (1=yes 0=no)
+%define scard 0
+
+# Use Redhat 7.0 pam control file
+%define redhat7 0
+
+# Disable IPv6 (avoids DNS hangs on some glibc versions)
+%define noip6 0
+
+# Reserve options to override askpass settings with:
+# rpm -ba|--rebuild --define 'skip_xxx 1'
+%{?skip_x11_askpass:%define no_x11_askpass 1}
+%{?skip_gnome_askpass:%define no_gnome_askpass 1}
+
+# Options for Redhat version:
+# rpm -ba|--rebuild --define "rh7 1"
+%{?rh7:%define redhat7 1}
+
+# Options for static OpenSSL link:
+# rpm -ba|--rebuild --define "static_openssl 1"
+%{?static_openssl:%define static_libcrypto 1}
+
+# Options for Smartcard support: (needs libsectok and openssl-engine)
+# rpm -ba|--rebuild --define "smartcard 1"
+%{?smartcard:%define scard 1}
+
+# Option to disable ipv6
+# rpm -ba|--rebuild --define "noipv6 1"
+%{?noipv6:%define noip6 1}
+
+%define exact_openssl_version   %(rpm -q openssl | cut -d - -f 2)
+
+Summary: The OpenSSH implementation of SSH protocol versions 1 and 2
+Name: openssh
+Version: %{oversion}
+Release: 1
+Packager: Damien Miller <djm@mindrot.org>
+URL: http://www.openssh.com/portable.html
+Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{oversion}.tar.gz
+%if ! %{no_x11_askpass}
+Source1: http://www.pobox.com/~jmknoble/software/x11-ssh-askpass/x11-ssh-askpass-%{aversion}.tar.gz
+%endif
+License: BSD
+Group: Applications/Internet
+BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot
+Obsoletes: ssh
+BuildPreReq: perl, openssl-devel, tcp_wrappers
+BuildPreReq: /bin/login, /usr/include/security/pam_appl.h
+BuildPreReq: rpm >= 3.0.5
+%if ! %{no_x11_askpass}
+BuildPreReq: XFree86-devel
+%endif
+%if ! %{no_gnome_askpass}
+BuildPreReq: gnome-libs-devel
+%endif
+%if ! %{static_libcrypto}
+PreReq: openssl >= 0.9.5a
+PreReq: openssl = %{exact_openssl_version}
+Requires: openssl >= 0.9.5a
+%endif
+Requires: rpm >= 3.0.5
+
+%package clients
+Summary: OpenSSH clients.
+Requires: openssh = %{version}-%{release}
+Group: Applications/Internet
+Obsoletes: ssh-clients
+
+%package server
+Summary: The OpenSSH server daemon.
+Group: System Environment/Daemons
+Obsoletes: ssh-server
+PreReq: openssh = %{version}-%{release}, chkconfig >= 0.9
+%if %{redhat7}
+Requires: /etc/pam.d/system-auth
+%endif
+
+%package askpass
+Summary: A passphrase dialog for OpenSSH and X.
+Group: Applications/Internet
+Requires: openssh = %{version}-%{release}
+Obsoletes: ssh-extras
+
+%package askpass-gnome
+Summary: A passphrase dialog for OpenSSH, X, and GNOME.
+Group: Applications/Internet
+Requires: openssh = %{version}-%{release}
+Obsoletes: ssh-extras
+
+%description
+OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. SSH
+replaces rlogin and rsh, to provide secure encrypted communications
+between two untrusted hosts over an insecure network. X11 connections
+and arbitrary TCP/IP ports can also be forwarded over the secure
+channel. Public key authentication may be used for "passwordless"
+access to servers.
+
+This package includes the core files necessary for both the OpenSSH
+client and server. To make this package useful, you should also
+install openssh-clients, openssh-server, or both.
+
+%description clients
+OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation.
+
+This package includes the clients necessary to make encrypted
+connections to SSH protocol servers.  You'll also need to install the
+openssh package on OpenSSH clients.
+
+%description server
+OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation.
+
+This package contains the secure shell daemon (sshd). The sshd daemon
+allows SSH clients to securely connect to your SSH server. You also
+need to have the openssh package installed.
+
+%description askpass
+OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation.
+
+This package contains an X11 passphrase dialog for OpenSSH.
+
+%description askpass-gnome
+OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation.
+
+This package contains an X11 passphrase dialog for OpenSSH and the
+GNOME GUI desktop environment.
+
+%prep
+
+%if ! %{no_x11_askpass}
+%setup -q -a 1
+%else
+%setup -q
+%endif
+
+%build
+
+%define _sysconfdir /etc/ssh
+
+EXTRA_OPTS=""
+
+%if %{scard}
+	EXTRA_OPTS="$EXTRA_OPTS --with-smartcard"
+%endif
+
+%if %{noip6}
+	EXTRA_OPTS="$EXTRA_OPTS --with-ipv4-default "
+%endif
+
+%configure \
+	--libexecdir=%{_libexecdir}/openssh \
+	--datadir=%{_datadir}/openssh \
+	--with-pam \
+	--with-tcp-wrappers \
+	--with-rsh=/usr/bin/rsh \
+	--with-default-path=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin \
+	$EXTRA_OPTS
+
+%if %{static_libcrypto}
+perl -pi -e "s|-lcrypto|/usr/lib/libcrypto.a|g" Makefile
+%endif
+
+make
+
+%if ! %{no_x11_askpass}
+pushd x11-ssh-askpass-%{aversion}
+%configure \
+        --libexecdir=%{_libexecdir}/openssh
+xmkmf -a
+make
+popd
+%endif
+
+%if ! %{no_gnome_askpass}
+pushd contrib
+gcc -O -g `gnome-config --cflags gnome gnomeui` \
+        gnome-ssh-askpass.c -o gnome-ssh-askpass \
+        `gnome-config --libs gnome gnomeui`
+popd
+%endif
+
+%install
+rm -rf $RPM_BUILD_ROOT
+%{makeinstall} \
+	libexecdir=$RPM_BUILD_ROOT%{_libexecdir}/openssh \
+	datadir=$RPM_BUILD_ROOT%{_datadir}/openssh \
+	DESTDIR=/ # Hack to disable key generation
+
+
+install -d $RPM_BUILD_ROOT/etc/pam.d/
+install -d $RPM_BUILD_ROOT/etc/rc.d/init.d
+install -d $RPM_BUILD_ROOT%{_libexecdir}/openssh
+%if %{redhat7}
+install -m644 contrib/redhat/sshd.pam-7.x $RPM_BUILD_ROOT/etc/pam.d/sshd
+%else
+install -m644 contrib/redhat/sshd.pam $RPM_BUILD_ROOT/etc/pam.d/sshd
+%endif
+install -m755 contrib/redhat/sshd.init $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd
+
+%if ! %{no_x11_askpass}
+install -s x11-ssh-askpass-%{aversion}/x11-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/x11-ssh-askpass
+ln -s /usr/libexec/openssh/x11-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/ssh-askpass
+%endif
+
+%if ! %{no_gnome_askpass}
+install -s contrib/gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/gnome-ssh-askpass
+%endif
+
+perl -pi -e "s|$RPM_BUILD_ROOT||g" $RPM_BUILD_ROOT%{_mandir}/man*/*
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%post server
+/sbin/chkconfig --add sshd
+if test -r /var/run/sshd.pid ; then
+	/etc/rc.d/init.d/sshd restart >&2
+fi
+
+%preun server
+if [ "$1" = 0 ] ; then
+	/etc/rc.d/init.d/sshd stop >&2
+	/sbin/chkconfig --del sshd
+fi
+
+%files
+%defattr(-,root,root)
+%doc CREDITS ChangeLog INSTALL LICENCE OVERVIEW README* RFC* TODO WARNING*
+%attr(0755,root,root) %{_bindir}/ssh-keygen
+%attr(0755,root,root) %{_bindir}/scp
+%attr(0644,root,root) %{_mandir}/man1/ssh-keygen.1*
+%attr(0644,root,root) %{_mandir}/man1/scp.1*
+%attr(0755,root,root) %dir %{_sysconfdir}
+%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/moduli
+%attr(0755,root,root) %dir %{_libexecdir}/openssh
+%if %{scard}
+%attr(0755,root,root) %dir %{_datadir}/openssh
+%attr(0644,root,root) %{_datadir}/openssh/Ssh.bin
+%endif
+
+%files clients
+%defattr(-,root,root)
+%attr(4755,root,root) %{_bindir}/ssh
+%attr(0755,root,root) %{_bindir}/ssh-agent
+%attr(0755,root,root) %{_bindir}/ssh-add
+%attr(0755,root,root) %{_bindir}/ssh-keyscan
+%attr(0755,root,root) %{_bindir}/sftp
+%attr(0644,root,root) %{_mandir}/man1/ssh.1*
+%attr(0644,root,root) %{_mandir}/man1/ssh-agent.1*
+%attr(0644,root,root) %{_mandir}/man1/ssh-add.1*
+%attr(0644,root,root) %{_mandir}/man1/ssh-keyscan.1*
+%attr(0644,root,root) %{_mandir}/man1/sftp.1*
+%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh_config
+%attr(-,root,root) %{_bindir}/slogin
+%attr(-,root,root) %{_mandir}/man1/slogin.1*
+
+%files server
+%defattr(-,root,root)
+%attr(0755,root,root) %{_sbindir}/sshd
+%attr(0755,root,root) %{_libexecdir}/openssh/sftp-server
+%attr(0644,root,root) %{_mandir}/man8/sshd.8*
+%attr(0644,root,root) %{_mandir}/man8/sftp-server.8*
+#%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/sshd_config
+%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/sshd_config
+%attr(0600,root,root) %config(noreplace) /etc/pam.d/sshd
+%attr(0755,root,root) %config /etc/rc.d/init.d/sshd
+
+%if ! %{no_x11_askpass}
+%files askpass
+%defattr(-,root,root)
+%doc x11-ssh-askpass-%{aversion}/README
+%doc x11-ssh-askpass-%{aversion}/ChangeLog
+%doc x11-ssh-askpass-%{aversion}/SshAskpass*.ad
+%attr(0755,root,root) %{_libexecdir}/openssh/ssh-askpass
+%attr(0755,root,root) %{_libexecdir}/openssh/x11-ssh-askpass
+%endif
+
+%if ! %{no_gnome_askpass}
+%files askpass-gnome
+%defattr(-,root,root)
+%attr(0755,root,root) %{_libexecdir}/openssh/gnome-ssh-askpass
+%endif
+
+%changelog
+* Mon Oct 18 2000 Damien Miller <djm@mindrot.org>
+- Merge some of Nalin Dahyabhai <nalin@redhat.com> changes from the 
+  Redhat 7.0 spec file
+* Tue Sep 05 2000 Damien Miller <djm@mindrot.org>
+- Use RPM configure macro
+* Tue Aug 08 2000 Damien Miller <djm@mindrot.org>
+- Some surgery to sshd.init (generate keys at runtime)
+- Cleanup of groups and removal of keygen calls
+* Wed Jul 12 2000 Damien Miller <djm@mindrot.org>
+- Make building of X11-askpass and gnome-askpass optional
+* Mon Jun 12 2000 Damien Miller <djm@mindrot.org>
+- Glob manpages to catch compressed files
+* Wed Mar 15 2000 Damien Miller <djm@ibs.com.au>
+- Updated for new location
+- Updated for new gnome-ssh-askpass build
+* Sun Dec 26 1999 Damien Miller <djm@mindrot.org>
+- Added Jim Knoble's <jmknoble@pobox.com> askpass
+* Mon Nov 15 1999 Damien Miller <djm@mindrot.org>
+- Split subpackages further based on patch from jim knoble <jmknoble@pobox.com>
+* Sat Nov 13 1999 Damien Miller <djm@mindrot.org>
+- Added 'Obsoletes' directives
+* Tue Nov 09 1999 Damien Miller <djm@ibs.com.au>
+- Use make install
+- Subpackages
+* Mon Nov 08 1999 Damien Miller <djm@ibs.com.au>
+- Added links for slogin
+- Fixed perms on manpages
+* Sat Oct 30 1999 Damien Miller <djm@ibs.com.au>
+- Renamed init script
+* Fri Oct 29 1999 Damien Miller <djm@ibs.com.au>
+- Back to old binary names
+* Thu Oct 28 1999 Damien Miller <djm@ibs.com.au>
+- Use autoconf
+- New binary names
+* Wed Oct 27 1999 Damien Miller <djm@ibs.com.au>
+- Initial RPMification, based on Jan "Yenya" Kasprzak's <kas@fi.muni.cz> spec.
+
diff -ruN --exclude CVS ssh-openbsd-2002030700/contrib/redhat/sshd.init openssh-3.1p1/contrib/redhat/sshd.init
--- ssh-openbsd-2002030700/contrib/redhat/sshd.init	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/contrib/redhat/sshd.init	Sat Sep 15 21:03:11 2001
@@ -0,0 +1,163 @@
+#!/bin/bash
+
+# Init file for OpenSSH server daemon
+#
+# chkconfig: 2345 55 25
+# description: OpenSSH server daemon
+#
+# processname: sshd
+# config: /etc/ssh/ssh_host_key
+# config: /etc/ssh/ssh_host_key.pub
+# config: /etc/ssh/ssh_random_seed
+# config: /etc/ssh/sshd_config
+# pidfile: /var/run/sshd.pid
+
+# source function library
+. /etc/rc.d/init.d/functions
+
+[ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd
+
+RETVAL=0
+
+# Some functions to make the below more readable
+KEYGEN=/usr/bin/ssh-keygen
+RSA1_KEY=/etc/ssh/ssh_host_key
+RSA_KEY=/etc/ssh/ssh_host_rsa_key
+DSA_KEY=/etc/ssh/ssh_host_dsa_key
+PID_FILE=/var/run/sshd.pid
+my_success() {
+  local msg
+  if [ $# -gt 1 ]; then
+    msg="$2"
+  else
+    msg="done"
+  fi
+  case "`type -type success`" in
+    function)
+      success "$1"
+    ;;
+    *)
+      echo -n "${msg}"
+    ;;
+  esac
+}
+my_failure() {
+  local msg
+  if [ $# -gt 1 ]; then
+    msg="$2"
+  else
+    msg="FAILED"
+  fi
+  case "`type -type failure`" in
+    function)
+      failure "$1"
+    ;;
+    *)
+      echo -n "${msg}"
+    ;;
+  esac
+}
+do_rsa1_keygen() {
+	if ! test -f $RSA1_KEY ; then
+		echo -n "Generating SSH1 RSA host key: "
+		if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
+			my_success "RSA1 key generation"
+			echo
+		else
+			my_failure "RSA1 key generation"
+			echo
+			exit 1
+		fi
+	fi
+}
+do_rsa_keygen() {
+	if ! test -f $RSA_KEY ; then
+		echo -n "Generating SSH2 RSA host key: "
+		if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
+			my_success "RSA key generation"
+			echo
+		else
+			my_failure "RSA key generation"
+			echo
+			exit 1
+		fi
+	fi
+}
+do_dsa_keygen() {
+	if ! test -f $DSA_KEY ; then
+		echo -n "Generating SSH2 DSA host key: "
+		if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
+			my_success "DSA key generation"
+			echo
+		else
+			my_failure "DSA key generation"
+			echo
+			exit 1
+		fi
+	fi
+}
+do_restart_sanity_check() {
+	sshd -t
+	RETVAL=$?
+	if [ ! "$RETVAL" = 0 ]; then
+		my_failure "Configuration file or keys"
+		echo
+		exit $RETVAL
+	fi
+}
+
+
+case "$1" in
+	start)
+		# Create keys if necessary
+		do_rsa1_keygen;
+		do_rsa_keygen;
+		do_dsa_keygen;
+		
+		echo -n "Starting sshd: "
+		if [ ! -f $PID_FILE ] ; then
+			sshd $OPTIONS
+			RETVAL=$?
+			if [ "$RETVAL" = "0" ] ; then
+				my_success "sshd startup" "sshd"
+				touch /var/lock/subsys/sshd
+			else
+				my_failure "sshd startup" ""
+			fi
+		fi
+		echo
+		;;
+	stop)
+		echo -n "Shutting down sshd: "
+		if [ -f $PID_FILE ] ; then
+			killproc sshd
+			RETVAL=$?
+			[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/sshd
+		fi
+		echo
+		;;
+	restart)
+		do_restart_sanity_check
+		$0 stop
+		$0 start
+		RETVAL=$?
+		;;
+	condrestart)
+		if [ -f /var/lock/subsys/sshd ] ; then
+			do_restart_sanity_check
+			$0 stop
+			$0 start
+			RETVAL=$?
+		fi
+		;;
+	status)
+		status sshd
+		RETVAL=$?
+		;;
+	*)
+		echo "Usage: sshd {start|stop|restart|status|condrestart}"
+		exit 1
+		;;
+esac
+
+exit $RETVAL
diff -ruN --exclude CVS ssh-openbsd-2002030700/contrib/redhat/sshd.pam openssh-3.1p1/contrib/redhat/sshd.pam
--- ssh-openbsd-2002030700/contrib/redhat/sshd.pam	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/contrib/redhat/sshd.pam	Wed Mar 15 12:25:07 2000
@@ -0,0 +1,8 @@
+#%PAM-1.0
+auth       required     /lib/security/pam_pwdb.so shadow nodelay
+auth       required     /lib/security/pam_nologin.so
+account    required     /lib/security/pam_pwdb.so
+password   required     /lib/security/pam_cracklib.so
+password   required     /lib/security/pam_pwdb.so shadow nullok use_authtok
+session    required     /lib/security/pam_pwdb.so
+session    required     /lib/security/pam_limits.so
diff -ruN --exclude CVS ssh-openbsd-2002030700/contrib/redhat/sshd.pam-7.x openssh-3.1p1/contrib/redhat/sshd.pam-7.x
--- ssh-openbsd-2002030700/contrib/redhat/sshd.pam-7.x	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/contrib/redhat/sshd.pam-7.x	Mon Feb 12 09:34:17 2001
@@ -0,0 +1,8 @@
+#%PAM-1.0
+auth       required     /lib/security/pam_stack.so service=system-auth
+auth       required     /lib/security/pam_nologin.so
+account    required     /lib/security/pam_stack.so service=system-auth
+password   required     /lib/security/pam_stack.so service=system-auth
+session    required     /lib/security/pam_stack.so service=system-auth
+session    required     /lib/security/pam_limits.so
+session    optional     /lib/security/pam_console.so
diff -ruN --exclude CVS ssh-openbsd-2002030700/contrib/solaris/README openssh-3.1p1/contrib/solaris/README
--- ssh-openbsd-2002030700/contrib/solaris/README	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/contrib/solaris/README	Sat Oct 20 06:24:14 2001
@@ -0,0 +1,28 @@
+The following is a new package build script for Solaris.   This is being
+introduced into OpenSSH 3.0 and above in hopes of simplifying the build
+process.  
+
+The build process is called a 'dummy install'.. Which means the software does
+a  "make install-nokeys DESTDIR=[fakeroot]".  This way all manpages should
+be handled correctly and key are defered until the first time the sshd
+is started.
+
+Directions:
+
+1. make -F Makefile.in distprep  (Only if you are getting from the CVS tree)
+2. ./configure --with-pam [..any other options you want..]
+3. cd contrib/solaris; ./buildpkg.sh
+
+If all goes well you should have a solaris package ready to be installed.
+
+If you have any problems with this script please post them to 
+openssh-unix-dev@mindrot.org and I will try to assist you as best as I can.
+
+- Ben Lindstrom
+
+TODO:
+- Expand to cover all sysvr4 family of OSes
+- Clean things up a bit more.  
+- Detect if sshd is running and refuse to start.
+- SHOULD check for existing sshd_config nor ssh_config (does not currently).
+  [Post install script?  Ugh.. Nasty]
diff -ruN --exclude CVS ssh-openbsd-2002030700/contrib/solaris/buildpkg.sh openssh-3.1p1/contrib/solaris/buildpkg.sh
--- ssh-openbsd-2002030700/contrib/solaris/buildpkg.sh	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/contrib/solaris/buildpkg.sh	Sat Oct 20 06:36:24 2001
@@ -0,0 +1,85 @@
+#!/bin/sh
+#
+# Fake Root Solaris Build System - Prototype
+#
+# The following code has been provide under Public Domain License.  I really
+# don't care what you use it for.  Just as long as you don't complain to me
+# nor my employer if you break it. - Ben Lindstrom (mouring@eviladmin.org)
+# 
+umask 022
+PKGNAME=OpenSSH
+
+## Extract common info requires for the 'info' part of the package.
+VERSION=`tail -1 ../../version.h | sed -e 's/.*_\([0-9]\)/\1/g' | sed 's/\"$//'`
+ARCH=`uname -p`
+
+## Start by faking root install 
+echo "Faking root install..."
+START=`pwd`
+FAKE_ROOT=$START/package
+mkdir $FAKE_ROOT
+cd ../..
+make install-nokeys DESTDIR=$FAKE_ROOT
+
+## Fill in some details, like prefix and sysconfdir
+ETCDIR=`grep "^sysconfdir=" Makefile | sed 's/sysconfdir=//'`
+PREFIX=`grep "^prefix=" Makefile | cut -d = -f 2`        
+PIDDIR=`grep "^piddir=" Makefile | cut -d = -f 2`        
+cd $FAKE_ROOT
+
+## Setup our run level stuff while we are at it.
+mkdir -p $FAKE_ROOT/etc/init.d
+mkdir -p $FAKE_ROOT/etc/rcS.d
+mkdir -p $FAKE_ROOT/etc/rc0.d
+mkdir -p $FAKE_ROOT/etc/rc1.d
+mkdir -p $FAKE_ROOT/etc/rc2.d
+
+
+## setup our initscript correctly
+sed -e "s#%%configDir%%#$ETCDIR#g" 		\
+    -e "s#%%openSSHDir%%#$PREFIX#g"	\
+    -e "s#%%pidDir%%#$PIDDIR#g"	\
+	../opensshd.in	> $FAKE_ROOT/etc/init.d/opensshd
+chmod 711 $FAKE_ROOT/etc/init.d/opensshd
+
+ln -s ../init.d/opensshd $FAKE_ROOT/etc/rcS.d/K30opensshd
+ln -s ../init.d/opensshd $FAKE_ROOT/etc/rc0.d/K30opensshd
+ln -s ../init.d/opensshd $FAKE_ROOT/etc/rc1.d/K30opensshd
+ln -s ../init.d/opensshd $FAKE_ROOT/etc/rc2.d/S98opensshd
+
+
+## Ok, this is outright wrong, but it will work.  I'm tired of pkgmk
+## whining.
+for i in *; do
+  PROTO_ARGS="$PROTO_ARGS $i=/$i";
+done
+
+## Build info file
+echo "Building pkginfo file..."
+cat > pkginfo << _EOF
+PKG=$PKGNAME
+NAME=OpenSSH Portable for Solaris
+DESC="Secure Shell remote access utility; replaces telnet and rlogin/rsh."
+VENDOR="OpenSSH Portable Team - http://www.openssh.com/portable.html"
+BASEDIR=$FAKE_ROOT
+ARCH=$ARCH
+VERSION=$VERSION
+CATEGORY=Security
+BASEDIR=/
+_EOF
+
+## Next Build our prototype
+echo "Building prototype file..."
+find . | egrep -v "prototype|pkginfo" | sort | pkgproto $PROTO_ARGS | \
+	awk '
+            BEGIN { print "i pkginfo" }	
+	    { $5="root"; $6="sys"; }
+	    { print; }' > prototype
+
+## Step back a directory and now build the package.
+echo "Building package.."
+cd ..
+pkgmk -d . -f $FAKE_ROOT/prototype -o
+rm -rf $FAKE_ROOT
+echo | pkgtrans -os . $PKGNAME-$ARCH-$VERSION.pkg
+rm -rf $PKGNAME
diff -ruN --exclude CVS ssh-openbsd-2002030700/contrib/solaris/opensshd.in openssh-3.1p1/contrib/solaris/opensshd.in
--- ssh-openbsd-2002030700/contrib/solaris/opensshd.in	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/contrib/solaris/opensshd.in	Sat Oct 20 06:36:24 2001
@@ -0,0 +1,90 @@
+#!/sbin/sh
+# Donated code that was put under PD license.
+#
+# Stripped PRNGd out of it for the time being.
+
+AWK=/usr/bin/awk
+CAT=/usr/bin/cat
+KILL=/usr/bin/kill
+PS=/usr/bin/ps
+XARGS=/usr/bin/xargs
+
+prefix=%%openSSHDir%%
+etcdir=%%configDir%%
+piddir=%%pidDir%%
+
+SSHD=$prefix/sbin/sshd
+PIDFILE=$piddir/sshd.pid
+SSH_KEYGEN=$prefix/bin/ssh-keygen
+HOST_KEY_RSA1=$etcdir/ssh_host_key
+HOST_KEY_DSA=$etcdir/ssh_host_dsa_key
+HOST_KEY_RSA=$etcdir/ssh_host_rsa_key
+
+killproc() {
+   _procname=$1
+   _signal=$2
+   ${PS} -u root | ${AWK} '/'"$_procname"'$/ {print $1}' | ${XARGS} ${KILL}
+}
+
+
+checkkeys() {
+    if [ ! -f $HOST_KEY_RSA1 ]; then
+        ${SSH_KEYGEN} -t rsa1 -f ${HOST_KEY_RSA1} -N ""
+    fi
+    if [ ! -f $HOST_KEY_DSA ]; then
+        ${SSH_KEYGEN} -t dsa -f ${HOST_KEY_DSA} -N ""
+    fi
+    if [ ! -f $HOST_KEY_RSA ]; then
+        ${SSH_KEYGEN} -t rsa -f ${HOST_KEY_RSA} -N ""
+    fi
+}
+
+stop_service() {
+    if [  -r $PIDFILE  -a  ! -z ${PIDFILE}  ]; then
+        PID=`${CAT} ${PIDFILE}`
+    fi
+    if [  ${PID:=0} -gt 1 -a  ! "X$PID" = "X "  ]; then
+        ${KILL} ${PID}
+    else
+        echo "Unable to read PID file, killing using alternate method"
+        killproc sshd TERM
+    fi
+}
+
+start_service() {
+    # XXX We really should check if the service is already going, but
+    # XXX we will opt out at this time. - Bal
+
+    # Check to see if we have keys that need to be made
+    checkkeys
+
+    # Start SSHD
+    echo "starting $SSHD... \c"         ; $SSHD
+
+    sshd_rc=$?
+    if [ $sshd_rc -ne 0 ]; then
+        echo "$0: Error ${sshd_rc} starting ${SSHD}... bailing."
+        exit $sshd_rc
+    fi
+    echo done.
+}
+
+case $1 in
+
+'start')
+    start_service
+    ;;
+
+'stop')
+    stop_service
+    ;;
+
+'restart')
+    stop_service
+    start_service
+    ;;
+
+*)
+    echo "$0:  usage:  $0 {start|stop|restart}"
+    ;;
+esac
diff -ruN --exclude CVS ssh-openbsd-2002030700/contrib/ssh-copy-id openssh-3.1p1/contrib/ssh-copy-id
--- ssh-openbsd-2002030700/contrib/ssh-copy-id	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/contrib/ssh-copy-id	Mon Oct  8 11:54:26 2001
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+# Shell script to install your identity.pub on a remote machine
+# Takes the remote machine name as an argument.
+# Obviously, the remote machine must accept password authentication,
+# or one of the other keys in your ssh-agent, for this to work.
+
+ID_FILE="${HOME}/.ssh/identity.pub"
+
+if [ "-i" = "$1" ]; then
+  shift
+  # check if we have 2 parameters left, if so the first is the new ID file
+  if [ -n "$2" ]; then
+    if expr "$1" : ".*\.pub" ; then
+      ID_FILE="$1"
+    else
+      ID_FILE="$1.pub"
+    fi
+    shift         # and this should leave $1 as the target name
+  fi
+else
+  if [ x$SSH_AUTH_SOCK != x ] ; then
+    GET_ID="$GET_ID ssh-add -L"
+  fi
+fi
+
+if [ -z "`eval $GET_ID`" -a -r "${ID_FILE}" ] ; then
+  GET_ID="cat ${ID_FILE}"
+fi
+
+if [ -z "`eval $GET_ID`" ]; then
+  echo "$0: ERROR: No identities found"
+  exit 1
+fi
+
+{ eval "$GET_ID" ; } | ssh $1 "umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys"
+
+cat <<EOF
+Now try logging into the machine, with "ssh '$1'", and check in:
+
+  .ssh/authorized_keys
+
+to make sure we haven't added extra keys that you weren't expecting.
+
+EOF
diff -ruN --exclude CVS ssh-openbsd-2002030700/contrib/ssh-copy-id.1 openssh-3.1p1/contrib/ssh-copy-id.1
--- ssh-openbsd-2002030700/contrib/ssh-copy-id.1	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/contrib/ssh-copy-id.1	Fri Dec 29 02:46:20 2000
@@ -0,0 +1,67 @@
+.ig \"  -*- nroff -*-
+Copyright (c) 1999 Philip Hands Computing <http://www.hands.com/>
+
+Permission is granted to make and distribute verbatim copies of
+this manual provided the copyright notice and this permission notice
+are preserved on all copies.
+
+Permission is granted to copy and distribute modified versions of this
+manual under the conditions for verbatim copying, provided that the
+entire resulting derived work is distributed under the terms of a
+permission notice identical to this one.
+
+Permission is granted to copy and distribute translations of this
+manual into another language, under the above conditions for modified
+versions, except that this permission notice may be included in
+translations approved by the Free Software Foundation instead of in
+the original English.
+..
+.TH SSH-COPY-ID 1 "14 November 1999" "OpenSSH"
+.SH NAME
+ssh-copy-id \- install your identity.pub in a remote machine's authorized_keys
+.SH SYNOPSIS
+.B ssh-copy-id [-i [identity_file]]
+.I "[user@]machine"
+.br
+.SH DESCRIPTION
+.BR ssh-copy-id
+is a script that uses ssh to log into a remote machine (presumably
+using a login password, so password authentication should be enabled,
+unless you've done some clever use of multiple identities)
+.PP
+It also changes the permissions of the remote user's home,
+.BR ~/.ssh ,
+and
+.B ~/.ssh/authorized_keys
+to remove group writability (which would otherwise prevent you from logging in, if the remote
+.B sshd
+has
+.B StrictModes
+set in its configuration).
+.PP
+If the
+.B -i
+option is given then the identity file (defaults to
+.BR ~/.ssh/identity.pub )
+is used, regardless of whether there are any keys in your
+.BR ssh-agent .
+Otherwise, if this:
+.PP
+.B "      ssh-add -L"
+.PP
+provides any output, it uses that in preference to the identity file.
+.PP
+If the
+.B -i
+option is used, or the
+.B ssh-add
+produced no output, then it uses the contents of the identity
+file.  Once it has one or more fingerprints (by whatever means) it
+uses ssh to append them to
+.B ~/.ssh/authorized_keys
+on the remote machine (creating the file, and directory, if necessary)
+
+.SH "SEE ALSO"
+.BR ssh (1),
+.BR ssh-agent (1),
+.BR sshd (8)
diff -ruN --exclude CVS ssh-openbsd-2002030700/contrib/sshd.pam.freebsd openssh-3.1p1/contrib/sshd.pam.freebsd
--- ssh-openbsd-2002030700/contrib/sshd.pam.freebsd	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/contrib/sshd.pam.freebsd	Wed Mar 15 12:25:06 2000
@@ -0,0 +1,5 @@
+sshd    auth      required  pam_unix.so    try_first_pass
+sshd    account   required  pam_unix.so
+sshd    password  required  pam_permit.so
+sshd    session   required  pam_permit.so
+
diff -ruN --exclude CVS ssh-openbsd-2002030700/contrib/sshd.pam.generic openssh-3.1p1/contrib/sshd.pam.generic
--- ssh-openbsd-2002030700/contrib/sshd.pam.generic	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/contrib/sshd.pam.generic	Wed Mar 15 12:25:06 2000
@@ -0,0 +1,8 @@
+#%PAM-1.0
+auth       required     /lib/security/pam_unix.so shadow nodelay
+auth       required     /lib/security/pam_nologin.so
+account    required     /lib/security/pam_unix.so
+password   required     /lib/security/pam_cracklib.so
+password   required     /lib/security/pam_unix.so shadow nullok use_authtok
+session    required     /lib/security/pam_unix.so
+session    required     /lib/security/pam_limits.so
diff -ruN --exclude CVS ssh-openbsd-2002030700/contrib/suse/openssh.spec openssh-3.1p1/contrib/suse/openssh.spec
--- ssh-openbsd-2002030700/contrib/suse/openssh.spec	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/contrib/suse/openssh.spec	Thu Mar  7 13:04:38 2002
@@ -0,0 +1,199 @@
+Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation
+Name: openssh
+Version: 3.1p1
+URL: http://www.openssh.com/
+Release: 1
+Source0: openssh-%{version}.tar.gz
+Copyright: BSD
+Group: Applications/Internet
+BuildRoot: /tmp/openssh-%{version}-buildroot
+PreReq: openssl
+Obsoletes: ssh
+#
+# (Build[ing] Prereq[uisites] only work for RPM 2.95 and newer.)
+# building prerequisites -- stuff for
+#   OpenSSL (openssl-devel),
+#   TCP Wrappers (nkitb),
+#   and Gnome (glibdev, gtkdev, and gnlibsd)
+#
+BuildPrereq: openssl
+BuildPrereq: nkitb
+BuildPrereq: glibdev
+BuildPrereq: gtkdev
+BuildPrereq: gnlibsd
+
+%description
+Ssh (Secure Shell) a program for logging into a remote machine and for
+executing commands in a remote machine.  It is intended to replace
+rlogin and rsh, and provide secure encrypted communications between
+two untrusted hosts over an insecure network.  X11 connections and
+arbitrary TCP/IP ports can also be forwarded over the secure channel.
+
+OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
+up to date in terms of security and features, as well as removing all 
+patented algorithms to seperate libraries (OpenSSL).
+
+This package includes all files necessary for both the OpenSSH
+client and server. Additionally, this package contains the GNOME
+passphrase dialog.
+
+%changelog
+* Mon Jun 12 2000 Damien Miller <djm@mindrot.org>
+- Glob manpages to catch compressed files
+* Wed Mar 15 2000 Damien Miller <djm@ibs.com.au>
+- Updated for new location
+- Updated for new gnome-ssh-askpass build
+* Sun Dec 26 1999 Chris Saia <csaia@wtower.com>
+- Made symlink to gnome-ssh-askpass called ssh-askpass
+* Wed Nov 24 1999 Chris Saia <csaia@wtower.com>
+- Removed patches that included /etc/pam.d/sshd, /sbin/init.d/rc.sshd, and
+  /var/adm/fillup-templates/rc.config.sshd, since Damien merged these into
+  his released tarfile
+- Changed permissions on ssh_config in the install procedure to 644 from 600
+  even though it was correct in the %files section and thus right in the RPMs
+- Postinstall script for the server now only prints "Generating SSH host
+  key..." if we need to actually do this, in order to eliminate a confusing
+  message if an SSH host key is already in place
+- Marked all manual pages as %doc(umentation)
+* Mon Nov 22 1999 Chris Saia <csaia@wtower.com>
+- Added flag to configure daemon with TCP Wrappers support
+- Added building prerequisites (works in RPM 3.0 and newer)
+* Thu Nov 18 1999 Chris Saia <csaia@wtower.com>
+- Made this package correct for SuSE.
+- Changed instances of pam_pwdb.so to pam_unix.so, since it works more properly
+  with SuSE, and lib_pwdb.so isn't installed by default.
+* Mon Nov 15 1999 Damien Miller <djm@mindrot.org>
+- Split subpackages further based on patch from jim knoble <jmknoble@pobox.com>
+* Sat Nov 13 1999 Damien Miller <djm@mindrot.org>
+- Added 'Obsoletes' directives
+* Tue Nov 09 1999 Damien Miller <djm@ibs.com.au>
+- Use make install
+- Subpackages
+* Mon Nov 08 1999 Damien Miller <djm@ibs.com.au>
+- Added links for slogin
+- Fixed perms on manpages
+* Sat Oct 30 1999 Damien Miller <djm@ibs.com.au>
+- Renamed init script
+* Fri Oct 29 1999 Damien Miller <djm@ibs.com.au>
+- Back to old binary names
+* Thu Oct 28 1999 Damien Miller <djm@ibs.com.au>
+- Use autoconf
+- New binary names
+* Wed Oct 27 1999 Damien Miller <djm@ibs.com.au>
+- Initial RPMification, based on Jan "Yenya" Kasprzak's <kas@fi.muni.cz> spec.
+
+%prep
+
+%setup -q
+
+%build
+CFLAGS="$RPM_OPT_FLAGS" \
+./configure	--prefix=/usr \
+		--sysconfdir=/etc/ssh \
+		--datadir=/usr/share/openssh \
+		--with-pam \
+		--with-gnome-askpass \
+		--with-tcp-wrappers \
+		--with-ipv4-default \
+		--libexecdir=/usr/lib/ssh
+make
+
+cd contrib
+gcc -O -g `gnome-config --cflags gnome gnomeui` \
+        gnome-ssh-askpass.c -o gnome-ssh-askpass \
+        `gnome-config --libs gnome gnomeui`
+cd ..
+
+%install
+rm -rf $RPM_BUILD_ROOT
+make install DESTDIR=$RPM_BUILD_ROOT/
+install -d $RPM_BUILD_ROOT/etc/ssh/
+install -d $RPM_BUILD_ROOT/etc/pam.d/
+install -d $RPM_BUILD_ROOT/sbin/init.d/
+install -d $RPM_BUILD_ROOT/var/adm/fillup-templates
+install -d $RPM_BUILD_ROOT/usr/lib/ssh
+install -m644 contrib/sshd.pam.generic $RPM_BUILD_ROOT/etc/pam.d/sshd
+install -m744 contrib/suse/rc.sshd $RPM_BUILD_ROOT/sbin/init.d/sshd
+ln -s ../../sbin/init.d/sshd $RPM_BUILD_ROOT/usr/sbin/rcsshd
+install -s contrib/gnome-ssh-askpass $RPM_BUILD_ROOT/usr/lib/ssh/gnome-ssh-askpass
+ln -s gnome-ssh-askpass $RPM_BUILD_ROOT/usr/lib/ssh/ssh-askpass
+install -m744 contrib/suse/rc.config.sshd \
+   $RPM_BUILD_ROOT/var/adm/fillup-templates
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%post
+if [ "$1" = 1 ]; then
+  echo "Creating SSH stop/start scripts in the rc directories..."
+  ln -s ../sshd /sbin/init.d/rc2.d/K20sshd
+  ln -s ../sshd /sbin/init.d/rc2.d/S20sshd
+  ln -s ../sshd /sbin/init.d/rc3.d/K20sshd
+  ln -s ../sshd /sbin/init.d/rc3.d/S20sshd
+fi
+echo "Updating /etc/rc.config..."
+if [ -x /bin/fillup ] ; then
+  /bin/fillup -q -d = etc/rc.config var/adm/fillup-templates/rc.config.sshd
+else
+  echo "ERROR: fillup not found.  This should NOT happen in SuSE Linux."
+  echo "Update /etc/rc.config by hand from the following template file:"
+  echo "  /var/adm/fillup-templates/rc.config.sshd"
+fi
+if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then
+        echo "Generating SSH host key..."
+	/usr/bin/ssh-keygen -b 1024 -f /etc/ssh/ssh_host_key -N '' >&2
+fi
+if [ ! -f /etc/ssh/ssh_host_dsa_key -o ! -s /etc/ssh/ssh_host_dsa_key ]; then
+        echo "Generating SSH DSA host key..."
+	/usr/bin/ssh-keygen -d -f /etc/ssh/ssh_host_dsa_key -N '' >&2
+fi
+if test -r /var/run/sshd.pid
+then
+        echo "Restarting the running SSH daemon..."
+	/usr/sbin/rcsshd restart >&2
+fi
+
+%preun
+if [ "$1" = 0 ]
+then
+        echo "Stopping the SSH daemon..."
+	/usr/sbin/rcsshd stop >&2
+	echo "Removing SSH stop/start scripts from the rc directories..."
+        rm /sbin/init.d/rc2.d/K20sshd
+        rm /sbin/init.d/rc2.d/S20sshd
+        rm /sbin/init.d/rc3.d/K20sshd
+        rm /sbin/init.d/rc3.d/S20sshd
+fi
+
+%files
+%defattr(-,root,root)
+%doc ChangeLog OVERVIEW README* 
+%doc RFC.nroff TODO CREDITS LICENSE
+%attr(0755,root,root) %dir /etc/ssh
+%attr(0644,root,root) %config /etc/ssh/ssh_config
+%attr(0600,root,root) %config /etc/ssh/sshd_config
+%attr(0600,root,root) %config /etc/ssh/moduli
+%attr(0644,root,root) %config /etc/pam.d/sshd
+%attr(0755,root,root) %config /sbin/init.d/sshd
+%attr(0755,root,root) /usr/bin/ssh-keygen
+%attr(0755,root,root) /usr/bin/scp
+%attr(4755,root,root) /usr/bin/ssh
+%attr(-,root,root) /usr/bin/slogin
+%attr(0755,root,root) /usr/bin/ssh-agent
+%attr(0755,root,root) /usr/bin/ssh-add
+%attr(0755,root,root) /usr/bin/ssh-keyscan
+%attr(0755,root,root) /usr/bin/sftp
+%attr(0755,root,root) /usr/sbin/sshd
+%attr(-,root,root) /usr/sbin/rcsshd
+%attr(0755,root,root) %dir /usr/lib/ssh
+%attr(0755,root,root) /usr/lib/ssh/ssh-askpass
+%attr(0755,root,root) /usr/lib/ssh/gnome-ssh-askpass
+%attr(0644,root,root) %doc /usr/man/man1/scp.1*
+%attr(0644,root,root) %doc /usr/man/man1/ssh.1*
+%attr(-,root,root) %doc /usr/man/man1/slogin.1*
+%attr(0644,root,root) %doc /usr/man/man1/ssh-agent.1*
+%attr(0644,root,root) %doc /usr/man/man1/ssh-add.1*
+%attr(0644,root,root) %doc /usr/man/man1/ssh-keygen.1*
+%attr(0644,root,root) %doc /usr/man/man8/sshd.8*
+%attr(0644,root,root) /var/adm/fillup-templates/rc.config.sshd
+
diff -ruN --exclude CVS ssh-openbsd-2002030700/contrib/suse/rc.config.sshd openssh-3.1p1/contrib/suse/rc.config.sshd
--- ssh-openbsd-2002030700/contrib/suse/rc.config.sshd	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/contrib/suse/rc.config.sshd	Wed Mar 15 12:25:07 2000
@@ -0,0 +1,5 @@
+#
+# Start the Secure Shell (SSH) Daemon?
+#
+START_SSHD="yes"
+
diff -ruN --exclude CVS ssh-openbsd-2002030700/contrib/suse/rc.sshd openssh-3.1p1/contrib/suse/rc.sshd
--- ssh-openbsd-2002030700/contrib/suse/rc.sshd	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/contrib/suse/rc.sshd	Wed Mar 15 12:25:07 2000
@@ -0,0 +1,80 @@
+#! /bin/sh
+# Copyright (c) 1995-1998 SuSE GmbH Nuernberg, Germany.
+#
+# Author: Chris Saia <csaia@wtower.com>
+#
+# /sbin/init.d/sshd
+#
+#   and symbolic its link
+#
+# /sbin/rcsshd
+#
+
+. /etc/rc.config
+
+# Determine the base and follow a runlevel link name.
+base=${0##*/}
+link=${base#*[SK][0-9][0-9]}
+
+# Force execution if not called by a runlevel directory.
+test $link = $base && START_SSHD=yes
+test "$START_SSHD" = yes || exit 0
+
+# The echo return value for success (defined in /etc/rc.config).
+return=$rc_done
+case "$1" in
+    start)
+	echo -n "Starting service sshd"
+	## Start daemon with startproc(8). If this fails
+	## the echo return value is set appropriate.
+
+	startproc /usr/sbin/sshd || return=$rc_failed
+
+	echo -e "$return"
+	;;
+    stop)
+	echo -n "Stopping service sshd"
+	## Stop daemon with killproc(8) and if this fails
+	## set echo the echo return value.
+
+	killproc -TERM /usr/sbin/sshd || return=$rc_failed
+
+	echo -e "$return"
+	;;
+    restart)
+	## If first returns OK call the second, if first or
+	## second command fails, set echo return value.
+	$0 stop  &&  $0 start  ||  return=$rc_failed
+	;;
+    reload)
+	## Choose ONE of the following two cases:
+
+	## First possibility: A few services accepts a signal
+	## to reread the (changed) configuration.
+
+	echo -n "Reload service sshd"
+	killproc -HUP /usr/sbin/sshd || return=$rc_failed
+	echo -e "$return"
+	;;
+    status)
+	echo -n "Checking for service sshd"
+	## Check status with checkproc(8), if process is running
+	## checkproc will return with exit status 0.
+
+	checkproc /usr/sbin/sshd && echo OK || echo No process
+	;;
+    probe)
+	## Optional: Probe for the necessity of a reload,
+	## give out the argument which is required for a reload.
+
+	test /etc/ssh/sshd_config -nt /var/run/sshd.pid && echo reload
+	;;
+    *)
+	echo "Usage: $0 {start|stop|status|restart|reload[|probe]}"
+	exit 1
+	;;
+esac
+
+# Inform the caller not only verbosely and set an exit status.
+test "$return" = "$rc_done" || exit 1
+exit 0
diff -ruN --exclude CVS ssh-openbsd-2002030700/defines.h openssh-3.1p1/defines.h
--- ssh-openbsd-2002030700/defines.h	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/defines.h	Wed Feb 27 03:40:49 2002
@@ -0,0 +1,589 @@
+#ifndef _DEFINES_H
+#define _DEFINES_H
+
+/* $Id: defines.h,v 1.80 2002/02/26 16:40:49 tim Exp $ */
+
+/* Necessary headers */
+
+#include <sys/types.h> /* For [u]intxx_t */
+#include <sys/socket.h> /* For SHUT_XXXX */
+#include <sys/param.h> /* For MAXPATHLEN and roundup() */
+#include <netinet/in_systm.h> /* For typedefs */
+#include <netinet/in.h> /* For IPv6 macros */
+#include <netinet/ip.h> /* For IPTOS macros */
+#ifdef HAVE_SYS_UN_H
+# include <sys/un.h> /* For sockaddr_un */
+#endif
+#ifdef HAVE_SYS_BITYPES_H
+# include <sys/bitypes.h> /* For u_intXX_t */
+#endif
+#ifdef HAVE_PATHS_H
+# include <paths.h> /* For _PATH_XXX */
+#endif
+#ifdef HAVE_LIMITS_H
+# include <limits.h> /* For PATH_MAX */
+#endif
+#ifdef HAVE_SYS_TIME_H
+# include <sys/time.h> /* For timersub */
+#endif
+#ifdef HAVE_MAILLOCK_H
+# include <maillock.h> /* For _PATH_MAILDIR */
+#endif
+#ifdef HAVE_SYS_CDEFS_H
+# include <sys/cdefs.h> /* For __P() */
+#endif
+#ifdef HAVE_SYS_SYSMACROS_H
+# include <sys/sysmacros.h> /* For MIN, MAX, etc */
+#endif
+#ifdef HAVE_SYS_STAT_H
+# include <sys/stat.h> /* For S_* constants and macros */
+#endif
+#ifdef HAVE_NEXT
+#  include <libc.h>
+#endif
+
+#include <unistd.h> /* For STDIN_FILENO, etc */
+#include <termios.h> /* Struct winsize */
+#include <fcntl.h> /* For O_NONBLOCK */
+#include <openssl/opensslv.h> /* For OPENSSL_VERSION_NUMBER */
+
+/* *-*-nto-qnx needs these headers for strcasecmp and LASTLOG_FILE respectively */
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif
+#ifdef HAVE_LOGIN_H
+# include <login.h>
+#endif
+
+
+/* Constants */
+
+#ifndef SHUT_RDWR
+enum
+{
+  SHUT_RD = 0,		/* No more receptions.  */
+  SHUT_WR,			/* No more transmissions.  */
+  SHUT_RDWR			/* No more receptions or transmissions.  */
+};
+# define SHUT_RD   SHUT_RD
+# define SHUT_WR   SHUT_WR
+# define SHUT_RDWR SHUT_RDWR
+#endif
+
+#ifndef IPTOS_LOWDELAY
+# define IPTOS_LOWDELAY          0x10
+# define IPTOS_THROUGHPUT        0x08
+# define IPTOS_RELIABILITY       0x04
+# define IPTOS_LOWCOST           0x02
+# define IPTOS_MINCOST           IPTOS_LOWCOST
+#endif /* IPTOS_LOWDELAY */
+
+#ifndef MAXPATHLEN
+# ifdef PATH_MAX
+#  define MAXPATHLEN PATH_MAX
+# else /* PATH_MAX */
+#  define MAXPATHLEN 64 /* Should be safe */
+# endif /* PATH_MAX */
+#endif /* MAXPATHLEN */
+
+#ifndef STDIN_FILENO
+# define STDIN_FILENO    0
+#endif
+#ifndef STDOUT_FILENO
+# define STDOUT_FILENO   1
+#endif
+#ifndef STDERR_FILENO
+# define STDERR_FILENO   2
+#endif
+
+#ifndef NGROUPS_MAX	/* Disable groupaccess if NGROUP_MAX is not set */
+#ifdef NGROUPS
+#define NGROUPS_MAX NGROUPS
+#else
+#define NGROUPS_MAX 0
+#endif
+#endif
+
+#ifndef O_NONBLOCK	/* Non Blocking Open */
+# define O_NONBLOCK      00004
+#endif
+
+#ifndef S_ISDIR
+# define S_ISDIR(mode)	(((mode) & (_S_IFMT)) == (_S_IFDIR))
+#endif /* S_ISDIR */
+
+#ifndef S_ISREG 
+# define S_ISREG(mode)	(((mode) & (_S_IFMT)) == (_S_IFREG))
+#endif /* S_ISREG */
+
+#ifndef S_ISLNK
+# define S_ISLNK(mode)	(((mode) & S_IFMT) == S_IFLNK)
+#endif /* S_ISLNK */
+
+#ifndef S_IXUSR
+# define S_IXUSR			0000100	/* execute/search permission, */
+# define S_IXGRP			0000010	/* execute/search permission, */
+# define S_IXOTH			0000001	/* execute/search permission, */
+# define _S_IWUSR			0000200	/* write permission, */
+# define S_IWUSR			_S_IWUSR	/* write permission, owner */
+# define S_IWGRP			0000020	/* write permission, group */
+# define S_IWOTH			0000002	/* write permission, other */
+# define S_IRUSR			0000400	/* read permission, owner */
+# define S_IRGRP			0000040	/* read permission, group */
+# define S_IROTH			0000004	/* read permission, other */
+# define S_IRWXU			0000700	/* read, write, execute */
+# define S_IRWXG			0000070	/* read, write, execute */
+# define S_IRWXO			0000007	/* read, write, execute */
+#endif /* S_IXUSR */
+
+/* *-*-nto-qnx doesn't define this constant in the system headers */
+#ifdef MISSING_NFDBITS
+# define	NFDBITS (8 * sizeof(unsigned long))
+#endif
+
+/*
+SCO Open Server 3 has INADDR_LOOPBACK defined in rpc/rpc.h but
+including rpc/rpc.h breaks Solaris 6
+*/
+#ifndef INADDR_LOOPBACK
+#define INADDR_LOOPBACK ((ulong)0x7f000001)
+#endif
+
+/* Types */
+
+/* If sys/types.h does not supply intXX_t, supply them ourselves */
+/* (or die trying) */
+
+
+#ifndef HAVE_U_INT
+typedef unsigned int u_int;
+#endif
+
+#ifndef HAVE_INTXX_T
+# if (SIZEOF_CHAR == 1)
+typedef char int8_t;
+# else
+#  error "8 bit int type not found."
+# endif
+# if (SIZEOF_SHORT_INT == 2)
+typedef short int int16_t;
+# else
+#  ifdef _CRAY
+#   if (SIZEOF_SHORT_INT == 4)
+typedef short int16_t;
+#   else
+typedef long  int16_t;
+#   endif
+#  else
+#   error "16 bit int type not found."
+#  endif /* _CRAY */
+# endif
+# if (SIZEOF_INT == 4)
+typedef int int32_t;
+# else
+#  ifdef _CRAY
+typedef long  int32_t;
+#  else
+#   error "32 bit int type not found."
+#  endif /* _CRAY */
+# endif
+#endif
+
+/* If sys/types.h does not supply u_intXX_t, supply them ourselves */
+#ifndef HAVE_U_INTXX_T
+# ifdef HAVE_UINTXX_T
+typedef uint8_t u_int8_t;
+typedef uint16_t u_int16_t;
+typedef uint32_t u_int32_t;
+# define HAVE_U_INTXX_T 1
+# else
+#  if (SIZEOF_CHAR == 1)
+typedef unsigned char u_int8_t;
+#  else
+#   error "8 bit int type not found."
+#  endif
+#  if (SIZEOF_SHORT_INT == 2)
+typedef unsigned short int u_int16_t;
+#  else
+#   ifdef _CRAY
+#    if (SIZEOF_SHORT_INT == 4)
+typedef unsigned short u_int16_t;
+#    else
+typedef unsigned long  u_int16_t;
+#    endif
+#   else
+#    error "16 bit int type not found."
+#   endif
+#  endif
+#  if (SIZEOF_INT == 4)
+typedef unsigned int u_int32_t;
+#  else
+#   ifdef _CRAY
+typedef unsigned long  u_int32_t;
+#   else
+#    error "32 bit int type not found."
+#   endif
+#  endif
+# endif
+#define __BIT_TYPES_DEFINED__
+#endif
+
+/* 64-bit types */
+#ifndef HAVE_INT64_T
+# if (SIZEOF_LONG_INT == 8)
+typedef long int int64_t;
+#   define HAVE_INT64_T 1
+# else
+#  if (SIZEOF_LONG_LONG_INT == 8)
+typedef long long int int64_t;
+#   define HAVE_INT64_T 1
+#  endif
+# endif
+#endif
+#ifndef HAVE_U_INT64_T
+# if (SIZEOF_LONG_INT == 8)
+typedef unsigned long int u_int64_t;
+#   define HAVE_U_INT64_T 1
+# else
+#  if (SIZEOF_LONG_LONG_INT == 8)
+typedef unsigned long long int u_int64_t;
+#   define HAVE_U_INT64_T 1
+#  endif
+# endif
+#endif
+#if !defined(HAVE_LONG_LONG_INT) && (SIZEOF_LONG_LONG_INT == 8)
+# define HAVE_LONG_LONG_INT 1
+#endif
+
+#ifndef HAVE_U_CHAR
+typedef unsigned char u_char;
+# define HAVE_U_CHAR
+#endif /* HAVE_U_CHAR */
+
+#ifndef HAVE_SIZE_T
+typedef unsigned int size_t;
+# define HAVE_SIZE_T
+#endif /* HAVE_SIZE_T */
+
+#ifndef HAVE_SSIZE_T
+typedef int ssize_t;
+# define HAVE_SSIZE_T
+#endif /* HAVE_SSIZE_T */
+
+#ifndef HAVE_CLOCK_T
+typedef long clock_t;
+# define HAVE_CLOCK_T
+#endif /* HAVE_CLOCK_T */
+
+#ifndef HAVE_SA_FAMILY_T
+typedef int sa_family_t;
+# define HAVE_SA_FAMILY_T
+#endif /* HAVE_SA_FAMILY_T */
+
+#ifndef HAVE_PID_T
+typedef int pid_t;
+# define HAVE_PID_T
+#endif /* HAVE_PID_T */
+
+#ifndef HAVE_SIG_ATOMIC_T
+typedef int sig_atomic_t;
+# define HAVE_SIG_ATOMIC_T
+#endif /* HAVE_SIG_ATOMIC_T */
+
+#ifndef HAVE_MODE_T
+typedef int mode_t;
+# define HAVE_MODE_T
+#endif /* HAVE_MODE_T */
+
+#if !defined(HAVE_SS_FAMILY_IN_SS) && defined(HAVE___SS_FAMILY_IN_SS)
+# define ss_family __ss_family
+#endif /* !defined(HAVE_SS_FAMILY_IN_SS) && defined(HAVE_SA_FAMILY_IN_SS) */
+
+#ifndef HAVE_SYS_UN_H
+struct	sockaddr_un {
+	short	sun_family;		/* AF_UNIX */
+	char	sun_path[108];		/* path name (gag) */
+};
+#endif /* HAVE_SYS_UN_H */
+
+#if defined(BROKEN_SYS_TERMIO_H) && !defined(_STRUCT_WINSIZE)
+#define _STRUCT_WINSIZE
+struct winsize {
+      unsigned short ws_row;          /* rows, in characters */
+      unsigned short ws_col;          /* columns, in character */
+      unsigned short ws_xpixel;       /* horizontal size, pixels */
+      unsigned short ws_ypixel;       /* vertical size, pixels */
+};
+#endif
+
+/* *-*-nto-qnx does not define this type in the system headers */
+#ifdef MISSING_FD_MASK
+ typedef unsigned long int	fd_mask;
+#endif
+
+/* Paths */
+
+#ifndef _PATH_BSHELL
+# define _PATH_BSHELL "/bin/sh"
+#endif
+#ifndef _PATH_CSHELL
+# define _PATH_CSHELL "/bin/csh"
+#endif
+#ifndef _PATH_SHELLS
+# define _PATH_SHELLS "/etc/shells"
+#endif
+
+#ifdef USER_PATH
+# ifdef _PATH_STDPATH
+#  undef _PATH_STDPATH
+# endif
+# define _PATH_STDPATH USER_PATH
+#endif
+
+#ifndef _PATH_STDPATH
+# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
+#endif
+
+#ifndef _PATH_DEVNULL
+# define _PATH_DEVNULL "/dev/null"
+#endif
+
+#ifndef MAIL_DIRECTORY
+# define MAIL_DIRECTORY "/var/spool/mail"
+#endif
+
+#ifndef MAILDIR
+# define MAILDIR MAIL_DIRECTORY
+#endif
+
+#if !defined(_PATH_MAILDIR) && defined(MAILDIR)
+# define _PATH_MAILDIR MAILDIR
+#endif /* !defined(_PATH_MAILDIR) && defined(MAILDIR) */
+
+#ifndef _PATH_RSH
+# ifdef RSH_PATH
+#  define _PATH_RSH RSH_PATH
+# else /* RSH_PATH */
+#  define _PATH_RSH "/usr/bin/rsh"
+# endif /* RSH_PATH */
+#endif /* _PATH_RSH */
+
+#ifndef _PATH_NOLOGIN
+# define _PATH_NOLOGIN "/etc/nologin"
+#endif
+
+/* Define this to be the path of the xauth program. */
+#ifdef XAUTH_PATH
+#define _PATH_XAUTH XAUTH_PATH
+#endif /* XAUTH_PATH */
+
+/* derived from XF4/xc/lib/dps/Xlibnet.h */
+#ifndef X_UNIX_PATH
+#  ifdef __hpux
+#    define X_UNIX_PATH "/var/spool/sockets/X11/%u"
+#  else
+#    define X_UNIX_PATH "/tmp/.X11-unix/X%u"
+#  endif
+#endif /* X_UNIX_PATH */
+#define _PATH_UNIX_X X_UNIX_PATH
+
+#ifndef _PATH_TTY
+# define _PATH_TTY "/dev/tty"
+#endif
+
+/* Macros */
+
+#if defined(HAVE_LOGIN_GETCAPBOOL) && defined(HAVE_LOGIN_CAP_H)
+# define HAVE_LOGIN_CAP
+#endif
+
+#ifndef MAX
+# define MAX(a,b) (((a)>(b))?(a):(b))
+# define MIN(a,b) (((a)<(b))?(a):(b))
+#endif
+
+#ifndef roundup
+# define roundup(x, y)   ((((x)+((y)-1))/(y))*(y))
+#endif
+
+#ifndef timersub
+#define timersub(a, b, result)					\
+   do {								\
+      (result)->tv_sec = (a)->tv_sec - (b)->tv_sec;		\
+      (result)->tv_usec = (a)->tv_usec - (b)->tv_usec;		\
+      if ((result)->tv_usec < 0) {				\
+	 --(result)->tv_sec;					\
+	 (result)->tv_usec += 1000000;				\
+      }								\
+   } while (0)
+#endif
+
+#ifndef __P
+# define __P(x) x
+#endif
+
+#if !defined(IN6_IS_ADDR_V4MAPPED)
+# define IN6_IS_ADDR_V4MAPPED(a) \
+	((((u_int32_t *) (a))[0] == 0) && (((u_int32_t *) (a))[1] == 0) && \
+	 (((u_int32_t *) (a))[2] == htonl (0xffff)))
+#endif /* !defined(IN6_IS_ADDR_V4MAPPED) */
+
+#if !defined(__GNUC__) || (__GNUC__ < 2)
+# define __attribute__(x)
+#endif /* !defined(__GNUC__) || (__GNUC__ < 2) */
+
+/* *-*-nto-qnx doesn't define this macro in the system headers */
+#ifdef MISSING_HOWMANY
+# define howmany(x,y)	(((x)+((y)-1))/(y))
+#endif
+
+/* Function replacement / compatibility hacks */
+
+/* In older versions of libpam, pam_strerror takes a single argument */
+#ifdef HAVE_OLD_PAM
+# define PAM_STRERROR(a,b) pam_strerror((b))
+#else
+# define PAM_STRERROR(a,b) pam_strerror((a),(b))
+#endif
+
+#ifdef PAM_SUN_CODEBASE
+# define PAM_MSG_MEMBER(msg, n, member) ((*(msg))[(n)].member)
+#else
+# define PAM_MSG_MEMBER(msg, n, member) ((msg)[(n)]->member)
+#endif
+
+#if defined(BROKEN_GETADDRINFO) && defined(HAVE_GETADDRINFO)
+# undef HAVE_GETADDRINFO
+#endif
+#if defined(BROKEN_GETADDRINFO) && defined(HAVE_FREEADDRINFO)
+# undef HAVE_FREEADDRINFO
+#endif
+#if defined(BROKEN_GETADDRINFO) && defined(HAVE_GAI_STRERROR)
+# undef HAVE_GAI_STRERROR
+#endif
+
+#if !defined(HAVE_MEMMOVE) && defined(HAVE_BCOPY)
+# define memmove(s1, s2, n) bcopy((s2), (s1), (n))
+#endif /* !defined(HAVE_MEMMOVE) && defined(HAVE_BCOPY) */
+
+#if !defined(HAVE_ATEXIT) && defined(HAVE_ON_EXIT)
+# define atexit(a) on_exit(a, NULL)
+#else
+# if defined(HAVE_XATEXIT)
+#  define atexit(a) xatexit(a)
+# endif /* defined(HAVE_XATEXIT) */
+#endif /* !defined(HAVE_ATEXIT) && defined(HAVE_ON_EXIT) */
+
+#if defined(HAVE_VHANGUP) && !defined(HAVE_DEV_PTMX)
+#  define USE_VHANGUP
+#endif /* defined(HAVE_VHANGUP) && !defined(HAVE_DEV_PTMX) */
+
+#ifndef GETPGRP_VOID
+# define getpgrp() getpgrp(0)
+#endif
+
+/* OPENSSL_free() is Free() in versions before OpenSSL 0.9.6 */
+#if !defined(OPENSSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x0090600f)
+# define OPENSSL_free(x) Free(x)
+#endif
+
+/*
+ * Define this to use pipes instead of socketpairs for communicating with the
+ * client program.  Socketpairs do not seem to work on all systems.
+ *
+ * configure.ac sets this for a few OS's which are known to have problems
+ * but you may need to set it yourself
+ */
+/* #define USE_PIPES 1 */
+
+/**
+ ** login recorder definitions
+ **/
+
+/* preprocess */
+
+#ifdef HAVE_UTMP_H
+#  ifdef HAVE_TIME_IN_UTMP
+#    include <time.h>
+#  endif
+#  include <utmp.h>
+#endif
+#ifdef HAVE_UTMPX_H
+#  ifdef HAVE_TV_IN_UTMPX
+#    include <sys/time.h>
+#  endif
+#  include <utmpx.h>
+#endif
+#ifdef HAVE_LASTLOG_H
+#  include <lastlog.h>
+#endif
+#ifdef HAVE_PATHS_H
+#  include <paths.h>
+#endif
+
+/* FIXME: put default paths back in */
+#ifndef UTMP_FILE
+#  ifdef _PATH_UTMP
+#    define UTMP_FILE _PATH_UTMP
+#  else
+#    ifdef CONF_UTMP_FILE
+#      define UTMP_FILE CONF_UTMP_FILE
+#    endif
+#  endif
+#endif
+#ifndef WTMP_FILE
+#  ifdef _PATH_WTMP
+#    define WTMP_FILE _PATH_WTMP
+#  else
+#    ifdef CONF_WTMP_FILE
+#      define WTMP_FILE CONF_WTMP_FILE
+#    endif
+#  endif
+#endif
+/* pick up the user's location for lastlog if given */
+#ifndef LASTLOG_FILE
+#  ifdef _PATH_LASTLOG
+#    define LASTLOG_FILE _PATH_LASTLOG
+#  else
+#    ifdef CONF_LASTLOG_FILE
+#      define LASTLOG_FILE CONF_LASTLOG_FILE
+#    endif
+#  endif
+#endif
+
+
+/* The login() library function in libutil is first choice */
+#if defined(HAVE_LOGIN) && !defined(DISABLE_LOGIN)
+#  define USE_LOGIN
+
+#else
+/* Simply select your favourite login types. */
+/* Can't do if-else because some systems use several... <sigh> */
+#  if defined(UTMPX_FILE) && !defined(DISABLE_UTMPX)
+#    define USE_UTMPX
+#  endif
+#  if defined(UTMP_FILE) && !defined(DISABLE_UTMP)
+#    define USE_UTMP
+#  endif
+#  if defined(WTMPX_FILE) && !defined(DISABLE_WTMPX)
+#    define USE_WTMPX
+#  endif
+#  if defined(WTMP_FILE) && !defined(DISABLE_WTMP)
+#    define USE_WTMP
+#  endif
+
+#endif
+
+/* I hope that the presence of LASTLOG_FILE is enough to detect this */
+#if defined(LASTLOG_FILE) && !defined(DISABLE_LASTLOG)
+#  define USE_LASTLOG
+#endif
+
+/* which type of time to use? (api.c) */
+#ifdef HAVE_SYS_TIME_H
+#  define USE_TIMEVAL
+#endif
+
+/** end of login recorder definitions */
+
+#endif /* _DEFINES_H */
diff -ruN --exclude CVS ssh-openbsd-2002030700/entropy.c openssh-3.1p1/entropy.c
--- ssh-openbsd-2002030700/entropy.c	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/entropy.c	Tue Jan 22 21:57:54 2002
@@ -0,0 +1,150 @@
+/*
+ * Copyright (c) 2001 Damien Miller.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+
+#include <openssl/rand.h>
+#include <openssl/crypto.h>
+
+#include "ssh.h"
+#include "misc.h"
+#include "xmalloc.h"
+#include "atomicio.h"
+#include "pathnames.h"
+#include "log.h"
+
+/*
+ * Portable OpenSSH PRNG seeding:
+ * If OpenSSL has not "internally seeded" itself (e.g. pulled data from 
+ * /dev/random), then we execute a "ssh-rand-helper" program which 
+ * collects entropy and writes it to stdout. The child program must 
+ * write at least RANDOM_SEED_SIZE bytes. The child is run with stderr
+ * attached, so error/debugging output should be visible.
+ *
+ * XXX: we should tell the child how many bytes we need.
+ */
+
+RCSID("$Id: entropy.c,v 1.40 2002/01/22 10:57:54 djm Exp $");
+
+#ifndef OPENSSL_PRNG_ONLY
+#define RANDOM_SEED_SIZE 48
+static uid_t original_uid, original_euid;
+#endif
+
+void
+seed_rng(void)
+{
+#ifndef OPENSSL_PRNG_ONLY
+	int devnull;
+	int p[2];
+	pid_t pid;
+	int ret;
+	unsigned char buf[RANDOM_SEED_SIZE];
+
+	if (RAND_status() == 1) {
+		debug3("RNG is ready, skipping seeding");
+		return;
+	}
+
+	debug3("Seeing PRNG from %s", SSH_RAND_HELPER);
+
+	if ((devnull = open("/dev/null", O_RDWR)) == -1)
+		fatal("Couldn't open /dev/null: %s", strerror(errno));
+	if (pipe(p) == -1)
+		fatal("pipe: %s", strerror(errno));
+
+	if ((pid = fork()) == -1)
+		fatal("Couldn't fork: %s", strerror(errno));
+	if (pid == 0) {
+		dup2(devnull, STDIN_FILENO);
+		dup2(p[1], STDOUT_FILENO);
+		/* Keep stderr open for errors */
+		close(p[0]);
+		close(p[1]);
+		close(devnull);
+
+		if (original_uid != original_euid && 
+		    setuid(original_uid) == -1) {
+			fprintf(stderr, "(rand child) setuid: %s\n", 
+			    strerror(errno));
+			_exit(1);
+		}
+		
+		execl(SSH_RAND_HELPER, "ssh-rand-helper", NULL);
+		fprintf(stderr, "(rand child) Couldn't exec '%s': %s\n", 
+		    SSH_RAND_HELPER, strerror(errno));
+		_exit(1);
+	}
+
+	close(devnull);
+	close(p[1]);
+
+	memset(buf, '\0', sizeof(buf));
+	ret = atomicio(read, p[0], buf, sizeof(buf));
+	if (ret == -1)
+		fatal("Couldn't read from ssh-rand-helper: %s",
+		    strerror(errno));
+	if (ret != sizeof(buf))
+		fatal("ssh-rand-helper child produced insufficient data");
+
+	close(p[0]);
+
+	if (waitpid(pid, &ret, 0) == -1)
+	       fatal("Couldn't wait for ssh-rand-helper completion: %s", 
+	           strerror(errno));
+
+	/* We don't mind if the child exits upon a SIGPIPE */
+	if (!WIFEXITED(ret) && 
+	    (!WIFSIGNALED(ret) || WTERMSIG(ret) != SIGPIPE))
+		fatal("ssh-rand-helper terminated abnormally");
+	if (WEXITSTATUS(ret) != 0)
+		fatal("ssh-rand-helper exit with exit status %d", ret);
+
+	RAND_add(buf, sizeof(buf), sizeof(buf));
+	memset(buf, '\0', sizeof(buf));
+
+#endif /* OPENSSL_PRNG_ONLY */
+	if (RAND_status() != 1)
+		fatal("PRNG is not seeded");
+}
+
+void
+init_rng(void) 
+{
+	/*
+	 * OpenSSL version numbers: MNNFFPPS: major minor fix patch status
+	 * We match major, minor, fix and status (not patch)
+	 */
+	if ((SSLeay() ^ OPENSSL_VERSION_NUMBER) & ~0xff0L)
+		fatal("OpenSSL version mismatch. Built against %lx, you "
+		    "have %lx", OPENSSL_VERSION_NUMBER, SSLeay());
+
+#ifndef OPENSSL_PRNG_ONLY
+	if ((original_uid = getuid()) == -1)
+		fatal("getuid: %s", strerror(errno));
+	if ((original_euid = geteuid()) == -1)
+		fatal("geteuid: %s", strerror(errno));
+#endif
+}
+
diff -ruN --exclude CVS ssh-openbsd-2002030700/entropy.h openssh-3.1p1/entropy.h
--- ssh-openbsd-2002030700/entropy.h	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/entropy.h	Fri Feb  9 12:55:36 2001
@@ -0,0 +1,33 @@
+/*
+ * Copyright (c) 1999-2000 Damien Miller.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* $Id: entropy.h,v 1.4 2001/02/09 01:55:36 djm Exp $ */
+
+#ifndef _RANDOMS_H
+#define _RANDOMS_H
+
+void seed_rng(void);
+void init_rng(void);
+
+#endif /* _RANDOMS_H */
diff -ruN --exclude CVS ssh-openbsd-2002030700/fixpaths openssh-3.1p1/fixpaths
--- ssh-openbsd-2002030700/fixpaths	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/fixpaths	Mon Apr 16 10:41:47 2001
@@ -0,0 +1,43 @@
+#!/usr/bin/perl -w
+#
+# fixpaths  - substitute makefile variables into text files
+
+
+$usage = "Usage: $0 [-Dstring=replacement] [[infile] ...]\n";
+
+if (!defined(@ARGV)) { die ("$usage"); }
+
+# read in the command line and get some definitions
+while ($_=$ARGV[0], /^-/) {
+  if (/^-D/) {
+    # definition
+    shift(@ARGV);
+    if ( /-D(.*)=(.*)/ ) {
+      $def{"$1"}=$2;
+    } else {
+      die ("$usage$0: error in command line arguments.\n");
+    }
+  } else {
+    @cmd = split(//, $ARGV[0]); $opt = $cmd[1];
+    die ("$usage$0: unknown option '-$opt'\n");
+  }
+} # while parsing arguments
+
+if (!defined(%def)) {
+  die ("$0: nothing to do - no substitutions listed!\n");
+}
+
+for $f (@ARGV) {
+
+  $f =~ /(.*\/)*(.*)$/;
+
+  open(IN, "<$f")          || die ("$0: input file $f missing!\n");
+  while (<IN>) {
+    for $s (keys(%def)) {
+      s#$s#$def{$s}#;
+    } # for $s
+    print;
+  } # while <IN>
+} # for $f
+
+exit 0;
diff -ruN --exclude CVS ssh-openbsd-2002030700/fixprogs openssh-3.1p1/fixprogs
--- ssh-openbsd-2002030700/fixprogs	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/fixprogs	Sat Sep 16 16:10:56 2000
@@ -0,0 +1,72 @@
+#!/usr/bin/perl
+#
+# fixprogs  - run through the list of entropy commands and
+#             score out the losers
+#
+
+$entscale = 50; # divisor for optional entropy measurement
+
+sub usage {
+  return("Usage: $0 <command file>\n");
+}
+
+if (($#ARGV == -1) || ($#ARGV>1)) {
+  die(&usage);
+}
+
+# 'undocumented' option - run ent (in second param) on the output
+if ($#ARGV==1) {
+  $entcmd=$ARGV[1]
+} else {
+  $entcmd = ""
+};
+
+$infilename = $ARGV[0];
+
+if (!open(IN, "<".$infilename)) {
+  die("Couldn't open input file");
+}
+$outfilename=$infilename.".out";
+if (!open(OUT, ">$outfilename")) {
+  die("Couldn't open output file $outfilename");
+}
+@infile=<IN>;
+
+select(OUT); $|=1; select(STDOUT);
+
+foreach (@infile) {
+  if (/^\s*\#/ || /^\s*$/) {
+    print OUT;
+    next;
+  }
+  ($cmd, $path, $est) = /^\"([^\"]+)\"\s+([\w\/_-]+)\s+([\d\.\-]+)/o;
+  @args = split(/ /, $cmd);
+   if (! ($pid = fork())) {
+     # child
+     close STDIN; close STDOUT; close STDERR;
+     open (STDIN,  "</dev/null");
+     open (STDOUT, ">/dev/null");
+     open (STDERR, ">/dev/null");
+     exec $path @args;
+     exit 1; # shouldn't be here
+   }
+   # parent
+   waitpid ($pid, 0); $ret=$? >> 8;
+
+  if ($ret != 0) {
+    $path = "undef";
+  } else {
+    if ($entcmd ne "") {
+      # now try to run ent on the command
+      $mostargs=join(" ", splice(@args,1));
+      print "Evaluating '$path $mostargs'\n";
+      @ent = qx{$path $mostargs | $entcmd -b -t};
+      @ent = grep(/^1,/, @ent);
+      ($null, $null, $rate) = split(/,/, $ent[0]);
+      $est = $rate / $entscale;		# scale the estimate back
+    }
+  }    
+  print OUT "\"$cmd\" $path $est\n";
+}
+
+close(IN);
diff -ruN --exclude CVS ssh-openbsd-2002030700/includes.h openssh-3.1p1/includes.h
--- ssh-openbsd-2002030700/includes.h	Sun Feb  3 09:30:36 2002
+++ openssh-3.1p1/includes.h	Tue Feb  5 12:11:03 2002
@@ -19,48 +19,88 @@
 #define RCSID(msg) \
 static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg }
 
+#include "config.h"
+
+#include "openbsd-compat/bsd-nextstep.h"
+
 #include <sys/types.h>
 #include <sys/socket.h>
-#include <sys/select.h>
-#include <sys/param.h>
 #include <sys/ioctl.h>
-#include <sys/endian.h>
-#include <sys/stat.h>
 #include <sys/wait.h>
-#include <sys/time.h>
-#include <sys/un.h>
 #include <sys/resource.h>
 
-#include <netinet/in.h>
-#include <netinet/in_systm.h>
 #include <netinet/tcp.h>
-#include <netinet/ip.h>
 #include <arpa/inet.h>
-#include <netdb.h>
 
-#include <netgroup.h>
 #include <stdio.h>
 #include <ctype.h>
 #include <errno.h>
 #include <fcntl.h>
 #include <signal.h>
-#include <termios.h>
 #include <stdlib.h>
 #include <string.h>
 #include <stdarg.h>
 #include <pwd.h>
 #include <grp.h>
-#include <unistd.h>
 #include <time.h>
-#include <paths.h>
 #include <dirent.h>
 
+#ifdef HAVE_LIMITS_H
+# include <limits.h>
+#endif
+#ifdef HAVE_GETOPT_H
+# include <getopt.h>
+#endif
+#ifndef HAVE_GETOPT_OPTRESET
+#define getopt(ac, av, o)  BSDgetopt(ac, av, o)
+#endif
+#ifdef HAVE_BSTRING_H
+# include <bstring.h>
+#endif
+#if defined(HAVE_GLOB_H) && defined(GLOB_HAS_ALTDIRFUNC) && \
+    defined(GLOB_HAS_GL_MATCHC)
+# include <glob.h>
+#endif
+#ifdef HAVE_NETGROUP_H
+# include <netgroup.h>
+#endif
+#if defined(HAVE_NETDB_H)
+# include <netdb.h>
+#endif
+#ifdef HAVE_ENDIAN_H
+# include <endian.h>
+#endif
+#ifdef HAVE_SYS_SELECT_H
+# include <sys/select.h>
+#endif
+#ifdef HAVE_SYS_TIME_H
+# include <sys/time.h>
+#endif
+#ifdef HAVE_SYS_BSDTTY_H
+# include <sys/bsdtty.h>
+#endif
+#ifdef HAVE_TTYENT_H
+# include <ttyent.h>
+#endif
+#ifdef USE_PAM
+# include <security/pam_appl.h>
+#endif
+#ifdef HAVE_POLL_H
+# include <poll.h>
+#else
+# ifdef HAVE_SYS_POLL_H
+#  include <sys/poll.h>
+# endif
+#endif
+#ifdef HAVE_SYS_SYSMACROS_H
+# include <sys/sysmacros.h>
+#endif
+#ifdef HAVE_UTIME_H
+# include <utime.h>
+#endif
 #include "version.h"
+#include "openbsd-compat/openbsd-compat.h"
+#include "openbsd-compat/bsd-cygwin_util.h"
+#include "entropy.h"
 
-/*
- * Define this to use pipes instead of socketpairs for communicating with the
- * client program.  Socketpairs do not seem to work on all systems.
- */
-#define USE_PIPES 1
-
-#endif				/* INCLUDES_H */
+#endif /* INCLUDES_H */
diff -ruN --exclude CVS ssh-openbsd-2002030700/install-sh openssh-3.1p1/install-sh
--- ssh-openbsd-2002030700/install-sh	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/install-sh	Thu Nov 25 12:31:26 1999
@@ -0,0 +1,251 @@
+#!/bin/sh
+#
+# install - install a program, script, or datafile
+# This comes from X11R5 (mit/util/scripts/install.sh).
+#
+# Copyright 1991 by the Massachusetts Institute of Technology
+#
+# Permission to use, copy, modify, distribute, and sell this software and its
+# documentation for any purpose is hereby granted without fee, provided that
+# the above copyright notice appear in all copies and that both that
+# copyright notice and this permission notice appear in supporting
+# documentation, and that the name of M.I.T. not be used in advertising or
+# publicity pertaining to distribution of the software without specific,
+# written prior permission.  M.I.T. makes no representations about the
+# suitability of this software for any purpose.  It is provided "as is"
+# without express or implied warranty.
+#
+# Calling this script install-sh is preferred over install.sh, to prevent
+# `make' implicit rules from creating a file called install from it
+# when there is no Makefile.
+#
+# This script is compatible with the BSD install script, but was written
+# from scratch.  It can only install one file at a time, a restriction
+# shared with many OS's install programs.
+
+
+# set DOITPROG to echo to test this script
+
+# Don't use :- since 4.3BSD and earlier shells don't like it.
+doit="${DOITPROG-}"
+
+
+# put in absolute paths if you don't have them in your path; or use env. vars.
+
+mvprog="${MVPROG-mv}"
+cpprog="${CPPROG-cp}"
+chmodprog="${CHMODPROG-chmod}"
+chownprog="${CHOWNPROG-chown}"
+chgrpprog="${CHGRPPROG-chgrp}"
+stripprog="${STRIPPROG-strip}"
+rmprog="${RMPROG-rm}"
+mkdirprog="${MKDIRPROG-mkdir}"
+
+transformbasename=""
+transform_arg=""
+instcmd="$mvprog"
+chmodcmd="$chmodprog 0755"
+chowncmd=""
+chgrpcmd=""
+stripcmd=""
+rmcmd="$rmprog -f"
+mvcmd="$mvprog"
+src=""
+dst=""
+dir_arg=""
+
+while [ x"$1" != x ]; do
+    case $1 in
+	-c) instcmd="$cpprog"
+	    shift
+	    continue;;
+
+	-d) dir_arg=true
+	    shift
+	    continue;;
+
+	-m) chmodcmd="$chmodprog $2"
+	    shift
+	    shift
+	    continue;;
+
+	-o) chowncmd="$chownprog $2"
+	    shift
+	    shift
+	    continue;;
+
+	-g) chgrpcmd="$chgrpprog $2"
+	    shift
+	    shift
+	    continue;;
+
+	-s) stripcmd="$stripprog"
+	    shift
+	    continue;;
+
+	-t=*) transformarg=`echo $1 | sed 's/-t=//'`
+	    shift
+	    continue;;
+
+	-b=*) transformbasename=`echo $1 | sed 's/-b=//'`
+	    shift
+	    continue;;
+
+	*)  if [ x"$src" = x ]
+	    then
+		src=$1
+	    else
+		# this colon is to work around a 386BSD /bin/sh bug
+		:
+		dst=$1
+	    fi
+	    shift
+	    continue;;
+    esac
+done
+
+if [ x"$src" = x ]
+then
+	echo "install:	no input file specified"
+	exit 1
+else
+	true
+fi
+
+if [ x"$dir_arg" != x ]; then
+	dst=$src
+	src=""
+	
+	if [ -d $dst ]; then
+		instcmd=:
+		chmodcmd=""
+	else
+		instcmd=mkdir
+	fi
+else
+
+# Waiting for this to be detected by the "$instcmd $src $dsttmp" command
+# might cause directories to be created, which would be especially bad 
+# if $src (and thus $dsttmp) contains '*'.
+
+	if [ -f $src -o -d $src ]
+	then
+		true
+	else
+		echo "install:  $src does not exist"
+		exit 1
+	fi
+	
+	if [ x"$dst" = x ]
+	then
+		echo "install:	no destination specified"
+		exit 1
+	else
+		true
+	fi
+
+# If destination is a directory, append the input filename; if your system
+# does not like double slashes in filenames, you may need to add some logic
+
+	if [ -d $dst ]
+	then
+		dst="$dst"/`basename $src`
+	else
+		true
+	fi
+fi
+
+## this sed command emulates the dirname command
+dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'`
+
+# Make sure that the destination directory exists.
+#  this part is taken from Noah Friedman's mkinstalldirs script
+
+# Skip lots of stat calls in the usual case.
+if [ ! -d "$dstdir" ]; then
+defaultIFS='	
+'
+IFS="${IFS-${defaultIFS}}"
+
+oIFS="${IFS}"
+# Some sh's can't handle IFS=/ for some reason.
+IFS='%'
+set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'`
+IFS="${oIFS}"
+
+pathcomp=''
+
+while [ $# -ne 0 ] ; do
+	pathcomp="${pathcomp}${1}"
+	shift
+
+	if [ ! -d "${pathcomp}" ] ;
+        then
+		$mkdirprog "${pathcomp}"
+	else
+		true
+	fi
+
+	pathcomp="${pathcomp}/"
+done
+fi
+
+if [ x"$dir_arg" != x ]
+then
+	$doit $instcmd $dst &&
+
+	if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else true ; fi &&
+	if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else true ; fi &&
+	if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else true ; fi &&
+	if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else true ; fi
+else
+
+# If we're going to rename the final executable, determine the name now.
+
+	if [ x"$transformarg" = x ] 
+	then
+		dstfile=`basename $dst`
+	else
+		dstfile=`basename $dst $transformbasename | 
+			sed $transformarg`$transformbasename
+	fi
+
+# don't allow the sed command to completely eliminate the filename
+
+	if [ x"$dstfile" = x ] 
+	then
+		dstfile=`basename $dst`
+	else
+		true
+	fi
+
+# Make a temp file name in the proper directory.
+
+	dsttmp=$dstdir/#inst.$$#
+
+# Move or copy the file name to the temp name
+
+	$doit $instcmd $src $dsttmp &&
+
+	trap "rm -f ${dsttmp}" 0 &&
+
+# and set any options; do chmod last to preserve setuid bits
+
+# If any of these fail, we abort the whole thing.  If we want to
+# ignore errors from any of these, just make sure not to ignore
+# errors from the above "$doit $instcmd $src $dsttmp" command.
+
+	if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else true;fi &&
+	if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else true;fi &&
+	if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else true;fi &&
+	if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else true;fi &&
+
+# Now rename the file to the real destination.
+
+	$doit $rmcmd -f $dstdir/$dstfile &&
+	$doit $mvcmd $dsttmp $dstdir/$dstfile 
+
+fi &&
+
+
+exit 0
diff -ruN --exclude CVS ssh-openbsd-2002030700/lib/Makefile openssh-3.1p1/lib/Makefile
--- ssh-openbsd-2002030700/lib/Makefile	Tue Feb 26 22:39:28 2002
+++ openssh-3.1p1/lib/Makefile	Thu Jan  1 10:00:00 1970
@@ -1,35 +0,0 @@
-#	$OpenBSD: Makefile,v 1.31 2002/02/22 12:20:34 markus Exp $
-
-.PATH:		${.CURDIR}/..
-
-LIB=	ssh
-SRCS=   authfd.c authfile.c bufaux.c buffer.c canohost.c channels.c \
-	cipher.c compat.c compress.c crc32.c deattack.c fatal.c \
-	hostfile.c log.c match.c mpaux.c nchan.c packet.c readpass.c \
-	rsa.c tildexpand.c ttymodes.c uidswap.c xmalloc.c atomicio.c \
-	key.c dispatch.c kex.c mac.c uuencode.c misc.c \
-	rijndael.c ssh-dss.c ssh-rsa.c dh.c kexdh.c kexgex.c \
-	scard.c
-
-DEBUGLIBS= no
-NOPROFILE= yes
-NOPIC=	yes
-
-install:
-	@echo -n
-
-.include <bsd.own.mk>
-
-.if (${KERBEROS:L} == "yes")
-CFLAGS+= -DKRB4 -I${DESTDIR}/usr/include/kerberosIV
-.if (${AFS:L} == "yes")
-CFLAGS+= -DAFS
-SRCS+=  radix.c
-.endif # AFS
-.endif # KERBEROS
-
-.if (${KERBEROS5:L} == "yes")
-CFLAGS+= -DKRB5 -I${DESTDIR}/usr/include/kerberosV
-.endif # KERBEROS5
-
-.include <bsd.lib.mk>
diff -ruN --exclude CVS ssh-openbsd-2002030700/log.c openssh-3.1p1/log.c
--- ssh-openbsd-2002030700/log.c	Tue Feb 26 22:39:27 2002
+++ openssh-3.1p1/log.c	Wed Feb 27 04:52:15 2002
@@ -57,6 +57,9 @@
 	{ "DAEMON",	SYSLOG_FACILITY_DAEMON },
 	{ "USER",	SYSLOG_FACILITY_USER },
 	{ "AUTH",	SYSLOG_FACILITY_AUTH },
+#ifdef LOG_AUTHPRIV
+	{ "AUTHPRIV",	SYSLOG_FACILITY_AUTHPRIV },
+#endif
 	{ "LOCAL0",	SYSLOG_FACILITY_LOCAL0 },
 	{ "LOCAL1",	SYSLOG_FACILITY_LOCAL1 },
 	{ "LOCAL2",	SYSLOG_FACILITY_LOCAL2 },
@@ -273,6 +276,11 @@
 	case SYSLOG_FACILITY_AUTH:
 		log_facility = LOG_AUTH;
 		break;
+#ifdef LOG_AUTHPRIV
+	case SYSLOG_FACILITY_AUTHPRIV:
+		log_facility = LOG_AUTHPRIV;
+		break;
+#endif
 	case SYSLOG_FACILITY_LOCAL0:
 		log_facility = LOG_LOCAL0;
 		break;
diff -ruN --exclude CVS ssh-openbsd-2002030700/log.h openssh-3.1p1/log.h
--- ssh-openbsd-2002030700/log.h	Tue Feb 26 22:39:27 2002
+++ openssh-3.1p1/log.h	Wed Feb 27 04:52:15 2002
@@ -15,11 +15,16 @@
 #ifndef SSH_LOG_H
 #define SSH_LOG_H
 
+#include <syslog.h> /* Needed for LOG_AUTHPRIV (if present) */
+
 /* Supported syslog facilities and levels. */
 typedef enum {
 	SYSLOG_FACILITY_DAEMON,
 	SYSLOG_FACILITY_USER,
 	SYSLOG_FACILITY_AUTH,
+#ifdef LOG_AUTHPRIV
+	SYSLOG_FACILITY_AUTHPRIV,
+#endif
 	SYSLOG_FACILITY_LOCAL0,
 	SYSLOG_FACILITY_LOCAL1,
 	SYSLOG_FACILITY_LOCAL2,
diff -ruN --exclude CVS ssh-openbsd-2002030700/loginrec.c openssh-3.1p1/loginrec.c
--- ssh-openbsd-2002030700/loginrec.c	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/loginrec.c	Mon Feb 25 12:56:47 2002
@@ -0,0 +1,1505 @@
+/*
+ * Copyright (c) 2000 Andre Lucas.  All rights reserved.
+ * Portions copyright (c) 1998 Todd C. Miller
+ * Portions copyright (c) 1996 Jason Downs
+ * Portions copyright (c) 1996 Theo de Raadt
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by Markus Friedl.
+ * 4. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ ** loginrec.c:  platform-independent login recording and lastlog retrieval
+ **/
+
+/*
+  The new login code explained
+  ============================
+
+  This code attempts to provide a common interface to login recording
+  (utmp and friends) and last login time retrieval.
+
+  Its primary means of achieving this is to use 'struct logininfo', a
+  union of all the useful fields in the various different types of
+  system login record structures one finds on UNIX variants.
+
+  We depend on autoconf to define which recording methods are to be
+  used, and which fields are contained in the relevant data structures
+  on the local system. Many C preprocessor symbols affect which code
+  gets compiled here.
+
+  The code is designed to make it easy to modify a particular
+  recording method, without affecting other methods nor requiring so
+  many nested conditional compilation blocks as were commonplace in
+  the old code.
+
+  For login recording, we try to use the local system's libraries as
+  these are clearly most likely to work correctly. For utmp systems
+  this usually means login() and logout() or setutent() etc., probably
+  in libutil, along with logwtmp() etc. On these systems, we fall back
+  to writing the files directly if we have to, though this method
+  requires very thorough testing so we do not corrupt local auditing
+  information. These files and their access methods are very system
+  specific indeed.
+
+  For utmpx systems, the corresponding library functions are
+  setutxent() etc. To the author's knowledge, all utmpx systems have
+  these library functions and so no direct write is attempted. If such
+  a system exists and needs support, direct analogues of the [uw]tmp
+  code should suffice.
+
+  Retrieving the time of last login ('lastlog') is in some ways even
+  more problemmatic than login recording. Some systems provide a
+  simple table of all users which we seek based on uid and retrieve a
+  relatively standard structure. Others record the same information in
+  a directory with a separate file, and others don't record the
+  information separately at all. For systems in the latter category,
+  we look backwards in the wtmp or wtmpx file for the last login entry
+  for our user. Naturally this is slower and on busy systems could
+  incur a significant performance penalty.
+
+  Calling the new code
+  --------------------
+
+  In OpenSSH all login recording and retrieval is performed in
+  login.c. Here you'll find working examples. Also, in the logintest.c
+  program there are more examples.
+
+  Internal handler calling method
+  -------------------------------
+
+  When a call is made to login_login() or login_logout(), both
+  routines set a struct logininfo flag defining which action (log in,
+  or log out) is to be taken. They both then call login_write(), which
+  calls whichever of the many structure-specific handlers autoconf
+  selects for the local system.
+
+  The handlers themselves handle system data structure specifics. Both
+  struct utmp and struct utmpx have utility functions (see
+  construct_utmp*()) to try to make it simpler to add extra systems
+  that introduce new features to either structure.
+
+  While it may seem terribly wasteful to replicate so much similar
+  code for each method, experience has shown that maintaining code to
+  write both struct utmp and utmpx in one function, whilst maintaining
+  support for all systems whether they have library support or not, is
+  a difficult and time-consuming task.
+
+  Lastlog support proceeds similarly. Functions login_get_lastlog()
+  (and its OpenSSH-tuned friend login_get_lastlog_time()) call
+  getlast_entry(), which tries one of three methods to find the last
+  login time. It uses local system lastlog support if it can,
+  otherwise it tries wtmp or wtmpx before giving up and returning 0,
+  meaning "tilt".
+
+  Maintenance
+  -----------
+
+  In many cases it's possible to tweak autoconf to select the correct
+  methods for a particular platform, either by improving the detection
+  code (best), or by presetting DISABLE_<method> or CONF_<method>_FILE
+  symbols for the platform.
+
+  Use logintest to check which symbols are defined before modifying
+  configure.ac and loginrec.c. (You have to build logintest yourself
+  with 'make logintest' as it's not built by default.)
+
+  Otherwise, patches to the specific method(s) are very helpful!
+
+*/
+
+/**
+ ** TODO:
+ **   homegrown ttyslot()
+ **   test, test, test
+ **
+ ** Platform status:
+ ** ----------------
+ **
+ ** Known good:
+ **   Linux (Redhat 6.2, Debian)
+ **   Solaris
+ **   HP-UX 10.20 (gcc only)
+ **   IRIX
+ **   NeXT - M68k/HPPA/Sparc (4.2/3.3)
+ **
+ ** Testing required: Please send reports!
+ **   NetBSD
+ **   HP-UX 11
+ **   AIX
+ **
+ ** Platforms with known problems:
+ **   Some variants of Slackware Linux
+ **
+ **/
+
+#include "includes.h"
+
+#include "ssh.h"
+#include "xmalloc.h"
+#include "loginrec.h"
+#include "log.h"
+#include "atomicio.h"
+
+RCSID("$Id: loginrec.c,v 1.39 2002/02/25 01:56:47 tim Exp $");
+
+#ifdef HAVE_UTIL_H
+#  include <util.h>
+#endif
+
+#ifdef HAVE_LIBUTIL_H
+#   include <libutil.h>
+#endif
+
+/**
+ ** prototypes for helper functions in this file
+ **/
+
+#if HAVE_UTMP_H
+void set_utmp_time(struct logininfo *li, struct utmp *ut);
+void construct_utmp(struct logininfo *li, struct utmp *ut);
+#endif
+
+#ifdef HAVE_UTMPX_H
+void set_utmpx_time(struct logininfo *li, struct utmpx *ut);
+void construct_utmpx(struct logininfo *li, struct utmpx *ut);
+#endif
+
+int utmp_write_entry(struct logininfo *li);
+int utmpx_write_entry(struct logininfo *li);
+int wtmp_write_entry(struct logininfo *li);
+int wtmpx_write_entry(struct logininfo *li);
+int lastlog_write_entry(struct logininfo *li);
+int syslogin_write_entry(struct logininfo *li);
+
+int getlast_entry(struct logininfo *li);
+int lastlog_get_entry(struct logininfo *li);
+int wtmp_get_entry(struct logininfo *li);
+int wtmpx_get_entry(struct logininfo *li);
+
+/* pick the shortest string */
+#define MIN_SIZEOF(s1,s2) ( sizeof(s1) < sizeof(s2) ? sizeof(s1) : sizeof(s2) )
+
+/**
+ ** platform-independent login functions
+ **/
+
+/* login_login(struct logininfo *)     -Record a login
+ *
+ * Call with a pointer to a struct logininfo initialised with
+ * login_init_entry() or login_alloc_entry()
+ *
+ * Returns:
+ *  >0 if successful
+ *  0  on failure (will use OpenSSH's logging facilities for diagnostics)
+ */
+int
+login_login (struct logininfo *li)
+{
+	li->type = LTYPE_LOGIN;
+	return login_write(li);
+}
+
+
+/* login_logout(struct logininfo *)     - Record a logout
+ *
+ * Call as with login_login()
+ *
+ * Returns:
+ *  >0 if successful
+ *  0  on failure (will use OpenSSH's logging facilities for diagnostics)
+ */
+int
+login_logout(struct logininfo *li)
+{
+	li->type = LTYPE_LOGOUT;
+	return login_write(li);
+}
+
+/* login_get_lastlog_time(int)           - Retrieve the last login time
+ *
+ * Retrieve the last login time for the given uid. Will try to use the
+ * system lastlog facilities if they are available, but will fall back
+ * to looking in wtmp/wtmpx if necessary
+ *
+ * Returns:
+ *   0 on failure, or if user has never logged in
+ *   Time in seconds from the epoch if successful
+ *
+ * Useful preprocessor symbols:
+ *   DISABLE_LASTLOG: If set, *never* even try to retrieve lastlog
+ *                    info
+ *   USE_LASTLOG: If set, indicates the presence of system lastlog
+ *                facilities. If this and DISABLE_LASTLOG are not set,
+ *                try to retrieve lastlog information from wtmp/wtmpx.
+ */
+unsigned int
+login_get_lastlog_time(const int uid)
+{
+	struct logininfo li;
+
+	if (login_get_lastlog(&li, uid))
+		return li.tv_sec;
+	else
+		return 0;
+}
+
+/* login_get_lastlog(struct logininfo *, int)   - Retrieve a lastlog entry
+ *
+ * Retrieve a logininfo structure populated (only partially) with
+ * information from the system lastlog data, or from wtmp/wtmpx if no
+ * system lastlog information exists.
+ *
+ * Note this routine must be given a pre-allocated logininfo.
+ *
+ * Returns:
+ *  >0: A pointer to your struct logininfo if successful
+ *  0  on failure (will use OpenSSH's logging facilities for diagnostics)
+ *
+ */
+struct logininfo *
+login_get_lastlog(struct logininfo *li, const int uid)
+{
+	struct passwd *pw;
+
+	memset(li, '\0', sizeof(*li));
+	li->uid = uid;
+
+	/*
+	 * If we don't have a 'real' lastlog, we need the username to
+	 * reliably search wtmp(x) for the last login (see
+	 * wtmp_get_entry().)
+	 */
+	pw = getpwuid(uid);
+	if (pw == NULL)
+		fatal("login_get_lastlog: Cannot find account for uid %i", uid);
+
+	/* No MIN_SIZEOF here - we absolutely *must not* truncate the
+	 * username */
+	strlcpy(li->username, pw->pw_name, sizeof(li->username));
+
+	if (getlast_entry(li))
+		return li;
+	else
+		return NULL;
+}
+
+
+/* login_alloc_entry(int, char*, char*, char*)    - Allocate and initialise
+ *                                                  a logininfo structure
+ *
+ * This function creates a new struct logininfo, a data structure
+ * meant to carry the information required to portably record login info.
+ *
+ * Returns a pointer to a newly created struct logininfo. If memory
+ * allocation fails, the program halts.
+ */
+struct
+logininfo *login_alloc_entry(int pid, const char *username,
+			     const char *hostname, const char *line)
+{
+	struct logininfo *newli;
+
+	newli = (struct logininfo *) xmalloc (sizeof(*newli));
+	(void)login_init_entry(newli, pid, username, hostname, line);
+	return newli;
+}
+
+
+/* login_free_entry(struct logininfo *)    - free struct memory */
+void
+login_free_entry(struct logininfo *li)
+{
+	xfree(li);
+}
+
+
+/* login_init_entry(struct logininfo *, int, char*, char*, char*)
+ *                                        - initialise a struct logininfo
+ *
+ * Populates a new struct logininfo, a data structure meant to carry
+ * the information required to portably record login info.
+ *
+ * Returns: 1
+ */
+int
+login_init_entry(struct logininfo *li, int pid, const char *username,
+		 const char *hostname, const char *line)
+{
+	struct passwd *pw;
+
+	memset(li, 0, sizeof(*li));
+
+	li->pid = pid;
+
+	/* set the line information */
+	if (line)
+		line_fullname(li->line, line, sizeof(li->line));
+
+	if (username) {
+		strlcpy(li->username, username, sizeof(li->username));
+		pw = getpwnam(li->username);
+		if (pw == NULL)
+			fatal("login_init_entry: Cannot find user \"%s\"", li->username);
+		li->uid = pw->pw_uid;
+	}
+
+	if (hostname)
+		strlcpy(li->hostname, hostname, sizeof(li->hostname));
+
+	return 1;
+}
+
+/* login_set_current_time(struct logininfo *)    - set the current time
+ *
+ * Set the current time in a logininfo structure. This function is
+ * meant to eliminate the need to deal with system dependencies for
+ * time handling.
+ */
+void
+login_set_current_time(struct logininfo *li)
+{
+	struct timeval tv;
+
+	gettimeofday(&tv, NULL);
+
+	li->tv_sec = tv.tv_sec;
+	li->tv_usec = tv.tv_usec;
+}
+
+/* copy a sockaddr_* into our logininfo */
+void
+login_set_addr(struct logininfo *li, const struct sockaddr *sa,
+	       const unsigned int sa_size)
+{
+	unsigned int bufsize = sa_size;
+
+	/* make sure we don't overrun our union */
+	if (sizeof(li->hostaddr) < sa_size)
+		bufsize = sizeof(li->hostaddr);
+
+	memcpy((void *)&(li->hostaddr.sa), (const void *)sa, bufsize);
+}
+
+
+/**
+ ** login_write: Call low-level recording functions based on autoconf
+ ** results
+ **/
+int
+login_write (struct logininfo *li)
+{
+#ifndef HAVE_CYGWIN
+	if ((int)geteuid() != 0) {
+	  log("Attempt to write login records by non-root user (aborting)");
+	  return 1;
+	}
+#endif
+
+	/* set the timestamp */
+	login_set_current_time(li);
+#ifdef USE_LOGIN
+	syslogin_write_entry(li);
+#endif
+#ifdef USE_LASTLOG
+	if (li->type == LTYPE_LOGIN) {
+		lastlog_write_entry(li);
+	}
+#endif
+#ifdef USE_UTMP
+	utmp_write_entry(li);
+#endif
+#ifdef USE_WTMP
+	wtmp_write_entry(li);
+#endif
+#ifdef USE_UTMPX
+	utmpx_write_entry(li);
+#endif
+#ifdef USE_WTMPX
+	wtmpx_write_entry(li);
+#endif
+	return 0;
+}
+
+#ifdef LOGIN_NEEDS_UTMPX
+int
+login_utmp_only(struct logininfo *li)
+{
+	li->type = LTYPE_LOGIN; 
+	login_set_current_time(li);
+# ifdef USE_UTMP
+	utmp_write_entry(li);
+# endif
+# ifdef USE_WTMP
+	wtmp_write_entry(li);
+# endif
+# ifdef USE_UTMPX
+	utmpx_write_entry(li);
+# endif
+# ifdef USE_WTMPX
+	wtmpx_write_entry(li);
+# endif
+	return 0;
+}
+#endif
+
+/**
+ ** getlast_entry: Call low-level functions to retrieve the last login
+ **                time.
+ **/
+
+/* take the uid in li and return the last login time */
+int
+getlast_entry(struct logininfo *li)
+{
+#ifdef USE_LASTLOG
+	return(lastlog_get_entry(li));
+#else /* !USE_LASTLOG */
+
+#ifdef DISABLE_LASTLOG
+	/* On some systems we shouldn't even try to obtain last login
+	 * time, e.g. AIX */
+	return 0;
+# else /* DISABLE_LASTLOG */
+	/* Try to retrieve the last login time from wtmp */
+#  if defined(USE_WTMP) && (defined(HAVE_TIME_IN_UTMP) || defined(HAVE_TV_IN_UTMP))
+	/* retrieve last login time from utmp */
+	return (wtmp_get_entry(li));
+#  else /* defined(USE_WTMP) && (defined(HAVE_TIME_IN_UTMP) || defined(HAVE_TV_IN_UTMP)) */
+	/* If wtmp isn't available, try wtmpx */
+#   if defined(USE_WTMPX) && (defined(HAVE_TIME_IN_UTMPX) || defined(HAVE_TV_IN_UTMPX))
+	/* retrieve last login time from utmpx */
+	return (wtmpx_get_entry(li));
+#   else
+	/* Give up: No means of retrieving last login time */
+	return 0;
+#   endif /* USE_WTMPX && (HAVE_TIME_IN_UTMPX || HAVE_TV_IN_UTMPX) */
+#  endif /* USE_WTMP && (HAVE_TIME_IN_UTMP || HAVE_TV_IN_UTMP) */
+# endif /* DISABLE_LASTLOG */
+#endif /* USE_LASTLOG */
+}
+
+
+
+/*
+ * 'line' string utility functions
+ *
+ * These functions process the 'line' string into one of three forms:
+ *
+ * 1. The full filename (including '/dev')
+ * 2. The stripped name (excluding '/dev')
+ * 3. The abbreviated name (e.g. /dev/ttyp00 -> yp00
+ *                               /dev/pts/1  -> ts/1 )
+ *
+ * Form 3 is used on some systems to identify a .tmp.? entry when
+ * attempting to remove it. Typically both addition and removal is
+ * performed by one application - say, sshd - so as long as the choice
+ * uniquely identifies a terminal it's ok.
+ */
+
+
+/* line_fullname(): add the leading '/dev/' if it doesn't exist make
+ * sure dst has enough space, if not just copy src (ugh) */
+char *
+line_fullname(char *dst, const char *src, int dstsize)
+{
+	memset(dst, '\0', dstsize);
+	if ((strncmp(src, "/dev/", 5) == 0) || (dstsize < (strlen(src) + 5))) {
+		strlcpy(dst, src, dstsize);
+	} else {
+		strlcpy(dst, "/dev/", dstsize);
+		strlcat(dst, src, dstsize);
+	}
+	return dst;
+}
+
+/* line_stripname(): strip the leading '/dev' if it exists, return dst */
+char *
+line_stripname(char *dst, const char *src, int dstsize)
+{
+	memset(dst, '\0', dstsize);
+	if (strncmp(src, "/dev/", 5) == 0)
+		strlcpy(dst, src + 5, dstsize);
+	else
+		strlcpy(dst, src, dstsize);
+	return dst;
+}
+
+/* line_abbrevname(): Return the abbreviated (usually four-character)
+ * form of the line (Just use the last <dstsize> characters of the
+ * full name.)
+ *
+ * NOTE: use strncpy because we do NOT necessarily want zero
+ * termination */
+char *
+line_abbrevname(char *dst, const char *src, int dstsize)
+{
+	size_t len;
+
+	memset(dst, '\0', dstsize);
+
+	/* Always skip prefix if present */
+	if (strncmp(src, "/dev/", 5) == 0)
+		src += 5;
+
+	len = strlen(src);
+
+	if (len > 0) {
+		if (((int)len - dstsize) > 0)
+			src +=  ((int)len - dstsize);
+
+		/* note: _don't_ change this to strlcpy */
+		strncpy(dst, src, (size_t)dstsize);
+	}
+
+	return dst;
+}
+
+/**
+ ** utmp utility functions
+ **
+ ** These functions manipulate struct utmp, taking system differences
+ ** into account.
+ **/
+
+#if defined(USE_UTMP) || defined (USE_WTMP) || defined (USE_LOGIN)
+
+/* build the utmp structure */
+void
+set_utmp_time(struct logininfo *li, struct utmp *ut)
+{
+# ifdef HAVE_TV_IN_UTMP
+	ut->ut_tv.tv_sec = li->tv_sec;
+	ut->ut_tv.tv_usec = li->tv_usec;
+# else
+#  ifdef HAVE_TIME_IN_UTMP
+	ut->ut_time = li->tv_sec;
+#  endif
+# endif
+}
+
+void
+construct_utmp(struct logininfo *li,
+		    struct utmp *ut)
+{
+	memset(ut, '\0', sizeof(*ut));
+
+	/* First fill out fields used for both logins and logouts */
+
+# ifdef HAVE_ID_IN_UTMP
+	line_abbrevname(ut->ut_id, li->line, sizeof(ut->ut_id));
+# endif
+
+# ifdef HAVE_TYPE_IN_UTMP
+	/* This is done here to keep utmp constants out of struct logininfo */
+	switch (li->type) {
+	case LTYPE_LOGIN:
+		ut->ut_type = USER_PROCESS;
+#ifdef _CRAY
+		cray_set_tmpdir(ut);
+#endif
+		break;
+	case LTYPE_LOGOUT:
+		ut->ut_type = DEAD_PROCESS;
+#ifdef _CRAY
+		cray_retain_utmp(ut, li->pid);
+#endif
+		break;
+	}
+# endif
+	set_utmp_time(li, ut);
+
+	line_stripname(ut->ut_line, li->line, sizeof(ut->ut_line));
+
+# ifdef HAVE_PID_IN_UTMP
+	ut->ut_pid = li->pid;
+# endif
+
+	/* If we're logging out, leave all other fields blank */
+	if (li->type == LTYPE_LOGOUT)
+	  return;
+
+	/*
+	 * These fields are only used when logging in, and are blank
+	 * for logouts.
+	 */
+
+	/* Use strncpy because we don't necessarily want null termination */
+	strncpy(ut->ut_name, li->username, MIN_SIZEOF(ut->ut_name, li->username));
+# ifdef HAVE_HOST_IN_UTMP
+	strncpy(ut->ut_host, li->hostname, MIN_SIZEOF(ut->ut_host, li->hostname));
+# endif
+# ifdef HAVE_ADDR_IN_UTMP
+	/* this is just a 32-bit IP address */
+	if (li->hostaddr.sa.sa_family == AF_INET)
+		ut->ut_addr = li->hostaddr.sa_in.sin_addr.s_addr;
+# endif
+}
+#endif /* USE_UTMP || USE_WTMP || USE_LOGIN */
+
+/**
+ ** utmpx utility functions
+ **
+ ** These functions manipulate struct utmpx, accounting for system
+ ** variations.
+ **/
+
+#if defined(USE_UTMPX) || defined (USE_WTMPX)
+/* build the utmpx structure */
+void
+set_utmpx_time(struct logininfo *li, struct utmpx *utx)
+{
+# ifdef HAVE_TV_IN_UTMPX
+	utx->ut_tv.tv_sec = li->tv_sec;
+	utx->ut_tv.tv_usec = li->tv_usec;
+# else /* HAVE_TV_IN_UTMPX */
+#  ifdef HAVE_TIME_IN_UTMPX
+	utx->ut_time = li->tv_sec;
+#  endif /* HAVE_TIME_IN_UTMPX */
+# endif /* HAVE_TV_IN_UTMPX */
+}
+
+void
+construct_utmpx(struct logininfo *li, struct utmpx *utx)
+{
+	memset(utx, '\0', sizeof(*utx));
+# ifdef HAVE_ID_IN_UTMPX
+	line_abbrevname(utx->ut_id, li->line, sizeof(utx->ut_id));
+# endif
+
+	/* this is done here to keep utmp constants out of loginrec.h */
+	switch (li->type) {
+	case LTYPE_LOGIN:
+		utx->ut_type = USER_PROCESS;
+		break;
+	case LTYPE_LOGOUT:
+		utx->ut_type = DEAD_PROCESS;
+		break;
+	}
+	line_stripname(utx->ut_line, li->line, sizeof(utx->ut_line));
+	set_utmpx_time(li, utx);
+	utx->ut_pid = li->pid;
+	/* strncpy(): Don't necessarily want null termination */
+	strncpy(utx->ut_name, li->username, MIN_SIZEOF(utx->ut_name, li->username));
+
+	if (li->type == LTYPE_LOGOUT)
+		return;
+
+	/*
+	 * These fields are only used when logging in, and are blank
+	 * for logouts.
+	 */
+
+# ifdef HAVE_HOST_IN_UTMPX
+	strncpy(utx->ut_host, li->hostname, MIN_SIZEOF(utx->ut_host, li->hostname));
+# endif
+# ifdef HAVE_ADDR_IN_UTMPX
+	/* this is just a 32-bit IP address */
+	if (li->hostaddr.sa.sa_family == AF_INET)
+		utx->ut_addr = li->hostaddr.sa_in.sin_addr.s_addr;
+# endif
+# ifdef HAVE_SYSLEN_IN_UTMPX
+	/* ut_syslen is the length of the utx_host string */
+	utx->ut_syslen = MIN(strlen(li->hostname), sizeof(utx->ut_host));
+# endif
+}
+#endif /* USE_UTMPX || USE_WTMPX */
+
+/**
+ ** Low-level utmp functions
+ **/
+
+/* FIXME: (ATL) utmp_write_direct needs testing */
+#ifdef USE_UTMP
+
+/* if we can, use pututline() etc. */
+# if !defined(DISABLE_PUTUTLINE) && defined(HAVE_SETUTENT) && \
+	defined(HAVE_PUTUTLINE)
+#  define UTMP_USE_LIBRARY
+# endif
+
+
+/* write a utmp entry with the system's help (pututline() and pals) */
+# ifdef UTMP_USE_LIBRARY
+static int
+utmp_write_library(struct logininfo *li, struct utmp *ut)
+{
+	setutent();
+	pututline(ut);
+
+#  ifdef HAVE_ENDUTENT
+	endutent();
+#  endif
+	return 1;
+}
+# else /* UTMP_USE_LIBRARY */
+
+/* write a utmp entry direct to the file */
+/* This is a slightly modification of code in OpenBSD's login.c */
+static int
+utmp_write_direct(struct logininfo *li, struct utmp *ut)
+{
+	struct utmp old_ut;
+	register int fd;
+	int tty;
+
+	/* FIXME: (ATL) ttyslot() needs local implementation */
+
+#if defined(HAVE_GETTTYENT)
+	register struct ttyent *ty;
+
+	tty=0;
+
+	setttyent();
+	while ((struct ttyent *)0 != (ty = getttyent())) {
+		tty++;
+		if (!strncmp(ty->ty_name, ut->ut_line, sizeof(ut->ut_line)))
+			break;
+	}
+	endttyent();
+
+	if((struct ttyent *)0 == ty) {
+		log("utmp_write_entry: tty not found");
+		return(1);
+	}
+#else /* FIXME */
+
+	tty = ttyslot(); /* seems only to work for /dev/ttyp? style names */
+
+#endif /* HAVE_GETTTYENT */
+
+	if (tty > 0 && (fd = open(UTMP_FILE, O_RDWR|O_CREAT, 0644)) >= 0) {
+		(void)lseek(fd, (off_t)(tty * sizeof(struct utmp)), SEEK_SET);
+		/*
+		 * Prevent luser from zero'ing out ut_host.
+		 * If the new ut_line is empty but the old one is not
+		 * and ut_line and ut_name match, preserve the old ut_line.
+		 */
+		if (atomicio(read, fd, &old_ut, sizeof(old_ut)) == sizeof(old_ut) &&
+			(ut->ut_host[0] == '\0') && (old_ut.ut_host[0] != '\0') &&
+			(strncmp(old_ut.ut_line, ut->ut_line, sizeof(ut->ut_line)) == 0) &&
+			(strncmp(old_ut.ut_name, ut->ut_name, sizeof(ut->ut_name)) == 0)) {
+			(void)memcpy(ut->ut_host, old_ut.ut_host, sizeof(ut->ut_host));
+		}
+
+		(void)lseek(fd, (off_t)(tty * sizeof(struct utmp)), SEEK_SET);
+		if (atomicio(write, fd, ut, sizeof(*ut)) != sizeof(*ut))
+			log("utmp_write_direct: error writing %s: %s",
+			    UTMP_FILE, strerror(errno));
+
+		(void)close(fd);
+		return 1;
+	} else {
+		return 0;
+	}
+}
+# endif /* UTMP_USE_LIBRARY */
+
+static int
+utmp_perform_login(struct logininfo *li)
+{
+	struct utmp ut;
+
+	construct_utmp(li, &ut);
+# ifdef UTMP_USE_LIBRARY
+	if (!utmp_write_library(li, &ut)) {
+		log("utmp_perform_login: utmp_write_library() failed");
+		return 0;
+	}
+# else
+	if (!utmp_write_direct(li, &ut)) {
+		log("utmp_perform_login: utmp_write_direct() failed");
+		return 0;
+	}
+# endif
+	return 1;
+}
+
+
+static int
+utmp_perform_logout(struct logininfo *li)
+{
+	struct utmp ut;
+
+	construct_utmp(li, &ut);
+# ifdef UTMP_USE_LIBRARY
+	if (!utmp_write_library(li, &ut)) {
+		log("utmp_perform_logout: utmp_write_library() failed");
+		return 0;
+	}
+# else
+	if (!utmp_write_direct(li, &ut)) {
+		log("utmp_perform_logout: utmp_write_direct() failed");
+		return 0;
+	}
+# endif
+	return 1;
+}
+
+
+int
+utmp_write_entry(struct logininfo *li)
+{
+	switch(li->type) {
+	case LTYPE_LOGIN:
+		return utmp_perform_login(li);
+
+	case LTYPE_LOGOUT:
+		return utmp_perform_logout(li);
+
+	default:
+		log("utmp_write_entry: invalid type field");
+		return 0;
+	}
+}
+#endif /* USE_UTMP */
+
+
+/**
+ ** Low-level utmpx functions
+ **/
+
+/* not much point if we don't want utmpx entries */
+#ifdef USE_UTMPX
+
+/* if we have the wherewithall, use pututxline etc. */
+# if !defined(DISABLE_PUTUTXLINE) && defined(HAVE_SETUTXENT) && \
+	defined(HAVE_PUTUTXLINE)
+#  define UTMPX_USE_LIBRARY
+# endif
+
+
+/* write a utmpx entry with the system's help (pututxline() and pals) */
+# ifdef UTMPX_USE_LIBRARY
+static int
+utmpx_write_library(struct logininfo *li, struct utmpx *utx)
+{
+	setutxent();
+	pututxline(utx);
+
+#  ifdef HAVE_ENDUTXENT
+	endutxent();
+#  endif
+	return 1;
+}
+
+# else /* UTMPX_USE_LIBRARY */
+
+/* write a utmp entry direct to the file */
+static int
+utmpx_write_direct(struct logininfo *li, struct utmpx *utx)
+{
+	log("utmpx_write_direct: not implemented!");
+	return 0;
+}
+# endif /* UTMPX_USE_LIBRARY */
+
+static int
+utmpx_perform_login(struct logininfo *li)
+{
+	struct utmpx utx;
+
+	construct_utmpx(li, &utx);
+# ifdef UTMPX_USE_LIBRARY
+	if (!utmpx_write_library(li, &utx)) {
+		log("utmpx_perform_login: utmp_write_library() failed");
+		return 0;
+	}
+# else
+	if (!utmpx_write_direct(li, &ut)) {
+		log("utmpx_perform_login: utmp_write_direct() failed");
+		return 0;
+	}
+# endif
+	return 1;
+}
+
+
+static int
+utmpx_perform_logout(struct logininfo *li)
+{
+	struct utmpx utx;
+
+	construct_utmpx(li, &utx);
+# ifdef HAVE_ID_IN_UTMPX
+	line_abbrevname(utx.ut_id, li->line, sizeof(utx.ut_id));
+# endif
+# ifdef HAVE_TYPE_IN_UTMPX
+	utx.ut_type = DEAD_PROCESS;
+# endif
+
+# ifdef UTMPX_USE_LIBRARY
+	utmpx_write_library(li, &utx);
+# else
+	utmpx_write_direct(li, &utx);
+# endif
+	return 1;
+}
+
+int
+utmpx_write_entry(struct logininfo *li)
+{
+	switch(li->type) {
+	case LTYPE_LOGIN:
+		return utmpx_perform_login(li);
+	case LTYPE_LOGOUT:
+		return utmpx_perform_logout(li);
+	default:
+		log("utmpx_write_entry: invalid type field");
+		return 0;
+	}
+}
+#endif /* USE_UTMPX */
+
+
+/**
+ ** Low-level wtmp functions
+ **/
+
+#ifdef USE_WTMP
+
+/* write a wtmp entry direct to the end of the file */
+/* This is a slight modification of code in OpenBSD's logwtmp.c */
+static int
+wtmp_write(struct logininfo *li, struct utmp *ut)
+{
+	struct stat buf;
+	int fd, ret = 1;
+
+	if ((fd = open(WTMP_FILE, O_WRONLY|O_APPEND, 0)) < 0) {
+		log("wtmp_write: problem writing %s: %s",
+		    WTMP_FILE, strerror(errno));
+		return 0;
+	}
+	if (fstat(fd, &buf) == 0)
+		if (atomicio(write, fd, ut, sizeof(*ut)) != sizeof(*ut)) {
+			ftruncate(fd, buf.st_size);
+			log("wtmp_write: problem writing %s: %s",
+			    WTMP_FILE, strerror(errno));
+			ret = 0;
+		}
+	(void)close(fd);
+	return ret;
+}
+
+static int
+wtmp_perform_login(struct logininfo *li)
+{
+	struct utmp ut;
+
+	construct_utmp(li, &ut);
+	return wtmp_write(li, &ut);
+}
+
+
+static int
+wtmp_perform_logout(struct logininfo *li)
+{
+	struct utmp ut;
+
+	construct_utmp(li, &ut);
+	return wtmp_write(li, &ut);
+}
+
+
+int
+wtmp_write_entry(struct logininfo *li)
+{
+	switch(li->type) {
+	case LTYPE_LOGIN:
+		return wtmp_perform_login(li);
+	case LTYPE_LOGOUT:
+		return wtmp_perform_logout(li);
+	default:
+		log("wtmp_write_entry: invalid type field");
+		return 0;
+	}
+}
+
+
+/* Notes on fetching login data from wtmp/wtmpx
+ *
+ * Logouts are usually recorded with (amongst other things) a blank
+ * username on a given tty line.  However, some systems (HP-UX is one)
+ * leave all fields set, but change the ut_type field to DEAD_PROCESS.
+ *
+ * Since we're only looking for logins here, we know that the username
+ * must be set correctly. On systems that leave it in, we check for
+ * ut_type==USER_PROCESS (indicating a login.)
+ *
+ * Portability: Some systems may set something other than USER_PROCESS
+ * to indicate a login process. I don't know of any as I write. Also,
+ * it's possible that some systems may both leave the username in
+ * place and not have ut_type.
+ */
+
+/* return true if this wtmp entry indicates a login */
+static int
+wtmp_islogin(struct logininfo *li, struct utmp *ut)
+{
+	if (strncmp(li->username, ut->ut_name,
+		MIN_SIZEOF(li->username, ut->ut_name)) == 0) {
+# ifdef HAVE_TYPE_IN_UTMP
+		if (ut->ut_type & USER_PROCESS)
+			return 1;
+# else
+		return 1;
+# endif
+	}
+	return 0;
+}
+
+int
+wtmp_get_entry(struct logininfo *li)
+{
+	struct stat st;
+	struct utmp ut;
+	int fd, found=0;
+
+	/* Clear the time entries in our logininfo */
+	li->tv_sec = li->tv_usec = 0;
+
+	if ((fd = open(WTMP_FILE, O_RDONLY)) < 0) {
+		log("wtmp_get_entry: problem opening %s: %s",
+		    WTMP_FILE, strerror(errno));
+		return 0;
+	}
+	if (fstat(fd, &st) != 0) {
+		log("wtmp_get_entry: couldn't stat %s: %s",
+		    WTMP_FILE, strerror(errno));
+		close(fd);
+		return 0;
+	}
+
+	/* Seek to the start of the last struct utmp */
+	if (lseek(fd, -(off_t)sizeof(struct utmp), SEEK_END) == -1) {
+		/* Looks like we've got a fresh wtmp file */
+		close(fd);
+		return 0;
+	}
+
+	while (!found) {
+		if (atomicio(read, fd, &ut, sizeof(ut)) != sizeof(ut)) {
+			log("wtmp_get_entry: read of %s failed: %s",
+			    WTMP_FILE, strerror(errno));
+			close (fd);
+			return 0;
+		}
+		if ( wtmp_islogin(li, &ut) ) {
+			found = 1;
+			/* We've already checked for a time in struct
+			 * utmp, in login_getlast(). */
+# ifdef HAVE_TIME_IN_UTMP
+			li->tv_sec = ut.ut_time;
+# else
+#  if HAVE_TV_IN_UTMP
+			li->tv_sec = ut.ut_tv.tv_sec;
+#  endif
+# endif
+			line_fullname(li->line, ut.ut_line,
+				      MIN_SIZEOF(li->line, ut.ut_line));
+# ifdef HAVE_HOST_IN_UTMP
+			strlcpy(li->hostname, ut.ut_host,
+				MIN_SIZEOF(li->hostname, ut.ut_host));
+# endif
+			continue;
+		}
+		/* Seek back 2 x struct utmp */
+		if (lseek(fd, -(off_t)(2 * sizeof(struct utmp)), SEEK_CUR) == -1) {
+			/* We've found the start of the file, so quit */
+			close (fd);
+			return 0;
+		}
+	}
+
+	/* We found an entry. Tidy up and return */
+	close(fd);
+	return 1;
+}
+# endif /* USE_WTMP */
+
+
+/**
+ ** Low-level wtmpx functions
+ **/
+
+#ifdef USE_WTMPX
+/* write a wtmpx entry direct to the end of the file */
+/* This is a slight modification of code in OpenBSD's logwtmp.c */
+static int
+wtmpx_write(struct logininfo *li, struct utmpx *utx)
+{
+	struct stat buf;
+	int fd, ret = 1;
+
+	if ((fd = open(WTMPX_FILE, O_WRONLY|O_APPEND, 0)) < 0) {
+		log("wtmpx_write: problem opening %s: %s",
+		    WTMPX_FILE, strerror(errno));
+		return 0;
+	}
+
+	if (fstat(fd, &buf) == 0)
+		if (atomicio(write, fd, utx, sizeof(*utx)) != sizeof(*utx)) {
+			ftruncate(fd, buf.st_size);
+			log("wtmpx_write: problem writing %s: %s",
+			    WTMPX_FILE, strerror(errno));
+			ret = 0;
+		}
+	(void)close(fd);
+
+	return ret;
+}
+
+
+static int
+wtmpx_perform_login(struct logininfo *li)
+{
+	struct utmpx utx;
+
+	construct_utmpx(li, &utx);
+	return wtmpx_write(li, &utx);
+}
+
+
+static int
+wtmpx_perform_logout(struct logininfo *li)
+{
+	struct utmpx utx;
+
+	construct_utmpx(li, &utx);
+	return wtmpx_write(li, &utx);
+}
+
+
+int
+wtmpx_write_entry(struct logininfo *li)
+{
+	switch(li->type) {
+	case LTYPE_LOGIN:
+		return wtmpx_perform_login(li);
+	case LTYPE_LOGOUT:
+		return wtmpx_perform_logout(li);
+	default:
+		log("wtmpx_write_entry: invalid type field");
+		return 0;
+	}
+}
+
+/* Please see the notes above wtmp_islogin() for information about the
+   next two functions */
+
+/* Return true if this wtmpx entry indicates a login */
+static int
+wtmpx_islogin(struct logininfo *li, struct utmpx *utx)
+{
+	if ( strncmp(li->username, utx->ut_name,
+		MIN_SIZEOF(li->username, utx->ut_name)) == 0 ) {
+# ifdef HAVE_TYPE_IN_UTMPX
+		if (utx->ut_type == USER_PROCESS)
+			return 1;
+# else
+		return 1;
+# endif
+	}
+	return 0;
+}
+
+
+int
+wtmpx_get_entry(struct logininfo *li)
+{
+	struct stat st;
+	struct utmpx utx;
+	int fd, found=0;
+
+	/* Clear the time entries */
+	li->tv_sec = li->tv_usec = 0;
+
+	if ((fd = open(WTMPX_FILE, O_RDONLY)) < 0) {
+		log("wtmpx_get_entry: problem opening %s: %s",
+		    WTMPX_FILE, strerror(errno));
+		return 0;
+	}
+	if (fstat(fd, &st) != 0) {
+		log("wtmpx_get_entry: couldn't stat %s: %s",
+		    WTMP_FILE, strerror(errno));
+		close(fd);
+		return 0;
+	}
+
+	/* Seek to the start of the last struct utmpx */
+	if (lseek(fd, -(off_t)sizeof(struct utmpx), SEEK_END) == -1 ) {
+		/* probably a newly rotated wtmpx file */
+		close(fd);
+		return 0;
+	}
+
+	while (!found) {
+		if (atomicio(read, fd, &utx, sizeof(utx)) != sizeof(utx)) {
+			log("wtmpx_get_entry: read of %s failed: %s",
+			    WTMPX_FILE, strerror(errno));
+			close (fd);
+			return 0;
+		}
+		/* Logouts are recorded as a blank username on a particular line.
+		 * So, we just need to find the username in struct utmpx */
+		if ( wtmpx_islogin(li, &utx) ) {
+# ifdef HAVE_TV_IN_UTMPX
+			li->tv_sec = utx.ut_tv.tv_sec;
+# else
+#  ifdef HAVE_TIME_IN_UTMPX
+			li->tv_sec = utx.ut_time;
+#  endif
+# endif
+			line_fullname(li->line, utx.ut_line, sizeof(li->line));
+# ifdef HAVE_HOST_IN_UTMPX
+			strlcpy(li->hostname, utx.ut_host,
+				MIN_SIZEOF(li->hostname, utx.ut_host));
+# endif
+			continue;
+		}
+		if (lseek(fd, -(off_t)(2 * sizeof(struct utmpx)), SEEK_CUR) == -1) {
+			close (fd);
+			return 0;
+		}
+	}
+
+	close(fd);
+	return 1;
+}
+#endif /* USE_WTMPX */
+
+/**
+ ** Low-level libutil login() functions
+ **/
+
+#ifdef USE_LOGIN
+static int
+syslogin_perform_login(struct logininfo *li)
+{
+	struct utmp *ut;
+
+	if (! (ut = (struct utmp *)malloc(sizeof(*ut)))) {
+		log("syslogin_perform_login: couldn't malloc()");
+		return 0;
+	}
+	construct_utmp(li, ut);
+	login(ut);
+
+	return 1;
+}
+
+static int
+syslogin_perform_logout(struct logininfo *li)
+{
+# ifdef HAVE_LOGOUT
+	char line[8];
+
+	(void)line_stripname(line, li->line, sizeof(line));
+
+	if (!logout(line)) {
+		log("syslogin_perform_logout: logout() returned an error");
+#  ifdef HAVE_LOGWTMP
+	} else {
+		logwtmp(line, "", "");
+#  endif
+	}
+	/* FIXME: (ATL - if the need arises) What to do if we have
+	 * login, but no logout?  what if logout but no logwtmp? All
+	 * routines are in libutil so they should all be there,
+	 * but... */
+# endif
+	return 1;
+}
+
+int
+syslogin_write_entry(struct logininfo *li)
+{
+	switch (li->type) {
+	case LTYPE_LOGIN:
+		return syslogin_perform_login(li);
+	case LTYPE_LOGOUT:
+		return syslogin_perform_logout(li);
+	default:
+		log("syslogin_write_entry: Invalid type field");
+		return 0;
+	}
+}
+#endif /* USE_LOGIN */
+
+/* end of file log-syslogin.c */
+
+/**
+ ** Low-level lastlog functions
+ **/
+
+#ifdef USE_LASTLOG
+#define LL_FILE 1
+#define LL_DIR 2
+#define LL_OTHER 3
+
+static void
+lastlog_construct(struct logininfo *li, struct lastlog *last)
+{
+	/* clear the structure */
+	memset(last, '\0', sizeof(*last));
+
+	(void)line_stripname(last->ll_line, li->line, sizeof(last->ll_line));
+	strlcpy(last->ll_host, li->hostname,
+		MIN_SIZEOF(last->ll_host, li->hostname));
+	last->ll_time = li->tv_sec;
+}
+
+static int
+lastlog_filetype(char *filename)
+{
+	struct stat st;
+
+	if (stat(LASTLOG_FILE, &st) != 0) {
+		log("lastlog_perform_login: Couldn't stat %s: %s", LASTLOG_FILE,
+			strerror(errno));
+		return 0;
+	}
+	if (S_ISDIR(st.st_mode))
+		return LL_DIR;
+	else if (S_ISREG(st.st_mode))
+		return LL_FILE;
+	else
+		return LL_OTHER;
+}
+
+
+/* open the file (using filemode) and seek to the login entry */
+static int
+lastlog_openseek(struct logininfo *li, int *fd, int filemode)
+{
+	off_t offset;
+	int type;
+	char lastlog_file[1024];
+
+	type = lastlog_filetype(LASTLOG_FILE);
+	switch (type) {
+		case LL_FILE:
+			strlcpy(lastlog_file, LASTLOG_FILE, sizeof(lastlog_file));
+			break;
+		case LL_DIR:
+			snprintf(lastlog_file, sizeof(lastlog_file), "%s/%s",
+				 LASTLOG_FILE, li->username);
+			break;
+		default:
+			log("lastlog_openseek: %.100s is not a file or directory!",
+			    LASTLOG_FILE);
+			return 0;
+	}
+
+	*fd = open(lastlog_file, filemode);
+	if ( *fd < 0) {
+		debug("lastlog_openseek: Couldn't open %s: %s",
+		    lastlog_file, strerror(errno));
+		return 0;
+	}
+
+	if (type == LL_FILE) {
+		/* find this uid's offset in the lastlog file */
+		offset = (off_t) ((long)li->uid * sizeof(struct lastlog));
+
+		if ( lseek(*fd, offset, SEEK_SET) != offset ) {
+			log("lastlog_openseek: %s->lseek(): %s",
+			 lastlog_file, strerror(errno));
+			return 0;
+		}
+	}
+
+	return 1;
+}
+
+static int
+lastlog_perform_login(struct logininfo *li)
+{
+	struct lastlog last;
+	int fd;
+
+	/* create our struct lastlog */
+	lastlog_construct(li, &last);
+
+	if (!lastlog_openseek(li, &fd, O_RDWR|O_CREAT))
+		return(0);
+
+	/* write the entry */
+	if (atomicio(write, fd, &last, sizeof(last)) != sizeof(last)) {
+		close(fd);
+		log("lastlog_write_filemode: Error writing to %s: %s",
+		    LASTLOG_FILE, strerror(errno));
+		return 0;
+	}
+
+	close(fd);
+	return 1;
+}
+
+int
+lastlog_write_entry(struct logininfo *li)
+{
+	switch(li->type) {
+	case LTYPE_LOGIN:
+		return lastlog_perform_login(li);
+	default:
+		log("lastlog_write_entry: Invalid type field");
+		return 0;
+	}
+}
+
+static void
+lastlog_populate_entry(struct logininfo *li, struct lastlog *last)
+{
+	line_fullname(li->line, last->ll_line, sizeof(li->line));
+	strlcpy(li->hostname, last->ll_host,
+		MIN_SIZEOF(li->hostname, last->ll_host));
+	li->tv_sec = last->ll_time;
+}
+
+int
+lastlog_get_entry(struct logininfo *li)
+{
+	struct lastlog last;
+	int fd;
+
+	if (!lastlog_openseek(li, &fd, O_RDONLY))
+		return 0;
+
+	if (atomicio(read, fd, &last, sizeof(last)) != sizeof(last)) {
+		close(fd);
+		log("lastlog_get_entry: Error reading from %s: %s",
+		    LASTLOG_FILE, strerror(errno));
+		return 0;
+	}
+
+	close(fd);
+
+	lastlog_populate_entry(li, &last);
+
+	return 1;
+}
+#endif /* USE_LASTLOG */
diff -ruN --exclude CVS ssh-openbsd-2002030700/loginrec.h openssh-3.1p1/loginrec.h
--- ssh-openbsd-2002030700/loginrec.h	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/loginrec.h	Wed May  9 06:33:06 2001
@@ -0,0 +1,140 @@
+#ifndef _HAVE_LOGINREC_H_
+#define _HAVE_LOGINREC_H_
+
+/*
+ * Copyright (c) 2000 Andre Lucas.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by Markus Friedl.
+ * 4. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ ** loginrec.h:  platform-independent login recording and lastlog retrieval
+ **/
+
+#include "includes.h"
+
+#include <sys/types.h>
+#include <netinet/in.h>
+#include <sys/socket.h>
+
+/* RCSID("$Id: loginrec.h,v 1.6 2001/05/08 20:33:06 mouring Exp $"); */
+
+/**
+ ** you should use the login_* calls to work around platform dependencies
+ **/
+
+/*
+ * login_netinfo structure
+ */
+
+union login_netinfo {
+	struct sockaddr sa;
+	struct sockaddr_in sa_in;
+	struct sockaddr_storage sa_storage;
+};
+
+/*
+ *   * logininfo structure  *
+ */
+/* types - different to utmp.h 'type' macros */
+/* (though set to the same value as linux, openbsd and others...) */
+#define LTYPE_LOGIN    7
+#define LTYPE_LOGOUT   8
+
+/* string lengths - set very long */
+#define LINFO_PROGSIZE 64
+#define LINFO_LINESIZE 64
+#define LINFO_NAMESIZE 64
+#define LINFO_HOSTSIZE 256
+
+struct logininfo {
+	char       progname[LINFO_PROGSIZE];     /* name of program (for PAM) */
+	int        progname_null;
+	short int  type;                         /* type of login (LTYPE_*) */
+	int        pid;                          /* PID of login process */
+	int        uid;                          /* UID of this user */
+	char       line[LINFO_LINESIZE];         /* tty/pty name */
+	char       username[LINFO_NAMESIZE];     /* login username */
+	char       hostname[LINFO_HOSTSIZE];     /* remote hostname */
+	/* 'exit_status' structure components */
+	int        exit;                        /* process exit status */
+	int        termination;                 /* process termination status */
+	/* struct timeval (sys/time.h) isn't always available, if it isn't we'll
+	 * use time_t's value as tv_sec and set tv_usec to 0
+	 */
+	unsigned int tv_sec;
+	unsigned int tv_usec;
+	union login_netinfo hostaddr;       /* caller's host address(es) */
+}; /* struct logininfo */
+
+/*
+ * login recording functions
+ */
+
+/** 'public' functions */
+
+/* construct a new login entry */
+struct logininfo *login_alloc_entry(int pid, const char *username,
+				    const char *hostname, const char *line);
+/* free a structure */
+void login_free_entry(struct logininfo *li);
+/* fill out a pre-allocated structure with useful information */
+int login_init_entry(struct logininfo *li, int pid, const char *username,
+		     const char *hostname, const char *line);
+/* place the current time in a logininfo struct */
+void login_set_current_time(struct logininfo *li);
+
+/* record the entry */
+int login_login (struct logininfo *li);
+int login_logout(struct logininfo *li);
+#ifdef LOGIN_NEEDS_UTMPX
+int login_utmp_only(struct logininfo *li);
+#endif
+
+/** End of public functions */
+
+/* record the entry */
+int login_write (struct logininfo *li);
+int login_log_entry(struct logininfo *li);
+
+/* set the network address based on network address type */
+void login_set_addr(struct logininfo *li, const struct sockaddr *sa,
+		    const unsigned int sa_size);
+
+/*
+ * lastlog retrieval functions
+ */
+/* lastlog *entry* functions fill out a logininfo */
+struct logininfo *login_get_lastlog(struct logininfo *li, const int uid);
+/* lastlog *time* functions return time_t equivalent (uint) */
+unsigned int login_get_lastlog_time(const int uid);
+
+/* produce various forms of the line filename */
+char *line_fullname(char *dst, const char *src, int dstsize);
+char *line_stripname(char *dst, const char *src, int dstsize);
+char *line_abbrevname(char *dst, const char *src, int dstsize);
+
+#endif /* _HAVE_LOGINREC_H_ */
diff -ruN --exclude CVS ssh-openbsd-2002030700/logintest.c openssh-3.1p1/logintest.c
--- ssh-openbsd-2002030700/logintest.c	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/logintest.c	Fri Apr  6 09:05:22 2001
@@ -0,0 +1,315 @@
+/*
+ * Copyright (c) 2000 Andre Lucas.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by Markus Friedl.
+ * 4. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ ** logintest.c:  simple test driver for platform-independent login recording
+ **               and lastlog retrieval
+ **/
+
+#include "includes.h"
+
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <pwd.h>
+#include <netdb.h>
+#ifdef HAVE_TIME_H
+#include <time.h>
+#endif
+
+#include "loginrec.h"
+
+RCSID("$Id: logintest.c,v 1.8 2001/04/05 23:05:22 stevesk Exp $");
+
+#ifdef HAVE___PROGNAME
+extern char *__progname;
+#else
+char *__progname;
+#endif
+
+#define PAUSE_BEFORE_LOGOUT 3
+
+int nologtest = 0;
+int compile_opts_only = 0;
+int be_verbose = 0;
+
+
+/* Dump a logininfo to stdout. Assumes a tab size of 8 chars. */
+void
+dump_logininfo(struct logininfo *li, char *descname)
+{
+	/* yes I know how nasty this is */
+	printf("struct logininfo %s = {\n\t"
+	       "progname\t'%s'\n\ttype\t\t%d\n\t"
+	       "pid\t\t%d\n\tuid\t\t%d\n\t"
+	       "line\t\t'%s'\n\tusername\t'%s'\n\t"
+	       "hostname\t'%s'\n\texit\t\t%d\n\ttermination\t%d\n\t"
+	       "tv_sec\t%d\n\ttv_usec\t%d\n\t"
+	       "struct login_netinfo hostaddr {\n\t\t"
+	       "struct sockaddr sa {\n"
+	       "\t\t\tfamily\t%d\n\t\t}\n"
+	       "\t}\n"
+	       "}\n",
+	       descname, li->progname, li->type,
+	       li->pid, li->uid, li->line,
+	       li->username, li->hostname, li->exit,
+	       li->termination, li->tv_sec, li->tv_usec,
+	       li->hostaddr.sa.sa_family);
+}
+
+
+int
+testAPI()
+{
+	struct logininfo *li1;
+	struct passwd *pw;
+	struct hostent *he;
+	struct sockaddr_in sa_in4;
+	char cmdstring[256], stripline[8];
+	char username[32];
+#ifdef HAVE_TIME_H
+	time_t t0, t1, t2, logintime, logouttime;
+	char s_t0[64],s_t1[64],s_t2[64];
+	char s_logintime[64], s_logouttime[64]; /* ctime() strings */
+#endif
+
+	printf("**\n** Testing the API...\n**\n");
+
+	pw = getpwuid(getuid());
+	strlcpy(username, pw->pw_name, sizeof(username));
+
+	/* gethostname(hostname, sizeof(hostname)); */
+
+	printf("login_alloc_entry test (no host info):\n");
+
+	/* FIXME fake tty more effectively - this could upset some platforms */
+	li1 = login_alloc_entry((int)getpid(), username, NULL, ttyname(0));
+	strlcpy(li1->progname, "OpenSSH-logintest", sizeof(li1->progname));
+
+	if (be_verbose)
+		dump_logininfo(li1, "li1");
+
+	printf("Setting host address info for 'localhost' (may call out):\n");
+	if (! (he = gethostbyname("localhost"))) {
+		printf("Couldn't set hostname(lookup failed)\n");
+	} else {
+		/* NOTE: this is messy, but typically a program wouldn't have to set
+		 *  any of this, a sockaddr_in* would be already prepared */
+		memcpy((void *)&(sa_in4.sin_addr), (void *)&(he->h_addr_list[0][0]),
+		       sizeof(struct in_addr));
+		login_set_addr(li1, (struct sockaddr *) &sa_in4, sizeof(sa_in4));
+		strlcpy(li1->hostname, "localhost", sizeof(li1->hostname));
+	}
+	if (be_verbose)
+		dump_logininfo(li1, "li1");
+
+	if ((int)geteuid() != 0) {
+		printf("NOT RUNNING LOGIN TESTS - you are not root!\n");
+		return 1;
+	}
+
+	if (nologtest)
+		return 1;
+
+	line_stripname(stripline, li1->line, sizeof(stripline));
+
+	printf("Performing an invalid login attempt (no type field)\n--\n");
+	login_write(li1);
+	printf("--\n(Should have written errors to stderr)\n");
+
+#ifdef HAVE_TIME_H
+	(void)time(&t0);
+	strlcpy(s_t0, ctime(&t0), sizeof(s_t0));
+	t1 = login_get_lastlog_time(getuid());
+	strlcpy(s_t1, ctime(&t1), sizeof(s_t1));
+	printf("Before logging in:\n\tcurrent time is %d - %s\t"
+	       "lastlog time is %d - %s\n",
+	       (int)t0, s_t0, (int)t1, s_t1);
+#endif
+
+	printf("Performing a login on line %s ", stripline);
+#ifdef HAVE_TIME_H
+	(void)time(&logintime);
+	strlcpy(s_logintime, ctime(&logintime), sizeof(s_logintime));
+	printf("at %d - %s", (int)logintime, s_logintime);
+#endif
+	printf("--\n");
+	login_login(li1);
+
+	snprintf(cmdstring, sizeof(cmdstring), "who | grep '%s '",
+		 stripline);
+	system(cmdstring);
+
+	printf("--\nPausing for %d second(s)...\n", PAUSE_BEFORE_LOGOUT);
+	sleep(PAUSE_BEFORE_LOGOUT);
+
+	printf("Performing a logout ");
+#ifdef HAVE_TIME_H
+	(void)time(&logouttime);
+	strlcpy(s_logouttime, ctime(&logouttime), sizeof(s_logouttime));
+	printf("at %d - %s", (int)logouttime, s_logouttime);
+#endif
+	printf("\nThe root login shown above should be gone.\n"
+	       "If the root login hasn't gone, but another user on the same\n"
+	       "pty has, this is OK - we're hacking it here, and there\n"
+	       "shouldn't be two users on one pty in reality...\n"
+	       "-- ('who' output follows)\n");
+	login_logout(li1);
+
+	system(cmdstring);
+	printf("-- ('who' output ends)\n");
+
+#ifdef HAVE_TIME_H
+	t2 = login_get_lastlog_time(getuid());
+	strlcpy(s_t2, ctime(&t2), sizeof(s_t2));
+	printf("After logging in, lastlog time is %d - %s\n", (int)t2, s_t2);
+	if (t1 == t2)
+		printf("The lastlog times before and after logging in are the "
+		       "same.\nThis indicates that lastlog is ** NOT WORKING "
+		       "CORRECTLY **\n");
+	else if (t0 != t2)
+		/* We can be off by a second or so, even when recording works fine.
+		 * I'm not 100% sure why, but it's true. */
+		printf("** The login time and the lastlog time differ.\n"
+		       "** This indicates that lastlog is either recording the "
+		       "wrong time,\n** or retrieving the wrong entry.\n"
+		       "If it's off by less than %d second(s) "
+		       "run the test again.\n", PAUSE_BEFORE_LOGOUT);
+	else
+		printf("lastlog agrees with the login time. This is a good thing.\n");
+
+#endif
+
+	printf("--\nThe output of 'last' shown next should have "
+	       "an entry for root \n  on %s for the time shown above:\n--\n",
+	       stripline);
+	snprintf(cmdstring, sizeof(cmdstring), "last | grep '%s ' | head -3",
+		 stripline);
+	system(cmdstring);
+
+	printf("--\nEnd of login test.\n");
+
+	login_free_entry(li1);
+
+	return 1;
+} /* testAPI() */
+
+
+void
+testLineName(char *line)
+{
+	/* have to null-terminate - these functions are designed for
+	 * structures with fixed-length char arrays, and don't null-term.*/
+	char full[17], strip[9], abbrev[5];
+
+	memset(full, '\0', sizeof(full));
+	memset(strip, '\0', sizeof(strip));
+	memset(abbrev, '\0', sizeof(abbrev));
+
+	line_fullname(full, line, sizeof(full)-1);
+	line_stripname(strip, full, sizeof(strip)-1);
+	line_abbrevname(abbrev, full, sizeof(abbrev)-1);
+	printf("%s: %s, %s, %s\n", line, full, strip, abbrev);
+
+} /* testLineName() */
+
+
+int
+testOutput()
+{
+	printf("**\n** Testing linename functions\n**\n");
+	testLineName("/dev/pts/1");
+	testLineName("pts/1");
+	testLineName("pts/999");
+	testLineName("/dev/ttyp00");
+	testLineName("ttyp00");
+
+	return 1;
+} /* testOutput() */
+
+
+/* show which options got compiled in */
+void
+showOptions(void)
+{
+	printf("**\n** Compile-time options\n**\n");
+
+	printf("login recording methods selected:\n");
+#ifdef USE_LOGIN
+	printf("\tUSE_LOGIN\n");
+#endif
+#ifdef USE_UTMP
+	printf("\tUSE_UTMP (UTMP_FILE=%s)\n", UTMP_FILE);
+#endif
+#ifdef USE_UTMPX
+	printf("\tUSE_UTMPX (UTMPX_FILE=%s)\n", UTMPX_FILE);
+#endif
+#ifdef USE_WTMP
+	printf("\tUSE_WTMP (WTMP_FILE=%s)\n", WTMP_FILE);
+#endif
+#ifdef USE_WTMPX
+	printf("\tUSE_WTMPX (WTMPX_FILE=%s)\n", WTMPX_FILE);
+#endif
+#ifdef USE_LASTLOG
+	printf("\tUSE_LASTLOG (LASTLOG_FILE=%s)\n", LASTLOG_FILE);
+#endif
+	printf("\n");
+
+} /* showOptions() */
+
+
+int
+main(int argc, char *argv[])
+{
+	printf("Platform-independent login recording test driver\n");
+
+	__progname = get_progname(argv[0]);
+	if (argc == 2) {
+		if (strncmp(argv[1], "-i", 3) == 0)
+			compile_opts_only = 1;
+		else if (strncmp(argv[1], "-v", 3) == 0)
+			be_verbose=1;
+	}
+
+	if (!compile_opts_only) {
+		if (be_verbose && !testOutput())
+			return 1;
+
+		if (!testAPI())
+			return 1;
+	}
+
+	showOptions();
+
+	return 0;
+} /* main() */
+
diff -ruN --exclude CVS ssh-openbsd-2002030700/md5crypt.c openssh-3.1p1/md5crypt.c
--- ssh-openbsd-2002030700/md5crypt.c	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/md5crypt.c	Fri Feb  9 12:55:36 2001
@@ -0,0 +1,159 @@
+/*
+ * ----------------------------------------------------------------------------
+ * "THE BEER-WARE LICENSE" (Revision 42):
+ * <phk@login.dknet.dk> wrote this file.  As long as you retain this notice you
+ * can do whatever you want with this stuff. If we meet some day, and you think
+ * this stuff is worth it, you can buy me a beer in return.   Poul-Henning Kamp
+ * ----------------------------------------------------------------------------
+ */
+
+/*
+ * Ported from FreeBSD to Linux, only minimal changes.  --marekm
+ */
+
+/*
+ * Adapted from shadow-19990607 by Tudor Bosman, tudorb@jm.nu
+ */
+
+#include "includes.h"
+
+RCSID("$Id: md5crypt.c,v 1.5 2001/02/09 01:55:36 djm Exp $");
+
+#if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT)
+
+#include <openssl/md5.h>
+
+static unsigned char itoa64[] =		/* 0 ... 63 => ascii - 64 */
+	"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
+
+static char	*magic = "$1$";	/*
+				 * This string is magic for
+				 * this algorithm.  Having
+				 * it this way, we can get
+				 * get better later on
+				 */
+
+static void
+to64(char *s, unsigned long v, int n)
+{
+	while (--n >= 0) {
+		*s++ = itoa64[v&0x3f];
+		v >>= 6;
+	}
+}
+
+int
+is_md5_salt(const char *salt)
+{
+	return (!strncmp(salt, magic, strlen(magic)));
+}
+
+/*
+ * UNIX password
+ *
+ * Use MD5 for what it is best at...
+ */
+
+char *
+md5_crypt(const char *pw, const char *salt)
+{
+	static char     passwd[120], *p;
+	static const char *sp,*ep;
+	unsigned char	final[16];
+	int sl,pl,i,j;
+	MD5_CTX	ctx,ctx1;
+	unsigned long l;
+
+	/* Refine the Salt first */
+	sp = salt;
+
+	/* If it starts with the magic string, then skip that */
+	if(!strncmp(sp,magic,strlen(magic)))
+		sp += strlen(magic);
+
+	/* It stops at the first '$', max 8 chars */
+	for(ep=sp;*ep && *ep != '$' && ep < (sp+8);ep++)
+		continue;
+
+	/* get the length of the true salt */
+	sl = ep - sp;
+
+	MD5_Init(&ctx);
+
+	/* The password first, since that is what is most unknown */
+	MD5_Update(&ctx,pw,strlen(pw));
+
+	/* Then our magic string */
+	MD5_Update(&ctx,magic,strlen(magic));
+
+	/* Then the raw salt */
+	MD5_Update(&ctx,sp,sl);
+
+	/* Then just as many characters of the MD5(pw,salt,pw) */
+	MD5_Init(&ctx1);
+	MD5_Update(&ctx1,pw,strlen(pw));
+	MD5_Update(&ctx1,sp,sl);
+	MD5_Update(&ctx1,pw,strlen(pw));
+	MD5_Final(final,&ctx1);
+	for(pl = strlen(pw); pl > 0; pl -= 16)
+		MD5_Update(&ctx,final,pl>16 ? 16 : pl);
+
+	/* Don't leave anything around in vm they could use. */
+	memset(final,0,sizeof final);
+
+	/* Then something really weird... */
+	for (j=0,i = strlen(pw); i ; i >>= 1)
+		if(i&1)
+		    MD5_Update(&ctx, final+j, 1);
+		else
+		    MD5_Update(&ctx, pw+j, 1);
+
+	/* Now make the output string */
+	strcpy(passwd,magic);
+	strncat(passwd,sp,sl);
+	strcat(passwd,"$");
+
+	MD5_Final(final,&ctx);
+
+	/*
+	 * and now, just to make sure things don't run too fast
+	 * On a 60 Mhz Pentium this takes 34 msec, so you would
+	 * need 30 seconds to build a 1000 entry dictionary...
+	 */
+	for(i=0;i<1000;i++) {
+		MD5_Init(&ctx1);
+		if(i & 1)
+			MD5_Update(&ctx1,pw,strlen(pw));
+		else
+			MD5_Update(&ctx1,final,16);
+
+		if(i % 3)
+			MD5_Update(&ctx1,sp,sl);
+
+		if(i % 7)
+			MD5_Update(&ctx1,pw,strlen(pw));
+
+		if(i & 1)
+			MD5_Update(&ctx1,final,16);
+		else
+			MD5_Update(&ctx1,pw,strlen(pw));
+		MD5_Final(final,&ctx1);
+	}
+
+	p = passwd + strlen(passwd);
+
+	l = (final[ 0]<<16) | (final[ 6]<<8) | final[12]; to64(p,l,4); p += 4;
+	l = (final[ 1]<<16) | (final[ 7]<<8) | final[13]; to64(p,l,4); p += 4;
+	l = (final[ 2]<<16) | (final[ 8]<<8) | final[14]; to64(p,l,4); p += 4;
+	l = (final[ 3]<<16) | (final[ 9]<<8) | final[15]; to64(p,l,4); p += 4;
+	l = (final[ 4]<<16) | (final[10]<<8) | final[ 5]; to64(p,l,4); p += 4;
+	l =                    final[11]                ; to64(p,l,2); p += 2;
+	*p = '\0';
+
+	/* Don't leave anything around in vm they could use. */
+	memset(final,0,sizeof final);
+
+	return passwd;
+}
+
+#endif /* defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) */
diff -ruN --exclude CVS ssh-openbsd-2002030700/md5crypt.h openssh-3.1p1/md5crypt.h
--- ssh-openbsd-2002030700/md5crypt.h	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/md5crypt.h	Fri Feb  9 12:55:36 2001
@@ -0,0 +1,32 @@
+/*
+ * ----------------------------------------------------------------------------
+ * "THE BEER-WARE LICENSE" (Revision 42):
+ * <phk@login.dknet.dk> wrote this file.  As long as you retain this notice you
+ * can do whatever you want with this stuff. If we meet some day, and you think
+ * this stuff is worth it, you can buy me a beer in return.   Poul-Henning Kamp
+ * ----------------------------------------------------------------------------
+ */
+
+/*
+ * Ported from FreeBSD to Linux, only minimal changes.  --marekm
+ */
+
+/*
+ * Adapted from shadow-19990607 by Tudor Bosman, tudorb@jm.nu
+ */
+
+/* $Id: md5crypt.h,v 1.3 2001/02/09 01:55:36 djm Exp $ */
+
+#ifndef _MD5CRYPT_H
+#define _MD5CRYPT_H
+
+#include "config.h"
+
+#if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT)
+
+int is_md5_salt(const char *salt);
+char *md5_crypt(const char *pw, const char *salt);
+
+#endif /* defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) */
+
+#endif /* MD5CRYPT_H */
diff -ruN --exclude CVS ssh-openbsd-2002030700/mdoc2man.pl openssh-3.1p1/mdoc2man.pl
--- ssh-openbsd-2002030700/mdoc2man.pl	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/mdoc2man.pl	Mon Apr 30 11:01:52 2001
@@ -0,0 +1,590 @@
+#!/usr/bin/perl
+###
+### Quick usage:  mdoc2man.pl < mdoc_manpage.8 > man_manpage.8
+###
+###
+###  Copyright (c) 2001 University of Illinois Board of Trustees
+###  Copyright (c) 2001 Mark D. Roth
+###  All rights reserved.
+### 
+###  Redistribution and use in source and binary forms, with or without
+###  modification, are permitted provided that the following conditions
+###  are met:
+###  1. Redistributions of source code must retain the above copyright
+###     notice, this list of conditions and the following disclaimer.
+###  2. Redistributions in binary form must reproduce the above copyright
+###     notice, this list of conditions and the following disclaimer in the
+###     documentation and/or other materials provided with the distribution.
+###  3. All advertising materials mentioning features or use of this software
+###     must display the following acknowledgement:
+###     This product includes software developed by the University of
+###     Illinois at Urbana, and their contributors.
+###  4. The University nor the names of their
+###     contributors may be used to endorse or promote products derived from
+###     this software without specific prior written permission.
+### 
+###  THIS SOFTWARE IS PROVIDED BY THE TRUSTEES AND CONTRIBUTORS ``AS IS'' AND
+###  ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+###  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+###  ARE DISCLAIMED.  IN NO EVENT SHALL THE TRUSTEES OR CONTRIBUTORS BE LIABLE
+###  FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+###  DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+###  OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+###  HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+###  LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+###  OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+###  SUCH DAMAGE.
+###
+
+use strict;
+
+my ($name, $date, $id);
+my ($line);
+my ($optlist, $oldoptlist, $nospace, $enum, $synopsis);
+my ($reference, $block, $ext, $extopt, $literal);
+my (@refauthors, $reftitle, $refissue, $refdate, $refopt);
+
+
+$optlist = 0;		### 1 = bullet, 2 = enum, 3 = tag, 4 = item
+$oldoptlist = 0;
+$nospace = 0;
+$synopsis = 0;
+$reference = 0;
+$block = 0;
+$ext = 0;
+$extopt = 0;
+$literal = 0;
+
+while ($line = <STDIN>)
+{
+	if ($line !~ /^\./)
+	{
+		print $line;
+		print ".br\n"
+			if ($literal);
+		next;
+	}
+
+	$line =~ s/^\.//;
+
+	next
+		if ($line =~ m/\\"/);
+
+	$line = ParseMacro($line);
+	print($line)
+		if (defined $line);
+}
+
+
+
+sub ParseMacro # ($line)
+{
+	my ($line) = @_;
+	my (@words, $retval, $option, $parens);
+
+	@words = split(/\s+/, $line);
+	$retval = '';
+	$option = 0;
+	$parens = 0;
+
+#	print('@words = ', scalar(@words), ': ', join(' ', @words), "\n");
+
+	while ($_ = shift @words)
+	{
+#		print "WORD: $_\n";
+
+		next
+			if (/^(Li|Pf)$/);
+
+		if (/^Xo$/)
+		{
+			$ext = 1;
+			$retval .= ' '
+				if ($retval ne '' && $retval !~ m/[\n ]$/);
+			next;
+		}
+
+		if (/^Xc$/)
+		{
+			$ext = 0;
+			$retval .= "\n"
+				if (! $extopt);
+			last;
+		}
+
+		if (/^Bd$/)
+		{
+			$literal = 1
+				if ($words[0] eq '-literal');
+			$retval .= "\n";
+			last;
+		}
+
+		if (/^Ed$/)
+		{
+			$literal = 0;
+			last;
+		}
+
+		if (/^Ns$/)
+		{
+			$nospace = 1
+				if (! $nospace);
+			$retval =~ s/ $//;
+			next;
+		}
+
+		if (/^No$/)
+		{
+			$retval =~ s/ $//;
+			$retval .= shift @words;
+			next;
+		}
+
+		if (/^Dq$/)
+		{
+			$retval .= '``';
+			do
+			{
+				$retval .= (shift @words) . ' ';
+			}
+			while (@words > 0 && $words[0] !~ m/^[\.,]/);
+			$retval =~ s/ $//;
+			$retval .= '\'\'';
+			$nospace = 1
+				if (! $nospace && $words[0] =~ m/^[\.,]/);
+			next;
+		}
+
+		if (/^(Sq|Ql)$/)
+		{
+			$retval .= '`' . (shift @words) . '\'';
+			$nospace = 1
+				if (! $nospace && $words[0] =~ m/^[\.,]/);
+			next;
+		}
+
+#		if (/^Ic$/)
+#		{
+#			$retval .= '\\fB' . shift(@words) . '\\fP';
+#			next;
+#		}
+
+		if (/^Oo$/)
+		{
+#			$retval .= "[\\c\n";
+			$extopt = 1;
+			$nospace = 1
+				if (! $nospace);
+			$retval .= '[';
+			next;
+		}
+
+		if (/^Oc$/)
+		{
+			$extopt = 0;
+			$retval .= ']';
+			next;
+		}
+
+		$retval .= ' '
+			if (! $nospace && $retval ne '' && $retval !~ m/[\n ]$/);
+		$nospace = 0
+			if ($nospace == 1);
+
+		if (/^Dd$/)
+		{
+			$date = join(' ', @words);
+			return undef;
+		}
+
+		if (/^Dt$/)
+		{
+			$id = join(' ', @words);
+			return undef;
+		}
+
+		if (/^Os$/)
+		{
+			$retval .= '.TH '
+				. $id
+				. " \"$date\" \""
+				. join(' ', @words)
+				. "\"";
+			last;
+		}
+
+		if (/^Sh$/)
+		{
+			$retval .= '.SH';
+			if ($words[0] eq 'SYNOPSIS')
+			{
+				$synopsis = 1;
+			}
+			else
+			{
+				$synopsis = 0;
+			}
+			next;
+		}
+
+		if (/^Xr$/)
+		{
+			$retval .= '\\fB' . (shift @words) .
+				'\\fP(' . (shift @words) . ')'
+				. (shift @words);
+			last;
+		}
+
+		if (/^Rs/)
+		{
+			@refauthors = ();
+			$reftitle = '';
+			$refissue = '';
+			$refdate = '';
+			$refopt = '';
+			$reference = 1;
+			last;
+		}
+
+		if (/^Re/)
+		{
+			$retval .= "\n";
+
+			# authors
+			while (scalar(@refauthors) > 1)
+			{
+				$retval .= shift(@refauthors) . ', ';
+			}
+			$retval .= 'and '
+				if ($retval ne '');
+			$retval .= shift(@refauthors);
+			
+			# title 
+			$retval .= ', \\fI' . $reftitle . '\\fP';
+
+			# issue
+			$retval .= ', ' . $refissue
+				if ($refissue ne '');
+
+			# date
+			$retval .= ', ' . $refdate
+				if ($refdate ne '');
+
+			# optional info
+			$retval .= ', ' . $refopt
+				if ($refopt ne '');
+
+			$retval .= ".\n";
+
+			$reference = 0;
+			last;
+		}
+
+		if ($reference)
+		{
+			if (/^%A$/)
+			{
+				unshift(@refauthors, join(' ', @words));
+				last;
+			}
+
+			if (/^%T$/)
+			{
+				$reftitle = join(' ', @words);
+				$reftitle =~ s/^"//;
+				$reftitle =~ s/"$//;
+				last;
+			}
+
+			if (/^%N$/)
+			{
+				$refissue = join(' ', @words);
+				last;
+			}
+
+			if (/^%D$/)
+			{
+				$refdate = join(' ', @words);
+				last;
+			}
+
+			if (/^%O$/)
+			{
+				$refopt = join(' ', @words);
+				last;
+			}
+		}
+
+		if (/^Nm$/)
+		{
+			$name = shift @words
+				if (@words > 0);
+			$retval .= ".br\n"
+				if ($synopsis);
+			$retval .= "\\fB$name\\fP";
+			$nospace = 1
+				if (! $nospace && $words[0] =~ m/^[\.,]/);
+			next;
+		}
+
+		if (/^Nd$/)
+		{
+			$retval .= '\\-';
+			next;
+		}
+
+		if (/^Fl$/)
+		{
+			$retval .= '\\fB\\-' . (shift @words) . '\\fP';
+			$nospace = 1
+				if (! $nospace && $words[0] =~ m/^[\.,]/);
+			next;
+		}
+
+		if (/^Ar$/)
+		{
+			$retval .= '\\fI';
+			if (! defined $words[0])
+			{
+				$retval .= 'file ...\\fP';
+			}
+			else
+			{
+				$retval .= shift(@words) . '\\fP';
+				while ($words[0] eq '|')
+				{
+					$retval .= ' ' . shift(@words);
+					$retval .= ' \\fI' . shift(@words);
+					$retval .= '\\fP';
+				}
+			}
+			$nospace = 1
+				if (! $nospace && $words[0] =~ m/^[\.,]/);
+			next;
+		}
+
+		if (/^Cm$/)
+		{
+			$retval .= '\\fB' . (shift @words) . '\\fP';
+			while ($words[0] =~ m/^[\.,:)]$/)
+			{
+				$retval .= shift(@words);
+			}
+			next;
+		}
+
+		if (/^Op$/)
+		{
+			$option = 1;
+			$nospace = 1
+				if (! $nospace);
+			$retval .= '[';
+#			my $tmp = pop(@words);
+#			$tmp .= ']';
+#			push(@words, $tmp);
+			next;
+		}
+
+		if (/^Pp$/)
+		{
+			$retval .= "\n";
+			next;
+		}
+
+		if (/^Ss$/)
+		{
+			$retval .= '.SS';
+			next;
+		}
+
+		if (/^Pa$/ && ! $option)
+		{
+			$retval .= '\\fI';
+			$retval .= '\\&'
+				if ($words[0] =~ m/^\./);
+			$retval .= (shift @words) . '\\fP';
+			while ($words[0] =~ m/^[\.,:;)]$/)
+			{
+				$retval .= shift(@words);
+			}
+#			$nospace = 1
+#				if (! $nospace && $words[0] =~ m/^[\.,:)]/);
+			next;
+		}
+
+		if (/^Dv$/)
+		{
+			$retval .= '.BR';
+			next;
+		}
+
+		if (/^(Em|Ev)$/)
+		{
+			$retval .= '.IR';
+			next;
+		}
+
+		if (/^Pq$/)
+		{
+			$retval .= '(';
+			$nospace = 1;
+			$parens = 1;
+			next;
+		}
+
+		if (/^(S[xy])$/)
+		{
+			$retval .= '.B ' . join(' ', @words);
+			last;
+		}
+
+		if (/^Ic$/)
+		{
+			$retval .= '\\fB';
+			while (defined $words[0]
+				&& $words[0] !~ m/^[\.,]/)
+			{
+				if ($words[0] eq 'Op')
+				{
+					shift(@words);
+					$retval .= '[';
+					my $tmp = pop(@words);
+					$tmp .= ']';
+					push(@words, $tmp);
+					next;
+				}
+				if ($words[0] eq 'Ar')
+				{
+					shift @words;
+					$retval .= '\\fI';
+					$retval .= shift @words;
+					$retval .= '\\fP';
+				}
+				else
+				{
+					$retval .= shift @words;
+				}
+				$retval .= ' '
+					if (! $nospace);
+			}
+			$retval =~ s/ $//;
+			$retval .= '\\fP';
+			$retval .= shift @words
+				if (defined $words[0]);
+			last;
+		}
+
+		if (/^Bl$/)
+		{
+			$oldoptlist = $optlist;
+			if ($words[0] eq '-bullet')
+			{
+				$optlist = 1;
+			}
+			elsif ($words[0] eq '-enum')
+			{
+				$optlist = 2;
+				$enum = 0;
+			}
+			elsif ($words[0] eq '-tag')
+			{
+				$optlist = 3;
+			}
+			elsif ($words[0] eq '-item')
+			{
+				$optlist = 4;
+			}
+			last;
+		}
+
+		if (/^El$/)
+		{
+			$optlist = $oldoptlist;
+			next;
+		}
+
+		if ($optlist && /^It$/)
+		{
+			if ($optlist == 1)
+			{
+				# bullets
+				$retval .= '.IP \\(bu';
+				next;
+			}
+
+			if ($optlist == 2)
+			{
+				# enum
+				$retval .= '.IP ' . (++$enum) . '.';
+				next;
+			}
+
+			if ($optlist == 3)
+			{
+				# tags
+				$retval .= ".TP\n";
+				if ($words[0] =~ m/^(Pa|Ev)$/)
+				{
+					shift @words;
+					$retval .= '.B';
+				}
+				next;
+			}
+
+			if ($optlist == 4)
+			{
+				# item
+				$retval .= ".IP\n";
+				next;
+			}
+
+			next;
+		}
+
+		if (/^Sm$/)
+		{
+			if ($words[0] eq 'off')
+			{
+				$nospace = 2;
+			}
+			elsif ($words[0] eq 'on')
+			{
+#				$retval .= "\n";
+				$nospace = 0;
+			}
+			shift @words;
+			next;
+		}
+
+		$retval .= "$_";
+	}
+
+	return undef
+		if ($retval eq '.');
+
+	$retval =~ s/^\.([^a-zA-Z])/$1/;
+#	$retval =~ s/ $//;
+
+	$retval .= ')'
+		if ($parens == 1);
+
+	$retval .= ']'
+		if ($option == 1);
+
+#	$retval .= ' '
+#		if ($nospace && $retval ne '' && $retval !~ m/\n$/);
+
+#	$retval .= ' '
+#		if ($extended && $retval !~ m/ $/);
+
+	$retval .= ' '
+		if ($ext && ! $extopt && $retval !~ m/ $/);
+
+	$retval .= "\n"
+		if (! $ext && ! $extopt && $retval ne '' && $retval !~ m/\n$/);
+
+	return $retval;
+}
+
+
diff -ruN --exclude CVS ssh-openbsd-2002030700/misc.c openssh-3.1p1/misc.c
--- ssh-openbsd-2002030700/misc.c	Thu Mar  7 12:02:04 2002
+++ openssh-3.1p1/misc.c	Tue Mar  5 12:53:05 2002
@@ -152,9 +152,15 @@
 	copy->pw_gecos = xstrdup(pw->pw_gecos);
 	copy->pw_uid = pw->pw_uid;
 	copy->pw_gid = pw->pw_gid;
+#ifdef HAVE_PW_EXPIRE_IN_PASSWD
 	copy->pw_expire = pw->pw_expire;
+#endif
+#ifdef HAVE_PW_CHANGE_IN_PASSWD
 	copy->pw_change = pw->pw_change;
+#endif
+#ifdef HAVE_PW_CLASS_IN_PASSWD
 	copy->pw_class = xstrdup(pw->pw_class);
+#endif
 	copy->pw_dir = xstrdup(pw->pw_dir);
 	copy->pw_shell = xstrdup(pw->pw_shell);
 	return copy;
@@ -317,3 +323,29 @@
 	args->list[args->num++] = xstrdup(buf);
 	args->list[args->num] = NULL;
 }
+
+mysig_t
+mysignal(int sig, mysig_t act)
+{
+#ifdef HAVE_SIGACTION
+	struct sigaction sa, osa;
+
+	if (sigaction(sig, NULL, &osa) == -1)
+		return (mysig_t) -1;
+	if (osa.sa_handler != act) {
+		memset(&sa, 0, sizeof(sa));
+		sigemptyset(&sa.sa_mask);
+		sa.sa_flags = 0;
+#if defined(SA_INTERRUPT)
+		if (sig == SIGALRM)
+			sa.sa_flags |= SA_INTERRUPT;
+#endif
+		sa.sa_handler = act;
+		if (sigaction(sig, &sa, NULL) == -1)
+			return (mysig_t) -1;
+	}
+	return (osa.sa_handler);
+#else
+	return (signal(sig, act));
+#endif
+}
diff -ruN --exclude CVS ssh-openbsd-2002030700/misc.h openssh-3.1p1/misc.h
--- ssh-openbsd-2002030700/misc.h	Sun Feb  3 09:30:36 2002
+++ openssh-3.1p1/misc.h	Tue Feb  5 11:52:14 2002
@@ -31,3 +31,7 @@
         int     nalloc;
 };
 void	 addargs(arglist *, char *, ...) __attribute__((format(printf, 2, 3)));
+
+/* wrapper for signal interface */
+typedef void (*mysig_t)(int);
+mysig_t mysignal(int sig, mysig_t act);
diff -ruN --exclude CVS ssh-openbsd-2002030700/mkinstalldirs openssh-3.1p1/mkinstalldirs
--- ssh-openbsd-2002030700/mkinstalldirs	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/mkinstalldirs	Sat May 20 15:33:45 2000
@@ -0,0 +1,40 @@
+#! /bin/sh
+# mkinstalldirs --- make directory hierarchy
+# Author: Noah Friedman <friedman@prep.ai.mit.edu>
+# Created: 1993-05-16
+# Public domain
+
+# $Id: mkinstalldirs,v 1.1 2000/05/20 05:33:45 damien Exp $
+
+errstatus=0
+
+for file
+do
+   set fnord `echo ":$file" | sed -ne 's/^:\//#/;s/^://;s/\// /g;s/^#/\//;p'`
+   shift
+
+   pathcomp=
+   for d
+   do
+     pathcomp="$pathcomp$d"
+     case "$pathcomp" in
+       -* ) pathcomp=./$pathcomp ;;
+     esac
+
+     if test ! -d "$pathcomp"; then
+        echo "mkdir $pathcomp"
+
+        mkdir "$pathcomp" || lasterr=$?
+
+        if test ! -d "$pathcomp"; then
+  	  errstatus=$lasterr
+        fi
+     fi
+
+     pathcomp="$pathcomp/"
+   done
+done
+
+exit $errstatus
+
+# mkinstalldirs ends here
diff -ruN --exclude CVS ssh-openbsd-2002030700/moduli openssh-3.1p1/moduli
--- ssh-openbsd-2002030700/moduli	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/moduli	Tue Sep 25 13:06:19 2001
@@ -0,0 +1,158 @@
+#	$OpenBSD: moduli,v 1.1 2001/06/22 22:07:54 provos Exp $
+
+# Time Type Tests Tries Size Generator Modulus
+20010328182134 2 6 100 1023 2 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF5449C221CB
+20010328182222 2 6 100 1023 2 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF5449C95A43
+20010328182256 2 6 100 1023 2 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF5449CC8CFB
+20010328182409 2 6 100 1023 5 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF5449D9BDB7
+20010328182628 2 6 100 1023 2 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF5449FB6EF3
+20010328182708 2 6 100 1023 2 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544A000153
+20010328182758 2 6 100 1023 2 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544A06E9EB
+20010328182946 2 6 100 1023 2 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544A1F2C93
+20010328183015 2 6 100 1023 2 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544A206ADB
+20010328183112 2 6 100 1023 2 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544A2A109B
+20010328183143 2 6 100 1023 2 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544A2BC1BB
+20010328183301 2 6 100 1023 2 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544A3ADCEB
+20010328183532 2 6 100 1023 5 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544A5E8BAF
+20010328183646 2 6 100 1023 5 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544A6D54D7
+20010328183712 2 6 100 1023 5 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544A6EC46F
+20010328184223 2 6 100 1023 5 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544AB8626F
+20010328184337 2 6 100 1023 2 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544AC7DC73
+20010328184634 2 6 100 1023 2 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544AEFF073
+20010328184714 2 6 100 1023 5 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544AF594FF
+20010328184807 2 6 100 1023 2 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544AFEEC53
+20010328184910 2 6 100 1023 2 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544B0B3513
+20010328185030 2 6 100 1023 5 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544B165707
+20010328185334 2 6 100 1023 2 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544B3A9673
+20010328185423 2 6 100 1023 2 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544B426623
+20010328185451 2 6 100 1023 2 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544B4427DB
+20010328185637 2 6 100 1023 5 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544B5E3FC7
+20010328185720 2 6 100 1023 2 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544B65964B
+20010328185757 2 6 100 1023 2 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544B6A9373
+20010328185844 2 6 100 1023 2 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544B7203B3
+20010328185933 2 6 100 1023 5 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544B7A9FFF
+20010328190006 2 6 100 1023 2 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544B7DAAD3
+20010328190054 2 6 100 1023 5 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544B855C2F
+20010328190139 2 6 100 1023 2 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544B8C53EB
+20010328190304 2 6 100 1023 2 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544B9F26C3
+20010328190329 2 6 100 1023 5 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544BA00697
+20010328190412 2 6 100 1023 2 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544BA54313
+20010328190506 2 6 100 1023 5 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544BAEEF27
+20010328190550 2 6 100 1023 2 DCFAC4EFE89F5B082962AB9A67E8D63E84FA491E5D3874978815868595469163DA0661E6208A8C2CD4F83893B53864ADFD2154E8D8EFA146BAD808562E4BF6C90348FD79EEB3387D93FC7943BC450BA55399BA3CF3DFBD0D4E71800007B0E9D5F12E7A2CB7EA4E49812E715F8DC570C478DC2DEB1C49B0AE87A5DF544BB5CE0B
+20010328200734 2 6 100 1534 5 6DFD16D9669EDAF42EF5D4EED82AA84B0541DEC2045B6AF55021A184F32BCADE614A114137022C9A8B41C09AFC38199E7305864F70A8708F37FC2127264ECF4FA32391F243CC62B89602D3813082679E5BDF496BA9DFA4C818AD21EC261B6F11841E6F2DE1574CE95095841DAF052868CCD5E9BFCA543E0934B50A76A598E693136DE2D479AEF3785D97BAFF4FB85AB8D46DA424C4CC5E11ABCAF718837E16350982BF8A27728318EC02C71ED164F57CDB121B72614B7B7C406613EC33395187
+20010328201124 2 6 100 1534 2 6DFD16D9669EDAF42EF5D4EED82AA84B0541DEC2045B6AF55021A184F32BCADE614A114137022C9A8B41C09AFC38199E7305864F70A8708F37FC2127264ECF4FA32391F243CC62B89602D3813082679E5BDF496BA9DFA4C818AD21EC261B6F11841E6F2DE1574CE95095841DAF052868CCD5E9BFCA543E0934B50A76A598E693136DE2D479AEF3785D97BAFF4FB85AB8D46DA424C4CC5E11ABCAF718837E16350982BF8A27728318EC02C71ED164F57CDB121B72614B7B7C406613EC334ED15B
+20010328201358 2 6 100 1534 5 6DFD16D9669EDAF42EF5D4EED82AA84B0541DEC2045B6AF55021A184F32BCADE614A114137022C9A8B41C09AFC38199E7305864F70A8708F37FC2127264ECF4FA32391F243CC62B89602D3813082679E5BDF496BA9DFA4C818AD21EC261B6F11841E6F2DE1574CE95095841DAF052868CCD5E9BFCA543E0934B50A76A598E693136DE2D479AEF3785D97BAFF4FB85AB8D46DA424C4CC5E11ABCAF718837E16350982BF8A27728318EC02C71ED164F57CDB121B72614B7B7C406613EC3359FC07
+20010328201537 2 6 100 1534 2 6DFD16D9669EDAF42EF5D4EED82AA84B0541DEC2045B6AF55021A184F32BCADE614A114137022C9A8B41C09AFC38199E7305864F70A8708F37FC2127264ECF4FA32391F243CC62B89602D3813082679E5BDF496BA9DFA4C818AD21EC261B6F11841E6F2DE1574CE95095841DAF052868CCD5E9BFCA543E0934B50A76A598E693136DE2D479AEF3785D97BAFF4FB85AB8D46DA424C4CC5E11ABCAF718837E16350982BF8A27728318EC02C71ED164F57CDB121B72614B7B7C406613EC335F7A83
+20010328201829 2 6 100 1534 2 6DFD16D9669EDAF42EF5D4EED82AA84B0541DEC2045B6AF55021A184F32BCADE614A114137022C9A8B41C09AFC38199E7305864F70A8708F37FC2127264ECF4FA32391F243CC62B89602D3813082679E5BDF496BA9DFA4C818AD21EC261B6F11841E6F2DE1574CE95095841DAF052868CCD5E9BFCA543E0934B50A76A598E693136DE2D479AEF3785D97BAFF4FB85AB8D46DA424C4CC5E11ABCAF718837E16350982BF8A27728318EC02C71ED164F57CDB121B72614B7B7C406613EC336D1433
+20010328202120 2 6 100 1534 2 6DFD16D9669EDAF42EF5D4EED82AA84B0541DEC2045B6AF55021A184F32BCADE614A114137022C9A8B41C09AFC38199E7305864F70A8708F37FC2127264ECF4FA32391F243CC62B89602D3813082679E5BDF496BA9DFA4C818AD21EC261B6F11841E6F2DE1574CE95095841DAF052868CCD5E9BFCA543E0934B50A76A598E693136DE2D479AEF3785D97BAFF4FB85AB8D46DA424C4CC5E11ABCAF718837E16350982BF8A27728318EC02C71ED164F57CDB121B72614B7B7C406613EC337B253B
+20010328202848 2 6 100 1534 5 6DFD16D9669EDAF42EF5D4EED82AA84B0541DEC2045B6AF55021A184F32BCADE614A114137022C9A8B41C09AFC38199E7305864F70A8708F37FC2127264ECF4FA32391F243CC62B89602D3813082679E5BDF496BA9DFA4C818AD21EC261B6F11841E6F2DE1574CE95095841DAF052868CCD5E9BFCA543E0934B50A76A598E693136DE2D479AEF3785D97BAFF4FB85AB8D46DA424C4CC5E11ABCAF718837E16350982BF8A27728318EC02C71ED164F57CDB121B72614B7B7C406613EC33A3D43F
+20010328203335 2 6 100 1534 2 6DFD16D9669EDAF42EF5D4EED82AA84B0541DEC2045B6AF55021A184F32BCADE614A114137022C9A8B41C09AFC38199E7305864F70A8708F37FC2127264ECF4FA32391F243CC62B89602D3813082679E5BDF496BA9DFA4C818AD21EC261B6F11841E6F2DE1574CE95095841DAF052868CCD5E9BFCA543E0934B50A76A598E693136DE2D479AEF3785D97BAFF4FB85AB8D46DA424C4CC5E11ABCAF718837E16350982BF8A27728318EC02C71ED164F57CDB121B72614B7B7C406613EC33BF24A3
+20010328204332 2 6 100 1534 2 6DFD16D9669EDAF42EF5D4EED82AA84B0541DEC2045B6AF55021A184F32BCADE614A114137022C9A8B41C09AFC38199E7305864F70A8708F37FC2127264ECF4FA32391F243CC62B89602D3813082679E5BDF496BA9DFA4C818AD21EC261B6F11841E6F2DE1574CE95095841DAF052868CCD5E9BFCA543E0934B50A76A598E693136DE2D479AEF3785D97BAFF4FB85AB8D46DA424C4CC5E11ABCAF718837E16350982BF8A27728318EC02C71ED164F57CDB121B72614B7B7C406613EC34011B8B
+20010328204443 2 6 100 1534 5 6DFD16D9669EDAF42EF5D4EED82AA84B0541DEC2045B6AF55021A184F32BCADE614A114137022C9A8B41C09AFC38199E7305864F70A8708F37FC2127264ECF4FA32391F243CC62B89602D3813082679E5BDF496BA9DFA4C818AD21EC261B6F11841E6F2DE1574CE95095841DAF052868CCD5E9BFCA543E0934B50A76A598E693136DE2D479AEF3785D97BAFF4FB85AB8D46DA424C4CC5E11ABCAF718837E16350982BF8A27728318EC02C71ED164F57CDB121B72614B7B7C406613EC3402A92F
+20010328204617 2 6 100 1534 2 6DFD16D9669EDAF42EF5D4EED82AA84B0541DEC2045B6AF55021A184F32BCADE614A114137022C9A8B41C09AFC38199E7305864F70A8708F37FC2127264ECF4FA32391F243CC62B89602D3813082679E5BDF496BA9DFA4C818AD21EC261B6F11841E6F2DE1574CE95095841DAF052868CCD5E9BFCA543E0934B50A76A598E693136DE2D479AEF3785D97BAFF4FB85AB8D46DA424C4CC5E11ABCAF718837E16350982BF8A27728318EC02C71ED164F57CDB121B72614B7B7C406613EC3406D343
+20010328205458 2 6 100 1534 2 6DFD16D9669EDAF42EF5D4EED82AA84B0541DEC2045B6AF55021A184F32BCADE614A114137022C9A8B41C09AFC38199E7305864F70A8708F37FC2127264ECF4FA32391F243CC62B89602D3813082679E5BDF496BA9DFA4C818AD21EC261B6F11841E6F2DE1574CE95095841DAF052868CCD5E9BFCA543E0934B50A76A598E693136DE2D479AEF3785D97BAFF4FB85AB8D46DA424C4CC5E11ABCAF718837E16350982BF8A27728318EC02C71ED164F57CDB121B72614B7B7C406613EC3436FA2B
+20010328210413 2 6 100 1534 2 6DFD16D9669EDAF42EF5D4EED82AA84B0541DEC2045B6AF55021A184F32BCADE614A114137022C9A8B41C09AFC38199E7305864F70A8708F37FC2127264ECF4FA32391F243CC62B89602D3813082679E5BDF496BA9DFA4C818AD21EC261B6F11841E6F2DE1574CE95095841DAF052868CCD5E9BFCA543E0934B50A76A598E693136DE2D479AEF3785D97BAFF4FB85AB8D46DA424C4CC5E11ABCAF718837E16350982BF8A27728318EC02C71ED164F57CDB121B72614B7B7C406613EC3471CF1B
+20010328213513 2 6 100 1534 5 6DFD16D9669EDAF42EF5D4EED82AA84B0541DEC2045B6AF55021A184F32BCADE614A114137022C9A8B41C09AFC38199E7305864F70A8708F37FC2127264ECF4FA32391F243CC62B89602D3813082679E5BDF496BA9DFA4C818AD21EC261B6F11841E6F2DE1574CE95095841DAF052868CCD5E9BFCA543E0934B50A76A598E693136DE2D479AEF3785D97BAFF4FB85AB8D46DA424C4CC5E11ABCAF718837E16350982BF8A27728318EC02C71ED164F57CDB121B72614B7B7C406613EC352AF5EF
+20010328215014 2 6 100 1534 2 6DFD16D9669EDAF42EF5D4EED82AA84B0541DEC2045B6AF55021A184F32BCADE614A114137022C9A8B41C09AFC38199E7305864F70A8708F37FC2127264ECF4FA32391F243CC62B89602D3813082679E5BDF496BA9DFA4C818AD21EC261B6F11841E6F2DE1574CE95095841DAF052868CCD5E9BFCA543E0934B50A76A598E693136DE2D479AEF3785D97BAFF4FB85AB8D46DA424C4CC5E11ABCAF718837E16350982BF8A27728318EC02C71ED164F57CDB121B72614B7B7C406613EC358CC3CB
+20010328215520 2 6 100 1534 5 6DFD16D9669EDAF42EF5D4EED82AA84B0541DEC2045B6AF55021A184F32BCADE614A114137022C9A8B41C09AFC38199E7305864F70A8708F37FC2127264ECF4FA32391F243CC62B89602D3813082679E5BDF496BA9DFA4C818AD21EC261B6F11841E6F2DE1574CE95095841DAF052868CCD5E9BFCA543E0934B50A76A598E693136DE2D479AEF3785D97BAFF4FB85AB8D46DA424C4CC5E11ABCAF718837E16350982BF8A27728318EC02C71ED164F57CDB121B72614B7B7C406613EC35A9B7FF
+20010328215733 2 6 100 1534 5 6DFD16D9669EDAF42EF5D4EED82AA84B0541DEC2045B6AF55021A184F32BCADE614A114137022C9A8B41C09AFC38199E7305864F70A8708F37FC2127264ECF4FA32391F243CC62B89602D3813082679E5BDF496BA9DFA4C818AD21EC261B6F11841E6F2DE1574CE95095841DAF052868CCD5E9BFCA543E0934B50A76A598E693136DE2D479AEF3785D97BAFF4FB85AB8D46DA424C4CC5E11ABCAF718837E16350982BF8A27728318EC02C71ED164F57CDB121B72614B7B7C406613EC35B2927F
+20010328220114 2 6 100 1534 2 6DFD16D9669EDAF42EF5D4EED82AA84B0541DEC2045B6AF55021A184F32BCADE614A114137022C9A8B41C09AFC38199E7305864F70A8708F37FC2127264ECF4FA32391F243CC62B89602D3813082679E5BDF496BA9DFA4C818AD21EC261B6F11841E6F2DE1574CE95095841DAF052868CCD5E9BFCA543E0934B50A76A598E693136DE2D479AEF3785D97BAFF4FB85AB8D46DA424C4CC5E11ABCAF718837E16350982BF8A27728318EC02C71ED164F57CDB121B72614B7B7C406613EC35C47323
+20010328220334 2 6 100 1534 2 6DFD16D9669EDAF42EF5D4EED82AA84B0541DEC2045B6AF55021A184F32BCADE614A114137022C9A8B41C09AFC38199E7305864F70A8708F37FC2127264ECF4FA32391F243CC62B89602D3813082679E5BDF496BA9DFA4C818AD21EC261B6F11841E6F2DE1574CE95095841DAF052868CCD5E9BFCA543E0934B50A76A598E693136DE2D479AEF3785D97BAFF4FB85AB8D46DA424C4CC5E11ABCAF718837E16350982BF8A27728318EC02C71ED164F57CDB121B72614B7B7C406613EC35CFA9C3
+20010328220653 2 6 100 1534 5 6DFD16D9669EDAF42EF5D4EED82AA84B0541DEC2045B6AF55021A184F32BCADE614A114137022C9A8B41C09AFC38199E7305864F70A8708F37FC2127264ECF4FA32391F243CC62B89602D3813082679E5BDF496BA9DFA4C818AD21EC261B6F11841E6F2DE1574CE95095841DAF052868CCD5E9BFCA543E0934B50A76A598E693136DE2D479AEF3785D97BAFF4FB85AB8D46DA424C4CC5E11ABCAF718837E16350982BF8A27728318EC02C71ED164F57CDB121B72614B7B7C406613EC35E0BB37
+20010328220915 2 6 100 1534 2 6DFD16D9669EDAF42EF5D4EED82AA84B0541DEC2045B6AF55021A184F32BCADE614A114137022C9A8B41C09AFC38199E7305864F70A8708F37FC2127264ECF4FA32391F243CC62B89602D3813082679E5BDF496BA9DFA4C818AD21EC261B6F11841E6F2DE1574CE95095841DAF052868CCD5E9BFCA543E0934B50A76A598E693136DE2D479AEF3785D97BAFF4FB85AB8D46DA424C4CC5E11ABCAF718837E16350982BF8A27728318EC02C71ED164F57CDB121B72614B7B7C406613EC35E9CC23
+20010328221256 2 6 100 1534 5 6DFD16D9669EDAF42EF5D4EED82AA84B0541DEC2045B6AF55021A184F32BCADE614A114137022C9A8B41C09AFC38199E7305864F70A8708F37FC2127264ECF4FA32391F243CC62B89602D3813082679E5BDF496BA9DFA4C818AD21EC261B6F11841E6F2DE1574CE95095841DAF052868CCD5E9BFCA543E0934B50A76A598E693136DE2D479AEF3785D97BAFF4FB85AB8D46DA424C4CC5E11ABCAF718837E16350982BF8A27728318EC02C71ED164F57CDB121B72614B7B7C406613EC35FD7D67
+20010328221457 2 6 100 1534 2 6DFD16D9669EDAF42EF5D4EED82AA84B0541DEC2045B6AF55021A184F32BCADE614A114137022C9A8B41C09AFC38199E7305864F70A8708F37FC2127264ECF4FA32391F243CC62B89602D3813082679E5BDF496BA9DFA4C818AD21EC261B6F11841E6F2DE1574CE95095841DAF052868CCD5E9BFCA543E0934B50A76A598E693136DE2D479AEF3785D97BAFF4FB85AB8D46DA424C4CC5E11ABCAF718837E16350982BF8A27728318EC02C71ED164F57CDB121B72614B7B7C406613EC36052CCB
+20010328222639 2 6 100 1534 5 6DFD16D9669EDAF42EF5D4EED82AA84B0541DEC2045B6AF55021A184F32BCADE614A114137022C9A8B41C09AFC38199E7305864F70A8708F37FC2127264ECF4FA32391F243CC62B89602D3813082679E5BDF496BA9DFA4C818AD21EC261B6F11841E6F2DE1574CE95095841DAF052868CCD5E9BFCA543E0934B50A76A598E693136DE2D479AEF3785D97BAFF4FB85AB8D46DA424C4CC5E11ABCAF718837E16350982BF8A27728318EC02C71ED164F57CDB121B72614B7B7C406613EC364A1E07
+20010328224126 2 6 100 1534 5 6DFD16D9669EDAF42EF5D4EED82AA84B0541DEC2045B6AF55021A184F32BCADE614A114137022C9A8B41C09AFC38199E7305864F70A8708F37FC2127264ECF4FA32391F243CC62B89602D3813082679E5BDF496BA9DFA4C818AD21EC261B6F11841E6F2DE1574CE95095841DAF052868CCD5E9BFCA543E0934B50A76A598E693136DE2D479AEF3785D97BAFF4FB85AB8D46DA424C4CC5E11ABCAF718837E16350982BF8A27728318EC02C71ED164F57CDB121B72614B7B7C406613EC36AD5557
+20010328225125 2 6 100 1534 5 6DFD16D9669EDAF42EF5D4EED82AA84B0541DEC2045B6AF55021A184F32BCADE614A114137022C9A8B41C09AFC38199E7305864F70A8708F37FC2127264ECF4FA32391F243CC62B89602D3813082679E5BDF496BA9DFA4C818AD21EC261B6F11841E6F2DE1574CE95095841DAF052868CCD5E9BFCA543E0934B50A76A598E693136DE2D479AEF3785D97BAFF4FB85AB8D46DA424C4CC5E11ABCAF718837E16350982BF8A27728318EC02C71ED164F57CDB121B72614B7B7C406613EC36EE57BF
+20010328225751 2 6 100 1534 2 6DFD16D9669EDAF42EF5D4EED82AA84B0541DEC2045B6AF55021A184F32BCADE614A114137022C9A8B41C09AFC38199E7305864F70A8708F37FC2127264ECF4FA32391F243CC62B89602D3813082679E5BDF496BA9DFA4C818AD21EC261B6F11841E6F2DE1574CE95095841DAF052868CCD5E9BFCA543E0934B50A76A598E693136DE2D479AEF3785D97BAFF4FB85AB8D46DA424C4CC5E11ABCAF718837E16350982BF8A27728318EC02C71ED164F57CDB121B72614B7B7C406613EC3716A70B
+20010328225943 2 6 100 1534 2 6DFD16D9669EDAF42EF5D4EED82AA84B0541DEC2045B6AF55021A184F32BCADE614A114137022C9A8B41C09AFC38199E7305864F70A8708F37FC2127264ECF4FA32391F243CC62B89602D3813082679E5BDF496BA9DFA4C818AD21EC261B6F11841E6F2DE1574CE95095841DAF052868CCD5E9BFCA543E0934B50A76A598E693136DE2D479AEF3785D97BAFF4FB85AB8D46DA424C4CC5E11ABCAF718837E16350982BF8A27728318EC02C71ED164F57CDB121B72614B7B7C406613EC371D010B
+20010328230054 2 6 100 1534 5 6DFD16D9669EDAF42EF5D4EED82AA84B0541DEC2045B6AF55021A184F32BCADE614A114137022C9A8B41C09AFC38199E7305864F70A8708F37FC2127264ECF4FA32391F243CC62B89602D3813082679E5BDF496BA9DFA4C818AD21EC261B6F11841E6F2DE1574CE95095841DAF052868CCD5E9BFCA543E0934B50A76A598E693136DE2D479AEF3785D97BAFF4FB85AB8D46DA424C4CC5E11ABCAF718837E16350982BF8A27728318EC02C71ED164F57CDB121B72614B7B7C406613EC371EB5C7
+20010328230301 2 6 100 1534 2 6DFD16D9669EDAF42EF5D4EED82AA84B0541DEC2045B6AF55021A184F32BCADE614A114137022C9A8B41C09AFC38199E7305864F70A8708F37FC2127264ECF4FA32391F243CC62B89602D3813082679E5BDF496BA9DFA4C818AD21EC261B6F11841E6F2DE1574CE95095841DAF052868CCD5E9BFCA543E0934B50A76A598E693136DE2D479AEF3785D97BAFF4FB85AB8D46DA424C4CC5E11ABCAF718837E16350982BF8A27728318EC02C71ED164F57CDB121B72614B7B7C406613EC37275F4B
+20010328230628 2 6 100 1534 2 6DFD16D9669EDAF42EF5D4EED82AA84B0541DEC2045B6AF55021A184F32BCADE614A114137022C9A8B41C09AFC38199E7305864F70A8708F37FC2127264ECF4FA32391F243CC62B89602D3813082679E5BDF496BA9DFA4C818AD21EC261B6F11841E6F2DE1574CE95095841DAF052868CCD5E9BFCA543E0934B50A76A598E693136DE2D479AEF3785D97BAFF4FB85AB8D46DA424C4CC5E11ABCAF718837E16350982BF8A27728318EC02C71ED164F57CDB121B72614B7B7C406613EC3738C3F3
+20010329000424 2 6 100 2046 2 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC34993853ACAACAB
+20010329001637 2 6 100 2046 5 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC34993853AE5BE0F
+20010329002229 2 6 100 2046 2 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC34993853AEDE2D3
+20010329003652 2 6 100 2046 2 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC34993853B0F32CB
+20010329005040 2 6 100 2046 2 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC34993853B30E503
+20010329014643 2 6 100 2046 5 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC34993853BC9AF57
+20010329021950 2 6 100 2046 2 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC34993853C205263
+20010329023256 2 6 100 2046 2 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC34993853C3F2E53
+20010329031049 2 6 100 2046 5 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC34993853CA28BBF
+20010329032045 2 6 100 2046 2 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC34993853CB81103
+20010329052113 2 6 100 2046 5 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC34993853DF13B47
+20010329052449 2 6 100 2046 2 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC34993853DF3ED53
+20010329060404 2 6 100 2046 5 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC34993853E5D25E7
+20010329062856 2 6 100 2046 2 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC34993853E9CF013
+20010329063152 2 6 100 2046 2 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC34993853E9E1CEB
+20010329070601 2 6 100 2046 5 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC34993853EF58B7F
+20010329071302 2 6 100 2046 5 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC34993853F017697
+20010329072011 2 6 100 2046 2 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC34993853F0E72D3
+20010329072445 2 6 100 2046 5 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC34993853F14CE17
+20010329073641 2 6 100 2046 2 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC34993853F2EEBA3
+20010329075209 2 6 100 2046 5 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC34993853F52E927
+20010329080750 2 6 100 2046 2 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC34993853F776F8B
+20010329084002 2 6 100 2046 2 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC34993853FC98043
+20010329084744 2 6 100 2046 5 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC34993853FD7EAAF
+20010329090209 2 6 100 2046 5 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC34993853FF9AF5F
+20010329093527 2 6 100 2046 2 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC3499385404E330B
+20010329094652 2 6 100 2046 5 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC349938540672D1F
+20010329103445 2 6 100 2046 2 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC349938540E4B213
+20010329111418 2 6 100 2046 5 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC34993854144947F
+20010329112031 2 6 100 2046 2 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC3499385414F223B
+20010329112413 2 6 100 2046 2 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC349938541522073
+20010329114209 2 6 100 2046 2 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC3499385417C8E53
+20010329125026 2 6 100 2046 2 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC3499385422E41AB
+20010329132045 2 6 100 2046 5 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC3499385427DD3FF
+20010329134105 2 6 100 2046 5 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC349938542AFA2D7
+20010329134914 2 6 100 2046 5 7ED0888B660A818F15E5F76A7F2BF10C99D74129DA04446C60116C9C800501060B8AFF075DCE0C08CEFDF695440E6F16FCCDB06359D080EF62D6485CBAEB94B92BE771D535B4EA9C5D14D84CD7649E25C7CFEA2C914486CC2BFDE77C4C0DF1D6DDED65FEE2F53A7FA690AFE38EE00C154FBAEFF935466B176CB0AED02458A552929F4EA7FC3E6F9F758DE7F22CC1F49641F492820441BDC109F0CE18F883FC93EA9AC4C1432682BA1C5B67BED8C861152A5F952A8CDCF1BCE02B8D93E80C113CE9FE2E4ACA49B2978B99A8C5FA231A77F5E7C604D44C7C6EA98D561294D4F7AB061432CAB8BBDCEC3659DE64F65265E6B9FC5F46879BB17CC349938542C04A37
+20010403222140 2 6 100 3190 5 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B0AB16DAF
+20010403225231 2 6 100 3190 5 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B0AC56CFF
+20010404053436 2 6 100 3190 5 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B0C2F4B7F
+20010404092851 2 6 100 3190 5 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B0D04E7F7
+20010404093943 2 6 100 3190 2 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B0D07794B
+20010404102659 2 6 100 3190 5 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B0D2BE8CF
+20010404112553 2 6 100 3190 2 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B0D5D012B
+20010404174625 2 6 100 3190 5 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B0EA59E17
+20010404184645 2 6 100 3190 5 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B0ED6DA4F
+20010404193402 2 6 100 3190 2 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B0EFB39B3
+20010404230716 2 6 100 3190 2 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B0FB07C1B
+20010405044433 2 6 100 3190 2 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B10DD9FC3
+20010405053429 2 6 100 3190 5 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B11038737
+20010405062826 2 6 100 3190 5 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B112E24E7
+20010405092601 2 6 100 3190 2 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B11C9E9FB
+20010405113007 2 6 100 3190 2 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B123803EB
+20010405122212 2 6 100 3190 2 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B12612ED3
+20010405182035 2 6 100 3190 5 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B13A25087
+20010405210758 2 6 100 3190 2 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B142C4E23
+20010405220222 2 6 100 3190 2 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B145878F3
+20010406020130 2 6 100 3190 2 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B152AF6AB
+20010406053538 2 6 100 3190 2 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B15E78C8B
+20010406073014 2 6 100 3190 5 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B1649BFEF
+20010406074100 2 6 100 3190 5 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B164D4E3F
+20010406103625 2 6 100 3190 2 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B16E07B33
+20010406131946 2 6 100 3190 2 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B17706243
+20010406170234 2 6 100 3190 5 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B182FD957
+20010406182949 2 6 100 3190 2 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B18768903
+20010406203157 2 6 100 3190 2 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B18DCFC3B
+20010407022825 2 6 100 3190 5 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B1A1AF797
+20010407071024 2 6 100 3190 5 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B1B1551E7
+20010407112402 2 6 100 3190 5 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B1BF78EC7
+20010407123215 2 6 100 3190 2 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B1C30021B
+20010407161504 2 6 100 3190 2 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B1CF27743
+20010407171629 2 6 100 3190 5 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B1D25FAD7
+20010407191502 2 6 100 3190 2 669BA3ED661F226A090BE5644A2BB4209371B78FC3E6848A095821993F59084CA5EE12052F977D01F0666F03F6573B199DFEC9AB94588C2C60DE3B3E7CF5094587919FCC3FB40A61C261E891A0F91D9FFC8F30CA12CF809DD8290DD786FA8B041FFAC5793C38F38757EA6790472AC2692185B554B0046E8C065C983C0ACC8D2F85AB4BEDF7CE233009218C9691FE44261580D4149F1D4471B0B5DF79E224252474EBC3B7B5490950BB438BF498E79F8794498B3A3B5FBB42829C3BBEA4067F28C23BE40377B986BD5443CCCF02405B8CCCAA09E8179F0168D4969994171A6AD98F81015BC84E10A44E1EFD2E0862C5D1AAFE99014715A36800DBD9A6C51C0226CC82A651DAE4F73D54C4D103C13D1C15CF8CCA67D5CB39F03C66F3B7467F8FFDCC5074CD0C1B2538FBF956971BF39314CEDD20E1B10DE16D86E10BE7FA5B1A706AEB4C356F49807A22072CD00559AF0A863788956651919E26A315EAD1D26E7C98FC4CFA35A0F04DD400A2991A1FFE5B271FEDE54375896A29F968BE1D511BA466A92AC3E3772709FC815B1D8C2753
+20010420002705 2 6 100 4094 2 65B5B9F5ECFADB4CCB38D1BC894302E95B4843290F1A7A40579DF3E2FF98C1D3DA9F210857C784433DF32ADF9E0C80121211690E1FFB41B8DB4E86AFE388A09C9BB2C98EDC581C2E65D57F61BB920C3D1B7B058B5FADFF65D607DAFF443B8BA1ACE1A3A7B16EA0713F62537C6689E3C4A0F61198F3B054FCF140CFADD8622C0E7621998331E59DA6F72E9D608D0E58F526E95F485C7CA30A416617DA3CCFF722BB82362606283D054B34B83ECDB4C91BAB835944010EBE5E9FA7B016ED89891DD553CC71B5CF76EDB2A184B377F670D6AF191763EEFD175E48EA37EE18B9E44E2D017D845C444C8111816819866E490B52F7F879A0C6F401CF7859674F93E304365F4E8CB8C312EFB725732A46D7CF0C9D2939AEE25F428CEFC90959DBF8ADD612F343EF9BFCA2FBA61BD4BF93E1E54626D227FDA812E18D071579AB4EEAC9901DAB183BCB0D9F48732D92CE66B386EAE5D8212C9FD156DC3F09B171B5603E17A468D244F3B6880EBCDA189BA9E23E4A4C6C2995ACF264F8CE9D54B27316343C0BC19221F75E6A2AC68011741695E599F73460B7A042E0461DB189CDCE223B40336BF2251AE3B363159960C9F63B47EFC43790D474DABB9A686DAF21E0DD76533749FCA9F144FA9C243CEF1364C79D981ED81DC4635C73B7F8908BA190AA920ED370F815BC2F9B3D28ED87BE34A01498836222C17B70C246C03CA1C10C1E08F3
+20010420005243 2 6 100 4094 2 65B5B9F5ECFADB4CCB38D1BC894302E95B4843290F1A7A40579DF3E2FF98C1D3DA9F210857C784433DF32ADF9E0C80121211690E1FFB41B8DB4E86AFE388A09C9BB2C98EDC581C2E65D57F61BB920C3D1B7B058B5FADFF65D607DAFF443B8BA1ACE1A3A7B16EA0713F62537C6689E3C4A0F61198F3B054FCF140CFADD8622C0E7621998331E59DA6F72E9D608D0E58F526E95F485C7CA30A416617DA3CCFF722BB82362606283D054B34B83ECDB4C91BAB835944010EBE5E9FA7B016ED89891DD553CC71B5CF76EDB2A184B377F670D6AF191763EEFD175E48EA37EE18B9E44E2D017D845C444C8111816819866E490B52F7F879A0C6F401CF7859674F93E304365F4E8CB8C312EFB725732A46D7CF0C9D2939AEE25F428CEFC90959DBF8ADD612F343EF9BFCA2FBA61BD4BF93E1E54626D227FDA812E18D071579AB4EEAC9901DAB183BCB0D9F48732D92CE66B386EAE5D8212C9FD156DC3F09B171B5603E17A468D244F3B6880EBCDA189BA9E23E4A4C6C2995ACF264F8CE9D54B27316343C0BC19221F75E6A2AC68011741695E599F73460B7A042E0461DB189CDCE223B40336BF2251AE3B363159960C9F63B47EFC43790D474DABB9A686DAF21E0DD76533749FCA9F144FA9C243CEF1364C79D981ED81DC4635C73B7F8908BA190AA920ED370F815BC2F9B3D28ED87BE34A01498836222C17B70C246C03CA1C10C219FB3
+20010420035225 2 6 100 4094 5 65B5B9F5ECFADB4CCB38D1BC894302E95B4843290F1A7A40579DF3E2FF98C1D3DA9F210857C784433DF32ADF9E0C80121211690E1FFB41B8DB4E86AFE388A09C9BB2C98EDC581C2E65D57F61BB920C3D1B7B058B5FADFF65D607DAFF443B8BA1ACE1A3A7B16EA0713F62537C6689E3C4A0F61198F3B054FCF140CFADD8622C0E7621998331E59DA6F72E9D608D0E58F526E95F485C7CA30A416617DA3CCFF722BB82362606283D054B34B83ECDB4C91BAB835944010EBE5E9FA7B016ED89891DD553CC71B5CF76EDB2A184B377F670D6AF191763EEFD175E48EA37EE18B9E44E2D017D845C444C8111816819866E490B52F7F879A0C6F401CF7859674F93E304365F4E8CB8C312EFB725732A46D7CF0C9D2939AEE25F428CEFC90959DBF8ADD612F343EF9BFCA2FBA61BD4BF93E1E54626D227FDA812E18D071579AB4EEAC9901DAB183BCB0D9F48732D92CE66B386EAE5D8212C9FD156DC3F09B171B5603E17A468D244F3B6880EBCDA189BA9E23E4A4C6C2995ACF264F8CE9D54B27316343C0BC19221F75E6A2AC68011741695E599F73460B7A042E0461DB189CDCE223B40336BF2251AE3B363159960C9F63B47EFC43790D474DABB9A686DAF21E0DD76533749FCA9F144FA9C243CEF1364C79D981ED81DC4635C73B7F8908BA190AA920ED370F815BC2F9B3D28ED87BE34A01498836222C17B70C246C03CA1C10C660B3F
+20010420145749 2 6 100 4094 2 65B5B9F5ECFADB4CCB38D1BC894302E95B4843290F1A7A40579DF3E2FF98C1D3DA9F210857C784433DF32ADF9E0C80121211690E1FFB41B8DB4E86AFE388A09C9BB2C98EDC581C2E65D57F61BB920C3D1B7B058B5FADFF65D607DAFF443B8BA1ACE1A3A7B16EA0713F62537C6689E3C4A0F61198F3B054FCF140CFADD8622C0E7621998331E59DA6F72E9D608D0E58F526E95F485C7CA30A416617DA3CCFF722BB82362606283D054B34B83ECDB4C91BAB835944010EBE5E9FA7B016ED89891DD553CC71B5CF76EDB2A184B377F670D6AF191763EEFD175E48EA37EE18B9E44E2D017D845C444C8111816819866E490B52F7F879A0C6F401CF7859674F93E304365F4E8CB8C312EFB725732A46D7CF0C9D2939AEE25F428CEFC90959DBF8ADD612F343EF9BFCA2FBA61BD4BF93E1E54626D227FDA812E18D071579AB4EEAC9901DAB183BCB0D9F48732D92CE66B386EAE5D8212C9FD156DC3F09B171B5603E17A468D244F3B6880EBCDA189BA9E23E4A4C6C2995ACF264F8CE9D54B27316343C0BC19221F75E6A2AC68011741695E599F73460B7A042E0461DB189CDCE223B40336BF2251AE3B363159960C9F63B47EFC43790D474DABB9A686DAF21E0DD76533749FCA9F144FA9C243CEF1364C79D981ED81DC4635C73B7F8908BA190AA920ED370F815BC2F9B3D28ED87BE34A01498836222C17B70C246C03CA1C10D741313
+20010420205718 2 6 100 4094 2 65B5B9F5ECFADB4CCB38D1BC894302E95B4843290F1A7A40579DF3E2FF98C1D3DA9F210857C784433DF32ADF9E0C80121211690E1FFB41B8DB4E86AFE388A09C9BB2C98EDC581C2E65D57F61BB920C3D1B7B058B5FADFF65D607DAFF443B8BA1ACE1A3A7B16EA0713F62537C6689E3C4A0F61198F3B054FCF140CFADD8622C0E7621998331E59DA6F72E9D608D0E58F526E95F485C7CA30A416617DA3CCFF722BB82362606283D054B34B83ECDB4C91BAB835944010EBE5E9FA7B016ED89891DD553CC71B5CF76EDB2A184B377F670D6AF191763EEFD175E48EA37EE18B9E44E2D017D845C444C8111816819866E490B52F7F879A0C6F401CF7859674F93E304365F4E8CB8C312EFB725732A46D7CF0C9D2939AEE25F428CEFC90959DBF8ADD612F343EF9BFCA2FBA61BD4BF93E1E54626D227FDA812E18D071579AB4EEAC9901DAB183BCB0D9F48732D92CE66B386EAE5D8212C9FD156DC3F09B171B5603E17A468D244F3B6880EBCDA189BA9E23E4A4C6C2995ACF264F8CE9D54B27316343C0BC19221F75E6A2AC68011741695E599F73460B7A042E0461DB189CDCE223B40336BF2251AE3B363159960C9F63B47EFC43790D474DABB9A686DAF21E0DD76533749FCA9F144FA9C243CEF1364C79D981ED81DC4635C73B7F8908BA190AA920ED370F815BC2F9B3D28ED87BE34A01498836222C17B70C246C03CA1C10DD41193
+20010420232458 2 6 100 4094 5 65B5B9F5ECFADB4CCB38D1BC894302E95B4843290F1A7A40579DF3E2FF98C1D3DA9F210857C784433DF32ADF9E0C80121211690E1FFB41B8DB4E86AFE388A09C9BB2C98EDC581C2E65D57F61BB920C3D1B7B058B5FADFF65D607DAFF443B8BA1ACE1A3A7B16EA0713F62537C6689E3C4A0F61198F3B054FCF140CFADD8622C0E7621998331E59DA6F72E9D608D0E58F526E95F485C7CA30A416617DA3CCFF722BB82362606283D054B34B83ECDB4C91BAB835944010EBE5E9FA7B016ED89891DD553CC71B5CF76EDB2A184B377F670D6AF191763EEFD175E48EA37EE18B9E44E2D017D845C444C8111816819866E490B52F7F879A0C6F401CF7859674F93E304365F4E8CB8C312EFB725732A46D7CF0C9D2939AEE25F428CEFC90959DBF8ADD612F343EF9BFCA2FBA61BD4BF93E1E54626D227FDA812E18D071579AB4EEAC9901DAB183BCB0D9F48732D92CE66B386EAE5D8212C9FD156DC3F09B171B5603E17A468D244F3B6880EBCDA189BA9E23E4A4C6C2995ACF264F8CE9D54B27316343C0BC19221F75E6A2AC68011741695E599F73460B7A042E0461DB189CDCE223B40336BF2251AE3B363159960C9F63B47EFC43790D474DABB9A686DAF21E0DD76533749FCA9F144FA9C243CEF1364C79D981ED81DC4635C73B7F8908BA190AA920ED370F815BC2F9B3D28ED87BE34A01498836222C17B70C246C03CA1C10E0AB4EF
+20010421003952 2 6 100 4094 5 65B5B9F5ECFADB4CCB38D1BC894302E95B4843290F1A7A40579DF3E2FF98C1D3DA9F210857C784433DF32ADF9E0C80121211690E1FFB41B8DB4E86AFE388A09C9BB2C98EDC581C2E65D57F61BB920C3D1B7B058B5FADFF65D607DAFF443B8BA1ACE1A3A7B16EA0713F62537C6689E3C4A0F61198F3B054FCF140CFADD8622C0E7621998331E59DA6F72E9D608D0E58F526E95F485C7CA30A416617DA3CCFF722BB82362606283D054B34B83ECDB4C91BAB835944010EBE5E9FA7B016ED89891DD553CC71B5CF76EDB2A184B377F670D6AF191763EEFD175E48EA37EE18B9E44E2D017D845C444C8111816819866E490B52F7F879A0C6F401CF7859674F93E304365F4E8CB8C312EFB725732A46D7CF0C9D2939AEE25F428CEFC90959DBF8ADD612F343EF9BFCA2FBA61BD4BF93E1E54626D227FDA812E18D071579AB4EEAC9901DAB183BCB0D9F48732D92CE66B386EAE5D8212C9FD156DC3F09B171B5603E17A468D244F3B6880EBCDA189BA9E23E4A4C6C2995ACF264F8CE9D54B27316343C0BC19221F75E6A2AC68011741695E599F73460B7A042E0461DB189CDCE223B40336BF2251AE3B363159960C9F63B47EFC43790D474DABB9A686DAF21E0DD76533749FCA9F144FA9C243CEF1364C79D981ED81DC4635C73B7F8908BA190AA920ED370F815BC2F9B3D28ED87BE34A01498836222C17B70C246C03CA1C10E22F857
+20010421013245 2 6 100 4094 2 65B5B9F5ECFADB4CCB38D1BC894302E95B4843290F1A7A40579DF3E2FF98C1D3DA9F210857C784433DF32ADF9E0C80121211690E1FFB41B8DB4E86AFE388A09C9BB2C98EDC581C2E65D57F61BB920C3D1B7B058B5FADFF65D607DAFF443B8BA1ACE1A3A7B16EA0713F62537C6689E3C4A0F61198F3B054FCF140CFADD8622C0E7621998331E59DA6F72E9D608D0E58F526E95F485C7CA30A416617DA3CCFF722BB82362606283D054B34B83ECDB4C91BAB835944010EBE5E9FA7B016ED89891DD553CC71B5CF76EDB2A184B377F670D6AF191763EEFD175E48EA37EE18B9E44E2D017D845C444C8111816819866E490B52F7F879A0C6F401CF7859674F93E304365F4E8CB8C312EFB725732A46D7CF0C9D2939AEE25F428CEFC90959DBF8ADD612F343EF9BFCA2FBA61BD4BF93E1E54626D227FDA812E18D071579AB4EEAC9901DAB183BCB0D9F48732D92CE66B386EAE5D8212C9FD156DC3F09B171B5603E17A468D244F3B6880EBCDA189BA9E23E4A4C6C2995ACF264F8CE9D54B27316343C0BC19221F75E6A2AC68011741695E599F73460B7A042E0461DB189CDCE223B40336BF2251AE3B363159960C9F63B47EFC43790D474DABB9A686DAF21E0DD76533749FCA9F144FA9C243CEF1364C79D981ED81DC4635C73B7F8908BA190AA920ED370F815BC2F9B3D28ED87BE34A01498836222C17B70C246C03CA1C10E31828B
+20010421085157 2 6 100 4094 2 65B5B9F5ECFADB4CCB38D1BC894302E95B4843290F1A7A40579DF3E2FF98C1D3DA9F210857C784433DF32ADF9E0C80121211690E1FFB41B8DB4E86AFE388A09C9BB2C98EDC581C2E65D57F61BB920C3D1B7B058B5FADFF65D607DAFF443B8BA1ACE1A3A7B16EA0713F62537C6689E3C4A0F61198F3B054FCF140CFADD8622C0E7621998331E59DA6F72E9D608D0E58F526E95F485C7CA30A416617DA3CCFF722BB82362606283D054B34B83ECDB4C91BAB835944010EBE5E9FA7B016ED89891DD553CC71B5CF76EDB2A184B377F670D6AF191763EEFD175E48EA37EE18B9E44E2D017D845C444C8111816819866E490B52F7F879A0C6F401CF7859674F93E304365F4E8CB8C312EFB725732A46D7CF0C9D2939AEE25F428CEFC90959DBF8ADD612F343EF9BFCA2FBA61BD4BF93E1E54626D227FDA812E18D071579AB4EEAC9901DAB183BCB0D9F48732D92CE66B386EAE5D8212C9FD156DC3F09B171B5603E17A468D244F3B6880EBCDA189BA9E23E4A4C6C2995ACF264F8CE9D54B27316343C0BC19221F75E6A2AC68011741695E599F73460B7A042E0461DB189CDCE223B40336BF2251AE3B363159960C9F63B47EFC43790D474DABB9A686DAF21E0DD76533749FCA9F144FA9C243CEF1364C79D981ED81DC4635C73B7F8908BA190AA920ED370F815BC2F9B3D28ED87BE34A01498836222C17B70C246C03CA1C10EE28B2B
+20010421092617 2 6 100 4094 2 65B5B9F5ECFADB4CCB38D1BC894302E95B4843290F1A7A40579DF3E2FF98C1D3DA9F210857C784433DF32ADF9E0C80121211690E1FFB41B8DB4E86AFE388A09C9BB2C98EDC581C2E65D57F61BB920C3D1B7B058B5FADFF65D607DAFF443B8BA1ACE1A3A7B16EA0713F62537C6689E3C4A0F61198F3B054FCF140CFADD8622C0E7621998331E59DA6F72E9D608D0E58F526E95F485C7CA30A416617DA3CCFF722BB82362606283D054B34B83ECDB4C91BAB835944010EBE5E9FA7B016ED89891DD553CC71B5CF76EDB2A184B377F670D6AF191763EEFD175E48EA37EE18B9E44E2D017D845C444C8111816819866E490B52F7F879A0C6F401CF7859674F93E304365F4E8CB8C312EFB725732A46D7CF0C9D2939AEE25F428CEFC90959DBF8ADD612F343EF9BFCA2FBA61BD4BF93E1E54626D227FDA812E18D071579AB4EEAC9901DAB183BCB0D9F48732D92CE66B386EAE5D8212C9FD156DC3F09B171B5603E17A468D244F3B6880EBCDA189BA9E23E4A4C6C2995ACF264F8CE9D54B27316343C0BC19221F75E6A2AC68011741695E599F73460B7A042E0461DB189CDCE223B40336BF2251AE3B363159960C9F63B47EFC43790D474DABB9A686DAF21E0DD76533749FCA9F144FA9C243CEF1364C79D981ED81DC4635C73B7F8908BA190AA920ED370F815BC2F9B3D28ED87BE34A01498836222C17B70C246C03CA1C10EE97A3B
+20010421135621 2 6 100 4094 2 65B5B9F5ECFADB4CCB38D1BC894302E95B4843290F1A7A40579DF3E2FF98C1D3DA9F210857C784433DF32ADF9E0C80121211690E1FFB41B8DB4E86AFE388A09C9BB2C98EDC581C2E65D57F61BB920C3D1B7B058B5FADFF65D607DAFF443B8BA1ACE1A3A7B16EA0713F62537C6689E3C4A0F61198F3B054FCF140CFADD8622C0E7621998331E59DA6F72E9D608D0E58F526E95F485C7CA30A416617DA3CCFF722BB82362606283D054B34B83ECDB4C91BAB835944010EBE5E9FA7B016ED89891DD553CC71B5CF76EDB2A184B377F670D6AF191763EEFD175E48EA37EE18B9E44E2D017D845C444C8111816819866E490B52F7F879A0C6F401CF7859674F93E304365F4E8CB8C312EFB725732A46D7CF0C9D2939AEE25F428CEFC90959DBF8ADD612F343EF9BFCA2FBA61BD4BF93E1E54626D227FDA812E18D071579AB4EEAC9901DAB183BCB0D9F48732D92CE66B386EAE5D8212C9FD156DC3F09B171B5603E17A468D244F3B6880EBCDA189BA9E23E4A4C6C2995ACF264F8CE9D54B27316343C0BC19221F75E6A2AC68011741695E599F73460B7A042E0461DB189CDCE223B40336BF2251AE3B363159960C9F63B47EFC43790D474DABB9A686DAF21E0DD76533749FCA9F144FA9C243CEF1364C79D981ED81DC4635C73B7F8908BA190AA920ED370F815BC2F9B3D28ED87BE34A01498836222C17B70C246C03CA1C10F52C463
+20010422012438 2 6 100 4094 2 65B5B9F5ECFADB4CCB38D1BC894302E95B4843290F1A7A40579DF3E2FF98C1D3DA9F210857C784433DF32ADF9E0C80121211690E1FFB41B8DB4E86AFE388A09C9BB2C98EDC581C2E65D57F61BB920C3D1B7B058B5FADFF65D607DAFF443B8BA1ACE1A3A7B16EA0713F62537C6689E3C4A0F61198F3B054FCF140CFADD8622C0E7621998331E59DA6F72E9D608D0E58F526E95F485C7CA30A416617DA3CCFF722BB82362606283D054B34B83ECDB4C91BAB835944010EBE5E9FA7B016ED89891DD553CC71B5CF76EDB2A184B377F670D6AF191763EEFD175E48EA37EE18B9E44E2D017D845C444C8111816819866E490B52F7F879A0C6F401CF7859674F93E304365F4E8CB8C312EFB725732A46D7CF0C9D2939AEE25F428CEFC90959DBF8ADD612F343EF9BFCA2FBA61BD4BF93E1E54626D227FDA812E18D071579AB4EEAC9901DAB183BCB0D9F48732D92CE66B386EAE5D8212C9FD156DC3F09B171B5603E17A468D244F3B6880EBCDA189BA9E23E4A4C6C2995ACF264F8CE9D54B27316343C0BC19221F75E6A2AC68011741695E599F73460B7A042E0461DB189CDCE223B40336BF2251AE3B363159960C9F63B47EFC43790D474DABB9A686DAF21E0DD76533749FCA9F144FA9C243CEF1364C79D981ED81DC4635C73B7F8908BA190AA920ED370F815BC2F9B3D28ED87BE34A01498836222C17B70C246C03CA1C110627AF3
+20010422042530 2 6 100 4094 2 65B5B9F5ECFADB4CCB38D1BC894302E95B4843290F1A7A40579DF3E2FF98C1D3DA9F210857C784433DF32ADF9E0C80121211690E1FFB41B8DB4E86AFE388A09C9BB2C98EDC581C2E65D57F61BB920C3D1B7B058B5FADFF65D607DAFF443B8BA1ACE1A3A7B16EA0713F62537C6689E3C4A0F61198F3B054FCF140CFADD8622C0E7621998331E59DA6F72E9D608D0E58F526E95F485C7CA30A416617DA3CCFF722BB82362606283D054B34B83ECDB4C91BAB835944010EBE5E9FA7B016ED89891DD553CC71B5CF76EDB2A184B377F670D6AF191763EEFD175E48EA37EE18B9E44E2D017D845C444C8111816819866E490B52F7F879A0C6F401CF7859674F93E304365F4E8CB8C312EFB725732A46D7CF0C9D2939AEE25F428CEFC90959DBF8ADD612F343EF9BFCA2FBA61BD4BF93E1E54626D227FDA812E18D071579AB4EEAC9901DAB183BCB0D9F48732D92CE66B386EAE5D8212C9FD156DC3F09B171B5603E17A468D244F3B6880EBCDA189BA9E23E4A4C6C2995ACF264F8CE9D54B27316343C0BC19221F75E6A2AC68011741695E599F73460B7A042E0461DB189CDCE223B40336BF2251AE3B363159960C9F63B47EFC43790D474DABB9A686DAF21E0DD76533749FCA9F144FA9C243CEF1364C79D981ED81DC4635C73B7F8908BA190AA920ED370F815BC2F9B3D28ED87BE34A01498836222C17B70C246C03CA1C110A793B3
+20010422163438 2 6 100 4094 5 65B5B9F5ECFADB4CCB38D1BC894302E95B4843290F1A7A40579DF3E2FF98C1D3DA9F210857C784433DF32ADF9E0C80121211690E1FFB41B8DB4E86AFE388A09C9BB2C98EDC581C2E65D57F61BB920C3D1B7B058B5FADFF65D607DAFF443B8BA1ACE1A3A7B16EA0713F62537C6689E3C4A0F61198F3B054FCF140CFADD8622C0E7621998331E59DA6F72E9D608D0E58F526E95F485C7CA30A416617DA3CCFF722BB82362606283D054B34B83ECDB4C91BAB835944010EBE5E9FA7B016ED89891DD553CC71B5CF76EDB2A184B377F670D6AF191763EEFD175E48EA37EE18B9E44E2D017D845C444C8111816819866E490B52F7F879A0C6F401CF7859674F93E304365F4E8CB8C312EFB725732A46D7CF0C9D2939AEE25F428CEFC90959DBF8ADD612F343EF9BFCA2FBA61BD4BF93E1E54626D227FDA812E18D071579AB4EEAC9901DAB183BCB0D9F48732D92CE66B386EAE5D8212C9FD156DC3F09B171B5603E17A468D244F3B6880EBCDA189BA9E23E4A4C6C2995ACF264F8CE9D54B27316343C0BC19221F75E6A2AC68011741695E599F73460B7A042E0461DB189CDCE223B40336BF2251AE3B363159960C9F63B47EFC43790D474DABB9A686DAF21E0DD76533749FCA9F144FA9C243CEF1364C79D981ED81DC4635C73B7F8908BA190AA920ED370F815BC2F9B3D28ED87BE34A01498836222C17B70C246C03CA1C111D2A227
diff -ruN --exclude CVS ssh-openbsd-2002030700/nchan.c openssh-3.1p1/nchan.c
--- ssh-openbsd-2002030700/nchan.c	Tue Jan 22 10:27:10 2002
+++ openssh-3.1p1/nchan.c	Tue Jan 22 23:34:53 2002
@@ -469,7 +469,13 @@
 		return;
 	debug("channel %d: close_read", c->self);
 	if (c->sock != -1) {
-		if (shutdown(c->sock, SHUT_RD) < 0)
+		/*
+		 * shutdown(sock, SHUT_READ) may return ENOTCONN if the
+		 * write side has been closed already. (bug on Linux)
+		 * HP-UX may return ENOTCONN also.
+		 */
+		if (shutdown(c->sock, SHUT_RD) < 0
+		    && errno != ENOTCONN)
 			error("channel %d: chan_shutdown_read: "
 			    "shutdown() failed for fd%d [i%d o%d]: %.100s",
 			    c->self, c->sock, c->istate, c->ostate,
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/.cvsignore openssh-3.1p1/openbsd-compat/.cvsignore
--- ssh-openbsd-2002030700/openbsd-compat/.cvsignore	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/.cvsignore	Mon Apr 30 13:55:39 2001
@@ -0,0 +1 @@
+Makefile
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/Makefile.in openssh-3.1p1/openbsd-compat/Makefile.in
--- ssh-openbsd-2002030700/openbsd-compat/Makefile.in	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/Makefile.in	Wed Feb 20 07:27:57 2002
@@ -0,0 +1,42 @@
+# $Id: Makefile.in,v 1.21 2002/02/19 20:27:57 mouring Exp $
+
+sysconfdir=@sysconfdir@
+piddir=@piddir@
+srcdir=@srcdir@
+top_srcdir=@top_srcdir@
+
+VPATH=@srcdir@
+CC=@CC@
+LD=@LD@
+CFLAGS=@CFLAGS@
+CPPFLAGS=-I. -I.. -I$(srcdir) -I$(srcdir)/.. @CPPFLAGS@ @DEFS@
+LIBS=@LIBS@
+AR=@AR@
+RANLIB=@RANLIB@
+INSTALL=@INSTALL@
+LDFLAGS=-L. @LDFLAGS@
+
+OPENBSD=base64.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o
+
+COMPAT=bsd-arc4random.o bsd-cray.o bsd-cygwin_util.o bsd-misc.o bsd-nextstep.o bsd-snprintf.o bsd-waitpid.o fake-getaddrinfo.o fake-getnameinfo.o
+
+PORTS=port-irix.o port-aix.o
+
+.c.o:
+	$(CC) $(CFLAGS) $(CPPFLAGS) -c $<
+
+all: libopenbsd-compat.a
+
+$(COMPAT): ../config.h
+$(OPENBSD): ../config.h
+$(PORTS): ../config.h
+
+libopenbsd-compat.a:  $(COMPAT) $(OPENBSD) $(PORTS)
+	$(AR) rv $@ $(COMPAT) $(OPENBSD) $(PORTS)
+	$(RANLIB) $@
+
+clean:
+	rm -f *.o *.a core 
+
+distclean: clean
+	rm -f Makefile *~
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/base64.c openssh-3.1p1/openbsd-compat/base64.c
--- ssh-openbsd-2002030700/openbsd-compat/base64.c	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/base64.c	Thu Feb  1 08:52:03 2001
@@ -0,0 +1,316 @@
+/*	$OpenBSD: base64.c,v 1.3 1997/11/08 20:46:55 deraadt Exp $	*/
+
+/*
+ * Copyright (c) 1996 by Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+ */
+
+/*
+ * Portions Copyright (c) 1995 by International Business Machines, Inc.
+ *
+ * International Business Machines, Inc. (hereinafter called IBM) grants
+ * permission under its copyrights to use, copy, modify, and distribute this
+ * Software with or without fee, provided that the above copyright notice and
+ * all paragraphs of this notice appear in all copies, and that the name of IBM
+ * not be used in connection with the marketing of any product incorporating
+ * the Software or modifications thereof, without specific, written prior
+ * permission.
+ *
+ * To the extent it has a right to do so, IBM grants an immunity from suit
+ * under its patents, if any, for the use, sale or manufacture of products to
+ * the extent that such products are used for performing Domain Name System
+ * dynamic updates in TCP/IP networks by means of the Software.  No immunity is
+ * granted for any product per se or for any other function of any product.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", AND IBM DISCLAIMS ALL WARRANTIES,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE.  IN NO EVENT SHALL IBM BE LIABLE FOR ANY SPECIAL,
+ * DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE, EVEN
+ * IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ */
+
+#include "config.h"
+
+#if !defined(HAVE_B64_NTOP) && !defined(HAVE___B64_NTOP)
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+
+#include <ctype.h>
+#include <stdio.h>
+
+#include <stdlib.h>
+#include <string.h>
+
+#include "base64.h"
+
+#define Assert(Cond) if (!(Cond)) abort()
+
+static const char Base64[] =
+	"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+static const char Pad64 = '=';
+
+/* (From RFC1521 and draft-ietf-dnssec-secext-03.txt)
+   The following encoding technique is taken from RFC 1521 by Borenstein
+   and Freed.  It is reproduced here in a slightly edited form for
+   convenience.
+
+   A 65-character subset of US-ASCII is used, enabling 6 bits to be
+   represented per printable character. (The extra 65th character, "=",
+   is used to signify a special processing function.)
+
+   The encoding process represents 24-bit groups of input bits as output
+   strings of 4 encoded characters. Proceeding from left to right, a
+   24-bit input group is formed by concatenating 3 8-bit input groups.
+   These 24 bits are then treated as 4 concatenated 6-bit groups, each
+   of which is translated into a single digit in the base64 alphabet.
+
+   Each 6-bit group is used as an index into an array of 64 printable
+   characters. The character referenced by the index is placed in the
+   output string.
+
+                         Table 1: The Base64 Alphabet
+
+      Value Encoding  Value Encoding  Value Encoding  Value Encoding
+          0 A            17 R            34 i            51 z
+          1 B            18 S            35 j            52 0
+          2 C            19 T            36 k            53 1
+          3 D            20 U            37 l            54 2
+          4 E            21 V            38 m            55 3
+          5 F            22 W            39 n            56 4
+          6 G            23 X            40 o            57 5
+          7 H            24 Y            41 p            58 6
+          8 I            25 Z            42 q            59 7
+          9 J            26 a            43 r            60 8
+         10 K            27 b            44 s            61 9
+         11 L            28 c            45 t            62 +
+         12 M            29 d            46 u            63 /
+         13 N            30 e            47 v
+         14 O            31 f            48 w         (pad) =
+         15 P            32 g            49 x
+         16 Q            33 h            50 y
+
+   Special processing is performed if fewer than 24 bits are available
+   at the end of the data being encoded.  A full encoding quantum is
+   always completed at the end of a quantity.  When fewer than 24 input
+   bits are available in an input group, zero bits are added (on the
+   right) to form an integral number of 6-bit groups.  Padding at the
+   end of the data is performed using the '=' character.
+
+   Since all base64 input is an integral number of octets, only the
+         -------------------------------------------------                       
+   following cases can arise:
+   
+       (1) the final quantum of encoding input is an integral
+           multiple of 24 bits; here, the final unit of encoded
+	   output will be an integral multiple of 4 characters
+	   with no "=" padding,
+       (2) the final quantum of encoding input is exactly 8 bits;
+           here, the final unit of encoded output will be two
+	   characters followed by two "=" padding characters, or
+       (3) the final quantum of encoding input is exactly 16 bits;
+           here, the final unit of encoded output will be three
+	   characters followed by one "=" padding character.
+   */
+
+int
+b64_ntop(u_char const *src, size_t srclength, char *target, size_t targsize)
+{
+	size_t datalength = 0;
+	u_char input[3];
+	u_char output[4];
+	int i;
+
+	while (2 < srclength) {
+		input[0] = *src++;
+		input[1] = *src++;
+		input[2] = *src++;
+		srclength -= 3;
+
+		output[0] = input[0] >> 2;
+		output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4);
+		output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6);
+		output[3] = input[2] & 0x3f;
+		Assert(output[0] < 64);
+		Assert(output[1] < 64);
+		Assert(output[2] < 64);
+		Assert(output[3] < 64);
+
+		if (datalength + 4 > targsize)
+			return (-1);
+		target[datalength++] = Base64[output[0]];
+		target[datalength++] = Base64[output[1]];
+		target[datalength++] = Base64[output[2]];
+		target[datalength++] = Base64[output[3]];
+	}
+    
+	/* Now we worry about padding. */
+	if (0 != srclength) {
+		/* Get what's left. */
+		input[0] = input[1] = input[2] = '\0';
+		for (i = 0; i < srclength; i++)
+			input[i] = *src++;
+	
+		output[0] = input[0] >> 2;
+		output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4);
+		output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6);
+		Assert(output[0] < 64);
+		Assert(output[1] < 64);
+		Assert(output[2] < 64);
+
+		if (datalength + 4 > targsize)
+			return (-1);
+		target[datalength++] = Base64[output[0]];
+		target[datalength++] = Base64[output[1]];
+		if (srclength == 1)
+			target[datalength++] = Pad64;
+		else
+			target[datalength++] = Base64[output[2]];
+		target[datalength++] = Pad64;
+	}
+	if (datalength >= targsize)
+		return (-1);
+	target[datalength] = '\0';	/* Returned value doesn't count \0. */
+	return (datalength);
+}
+
+/* skips all whitespace anywhere.
+   converts characters, four at a time, starting at (or after)
+   src from base - 64 numbers into three 8 bit bytes in the target area.
+   it returns the number of data bytes stored at the target, or -1 on error.
+ */
+
+int
+b64_pton(char const *src, u_char *target, size_t targsize)
+{
+	int tarindex, state, ch;
+	char *pos;
+
+	state = 0;
+	tarindex = 0;
+
+	while ((ch = *src++) != '\0') {
+		if (isspace(ch))	/* Skip whitespace anywhere. */
+			continue;
+
+		if (ch == Pad64)
+			break;
+
+		pos = strchr(Base64, ch);
+		if (pos == 0) 		/* A non-base64 character. */
+			return (-1);
+
+		switch (state) {
+		case 0:
+			if (target) {
+				if (tarindex >= targsize)
+					return (-1);
+				target[tarindex] = (pos - Base64) << 2;
+			}
+			state = 1;
+			break;
+		case 1:
+			if (target) {
+				if (tarindex + 1 >= targsize)
+					return (-1);
+				target[tarindex]   |=  (pos - Base64) >> 4;
+				target[tarindex+1]  = ((pos - Base64) & 0x0f)
+							<< 4 ;
+			}
+			tarindex++;
+			state = 2;
+			break;
+		case 2:
+			if (target) {
+				if (tarindex + 1 >= targsize)
+					return (-1);
+				target[tarindex]   |=  (pos - Base64) >> 2;
+				target[tarindex+1]  = ((pos - Base64) & 0x03)
+							<< 6;
+			}
+			tarindex++;
+			state = 3;
+			break;
+		case 3:
+			if (target) {
+				if (tarindex >= targsize)
+					return (-1);
+				target[tarindex] |= (pos - Base64);
+			}
+			tarindex++;
+			state = 0;
+			break;
+		}
+	}
+
+	/*
+	 * We are done decoding Base-64 chars.  Let's see if we ended
+	 * on a byte boundary, and/or with erroneous trailing characters.
+	 */
+
+	if (ch == Pad64) {		/* We got a pad char. */
+		ch = *src++;		/* Skip it, get next. */
+		switch (state) {
+		case 0:		/* Invalid = in first position */
+		case 1:		/* Invalid = in second position */
+			return (-1);
+
+		case 2:		/* Valid, means one byte of info */
+			/* Skip any number of spaces. */
+			for (; ch != '\0'; ch = *src++)
+				if (!isspace(ch))
+					break;
+			/* Make sure there is another trailing = sign. */
+			if (ch != Pad64)
+				return (-1);
+			ch = *src++;		/* Skip the = */
+			/* Fall through to "single trailing =" case. */
+			/* FALLTHROUGH */
+
+		case 3:		/* Valid, means two bytes of info */
+			/*
+			 * We know this char is an =.  Is there anything but
+			 * whitespace after it?
+			 */
+			for (; ch != '\0'; ch = *src++)
+				if (!isspace(ch))
+					return (-1);
+
+			/*
+			 * Now make sure for cases 2 and 3 that the "extra"
+			 * bits that slopped past the last full byte were
+			 * zeros.  If we don't check them, they become a
+			 * subliminal channel.
+			 */
+			if (target && target[tarindex] != 0)
+				return (-1);
+		}
+	} else {
+		/*
+		 * We ended by seeing the end of the string.  Make sure we
+		 * have no partial bytes lying around.
+		 */
+		if (state != 0)
+			return (-1);
+	}
+
+	return (tarindex);
+}
+
+#endif /* !defined(HAVE_B64_NTOP) && !defined(HAVE___B64_NTOP) */
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/base64.h openssh-3.1p1/openbsd-compat/base64.h
--- ssh-openbsd-2002030700/openbsd-compat/base64.h	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/base64.h	Wed Feb 27 03:59:59 2002
@@ -0,0 +1,18 @@
+/* $Id: base64.h,v 1.3 2002/02/26 16:59:59 stevesk Exp $ */
+
+#ifndef _BSD_BASE64_H
+#define _BSD_BASE64_H
+
+#include "config.h"
+
+#ifndef HAVE___B64_NTOP
+# ifndef HAVE_B64_NTOP
+int b64_ntop(u_char const *src, size_t srclength, char *target, 
+    size_t targsize);
+int b64_pton(char const *src, u_char *target, size_t targsize);
+# endif /* !HAVE_B64_NTOP */
+# define __b64_ntop b64_ntop
+# define __b64_pton b64_pton
+#endif /* HAVE___B64_NTOP */
+
+#endif /* _BSD_BASE64_H */
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/bindresvport.c openssh-3.1p1/openbsd-compat/bindresvport.c
--- ssh-openbsd-2002030700/openbsd-compat/bindresvport.c	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/bindresvport.c	Thu Feb  1 08:52:03 2001
@@ -0,0 +1,123 @@
+/* This file has be modified from the original OpenBSD source */
+
+/*
+ * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
+ * unrestricted use provided that this legend is included on all tape
+ * media and as a part of the software program in whole or part.  Users
+ * may copy or modify Sun RPC without charge, but are not authorized
+ * to license or distribute it to anyone else except as part of a product or
+ * program developed by the user.
+ * 
+ * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
+ * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
+ * 
+ * Sun RPC is provided with no support and without any obligation on the
+ * part of Sun Microsystems, Inc. to assist in its use, correction,
+ * modification or enhancement.
+ * 
+ * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
+ * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
+ * OR ANY PART THEREOF.
+ * 
+ * In no event will Sun Microsystems, Inc. be liable for any lost revenue
+ * or profits or other special, indirect and consequential damages, even if
+ * Sun has been advised of the possibility of such damages.
+ * 
+ * Sun Microsystems, Inc.
+ * 2550 Garcia Avenue
+ * Mountain View, California  94043
+ */
+
+#include "config.h"
+
+#ifndef HAVE_BINDRESVPORT_SA
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char *rcsid = "$OpenBSD: bindresvport.c,v 1.13 2000/01/26 03:43:21 deraadt Exp $";
+#endif /* LIBC_SCCS and not lint */
+
+/*
+ * Copyright (c) 1987 by Sun Microsystems, Inc.
+ *
+ * Portions Copyright(C) 1996, Jason Downs.  All rights reserved.
+ */
+
+#include "includes.h"
+
+#define STARTPORT 600
+#define ENDPORT (IPPORT_RESERVED - 1)
+#define NPORTS	(ENDPORT - STARTPORT + 1)
+
+/*
+ * Bind a socket to a privileged IP port
+ */
+int
+bindresvport_sa(sd, sa)
+	int sd;
+	struct sockaddr *sa;
+{
+	int error, af;
+	struct sockaddr_storage myaddr;
+	struct sockaddr_in *sin;
+	struct sockaddr_in6 *sin6;
+	u_int16_t *portp;
+	u_int16_t port;
+	socklen_t salen;
+	int i;
+
+	if (sa == NULL) {
+		memset(&myaddr, 0, sizeof(myaddr));
+		sa = (struct sockaddr *)&myaddr;
+
+		if (getsockname(sd, sa, &salen) == -1)
+			return -1;	/* errno is correctly set */
+
+		af = sa->sa_family;
+		memset(&myaddr, 0, salen);
+	} else
+		af = sa->sa_family;
+
+	if (af == AF_INET) {
+		sin = (struct sockaddr_in *)sa;
+		salen = sizeof(struct sockaddr_in);
+		portp = &sin->sin_port;
+	} else if (af == AF_INET6) {
+		sin6 = (struct sockaddr_in6 *)sa;
+		salen = sizeof(struct sockaddr_in6);
+		portp = &sin6->sin6_port;
+	} else {
+		errno = EPFNOSUPPORT;
+		return (-1);
+	}
+	sa->sa_family = af;
+
+	port = ntohs(*portp);
+	if (port == 0)
+		port = (arc4random() % NPORTS) + STARTPORT;
+
+	/* Avoid warning */
+	error = -1;
+
+	for(i = 0; i < NPORTS; i++) {
+		*portp = htons(port);
+		
+		error = bind(sd, sa, salen);
+
+		/* Terminate on success */
+		if (error == 0)
+			break;
+			
+		/* Terminate on errors, except "address already in use" */
+		if ((error < 0) && !((errno == EADDRINUSE) || (errno == EINVAL)))
+			break;
+			
+		port++;
+		if (port > ENDPORT)
+			port = STARTPORT;
+	}
+
+	return (error);
+}
+
+#endif /* HAVE_BINDRESVPORT_SA */
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/bindresvport.h openssh-3.1p1/openbsd-compat/bindresvport.h
--- ssh-openbsd-2002030700/openbsd-compat/bindresvport.h	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/bindresvport.h	Fri Feb  9 12:55:36 2001
@@ -0,0 +1,12 @@
+/* $Id: bindresvport.h,v 1.2 2001/02/09 01:55:36 djm Exp $ */
+
+#ifndef _BSD_BINDRESVPORT_H
+#define _BSD_BINDRESVPORT_H
+
+#include "config.h"
+
+#ifndef HAVE_BINDRESVPORT_SA
+int bindresvport_sa(int sd, struct sockaddr *sa);
+#endif /* !HAVE_BINDRESVPORT_SA */
+
+#endif /* _BSD_BINDRESVPORT_H */
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/bsd-arc4random.c openssh-3.1p1/openbsd-compat/bsd-arc4random.c
--- ssh-openbsd-2002030700/openbsd-compat/bsd-arc4random.c	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/bsd-arc4random.c	Mon Mar 19 10:00:53 2001
@@ -0,0 +1,77 @@
+/*
+ * Copyright (c) 1999-2000 Damien Miller.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+#include "log.h"
+
+RCSID("$Id: bsd-arc4random.c,v 1.4 2001/03/18 23:00:53 djm Exp $");
+
+#ifndef HAVE_ARC4RANDOM
+
+#include <openssl/rand.h>
+#include <openssl/rc4.h>
+#include <openssl/err.h>
+
+/* Size of key to use */
+#define SEED_SIZE 20
+
+/* Number of bytes to reseed after */
+#define REKEY_BYTES	(1 << 24)
+
+static int rc4_ready = 0;
+static RC4_KEY rc4;
+
+unsigned int arc4random(void)
+{
+	unsigned int r = 0;
+	static int first_time = 1;
+
+	if (rc4_ready <= 0) {
+		if (!first_time)
+			seed_rng();
+		first_time = 0;
+		arc4random_stir();
+	}
+
+	RC4(&rc4, sizeof(r), (unsigned char *)&r, (unsigned char *)&r);
+
+	rc4_ready -= sizeof(r);
+	
+	return(r);
+}
+
+void arc4random_stir(void)
+{
+	unsigned char rand_buf[SEED_SIZE];
+
+	memset(&rc4, 0, sizeof(rc4));
+	if (!RAND_bytes(rand_buf, sizeof(rand_buf)))
+		fatal("Couldn't obtain random bytes (error %ld)",
+		    ERR_get_error());
+	RC4_set_key(&rc4, sizeof(rand_buf), rand_buf);
+	memset(rand_buf, 0, sizeof(rand_buf));
+
+	rc4_ready = REKEY_BYTES;
+}
+#endif /* !HAVE_ARC4RANDOM */
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/bsd-arc4random.h openssh-3.1p1/openbsd-compat/bsd-arc4random.h
--- ssh-openbsd-2002030700/openbsd-compat/bsd-arc4random.h	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/bsd-arc4random.h	Fri Feb  9 12:55:36 2001
@@ -0,0 +1,37 @@
+/*
+ * Copyright (c) 1999-2000 Damien Miller.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* $Id: bsd-arc4random.h,v 1.2 2001/02/09 01:55:36 djm Exp $ */
+
+#ifndef _BSD_ARC4RANDOM_H
+#define _BSD_ARC4RANDOM_H
+
+#include "config.h"
+
+#ifndef HAVE_ARC4RANDOM
+unsigned int arc4random(void);
+void arc4random_stir(void);
+#endif /* !HAVE_ARC4RANDOM */
+
+#endif /* _BSD_ARC4RANDOM_H */
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/bsd-cray.c openssh-3.1p1/openbsd-compat/bsd-cray.c
--- ssh-openbsd-2002030700/openbsd-compat/bsd-cray.c	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/bsd-cray.c	Wed Aug 15 07:02:16 2001
@@ -0,0 +1,273 @@
+/*
+ * XXX: license?
+ */
+
+/*
+ * The modules contains code to support cray t3e and sv1 computers.
+ * It is here to minimize the modifcations to the openssh base code.
+ */
+
+#ifdef _CRAY
+
+#include <udb.h>
+#include <tmpdir.h>
+#include <unistd.h>
+#include <sys/category.h>
+#include <utmp.h>
+#include <sys/jtab.h>
+#include <signal.h>
+#include <sys/priv.h>
+#include <sys/secparm.h>
+#include <sys/usrv.h>
+#include <sys/sysv.h>
+#include <sys/sectab.h>
+#include <sys/stat.h>
+#include <stdlib.h>
+#include <pwd.h>
+#include <fcntl.h>
+#include <errno.h>
+
+#include "bsd-cray.h"
+
+char cray_tmpdir[TPATHSIZ+1];		    /* job TMPDIR path */
+
+/*
+ * Functions.
+ */
+void cray_retain_utmp(struct utmp *, int);
+void cray_delete_tmpdir(char *, int, uid_t);
+void cray_init_job(struct passwd *);
+void cray_set_tmpdir(struct utmp *);
+
+
+/*
+ * Orignal written by:
+ *     Wayne Schroeder
+ *     San Diego Supercomputer Center
+ *     schroeder@sdsc.edu
+*/
+void
+cray_setup(uid_t uid, char *username)
+{
+	struct udb *p;
+	extern char *setlimits();
+	int i, j;
+	int accts[MAXVIDS];
+	int naccts;
+	int err;
+	char *sr;
+	int pid;
+	struct jtab jbuf;
+	int jid;
+
+	if ((jid = getjtab(&jbuf)) < 0)
+		fatal("getjtab: no jid");
+
+	err = setudb();	   /* open and rewind the Cray User DataBase */
+	if (err != 0)
+		fatal("UDB open failure");
+	naccts = 0;
+	p = getudbnam(username);
+	if (p == NULL)
+		fatal("No UDB entry for %.100s", username);
+	if (uid != p->ue_uid)
+		fatal("UDB entry %.100s uid(%d) does not match uid %d",
+		    username, (int) p->ue_uid, (int) uid);
+	for (j = 0; p->ue_acids[j] != -1 && j < MAXVIDS; j++) {
+		accts[naccts] = p->ue_acids[j];
+		naccts++;
+	}
+	endudb();	 /* close the udb */
+
+	if (naccts != 0) {
+		/* Perhaps someday we'll prompt users who have multiple accounts
+		   to let them pick one (like CRI's login does), but for now just set
+		   the account to the first entry. */
+		if (acctid(0, accts[0]) < 0)
+			fatal("System call acctid failed, accts[0]=%d", accts[0]);
+	}
+
+	/* Now set limits, including CPU time for the (interactive) job and process,
+	   and set up permissions (for chown etc), etc.	 This is via an internal CRI
+	   routine, setlimits, used by CRI's login. */
+
+	pid = getpid();
+	sr = setlimits(username, C_PROC, pid, UDBRC_INTER);
+	if (sr != NULL)
+		fatal("%.200s", sr);
+
+	sr = setlimits(username, C_JOB, jid, UDBRC_INTER);
+	if (sr != NULL)
+		fatal("%.200s", sr);
+
+}
+
+/*
+ * The rc.* and /etc/sdaemon methods of starting a program on unicos/unicosmk
+ * can have pal privileges that sshd can inherit which
+ * could allow a user to su to root with out a password.
+ * This subroutine clears all privileges.
+ */
+void
+drop_cray_privs()
+{
+#if defined(_SC_CRAY_PRIV_SU)
+	priv_proc_t*		  privstate;
+	int			  result;
+	extern	    int		  priv_set_proc();
+	extern	    priv_proc_t*  priv_init_proc();
+	struct	    usrv	  usrv;
+
+	/*
+	 * If ether of theses two flags are not set
+	 * then don't allow this version of ssh to run.
+	 */
+	if (!sysconf(_SC_CRAY_PRIV_SU))
+		fatal("Not PRIV_SU system.");
+	if (!sysconf(_SC_CRAY_POSIX_PRIV))
+		fatal("Not POSIX_PRIV.");
+
+	debug("Dropping privileges.");
+
+	memset(&usrv, 0, sizeof(usrv));
+	if (setusrv(&usrv) < 0)
+		fatal("%s(%d): setusrv(): %s", __FILE__, __LINE__,
+		    strerror(errno));
+
+	if ((privstate = priv_init_proc()) != NULL) {
+		result = priv_set_proc(privstate);
+		if (result != 0 )
+			fatal("%s(%d): priv_set_proc(): %s",
+			    __FILE__, __LINE__, strerror(errno));
+		priv_free_proc(privstate);
+	}
+	debug ("Privileges should be cleared...");
+#else
+	/* XXX: do this differently */
+#	error Cray systems must be run with _SC_CRAY_PRIV_SU on!
+#endif
+}
+
+
+/*
+ *  Retain utmp/wtmp information - used by cray accounting.
+ */
+void
+cray_retain_utmp(struct utmp *ut, int pid)
+{
+	int fd;
+	struct utmp utmp;
+
+	if ((fd = open(UTMP_FILE, O_RDONLY)) != -1) {
+		while (read(fd, (char *)&utmp, sizeof(utmp)) == sizeof(utmp)) {
+			if (pid == utmp.ut_pid) {
+				ut->ut_jid = utmp.ut_jid;
+				/* XXX: MIN_SIZEOF here? can this go in loginrec? */
+				strncpy(ut->ut_tpath, utmp.ut_tpath, sizeof(utmp.ut_tpath));
+				strncpy(ut->ut_host, utmp.ut_host, sizeof(utmp.ut_host));
+				strncpy(ut->ut_name, utmp.ut_name, sizeof(utmp.ut_name));
+				break;
+			}
+		}
+		close(fd);
+	}
+	/* XXX: error message? */
+}
+
+/*
+ * tmpdir support.
+ */
+
+/*
+ * find and delete jobs tmpdir.
+ */
+void
+cray_delete_tmpdir(char *login, int jid, uid_t uid)
+{
+	int child;
+	static char jtmp[TPATHSIZ];
+	struct stat statbuf;
+	int c;
+	int wstat;
+
+	for (c = 'a'; c <= 'z'; c++) {
+		snprintf(jtmp, TPATHSIZ, "%s/jtmp.%06d%c", JTMPDIR, jid, c);
+		if (stat(jtmp, &statbuf) == 0 && statbuf.st_uid == uid)
+			break;
+	}
+
+	if (c > 'z')
+		return;
+
+	if ((child = fork()) == 0) {
+		execl(CLEANTMPCMD, CLEANTMPCMD, login, jtmp, (char *)NULL);
+		fatal("cray_delete_tmpdir: execl of CLEANTMPCMD failed");
+	}
+
+	while (waitpid(child, &wstat, 0) == -1 && errno == EINTR)
+		;
+}
+
+/*
+ * Remove tmpdir on job termination.
+ */
+void
+cray_job_termination_handler(int sig)
+{
+	int jid;
+	char *login = NULL;
+	struct jtab jtab;
+
+	debug("Received SIG JOB.");
+
+	if ((jid = waitjob(&jtab)) == -1 ||
+	    (login = uid2nam(jtab.j_uid)) == NULL)
+		return;
+
+	cray_delete_tmpdir(login, jid, jtab.j_uid);
+}
+
+/*
+ * Set job id and create tmpdir directory.
+ */
+void
+cray_init_job(struct passwd *pw)
+{
+	int jid;
+	int c;
+
+	jid = setjob(pw->pw_uid, WJSIGNAL);
+	if (jid < 0)
+		fatal("System call setjob failure");
+
+	for (c = 'a'; c <= 'z'; c++) {
+		snprintf(cray_tmpdir, TPATHSIZ, "%s/jtmp.%06d%c", JTMPDIR, jid, c);
+		if (mkdir(cray_tmpdir, JTMPMODE) != 0)
+			continue;
+		if (chown(cray_tmpdir,	pw->pw_uid, pw->pw_gid) != 0) {
+			rmdir(cray_tmpdir);
+			continue;
+		}
+		break;
+	}
+
+	if (c > 'z')
+		cray_tmpdir[0] = '\0';
+}
+
+void
+cray_set_tmpdir(struct utmp *ut)
+{
+	int jid;
+	struct jtab jbuf;
+
+	if ((jid = getjtab(&jbuf)) < 0)
+		return;
+
+	/*
+	 * Set jid and tmpdir in utmp record.
+	 */
+	ut->ut_jid = jid;
+	strncpy(ut->ut_tpath, cray_tmpdir, TPATHSIZ);
+}
+#endif
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/bsd-cray.h openssh-3.1p1/openbsd-compat/bsd-cray.h
--- ssh-openbsd-2002030700/openbsd-compat/bsd-cray.h	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/bsd-cray.h	Wed Aug 15 06:31:49 2001
@@ -0,0 +1,11 @@
+#ifndef _BSD_CRAY_H
+#define _BSD_CRAY_H
+
+#ifdef _CRAY
+void	cray_init_job(struct passwd *);		/* init cray job */
+void	cray_job_termination_handler(int);	/* process end of job signal */
+void	cray_setup(uid_t, char *);		/* set cray limits */
+extern	char   cray_tmpdir[];			/* cray tmpdir */
+#endif
+
+#endif /* _BSD_CRAY_H */
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/bsd-cygwin_util.c openssh-3.1p1/openbsd-compat/bsd-cygwin_util.c
--- ssh-openbsd-2002030700/openbsd-compat/bsd-cygwin_util.c	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/bsd-cygwin_util.c	Sat Dec 29 14:08:30 2001
@@ -0,0 +1,166 @@
+/*
+ *
+ * cygwin_util.c
+ *
+ * Author: Corinna Vinschen <vinschen@cygnus.com>
+ *
+ * Copyright (c) 2000 Corinna Vinschen <vinschen@cygnus.com>, Duisburg, Germany
+ *                    All rights reserved
+ *
+ * Created: Sat Sep 02 12:17:00 2000 cv
+ *
+ * This file contains functions for forcing opened file descriptors to
+ * binary mode on Windows systems.
+ */
+
+#include "includes.h"
+
+RCSID("$Id: bsd-cygwin_util.c,v 1.7 2001/12/29 03:08:30 djm Exp $");
+
+#ifdef HAVE_CYGWIN
+
+#include <fcntl.h>
+#include <stdlib.h>
+#include <sys/utsname.h>
+#include <sys/vfs.h>
+#include <windows.h>
+#define is_winnt       (GetVersion() < 0x80000000)
+
+#define ntsec_on(c)	((c) && strstr((c),"ntsec") && !strstr((c),"nontsec"))
+#define ntea_on(c)	((c) && strstr((c),"ntea") && !strstr((c),"nontea"))
+
+#if defined(open) && open == binary_open
+# undef open
+#endif
+#if defined(pipe) && open == binary_pipe
+# undef pipe
+#endif
+
+int binary_open(const char *filename, int flags, ...)
+{
+	va_list ap;
+	mode_t mode;
+	
+	va_start(ap, flags);
+	mode = va_arg(ap, mode_t);
+	va_end(ap);
+	return open(filename, flags | O_BINARY, mode);
+}
+
+int binary_pipe(int fd[2])
+{
+	int ret = pipe(fd);
+
+	if (!ret) {
+		setmode (fd[0], O_BINARY);
+		setmode (fd[1], O_BINARY);
+	}
+	return ret;
+}
+
+int check_nt_auth(int pwd_authenticated, struct passwd *pw)
+{
+	/*
+	* The only authentication which is able to change the user
+	* context on NT systems is the password authentication. So
+	* we deny all requsts for changing the user context if another
+	* authentication method is used.
+	*
+	* This doesn't apply to Cygwin versions >= 1.3.2 anymore which
+	* uses the undocumented NtCreateToken() call to create a user
+	* token if the process has the appropriate privileges and if
+	* CYGWIN ntsec setting is on.
+	*/
+	static int has_create_token = -1;
+
+	if (pw == NULL)
+		return 0;
+	if (is_winnt) {
+		if (has_create_token < 0) {
+			struct utsname uts;
+		        int major_high = 0, major_low = 0, minor = 0;
+			char *cygwin = getenv("CYGWIN");
+
+			has_create_token = 0;
+			if (ntsec_on(cygwin) && !uname(&uts)) {
+				sscanf(uts.release, "%d.%d.%d",
+				       &major_high, &major_low, &minor);
+				if (major_high > 1 ||
+				    (major_high == 1 && (major_low > 3 ||
+				     (major_low == 3 && minor >= 2))))
+					has_create_token = 1;
+			}
+		}
+		if (has_create_token < 1 &&
+		    !pwd_authenticated && geteuid() != pw->pw_uid)
+			return 0;
+	}
+	return 1;
+}
+
+int check_ntsec(const char *filename)
+{
+	char *cygwin;
+	int allow_ntea = 0;
+	int allow_ntsec = 0;
+	struct statfs fsstat;
+
+	/* Windows 95/98/ME don't support file system security at all. */
+	if (!is_winnt)
+		return 0;
+
+	/* Evaluate current CYGWIN settings. */
+	cygwin = getenv("CYGWIN");
+	allow_ntea = ntea_on(cygwin);
+	allow_ntsec = ntsec_on(cygwin);
+
+	/*
+	 * `ntea' is an emulation of POSIX attributes. It doesn't support
+	 * real file level security as ntsec on NTFS file systems does
+	 * but it supports FAT filesystems. `ntea' is minimum requirement
+	 * for security checks.
+	 */
+	if (allow_ntea)
+		return 1;
+
+	/*
+	 * Retrieve file system flags. In Cygwin, file system flags are
+	 * copied to f_type which has no meaning in Win32 itself.
+	 */
+	if (statfs(filename, &fsstat))
+		return 1;
+
+	/*
+	 * Only file systems supporting ACLs are able to set permissions.
+	 * `ntsec' is the setting in Cygwin which switches using of NTFS
+	 * ACLs to support POSIX permissions on files.
+	 */
+	if (fsstat.f_type & FS_PERSISTENT_ACLS)
+		return allow_ntsec;
+
+	return 0;
+}
+
+void register_9x_service(void)
+{
+        HINSTANCE kerneldll;
+        DWORD (*RegisterServiceProcess)(DWORD, DWORD);
+
+	/* The service register mechanism in 9x/Me is pretty different from
+	 * NT/2K/XP.  In NT/2K/XP we're using a special service starter
+	 * application to register and control sshd as service.  This method
+	 * doesn't play nicely with 9x/Me.  For that reason we register here
+	 * as service when running under 9x/Me.  This function is only called
+	 * by the child sshd when it's going to daemonize.
+	 */
+	if (is_winnt)
+		return;
+	if (! (kerneldll = LoadLibrary("KERNEL32.DLL")))
+		return;
+	if (! (RegisterServiceProcess = (DWORD (*)(DWORD, DWORD))
+			  GetProcAddress(kerneldll, "RegisterServiceProcess")))
+		return;
+	RegisterServiceProcess(0, 1);
+}
+
+#endif /* HAVE_CYGWIN */
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/bsd-cygwin_util.h openssh-3.1p1/openbsd-compat/bsd-cygwin_util.h
--- ssh-openbsd-2002030700/openbsd-compat/bsd-cygwin_util.h	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/bsd-cygwin_util.h	Sat Dec 29 14:08:30 2001
@@ -0,0 +1,36 @@
+/*
+ *
+ * cygwin_util.c
+ *
+ * Author: Corinna Vinschen <vinschen@cygnus.com>
+ *
+ * Copyright (c) 2000 Corinna Vinschen <vinschen@cygnus.com>, Duisburg, Germany
+ *                    All rights reserved
+ *
+ * Created: Sat Sep 02 12:17:00 2000 cv
+ *
+ * This file contains functions for forcing opened file descriptors to
+ * binary mode on Windows systems.
+ */
+
+/* $Id: bsd-cygwin_util.h,v 1.6 2001/12/29 03:08:30 djm Exp $ */
+
+#ifndef _BSD_CYGWIN_UTIL_H
+#define _BSD_CYGWIN_UTIL_H
+
+#ifdef HAVE_CYGWIN
+
+#include <io.h>
+
+int binary_open(const char *filename, int flags, ...);
+int binary_pipe(int fd[2]);
+int check_nt_auth(int pwd_authenticated, struct passwd *pw);
+int check_ntsec(const char *filename);
+void register_9x_service(void);
+
+#define open binary_open
+#define pipe binary_pipe
+
+#endif /* HAVE_CYGWIN */
+
+#endif /* _BSD_CYGWIN_UTIL_H */
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/bsd-misc.c openssh-3.1p1/openbsd-compat/bsd-misc.c
--- ssh-openbsd-2002030700/openbsd-compat/bsd-misc.c	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/bsd-misc.c	Thu Oct 11 06:38:56 2001
@@ -0,0 +1,101 @@
+/*
+ * Copyright (c) 1999-2000 Damien Miller.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+
+RCSID("$Id: bsd-misc.c,v 1.5 2001/10/10 20:38:56 mouring Exp $");
+
+char *get_progname(char *argv0)
+{
+#ifdef HAVE___PROGNAME
+	extern char *__progname;
+
+	return __progname;
+#else
+	char *p;
+
+	if (argv0 == NULL)
+		return "unknown";	/* XXX */
+	p = strrchr(argv0, '/');
+	if (p == NULL)
+		p = argv0;
+	else
+		p++;
+	return p;
+#endif
+}
+
+#ifndef HAVE_SETLOGIN
+int setlogin(const char *name)
+{
+	return(0);
+}
+#endif /* !HAVE_SETLOGIN */
+
+#ifndef HAVE_INNETGR
+int innetgr(const char *netgroup, const char *host, 
+            const char *user, const char *domain)
+{
+	return(0);
+}
+#endif /* HAVE_INNETGR */
+
+#if !defined(HAVE_SETEUID) && defined(HAVE_SETREUID)
+int seteuid(uid_t euid)
+{
+	return(setreuid(-1,euid));
+}
+#endif /* !defined(HAVE_SETEUID) && defined(HAVE_SETREUID) */
+
+#if !defined(HAVE_SETEGID) && defined(HAVE_SETRESGID)
+int setegid(uid_t egid)
+{
+	return(setresgid(-1,egid,-1));
+}
+#endif /* !defined(HAVE_SETEGID) && defined(HAVE_SETRESGID) */
+
+#if !defined(HAVE_STRERROR) && defined(HAVE_SYS_ERRLIST) && defined(HAVE_SYS_NERR)
+const char *strerror(int e)
+{
+	extern int sys_nerr;
+	extern char *sys_errlist[];
+	
+	if ((e >= 0) && (e < sys_nerr))
+		return(sys_errlist[e]);
+	else
+		return("unlisted error");
+}
+#endif
+
+#ifndef HAVE_UTIMES
+int utimes(char *filename, struct timeval *tvp)
+{
+	struct utimbuf ub;
+
+	ub.actime = tvp->tv_sec;
+	ub.modtime = tvp->tv_usec;
+	
+	return(utime(filename, &ub));
+}
+#endif 
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/bsd-misc.h openssh-3.1p1/openbsd-compat/bsd-misc.h
--- ssh-openbsd-2002030700/openbsd-compat/bsd-misc.h	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/bsd-misc.h	Tue Apr 10 00:50:56 2001
@@ -0,0 +1,76 @@
+/*
+ * Copyright (c) 1999-2000 Damien Miller.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* $Id: bsd-misc.h,v 1.3 2001/04/09 14:50:56 stevesk Exp $ */
+
+#ifndef _BSD_MISC_H
+#define _BSD_MISC_H
+
+#include "config.h"
+
+char *get_progname(char *argv0);
+
+#ifndef HAVE_SETSID
+#define setsid() setpgrp(0, getpid())
+#endif /* !HAVE_SETSID */
+
+#ifndef HAVE_SETENV
+int setenv(const char *name, const char *value, int overwrite);
+#endif /* !HAVE_SETENV */
+
+#ifndef HAVE_SETLOGIN
+int setlogin(const char *name);
+#endif /* !HAVE_SETLOGIN */
+
+#ifndef HAVE_INNETGR
+int innetgr(const char *netgroup, const char *host, 
+            const char *user, const char *domain);
+#endif /* HAVE_INNETGR */
+
+#if !defined(HAVE_SETEUID) && defined(HAVE_SETREUID)
+int seteuid(uid_t euid);
+#endif /* !defined(HAVE_SETEUID) && defined(HAVE_SETREUID) */
+
+#if !defined(HAVE_SETEGID) && defined(HAVE_SETRESGID)
+int setegid(uid_t egid);
+#endif /* !defined(HAVE_SETEGID) && defined(HAVE_SETRESGID) */
+
+#if !defined(HAVE_STRERROR) && defined(HAVE_SYS_ERRLIST) && defined(HAVE_SYS_NERR)
+const char *strerror(int e);
+#endif 
+
+
+#ifndef HAVE_UTIMES
+#ifndef HAVE_STRUCT_TIMEVAL
+struct timeval {
+	long tv_sec;
+	long tv_usec;
+}
+#endif /* HAVE_STRUCT_TIMEVAL */
+
+int utimes(char *filename, struct timeval *tvp);
+#endif /* HAVE_UTIMES */
+
+
+#endif /* _BSD_MISC_H */
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/bsd-nextstep.c openssh-3.1p1/openbsd-compat/bsd-nextstep.c
--- ssh-openbsd-2002030700/openbsd-compat/bsd-nextstep.c	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/bsd-nextstep.c	Mon Mar 26 15:35:34 2001
@@ -0,0 +1,103 @@
+/*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+
+RCSID("$Id: bsd-nextstep.c,v 1.4 2001/03/26 05:35:34 mouring Exp $");
+
+#ifdef HAVE_NEXT
+#include <errno.h>
+#include <sys/wait.h>
+#include "bsd-nextstep.h"
+
+pid_t 
+posix_wait(int *status)
+{
+	union wait statusp;
+	pid_t wait_pid;
+
+	#undef wait			/* Use NeXT's wait() function */
+	wait_pid = wait(&statusp);
+	if (status)
+		*status = (int) statusp.w_status;
+
+	return wait_pid;
+}
+
+int
+tcgetattr(int fd, struct termios *t)
+{
+	return (ioctl(fd, TIOCGETA, t));
+}
+
+int
+tcsetattr(int fd, int opt, const struct termios *t)
+{
+	struct termios localterm;
+
+	if (opt & TCSASOFT) {
+		localterm = *t;
+		localterm.c_cflag |= CIGNORE;
+		t = &localterm;
+	}
+	switch (opt & ~TCSASOFT) {
+	case TCSANOW:
+		return (ioctl(fd, TIOCSETA, t));
+	case TCSADRAIN:
+		return (ioctl(fd, TIOCSETAW, t));
+	case TCSAFLUSH:
+		return (ioctl(fd, TIOCSETAF, t));
+	default:
+		errno = EINVAL;
+		return (-1);
+	}
+}
+
+int tcsetpgrp(int fd, pid_t pgrp)
+{
+	return (ioctl(fd, TIOCSPGRP, &pgrp));
+}
+
+speed_t cfgetospeed(const struct termios *t)
+{
+	return (t->c_ospeed);
+}
+
+speed_t cfgetispeed(const struct termios *t)
+{
+	return (t->c_ispeed);
+}
+
+int
+cfsetospeed(struct termios *t,int speed)
+{
+	t->c_ospeed = speed;
+	return (0);
+}
+
+int
+cfsetispeed(struct termios *t, int speed)
+{
+	t->c_ispeed = speed;
+	return (0);
+}
+#endif /* HAVE_NEXT */
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/bsd-nextstep.h openssh-3.1p1/openbsd-compat/bsd-nextstep.h
--- ssh-openbsd-2002030700/openbsd-compat/bsd-nextstep.h	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/bsd-nextstep.h	Tue Mar 20 00:42:22 2001
@@ -0,0 +1,58 @@
+/*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+/* $Id: bsd-nextstep.h,v 1.6 2001/03/19 13:42:22 mouring Exp $ */
+
+#ifndef _NEXT_POSIX_H
+#define _NEXT_POSIX_H
+
+#ifdef HAVE_NEXT
+#include <sys/dir.h>
+
+/* NGROUPS_MAX is behind -lposix.  Use the BSD version which is NGROUPS */
+#undef NGROUPS_MAX
+#define NGROUPS_MAX NGROUPS
+
+/* NeXT's readdir() is BSD (struct direct) not POSIX (struct dirent) */
+#define dirent direct
+
+/* Swap out NeXT's BSD wait() for a more POSIX complient one */
+pid_t posix_wait(int *status);
+#define wait(a) posix_wait(a)
+
+/* #ifdef wrapped functions that need defining for clean compiling */
+pid_t getppid(void);
+void vhangup(void);
+int innetgr(const char *netgroup, const char *host, const char *user, 
+            const char *domain);
+
+/* TERMCAP */
+int tcgetattr(int fd, struct termios *t);
+int tcsetattr(int fd, int opt, const struct termios *t);
+int tcsetpgrp(int fd, pid_t pgrp);
+speed_t cfgetospeed(const struct termios *t);
+speed_t cfgetispeed(const struct termios *t);
+int cfsetospeed(struct termios *t, int speed);
+int cfsetispeed(struct termios *t, int speed);
+#endif /* HAVE_NEXT */
+#endif /* _NEXT_POSIX_H */
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/bsd-snprintf.c openssh-3.1p1/openbsd-compat/bsd-snprintf.c
--- ssh-openbsd-2002030700/openbsd-compat/bsd-snprintf.c	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/bsd-snprintf.c	Mon Feb 26 10:20:41 2001
@@ -0,0 +1,744 @@
+/**************************************************************
+ * Original:
+ * Patrick Powell Tue Apr 11 09:48:21 PDT 1995
+ * A bombproof version of doprnt (dopr) included.
+ * Sigh.  This sort of thing is always nasty do deal with.  Note that
+ * the version here does not include floating point...
+ *
+ * snprintf() is used instead of sprintf() as it does limit checks
+ * for string length.  This covers a nasty loophole.
+ *
+ * The other functions are there to prevent NULL pointers from
+ * causing nast effects.
+ *
+ * More Recently:
+ *  Brandon Long <blong@fiction.net> 9/15/96 for mutt 0.43
+ *  This was ugly.  It is still ugly.  I opted out of floating point
+ *  numbers, but the formatter understands just about everything
+ *  from the normal C string format, at least as far as I can tell from
+ *  the Solaris 2.5 printf(3S) man page.
+ *
+ *  Brandon Long <blong@fiction.net> 10/22/97 for mutt 0.87.1
+ *    Ok, added some minimal floating point support, which means this
+ *    probably requires libm on most operating systems.  Don't yet
+ *    support the exponent (e,E) and sigfig (g,G).  Also, fmtint()
+ *    was pretty badly broken, it just wasn't being exercised in ways
+ *    which showed it, so that's been fixed.  Also, formated the code
+ *    to mutt conventions, and removed dead code left over from the
+ *    original.  Also, there is now a builtin-test, just compile with:
+ *           gcc -DTEST_SNPRINTF -o snprintf snprintf.c -lm
+ *    and run snprintf for results.
+ * 
+ *  Thomas Roessler <roessler@guug.de> 01/27/98 for mutt 0.89i
+ *    The PGP code was using unsigned hexadecimal formats. 
+ *    Unfortunately, unsigned formats simply didn't work.
+ *
+ *  Michael Elkins <me@cs.hmc.edu> 03/05/98 for mutt 0.90.8
+ *    The original code assumed that both snprintf() and vsnprintf() were
+ *    missing.  Some systems only have snprintf() but not vsnprintf(), so
+ *    the code is now broken down under HAVE_SNPRINTF and HAVE_VSNPRINTF.
+ *
+ *  Ben Lindstrom <mouring@eviladmin.org> 09/27/00 for OpenSSH
+ *    Welcome to the world of %lld and %qd support.  With other
+ *    long long support.  This is needed for sftp-server to work
+ *    right.
+ *
+ *  Ben Lindstrom <mouring@eviladmin.org> 02/12/01 for OpenSSH
+ *    Removed all hint of VARARGS stuff and banished it to the void,
+ *    and did a bit of KNF style work to make things a bit more
+ *    acceptable.  Consider stealing from mutt or enlightenment.
+ **************************************************************/
+
+#include "includes.h"
+
+RCSID("$Id: bsd-snprintf.c,v 1.5 2001/02/25 23:20:41 mouring Exp $");
+
+#if defined(BROKEN_SNPRINTF)		/* For those with broken snprintf() */
+# undef HAVE_SNPRINTF
+# undef HAVE_VSNPRINTF
+#endif
+
+#if !defined(HAVE_SNPRINTF) || !defined(HAVE_VSNPRINTF)
+
+static void 
+dopr(char *buffer, size_t maxlen, const char *format, va_list args);
+
+static void 
+fmtstr(char *buffer, size_t *currlen, size_t maxlen, char *value, int flags, 
+       int min, int max);
+
+static void 
+fmtint(char *buffer, size_t *currlen, size_t maxlen, long value, int base, 
+       int min, int max, int flags);
+
+static void 
+fmtfp(char *buffer, size_t *currlen, size_t maxlen, long double fvalue, 
+      int min, int max, int flags);
+
+static void
+dopr_outch(char *buffer, size_t *currlen, size_t maxlen, char c);
+
+/*
+ * dopr(): poor man's version of doprintf
+ */
+
+/* format read states */
+#define DP_S_DEFAULT 0
+#define DP_S_FLAGS   1
+#define DP_S_MIN     2
+#define DP_S_DOT     3
+#define DP_S_MAX     4
+#define DP_S_MOD     5
+#define DP_S_CONV    6
+#define DP_S_DONE    7
+
+/* format flags - Bits */
+#define DP_F_MINUS 	(1 << 0)
+#define DP_F_PLUS  	(1 << 1)
+#define DP_F_SPACE 	(1 << 2)
+#define DP_F_NUM   	(1 << 3)
+#define DP_F_ZERO  	(1 << 4)
+#define DP_F_UP    	(1 << 5)
+#define DP_F_UNSIGNED 	(1 << 6)
+
+/* Conversion Flags */
+#define DP_C_SHORT     1
+#define DP_C_LONG      2
+#define DP_C_LDOUBLE   3
+#define DP_C_LONG_LONG 4
+
+#define char_to_int(p) (p - '0')
+#define abs_val(p) (p < 0 ? -p : p)
+
+
+static void 
+dopr(char *buffer, size_t maxlen, const char *format, va_list args)
+{
+	char *strvalue;
+	char ch;
+	long value;
+	long double fvalue;
+	int min = 0;
+	int max = -1;
+	int state = DP_S_DEFAULT;
+	int flags = 0;
+	int cflags = 0;
+	size_t currlen = 0;
+  
+	ch = *format++;
+
+	while (state != DP_S_DONE) {
+		if ((ch == '\0') || (currlen >= maxlen)) 
+			state = DP_S_DONE;
+
+		switch(state) {
+			case DP_S_DEFAULT:
+				if (ch == '%') 
+					state = DP_S_FLAGS;
+				else 
+					dopr_outch(buffer, &currlen, maxlen, ch);
+				ch = *format++;
+				break;
+			case DP_S_FLAGS:
+				switch (ch) {
+					case '-':
+						flags |= DP_F_MINUS;
+						ch = *format++;
+						break;
+					case '+':
+						flags |= DP_F_PLUS;
+						ch = *format++;
+						break;
+					case ' ':
+						flags |= DP_F_SPACE;
+						ch = *format++;
+						break;
+					case '#':
+						flags |= DP_F_NUM;
+						ch = *format++;
+						break;
+					case '0':
+						flags |= DP_F_ZERO;
+						ch = *format++;
+						break;
+					default:
+						state = DP_S_MIN;
+						break;
+				}
+				break;
+			case DP_S_MIN:
+				if (isdigit((unsigned char)ch)) {
+					min = 10*min + char_to_int (ch);
+					ch = *format++;
+				} else if (ch == '*') {
+					min = va_arg (args, int);
+					ch = *format++;
+					state = DP_S_DOT;
+				} else 
+					state = DP_S_DOT;
+				break;
+			case DP_S_DOT:
+				if (ch == '.') {
+					state = DP_S_MAX;
+					ch = *format++;
+				} else 
+					state = DP_S_MOD;
+				break;
+			case DP_S_MAX:
+				if (isdigit((unsigned char)ch)) {
+					if (max < 0)
+						max = 0;
+					max = 10*max + char_to_int(ch);
+					ch = *format++;
+				} else if (ch == '*') {
+					max = va_arg (args, int);
+					ch = *format++;
+					state = DP_S_MOD;
+				} else 
+					state = DP_S_MOD;
+				break;
+			case DP_S_MOD:
+				switch (ch) {
+					case 'h':
+						cflags = DP_C_SHORT;
+						ch = *format++;
+						break;
+					case 'l':
+						cflags = DP_C_LONG;
+						ch = *format++;
+						if (ch == 'l') {
+							cflags = DP_C_LONG_LONG;
+							ch = *format++;
+						}
+						break;
+					case 'q':
+						cflags = DP_C_LONG_LONG;
+						ch = *format++;
+						break;
+					case 'L':
+						cflags = DP_C_LDOUBLE;
+						ch = *format++;
+						break;
+					default:
+						break;
+				}
+				state = DP_S_CONV;
+				break;
+			case DP_S_CONV:
+				switch (ch) {
+					case 'd':
+					case 'i':
+						if (cflags == DP_C_SHORT) 
+							value = va_arg(args, int);
+						else if (cflags == DP_C_LONG)
+							value = va_arg(args, long int);
+						else if (cflags == DP_C_LONG_LONG)
+							value = va_arg (args, long long);
+						else
+							value = va_arg (args, int);
+						fmtint(buffer, &currlen, maxlen, value, 10, min, max, flags);
+						break;
+					case 'o':
+						flags |= DP_F_UNSIGNED;
+						if (cflags == DP_C_SHORT)
+							value = va_arg(args, unsigned int);
+						else if (cflags == DP_C_LONG)
+							value = va_arg(args, unsigned long int);
+						else if (cflags == DP_C_LONG_LONG)
+							value = va_arg(args, unsigned long long);
+						else
+							value = va_arg(args, unsigned int);
+						fmtint(buffer, &currlen, maxlen, value, 8, min, max, flags);
+						break;
+					case 'u':
+						flags |= DP_F_UNSIGNED;
+						if (cflags == DP_C_SHORT)
+							value = va_arg(args, unsigned int);
+						else if (cflags == DP_C_LONG)
+							value = va_arg(args, unsigned long int);
+						else if (cflags == DP_C_LONG_LONG)
+							value = va_arg(args, unsigned long long);
+						else
+							value = va_arg(args, unsigned int);
+						fmtint (buffer, &currlen, maxlen, value, 10, min, max, flags);
+						break;
+					case 'X':
+						flags |= DP_F_UP;
+					case 'x':
+						flags |= DP_F_UNSIGNED;
+						if (cflags == DP_C_SHORT)
+							value = va_arg(args, unsigned int);
+						else if (cflags == DP_C_LONG)
+							value = va_arg(args, unsigned long int);
+						else if (cflags == DP_C_LONG_LONG)
+							value = va_arg(args, unsigned long long);
+						else
+							value = va_arg(args, unsigned int);
+						fmtint(buffer, &currlen, maxlen, value, 16, min, max, flags);
+						break;
+					case 'f':
+						if (cflags == DP_C_LDOUBLE)
+							fvalue = va_arg(args, long double);
+						else
+							fvalue = va_arg(args, double);
+						/* um, floating point? */
+						fmtfp(buffer, &currlen, maxlen, fvalue, min, max, flags);
+						break;
+					case 'E':
+						flags |= DP_F_UP;
+					case 'e':
+						if (cflags == DP_C_LDOUBLE)
+							fvalue = va_arg(args, long double);
+						else
+							fvalue = va_arg(args, double);
+						break;
+					case 'G':
+						flags |= DP_F_UP;
+					case 'g':
+						if (cflags == DP_C_LDOUBLE)
+							fvalue = va_arg(args, long double);
+						else
+							fvalue = va_arg(args, double);
+						break;
+					case 'c':
+						dopr_outch(buffer, &currlen, maxlen, va_arg(args, int));
+						break;
+					case 's':
+						strvalue = va_arg(args, char *);
+						if (max < 0) 
+							max = maxlen; /* ie, no max */
+						fmtstr(buffer, &currlen, maxlen, strvalue, flags, min, max);
+						break;
+					case 'p':
+						strvalue = va_arg(args, void *);
+						fmtint(buffer, &currlen, maxlen, (long) strvalue, 16, min, max, flags);
+						break;
+					case 'n':
+						if (cflags == DP_C_SHORT) {
+							short int *num;
+							num = va_arg(args, short int *);
+							*num = currlen;
+						} else if (cflags == DP_C_LONG) {
+							long int *num;
+							num = va_arg(args, long int *);
+							*num = currlen;
+						} else if (cflags == DP_C_LONG_LONG) {
+							long long *num;
+							num = va_arg(args, long long *);
+							*num = currlen;
+						} else {
+							int *num;
+							num = va_arg(args, int *);
+							*num = currlen;
+						}
+						break;
+					case '%':
+						dopr_outch(buffer, &currlen, maxlen, ch);
+						break;
+					case 'w': /* not supported yet, treat as next char */
+						ch = *format++;
+						break;
+					default: /* Unknown, skip */
+					break;
+				}
+				ch = *format++;
+				state = DP_S_DEFAULT;
+				flags = cflags = min = 0;
+				max = -1;
+				break;
+			case DP_S_DONE:
+				break;
+			default: /* hmm? */
+				break; /* some picky compilers need this */
+		}
+	}
+	if (currlen < maxlen - 1) 
+		buffer[currlen] = '\0';
+	else 
+		buffer[maxlen - 1] = '\0';
+}
+
+static void
+fmtstr(char *buffer, size_t *currlen, size_t maxlen,
+       char *value, int flags, int min, int max)
+{
+	int padlen, strln;     /* amount to pad */
+	int cnt = 0;
+  
+	if (value == 0) 
+		value = "<NULL>";
+
+	for (strln = 0; value[strln]; ++strln); /* strlen */
+	padlen = min - strln;
+	if (padlen < 0) 
+		padlen = 0;
+	if (flags & DP_F_MINUS) 
+		padlen = -padlen; /* Left Justify */
+
+	while ((padlen > 0) && (cnt < max)) {
+		dopr_outch(buffer, currlen, maxlen, ' ');
+		--padlen;
+		++cnt;
+	}
+	while (*value && (cnt < max)) {
+		dopr_outch(buffer, currlen, maxlen, *value++);
+		++cnt;
+	}
+	while ((padlen < 0) && (cnt < max)) {
+		dopr_outch(buffer, currlen, maxlen, ' ');
+		++padlen;
+		++cnt;
+	}
+}
+
+/* Have to handle DP_F_NUM (ie 0x and 0 alternates) */
+
+static void 
+fmtint(char *buffer, size_t *currlen, size_t maxlen,
+       long value, int base, int min, int max, int flags)
+{
+	unsigned long uvalue;
+	char convert[20];
+	int signvalue = 0;
+	int place = 0;
+	int spadlen = 0; /* amount to space pad */
+	int zpadlen = 0; /* amount to zero pad */
+	int caps = 0;
+  
+	if (max < 0)
+		max = 0;
+
+	uvalue = value;
+
+	if (!(flags & DP_F_UNSIGNED)) {
+		if (value < 0) {
+			signvalue = '-';
+			uvalue = -value;
+		} else if (flags & DP_F_PLUS)  /* Do a sign (+/i) */
+			signvalue = '+';
+		else if (flags & DP_F_SPACE)
+			signvalue = ' ';
+	}
+  
+	if (flags & DP_F_UP) 
+		caps = 1; /* Should characters be upper case? */
+
+	do {
+		convert[place++] =
+			(caps? "0123456789ABCDEF":"0123456789abcdef")
+			[uvalue % (unsigned)base];
+		uvalue = (uvalue / (unsigned)base );
+	} while (uvalue && (place < 20));
+	if (place == 20) 
+		place--;
+	convert[place] = 0;
+
+	zpadlen = max - place;
+	spadlen = min - MAX (max, place) - (signvalue ? 1 : 0);
+	if (zpadlen < 0)
+		zpadlen = 0;
+	if (spadlen < 0)
+		spadlen = 0;
+	if (flags & DP_F_ZERO) {
+		zpadlen = MAX(zpadlen, spadlen);
+		spadlen = 0;
+	}
+	if (flags & DP_F_MINUS) 
+		spadlen = -spadlen; /* Left Justifty */
+
+
+	/* Spaces */
+	while (spadlen > 0) {
+		dopr_outch(buffer, currlen, maxlen, ' ');
+		--spadlen;
+	}
+
+	/* Sign */
+	if (signvalue) 
+		dopr_outch(buffer, currlen, maxlen, signvalue);
+
+	/* Zeros */
+	if (zpadlen > 0) {
+		while (zpadlen > 0) {
+			dopr_outch(buffer, currlen, maxlen, '0');
+			--zpadlen;
+		}
+	}
+
+	/* Digits */
+	while (place > 0) 
+		dopr_outch(buffer, currlen, maxlen, convert[--place]);
+  
+	/* Left Justified spaces */
+	while (spadlen < 0) {
+		dopr_outch (buffer, currlen, maxlen, ' ');
+		++spadlen;
+	}
+}
+
+static long double 
+pow10(int exp)
+{
+	long double result = 1;
+
+	while (exp) {
+		result *= 10;
+		exp--;
+	}
+  
+	return result;
+}
+
+static long 
+round(long double value)
+{
+	long intpart = value;
+
+	value -= intpart;
+	if (value >= 0.5)
+		intpart++;
+
+	return intpart;
+}
+
+static void 
+fmtfp(char *buffer, size_t *currlen, size_t maxlen, long double fvalue, 
+      int min, int max, int flags)
+{
+	char iconvert[20];
+	char fconvert[20];
+	int signvalue = 0;
+	int iplace = 0;
+	int fplace = 0;
+	int padlen = 0; /* amount to pad */
+	int zpadlen = 0; 
+	int caps = 0;
+	long intpart;
+	long fracpart;
+	long double ufvalue;
+  
+	/* 
+	 * AIX manpage says the default is 0, but Solaris says the default
+	 * is 6, and sprintf on AIX defaults to 6
+	 */
+	if (max < 0)
+		max = 6;
+
+	ufvalue = abs_val(fvalue);
+
+	if (fvalue < 0)
+		signvalue = '-';
+	else if (flags & DP_F_PLUS)  /* Do a sign (+/i) */
+		signvalue = '+';
+	else if (flags & DP_F_SPACE)
+		signvalue = ' ';
+
+	intpart = ufvalue;
+
+	/* 
+	 * Sorry, we only support 9 digits past the decimal because of our 
+	 * conversion method
+	 */
+	if (max > 9)
+		max = 9;
+
+	/* We "cheat" by converting the fractional part to integer by
+	 * multiplying by a factor of 10
+	 */
+	fracpart = round((pow10 (max)) * (ufvalue - intpart));
+
+	if (fracpart >= pow10 (max)) {
+		intpart++;
+		fracpart -= pow10 (max);
+	}
+
+	/* Convert integer part */
+	do {
+		iconvert[iplace++] =
+		  (caps? "0123456789ABCDEF":"0123456789abcdef")[intpart % 10];
+		intpart = (intpart / 10);
+	} while(intpart && (iplace < 20));
+	if (iplace == 20) 
+		iplace--;
+	iconvert[iplace] = 0;
+
+	/* Convert fractional part */
+	do {
+		fconvert[fplace++] =
+		  (caps? "0123456789ABCDEF":"0123456789abcdef")[fracpart % 10];
+		fracpart = (fracpart / 10);
+	} while(fracpart && (fplace < 20));
+	if (fplace == 20) 
+		fplace--;
+	fconvert[fplace] = 0;
+
+	/* -1 for decimal point, another -1 if we are printing a sign */
+	padlen = min - iplace - max - 1 - ((signvalue) ? 1 : 0); 
+	zpadlen = max - fplace;
+	if (zpadlen < 0)
+		zpadlen = 0;
+	if (padlen < 0) 
+		padlen = 0;
+	if (flags & DP_F_MINUS) 
+		padlen = -padlen; /* Left Justifty */
+
+	if ((flags & DP_F_ZERO) && (padlen > 0)) {
+		if (signvalue) {
+			dopr_outch(buffer, currlen, maxlen, signvalue);
+			--padlen;
+			signvalue = 0;
+		}
+		while (padlen > 0) {
+			dopr_outch(buffer, currlen, maxlen, '0');
+			--padlen;
+		}
+	}
+	while (padlen > 0) {
+		dopr_outch(buffer, currlen, maxlen, ' ');
+		--padlen;
+	}
+	if (signvalue) 
+		dopr_outch(buffer, currlen, maxlen, signvalue);
+
+	while (iplace > 0) 
+		dopr_outch(buffer, currlen, maxlen, iconvert[--iplace]);
+
+	/*
+	 * Decimal point.  This should probably use locale to find the correct
+	 * char to print out.
+	 */
+	dopr_outch(buffer, currlen, maxlen, '.');
+
+	while (fplace > 0) 
+		dopr_outch(buffer, currlen, maxlen, fconvert[--fplace]);
+
+	while (zpadlen > 0) {
+		dopr_outch(buffer, currlen, maxlen, '0');
+		--zpadlen;
+	}
+
+	while (padlen < 0) {
+		dopr_outch(buffer, currlen, maxlen, ' ');
+		++padlen;
+	}
+}
+
+static void 
+dopr_outch(char *buffer, size_t *currlen, size_t maxlen, char c)
+{
+	if (*currlen < maxlen)
+		buffer[(*currlen)++] = c;
+}
+#endif /* !defined(HAVE_SNPRINTF) || !defined(HAVE_VSNPRINTF) */
+
+#ifndef HAVE_VSNPRINTF
+int 
+vsnprintf(char *str, size_t count, const char *fmt, va_list args)
+{
+	str[0] = 0;
+	dopr(str, count, fmt, args);
+
+	return(strlen(str));
+}
+#endif /* !HAVE_VSNPRINTF */
+
+#ifndef HAVE_SNPRINTF
+int 
+snprintf(char *str,size_t count,const char *fmt,...)
+{
+	va_list ap;
+
+	va_start(ap, fmt);
+	(void) vsnprintf(str, count, fmt, ap);
+	va_end(ap);
+
+	return(strlen(str));
+}
+
+#ifdef TEST_SNPRINTF
+int 
+main(void)
+{
+#define LONG_STRING 1024
+	char buf1[LONG_STRING];
+	char buf2[LONG_STRING];
+	char *fp_fmt[] = {
+		"%-1.5f",
+		"%1.5f",
+		"%123.9f",
+		"%10.5f",
+		"% 10.5f",
+		"%+22.9f",
+		"%+4.9f",
+		"%01.3f",
+		"%4f",
+		"%3.1f",
+		"%3.2f",
+		NULL
+	};
+	double fp_nums[] = { 
+		-1.5, 
+		134.21, 
+		91340.2, 
+		341.1234, 
+		0203.9, 
+		0.96, 
+		0.996, 
+		0.9996, 
+		1.996, 
+		4.136, 
+		0
+	};
+	char *int_fmt[] = {
+		"%-1.5d",
+		"%1.5d",
+		"%123.9d",
+		"%5.5d",
+		"%10.5d",
+		"% 10.5d",
+		"%+22.33d",
+		"%01.3d",
+		"%4d",
+		"%lld",
+		"%qd",
+		NULL
+	};
+	long long int_nums[] = { -1, 134, 91340, 341, 0203, 0, 9999999 };
+	int x, y;
+	int fail = 0;
+	int num = 0;
+
+	printf("Testing snprintf format codes against system sprintf...\n");
+
+	for (x = 0; fp_fmt[x] != NULL ; x++) {
+		for (y = 0; fp_nums[y] != 0 ; y++) {
+			snprintf(buf1, sizeof (buf1), fp_fmt[x], fp_nums[y]);
+			sprintf (buf2, fp_fmt[x], fp_nums[y]);
+			if (strcmp (buf1, buf2)) {
+				printf("snprintf doesn't match Format: %s\n\t"
+                                       "snprintf = %s\n\tsprintf  = %s\n", 
+					fp_fmt[x], buf1, buf2);
+				fail++;
+			}
+			num++;
+		}
+	}
+	for (x = 0; int_fmt[x] != NULL ; x++) {
+		for (y = 0; int_nums[y] != 0 ; y++) {
+			snprintf(buf1, sizeof (buf1), int_fmt[x], int_nums[y]);
+			sprintf(buf2, int_fmt[x], int_nums[y]);
+			if (strcmp (buf1, buf2)) {
+				printf("snprintf doesn't match Format: %s\n\t"
+				       "snprintf = %s\n\tsprintf  = %s\n", 
+					int_fmt[x], buf1, buf2);
+				fail++;
+			}
+			num++;
+		}
+	}
+	printf("%d tests failed out of %d.\n", fail, num);
+	return(0);
+}
+#endif /* SNPRINTF_TEST */
+
+#endif /* !HAVE_SNPRINTF */
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/bsd-snprintf.h openssh-3.1p1/openbsd-compat/bsd-snprintf.h
--- ssh-openbsd-2002030700/openbsd-compat/bsd-snprintf.h	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/bsd-snprintf.h	Fri Feb  9 12:55:36 2001
@@ -0,0 +1,19 @@
+/* $Id: bsd-snprintf.h,v 1.2 2001/02/09 01:55:36 djm Exp $ */
+
+#ifndef _BSD_SNPRINTF_H
+#define _BSD_SNPRINTF_H
+
+#include "config.h"
+
+#include <sys/types.h> /* For size_t */
+
+#ifndef HAVE_SNPRINTF
+int snprintf(char *str, size_t count, const char *fmt, ...);
+#endif /* !HAVE_SNPRINTF */
+
+#ifndef HAVE_VSNPRINTF
+int vsnprintf(char *str, size_t count, const char *fmt, va_list args);
+#endif /* !HAVE_SNPRINTF */
+
+
+#endif /* _BSD_SNPRINTF_H */
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/bsd-waitpid.c openssh-3.1p1/openbsd-compat/bsd-waitpid.c
--- ssh-openbsd-2002030700/openbsd-compat/bsd-waitpid.c	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/bsd-waitpid.c	Mon Mar 26 15:35:34 2001
@@ -0,0 +1,52 @@
+/*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+
+RCSID("$Id: bsd-waitpid.c,v 1.3 2001/03/26 05:35:34 mouring Exp $");
+
+#ifndef HAVE_WAITPID 
+#include <errno.h>
+#include <sys/wait.h>
+#include "bsd-waitpid.h"
+
+pid_t
+waitpid(int pid, int *stat_loc, int options)
+{
+	union wait statusp;
+	pid_t wait_pid;
+
+	if (pid <= 0) {
+		if (pid != -1) {
+			errno = EINVAL;
+			return -1;
+		}
+		pid = 0;   /* wait4() wants pid=0 for indiscriminate wait. */
+	}
+        wait_pid = wait4(pid, &statusp, options, NULL);
+	if (stat_loc)
+        	*stat_loc = (int) statusp.w_status;            
+
+        return wait_pid;                               
+}
+
+#endif /* !HAVE_WAITPID */
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/bsd-waitpid.h openssh-3.1p1/openbsd-compat/bsd-waitpid.h
--- ssh-openbsd-2002030700/openbsd-compat/bsd-waitpid.h	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/bsd-waitpid.h	Fri Feb  9 12:55:36 2001
@@ -0,0 +1,49 @@
+/*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+/* $Id: bsd-waitpid.h,v 1.2 2001/02/09 01:55:36 djm Exp $ */
+
+#ifndef _BSD_WAITPID_H
+#define _BSD_WAITPID_H
+
+#ifndef HAVE_WAITPID
+/* Clean out any potental issues */
+#undef WIFEXITED
+#undef WIFSTOPPED
+#undef WIFSIGNALED
+
+/* Define required functions to mimic a POSIX look and feel */
+#define _W_INT(w)	(*(int*)&(w))	/* convert union wait to int */
+#define WIFEXITED(w)	(!((_W_INT(w)) & 0377))
+#define WIFSTOPPED(w)	((_W_INT(w)) & 0100)
+#define WIFSIGNALED(w)	(!WIFEXITED(w) && !WIFSTOPPED(w))
+#define WEXITSTATUS(w)	(int)(WIFEXITED(w) ? ((_W_INT(w) >> 8) & 0377) : -1)
+#define WTERMSIG(w)	(int)(WIFSIGNALED(w) ? (_W_INT(w) & 0177) : -1)
+#define WCOREFLAG	0x80
+#define WCOREDUMP(w) 	((_W_INT(w)) & WCOREFLAG)
+
+/* Prototype */
+pid_t waitpid(int pid, int *stat_loc, int options);
+
+#endif /* !HAVE_WAITPID */
+#endif /* _BSD_WAITPID_H */
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/daemon.c openssh-3.1p1/openbsd-compat/daemon.c
--- ssh-openbsd-2002030700/openbsd-compat/daemon.c	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/daemon.c	Tue Nov 27 12:19:44 2001
@@ -0,0 +1,84 @@
+/*-
+ * Copyright (c) 1990, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "includes.h"
+
+#ifndef HAVE_DAEMON
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char rcsid[] = "$OpenBSD: daemon.c,v 1.2 1996/08/19 08:22:13 tholo Exp $";
+#endif /* LIBC_SCCS and not lint */
+
+int
+daemon(nochdir, noclose)
+	int nochdir, noclose;
+{
+	int fd;
+
+	switch (fork()) {
+	case -1:
+		return (-1);
+	case 0:
+#ifdef HAVE_CYGWIN
+		register_9x_service();
+#endif
+		break;
+	default:
+#ifdef HAVE_CYGWIN
+		/*
+		 * This sleep avoids a race condition which kills the
+		 * child process if parent is started by a NT/W2K service.
+		 */
+		sleep(1);
+#endif
+		_exit(0);
+	}
+
+	if (setsid() == -1)
+		return (-1);
+
+	if (!nochdir)
+		(void)chdir("/");
+
+	if (!noclose && (fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) {
+		(void)dup2(fd, STDIN_FILENO);
+		(void)dup2(fd, STDOUT_FILENO);
+		(void)dup2(fd, STDERR_FILENO);
+		if (fd > 2)
+			(void)close (fd);
+	}
+	return (0);
+}
+
+#endif /* !HAVE_DAEMON */
+
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/daemon.h openssh-3.1p1/openbsd-compat/daemon.h
--- ssh-openbsd-2002030700/openbsd-compat/daemon.h	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/daemon.h	Fri Feb  9 12:55:36 2001
@@ -0,0 +1,11 @@
+/* $Id: daemon.h,v 1.2 2001/02/09 01:55:36 djm Exp $ */
+
+#ifndef _BSD_DAEMON_H
+#define _BSD_DAEMON_H
+
+#include "config.h"
+#ifndef HAVE_DAEMON
+int daemon(int nochdir, int noclose);
+#endif /* !HAVE_DAEMON */
+
+#endif /* _BSD_DAEMON_H */
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/dirname.c openssh-3.1p1/openbsd-compat/dirname.c
--- ssh-openbsd-2002030700/openbsd-compat/dirname.c	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/dirname.c	Wed Feb 13 16:00:16 2002
@@ -0,0 +1,80 @@
+/*	$OpenBSD: dirname.c,v 1.6 2001/06/28 04:27:19 pjanzen Exp $	*/
+
+/*
+ * Copyright (c) 1997 Todd C. Miller <Todd.Miller@courtesan.com>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL
+ * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+#ifndef HAVE_DIRNAME
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char rcsid[] = "$OpenBSD: dirname.c,v 1.6 2001/06/28 04:27:19 pjanzen Exp $";
+#endif /* LIBC_SCCS and not lint */
+
+#include <errno.h>
+#include <string.h>
+#include <sys/param.h>
+
+char *
+dirname(path)
+	const char *path;
+{
+	static char bname[MAXPATHLEN];
+	register const char *endp;
+
+	/* Empty or NULL string gets treated as "." */
+	if (path == NULL || *path == '\0') {
+		(void)strcpy(bname, ".");
+		return(bname);
+	}
+
+	/* Strip trailing slashes */
+	endp = path + strlen(path) - 1;
+	while (endp > path && *endp == '/')
+		endp--;
+
+	/* Find the start of the dir */
+	while (endp > path && *endp != '/')
+		endp--;
+
+	/* Either the dir is "/" or there are no slashes */
+	if (endp == path) {
+		(void)strcpy(bname, *endp == '/' ? "/" : ".");
+		return(bname);
+	} else {
+		do {
+			endp--;
+		} while (endp > path && *endp == '/');
+	}
+
+	if (endp - path + 2 > sizeof(bname)) {
+		errno = ENAMETOOLONG;
+		return(NULL);
+	}
+	strlcpy(bname, path, endp - path + 2);
+	return(bname);
+}
+#endif
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/dirname.h openssh-3.1p1/openbsd-compat/dirname.h
--- ssh-openbsd-2002030700/openbsd-compat/dirname.h	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/dirname.h	Thu Jul  5 14:27:21 2001
@@ -0,0 +1,5 @@
+#ifndef HAVE_DIRNAME
+
+char *dirname(const char *path);
+
+#endif
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/fake-gai-errnos.h openssh-3.1p1/openbsd-compat/fake-gai-errnos.h
--- ssh-openbsd-2002030700/openbsd-compat/fake-gai-errnos.h	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/fake-gai-errnos.h	Fri Feb  9 12:55:36 2001
@@ -0,0 +1,14 @@
+/*
+ * fake library for ssh
+ *
+ * This file is included in getaddrinfo.c and getnameinfo.c.
+ * See getaddrinfo.c and getnameinfo.c.
+ */
+
+/* $Id: fake-gai-errnos.h,v 1.2 2001/02/09 01:55:36 djm Exp $ */
+
+/* for old netdb.h */
+#ifndef EAI_NODATA
+#define EAI_NODATA	1
+#define EAI_MEMORY	2
+#endif
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/fake-getaddrinfo.c openssh-3.1p1/openbsd-compat/fake-getaddrinfo.c
--- ssh-openbsd-2002030700/openbsd-compat/fake-getaddrinfo.c	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/fake-getaddrinfo.c	Fri Feb  9 12:55:36 2001
@@ -0,0 +1,121 @@
+/*
+ * fake library for ssh
+ *
+ * This file includes getaddrinfo(), freeaddrinfo() and gai_strerror().
+ * These funtions are defined in rfc2133.
+ *
+ * But these functions are not implemented correctly. The minimum subset
+ * is implemented for ssh use only. For exapmle, this routine assumes
+ * that ai_family is AF_INET. Don't use it for another purpose.
+ */
+
+#include "includes.h"
+#include "ssh.h"
+
+RCSID("$Id: fake-getaddrinfo.c,v 1.2 2001/02/09 01:55:36 djm Exp $");
+
+#ifndef HAVE_GAI_STRERROR
+char *gai_strerror(int ecode)
+{
+	switch (ecode) {
+		case EAI_NODATA:
+			return "no address associated with hostname.";
+		case EAI_MEMORY:
+			return "memory allocation failure.";
+		default:
+			return "unknown error.";
+	}
+}    
+#endif /* !HAVE_GAI_STRERROR */
+
+#ifndef HAVE_FREEADDRINFO
+void freeaddrinfo(struct addrinfo *ai)
+{
+	struct addrinfo *next;
+
+	do {
+		next = ai->ai_next;
+		free(ai);
+	} while (NULL != (ai = next));
+}
+#endif /* !HAVE_FREEADDRINFO */
+
+#ifndef HAVE_GETADDRINFO
+static struct addrinfo *malloc_ai(int port, u_long addr)
+{
+	struct addrinfo *ai;
+
+	ai = malloc(sizeof(struct addrinfo) + sizeof(struct sockaddr_in));
+	if (ai == NULL)
+		return(NULL);
+	
+	memset(ai, 0, sizeof(struct addrinfo) + sizeof(struct sockaddr_in));
+	
+	ai->ai_addr = (struct sockaddr *)(ai + 1);
+	/* XXX -- ssh doesn't use sa_len */
+	ai->ai_addrlen = sizeof(struct sockaddr_in);
+	ai->ai_addr->sa_family = ai->ai_family = AF_INET;
+
+	((struct sockaddr_in *)(ai)->ai_addr)->sin_port = port;
+	((struct sockaddr_in *)(ai)->ai_addr)->sin_addr.s_addr = addr;
+	
+	return(ai);
+}
+
+int getaddrinfo(const char *hostname, const char *servname, 
+                const struct addrinfo *hints, struct addrinfo **res)
+{
+	struct addrinfo *cur, *prev = NULL;
+	struct hostent *hp;
+	struct in_addr in;
+	int i, port;
+
+	if (servname)
+		port = htons(atoi(servname));
+	else
+		port = 0;
+
+	if (hints && hints->ai_flags & AI_PASSIVE) {
+		if (NULL != (*res = malloc_ai(port, htonl(0x00000000))))
+			return 0;
+		else
+			return EAI_MEMORY;
+	}
+		
+	if (!hostname) {
+		if (NULL != (*res = malloc_ai(port, htonl(0x7f000001))))
+			return 0;
+		else
+			return EAI_MEMORY;
+	}
+	
+	if (inet_aton(hostname, &in)) {
+		if (NULL != (*res = malloc_ai(port, in.s_addr)))
+			return 0;
+		else
+			return EAI_MEMORY;
+	}
+	
+	hp = gethostbyname(hostname);
+	if (hp && hp->h_name && hp->h_name[0] && hp->h_addr_list[0]) {
+		for (i = 0; hp->h_addr_list[i]; i++) {
+			cur = malloc_ai(port, ((struct in_addr *)hp->h_addr_list[i])->s_addr);
+			if (cur == NULL) {
+				if (*res)
+					freeaddrinfo(*res);
+				return EAI_MEMORY;
+			}
+			
+			if (prev)
+				prev->ai_next = cur;
+			else
+				*res = cur;
+
+			prev = cur;
+		}
+		return 0;
+	}
+	
+	return EAI_NODATA;
+}
+#endif /* !HAVE_GETADDRINFO */
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/fake-getaddrinfo.h openssh-3.1p1/openbsd-compat/fake-getaddrinfo.h
--- ssh-openbsd-2002030700/openbsd-compat/fake-getaddrinfo.h	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/fake-getaddrinfo.h	Fri Feb  9 12:55:36 2001
@@ -0,0 +1,47 @@
+/* $Id: fake-getaddrinfo.h,v 1.2 2001/02/09 01:55:36 djm Exp $ */
+
+#ifndef _FAKE_GETADDRINFO_H
+#define _FAKE_GETADDRINFO_H
+
+#include "config.h"
+
+#include "fake-gai-errnos.h"
+
+#ifndef AI_PASSIVE
+# define AI_PASSIVE        1
+# define AI_CANONNAME      2
+#endif
+
+#ifndef NI_NUMERICHOST
+# define NI_NUMERICHOST    2
+# define NI_NAMEREQD       4
+# define NI_NUMERICSERV    8
+#endif
+
+#ifndef HAVE_STRUCT_ADDRINFO
+struct addrinfo {
+	int	ai_flags;	/* AI_PASSIVE, AI_CANONNAME */
+	int	ai_family;	/* PF_xxx */
+	int	ai_socktype;	/* SOCK_xxx */
+	int	ai_protocol;	/* 0 or IPPROTO_xxx for IPv4 and IPv6 */
+	size_t	ai_addrlen;	/* length of ai_addr */
+	char	*ai_canonname;	/* canonical name for hostname */
+	struct sockaddr *ai_addr;	/* binary address */
+	struct addrinfo *ai_next;	/* next structure in linked list */
+};
+#endif /* !HAVE_STRUCT_ADDRINFO */
+
+#ifndef HAVE_GETADDRINFO
+int getaddrinfo(const char *hostname, const char *servname, 
+                const struct addrinfo *hints, struct addrinfo **res);
+#endif /* !HAVE_GETADDRINFO */
+
+#ifndef HAVE_GAI_STRERROR
+char *gai_strerror(int ecode);
+#endif /* !HAVE_GAI_STRERROR */
+
+#ifndef HAVE_FREEADDRINFO
+void freeaddrinfo(struct addrinfo *ai);
+#endif /* !HAVE_FREEADDRINFO */
+
+#endif /* _FAKE_GETADDRINFO_H */
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/fake-getnameinfo.c openssh-3.1p1/openbsd-compat/fake-getnameinfo.c
--- ssh-openbsd-2002030700/openbsd-compat/fake-getnameinfo.c	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/fake-getnameinfo.c	Fri Feb  9 12:55:36 2001
@@ -0,0 +1,55 @@
+/*
+ * fake library for ssh
+ *
+ * This file includes getnameinfo().
+ * These funtions are defined in rfc2133.
+ *
+ * But these functions are not implemented correctly. The minimum subset
+ * is implemented for ssh use only. For exapmle, this routine assumes
+ * that ai_family is AF_INET. Don't use it for another purpose.
+ */
+
+#include "includes.h"
+#include "ssh.h"
+
+RCSID("$Id: fake-getnameinfo.c,v 1.2 2001/02/09 01:55:36 djm Exp $");
+
+#ifndef HAVE_GETNAMEINFO
+int getnameinfo(const struct sockaddr *sa, size_t salen, char *host, 
+                size_t hostlen, char *serv, size_t servlen, int flags)
+{
+	struct sockaddr_in *sin = (struct sockaddr_in *)sa;
+	struct hostent *hp;
+	char tmpserv[16];
+
+	if (serv) {
+		snprintf(tmpserv, sizeof(tmpserv), "%d", ntohs(sin->sin_port));
+		if (strlen(tmpserv) >= servlen)
+			return EAI_MEMORY;
+		else
+			strcpy(serv, tmpserv);
+	}
+
+	if (host) {
+		if (flags & NI_NUMERICHOST) {
+			if (strlen(inet_ntoa(sin->sin_addr)) >= hostlen)
+				return EAI_MEMORY;
+
+			strcpy(host, inet_ntoa(sin->sin_addr));
+			return 0;
+		} else {
+			hp = gethostbyaddr((char *)&sin->sin_addr, 
+				sizeof(struct in_addr), AF_INET);
+			if (hp == NULL)
+				return EAI_NODATA;
+			
+			if (strlen(hp->h_name) >= hostlen)
+				return EAI_MEMORY;
+
+			strcpy(host, hp->h_name);
+			return 0;
+		}
+	}
+	return 0;
+}
+#endif /* !HAVE_GETNAMEINFO */
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/fake-getnameinfo.h openssh-3.1p1/openbsd-compat/fake-getnameinfo.h
--- ssh-openbsd-2002030700/openbsd-compat/fake-getnameinfo.h	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/fake-getnameinfo.h	Fri Feb  9 12:55:36 2001
@@ -0,0 +1,20 @@
+/* $Id: fake-getnameinfo.h,v 1.2 2001/02/09 01:55:36 djm Exp $ */
+
+#ifndef _FAKE_GETNAMEINFO_H
+#define _FAKE_GETNAMEINFO_H
+
+#include "config.h"
+
+#ifndef HAVE_GETNAMEINFO
+int getnameinfo(const struct sockaddr *sa, size_t salen, char *host, 
+                size_t hostlen, char *serv, size_t servlen, int flags);
+#endif /* !HAVE_GETNAMEINFO */
+
+#ifndef NI_MAXSERV
+# define NI_MAXSERV 32
+#endif /* !NI_MAXSERV */
+#ifndef NI_MAXHOST
+# define NI_MAXHOST 1025
+#endif /* !NI_MAXHOST */
+
+#endif /* _FAKE_GETNAMEINFO_H */
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/fake-queue.h openssh-3.1p1/openbsd-compat/fake-queue.h
--- ssh-openbsd-2002030700/openbsd-compat/fake-queue.h	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/fake-queue.h	Wed Feb 13 16:00:16 2002
@@ -0,0 +1,503 @@
+/*	$OpenBSD: queue.h,v 1.22 2001/06/23 04:39:35 angelos Exp $	*/
+/*	$NetBSD: queue.h,v 1.11 1996/05/16 05:17:14 mycroft Exp $	*/
+
+/*
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)queue.h	8.5 (Berkeley) 8/20/94
+ */
+
+#ifndef	_SYS_QUEUE_H_
+#define	_SYS_QUEUE_H_
+
+/*
+ * This file defines five types of data structures: singly-linked lists, 
+ * lists, simple queues, tail queues, and circular queues.
+ *
+ *
+ * A singly-linked list is headed by a single forward pointer. The elements
+ * are singly linked for minimum space and pointer manipulation overhead at
+ * the expense of O(n) removal for arbitrary elements. New elements can be
+ * added to the list after an existing element or at the head of the list.
+ * Elements being removed from the head of the list should use the explicit
+ * macro for this purpose for optimum efficiency. A singly-linked list may
+ * only be traversed in the forward direction.  Singly-linked lists are ideal
+ * for applications with large datasets and few or no removals or for
+ * implementing a LIFO queue.
+ *
+ * A list is headed by a single forward pointer (or an array of forward
+ * pointers for a hash table header). The elements are doubly linked
+ * so that an arbitrary element can be removed without a need to
+ * traverse the list. New elements can be added to the list before
+ * or after an existing element or at the head of the list. A list
+ * may only be traversed in the forward direction.
+ *
+ * A simple queue is headed by a pair of pointers, one the head of the
+ * list and the other to the tail of the list. The elements are singly
+ * linked to save space, so elements can only be removed from the
+ * head of the list. New elements can be added to the list before or after
+ * an existing element, at the head of the list, or at the end of the
+ * list. A simple queue may only be traversed in the forward direction.
+ *
+ * A tail queue is headed by a pair of pointers, one to the head of the
+ * list and the other to the tail of the list. The elements are doubly
+ * linked so that an arbitrary element can be removed without a need to
+ * traverse the list. New elements can be added to the list before or
+ * after an existing element, at the head of the list, or at the end of
+ * the list. A tail queue may be traversed in either direction.
+ *
+ * A circle queue is headed by a pair of pointers, one to the head of the
+ * list and the other to the tail of the list. The elements are doubly
+ * linked so that an arbitrary element can be removed without a need to
+ * traverse the list. New elements can be added to the list before or after
+ * an existing element, at the head of the list, or at the end of the list.
+ * A circle queue may be traversed in either direction, but has a more
+ * complex end of list detection.
+ *
+ * For details on the use of these macros, see the queue(3) manual page.
+ */
+
+/*
+ * Singly-linked List definitions.
+ */
+#define SLIST_HEAD(name, type)						\
+struct name {								\
+	struct type *slh_first;	/* first element */			\
+}
+ 
+#define	SLIST_HEAD_INITIALIZER(head)					\
+	{ NULL }
+ 
+#define SLIST_ENTRY(type)						\
+struct {								\
+	struct type *sle_next;	/* next element */			\
+}
+ 
+/*
+ * Singly-linked List access methods.
+ */
+#define	SLIST_FIRST(head)	((head)->slh_first)
+#define	SLIST_END(head)		NULL
+#define	SLIST_EMPTY(head)	(SLIST_FIRST(head) == SLIST_END(head))
+#define	SLIST_NEXT(elm, field)	((elm)->field.sle_next)
+
+#define	SLIST_FOREACH(var, head, field)					\
+	for((var) = SLIST_FIRST(head);					\
+	    (var) != SLIST_END(head);					\
+	    (var) = SLIST_NEXT(var, field))
+
+/*
+ * Singly-linked List functions.
+ */
+#define	SLIST_INIT(head) {						\
+	SLIST_FIRST(head) = SLIST_END(head);				\
+}
+
+#define	SLIST_INSERT_AFTER(slistelm, elm, field) do {			\
+	(elm)->field.sle_next = (slistelm)->field.sle_next;		\
+	(slistelm)->field.sle_next = (elm);				\
+} while (0)
+
+#define	SLIST_INSERT_HEAD(head, elm, field) do {			\
+	(elm)->field.sle_next = (head)->slh_first;			\
+	(head)->slh_first = (elm);					\
+} while (0)
+
+#define	SLIST_REMOVE_HEAD(head, field) do {				\
+	(head)->slh_first = (head)->slh_first->field.sle_next;		\
+} while (0)
+
+#define SLIST_REMOVE(head, elm, type, field) do {			\
+	if ((head)->slh_first == (elm)) {				\
+		SLIST_REMOVE_HEAD((head), field);			\
+	}								\
+	else {								\
+		struct type *curelm = (head)->slh_first;		\
+		while( curelm->field.sle_next != (elm) )		\
+			curelm = curelm->field.sle_next;		\
+		curelm->field.sle_next =				\
+		    curelm->field.sle_next->field.sle_next;		\
+	}								\
+} while (0)
+
+/*
+ * List definitions.
+ */
+#define LIST_HEAD(name, type)						\
+struct name {								\
+	struct type *lh_first;	/* first element */			\
+}
+
+#define LIST_HEAD_INITIALIZER(head)					\
+	{ NULL }
+
+#define LIST_ENTRY(type)						\
+struct {								\
+	struct type *le_next;	/* next element */			\
+	struct type **le_prev;	/* address of previous next element */	\
+}
+
+/*
+ * List access methods
+ */
+#define	LIST_FIRST(head)		((head)->lh_first)
+#define	LIST_END(head)			NULL
+#define	LIST_EMPTY(head)		(LIST_FIRST(head) == LIST_END(head))
+#define	LIST_NEXT(elm, field)		((elm)->field.le_next)
+
+#define LIST_FOREACH(var, head, field)					\
+	for((var) = LIST_FIRST(head);					\
+	    (var)!= LIST_END(head);					\
+	    (var) = LIST_NEXT(var, field))
+
+/*
+ * List functions.
+ */
+#define	LIST_INIT(head) do {						\
+	LIST_FIRST(head) = LIST_END(head);				\
+} while (0)
+
+#define LIST_INSERT_AFTER(listelm, elm, field) do {			\
+	if (((elm)->field.le_next = (listelm)->field.le_next) != NULL)	\
+		(listelm)->field.le_next->field.le_prev =		\
+		    &(elm)->field.le_next;				\
+	(listelm)->field.le_next = (elm);				\
+	(elm)->field.le_prev = &(listelm)->field.le_next;		\
+} while (0)
+
+#define	LIST_INSERT_BEFORE(listelm, elm, field) do {			\
+	(elm)->field.le_prev = (listelm)->field.le_prev;		\
+	(elm)->field.le_next = (listelm);				\
+	*(listelm)->field.le_prev = (elm);				\
+	(listelm)->field.le_prev = &(elm)->field.le_next;		\
+} while (0)
+
+#define LIST_INSERT_HEAD(head, elm, field) do {				\
+	if (((elm)->field.le_next = (head)->lh_first) != NULL)		\
+		(head)->lh_first->field.le_prev = &(elm)->field.le_next;\
+	(head)->lh_first = (elm);					\
+	(elm)->field.le_prev = &(head)->lh_first;			\
+} while (0)
+
+#define LIST_REMOVE(elm, field) do {					\
+	if ((elm)->field.le_next != NULL)				\
+		(elm)->field.le_next->field.le_prev =			\
+		    (elm)->field.le_prev;				\
+	*(elm)->field.le_prev = (elm)->field.le_next;			\
+} while (0)
+
+#define LIST_REPLACE(elm, elm2, field) do {				\
+	if (((elm2)->field.le_next = (elm)->field.le_next) != NULL)	\
+		(elm2)->field.le_next->field.le_prev =			\
+		    &(elm2)->field.le_next;				\
+	(elm2)->field.le_prev = (elm)->field.le_prev;			\
+	*(elm2)->field.le_prev = (elm2);				\
+} while (0)
+
+/*
+ * Simple queue definitions.
+ */
+#define SIMPLEQ_HEAD(name, type)					\
+struct name {								\
+	struct type *sqh_first;	/* first element */			\
+	struct type **sqh_last;	/* addr of last next element */		\
+}
+
+#define SIMPLEQ_HEAD_INITIALIZER(head)					\
+	{ NULL, &(head).sqh_first }
+
+#define SIMPLEQ_ENTRY(type)						\
+struct {								\
+	struct type *sqe_next;	/* next element */			\
+}
+
+/*
+ * Simple queue access methods.
+ */
+#define	SIMPLEQ_FIRST(head)	    ((head)->sqh_first)
+#define	SIMPLEQ_END(head)	    NULL
+#define	SIMPLEQ_EMPTY(head)	    (SIMPLEQ_FIRST(head) == SIMPLEQ_END(head))
+#define	SIMPLEQ_NEXT(elm, field)    ((elm)->field.sqe_next)
+
+#define SIMPLEQ_FOREACH(var, head, field)				\
+	for((var) = SIMPLEQ_FIRST(head);				\
+	    (var) != SIMPLEQ_END(head);					\
+	    (var) = SIMPLEQ_NEXT(var, field))
+
+/*
+ * Simple queue functions.
+ */
+#define	SIMPLEQ_INIT(head) do {						\
+	(head)->sqh_first = NULL;					\
+	(head)->sqh_last = &(head)->sqh_first;				\
+} while (0)
+
+#define SIMPLEQ_INSERT_HEAD(head, elm, field) do {			\
+	if (((elm)->field.sqe_next = (head)->sqh_first) == NULL)	\
+		(head)->sqh_last = &(elm)->field.sqe_next;		\
+	(head)->sqh_first = (elm);					\
+} while (0)
+
+#define SIMPLEQ_INSERT_TAIL(head, elm, field) do {			\
+	(elm)->field.sqe_next = NULL;					\
+	*(head)->sqh_last = (elm);					\
+	(head)->sqh_last = &(elm)->field.sqe_next;			\
+} while (0)
+
+#define SIMPLEQ_INSERT_AFTER(head, listelm, elm, field) do {		\
+	if (((elm)->field.sqe_next = (listelm)->field.sqe_next) == NULL)\
+		(head)->sqh_last = &(elm)->field.sqe_next;		\
+	(listelm)->field.sqe_next = (elm);				\
+} while (0)
+
+#define SIMPLEQ_REMOVE_HEAD(head, elm, field) do {			\
+	if (((head)->sqh_first = (elm)->field.sqe_next) == NULL)	\
+		(head)->sqh_last = &(head)->sqh_first;			\
+} while (0)
+
+/*
+ * Tail queue definitions.
+ */
+#define TAILQ_HEAD(name, type)						\
+struct name {								\
+	struct type *tqh_first;	/* first element */			\
+	struct type **tqh_last;	/* addr of last next element */		\
+}
+
+#define TAILQ_HEAD_INITIALIZER(head)					\
+	{ NULL, &(head).tqh_first }
+
+#define TAILQ_ENTRY(type)						\
+struct {								\
+	struct type *tqe_next;	/* next element */			\
+	struct type **tqe_prev;	/* address of previous next element */	\
+}
+
+/* 
+ * tail queue access methods 
+ */
+#define	TAILQ_FIRST(head)		((head)->tqh_first)
+#define	TAILQ_END(head)			NULL
+#define	TAILQ_NEXT(elm, field)		((elm)->field.tqe_next)
+#define TAILQ_LAST(head, headname)					\
+	(*(((struct headname *)((head)->tqh_last))->tqh_last))
+/* XXX */
+#define TAILQ_PREV(elm, headname, field)				\
+	(*(((struct headname *)((elm)->field.tqe_prev))->tqh_last))
+#define	TAILQ_EMPTY(head)						\
+	(TAILQ_FIRST(head) == TAILQ_END(head))
+
+#define TAILQ_FOREACH(var, head, field)					\
+	for((var) = TAILQ_FIRST(head);					\
+	    (var) != TAILQ_END(head);					\
+	    (var) = TAILQ_NEXT(var, field))
+
+#define TAILQ_FOREACH_REVERSE(var, head, field, headname)		\
+	for((var) = TAILQ_LAST(head, headname);				\
+	    (var) != TAILQ_END(head);					\
+	    (var) = TAILQ_PREV(var, headname, field))
+
+/*
+ * Tail queue functions.
+ */
+#define	TAILQ_INIT(head) do {						\
+	(head)->tqh_first = NULL;					\
+	(head)->tqh_last = &(head)->tqh_first;				\
+} while (0)
+
+#define TAILQ_INSERT_HEAD(head, elm, field) do {			\
+	if (((elm)->field.tqe_next = (head)->tqh_first) != NULL)	\
+		(head)->tqh_first->field.tqe_prev =			\
+		    &(elm)->field.tqe_next;				\
+	else								\
+		(head)->tqh_last = &(elm)->field.tqe_next;		\
+	(head)->tqh_first = (elm);					\
+	(elm)->field.tqe_prev = &(head)->tqh_first;			\
+} while (0)
+
+#define TAILQ_INSERT_TAIL(head, elm, field) do {			\
+	(elm)->field.tqe_next = NULL;					\
+	(elm)->field.tqe_prev = (head)->tqh_last;			\
+	*(head)->tqh_last = (elm);					\
+	(head)->tqh_last = &(elm)->field.tqe_next;			\
+} while (0)
+
+#define TAILQ_INSERT_AFTER(head, listelm, elm, field) do {		\
+	if (((elm)->field.tqe_next = (listelm)->field.tqe_next) != NULL)\
+		(elm)->field.tqe_next->field.tqe_prev =			\
+		    &(elm)->field.tqe_next;				\
+	else								\
+		(head)->tqh_last = &(elm)->field.tqe_next;		\
+	(listelm)->field.tqe_next = (elm);				\
+	(elm)->field.tqe_prev = &(listelm)->field.tqe_next;		\
+} while (0)
+
+#define	TAILQ_INSERT_BEFORE(listelm, elm, field) do {			\
+	(elm)->field.tqe_prev = (listelm)->field.tqe_prev;		\
+	(elm)->field.tqe_next = (listelm);				\
+	*(listelm)->field.tqe_prev = (elm);				\
+	(listelm)->field.tqe_prev = &(elm)->field.tqe_next;		\
+} while (0)
+
+#define TAILQ_REMOVE(head, elm, field) do {				\
+	if (((elm)->field.tqe_next) != NULL)				\
+		(elm)->field.tqe_next->field.tqe_prev =			\
+		    (elm)->field.tqe_prev;				\
+	else								\
+		(head)->tqh_last = (elm)->field.tqe_prev;		\
+	*(elm)->field.tqe_prev = (elm)->field.tqe_next;			\
+} while (0)
+
+#define TAILQ_REPLACE(head, elm, elm2, field) do {			\
+	if (((elm2)->field.tqe_next = (elm)->field.tqe_next) != NULL)	\
+		(elm2)->field.tqe_next->field.tqe_prev =		\
+		    &(elm2)->field.tqe_next;				\
+	else								\
+		(head)->tqh_last = &(elm2)->field.tqe_next;		\
+	(elm2)->field.tqe_prev = (elm)->field.tqe_prev;			\
+	*(elm2)->field.tqe_prev = (elm2);				\
+} while (0)
+
+/*
+ * Circular queue definitions.
+ */
+#define CIRCLEQ_HEAD(name, type)					\
+struct name {								\
+	struct type *cqh_first;		/* first element */		\
+	struct type *cqh_last;		/* last element */		\
+}
+
+#define CIRCLEQ_HEAD_INITIALIZER(head)					\
+	{ CIRCLEQ_END(&head), CIRCLEQ_END(&head) }
+
+#define CIRCLEQ_ENTRY(type)						\
+struct {								\
+	struct type *cqe_next;		/* next element */		\
+	struct type *cqe_prev;		/* previous element */		\
+}
+
+/*
+ * Circular queue access methods 
+ */
+#define	CIRCLEQ_FIRST(head)		((head)->cqh_first)
+#define	CIRCLEQ_LAST(head)		((head)->cqh_last)
+#define	CIRCLEQ_END(head)		((void *)(head))
+#define	CIRCLEQ_NEXT(elm, field)	((elm)->field.cqe_next)
+#define	CIRCLEQ_PREV(elm, field)	((elm)->field.cqe_prev)
+#define	CIRCLEQ_EMPTY(head)						\
+	(CIRCLEQ_FIRST(head) == CIRCLEQ_END(head))
+
+#define CIRCLEQ_FOREACH(var, head, field)				\
+	for((var) = CIRCLEQ_FIRST(head);				\
+	    (var) != CIRCLEQ_END(head);					\
+	    (var) = CIRCLEQ_NEXT(var, field))
+
+#define CIRCLEQ_FOREACH_REVERSE(var, head, field)			\
+	for((var) = CIRCLEQ_LAST(head);					\
+	    (var) != CIRCLEQ_END(head);					\
+	    (var) = CIRCLEQ_PREV(var, field))
+
+/*
+ * Circular queue functions.
+ */
+#define	CIRCLEQ_INIT(head) do {						\
+	(head)->cqh_first = CIRCLEQ_END(head);				\
+	(head)->cqh_last = CIRCLEQ_END(head);				\
+} while (0)
+
+#define CIRCLEQ_INSERT_AFTER(head, listelm, elm, field) do {		\
+	(elm)->field.cqe_next = (listelm)->field.cqe_next;		\
+	(elm)->field.cqe_prev = (listelm);				\
+	if ((listelm)->field.cqe_next == CIRCLEQ_END(head))		\
+		(head)->cqh_last = (elm);				\
+	else								\
+		(listelm)->field.cqe_next->field.cqe_prev = (elm);	\
+	(listelm)->field.cqe_next = (elm);				\
+} while (0)
+
+#define CIRCLEQ_INSERT_BEFORE(head, listelm, elm, field) do {		\
+	(elm)->field.cqe_next = (listelm);				\
+	(elm)->field.cqe_prev = (listelm)->field.cqe_prev;		\
+	if ((listelm)->field.cqe_prev == CIRCLEQ_END(head))		\
+		(head)->cqh_first = (elm);				\
+	else								\
+		(listelm)->field.cqe_prev->field.cqe_next = (elm);	\
+	(listelm)->field.cqe_prev = (elm);				\
+} while (0)
+
+#define CIRCLEQ_INSERT_HEAD(head, elm, field) do {			\
+	(elm)->field.cqe_next = (head)->cqh_first;			\
+	(elm)->field.cqe_prev = CIRCLEQ_END(head);			\
+	if ((head)->cqh_last == CIRCLEQ_END(head))			\
+		(head)->cqh_last = (elm);				\
+	else								\
+		(head)->cqh_first->field.cqe_prev = (elm);		\
+	(head)->cqh_first = (elm);					\
+} while (0)
+
+#define CIRCLEQ_INSERT_TAIL(head, elm, field) do {			\
+	(elm)->field.cqe_next = CIRCLEQ_END(head);			\
+	(elm)->field.cqe_prev = (head)->cqh_last;			\
+	if ((head)->cqh_first == CIRCLEQ_END(head))			\
+		(head)->cqh_first = (elm);				\
+	else								\
+		(head)->cqh_last->field.cqe_next = (elm);		\
+	(head)->cqh_last = (elm);					\
+} while (0)
+
+#define	CIRCLEQ_REMOVE(head, elm, field) do {				\
+	if ((elm)->field.cqe_next == CIRCLEQ_END(head))			\
+		(head)->cqh_last = (elm)->field.cqe_prev;		\
+	else								\
+		(elm)->field.cqe_next->field.cqe_prev =			\
+		    (elm)->field.cqe_prev;				\
+	if ((elm)->field.cqe_prev == CIRCLEQ_END(head))			\
+		(head)->cqh_first = (elm)->field.cqe_next;		\
+	else								\
+		(elm)->field.cqe_prev->field.cqe_next =			\
+		    (elm)->field.cqe_next;				\
+} while (0)
+
+#define CIRCLEQ_REPLACE(head, elm, elm2, field) do {			\
+	if (((elm2)->field.cqe_next = (elm)->field.cqe_next) ==		\
+	    CIRCLEQ_END(head))						\
+		(head).cqh_last = (elm2);				\
+	else								\
+		(elm2)->field.cqe_next->field.cqe_prev = (elm2);	\
+	if (((elm2)->field.cqe_prev = (elm)->field.cqe_prev) ==		\
+	    CIRCLEQ_END(head))						\
+		(head).cqh_first = (elm2);				\
+	else								\
+		(elm2)->field.cqe_prev->field.cqe_next = (elm2);	\
+} while (0)
+
+#endif	/* !_SYS_QUEUE_H_ */
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/fake-socket.h openssh-3.1p1/openbsd-compat/fake-socket.h
--- ssh-openbsd-2002030700/openbsd-compat/fake-socket.h	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/fake-socket.h	Fri Feb  9 12:55:36 2001
@@ -0,0 +1,47 @@
+/* $Id: fake-socket.h,v 1.2 2001/02/09 01:55:36 djm Exp $ */
+
+#ifndef _FAKE_SOCKET_H
+#define _FAKE_SOCKET_H
+
+#include "config.h"
+#include "sys/types.h"
+
+#ifndef HAVE_STRUCT_SOCKADDR_STORAGE
+# define	_SS_MAXSIZE	128	/* Implementation specific max size */
+# define       _SS_PADSIZE     (_SS_MAXSIZE - sizeof (struct sockaddr))
+
+struct sockaddr_storage {
+	struct	sockaddr ss_sa;
+	char		__ss_pad2[_SS_PADSIZE];
+};
+# define ss_family ss_sa.sa_family
+#endif /* !HAVE_STRUCT_SOCKADDR_STORAGE */
+
+#ifndef IN6_IS_ADDR_LOOPBACK
+# define IN6_IS_ADDR_LOOPBACK(a) \
+	(((u_int32_t *) (a))[0] == 0 && ((u_int32_t *) (a))[1] == 0 && \
+	 ((u_int32_t *) (a))[2] == 0 && ((u_int32_t *) (a))[3] == htonl (1))
+#endif /* !IN6_IS_ADDR_LOOPBACK */
+
+#ifndef HAVE_STRUCT_IN6_ADDR
+struct in6_addr {
+	u_int8_t		s6_addr[16];
+};
+#endif /* !HAVE_STRUCT_IN6_ADDR */
+
+#ifndef HAVE_STRUCT_SOCKADDR_IN6
+struct sockaddr_in6 {
+   unsigned short sin6_family;
+	u_int16_t sin6_port;
+	u_int32_t sin6_flowinfo;
+	struct in6_addr sin6_addr;
+};
+#endif /* !HAVE_STRUCT_SOCKADDR_IN6 */
+
+#ifndef AF_INET6
+/* Define it to something that should never appear */
+#define AF_INET6 AF_MAX
+#endif
+
+#endif /* !_FAKE_SOCKET_H */
+
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/getcwd.c openssh-3.1p1/openbsd-compat/getcwd.c
--- ssh-openbsd-2002030700/openbsd-compat/getcwd.c	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/getcwd.c	Tue Feb 20 06:54:43 2001
@@ -0,0 +1,237 @@
+/*
+ * Copyright (c) 1989, 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "config.h"
+
+#if !defined(HAVE_GETCWD)
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char rcsid[] = "$OpenBSD: getcwd.c,v 1.6 2000/07/19 15:25:13 deraadt Exp $";
+#endif /* LIBC_SCCS and not lint */
+
+#include <sys/param.h>
+#include <sys/stat.h>
+#include <errno.h>
+#include <dirent.h>
+#include <sys/dir.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "includes.h"
+
+#define	ISDOT(dp) \
+	(dp->d_name[0] == '.' && (dp->d_name[1] == '\0' || \
+	    (dp->d_name[1] == '.' && dp->d_name[2] == '\0')))
+
+char *
+getcwd(char *pt,size_t size)
+{
+	register struct dirent *dp;
+	register DIR *dir = NULL;
+	register dev_t dev;
+	register ino_t ino;
+	register int first;
+	register char *bpt, *bup;
+	struct stat s;
+	dev_t root_dev;
+	ino_t root_ino;
+	size_t ptsize, upsize;
+	int save_errno;
+	char *ept, *eup, *up;
+
+	/*
+	 * If no buffer specified by the user, allocate one as necessary.
+	 * If a buffer is specified, the size has to be non-zero.  The path
+	 * is built from the end of the buffer backwards.
+	 */
+	if (pt) {
+		ptsize = 0;
+		if (!size) {
+			errno = EINVAL;
+			return (NULL);
+		}
+		ept = pt + size;
+	} else {
+		if ((pt = malloc(ptsize = 1024 - 4)) == NULL)
+			return (NULL);
+		ept = pt + ptsize;
+	}
+	bpt = ept - 1;
+	*bpt = '\0';
+
+	/*
+	 * Allocate bytes (1024 - malloc space) for the string of "../"'s.
+	 * Should always be enough (it's 340 levels).  If it's not, allocate
+	 * as necessary.  Special * case the first stat, it's ".", not "..".
+	 */
+	if ((up = malloc(upsize = 1024 - 4)) == NULL)
+		goto err;
+	eup = up + MAXPATHLEN;
+	bup = up;
+	up[0] = '.';
+	up[1] = '\0';
+
+	/* Save root values, so know when to stop. */
+	if (stat("/", &s))
+		goto err;
+	root_dev = s.st_dev;
+	root_ino = s.st_ino;
+
+	errno = 0;			/* XXX readdir has no error return. */
+
+	for (first = 1;; first = 0) {
+		/* Stat the current level. */
+		if (lstat(up, &s))
+			goto err;
+
+		/* Save current node values. */
+		ino = s.st_ino;
+		dev = s.st_dev;
+
+		/* Check for reaching root. */
+		if (root_dev == dev && root_ino == ino) {
+			*--bpt = '/';
+			/*
+			 * It's unclear that it's a requirement to copy the
+			 * path to the beginning of the buffer, but it's always
+			 * been that way and stuff would probably break.
+			 */
+			memmove(pt, bpt, ept - bpt);
+			free(up);
+			return (pt);
+		}
+
+		/*
+		 * Build pointer to the parent directory, allocating memory
+		 * as necessary.  Max length is 3 for "../", the largest
+		 * possible component name, plus a trailing NULL.
+		 */
+		if (bup + 3  + MAXNAMLEN + 1 >= eup) {
+			char *nup;
+
+			if ((nup = realloc(up, upsize *= 2)) == NULL)
+				goto err;
+			up = nup;
+			bup = up;
+			eup = up + upsize;
+		}
+		*bup++ = '.';
+		*bup++ = '.';
+		*bup = '\0';
+
+		/* Open and stat parent directory. 
+		 * RACE?? - replaced fstat(dirfd(dir), &s) w/ lstat(up,&s) 
+                 */
+		if (!(dir = opendir(up)) || lstat(up,&s))
+			goto err;
+
+		/* Add trailing slash for next directory. */
+		*bup++ = '/';
+
+		/*
+		 * If it's a mount point, have to stat each element because
+		 * the inode number in the directory is for the entry in the
+		 * parent directory, not the inode number of the mounted file.
+		 */
+		save_errno = 0;
+		if (s.st_dev == dev) {
+			for (;;) {
+				if (!(dp = readdir(dir)))
+					goto notfound;
+				if (dp->d_fileno == ino)
+					break;
+			}
+		} else
+			for (;;) {
+				if (!(dp = readdir(dir)))
+					goto notfound;
+				if (ISDOT(dp))
+					continue;
+				memmove(bup, dp->d_name, dp->d_namlen + 1);
+
+				/* Save the first error for later. */
+				if (lstat(up, &s)) {
+					if (!save_errno)
+						save_errno = errno;
+					errno = 0;
+					continue;
+				}
+				if (s.st_dev == dev && s.st_ino == ino)
+					break;
+			}
+
+		/*
+		 * Check for length of the current name, preceding slash,
+		 * leading slash.
+		 */
+		if (bpt - pt < dp->d_namlen + (first ? 1 : 2)) {
+			size_t len, off;
+			char *npt;
+
+			if (!ptsize) {
+				errno = ERANGE;
+				goto err;
+			}
+			off = bpt - pt;
+			len = ept - bpt;
+			if ((npt = realloc(pt, ptsize *= 2)) == NULL)
+				goto err;
+			pt = npt;
+			bpt = pt + off;
+			ept = pt + ptsize;
+			memmove(ept - len, bpt, len);
+			bpt = ept - len;
+		}
+		if (!first)
+			*--bpt = '/';
+		bpt -= dp->d_namlen;
+		memmove(bpt, dp->d_name, dp->d_namlen);
+		(void)closedir(dir);
+
+		/* Truncate any file name. */
+		*bup = '\0';
+	}
+
+notfound:
+	/*
+	 * If readdir set errno, use it, not any saved error; otherwise,
+	 * didn't find the current directory in its parent directory, set
+	 * errno to ENOENT.
+	 */
+	if (!errno)
+		errno = save_errno ? save_errno : ENOENT;
+	/* FALLTHROUGH */
+err:
+	if (ptsize)
+		free(pt);
+	if (up)
+		free(up);
+	if (dir)
+		(void)closedir(dir);
+	return (NULL);
+}
+
+#endif /* !defined(HAVE_GETCWD) */
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/getcwd.h openssh-3.1p1/openbsd-compat/getcwd.h
--- ssh-openbsd-2002030700/openbsd-compat/getcwd.h	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/getcwd.h	Fri Feb  9 12:55:36 2001
@@ -0,0 +1,12 @@
+/* $Id: getcwd.h,v 1.2 2001/02/09 01:55:36 djm Exp $ */
+
+#ifndef _BSD_GETCWD_H 
+#define _BSD_GETCWD_H
+#include "config.h"
+
+#if !defined(HAVE_GETCWD)
+
+char *getcwd(char *pt, size_t size);
+
+#endif /* !defined(HAVE_GETCWD) */
+#endif /* _BSD_GETCWD_H */
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/getgrouplist.c openssh-3.1p1/openbsd-compat/getgrouplist.c
--- ssh-openbsd-2002030700/openbsd-compat/getgrouplist.c	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/getgrouplist.c	Thu Feb  1 08:52:03 2001
@@ -0,0 +1,103 @@
+/*
+ * Copyright (c) 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "includes.h"
+
+#ifndef HAVE_GETGROUPLIST
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char rcsid[] = "$OpenBSD: getgrouplist.c,v 1.7 1997/08/19 19:13:27 deraadt Exp $";
+#endif /* LIBC_SCCS and not lint */
+
+/*
+ * get credential
+ */
+#include <sys/types.h>
+#include <string.h>
+#include <grp.h>
+
+int
+getgrouplist(uname, agroup, groups, grpcnt)
+	const char *uname;
+	gid_t agroup;
+	register gid_t *groups;
+	int *grpcnt;
+{
+	register struct group *grp;
+	register int i, ngroups;
+	int ret, maxgroups;
+	int bail;
+
+	ret = 0;
+	ngroups = 0;
+	maxgroups = *grpcnt;
+
+	/*
+	 * install primary group
+	 */
+	if (ngroups >= maxgroups) {
+		*grpcnt = ngroups;
+		return (-1);
+	}
+	groups[ngroups++] = agroup;
+
+	/*
+	 * Scan the group file to find additional groups.
+	 */
+	setgrent();
+	while ((grp = getgrent())) {
+		if (grp->gr_gid == agroup)
+			continue;
+		for (bail = 0, i = 0; bail == 0 && i < ngroups; i++)
+			if (groups[i] == grp->gr_gid)
+				bail = 1;
+		if (bail)
+			continue;
+		for (i = 0; grp->gr_mem[i]; i++) {
+			if (!strcmp(grp->gr_mem[i], uname)) {
+				if (ngroups >= maxgroups) {
+					ret = -1;
+					goto out;
+				}
+				groups[ngroups++] = grp->gr_gid;
+				break;
+			}
+		}
+	}
+out:
+	endgrent();
+	*grpcnt = ngroups;
+	return (ret);
+}
+
+#endif /* HAVE_GETGROUPLIST */
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/getgrouplist.h openssh-3.1p1/openbsd-compat/getgrouplist.h
--- ssh-openbsd-2002030700/openbsd-compat/getgrouplist.h	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/getgrouplist.h	Fri Feb  9 12:55:36 2001
@@ -0,0 +1,16 @@
+/* $Id: getgrouplist.h,v 1.2 2001/02/09 01:55:36 djm Exp $ */
+
+#ifndef _BSD_GETGROUPLIST_H
+#define _BSD_GETGROUPLIST_H
+
+#include "config.h"
+
+#ifndef HAVE_GETGROUPLIST
+
+#include <grp.h>
+
+int getgrouplist(const char *, gid_t, gid_t *, int *);
+
+#endif
+
+#endif
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/getopt.c openssh-3.1p1/openbsd-compat/getopt.c
--- ssh-openbsd-2002030700/openbsd-compat/getopt.c	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/getopt.c	Tue Sep 18 07:34:34 2001
@@ -0,0 +1,122 @@
+/*
+ * Copyright (c) 1987, 1993, 1994
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "config.h"
+#if !defined(HAVE_GETOPT) || !defined(HAVE_GETOPT_OPTRESET)
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char *rcsid = "$OpenBSD: getopt.c,v 1.2 1996/08/19 08:33:32 tholo Exp $";
+#endif /* LIBC_SCCS and not lint */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+int	opterr = 1,		/* if error message should be printed */
+	optind = 1,		/* index into parent argv vector */
+	optopt,			/* character checked for validity */
+	optreset;		/* reset getopt */
+char	*optarg;		/* argument associated with option */
+
+#define	BADCH	(int)'?'
+#define	BADARG	(int)':'
+#define	EMSG	""
+
+/*
+ * getopt --
+ *	Parse argc/argv argument vector.
+ */
+int
+BSDgetopt(nargc, nargv, ostr)
+	int nargc;
+	char * const *nargv;
+	const char *ostr;
+{
+	extern char *__progname;
+	static char *place = EMSG;		/* option letter processing */
+	char *oli;				/* option letter list index */
+
+	if (optreset || !*place) {		/* update scanning pointer */
+		optreset = 0;
+		if (optind >= nargc || *(place = nargv[optind]) != '-') {
+			place = EMSG;
+			return (-1);
+		}
+		if (place[1] && *++place == '-') {	/* found "--" */
+			++optind;
+			place = EMSG;
+			return (-1);
+		}
+	}					/* option letter okay? */
+	if ((optopt = (int)*place++) == (int)':' ||
+	    !(oli = strchr(ostr, optopt))) {
+		/*
+		 * if the user didn't specify '-' as an option,
+		 * assume it means -1.
+		 */
+		if (optopt == (int)'-')
+			return (-1);
+		if (!*place)
+			++optind;
+		if (opterr && *ostr != ':')
+			(void)fprintf(stderr,
+			    "%s: illegal option -- %c\n", __progname, optopt);
+		return (BADCH);
+	}
+	if (*++oli != ':') {			/* don't need argument */
+		optarg = NULL;
+		if (!*place)
+			++optind;
+	}
+	else {					/* need an argument */
+		if (*place)			/* no white space */
+			optarg = place;
+		else if (nargc <= ++optind) {	/* no arg */
+			place = EMSG;
+			if (*ostr == ':')
+				return (BADARG);
+			if (opterr)
+				(void)fprintf(stderr,
+				    "%s: option requires an argument -- %c\n",
+				    __progname, optopt);
+			return (BADCH);
+		}
+	 	else				/* white space */
+			optarg = nargv[optind];
+		place = EMSG;
+		++optind;
+	}
+	return (optopt);			/* dump back option letter */
+}
+
+#endif /* !defined(HAVE_GETOPT) || !defined(HAVE_OPTRESET) */
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/getopt.h openssh-3.1p1/openbsd-compat/getopt.h
--- ssh-openbsd-2002030700/openbsd-compat/getopt.h	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/getopt.h	Tue Sep 18 15:05:21 2001
@@ -0,0 +1,14 @@
+/* $Id: getopt.h,v 1.4 2001/09/18 05:05:21 djm Exp $ */
+
+#ifndef _BSDGETOPT_H
+#define _BSDGETOPT_H
+
+#include "config.h"
+
+#if !defined(HAVE_GETOPT) || !defined(HAVE_GETOPT_OPTRESET)
+
+int BSDgetopt(int argc, char * const *argv, const char *opts);
+
+#endif
+
+#endif /* _BSDGETOPT_H */
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/glob.c openssh-3.1p1/openbsd-compat/glob.c
--- ssh-openbsd-2002030700/openbsd-compat/glob.c	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/glob.c	Wed Jun 27 23:36:09 2001
@@ -0,0 +1,915 @@
+/*
+ * Copyright (c) 1989, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Guido van Rossum.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "includes.h"
+#include <ctype.h>
+
+static long
+get_arg_max(void)
+{
+#ifdef ARG_MAX
+	return(ARG_MAX);
+#elif defined(HAVE_SYSCONF) && defined(_SC_ARG_MAX)
+	return(sysconf(_SC_ARG_MAX));
+#else
+	return(256); /* XXX: arbitrary */
+#endif
+}
+
+#if !defined(HAVE_GLOB) || !defined(GLOB_HAS_ALTDIRFUNC) || \
+    !defined(GLOB_HAS_GL_MATCHC)
+
+#if defined(LIBC_SCCS) && !defined(lint)
+#if 0
+static char sccsid[] = "@(#)glob.c	8.3 (Berkeley) 10/13/93";
+#else
+static char rcsid[] = "$OpenBSD: glob.c,v 1.16 2001/04/05 18:36:12 deraadt Exp $";
+#endif
+#endif /* LIBC_SCCS and not lint */
+
+/*
+ * glob(3) -- a superset of the one defined in POSIX 1003.2.
+ *
+ * The [!...] convention to negate a range is supported (SysV, Posix, ksh).
+ *
+ * Optional extra services, controlled by flags not defined by POSIX:
+ *
+ * GLOB_QUOTE:
+ *	Escaping convention: \ inhibits any special meaning the following
+ *	character might have (except \ at end of string is retained).
+ * GLOB_MAGCHAR:
+ *	Set in gl_flags if pattern contained a globbing character.
+ * GLOB_NOMAGIC:
+ *	Same as GLOB_NOCHECK, but it will only append pattern if it did
+ *	not contain any magic characters.  [Used in csh style globbing]
+ * GLOB_ALTDIRFUNC:
+ *	Use alternately specified directory access functions.
+ * GLOB_TILDE:
+ *	expand ~user/foo to the /home/dir/of/user/foo
+ * GLOB_BRACE:
+ *	expand {1,2}{a,b} to 1a 1b 2a 2b
+ * gl_matchc:
+ *	Number of matches in the current invocation of glob.
+ */
+
+
+#define	DOLLAR		'$'
+#define	DOT		'.'
+#define	EOS		'\0'
+#define	LBRACKET	'['
+#define	NOT		'!'
+#define	QUESTION	'?'
+#define	QUOTE		'\\'
+#define	RANGE		'-'
+#define	RBRACKET	']'
+#define	SEP		'/'
+#define	STAR		'*'
+#define	TILDE		'~'
+#define	UNDERSCORE	'_'
+#define	LBRACE		'{'
+#define	RBRACE		'}'
+#define	SLASH		'/'
+#define	COMMA		','
+
+#ifndef DEBUG
+
+#define	M_QUOTE		0x8000
+#define	M_PROTECT	0x4000
+#define	M_MASK		0xffff
+#define	M_ASCII		0x00ff
+
+typedef u_short Char;
+
+#else
+
+#define	M_QUOTE		0x80
+#define	M_PROTECT	0x40
+#define	M_MASK		0xff
+#define	M_ASCII		0x7f
+
+typedef char Char;
+
+#endif
+
+
+#define	CHAR(c)		((Char)((c)&M_ASCII))
+#define	META(c)		((Char)((c)|M_QUOTE))
+#define	M_ALL		META('*')
+#define	M_END		META(']')
+#define	M_NOT		META('!')
+#define	M_ONE		META('?')
+#define	M_RNG		META('-')
+#define	M_SET		META('[')
+#define	ismeta(c)	(((c)&M_QUOTE) != 0)
+
+
+static int	 compare __P((const void *, const void *));
+static int	 g_Ctoc __P((const Char *, char *, u_int));
+static int	 g_lstat __P((Char *, struct stat *, glob_t *));
+static DIR	*g_opendir __P((Char *, glob_t *));
+static Char	*g_strchr __P((Char *, int));
+static int	 g_stat __P((Char *, struct stat *, glob_t *));
+static int	 glob0 __P((const Char *, glob_t *));
+static int	 glob1 __P((Char *, Char *, glob_t *, size_t *));
+static int	 glob2 __P((Char *, Char *, Char *, Char *, Char *, Char *,
+		    glob_t *, size_t *));
+static int	 glob3 __P((Char *, Char *, Char *, Char *, Char *, Char *,
+		    Char *, Char *, glob_t *, size_t *));
+static int	 globextend __P((const Char *, glob_t *, size_t *));
+static const Char *
+		 globtilde __P((const Char *, Char *, size_t, glob_t *));
+static int	 globexp1 __P((const Char *, glob_t *));
+static int	 globexp2 __P((const Char *, const Char *, glob_t *, int *));
+static int	 match __P((Char *, Char *, Char *));
+#ifdef DEBUG
+static void	 qprintf __P((const char *, Char *));
+#endif
+
+int
+glob(pattern, flags, errfunc, pglob)
+	const char *pattern;
+	int flags, (*errfunc) __P((const char *, int));
+	glob_t *pglob;
+{
+	const u_char *patnext;
+	int c;
+	Char *bufnext, *bufend, patbuf[MAXPATHLEN];
+
+	patnext = (u_char *) pattern;
+	if (!(flags & GLOB_APPEND)) {
+		pglob->gl_pathc = 0;
+		pglob->gl_pathv = NULL;
+		if (!(flags & GLOB_DOOFFS))
+			pglob->gl_offs = 0;
+	}
+	pglob->gl_flags = flags & ~GLOB_MAGCHAR;
+	pglob->gl_errfunc = errfunc;
+	pglob->gl_matchc = 0;
+
+	bufnext = patbuf;
+	bufend = bufnext + MAXPATHLEN - 1;
+	if (flags & GLOB_NOESCAPE)
+		while (bufnext < bufend && (c = *patnext++) != EOS)
+			*bufnext++ = c;
+	else {
+		/* Protect the quoted characters. */
+		while (bufnext < bufend && (c = *patnext++) != EOS)
+			if (c == QUOTE) {
+				if ((c = *patnext++) == EOS) {
+					c = QUOTE;
+					--patnext;
+				}
+				*bufnext++ = c | M_PROTECT;
+			} else
+				*bufnext++ = c;
+	}
+	*bufnext = EOS;
+
+	if (flags & GLOB_BRACE)
+		return globexp1(patbuf, pglob);
+	else
+		return glob0(patbuf, pglob);
+}
+
+/*
+ * Expand recursively a glob {} pattern. When there is no more expansion
+ * invoke the standard globbing routine to glob the rest of the magic
+ * characters
+ */
+static int
+globexp1(pattern, pglob)
+	const Char *pattern;
+	glob_t *pglob;
+{
+	const Char* ptr = pattern;
+	int rv;
+
+	/* Protect a single {}, for find(1), like csh */
+	if (pattern[0] == LBRACE && pattern[1] == RBRACE && pattern[2] == EOS)
+		return glob0(pattern, pglob);
+
+	while ((ptr = (const Char *) g_strchr((Char *) ptr, LBRACE)) != NULL)
+		if (!globexp2(ptr, pattern, pglob, &rv))
+			return rv;
+
+	return glob0(pattern, pglob);
+}
+
+
+/*
+ * Recursive brace globbing helper. Tries to expand a single brace.
+ * If it succeeds then it invokes globexp1 with the new pattern.
+ * If it fails then it tries to glob the rest of the pattern and returns.
+ */
+static int
+globexp2(ptr, pattern, pglob, rv)
+	const Char *ptr, *pattern;
+	glob_t *pglob;
+	int *rv;
+{
+	int     i;
+	Char   *lm, *ls;
+	const Char *pe, *pm, *pl;
+	Char    patbuf[MAXPATHLEN];
+
+	/* copy part up to the brace */
+	for (lm = patbuf, pm = pattern; pm != ptr; *lm++ = *pm++)
+		;
+	*lm = EOS;
+	ls = lm;
+
+	/* Find the balanced brace */
+	for (i = 0, pe = ++ptr; *pe; pe++)
+		if (*pe == LBRACKET) {
+			/* Ignore everything between [] */
+			for (pm = pe++; *pe != RBRACKET && *pe != EOS; pe++)
+				;
+			if (*pe == EOS) {
+				/*
+				 * We could not find a matching RBRACKET.
+				 * Ignore and just look for RBRACE
+				 */
+				pe = pm;
+			}
+		} else if (*pe == LBRACE)
+			i++;
+		else if (*pe == RBRACE) {
+			if (i == 0)
+				break;
+			i--;
+		}
+
+	/* Non matching braces; just glob the pattern */
+	if (i != 0 || *pe == EOS) {
+		*rv = glob0(patbuf, pglob);
+		return 0;
+	}
+
+	for (i = 0, pl = pm = ptr; pm <= pe; pm++) {
+		switch (*pm) {
+		case LBRACKET:
+			/* Ignore everything between [] */
+			for (pl = pm++; *pm != RBRACKET && *pm != EOS; pm++)
+				;
+			if (*pm == EOS) {
+				/*
+				 * We could not find a matching RBRACKET.
+				 * Ignore and just look for RBRACE
+				 */
+				pm = pl;
+			}
+			break;
+
+		case LBRACE:
+			i++;
+			break;
+
+		case RBRACE:
+			if (i) {
+				i--;
+				break;
+			}
+			/* FALLTHROUGH */
+		case COMMA:
+			if (i && *pm == COMMA)
+				break;
+			else {
+				/* Append the current string */
+				for (lm = ls; (pl < pm); *lm++ = *pl++)
+					;
+
+				/*
+				 * Append the rest of the pattern after the
+				 * closing brace
+				 */
+				for (pl = pe + 1; (*lm++ = *pl++) != EOS; )
+					;
+
+				/* Expand the current pattern */
+#ifdef DEBUG
+				qprintf("globexp2:", patbuf);
+#endif
+				*rv = globexp1(patbuf, pglob);
+
+				/* move after the comma, to the next string */
+				pl = pm + 1;
+			}
+			break;
+
+		default:
+			break;
+		}
+	}
+	*rv = 0;
+	return 0;
+}
+
+
+
+/*
+ * expand tilde from the passwd file.
+ */
+static const Char *
+globtilde(pattern, patbuf, patbuf_len, pglob)
+	const Char *pattern;
+	Char *patbuf;
+	size_t patbuf_len;
+	glob_t *pglob;
+{
+	struct passwd *pwd;
+	char *h;
+	const Char *p;
+	Char *b, *eb;
+
+	if (*pattern != TILDE || !(pglob->gl_flags & GLOB_TILDE))
+		return pattern;
+
+	/* Copy up to the end of the string or / */
+	eb = &patbuf[patbuf_len - 1];
+	for (p = pattern + 1, h = (char *) patbuf;
+	    h < (char *)eb && *p && *p != SLASH; *h++ = *p++)
+		;
+
+	*h = EOS;
+
+#if 0
+	if (h == (char *)eb)
+		return what;
+#endif
+
+	if (((char *) patbuf)[0] == EOS) {
+		/*
+		 * handle a plain ~ or ~/ by expanding $HOME
+		 * first and then trying the password file
+		 */
+#if 0
+		if (issetugid() != 0 || (h = getenv("HOME")) == NULL) {
+#endif
+		if ((getuid() != geteuid()) || (h = getenv("HOME")) == NULL) {
+			if ((pwd = getpwuid(getuid())) == NULL)
+				return pattern;
+			else
+				h = pwd->pw_dir;
+		}
+	} else {
+		/*
+		 * Expand a ~user
+		 */
+		if ((pwd = getpwnam((char*) patbuf)) == NULL)
+			return pattern;
+		else
+			h = pwd->pw_dir;
+	}
+
+	/* Copy the home directory */
+	for (b = patbuf; b < eb && *h; *b++ = *h++)
+		;
+
+	/* Append the rest of the pattern */
+	while (b < eb && (*b++ = *p++) != EOS)
+		;
+	*b = EOS;
+
+	return patbuf;
+}
+
+
+/*
+ * The main glob() routine: compiles the pattern (optionally processing
+ * quotes), calls glob1() to do the real pattern matching, and finally
+ * sorts the list (unless unsorted operation is requested).  Returns 0
+ * if things went well, nonzero if errors occurred.  It is not an error
+ * to find no matches.
+ */
+static int
+glob0(pattern, pglob)
+	const Char *pattern;
+	glob_t *pglob;
+{
+	const Char *qpatnext;
+	int c, err, oldpathc;
+	Char *bufnext, patbuf[MAXPATHLEN];
+	size_t limit = 0;
+
+	qpatnext = globtilde(pattern, patbuf, MAXPATHLEN, pglob);
+	oldpathc = pglob->gl_pathc;
+	bufnext = patbuf;
+
+	/* We don't need to check for buffer overflow any more. */
+	while ((c = *qpatnext++) != EOS) {
+		switch (c) {
+		case LBRACKET:
+			c = *qpatnext;
+			if (c == NOT)
+				++qpatnext;
+			if (*qpatnext == EOS ||
+			    g_strchr((Char *) qpatnext+1, RBRACKET) == NULL) {
+				*bufnext++ = LBRACKET;
+				if (c == NOT)
+					--qpatnext;
+				break;
+			}
+			*bufnext++ = M_SET;
+			if (c == NOT)
+				*bufnext++ = M_NOT;
+			c = *qpatnext++;
+			do {
+				*bufnext++ = CHAR(c);
+				if (*qpatnext == RANGE &&
+				    (c = qpatnext[1]) != RBRACKET) {
+					*bufnext++ = M_RNG;
+					*bufnext++ = CHAR(c);
+					qpatnext += 2;
+				}
+			} while ((c = *qpatnext++) != RBRACKET);
+			pglob->gl_flags |= GLOB_MAGCHAR;
+			*bufnext++ = M_END;
+			break;
+		case QUESTION:
+			pglob->gl_flags |= GLOB_MAGCHAR;
+			*bufnext++ = M_ONE;
+			break;
+		case STAR:
+			pglob->gl_flags |= GLOB_MAGCHAR;
+			/* collapse adjacent stars to one,
+			 * to avoid exponential behavior
+			 */
+			if (bufnext == patbuf || bufnext[-1] != M_ALL)
+				*bufnext++ = M_ALL;
+			break;
+		default:
+			*bufnext++ = CHAR(c);
+			break;
+		}
+	}
+	*bufnext = EOS;
+#ifdef DEBUG
+	qprintf("glob0:", patbuf);
+#endif
+
+	if ((err = glob1(patbuf, patbuf+MAXPATHLEN-1, pglob, &limit)) != 0)
+		return(err);
+
+	/*
+	 * If there was no match we are going to append the pattern
+	 * if GLOB_NOCHECK was specified or if GLOB_NOMAGIC was specified
+	 * and the pattern did not contain any magic characters
+	 * GLOB_NOMAGIC is there just for compatibility with csh.
+	 */
+	if (pglob->gl_pathc == oldpathc) {
+		if ((pglob->gl_flags & GLOB_NOCHECK) ||
+		    ((pglob->gl_flags & GLOB_NOMAGIC) &&
+		    !(pglob->gl_flags & GLOB_MAGCHAR)))
+			return(globextend(pattern, pglob, &limit));
+		else
+			return(GLOB_NOMATCH);
+	}
+	if (!(pglob->gl_flags & GLOB_NOSORT))
+		qsort(pglob->gl_pathv + pglob->gl_offs + oldpathc,
+		    pglob->gl_pathc - oldpathc, sizeof(char *), compare);
+	return(0);
+}
+
+static int
+compare(p, q)
+	const void *p, *q;
+{
+	return(strcmp(*(char **)p, *(char **)q));
+}
+
+static int
+glob1(pattern, pattern_last, pglob, limitp)
+	Char *pattern, *pattern_last;
+	glob_t *pglob;
+	size_t *limitp;
+{
+	Char pathbuf[MAXPATHLEN];
+
+	/* A null pathname is invalid -- POSIX 1003.1 sect. 2.4. */
+	if (*pattern == EOS)
+		return(0);
+	return(glob2(pathbuf, pathbuf+MAXPATHLEN-1,
+	    pathbuf, pathbuf+MAXPATHLEN-1,
+	    pattern, pattern_last, pglob, limitp));
+}
+
+/*
+ * The functions glob2 and glob3 are mutually recursive; there is one level
+ * of recursion for each segment in the pattern that contains one or more
+ * meta characters.
+ */
+static int
+glob2(pathbuf, pathbuf_last, pathend, pathend_last, pattern,
+    pattern_last, pglob, limitp)
+	Char *pathbuf, *pathbuf_last, *pathend, *pathend_last;
+	Char *pattern, *pattern_last;
+	glob_t *pglob;
+	size_t *limitp;
+{
+	struct stat sb;
+	Char *p, *q;
+	int anymeta;
+
+	/*
+	 * Loop over pattern segments until end of pattern or until
+	 * segment with meta character found.
+	 */
+	for (anymeta = 0;;) {
+		if (*pattern == EOS) {		/* End of pattern? */
+			*pathend = EOS;
+			if (g_lstat(pathbuf, &sb, pglob))
+				return(0);
+
+			if (((pglob->gl_flags & GLOB_MARK) &&
+			    pathend[-1] != SEP) && (S_ISDIR(sb.st_mode) ||
+			    (S_ISLNK(sb.st_mode) &&
+			    (g_stat(pathbuf, &sb, pglob) == 0) &&
+			    S_ISDIR(sb.st_mode)))) {
+				if (pathend+1 > pathend_last)
+					return (1);
+				*pathend++ = SEP;
+				*pathend = EOS;
+			}
+			++pglob->gl_matchc;
+			return(globextend(pathbuf, pglob, limitp));
+		}
+
+		/* Find end of next segment, copy tentatively to pathend. */
+		q = pathend;
+		p = pattern;
+		while (*p != EOS && *p != SEP) {
+			if (ismeta(*p))
+				anymeta = 1;
+			if (q+1 > pathend_last)
+				return (1);
+			*q++ = *p++;
+		}
+
+		if (!anymeta) {		/* No expansion, do next segment. */
+			pathend = q;
+			pattern = p;
+			while (*pattern == SEP) {
+				if (pathend+1 > pathend_last)
+					return (1);
+				*pathend++ = *pattern++;
+			}
+		} else
+			/* Need expansion, recurse. */
+			return(glob3(pathbuf, pathbuf_last, pathend,
+			    pathend_last, pattern, pattern_last,
+			    p, pattern_last, pglob, limitp));
+	}
+	/* NOTREACHED */
+}
+
+static int
+glob3(pathbuf, pathbuf_last, pathend, pathend_last, pattern, pattern_last,
+    restpattern, restpattern_last, pglob, limitp)
+	Char *pathbuf, *pathbuf_last, *pathend, *pathend_last;
+	Char *pattern, *pattern_last, *restpattern, *restpattern_last;
+	glob_t *pglob;
+	size_t *limitp;
+{
+	register struct dirent *dp;
+	DIR *dirp;
+	int err;
+	char buf[MAXPATHLEN];
+
+	/*
+	 * The readdirfunc declaration can't be prototyped, because it is
+	 * assigned, below, to two functions which are prototyped in glob.h
+	 * and dirent.h as taking pointers to differently typed opaque
+	 * structures.
+	 */
+	struct dirent *(*readdirfunc)();
+
+	if (pathend > pathend_last)
+		return (1);
+	*pathend = EOS;
+	errno = 0;
+
+	if ((dirp = g_opendir(pathbuf, pglob)) == NULL) {
+		/* TODO: don't call for ENOENT or ENOTDIR? */
+		if (pglob->gl_errfunc) {
+			if (g_Ctoc(pathbuf, buf, sizeof(buf)))
+				return(GLOB_ABORTED);
+			if (pglob->gl_errfunc(buf, errno) ||
+			    pglob->gl_flags & GLOB_ERR)
+				return(GLOB_ABORTED);
+		}
+		return(0);
+	}
+
+	err = 0;
+
+	/* Search directory for matching names. */
+	if (pglob->gl_flags & GLOB_ALTDIRFUNC)
+		readdirfunc = pglob->gl_readdir;
+	else
+		readdirfunc = readdir;
+	while ((dp = (*readdirfunc)(dirp))) {
+		register u_char *sc;
+		register Char *dc;
+
+		/* Initial DOT must be matched literally. */
+		if (dp->d_name[0] == DOT && *pattern != DOT)
+			continue;
+		dc = pathend;
+		sc = (u_char *) dp->d_name;
+		while (dc < pathend_last && (*dc++ = *sc++) != EOS)
+			;
+		if (dc >= pathend_last) {
+			*dc = EOS;
+			err = 1;
+			break;
+		}
+
+		if (!match(pathend, pattern, restpattern)) {
+			*pathend = EOS;
+			continue;
+		}
+		err = glob2(pathbuf, pathbuf_last, --dc, pathend_last,
+		    restpattern, restpattern_last, pglob, limitp);
+		if (err)
+			break;
+	}
+
+	if (pglob->gl_flags & GLOB_ALTDIRFUNC)
+		(*pglob->gl_closedir)(dirp);
+	else
+		closedir(dirp);
+	return(err);
+}
+
+
+/*
+ * Extend the gl_pathv member of a glob_t structure to accomodate a new item,
+ * add the new item, and update gl_pathc.
+ *
+ * This assumes the BSD realloc, which only copies the block when its size
+ * crosses a power-of-two boundary; for v7 realloc, this would cause quadratic
+ * behavior.
+ *
+ * Return 0 if new item added, error code if memory couldn't be allocated.
+ *
+ * Invariant of the glob_t structure:
+ *	Either gl_pathc is zero and gl_pathv is NULL; or gl_pathc > 0 and
+ *	gl_pathv points to (gl_offs + gl_pathc + 1) items.
+ */
+static int
+globextend(path, pglob, limitp)
+	const Char *path;
+	glob_t *pglob;
+	size_t *limitp;
+{
+	register char **pathv;
+	register int i;
+	u_int newsize, len;
+	char *copy;
+	const Char *p;
+
+	newsize = sizeof(*pathv) * (2 + pglob->gl_pathc + pglob->gl_offs);
+	pathv = pglob->gl_pathv ? realloc((char *)pglob->gl_pathv, newsize) :
+	    malloc(newsize);
+	if (pathv == NULL) {
+		if (pglob->gl_pathv) {
+			free(pglob->gl_pathv);
+			pglob->gl_pathv = NULL;
+		}
+		return(GLOB_NOSPACE);
+	}
+
+	if (pglob->gl_pathv == NULL && pglob->gl_offs > 0) {
+		/* first time around -- clear initial gl_offs items */
+		pathv += pglob->gl_offs;
+		for (i = pglob->gl_offs; --i >= 0; )
+			*--pathv = NULL;
+	}
+	pglob->gl_pathv = pathv;
+
+	for (p = path; *p++;)
+		;
+	len = (size_t)(p - path);
+	*limitp += len;
+	if ((copy = malloc(len)) != NULL) {
+		if (g_Ctoc(path, copy, len)) {
+			free(copy);
+			return(GLOB_NOSPACE);
+		}
+		pathv[pglob->gl_offs + pglob->gl_pathc++] = copy;
+	}
+	pathv[pglob->gl_offs + pglob->gl_pathc] = NULL;
+
+	if ((pglob->gl_flags & GLOB_LIMIT) &&
+	    newsize + *limitp >= (u_int) get_arg_max()) {
+		errno = 0;
+		return(GLOB_NOSPACE);
+	}
+
+	return(copy == NULL ? GLOB_NOSPACE : 0);
+}
+
+
+/*
+ * pattern matching function for filenames.  Each occurrence of the *
+ * pattern causes a recursion level.
+ */
+static int
+match(name, pat, patend)
+	register Char *name, *pat, *patend;
+{
+	int ok, negate_range;
+	Char c, k;
+
+	while (pat < patend) {
+		c = *pat++;
+		switch (c & M_MASK) {
+		case M_ALL:
+			if (pat == patend)
+				return(1);
+			do
+			    if (match(name, pat, patend))
+				    return(1);
+			while (*name++ != EOS)
+				;
+			return(0);
+		case M_ONE:
+			if (*name++ == EOS)
+				return(0);
+			break;
+		case M_SET:
+			ok = 0;
+			if ((k = *name++) == EOS)
+				return(0);
+			if ((negate_range = ((*pat & M_MASK) == M_NOT)) != EOS)
+				++pat;
+			while (((c = *pat++) & M_MASK) != M_END)
+				if ((*pat & M_MASK) == M_RNG) {
+					if (c <= k && k <= pat[1])
+						ok = 1;
+					pat += 2;
+				} else if (c == k)
+					ok = 1;
+			if (ok == negate_range)
+				return(0);
+			break;
+		default:
+			if (*name++ != c)
+				return(0);
+			break;
+		}
+	}
+	return(*name == EOS);
+}
+
+/* Free allocated data belonging to a glob_t structure. */
+void
+globfree(pglob)
+	glob_t *pglob;
+{
+	register int i;
+	register char **pp;
+
+	if (pglob->gl_pathv != NULL) {
+		pp = pglob->gl_pathv + pglob->gl_offs;
+		for (i = pglob->gl_pathc; i--; ++pp)
+			if (*pp)
+				free(*pp);
+		free(pglob->gl_pathv);
+		pglob->gl_pathv = NULL;
+	}
+}
+
+static DIR *
+g_opendir(str, pglob)
+	register Char *str;
+	glob_t *pglob;
+{
+	char buf[MAXPATHLEN];
+
+	if (!*str)
+		strcpy(buf, ".");
+	else {
+		if (g_Ctoc(str, buf, sizeof(buf)))
+			return(NULL);
+	}
+
+	if (pglob->gl_flags & GLOB_ALTDIRFUNC)
+		return((*pglob->gl_opendir)(buf));
+
+	return(opendir(buf));
+}
+
+static int
+g_lstat(fn, sb, pglob)
+	register Char *fn;
+	struct stat *sb;
+	glob_t *pglob;
+{
+	char buf[MAXPATHLEN];
+
+	if (g_Ctoc(fn, buf, sizeof(buf)))
+		return(-1);
+	if (pglob->gl_flags & GLOB_ALTDIRFUNC)
+		return((*pglob->gl_lstat)(buf, sb));
+	return(lstat(buf, sb));
+}
+
+static int
+g_stat(fn, sb, pglob)
+	register Char *fn;
+	struct stat *sb;
+	glob_t *pglob;
+{
+	char buf[MAXPATHLEN];
+
+	if (g_Ctoc(fn, buf, sizeof(buf)))
+		return(-1);
+	if (pglob->gl_flags & GLOB_ALTDIRFUNC)
+		return((*pglob->gl_stat)(buf, sb));
+	return(stat(buf, sb));
+}
+
+static Char *
+g_strchr(str, ch)
+	Char *str;
+	int ch;
+{
+	do {
+		if (*str == ch)
+			return (str);
+	} while (*str++);
+	return (NULL);
+}
+
+static int
+g_Ctoc(str, buf, len)
+	register const Char *str;
+	char *buf;
+	u_int len;
+{
+
+	while (len--) {
+		if ((*buf++ = *str++) == EOS)
+			return (0);
+	}
+	return (1);
+}
+
+#ifdef DEBUG
+static void
+qprintf(str, s)
+	const char *str;
+	register Char *s;
+{
+	register Char *p;
+
+	(void)printf("%s:\n", str);
+	for (p = s; *p; p++)
+		(void)printf("%c", CHAR(*p));
+	(void)printf("\n");
+	for (p = s; *p; p++)
+		(void)printf("%c", *p & M_PROTECT ? '"' : ' ');
+	(void)printf("\n");
+	for (p = s; *p; p++)
+		(void)printf("%c", ismeta(*p) ? '_' : ' ');
+	(void)printf("\n");
+}
+#endif
+
+#endif /* !defined(HAVE_GLOB) || !defined(GLOB_HAS_ALTDIRFUNC) ||
+          !defined(GLOB_HAS_GL_MATCHC) */
+
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/glob.h openssh-3.1p1/openbsd-compat/glob.h
--- ssh-openbsd-2002030700/openbsd-compat/glob.h	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/glob.h	Tue Mar 20 08:29:30 2001
@@ -0,0 +1,101 @@
+/*	$OpenBSD: glob.h,v 1.5 2001/03/18 17:18:58 deraadt Exp $	*/
+/*	$NetBSD: glob.h,v 1.5 1994/10/26 00:55:56 cgd Exp $	*/
+
+/*
+ * Copyright (c) 1989, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Guido van Rossum.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)glob.h	8.1 (Berkeley) 6/2/93
+ */
+
+#if !defined(HAVE_GLOB_H) || !defined(GLOB_HAS_ALTDIRFUNC) || \
+    !defined(GLOB_HAS_GL_MATCHC)
+
+#ifndef _GLOB_H_
+#define	_GLOB_H_
+
+struct stat;
+typedef struct {
+	int gl_pathc;		/* Count of total paths so far. */
+	int gl_matchc;		/* Count of paths matching pattern. */
+	int gl_offs;		/* Reserved at beginning of gl_pathv. */
+	int gl_flags;		/* Copy of flags parameter to glob. */
+	char **gl_pathv;	/* List of paths matching pattern. */
+				/* Copy of errfunc parameter to glob. */
+	int (*gl_errfunc) __P((const char *, int));
+
+	/*
+	 * Alternate filesystem access methods for glob; replacement
+	 * versions of closedir(3), readdir(3), opendir(3), stat(2)
+	 * and lstat(2).
+	 */
+	void (*gl_closedir) __P((void *));
+	struct dirent *(*gl_readdir) __P((void *));	
+	void *(*gl_opendir) __P((const char *));
+	int (*gl_lstat) __P((const char *, struct stat *));
+	int (*gl_stat) __P((const char *, struct stat *));
+} glob_t;
+
+/* Flags */
+#define	GLOB_APPEND	0x0001	/* Append to output from previous call. */
+#define	GLOB_DOOFFS	0x0002	/* Use gl_offs. */
+#define	GLOB_ERR	0x0004	/* Return on error. */
+#define	GLOB_MARK	0x0008	/* Append / to matching directories. */
+#define	GLOB_NOCHECK	0x0010	/* Return pattern itself if nothing matches. */
+#define	GLOB_NOSORT	0x0020	/* Don't sort. */
+
+#define	GLOB_ALTDIRFUNC	0x0040	/* Use alternately specified directory funcs. */
+#define	GLOB_BRACE	0x0080	/* Expand braces ala csh. */
+#define	GLOB_MAGCHAR	0x0100	/* Pattern had globbing characters. */
+#define	GLOB_NOMAGIC	0x0200	/* GLOB_NOCHECK without magic chars (csh). */
+#define	GLOB_QUOTE	0x0400	/* Quote special chars with \. */
+#define	GLOB_TILDE	0x0800	/* Expand tilde names from the passwd file. */
+#define	GLOB_NOESCAPE	0x1000	/* Disable backslash escaping. */
+#define GLOB_LIMIT	0x2000	/* Limit pattern match output to ARG_MAX */
+
+/* Error values returned by glob(3) */
+#define	GLOB_NOSPACE	(-1)	/* Malloc call failed. */
+#define	GLOB_ABORTED	(-2)	/* Unignored error. */
+#define	GLOB_NOMATCH	(-3)	/* No match and GLOB_NOCHECK not set. */
+#define	GLOB_NOSYS	(-4)	/* Function not supported. */
+#define GLOB_ABEND	GLOB_ABORTED
+
+int	glob __P((const char *, int, int (*)(const char *, int), glob_t *));
+void	globfree __P((glob_t *));
+
+#endif /* !_GLOB_H_ */
+
+#endif /* !defined(HAVE_GLOB_H) || !defined(GLOB_HAS_ALTDIRFUNC)  ||
+	  !defined(GLOB_HAS_GL_MATCHC */
+
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/inet_aton.c openssh-3.1p1/openbsd-compat/inet_aton.c
--- ssh-openbsd-2002030700/openbsd-compat/inet_aton.c	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/inet_aton.c	Mon Jul 16 12:07:51 2001
@@ -0,0 +1,193 @@
+/*	$OpenBSD: inet_addr.c,v 1.6 1999/05/03 22:31:14 yanick Exp $	*/
+
+/*
+ * ++Copyright++ 1983, 1990, 1993
+ * -
+ * Copyright (c) 1983, 1990, 1993
+ *    The Regents of the University of California.  All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ * 	This product includes software developed by the University of
+ * 	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * -
+ * Portions Copyright (c) 1993 by Digital Equipment Corporation.
+ * 
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies, and that
+ * the name of Digital Equipment Corporation not be used in advertising or
+ * publicity pertaining to distribution of the document or software without
+ * specific, written prior permission.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL
+ * WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS.   IN NO EVENT SHALL DIGITAL EQUIPMENT
+ * CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+ * -
+ * --Copyright--
+ */
+
+#include "config.h"
+
+#if !defined(HAVE_INET_ATON)
+
+#if defined(LIBC_SCCS) && !defined(lint)
+#if 0
+static char sccsid[] = "@(#)inet_addr.c	8.1 (Berkeley) 6/17/93";
+static char rcsid[] = "$From: inet_addr.c,v 8.5 1996/08/05 08:31:35 vixie Exp $";
+#else
+static char rcsid[] = "$OpenBSD: inet_addr.c,v 1.6 1999/05/03 22:31:14 yanick Exp $";
+#endif
+#endif /* LIBC_SCCS and not lint */
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <ctype.h>
+
+#if 0
+/*
+ * Ascii internet address interpretation routine.
+ * The value returned is in network order.
+ */
+in_addr_t
+inet_addr(cp)
+	register const char *cp;
+{
+	struct in_addr val;
+
+	if (inet_aton(cp, &val))
+		return (val.s_addr);
+	return (INADDR_NONE);
+}
+#endif
+
+/* 
+ * Check whether "cp" is a valid ascii representation
+ * of an Internet address and convert to a binary address.
+ * Returns 1 if the address is valid, 0 if not.
+ * This replaces inet_addr, the return value from which
+ * cannot distinguish between failure and a local broadcast address.
+ */
+int
+inet_aton(const char *cp, struct in_addr *addr)
+{
+	register u_int32_t val;
+	register int base, n;
+	register char c;
+	unsigned int parts[4];
+	register unsigned int *pp = parts;
+
+	c = *cp;
+	for (;;) {
+		/*
+		 * Collect number up to ``.''.
+		 * Values are specified as for C:
+		 * 0x=hex, 0=octal, isdigit=decimal.
+		 */
+		if (!isdigit(c))
+			return (0);
+		val = 0; base = 10;
+		if (c == '0') {
+			c = *++cp;
+			if (c == 'x' || c == 'X')
+				base = 16, c = *++cp;
+			else
+				base = 8;
+		}
+		for (;;) {
+			if (isascii(c) && isdigit(c)) {
+				val = (val * base) + (c - '0');
+				c = *++cp;
+			} else if (base == 16 && isascii(c) && isxdigit(c)) {
+				val = (val << 4) |
+					(c + 10 - (islower(c) ? 'a' : 'A'));
+				c = *++cp;
+			} else
+				break;
+		}
+		if (c == '.') {
+			/*
+			 * Internet format:
+			 *	a.b.c.d
+			 *	a.b.c	(with c treated as 16 bits)
+			 *	a.b	(with b treated as 24 bits)
+			 */
+			if (pp >= parts + 3)
+				return (0);
+			*pp++ = val;
+			c = *++cp;
+		} else
+			break;
+	}
+	/*
+	 * Check for trailing characters.
+	 */
+	if (c != '\0' && (!isascii(c) || !isspace(c)))
+		return (0);
+	/*
+	 * Concoct the address according to
+	 * the number of parts specified.
+	 */
+	n = pp - parts + 1;
+	switch (n) {
+
+	case 0:
+		return (0);		/* initial nondigit */
+
+	case 1:				/* a -- 32 bits */
+		break;
+
+	case 2:				/* a.b -- 8.24 bits */
+		if ((val > 0xffffff) || (parts[0] > 0xff))
+			return (0);
+		val |= parts[0] << 24;
+		break;
+
+	case 3:				/* a.b.c -- 8.8.16 bits */
+		if ((val > 0xffff) || (parts[0] > 0xff) || (parts[1] > 0xff))
+			return (0);
+		val |= (parts[0] << 24) | (parts[1] << 16);
+		break;
+
+	case 4:				/* a.b.c.d -- 8.8.8.8 bits */
+		if ((val > 0xff) || (parts[0] > 0xff) || (parts[1] > 0xff) || (parts[2] > 0xff))
+			return (0);
+		val |= (parts[0] << 24) | (parts[1] << 16) | (parts[2] << 8);
+		break;
+	}
+	if (addr)
+		addr->s_addr = htonl(val);
+	return (1);
+}
+
+#endif /* !defined(HAVE_INET_ATON) */
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/inet_aton.h openssh-3.1p1/openbsd-compat/inet_aton.h
--- ssh-openbsd-2002030700/openbsd-compat/inet_aton.h	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/inet_aton.h	Mon Jul 16 12:07:51 2001
@@ -0,0 +1,12 @@
+/* $Id: inet_aton.h,v 1.4 2001/07/16 02:07:51 tim Exp $ */
+
+#ifndef _BSD_INET_ATON_H
+#define _BSD_INET_ATON_H
+
+#include "config.h"
+
+#ifndef HAVE_INET_ATON
+int inet_aton(const char *cp, struct in_addr *addr);
+#endif /* HAVE_INET_ATON */
+
+#endif /* _BSD_INET_ATON_H */
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/inet_ntoa.c openssh-3.1p1/openbsd-compat/inet_ntoa.c
--- ssh-openbsd-2002030700/openbsd-compat/inet_ntoa.c	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/inet_ntoa.c	Sun Feb  4 08:31:23 2001
@@ -0,0 +1,64 @@
+/*
+ * Copyright (c) 1983, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "config.h"
+
+#if defined(BROKEN_INET_NTOA) || !defined(HAVE_INET_NTOA)
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char rcsid[] = "$OpenBSD: inet_ntoa.c,v 1.2 1996/08/19 08:29:16 tholo Exp $";
+#endif /* LIBC_SCCS and not lint */
+
+/*
+ * Convert network-format internet address
+ * to base 256 d.d.d.d representation.
+ */
+#include <sys/types.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <stdio.h>
+#include "inet_ntoa.h"
+
+char *inet_ntoa(struct in_addr in)
+{
+	static char b[18];
+	register char *p;
+
+	p = (char *)&in;
+#define	UC(b)	(((int)b)&0xff)
+	(void)snprintf(b, sizeof(b),
+	    "%d.%d.%d.%d", UC(p[0]), UC(p[1]), UC(p[2]), UC(p[3]));
+	return (b);
+}
+
+#endif /* defined(BROKEN_INET_NTOA) || !defined(HAVE_INET_NTOA) */
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/inet_ntoa.h openssh-3.1p1/openbsd-compat/inet_ntoa.h
--- ssh-openbsd-2002030700/openbsd-compat/inet_ntoa.h	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/inet_ntoa.h	Fri Feb  9 12:55:36 2001
@@ -0,0 +1,12 @@
+/* $Id: inet_ntoa.h,v 1.2 2001/02/09 01:55:36 djm Exp $ */
+
+#ifndef _BSD_INET_NTOA_H
+#define _BSD_INET_NTOA_H
+
+#include "config.h"
+
+#if defined(BROKEN_INET_NTOA) || !defined(HAVE_INET_NTOA)
+char *inet_ntoa(struct in_addr in);
+#endif /* defined(BROKEN_INET_NTOA) || !defined(HAVE_INET_NTOA) */
+
+#endif /* _BSD_INET_NTOA_H */
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/inet_ntop.c openssh-3.1p1/openbsd-compat/inet_ntop.c
--- ssh-openbsd-2002030700/openbsd-compat/inet_ntop.c	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/inet_ntop.c	Tue Sep 25 22:21:53 2001
@@ -0,0 +1,213 @@
+/*	$OpenBSD: inet_ntop.c,v 1.1 1997/03/13 19:07:32 downsj Exp $	*/
+
+/* Copyright (c) 1996 by Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+ */
+
+#include "config.h"
+
+#ifndef HAVE_INET_NTOP
+
+#if defined(LIBC_SCCS) && !defined(lint)
+#if 0
+static char rcsid[] = "$From: inet_ntop.c,v 8.7 1996/08/05 08:41:18 vixie Exp $";
+#else
+static char rcsid[] = "$OpenBSD: inet_ntop.c,v 1.1 1997/03/13 19:07:32 downsj Exp $";
+#endif
+#endif /* LIBC_SCCS and not lint */
+
+#include <sys/param.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include "openbsd-compat/fake-socket.h"
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#ifndef HAVE_CYGWIN
+#include <arpa/nameser.h>
+#endif
+#include <string.h>
+#include <errno.h>
+#include <stdio.h>
+
+#ifndef IN6ADDRSZ
+#define IN6ADDRSZ   16   /* IPv6 T_AAAA */                 
+#endif
+
+#ifndef INT16SZ
+#define INT16SZ     2    /* for systems without 16-bit ints */
+#endif
+
+/*
+ * WARNING: Don't even consider trying to compile this on a system where
+ * sizeof(int) < 4.  sizeof(int) > 4 is fine; all the world's not a VAX.
+ */
+
+static const char *inet_ntop4 __P((const u_char *src, char *dst, size_t size));
+static const char *inet_ntop6 __P((const u_char *src, char *dst, size_t size));
+
+/* char *
+ * inet_ntop(af, src, dst, size)
+ *	convert a network format address to presentation format.
+ * return:
+ *	pointer to presentation format address (`dst'), or NULL (see errno).
+ * author:
+ *	Paul Vixie, 1996.
+ */
+const char *
+inet_ntop(af, src, dst, size)
+	int af;
+	const void *src;
+	char *dst;
+	size_t size;
+{
+	switch (af) {
+	case AF_INET:
+		return (inet_ntop4(src, dst, size));
+	case AF_INET6:
+		return (inet_ntop6(src, dst, size));
+	default:
+		errno = EAFNOSUPPORT;
+		return (NULL);
+	}
+	/* NOTREACHED */
+}
+
+/* const char *
+ * inet_ntop4(src, dst, size)
+ *	format an IPv4 address, more or less like inet_ntoa()
+ * return:
+ *	`dst' (as a const)
+ * notes:
+ *	(1) uses no statics
+ *	(2) takes a u_char* not an in_addr as input
+ * author:
+ *	Paul Vixie, 1996.
+ */
+static const char *
+inet_ntop4(src, dst, size)
+	const u_char *src;
+	char *dst;
+	size_t size;
+{
+	static const char fmt[] = "%u.%u.%u.%u";
+	char tmp[sizeof "255.255.255.255"];
+
+	if (snprintf(tmp, sizeof(tmp), fmt, src[0], src[1], src[2],
+	    src[3]) > size) {
+		errno = ENOSPC;
+		return (NULL);
+	}
+	strcpy(dst, tmp);
+	return (dst);
+}
+
+/* const char *
+ * inet_ntop6(src, dst, size)
+ *	convert IPv6 binary address into presentation (printable) format
+ * author:
+ *	Paul Vixie, 1996.
+ */
+static const char *
+inet_ntop6(src, dst, size)
+	const u_char *src;
+	char *dst;
+	size_t size;
+{
+	/*
+	 * Note that int32_t and int16_t need only be "at least" large enough
+	 * to contain a value of the specified size.  On some systems, like
+	 * Crays, there is no such thing as an integer variable with 16 bits.
+	 * Keep this in mind if you think this function should have been coded
+	 * to use pointer overlays.  All the world's not a VAX.
+	 */
+	char tmp[sizeof "ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255"], *tp;
+	struct { int base, len; } best, cur;
+	u_int words[IN6ADDRSZ / INT16SZ];
+	int i;
+
+	/*
+	 * Preprocess:
+	 *	Copy the input (bytewise) array into a wordwise array.
+	 *	Find the longest run of 0x00's in src[] for :: shorthanding.
+	 */
+	memset(words, '\0', sizeof words);
+	for (i = 0; i < IN6ADDRSZ; i++)
+		words[i / 2] |= (src[i] << ((1 - (i % 2)) << 3));
+	best.base = -1;
+	cur.base = -1;
+	for (i = 0; i < (IN6ADDRSZ / INT16SZ); i++) {
+		if (words[i] == 0) {
+			if (cur.base == -1)
+				cur.base = i, cur.len = 1;
+			else
+				cur.len++;
+		} else {
+			if (cur.base != -1) {
+				if (best.base == -1 || cur.len > best.len)
+					best = cur;
+				cur.base = -1;
+			}
+		}
+	}
+	if (cur.base != -1) {
+		if (best.base == -1 || cur.len > best.len)
+			best = cur;
+	}
+	if (best.base != -1 && best.len < 2)
+		best.base = -1;
+
+	/*
+	 * Format the result.
+	 */
+	tp = tmp;
+	for (i = 0; i < (IN6ADDRSZ / INT16SZ); i++) {
+		/* Are we inside the best run of 0x00's? */
+		if (best.base != -1 && i >= best.base &&
+		    i < (best.base + best.len)) {
+			if (i == best.base)
+				*tp++ = ':';
+			continue;
+		}
+		/* Are we following an initial run of 0x00s or any real hex? */
+		if (i != 0)
+			*tp++ = ':';
+		/* Is this address an encapsulated IPv4? */
+		if (i == 6 && best.base == 0 &&
+		    (best.len == 6 || (best.len == 5 && words[5] == 0xffff))) {
+			if (!inet_ntop4(src+12, tp, sizeof tmp - (tp - tmp)))
+				return (NULL);
+			tp += strlen(tp);
+			break;
+		}
+		snprintf(tp, sizeof(tmp - (tp - tmp)), "%x", words[i]);
+		tp += strlen(tp);
+	}
+	/* Was it a trailing run of 0x00's? */
+	if (best.base != -1 && (best.base + best.len) == (IN6ADDRSZ / INT16SZ))
+		*tp++ = ':';
+	*tp++ = '\0';
+
+	/*
+	 * Check for overflow, copy, and we're done.
+	 */
+	if ((size_t)(tp - tmp) > size) {
+		errno = ENOSPC;
+		return (NULL);
+	}
+	strcpy(dst, tmp);
+	return (dst);
+}
+
+#endif /* !HAVE_INET_NTOP */
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/inet_ntop.h openssh-3.1p1/openbsd-compat/inet_ntop.h
--- ssh-openbsd-2002030700/openbsd-compat/inet_ntop.h	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/inet_ntop.h	Thu Aug  9 10:56:53 2001
@@ -0,0 +1,13 @@
+/* $Id: inet_ntop.h,v 1.4 2001/08/09 00:56:53 mouring Exp $ */
+
+#ifndef _BSD_INET_NTOP_H
+#define _BSD_INET_NTOP_H
+
+#include "config.h"
+
+#ifndef HAVE_INET_NTOP
+const char *                 
+inet_ntop(int af, const void *src, char *dst, size_t size);
+#endif /* !HAVE_INET_NTOP */
+
+#endif /* _BSD_INET_NTOP_H */
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/mktemp.c openssh-3.1p1/openbsd-compat/mktemp.c
--- ssh-openbsd-2002030700/openbsd-compat/mktemp.c	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/mktemp.c	Wed Feb 13 16:00:16 2002
@@ -0,0 +1,184 @@
+/* THIS FILE HAS BEEN MODIFIED FROM THE ORIGINAL OPENBSD SOURCE */
+/* Changes: Removed mktemp */
+
+/*
+ * Copyright (c) 1987, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "includes.h"
+
+#ifndef HAVE_MKDTEMP
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char rcsid[] = "$OpenBSD: mktemp.c,v 1.14 2002/01/02 20:18:32 deraadt Exp $";
+#endif /* LIBC_SCCS and not lint */
+
+#ifdef HAVE_CYGWIN
+#define open binary_open
+extern int binary_open();
+#endif
+
+static int _gettemp(char *, int *, int, int);
+
+int
+mkstemps(path, slen)
+	char *path;
+	int slen;
+{
+	int fd;
+
+	return (_gettemp(path, &fd, 0, slen) ? fd : -1);
+}
+
+int
+mkstemp(path)
+	char *path;
+{
+	int fd;
+
+	return (_gettemp(path, &fd, 0, 0) ? fd : -1);
+}
+
+char *
+mkdtemp(path)
+	char *path;
+{
+	return(_gettemp(path, (int *)NULL, 1, 0) ? path : (char *)NULL);
+}
+
+static int
+_gettemp(path, doopen, domkdir, slen)
+	char *path;
+	register int *doopen;
+	int domkdir;
+	int slen;
+{
+	register char *start, *trv, *suffp;
+	struct stat sbuf;
+	int rval;
+	pid_t pid;
+
+	if (doopen && domkdir) {
+		errno = EINVAL;
+		return(0);
+	}
+
+	for (trv = path; *trv; ++trv)
+		;
+	trv -= slen;
+	suffp = trv;
+	--trv;
+	if (trv < path) {
+		errno = EINVAL;
+		return (0);
+	}
+	pid = getpid();
+	while (*trv == 'X' && pid != 0) {
+		*trv-- = (pid % 10) + '0';
+		pid /= 10;
+	}
+	while (*trv == 'X') {
+		char c;
+
+		pid = (arc4random() & 0xffff) % (26+26);
+		if (pid < 26)
+			c = pid + 'A';
+		else
+			c = (pid - 26) + 'a';
+		*trv-- = c;
+	}
+	start = trv + 1;
+
+	/*
+	 * check the target directory; if you have six X's and it
+	 * doesn't exist this runs for a *very* long time.
+	 */
+	if (doopen || domkdir) {
+		for (;; --trv) {
+			if (trv <= path)
+				break;
+			if (*trv == '/') {
+				*trv = '\0';
+				rval = stat(path, &sbuf);
+				*trv = '/';
+				if (rval != 0)
+					return(0);
+				if (!S_ISDIR(sbuf.st_mode)) {
+					errno = ENOTDIR;
+					return(0);
+				}
+				break;
+			}
+		}
+	}
+
+	for (;;) {
+		if (doopen) {
+			if ((*doopen =
+			    open(path, O_CREAT|O_EXCL|O_RDWR, 0600)) >= 0)
+				return(1);
+			if (errno != EEXIST)
+				return(0);
+		} else if (domkdir) {
+			if (mkdir(path, 0700) == 0)
+				return(1);
+			if (errno != EEXIST)
+				return(0);
+		} else if (lstat(path, &sbuf))
+			return(errno == ENOENT ? 1 : 0);
+
+		/* tricky little algorithm for backward compatibility */
+		for (trv = start;;) {
+			if (!*trv)
+				return (0);
+			if (*trv == 'Z') {
+				if (trv == suffp)
+					return (0);
+				*trv++ = 'a';
+			} else {
+				if (isdigit(*trv))
+					*trv = 'a';
+				else if (*trv == 'z')	/* inc from z to A */
+					*trv = 'A';
+				else {
+					if (trv == suffp)
+						return (0);
+					++*trv;
+				}
+				break;
+			}
+		}
+	}
+	/*NOTREACHED*/
+}
+
+#endif /* !HAVE_MKDTEMP */
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/mktemp.h openssh-3.1p1/openbsd-compat/mktemp.h
--- ssh-openbsd-2002030700/openbsd-compat/mktemp.h	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/mktemp.h	Fri Feb  9 12:55:36 2001
@@ -0,0 +1,13 @@
+/* $Id: mktemp.h,v 1.2 2001/02/09 01:55:36 djm Exp $ */
+
+#ifndef _BSD_MKTEMP_H
+#define _BSD_MKTEMP_H
+
+#include "config.h"
+#ifndef HAVE_MKDTEMP
+int mkstemps(char *path, int slen);
+int mkstemp(char *path);
+char *mkdtemp(char *path);
+#endif /* !HAVE_MKDTEMP */
+
+#endif /* _BSD_MKTEMP_H */
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/openbsd-compat.h openssh-3.1p1/openbsd-compat/openbsd-compat.h
--- ssh-openbsd-2002030700/openbsd-compat/openbsd-compat.h	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/openbsd-compat.h	Wed Feb 20 07:27:57 2002
@@ -0,0 +1,46 @@
+/* $Id: openbsd-compat.h,v 1.16 2002/02/19 20:27:57 mouring Exp $ */
+
+#ifndef _OPENBSD_H
+#define _OPENBSD_H
+
+#include "config.h"
+
+/* OpenBSD function replacements */
+#include "bindresvport.h"
+#include "getcwd.h"
+#include "realpath.h"
+#include "rresvport.h"
+#include "strlcpy.h"
+#include "strlcat.h"
+#include "strmode.h"
+#include "mktemp.h"
+#include "daemon.h"
+#include "dirname.h"
+#include "base64.h"
+#include "sigact.h"
+#include "inet_ntoa.h"
+#include "inet_ntop.h"
+#include "strsep.h"
+#include "setproctitle.h"
+#include "getgrouplist.h"
+#include "glob.h"
+#include "readpassphrase.h"
+#include "getopt.h"
+
+/* Home grown routines */
+#include "bsd-arc4random.h"
+#include "bsd-misc.h"
+#include "bsd-snprintf.h"
+#include "bsd-waitpid.h"
+
+/* rfc2553 socket API replacements */
+#include "fake-getaddrinfo.h"
+#include "fake-getnameinfo.h"
+#include "fake-socket.h"
+
+/* Routines for a single OS platform */
+#include "bsd-cray.h"
+#include "port-irix.h"
+#include "port-aix.h"
+
+#endif /* _OPENBSD_H */
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/port-aix.c openssh-3.1p1/openbsd-compat/port-aix.c
--- ssh-openbsd-2002030700/openbsd-compat/port-aix.c	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/port-aix.c	Mon Feb 25 07:25:47 2002
@@ -0,0 +1,126 @@
+#include "includes.h"
+
+#ifdef _AIX
+
+#ifdef HAVE_USERSEC_H
+#include <usersec.h>
+#endif /* HAVE_USERSEC_H */
+
+#include <uinfo.h>
+#include <../xmalloc.h>
+
+/* AIX limits */
+#if defined(HAVE_GETUSERATTR) && !defined(S_UFSIZE_HARD) && defined(S_UFSIZE)
+# define S_UFSIZE_HARD  S_UFSIZE "_hard"
+# define S_UCPU_HARD  S_UCPU "_hard"
+# define S_UDATA_HARD  S_UDATA "_hard"
+# define S_USTACK_HARD  S_USTACK "_hard"
+# define S_URSS_HARD  S_URSS "_hard"
+# define S_UCORE_HARD  S_UCORE "_hard"
+# define S_UNOFILE_HARD S_UNOFILE "_hard"
+#endif
+
+#if defined(HAVE_GETUSERATTR)
+/*
+ * AIX-specific login initialisation
+ */
+void 
+set_limit(char *user, char *soft, char *hard, int resource, int mult)
+{
+        struct rlimit rlim;
+        int slim, hlim;
+
+        getrlimit(resource, &rlim);
+
+        slim = 0;
+        if (getuserattr(user, soft, &slim, SEC_INT) != -1) {
+                if (slim < 0) {
+                        rlim.rlim_cur = RLIM_INFINITY;
+                } else if (slim != 0) {
+                        /* See the wackiness below */
+                        if (rlim.rlim_cur == slim * mult)
+                                slim = 0;
+                        else
+                                rlim.rlim_cur = slim * mult;
+                }
+        }
+        hlim = 0;
+        if (getuserattr(user, hard, &hlim, SEC_INT) != -1) {
+                if (hlim < 0) {
+                        rlim.rlim_max = RLIM_INFINITY;
+                } else if (hlim != 0) {
+                        rlim.rlim_max = hlim * mult;
+                }
+        }
+
+        /*
+         * XXX For cpu and fsize the soft limit is set to the hard limit
+         * if the hard limit is left at its default value and the soft limit
+         * is changed from its default value, either by requesting it
+         * (slim == 0) or by setting it to the current default.  At least
+         * that's how rlogind does it.  If you're confused you're not alone.
+         * Bug or feature? AIX 4.3.1.2
+         */
+        if ((!strcmp(soft, "fsize") || !strcmp(soft, "cpu"))
+            && hlim == 0 && slim != 0)
+                rlim.rlim_max = rlim.rlim_cur;
+        /* A specified hard limit limits the soft limit */
+        else if (hlim > 0 && rlim.rlim_cur > rlim.rlim_max)
+                rlim.rlim_cur = rlim.rlim_max;
+        /* A soft limit can increase a hard limit */
+        else if (rlim.rlim_cur > rlim.rlim_max)
+                rlim.rlim_max = rlim.rlim_cur;
+
+        if (setrlimit(resource, &rlim) != 0)
+                error("setrlimit(%.10s) failed: %.100s", soft, strerror(errno));
+}
+
+void 
+set_limits_from_userattr(char *user)
+{
+        int mask;
+        char buf[16];
+
+        set_limit(user, S_UFSIZE, S_UFSIZE_HARD, RLIMIT_FSIZE, 512);
+        set_limit(user, S_UCPU, S_UCPU_HARD, RLIMIT_CPU, 1);
+        set_limit(user, S_UDATA, S_UDATA_HARD, RLIMIT_DATA, 512);
+        set_limit(user, S_USTACK, S_USTACK_HARD, RLIMIT_STACK, 512);
+        set_limit(user, S_URSS, S_URSS_HARD, RLIMIT_RSS, 512);
+        set_limit(user, S_UCORE, S_UCORE_HARD, RLIMIT_CORE, 512);
+#if defined(S_UNOFILE)
+        set_limit(user, S_UNOFILE, S_UNOFILE_HARD, RLIMIT_NOFILE, 1);
+#endif
+
+        if (getuserattr(user, S_UMASK, &mask, SEC_INT) != -1) {
+                /* Convert decimal to octal */
+                (void) snprintf(buf, sizeof(buf), "%d", mask);
+                if (sscanf(buf, "%o", &mask) == 1)
+                        umask(mask);
+        }
+}
+#endif /* defined(HAVE_GETUSERATTR) */
+
+/*
+ * AIX has a "usrinfo" area where logname and
+ * other stuff is stored - a few applications
+ * actually use this and die if it's not set
+ */
+void
+aix_usrinfo(struct passwd *pw, char *tty, int ttyfd) 
+{
+	u_int i;
+	char *cp=NULL;
+
+	if (ttyfd == -1)
+		tty[0] = '\0';
+	cp = xmalloc(22 + strlen(tty) + 2 * strlen(pw->pw_name));
+	i = sprintf(cp, "LOGNAME=%s%cNAME=%s%cTTY=%s%c%c", pw->pw_name, 0, 
+	    pw->pw_name, 0, tty, 0, 0);
+	if (usrinfo(SETUINFO, cp, i) == -1)
+		fatal("Couldn't set usrinfo: %s", strerror(errno));
+	debug3("AIX/UsrInfo: set len %d", i);
+	xfree(cp);
+}
+
+#endif /* _AIX */
+
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/port-aix.h openssh-3.1p1/openbsd-compat/port-aix.h
--- ssh-openbsd-2002030700/openbsd-compat/port-aix.h	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/port-aix.h	Tue Feb 26 02:48:04 2002
@@ -0,0 +1,10 @@
+#ifdef _AIX
+
+#ifdef HAVE_GETUSERATTR
+void set_limit(char *user, char *soft, char *hard, int resource, int mult);
+void set_limits_from_userattr(char *user);
+#endif /* HAVE_GETUSERATTR */
+
+void aix_usrinfo(struct passwd *pw, char *tty, int ttyfd);
+
+#endif /* _AIX */
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/port-irix.c openssh-3.1p1/openbsd-compat/port-irix.c
--- ssh-openbsd-2002030700/openbsd-compat/port-irix.c	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/port-irix.c	Wed Feb 20 07:02:49 2002
@@ -0,0 +1,61 @@
+#include "includes.h"
+
+#if defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY)
+
+#ifdef WITH_IRIX_PROJECT
+#include <proj.h>
+#endif /* WITH_IRIX_PROJECT */
+#ifdef WITH_IRIX_JOBS
+#include <sys/resource.h>
+#endif
+#ifdef WITH_IRIX_AUDIT
+#include <sat.h>
+#endif /* WITH_IRIX_AUDIT */
+
+void
+irix_setusercontext(struct passwd *pw)
+{
+#ifdef WITH_IRIX_PROJECT
+        prid_t projid;
+#endif /* WITH_IRIX_PROJECT */
+#ifdef WITH_IRIX_JOBS
+        jid_t jid = 0;
+#else
+# ifdef WITH_IRIX_ARRAY
+        int jid = 0;
+# endif /* WITH_IRIX_ARRAY */
+#endif /* WITH_IRIX_JOBS */
+
+#ifdef WITH_IRIX_JOBS
+        jid = jlimit_startjob(pw->pw_name, pw->pw_uid, "interactive");
+        if (jid == -1)
+                fatal("Failed to create job container: %.100s",
+                    strerror(errno));
+#endif /* WITH_IRIX_JOBS */
+#ifdef WITH_IRIX_ARRAY
+        /* initialize array session */
+        if (jid == 0  && newarraysess() != 0)
+                fatal("Failed to set up new array session: %.100s",
+                    strerror(errno));
+#endif /* WITH_IRIX_ARRAY */
+#ifdef WITH_IRIX_PROJECT
+        /* initialize irix project info */
+        if ((projid = getdfltprojuser(pw->pw_name)) == -1) {
+                debug("Failed to get project id, using projid 0");
+                projid = 0;
+        }
+        if (setprid(projid))
+                fatal("Failed to initialize project %d for %s: %.100s",
+                    (int)projid, pw->pw_name, strerror(errno));
+#endif /* WITH_IRIX_PROJECT */
+#ifdef WITH_IRIX_AUDIT
+        if (sysconf(_SC_AUDIT)) {
+                debug("Setting sat id to %d", (int) pw->pw_uid);
+                if (satsetid(pw->pw_uid))
+                        debug("error setting satid: %.100s", strerror(errno));
+        }
+#endif /* WITH_IRIX_AUDIT */
+}
+
+
+#endif /* defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) */
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/port-irix.h openssh-3.1p1/openbsd-compat/port-irix.h
--- ssh-openbsd-2002030700/openbsd-compat/port-irix.h	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/port-irix.h	Wed Feb 20 07:02:49 2002
@@ -0,0 +1,5 @@
+#if defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY)
+
+void irix_setusercontext(struct passwd *pw);
+
+#endif /* defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) */
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/readpassphrase.c openssh-3.1p1/openbsd-compat/readpassphrase.c
--- ssh-openbsd-2002030700/openbsd-compat/readpassphrase.c	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/readpassphrase.c	Thu Feb 14 20:43:08 2002
@@ -0,0 +1,184 @@
+/*	$OpenBSD: readpassphrase.c,v 1.12 2001/12/15 05:41:00 millert Exp $	*/
+
+/*
+ * Copyright (c) 2000 Todd C. Miller <Todd.Miller@courtesan.com>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL
+ * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static const char rcsid[] = "$OpenBSD: readpassphrase.c,v 1.12 2001/12/15 05:41:00 millert Exp $";
+#endif /* LIBC_SCCS and not lint */
+
+#include "includes.h"
+
+#ifndef HAVE_READPASSPHRASE
+
+#include <termios.h>
+#include <readpassphrase.h>
+
+#ifdef TCSASOFT
+# define _T_FLUSH	(TCSAFLUSH|TCSASOFT)
+#else
+# define _T_FLUSH	(TCSAFLUSH)
+#endif
+
+/* SunOS 4.x which lacks _POSIX_VDISABLE, but has VDISABLE */
+#if !defined(_POSIX_VDISABLE) && defined(VDISABLE)
+#  define _POSIX_VDISABLE       VDISABLE
+#endif
+
+static volatile sig_atomic_t signo;
+
+static void handler(int);
+
+char *
+readpassphrase(const char *prompt, char *buf, size_t bufsiz, int flags)
+{
+	ssize_t nr;
+	int input, output, save_errno;
+	char ch, *p, *end;
+	struct termios term, oterm;
+	struct sigaction sa, saveint, savehup, savequit, saveterm;
+	struct sigaction savetstp, savettin, savettou;
+
+	/* I suppose we could alloc on demand in this case (XXX). */
+	if (bufsiz == 0) {
+		errno = EINVAL;
+		return(NULL);
+	}
+
+restart:
+	/*
+	 * Read and write to /dev/tty if available.  If not, read from
+	 * stdin and write to stderr unless a tty is required.
+	 */
+	if ((input = output = open(_PATH_TTY, O_RDWR)) == -1) {
+		if (flags & RPP_REQUIRE_TTY) {
+			errno = ENOTTY;
+			return(NULL);
+		}
+		input = STDIN_FILENO;
+		output = STDERR_FILENO;
+	}
+
+	/*
+	 * Catch signals that would otherwise cause the user to end
+	 * up with echo turned off in the shell.  Don't worry about
+	 * things like SIGALRM and SIGPIPE for now.
+	 */
+	sigemptyset(&sa.sa_mask);
+	sa.sa_flags = 0;		/* don't restart system calls */
+	sa.sa_handler = handler;
+	(void)sigaction(SIGINT, &sa, &saveint);
+	(void)sigaction(SIGHUP, &sa, &savehup);
+	(void)sigaction(SIGQUIT, &sa, &savequit);
+	(void)sigaction(SIGTERM, &sa, &saveterm);
+	(void)sigaction(SIGTSTP, &sa, &savetstp);
+	(void)sigaction(SIGTTIN, &sa, &savettin);
+	(void)sigaction(SIGTTOU, &sa, &savettou);
+
+	/* Turn off echo if possible. */
+	if (tcgetattr(input, &oterm) == 0) {
+		memcpy(&term, &oterm, sizeof(term));
+		if (!(flags & RPP_ECHO_ON))
+			term.c_lflag &= ~(ECHO | ECHONL);
+#ifdef VSTATUS
+		if (term.c_cc[VSTATUS] != _POSIX_VDISABLE)
+			term.c_cc[VSTATUS] = _POSIX_VDISABLE;
+#endif
+		(void)tcsetattr(input, _T_FLUSH, &term);
+	} else {
+		memset(&term, 0, sizeof(term));
+		memset(&oterm, 0, sizeof(oterm));
+	}
+
+	(void)write(output, prompt, strlen(prompt));
+	end = buf + bufsiz - 1;
+	for (p = buf; (nr = read(input, &ch, 1)) == 1 && ch != '\n' && ch != '\r';) {
+		if (p < end) {
+			if ((flags & RPP_SEVENBIT))
+				ch &= 0x7f;
+			if (isalpha(ch)) {
+				if ((flags & RPP_FORCELOWER))
+					ch = tolower(ch);
+				if ((flags & RPP_FORCEUPPER))
+					ch = toupper(ch);
+			}
+			*p++ = ch;
+		}
+	}
+	*p = '\0';
+	save_errno = errno;
+	if (!(term.c_lflag & ECHO))
+		(void)write(output, "\n", 1);
+
+	/* Restore old terminal settings and signals. */
+	if (memcmp(&term, &oterm, sizeof(term)) != 0)
+		(void)tcsetattr(input, _T_FLUSH, &oterm);
+	(void)sigaction(SIGINT, &saveint, NULL);
+	(void)sigaction(SIGHUP, &savehup, NULL);
+	(void)sigaction(SIGQUIT, &savequit, NULL);
+	(void)sigaction(SIGTERM, &saveterm, NULL);
+	(void)sigaction(SIGTSTP, &savetstp, NULL);
+	(void)sigaction(SIGTTIN, &savettin, NULL);
+	(void)sigaction(SIGTTOU, &savettou, NULL);
+	if (input != STDIN_FILENO)
+		(void)close(input);
+
+	/*
+	 * If we were interrupted by a signal, resend it to ourselves
+	 * now that we have restored the signal handlers.
+	 */
+	if (signo) {
+		kill(getpid(), signo); 
+		switch (signo) {
+		case SIGTSTP:
+		case SIGTTIN:
+		case SIGTTOU:
+			signo = 0;
+			goto restart;
+		}
+	}
+
+	errno = save_errno;
+	return(nr == -1 ? NULL : buf);
+}
+#endif /* HAVE_READPASSPHRASE */
+  
+#if 0
+char *
+getpass(const char *prompt)
+{
+	static char buf[_PASSWORD_LEN + 1];
+
+	return(readpassphrase(prompt, buf, sizeof(buf), RPP_ECHO_OFF));
+}
+#endif
+
+static void handler(int s)
+{
+
+	signo = s;
+}
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/readpassphrase.h openssh-3.1p1/openbsd-compat/readpassphrase.h
--- ssh-openbsd-2002030700/openbsd-compat/readpassphrase.h	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/readpassphrase.h	Mon Jun 25 18:09:18 2001
@@ -0,0 +1,48 @@
+/*	$OpenBSD: readpassphrase.h,v 1.1 2000/11/21 00:48:38 millert Exp $	*/
+
+/*
+ * Copyright (c) 2000 Todd C. Miller <Todd.Miller@courtesan.com>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL
+ * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef _READPASSPHRASE_H_
+#define _READPASSPHRASE_H_
+
+#include "includes.h"
+
+#ifndef HAVE_READPASSPHRASE
+
+#define RPP_ECHO_OFF    0x00		/* Turn off echo (default). */
+#define RPP_ECHO_ON     0x01		/* Leave echo on. */
+#define RPP_REQUIRE_TTY 0x02		/* Fail if there is no tty. */
+#define RPP_FORCELOWER  0x04		/* Force input to lower case. */
+#define RPP_FORCEUPPER  0x08		/* Force input to upper case. */
+#define RPP_SEVENBIT    0x10		/* Strip the high bit from input. */
+
+char *readpassphrase(const char *, char *, size_t, int);
+
+#endif /* HAVE_READPASSPHRASE */
+
+#endif /* !_READPASSPHRASE_H_ */
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/realpath.c openssh-3.1p1/openbsd-compat/realpath.c
--- ssh-openbsd-2002030700/openbsd-compat/realpath.c	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/realpath.c	Wed Feb 13 16:00:16 2002
@@ -0,0 +1,166 @@
+/*
+ * Copyright (c) 1994
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Jan-Simon Pendry.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "includes.h"
+
+#if !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH)
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char *rcsid = "$OpenBSD: realpath.c,v 1.6 2002/01/12 16:24:35 millert Exp $";
+#endif /* LIBC_SCCS and not lint */
+
+#include <sys/param.h>
+#include <sys/stat.h>
+
+#include <errno.h>
+#include <fcntl.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+/*
+ * MAXSYMLINKS
+ */
+#ifndef MAXSYMLINKS
+#define MAXSYMLINKS 5
+#endif
+
+/*
+ * char *realpath(const char *path, char resolved_path[MAXPATHLEN]);
+ *
+ * Find the real name of path, by removing all ".", ".." and symlink
+ * components.  Returns (resolved) on success, or (NULL) on failure,
+ * in which case the path which caused trouble is left in (resolved).
+ */
+char *
+realpath(const char *path, char *resolved)
+{
+	struct stat sb;
+	int fd, n, rootd, serrno = 0;
+	char *p, *q, wbuf[MAXPATHLEN], start[MAXPATHLEN];
+	int symlinks = 0;
+
+	/* Save the starting point. */
+	getcwd(start,MAXPATHLEN);	
+	if ((fd = open(".", O_RDONLY)) < 0) {
+		(void)strcpy(resolved, ".");
+		return (NULL);
+	}
+	close(fd);
+
+	/* Convert "." -> "" to optimize away a needless lstat() and chdir() */
+	if (path[0] == '.' && path[1] == '\0')
+		path = "";
+
+	/*
+	 * Find the dirname and basename from the path to be resolved.
+	 * Change directory to the dirname component.
+	 * lstat the basename part.
+	 *     if it is a symlink, read in the value and loop.
+	 *     if it is a directory, then change to that directory.
+	 * get the current directory name and append the basename.
+	 */
+	strlcpy(resolved, path, MAXPATHLEN);
+loop:
+	q = strrchr(resolved, '/');
+	if (q != NULL) {
+		p = q + 1;
+		if (q == resolved)
+			q = "/";
+		else {
+			do {
+				--q;
+			} while (q > resolved && *q == '/');
+			q[1] = '\0';
+			q = resolved;
+		}
+		if (chdir(q) < 0)
+			goto err1;
+	} else
+		p = resolved;
+
+	/* Deal with the last component. */
+	if (*p != '\0' && lstat(p, &sb) == 0) {
+		if (S_ISLNK(sb.st_mode)) {
+			if (++symlinks > MAXSYMLINKS) {
+				serrno = ELOOP;
+				goto err1;
+			}
+			n = readlink(p, resolved, MAXPATHLEN-1);
+			if (n < 0)
+				goto err1;
+			resolved[n] = '\0';
+			goto loop;
+		}
+		if (S_ISDIR(sb.st_mode)) {
+			if (chdir(p) < 0)
+				goto err1;
+			p = "";
+		}
+	}
+
+	/*
+	 * Save the last component name and get the full pathname of
+	 * the current directory.
+	 */
+	(void)strcpy(wbuf, p);
+	if (getcwd(resolved, MAXPATHLEN) == 0)
+		goto err1;
+
+	/*
+	 * Join the two strings together, ensuring that the right thing
+	 * happens if the last component is empty, or the dirname is root.
+	 */
+	if (resolved[0] == '/' && resolved[1] == '\0')
+		rootd = 1;
+	else
+		rootd = 0;
+
+	if (*wbuf) {
+		if (strlen(resolved) + strlen(wbuf) + rootd + 1 > MAXPATHLEN) {
+			serrno = ENAMETOOLONG;
+			goto err1;
+		}
+		if (rootd == 0)
+			(void)strcat(resolved, "/");
+		(void)strcat(resolved, wbuf);
+	}
+
+	/* Go back to where we came from. */
+	if (chdir(start) < 0) {
+		serrno = errno;
+		goto err2;
+	}
+	return (resolved);
+
+err1:	chdir(start);
+err2:	errno = serrno;
+	return (NULL);
+}
+#endif /* !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH) */
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/realpath.h openssh-3.1p1/openbsd-compat/realpath.h
--- ssh-openbsd-2002030700/openbsd-compat/realpath.h	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/realpath.h	Fri Feb  9 12:55:36 2001
@@ -0,0 +1,13 @@
+/* $Id: realpath.h,v 1.2 2001/02/09 01:55:36 djm Exp $ */
+
+#ifndef _BSD_REALPATH_H
+#define _BSD_REALPATH_H
+
+#include "config.h"
+
+#if !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH)
+
+char *realpath(const char *path, char *resolved);
+
+#endif /* !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH) */
+#endif /* _BSD_REALPATH_H */
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/rresvport.c openssh-3.1p1/openbsd-compat/rresvport.c
--- ssh-openbsd-2002030700/openbsd-compat/rresvport.c	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/rresvport.c	Thu Feb  1 08:52:04 2001
@@ -0,0 +1,106 @@
+/*
+ * Copyright (c) 1995, 1996, 1998 Theo de Raadt.  All rights reserved.
+ * Copyright (c) 1983, 1993, 1994
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ *	This product includes software developed by Theo de Raadt.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "config.h"
+
+#ifndef HAVE_RRESVPORT_AF
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char *rcsid = "$OpenBSD: rresvport.c,v 1.5 2000/01/26 03:43:20 deraadt Exp $";
+#endif /* LIBC_SCCS and not lint */
+
+#include "includes.h"
+
+#if 0
+int
+rresvport(alport)
+	int *alport;
+{
+	return rresvport_af(alport, AF_INET);
+}
+#endif
+
+int 
+rresvport_af(int *alport, sa_family_t af)
+{
+	struct sockaddr_storage ss;
+	struct sockaddr *sa;
+	u_int16_t *portp;
+	int s;
+	socklen_t salen;
+
+	memset(&ss, '\0', sizeof ss);
+	sa = (struct sockaddr *)&ss;
+
+	switch (af) {
+	case AF_INET:
+		salen = sizeof(struct sockaddr_in);
+		portp = &((struct sockaddr_in *)sa)->sin_port;
+		break;
+	case AF_INET6:
+		salen = sizeof(struct sockaddr_in6);
+		portp = &((struct sockaddr_in6 *)sa)->sin6_port;
+		break;
+	default:
+		errno = EPFNOSUPPORT;
+		return (-1);
+	}
+	sa->sa_family = af;
+	
+	s = socket(af, SOCK_STREAM, 0);
+	if (s < 0)
+		return (-1);
+
+	*portp = htons(*alport);
+	if (*alport < IPPORT_RESERVED - 1) {
+		if (bind(s, sa, salen) >= 0)
+			return (s);
+		if (errno != EADDRINUSE) {
+			(void)close(s);
+			return (-1);
+		}
+	}
+
+	*portp = 0;
+	sa->sa_family = af;
+	if (bindresvport_sa(s, sa) == -1) {
+		(void)close(s);
+		return (-1);
+	}
+	*alport = ntohs(*portp);
+	return (s);
+}
+
+#endif /* HAVE_RRESVPORT_AF */
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/rresvport.h openssh-3.1p1/openbsd-compat/rresvport.h
--- ssh-openbsd-2002030700/openbsd-compat/rresvport.h	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/rresvport.h	Fri Feb  9 12:55:36 2001
@@ -0,0 +1,12 @@
+/* $Id: rresvport.h,v 1.2 2001/02/09 01:55:36 djm Exp $ */
+
+#ifndef _BSD_RRESVPORT_H
+#define _BSD_RRESVPORT_H
+
+#include "config.h"
+
+#ifndef HAVE_RRESVPORT_AF
+int rresvport_af(int *alport, sa_family_t af);
+#endif /* !HAVE_RRESVPORT_AF */
+
+#endif /* _BSD_RRESVPORT_H */
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/setenv.c openssh-3.1p1/openbsd-compat/setenv.c
--- ssh-openbsd-2002030700/openbsd-compat/setenv.c	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/setenv.c	Wed Feb 13 16:00:16 2002
@@ -0,0 +1,162 @@
+/*
+ * Copyright (c) 1987 Regents of the University of California.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "config.h"
+#ifndef HAVE_SETENV
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char *rcsid = "$OpenBSD: setenv.c,v 1.4 2001/07/09 06:57:45 deraadt Exp $";
+#endif /* LIBC_SCCS and not lint */
+
+#include <stdlib.h>
+#include <string.h>
+
+/*
+ * __findenv --
+ *	Returns pointer to value associated with name, if any, else NULL.
+ *	Sets offset to be the offset of the name/value combination in the
+ *	environmental array, for use by setenv(3) and unsetenv(3).
+ *	Explicitly removes '=' in argument name.
+ *
+ *	This routine *should* be a static; don't use it.
+ */
+char *
+__findenv(name, offset)
+	register const char *name;
+	int *offset;
+{
+	extern char **environ;
+	register int len, i;
+	register const char *np;
+	register char **p, *cp;
+
+	if (name == NULL || environ == NULL)
+		return (NULL);
+	for (np = name; *np && *np != '='; ++np)
+		;
+	len = np - name;
+	for (p = environ; (cp = *p) != NULL; ++p) {
+		for (np = name, i = len; i && *cp; i--)
+			if (*cp++ != *np++)
+				break;
+		if (i == 0 && *cp++ == '=') {
+			*offset = p - environ;
+			return (cp);
+		}
+	}
+	return (NULL);
+}
+
+/*
+ * setenv --
+ *	Set the value of the environmental variable "name" to be
+ *	"value".  If rewrite is set, replace any current value.
+ */
+int
+setenv(name, value, rewrite)
+	register const char *name;
+	register const char *value;
+	int rewrite;
+{
+	extern char **environ;
+	static int alloced;			/* if allocated space before */
+	register char *C;
+	int l_value, offset;
+	char *__findenv();
+
+	if (*value == '=')			/* no `=' in value */
+		++value;
+	l_value = strlen(value);
+	if ((C = __findenv(name, &offset))) {	/* find if already exists */
+		if (!rewrite)
+			return (0);
+		if (strlen(C) >= l_value) {	/* old larger; copy over */
+			while ((*C++ = *value++))
+				;
+			return (0);
+		}
+	} else {					/* create new slot */
+		register int	cnt;
+		register char	**P;
+
+		for (P = environ, cnt = 0; *P; ++P, ++cnt);
+		if (alloced) {			/* just increase size */
+			P = (char **)realloc((void *)environ,
+			    (size_t)(sizeof(char *) * (cnt + 2)));
+			if (!P)
+				return (-1);
+			environ = P;
+		}
+		else {				/* get new space */
+			alloced = 1;		/* copy old entries into it */
+			P = (char **)malloc((size_t)(sizeof(char *) *
+			    (cnt + 2)));
+			if (!P)
+				return (-1);
+			memmove(P, environ, cnt * sizeof(char *));
+			environ = P;
+		}
+		environ[cnt + 1] = NULL;
+		offset = cnt;
+	}
+	for (C = (char *)name; *C && *C != '='; ++C);	/* no `=' in name */
+	if (!(environ[offset] =			/* name + `=' + value */
+	    malloc((size_t)((int)(C - name) + l_value + 2))))
+		return (-1);
+	for (C = environ[offset]; (*C = *name++) && *C != '='; ++C)
+		;
+	for (*C++ = '='; (*C++ = *value++); )
+		;
+	return (0);
+}
+
+/*
+ * unsetenv(name) --
+ *	Delete environmental variable "name".
+ */
+void
+unsetenv(name)
+	const char	*name;
+{
+	extern char **environ;
+	register char **P;
+	int offset;
+	char *__findenv();
+
+	while (__findenv(name, &offset))		/* if set multiple times */
+		for (P = &environ[offset];; ++P)
+			if (!(*P = *(P + 1)))
+				break;
+}
+
+#endif /* HAVE_SETENV */
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/setenv.h openssh-3.1p1/openbsd-compat/setenv.h
--- ssh-openbsd-2002030700/openbsd-compat/setenv.h	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/setenv.h	Fri Feb  9 12:55:36 2001
@@ -0,0 +1,14 @@
+/* $Id: setenv.h,v 1.2 2001/02/09 01:55:36 djm Exp $ */
+
+#ifndef _BSD_SETENV_H
+#define _BSD_SETENV_H
+
+#include "config.h"
+
+#ifndef HAVE_SETENV
+
+int setenv(register const char *name, register const char *value, int rewrite);
+
+#endif /* !HAVE_SETENV */
+
+#endif /* _BSD_SETENV_H */
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/setproctitle.c openssh-3.1p1/openbsd-compat/setproctitle.c
--- ssh-openbsd-2002030700/openbsd-compat/setproctitle.c	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/setproctitle.c	Wed Feb 13 16:00:16 2002
@@ -0,0 +1,102 @@
+/*
+ * Modified for OpenSSH by Kevin Steves
+ * October 2000
+ */
+
+/*
+ * Copyright (c) 1994, 1995 Christopher G. Demetriou
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by Christopher G. Demetriou
+ *	for the NetBSD Project.
+ * 4. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char rcsid[] = "$OpenBSD: setproctitle.c,v 1.8 2001/11/06 19:21:40 art Exp $";
+#endif /* LIBC_SCCS and not lint */
+
+#include "includes.h"
+
+#ifndef HAVE_SETPROCTITLE
+
+#define SPT_NONE	0
+#define SPT_PSTAT	1
+
+#ifndef SPT_TYPE
+#define SPT_TYPE	SPT_NONE
+#endif
+
+#if SPT_TYPE == SPT_PSTAT
+#include <sys/param.h>
+#include <sys/pstat.h>
+#endif /* SPT_TYPE == SPT_PSTAT */
+
+#define	MAX_PROCTITLE	2048
+
+extern char *__progname;
+
+/*
+ * Set Process Title (SPT) defines.  Modeled after sendmail's
+ * SPT type definition strategy.
+ *
+ * SPT_TYPE:
+ *
+ * SPT_NONE:	Don't set the process title.  Default.
+ * SPT_PSTAT:	Use pstat(PSTAT_SETCMD).  HP-UX specific.
+ */
+
+void
+setproctitle(const char *fmt, ...)
+{
+#if SPT_TYPE != SPT_NONE
+	va_list ap;
+	
+	char buf[MAX_PROCTITLE];
+	size_t used;
+
+#if SPT_TYPE == SPT_PSTAT
+	union pstun pst;
+#endif /* SPT_TYPE == SPT_PSTAT */
+
+	va_start(ap, fmt);
+	if (fmt != NULL) {
+		used = snprintf(buf, MAX_PROCTITLE, "%s: ", __progname);
+		if (used >= MAX_PROCTITLE)
+			used = MAX_PROCTITLE - 1;
+		(void)vsnprintf(buf + used, MAX_PROCTITLE - used, fmt, ap);
+	} else
+		(void)snprintf(buf, MAX_PROCTITLE, "%s", __progname);
+	va_end(ap);
+	used = strlen(buf);
+
+#if SPT_TYPE == SPT_PSTAT
+	pst.pst_command = buf;
+	pstat(PSTAT_SETCMD, pst, used, 0, 0);
+#endif /* SPT_TYPE == SPT_PSTAT */
+
+#endif /* SPT_TYPE != SPT_NONE */
+}
+#endif /* HAVE_SETPROCTITLE */
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/setproctitle.h openssh-3.1p1/openbsd-compat/setproctitle.h
--- ssh-openbsd-2002030700/openbsd-compat/setproctitle.h	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/setproctitle.h	Fri Feb  9 12:55:36 2001
@@ -0,0 +1,12 @@
+/* $Id: setproctitle.h,v 1.2 2001/02/09 01:55:36 djm Exp $ */
+
+#ifndef _BSD_SETPROCTITLE_H
+#define _BSD_SETPROCTITLE_H
+
+#include "config.h"
+
+#ifndef HAVE_SETPROCTITLE
+void setproctitle(const char *fmt, ...);
+#endif
+
+#endif /* _BSD_SETPROCTITLE_H */
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/sigact.c openssh-3.1p1/openbsd-compat/sigact.c
--- ssh-openbsd-2002030700/openbsd-compat/sigact.c	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/sigact.c	Sun Sep 30 00:27:01 2001
@@ -0,0 +1,102 @@
+/*	$OpenBSD: sigaction.c,v 1.3 1999/06/27 08:14:21 millert Exp $	*/
+
+/****************************************************************************
+ * Copyright (c) 1998 Free Software Foundation, Inc.                        *
+ *                                                                          *
+ * Permission is hereby granted, free of charge, to any person obtaining a  *
+ * copy of this software and associated documentation files (the            *
+ * "Software"), to deal in the Software without restriction, including      *
+ * without limitation the rights to use, copy, modify, merge, publish,      *
+ * distribute, distribute with modifications, sublicense, and/or sell       *
+ * copies of the Software, and to permit persons to whom the Software is    *
+ * furnished to do so, subject to the following conditions:                 *
+ *                                                                          *
+ * The above copyright notice and this permission notice shall be included  *
+ * in all copies or substantial portions of the Software.                   *
+ *                                                                          *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS  *
+ * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF               *
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.   *
+ * IN NO EVENT SHALL THE ABOVE COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,   *
+ * DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR    *
+ * OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR    *
+ * THE USE OR OTHER DEALINGS IN THE SOFTWARE.                               *
+ *                                                                          *
+ * Except as contained in this notice, the name(s) of the above copyright   *
+ * holders shall not be used in advertising or otherwise to promote the     *
+ * sale, use or other dealings in this Software without prior written       *
+ * authorization.                                                           *
+ ****************************************************************************/
+
+/****************************************************************************
+ *  Author: Zeyd M. Ben-Halim <zmbenhal@netcom.com> 1992,1995               *
+ *     and: Eric S. Raymond <esr@snark.thyrsus.com>                         *
+ ****************************************************************************/
+
+#include "config.h"
+#include <signal.h>
+#include "sigact.h"
+
+/* This file provides sigaction() emulation using sigvec() */
+/* Use only if this is non POSIX system */
+
+#if !HAVE_SIGACTION && HAVE_SIGVEC
+
+int
+sigaction(int sig, struct sigaction *sigact, struct sigaction *osigact)
+{
+	return sigvec(sig, &(sigact->sv), &(osigact->sv));
+}
+
+int
+sigemptyset (sigset_t * mask)
+{
+	*mask = 0;
+	return 0;
+}
+
+int
+sigprocmask (int mode, sigset_t * mask, sigset_t * omask)
+{
+	sigset_t current = sigsetmask(0);
+
+	if (omask) *omask = current;
+
+	if (mode==SIG_BLOCK)
+		current |= *mask;
+	else if (mode==SIG_UNBLOCK)
+		current &= ~*mask;
+	else if (mode==SIG_SETMASK)
+	current = *mask;
+
+	sigsetmask(current);
+	return 0;
+}
+
+int
+sigsuspend (sigset_t * mask)
+{
+	return sigpause(*mask);
+}
+
+int
+sigdelset (sigset_t * mask, int sig)
+{
+	*mask &= ~sigmask(sig);
+	return 0;
+}
+
+int
+sigaddset (sigset_t * mask, int sig)
+{
+	*mask |= sigmask(sig);
+	return 0;
+}
+
+int
+sigismember (sigset_t * mask, int sig)
+{
+	return (*mask & sigmask(sig)) != 0;
+}
+
+#endif
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/sigact.h openssh-3.1p1/openbsd-compat/sigact.h
--- ssh-openbsd-2002030700/openbsd-compat/sigact.h	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/sigact.h	Sat Feb 24 11:24:20 2001
@@ -0,0 +1,88 @@
+/*	$OpenBSD: SigAction.h,v 1.2 1999/06/27 08:15:19 millert Exp $	*/
+
+/****************************************************************************
+ * Copyright (c) 1998 Free Software Foundation, Inc.                        *
+ *                                                                          *
+ * Permission is hereby granted, free of charge, to any person obtaining a  *
+ * copy of this software and associated documentation files (the            *
+ * "Software"), to deal in the Software without restriction, including      *
+ * without limitation the rights to use, copy, modify, merge, publish,      *
+ * distribute, distribute with modifications, sublicense, and/or sell       *
+ * copies of the Software, and to permit persons to whom the Software is    *
+ * furnished to do so, subject to the following conditions:                 *
+ *                                                                          *
+ * The above copyright notice and this permission notice shall be included  *
+ * in all copies or substantial portions of the Software.                   *
+ *                                                                          *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS  *
+ * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF               *
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.   *
+ * IN NO EVENT SHALL THE ABOVE COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,   *
+ * DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR    *
+ * OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR    *
+ * THE USE OR OTHER DEALINGS IN THE SOFTWARE.                               *
+ *                                                                          *
+ * Except as contained in this notice, the name(s) of the above copyright   *
+ * holders shall not be used in advertising or otherwise to promote the     *
+ * sale, use or other dealings in this Software without prior written       *
+ * authorization.                                                           *
+ ****************************************************************************/
+
+/****************************************************************************
+ *  Author: Zeyd M. Ben-Halim <zmbenhal@netcom.com> 1992,1995               *
+ *     and: Eric S. Raymond <esr@snark.thyrsus.com>                         *
+ ****************************************************************************/
+
+/*
+ * $From: SigAction.h,v 1.5 1999/06/19 23:00:54 tom Exp $
+ *
+ * This file exists to handle non-POSIX systems which don't have <unistd.h>,
+ * and usually no sigaction() nor <termios.h>
+ */
+
+#ifndef _SIGACTION_H
+#define _SIGACTION_H
+
+#if !defined(HAVE_SIGACTION) && defined(HAVE_SIGVEC)
+
+#undef  SIG_BLOCK
+#define SIG_BLOCK       00
+
+#undef  SIG_UNBLOCK
+#define SIG_UNBLOCK     01
+
+#undef  SIG_SETMASK
+#define SIG_SETMASK     02
+
+/*
+ * <bsd/signal.h> is in the Linux 1.2.8 + gcc 2.7.0 configuration,
+ * and is useful for testing this header file.
+ */
+#if HAVE_BSD_SIGNAL_H
+# include <bsd/signal.h>
+#endif
+
+struct sigaction
+{
+	struct sigvec sv;
+};
+
+typedef unsigned long sigset_t;
+
+#undef  sa_mask
+#define sa_mask sv.sv_mask
+#undef  sa_handler
+#define sa_handler sv.sv_handler
+#undef  sa_flags
+#define sa_flags sv.sv_flags
+
+int sigaction(int sig, struct sigaction *sigact, struct sigaction *osigact);
+int sigprocmask (int how, sigset_t *mask, sigset_t *omask);
+int sigemptyset (sigset_t *mask);
+int sigsuspend (sigset_t *mask);
+int sigdelset (sigset_t *mask, int sig);
+int sigaddset (sigset_t *mask, int sig);
+
+#endif /* !defined(HAVE_SIGACTION) && defined(HAVE_SIGVEC) */
+
+#endif /* !defined(_SIGACTION_H) */
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/strlcat.c openssh-3.1p1/openbsd-compat/strlcat.c
--- ssh-openbsd-2002030700/openbsd-compat/strlcat.c	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/strlcat.c	Thu Jun 28 14:48:29 2001
@@ -0,0 +1,79 @@
+/*	$OpenBSD: strlcat.c,v 1.8 2001/05/13 15:40:15 deraadt Exp $	*/
+
+/*
+ * Copyright (c) 1998 Todd C. Miller <Todd.Miller@courtesan.com>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL
+ * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#ifndef HAVE_STRLCAT
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char *rcsid = "$OpenBSD: strlcat.c,v 1.8 2001/05/13 15:40:15 deraadt Exp $";
+#endif /* LIBC_SCCS and not lint */
+
+#include <sys/types.h>
+#include <string.h>
+#include "strlcat.h"
+
+/*
+ * Appends src to string dst of size siz (unlike strncat, siz is the
+ * full size of dst, not space left).  At most siz-1 characters
+ * will be copied.  Always NUL terminates (unless siz <= strlen(dst)).
+ * Returns strlen(src) + MIN(siz, strlen(initial dst)).
+ * If retval >= siz, truncation occurred.
+ */
+size_t
+strlcat(dst, src, siz)
+	char *dst;
+	const char *src;
+	size_t siz;
+{
+	register char *d = dst;
+	register const char *s = src;
+	register size_t n = siz;
+	size_t dlen;
+
+	/* Find the end of dst and adjust bytes left but don't go past end */
+	while (n-- != 0 && *d != '\0')
+		d++;
+	dlen = d - dst;
+	n = siz - dlen;
+
+	if (n == 0)
+		return(dlen + strlen(s));
+	while (*s != '\0') {
+		if (n != 1) {
+			*d++ = *s;
+			n--;
+		}
+		s++;
+	}
+	*d = '\0';
+
+	return(dlen + (s - src));	/* count does not include NUL */
+}
+
+#endif /* !HAVE_STRLCAT */
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/strlcat.h openssh-3.1p1/openbsd-compat/strlcat.h
--- ssh-openbsd-2002030700/openbsd-compat/strlcat.h	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/strlcat.h	Fri Feb  9 12:55:36 2001
@@ -0,0 +1,12 @@
+/* $Id: strlcat.h,v 1.2 2001/02/09 01:55:36 djm Exp $ */
+
+#ifndef _BSD_STRLCAT_H
+#define _BSD_STRLCAT_H
+
+#include "config.h"
+#ifndef HAVE_STRLCAT
+#include <sys/types.h>
+size_t strlcat(char *dst, const char *src, size_t siz);
+#endif /* !HAVE_STRLCAT */
+
+#endif /* _BSD_STRLCAT_H */
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/strlcpy.c openssh-3.1p1/openbsd-compat/strlcpy.c
--- ssh-openbsd-2002030700/openbsd-compat/strlcpy.c	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/strlcpy.c	Thu Jun 28 14:48:29 2001
@@ -0,0 +1,75 @@
+/*	$OpenBSD: strlcpy.c,v 1.5 2001/05/13 15:40:16 deraadt Exp $	*/
+
+/*
+ * Copyright (c) 1998 Todd C. Miller <Todd.Miller@courtesan.com>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL
+ * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#ifndef HAVE_STRLCPY
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char *rcsid = "$OpenBSD: strlcpy.c,v 1.5 2001/05/13 15:40:16 deraadt Exp $";
+#endif /* LIBC_SCCS and not lint */
+
+#include <sys/types.h>
+#include <string.h>
+#include "strlcpy.h"
+
+/*
+ * Copy src to string dst of size siz.  At most siz-1 characters
+ * will be copied.  Always NUL terminates (unless siz == 0).
+ * Returns strlen(src); if retval >= siz, truncation occurred.
+ */
+size_t
+strlcpy(dst, src, siz)
+	char *dst;
+	const char *src;
+	size_t siz;
+{
+	register char *d = dst;
+	register const char *s = src;
+	register size_t n = siz;
+
+	/* Copy as many bytes as will fit */
+	if (n != 0 && --n != 0) {
+		do {
+			if ((*d++ = *s++) == 0)
+				break;
+		} while (--n != 0);
+	}
+
+	/* Not enough room in dst, add NUL and traverse rest of src */
+	if (n == 0) {
+		if (siz != 0)
+			*d = '\0';		/* NUL-terminate dst */
+		while (*s++)
+			;
+	}
+
+	return(s - src - 1);	/* count does not include NUL */
+}
+
+#endif /* !HAVE_STRLCPY */
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/strlcpy.h openssh-3.1p1/openbsd-compat/strlcpy.h
--- ssh-openbsd-2002030700/openbsd-compat/strlcpy.h	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/strlcpy.h	Fri Feb  9 12:55:36 2001
@@ -0,0 +1,12 @@
+/* $Id: strlcpy.h,v 1.2 2001/02/09 01:55:36 djm Exp $ */
+
+#ifndef _BSD_STRLCPY_H
+#define _BSD_STRLCPY_H
+
+#include "config.h"
+#ifndef HAVE_STRLCPY
+#include <sys/types.h>
+size_t strlcpy(char *dst, const char *src, size_t siz);
+#endif /* !HAVE_STRLCPY */
+
+#endif /* _BSD_STRLCPY_H */
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/strmode.c openssh-3.1p1/openbsd-compat/strmode.c
--- ssh-openbsd-2002030700/openbsd-compat/strmode.c	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/strmode.c	Sat Jun  9 12:22:17 2001
@@ -0,0 +1,156 @@
+/*-
+ * Copyright (c) 1990 The Regents of the University of California.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "includes.h"
+#ifndef HAVE_STRMODE
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char *rcsid = "$OpenBSD: strmode.c,v 1.3 1997/06/13 13:57:20 deraadt Exp $";
+#endif /* LIBC_SCCS and not lint */
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <string.h>
+
+void
+strmode(register mode_t mode, register char *p)
+{
+	 /* print type */
+	switch (mode & S_IFMT) {
+	case S_IFDIR:			/* directory */
+		*p++ = 'd';
+		break;
+	case S_IFCHR:			/* character special */
+		*p++ = 'c';
+		break;
+	case S_IFBLK:			/* block special */
+		*p++ = 'b';
+		break;
+	case S_IFREG:			/* regular */
+		*p++ = '-';
+		break;
+	case S_IFLNK:			/* symbolic link */
+		*p++ = 'l';
+		break;
+#ifdef S_IFSOCK
+	case S_IFSOCK:			/* socket */
+		*p++ = 's';
+		break;
+#endif
+#ifdef S_IFIFO
+	case S_IFIFO:			/* fifo */
+		*p++ = 'p';
+		break;
+#endif
+#ifdef S_IFWHT
+	case S_IFWHT:			/* whiteout */
+		*p++ = 'w';
+		break;
+#endif
+	default:			/* unknown */
+		*p++ = '?';
+		break;
+	}
+	/* usr */
+	if (mode & S_IRUSR)
+		*p++ = 'r';
+	else
+		*p++ = '-';
+	if (mode & S_IWUSR)
+		*p++ = 'w';
+	else
+		*p++ = '-';
+	switch (mode & (S_IXUSR | S_ISUID)) {
+	case 0:
+		*p++ = '-';
+		break;
+	case S_IXUSR:
+		*p++ = 'x';
+		break;
+	case S_ISUID:
+		*p++ = 'S';
+		break;
+	case S_IXUSR | S_ISUID:
+		*p++ = 's';
+		break;
+	}
+	/* group */
+	if (mode & S_IRGRP)
+		*p++ = 'r';
+	else
+		*p++ = '-';
+	if (mode & S_IWGRP)
+		*p++ = 'w';
+	else
+		*p++ = '-';
+	switch (mode & (S_IXGRP | S_ISGID)) {
+	case 0:
+		*p++ = '-';
+		break;
+	case S_IXGRP:
+		*p++ = 'x';
+		break;
+	case S_ISGID:
+		*p++ = 'S';
+		break;
+	case S_IXGRP | S_ISGID:
+		*p++ = 's';
+		break;
+	}
+	/* other */
+	if (mode & S_IROTH)
+		*p++ = 'r';
+	else
+		*p++ = '-';
+	if (mode & S_IWOTH)
+		*p++ = 'w';
+	else
+		*p++ = '-';
+	switch (mode & (S_IXOTH | S_ISVTX)) {
+	case 0:
+		*p++ = '-';
+		break;
+	case S_IXOTH:
+		*p++ = 'x';
+		break;
+	case S_ISVTX:
+		*p++ = 'T';
+		break;
+	case S_IXOTH | S_ISVTX:
+		*p++ = 't';
+		break;
+	}
+	*p++ = ' ';		/* will be a '+' if ACL's implemented */
+	*p = '\0';
+}
+#endif
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/strmode.h openssh-3.1p1/openbsd-compat/strmode.h
--- ssh-openbsd-2002030700/openbsd-compat/strmode.h	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/strmode.h	Sat Jun  9 12:22:17 2001
@@ -0,0 +1,7 @@
+/* $Id: strmode.h,v 1.3 2001/06/09 02:22:17 mouring Exp $ */
+
+#ifndef HAVE_STRMODE
+
+void strmode(register mode_t mode, register char *p);
+
+#endif
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/strsep.c openssh-3.1p1/openbsd-compat/strsep.c
--- ssh-openbsd-2002030700/openbsd-compat/strsep.c	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/strsep.c	Thu Feb  1 08:52:04 2001
@@ -0,0 +1,89 @@
+/*	$OpenBSD: strsep.c,v 1.3 1997/08/20 04:28:14 millert Exp $	*/
+
+/*-
+ * Copyright (c) 1990, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "config.h"
+
+#if !defined(HAVE_STRSEP)
+
+#include <string.h>
+#include <stdio.h>
+
+#if defined(LIBC_SCCS) && !defined(lint)
+#if 0
+static char sccsid[] = "@(#)strsep.c	8.1 (Berkeley) 6/4/93";
+#else
+static char *rcsid = "$OpenBSD: strsep.c,v 1.3 1997/08/20 04:28:14 millert Exp $";
+#endif
+#endif /* LIBC_SCCS and not lint */
+
+/*
+ * Get next token from string *stringp, where tokens are possibly-empty
+ * strings separated by characters from delim.  
+ *
+ * Writes NULs into the string at *stringp to end tokens.
+ * delim need not remain constant from call to call.
+ * On return, *stringp points past the last NUL written (if there might
+ * be further tokens), or is NULL (if there are definitely no more tokens).
+ *
+ * If *stringp is NULL, strsep returns NULL.
+ */
+char *
+strsep(char **stringp, const char *delim)
+{
+	register char *s;
+	register const char *spanp;
+	register int c, sc;
+	char *tok;
+
+	if ((s = *stringp) == NULL)
+		return (NULL);
+	for (tok = s;;) {
+		c = *s++;
+		spanp = delim;
+		do {
+			if ((sc = *spanp++) == c) {
+				if (c == 0)
+					s = NULL;
+				else
+					s[-1] = 0;
+				*stringp = s;
+				return (tok);
+			}
+		} while (sc != 0);
+	}
+	/* NOTREACHED */
+}
+
+#endif /* !defined(HAVE_STRSEP) */
diff -ruN --exclude CVS ssh-openbsd-2002030700/openbsd-compat/strsep.h openssh-3.1p1/openbsd-compat/strsep.h
--- ssh-openbsd-2002030700/openbsd-compat/strsep.h	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/openbsd-compat/strsep.h	Fri Feb  9 12:55:36 2001
@@ -0,0 +1,12 @@
+/* $Id: strsep.h,v 1.2 2001/02/09 01:55:36 djm Exp $ */
+
+#ifndef _BSD_STRSEP_H
+#define _BSD_STRSEP_H
+
+#include "config.h"
+
+#ifndef HAVE_STRSEP
+char *strsep(char **stringp, const char *delim);
+#endif /* HAVE_STRSEP */
+
+#endif /* _BSD_STRSEP_H */
diff -ruN --exclude CVS ssh-openbsd-2002030700/packet.c openssh-3.1p1/packet.c
--- ssh-openbsd-2002030700/packet.c	Thu Mar  7 12:02:04 2002
+++ openssh-3.1p1/packet.c	Tue Mar  5 12:31:29 2002
@@ -1192,8 +1192,10 @@
 packet_set_interactive(int interactive)
 {
 	static int called = 0;
+#if defined(IP_TOS) && !defined(IP_TOS_IS_BROKEN)
 	int lowdelay = IPTOS_LOWDELAY;
 	int throughput = IPTOS_THROUGHPUT;
+#endif
 
 	if (called)
 		return;
@@ -1213,21 +1215,25 @@
 		 * Set IP options for an interactive connection.  Use
 		 * IPTOS_LOWDELAY and TCP_NODELAY.
 		 */
+#if defined(IP_TOS) && !defined(IP_TOS_IS_BROKEN)
 		if (packet_connection_is_ipv4()) {
 			if (setsockopt(connection_in, IPPROTO_IP, IP_TOS,
 			    &lowdelay, sizeof(lowdelay)) < 0)
 				error("setsockopt IPTOS_LOWDELAY: %.100s",
 				    strerror(errno));
 		}
+#endif
 		set_nodelay(connection_in);
 	} else if (packet_connection_is_ipv4()) {
 		/*
 		 * Set IP options for a non-interactive connection.  Use
 		 * IPTOS_THROUGHPUT.
 		 */
+#if defined(IP_TOS) && !defined(IP_TOS_IS_BROKEN)
 		if (setsockopt(connection_in, IPPROTO_IP, IP_TOS, &throughput,
 		    sizeof(throughput)) < 0)
 			error("setsockopt IPTOS_THROUGHPUT: %.100s", strerror(errno));
+#endif
 	}
 }
 
diff -ruN --exclude CVS ssh-openbsd-2002030700/pathnames.h openssh-3.1p1/pathnames.h
--- ssh-openbsd-2002030700/pathnames.h	Sun Feb 10 17:43:26 2002
+++ openssh-3.1p1/pathnames.h	Sun Feb 10 18:32:29 2002
@@ -13,8 +13,14 @@
  */
 
 #define ETCDIR				"/etc"
+
+#ifndef SSHDIR
 #define SSHDIR				ETCDIR "/ssh"
+#endif
+
+#ifndef _PATH_SSH_PIDDIR
 #define _PATH_SSH_PIDDIR		"/var/run"
+#endif
 
 /*
  * System-wide file containing host keys of known hosts.  This file should be
@@ -33,11 +39,13 @@
 #define _PATH_HOST_KEY_FILE		SSHDIR "/ssh_host_key"
 #define _PATH_HOST_DSA_KEY_FILE		SSHDIR "/ssh_host_dsa_key"
 #define _PATH_HOST_RSA_KEY_FILE		SSHDIR "/ssh_host_rsa_key"
-#define _PATH_DH_MODULI			ETCDIR "/moduli"
+#define _PATH_DH_MODULI			SSHDIR "/moduli"
 /* Backwards compatibility */
-#define _PATH_DH_PRIMES			ETCDIR "/primes"
+#define _PATH_DH_PRIMES			SSHDIR "/primes"
 
+#ifndef _PATH_SSH_PROGRAM
 #define _PATH_SSH_PROGRAM		"/usr/bin/ssh"
+#endif
 
 /*
  * The process id of the daemon listening for connections is saved here to
@@ -102,23 +110,49 @@
  * Ssh-only version of /etc/hosts.equiv.  Additionally, the daemon may use
  * ~/.rhosts and /etc/hosts.equiv if rhosts authentication is enabled.
  */
-#define _PATH_SSH_HOSTS_EQUIV		ETCDIR "/shosts.equiv"
+#define _PATH_SSH_HOSTS_EQUIV		SSHDIR "/shosts.equiv"
 #define _PATH_RHOSTS_EQUIV		"/etc/hosts.equiv"
 
 /*
  * Default location of askpass
  */
+#ifndef _PATH_SSH_ASKPASS_DEFAULT
 #define _PATH_SSH_ASKPASS_DEFAULT	"/usr/X11R6/bin/ssh-askpass"
+#endif
 
 /* xauth for X11 forwarding */
+#ifndef _PATH_XAUTH
 #define _PATH_XAUTH			"/usr/X11R6/bin/xauth"
+#endif
 
 /* UNIX domain socket for X11 server; displaynum will replace %u */
+#ifndef _PATH_UNIX_X
 #define _PATH_UNIX_X "/tmp/.X11-unix/X%u"
+#endif
 
 /* for scp */
+#ifndef _PATH_CP
 #define _PATH_CP			"cp"
+#endif
 
 /* for sftp */
+#ifndef _PATH_SFTP_SERVER
 #define _PATH_SFTP_SERVER		"/usr/libexec/sftp-server"
+#endif
+#ifndef _PATH_LS
 #define _PATH_LS			"ls"
+#endif
+
+/* path to login program */
+#ifndef LOGIN_PROGRAM
+# ifdef LOGIN_PROGRAM_FALLBACK
+#  define LOGIN_PROGRAM         LOGIN_PROGRAM_FALLBACK
+# else
+#  define LOGIN_PROGRAM         "/usr/bin/login"
+# endif
+#endif /* LOGIN_PROGRAM */
+
+/* Askpass program define */
+#ifndef ASKPASS_PROGRAM
+#define ASKPASS_PROGRAM         "/usr/lib/ssh/ssh-askpass"
+#endif /* ASKPASS_PROGRAM */
diff -ruN --exclude CVS ssh-openbsd-2002030700/readconf.c openssh-3.1p1/readconf.c
--- ssh-openbsd-2002030700/readconf.c	Tue Feb  5 08:15:39 2002
+++ openssh-3.1p1/readconf.c	Tue Feb  5 12:26:35 2002
@@ -200,9 +200,11 @@
 		  u_short host_port)
 {
 	Forward *fwd;
+#ifndef HAVE_CYGWIN
 	extern uid_t original_real_uid;
 	if (port < IPPORT_RESERVED && original_real_uid != 0)
 		fatal("Privileged ports can only be forwarded by root.");
+#endif
 	if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
 		fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION);
 	fwd = &options->local_forwards[options->num_local_forwards++];
diff -ruN --exclude CVS ssh-openbsd-2002030700/readpass.c openssh-3.1p1/readpass.c
--- ssh-openbsd-2002030700/readpass.c	Wed Feb 13 13:20:08 2002
+++ openssh-3.1p1/readpass.c	Wed Feb 13 14:05:23 2002
@@ -25,8 +25,6 @@
 #include "includes.h"
 RCSID("$OpenBSD: readpass.c,v 1.26 2002/02/13 00:39:15 markus Exp $");
 
-#include <readpassphrase.h>
-
 #include "xmalloc.h"
 #include "readpass.h"
 #include "pathnames.h"
diff -ruN --exclude CVS ssh-openbsd-2002030700/rijndael.c openssh-3.1p1/rijndael.c
--- ssh-openbsd-2002030700/rijndael.c	Wed Dec 19 18:18:56 2001
+++ openssh-3.1p1/rijndael.c	Fri Dec 21 14:45:48 2001
@@ -25,6 +25,8 @@
  * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
  * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
+#include "config.h"
+
 #include <stdlib.h>
 #include <string.h>
 
diff -ruN --exclude CVS ssh-openbsd-2002030700/scard/.cvsignore openssh-3.1p1/scard/.cvsignore
--- ssh-openbsd-2002030700/scard/.cvsignore	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/scard/.cvsignore	Sat Dec 29 18:00:08 2001
@@ -0,0 +1,2 @@
+Makefile
+Ssh.bin
diff -ruN --exclude CVS ssh-openbsd-2002030700/scard/Makefile openssh-3.1p1/scard/Makefile
--- ssh-openbsd-2002030700/scard/Makefile	Fri Jun 29 17:02:09 2001
+++ openssh-3.1p1/scard/Makefile	Thu Jan  1 10:00:00 1970
@@ -1,20 +0,0 @@
-#	$OpenBSD: Makefile,v 1.2 2001/06/29 07:02:09 markus Exp $
-
-.PATH:		${.CURDIR}/..
-
-CARDLET=	Ssh.bin
-DATADIR=	/usr/libdata/ssh
-
-all: ${CARDLET}
-
-clean:
-	rm -f ${CARDLET}
-
-install: ${CARDLET}
-	install -c -m ${LIBMODE} -o ${LIBOWN} -g ${LIBGRP} \
-	    ${CARDLET} ${DESTDIR}${DATADIR}
-
-Ssh.bin: ${.CURDIR}/Ssh.bin.uu
-	uudecode ${.CURDIR}/$@.uu
-
-.include <bsd.prog.mk>
diff -ruN --exclude CVS ssh-openbsd-2002030700/scard/Makefile.in openssh-3.1p1/scard/Makefile.in
--- ssh-openbsd-2002030700/scard/Makefile.in	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/scard/Makefile.in	Sat Oct 27 10:33:19 2001
@@ -0,0 +1,27 @@
+# $Id: Makefile.in,v 1.3 2001/10/27 00:33:19 tim Exp $
+
+prefix=@prefix@
+datadir=@datadir@
+srcdir=@srcdir@
+top_srcdir=@top_srcdir@
+
+INSTALL=@INSTALL@
+
+VPATH=@srcdir@
+
+all:
+
+Ssh.bin:  Ssh.bin.uu
+	uudecode Ssh.bin.uu
+
+clean:
+	rm -rf Ssh.bin
+
+distprep: Ssh.bin
+
+distclean: clean
+	rm -f Makefile *~
+
+install: $(srcdir)/Ssh.bin
+	$(top_srcdir)/mkinstalldirs $(DESTDIR)$(datadir)
+	$(INSTALL) -m 0644 $(srcdir)/Ssh.bin $(DESTDIR)$(datadir)/Ssh.bin
diff -ruN --exclude CVS ssh-openbsd-2002030700/scard/Ssh.java openssh-3.1p1/scard/Ssh.java
--- ssh-openbsd-2002030700/scard/Ssh.java	Tue Jul 31 06:08:14 2001
+++ openssh-3.1p1/scard/Ssh.java	Sat Sep 15 20:58:47 2001
@@ -1,4 +1,4 @@
-// $Id: Ssh.java,v 1.2 2001/07/30 20:08:14 rees Exp $
+// $Id: Ssh.java,v 1.2 2001/09/15 10:58:47 djm Exp $
 //
 // Ssh.java
 // SSH / smartcard integration project, smartcard side
diff -ruN --exclude CVS ssh-openbsd-2002030700/scard.c openssh-3.1p1/scard.c
--- ssh-openbsd-2002030700/scard.c	Fri Dec 28 05:22:16 2001
+++ openssh-3.1p1/scard.c	Tue Jan 22 23:09:23 2002
@@ -22,8 +22,8 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-#ifdef SMARTCARD
 #include "includes.h"
+#ifdef SMARTCARD
 RCSID("$OpenBSD: scard.c,v 1.17 2001/12/27 18:22:16 markus Exp $");
 
 #include <openssl/engine.h>
diff -ruN --exclude CVS ssh-openbsd-2002030700/scp/Makefile openssh-3.1p1/scp/Makefile
--- ssh-openbsd-2002030700/scp/Makefile	Fri May  4 09:09:55 2001
+++ openssh-3.1p1/scp/Makefile	Thu Jan  1 10:00:00 1970
@@ -1,15 +0,0 @@
-#	$OpenBSD: Makefile,v 1.13 2001/05/03 23:09:55 mouring Exp $
-
-.PATH:		${.CURDIR}/..
-
-PROG=	scp
-BINOWN=	root
-
-BINMODE?=555
-
-BINDIR=	/usr/bin
-MAN=	scp.1
-
-SRCS=	scp.c misc.c
-
-.include <bsd.prog.mk>
diff -ruN --exclude CVS ssh-openbsd-2002030700/scp.c openssh-3.1p1/scp.c
--- ssh-openbsd-2002030700/scp.c	Wed Dec  5 14:56:39 2001
+++ openssh-3.1p1/scp.c	Wed Mar  6 05:59:45 2002
@@ -83,11 +83,25 @@
 #include "log.h"
 #include "misc.h"
 
+#ifdef HAVE___PROGNAME
+extern char *__progname;
+#else
+char *__progname;
+#endif
+
 /* For progressmeter() -- number of seconds before xfer considered "stalled" */
 #define STALLTIME	5
 /* alarm() interval for updating progress meter */
 #define PROGRESSTIME	1
 
+/* Progress meter bar */
+#define BAR \
+	"************************************************************"\
+	"************************************************************"\
+	"************************************************************"\
+	"************************************************************"
+#define MAX_BARLENGTH (sizeof(BAR) - 1)
+
 /* Visual statistics about files as they are transferred. */
 void progressmeter(int);
 
@@ -218,6 +232,8 @@
 	extern char *optarg;
 	extern int optind;
 
+	__progname = get_progname(argv[0]);
+
 	args.list = NULL;
 	addargs(&args, "ssh");	 	/* overwritten with ssh_program */
 	addargs(&args, "-x");
@@ -274,6 +290,9 @@
 		case 't':	/* "to" */
 			iamremote = 1;
 			tflag = 1;
+#ifdef HAVE_CYGWIN
+			setmode(0, O_BINARY);
+#endif
 			break;
 		default:
 			usage();
@@ -526,9 +545,16 @@
 				goto next;
 		}
 #define	FILEMODEMASK	(S_ISUID|S_ISGID|S_IRWXU|S_IRWXG|S_IRWXO)
+#ifdef HAVE_LONG_LONG_INT
 		snprintf(buf, sizeof buf, "C%04o %lld %s\n",
 		    (u_int) (stb.st_mode & FILEMODEMASK),
 		    (long long)stb.st_size, last);
+#else
+		/* XXX: Handle integer overflow? */
+		snprintf(buf, sizeof buf, "C%04o %lu %s\n",
+		    (u_int) (stb.st_mode & FILEMODEMASK),
+		    (u_long) stb.st_size, last);
+#endif
 		if (verbose_mode) {
 			fprintf(stderr, "Sending file modes: %s", buf);
 			fflush(stderr);
@@ -856,12 +882,20 @@
 		}
 		if (pflag) {
 			if (exists || omode != mode)
+#ifdef HAVE_FCHMOD
 				if (fchmod(ofd, omode))
+#else /* HAVE_FCHMOD */
+				if (chmod(np, omode))
+#endif /* HAVE_FCHMOD */
 					run_err("%s: set mode: %s",
 					    np, strerror(errno));
 		} else {
 			if (!exists && omode != mode)
+#ifdef HAVE_FCHMOD
 				if (fchmod(ofd, omode & ~mask))
+#else /* HAVE_FCHMOD */
+				if (chmod(np, omode & ~mask))
+#endif /* HAVE_FCHMOD */
 					run_err("%s: set mode: %s",
 					    np, strerror(errno));
 		}
@@ -1005,6 +1039,7 @@
 	int fd, blksize;
 {
 	size_t size;
+#ifdef HAVE_STRUCT_STAT_ST_BLKSIZE
 	struct stat stb;
 
 	if (fstat(fd, &stb) < 0) {
@@ -1016,6 +1051,9 @@
 	else
 		size = blksize + (stb.st_blksize - blksize % stb.st_blksize) %
 		    stb.st_blksize;
+#else /* HAVE_STRUCT_STAT_ST_BLKSIZE */
+	size = blksize;
+#endif /* HAVE_STRUCT_STAT_ST_BLKSIZE */
 	if (bp->cnt >= size)
 		return (bp);
 	if (bp->buf == NULL)
@@ -1059,8 +1097,13 @@
 	if (pgrp == -1)
 		pgrp = getpgrp();
 
+#ifdef HAVE_TCGETPGRP
+	return ((ctty_pgrp = tcgetpgrp(STDOUT_FILENO)) != -1 &&
+		ctty_pgrp == pgrp);
+#else
 	return ((ioctl(STDOUT_FILENO, TIOCGPGRP, &ctty_pgrp) != -1 &&
 		 ctty_pgrp == pgrp));
+#endif
 }
 
 void
@@ -1095,15 +1138,11 @@
 	snprintf(buf, sizeof(buf), "\r%-20.20s %3d%% ", curfile, ratio);
 
 	barlength = getttywidth() - 51;
+	barlength = (barlength <= MAX_BARLENGTH)?barlength:MAX_BARLENGTH;
 	if (barlength > 0) {
 		i = barlength * ratio / 100;
 		snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
-		    "|%.*s%*s|", i,
-		    "***************************************"
-		    "***************************************"
-		    "***************************************"
-		    "***************************************",
-		    barlength - i, "");
+			 "|%.*s%*s|", i, BAR, barlength - i, "");
 	}
 	i = 0;
 	abbrevsize = cursize;
@@ -1111,8 +1150,8 @@
 		i++;
 		abbrevsize >>= 10;
 	}
-	snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), " %5llu %c%c ",
-	    (unsigned long long) abbrevsize, prefixes[i],
+	snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), " %5lu %c%c ",
+	    (unsigned long) abbrevsize, prefixes[i],
 	    prefixes[i] == ' ' ? ' ' : 'B');
 
 	timersub(&now, &lastupdate, &wait);
@@ -1157,7 +1196,7 @@
 	atomicio(write, fileno(stdout), buf, strlen(buf));
 
 	if (flag == -1) {
-		signal(SIGALRM, updateprogressmeter);
+		mysignal(SIGALRM, updateprogressmeter);
 		alarm(PROGRESSTIME);
 	} else if (flag == 1) {
 		alarm(0);
diff -ruN --exclude CVS ssh-openbsd-2002030700/servconf.c openssh-3.1p1/servconf.c
--- ssh-openbsd-2002030700/servconf.c	Tue Feb  5 08:15:39 2002
+++ openssh-3.1p1/servconf.c	Tue Feb  5 12:26:35 2002
@@ -43,6 +43,11 @@
 initialize_server_options(ServerOptions *options)
 {
 	memset(options, 0, sizeof(*options));
+
+	/* Portable-specific options */
+	options->pam_authentication_via_kbd_int = -1;
+
+	/* Standard Options */
 	options->num_ports = 0;
 	options->ports_from_cmdline = 0;
 	options->listen_addrs = NULL;
@@ -110,6 +115,11 @@
 void
 fill_default_server_options(ServerOptions *options)
 {
+	/* Portable-specific options */
+	if (options->pam_authentication_via_kbd_int == -1)
+		options->pam_authentication_via_kbd_int = 0;
+
+	/* Standard Options */
 	if (options->protocol == SSH_PROTO_UNKNOWN)
 		options->protocol = SSH_PROTO_1|SSH_PROTO_2;
 	if (options->num_host_key_files == 0) {
@@ -230,6 +240,9 @@
 /* Keyword tokens. */
 typedef enum {
 	sBadOption,		/* == unknown option */
+	/* Portable-specific options */
+	sPAMAuthenticationViaKbdInt,
+	/* Standard Options */
 	sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
 	sPermitRootLogin, sLogFacility, sLogLevel,
 	sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
@@ -262,6 +275,9 @@
 	const char *name;
 	ServerOpCodes opcode;
 } keywords[] = {
+	/* Portable-specific options */
+	{ "PAMAuthenticationViaKbdInt", sPAMAuthenticationViaKbdInt },
+	/* Standard Options */
 	{ "port", sPort },
 	{ "hostkey", sHostKeyFile },
 	{ "hostdsakey", sHostKeyFile },					/* alias */
@@ -404,6 +420,12 @@
 	charptr = NULL;
 	opcode = parse_token(arg, filename, linenum);
 	switch (opcode) {
+	/* Portable-specific options */
+	case sPAMAuthenticationViaKbdInt:
+		intptr = &options->pam_authentication_via_kbd_int;
+		goto parse_flag;
+
+	/* Standard Options */
 	case sBadOption:
 		return -1;
 	case sPort:
diff -ruN --exclude CVS ssh-openbsd-2002030700/servconf.h openssh-3.1p1/servconf.h
--- ssh-openbsd-2002030700/servconf.h	Thu Mar  7 12:02:04 2002
+++ openssh-3.1p1/servconf.h	Tue Mar  5 12:53:05 2002
@@ -129,6 +129,7 @@
 
 	char   *authorized_keys_file;	/* File containing public keys */
 	char   *authorized_keys_file2;
+	int	pam_authentication_via_kbd_int;
 
 }       ServerOptions;
 
diff -ruN --exclude CVS ssh-openbsd-2002030700/serverloop.c openssh-3.1p1/serverloop.c
--- ssh-openbsd-2002030700/serverloop.c	Fri Feb  8 20:31:06 2002
+++ openssh-3.1p1/serverloop.c	Fri Feb  8 22:07:17 2002
@@ -143,7 +143,7 @@
 	int save_errno = errno;
 	debug("Received SIGCHLD.");
 	child_terminated = 1;
-	signal(SIGCHLD, sigchld_handler);
+	mysignal(SIGCHLD, sigchld_handler);
 	notify_parent();
 	errno = save_errno;
 }
@@ -499,7 +499,7 @@
 
 	/* Initialize the SIGCHLD kludge. */
 	child_terminated = 0;
-	signal(SIGCHLD, sigchld_handler);
+	mysignal(SIGCHLD, sigchld_handler);
 
 	/* Initialize our global variables. */
 	fdin = fdin_arg;
@@ -671,7 +671,7 @@
 	channel_free_all();
 
 	/* We no longer want our SIGCHLD handler to be called. */
-	signal(SIGCHLD, SIG_DFL);
+	mysignal(SIGCHLD, SIG_DFL);
 
 	wait_pid = waitpid(-1, &wait_status, 0);
 	if (wait_pid == -1)
@@ -741,7 +741,7 @@
 
 	debug("Entering interactive session for SSH2.");
 
-	signal(SIGCHLD, sigchld_handler);
+	mysignal(SIGCHLD, sigchld_handler);
 	child_terminated = 0;
 	connection_in = packet_get_connection_in();
 	connection_out = packet_get_connection_out();
diff -ruN --exclude CVS ssh-openbsd-2002030700/session.c openssh-3.1p1/session.c
--- ssh-openbsd-2002030700/session.c	Tue Feb 19 15:00:46 2002
+++ openssh-3.1p1/session.c	Tue Feb 26 02:48:03 2002
@@ -57,6 +57,12 @@
 #include "canohost.h"
 #include "session.h"
 
+#ifdef HAVE_CYGWIN
+#include <windows.h>
+#include <sys/cygwin.h>
+#define is_winnt       (GetVersion() < 0x80000000)
+#endif
+
 /* types */
 
 #define TTYSZ 64
@@ -96,6 +102,9 @@
 void	do_exec_no_pty(Session *, const char *);
 void	do_exec(Session *, const char *);
 void	do_login(Session *, const char *);
+#ifdef LOGIN_NEEDS_UTMPX
+static void	do_pre_login(Session *s);
+#endif
 void	do_child(Session *, const char *);
 void	do_motd(void);
 int	check_quietlogin(Session *, const char *);
@@ -122,6 +131,10 @@
 #define MAX_SESSIONS 10
 Session	sessions[MAX_SESSIONS];
 
+#ifdef WITH_AIXAUTHENTICATE
+char *aixloginmsg;
+#endif /* WITH_AIXAUTHENTICATE */
+
 #ifdef HAVE_LOGIN_CAP
 static login_cap_t *lc;
 #endif
@@ -138,7 +151,7 @@
 		close(startup_pipe);
 		startup_pipe = -1;
 	}
-#ifdef HAVE_LOGIN_CAP
+#if defined(HAVE_LOGIN_CAP) && defined(HAVE_PW_CLASS_IN_PASSWD)
 	if ((lc = login_getclass(authctxt->pw->pw_class)) == NULL) {
 		error("unable to get login class");
 		return;
@@ -150,6 +163,14 @@
 	}
 #endif
 #endif
+#ifdef WITH_AIXAUTHENTICATE
+	/* We don't have a pty yet, so just label the line as "ssh" */
+	if (loginsuccess(authctxt->user,
+	    get_canonical_hostname(options.verify_reverse_mapping),
+	    "ssh", &aixloginmsg) < 0)
+		aixloginmsg = NULL;
+#endif /* WITH_AIXAUTHENTICATE */
+
 	/* setup the channel layer */
 	if (!no_port_forwarding_flag && options.allow_tcp_forwarding)
 		channel_permit_all_opens();
@@ -388,6 +409,14 @@
 
 	session_proctitle(s);
 
+#if defined(USE_PAM)
+	do_pam_session(s->pw->pw_name, NULL);
+	do_pam_setcred(1);
+	if (is_pam_password_change_required())
+		packet_disconnect("Password change required but no "
+		    "TTY available");
+#endif /* USE_PAM */
+
 	/* Fork the child. */
 	if ((pid = fork()) == 0) {
 		/* Child.  Reinitialize the log since the pid has changed. */
@@ -441,6 +470,10 @@
 		do_child(s, command);
 		/* NOTREACHED */
 	}
+#ifdef HAVE_CYGWIN
+	if (is_winnt)
+		cygwin_set_impersonation_token(INVALID_HANDLE_VALUE);
+#endif
 	if (pid < 0)
 		packet_disconnect("fork failed: %.100s", strerror(errno));
 	s->pid = pid;
@@ -494,6 +527,11 @@
 	ptyfd = s->ptyfd;
 	ttyfd = s->ttyfd;
 
+#if defined(USE_PAM)
+	do_pam_session(s->pw->pw_name, s->tty);
+	do_pam_setcred(1);
+#endif
+
 	/* Fork the child. */
 	if ((pid = fork()) == 0) {
 
@@ -517,13 +555,23 @@
 		close(ttyfd);
 
 		/* record login, etc. similar to login(1) */
+#ifndef HAVE_OSF_SIA
 		if (!(options.use_login && command == NULL))
 			do_login(s, command);
+# ifdef LOGIN_NEEDS_UTMPX
+		else
+			do_pre_login(s);
+# endif
+#endif
 
 		/* Do common processing for the child, such as execing the command. */
 		do_child(s, command);
 		/* NOTREACHED */
 	}
+#ifdef HAVE_CYGWIN
+	if (is_winnt)
+		cygwin_set_impersonation_token(INVALID_HANDLE_VALUE);
+#endif
 	if (pid < 0)
 		packet_disconnect("fork failed: %.100s", strerror(errno));
 	s->pid = pid;
@@ -556,6 +604,34 @@
 	}
 }
 
+#ifdef LOGIN_NEEDS_UTMPX
+static void
+do_pre_login(Session *s)
+{
+	socklen_t fromlen;
+	struct sockaddr_storage from;
+	pid_t pid = getpid();
+
+	/*
+	 * Get IP address of client. If the connection is not a socket, let
+	 * the address be 0.0.0.0.
+	 */
+	memset(&from, 0, sizeof(from));
+	if (packet_connection_is_on_socket()) {
+		fromlen = sizeof(from);
+		if (getpeername(packet_get_connection_in(),
+		    (struct sockaddr *) & from, &fromlen) < 0) {
+			debug("getpeername: %.100s", strerror(errno));
+			fatal_cleanup();
+		}
+	}
+
+	record_utmp_only(pid, s->tty, s->pw->pw_name,
+	    get_remote_name_or_ip(utmp_len, options.verify_reverse_mapping),
+	    (struct sockaddr *)&from);
+}
+#endif
+
 /*
  * This is called to fork and execute a command.  If another command is
  * to be forced, execute that instead.
@@ -616,9 +692,29 @@
 	    get_remote_name_or_ip(utmp_len, options.verify_reverse_mapping),
 	    (struct sockaddr *)&from);
 
+#ifdef USE_PAM
+	/*
+	 * If password change is needed, do it now.
+	 * This needs to occur before the ~/.hushlogin check.
+	 */
+	if (is_pam_password_change_required()) {
+		print_pam_messages();
+		do_pam_chauthtok();
+	}
+#endif
+
 	if (check_quietlogin(s, command))
 		return;
 
+#ifdef USE_PAM
+	if (!is_pam_password_change_required())
+		print_pam_messages();
+#endif /* USE_PAM */
+#ifdef WITH_AIXAUTHENTICATE
+	if (aixloginmsg && *aixloginmsg)
+		printf("%s\n", aixloginmsg);
+#endif /* WITH_AIXAUTHENTICATE */
+
 	if (options.print_lastlog && last_login_time != 0) {
 		time_string = ctime(&last_login_time);
 		if (strchr(time_string, '\n'))
@@ -761,6 +857,29 @@
 	fclose(f);
 }
 
+void copy_environment(char **source, char ***env, u_int *envsize)
+{
+	char *var_name, *var_val;
+	int i;
+
+	if (source == NULL)
+		return;
+
+	for(i = 0; source[i] != NULL; i++) {
+		var_name = xstrdup(source[i]);
+		if ((var_val = strstr(var_name, "=")) == NULL) {
+			xfree(var_name);
+			continue;
+		}
+		*var_val++ = '\0';
+
+		debug3("Copy environment: %s=%s", var_name, var_val);
+		child_set_env(env, envsize, var_name, var_val);
+		
+		xfree(var_name);
+	}
+}
+
 static char **
 do_setup_env(Session *s, const char *shell)
 {
@@ -774,6 +893,14 @@
 	env = xmalloc(envsize * sizeof(char *));
 	env[0] = NULL;
 
+#ifdef HAVE_CYGWIN
+	/*
+	 * The Windows environment contains some setting which are
+	 * important for a running system. They must not be dropped.
+	 */
+	copy_environment(environ, &env, &envsize);
+#endif
+
 	if (!options.use_login) {
 		/* Set basic environment. */
 		child_set_env(&env, &envsize, "USER", pw->pw_name);
@@ -782,9 +909,17 @@
 #ifdef HAVE_LOGIN_CAP
 		(void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH);
 		child_set_env(&env, &envsize, "PATH", getenv("PATH"));
-#else
+#else /* HAVE_LOGIN_CAP */
+# ifndef HAVE_CYGWIN
+		/*
+		 * There's no standard path on Windows. The path contains
+		 * important components pointing to the system directories,
+		 * needed for loading shared libraries. So the path better
+		 * remains intact here.
+		 */
 		child_set_env(&env, &envsize, "PATH", _PATH_STDPATH);
-#endif
+# endif /* HAVE_CYGWIN */
+#endif /* HAVE_LOGIN_CAP */
 
 		snprintf(buf, sizeof buf, "%.200s/%.50s",
 			 _PATH_MAILDIR, pw->pw_name);
@@ -827,6 +962,18 @@
 	if (original_command)
 		child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND",
 		    original_command);
+
+#ifdef _AIX
+	{
+		char *cp;
+
+		if ((cp = getenv("AUTHSTATE")) != NULL)
+			child_set_env(&env, &envsize, "AUTHSTATE", cp);
+		if ((cp = getenv("KRB5CCNAME")) != NULL)
+			child_set_env(&env, &envsize, "KRB5CCNAME", cp);
+		read_environment_file(&env, &envsize, "/etc/environment");
+	}
+#endif
 #ifdef KRB4
 	if (s->authctxt->krb4_ticket_file)
 		child_set_env(&env, &envsize, "KRBTKFILE",
@@ -837,6 +984,11 @@
 		child_set_env(&env, &envsize, "KRB5CCNAME",
 		    s->authctxt->krb5_ticket_file);
 #endif
+#ifdef USE_PAM
+	/* Pull in any environment variables that may have been set by PAM. */
+	copy_environment(fetch_pam_environment(), &env, &envsize);
+#endif /* USE_PAM */
+
 	if (auth_get_socket_name() != NULL)
 		child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME,
 		    auth_get_socket_name());
@@ -950,7 +1102,14 @@
 static void
 do_setusercontext(struct passwd *pw)
 {
+#ifdef HAVE_CYGWIN
+	if (is_winnt) {
+#else /* HAVE_CYGWIN */
 	if (getuid() == 0 || geteuid() == 0) {
+#endif /* HAVE_CYGWIN */
+#ifdef HAVE_GETUSERATTR
+		set_limits_from_userattr(pw->pw_name);
+#endif /* HAVE_GETUSERATTR */
 #ifdef HAVE_LOGIN_CAP
 		if (setusercontext(lc, pw, pw->pw_uid,
 		    (LOGIN_SETALL & ~LOGIN_SETPATH)) < 0) {
@@ -958,6 +1117,12 @@
 			exit(1);
 		}
 #else
+# if defined(HAVE_GETLUID) && defined(HAVE_SETLUID)
+		/* Sets login uid for accounting */
+		if (getluid() == -1 && setluid(pw->pw_uid) == -1)
+			error("setluid: %s", strerror(errno));
+# endif /* defined(HAVE_GETLUID) && defined(HAVE_SETLUID) */
+
 		if (setlogin(pw->pw_name) < 0)
 			error("setlogin failed: %s", strerror(errno));
 		if (setgid(pw->pw_gid) < 0) {
@@ -970,7 +1135,17 @@
 			exit(1);
 		}
 		endgrent();
-
+# ifdef USE_PAM
+		/*
+		 * PAM credentials may take the form of supplementary groups. 
+		 * These will have been wiped by the above initgroups() call.
+		 * Reestablish them here.
+		 */
+		do_pam_setcred(0);
+# endif /* USE_PAM */
+# if defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY)
+		irix_setusercontext(pw);
+#  endif /* defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) */
 		/* Permanently switch to the desired uid. */
 		permanently_set_uid(pw);
 #endif
@@ -1006,8 +1181,17 @@
 	 * switch, so we let login(1) to this for us.
 	 */
 	if (!options.use_login) {
+#ifdef HAVE_OSF_SIA
+		session_setup_sia(pw->pw_name, s->ttyfd == -1 ? NULL : s->tty);
+		if (!check_quietlogin(s, command))
+			do_motd();
+#else /* HAVE_OSF_SIA */
 		do_nologin(pw);
+# ifdef _AIX
+		aix_usrinfo(pw, s->tty, s->ttyfd);
+# endif /* _AIX */
 		do_setusercontext(pw);
+#endif /* HAVE_OSF_SIA */
 	}
 
 	/*
@@ -1097,7 +1281,10 @@
 	if (options.use_login) {
 		/* Launch login(1). */
 
-		execl("/usr/bin/login", "login", "-h", hostname,
+		execl(LOGIN_PROGRAM, "login", "-h", hostname,
+#ifdef LOGIN_NEEDS_TERM
+		    (s->term ? s->term : "unknown"),
+#endif /* LOGIN_NEEDS_TERM */
 		    "-p", "-f", "--", pw->pw_name, (char *)NULL);
 
 		/* Login couldn't be executed, die. */
@@ -1490,7 +1677,7 @@
 
 	/* Record that the user has logged out. */
 	if (s->pid != 0)
-		record_logout(s->pid, s->tty);
+		record_logout(s->pid, s->tty, s->pw->pw_name);
 
 	/* Release the pseudo-tty. */
 	pty_release(s->tty);
@@ -1525,7 +1712,11 @@
 	} else if (WIFSIGNALED(status)) {
 		channel_request_start(s->chanid, "exit-signal", 0);
 		packet_put_int(WTERMSIG(status));
+#ifdef WCOREDUMP
 		packet_put_char(WCOREDUMP(status));
+#else /* WCOREDUMP */
+		packet_put_char(0);
+#endif /* WCOREDUMP */
 		packet_put_cstring("");
 		packet_put_cstring("");
 		packet_send();
@@ -1705,8 +1896,23 @@
 		s->display = xstrdup(display);
 		s->auth_display = xstrdup(auth_display);
 	} else {
+#ifdef IPADDR_IN_DISPLAY
+		struct hostent *he;
+		struct in_addr my_addr;
+
+		he = gethostbyname(hostname);
+		if (he == NULL) {
+			error("Can't get IP address for X11 DISPLAY.");
+			packet_send_debug("Can't get IP address for X11 DISPLAY.");
+			return 0;
+		}
+		memcpy(&my_addr, he->h_addr_list[0], sizeof(struct in_addr));
+		snprintf(display, sizeof display, "%.50s:%d.%d", inet_ntoa(my_addr),
+		    s->display_number, s->screen);
+#else
 		snprintf(display, sizeof display, "%.400s:%d.%d", hostname,
 		    s->display_number, s->screen);
+#endif
 		s->display = xstrdup(display);
 		s->auth_display = xstrdup(display);
 	}
diff -ruN --exclude CVS ssh-openbsd-2002030700/sftp/Makefile openssh-3.1p1/sftp/Makefile
--- ssh-openbsd-2002030700/sftp/Makefile	Fri May  4 09:09:57 2001
+++ openssh-3.1p1/sftp/Makefile	Thu Jan  1 10:00:00 1970
@@ -1,19 +0,0 @@
-#	$OpenBSD: Makefile,v 1.5 2001/05/03 23:09:57 mouring Exp $
-
-.PATH:		${.CURDIR}/..
-
-PROG=	sftp
-BINOWN=	root
-
-BINMODE?=555
-
-BINDIR=	/usr/bin
-MAN=	sftp.1
-
-SRCS=	sftp.c sftp-client.c sftp-int.c sftp-common.c sftp-glob.c misc.c
-
-.include <bsd.prog.mk>
-
-LDADD+=	-lcrypto
-DPADD+=	${LIBCRYPTO}
-
diff -ruN --exclude CVS ssh-openbsd-2002030700/sftp-client.c openssh-3.1p1/sftp-client.c
--- ssh-openbsd-2002030700/sftp-client.c	Tue Feb 26 22:39:27 2002
+++ openssh-3.1p1/sftp-client.c	Wed Feb 27 05:02:44 2002
@@ -30,7 +30,11 @@
 #include "includes.h"
 RCSID("$OpenBSD: sftp-client.c,v 1.24 2002/02/24 16:57:19 markus Exp $");
 
+#if defined(HAVE_SYS_QUEUE_H) && !defined(HAVE_BOGUS_SYS_QUEUE_H)
 #include <sys/queue.h>
+#else
+#include "openbsd-compat/fake-queue.h"
+#endif
 
 #include "buffer.h"
 #include "bufaux.h"
@@ -923,7 +927,11 @@
 		status = do_close(conn, handle, handle_len);
 
 		/* Override umask and utimes if asked */
+#ifdef HAVE_FCHMOD
 		if (pflag && fchmod(local_fd, mode) == -1)
+#else 
+		if (pflag && chmod(local_path, mode) == -1)
+#endif /* HAVE_FCHMOD */
 			error("Couldn't set mode on \"%s\": %s", local_path,
 			      strerror(errno));
 		if (pflag && (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME)) {
diff -ruN --exclude CVS ssh-openbsd-2002030700/sftp-glob.c openssh-3.1p1/sftp-glob.c
--- ssh-openbsd-2002030700/sftp-glob.c	Wed Feb 13 13:20:09 2002
+++ openssh-3.1p1/sftp-glob.c	Wed Feb 13 14:10:33 2002
@@ -25,8 +25,6 @@
 #include "includes.h"
 RCSID("$OpenBSD: sftp-glob.c,v 1.10 2002/02/13 00:59:23 djm Exp $");
 
-#include <glob.h>
-
 #include "buffer.h"
 #include "bufaux.h"
 #include "xmalloc.h"
@@ -64,16 +62,40 @@
 static struct dirent *
 fudge_readdir(struct SFTP_OPENDIR *od)
 {
-	static struct dirent ret;
-
+	/* Solaris needs sizeof(dirent) + path length (see below) */
+	static char buf[sizeof(struct dirent) + MAXPATHLEN];
+	struct dirent *ret = (struct dirent *)buf;
+#ifdef __GNU_LIBRARY__
+	static int inum = 1;
+#endif /* __GNU_LIBRARY__ */
+	
 	if (od->dir[od->offset] == NULL)
 		return(NULL);
 
-	memset(&ret, 0, sizeof(ret));
-	strlcpy(ret.d_name, od->dir[od->offset++]->filename,
-	    sizeof(ret.d_name));
+	memset(buf, 0, sizeof(buf));
+
+	/*
+	 * Solaris defines dirent->d_name as a one byte array and expects
+	 * you to hack around it.
+	 */
+#ifdef BROKEN_ONE_BYTE_DIRENT_D_NAME
+	strlcpy(ret->d_name, od->dir[od->offset++]->filename, MAXPATHLEN);
+#else
+	strlcpy(ret->d_name, od->dir[od->offset++]->filename,
+	    sizeof(ret->d_name));
+#endif
+#ifdef __GNU_LIBRARY__
+	/*
+	 * Idiot glibc uses extensions to struct dirent for readdir with
+	 * ALTDIRFUNCs. Not that this is documented anywhere but the 
+	 * source... Fake an inode number to appease it.
+	 */
+	ret->d_ino = inum++;
+	if (!inum)
+		inum = 1;
+#endif /* __GNU_LIBRARY__ */
 
-	return(&ret);
+	return(ret);
 }
 
 static void
diff -ruN --exclude CVS ssh-openbsd-2002030700/sftp-int.c openssh-3.1p1/sftp-int.c
--- ssh-openbsd-2002030700/sftp-int.c	Wed Feb 13 13:20:09 2002
+++ openssh-3.1p1/sftp-int.c	Wed Feb 13 14:10:33 2002
@@ -28,8 +28,6 @@
 #include "includes.h"
 RCSID("$OpenBSD: sftp-int.c,v 1.44 2002/02/13 00:59:23 djm Exp $");
 
-#include <glob.h>
-
 #include "buffer.h"
 #include "xmalloc.h"
 #include "log.h"
@@ -891,8 +889,13 @@
 			return;
 		}
 	}
+#if HAVE_SETVBUF
 	setvbuf(stdout, NULL, _IOLBF, 0);
 	setvbuf(infile, NULL, _IOLBF, 0);
+#else
+	setlinebuf(stdout);
+	setlinebuf(infile);
+#endif
 
 	for (;;) {
 		char *cp;
diff -ruN --exclude CVS ssh-openbsd-2002030700/sftp-server/Makefile openssh-3.1p1/sftp-server/Makefile
--- ssh-openbsd-2002030700/sftp-server/Makefile	Sun Mar  4 10:59:36 2001
+++ openssh-3.1p1/sftp-server/Makefile	Thu Jan  1 10:00:00 1970
@@ -1,18 +0,0 @@
-#	$OpenBSD: Makefile,v 1.5 2001/03/03 23:59:36 markus Exp $
-
-.PATH:		${.CURDIR}/..
-
-PROG=	sftp-server
-BINOWN=	root
-
-BINMODE?=555
-
-BINDIR=	/usr/libexec
-MAN=	sftp-server.8
-
-SRCS=	sftp-server.c sftp-common.c
-
-.include <bsd.prog.mk>
-
-LDADD+=	-lcrypto
-DPADD+=	${LIBCRYPTO}
diff -ruN --exclude CVS ssh-openbsd-2002030700/sftp-server.8 openssh-3.1p1/sftp-server.8
--- ssh-openbsd-2002030700/sftp-server.8	Sun Feb 10 18:12:31 2002
+++ openssh-3.1p1/sftp-server.8	Mon Jun 25 14:45:35 2001
@@ -59,5 +59,4 @@
 Markus Friedl <markus@openbsd.org>
 .Sh HISTORY
 .Nm
-first appeared in
-.Ox 2.8 .
+first appeared in OpenBSD 2.8 .
diff -ruN --exclude CVS ssh-openbsd-2002030700/sftp-server.c openssh-3.1p1/sftp-server.c
--- ssh-openbsd-2002030700/sftp-server.c	Wed Feb 13 13:20:09 2002
+++ openssh-3.1p1/sftp-server.c	Wed Feb 13 14:05:00 2002
@@ -39,6 +39,12 @@
 #define get_string(lenp)		buffer_get_string(&iqueue, lenp);
 #define TRACE				debug
 
+#ifdef HAVE___PROGNAME
+extern char *__progname;
+#else
+char *__progname;
+#endif
+
 /* input and output queue */
 Buffer iqueue;
 Buffer oqueue;
@@ -431,7 +437,7 @@
 	len = get_int();
 
 	TRACE("read id %d handle %d off %llu len %d", id, handle,
-	    (unsigned long long)off, len);
+	    (u_int64_t)off, len);
 	if (len > sizeof buf) {
 		len = sizeof buf;
 		log("read change len %d", len);
@@ -472,7 +478,7 @@
 	data = get_string(&len);
 
 	TRACE("write id %d handle %d off %llu len %d", id, handle,
-	    (unsigned long long)off, len);
+	    (u_int64_t)off, len);
 	fd = handle_to_fd(handle);
 	if (fd >= 0) {
 		if (lseek(fd, off, SEEK_SET) < 0) {
@@ -614,13 +620,15 @@
 	u_int32_t id;
 	int handle, fd, ret;
 	int status = SSH2_FX_OK;
+	char *name;
 
 	id = get_int();
 	handle = get_handle();
 	a = get_attrib();
 	TRACE("fsetstat id %d handle %d", id, handle);
 	fd = handle_to_fd(handle);
-	if (fd < 0) {
+	name = handle_to_name(handle);
+	if (fd < 0 || name == NULL) {
 		status = SSH2_FX_FAILURE;
 	} else {
 		if (a->flags & SSH2_FILEXFER_ATTR_SIZE) {
@@ -629,17 +637,29 @@
 				status = errno_to_portable(errno);
 		}
 		if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) {
+#ifdef HAVE_FCHMOD
 			ret = fchmod(fd, a->perm & 0777);
+#else
+			ret = chmod(name, a->perm & 0777);
+#endif
 			if (ret == -1)
 				status = errno_to_portable(errno);
 		}
 		if (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME) {
+#ifdef HAVE_FUTIMES
 			ret = futimes(fd, attrib_to_tv(a));
+#else
+			ret = utimes(name, attrib_to_tv(a));
+#endif
 			if (ret == -1)
 				status = errno_to_portable(errno);
 		}
 		if (a->flags & SSH2_FILEXFER_ATTR_UIDGID) {
+#ifdef HAVE_FCHOWN
 			ret = fchown(fd, a->uid, a->gid);
+#else
+			ret = chown(name, a->uid, a->gid);
+#endif
 			if (ret == -1)
 				status = errno_to_portable(errno);
 		}
@@ -714,7 +734,7 @@
 	glen = MAX(strlen(group), 8);
 	snprintf(buf, sizeof buf, "%s %3d %-*s %-*s %8llu %s %s", mode,
 	    st->st_nlink, ulen, user, glen, group,
-	    (unsigned long long)st->st_size, tbuf, name);
+	    (u_int64_t)st->st_size, tbuf, name);
 	return xstrdup(buf);
 }
 
@@ -1027,6 +1047,7 @@
 
 	/* XXX should use getopt */
 
+	__progname = get_progname(av[0]);
 	handle_init();
 
 #ifdef DEBUG_SFTP_SERVER
@@ -1036,6 +1057,11 @@
 	in = dup(STDIN_FILENO);
 	out = dup(STDOUT_FILENO);
 
+#ifdef HAVE_CYGWIN
+	setmode(in, O_BINARY);
+	setmode(out, O_BINARY);
+#endif
+
 	max = 0;
 	if (in > max)
 		max = in;
diff -ruN --exclude CVS ssh-openbsd-2002030700/sftp.c openssh-3.1p1/sftp.c
--- ssh-openbsd-2002030700/sftp.c	Wed Feb 13 13:20:09 2002
+++ openssh-3.1p1/sftp.c	Wed Feb 13 14:03:57 2002
@@ -39,6 +39,12 @@
 #include "sftp-client.h"
 #include "sftp-int.h"
 
+#ifdef HAVE___PROGNAME
+extern char *__progname;
+#else
+char *__progname;
+#endif
+
 FILE* infile;
 size_t copy_buffer_len = 32768;
 size_t num_requests = 16;
@@ -110,6 +116,7 @@
 	extern int optind;
 	extern char *optarg;
 
+	__progname = get_progname(argv[0]);
 	args.list = NULL;
 	addargs(&args, "ssh");		/* overwritten with ssh_program */
 	addargs(&args, "-oFallBackToRsh no");
@@ -229,6 +236,11 @@
 
 	interactive_loop(in, out, file1, file2);
 
+#if !defined(USE_PIPES)
+        shutdown(in, SHUT_RDWR);
+        shutdown(out, SHUT_RDWR);
+#endif
+
 	close(in);
 	close(out);
 	if (infile != stdin)
diff -ruN --exclude CVS ssh-openbsd-2002030700/ssh/Makefile openssh-3.1p1/ssh/Makefile
--- ssh-openbsd-2002030700/ssh/Makefile	Thu Mar  7 12:02:04 2002
+++ openssh-3.1p1/ssh/Makefile	Thu Jan  1 10:00:00 1970
@@ -1,40 +0,0 @@
-#	$OpenBSD: Makefile,v 1.37 2002/03/05 00:49:51 deraadt Exp $
-
-.PATH:		${.CURDIR}/..
-
-PROG=	ssh
-BINOWN=	root
-
-BINMODE?=4555
-
-BINDIR=	/usr/bin
-MAN=	ssh.1
-LINKS=	${BINDIR}/ssh ${BINDIR}/slogin
-MLINKS=	ssh.1 slogin.1
-
-SRCS=	ssh.c readconf.c clientloop.c sshtty.c \
-	sshconnect.c sshconnect1.c sshconnect2.c
-
-.include <bsd.own.mk> # for AFS
-
-.if (${KERBEROS5:L} == "yes")
-CFLAGS+= -DKRB5 -I${DESTDIR}/usr/include/kerberosV
-LDADD+=  -lkrb5 -lasn1 -lcom_err
-DPADD+=  ${LIBKRB5} ${LIBASN1}
-.endif # KERBEROS5
-
-.if (${KERBEROS:L} == "yes")
-CFLAGS+= -DKRB4 -I${DESTDIR}/usr/include/kerberosIV
-LDADD+=	 -lkrb
-DPADD+=	 ${LIBKRB}
-.if (${AFS:L} == "yes")
-CFLAGS+= -DAFS
-LDADD+=  -lkafs
-DPADD+=  ${LIBKRBAFS}
-.endif # AFS
-.endif # KERBEROS
-
-.include <bsd.prog.mk>
-
-LDADD+=	-lcrypto -lz -ldes
-DPADD+=	${LIBCRYPTO} ${LIBZ}
diff -ruN --exclude CVS ssh-openbsd-2002030700/ssh-add/Makefile openssh-3.1p1/ssh-add/Makefile
--- ssh-openbsd-2002030700/ssh-add/Makefile	Sun Mar  4 11:51:25 2001
+++ openssh-3.1p1/ssh-add/Makefile	Thu Jan  1 10:00:00 1970
@@ -1,18 +0,0 @@
-#	$OpenBSD: Makefile,v 1.20 2001/03/04 00:51:25 markus Exp $
-
-.PATH:		${.CURDIR}/..
-
-PROG=	ssh-add
-BINOWN=	root
-
-BINMODE?=555
-
-BINDIR=	/usr/bin
-MAN=	ssh-add.1
-
-SRCS=	ssh-add.c
-
-.include <bsd.prog.mk>
-
-LDADD+=	-lcrypto
-DPADD+= ${LIBCRYPTO}
diff -ruN --exclude CVS ssh-openbsd-2002030700/ssh-add.c openssh-3.1p1/ssh-add.c
--- ssh-openbsd-2002030700/ssh-add.c	Sun Feb  3 09:30:36 2002
+++ openssh-3.1p1/ssh-add.c	Tue Feb  5 12:12:50 2002
@@ -49,6 +49,12 @@
 #include "pathnames.h"
 #include "readpass.h"
 
+#ifdef HAVE___PROGNAME
+extern char *__progname;
+#else
+char *__progname;
+#endif
+
 /* argv0 */
 extern char *__progname;
 
@@ -253,6 +259,10 @@
 	char *sc_reader_id = NULL;
 	int i, ch, deleting = 0, ret = 0;
 
+	__progname = get_progname(argv[0]);
+	init_rng();
+	seed_rng();
+
 	SSLeay_add_all_algorithms();
 
 	/* At first, get a connection to the authentication agent. */
diff -ruN --exclude CVS ssh-openbsd-2002030700/ssh-agent/Makefile openssh-3.1p1/ssh-agent/Makefile
--- ssh-openbsd-2002030700/ssh-agent/Makefile	Thu Jun 28 05:29:16 2001
+++ openssh-3.1p1/ssh-agent/Makefile	Thu Jan  1 10:00:00 1970
@@ -1,18 +0,0 @@
-#	$OpenBSD: Makefile,v 1.21 2001/06/27 19:29:16 markus Exp $
-
-.PATH:		${.CURDIR}/..
-
-PROG=	ssh-agent
-BINOWN=	root
-
-BINMODE?=555
-
-BINDIR=	/usr/bin
-MAN=	ssh-agent.1
-
-SRCS=	ssh-agent.c
-
-.include <bsd.prog.mk>
-
-LDADD+=	-lcrypto
-DPADD+=	${LIBCRYPTO}
diff -ruN --exclude CVS ssh-openbsd-2002030700/ssh-agent.c openssh-3.1p1/ssh-agent.c
--- ssh-openbsd-2002030700/ssh-agent.c	Thu Mar  7 12:02:04 2002
+++ openssh-3.1p1/ssh-agent.c	Wed Mar  6 05:59:45 2002
@@ -34,9 +34,14 @@
  */
 
 #include "includes.h"
-#include <sys/queue.h>
 RCSID("$OpenBSD: ssh-agent.c,v 1.82 2002/03/04 17:27:39 stevesk Exp $");
 
+#if defined(HAVE_SYS_QUEUE_H) && !defined(HAVE_BOGUS_SYS_QUEUE_H)
+#include <sys/queue.h>
+#else
+#include "openbsd-compat/fake-queue.h"
+#endif
+
 #include <openssl/evp.h>
 #include <openssl/md5.h>
 
@@ -95,7 +100,11 @@
 char socket_name[1024];
 char socket_dir[1024];
 
+#ifdef HAVE___PROGNAME
 extern char *__progname;
+#else
+char *__progname;
+#endif
 
 static void
 idtab_init(void)
@@ -819,7 +828,12 @@
 {
 	int sock, c_flag = 0, d_flag = 0, k_flag = 0, s_flag = 0, ch, nalloc;
 	struct sockaddr_un sunaddr;
+#ifdef HAVE_SETRLIMIT
 	struct rlimit rlim;
+#endif
+#ifdef HAVE_CYGWIN
+	int prev_mask;
+#endif
 	pid_t pid;
 	char *shell, *format, *pidstr, pidstrbuf[1 + 3 * sizeof pid];
 	extern int optind;
@@ -827,7 +841,15 @@
 
 	SSLeay_add_all_algorithms();
 
+	__progname = get_progname(av[0]);
+	init_rng();
+	seed_rng();
+
+#ifdef __GNU_LIBRARY__
+	while ((ch = getopt(ac, av, "+cdks")) != -1) {
+#else /* __GNU_LIBRARY__ */
 	while ((ch = getopt(ac, av, "cdks")) != -1) {
+#endif /* __GNU_LIBRARY__ */
 		switch (ch) {
 		case 'c':
 			if (s_flag)
@@ -908,10 +930,19 @@
 	memset(&sunaddr, 0, sizeof(sunaddr));
 	sunaddr.sun_family = AF_UNIX;
 	strlcpy(sunaddr.sun_path, socket_name, sizeof(sunaddr.sun_path));
+#ifdef HAVE_CYGWIN
+	prev_mask = umask(0177);
+#endif
 	if (bind(sock, (struct sockaddr *) & sunaddr, sizeof(sunaddr)) < 0) {
 		perror("bind");
+#ifdef HAVE_CYGWIN
+		umask(prev_mask);
+#endif
 		cleanup_exit(1);
 	}
+#ifdef HAVE_CYGWIN
+	umask(prev_mask);
+#endif
 	if (listen(sock, 5) < 0) {
 		perror("listen");
 		cleanup_exit(1);
@@ -968,12 +999,14 @@
 	close(1);
 	close(2);
 
+#ifdef HAVE_SETRLIMIT
 	/* deny core dumps, since memory contains unencrypted private keys */
 	rlim.rlim_cur = rlim.rlim_max = 0;
 	if (setrlimit(RLIMIT_CORE, &rlim) < 0) {
 		error("setrlimit RLIMIT_CORE: %s", strerror(errno));
 		cleanup_exit(1);
 	}
+#endif
 
 skip:
 	fatal_add_cleanup(cleanup_socket, NULL);
diff -ruN --exclude CVS ssh-openbsd-2002030700/ssh-keygen/Makefile openssh-3.1p1/ssh-keygen/Makefile
--- ssh-openbsd-2002030700/ssh-keygen/Makefile	Thu Jun 28 05:29:16 2001
+++ openssh-3.1p1/ssh-keygen/Makefile	Thu Jan  1 10:00:00 1970
@@ -1,18 +0,0 @@
-#	$OpenBSD: Makefile,v 1.21 2001/06/27 19:29:16 markus Exp $
-
-.PATH:		${.CURDIR}/..
-
-PROG=	ssh-keygen
-BINOWN=	root
-
-BINMODE?=555
-
-BINDIR=	/usr/bin
-MAN=	ssh-keygen.1
-
-SRCS=	ssh-keygen.c
-
-.include <bsd.prog.mk>
-
-LDADD+=	-lcrypto
-DPADD+=	${LIBCRYPTO}
diff -ruN --exclude CVS ssh-openbsd-2002030700/ssh-keygen.c openssh-3.1p1/ssh-keygen.c
--- ssh-openbsd-2002030700/ssh-keygen.c	Tue Feb 26 22:39:28 2002
+++ openssh-3.1p1/ssh-keygen.c	Wed Feb 27 05:15:10 2002
@@ -76,7 +76,11 @@
 char *key_type_name = NULL;
 
 /* argv0 */
+#ifdef HAVE___PROGNAME
 extern char *__progname;
+#else
+char *__progname;
+#endif
 
 char hostname[MAXHOSTNAMELEN];
 
@@ -846,6 +850,8 @@
 	extern int optind;
 	extern char *optarg;
 
+	__progname = get_progname(av[0]);
+
 	SSLeay_add_all_algorithms();
 
 	/* we need this for the home * directory.  */
@@ -960,6 +966,8 @@
 #endif /* SMARTCARD */
 	}
 
+	init_rng();
+	seed_rng();
 	arc4random_stir();
 
 	if (key_type_name == NULL) {
diff -ruN --exclude CVS ssh-openbsd-2002030700/ssh-keyscan/Makefile openssh-3.1p1/ssh-keyscan/Makefile
--- ssh-openbsd-2002030700/ssh-keyscan/Makefile	Mon Aug  6 09:18:20 2001
+++ openssh-3.1p1/ssh-keyscan/Makefile	Thu Jan  1 10:00:00 1970
@@ -1,18 +0,0 @@
-#	$OpenBSD: Makefile,v 1.4 2001/08/05 23:18:20 markus Exp $
-
-.PATH:		${.CURDIR}/..
-
-PROG=	ssh-keyscan
-BINOWN=	root
-
-BINMODE?=555
-
-BINDIR=	/usr/bin
-MAN=	ssh-keyscan.1
-
-SRCS=	ssh-keyscan.c
-
-.include <bsd.prog.mk>
-
-LDADD+= -lcrypto -lz
-DPADD+= ${LIBCRYPTO} ${LIBZ}
diff -ruN --exclude CVS ssh-openbsd-2002030700/ssh-keyscan.c openssh-3.1p1/ssh-keyscan.c
--- ssh-openbsd-2002030700/ssh-keyscan.c	Thu Mar  7 12:02:04 2002
+++ openssh-3.1p1/ssh-keyscan.c	Tue Mar  5 12:54:53 2002
@@ -9,7 +9,11 @@
 #include "includes.h"
 RCSID("$OpenBSD: ssh-keyscan.c,v 1.35 2002/03/04 18:30:23 stevesk Exp $");
 
+#if defined(HAVE_SYS_QUEUE_H) && !defined(HAVE_BOGUS_SYS_QUEUE_H)
 #include <sys/queue.h>
+#else
+#include "openbsd-compat/fake-queue.h"
+#endif
 #include <errno.h>
 
 #include <openssl/bn.h>
@@ -32,7 +36,11 @@
 
 /* Flag indicating whether IPv4 or IPv6.  This can be set on the command line.
    Default value is AF_UNSPEC means both IPv4 and IPv6. */
+#ifdef IPV4_DEFAULT
+int IPv4or6 = AF_INET;
+#else
 int IPv4or6 = AF_UNSPEC;
+#endif
 
 int ssh_port = SSH_DEFAULT_PORT;
 
@@ -50,7 +58,11 @@
 int maxfd;
 #define MAXCON (maxfd - 10)
 
+#ifdef HAVE___PROGNAME
 extern char *__progname;
+#else
+char *__progname;
+#endif
 fd_set *read_wait;
 size_t read_wait_size;
 int ncon;
@@ -200,6 +212,7 @@
 static int
 fdlim_get(int hard)
 {
+#if defined(HAVE_GETRLIMIT) && defined(RLIMIT_NOFILE)
 	struct rlimit rlfd;
 
 	if (getrlimit(RLIMIT_NOFILE, &rlfd) < 0)
@@ -208,19 +221,30 @@
 		return 10000;
 	else
 		return hard ? rlfd.rlim_max : rlfd.rlim_cur;
+#elif defined (HAVE_SYSCONF)
+	return sysconf (_SC_OPEN_MAX);
+#else
+	return 10000;
+#endif
 }
 
 static int
 fdlim_set(int lim)
 {
+#if defined(HAVE_SETRLIMIT) && defined(RLIMIT_NOFILE)
 	struct rlimit rlfd;
+#endif
 	if (lim <= 0)
 		return (-1);
+#if defined(HAVE_SETRLIMIT) && defined(RLIMIT_NOFILE)
 	if (getrlimit(RLIMIT_NOFILE, &rlfd) < 0)
 		return (-1);
 	rlfd.rlim_cur = lim;
 	if (setrlimit(RLIMIT_NOFILE, &rlfd) < 0)
 		return (-1);
+#elif defined (HAVE_SETDTABLESIZE)
+	setdtablesize(lim);
+#endif
 	return (0);
 }
 
@@ -680,6 +704,9 @@
 	extern int optind;
 	extern char *optarg;
 
+	__progname = get_progname(argv[0]);
+	init_rng();
+	seed_rng();
 	TAILQ_INIT(&tq);
 
 	if (argc <= 1)
diff -ruN --exclude CVS ssh-openbsd-2002030700/ssh-rand-helper.c openssh-3.1p1/ssh-rand-helper.c
--- ssh-openbsd-2002030700/ssh-rand-helper.c	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/ssh-rand-helper.c	Sun Feb 10 18:32:30 2002
@@ -0,0 +1,809 @@
+/*
+ * Copyright (c) 2001-2002 Damien Miller.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+
+#include <openssl/rand.h>
+#include <openssl/sha.h>
+#include <openssl/crypto.h>
+
+/* SunOS 4.4.4 needs this */
+#ifdef HAVE_FLOATINGPOINT_H
+# include <floatingpoint.h>
+#endif /* HAVE_FLOATINGPOINT_H */
+
+#include "misc.h"
+#include "xmalloc.h"
+#include "atomicio.h"
+#include "pathnames.h"
+#include "log.h"
+
+RCSID("$Id: ssh-rand-helper.c,v 1.5 2002/02/10 07:32:30 djm Exp $");
+
+/* Number of bytes we write out */
+#define OUTPUT_SEED_SIZE	48
+
+/* Length of on-disk seedfiles */
+#define SEED_FILE_SIZE		1024
+
+/* Maximum number of command-line arguments to read from file */
+#define NUM_ARGS		10
+
+/* Minimum number of usable commands to be considered sufficient */
+#define MIN_ENTROPY_SOURCES	16
+
+/* Path to on-disk seed file (relative to user's home directory */
+#ifndef SSH_PRNG_SEED_FILE
+# define SSH_PRNG_SEED_FILE      _PATH_SSH_USER_DIR"/prng_seed"
+#endif
+
+/* Path to PRNG commands list */
+#ifndef SSH_PRNG_COMMAND_FILE
+# define SSH_PRNG_COMMAND_FILE   SSHDIR "/ssh_prng_cmds"
+#endif
+
+
+#ifdef HAVE___PROGNAME
+extern char *__progname;
+#else
+char *__progname;
+#endif
+
+#ifndef offsetof
+# define offsetof(type, member) ((size_t) &((type *)0)->member)
+#endif
+
+#define WHITESPACE " \t\n"
+
+#ifndef RUSAGE_SELF
+# define RUSAGE_SELF 0
+#endif
+#ifndef RUSAGE_CHILDREN
+# define RUSAGE_CHILDREN 0
+#endif
+
+#if !defined(PRNGD_SOCKET) && !defined(PRNGD_PORT)
+# define USE_SEED_FILES
+#endif
+
+typedef struct {
+	/* Proportion of data that is entropy */
+	double rate;
+	/* Counter goes positive if this command times out */
+	unsigned int badness;
+	/* Increases by factor of two each timeout */
+	unsigned int sticky_badness;
+	/* Path to executable */
+	char *path;
+	/* argv to pass to executable */
+	char *args[NUM_ARGS]; /* XXX: arbitrary limit */
+	/* full command string (debug) */
+	char *cmdstring;
+} entropy_cmd_t;
+
+/* slow command timeouts (all in milliseconds) */
+/* static int entropy_timeout_default = ENTROPY_TIMEOUT_MSEC; */
+static int entropy_timeout_current = ENTROPY_TIMEOUT_MSEC;
+
+/* this is initialised from a file, by prng_read_commands() */
+static entropy_cmd_t *entropy_cmds = NULL;
+
+/* Prototypes */
+double stir_from_system(void);
+double stir_from_programs(void);
+double stir_gettimeofday(double entropy_estimate);
+double stir_clock(double entropy_estimate);
+double stir_rusage(int who, double entropy_estimate);
+double hash_command_output(entropy_cmd_t *src, char *hash);
+int get_random_bytes_prngd(unsigned char *buf, int len, 
+    unsigned short tcp_port, char *socket_path);
+
+/*
+ * Collect 'len' bytes of entropy into 'buf' from PRNGD/EGD daemon
+ * listening either on 'tcp_port', or via Unix domain socket at *
+ * 'socket_path'.
+ * Either a non-zero tcp_port or a non-null socket_path must be 
+ * supplied.
+ * Returns 0 on success, -1 on error
+ */
+int
+get_random_bytes_prngd(unsigned char *buf, int len, 
+    unsigned short tcp_port, char *socket_path)
+{
+	int fd, addr_len, rval, errors;
+	char msg[2];
+	struct sockaddr_storage addr;
+	struct sockaddr_in *addr_in = (struct sockaddr_in *)&addr;
+	struct sockaddr_un *addr_un = (struct sockaddr_un *)&addr;
+	mysig_t old_sigpipe;
+
+	/* Sanity checks */
+	if (socket_path == NULL && tcp_port == 0)
+		fatal("You must specify a port or a socket");
+	if (socket_path != NULL &&
+	    strlen(socket_path) >= sizeof(addr_un->sun_path))
+		fatal("Random pool path is too long");
+	if (len > 255)
+		fatal("Too many bytes to read from PRNGD");
+
+	memset(&addr, '\0', sizeof(addr));
+
+	if (tcp_port != 0) {
+		addr_in->sin_family = AF_INET;
+		addr_in->sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+		addr_in->sin_port = htons(tcp_port);
+		addr_len = sizeof(*addr_in);
+	} else {
+		addr_un->sun_family = AF_UNIX;
+		strlcpy(addr_un->sun_path, socket_path,
+		    sizeof(addr_un->sun_path));
+		addr_len = offsetof(struct sockaddr_un, sun_path) +
+		    strlen(socket_path) + 1;
+	}
+
+	old_sigpipe = mysignal(SIGPIPE, SIG_IGN);
+
+	errors = 0;
+	rval = -1;
+reopen:
+	fd = socket(addr.ss_family, SOCK_STREAM, 0);
+	if (fd == -1) {
+		error("Couldn't create socket: %s", strerror(errno));
+		goto done;
+	}
+
+	if (connect(fd, (struct sockaddr*)&addr, addr_len) == -1) {
+		if (tcp_port != 0) {
+			error("Couldn't connect to PRNGD port %d: %s",
+			    tcp_port, strerror(errno));
+		} else {
+			error("Couldn't connect to PRNGD socket \"%s\": %s",
+			    addr_un->sun_path, strerror(errno));
+		}
+		goto done;
+	}
+
+	/* Send blocking read request to PRNGD */
+	msg[0] = 0x02;
+	msg[1] = len;
+
+	if (atomicio(write, fd, msg, sizeof(msg)) != sizeof(msg)) {
+		if (errno == EPIPE && errors < 10) {
+			close(fd);
+			errors++;
+			goto reopen;
+		}
+		error("Couldn't write to PRNGD socket: %s",
+		    strerror(errno));
+		goto done;
+	}
+
+	if (atomicio(read, fd, buf, len) != len) {
+		if (errno == EPIPE && errors < 10) {
+			close(fd);
+			errors++;
+			goto reopen;
+		}
+		error("Couldn't read from PRNGD socket: %s",
+		    strerror(errno));
+		goto done;
+	}
+
+	rval = 0;
+done:
+	mysignal(SIGPIPE, old_sigpipe);
+	if (fd != -1)
+		close(fd);
+	return rval;
+}
+
+double
+stir_gettimeofday(double entropy_estimate)
+{
+	struct timeval tv;
+
+	if (gettimeofday(&tv, NULL) == -1)
+		fatal("Couldn't gettimeofday: %s", strerror(errno));
+
+	RAND_add(&tv, sizeof(tv), entropy_estimate);
+
+	return entropy_estimate;
+}
+
+double
+stir_clock(double entropy_estimate)
+{
+#ifdef HAVE_CLOCK
+	clock_t c;
+
+	c = clock();
+	RAND_add(&c, sizeof(c), entropy_estimate);
+
+	return entropy_estimate;
+#else /* _HAVE_CLOCK */
+	return 0;
+#endif /* _HAVE_CLOCK */
+}
+
+double
+stir_rusage(int who, double entropy_estimate)
+{
+#ifdef HAVE_GETRUSAGE
+	struct rusage ru;
+
+	if (getrusage(who, &ru) == -1)
+		return 0;
+
+	RAND_add(&ru, sizeof(ru), entropy_estimate);
+
+	return entropy_estimate;
+#else /* _HAVE_GETRUSAGE */
+	return 0;
+#endif /* _HAVE_GETRUSAGE */
+}
+
+static int
+timeval_diff(struct timeval *t1, struct timeval *t2)
+{
+	int secdiff, usecdiff;
+
+	secdiff = t2->tv_sec - t1->tv_sec;
+	usecdiff = (secdiff*1000000) + (t2->tv_usec - t1->tv_usec);
+	return (int)(usecdiff / 1000);
+}
+
+double
+hash_command_output(entropy_cmd_t *src, char *hash)
+{
+	char buf[8192];
+	fd_set rdset;
+	int bytes_read, cmd_eof, error_abort, msec_elapsed, p[2];
+	int status, total_bytes_read;
+	static int devnull = -1;
+	pid_t pid;
+	SHA_CTX sha;
+	struct timeval tv_start, tv_current;
+
+	debug3("Reading output from \'%s\'", src->cmdstring);
+
+	if (devnull == -1) {
+		devnull = open("/dev/null", O_RDWR);
+		if (devnull == -1)
+			fatal("Couldn't open /dev/null: %s", 
+			    strerror(errno));
+	}
+
+	if (pipe(p) == -1)
+		fatal("Couldn't open pipe: %s", strerror(errno));
+
+	(void)gettimeofday(&tv_start, NULL); /* record start time */
+
+	switch (pid = fork()) {
+		case -1: /* Error */
+			close(p[0]);
+			close(p[1]);
+			fatal("Couldn't fork: %s", strerror(errno));
+			/* NOTREACHED */
+		case 0: /* Child */
+			dup2(devnull, STDIN_FILENO);
+			dup2(p[1], STDOUT_FILENO);
+			dup2(p[1], STDERR_FILENO);
+			close(p[0]);
+			close(p[1]);
+			close(devnull);
+
+			execv(src->path, (char**)(src->args));
+
+			debug("(child) Couldn't exec '%s': %s", 
+			    src->cmdstring, strerror(errno));
+			_exit(-1);
+		default: /* Parent */
+			break;
+	}
+
+	RAND_add(&pid, sizeof(&pid), 0.0);
+
+	close(p[1]);
+
+	/* Hash output from child */
+	SHA1_Init(&sha);
+
+	cmd_eof = error_abort = msec_elapsed = total_bytes_read = 0;
+	while (!error_abort && !cmd_eof) {
+		int ret;
+		struct timeval tv;
+		int msec_remaining;
+
+		(void) gettimeofday(&tv_current, 0);
+		msec_elapsed = timeval_diff(&tv_start, &tv_current);
+		if (msec_elapsed >= entropy_timeout_current) {
+			error_abort=1;
+			continue;
+		}
+		msec_remaining = entropy_timeout_current - msec_elapsed;
+
+		FD_ZERO(&rdset);
+		FD_SET(p[0], &rdset);
+		tv.tv_sec = msec_remaining / 1000;
+		tv.tv_usec = (msec_remaining % 1000) * 1000;
+
+		ret = select(p[0] + 1, &rdset, NULL, NULL, &tv);
+
+		RAND_add(&tv, sizeof(tv), 0.0);
+
+		switch (ret) {
+		case 0:
+			/* timer expired */
+			error_abort = 1;
+			break;
+		case 1:
+			/* command input */
+			do {
+				bytes_read = read(p[0], buf, sizeof(buf));
+			} while (bytes_read == -1 && errno == EINTR);
+			RAND_add(&bytes_read, sizeof(&bytes_read), 0.0);
+			if (bytes_read == -1) {
+				error_abort = 1;
+				break;
+			} else if (bytes_read) {
+				SHA1_Update(&sha, buf, bytes_read);
+				total_bytes_read += bytes_read;
+			} else {
+				cmd_eof = 1;
+			}
+			break;
+		case -1:
+		default:
+			/* error */
+			debug("Command '%s': select() failed: %s", 
+			    src->cmdstring, strerror(errno));
+			error_abort = 1;
+			break;
+		}
+	}
+
+	SHA1_Final(hash, &sha);
+
+	close(p[0]);
+
+	debug3("Time elapsed: %d msec", msec_elapsed);
+
+	if (waitpid(pid, &status, 0) == -1) {
+	       error("Couldn't wait for child '%s' completion: %s",
+	           src->cmdstring, strerror(errno));
+		return 0.0;
+	}
+
+	RAND_add(&status, sizeof(&status), 0.0);
+
+	if (error_abort) {
+		/*
+		 * Closing p[0] on timeout causes the entropy command to
+		 * SIGPIPE. Take whatever output we got, and mark this 
+		 * command as slow 
+		 */
+		debug2("Command '%s' timed out", src->cmdstring);
+		src->sticky_badness *= 2;
+		src->badness = src->sticky_badness;
+		return total_bytes_read;
+	}
+
+	if (WIFEXITED(status)) {
+		if (WEXITSTATUS(status) == 0) {
+			return total_bytes_read;
+		} else {
+			debug2("Command '%s' exit status was %d",
+			    src->cmdstring, WEXITSTATUS(status));
+			src->badness = src->sticky_badness = 128;
+			return 0.0;
+		}
+	} else if (WIFSIGNALED(status)) {
+		debug2("Command '%s' returned on uncaught signal %d !",
+		    src->cmdstring, status);
+		src->badness = src->sticky_badness = 128;
+		return 0.0;
+	} else
+		return 0.0;
+}
+
+double
+stir_from_system(void)
+{
+	double total_entropy_estimate;
+	long int i;
+
+	total_entropy_estimate = 0;
+
+	i = getpid();
+	RAND_add(&i, sizeof(i), 0.5);
+	total_entropy_estimate += 0.1;
+
+	i = getppid();
+	RAND_add(&i, sizeof(i), 0.5);
+	total_entropy_estimate += 0.1;
+
+	i = getuid();
+	RAND_add(&i, sizeof(i), 0.0);
+	i = getgid();
+	RAND_add(&i, sizeof(i), 0.0);
+
+	total_entropy_estimate += stir_gettimeofday(1.0);
+	total_entropy_estimate += stir_clock(0.5);
+	total_entropy_estimate += stir_rusage(RUSAGE_SELF, 2.0);
+
+	return total_entropy_estimate;
+}
+
+double
+stir_from_programs(void)
+{
+	int c;
+	double entropy, total_entropy;
+	char hash[SHA_DIGEST_LENGTH];
+
+	total_entropy = 0;
+	for(c = 0; entropy_cmds[c].path != NULL; c++) {
+		if (!entropy_cmds[c].badness) {
+			/* Hash output from command */
+			entropy = hash_command_output(&entropy_cmds[c],
+			    hash);
+
+			/* Scale back estimate by command's rate */
+			entropy *= entropy_cmds[c].rate;
+
+			/* Upper bound of entropy is SHA_DIGEST_LENGTH */
+			if (entropy > SHA_DIGEST_LENGTH)
+				entropy = SHA_DIGEST_LENGTH;
+
+			/* Stir it in */
+			RAND_add(hash, sizeof(hash), entropy);
+
+			debug3("Got %0.2f bytes of entropy from '%s'", 
+			    entropy, entropy_cmds[c].cmdstring);
+
+			total_entropy += entropy;
+
+			/* Execution time should be a bit unpredictable */
+			total_entropy += stir_gettimeofday(0.05);
+			total_entropy += stir_clock(0.05);
+			total_entropy += stir_rusage(RUSAGE_SELF, 0.1);
+			total_entropy += stir_rusage(RUSAGE_CHILDREN, 0.1);
+		} else {
+			debug2("Command '%s' disabled (badness %d)",
+			    entropy_cmds[c].cmdstring, 
+			    entropy_cmds[c].badness);
+
+			if (entropy_cmds[c].badness > 0)
+				entropy_cmds[c].badness--;
+		}
+	}
+
+	return total_entropy;
+}
+
+/*
+ * prng seedfile functions
+ */
+int
+prng_check_seedfile(char *filename)
+{
+	struct stat st;
+
+	/*
+	 * XXX raceable: eg replace seed between this stat and subsequent 
+	 * open. Not such a problem because we don't really trust the 
+	 * seed file anyway.
+	 * XXX: use secure path checking as elsewhere in OpenSSH
+	 */
+	if (lstat(filename, &st) == -1) {
+		/* Give up on hard errors */
+		if (errno != ENOENT)
+			debug("WARNING: Couldn't stat random seed file "
+			    "\"%.100s\": %s", filename, strerror(errno));
+		return 0;
+	}
+
+	/* regular file? */
+	if (!S_ISREG(st.st_mode))
+		fatal("PRNG seedfile %.100s is not a regular file",
+		    filename);
+
+	/* mode 0600, owned by root or the current user? */
+	if (((st.st_mode & 0177) != 0) || !(st.st_uid == getuid())) {
+		debug("WARNING: PRNG seedfile %.100s must be mode 0600, "
+		    "owned by uid %d", filename, getuid());
+		return 0;
+	}
+
+	return 1;
+}
+
+void
+prng_write_seedfile(void)
+{
+	int fd;
+	char seed[SEED_FILE_SIZE], filename[MAXPATHLEN];
+	struct passwd *pw;
+
+	pw = getpwuid(getuid());
+	if (pw == NULL)
+		fatal("Couldn't get password entry for current user "
+		    "(%i): %s", getuid(), strerror(errno));
+
+	/* Try to ensure that the parent directory is there */
+	snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir,
+	    _PATH_SSH_USER_DIR);
+	mkdir(filename, 0700);
+
+	snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir,
+	    SSH_PRNG_SEED_FILE);
+
+	debug("writing PRNG seed to file %.100s", filename);
+
+	RAND_bytes(seed, sizeof(seed));
+
+	/* Don't care if the seed doesn't exist */
+	prng_check_seedfile(filename);
+
+	if ((fd = open(filename, O_WRONLY|O_TRUNC|O_CREAT, 0600)) == -1) {
+		debug("WARNING: couldn't access PRNG seedfile %.100s "
+		    "(%.100s)", filename, strerror(errno));
+	} else {
+		if (atomicio(write, fd, &seed, sizeof(seed)) < sizeof(seed))
+			fatal("problem writing PRNG seedfile %.100s "
+			    "(%.100s)", filename, strerror(errno));
+		close(fd);
+	}
+}
+
+void
+prng_read_seedfile(void)
+{
+	int fd;
+	char seed[SEED_FILE_SIZE], filename[MAXPATHLEN];
+	struct passwd *pw;
+
+	pw = getpwuid(getuid());
+	if (pw == NULL)
+		fatal("Couldn't get password entry for current user "
+		    "(%i): %s", getuid(), strerror(errno));
+
+	snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir,
+		SSH_PRNG_SEED_FILE);
+
+	debug("loading PRNG seed from file %.100s", filename);
+
+	if (!prng_check_seedfile(filename)) {
+		verbose("Random seed file not found or invalid, ignoring.");
+		return;
+	}
+
+	/* open the file and read in the seed */
+	fd = open(filename, O_RDONLY);
+	if (fd == -1)
+		fatal("could not open PRNG seedfile %.100s (%.100s)",
+		    filename, strerror(errno));
+
+	if (atomicio(read, fd, &seed, sizeof(seed)) < sizeof(seed)) {
+		verbose("invalid or short read from PRNG seedfile "
+		    "%.100s - ignoring", filename);
+		memset(seed, '\0', sizeof(seed));
+	}
+	close(fd);
+
+	/* stir in the seed, with estimated entropy zero */
+	RAND_add(&seed, sizeof(seed), 0.0);
+}
+
+
+/*
+ * entropy command initialisation functions
+ */
+int
+prng_read_commands(char *cmdfilename)
+{
+	char cmd[SEED_FILE_SIZE], *cp, line[1024], path[SEED_FILE_SIZE];
+	double est;
+	entropy_cmd_t *entcmd;
+	FILE *f;
+	int cur_cmd, linenum, num_cmds, arg;
+
+	if ((f = fopen(cmdfilename, "r")) == NULL) {
+		fatal("couldn't read entropy commands file %.100s: %.100s",
+		    cmdfilename, strerror(errno));
+	}
+
+	num_cmds = 64;
+	entcmd = xmalloc(num_cmds * sizeof(entropy_cmd_t));
+	memset(entcmd, '\0', num_cmds * sizeof(entropy_cmd_t));
+
+	/* Read in file */
+	cur_cmd = linenum = 0;
+	while (fgets(line, sizeof(line), f)) {
+		linenum++;
+
+		/* Skip leading whitespace, blank lines and comments */
+		cp = line + strspn(line, WHITESPACE);
+		if ((*cp == 0) || (*cp == '#'))
+			continue; /* done with this line */
+
+		/*
+		 * The first non-whitespace char should be a double quote 
+		 * delimiting the commandline
+		 */
+		if (*cp != '"') {
+			error("bad entropy command, %.100s line %d",
+			    cmdfilename, linenum);
+			continue;
+		}
+
+		/*
+		 * First token, command args (incl. argv[0]) in double
+		 * quotes
+		 */
+		cp = strtok(cp, "\"");
+		if (cp == NULL) {
+			error("missing or bad command string, %.100s "
+			    "line %d -- ignored", cmdfilename, linenum);
+			continue;
+		}
+		strlcpy(cmd, cp, sizeof(cmd));
+
+		/* Second token, full command path */
+		if ((cp = strtok(NULL, WHITESPACE)) == NULL) {
+			error("missing command path, %.100s "
+			    "line %d -- ignored", cmdfilename, linenum);
+			continue;
+		}
+
+		/* Did configure mark this as dead? */
+		if (strncmp("undef", cp, 5) == 0)
+			continue;
+
+		strlcpy(path, cp, sizeof(path));
+
+		/* Third token, entropy rate estimate for this command */
+		if ((cp = strtok(NULL, WHITESPACE)) == NULL) {
+			error("missing entropy estimate, %.100s "
+			    "line %d -- ignored", cmdfilename, linenum);
+			continue;
+		}
+		est = strtod(cp, NULL);
+
+		/* end of line */
+		if ((cp = strtok(NULL, WHITESPACE)) != NULL) {
+			error("garbage at end of line %d in %.100s "
+			    "-- ignored", linenum, cmdfilename);
+			continue;
+		}
+
+		/* save the command for debug messages */
+		entcmd[cur_cmd].cmdstring = xstrdup(cmd);
+
+		/* split the command args */
+		cp = strtok(cmd, WHITESPACE);
+		arg = 0;
+		do {
+			entcmd[cur_cmd].args[arg] = xstrdup(cp);
+			arg++;
+		} while(arg < NUM_ARGS && (cp = strtok(NULL, WHITESPACE)));
+
+		if (strtok(NULL, WHITESPACE))
+			error("ignored extra commands (max %d), %.100s "
+			    "line %d", NUM_ARGS, cmdfilename, linenum);
+
+		/* Copy the command path and rate estimate */
+		entcmd[cur_cmd].path = xstrdup(path);
+		entcmd[cur_cmd].rate = est;
+
+		/* Initialise other values */
+		entcmd[cur_cmd].sticky_badness = 1;
+
+		cur_cmd++;
+
+		/*
+		 * If we've filled the array, reallocate it twice the size
+		 * Do this now because even if this we're on the last 
+		 * command we need another slot to mark the last entry
+		 */
+		if (cur_cmd == num_cmds) {
+			num_cmds *= 2;
+			entcmd = xrealloc(entcmd, num_cmds *
+			    sizeof(entropy_cmd_t));
+		}
+	}
+
+	/* zero the last entry */
+	memset(&entcmd[cur_cmd], '\0', sizeof(entropy_cmd_t));
+
+	/* trim to size */
+	entropy_cmds = xrealloc(entcmd, (cur_cmd + 1) *
+	    sizeof(entropy_cmd_t));
+
+	debug("Loaded %d entropy commands from %.100s", cur_cmd,
+	    cmdfilename);
+
+	return cur_cmd < MIN_ENTROPY_SOURCES ? -1 : 0;
+}
+
+int 
+main(int argc, char **argv)
+{
+	unsigned char buf[OUTPUT_SEED_SIZE];
+	int ret;
+
+	__progname = get_progname(argv[0]);
+	/* XXX: need some debugging mode */
+	log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1);
+
+#ifdef USE_SEED_FILES
+	prng_read_seedfile();
+#endif
+
+	/*
+	 * Seed the RNG from wherever we can
+	 */
+	 
+	/* Take whatever is on the stack, but don't credit it */
+	RAND_add(buf, sizeof(buf), 0);
+
+	debug("Seeded RNG with %i bytes from system calls", 
+	    (int)stir_from_system());
+
+#ifdef PRNGD_PORT
+	if (get_random_bytes_prngd(buf, sizeof(buf), PRNGD_PORT, NULL) == -1)
+		fatal("Entropy collection failed");
+	RAND_add(buf, sizeof(buf), sizeof(buf));
+#elif defined(PRNGD_SOCKET)
+	if (get_random_bytes_prngd(buf, sizeof(buf), 0, PRNGD_SOCKET) == -1)
+		fatal("Entropy collection failed");
+	RAND_add(buf, sizeof(buf), sizeof(buf));
+#else
+	/* Read in collection commands */
+	if (prng_read_commands(SSH_PRNG_COMMAND_FILE) == -1)
+		fatal("PRNG initialisation failed -- exiting.");
+	debug("Seeded RNG with %i bytes from programs", 
+	    (int)stir_from_programs());
+#endif
+
+#ifdef USE_SEED_FILES
+	prng_write_seedfile();
+#endif
+
+	/*
+	 * Write the seed to stdout
+	 */
+
+	if (!RAND_status())
+		fatal("Not enough entropy in RNG");
+
+	RAND_bytes(buf, sizeof(buf));
+
+	ret = atomicio(write, STDOUT_FILENO, buf, sizeof(buf));
+		
+	memset(buf, '\0', sizeof(buf));
+	
+	return ret == sizeof(buf) ? 0 : 1;
+}
+
diff -ruN --exclude CVS ssh-openbsd-2002030700/ssh.c openssh-3.1p1/ssh.c
--- ssh-openbsd-2002030700/ssh.c	Tue Feb 19 15:00:47 2002
+++ openssh-3.1p1/ssh.c	Tue Feb 19 15:20:58 2002
@@ -74,11 +74,19 @@
 #include "scard.h"
 #endif
 
+#ifdef HAVE___PROGNAME
 extern char *__progname;
+#else
+char *__progname;
+#endif
 
 /* Flag indicating whether IPv4 or IPv6.  This can be set on the command line.
    Default value is AF_UNSPEC means both IPv4 and IPv6. */
+#ifdef IPV4_DEFAULT
+int IPv4or6 = AF_INET;
+#else
 int IPv4or6 = AF_UNSPEC;
+#endif
 
 /* Flag indicating whether debug mode is on.  This can be set on the command line. */
 int debug_flag = 0;
@@ -251,6 +259,9 @@
 	extern int optind, optreset;
 	extern char *optarg;
 
+	__progname = get_progname(av[0]);
+	init_rng();
+
 	/*
 	 * Save the original real uid.  It will be needed later (uid-swapping
 	 * may clobber the real uid).
@@ -258,6 +269,7 @@
 	original_real_uid = getuid();
 	original_effective_uid = geteuid();
 
+#ifdef HAVE_SETRLIMIT
 	/* If we are installed setuid root be careful to not drop core. */
 	if (original_real_uid != original_effective_uid) {
 		struct rlimit rlim;
@@ -265,6 +277,7 @@
 		if (setrlimit(RLIMIT_CORE, &rlim) < 0)
 			fatal("setrlimit failed: %.100s", strerror(errno));
 	}
+#endif
 	/* Get user data. */
 	pw = getpwuid(original_real_uid);
 	if (!pw) {
@@ -618,6 +631,8 @@
 	/* reinit */
 	log_init(av[0], options.log_level, SYSLOG_FACILITY_USER, 1);
 
+	seed_rng();
+
 	if (options.user == NULL)
 		options.user = xstrdup(pw->pw_name);
 
@@ -625,7 +640,12 @@
 		host = options.hostname;
 
 	/* Disable rhosts authentication if not running as root. */
+#ifdef HAVE_CYGWIN
+	/* Ignore uid if running under Windows */
+	if (!options.use_privileged_port) {
+#else
 	if (original_effective_uid != 0 || !options.use_privileged_port) {
+#endif
 		debug("Rhosts Authentication disabled, "
 		    "originating port will not be trusted.");
 		options.rhosts_authentication = 0;
diff -ruN --exclude CVS ssh-openbsd-2002030700/ssh.h openssh-3.1p1/ssh.h
--- ssh-openbsd-2002030700/ssh.h	Thu Mar  7 12:02:04 2002
+++ openssh-3.1p1/ssh.h	Tue Mar  5 12:53:05 2002
@@ -15,6 +15,16 @@
 #ifndef SSH_H
 #define SSH_H
 
+#include <netinet/in.h> /* For struct sockaddr_in */
+#include <pwd.h> /* For struct pw */
+#include <stdarg.h> /* For va_list */
+#include <syslog.h> /* For LOG_AUTH and friends */
+#include <sys/socket.h> /* For struct sockaddr_storage */
+#include "openbsd-compat/fake-socket.h" /* For struct sockaddr_storage */
+#ifdef HAVE_SYS_SELECT_H
+# include <sys/select.h>
+#endif
+
 /* Cipher used for encrypting authentication files. */
 #define SSH_AUTHFILE_CIPHER	SSH_CIPHER_3DES
 
@@ -50,6 +60,10 @@
  */
 #define SSH_SERVICE_NAME	"ssh"
 
+#if defined(USE_PAM) && !defined(SSHD_PAM_SERVICE)
+# define SSHD_PAM_SERVICE       __progname
+#endif
+
 /*
  * Name of the environment variable containing the pathname of the
  * authentication socket.
diff -ruN --exclude CVS ssh-openbsd-2002030700/ssh_prng_cmds.in openssh-3.1p1/ssh_prng_cmds.in
--- ssh-openbsd-2002030700/ssh_prng_cmds.in	Thu Jan  1 10:00:00 1970
+++ openssh-3.1p1/ssh_prng_cmds.in	Mon Jul 23 05:32:01 2001
@@ -0,0 +1,75 @@
+# entropy gathering commands
+
+# Format is: "program-name args" path rate
+
+# The "rate" represents the number of bits of usuable entropy per 
+# byte of command output. Be conservative.
+#
+# $Id: ssh_prng_cmds.in,v 1.7 2001/07/22 19:32:01 mouring Exp $
+
+"ls -alni /var/log"			@PROG_LS@	0.02
+"ls -alni /var/adm"			@PROG_LS@	0.02
+"ls -alni /usr/adm"                     @PROG_LS@       0.02
+"ls -alni /var/mail"			@PROG_LS@	0.02
+"ls -alni /usr/mail"                    @PROG_LS@       0.02
+"ls -alni /var/adm/syslog"		@PROG_LS@	0.02
+"ls -alni /usr/adm/syslog"		@PROG_LS@	0.02
+"ls -alni /var/spool/mail"		@PROG_LS@	0.02
+"ls -alni /proc"			@PROG_LS@	0.02
+"ls -alni /tmp"				@PROG_LS@	0.02
+"ls -alni /var/tmp"			@PROG_LS@	0.02
+"ls -alni /usr/tmp"			@PROG_LS@	0.02
+"ls -alTi /var/log"			@PROG_LS@	0.02
+"ls -alTi /var/adm"			@PROG_LS@	0.02
+"ls -alTi /var/mail"			@PROG_LS@	0.02
+"ls -alTi /var/adm/syslog"		@PROG_LS@	0.02
+"ls -alTi /var/spool/mail"		@PROG_LS@	0.02
+"ls -alTi /proc"			@PROG_LS@	0.02
+"ls -alTi /tmp"				@PROG_LS@	0.02
+"ls -alTi /var/tmp"			@PROG_LS@	0.02
+"ls -alTi /usr/tmp"			@PROG_LS@	0.02
+
+"netstat -an"				@PROG_NETSTAT@	0.05
+"netstat -in"				@PROG_NETSTAT@	0.05
+"netstat -rn"				@PROG_NETSTAT@	0.02
+"netstat -pn"				@PROG_NETSTAT@	0.02
+"netstat -ia"                           @PROG_NETSTAT@  0.05
+"netstat -s"				@PROG_NETSTAT@	0.02
+"netstat -is"				@PROG_NETSTAT@	0.07
+
+"arp -a -n"				@PROG_ARP@	0.02
+
+"ifconfig -a"				@PROG_IFCONFIG@	0.02
+
+"ps laxww"				@PROG_PS@	0.03
+"ps -al"				@PROG_PS@	0.03
+"ps -efl"				@PROG_PS@	0.03
+"jstat"				        @PROG_JSTAT@    0.07
+
+"w"					@PROG_W@	0.05
+
+"who -i"				@PROG_WHO@	0.01
+
+"last"					@PROG_LAST@	0.01
+
+"lastlog"				@PROG_LASTLOG@	0.01
+
+"df"					@PROG_DF@	0.01
+"df -i"					@PROG_DF@	0.01
+
+"sar -d"				@PROG_SAR@	0.04
+
+"vmstat"				@PROG_VMSTAT@	0.01
+"uptime"				@PROG_UPTIME@	0.01
+
+"ipcs -a"				@PROG_IPCS@	0.01
+
+"tail -200 /var/log/messages"		@PROG_TAIL@	0.01
+"tail -200 /var/log/syslog"		@PROG_TAIL@	0.01
+"tail -200 /var/adm/messages"		@PROG_TAIL@	0.01
+"tail -200 /var/adm/syslog"		@PROG_TAIL@	0.01
+"tail -200 /var/adm/syslog/syslog.log"	@PROG_TAIL@	0.01
+"tail -200 /var/log/maillog"		@PROG_TAIL@	0.01
+"tail -200 /var/adm/maillog"		@PROG_TAIL@	0.01
+"tail -200 /var/adm/syslog/mail.log"	@PROG_TAIL@	0.01
+
diff -ruN --exclude CVS ssh-openbsd-2002030700/sshconnect.c openssh-3.1p1/sshconnect.c
--- ssh-openbsd-2002030700/sshconnect.c	Tue Jan 22 02:13:51 2002
+++ openssh-3.1p1/sshconnect.c	Wed Mar  6 05:59:46 2002
@@ -39,6 +39,10 @@
 extern Options options;
 extern char *__progname;
 
+#ifndef INET6_ADDRSTRLEN		/* for non IPv6 machines */
+#define INET6_ADDRSTRLEN 46
+#endif
+
 static const char *
 sockaddr_ntop(struct sockaddr *sa)
 {
@@ -304,7 +308,11 @@
 
 			/* Create a socket for connecting. */
 			sock = ssh_create_socket(pw,
+#ifdef HAVE_CYGWIN
+			    !anonymous,
+#else
 			    !anonymous && geteuid() == 0,
+#endif
 			    ai->ai_family);
 			if (sock < 0)
 				/* Any error is already output */
@@ -518,6 +526,7 @@
 	HostStatus host_status;
 	HostStatus ip_status;
 	int local = 0, host_ip_differ = 0;
+	int salen;
 	char ntop[NI_MAXHOST];
 	char msg[1024];
 	int len, host_line, ip_line;
@@ -536,13 +545,16 @@
 	case AF_INET:
 		local = (ntohl(((struct sockaddr_in *)hostaddr)->
 		   sin_addr.s_addr) >> 24) == IN_LOOPBACKNET;
+		salen = sizeof(struct sockaddr_in);
 		break;
 	case AF_INET6:
 		local = IN6_IS_ADDR_LOOPBACK(
 		    &(((struct sockaddr_in6 *)hostaddr)->sin6_addr));
+		salen = sizeof(struct sockaddr_in6);
 		break;
 	default:
 		local = 0;
+		salen = sizeof(struct sockaddr_storage);
 		break;
 	}
 	if (options.no_host_authentication_for_localhost == 1 && local &&
@@ -557,7 +569,7 @@
 	 * using a proxy command
 	 */
 	if (options.proxy_command == NULL) {
-		if (getnameinfo(hostaddr, hostaddr->sa_len, ntop, sizeof(ntop),
+		if (getnameinfo(hostaddr, salen, ntop, sizeof(ntop),
 		    NULL, 0, NI_NUMERICHOST) != 0)
 			fatal("check_host_key: getnameinfo failed");
 		ip = xstrdup(ntop);
diff -ruN --exclude CVS ssh-openbsd-2002030700/sshd/Makefile openssh-3.1p1/sshd/Makefile
--- ssh-openbsd-2002030700/sshd/Makefile	Thu Mar  7 12:02:05 2002
+++ openssh-3.1p1/sshd/Makefile	Thu Jan  1 10:00:00 1970
@@ -1,54 +0,0 @@
-#	$OpenBSD: Makefile,v 1.46 2002/03/05 00:49:51 deraadt Exp $
-
-.PATH:		${.CURDIR}/..
-
-PROG=	sshd
-BINOWN=	root
-BINMODE=555
-BINDIR=	/usr/sbin
-MAN=	sshd.8
-CFLAGS+=-DHAVE_LOGIN_CAP -DBSD_AUTH
-
-SRCS=	sshd.c auth-rhosts.c auth-passwd.c auth-rsa.c auth-rh-rsa.c \
-	sshpty.c sshlogin.c servconf.c serverloop.c \
-	auth.c auth1.c auth2.c auth-options.c session.c \
-	auth-chall.c auth2-chall.c groupaccess.c \
-	auth-skey.c auth-bsdauth.c
-
-.include <bsd.own.mk> # for KERBEROS and AFS
-
-.if (${KERBEROS5:L} == "yes")
-CFLAGS+=-DKRB5 -I${DESTDIR}/usr/include/kerberosV
-SRCS+=  auth-krb5.c
-LDADD+= -lkrb5 -lkafs -lasn1 -lcom_err
-DPADD+= ${LIBKRB5} ${LIBKAFS} ${LIBASN1}
-.endif # KERBEROS5
-
-.if (${KERBEROS:L} == "yes")
-.if (${AFS:L} == "yes")
-CFLAGS+= -DAFS
-LDADD+=  -lkafs
-DPADD+=  ${LIBKRBAFS}
-.endif # AFS
-CFLAGS+= -DKRB4 -I${DESTDIR}/usr/include/kerberosIV
-SRCS+=	auth-krb4.c
-LDADD+=	 -lkrb
-DPADD+=	 ${LIBKRB}
-.endif # KERBEROS
-
-.include <bsd.prog.mk>
-
-LDADD+=	-lcrypto -lutil -lz -ldes
-DPADD+=	${LIBCRYPTO} ${LIBUTIL} ${LIBZ}
-
-.if (${TCP_WRAPPERS:L} == "yes")
-CFLAGS+= -DLIBWRAP
-LDADD+= -lwrap
-DPADD+= ${LIBWRAP}
-.endif
-
-#.if (${SKEY:L} == "yes")
-#CFLAGS+= -DSKEY
-#LDADD+= -lskey
-#DPADD+= ${SKEY}
-#.endif
diff -ruN --exclude CVS ssh-openbsd-2002030700/sshd.8 openssh-3.1p1/sshd.8
--- ssh-openbsd-2002030700/sshd.8	Thu Mar  7 12:02:04 2002
+++ openssh-3.1p1/sshd.8	Tue Mar  5 12:38:59 2002
@@ -680,6 +680,14 @@
 are refused if the number of unauthenticated connections reaches
 .Dq full
 (60).
+.It Cm PAMAuthenticationViaKbdInt
+Specifies whether PAM challenge response authentication is allowed. This
+allows the use of most PAM challenge response authentication modules, but 
+it will allow password authentication regardless of whether 
+.Cm PasswordAuthentication
+is disabled.
+The default is
+.Dq no .
 .It Cm PasswordAuthentication
 Specifies whether password authentication is allowed.
 The default is
diff -ruN --exclude CVS ssh-openbsd-2002030700/sshd.c openssh-3.1p1/sshd.c
--- ssh-openbsd-2002030700/sshd.c	Thu Mar  7 12:02:04 2002
+++ openssh-3.1p1/sshd.c	Tue Mar  5 12:31:30 2002
@@ -84,7 +84,11 @@
 #define O_NOCTTY	0
 #endif
 
+#ifdef HAVE___PROGNAME
 extern char *__progname;
+#else
+char *__progname;
+#endif
 
 /* Server configuration options. */
 ServerOptions options;
@@ -96,7 +100,11 @@
  * Flag indicating whether IPv4 or IPv6.  This can be set on the command line.
  * Default value is AF_UNSPEC means both IPv4 and IPv6.
  */
+#ifdef IPV4_DEFAULT
+int IPv4or6 = AF_INET;
+#else
 int IPv4or6 = AF_UNSPEC;
+#endif
 
 /*
  * Debug mode flag.  This can be set on the command line.  If debug
@@ -120,6 +128,7 @@
 
 /* Saved arguments to main(). */
 char **saved_argv;
+int saved_argc;
 
 /*
  * The sockets that the server is listening; this is used in the SIGHUP
@@ -588,7 +597,11 @@
 	Key *key;
 	int ret, key_used = 0;
 
+	__progname = get_progname(av[0]);
+	init_rng();
+
 	/* Save argv. */
+	saved_argc = ac;
 	saved_argv = av;
 
 	/* Initialize configuration options to their default values. */
@@ -702,6 +715,15 @@
 	    SYSLOG_FACILITY_AUTH : options.log_facility,
 	    !inetd_flag);
 
+#ifdef _CRAY
+	/* Cray can define user privs drop all prives now!
+	 * Not needed on PRIV_SU systems!
+	 */
+	drop_cray_privs();
+#endif
+
+	seed_rng();
+
 	/* Read server configuration options from the configuration file. */
 	read_server_config(&options, config_file_name);
 
@@ -787,6 +809,10 @@
 	if (test_flag)
 		exit(0);
 
+#ifdef HAVE_SCO_PROTECTED_PW
+	(void) set_auth_parameters(ac, av);
+#endif
+
 	/* Initialize the log (it is reinitialized below in case we forked). */
 	if (debug_flag && !inetd_flag)
 		log_stderr = 1;
@@ -884,8 +910,9 @@
 
 			/* Bind the socket to the desired port. */
 			if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) {
-				error("Bind to port %s on %s failed: %.200s.",
-				    strport, ntop, strerror(errno));
+				if (!ai->ai_next)
+				    error("Bind to port %s on %s failed: %.200s.",
+					    strport, ntop, strerror(errno));
 				close(listen_sock);
 				continue;
 			}
@@ -927,7 +954,7 @@
 			 * fail if there already is a daemon, and this will
 			 * overwrite any old pid in the file.
 			 */
-			f = fopen(options.pid_file, "w");
+			f = fopen(options.pid_file, "wb");
 			if (f) {
 				fprintf(f, "%u\n", (u_int) getpid());
 				fclose(f);
@@ -1113,6 +1140,7 @@
 	signal(SIGTERM, SIG_DFL);
 	signal(SIGQUIT, SIG_DFL);
 	signal(SIGCHLD, SIG_DFL);
+	signal(SIGINT, SIG_DFL);
 
 	/*
 	 * Set socket options for the connection.  We want the socket to
@@ -1214,6 +1242,11 @@
 	}
 	/* The connection has been terminated. */
 	verbose("Closing connection to %.100s", remote_ip);
+
+#ifdef USE_PAM
+	finish_pam();
+#endif /* USE_PAM */
+
 	packet_close();
 	exit(0);
 }
diff -ruN --exclude CVS ssh-openbsd-2002030700/sshd_config openssh-3.1p1/sshd_config
--- ssh-openbsd-2002030700/sshd_config	Tue Feb 19 15:00:47 2002
+++ openssh-3.1p1/sshd_config	Wed Feb 27 04:49:57 2002
@@ -3,6 +3,8 @@
 # This is the sshd server system-wide configuration file.  See sshd(8)
 # for more information.
 
+# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
+
 # The strategy used for options in the default sshd_config shipped with
 # OpenSSH is to specify options with their default value where
 # possible, but leave them commented.  Uncommented options change a
@@ -69,6 +71,10 @@
 # Kerberos TGT Passing only works with the AFS kaserver
 #KerberosTgtPassing no
 
+# Set this to 'yes' to enable PAM keyboard-interactive authentication 
+# Warning: enabling this may bypass the setting of 'PasswordAuthentication'
+#PAMAuthenticationViaKbdInt yes
+
 #X11Forwarding no
 #X11DisplayOffset 10
 #X11UseLocalhost yes
diff -ruN --exclude CVS ssh-openbsd-2002030700/sshlogin.c openssh-3.1p1/sshlogin.c
--- ssh-openbsd-2002030700/sshlogin.c	Wed Dec 19 18:18:56 2001
+++ openssh-3.1p1/sshlogin.c	Mon Feb 25 12:56:47 2002
@@ -41,10 +41,7 @@
 #include "includes.h"
 RCSID("$OpenBSD: sshlogin.c,v 1.3 2001/12/19 07:18:56 deraadt Exp $");
 
-#include <util.h>
-#include <utmp.h>
-#include "sshlogin.h"
-#include "log.h"
+#include "loginrec.h"
 
 /*
  * Returns the time when the user last logged in.  Returns 0 if the
@@ -56,27 +53,11 @@
 get_last_login_time(uid_t uid, const char *logname,
 		    char *buf, u_int bufsize)
 {
-	struct lastlog ll;
-	char *lastlog;
-	int fd;
-
-	lastlog = _PATH_LASTLOG;
-	buf[0] = '\0';
-
-	fd = open(lastlog, O_RDONLY);
-	if (fd < 0)
-		return 0;
-	lseek(fd, (off_t) ((long) uid * sizeof(ll)), SEEK_SET);
-	if (read(fd, &ll, sizeof(ll)) != sizeof(ll)) {
-		close(fd);
-		return 0;
-	}
-	close(fd);
-	if (bufsize > sizeof(ll.ll_host) + 1)
-		bufsize = sizeof(ll.ll_host) + 1;
-	strncpy(buf, ll.ll_host, bufsize - 1);
-	buf[bufsize - 1] = 0;
-	return ll.ll_time;
+  struct logininfo li;
+
+  login_get_lastlog(&li, uid);
+  strlcpy(buf, li.hostname, bufsize);
+  return li.tv_sec;
 }
 
 /*
@@ -88,49 +69,36 @@
 record_login(pid_t pid, const char *ttyname, const char *user, uid_t uid,
 	const char *host, struct sockaddr * addr)
 {
-	int fd;
-	struct lastlog ll;
-	char *lastlog;
-	struct utmp u;
-
-	/* Construct an utmp/wtmp entry. */
-	memset(&u, 0, sizeof(u));
-	strncpy(u.ut_line, ttyname + 5, sizeof(u.ut_line));
-	u.ut_time = time(NULL);
-	strncpy(u.ut_name, user, sizeof(u.ut_name));
-	strncpy(u.ut_host, host, sizeof(u.ut_host));
-
-	login(&u);
-	lastlog = _PATH_LASTLOG;
-
-	/* Update lastlog unless actually recording a logout. */
-	if (strcmp(user, "") != 0) {
-		/*
-		 * It is safer to bzero the lastlog structure first because
-		 * some systems might have some extra fields in it (e.g. SGI)
-		 */
-		memset(&ll, 0, sizeof(ll));
-
-		/* Update lastlog. */
-		ll.ll_time = time(NULL);
-		strncpy(ll.ll_line, ttyname + 5, sizeof(ll.ll_line));
-		strncpy(ll.ll_host, host, sizeof(ll.ll_host));
-		fd = open(lastlog, O_RDWR);
-		if (fd >= 0) {
-			lseek(fd, (off_t) ((long) uid * sizeof(ll)), SEEK_SET);
-			if (write(fd, &ll, sizeof(ll)) != sizeof(ll))
-				log("Could not write %.100s: %.100s", lastlog, strerror(errno));
-			close(fd);
-		}
-	}
+  struct logininfo *li;
+
+  li = login_alloc_entry(pid, user, host, ttyname);
+  login_set_addr(li, addr, sizeof(struct sockaddr));
+  login_login(li);
+  login_free_entry(li);
+}
+
+#ifdef LOGIN_NEEDS_UTMPX
+void
+record_utmp_only(pid_t pid, const char *ttyname, const char *user,
+		 const char *host, struct sockaddr * addr)
+{
+  struct logininfo *li;
+
+  li = login_alloc_entry(pid, user, host, ttyname);
+  login_set_addr(li, addr, sizeof(struct sockaddr));
+  login_utmp_only(li);
+  login_free_entry(li);
 }
+#endif
 
 /* Records that the user has logged out. */
 
 void
-record_logout(pid_t pid, const char *ttyname)
+record_logout(pid_t pid, const char *ttyname, const char *user)
 {
-	const char *line = ttyname + 5;	/* /dev/ttyq8 -> ttyq8 */
-	if (logout(line))
-		logwtmp(line, "", "");
+  struct logininfo *li;
+
+  li = login_alloc_entry(pid, user, NULL, ttyname);
+  login_logout(li);
+  login_free_entry(li);
 }
diff -ruN --exclude CVS ssh-openbsd-2002030700/sshlogin.h openssh-3.1p1/sshlogin.h
--- ssh-openbsd-2002030700/sshlogin.h	Wed Jun 27 03:27:25 2001
+++ openssh-3.1p1/sshlogin.h	Mon Feb 25 12:56:47 2002
@@ -17,7 +17,12 @@
 void
 record_login(pid_t, const char *, const char *, uid_t,
     const char *, struct sockaddr *);
-void	 record_logout(pid_t, const char *);
-u_long	 get_last_login_time(uid_t, const char *, char *, u_int);
+void   record_logout(pid_t, const char *, const char *);
+u_long         get_last_login_time(uid_t, const char *, char *, u_int);
+
+#ifdef LOGIN_NEEDS_UTMPX
+void	record_utmp_only(pid_t, const char *, const char *, const char *,
+		struct sockaddr *);
+#endif
 
 #endif
diff -ruN --exclude CVS ssh-openbsd-2002030700/sshpty.c openssh-3.1p1/sshpty.c
--- ssh-openbsd-2002030700/sshpty.c	Wed Dec 19 18:18:56 2001
+++ openssh-3.1p1/sshpty.c	Fri Dec 21 14:45:52 2001
@@ -14,15 +14,26 @@
 #include "includes.h"
 RCSID("$OpenBSD: sshpty.c,v 1.4 2001/12/19 07:18:56 deraadt Exp $");
 
-#include <util.h>
+#ifdef HAVE_UTIL_H
+# include <util.h>
+#endif /* HAVE_UTIL_H */
+
 #include "sshpty.h"
 #include "log.h"
+#include "misc.h"
 
 /* Pty allocated with _getpty gets broken if we do I_PUSH:es to it. */
 #if defined(HAVE__GETPTY) || defined(HAVE_OPENPTY)
 #undef HAVE_DEV_PTMX
 #endif
 
+#ifdef HAVE_PTY_H
+# include <pty.h>
+#endif
+#if defined(HAVE_DEV_PTMX) && defined(HAVE_SYS_STROPTS_H)
+# include <sys/stropts.h>
+#endif
+
 #ifndef O_NOCTTY
 #define O_NOCTTY 0
 #endif
@@ -39,15 +50,19 @@
 {
 #if defined(HAVE_OPENPTY) || defined(BSD4_4)
 	/* openpty(3) exists in OSF/1 and some other os'es */
-	char buf[64];
+	char *name;
 	int i;
 
-	i = openpty(ptyfd, ttyfd, buf, NULL, NULL);
+	i = openpty(ptyfd, ttyfd, NULL, NULL, NULL);
 	if (i < 0) {
 		error("openpty: %.100s", strerror(errno));
 		return 0;
 	}
-	strlcpy(namebuf, buf, namebuflen);	/* possible truncation */
+	name = ttyname(*ttyfd);
+	if (!name)
+		fatal("openpty returns device for which ttyname fails.");
+
+	strlcpy(namebuf, name, namebuflen);	/* possible truncation */
 	return 1;
 #else /* HAVE_OPENPTY */
 #ifdef HAVE__GETPTY
@@ -72,23 +87,26 @@
 	}
 	return 1;
 #else /* HAVE__GETPTY */
-#ifdef HAVE_DEV_PTMX
+#if defined(HAVE_DEV_PTMX)
 	/*
 	 * This code is used e.g. on Solaris 2.x.  (Note that Solaris 2.3
 	 * also has bsd-style ptys, but they simply do not work.)
 	 */
 	int ptm;
 	char *pts;
+	mysig_t old_signal;
 
 	ptm = open("/dev/ptmx", O_RDWR | O_NOCTTY);
 	if (ptm < 0) {
 		error("/dev/ptmx: %.100s", strerror(errno));
 		return 0;
 	}
+	old_signal = mysignal(SIGCHLD, SIG_DFL);
 	if (grantpt(ptm) < 0) {
 		error("grantpt: %.100s", strerror(errno));
 		return 0;
 	}
+	mysignal(SIGCHLD, old_signal);
 	if (unlockpt(ptm) < 0) {
 		error("unlockpt: %.100s", strerror(errno));
 		return 0;
@@ -106,13 +124,20 @@
 		close(*ptyfd);
 		return 0;
 	}
-	/* Push the appropriate streams modules, as described in Solaris pts(7). */
+#ifndef HAVE_CYGWIN
+	/*
+	 * Push the appropriate streams modules, as described in Solaris pts(7).
+	 * HP-UX pts(7) doesn't have ttcompat module.
+	 */
 	if (ioctl(*ttyfd, I_PUSH, "ptem") < 0)
 		error("ioctl I_PUSH ptem: %.100s", strerror(errno));
 	if (ioctl(*ttyfd, I_PUSH, "ldterm") < 0)
 		error("ioctl I_PUSH ldterm: %.100s", strerror(errno));
+#ifndef __hpux
 	if (ioctl(*ttyfd, I_PUSH, "ttcompat") < 0)
 		error("ioctl I_PUSH ttcompat: %.100s", strerror(errno));
+#endif
+#endif
 	return 1;
 #else /* HAVE_DEV_PTMX */
 #ifdef HAVE_DEV_PTS_AND_PTC
@@ -137,6 +162,36 @@
 	}
 	return 1;
 #else /* HAVE_DEV_PTS_AND_PTC */
+#ifdef _CRAY
+	char buf[64];
+  	int i;
+  	int highpty;
+
+#ifdef _SC_CRAY_NPTY
+	highpty = sysconf(_SC_CRAY_NPTY);
+	if (highpty == -1)
+		highpty = 128;
+#else
+	highpty = 128;
+#endif
+
+	for (i = 0; i < highpty; i++) {
+		snprintf(buf, sizeof(buf), "/dev/pty/%03d", i);
+		*ptyfd = open(buf, O_RDWR|O_NOCTTY);
+		if (*ptyfd < 0)
+			continue;
+		snprintf(namebuf, namebuflen, "/dev/ttyp%03d", i);
+		/* Open the slave side. */
+		*ttyfd = open(namebuf, O_RDWR|O_NOCTTY);
+		if (*ttyfd < 0) {
+			error("%.100s: %.100s", namebuf, strerror(errno));
+			close(*ptyfd);
+			return 0;
+		}
+		return 1;
+	}
+	return 0;
+#else
 	/* BSD-style pty code. */
 	char buf[64];
 	int i;
@@ -148,12 +203,19 @@
 	for (i = 0; i < num_ptys; i++) {
 		snprintf(buf, sizeof buf, "/dev/pty%c%c", ptymajors[i / num_minors],
 			 ptyminors[i % num_minors]);
-		*ptyfd = open(buf, O_RDWR | O_NOCTTY);
-		if (*ptyfd < 0)
-			continue;
 		snprintf(namebuf, namebuflen, "/dev/tty%c%c",
 		    ptymajors[i / num_minors], ptyminors[i % num_minors]);
 
+		*ptyfd = open(buf, O_RDWR | O_NOCTTY);
+		if (*ptyfd < 0) {
+			/* Try SCO style naming */
+			snprintf(buf, sizeof buf, "/dev/ptyp%d", i);
+			snprintf(namebuf, namebuflen, "/dev/ttyp%d", i);
+			*ptyfd = open(buf, O_RDWR | O_NOCTTY);
+			if (*ptyfd < 0)
+				continue;
+		}
+
 		/* Open the slave side. */
 		*ttyfd = open(namebuf, O_RDWR | O_NOCTTY);
 		if (*ttyfd < 0) {
@@ -164,6 +226,7 @@
 		return 1;
 	}
 	return 0;
+#endif /* CRAY */
 #endif /* HAVE_DEV_PTS_AND_PTC */
 #endif /* HAVE_DEV_PTMX */
 #endif /* HAVE__GETPTY */
@@ -187,6 +250,33 @@
 pty_make_controlling_tty(int *ttyfd, const char *ttyname)
 {
 	int fd;
+#ifdef USE_VHANGUP
+	void *old;
+#endif /* USE_VHANGUP */
+
+#ifdef _CRAY
+	if (setsid() < 0)
+		error("setsid: %.100s", strerror(errno));
+
+	fd = open(ttyname, O_RDWR|O_NOCTTY);
+	if (fd != -1) {
+		mysignal(SIGHUP, SIG_IGN);
+		ioctl(fd, TCVHUP, (char *)NULL);
+		mysignal(SIGHUP, SIG_DFL);
+		setpgid(0, 0);
+		close(fd);
+	} else {
+		error("Failed to disconnect from controlling tty.");
+	}
+
+	debug("Setting controlling tty using TCSETCTTY.");
+	ioctl(*ttyfd, TCSETCTTY, NULL);
+	fd = open("/dev/tty", O_RDWR);
+	if (fd < 0)
+		error("%.100s: %.100s", ttyname, strerror(errno));
+	close(*ttyfd);
+       	*ttyfd = fd;
+#else /* _CRAY */
 
 	/* First disconnect from the old controlling tty. */
 #ifdef TIOCNOTTY
@@ -214,12 +304,26 @@
 	if (ioctl(*ttyfd, TIOCSCTTY, NULL) < 0)
 		error("ioctl(TIOCSCTTY): %.100s", strerror(errno));
 #endif /* TIOCSCTTY */
+#ifdef HAVE_NEWS4
+	if (setpgrp(0,0) < 0)
+		error("SETPGRP %s",strerror(errno));
+#endif /* HAVE_NEWS4 */
+#ifdef USE_VHANGUP
+	old = mysignal(SIGHUP, SIG_IGN);
+	vhangup();
+	mysignal(SIGHUP, old);
+#endif /* USE_VHANGUP */
 	fd = open(ttyname, O_RDWR);
-	if (fd < 0)
+	if (fd < 0) {
 		error("%.100s: %.100s", ttyname, strerror(errno));
-	else
+	} else {
+#ifdef USE_VHANGUP
+		close(*ttyfd);
+		*ttyfd = fd;
+#else /* USE_VHANGUP */
 		close(fd);
-
+#endif /* USE_VHANGUP */
+	}
 	/* Verify that we now have a controlling tty. */
 	fd = open(_PATH_TTY, O_WRONLY);
 	if (fd < 0)
@@ -228,6 +332,7 @@
 	else {
 		close(fd);
 	}
+#endif /* _CRAY */
 }
 
 /* Changes the window size associated with the pty. */
diff -ruN --exclude CVS ssh-openbsd-2002030700/uidswap.c openssh-3.1p1/uidswap.c
--- ssh-openbsd-2002030700/uidswap.c	Wed Dec 19 18:18:56 2001
+++ openssh-3.1p1/uidswap.c	Fri Dec 21 14:45:52 2001
@@ -26,14 +26,18 @@
  * POSIX saved uids or not.
  */
 
+#if defined(_POSIX_SAVED_IDS) && !defined(BROKEN_SAVED_UIDS)
 /* Lets assume that posix saved ids also work with seteuid, even though that
    is not part of the posix specification. */
+#define SAVED_IDS_WORK_WITH_SETEUID
+/* Saved effective uid. */
+static uid_t 	saved_euid = 0;
+static gid_t	saved_egid = 0;
+#endif
 
 /* Saved effective uid. */
 static int	privileged = 0;
 static int	temporarily_use_uid_effective = 0;
-static uid_t	saved_euid = 0;
-static gid_t	saved_egid;
 static gid_t	saved_egroups[NGROUPS_MAX], user_groups[NGROUPS_MAX];
 static int	saved_egroupslen = -1, user_groupslen = -1;
 
@@ -45,16 +49,24 @@
 temporarily_use_uid(struct passwd *pw)
 {
 	/* Save the current euid, and egroups. */
+#ifdef SAVED_IDS_WORK_WITH_SETEUID
 	saved_euid = geteuid();
+	saved_egid = getegid();
 	debug("temporarily_use_uid: %d/%d (e=%d)",
 	    pw->pw_uid, pw->pw_gid, saved_euid);
 	if (saved_euid != 0) {
 		privileged = 0;
 		return;
 	}
+#else
+	if (geteuid() != 0) {
+		privileged = 0;
+		return;
+	}
+#endif /* SAVED_IDS_WORK_WITH_SETEUID */
+
 	privileged = 1;
 	temporarily_use_uid_effective = 1;
-	saved_egid = getegid();
 	saved_egroupslen = getgroups(NGROUPS_MAX, saved_egroups);
 	if (saved_egroupslen < 0)
 		fatal("getgroups: %.100s", strerror(errno));
@@ -68,10 +80,19 @@
 		if (user_groupslen < 0)
 			fatal("getgroups: %.100s", strerror(errno));
 	}
+#ifndef HAVE_CYGWIN
 	/* Set the effective uid to the given (unprivileged) uid. */
 	if (setgroups(user_groupslen, user_groups) < 0)
 		fatal("setgroups: %.100s", strerror(errno));
-	pw->pw_gid = pw->pw_gid;
+#endif /* !HAVE_CYWIN */
+#ifndef SAVED_IDS_WORK_WITH_SETEUID
+	/* Propagate the privileged gid to all of our gids. */
+	if (setgid(getegid()) < 0)
+		debug("setgid %u: %.100s", (u_int) getegid(), strerror(errno));
+	/* Propagate the privileged uid to all of our uids. */
+	if (setuid(geteuid()) < 0)
+		debug("setuid %u: %.100s", (u_int) geteuid(), strerror(errno));
+#endif /* SAVED_IDS_WORK_WITH_SETEUID */
 	if (setegid(pw->pw_gid) < 0)
 		fatal("setegid %u: %.100s", (u_int) pw->pw_gid,
 		    strerror(errno));
@@ -92,13 +113,28 @@
 		return;
 	if (!temporarily_use_uid_effective)
 		fatal("restore_uid: temporarily_use_uid not effective");
+
+#ifdef SAVED_IDS_WORK_WITH_SETEUID
 	/* Set the effective uid back to the saved privileged uid. */
 	if (seteuid(saved_euid) < 0)
 		fatal("seteuid %u: %.100s", (u_int) saved_euid, strerror(errno));
+	if (setegid(saved_egid) < 0)
+		fatal("setegid %u: %.100s", (u_int) saved_egid, 
+		    strerror(errno));
+#else /* SAVED_IDS_WORK_WITH_SETEUID */
+	/*
+	 * We are unable to restore the real uid to its unprivileged value.
+	 * Propagate the real uid (usually more privileged) to effective uid
+	 * as well.
+	 */
+	setuid(getuid());
+	setgid(getgid());
+#endif /* SAVED_IDS_WORK_WITH_SETEUID */
+
+#ifndef HAVE_CYGWIN
 	if (setgroups(saved_egroupslen, saved_egroups) < 0)
 		fatal("setgroups: %.100s", strerror(errno));
-	if (setegid(saved_egid) < 0)
-		fatal("setegid %u: %.100s", (u_int) saved_egid, strerror(errno));
+#endif /* !HAVE_CYGWIN */
 	temporarily_use_uid_effective = 0;
 }
 
diff -ruN --exclude CVS ssh-openbsd-2002030700/uuencode.c openssh-3.1p1/uuencode.c
--- ssh-openbsd-2002030700/uuencode.c	Thu Mar  7 12:02:04 2002
+++ openssh-3.1p1/uuencode.c	Tue Mar  5 12:53:05 2002
@@ -23,12 +23,9 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: uuencode.c,v 1.15 2002/03/04 17:27:39 stevesk Exp $");
-
 #include "xmalloc.h"
 #include "uuencode.h"
-
-#include <resolv.h>
+RCSID("$OpenBSD: uuencode.c,v 1.15 2002/03/04 17:27:39 stevesk Exp $");
 
 int
 uuencode(u_char *src, u_int srclength,
diff -ruN --exclude CVS ssh-openbsd-2002030700/version.h openssh-3.1p1/version.h
--- ssh-openbsd-2002030700/version.h	Thu Mar  7 12:02:04 2002
+++ openssh-3.1p1/version.h	Thu Mar  7 13:02:20 2002
@@ -1,3 +1,4 @@
 /* $OpenBSD: version.h,v 1.28 2002/03/06 00:25:55 markus Exp $ */
 
-#define SSH_VERSION	"OpenSSH_3.1"
+#define SSH_VERSION	"OpenSSH_3.1p1"
+