Module Name: src
Committed By: christos
Date: Tue Jan 19 17:10:55 UTC 2016
Modified Files:
src/crypto/external/bsd/openssh/dist: clientloop.c clientloop.h mux.c
ssh.c sshbuf-getput-crypto.c sshbuf.c sshconnect.c sshconnect2.c
version.h
Log Message:
More fixes from upstream:
- X connection forwarding fixes
- more explicit_bzero
- more closing file descriptors
XXX: pullup-7
To generate a diff of this commit:
cvs rdiff -u -r1.16 -r1.17 src/crypto/external/bsd/openssh/dist/clientloop.c
cvs rdiff -u -r1.10 -r1.11 src/crypto/external/bsd/openssh/dist/clientloop.h
cvs rdiff -u -r1.13 -r1.14 src/crypto/external/bsd/openssh/dist/mux.c
cvs rdiff -u -r1.20 -r1.21 src/crypto/external/bsd/openssh/dist/ssh.c
cvs rdiff -u -r1.3 -r1.4 \
src/crypto/external/bsd/openssh/dist/sshbuf-getput-crypto.c \
src/crypto/external/bsd/openssh/dist/sshbuf.c
cvs rdiff -u -r1.14 -r1.15 src/crypto/external/bsd/openssh/dist/sshconnect.c
cvs rdiff -u -r1.23 -r1.24 src/crypto/external/bsd/openssh/dist/sshconnect2.c
cvs rdiff -u -r1.18 -r1.19 src/crypto/external/bsd/openssh/dist/version.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/external/bsd/openssh/dist/clientloop.c
diff -u src/crypto/external/bsd/openssh/dist/clientloop.c:1.16 src/crypto/external/bsd/openssh/dist/clientloop.c:1.17
--- src/crypto/external/bsd/openssh/dist/clientloop.c:1.16 Thu Jan 14 17:30:04 2016
+++ src/crypto/external/bsd/openssh/dist/clientloop.c Tue Jan 19 12:10:55 2016
@@ -1,4 +1,4 @@
-/* $NetBSD: clientloop.c,v 1.16 2016/01/14 22:30:04 christos Exp $ */
+/* $NetBSD: clientloop.c,v 1.17 2016/01/19 17:10:55 christos Exp $ */
/* $OpenBSD: clientloop.c,v 1.275 2015/07/10 06:21:53 markus Exp $ */
/*
* Author: Tatu Ylonen <[email protected]>
@@ -61,7 +61,7 @@
*/
#include "includes.h"
-__RCSID("$NetBSD: clientloop.c,v 1.16 2016/01/14 22:30:04 christos Exp $");
+__RCSID("$NetBSD: clientloop.c,v 1.17 2016/01/19 17:10:55 christos Exp $");
#include <sys/param.h> /* MIN MAX */
#include <sys/types.h>
@@ -283,6 +283,9 @@ client_x11_display_valid(const char *dis
{
size_t i, dlen;
+ if (display == NULL)
+ return 0;
+
dlen = strlen(display);
for (i = 0; i < dlen; i++) {
if (!isalnum((u_char)display[i]) &&
@@ -296,35 +299,33 @@ client_x11_display_valid(const char *dis
#define SSH_X11_PROTO "MIT-MAGIC-COOKIE-1"
#define X11_TIMEOUT_SLACK 60
-void
+int
client_x11_get_proto(const char *display, const char *xauth_path,
u_int trusted, u_int timeout, char **_proto, char **_data)
{
- char cmd[1024];
- char line[512];
- char xdisplay[512];
+ char cmd[1024], line[512], xdisplay[512];
+ char xauthfile[PATH_MAX], xauthdir[PATH_MAX];
static char proto[512], data[512];
FILE *f;
- int got_data = 0, generated = 0, do_unlink = 0, i;
- char *xauthdir, *xauthfile;
+ int got_data = 0, generated = 0, do_unlink = 0, i, r;
struct stat st;
u_int now, x11_timeout_real;
- xauthdir = xauthfile = NULL;
*_proto = proto;
*_data = data;
- proto[0] = data[0] = '\0';
+ proto[0] = data[0] = xauthfile[0] = xauthdir[0] = '\0';
- if (xauth_path == NULL ||(stat(xauth_path, &st) == -1)) {
- debug("No xauth program.");
- } else if (!client_x11_display_valid(display)) {
- logit("DISPLAY '%s' invalid, falling back to fake xauth data",
+ if (!client_x11_display_valid(display)) {
+ logit("DISPLAY \"%s\" invalid; disabling X11 forwarding",
display);
- } else {
- if (display == NULL) {
- debug("x11_get_proto: DISPLAY not set");
- return;
- }
+ return -1;
+ }
+ if (xauth_path != NULL && stat(xauth_path, &st) == -1) {
+ debug("No xauth program.");
+ xauth_path = NULL;
+ }
+
+ if (xauth_path != NULL) {
/*
* Handle FamilyLocal case where $DISPLAY does
* not match an authorization entry. For this we
@@ -338,40 +339,52 @@ client_x11_get_proto(const char *display
display = xdisplay;
}
if (trusted == 0) {
- xauthdir = xmalloc(PATH_MAX);
- xauthfile = xmalloc(PATH_MAX);
- mktemp_proto(xauthdir, PATH_MAX);
/*
- * The authentication cookie should briefly outlive
- * ssh's willingness to forward X11 connections to
- * avoid nasty fail-open behaviour in the X server.
+ * Generate an untrusted X11 auth cookie.
+ *
+ * The authentication cookie should briefly outlive
+ * ssh's willingness to forward X11 connections to
+ * avoid nasty fail-open behaviour in the X server.
*/
+ mktemp_proto(xauthdir, sizeof(xauthdir));
+ if (mkdtemp(xauthdir) == NULL) {
+ error("%s: mkdtemp: %s",
+ __func__, strerror(errno));
+ return -1;
+ }
+ do_unlink = 1;
+ if ((r = snprintf(xauthfile, sizeof(xauthfile),
+ "%s/xauthfile", xauthdir)) < 0 ||
+ (size_t)r >= sizeof(xauthfile)) {
+ error("%s: xauthfile path too long", __func__);
+ unlink(xauthfile);
+ rmdir(xauthdir);
+ return -1;
+ }
+
if (timeout >= UINT_MAX - X11_TIMEOUT_SLACK)
x11_timeout_real = UINT_MAX;
else
x11_timeout_real = timeout + X11_TIMEOUT_SLACK;
- if (mkdtemp(xauthdir) != NULL) {
- do_unlink = 1;
- snprintf(xauthfile, PATH_MAX, "%s/xauthfile",
- xauthdir);
- snprintf(cmd, sizeof(cmd),
- "%s -f %s generate %s " SSH_X11_PROTO
- " untrusted timeout %u 2>" _PATH_DEVNULL,
- xauth_path, xauthfile, display,
- x11_timeout_real);
- debug2("x11_get_proto: %s", cmd);
- if (x11_refuse_time == 0) {
- now = monotime() + 1;
- if (UINT_MAX - timeout < now)
- x11_refuse_time = UINT_MAX;
- else
- x11_refuse_time = now + timeout;
- channel_set_x11_refuse_time(
- x11_refuse_time);
- }
- if (system(cmd) == 0)
- generated = 1;
+
+ if ((r = snprintf(cmd, sizeof(cmd),
+ "%s -f %s generate %s " SSH_X11_PROTO
+ " untrusted timeout %u 2>" _PATH_DEVNULL,
+ xauth_path, xauthfile, display,
+ x11_timeout_real)) < 0 ||
+ (size_t)r >= sizeof(cmd))
+ fatal("%s: cmd too long", __func__);
+ debug2("%s: %s", __func__, cmd);
+ if (x11_refuse_time == 0) {
+ now = monotime() + 1;
+ if (UINT_MAX - timeout < now)
+ x11_refuse_time = UINT_MAX;
+ else
+ x11_refuse_time = now + timeout;
+ channel_set_x11_refuse_time(x11_refuse_time);
}
+ if (system(cmd) == 0)
+ generated = 1;
}
/*
@@ -393,17 +406,20 @@ client_x11_get_proto(const char *display
got_data = 1;
if (f)
pclose(f);
- } else
- error("Warning: untrusted X11 forwarding setup failed: "
- "xauth key data not generated");
+ }
}
if (do_unlink) {
unlink(xauthfile);
rmdir(xauthdir);
}
- free(xauthdir);
- free(xauthfile);
+
+ /* Don't fall back to fake X11 data for untrusted forwarding */
+ if (!trusted && !got_data) {
+ error("Warning: untrusted X11 forwarding setup failed: "
+ "xauth key data not generated");
+ return -1;
+ }
/*
* If we didn't get authentication data, just make up some
@@ -427,6 +443,8 @@ client_x11_get_proto(const char *display
rnd >>= 8;
}
}
+
+ return 0;
}
/*
Index: src/crypto/external/bsd/openssh/dist/clientloop.h
diff -u src/crypto/external/bsd/openssh/dist/clientloop.h:1.10 src/crypto/external/bsd/openssh/dist/clientloop.h:1.11
--- src/crypto/external/bsd/openssh/dist/clientloop.h:1.10 Fri Apr 3 19:58:19 2015
+++ src/crypto/external/bsd/openssh/dist/clientloop.h Tue Jan 19 12:10:55 2016
@@ -1,4 +1,4 @@
-/* $NetBSD: clientloop.h,v 1.10 2015/04/03 23:58:19 christos Exp $ */
+/* $NetBSD: clientloop.h,v 1.11 2016/01/19 17:10:55 christos Exp $ */
/* $OpenBSD: clientloop.h,v 1.31 2013/06/02 23:36:29 dtucker Exp $ */
/*
@@ -40,7 +40,7 @@
/* Client side main loop for the interactive session. */
int client_loop(int, int, int);
-void client_x11_get_proto(const char *, const char *, u_int, u_int,
+int client_x11_get_proto(const char *, const char *, u_int, u_int,
char **, char **);
void client_global_request_reply_fwd(int, u_int32_t, void *);
void client_session2_setup(int, int, int, const char *, struct termios *,
Index: src/crypto/external/bsd/openssh/dist/mux.c
diff -u src/crypto/external/bsd/openssh/dist/mux.c:1.13 src/crypto/external/bsd/openssh/dist/mux.c:1.14
--- src/crypto/external/bsd/openssh/dist/mux.c:1.13 Fri Aug 21 04:20:59 2015
+++ src/crypto/external/bsd/openssh/dist/mux.c Tue Jan 19 12:10:55 2016
@@ -1,4 +1,4 @@
-/* $NetBSD: mux.c,v 1.13 2015/08/21 08:20:59 christos Exp $ */
+/* $NetBSD: mux.c,v 1.14 2016/01/19 17:10:55 christos Exp $ */
/* $OpenBSD: mux.c,v 1.54 2015/08/19 23:18:26 djm Exp $ */
/*
* Copyright (c) 2002-2008 Damien Miller <[email protected]>
@@ -32,7 +32,7 @@
*/
#include "includes.h"
-__RCSID("$NetBSD: mux.c,v 1.13 2015/08/21 08:20:59 christos Exp $");
+__RCSID("$NetBSD: mux.c,v 1.14 2016/01/19 17:10:55 christos Exp $");
#include <sys/types.h>
#include <sys/queue.h>
#include <sys/stat.h>
@@ -1344,16 +1344,18 @@ mux_session_confirm(int id, int success,
char *proto, *data;
/* Get reasonable local authentication information. */
- client_x11_get_proto(display, options.xauth_location,
+ if (client_x11_get_proto(display, options.xauth_location,
options.forward_x11_trusted, options.forward_x11_timeout,
- &proto, &data);
- /* Request forwarding with authentication spoofing. */
- debug("Requesting X11 forwarding with authentication "
- "spoofing.");
- x11_request_forwarding_with_spoofing(id, display, proto,
- data, 1);
- client_expect_confirm(id, "X11 forwarding", CONFIRM_WARN);
- /* XXX exit_on_forward_failure */
+ &proto, &data) == 0) {
+ /* Request forwarding with authentication spoofing. */
+ debug("Requesting X11 forwarding with authentication "
+ "spoofing.");
+ x11_request_forwarding_with_spoofing(id, display, proto,
+ data, 1);
+ /* XXX exit_on_forward_failure */
+ client_expect_confirm(id, "X11 forwarding",
+ CONFIRM_WARN);
+ }
}
if (cctx->want_agent_fwd && options.forward_agent) {
Index: src/crypto/external/bsd/openssh/dist/ssh.c
diff -u src/crypto/external/bsd/openssh/dist/ssh.c:1.20 src/crypto/external/bsd/openssh/dist/ssh.c:1.21
--- src/crypto/external/bsd/openssh/dist/ssh.c:1.20 Thu Jan 14 17:30:04 2016
+++ src/crypto/external/bsd/openssh/dist/ssh.c Tue Jan 19 12:10:55 2016
@@ -1,4 +1,4 @@
-/* $NetBSD: ssh.c,v 1.20 2016/01/14 22:30:04 christos Exp $ */
+/* $NetBSD: ssh.c,v 1.21 2016/01/19 17:10:55 christos Exp $ */
/* $OpenBSD: ssh.c,v 1.420 2015/07/30 00:01:34 djm Exp $ */
/*
* Author: Tatu Ylonen <[email protected]>
@@ -42,7 +42,7 @@
*/
#include "includes.h"
-__RCSID("$NetBSD: ssh.c,v 1.20 2016/01/14 22:30:04 christos Exp $");
+__RCSID("$NetBSD: ssh.c,v 1.21 2016/01/19 17:10:55 christos Exp $");
#include <sys/types.h>
#include <sys/param.h>
#include <sys/ioctl.h>
@@ -1563,6 +1563,7 @@ ssh_session(void)
int have_tty = 0;
struct winsize ws;
const char *display;
+ char *proto = NULL, *data = NULL;
/* Enable compression if requested. */
if (options.compression) {
@@ -1634,13 +1635,9 @@ ssh_session(void)
display = getenv("DISPLAY");
if (display == NULL && options.forward_x11)
debug("X11 forwarding requested but DISPLAY not set");
- if (options.forward_x11 && display != NULL) {
- char *proto, *data;
- /* Get reasonable local authentication information. */
- client_x11_get_proto(display, options.xauth_location,
- options.forward_x11_trusted,
- options.forward_x11_timeout,
- &proto, &data);
+ if (options.forward_x11 && client_x11_get_proto(display,
+ options.xauth_location, options.forward_x11_trusted,
+ options.forward_x11_timeout, &proto, &data) == 0) {
/* Request forwarding with authentication spoofing. */
debug("Requesting X11 forwarding with authentication "
"spoofing.");
@@ -1730,6 +1727,7 @@ ssh_session2_setup(int id, int success,
extern char **environ;
const char *display;
int interactive = tty_flag;
+ char *proto = NULL, *data = NULL;
if (!success)
return; /* No need for error message, channels code sens one */
@@ -1737,12 +1735,9 @@ ssh_session2_setup(int id, int success,
display = getenv("DISPLAY");
if (display == NULL && options.forward_x11)
debug("X11 forwarding requested but DISPLAY not set");
- if (options.forward_x11 && display != NULL) {
- char *proto, *data;
- /* Get reasonable local authentication information. */
- client_x11_get_proto(display, options.xauth_location,
- options.forward_x11_trusted,
- options.forward_x11_timeout, &proto, &data);
+ if (options.forward_x11 && client_x11_get_proto(display,
+ options.xauth_location, options.forward_x11_trusted,
+ options.forward_x11_timeout, &proto, &data) == 0) {
/* Request forwarding with authentication spoofing. */
debug("Requesting X11 forwarding with authentication "
"spoofing.");
Index: src/crypto/external/bsd/openssh/dist/sshbuf-getput-crypto.c
diff -u src/crypto/external/bsd/openssh/dist/sshbuf-getput-crypto.c:1.3 src/crypto/external/bsd/openssh/dist/sshbuf-getput-crypto.c:1.4
--- src/crypto/external/bsd/openssh/dist/sshbuf-getput-crypto.c:1.3 Fri Apr 3 19:58:19 2015
+++ src/crypto/external/bsd/openssh/dist/sshbuf-getput-crypto.c Tue Jan 19 12:10:55 2016
@@ -15,7 +15,7 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "includes.h"
-__RCSID("$NetBSD: sshbuf-getput-crypto.c,v 1.3 2015/04/03 23:58:19 christos Exp $");
+__RCSID("$NetBSD: sshbuf-getput-crypto.c,v 1.4 2016/01/19 17:10:55 christos Exp $");
#include <sys/types.h>
#include <stdlib.h>
@@ -154,10 +154,10 @@ sshbuf_put_bignum2(struct sshbuf *buf, c
if (len > 0 && (d[1] & 0x80) != 0)
prepend = 1;
if ((r = sshbuf_put_string(buf, d + 1 - prepend, len + prepend)) < 0) {
- bzero(d, sizeof(d));
+ explicit_bzero(d, sizeof(d));
return r;
}
- bzero(d, sizeof(d));
+ explicit_bzero(d, sizeof(d));
return 0;
}
@@ -173,13 +173,13 @@ sshbuf_put_bignum1(struct sshbuf *buf, c
if (BN_bn2bin(v, d) != (int)len_bytes)
return SSH_ERR_INTERNAL_ERROR; /* Shouldn't happen */
if ((r = sshbuf_reserve(buf, len_bytes + 2, &dp)) < 0) {
- bzero(d, sizeof(d));
+ explicit_bzero(d, sizeof(d));
return r;
}
POKE_U16(dp, len_bits);
if (len_bytes != 0)
memcpy(dp + 2, d, len_bytes);
- bzero(d, sizeof(d));
+ explicit_bzero(d, sizeof(d));
return 0;
}
@@ -205,7 +205,7 @@ sshbuf_put_ec(struct sshbuf *buf, const
}
BN_CTX_free(bn_ctx);
ret = sshbuf_put_string(buf, d, len);
- bzero(d, len);
+ explicit_bzero(d, len);
return ret;
}
Index: src/crypto/external/bsd/openssh/dist/sshbuf.c
diff -u src/crypto/external/bsd/openssh/dist/sshbuf.c:1.3 src/crypto/external/bsd/openssh/dist/sshbuf.c:1.4
--- src/crypto/external/bsd/openssh/dist/sshbuf.c:1.3 Fri Apr 3 19:58:19 2015
+++ src/crypto/external/bsd/openssh/dist/sshbuf.c Tue Jan 19 12:10:55 2016
@@ -15,7 +15,7 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "includes.h"
-__RCSID("$NetBSD: sshbuf.c,v 1.3 2015/04/03 23:58:19 christos Exp $");
+__RCSID("$NetBSD: sshbuf.c,v 1.4 2016/01/19 17:10:55 christos Exp $");
#include <sys/param.h> /* roundup */
#include <sys/types.h>
@@ -134,7 +134,7 @@ sshbuf_fromb(struct sshbuf *buf)
void
sshbuf_init(struct sshbuf *ret)
{
- bzero(ret, sizeof(*ret));
+ explicit_bzero(ret, sizeof(*ret));
ret->alloc = SSHBUF_SIZE_INIT;
ret->max_size = SSHBUF_SIZE_MAX;
ret->readonly = 0;
@@ -177,10 +177,10 @@ sshbuf_free(struct sshbuf *buf)
return;
dont_free = buf->dont_free;
if (!buf->readonly) {
- bzero(buf->d, buf->alloc);
+ explicit_bzero(buf->d, buf->alloc);
free(buf->d);
}
- bzero(buf, sizeof(*buf));
+ explicit_bzero(buf, sizeof(*buf));
if (!dont_free)
free(buf);
}
@@ -196,7 +196,7 @@ sshbuf_reset(struct sshbuf *buf)
return;
}
if (sshbuf_check_sanity(buf) == 0)
- bzero(buf->d, buf->alloc);
+ explicit_bzero(buf->d, buf->alloc);
buf->off = buf->size = 0;
if (buf->alloc != SSHBUF_SIZE_INIT) {
if ((d = realloc(buf->d, SSHBUF_SIZE_INIT)) != NULL) {
@@ -255,7 +255,7 @@ sshbuf_set_max_size(struct sshbuf *buf,
rlen = roundup(buf->size, SSHBUF_SIZE_INC);
if (rlen > max_size)
rlen = max_size;
- bzero(buf->d + buf->size, buf->alloc - buf->size);
+ explicit_bzero(buf->d + buf->size, buf->alloc - buf->size);
SSHBUF_DBG(("new alloc = %zu", rlen));
if ((dp = realloc(buf->d, rlen)) == NULL)
return SSH_ERR_ALLOC_FAIL;
Index: src/crypto/external/bsd/openssh/dist/sshconnect.c
diff -u src/crypto/external/bsd/openssh/dist/sshconnect.c:1.14 src/crypto/external/bsd/openssh/dist/sshconnect.c:1.15
--- src/crypto/external/bsd/openssh/dist/sshconnect.c:1.14 Thu Jan 14 17:30:04 2016
+++ src/crypto/external/bsd/openssh/dist/sshconnect.c Tue Jan 19 12:10:55 2016
@@ -1,4 +1,4 @@
-/* $NetBSD: sshconnect.c,v 1.14 2016/01/14 22:30:04 christos Exp $ */
+/* $NetBSD: sshconnect.c,v 1.15 2016/01/19 17:10:55 christos Exp $ */
/* $OpenBSD: sshconnect.c,v 1.263 2015/08/20 22:32:42 deraadt Exp $ */
/*
* Author: Tatu Ylonen <[email protected]>
@@ -15,7 +15,7 @@
*/
#include "includes.h"
-__RCSID("$NetBSD: sshconnect.c,v 1.14 2016/01/14 22:30:04 christos Exp $");
+__RCSID("$NetBSD: sshconnect.c,v 1.15 2016/01/19 17:10:55 christos Exp $");
#include <sys/param.h> /* roundup */
#include <sys/types.h>
#include <sys/param.h>
@@ -111,6 +111,7 @@ ssh_proxy_fdpass_connect(const char *hos
if (socketpair(AF_UNIX, SOCK_STREAM, 0, sp) < 0)
fatal("Could not create socketpair to communicate with "
"proxy dialer: %.100s", strerror(errno));
+ close(sp[1]);
command_string = expand_proxy_command(proxy_command, options.user,
host, port);
Index: src/crypto/external/bsd/openssh/dist/sshconnect2.c
diff -u src/crypto/external/bsd/openssh/dist/sshconnect2.c:1.23 src/crypto/external/bsd/openssh/dist/sshconnect2.c:1.24
--- src/crypto/external/bsd/openssh/dist/sshconnect2.c:1.23 Thu Jan 14 17:30:04 2016
+++ src/crypto/external/bsd/openssh/dist/sshconnect2.c Tue Jan 19 12:10:55 2016
@@ -1,4 +1,4 @@
-/* $NetBSD: sshconnect2.c,v 1.23 2016/01/14 22:30:04 christos Exp $ */
+/* $NetBSD: sshconnect2.c,v 1.24 2016/01/19 17:10:55 christos Exp $ */
/* $OpenBSD: sshconnect2.c,v 1.226 2015/07/30 00:01:34 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -26,7 +26,7 @@
*/
#include "includes.h"
-__RCSID("$NetBSD: sshconnect2.c,v 1.23 2016/01/14 22:30:04 christos Exp $");
+__RCSID("$NetBSD: sshconnect2.c,v 1.24 2016/01/19 17:10:55 christos Exp $");
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/wait.h>
@@ -1277,6 +1277,7 @@ pubkey_prepare(Authctxt *authctxt)
if (r != SSH_ERR_AGENT_NO_IDENTITIES)
debug("%s: ssh_fetch_identitylist: %s",
__func__, ssh_err(r));
+ close(agent_fd);
} else {
for (j = 0; j < idlist->nkeys; j++) {
found = 0;
Index: src/crypto/external/bsd/openssh/dist/version.h
diff -u src/crypto/external/bsd/openssh/dist/version.h:1.18 src/crypto/external/bsd/openssh/dist/version.h:1.19
--- src/crypto/external/bsd/openssh/dist/version.h:1.18 Thu Jan 14 17:30:04 2016
+++ src/crypto/external/bsd/openssh/dist/version.h Tue Jan 19 12:10:55 2016
@@ -1,8 +1,8 @@
-/* $NetBSD: version.h,v 1.18 2016/01/14 22:30:04 christos Exp $ */
+/* $NetBSD: version.h,v 1.19 2016/01/19 17:10:55 christos Exp $ */
/* $OpenBSD: version.h,v 1.75 2015/08/21 03:45:26 djm Exp $ */
#define __OPENSSH_VERSION "OpenSSH_7.1"
-#define __NETBSDSSH_VERSION "NetBSD_Secure_Shell-20160114"
+#define __NETBSDSSH_VERSION "NetBSD_Secure_Shell-20160119"
#define SSH_HPN "-hpn13v14"
#define SSH_LPK "-lpk"
/*
