This commit was generated by cvs2svn to compensate for changes in r99060,

which included commits to RCS files with non-trunk default branches.
svn path=/head/; revision=99061
2024-11-30 08:19:09 +00:00 · 2002-06-29 11:34:13 +00:00 · 2002-06-29 11:34:13 +00:00 · d2a34caedb · 2020-12-20 02:59:44 +00:00
commit d2a34caedb
parent effdee7ce0 ee21a45f81
28 changed files with 374 additions and 184 deletions
--- a/crypto/openssh/ChangeLog
+++ b/crypto/openssh/ChangeLog
@ -1,6 +1,169 @@
 20020626
 - (stevesk) [monitor.c] remove duplicate proto15 dispatch entry for PAM
 - (bal) OpenBSD CVS Sync
   - markus@cvs.openbsd.org 2002/06/23 21:34:07
     [channels.c]
     tcode is u_int
   - markus@cvs.openbsd.org 2002/06/24 13:12:23
     [ssh-agent.1]
     the socket name contains ssh-agent's ppid; via mpech@ from form@
   - markus@cvs.openbsd.org 2002/06/24 14:33:27
     [channels.c channels.h clientloop.c serverloop.c]
     move channel counter to u_int
   - markus@cvs.openbsd.org 2002/06/24 14:55:38
     [authfile.c kex.c ssh-agent.c]
     cat to (void) when output from buffer_get_X is ignored
   - itojun@cvs.openbsd.org 2002/06/24 15:49:22
     [msg.c]
     printf type pedant
   - deraadt@cvs.openbsd.org 2002/06/24 17:57:20
     [sftp-server.c sshpty.c]
     explicit (u_int) for uid and gid
   - markus@cvs.openbsd.org 2002/06/25 16:22:42
     [authfd.c]
     unnecessary cast
   - markus@cvs.openbsd.org 2002/06/25 18:51:04
     [sshd.c]
     lightweight do_setusercontext after chroot()
 - (bal) Updated AIX package build.  Patch by dtucker@zip.com.au
 - (tim) [Makefile.in] fix test on installing ssh-rand-helper.8
 - (bal) added back in error check for mmap().  I screwed up, Pointed
   out by stevesk@
 - (tim) [README.privsep] UnixWare tip no longer needed.
 - (bal) fixed NeXTStep missing munmap() issue. It defines HAVE_MMAP,
   but it all damned lies.
 - (stevesk) [README.privsep] more for sshd pseudo-account.
 - (tim) [contrib/caldera/openssh.spec] add support for privsep
 - (djm) setlogin needs pgid==pid on BSD/OS; from itojun@
 - (djm) OpenBSD CVS Sync
   - markus@cvs.openbsd.org 2002/06/26 08:53:12
     [bufaux.c]
     limit size of BNs to 8KB; ok provos/deraadt
   - markus@cvs.openbsd.org 2002/06/26 08:54:18
     [buffer.c]
     limit append to 1MB and buffers to 10MB
   - markus@cvs.openbsd.org 2002/06/26 08:55:02
     [channels.c]
     limit # of channels to 10000
   - markus@cvs.openbsd.org 2002/06/26 08:58:26
     [session.c]
     limit # of env vars to 1000; ok deraadt/djm
   - deraadt@cvs.openbsd.org 2002/06/26 13:20:57
     [monitor.c]
     be careful in mm_zalloc
   - deraadt@cvs.openbsd.org 2002/06/26 13:49:26
     [session.c]
     disclose less information from environment files; based on input 
     from djm, and dschultz@uclink.Berkeley.EDU
   - markus@cvs.openbsd.org 2002/06/26 13:55:37
     [auth2-chall.c]
     make sure # of response matches # of queries, fixes int overflow; 
     from ISS
   - markus@cvs.openbsd.org 2002/06/26 13:56:27
     [version.h]
     3.4
 - (djm) Require krb5 devel for RPM build w/ KrbV 
 - (djm) Improve PAMAuthenticationViaKbdInt text from Nalin Dahyabhai 
   <nalin@redhat.com>
 - (djm) Update spec files for release 
 - (djm) Fix int overflow in auth2-pam.c, similar to one discovered by ISS
 - (djm) Release 3.4p1
 20020625
 - (stevesk) [INSTALL acconfig.h configure.ac defines.h] remove --with-rsh
 - (stevesk) [README.privsep] minor updates
 - (djm) Create privsep directory and warn if privsep user is missing 
   during make install
 - (bal) Started list of PrivSep issues in TODO
 - (bal) if mmap() is substandard, don't allow compression on server side.
   Post 'event' we will add more options.
 - (tim) [contrib/caldera/openssh.spec] Sync with Caldera
 - (bal) moved aix_usrinfo() and noted not setting real TTY.  Patch by
   dtucker@zip.com.au
 - (tim) [acconfig.h configure.ac sshd.c] BROKEN_FD_PASSING fix from Markus
   for Cygwin, Cray, & SCO
 20020624
 - OpenBSD CVS Sync
   - deraadt@cvs.openbsd.org 2002/06/23 03:25:50
     [tildexpand.c]
     KNF
   - deraadt@cvs.openbsd.org 2002/06/23 03:26:19
     [cipher.c key.c]
     KNF
   - deraadt@cvs.openbsd.org 2002/06/23 03:30:58
     [scard.c ssh-dss.c ssh-rsa.c sshconnect.c sshconnect2.c sshd.c sshlogin.c
      sshpty.c]
     various KNF and %d for unsigned
   - deraadt@cvs.openbsd.org 2002/06/23 09:30:14
     [sftp-client.c sftp-client.h sftp-common.c sftp-int.c sftp-server.c
      sftp.c]
     bunch of u_int vs int stuff
   - deraadt@cvs.openbsd.org 2002/06/23 09:39:55
     [ssh-keygen.c]
     u_int stuff
   - deraadt@cvs.openbsd.org 2002/06/23 09:46:51
     [bufaux.c servconf.c]
     minor KNF.  things the fingers do while you read
   - deraadt@cvs.openbsd.org 2002/06/23 10:29:52
     [ssh-agent.c sshd.c]
     some minor KNF and %u
   - deraadt@cvs.openbsd.org 2002/06/23 20:39:45
     [session.c]
     compression_level is u_int
   - deraadt@cvs.openbsd.org 2002/06/23 21:06:13
     [sshpty.c]
     KNF
   - deraadt@cvs.openbsd.org 2002/06/23 21:06:41
     [channels.c channels.h session.c session.h]
     display, screen, row, col, xpixel, ypixel are u_int; markus ok
   - deraadt@cvs.openbsd.org 2002/06/23 21:10:02
     [packet.c]
     packet_get_int() returns unsigned for reason & seqnr
  - (bal) Also fixed IPADDR_IN_DISPLAY case where display, screen, row, col,
    xpixel are u_int.
 20020623
 - (stevesk) [configure.ac] bug #255 LOGIN_NEEDS_UTMPX for AIX.
 - (bal) removed GNUism for getops in ssh-agent since glibc lacks optreset.
 - (bal) add extern char *getopt.  Based on report by dtucker@zip.com.au 
 - OpenBSD CVS Sync
   - stevesk@cvs.openbsd.org 2002/06/22 02:00:29
     [ssh.h]
     correct comment
   - stevesk@cvs.openbsd.org 2002/06/22 02:40:23
     [ssh.1]
     section 5 not 4 for ssh_config
   - naddy@cvs.openbsd.org 2002/06/22 11:51:39
     [ssh.1]
     typo
   - stevesk@cvs.openbsd.org 2002/06/22 16:32:54
     [sshd.8]
     add /var/empty in FILES section
   - stevesk@cvs.openbsd.org 2002/06/22 16:40:19
     [sshd.c]
     check /var/empty owner mode; ok provos@
   - stevesk@cvs.openbsd.org 2002/06/22 16:41:57
     [scp.1]
     typo
   - stevesk@cvs.openbsd.org 2002/06/22 16:45:29
     [ssh-agent.1 sshd.8 sshd_config.5]
     use process ID vs. pid/PID/process identifier
   - stevesk@cvs.openbsd.org 2002/06/22 20:05:27
     [sshd.c]
     don't call setsid() if debugging or run from inetd; no "Operation not
     permitted" errors now; ok millert@ markus@
   - stevesk@cvs.openbsd.org 2002/06/22 23:09:51
     [monitor.c]
     save auth method before monitor_reset_key_state(); bugzilla bug #284;
     ok provos@
 20020622
 - (djm) Update README.privsep; spotted by fries@
 - (djm) Release 3.3p1
 - (bal) getopt now can be staticly compiled on those platforms missing
   optreset.  Patch by binder@arago.de
 20020621
 - (djm) Sync:
@ -1004,4 +1167,4 @@
 - (stevesk) entropy.c: typo in debug message
 - (djm) ssh-keygen -i needs seeded RNG; report from markus@
-$Id: ChangeLog,v 1.2240 2002/06/21 15:44:45 djm Exp $
+$Id: ChangeLog,v 1.2301 2002/06/26 13:59:10 djm Exp $
--- a/crypto/openssh/INSTALL
+++ b/crypto/openssh/INSTALL
@ -105,11 +105,6 @@ name).
 There are a few other options to the configure script:
 --with-rsh=PATH allows you to specify the path to your rsh program. 
 Normally ./configure will search the current $PATH for 'rsh'. You 
 may need to specify this option if rsh is not in your path or has a
 different name.
 --with-pam enables PAM support.
 --enable-gnome-askpass will build the GNOME passphrase dialog. You
@ -226,4 +221,4 @@ Please refer to the "reporting bugs" section of the webpage at
 http://www.openssh.com/
-$Id: INSTALL,v 1.53 2002/05/13 05:22:21 djm Exp $
+$Id: INSTALL,v 1.54 2002/06/24 16:26:49 stevesk Exp $
--- a/crypto/openssh/Makefile.in
+++ b/crypto/openssh/Makefile.in
@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.215 2002/06/21 01:38:53 mouring Exp $
+# $Id: Makefile.in,v 1.217 2002/06/25 23:45:42 tim Exp $
 # uncomment if you run a non bourne compatable shell. Ie. csh
 #SHELL = @SH@
@ -26,6 +26,7 @@ SFTP_SERVER=$(libexecdir)/sftp-server
 SSH_KEYSIGN=$(libexecdir)/ssh-keysign
 RAND_HELPER=$(libexecdir)/ssh-rand-helper
 PRIVSEP_PATH=@PRIVSEP_PATH@
 SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@
 PATHS= -DSSHDIR=\"$(sysconfdir)\" \
 	-D_PATH_SSH_PROGRAM=\"$(SSH_PROGRAM)\" \
@ -197,9 +198,13 @@ distprep: catman-do
 	$(AUTORECONF)
 	(cd scard && $(MAKE) -f Makefile.in distprep)
-install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files host-key
+install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files host-key check-user
 install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files
 check-user:
 	id $(SSH_PRIVSEP_USER) || \
 		echo "WARNING: Privilege separation user \"$(SSH_PRIVSEP_USER)\" does not exist"
 scard-install:
 	(cd scard && $(MAKE) DESTDIR=$(DESTDIR) install)
@ -212,6 +217,8 @@ install-files: scard-install
 	$(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)5
 	$(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8
 	$(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir)
 	$(srcdir)/mkinstalldirs $(DESTDIR)$(PRIVSEP_PATH)
 	chmod 0700 $(DESTDIR)$(PRIVSEP_PATH)
 	$(INSTALL) -m 0755 -s ssh $(DESTDIR)$(bindir)/ssh
 	$(INSTALL) -m 0755 -s scp $(DESTDIR)$(bindir)/scp
 	$(INSTALL) -m 0755 -s ssh-add $(DESTDIR)$(bindir)/ssh-add
@ -234,7 +241,7 @@ install-files: scard-install
 	$(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5
 	$(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh_config.5
 	$(INSTALL) -m 644 sshd.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8
-	if [ ! -z "$(INSTALL_SSH_PRNG_CMDS)" ]; then \
+	if [ ! -z "$(INSTALL_SSH_RAND_HELPER)" ]; then \
 		$(INSTALL) -m 644 ssh-rand-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-rand-helper.8 ; \
 	fi
 	@NO_SFTP@$(INSTALL) -m 644 sftp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1
--- a/crypto/openssh/README.privsep
+++ b/crypto/openssh/README.privsep
@ -12,19 +12,20 @@ On systems which lack mmap or anonymous (MAP_ANON) memory mapping,
 compression must be disabled in order for privilege separation to 
 function.
-When privsep is enabled, the pre-authentication sshd process will
+When privsep is enabled, during the pre-authentication phase sshd will
 chroot(2) to "/var/empty" and change its privileges to the "sshd" user
-and its primary group.  You should do something like the following to
+and its primary group.  sshd is a pseudo-account that should not be
-prepare the privsep preauth environment:
+used by other daemons, and must be locked and should contain a
 "nologin" or invalid shell.
 You should do something like the following to prepare the privsep
 preauth environment:
 	# mkdir /var/empty
 	# chown root:sys /var/empty
 	# chmod 755 /var/empty
 	# groupadd sshd
-	# useradd -g sshd sshd
+	# useradd -g sshd -c 'sshd privsep' -d /var/empty -s /bin/false sshd
 If you are on UnixWare 7 or OpenUNIX 8 do this additional step.
 	# ln /usr/lib/.ns.so /usr/lib/ns.so.1
 /var/empty should not contain any files.
@ -34,8 +35,8 @@ privsep user and chroot directory:
  --with-privsep-path=xxx Path for privilege separation chroot
  --with-privsep-user=user Specify non-privileged user for privilege separation
-Privsep requires operating system support for file descriptor passing
+Privsep requires operating system support for file descriptor passing.
-and mmap(MAP_ANON).
+Compression will be disabled on systems without a working mmap MAP_ANON.
 PAM-enabled OpenSSH is known to function with privsep on Linux.  
 It does not function on HP-UX with a trusted system
@ -57,4 +58,4 @@ process 1005 is the sshd process listening for new connections.
 process 6917 is the privileged monitor process, 6919 is the user owned
 sshd process and 6921 is the shell process.
-$Id: README.privsep,v 1.7 2002/06/21 14:48:02 djm Exp $
+$Id: README.privsep,v 1.10 2002/06/26 00:43:57 stevesk Exp $
--- a/crypto/openssh/TODO
+++ b/crypto/openssh/TODO
@ -87,4 +87,20 @@ Packaging:
 - HP-UX: Provide DEPOT package scripts.
  (gilbert.r.loomis@saic.com)
-$Id: TODO,v 1.46 2002/01/22 11:26:20 djm Exp $
+
 PrivSep Issues:
 - mmap() issues.
  + /dev/zero solution (Solaris)
  + No/broken MAP_ANON (Irix)
  + broken /dev/zero parse (Linux)
 - PAM 
  + See above PAM notes
 - AIX
  + usrinfo() does not set TTY, but only required for legicy systems.  Works
    with PrivSep.
 - OSF
  + SIA is broken
 - Cygwin
  + Privsep for Pre-auth only (no fd passing)
 $Id: TODO,v 1.50 2002/06/25 17:12:27 mouring Exp $
--- a/crypto/openssh/buffer.c
+++ b/crypto/openssh/buffer.c
@ -12,7 +12,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: buffer.c,v 1.15 2002/01/18 18:14:17 stevesk Exp $");
+RCSID("$OpenBSD: buffer.c,v 1.16 2002/06/26 08:54:18 markus Exp $");
 #include "xmalloc.h"
 #include "buffer.h"
@ -71,6 +71,9 @@ buffer_append_space(Buffer *buffer, u_int len)
 {
 	void *p;
 	if (len > 0x100000)
 		fatal("buffer_append_space: len %u not supported", len);
 	/* If the buffer is empty, start using it from the beginning. */
 	if (buffer->offset == buffer->end) {
 		buffer->offset = 0;
@ -96,6 +99,9 @@ buffer_append_space(Buffer *buffer, u_int len)
 	}
 	/* Increase the size of the buffer and retry. */
 	buffer->alloc += len + 32768;
 	if (buffer->alloc > 0xa00000)
 		fatal("buffer_append_space: alloc %u not supported",
 		    buffer->alloc);
 	buffer->buf = xrealloc(buffer->buf, buffer->alloc);
 	goto restart;
 	/* NOTREACHED */
--- a/crypto/openssh/clientloop.c
+++ b/crypto/openssh/clientloop.c
@ -59,7 +59,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: clientloop.c,v 1.101 2002/06/09 13:32:01 markus Exp $");
+RCSID("$OpenBSD: clientloop.c,v 1.102 2002/06/24 14:33:27 markus Exp $");
 #include "ssh.h"
 #include "ssh1.h"
@ -1208,10 +1208,8 @@ client_input_channel_open(int type, u_int32_t seq, void *ctxt)
 {
 	Channel *c = NULL;
 	char *ctype;
 	u_int len;
 	int rchan;
-	int rmaxpack;
+	u_int rmaxpack, rwindow, len;
 	int rwindow;
 	ctype = packet_get_string(&len);
 	rchan = packet_get_int();
--- a/crypto/openssh/defines.h
+++ b/crypto/openssh/defines.h
@ -1,7 +1,7 @@
 #ifndef _DEFINES_H
 #define _DEFINES_H
-/* $Id: defines.h,v 1.90 2002/06/07 03:19:36 mouring Exp $ */
+/* $Id: defines.h,v 1.92 2002/06/24 16:26:49 stevesk Exp $ */
 /* Constants */
@ -316,14 +316,6 @@ struct winsize {
 # define _PATH_MAILDIR MAILDIR
 #endif /* !defined(_PATH_MAILDIR) && defined(MAILDIR) */
 #ifndef _PATH_RSH
 # ifdef RSH_PATH
 #  define _PATH_RSH RSH_PATH
 # else /* RSH_PATH */
 #  define _PATH_RSH "/usr/bin/rsh"
 # endif /* RSH_PATH */
 #endif /* _PATH_RSH */
 #ifndef _PATH_NOLOGIN
 # define _PATH_NOLOGIN "/etc/nologin"
 #endif
@ -417,7 +409,18 @@ struct winsize {
 #endif
 #ifndef HAVE_GETOPT_OPTRESET
-#define getopt(ac, av, o)  BSDgetopt(ac, av, o)
+# undef getopt
 # undef opterr
 # undef optind
 # undef optopt
 # undef optreset
 # undef optarg
 # define getopt(ac, av, o)  BSDgetopt(ac, av, o)
 # define opterr             BSDopterr
 # define optind             BSDoptind
 # define optopt             BSDoptopt
 # define optreset           BSDoptreset
 # define optarg             BSDoptarg
 #endif
 /* In older versions of libpam, pam_strerror takes a single argument */
--- a/crypto/openssh/kex.c
+++ b/crypto/openssh/kex.c
@ -23,7 +23,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: kex.c,v 1.50 2002/05/15 15:47:49 mouring Exp $");
+RCSID("$OpenBSD: kex.c,v 1.51 2002/06/24 14:55:38 markus Exp $");
 #include <openssl/crypto.h>
@ -202,8 +202,8 @@ kex_input_kexinit(int type, u_int32_t seq, void *ctxt)
 		packet_get_char();
 	for (i = 0; i < PROPOSAL_MAX; i++)
 		xfree(packet_get_string(NULL));
-	packet_get_char();
+	(void) packet_get_char();
-	packet_get_int();
+	(void) packet_get_int();
 	packet_check_eom();
 	kex_kexinit_finish(kex);
--- a/crypto/openssh/monitor_fdpass.h
+++ b/crypto/openssh/monitor_fdpass.h
@ -1,4 +1,4 @@
-/*      $OpenBSD: monitor_fdpass.h,v 1.2 2002/03/26 03:24:01 stevesk Exp $	*/
+/*	$OpenBSD: monitor_fdpass.h,v 1.2 2002/03/26 03:24:01 stevesk Exp $	*/
 /*
 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
--- a/crypto/openssh/monitor_mm.c
+++ b/crypto/openssh/monitor_mm.c
@ -84,13 +84,13 @@ mm_create(struct mm_master *mmalloc, size_t size)
 	 */
 	mm->mmalloc = mmalloc;
-#if  defined(HAVE_MMAP) && defined(MAP_ANON)
+#ifdef HAVE_MMAP_ANON_SHARED
 	address = mmap(NULL, size, PROT_WRITE|PROT_READ, MAP_ANON|MAP_SHARED,
 	    -1, 0);
 	if (address == MAP_FAILED)
 		fatal("mmap(%lu): %s", (u_long)size, strerror(errno));
 #else
-	fatal("%s: UsePrivilegeSeparation=yes not supported",
+	fatal("%s: UsePrivilegeSeparation=yes and Compression=yes not supported",
 	    __func__);
 #endif
@ -130,12 +130,12 @@ mm_destroy(struct mm_master *mm)
 	mm_freelist(mm->mmalloc, &mm->rb_free);
 	mm_freelist(mm->mmalloc, &mm->rb_allocated);
-#ifdef HAVE_MMAP
+#ifdef HAVE_MMAP_ANON_SHARED
 	if (munmap(mm->address, mm->size) == -1)
 		fatal("munmap(%p, %lu): %s", mm->address, (u_long)mm->size,
 		    strerror(errno));
 #else
-	fatal("%s: UsePrivilegeSeparation=yes not supported",
+	fatal("%s: UsePrivilegeSeparation=yes and Compression=yes not supported",
 	    __func__);
 #endif
 	if (mm->mmalloc == NULL)
--- a/crypto/openssh/monitor_mm.h
+++ b/crypto/openssh/monitor_mm.h
@ -1,4 +1,4 @@
-/*      $OpenBSD: monitor_mm.h,v 1.2 2002/03/26 03:24:01 stevesk Exp $  */
+/*	$OpenBSD: monitor_mm.h,v 1.2 2002/03/26 03:24:01 stevesk Exp $	*/
 /*
 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
--- a/crypto/openssh/msg.c
+++ b/crypto/openssh/msg.c
@ -22,7 +22,7 @@
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 #include "includes.h"
-RCSID("$OpenBSD: msg.c,v 1.2 2002/06/19 00:27:55 deraadt Exp $");
+RCSID("$OpenBSD: msg.c,v 1.3 2002/06/24 15:49:22 itojun Exp $");
 #include "buffer.h"
 #include "getput.h"
@ -36,7 +36,7 @@ msg_send(int fd, u_char type, Buffer *m)
 	u_char buf[5];
 	u_int mlen = buffer_len(m);
-	debug3("msg_send: type %d", type);
+	debug3("msg_send: type %u", (unsigned int)type & 0xff);
 	PUT_32BIT(buf, mlen + 1);
 	buf[4] = type;		/* 1st byte of payload is mesg-type */
@ -59,7 +59,7 @@ msg_recv(int fd, Buffer *m)
 	if (res != sizeof(buf)) {
 		if (res == 0)
 			return -1;
-		fatal("msg_recv: read: header %d", res);
+		fatal("msg_recv: read: header %ld", (long)res);
 	}
 	msg_len = GET_32BIT(buf);
 	if (msg_len > 256 * 1024)
--- a/crypto/openssh/openbsd-compat/getopt.c
+++ b/crypto/openssh/openbsd-compat/getopt.c
@ -42,11 +42,11 @@ static char *rcsid = "$OpenBSD: getopt.c,v 1.2 1996/08/19 08:33:32 tholo Exp $";
 #include <stdlib.h>
 #include <string.h>
-int	opterr = 1,		/* if error message should be printed */
+int	BSDopterr = 1,		/* if error message should be printed */
-	optind = 1,		/* index into parent argv vector */
+	BSDoptind = 1,		/* index into parent argv vector */
-	optopt,			/* character checked for validity */
+	BSDoptopt,		/* character checked for validity */
-	optreset;		/* reset getopt */
+	BSDoptreset;		/* reset getopt */
-char	*optarg;		/* argument associated with option */
+char	*BSDoptarg;		/* argument associated with option */
 #define	BADCH	(int)'?'
 #define	BADARG	(int)':'
@ -66,57 +66,57 @@ BSDgetopt(nargc, nargv, ostr)
 	static char *place = EMSG;		/* option letter processing */
 	char *oli;				/* option letter list index */
-	if (optreset || !*place) {		/* update scanning pointer */
+	if (BSDoptreset || !*place) {		/* update scanning pointer */
-		optreset = 0;
+		BSDoptreset = 0;
-		if (optind >= nargc || *(place = nargv[optind]) != '-') {
+		if (BSDoptind >= nargc || *(place = nargv[BSDoptind]) != '-') {
 			place = EMSG;
 			return (-1);
 		}
 		if (place[1] && *++place == '-') {	/* found "--" */
-			++optind;
+			++BSDoptind;
 			place = EMSG;
 			return (-1);
 		}
 	}					/* option letter okay? */
-	if ((optopt = (int)*place++) == (int)':' ||
+	if ((BSDoptopt = (int)*place++) == (int)':' ||
-	    !(oli = strchr(ostr, optopt))) {
+	    !(oli = strchr(ostr, BSDoptopt))) {
 		/*
 		 * if the user didn't specify '-' as an option,
 		 * assume it means -1.
 		 */
-		if (optopt == (int)'-')
+		if (BSDoptopt == (int)'-')
 			return (-1);
 		if (!*place)
-			++optind;
+			++BSDoptind;
-		if (opterr && *ostr != ':')
+		if (BSDopterr && *ostr != ':')
 			(void)fprintf(stderr,
-			    "%s: illegal option -- %c\n", __progname, optopt);
+			    "%s: illegal option -- %c\n", __progname, BSDoptopt);
 		return (BADCH);
 	}
 	if (*++oli != ':') {			/* don't need argument */
-		optarg = NULL;
+		BSDoptarg = NULL;
 		if (!*place)
-			++optind;
+			++BSDoptind;
 	}
 	else {					/* need an argument */
 		if (*place)			/* no white space */
-			optarg = place;
+			BSDoptarg = place;
-		else if (nargc <= ++optind) {	/* no arg */
+		else if (nargc <= ++BSDoptind) {	/* no arg */
 			place = EMSG;
 			if (*ostr == ':')
 				return (BADARG);
-			if (opterr)
+			if (BSDopterr)
 				(void)fprintf(stderr,
 				    "%s: option requires an argument -- %c\n",
-				    __progname, optopt);
+				    __progname, BSDoptopt);
 			return (BADCH);
 		}
 	 	else				/* white space */
-			optarg = nargv[optind];
+			BSDoptarg = nargv[BSDoptind];
 		place = EMSG;
-		++optind;
+		++BSDoptind;
 	}
-	return (optopt);			/* dump back option letter */
+	return (BSDoptopt);			/* dump back option letter */
 }
 #endif /* !defined(HAVE_GETOPT) || !defined(HAVE_OPTRESET) */
--- a/crypto/openssh/packet.c
+++ b/crypto/openssh/packet.c
@ -37,7 +37,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: packet.c,v 1.95 2002/06/19 18:01:00 markus Exp $");
+RCSID("$OpenBSD: packet.c,v 1.96 2002/06/23 21:10:02 deraadt Exp $");
 #include "xmalloc.h"
 #include "buffer.h"
@ -1015,7 +1015,7 @@ packet_read_poll2(u_int32_t *seqnr_p)
 int
 packet_read_poll_seqnr(u_int32_t *seqnr_p)
 {
-	int reason, seqnr;
+	u_int reason, seqnr;
 	u_char type;
 	char *msg;
@ -1038,14 +1038,15 @@ packet_read_poll_seqnr(u_int32_t *seqnr_p)
 			case SSH2_MSG_DISCONNECT:
 				reason = packet_get_int();
 				msg = packet_get_string(NULL);
-				log("Received disconnect from %s: %d: %.400s", get_remote_ipaddr(),
+				log("Received disconnect from %s: %u: %.400s",
-					reason, msg);
+				    get_remote_ipaddr(), reason, msg);
 				xfree(msg);
 				fatal_cleanup();
 				break;
 			case SSH2_MSG_UNIMPLEMENTED:
 				seqnr = packet_get_int();
-				debug("Received SSH2_MSG_UNIMPLEMENTED for %d", seqnr);
+				debug("Received SSH2_MSG_UNIMPLEMENTED for %u",
 				    seqnr);
 				break;
 			default:
 				return type;
@ -1063,8 +1064,8 @@ packet_read_poll_seqnr(u_int32_t *seqnr_p)
 				break;
 			case SSH_MSG_DISCONNECT:
 				msg = packet_get_string(NULL);
-				log("Received disconnect from %s: %.400s", get_remote_ipaddr(),
+				log("Received disconnect from %s: %.400s",
-					msg);
+				    get_remote_ipaddr(), msg);
 				fatal_cleanup();
 				xfree(msg);
 				break;
--- a/crypto/openssh/scard.c
+++ b/crypto/openssh/scard.c
@ -24,7 +24,7 @@
 #include "includes.h"
 #if defined(SMARTCARD) && defined(USE_SECTOK)
-RCSID("$OpenBSD: scard.c,v 1.25 2002/03/26 18:46:59 rees Exp $");
+RCSID("$OpenBSD: scard.c,v 1.26 2002/06/23 03:30:17 deraadt Exp $");
 #include <openssl/evp.h>
 #include <sectok.h>
@ -191,7 +191,7 @@ sc_read_pubkey(Key * k)
 	status = 0;
 	p = key_fingerprint(k, SSH_FP_MD5, SSH_FP_HEX);
-	debug("fingerprint %d %s", key_size(k), p);
+	debug("fingerprint %u %s", key_size(k), p);
 	xfree(p);
 err:
--- a/crypto/openssh/scp.1
+++ b/crypto/openssh/scp.1
@ -9,7 +9,7 @@
 .\"
 .\" Created: Sun May  7 00:14:37 1995 ylo
 .\"
-.\" $OpenBSD: scp.1,v 1.22 2002/06/20 20:00:05 stevesk Exp $
+.\" $OpenBSD: scp.1,v 1.23 2002/06/22 16:41:57 stevesk Exp $
 .\"
 .Dd September 25, 1999
 .Dt SCP 1
@ -152,5 +152,5 @@ California.
 .Xr ssh-add 1 ,
 .Xr ssh-agent 1 ,
 .Xr ssh-keygen 1 ,
-.Xr ssh_config 5
+.Xr ssh_config 5 ,
 .Xr sshd 8
--- a/crypto/openssh/sftp-client.c
+++ b/crypto/openssh/sftp-client.c
@ -28,7 +28,7 @@
 /* XXX: copy between two remote sites */
 #include "includes.h"
-RCSID("$OpenBSD: sftp-client.c,v 1.32 2002/06/09 13:32:01 markus Exp $");
+RCSID("$OpenBSD: sftp-client.c,v 1.33 2002/06/23 09:30:14 deraadt Exp $");
 #include "openbsd-compat/fake-queue.h"
@ -88,7 +88,7 @@ get_msg(int fd, Buffer *m)
 	msg_len = GET_32BIT(buf);
 	if (msg_len > 256 * 1024)
-		fatal("Received message too long %d", msg_len);
+		fatal("Received message too long %u", msg_len);
 	while (msg_len) {
 		len = atomicio(read, fd, buf, MIN(msg_len, sizeof(buf)));
@ -113,7 +113,7 @@ send_string_request(int fd, u_int id, u_int code, char *s,
 	buffer_put_int(&msg, id);
 	buffer_put_string(&msg, s, len);
 	send_msg(fd, &msg);
-	debug3("Sent message fd %d T:%d I:%d", fd, code, id);
+	debug3("Sent message fd %d T:%u I:%u", fd, code, id);
 	buffer_free(&msg);
 }
@ -129,12 +129,12 @@ send_string_attrs_request(int fd, u_int id, u_int code, char *s,
 	buffer_put_string(&msg, s, len);
 	encode_attrib(&msg, a);
 	send_msg(fd, &msg);
-	debug3("Sent message fd %d T:%d I:%d", fd, code, id);
+	debug3("Sent message fd %d T:%u I:%u", fd, code, id);
 	buffer_free(&msg);
 }
 static u_int
-get_status(int fd, int expected_id)
+get_status(int fd, u_int expected_id)
 {
 	Buffer msg;
 	u_int type, id, status;
@ -145,15 +145,15 @@ get_status(int fd, int expected_id)
 	id = buffer_get_int(&msg);
 	if (id != expected_id)
-		fatal("ID mismatch (%d != %d)", id, expected_id);
+		fatal("ID mismatch (%u != %u)", id, expected_id);
 	if (type != SSH2_FXP_STATUS)
-		fatal("Expected SSH2_FXP_STATUS(%d) packet, got %d",
+		fatal("Expected SSH2_FXP_STATUS(%u) packet, got %u",
 		    SSH2_FXP_STATUS, type);
 	status = buffer_get_int(&msg);
 	buffer_free(&msg);
-	debug3("SSH2_FXP_STATUS %d", status);
+	debug3("SSH2_FXP_STATUS %u", status);
 	return(status);
 }
@ -171,14 +171,14 @@ get_handle(int fd, u_int expected_id, u_int *len)
 	id = buffer_get_int(&msg);
 	if (id != expected_id)
-		fatal("ID mismatch (%d != %d)", id, expected_id);
+		fatal("ID mismatch (%u != %u)", id, expected_id);
 	if (type == SSH2_FXP_STATUS) {
 		int status = buffer_get_int(&msg);
 		error("Couldn't get handle: %s", fx2txt(status));
 		return(NULL);
 	} else if (type != SSH2_FXP_HANDLE)
-		fatal("Expected SSH2_FXP_HANDLE(%d) packet, got %d",
+		fatal("Expected SSH2_FXP_HANDLE(%u) packet, got %u",
 		    SSH2_FXP_HANDLE, type);
 	handle = buffer_get_string(&msg, len);
@ -200,9 +200,9 @@ get_decode_stat(int fd, u_int expected_id, int quiet)
 	type = buffer_get_char(&msg);
 	id = buffer_get_int(&msg);
-	debug3("Received stat reply T:%d I:%d", type, id);
+	debug3("Received stat reply T:%u I:%u", type, id);
 	if (id != expected_id)
-		fatal("ID mismatch (%d != %d)", id, expected_id);
+		fatal("ID mismatch (%u != %u)", id, expected_id);
 	if (type == SSH2_FXP_STATUS) {
 		int status = buffer_get_int(&msg);
@ -212,7 +212,7 @@ get_decode_stat(int fd, u_int expected_id, int quiet)
 			error("Couldn't stat remote file: %s", fx2txt(status));
 		return(NULL);
 	} else if (type != SSH2_FXP_ATTRS) {
-		fatal("Expected SSH2_FXP_ATTRS(%d) packet, got %d",
+		fatal("Expected SSH2_FXP_ATTRS(%u) packet, got %u",
 		    SSH2_FXP_ATTRS, type);
 	}
 	a = decode_attrib(&msg);
@ -224,7 +224,8 @@ get_decode_stat(int fd, u_int expected_id, int quiet)
 struct sftp_conn *
 do_init(int fd_in, int fd_out, u_int transfer_buflen, u_int num_requests)
 {
-	int type, version;
+	u_int type;
 	int version;
 	Buffer msg;
 	struct sftp_conn *ret;
@ -239,7 +240,7 @@ do_init(int fd_in, int fd_out, u_int transfer_buflen, u_int num_requests)
 	/* Expecting a VERSION reply */
 	if ((type = buffer_get_char(&msg)) != SSH2_FXP_VERSION) {
-		error("Invalid packet back from SSH2_FXP_INIT (type %d)",
+		error("Invalid packet back from SSH2_FXP_INIT (type %u)",
 		    type);
 		buffer_free(&msg);
 		return(NULL);
@ -294,7 +295,7 @@ do_close(struct sftp_conn *conn, char *handle, u_int handle_len)
 	buffer_put_int(&msg, id);
 	buffer_put_string(&msg, handle, handle_len);
 	send_msg(conn->fd_out, &msg);
-	debug3("Sent message SSH2_FXP_CLOSE I:%d", id);
+	debug3("Sent message SSH2_FXP_CLOSE I:%u", id);
 	status = get_status(conn->fd_in, id);
 	if (status != SSH2_FX_OK)
@ -339,7 +340,7 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag,
 		id = expected_id = conn->msg_id++;
-		debug3("Sending SSH2_FXP_READDIR I:%d", id);
+		debug3("Sending SSH2_FXP_READDIR I:%u", id);
 		buffer_clear(&msg);
 		buffer_put_char(&msg, SSH2_FXP_READDIR);
@ -354,10 +355,10 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag,
 		type = buffer_get_char(&msg);
 		id = buffer_get_int(&msg);
-		debug3("Received reply T:%d I:%d", type, id);
+		debug3("Received reply T:%u I:%u", type, id);
 		if (id != expected_id)
-			fatal("ID mismatch (%d != %d)", id, expected_id);
+			fatal("ID mismatch (%u != %u)", id, expected_id);
 		if (type == SSH2_FXP_STATUS) {
 			int status = buffer_get_int(&msg);
@ -373,7 +374,7 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag,
 				return(status);
 			}
 		} else if (type != SSH2_FXP_NAME)
-			fatal("Expected SSH2_FXP_NAME(%d) packet, got %d",
+			fatal("Expected SSH2_FXP_NAME(%u) packet, got %u",
 			    SSH2_FXP_NAME, type);
 		count = buffer_get_int(&msg);
@ -584,7 +585,7 @@ do_realpath(struct sftp_conn *conn, char *path)
 	id = buffer_get_int(&msg);
 	if (id != expected_id)
-		fatal("ID mismatch (%d != %d)", id, expected_id);
+		fatal("ID mismatch (%u != %u)", id, expected_id);
 	if (type == SSH2_FXP_STATUS) {
 		u_int status = buffer_get_int(&msg);
@ -592,7 +593,7 @@ do_realpath(struct sftp_conn *conn, char *path)
 		error("Couldn't canonicalise: %s", fx2txt(status));
 		return(NULL);
 	} else if (type != SSH2_FXP_NAME)
-		fatal("Expected SSH2_FXP_NAME(%d) packet, got %d",
+		fatal("Expected SSH2_FXP_NAME(%u) packet, got %u",
 		    SSH2_FXP_NAME, type);
 	count = buffer_get_int(&msg);
@ -690,7 +691,7 @@ do_readlink(struct sftp_conn *conn, char *path)
 	id = buffer_get_int(&msg);
 	if (id != expected_id)
-		fatal("ID mismatch (%d != %d)", id, expected_id);
+		fatal("ID mismatch (%u != %u)", id, expected_id);
 	if (type == SSH2_FXP_STATUS) {
 		u_int status = buffer_get_int(&msg);
@ -698,7 +699,7 @@ do_readlink(struct sftp_conn *conn, char *path)
 		error("Couldn't readlink: %s", fx2txt(status));
 		return(NULL);
 	} else if (type != SSH2_FXP_NAME)
-		fatal("Expected SSH2_FXP_NAME(%d) packet, got %d",
+		fatal("Expected SSH2_FXP_NAME(%u) packet, got %u",
 		    SSH2_FXP_NAME, type);
 	count = buffer_get_int(&msg);
@ -790,7 +791,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
 	attrib_clear(&junk); /* Send empty attributes */
 	encode_attrib(&msg, &junk);
 	send_msg(conn->fd_out, &msg);
-	debug3("Sent message SSH2_FXP_OPEN I:%d P:%s", id, remote_path);
+	debug3("Sent message SSH2_FXP_OPEN I:%u P:%s", id, remote_path);
 	handle = get_handle(conn->fd_in, id, &handle_len);
 	if (handle == NULL) {
@ -835,7 +836,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
 		get_msg(conn->fd_in, &msg);
 		type = buffer_get_char(&msg);
 		id = buffer_get_int(&msg);
-		debug3("Received reply T:%d I:%d R:%d", type, id, max_req);
+		debug3("Received reply T:%u I:%u R:%d", type, id, max_req);
 		/* Find the request in our queue */
 		for(req = TAILQ_FIRST(&requests);
@ -862,7 +863,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
 			    (unsigned long long)req->offset + len - 1);
 			if (len > req->len)
 				fatal("Received more data than asked for "
-				      "%d > %d", len, req->len);
+				      "%u > %u", len, req->len);
 			if ((lseek(local_fd, req->offset, SEEK_SET) == -1 ||
 			     atomicio(write, local_fd, data, len) != len) &&
 			    !write_error) {
@ -907,7 +908,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
 			}
 			break;
 		default:
-			fatal("Expected SSH2_FXP_DATA(%d) packet, got %d",
+			fatal("Expected SSH2_FXP_DATA(%u) packet, got %u",
 			    SSH2_FXP_DATA, type);
 		}
 	}
@ -1006,7 +1007,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
 	buffer_put_int(&msg, SSH2_FXF_WRITE|SSH2_FXF_CREAT|SSH2_FXF_TRUNC);
 	encode_attrib(&msg, &a);
 	send_msg(conn->fd_out, &msg);
-	debug3("Sent message SSH2_FXP_OPEN I:%d P:%s", id, remote_path);
+	debug3("Sent message SSH2_FXP_OPEN I:%u P:%s", id, remote_path);
 	buffer_clear(&msg);
@ -1051,7 +1052,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
 			buffer_put_int64(&msg, offset);
 			buffer_put_string(&msg, data, len);
 			send_msg(conn->fd_out, &msg);
-			debug3("Sent message SSH2_FXP_WRITE I:%d O:%llu S:%u",
+			debug3("Sent message SSH2_FXP_WRITE I:%u O:%llu S:%u",
 			       id, (unsigned long long)offset, len);
 		} else if (TAILQ_FIRST(&acks) == NULL)
 			break;
@ -1081,7 +1082,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
 			    ack = TAILQ_NEXT(ack, tq))
 				;
 			if (ack == NULL)
-				fatal("Can't find request for ID %d", r_id);
+				fatal("Can't find request for ID %u", r_id);
 			TAILQ_REMOVE(&acks, ack, tq);
 			if (status != SSH2_FX_OK) {
@ -1091,7 +1092,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
 				close(local_fd);
 				goto done;
 			}
-			debug3("In write loop, ack for %u %d bytes at %llu",
+			debug3("In write loop, ack for %u %u bytes at %llu",
 			   ack->id, ack->len, (unsigned long long)ack->offset);
 			++ackid;
 			free(ack);
--- a/crypto/openssh/sftp-client.h
+++ b/crypto/openssh/sftp-client.h
@ -1,4 +1,4 @@
-/* $OpenBSD: sftp-client.h,v 1.9 2002/02/13 00:59:23 djm Exp $ */
+/* $OpenBSD: sftp-client.h,v 1.10 2002/06/23 09:30:14 deraadt Exp $ */
 /*
 * Copyright (c) 2001,2002 Damien Miller.  All rights reserved.
@ -41,11 +41,9 @@ struct SFTP_DIRENT {
 * Initialiase a SSH filexfer connection. Returns -1 on error or
 * protocol version on success.
 */
-struct sftp_conn *
+struct sftp_conn *do_init(int, int, u_int, u_int);
 do_init(int, int, u_int, u_int);
-u_int
+u_int sftp_proto_version(struct sftp_conn *);
 sftp_proto_version(struct sftp_conn *);
 /* Close file referred to by 'handle' */
 int do_close(struct sftp_conn *, char *, u_int);
--- a/crypto/openssh/sftp-common.c
+++ b/crypto/openssh/sftp-common.c
@ -24,7 +24,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: sftp-common.c,v 1.5 2001/12/02 02:08:32 deraadt Exp $");
+RCSID("$OpenBSD: sftp-common.c,v 1.6 2002/06/23 09:30:14 deraadt Exp $");
 #include "buffer.h"
 #include "bufaux.h"
@ -70,6 +70,7 @@ Attrib *
 decode_attrib(Buffer *b)
 {
 	static Attrib a;
 	attrib_clear(&a);
 	a.flags = buffer_get_int(b);
 	if (a.flags & SSH2_FILEXFER_ATTR_SIZE)
@ -88,6 +89,7 @@ decode_attrib(Buffer *b)
 	if (a.flags & SSH2_FILEXFER_ATTR_EXTENDED) {
 		char *type, *data;
 		int i, count;
 		count = buffer_get_int(b);
 		for (i = 0; i < count; i++) {
 			type = buffer_get_string(b, NULL);
--- a/crypto/openssh/sftp-int.c
+++ b/crypto/openssh/sftp-int.c
@ -26,7 +26,7 @@
 /* XXX: recursive operations */
 #include "includes.h"
-RCSID("$OpenBSD: sftp-int.c,v 1.46 2002/03/30 18:51:15 markus Exp $");
+RCSID("$OpenBSD: sftp-int.c,v 1.47 2002/06/23 09:30:14 deraadt Exp $");
 #include "buffer.h"
 #include "xmalloc.h"
@ -835,7 +835,7 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd)
 		help();
 		break;
 	case I_VERSION:
-		printf("SFTP protocol version %d\n", sftp_proto_version(conn));
+		printf("SFTP protocol version %u\n", sftp_proto_version(conn));
 		break;
 	default:
 		fatal("%d is not implemented", cmdnum);
--- a/crypto/openssh/sftp-server.c
+++ b/crypto/openssh/sftp-server.c
@ -22,7 +22,7 @@
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 #include "includes.h"
-RCSID("$OpenBSD: sftp-server.c,v 1.35 2002/06/06 17:30:11 markus Exp $");
+RCSID("$OpenBSD: sftp-server.c,v 1.37 2002/06/24 17:57:20 deraadt Exp $");
 #include "buffer.h"
 #include "bufaux.h"
@ -282,7 +282,7 @@ send_status(u_int32_t id, u_int32_t error)
 		"Unknown error"			/* Others */
 	};
-	TRACE("sent status id %d error %d", id, error);
+	TRACE("sent status id %u error %u", id, error);
 	buffer_init(&msg);
 	buffer_put_char(&msg, SSH2_FXP_STATUS);
 	buffer_put_int(&msg, id);
@ -311,7 +311,7 @@ send_data_or_handle(char type, u_int32_t id, char *data, int dlen)
 static void
 send_data(u_int32_t id, char *data, int dlen)
 {
-	TRACE("sent data id %d len %d", id, dlen);
+	TRACE("sent data id %u len %d", id, dlen);
 	send_data_or_handle(SSH2_FXP_DATA, id, data, dlen);
 }
@ -322,7 +322,7 @@ send_handle(u_int32_t id, int handle)
 	int hlen;
 	handle_to_string(handle, &string, &hlen);
-	TRACE("sent handle id %d handle %d", id, handle);
+	TRACE("sent handle id %u handle %d", id, handle);
 	send_data_or_handle(SSH2_FXP_HANDLE, id, string, hlen);
 	xfree(string);
 }
@ -337,7 +337,7 @@ send_names(u_int32_t id, int count, Stat *stats)
 	buffer_put_char(&msg, SSH2_FXP_NAME);
 	buffer_put_int(&msg, id);
 	buffer_put_int(&msg, count);
-	TRACE("sent names id %d count %d", id, count);
+	TRACE("sent names id %u count %d", id, count);
 	for (i = 0; i < count; i++) {
 		buffer_put_cstring(&msg, stats[i].name);
 		buffer_put_cstring(&msg, stats[i].long_name);
@ -352,7 +352,7 @@ send_attrib(u_int32_t id, Attrib *a)
 {
 	Buffer msg;
-	TRACE("sent attrib id %d have 0x%x", id, a->flags);
+	TRACE("sent attrib id %u have 0x%x", id, a->flags);
 	buffer_init(&msg);
 	buffer_put_char(&msg, SSH2_FXP_ATTRS);
 	buffer_put_int(&msg, id);
@ -391,7 +391,7 @@ process_open(void)
 	a = get_attrib();
 	flags = flags_from_portable(pflags);
 	mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? a->perm : 0666;
-	TRACE("open id %d name %s flags %d mode 0%o", id, name, pflags, mode);
+	TRACE("open id %u name %s flags %d mode 0%o", id, name, pflags, mode);
 	fd = open(name, flags, mode);
 	if (fd < 0) {
 		status = errno_to_portable(errno);
@ -417,7 +417,7 @@ process_close(void)
 	id = get_int();
 	handle = get_handle();
-	TRACE("close id %d handle %d", id, handle);
+	TRACE("close id %u handle %d", id, handle);
 	ret = handle_close(handle);
 	status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
 	send_status(id, status);
@ -436,7 +436,7 @@ process_read(void)
 	off = get_int64();
 	len = get_int();
-	TRACE("read id %d handle %d off %llu len %d", id, handle,
+	TRACE("read id %u handle %d off %llu len %d", id, handle,
 	    (u_int64_t)off, len);
 	if (len > sizeof buf) {
 		len = sizeof buf;
@ -477,7 +477,7 @@ process_write(void)
 	off = get_int64();
 	data = get_string(&len);
-	TRACE("write id %d handle %d off %llu len %d", id, handle,
+	TRACE("write id %u handle %d off %llu len %d", id, handle,
 	    (u_int64_t)off, len);
 	fd = handle_to_fd(handle);
 	if (fd >= 0) {
@ -512,7 +512,7 @@ process_do_stat(int do_lstat)
 	id = get_int();
 	name = get_string(NULL);
-	TRACE("%sstat id %d name %s", do_lstat ? "l" : "", id, name);
+	TRACE("%sstat id %u name %s", do_lstat ? "l" : "", id, name);
 	ret = do_lstat ? lstat(name, &st) : stat(name, &st);
 	if (ret < 0) {
 		status = errno_to_portable(errno);
@ -548,7 +548,7 @@ process_fstat(void)
 	id = get_int();
 	handle = get_handle();
-	TRACE("fstat id %d handle %d", id, handle);
+	TRACE("fstat id %u handle %d", id, handle);
 	fd = handle_to_fd(handle);
 	if (fd  >= 0) {
 		ret = fstat(fd, &st);
@ -582,13 +582,12 @@ process_setstat(void)
 	Attrib *a;
 	u_int32_t id;
 	char *name;
-	int ret;
+	int status = SSH2_FX_OK, ret;
 	int status = SSH2_FX_OK;
 	id = get_int();
 	name = get_string(NULL);
 	a = get_attrib();
-	TRACE("setstat id %d name %s", id, name);
+	TRACE("setstat id %u name %s", id, name);
 	if (a->flags & SSH2_FILEXFER_ATTR_SIZE) {
 		ret = truncate(name, a->size);
 		if (ret == -1)
@ -625,7 +624,7 @@ process_fsetstat(void)
 	id = get_int();
 	handle = get_handle();
 	a = get_attrib();
-	TRACE("fsetstat id %d handle %d", id, handle);
+	TRACE("fsetstat id %u handle %d", id, handle);
 	fd = handle_to_fd(handle);
 	name = handle_to_name(handle);
 	if (fd < 0 || name == NULL) {
@ -677,7 +676,7 @@ process_opendir(void)
 	id = get_int();
 	path = get_string(NULL);
-	TRACE("opendir id %d path %s", id, path);
+	TRACE("opendir id %u path %s", id, path);
 	dirp = opendir(path);
 	if (dirp == NULL) {
 		status = errno_to_portable(errno);
@ -713,13 +712,13 @@ ls_file(char *name, struct stat *st)
 	if ((pw = getpwuid(st->st_uid)) != NULL) {
 		user = pw->pw_name;
 	} else {
-		snprintf(ubuf, sizeof ubuf, "%d", st->st_uid);
+		snprintf(ubuf, sizeof ubuf, "%u", (u_int)st->st_uid);
 		user = ubuf;
 	}
 	if ((gr = getgrgid(st->st_gid)) != NULL) {
 		group = gr->gr_name;
 	} else {
-		snprintf(gbuf, sizeof gbuf, "%d", st->st_gid);
+		snprintf(gbuf, sizeof gbuf, "%u", (u_int)st->st_gid);
 		group = gbuf;
 	}
 	if (ltime != NULL) {
@ -749,7 +748,7 @@ process_readdir(void)
 	id = get_int();
 	handle = get_handle();
-	TRACE("readdir id %d handle %d", id, handle);
+	TRACE("readdir id %u handle %d", id, handle);
 	dirp = handle_to_dir(handle);
 	path = handle_to_name(handle);
 	if (dirp == NULL || path == NULL) {
@ -759,6 +758,7 @@ process_readdir(void)
 		char pathname[1024];
 		Stat *stats;
 		int nstats = 10, count = 0, i;
 		stats = xmalloc(nstats * sizeof(Stat));
 		while ((dp = readdir(dirp)) != NULL) {
 			if (count >= nstats) {
@ -802,7 +802,7 @@ process_remove(void)
 	id = get_int();
 	name = get_string(NULL);
-	TRACE("remove id %d name %s", id, name);
+	TRACE("remove id %u name %s", id, name);
 	ret = unlink(name);
 	status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
 	send_status(id, status);
@ -822,7 +822,7 @@ process_mkdir(void)
 	a = get_attrib();
 	mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ?
 	    a->perm & 0777 : 0777;
-	TRACE("mkdir id %d name %s mode 0%o", id, name, mode);
+	TRACE("mkdir id %u name %s mode 0%o", id, name, mode);
 	ret = mkdir(name, mode);
 	status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
 	send_status(id, status);
@ -838,7 +838,7 @@ process_rmdir(void)
 	id = get_int();
 	name = get_string(NULL);
-	TRACE("rmdir id %d name %s", id, name);
+	TRACE("rmdir id %u name %s", id, name);
 	ret = rmdir(name);
 	status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
 	send_status(id, status);
@ -858,7 +858,7 @@ process_realpath(void)
 		xfree(path);
 		path = xstrdup(".");
 	}
-	TRACE("realpath id %d path %s", id, path);
+	TRACE("realpath id %u path %s", id, path);
 	if (realpath(path, resolvedname) == NULL) {
 		send_status(id, errno_to_portable(errno));
 	} else {
@ -881,7 +881,7 @@ process_rename(void)
 	id = get_int();
 	oldpath = get_string(NULL);
 	newpath = get_string(NULL);
-	TRACE("rename id %d old %s new %s", id, oldpath, newpath);
+	TRACE("rename id %u old %s new %s", id, oldpath, newpath);
 	/* fail if 'newpath' exists */
 	if (stat(newpath, &st) == -1) {
 		ret = rename(oldpath, newpath);
@ -902,7 +902,7 @@ process_readlink(void)
 	id = get_int();
 	path = get_string(NULL);
-	TRACE("readlink id %d path %s", id, path);
+	TRACE("readlink id %u path %s", id, path);
 	if ((len = readlink(path, link, sizeof(link) - 1)) == -1)
 		send_status(id, errno_to_portable(errno));
 	else {
@ -927,7 +927,7 @@ process_symlink(void)
 	id = get_int();
 	oldpath = get_string(NULL);
 	newpath = get_string(NULL);
-	TRACE("symlink id %d old %s new %s", id, oldpath, newpath);
+	TRACE("symlink id %u old %s new %s", id, oldpath, newpath);
 	/* fail if 'newpath' exists */
 	if (stat(newpath, &st) == -1) {
 		ret = symlink(oldpath, newpath);
--- a/crypto/openssh/sftp.c
+++ b/crypto/openssh/sftp.c
@ -24,7 +24,7 @@
 #include "includes.h"
-RCSID("$OpenBSD: sftp.c,v 1.29 2002/04/02 17:37:48 markus Exp $");
+RCSID("$OpenBSD: sftp.c,v 1.30 2002/06/23 09:30:14 deraadt Exp $");
 /* XXX: short-form remote directory listings (like 'ls -C') */
@ -53,8 +53,10 @@ static void
 connect_to_server(char *path, char **args, int *in, int *out, pid_t *sshpid)
 {
 	int c_in, c_out;
 #ifdef USE_PIPES
 	int pin[2], pout[2];
 	if ((pipe(pin) == -1) || (pipe(pout) == -1))
 		fatal("pipe: %s", strerror(errno));
 	*in = pin[0];
@ -63,6 +65,7 @@ connect_to_server(char *path, char **args, int *in, int *out, pid_t *sshpid)
 	c_out = pin[1];
 #else /* USE_PIPES */
 	int inout[2];
 	if (socketpair(AF_UNIX, SOCK_STREAM, 0, inout) == -1)
 		fatal("socketpair: %s", strerror(errno));
 	*in = *out = inout[0];
--- a/crypto/openssh/ssh-agent.1
+++ b/crypto/openssh/ssh-agent.1
@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-agent.1,v 1.33 2002/06/19 00:27:55 deraadt Exp $
+.\" $OpenBSD: ssh-agent.1,v 1.35 2002/06/24 13:12:23 markus Exp $
 .\"
 .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
 .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -69,7 +69,7 @@ The options are as follows:
 Bind the agent to the unix-domain socket
 .Ar bind_address .
 The default is
-.Pa /tmp/ssh-XXXXXXXX/agent.<pid> .
+.Pa /tmp/ssh-XXXXXXXX/agent.<ppid> .
 .It Fl c
 Generate C-shell commands on
 .Dv stdout .
@ -151,7 +151,7 @@ user.
 .Pp
 The
 .Ev SSH_AGENT_PID
-environment variable holds the agent's PID.
+environment variable holds the agent's process ID.
 .Pp
 The agent exits automatically when the command given on the command
 line terminates.
@ -163,7 +163,7 @@ Contains the protocol version 1 RSA authentication identity of the user.
 Contains the protocol version 2 DSA authentication identity of the user.
 .It Pa $HOME/.ssh/id_rsa
 Contains the protocol version 2 RSA authentication identity of the user.
-.It Pa /tmp/ssh-XXXXXXXX/agent.<pid>
+.It Pa /tmp/ssh-XXXXXXXX/agent.<ppid>
 Unix-domain sockets used to contain the connection to the
 authentication agent.
 These sockets should only be readable by the owner.
--- a/crypto/openssh/ssh-dss.c
+++ b/crypto/openssh/ssh-dss.c
@ -23,7 +23,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: ssh-dss.c,v 1.14 2002/02/28 15:46:33 markus Exp $");
+RCSID("$OpenBSD: ssh-dss.c,v 1.15 2002/06/23 03:30:17 deraadt Exp $");
 #include <openssl/bn.h>
 #include <openssl/evp.h>
@ -40,9 +40,7 @@ RCSID("$OpenBSD: ssh-dss.c,v 1.14 2002/02/28 15:46:33 markus Exp $");
 #define SIGBLOB_LEN	(2*INTBLOB_LEN)
 int
-ssh_dss_sign(
+ssh_dss_sign(Key *key, u_char **sigp, u_int *lenp,
    Key *key,
    u_char **sigp, u_int *lenp,
    u_char *data, u_int datalen)
 {
 	DSA_SIG *sig;
@ -71,7 +69,7 @@ ssh_dss_sign(
 	rlen = BN_num_bytes(sig->r);
 	slen = BN_num_bytes(sig->s);
 	if (rlen > INTBLOB_LEN || slen > INTBLOB_LEN) {
-		error("bad sig size %d %d", rlen, slen);
+		error("bad sig size %u %u", rlen, slen);
 		DSA_SIG_free(sig);
 		return -1;
 	}
@ -104,9 +102,7 @@ ssh_dss_sign(
 	return 0;
 }
 int
-ssh_dss_verify(
+ssh_dss_verify(Key *key, u_char *signature, u_int signaturelen,
    Key *key,
    u_char *signature, u_int signaturelen,
    u_char *data, u_int datalen)
 {
 	DSA_SIG *sig;
@ -151,7 +147,7 @@ ssh_dss_verify(
 	}
 	if (len != SIGBLOB_LEN) {
-		fatal("bad sigbloblen %d != SIGBLOB_LEN", len);
+		fatal("bad sigbloblen %u != SIGBLOB_LEN", len);
 	}
 	/* parse signature */
--- a/crypto/openssh/ssh-keygen.c
+++ b/crypto/openssh/ssh-keygen.c
@ -12,7 +12,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: ssh-keygen.c,v 1.100 2002/06/19 00:27:55 deraadt Exp $");
+RCSID("$OpenBSD: ssh-keygen.c,v 1.101 2002/06/23 09:39:55 deraadt Exp $");
 #include <openssl/evp.h>
 #include <openssl/pem.h>
@ -170,7 +170,7 @@ do_convert_to_ssh2(struct passwd *pw)
 	}
 	fprintf(stdout, "%s\n", SSH_COM_PUBLIC_BEGIN);
 	fprintf(stdout,
-	    "Comment: \"%d-bit %s, converted from OpenSSH by %s@%s\"\n",
+	    "Comment: \"%u-bit %s, converted from OpenSSH by %s@%s\"\n",
 	    key_size(k), key_type(k),
 	    pw->pw_name, hostname);
 	dump_base64(stdout, blob, len);
@ -462,7 +462,7 @@ do_fingerprint(struct passwd *pw)
 	public = key_load_public(identity_file, &comment);
 	if (public != NULL) {
 		fp = key_fingerprint(public, fptype, rep);
-		printf("%d %s %s\n", key_size(public), fp, comment);
+		printf("%u %s %s\n", key_size(public), fp, comment);
 		key_free(public);
 		xfree(comment);
 		xfree(fp);
@ -496,7 +496,8 @@ do_fingerprint(struct passwd *pw)
 			if (i == 0 || ep == NULL || (*ep != ' ' && *ep != '\t')) {
 				int quoted = 0;
 				comment = cp;
-				for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) {
+				for (; *cp && (quoted || (*cp != ' ' &&
 				    *cp != '\t')); cp++) {
 					if (*cp == '\\' && cp[1] == '"')
 						cp++;	/* Skip both */
 					else if (*cp == '"')
@ -519,7 +520,7 @@ do_fingerprint(struct passwd *pw)
 			}
 			comment = *cp ? cp : comment;
 			fp = key_fingerprint(public, fptype, rep);
-			printf("%d %s %s\n", key_size(public), fp,
+			printf("%u %s %s\n", key_size(public), fp,
 			    comment ? comment : "no comment");
 			xfree(fp);
 			key_free(public);
--- a/crypto/openssh/ssh-rsa.c
+++ b/crypto/openssh/ssh-rsa.c
@ -23,7 +23,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: ssh-rsa.c,v 1.20 2002/06/10 16:53:06 stevesk Exp $");
+RCSID("$OpenBSD: ssh-rsa.c,v 1.21 2002/06/23 03:30:17 deraadt Exp $");
 #include <openssl/evp.h>
 #include <openssl/err.h>
@ -39,9 +39,7 @@ RCSID("$OpenBSD: ssh-rsa.c,v 1.20 2002/06/10 16:53:06 stevesk Exp $");
 /* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */
 int
-ssh_rsa_sign(
+ssh_rsa_sign(Key *key, u_char **sigp, u_int *lenp,
    Key *key,
    u_char **sigp, u_int *lenp,
    u_char *data, u_int datalen)
 {
 	const EVP_MD *evp_md;
@ -72,17 +70,18 @@ ssh_rsa_sign(
 	if (ok != 1) {
 		int ecode = ERR_get_error();
-		error("ssh_rsa_sign: RSA_sign failed: %s", ERR_error_string(ecode, NULL));
+		error("ssh_rsa_sign: RSA_sign failed: %s",
 		    ERR_error_string(ecode, NULL));
 		xfree(sig);
 		return -1;
 	}
 	if (len < slen) {
 		int diff = slen - len;
-		debug("slen %d > len %d", slen, len);
+		debug("slen %u > len %u", slen, len);
 		memmove(sig + diff, sig, len);
 		memset(sig, 0, diff);
 	} else if (len > slen) {
-		error("ssh_rsa_sign: slen %d slen2 %d", slen, len);
+		error("ssh_rsa_sign: slen %u slen2 %u", slen, len);
 		xfree(sig);
 		return -1;
 	}
@ -105,9 +104,7 @@ ssh_rsa_sign(
 }
 int
-ssh_rsa_verify(
+ssh_rsa_verify(Key *key, u_char *signature, u_int signaturelen,
    Key *key,
    u_char *signature, u_int signaturelen,
    u_char *data, u_int datalen)
 {
 	Buffer b;
@ -148,12 +145,12 @@ ssh_rsa_verify(
 	/* RSA_verify expects a signature of RSA_size */
 	modlen = RSA_size(key->rsa);
 	if (len > modlen) {
-		error("ssh_rsa_verify: len %d > modlen %d", len, modlen);
+		error("ssh_rsa_verify: len %u > modlen %u", len, modlen);
 		xfree(sigblob);
 		return -1;
 	} else if (len < modlen) {
 		int diff = modlen - len;
-		debug("ssh_rsa_verify: add padding: modlen %d > len %d",
+		debug("ssh_rsa_verify: add padding: modlen %u > len %u",
 		    modlen, len);
 		sigblob = xrealloc(sigblob, modlen);
 		memmove(sigblob + diff, sigblob, len);
@ -176,7 +173,8 @@ ssh_rsa_verify(
 	xfree(sigblob);
 	if (ret == 0) {
 		int ecode = ERR_get_error();
-		error("ssh_rsa_verify: RSA_verify failed: %s", ERR_error_string(ecode, NULL));
+		error("ssh_rsa_verify: RSA_verify failed: %s",
 		    ERR_error_string(ecode, NULL));
 	}
 	debug("ssh_rsa_verify: signature %scorrect", (ret==0) ? "in" : "");
 	return ret;
--- a/crypto/openssh/tildexpand.c
+++ b/crypto/openssh/tildexpand.c
@ -11,7 +11,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: tildexpand.c,v 1.12 2001/08/11 22:51:27 jakob Exp $");
+RCSID("$OpenBSD: tildexpand.c,v 1.13 2002/06/23 03:25:50 deraadt Exp $");
 #include "xmalloc.h"
 #include "log.h"
@ -67,6 +67,7 @@ tilde_expand_filename(const char *filename, uid_t my_uid)
 	if (len > MAXPATHLEN)
 		fatal("Home directory too long (%d > %d", len-1, MAXPATHLEN-1);
 	expanded = xmalloc(len);
-	snprintf(expanded, len, "%s%s%s", pw->pw_dir, strcmp(pw->pw_dir, "/") ? "/" : "", cp + 1);
+	snprintf(expanded, len, "%s%s%s", pw->pw_dir,
 	    strcmp(pw->pw_dir, "/") ? "/" : "", cp + 1);
 	return expanded;
 }