Resolve conflicts.

svn path=/head/; revision=164149

crypto/openssh/audit-bsm.c

@@ -1,4 +1,4 @@
-/* $Id: audit-bsm.c,v 1.4 2006/09/01 05:38:36 djm Exp $ */
+/* $Id: audit-bsm.c,v 1.5 2006/09/30 22:09:50 dtucker Exp $ */
 
 /*
  * TODO

crypto/openssh/auth-rsa.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-rsa.c,v 1.71 2006/08/03 03:34:41 deraadt Exp $ */
+/* $OpenBSD: auth-rsa.c,v 1.72 2006/11/06 21:25:27 markus Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -76,10 +76,12 @@ auth_rsa_generate_challenge(Key *key)
 	if ((challenge = BN_new()) == NULL)
 		fatal("auth_rsa_generate_challenge: BN_new() failed");
 	/* Generate a random challenge. */
-	BN_rand(challenge, 256, 0, 0);
+	if (BN_rand(challenge, 256, 0, 0) == 0)
+		fatal("auth_rsa_generate_challenge: BN_rand failed");
 	if ((ctx = BN_CTX_new()) == NULL)
-		fatal("auth_rsa_generate_challenge: BN_CTX_new() failed");
-	BN_mod(challenge, challenge, key->rsa->n, ctx);
+		fatal("auth_rsa_generate_challenge: BN_CTX_new failed");
+	if (BN_mod(challenge, challenge, key->rsa->n, ctx) == 0)
+		fatal("auth_rsa_generate_challenge: BN_mod failed");
 	BN_CTX_free(ctx);
 
 	return challenge;

crypto/openssh/auth.c

@@ -570,8 +570,6 @@ fakepw(void)
 	fake.pw_passwd =
 	    "$2a$06$r3.juUaHZDlIbQaO2dS9FuYxL1W9M81R1Tc92PoSNmzvpEqLkLGrK";
 	fake.pw_gecos = "NOUSER";
-	fake.pw_uid = (uid_t)-1;
-	fake.pw_gid = (gid_t)-1;
 	fake.pw_uid = privsep_pw->pw_uid;
 	fake.pw_gid = privsep_pw->pw_gid;
 #ifdef HAVE_PW_CLASS_IN_PASSWD

crypto/openssh/bufaux.h

@@ -1,55 +0,0 @@
-/* $OpenBSD: bufaux.h,v 1.22 2006/03/25 22:22:42 djm Exp $ */
-
-/*
- * Author: Tatu Ylonen <ylo@cs.hut.fi>
- * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
- *                    All rights reserved
- *
- * As far as I am concerned, the code I have written for this software
- * can be used freely for any purpose.  Any derived versions of this
- * software must be clearly marked as such, and if the derived work is
- * incompatible with the protocol description in the RFC file, it must be
- * called by a name other than "ssh" or "Secure Shell".
- */
-
-#ifndef BUFAUX_H
-#define BUFAUX_H
-
-#include "buffer.h"
-#include <openssl/bn.h>
-
-void    buffer_put_bignum(Buffer *, const BIGNUM *);
-void    buffer_put_bignum2(Buffer *, const BIGNUM *);
-void	buffer_get_bignum(Buffer *, BIGNUM *);
-void	buffer_get_bignum2(Buffer *, BIGNUM *);
-
-u_short	buffer_get_short(Buffer *);
-void	buffer_put_short(Buffer *, u_short);
-
-u_int	buffer_get_int(Buffer *);
-void    buffer_put_int(Buffer *, u_int);
-
-u_int64_t buffer_get_int64(Buffer *);
-void	buffer_put_int64(Buffer *, u_int64_t);
-
-int     buffer_get_char(Buffer *);
-void    buffer_put_char(Buffer *, int);
-
-void   *buffer_get_string(Buffer *, u_int *);
-void    buffer_put_string(Buffer *, const void *, u_int);
-void	buffer_put_cstring(Buffer *, const char *);
-
-#define buffer_skip_string(b) \
-    do { u_int l = buffer_get_int(b); buffer_consume(b, l); } while (0)
-
-int	buffer_put_bignum_ret(Buffer *, const BIGNUM *);
-int	buffer_get_bignum_ret(Buffer *, BIGNUM *);
-int	buffer_put_bignum2_ret(Buffer *, const BIGNUM *);
-int	buffer_get_bignum2_ret(Buffer *, BIGNUM *);
-int	buffer_get_short_ret(u_short *, Buffer *);
-int	buffer_get_int_ret(u_int *, Buffer *);
-int	buffer_get_int64_ret(u_int64_t *, Buffer *);
-void	*buffer_get_string_ret(Buffer *, u_int *);
-int	buffer_get_char_ret(char *, Buffer *);
-
-#endif				/* BUFAUX_H */

crypto/openssh/configure.ac

@@ -1,4 +1,4 @@
-# $Id: configure.ac,v 1.369 2006/10/03 16:34:35 tim Exp $
+# $Id: configure.ac,v 1.370 2006/10/06 23:07:21 dtucker Exp $
 #
 # Copyright (c) 1999-2004 Damien Miller
 #
@@ -15,7 +15,7 @@
 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
-AC_REVISION($Revision: 1.369 $)
+AC_REVISION($Revision: 1.370 $)
 AC_CONFIG_SRCDIR([ssh.c])
 
 AC_CONFIG_HEADER(config.h)
@@ -3184,7 +3184,10 @@ AC_ARG_WITH(selinux,
 		    AC_MSG_ERROR(SELinux support requires selinux.h header))
 		AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
 		    AC_MSG_ERROR(SELinux support requires libselinux library))
+		save_LIBS="$LIBS"
+		LIBS="$LIBS $LIBSELINUX"
 		AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
+		LIBS="$save_LIBS"
 	fi ]
 )
 AC_SUBST(LIBSELINUX)

crypto/openssh/key.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: key.c,v 1.67 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: key.c,v 1.68 2006/11/06 21:25:28 markus Exp $ */
 /*
  * read_bignum():
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -617,16 +617,18 @@ key_from_private(const Key *k)
 	switch (k->type) {
 	case KEY_DSA:
 		n = key_new(k->type);
-		BN_copy(n->dsa->p, k->dsa->p);
-		BN_copy(n->dsa->q, k->dsa->q);
-		BN_copy(n->dsa->g, k->dsa->g);
-		BN_copy(n->dsa->pub_key, k->dsa->pub_key);
+		if ((BN_copy(n->dsa->p, k->dsa->p) == NULL) ||
+		    (BN_copy(n->dsa->q, k->dsa->q) == NULL) ||
+		    (BN_copy(n->dsa->g, k->dsa->g) == NULL) ||
+		    (BN_copy(n->dsa->pub_key, k->dsa->pub_key) == NULL))
+			fatal("key_from_private: BN_copy failed");
 		break;
 	case KEY_RSA:
 	case KEY_RSA1:
 		n = key_new(k->type);
-		BN_copy(n->rsa->n, k->rsa->n);
-		BN_copy(n->rsa->e, k->rsa->e);
+		if ((BN_copy(n->rsa->n, k->rsa->n) == NULL) ||
+		    (BN_copy(n->rsa->e, k->rsa->e) == NULL))
+			fatal("key_from_private: BN_copy failed");
 		break;
 	default:
 		fatal("key_from_private: unknown type %d", k->type);

crypto/openssh/monitor.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.88 2006/08/12 20:46:46 miod Exp $ */
+/* $OpenBSD: monitor.c,v 1.89 2006/11/07 10:31:31 markus Exp $ */
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
  * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -359,7 +359,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
 	/* The first few requests do not require asynchronous access */
 	while (!authenticated) {
 		auth_method = "unknown";
-		authenticated = monitor_read(pmonitor, mon_dispatch, &ent);
+		authenticated = (monitor_read(pmonitor, mon_dispatch, &ent) == 1);
 		if (authenticated) {
 			if (!(ent->flags & MON_AUTHDECIDE))
 				fatal("%s: unexpected authentication from %d",
@@ -1226,7 +1226,7 @@ mm_answer_keyverify(int sock, Buffer *m)
 
 	verified = key_verify(key, signature, signaturelen, data, datalen);
 	debug3("%s: key %p signature %s",
-	    __func__, key, verified ? "verified" : "unverified");
+	    __func__, key, (verified == 1) ? "verified" : "unverified");
 
 	key_free(key);
 	xfree(blob);
@@ -1241,7 +1241,7 @@ mm_answer_keyverify(int sock, Buffer *m)
 	buffer_put_int(m, verified);
 	mm_request_send(sock, MONITOR_ANS_KEYVERIFY, m);
 
-	return (verified);
+	return (verified == 1);
 }
 
 static void

crypto/openssh/rsa.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa.c,v 1.28 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: rsa.c,v 1.29 2006/11/06 21:25:28 markus Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -91,7 +91,8 @@ rsa_public_encrypt(BIGNUM *out, BIGNUM *in, RSA *key)
 	    RSA_PKCS1_PADDING)) <= 0)
 		fatal("rsa_public_encrypt() failed");
 
-	BN_bin2bn(outbuf, len, out);
+	if (BN_bin2bn(outbuf, len, out) == NULL)
+		fatal("rsa_public_encrypt: BN_bin2bn failed");
 
 	memset(outbuf, 0, olen);
 	memset(inbuf, 0, ilen);
@@ -116,7 +117,8 @@ rsa_private_decrypt(BIGNUM *out, BIGNUM *in, RSA *key)
 	    RSA_PKCS1_PADDING)) <= 0) {
 		error("rsa_private_decrypt() failed");
 	} else {
-		BN_bin2bn(outbuf, len, out);
+		if (BN_bin2bn(outbuf, len, out) == NULL)
+			fatal("rsa_private_decrypt: BN_bin2bn failed");
 	}
 	memset(outbuf, 0, olen);
 	memset(inbuf, 0, ilen);
@@ -137,11 +139,11 @@ rsa_generate_additional_parameters(RSA *rsa)
 	if ((ctx = BN_CTX_new()) == NULL)
 		fatal("rsa_generate_additional_parameters: BN_CTX_new failed");
 
-	BN_sub(aux, rsa->q, BN_value_one());
-	BN_mod(rsa->dmq1, rsa->d, aux, ctx);
-
-	BN_sub(aux, rsa->p, BN_value_one());
-	BN_mod(rsa->dmp1, rsa->d, aux, ctx);
+	if ((BN_sub(aux, rsa->q, BN_value_one()) == 0) ||
+	    (BN_mod(rsa->dmq1, rsa->d, aux, ctx) == 0) ||
+	    (BN_sub(aux, rsa->p, BN_value_one()) == 0) ||
+	    (BN_mod(rsa->dmp1, rsa->d, aux, ctx) == 0))
+		fatal("rsa_generate_additional_parameters: BN_sub/mod failed");
 
 	BN_clear_free(aux);
 	BN_CTX_free(ctx);

crypto/openssh/serverloop.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: serverloop.c,v 1.144 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: serverloop.c,v 1.145 2006/10/11 12:38:03 markus Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -248,8 +248,10 @@ client_alive_check(void)
 	int channel_id;
 
 	/* timeout, check to see how many we have had */
-	if (++client_alive_timeouts > options.client_alive_count_max)
-		packet_disconnect("Timeout, your session not responding.");
+	if (++client_alive_timeouts > options.client_alive_count_max) {
+		logit("Timeout, client not responding.");
+		cleanup_exit(255);
+	}
 
 	/*
 	 * send a bogus global/channel request with "wantreply",

crypto/openssh/session.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: session.c,v 1.219 2006/08/29 10:40:19 djm Exp $ */
+/* $OpenBSD: session.c,v 1.220 2006/10/09 23:36:11 djm Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved

crypto/openssh/ssh-agent.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.152 2006/08/04 20:46:05 stevesk Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.153 2006/10/06 02:29:19 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland

crypto/openssh/ssh-keyscan.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keyscan.c,v 1.73 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: ssh-keyscan.c,v 1.74 2006/10/06 02:29:19 djm Exp $ */
 /*
  * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
  *

crypto/openssh/ssh.1

@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.263 2006/07/11 18:50:48 markus Exp $
+.\" $OpenBSD: ssh.1,v 1.265 2006/10/28 18:08:10 otto Exp $
 .\" $FreeBSD$
 .Dd September 25, 1999
 .Dt SSH 1
@@ -1079,12 +1079,22 @@ controls whether the server supports this,
 and at what level (layer 2 or 3 traffic).
 .Pp
 The following example would connect client network 10.0.50.0/24
-with remote network 10.0.99.0/24, provided that the SSH server
-running on the gateway to the remote network,
-at 192.168.1.15, allows it:
+with remote network 10.0.99.0/24 using a point-to-point connection
+from 10.1.1.1 to 10.1.1.2,
+provided that the SSH server running on the gateway to the remote network,
+at 192.168.1.15, allows it.
+.Pp
+On the client:
 .Bd -literal -offset indent
 # ssh -f -w 0:1 192.168.1.15 true
-# ifconfig tun0 10.0.50.1 10.0.99.1 netmask 255.255.255.252
+# ifconfig tun0 10.1.1.1 10.1.1.2 netmask 255.255.255.252
+# route add 10.0.99.0/24 10.1.1.2
+.Ed
+.Pp
+On the server:
+.Bd -literal -offset indent
+# ifconfig tun1 10.1.1.2 10.1.1.1 netmask 255.255.255.252
+# route add 10.0.50.0/24 10.1.1.1
 .Ed
 .Pp
 Client access may be more finely tuned via the
@@ -1107,7 +1117,7 @@ tunnel="1",command="sh /etc/netstart tun1" ssh-rsa ... jane
 tunnel="2",command="sh /etc/netstart tun2" ssh-rsa ... john
 .Ed
 .Pp
-Since a SSH-based setup entails a fair amount of overhead,
+Since an SSH-based setup entails a fair amount of overhead,
 it may be more suited to temporary setups,
 such as for wireless VPNs.
 More permanent VPNs are better provided by tools such as

crypto/openssh/ssh.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.293 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: ssh.c,v 1.294 2006/10/06 02:29:19 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland

crypto/openssh/ssh_config

@@ -43,4 +43,4 @@
 #   Tunnel no
 #   TunnelDevice any:any
 #   PermitLocalCommand no
-#   VersionAddendum FreeBSD-20060930
+#   VersionAddendum FreeBSD-20061110

crypto/openssh/ssh_config.5

@@ -1040,7 +1040,7 @@ in
 Specifies a string to append to the regular version string to identify
 OS- or site-specific modifications.
 The default is
-.Dq FreeBSD-20060930 .
+.Dq FreeBSD-20061110 .
 .It Cm XAuthLocation
 Specifies the full pathname of the
 .Xr xauth 1

crypto/openssh/sshconnect.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.199 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.200 2006/10/10 10:12:45 markus Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -324,9 +324,11 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
 		    gai_strerror(gaierr));
 
 	for (attempt = 0; attempt < connection_attempts; attempt++) {
-		if (attempt > 0)
+		if (attempt > 0) {
+			/* Sleep a moment before retrying. */
+			sleep(1);
 			debug("Trying again...");
-
+		}
 		/*
 		 * Loop through addresses for this host, and try each one in
 		 * sequence until the connection succeeds.
@@ -363,9 +365,6 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
 		}
 		if (sock != -1)
 			break;	/* Successful connection. */
-
-		/* Sleep a moment before retrying. */
-		sleep(1);
 	}
 
 	freeaddrinfo(aitop);

crypto/openssh/sshconnect1.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect1.c,v 1.69 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: sshconnect1.c,v 1.70 2006/11/06 21:25:28 markus Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -563,14 +563,20 @@ ssh_kex(char *host, struct sockaddr *hostaddr)
 	 * the first 16 bytes of the session id.
 	 */
 	if ((key = BN_new()) == NULL)
-		fatal("respond_to_rsa_challenge: BN_new failed");
-	BN_set_word(key, 0);
+		fatal("ssh_kex: BN_new failed");
+	if (BN_set_word(key, 0) == 0)
+		fatal("ssh_kex: BN_set_word failed");
 	for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++) {
-		BN_lshift(key, key, 8);
-		if (i < 16)
-			BN_add_word(key, session_key[i] ^ session_id[i]);
-		else
-			BN_add_word(key, session_key[i]);
+		if (BN_lshift(key, key, 8) == 0)
+			fatal("ssh_kex: BN_lshift failed");
+		if (i < 16) {
+			if (BN_add_word(key, session_key[i] ^ session_id[i])
+			    == 0)
+				fatal("ssh_kex: BN_add_word failed");
+		} else {
+			if (BN_add_word(key, session_key[i]) == 0)
+				fatal("ssh_kex: BN_add_word failed");
+		}
 	}
 
 	/*

crypto/openssh/sshd.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.347 2006/08/18 09:15:20 markus Exp $ */
+/* $OpenBSD: sshd.c,v 1.348 2006/11/06 21:25:28 markus Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1441,13 +1441,17 @@ main(int ac, char **av)
 
 	debug("sshd version %.100s", SSH_RELEASE);
 
-	/* Store privilege separation user for later use */
-	if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL)
-		fatal("Privilege separation user %s does not exist",
-		    SSH_PRIVSEP_USER);
-	memset(privsep_pw->pw_passwd, 0, strlen(privsep_pw->pw_passwd));
-	privsep_pw->pw_passwd = "*";
-	privsep_pw = pwcopy(privsep_pw);
+	/* Store privilege separation user for later use if required. */
+	if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) {
+		if (use_privsep || options.kerberos_authentication)
+			fatal("Privilege separation user %s does not exist",
+			    SSH_PRIVSEP_USER);
+	} else {
+		memset(privsep_pw->pw_passwd, 0, strlen(privsep_pw->pw_passwd));
+		privsep_pw = pwcopy(privsep_pw);
+		xfree(privsep_pw->pw_passwd);
+		privsep_pw->pw_passwd = xstrdup("*");
+	}
 	endpwent();
 
 	/* load private host keys */
@@ -2042,10 +2046,10 @@ do_ssh1_kex(void)
 	 * key is in the highest bits.
 	 */
 	if (!rsafail) {
-		BN_mask_bits(session_key_int, sizeof(session_key) * 8);
+		(void) BN_mask_bits(session_key_int, sizeof(session_key) * 8);
 		len = BN_num_bytes(session_key_int);
 		if (len < 0 || (u_int)len > sizeof(session_key)) {
-			error("do_connection: bad session key len from %s: "
+			error("do_ssh1_kex: bad session key len from %s: "
 			    "session_key_int %d > sizeof(session_key) %lu",
 			    get_remote_ipaddr(), len, (u_long)sizeof(session_key));
 			rsafail++;

crypto/openssh/sshd_config

@@ -14,7 +14,7 @@
 # Note that some of FreeBSD's defaults differ from OpenBSD's, and
 # FreeBSD has a few additional options.
 
-#VersionAddendum FreeBSD-20060930
+#VersionAddendum FreeBSD-20061110
 
 #Port 22
 #Protocol 2

crypto/openssh/sshd_config.5

@@ -860,7 +860,7 @@ The default is
 Specifies a string to append to the regular version string to identify
 OS- or site-specific modifications.
 The default is
-.Dq FreeBSD-20060930 .
+.Dq FreeBSD-20061110 .
 .It Cm X11DisplayOffset
 Specifies the first display number available for
 .Xr sshd 8 Ns 's

crypto/openssh/version.h

@@ -1,12 +1,12 @@
-/* $OpenBSD: version.h,v 1.47 2006/08/30 00:14:37 djm Exp $ */
+/* $OpenBSD: version.h,v 1.48 2006/11/07 10:31:31 markus Exp $ */
 /* $FreeBSD$ */
 
 #ifndef SSH_VERSION
 
 #define SSH_VERSION             (ssh_version_get())
 #define SSH_RELEASE             (ssh_version_get())
-#define SSH_VERSION_BASE        "OpenSSH_4.4p1"
-#define SSH_VERSION_ADDENDUM    "FreeBSD-20060930"
+#define SSH_VERSION_BASE        "OpenSSH_4.5p1"
+#define SSH_VERSION_ADDENDUM    "FreeBSD-20061110"
 
 const char *ssh_version_get(void);
 void ssh_version_set_addendum(const char *add);