From 7435de97e06a6f521ca5a565aeb5f36861ca3375 Mon Sep 17 00:00:00 2001
From: jbasney <jbasney>
Date: Thu, 6 Jun 2002 18:49:19 +0000
Subject: [PATCH] Import of OpenSSH 3.2.3p1

---
 openssh/ChangeLog                    | 18 +++++++++
 openssh/README.privsep               |  2 +-
 openssh/auth.c                       |  4 +-
 openssh/autom4te-2.53.cache/output.0 |  3 +-
 openssh/autom4te-2.53.cache/traces.0 | 54 +++++++++++++-------------
 openssh/configure.ac                 |  3 +-
 openssh/contrib/caldera/openssh.spec |  4 +-
 openssh/contrib/redhat/openssh.spec  |  2 +-
 openssh/contrib/suse/openssh.spec    |  2 +-
 openssh/scard/Ssh.bin.uu             | 27 ++++++-------
 openssh/scard/Ssh.java               | 57 +++++++++++++++++++---------
 openssh/sshd.c                       |  5 +++
 openssh/version.h                    |  4 +-
 13 files changed, 114 insertions(+), 71 deletions(-)

diff --git a/openssh/ChangeLog b/openssh/ChangeLog
index 8f4d927..beaf3e3 100644
--- a/openssh/ChangeLog
+++ b/openssh/ChangeLog
@@ -1,3 +1,21 @@
+20020522
+ - (djm) Fix spelling mistakes, spotted by Solar Designer i
+   <solar@openwall.com>
+ - Sync scard/ (not sure when it drifted)
+ - (djm) OpenBSD CVS Sync:
+   [auth.c]
+   Fix typo/thinko.  Pass in as to auth_approval(), not NULL.
+   Closes PR 2659.
+ - Crank version
+ - Crank RPM spec versions
+
+20020521
+ - (stevesk) [sshd.c] bug 245; disable setsid() for now
+ - (stevesk) [sshd.c] #ifndef HAVE_CYGWIN for setgroups()
+
+20020517
+ - (tim) [configure.ac] remove extra MD5_MSG="no" line.
+
 20020515
  - (bal) CVS ID fix up on auth-passwd.c
  - (bal) OpenBSD CVS Sync
diff --git a/openssh/README.privsep b/openssh/README.privsep
index 4b6efd2..63c4d4a 100644
--- a/openssh/README.privsep
+++ b/openssh/README.privsep
@@ -28,7 +28,7 @@ If you are on UnixWare 7 or OpenUNIX 8 do this additional step.
 configure supports the following options to change the default
 privsep user and chroot directory:
 
-  --with-privsep-path=xxx Path for privilege seperation chroot
+  --with-privsep-path=xxx Path for privilege separation chroot
   --with-privsep-user=user Specify non-privileged user for privilege separation
 
 Privsep requires operating system support for file descriptor passing
diff --git a/openssh/auth.c b/openssh/auth.c
index 7c2faee..066b50d 100644
--- a/openssh/auth.c
+++ b/openssh/auth.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth.c,v 1.42 2002/05/13 20:44:58 markus Exp $");
+RCSID("$OpenBSD: auth.c,v 1.43 2002/05/17 14:27:55 millert Exp $");
 
 #ifdef HAVE_LOGIN_H
 #include <login.h>
@@ -485,7 +485,7 @@ getpwnamallow(const char *user)
 	}
 #ifdef BSD_AUTH
 	if ((as = auth_open()) == NULL || auth_setpwd(as, pw) != 0 ||
-	    auth_approval(NULL, lc, pw->pw_name, "ssh") <= 0) {
+	    auth_approval(as, lc, pw->pw_name, "ssh") <= 0) {
 		debug("Approval failure for %s", user);
 		pw = NULL;
 	}
diff --git a/openssh/autom4te-2.53.cache/output.0 b/openssh/autom4te-2.53.cache/output.0
index 0138c2a..82dff16 100644
--- a/openssh/autom4te-2.53.cache/output.0
+++ b/openssh/autom4te-2.53.cache/output.0
@@ -865,7 +865,7 @@ Optional Packages:
   --with-kerberos4=PATH   Enable Kerberos 4 support
   --with-afs=PATH         Enable AFS support
   --with-rsh=PATH         Specify path to remote shell program 
-  --with-privsep-path=xxx Path for privilege seperation chroot 
+  --with-privsep-path=xxx Path for privilege separation chroot 
   --with-xauth=PATH       Specify path to xauth program 
   --with-mantype=man|cat|doc  Set man page type
   --with-md5-passwords    Enable use of MD5 passwords
@@ -15897,7 +15897,6 @@ _ACEOF
 fi
 
 # Set superuser path separately to user path
-MD5_MSG="no" 
 
 # Check whether --with-superuser-path or --without-superuser-path was given.
 if test "${with_superuser_path+set}" = set; then
diff --git a/openssh/autom4te-2.53.cache/traces.0 b/openssh/autom4te-2.53.cache/traces.0
index 0827a33..e5bd539 100644
--- a/openssh/autom4te-2.53.cache/traces.0
+++ b/openssh/autom4te-2.53.cache/traces.0
@@ -837,30 +837,30 @@ m4trace:configure.ac:1933: -1- AC_DEFINE_TRACE_LITERAL([IPADDR_IN_DISPLAY])
 m4trace:configure.ac:1944: -1- AC_DEFINE_TRACE_LITERAL([IPADDR_IN_DISPLAY])
 m4trace:configure.ac:2021: -1- AC_DEFINE_TRACE_LITERAL([USER_PATH])
 m4trace:configure.ac:2022: -1- AC_SUBST([user_path])
-m4trace:configure.ac:2035: -1- AC_DEFINE_TRACE_LITERAL([SUPERUSER_PATH])
-m4trace:configure.ac:2048: -1- AC_DEFINE_TRACE_LITERAL([IPV4_DEFAULT])
-m4trace:configure.ac:2071: -1- AC_DEFINE_TRACE_LITERAL([IPV4_IN_IPV6])
-m4trace:configure.ac:2071: -1- AC_DEFINE_TRACE_LITERAL([IPV4_IN_IPV6])
-m4trace:configure.ac:2083: -1- AC_DEFINE_TRACE_LITERAL([BSD_AUTH])
-m4trace:configure.ac:2101: -1- AC_SUBST([SSHMODE])
-m4trace:configure.ac:2126: -1- AC_DEFINE_TRACE_LITERAL([_PATH_SSH_PIDDIR])
-m4trace:configure.ac:2127: -1- AC_SUBST([piddir])
-m4trace:configure.ac:2133: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LASTLOG])
-m4trace:configure.ac:2137: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP])
-m4trace:configure.ac:2141: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMPX])
-m4trace:configure.ac:2145: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMP])
-m4trace:configure.ac:2149: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMPX])
-m4trace:configure.ac:2153: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LOGIN])
-m4trace:configure.ac:2157: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_PUTUTLINE])
-m4trace:configure.ac:2161: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_PUTUTXLINE])
-m4trace:configure.ac:2171: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LASTLOG])
-m4trace:configure.ac:2233: -1- AC_DEFINE_TRACE_LITERAL([CONF_LASTLOG_FILE])
-m4trace:configure.ac:2258: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP])
-m4trace:configure.ac:2263: -1- AC_DEFINE_TRACE_LITERAL([CONF_UTMP_FILE])
-m4trace:configure.ac:2288: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMP])
-m4trace:configure.ac:2293: -1- AC_DEFINE_TRACE_LITERAL([CONF_WTMP_FILE])
-m4trace:configure.ac:2318: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMPX])
-m4trace:configure.ac:2321: -1- AC_DEFINE_TRACE_LITERAL([CONF_UTMPX_FILE])
-m4trace:configure.ac:2343: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMPX])
-m4trace:configure.ac:2346: -1- AC_DEFINE_TRACE_LITERAL([CONF_WTMPX_FILE])
-m4trace:configure.ac:2364: -1- AC_CONFIG_FILES([Makefile openbsd-compat/Makefile scard/Makefile ssh_prng_cmds])
+m4trace:configure.ac:2034: -1- AC_DEFINE_TRACE_LITERAL([SUPERUSER_PATH])
+m4trace:configure.ac:2047: -1- AC_DEFINE_TRACE_LITERAL([IPV4_DEFAULT])
+m4trace:configure.ac:2070: -1- AC_DEFINE_TRACE_LITERAL([IPV4_IN_IPV6])
+m4trace:configure.ac:2070: -1- AC_DEFINE_TRACE_LITERAL([IPV4_IN_IPV6])
+m4trace:configure.ac:2082: -1- AC_DEFINE_TRACE_LITERAL([BSD_AUTH])
+m4trace:configure.ac:2100: -1- AC_SUBST([SSHMODE])
+m4trace:configure.ac:2125: -1- AC_DEFINE_TRACE_LITERAL([_PATH_SSH_PIDDIR])
+m4trace:configure.ac:2126: -1- AC_SUBST([piddir])
+m4trace:configure.ac:2132: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LASTLOG])
+m4trace:configure.ac:2136: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP])
+m4trace:configure.ac:2140: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMPX])
+m4trace:configure.ac:2144: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMP])
+m4trace:configure.ac:2148: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMPX])
+m4trace:configure.ac:2152: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LOGIN])
+m4trace:configure.ac:2156: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_PUTUTLINE])
+m4trace:configure.ac:2160: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_PUTUTXLINE])
+m4trace:configure.ac:2170: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LASTLOG])
+m4trace:configure.ac:2232: -1- AC_DEFINE_TRACE_LITERAL([CONF_LASTLOG_FILE])
+m4trace:configure.ac:2257: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP])
+m4trace:configure.ac:2262: -1- AC_DEFINE_TRACE_LITERAL([CONF_UTMP_FILE])
+m4trace:configure.ac:2287: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMP])
+m4trace:configure.ac:2292: -1- AC_DEFINE_TRACE_LITERAL([CONF_WTMP_FILE])
+m4trace:configure.ac:2317: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMPX])
+m4trace:configure.ac:2320: -1- AC_DEFINE_TRACE_LITERAL([CONF_UTMPX_FILE])
+m4trace:configure.ac:2342: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMPX])
+m4trace:configure.ac:2345: -1- AC_DEFINE_TRACE_LITERAL([CONF_WTMPX_FILE])
+m4trace:configure.ac:2363: -1- AC_CONFIG_FILES([Makefile openbsd-compat/Makefile scard/Makefile ssh_prng_cmds])
diff --git a/openssh/configure.ac b/openssh/configure.ac
index 2181ac9..63da575 100644
--- a/openssh/configure.ac
+++ b/openssh/configure.ac
@@ -1794,7 +1794,7 @@ AC_ARG_WITH(rsh,
 
 PRIVSEP_PATH=/var/empty
 AC_ARG_WITH(privsep-path,
-	[  --with-privsep-path=xxx Path for privilege seperation chroot ],
+	[  --with-privsep-path=xxx Path for privilege separation chroot ],
 	[
 		if test "x$withval" != "$no" ; then
 			PRIVSEP_PATH=$withval
@@ -2023,7 +2023,6 @@ if test "$USES_LOGIN_CONF" != "yes" ; then
 fi
 
 # Set superuser path separately to user path
-MD5_MSG="no" 
 AC_ARG_WITH(superuser-path,
 	[  --with-superuser-path=  Specify different path for super-user],
 	[
diff --git a/openssh/contrib/caldera/openssh.spec b/openssh/contrib/caldera/openssh.spec
index 4abfde1..5ac18b6 100644
--- a/openssh/contrib/caldera/openssh.spec
+++ b/openssh/contrib/caldera/openssh.spec
@@ -1,10 +1,10 @@
 %define use-stable	1
 %if %{use-stable}
-  %define version 	3.2.2p1
+  %define version 	3.2.3p1
   %define cvs		%{nil}
   %define release 	1
 %else
-  %define version 	3.2.2
+  %define version 	3.2.3
   %define cvs		cvs20020515
   %define release 	0r1
 %endif
diff --git a/openssh/contrib/redhat/openssh.spec b/openssh/contrib/redhat/openssh.spec
index ca97909..b3dccfb 100644
--- a/openssh/contrib/redhat/openssh.spec
+++ b/openssh/contrib/redhat/openssh.spec
@@ -1,4 +1,4 @@
-%define ver 3.2.2p1
+%define ver 3.2.3p1
 %define rel 1
 
 # OpenSSH privilege separation requires a user & group ID
diff --git a/openssh/contrib/suse/openssh.spec b/openssh/contrib/suse/openssh.spec
index 3262a97..bf97fed 100644
--- a/openssh/contrib/suse/openssh.spec
+++ b/openssh/contrib/suse/openssh.spec
@@ -1,6 +1,6 @@
 Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation
 Name: openssh
-Version: 3.2.2p1
+Version: 3.2.3p1
 URL: http://www.openssh.com/
 Release: 1
 Source0: openssh-%{version}.tar.gz
diff --git a/openssh/scard/Ssh.bin.uu b/openssh/scard/Ssh.bin.uu
index 1062e21..ea3986a 100644
--- a/openssh/scard/Ssh.bin.uu
+++ b/openssh/scard/Ssh.bin.uu
@@ -1,16 +1,17 @@
 begin 644 Ssh.bin
-M`P)!%P`501P`;``!`C@"`/Y@\`4`_J'P!0!!%T$;`?Z@\`4`01=!&@'^>/,!
-M`4$701P!_G#S%P'^0],1`?Y@\!0`_G/S'0#^<]4``D$7L`4`_F'3``!!%T$9
-M`?YATP4`_G/5"P7^8=,'`OZAT`$!_J#0$@1!%T$8`0```$$7!`$&`/Y@`;@`
-M`$$8\`H(`$$9\`H``$$:\@\``$$;\B$``$$<\A```/`&__(```0(`!8```9C
-M""T#"<(H+00$*"T%""A;`&19``#P$/_R`P(&`0#(```38`!!70!&$UP`1@09
-M":1+``D*D`!@`"@37`!&!!E6`````*(````$____P````*$````0````*@``
-M`"````"-````,````&H37`!&`QD(2@`)"FX`8``H$UP`1@<9"@#_/2!@`$L1
-M2@`)"F<`8``H$UP`'A-<`$8($1-<`$8(7@!0"!%@`%59"C\`8`!:*PIS:&``
-M6BL37`!&`P,*`(!@`%\K`PH`@&``55D37`!&`P<H$UP`1@0#*`,%8`!565D*
-M;0!@`"A9`/`"__(!`0$)``@```J0`&``*%D`\!/_\@$!`@D`#```8D$7+5\`
-M/"M9````\!+_]@$!`P$`&```$UP`'EX`,D4`#Q-<`!X*`,@)$%X`-P17L`7_
-M\@$!!`(`/```$U\``!-B_J$M7P`%70`*$V+^H"U?``]=`!038OYX+0H$`%\`
-<&5T`'@H$`&``(T4`"0IG`&``*!->`"U9````````
+M`P)!&P`801X`>``!`E@"`/Y@\`4`_J'P!0!!&T$=`?Z@\`4`01M!'`'^>/,!
+M`4$;01X!_G#S%P'^0],1`?Y@\!0`_G/S'0#^<]4``D$;L`4`_F'3``#^8=,%
+M`/ZAT`$!_J#0)P'^H],*`?ZCTPD`_G/5"P7^8=,'`OZAT`H`_J#0$@3^:-,@
+M`T$;`P`%`/Y@`<P``$$<\@\``$$=\B$``$$>\A```/`0__(%`@8!`0H``&``
+M0205!!D)I$L`"0J0`&``*!4$&58``````.P````%____P````.D````0````
+M,P```"````#'````,````(T````R````V!4#&0A*``D*;@!@`"@5!QD*`/\]
+M(6``1A)*``D*9P!@`"@*/P!@`$LK"1)@`$LK!6``4!P$#00#2@`.#01@`%5@
+M`%I@`"@37``>%0@2%0A>`%\($F``9%(`:`H_`&``2RL*<VA@`$LK8`!I"1`U
+M(14#`Q)@`&X<!`T$`TL`"P,28`!D4@`.#01@`%5@`%I@`"A2`"X5`PH$`&``
+M<RL#!6``9%(`'14#"@$"8`!S*P,%8`!D4@`,4@`)"FT`8``H60``\`+_\@$!
+M`0D`"```"I``8``H60#P$__R`0$""0`,``!B01LM7P`\*UD```#P$O_V`0$#
+M`0`8```37``>7@`R10`/$UP`'@H`R`D07@`W!%>P!?_R`0$$`@`\```37P``
+M$V+^H2U?``5=``H38OZ@+5\`#UT`%!-B_G@M"@0`7P`970`>"@0`8``C10`)
+/"F<`8``H$UX`+5D`````
 `
 end
diff --git a/openssh/scard/Ssh.java b/openssh/scard/Ssh.java
index a26ae01..dbd07fb 100644
--- a/openssh/scard/Ssh.java
+++ b/openssh/scard/Ssh.java
@@ -42,6 +42,9 @@ import javacardx.crypto.*;
 
 public class Ssh extends javacard.framework.Applet
 {
+    // Change this when the applet changes; hi byte is major, low byte is minor
+    static final short applet_version = (short)0x0102;
+
     /* constants declaration */
     // code of CLA byte in the command APDU header
     static final byte Ssh_CLA =(byte)0x05;
@@ -50,20 +53,19 @@ public class Ssh extends javacard.framework.Applet
     static final byte DECRYPT = (byte) 0x10;
     static final byte GET_KEYLENGTH = (byte) 0x20;
     static final byte GET_PUBKEY = (byte) 0x30;
+    static final byte GET_VERSION = (byte) 0x32;
     static final byte GET_RESPONSE = (byte) 0xc0;
 
-    /* instance variables declaration */
     static final short keysize = 1024;
+    static final short root_fid = (short)0x3f00;
+    static final short privkey_fid = (short)0x0012;
+    static final short pubkey_fid = (short)(('s'<<8)|'h');
 
-    //RSA_CRT_PrivateKey rsakey;
+    /* instance variables declaration */
     AsymKey rsakey;
     CyberflexFile file;
     CyberflexOS os;
 
-    byte buffer[];
-
-    static byte[] keyHdr = {(byte)0xC2, (byte)0x01, (byte)0x05};
-
     private Ssh()
     {
 	file = new CyberflexFile();
@@ -98,7 +100,8 @@ public class Ssh extends javacard.framework.Applet
 	// APDU object carries a byte array (buffer) to
 	// transfer incoming and outgoing APDU header
 	// and data bytes between card and CAD
-	buffer = apdu.getBuffer();
+	byte buffer[] = apdu.getBuffer();
+	short size, st;
 
 	// verify that if the applet can accept this
 	// APDU message
@@ -111,29 +114,47 @@ public class Ssh extends javacard.framework.Applet
 	    if (buffer[ISO.OFFSET_CLA] != Ssh_CLA)
 		ISOException.throwIt(ISO.SW_CLA_NOT_SUPPORTED);
 	    //decrypt (apdu);
-	    short size = (short) (buffer[ISO.OFFSET_LC] & 0x00FF);
+	    size = (short) (buffer[ISO.OFFSET_LC] & 0x00FF);
 
 	    if (apdu.setIncomingAndReceive() != size)
 		ISOException.throwIt (ISO.SW_WRONG_LENGTH);
 
+	    // check access; depends on bit 2 (x/a)
+	    file.selectFile(root_fid);
+	    file.selectFile(privkey_fid);
+	    st = os.checkAccess(ACL.EXECUTE);
+	    if (st != ST.ACCESS_CLEARED) {
+		CyberflexAPDU.prepareSW1SW2(st);
+		ISOException.throwIt(CyberflexAPDU.getSW1SW2());
+	    }
+
 	    rsakey.cryptoUpdate (buffer, (short) ISO.OFFSET_CDATA, size,
 				 buffer, (short) ISO.OFFSET_CDATA);
 
 	    apdu.setOutgoingAndSend ((short) ISO.OFFSET_CDATA, size);
-	    return;
+	    break;
 	case GET_PUBKEY:
-	    file.selectFile((short)(0x3f<<8)); // select root
-	    file.selectFile((short)(('s'<<8)|'h')); // select public key file
-	    os.readBinaryFile (buffer, (short)0, (short)0, (short)(keysize/8));
-	    apdu.setOutgoingAndSend((short)0, (short)(keysize/8));
-	    return;
+	    file.selectFile(root_fid); // select root
+	    file.selectFile(pubkey_fid); // select public key file
+	    size = (short)(file.getFileSize() - 16);
+	    st = os.readBinaryFile(buffer, (short)0, (short)0, size);
+	    if (st == ST.SUCCESS)
+		apdu.setOutgoingAndSend((short)0, size);
+	    else {
+		CyberflexAPDU.prepareSW1SW2(st);
+		ISOException.throwIt(CyberflexAPDU.getSW1SW2());
+	    }
+	    break;
 	case GET_KEYLENGTH:
-	    buffer[0] = (byte)((keysize >> 8) & 0xff);
-	    buffer[1] = (byte)(keysize & 0xff);
+	    Util.setShort(buffer, (short)0, keysize);
+	    apdu.setOutgoingAndSend ((short)0, (short)2);
+	    break;
+	case GET_VERSION:
+	    Util.setShort(buffer, (short)0, applet_version);
 	    apdu.setOutgoingAndSend ((short)0, (short)2);
-	    return;
+	    break;
 	case GET_RESPONSE:
-	    return;
+	    break;
 	default:
 	    ISOException.throwIt (ISO.SW_INS_NOT_SUPPORTED);
 	}
diff --git a/openssh/sshd.c b/openssh/sshd.c
index 45ccb3d..afb8726 100644
--- a/openssh/sshd.c
+++ b/openssh/sshd.c
@@ -1005,6 +1005,7 @@ main(int ac, char **av)
 	if (test_flag)
 		exit(0);
 
+#ifndef HAVE_CYGWIN
 	/*
 	 * Clear out any supplemental groups we may have inherited.  This
 	 * prevents inadvertent creation of files with bad modes (in the
@@ -1014,6 +1015,7 @@ main(int ac, char **av)
 	 */
 	if (setgroups(0, NULL) < 0)
 		debug("setgroups() failed: %.200s", strerror(errno));
+#endif /* !HAVE_CYGWIN */
 
 	/* Initialize the log (it is reinitialized below in case we forked). */
 	if (debug_flag && !inetd_flag)
@@ -1336,8 +1338,11 @@ main(int ac, char **av)
 	 * setlogin() affects the entire process group.  We don't
 	 * want the child to be able to affect the parent.
 	 */
+#if 0
+	/* XXX: this breaks Solaris */
 	if (setsid() < 0)
 		error("setsid: %.100s", strerror(errno));
+#endif
 
 	/*
 	 * Disable the key regeneration alarm.  We will not regenerate the
diff --git a/openssh/version.h b/openssh/version.h
index 823d288..bd70b2c 100644
--- a/openssh/version.h
+++ b/openssh/version.h
@@ -1,3 +1,3 @@
-/* $OpenBSD: version.h,v 1.31 2002/05/15 21:05:29 markus Exp $ */
+/* $OpenBSD: version.h,v 1.32 2002/05/17 14:57:40 markus Exp $ */
 
-#define SSH_VERSION	"OpenSSH_3.2.2p1"
+#define SSH_VERSION	"OpenSSH_3.2.3p1"
-- 
2.45.1