Upgrade to OpenSSH 6.7p1, retaining libwrap support (which has been removed

upstream) and a number of security fixes which we had already backported.

MFC after:	1 week

1 files changed, 11 insertions, 1 deletions

diff --git a/crypto/openssh/sandbox-systrace.c b/crypto/openssh/sandbox-systrace.c
index 6706c9a..aaa3d8f 100644
--- a/crypto/openssh/sandbox-systrace.c
+++ b/crypto/openssh/sandbox-systrace.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sandbox-systrace.c,v 1.9 2014/01/31 16:39:19 tedu Exp $ */
+/* $OpenBSD: sandbox-systrace.c,v 1.13 2014/07/17 00:10:56 djm Exp $ */
 /*
  * Copyright (c) 2011 Damien Miller <djm@mindrot.org>
  *
@@ -52,7 +52,17 @@ struct sandbox_policy {
 static const struct sandbox_policy preauth_policy[] = {
 	{ SYS_open, SYSTR_POLICY_NEVER },
 
+#ifdef SYS_getentropy
+	/* OpenBSD 5.6 and newer use getentropy(2) to seed arc4random(3). */
+	{ SYS_getentropy, SYSTR_POLICY_PERMIT },
+#else
+	/* Previous releases used sysctl(3)'s kern.arnd variable. */
 	{ SYS___sysctl, SYSTR_POLICY_PERMIT },
+#endif
+
+#ifdef SYS_sendsyslog
+ 	{ SYS_sendsyslog, SYSTR_POLICY_PERMIT },
+#endif
 	{ SYS_close, SYSTR_POLICY_PERMIT },
 	{ SYS_exit, SYSTR_POLICY_PERMIT },
 	{ SYS_getpid, SYSTR_POLICY_PERMIT },