Index: monitor_fdpass.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/monitor_fdpass.c,v
retrieving revision 1.17
retrieving revision 1.16
diff -u -p -r1.17 -r1.16
--- monitor_fdpass.c    24 Mar 2008 16:11:07 -0000      1.17
+++ monitor_fdpass.c    15 Mar 2008 16:19:02 -0000      1.16
@@ -50,7 +50,7 @@ mm_send_fd(int sock, int fd)

       memset(&msg, 0, sizeof(msg));
       msg.msg_control = (caddr_t)&cmsgbuf.buf;
-       msg.msg_controllen = sizeof(cmsgbuf.buf);
+       msg.msg_controllen = CMSG_LEN(sizeof(int));
       cmsg = CMSG_FIRSTHDR(&msg);
       cmsg->cmsg_len = CMSG_LEN(sizeof(int));
       cmsg->cmsg_level = SOL_SOCKET;
@@ -96,7 +96,7 @@ mm_receive_fd(int sock)
       msg.msg_iov = &vec;
       msg.msg_iovlen = 1;
       msg.msg_control = &cmsgbuf.buf;
-       msg.msg_controllen = sizeof(cmsgbuf.buf);
+       msg.msg_controllen = CMSG_LEN(sizeof(int));

       if ((n = recvmsg(sock, &msg, 0)) == -1) {
               error("%s: recvmsg: %s", __func__, strerror(errno));
Index: misc.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/misc.c,v
retrieving revision 1.69
diff -u -p -r1.69 misc.c
--- misc.c      13 Jun 2008 01:38:23 -0000      1.69
+++ misc.c      23 Jul 2008 03:04:46 -0000
@@ -832,3 +832,64 @@ ms_to_timeval(struct timeval *tv, int ms
       tv->tv_usec = (ms % 1000) * 1000;
}

+/*
+ * Calculate a uniformly distributed random number less than upper_bound
+ * avoiding "modulo bias".
+ *
+ * Uniformity is achieved by generating new random numbers until the one
+ * returned is outside the range [0, 2**32 % upper_bound).  This
+ * guarantees the selected random number will be inside
+ * [2**32 % upper_bound, 2**32) which maps back to [0, upper_bound)
+ * after reduction modulo upper_bound.
+ */
+u_int32_t
+arc4random_uniform(u_int32_t upper_bound)
+{
+       u_int32_t r, min;
+
+       if (upper_bound < 2)
+               return 0;
+
+#if (ULONG_MAX > 0xffffffffUL)
+       min = 0x100000000UL % upper_bound;
+#else
+       /* Calculate (2**32 % upper_bound) avoiding 64-bit math */
+       if (upper_bound > 0x80000000)
+               min = 1 + ~upper_bound;         /* 2**32 - upper_bound */
+       else {
+               /* (2**32 - (x * 2)) % x == 2**32 % x when x <= 2**31 */
+               min = ((0xffffffff - (upper_bound * 2)) + 1) % upper_bound;
+       }
+#endif
+
+       /*
+        * This could theoretically loop forever but each retry has
+        * p > 0.5 (worst case, usually far better) of selecting a
+        * number inside the range we need, so it should rarely need
+        * to re-roll.
+        */
+       for (;;) {
+               r = arc4random();
+               if (r >= min)
+                       break;
+       }
+
+       return r % upper_bound;
+}
+
+void
+arc4random_buf(void *_buf, size_t n)
+{
+       u_char *buf = (u_char *)_buf;
+       size_t i;
+       u_int32_t r;
+
+       for (i = 0; i < n; i++) {
+               if (i % 4 == 0)
+                       r = arc4random();
+               buf[i] = r & 0xff;
+               r >>= 8;
+       }
+       r = 0;
+}
+
Index: misc.h
===================================================================
RCS file: /cvs/src/usr.bin/ssh/misc.h,v
retrieving revision 1.38
diff -u -p -r1.38 misc.h
--- misc.h      12 Jun 2008 20:38:28 -0000      1.38
+++ misc.h      23 Jul 2008 03:04:46 -0000
@@ -78,6 +78,8 @@ void          put_u32(void *, u_int32_t)
void           put_u16(void *, u_int16_t)
    __attribute__((__bounded__( __minbytes__, 1, 2)));

+u_int32_t arc4random_uniform(u_int32_t);
+void arc4random_buf(void *, size_t);

/* readpass.c */

Index: sftp-client.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/sftp-client.c,v
retrieving revision 1.86
diff -u -p -r1.86 sftp-client.c
--- sftp-client.c       26 Jun 2008 06:10:09 -0000      1.86
+++ sftp-client.c       23 Jul 2008 13:31:39 -0000
@@ -25,7 +25,6 @@
#include <sys/stat.h>
#include <sys/time.h>
#include <sys/param.h>
-#include <sys/statvfs.h>
#include <sys/uio.h>

#include <errno.h>
@@ -278,8 +277,10 @@ get_decode_statvfs(int fd, struct sftp_s
       flag = buffer_get_int64(&msg);
       st->f_namemax = buffer_get_int64(&msg);

+#if 0
       st->f_flag = (flag & SSH2_FXE_STATVFS_ST_RDONLY) ? ST_RDONLY : 0;
       st->f_flag |= (flag & SSH2_FXE_STATVFS_ST_NOSUID) ? ST_NOSUID : 0;
+#endif

       buffer_free(&msg);

Index: sftp-server.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/sftp-server.c,v
retrieving revision 1.84
diff -u -p -r1.84 sftp-server.c
--- sftp-server.c       26 Jun 2008 06:10:09 -0000      1.84
+++ sftp-server.c       23 Jul 2008 13:31:39 -0000
@@ -20,7 +20,9 @@
#include <sys/time.h>
#include <sys/param.h>
#include <sys/mount.h>
+#if 0
#include <sys/statvfs.h>
+#endif

#include <dirent.h>
#include <errno.h>
@@ -475,6 +477,7 @@ send_attrib(u_int32_t id, const Attrib *
       buffer_free(&msg);
}

+#if 0
static void
send_statvfs(u_int32_t id, struct statvfs *st)
{
@@ -501,6 +504,7 @@ send_statvfs(u_int32_t id, struct statvf
       send_msg(&msg);
       buffer_free(&msg);
}
+#endif

/* parse incoming */

@@ -517,12 +521,14 @@ process_init(void)
       /* POSIX rename extension */
       buffer_put_cstring(&msg, "[email protected]");
       buffer_put_cstring(&msg, "1"); /* version */
+#if 0
       /* statvfs extension */
       buffer_put_cstring(&msg, "[email protected]");
       buffer_put_cstring(&msg, "2"); /* version */
       /* fstatvfs extension */
       buffer_put_cstring(&msg, "[email protected]");
       buffer_put_cstring(&msg, "2"); /* version */
+#endif
       send_msg(&msg);
       buffer_free(&msg);
}
@@ -1116,6 +1122,7 @@ process_extended_posix_rename(u_int32_t
       xfree(newpath);
}

+#if 0
static void
process_extended_statvfs(u_int32_t id)
{
@@ -1151,6 +1158,7 @@ process_extended_fstatvfs(u_int32_t id)
       else
               send_statvfs(id, &st);
}
+#endif

static void
process_extended(void)
@@ -1162,10 +1170,12 @@ process_extended(void)
       request = get_string(NULL);
       if (strcmp(request, "[email protected]") == 0)
               process_extended_posix_rename(id);
+#if 0
       else if (strcmp(request, "[email protected]") == 0)
               process_extended_statvfs(id);
       else if (strcmp(request, "[email protected]") == 0)
               process_extended_fstatvfs(id);
+#endif
       else
               send_status(id, SSH2_FX_OP_UNSUPPORTED);        /* MUST */
       xfree(request);
Index: sftp.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/sftp.c,v
retrieving revision 1.103
diff -u -p -r1.103 sftp.c
--- sftp.c      13 Jul 2008 22:16:03 -0000      1.103
+++ sftp.c      23 Jul 2008 13:31:39 -0000
@@ -21,7 +21,6 @@
#include <sys/stat.h>
#include <sys/socket.h>
#include <sys/param.h>
-#include <sys/statvfs.h>

#include <ctype.h>
#include <errno.h>