diff options
Diffstat (limited to 'package/openssh/openssh-01-drop-SUSv3-legacy.patch')
-rw-r--r-- | package/openssh/openssh-01-drop-SUSv3-legacy.patch | 579 |
1 files changed, 579 insertions, 0 deletions
diff --git a/package/openssh/openssh-01-drop-SUSv3-legacy.patch b/package/openssh/openssh-01-drop-SUSv3-legacy.patch new file mode 100644 index 0000000000..39a63e4c56 --- /dev/null +++ b/package/openssh/openssh-01-drop-SUSv3-legacy.patch @@ -0,0 +1,579 @@ +Switch usage of SUSv3-deprecated bzero(a,b) to memset(a, 0, b). + +Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> + +diff -Nura openssh-6.3p1.orig/auth2-chall.c openssh-6.3p1/auth2-chall.c +--- openssh-6.3p1.orig/auth2-chall.c 2013-06-01 18:31:18.000000000 -0300 ++++ openssh-6.3p1/auth2-chall.c 2013-10-22 09:47:38.665516102 -0300 +@@ -148,7 +148,7 @@ + if (kbdintctxt->device) + kbdint_reset_device(kbdintctxt); + free(kbdintctxt->devices); +- bzero(kbdintctxt, sizeof(*kbdintctxt)); ++ memset(kbdintctxt, 0, sizeof(*kbdintctxt)); + free(kbdintctxt); + } + /* get next device */ +diff -Nura openssh-6.3p1.orig/auth2-jpake.c openssh-6.3p1/auth2-jpake.c +--- openssh-6.3p1.orig/auth2-jpake.c 2013-06-01 18:31:18.000000000 -0300 ++++ openssh-6.3p1/auth2-jpake.c 2013-10-22 09:43:32.504472356 -0300 +@@ -178,7 +178,7 @@ + fatal("%s: not enough bytes for rawsalt (want %u have %u)", + __func__, len, digest_len); + memcpy(rawsalt, digest, len); +- bzero(digest, digest_len); ++ memset(digest, 0, digest_len); + free(digest); + } + +@@ -203,10 +203,10 @@ + fatal("%s: want %u", __func__, want); + + derive_rawsalt(user, rawsalt, sizeof(rawsalt)); +- bzero(ret, sizeof(ret)); ++ memset(ret, 0, sizeof(ret)); + for (i = 0; i < want; i++) + ret[i] = pw_encode64(rawsalt[i]); +- bzero(rawsalt, sizeof(rawsalt)); ++ memset(rawsalt, 0, sizeof(rawsalt)); + + return ret; + } +@@ -360,7 +360,7 @@ + debug3("%s: scheme = %s", __func__, *hash_scheme); + JPAKE_DEBUG_BN((*s, "%s: s = ", __func__)); + #endif +- bzero(secret, secret_len); ++ memset(secret, 0, secret_len); + free(secret); + } + +@@ -401,12 +401,12 @@ + packet_send(); + packet_write_wait(); + +- bzero(hash_scheme, strlen(hash_scheme)); +- bzero(salt, strlen(salt)); ++ memset(hash_scheme, 0, strlen(hash_scheme)); ++ memset(salt, 0, strlen(salt)); + free(hash_scheme); + free(salt); +- bzero(x3_proof, x3_proof_len); +- bzero(x4_proof, x4_proof_len); ++ memset(x3_proof, 0, x3_proof_len); ++ memset(x4_proof, 0, x4_proof_len); + free(x3_proof); + free(x4_proof); + +@@ -453,8 +453,8 @@ + &pctx->b, + &x4_s_proof, &x4_s_proof_len)); + +- bzero(x1_proof, x1_proof_len); +- bzero(x2_proof, x2_proof_len); ++ memset(x1_proof, 0, x1_proof_len); ++ memset(x2_proof, 0, x2_proof_len); + free(x1_proof); + free(x2_proof); + +@@ -468,7 +468,7 @@ + packet_send(); + packet_write_wait(); + +- bzero(x4_s_proof, x4_s_proof_len); ++ memset(x4_s_proof, 0, x4_s_proof_len); + free(x4_s_proof); + + /* Expect step 2 packet from peer */ +@@ -509,7 +509,7 @@ + &pctx->k, + &pctx->h_k_sid_sessid, &pctx->h_k_sid_sessid_len)); + +- bzero(x2_s_proof, x2_s_proof_len); ++ memset(x2_s_proof, 0, x2_s_proof_len); + free(x2_s_proof); + + if (!use_privsep) +diff -Nura openssh-6.3p1.orig/authfd.c openssh-6.3p1/authfd.c +--- openssh-6.3p1.orig/authfd.c 2013-06-01 18:31:18.000000000 -0300 ++++ openssh-6.3p1/authfd.c 2013-10-22 09:47:48.208827946 -0300 +@@ -102,7 +102,7 @@ + if (!authsocket) + return -1; + +- bzero(&sunaddr, sizeof(sunaddr)); ++ memset(&sunaddr, 0, sizeof(sunaddr)); + sunaddr.sun_family = AF_UNIX; + strlcpy(sunaddr.sun_path, authsocket, sizeof(sunaddr.sun_path)); + +diff -Nura openssh-6.3p1.orig/authfile.c openssh-6.3p1/authfile.c +--- openssh-6.3p1.orig/authfile.c 2013-06-01 18:31:18.000000000 -0300 ++++ openssh-6.3p1/authfile.c 2013-10-22 09:47:08.538531649 -0300 +@@ -349,17 +349,17 @@ + __func__, filename == NULL ? "" : filename, + filename == NULL ? "" : " ", strerror(errno)); + buffer_clear(blob); +- bzero(buf, sizeof(buf)); ++ memset(buf, 0, sizeof(buf)); + return 0; + } + buffer_append(blob, buf, len); + if (buffer_len(blob) > MAX_KEY_FILE_SIZE) { + buffer_clear(blob); +- bzero(buf, sizeof(buf)); ++ memset(buf, 0, sizeof(buf)); + goto toobig; + } + } +- bzero(buf, sizeof(buf)); ++ memset(buf, 0, sizeof(buf)); + if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 && + st.st_size != buffer_len(blob)) { + debug("%s: key file %.200s%schanged size while reading", +diff -Nura openssh-6.3p1.orig/bufaux.c openssh-6.3p1/bufaux.c +--- openssh-6.3p1.orig/bufaux.c 2013-07-18 03:12:44.000000000 -0300 ++++ openssh-6.3p1/bufaux.c 2013-10-22 09:47:56.220089728 -0300 +@@ -215,7 +215,7 @@ + if (cp == ret + length - 1) + error("buffer_get_cstring_ret: string contains \\0"); + else { +- bzero(ret, length); ++ memset(ret, 0, length); + free(ret); + return NULL; + } +diff -Nura openssh-6.3p1.orig/bufec.c openssh-6.3p1/bufec.c +--- openssh-6.3p1.orig/bufec.c 2013-06-01 18:31:18.000000000 -0300 ++++ openssh-6.3p1/bufec.c 2013-10-22 09:48:07.798468072 -0300 +@@ -77,7 +77,7 @@ + ret = 0; + out: + if (buf != NULL) { +- bzero(buf, len); ++ memset(buf, 0, len); + free(buf); + } + BN_CTX_free(bnctx); +@@ -130,7 +130,7 @@ + ret = 0; + out: + BN_CTX_free(bnctx); +- bzero(buf, len); ++ memset(buf, 0, len); + free(buf); + return ret; + } +diff -Nura openssh-6.3p1.orig/canohost.c openssh-6.3p1/canohost.c +--- openssh-6.3p1.orig/canohost.c 2013-06-01 18:31:18.000000000 -0300 ++++ openssh-6.3p1/canohost.c 2013-10-22 09:48:16.484751912 -0300 +@@ -199,7 +199,7 @@ + memcpy(&inaddr, ((char *)&a6->sin6_addr) + 12, sizeof(inaddr)); + port = a6->sin6_port; + +- bzero(a4, sizeof(*a4)); ++ memset(a4, 0, sizeof(*a4)); + + a4->sin_family = AF_INET; + *len = sizeof(*a4); +diff -Nura openssh-6.3p1.orig/channels.c openssh-6.3p1/channels.c +--- openssh-6.3p1.orig/channels.c 2013-09-13 03:19:31.000000000 -0300 ++++ openssh-6.3p1/channels.c 2013-10-22 09:50:37.059773902 -0300 +@@ -423,7 +423,7 @@ + if (cc->abandon_cb != NULL) + cc->abandon_cb(c, cc->ctx); + TAILQ_REMOVE(&c->status_confirms, cc, entry); +- bzero(cc, sizeof(*cc)); ++ memset(cc, 0, sizeof(*cc)); + free(cc); + } + if (c->filter_cleanup != NULL && c->filter_ctx != NULL) +@@ -2668,7 +2668,7 @@ + return; + cc->cb(type, c, cc->ctx); + TAILQ_REMOVE(&c->status_confirms, cc, entry); +- bzero(cc, sizeof(*cc)); ++ memset(cc, 0, sizeof(*cc)); + free(cc); + } + +@@ -3289,7 +3289,7 @@ + free(cctx->host); + if (cctx->aitop) + freeaddrinfo(cctx->aitop); +- bzero(cctx, sizeof(*cctx)); ++ memset(cctx, 0, sizeof(*cctx)); + cctx->host = NULL; + cctx->ai = cctx->aitop = NULL; + } +diff -Nura openssh-6.3p1.orig/clientloop.c openssh-6.3p1/clientloop.c +--- openssh-6.3p1.orig/clientloop.c 2013-06-10 00:07:12.000000000 -0300 ++++ openssh-6.3p1/clientloop.c 2013-10-22 09:50:20.361228247 -0300 +@@ -549,7 +549,7 @@ + gc->cb(type, seq, gc->ctx); + if (--gc->ref_count <= 0) { + TAILQ_REMOVE(&global_confirms, gc, entry); +- bzero(gc, sizeof(*gc)); ++ memset(gc, 0, sizeof(*gc)); + free(gc); + } + +@@ -876,7 +876,7 @@ + int cancel_port, ok; + Forward fwd; + +- bzero(&fwd, sizeof(fwd)); ++ memset(&fwd, 0, sizeof(fwd)); + fwd.listen_host = fwd.connect_host = NULL; + + leave_raw_mode(options.request_tty == REQUEST_TTY_FORCE); +diff -Nura openssh-6.3p1.orig/hostfile.c openssh-6.3p1/hostfile.c +--- openssh-6.3p1.orig/hostfile.c 2013-07-18 03:12:45.000000000 -0300 ++++ openssh-6.3p1/hostfile.c 2013-10-22 09:50:06.438773307 -0300 +@@ -333,10 +333,10 @@ + free(hostkeys->entries[i].host); + free(hostkeys->entries[i].file); + key_free(hostkeys->entries[i].key); +- bzero(hostkeys->entries + i, sizeof(*hostkeys->entries)); ++ memset(hostkeys->entries + i, 0, sizeof(*hostkeys->entries)); + } + free(hostkeys->entries); +- bzero(hostkeys, sizeof(*hostkeys)); ++ memset(hostkeys, 0, sizeof(*hostkeys)); + free(hostkeys); + } + +diff -Nura openssh-6.3p1.orig/jpake.c openssh-6.3p1/jpake.c +--- openssh-6.3p1.orig/jpake.c 2013-06-01 18:31:18.000000000 -0300 ++++ openssh-6.3p1/jpake.c 2013-10-22 09:49:54.371378983 -0300 +@@ -105,7 +105,7 @@ + #define JPAKE_BUF_CLEAR_FREE(v, l) \ + do { \ + if ((v) != NULL) { \ +- bzero((v), (l)); \ ++ memset((v), 0, (l)); \ + free(v); \ + (v) = NULL; \ + (l) = 0; \ +@@ -133,7 +133,7 @@ + #undef JPAKE_BN_CLEAR_FREE + #undef JPAKE_BUF_CLEAR_FREE + +- bzero(pctx, sizeof(*pctx)); ++ memset(pctx, 0, sizeof(*pctx)); + free(pctx); + } + +@@ -444,7 +444,7 @@ + else if (timingsafe_bcmp(peer_confirm_hash, expected_confirm_hash, + expected_confirm_hash_len) == 0) + success = 1; +- bzero(expected_confirm_hash, expected_confirm_hash_len); ++ memset(expected_confirm_hash, 0, expected_confirm_hash_len); + free(expected_confirm_hash); + debug3("%s: success = %d", __func__, success); + return success; +diff -Nura openssh-6.3p1.orig/krl.c openssh-6.3p1/krl.c +--- openssh-6.3p1.orig/krl.c 2013-07-24 22:52:49.000000000 -0300 ++++ openssh-6.3p1/krl.c 2013-10-22 09:49:27.731508478 -0300 +@@ -238,7 +238,7 @@ + struct revoked_serial rs, *ers, *crs, *irs; + + KRL_DBG(("%s: insert %llu:%llu", __func__, lo, hi)); +- bzero(&rs, sizeof(rs)); ++ memset(&rs, 0, sizeof(rs)); + rs.lo = lo; + rs.hi = hi; + ers = RB_NFIND(revoked_serial_tree, rt, &rs); +@@ -1115,7 +1115,7 @@ + struct revoked_certs *rc; + + /* Check explicitly revoked hashes first */ +- bzero(&rb, sizeof(rb)); ++ memset(&rb, 0, sizeof(rb)); + if ((rb.blob = key_fingerprint_raw(key, SSH_FP_SHA1, &rb.len)) == NULL) + return -1; + erb = RB_FIND(revoked_blob_tree, &krl->revoked_sha1s, &rb); +@@ -1126,7 +1126,7 @@ + } + + /* Next, explicit keys */ +- bzero(&rb, sizeof(rb)); ++ memset(&rb, 0, sizeof(rb)); + if (plain_key_blob(key, &rb.blob, &rb.len) != 0) + return -1; + erb = RB_FIND(revoked_blob_tree, &krl->revoked_keys, &rb); +@@ -1147,7 +1147,7 @@ + return 0; /* No entry for this CA */ + + /* Check revocation by cert key ID */ +- bzero(&rki, sizeof(rki)); ++ memset(&rki, 0, sizeof(rki)); + rki.key_id = key->cert->key_id; + erki = RB_FIND(revoked_key_id_tree, &rc->revoked_key_ids, &rki); + if (erki != NULL) { +@@ -1162,7 +1162,7 @@ + if (key_cert_is_legacy(key) || key->cert->serial == 0) + return 0; + +- bzero(&rs, sizeof(rs)); ++ memset(&rs, 0, sizeof(rs)); + rs.lo = rs.hi = key->cert->serial; + ers = RB_FIND(revoked_serial_tree, &rc->revoked_serials, &rs); + if (ers != NULL) { +diff -Nura openssh-6.3p1.orig/monitor.c openssh-6.3p1/monitor.c +--- openssh-6.3p1.orig/monitor.c 2013-07-20 00:21:53.000000000 -0300 ++++ openssh-6.3p1/monitor.c 2013-10-22 09:46:48.592879890 -0300 +@@ -566,7 +566,7 @@ + struct pollfd pfd[2]; + + for (;;) { +- bzero(&pfd, sizeof(pfd)); ++ memset(&pfd, 0, sizeof(pfd)); + pfd[0].fd = pmonitor->m_sendfd; + pfd[0].events = POLLIN; + pfd[1].fd = pmonitor->m_log_recvfd; +@@ -2193,8 +2193,8 @@ + debug3("%s: sending step1", __func__); + mm_request_send(sock, MONITOR_ANS_JPAKE_STEP1, m); + +- bzero(x3_proof, x3_proof_len); +- bzero(x4_proof, x4_proof_len); ++ memset(x3_proof, 0, x3_proof_len); ++ memset(x4_proof, 0, x4_proof_len); + free(x3_proof); + free(x4_proof); + +@@ -2223,8 +2223,8 @@ + debug3("%s: sending pwdata", __func__); + mm_request_send(sock, MONITOR_ANS_JPAKE_GET_PWDATA, m); + +- bzero(hash_scheme, strlen(hash_scheme)); +- bzero(salt, strlen(salt)); ++ memset(hash_scheme, 0, strlen(hash_scheme)); ++ memset(salt, 0, strlen(salt)); + free(hash_scheme); + free(salt); + +@@ -2263,8 +2263,8 @@ + + JPAKE_DEBUG_CTX((pctx, "step2 done in %s", __func__)); + +- bzero(x1_proof, x1_proof_len); +- bzero(x2_proof, x2_proof_len); ++ memset(x1_proof, 0, x1_proof_len); ++ memset(x2_proof, 0, x2_proof_len); + free(x1_proof); + free(x2_proof); + +@@ -2276,7 +2276,7 @@ + debug3("%s: sending step2", __func__); + mm_request_send(sock, MONITOR_ANS_JPAKE_STEP2, m); + +- bzero(x4_s_proof, x4_s_proof_len); ++ memset(x4_s_proof, 0, x4_s_proof_len); + free(x4_s_proof); + + monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_KEY_CONFIRM, 1); +@@ -2310,7 +2310,7 @@ + + JPAKE_DEBUG_CTX((pctx, "key_confirm done in %s", __func__)); + +- bzero(x2_s_proof, x2_s_proof_len); ++ memset(x2_s_proof, 0, x2_s_proof_len); + buffer_clear(m); + + /* pctx->k is sensitive, not sent */ +@@ -2344,7 +2344,7 @@ + + JPAKE_DEBUG_CTX((pctx, "check_confirm done in %s", __func__)); + +- bzero(peer_confirm_hash, peer_confirm_hash_len); ++ memset(peer_confirm_hash, 0, peer_confirm_hash_len); + free(peer_confirm_hash); + + buffer_clear(m); +diff -Nura openssh-6.3p1.orig/sandbox-systrace.c openssh-6.3p1/sandbox-systrace.c +--- openssh-6.3p1.orig/sandbox-systrace.c 2013-06-01 18:46:17.000000000 -0300 ++++ openssh-6.3p1/sandbox-systrace.c 2013-10-22 09:49:02.048669246 -0300 +@@ -141,7 +141,7 @@ + box->systrace_fd, child_pid, strerror(errno)); + + /* Allocate and assign policy */ +- bzero(&policy, sizeof(policy)); ++ memset(&policy, 0, sizeof(policy)); + policy.strp_op = SYSTR_POLICY_NEW; + policy.strp_maxents = SYS_MAXSYSCALL; + if (ioctl(box->systrace_fd, STRIOCPOLICY, &policy) == -1) +diff -Nura openssh-6.3p1.orig/schnorr.c openssh-6.3p1/schnorr.c +--- openssh-6.3p1.orig/schnorr.c 2013-06-01 18:31:19.000000000 -0300 ++++ openssh-6.3p1/schnorr.c 2013-10-22 09:47:27.631155534 -0300 +@@ -101,7 +101,7 @@ + SCHNORR_DEBUG_BN((h, "%s: h = ", __func__)); + out: + buffer_free(&b); +- bzero(digest, digest_len); ++ memset(digest, 0, digest_len); + free(digest); + digest_len = 0; + if (success == 0) +@@ -477,7 +477,7 @@ + success = 0; + out: + EVP_MD_CTX_cleanup(&evp_md_ctx); +- bzero(digest, sizeof(digest)); ++ memset(digest, 0, sizeof(digest)); + digest_len = 0; + return success; + } +@@ -572,7 +572,7 @@ + BN_clear_free(grp->p); + if (grp->q != NULL) + BN_clear_free(grp->q); +- bzero(grp, sizeof(*grp)); ++ memset(grp, 0, sizeof(*grp)); + free(grp); + } + +diff -Nura openssh-6.3p1.orig/session.c openssh-6.3p1/session.c +--- openssh-6.3p1.orig/session.c 2013-07-20 00:21:53.000000000 -0300 ++++ openssh-6.3p1/session.c 2013-10-22 09:49:35.085748791 -0300 +@@ -1861,7 +1861,7 @@ + fatal("%s: insane session id %d (max %d nalloc %d)", + __func__, id, options.max_sessions, sessions_nalloc); + } +- bzero(&sessions[id], sizeof(*sessions)); ++ memset(&sessions[id], 0, sizeof(*sessions)); + sessions[id].self = id; + sessions[id].used = 0; + sessions[id].chanid = -1; +diff -Nura openssh-6.3p1.orig/sftp-client.c openssh-6.3p1/sftp-client.c +--- openssh-6.3p1.orig/sftp-client.c 2013-07-25 19:40:00.000000000 -0300 ++++ openssh-6.3p1/sftp-client.c 2013-10-22 09:48:47.139753618 -0300 +@@ -308,7 +308,7 @@ + SSH2_FXP_EXTENDED_REPLY, type); + } + +- bzero(st, sizeof(*st)); ++ memset(st, 0, sizeof(*st)); + st->f_bsize = buffer_get_int64(&msg); + st->f_frsize = buffer_get_int64(&msg); + st->f_blocks = buffer_get_int64(&msg); +diff -Nura openssh-6.3p1.orig/ssh.c openssh-6.3p1/ssh.c +--- openssh-6.3p1.orig/ssh.c 2013-07-24 22:55:53.000000000 -0300 ++++ openssh-6.3p1/ssh.c 2013-10-22 09:45:52.967062218 -0300 +@@ -1539,8 +1539,8 @@ + #endif /* PKCS11 */ + + n_ids = 0; +- bzero(identity_files, sizeof(identity_files)); +- bzero(identity_keys, sizeof(identity_keys)); ++ memset(identity_files, 0, sizeof(identity_files)); ++ memset(identity_keys, 0, sizeof(identity_keys)); + + #ifdef ENABLE_PKCS11 + if (options.pkcs11_provider != NULL && +@@ -1615,9 +1615,9 @@ + memcpy(options.identity_files, identity_files, sizeof(identity_files)); + memcpy(options.identity_keys, identity_keys, sizeof(identity_keys)); + +- bzero(pwname, strlen(pwname)); ++ memset(pwname, 0, strlen(pwname)); + free(pwname); +- bzero(pwdir, strlen(pwdir)); ++ memset(pwdir, 0, strlen(pwdir)); + free(pwdir); + } + +diff -Nura openssh-6.3p1.orig/sshconnect2.c openssh-6.3p1/sshconnect2.c +--- openssh-6.3p1.orig/sshconnect2.c 2013-06-05 19:22:05.000000000 -0300 ++++ openssh-6.3p1/sshconnect2.c 2013-10-22 09:44:58.967297681 -0300 +@@ -1008,14 +1008,14 @@ + &secret, &secret_len) != 0) + fatal("%s: hash_buffer", __func__); + +- bzero(password, strlen(password)); +- bzero(crypted, strlen(crypted)); ++ memset(password, 0, strlen(password)); ++ memset(crypted, 0, strlen(crypted)); + free(password); + free(crypted); + + if ((ret = BN_bin2bn(secret, secret_len, NULL)) == NULL) + fatal("%s: BN_bin2bn (secret)", __func__); +- bzero(secret, secret_len); ++ memset(secret, 0, secret_len); + free(secret); + + return ret; +@@ -1052,8 +1052,8 @@ + + /* Obtain password and derive secret */ + pctx->s = jpake_password_to_secret(authctxt, crypt_scheme, salt); +- bzero(crypt_scheme, strlen(crypt_scheme)); +- bzero(salt, strlen(salt)); ++ memset(crypt_scheme, 0, strlen(crypt_scheme)); ++ memset(salt, 0, strlen(salt)); + free(crypt_scheme); + free(salt); + JPAKE_DEBUG_BN((pctx->s, "%s: s = ", __func__)); +@@ -1068,8 +1068,8 @@ + &pctx->a, + &x2_s_proof, &x2_s_proof_len); + +- bzero(x3_proof, x3_proof_len); +- bzero(x4_proof, x4_proof_len); ++ memset(x3_proof, 0, x3_proof_len); ++ memset(x4_proof, 0, x4_proof_len); + free(x3_proof); + free(x4_proof); + +@@ -1081,7 +1081,7 @@ + packet_put_string(x2_s_proof, x2_s_proof_len); + packet_send(); + +- bzero(x2_s_proof, x2_s_proof_len); ++ memset(x2_s_proof, 0, x2_s_proof_len); + free(x2_s_proof); + + /* Expect step 2 packet from peer */ +@@ -1121,7 +1121,7 @@ + &pctx->k, + &pctx->h_k_cid_sessid, &pctx->h_k_cid_sessid_len); + +- bzero(x4_s_proof, x4_s_proof_len); ++ memset(x4_s_proof, 0, x4_s_proof_len); + free(x4_s_proof); + + JPAKE_DEBUG_CTX((pctx, "confirm sending in %s", __func__)); +@@ -1406,7 +1406,7 @@ + /* If IdentitiesOnly set and key not found then don't use it */ + if (!found && options.identities_only) { + TAILQ_REMOVE(&files, id, next); +- bzero(id, sizeof(*id)); ++ memset(id, 0, sizeof(*id)); + free(id); + } + } +@@ -1814,8 +1814,8 @@ + packet_put_string(x2_proof, x2_proof_len); + packet_send(); + +- bzero(x1_proof, x1_proof_len); +- bzero(x2_proof, x2_proof_len); ++ memset(x1_proof, 0, x1_proof_len); ++ memset(x2_proof, 0, x2_proof_len); + free(x1_proof); + free(x2_proof); + +diff -Nura openssh-6.3p1.orig/ssh-keygen.c openssh-6.3p1/ssh-keygen.c +--- openssh-6.3p1.orig/ssh-keygen.c 2013-07-20 00:22:32.000000000 -0300 ++++ openssh-6.3p1/ssh-keygen.c 2013-10-22 09:45:10.003658313 -0300 +@@ -1693,7 +1693,7 @@ + fatal("Invalid certificate time format %s", s); + } + +- bzero(&tm, sizeof(tm)); ++ memset(&tm, 0, sizeof(tm)); + if (strptime(buf, fmt, &tm) == NULL) + fatal("Invalid certificate time %s", s); + if ((tt = mktime(&tm)) < 0) |