[openssh] Coverity first pass

[Jan F. Chadima]

commit 3b545be5d7d969f9b75fc89d9170b519a2630ce4
Author: Jan F. Chadima <jfch at fukusima15.jagda.eu>
Date:   Fri Sep 9 00:54:28 2011 +0200

    Coverity first pass

 openssh-5.9p1-coverity.patch |  698 ++++++++++++++++++++++++++++++++++++++++++
 openssh-5.9p1-fips.patch     |   86 +++---
 openssh-5.9p1-gsskex.patch   |    4 +-
 openssh-5.9p1-ldap.patch     |    4 +-
 openssh.spec                 |   27 +-
 5 files changed, 762 insertions(+), 57 deletions(-)
---
diff --git a/openssh-5.9p1-coverity.patch b/openssh-5.9p1-coverity.patch
new file mode 100644
index 0000000..5b1a4d3
--- /dev/null
+++ b/openssh-5.9p1-coverity.patch
@@ -0,0 +1,698 @@
+diff -up openssh-5.9p1/auth-pam.c.coverity openssh-5.9p1/auth-pam.c
+--- openssh-5.9p1/auth-pam.c.coverity	2009-07-12 14:07:21.000000000 +0200
++++ openssh-5.9p1/auth-pam.c	2011-09-08 14:13:59.596485750 +0200
+@@ -216,7 +216,7 @@ pthread_join(sp_pthread_t thread, void *
+ 	if (sshpam_thread_status != -1)
+ 		return (sshpam_thread_status);
+ 	signal(SIGCHLD, sshpam_oldsig);
+-	waitpid(thread, &status, 0);
++	(void) waitpid(thread, &status, 0);
+ 	return (status);
+ }
+ #endif
+diff -up openssh-5.9p1/channels.c.coverity openssh-5.9p1/channels.c
+--- openssh-5.9p1/channels.c.coverity	2011-06-23 00:31:57.000000000 +0200
++++ openssh-5.9p1/channels.c	2011-09-08 14:13:59.724564062 +0200
+@@ -229,11 +229,11 @@ channel_register_fds(Channel *c, int rfd
+ 	channel_max_fd = MAX(channel_max_fd, wfd);
+ 	channel_max_fd = MAX(channel_max_fd, efd);
+ 
+-	if (rfd != -1)
++	if (rfd >= 0)
+ 		fcntl(rfd, F_SETFD, FD_CLOEXEC);
+-	if (wfd != -1 && wfd != rfd)
++	if (wfd >= 0 && wfd != rfd)
+ 		fcntl(wfd, F_SETFD, FD_CLOEXEC);
+-	if (efd != -1 && efd != rfd && efd != wfd)
++	if (efd >= 0 && efd != rfd && efd != wfd)
+ 		fcntl(efd, F_SETFD, FD_CLOEXEC);
+ 
+ 	c->rfd = rfd;
+@@ -248,11 +248,11 @@ channel_register_fds(Channel *c, int rfd
+ 
+ 	/* enable nonblocking mode */
+ 	if (nonblock) {
+-		if (rfd != -1)
++		if (rfd >= 0)
+ 			set_nonblock(rfd);
+-		if (wfd != -1)
++		if (wfd >= 0)
+ 			set_nonblock(wfd);
+-		if (efd != -1)
++		if (efd >= 0)
+ 			set_nonblock(efd);
+ 	}
+ }
+diff -up openssh-5.9p1/clientloop.c.coverity openssh-5.9p1/clientloop.c
+--- openssh-5.9p1/clientloop.c.coverity	2011-06-23 00:31:58.000000000 +0200
++++ openssh-5.9p1/clientloop.c	2011-09-08 14:13:59.829450205 +0200
+@@ -1970,6 +1970,7 @@ client_input_global_request(int type, u_
+ 	char *rtype;
+ 	int want_reply;
+ 	int success = 0;
++/* success is still 0 the packet is allways SSH2_MSG_REQUEST_FAILURE, isn't it? */
+ 
+ 	rtype = packet_get_string(NULL);
+ 	want_reply = packet_get_char();
+diff -up openssh-5.9p1/key.c.coverity openssh-5.9p1/key.c
+--- openssh-5.9p1/key.c.coverity	2011-05-20 11:03:08.000000000 +0200
++++ openssh-5.9p1/key.c	2011-09-08 14:13:59.959563856 +0200
+@@ -803,8 +803,10 @@ key_read(Key *ret, char **cpp)
+ 		success = 1;
+ /*XXXX*/
+ 		key_free(k);
++/*XXXX
+ 		if (success != 1)
+ 			break;
++XXXX*/
+ 		/* advance cp: skip whitespace and data */
+ 		while (*cp == ' ' || *cp == '\t')
+ 			cp++;
+diff -up openssh-5.9p1/packet.c.coverity openssh-5.9p1/packet.c
+--- openssh-5.9p1/packet.c.coverity	2011-05-15 00:58:15.000000000 +0200
++++ openssh-5.9p1/packet.c	2011-09-08 14:14:00.075501777 +0200
+@@ -1177,6 +1177,7 @@ packet_read_poll1(void)
+ 		case DEATTACK_DETECTED:
+ 			packet_disconnect("crc32 compensation attack: "
+ 			    "network attack detected");
++			break;
+ 		case DEATTACK_DOS_DETECTED:
+ 			packet_disconnect("deattack denial of "
+ 			    "service detected");
+@@ -1684,7 +1685,7 @@ void
+ packet_write_wait(void)
+ {
+ 	fd_set *setp;
+-	int ret, ms_remain;
++	int ret, ms_remain = 0;
+ 	struct timeval start, timeout, *timeoutp = NULL;
+ 
+ 	setp = (fd_set *)xcalloc(howmany(active_state->connection_out + 1,
+diff -up openssh-5.9p1/progressmeter.c.coverity openssh-5.9p1/progressmeter.c
+--- openssh-5.9p1/progressmeter.c.coverity	2006-08-05 04:39:40.000000000 +0200
++++ openssh-5.9p1/progressmeter.c	2011-09-08 14:14:00.186620217 +0200
+@@ -65,7 +65,7 @@ static void update_progress_meter(int);
+ 
+ static time_t start;		/* start progress */
+ static time_t last_update;	/* last progress update */
+-static char *file;		/* name of the file being transferred */
++static const char *file;	/* name of the file being transferred */
+ static off_t end_pos;		/* ending position of transfer */
+ static off_t cur_pos;		/* transfer position as of last refresh */
+ static volatile off_t *counter;	/* progress counter */
+@@ -247,7 +247,7 @@ update_progress_meter(int ignore)
+ }
+ 
+ void
+-start_progress_meter(char *f, off_t filesize, off_t *ctr)
++start_progress_meter(const char *f, off_t filesize, off_t *ctr)
+ {
+ 	start = last_update = time(NULL);
+ 	file = f;
+diff -up openssh-5.9p1/progressmeter.h.coverity openssh-5.9p1/progressmeter.h
+--- openssh-5.9p1/progressmeter.h.coverity	2006-03-26 05:30:02.000000000 +0200
++++ openssh-5.9p1/progressmeter.h	2011-09-08 14:14:00.299626834 +0200
+@@ -23,5 +23,5 @@
+  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+  */
+ 
+-void	start_progress_meter(char *, off_t, off_t *);
++void	start_progress_meter(const char *, off_t, off_t *);
+ void	stop_progress_meter(void);
+diff -up openssh-5.9p1/scp.c.coverity openssh-5.9p1/scp.c
+--- openssh-5.9p1/scp.c.coverity	2011-01-06 12:41:21.000000000 +0100
++++ openssh-5.9p1/scp.c	2011-09-08 14:14:00.404502349 +0200
+@@ -155,7 +155,7 @@ killchild(int signo)
+ {
+ 	if (do_cmd_pid > 1) {
+ 		kill(do_cmd_pid, signo ? signo : SIGTERM);
+-		waitpid(do_cmd_pid, NULL, 0);
++		(void) waitpid(do_cmd_pid, NULL, 0);
+ 	}
+ 
+ 	if (signo)
+diff -up openssh-5.9p1/serverloop.c.coverity openssh-5.9p1/serverloop.c
+--- openssh-5.9p1/serverloop.c.coverity	2011-05-20 11:02:50.000000000 +0200
++++ openssh-5.9p1/serverloop.c	2011-09-08 14:14:00.516501505 +0200
+@@ -147,13 +147,13 @@ notify_setup(void)
+ static void
+ notify_parent(void)
+ {
+-	if (notify_pipe[1] != -1)
++	if (notify_pipe[1] >= 0)
+ 		write(notify_pipe[1], "", 1);
+ }
+ static void
+ notify_prepare(fd_set *readset)
+ {
+-	if (notify_pipe[0] != -1)
++	if (notify_pipe[0] >= 0)
+ 		FD_SET(notify_pipe[0], readset);
+ }
+ static void
+@@ -161,8 +161,8 @@ notify_done(fd_set *readset)
+ {
+ 	char c;
+ 
+-	if (notify_pipe[0] != -1 && FD_ISSET(notify_pipe[0], readset))
+-		while (read(notify_pipe[0], &c, 1) != -1)
++	if (notify_pipe[0] >= 0 && FD_ISSET(notify_pipe[0], readset))
++		while (read(notify_pipe[0], &c, 1) >= 0)
+ 			debug2("notify_done: reading");
+ }
+ 
+@@ -330,7 +330,7 @@ wait_until_can_do_something(fd_set **rea
+ 		 * If we have buffered data, try to write some of that data
+ 		 * to the program.
+ 		 */
+-		if (fdin != -1 && buffer_len(&stdin_buffer) > 0)
++		if (fdin >= 0 && buffer_len(&stdin_buffer) > 0)
+ 			FD_SET(fdin, *writesetp);
+ 	}
+ 	notify_prepare(*readsetp);
+@@ -470,7 +470,7 @@ process_output(fd_set *writeset)
+ 	int len;
+ 
+ 	/* Write buffered data to program stdin. */
+-	if (!compat20 && fdin != -1 && FD_ISSET(fdin, writeset)) {
++	if (!compat20 && fdin >= 0 && FD_ISSET(fdin, writeset)) {
+ 		data = buffer_ptr(&stdin_buffer);
+ 		dlen = buffer_len(&stdin_buffer);
+ 		len = write(fdin, data, dlen);
+@@ -583,7 +583,7 @@ server_loop(pid_t pid, int fdin_arg, int
+ 	set_nonblock(fdin);
+ 	set_nonblock(fdout);
+ 	/* we don't have stderr for interactive terminal sessions, see below */
+-	if (fderr != -1)
++	if (fderr >= 0)
+ 		set_nonblock(fderr);
+ 
+ 	if (!(datafellows & SSH_BUG_IGNOREMSG) && isatty(fdin))
+@@ -607,7 +607,7 @@ server_loop(pid_t pid, int fdin_arg, int
+ 	max_fd = MAX(connection_in, connection_out);
+ 	max_fd = MAX(max_fd, fdin);
+ 	max_fd = MAX(max_fd, fdout);
+-	if (fderr != -1)
++	if (fderr >= 0)
+ 		max_fd = MAX(max_fd, fderr);
+ #endif
+ 
+@@ -637,7 +637,7 @@ server_loop(pid_t pid, int fdin_arg, int
+ 		 * If we have received eof, and there is no more pending
+ 		 * input data, cause a real eof by closing fdin.
+ 		 */
+-		if (stdin_eof && fdin != -1 && buffer_len(&stdin_buffer) == 0) {
++		if (stdin_eof && fdin >= 0 && buffer_len(&stdin_buffer) == 0) {
+ 			if (fdin != fdout)
+ 				close(fdin);
+ 			else
+@@ -735,15 +735,15 @@ server_loop(pid_t pid, int fdin_arg, int
+ 	buffer_free(&stderr_buffer);
+ 
+ 	/* Close the file descriptors. */
+-	if (fdout != -1)
++	if (fdout >= 0)
+ 		close(fdout);
+ 	fdout = -1;
+ 	fdout_eof = 1;
+-	if (fderr != -1)
++	if (fderr >= 0)
+ 		close(fderr);
+ 	fderr = -1;
+ 	fderr_eof = 1;
+-	if (fdin != -1)
++	if (fdin >= 0)
+ 		close(fdin);
+ 	fdin = -1;
+ 
+@@ -937,7 +937,7 @@ server_input_window_size(int type, u_int
+ 
+ 	debug("Window change received.");
+ 	packet_check_eom();
+-	if (fdin != -1)
++	if (fdin >= 0)
+ 		pty_change_window_size(fdin, row, col, xpixel, ypixel);
+ }
+ 
+@@ -990,7 +990,7 @@ server_request_tun(void)
+ 	}
+ 
+ 	tun = packet_get_int();
+-	if (forced_tun_device != -1) {
++	if (forced_tun_device >= 0) {
+ 		if (tun != SSH_TUNID_ANY && forced_tun_device != tun)
+ 			goto done;
+ 		tun = forced_tun_device;
+diff -up openssh-5.9p1/sftp-client.c.coverity openssh-5.9p1/sftp-client.c
+--- openssh-5.9p1/sftp-client.c.coverity	2010-12-04 23:02:48.000000000 +0100
++++ openssh-5.9p1/sftp-client.c	2011-09-08 14:14:00.640502358 +0200
+@@ -149,7 +149,7 @@ get_msg(struct sftp_conn *conn, Buffer *
+ }
+ 
+ static void
+-send_string_request(struct sftp_conn *conn, u_int id, u_int code, char *s,
++send_string_request(struct sftp_conn *conn, u_int id, u_int code, const char *s,
+     u_int len)
+ {
+ 	Buffer msg;
+@@ -165,7 +165,7 @@ send_string_request(struct sftp_conn *co
+ 
+ static void
+ send_string_attrs_request(struct sftp_conn *conn, u_int id, u_int code,
+-    char *s, u_int len, Attrib *a)
++    const char *s, u_int len, Attrib *a)
+ {
+ 	Buffer msg;
+ 
+@@ -422,7 +422,7 @@ sftp_proto_version(struct sftp_conn *con
+ }
+ 
+ int
+-do_close(struct sftp_conn *conn, char *handle, u_int handle_len)
++do_close(struct sftp_conn *conn, const char *handle, u_int handle_len)
+ {
+ 	u_int id, status;
+ 	Buffer msg;
+@@ -447,7 +447,7 @@ do_close(struct sftp_conn *conn, char *h
+ 
+ 
+ static int
+-do_lsreaddir(struct sftp_conn *conn, char *path, int printflag,
++do_lsreaddir(struct sftp_conn *conn, const char *path, int printflag,
+     SFTP_DIRENT ***dir)
+ {
+ 	Buffer msg;
+@@ -571,7 +571,7 @@ do_lsreaddir(struct sftp_conn *conn, cha
+ }
+ 
+ int
+-do_readdir(struct sftp_conn *conn, char *path, SFTP_DIRENT ***dir)
++do_readdir(struct sftp_conn *conn, const char *path, SFTP_DIRENT ***dir)
+ {
+ 	return(do_lsreaddir(conn, path, 0, dir));
+ }
+@@ -589,7 +589,7 @@ void free_sftp_dirents(SFTP_DIRENT **s)
+ }
+ 
+ int
+-do_rm(struct sftp_conn *conn, char *path)
++do_rm(struct sftp_conn *conn, const char *path)
+ {
+ 	u_int status, id;
+ 
+@@ -604,7 +604,7 @@ do_rm(struct sftp_conn *conn, char *path
+ }
+ 
+ int
+-do_mkdir(struct sftp_conn *conn, char *path, Attrib *a, int printflag)
++do_mkdir(struct sftp_conn *conn, const char *path, Attrib *a, int printflag)
+ {
+ 	u_int status, id;
+ 
+@@ -620,7 +620,7 @@ do_mkdir(struct sftp_conn *conn, char *p
+ }
+ 
+ int
+-do_rmdir(struct sftp_conn *conn, char *path)
++do_rmdir(struct sftp_conn *conn, const char *path)
+ {
+ 	u_int status, id;
+ 
+@@ -636,7 +636,7 @@ do_rmdir(struct sftp_conn *conn, char *p
+ }
+ 
+ Attrib *
+-do_stat(struct sftp_conn *conn, char *path, int quiet)
++do_stat(struct sftp_conn *conn, const char *path, int quiet)
+ {
+ 	u_int id;
+ 
+@@ -650,7 +650,7 @@ do_stat(struct sftp_conn *conn, char *pa
+ }
+ 
+ Attrib *
+-do_lstat(struct sftp_conn *conn, char *path, int quiet)
++do_lstat(struct sftp_conn *conn, const char *path, int quiet)
+ {
+ 	u_int id;
+ 
+@@ -684,7 +684,7 @@ do_fstat(struct sftp_conn *conn, char *h
+ #endif
+ 
+ int
+-do_setstat(struct sftp_conn *conn, char *path, Attrib *a)
++do_setstat(struct sftp_conn *conn, const char *path, Attrib *a)
+ {
+ 	u_int status, id;
+ 
+@@ -701,7 +701,7 @@ do_setstat(struct sftp_conn *conn, char
+ }
+ 
+ int
+-do_fsetstat(struct sftp_conn *conn, char *handle, u_int handle_len,
++do_fsetstat(struct sftp_conn *conn, const char *handle, u_int handle_len,
+     Attrib *a)
+ {
+ 	u_int status, id;
+@@ -718,12 +718,12 @@ do_fsetstat(struct sftp_conn *conn, char
+ }
+ 
+ char *
+-do_realpath(struct sftp_conn *conn, char *path)
++do_realpath(struct sftp_conn *conn, const char *path)
+ {
+ 	Buffer msg;
+ 	u_int type, expected_id, count, id;
+ 	char *filename, *longname;
+-	Attrib *a;
++/*UNUSED Attrib *a; */
+ 
+ 	expected_id = id = conn->msg_id++;
+ 	send_string_request(conn, id, SSH2_FXP_REALPATH, path,
+@@ -754,7 +754,7 @@ do_realpath(struct sftp_conn *conn, char
+ 
+ 	filename = buffer_get_string(&msg, NULL);
+ 	longname = buffer_get_string(&msg, NULL);
+-	a = decode_attrib(&msg);
++	/*a =*/ (void) decode_attrib(&msg);
+ 
+ 	debug3("SSH_FXP_REALPATH %s -> %s", path, filename);
+ 
+@@ -766,7 +766,7 @@ do_realpath(struct sftp_conn *conn, char
+ }
+ 
+ int
+-do_rename(struct sftp_conn *conn, char *oldpath, char *newpath)
++do_rename(struct sftp_conn *conn, const char *oldpath, const char *newpath)
+ {
+ 	Buffer msg;
+ 	u_int status, id;
+@@ -800,7 +800,7 @@ do_rename(struct sftp_conn *conn, char *
+ }
+ 
+ int
+-do_hardlink(struct sftp_conn *conn, char *oldpath, char *newpath)
++do_hardlink(struct sftp_conn *conn, const char *oldpath, const char *newpath)
+ {
+ 	Buffer msg;
+ 	u_int status, id;
+@@ -833,7 +833,7 @@ do_hardlink(struct sftp_conn *conn, char
+ }
+ 
+ int
+-do_symlink(struct sftp_conn *conn, char *oldpath, char *newpath)
++do_symlink(struct sftp_conn *conn, const char *oldpath, const char *newpath)
+ {
+ 	Buffer msg;
+ 	u_int status, id;
+@@ -984,7 +984,7 @@ send_read_request(struct sftp_conn *conn
+ }
+ 
+ int
+-do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
++do_download(struct sftp_conn *conn, const char *remote_path, const char *local_path,
+     Attrib *a, int pflag)
+ {
+ 	Attrib junk;
+@@ -1223,7 +1223,7 @@ do_download(struct sftp_conn *conn, char
+ }
+ 
+ static int
+-download_dir_internal(struct sftp_conn *conn, char *src, char *dst,
++download_dir_internal(struct sftp_conn *conn, const char *src, const char *dst,
+     Attrib *dirattrib, int pflag, int printflag, int depth)
+ {
+ 	int i, ret = 0;
+@@ -1313,7 +1313,7 @@ download_dir_internal(struct sftp_conn *
+ }
+ 
+ int
+-download_dir(struct sftp_conn *conn, char *src, char *dst,
++download_dir(struct sftp_conn *conn, const char *src, const char *dst,
+     Attrib *dirattrib, int pflag, int printflag)
+ {
+ 	char *src_canon;
+@@ -1331,7 +1331,7 @@ download_dir(struct sftp_conn *conn, cha
+ }
+ 
+ int
+-do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
++do_upload(struct sftp_conn *conn, const char *local_path, const char *remote_path,
+     int pflag)
+ {
+ 	int local_fd;
+@@ -1514,7 +1514,7 @@ do_upload(struct sftp_conn *conn, char *
+ }
+ 
+ static int
+-upload_dir_internal(struct sftp_conn *conn, char *src, char *dst,
++upload_dir_internal(struct sftp_conn *conn, const char *src, const char *dst,
+     int pflag, int printflag, int depth)
+ {
+ 	int ret = 0, status;
+@@ -1605,7 +1605,7 @@ upload_dir_internal(struct sftp_conn *co
+ }
+ 
+ int
+-upload_dir(struct sftp_conn *conn, char *src, char *dst, int printflag,
++upload_dir(struct sftp_conn *conn, const char *src, const char *dst, int printflag,
+     int pflag)
+ {
+ 	char *dst_canon;
+@@ -1622,7 +1622,7 @@ upload_dir(struct sftp_conn *conn, char
+ }
+ 
+ char *
+-path_append(char *p1, char *p2)
++path_append(const char *p1, const char *p2)
+ {
+ 	char *ret;
+ 	size_t len = strlen(p1) + strlen(p2) + 2;
+diff -up openssh-5.9p1/sftp-client.h.coverity openssh-5.9p1/sftp-client.h
+--- openssh-5.9p1/sftp-client.h.coverity	2010-12-04 23:02:48.000000000 +0100
++++ openssh-5.9p1/sftp-client.h	2011-09-08 14:14:00.750502818 +0200
+@@ -56,49 +56,49 @@ struct sftp_conn *do_init(int, int, u_in
+ u_int sftp_proto_version(struct sftp_conn *);
+ 
+ /* Close file referred to by 'handle' */
+-int do_close(struct sftp_conn *, char *, u_int);
++int do_close(struct sftp_conn *, const char *, u_int);
+ 
+ /* Read contents of 'path' to NULL-terminated array 'dir' */
+-int do_readdir(struct sftp_conn *, char *, SFTP_DIRENT ***);
++int do_readdir(struct sftp_conn *, const char *, SFTP_DIRENT ***);
+ 
+ /* Frees a NULL-terminated array of SFTP_DIRENTs (eg. from do_readdir) */
+ void free_sftp_dirents(SFTP_DIRENT **);
+ 
+ /* Delete file 'path' */
+-int do_rm(struct sftp_conn *, char *);
++int do_rm(struct sftp_conn *, const char *);
+ 
+ /* Create directory 'path' */
+-int do_mkdir(struct sftp_conn *, char *, Attrib *, int);
++int do_mkdir(struct sftp_conn *, const char *, Attrib *, int);
+ 
+ /* Remove directory 'path' */
+-int do_rmdir(struct sftp_conn *, char *);
++int do_rmdir(struct sftp_conn *, const char *);
+ 
+ /* Get file attributes of 'path' (follows symlinks) */
+-Attrib *do_stat(struct sftp_conn *, char *, int);
++Attrib *do_stat(struct sftp_conn *, const char *, int);
+ 
+ /* Get file attributes of 'path' (does not follow symlinks) */
+-Attrib *do_lstat(struct sftp_conn *, char *, int);
++Attrib *do_lstat(struct sftp_conn *, const char *, int);
+ 
+ /* Set file attributes of 'path' */
+-int do_setstat(struct sftp_conn *, char *, Attrib *);
++int do_setstat(struct sftp_conn *, const char *, Attrib *);
+ 
+ /* Set file attributes of open file 'handle' */
+-int do_fsetstat(struct sftp_conn *, char *, u_int, Attrib *);
++int do_fsetstat(struct sftp_conn *, const char *, u_int, Attrib *);
+ 
+ /* Canonicalise 'path' - caller must free result */
+-char *do_realpath(struct sftp_conn *, char *);
++char *do_realpath(struct sftp_conn *, const char *);
+ 
+ /* Get statistics for filesystem hosting file at "path" */
+ int do_statvfs(struct sftp_conn *, const char *, struct sftp_statvfs *, int);
+ 
+ /* Rename 'oldpath' to 'newpath' */
+-int do_rename(struct sftp_conn *, char *, char *);
++int do_rename(struct sftp_conn *, const char *, const char *);
+ 
+ /* Link 'oldpath' to 'newpath' */
+-int do_hardlink(struct sftp_conn *, char *, char *);
++int do_hardlink(struct sftp_conn *, const char *, const char *);
+ 
+-/* Rename 'oldpath' to 'newpath' */
+-int do_symlink(struct sftp_conn *, char *, char *);
++/* Symlink 'oldpath' to 'newpath' */
++int do_symlink(struct sftp_conn *, const char *, const char *);
+ 
+ /* XXX: add callbacks to do_download/do_upload so we can do progress meter */
+ 
+@@ -106,27 +106,27 @@ int do_symlink(struct sftp_conn *, char
+  * Download 'remote_path' to 'local_path'. Preserve permissions and times
+  * if 'pflag' is set
+  */
+-int do_download(struct sftp_conn *, char *, char *, Attrib *, int);
++int do_download(struct sftp_conn *, const char *, const char *, Attrib *, int);
+ 
+ /*
+  * Recursively download 'remote_directory' to 'local_directory'. Preserve 
+  * times if 'pflag' is set
+  */
+-int download_dir(struct sftp_conn *, char *, char *, Attrib *, int, int);
++int download_dir(struct sftp_conn *, const char *, const char *, Attrib *, int, int);
+ 
+ /*
+  * Upload 'local_path' to 'remote_path'. Preserve permissions and times
+  * if 'pflag' is set
+  */
+-int do_upload(struct sftp_conn *, char *, char *, int);
++int do_upload(struct sftp_conn *, const char *, const char *, int);
+ 
+ /*
+  * Recursively upload 'local_directory' to 'remote_directory'. Preserve 
+  * times if 'pflag' is set
+  */
+-int upload_dir(struct sftp_conn *, char *, char *, int, int);
++int upload_dir(struct sftp_conn *, const char *, const char *, int, int);
+ 
+ /* Concatenate paths, taking care of slashes. Caller must free result. */
+-char *path_append(char *, char *);
++char *path_append(const char *, const char *);
+ 
+ #endif
+diff -up openssh-5.9p1/sftp.c.coverity openssh-5.9p1/sftp.c
+--- openssh-5.9p1/sftp.c.coverity	2010-12-04 23:02:48.000000000 +0100
++++ openssh-5.9p1/sftp.c	2011-09-08 14:25:08.647440423 +0200
+@@ -316,7 +316,7 @@ local_do_ls(const char *args)
+ 
+ /* Strip one path (usually the pwd) from the start of another */
+ static char *
+-path_strip(char *path, char *strip)
++path_strip(const char *path, const char *strip)
+ {
+ 	size_t len;
+ 
+@@ -334,7 +334,7 @@ path_strip(char *path, char *strip)
+ }
+ 
+ static char *
+-make_absolute(char *p, char *pwd)
++make_absolute(char *p, const char *pwd)
+ {
+ 	char *abs_str;
+ 
+@@ -482,7 +482,7 @@ parse_df_flags(const char *cmd, char **a
+ }
+ 
+ static int
+-is_dir(char *path)
++is_dir(const char *path)
+ {
+ 	struct stat sb;
+ 
+@@ -494,7 +494,7 @@ is_dir(char *path)
+ }
+ 
+ static int
+-remote_is_dir(struct sftp_conn *conn, char *path)
++remote_is_dir(struct sftp_conn *conn, const char *path)
+ {
+ 	Attrib *a;
+ 
+@@ -508,7 +508,7 @@ remote_is_dir(struct sftp_conn *conn, ch
+ 
+ /* Check whether path returned from glob(..., GLOB_MARK, ...) is a directory */
+ static int
+-pathname_is_dir(char *pathname)
++pathname_is_dir(const char *pathname)
+ {
+ 	size_t l = strlen(pathname);
+ 
+@@ -516,7 +516,7 @@ pathname_is_dir(char *pathname)
+ }
+ 
+ static int
+-process_get(struct sftp_conn *conn, char *src, char *dst, char *pwd,
++process_get(struct sftp_conn *conn, const char *src, const char *dst, const char *pwd,
+     int pflag, int rflag)
+ {
+ 	char *abs_src = NULL;
+@@ -590,7 +590,7 @@ out:
+ }
+ 
+ static int
+-process_put(struct sftp_conn *conn, char *src, char *dst, char *pwd,
++process_put(struct sftp_conn *conn, const char *src, const char *dst, const char *pwd,
+     int pflag, int rflag)
+ {
+ 	char *tmp_dst = NULL;
+@@ -695,7 +695,7 @@ sdirent_comp(const void *aa, const void
+ 
+ /* sftp ls.1 replacement for directories */
+ static int
+-do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag)
++do_ls_dir(struct sftp_conn *conn, const char *path, const char *strip_path, int lflag)
+ {
+ 	int n;
+ 	u_int c = 1, colspace = 0, columns = 1;
+@@ -780,10 +780,10 @@ do_ls_dir(struct sftp_conn *conn, char *
+ 
+ /* sftp ls.1 replacement which handles path globs */
+ static int
+-do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path,
++do_globbed_ls(struct sftp_conn *conn, const char *path, const char *strip_path,
+     int lflag)
+ {
+-	Attrib *a = NULL;
++/*UNUSED Attrib *a = NULL;*/
+ 	char *fname, *lname;
+ 	glob_t g;
+ 	int err;
+@@ -828,7 +828,7 @@ do_globbed_ls(struct sftp_conn *conn, ch
+ 		colspace = width / columns;
+ 	}
+ 
+-	for (i = 0; g.gl_pathv[i] && !interrupted; i++, a = NULL) {
++	for (i = 0; g.gl_pathv[i] && !interrupted; i++/*, a = NULL*/) {
+ 		fname = path_strip(g.gl_pathv[i], strip_path);
+ 		if (lflag & LS_LONG_VIEW) {
+ 			if (g.gl_statv[i] == NULL) {
+@@ -861,7 +861,7 @@ do_globbed_ls(struct sftp_conn *conn, ch
+ }
+ 
+ static int
+-do_df(struct sftp_conn *conn, char *path, int hflag, int iflag)
++do_df(struct sftp_conn *conn, const char *path, int hflag, int iflag)
+ {
+ 	struct sftp_statvfs st;
+ 	char s_used[FMT_SCALED_STRSIZE];
+diff -up openssh-5.9p1/sshd.c.coverity openssh-5.9p1/sshd.c
+--- openssh-5.9p1/sshd.c.coverity	2011-06-23 11:45:51.000000000 +0200
++++ openssh-5.9p1/sshd.c	2011-09-08 14:14:01.018565321 +0200
+@@ -1302,6 +1302,9 @@ server_accept_loop(int *sock_in, int *so
+ 		if (num_listen_socks < 0)
+ 			break;
+ 	}
++
++	if (fdset != NULL)
++		xfree(fdset);
+ }
+ 
+ 
+@@ -1774,7 +1777,7 @@ main(int ac, char **av)
+ 
+ 	/* Chdir to the root directory so that the current disk can be
+ 	   unmounted if desired. */
+-	chdir("/");
++	(void) chdir("/");
+ 
+ 	/* ignore SIGPIPE */
+ 	signal(SIGPIPE, SIG_IGN);
diff --git a/openssh-5.9p1-fips.patch b/openssh-5.9p1-fips.patch
index 3c069d2..c783f6a 100644
--- a/openssh-5.9p1-fips.patch
+++ b/openssh-5.9p1-fips.patch
@@ -1,6 +1,6 @@
-diff -up openssh-5.9p0/Makefile.in.fips openssh-5.9p0/Makefile.in
---- openssh-5.9p0/Makefile.in.fips	2011-08-31 13:16:25.548087929 +0200
-+++ openssh-5.9p0/Makefile.in	2011-08-31 13:17:42.820212398 +0200
+diff -up openssh-5.9p1/Makefile.in.fips openssh-5.9p1/Makefile.in
+--- openssh-5.9p1/Makefile.in.fips	2011-09-08 14:51:55.788515769 +0200
++++ openssh-5.9p1/Makefile.in	2011-09-08 14:51:58.390439672 +0200
 @@ -142,25 +142,25 @@ libssh.a: $(LIBSSH_OBJS)
  	$(RANLIB) $@
  
@@ -42,9 +42,9 @@ diff -up openssh-5.9p0/Makefile.in.fips openssh-5.9p0/Makefile.in
  
  sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-server-main.o
  	$(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
-diff -up openssh-5.9p0/authfile.c.fips openssh-5.9p0/authfile.c
---- openssh-5.9p0/authfile.c.fips	2011-08-31 13:16:26.896087056 +0200
-+++ openssh-5.9p0/authfile.c	2011-08-31 13:16:28.586211616 +0200
+diff -up openssh-5.9p1/authfile.c.fips openssh-5.9p1/authfile.c
+--- openssh-5.9p1/authfile.c.fips	2011-09-08 14:51:57.076455523 +0200
++++ openssh-5.9p1/authfile.c	2011-09-08 14:51:58.485565698 +0200
 @@ -148,8 +148,14 @@ key_private_rsa1_to_blob(Key *key, Buffe
  	/* Allocate space for the private part of the key in the buffer. */
  	cp = buffer_append_space(&encrypted, buffer_len(&buffer));
@@ -78,9 +78,9 @@ diff -up openssh-5.9p0/authfile.c.fips openssh-5.9p0/authfile.c
  	cipher_crypt(&ciphercontext, cp,
  	    buffer_ptr(&copy), buffer_len(&copy));
  	cipher_cleanup(&ciphercontext);
-diff -up openssh-5.9p0/cipher-ctr.c.fips openssh-5.9p0/cipher-ctr.c
---- openssh-5.9p0/cipher-ctr.c.fips	2010-10-07 13:06:42.000000000 +0200
-+++ openssh-5.9p0/cipher-ctr.c	2011-08-31 13:16:28.690026009 +0200
+diff -up openssh-5.9p1/cipher-ctr.c.fips openssh-5.9p1/cipher-ctr.c
+--- openssh-5.9p1/cipher-ctr.c.fips	2010-10-07 13:06:42.000000000 +0200
++++ openssh-5.9p1/cipher-ctr.c	2011-09-08 14:51:58.593563819 +0200
 @@ -140,7 +140,8 @@ evp_aes_128_ctr(void)
  	aes_ctr.do_cipher = ssh_aes_ctr;
  #ifndef SSH_OLD_EVP
@@ -91,9 +91,9 @@ diff -up openssh-5.9p0/cipher-ctr.c.fips openssh-5.9p0/cipher-ctr.c
  #endif
  	return (&aes_ctr);
  }
-diff -up openssh-5.9p0/cipher.c.fips openssh-5.9p0/cipher.c
---- openssh-5.9p0/cipher.c.fips	2011-08-31 13:16:14.685087304 +0200
-+++ openssh-5.9p0/cipher.c	2011-08-31 13:16:28.815092896 +0200
+diff -up openssh-5.9p1/cipher.c.fips openssh-5.9p1/cipher.c
+--- openssh-5.9p1/cipher.c.fips	2011-09-08 14:51:44.592501867 +0200
++++ openssh-5.9p1/cipher.c	2011-09-08 14:51:58.700440064 +0200
 @@ -40,6 +40,7 @@
  #include <sys/types.h>
  
@@ -178,9 +178,9 @@ diff -up openssh-5.9p0/cipher.c.fips openssh-5.9p0/cipher.c
  }
  
  /*
-diff -up openssh-5.9p0/cipher.h.fips openssh-5.9p0/cipher.h
---- openssh-5.9p0/cipher.h.fips	2011-08-31 13:16:14.816212495 +0200
-+++ openssh-5.9p0/cipher.h	2011-08-31 13:16:28.939073884 +0200
+diff -up openssh-5.9p1/cipher.h.fips openssh-5.9p1/cipher.h
+--- openssh-5.9p1/cipher.h.fips	2011-09-08 14:51:44.697501719 +0200
++++ openssh-5.9p1/cipher.h	2011-09-08 14:51:58.800502283 +0200
 @@ -87,7 +87,7 @@ void	 cipher_init(CipherContext *, Ciphe
      const u_char *, u_int, int);
  void	 cipher_crypt(CipherContext *, u_char *, const u_char *, u_int);
@@ -190,9 +190,9 @@ diff -up openssh-5.9p0/cipher.h.fips openssh-5.9p0/cipher.h
  u_int	 cipher_blocksize(const Cipher *);
  u_int	 cipher_keylen(const Cipher *);
  u_int	 cipher_is_cbc(const Cipher *);
-diff -up openssh-5.9p0/key.c.fips openssh-5.9p0/key.c
---- openssh-5.9p0/key.c.fips	2011-08-31 13:16:18.179212858 +0200
-+++ openssh-5.9p0/key.c	2011-08-31 13:16:29.069031653 +0200
+diff -up openssh-5.9p1/key.c.fips openssh-5.9p1/key.c
+--- openssh-5.9p1/key.c.fips	2011-09-08 14:51:49.002451595 +0200
++++ openssh-5.9p1/key.c	2011-09-08 14:51:58.908501542 +0200
 @@ -40,6 +40,7 @@
  #include <sys/types.h>
  
@@ -218,9 +218,9 @@ diff -up openssh-5.9p0/key.c.fips openssh-5.9p0/key.c
  		rv_defined = 1;
  	}
  	return rv;
-diff -up openssh-5.9p0/mac.c.fips openssh-5.9p0/mac.c
---- openssh-5.9p0/mac.c.fips	2011-08-31 13:16:16.521087343 +0200
-+++ openssh-5.9p0/mac.c	2011-08-31 13:16:29.171039694 +0200
+diff -up openssh-5.9p1/mac.c.fips openssh-5.9p1/mac.c
+--- openssh-5.9p1/mac.c.fips	2011-09-08 14:51:46.755466816 +0200
++++ openssh-5.9p1/mac.c	2011-09-08 14:51:59.029600712 +0200
 @@ -28,6 +28,7 @@
  #include <sys/types.h>
  
@@ -270,9 +270,9 @@ diff -up openssh-5.9p0/mac.c.fips openssh-5.9p0/mac.c
  
  	for (i = 0; macs[i].name; i++) {
  		if (strcmp(name, macs[i].name) == 0) {
-diff -up openssh-5.9p0/myproposal.h.fips openssh-5.9p0/myproposal.h
---- openssh-5.9p0/myproposal.h.fips	2011-08-17 02:29:03.000000000 +0200
-+++ openssh-5.9p0/myproposal.h	2011-08-31 13:16:29.301087416 +0200
+diff -up openssh-5.9p1/myproposal.h.fips openssh-5.9p1/myproposal.h
+--- openssh-5.9p1/myproposal.h.fips	2011-08-17 02:29:03.000000000 +0200
++++ openssh-5.9p1/myproposal.h	2011-09-08 14:51:59.150503573 +0200
 @@ -97,6 +97,12 @@
  #define	KEX_DEFAULT_COMP	"none,zlib at openssh.com,zlib"
  #define	KEX_DEFAULT_LANG	""
@@ -286,9 +286,9 @@ diff -up openssh-5.9p0/myproposal.h.fips openssh-5.9p0/myproposal.h
  
  static char *myproposal[PROPOSAL_MAX] = {
  	KEX_DEFAULT_KEX,
-diff -up openssh-5.9p0/openbsd-compat/bsd-arc4random.c.fips openssh-5.9p0/openbsd-compat/bsd-arc4random.c
---- openssh-5.9p0/openbsd-compat/bsd-arc4random.c.fips	2010-03-25 22:52:02.000000000 +0100
-+++ openssh-5.9p0/openbsd-compat/bsd-arc4random.c	2011-08-31 13:16:29.741086847 +0200
+diff -up openssh-5.9p1/openbsd-compat/bsd-arc4random.c.fips openssh-5.9p1/openbsd-compat/bsd-arc4random.c
+--- openssh-5.9p1/openbsd-compat/bsd-arc4random.c.fips	2010-03-25 22:52:02.000000000 +0100
++++ openssh-5.9p1/openbsd-compat/bsd-arc4random.c	2011-09-08 14:51:59.262439903 +0200
 @@ -37,25 +37,18 @@
  #define REKEY_BYTES	(1 << 24)
  
@@ -344,9 +344,9 @@ diff -up openssh-5.9p0/openbsd-compat/bsd-arc4random.c.fips openssh-5.9p0/openbs
  }
  #endif /* !HAVE_ARC4RANDOM */
  
-diff -up openssh-5.9p0/ssh.c.fips openssh-5.9p0/ssh.c
---- openssh-5.9p0/ssh.c.fips	2011-08-05 22:18:16.000000000 +0200
-+++ openssh-5.9p0/ssh.c	2011-08-31 13:16:29.852212356 +0200
+diff -up openssh-5.9p1/ssh.c.fips openssh-5.9p1/ssh.c
+--- openssh-5.9p1/ssh.c.fips	2011-08-05 22:18:16.000000000 +0200
++++ openssh-5.9p1/ssh.c	2011-09-08 14:51:59.369485419 +0200
 @@ -73,6 +73,8 @@
  
  #include <openssl/evp.h>
@@ -409,9 +409,9 @@ diff -up openssh-5.9p0/ssh.c.fips openssh-5.9p0/ssh.c
  	/* Open a connection to the remote host. */
  	if (ssh_connect(host, &hostaddr, options.port,
  	    options.address_family, options.connection_attempts, &timeout_ms,
-diff -up openssh-5.9p0/sshconnect2.c.fips openssh-5.9p0/sshconnect2.c
---- openssh-5.9p0/sshconnect2.c.fips	2011-08-31 13:16:09.532024846 +0200
-+++ openssh-5.9p0/sshconnect2.c	2011-08-31 13:16:29.959087217 +0200
+diff -up openssh-5.9p1/sshconnect2.c.fips openssh-5.9p1/sshconnect2.c
+--- openssh-5.9p1/sshconnect2.c.fips	2011-09-08 14:51:38.333470704 +0200
++++ openssh-5.9p1/sshconnect2.c	2011-09-08 14:51:59.474500288 +0200
 @@ -44,6 +44,8 @@
  #include <vis.h>
  #endif
@@ -444,9 +444,9 @@ diff -up openssh-5.9p0/sshconnect2.c.fips openssh-5.9p0/sshconnect2.c
  	if (options.hostkeyalgorithms != NULL)
  		myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
  		    options.hostkeyalgorithms;
-diff -up openssh-5.9p0/sshd.c.fips openssh-5.9p0/sshd.c
---- openssh-5.9p0/sshd.c.fips	2011-08-31 13:16:22.525057137 +0200
-+++ openssh-5.9p0/sshd.c	2011-08-31 13:16:30.078212687 +0200
+diff -up openssh-5.9p1/sshd.c.fips openssh-5.9p1/sshd.c
+--- openssh-5.9p1/sshd.c.fips	2011-09-08 14:51:52.866451334 +0200
++++ openssh-5.9p1/sshd.c	2011-09-08 14:57:01.982447369 +0200
 @@ -76,6 +76,8 @@
  #include <openssl/bn.h>
  #include <openssl/md5.h>
@@ -456,7 +456,7 @@ diff -up openssh-5.9p0/sshd.c.fips openssh-5.9p0/sshd.c
  #include "openbsd-compat/openssl-compat.h"
  
  #ifdef HAVE_SECUREWARE
-@@ -1388,6 +1390,11 @@ main(int ac, char **av)
+@@ -1391,6 +1393,11 @@ main(int ac, char **av)
  #endif
  	__progname = ssh_get_progname(av[0]);
  
@@ -468,7 +468,7 @@ diff -up openssh-5.9p0/sshd.c.fips openssh-5.9p0/sshd.c
  	/* Save argv. Duplicate so setproctitle emulation doesn't clobber it */
  	saved_argc = ac;
  	rexec_argc = ac;
-@@ -1547,8 +1554,6 @@ main(int ac, char **av)
+@@ -1550,8 +1557,6 @@ main(int ac, char **av)
  	else
  		closefrom(REEXEC_DEVCRYPTO_RESERVED_FD);
  
@@ -477,7 +477,7 @@ diff -up openssh-5.9p0/sshd.c.fips openssh-5.9p0/sshd.c
  	/*
  	 * Force logging to stderr until we have loaded the private host
  	 * key (unless started from inetd)
-@@ -1666,6 +1671,10 @@ main(int ac, char **av)
+@@ -1669,6 +1674,10 @@ main(int ac, char **av)
  		debug("private host key: #%d type %d %s", i, key->type,
  		    key_type(key));
  	}
@@ -488,7 +488,7 @@ diff -up openssh-5.9p0/sshd.c.fips openssh-5.9p0/sshd.c
  	if ((options.protocol & SSH_PROTO_1) && !sensitive_data.have_ssh1_key) {
  		logit("Disabling protocol version 1. Could not load host key");
  		options.protocol &= ~SSH_PROTO_1;
-@@ -1830,6 +1839,10 @@ main(int ac, char **av)
+@@ -1833,6 +1842,10 @@ main(int ac, char **av)
  	/* Initialize the random number generator. */
  	arc4random_stir();
  
@@ -498,8 +498,8 @@ diff -up openssh-5.9p0/sshd.c.fips openssh-5.9p0/sshd.c
 +
  	/* Chdir to the root directory so that the current disk can be
  	   unmounted if desired. */
- 	chdir("/");
-@@ -2372,6 +2385,9 @@ do_ssh2_kex(void)
+ 	(void) chdir("/");
+@@ -2375,6 +2388,9 @@ do_ssh2_kex(void)
  	if (options.ciphers != NULL) {
  		myproposal[PROPOSAL_ENC_ALGS_CTOS] =
  		myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
@@ -509,7 +509,7 @@ diff -up openssh-5.9p0/sshd.c.fips openssh-5.9p0/sshd.c
  	}
  	myproposal[PROPOSAL_ENC_ALGS_CTOS] =
  	    compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]);
-@@ -2381,6 +2397,9 @@ do_ssh2_kex(void)
+@@ -2384,6 +2400,9 @@ do_ssh2_kex(void)
  	if (options.macs != NULL) {
  		myproposal[PROPOSAL_MAC_ALGS_CTOS] =
  		myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
diff --git a/openssh-5.9p1-gsskex.patch b/openssh-5.9p1-gsskex.patch
index 1cf6bb7..c7ac7e2 100644
--- a/openssh-5.9p1-gsskex.patch
+++ b/openssh-5.9p1-gsskex.patch
@@ -1454,7 +1454,7 @@ diff -up openssh-5.9p0/kexgssc.c.gsskex openssh-5.9p0/kexgssc.c
 +	klen = DH_size(dh);
 +	kbuf = xmalloc(klen);
 +	kout = DH_compute_key(kbuf, dh_server_pub, dh);
-+	if (kout < 0)
++	if ((int)kout < 0)
 +		fatal("DH_compute_key: failed");
 +
 +	shared_secret = BN_new();
@@ -1738,7 +1738,7 @@ diff -up openssh-5.9p0/kexgsss.c.gsskex openssh-5.9p0/kexgsss.c
 +	klen = DH_size(dh);
 +	kbuf = xmalloc(klen); 
 +	kout = DH_compute_key(kbuf, dh_client_pub, dh);
-+	if (kout < 0)
++	if ((int)kout < 0)
 +		fatal("DH_compute_key: failed");
 +
 +	shared_secret = BN_new();
diff --git a/openssh-5.9p1-ldap.patch b/openssh-5.9p1-ldap.patch
index e6bc256..10f303e 100644
--- a/openssh-5.9p1-ldap.patch
+++ b/openssh-5.9p1-ldap.patch
@@ -473,7 +473,7 @@ diff -up openssh-5.9p0/ldap-helper.c.ldap openssh-5.9p0/ldap-helper.c
 +}
 +
 +/* Ugly hack */
-+void   *buffer_get_string(Buffer *b, u_int *l) {}
++void   *buffer_get_string(Buffer *b, u_int *l) { return NULL; }
 +void    buffer_put_string(Buffer *b, const void *f, u_int l) {}
 +
 diff -up openssh-5.9p0/ldap-helper.h.ldap openssh-5.9p0/ldap-helper.h
@@ -776,7 +776,7 @@ diff -up openssh-5.9p0/ldapbody.c.ldap openssh-5.9p0/ldapbody.c
 +				ber_set_option (NULL, LBER_OPT_DEBUG_LEVEL, &options.debug);
 +#endif /* LBER_OPT_DEBUG_LEVEL */
 +#ifdef LDAP_OPT_DEBUG_LEVEL
-+				ldap_set_option (NULL, LDAP_OPT_DEBUG_LEVEL, &options.debug);
++				(void) ldap_set_option (NULL, LDAP_OPT_DEBUG_LEVEL, &options.debug);
 +#endif /* LDAP_OPT_DEBUG_LEVEL */
 +				debug3 ("Set LDAP debug to %d", options.debug);
 +			}
diff --git a/openssh.spec b/openssh.spec
index acb22a8..98d9e82 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -79,7 +79,7 @@
 
 # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
 %define openssh_ver 5.9p1
-%define openssh_rel 1
+%define openssh_rel 2
 %define pam_ssh_agent_ver 0.9.2
 %define pam_ssh_agent_rel 32
 
@@ -111,14 +111,16 @@ Source13: sshd-keygen
 # Internal debug
 Patch0: openssh-5.8p1-wIm.patch
 
+#?
+Patch100: openssh-5.9p1-coverity.patch
 #https://bugzilla.mindrot.org/show_bug.cgi?id=1872
-Patch100: openssh-5.8p1-fingerprint.patch
+Patch101: openssh-5.8p1-fingerprint.patch
 #https://bugzilla.mindrot.org/show_bug.cgi?id=1894
-Patch101: openssh-5.8p1-getaddrinfo.patch
+Patch102: openssh-5.8p1-getaddrinfo.patch
 #https://bugzilla.mindrot.org/show_bug.cgi?id=1889
-Patch102: openssh-5.8p1-packet.patch
-#?
-Patch103: openssh-5.9p1-2auth.patch
+Patch103: openssh-5.8p1-packet.patch
+#https://bugzilla.mindrot.org/show_bug.cgi?id=983
+Patch104: openssh-5.9p1-2auth.patch
 
 #https://bugzilla.mindrot.org/show_bug.cgi?id=1402
 Patch200: openssh-5.8p1-audit0.patch
@@ -384,10 +386,11 @@ The module is most useful for su and sudo service stacks.
 #Do not enable by default
 ###%patch0 -p1 -b .wIm
 
-%patch100 -p1 -b .fingerprint
-%patch101 -p1 -b .getaddrinfo
-%patch102 -p1 -b .packet
-%patch103 -p1 -b .2auth
+%patch100 -p1 -b .coverity
+%patch101 -p1 -b .fingerprint
+%patch102 -p1 -b .getaddrinfo
+%patch103 -p1 -b .packet
+%patch104 -p1 -b .2auth
 
 %patch200 -p1 -b .audit0
 %patch201 -p1 -b .audit1
@@ -415,6 +418,7 @@ popd
 %if %{ldap}
 %patch501 -p1 -b .ldap
 %endif
+
 %patch502 -p1 -b .keycat
 
 %patch600 -p1 -b .keygen
@@ -781,6 +785,9 @@ fi
 %endif
 
 %changelog
+* Thu Sep  8 2011 Jan F. Chadima <jchadima at redhat.com> - 5.9p1-2 + 0.9.2-32
+- Coverity first pass
+
 * Wed Sep  7 2011 Jan F. Chadima <jchadima at redhat.com> - 5.9p1-1 + 0.9.2-32
 - Rebase to 5.9p1
 - Add chroot sftp patch