Index: monitor_fdpass.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/monitor_fdpass.c,v
retrieving revision 1.17
retrieving revision 1.16
diff -u -p -r1.17 -r1.16
--- monitor_fdpass.c	24 Mar 2008 16:11:07 -0000	1.17
+++ monitor_fdpass.c	15 Mar 2008 16:19:02 -0000	1.16
@@ -50,7 +50,7 @@ mm_send_fd(int sock, int fd)
 
 	memset(&msg, 0, sizeof(msg));
 	msg.msg_control = (caddr_t)&cmsgbuf.buf;
-	msg.msg_controllen = sizeof(cmsgbuf.buf);
+	msg.msg_controllen = CMSG_LEN(sizeof(int));
 	cmsg = CMSG_FIRSTHDR(&msg);
 	cmsg->cmsg_len = CMSG_LEN(sizeof(int));
 	cmsg->cmsg_level = SOL_SOCKET;
@@ -96,7 +96,7 @@ mm_receive_fd(int sock)
 	msg.msg_iov = &vec;
 	msg.msg_iovlen = 1;
 	msg.msg_control = &cmsgbuf.buf;
-	msg.msg_controllen = sizeof(cmsgbuf.buf);
+	msg.msg_controllen = CMSG_LEN(sizeof(int));
 
 	if ((n = recvmsg(sock, &msg, 0)) == -1) {
 		error("%s: recvmsg: %s", __func__, strerror(errno));
Index: misc.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/misc.c,v
retrieving revision 1.69
diff -u -p -r1.69 misc.c
--- misc.c	13 Jun 2008 01:38:23 -0000	1.69
+++ misc.c	23 Jul 2008 03:04:46 -0000
@@ -832,3 +832,64 @@ ms_to_timeval(struct timeval *tv, int ms
 	tv->tv_usec = (ms % 1000) * 1000;
 }
 
+/*
+ * Calculate a uniformly distributed random number less than upper_bound
+ * avoiding "modulo bias".
+ *
+ * Uniformity is achieved by generating new random numbers until the one
+ * returned is outside the range [0, 2**32 % upper_bound).  This
+ * guarantees the selected random number will be inside
+ * [2**32 % upper_bound, 2**32) which maps back to [0, upper_bound)
+ * after reduction modulo upper_bound.
+ */
+u_int32_t
+arc4random_uniform(u_int32_t upper_bound)
+{
+	u_int32_t r, min;
+
+	if (upper_bound < 2)
+		return 0;
+
+#if (ULONG_MAX > 0xffffffffUL)
+	min = 0x100000000UL % upper_bound;
+#else
+	/* Calculate (2**32 % upper_bound) avoiding 64-bit math */
+	if (upper_bound > 0x80000000)
+		min = 1 + ~upper_bound;		/* 2**32 - upper_bound */
+	else {
+		/* (2**32 - (x * 2)) % x == 2**32 % x when x <= 2**31 */
+		min = ((0xffffffff - (upper_bound * 2)) + 1) % upper_bound;
+	}
+#endif
+
+	/*
+	 * This could theoretically loop forever but each retry has
+	 * p > 0.5 (worst case, usually far better) of selecting a
+	 * number inside the range we need, so it should rarely need
+	 * to re-roll.
+	 */
+	for (;;) {
+		r = arc4random();
+		if (r >= min)
+			break;
+	}
+
+	return r % upper_bound;
+}
+
+void
+arc4random_buf(void *_buf, size_t n)
+{
+	u_char *buf = (u_char *)_buf;
+	size_t i;
+	u_int32_t r;
+
+	for (i = 0; i < n; i++) {
+		if (i % 4 == 0)
+			r = arc4random();
+		buf[i] = r & 0xff;
+		r >>= 8;
+	}
+	r = 0;
+}
+
Index: misc.h
===================================================================
RCS file: /cvs/src/usr.bin/ssh/misc.h,v
retrieving revision 1.38
diff -u -p -r1.38 misc.h
--- misc.h	12 Jun 2008 20:38:28 -0000	1.38
+++ misc.h	23 Jul 2008 03:04:46 -0000
@@ -78,6 +78,8 @@ void		put_u32(void *, u_int32_t)
 void		put_u16(void *, u_int16_t)
     __attribute__((__bounded__( __minbytes__, 1, 2)));
 
+u_int32_t arc4random_uniform(u_int32_t);
+void arc4random_buf(void *, size_t);
 
 /* readpass.c */
 
Index: sftp-client.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/sftp-client.c,v
retrieving revision 1.86
diff -u -p -r1.86 sftp-client.c
--- sftp-client.c	26 Jun 2008 06:10:09 -0000	1.86
+++ sftp-client.c	23 Jul 2008 13:31:39 -0000
@@ -25,7 +25,6 @@
 #include <sys/stat.h>
 #include <sys/time.h>
 #include <sys/param.h>
-#include <sys/statvfs.h>
 #include <sys/uio.h>
 
 #include <errno.h>
@@ -278,8 +277,10 @@ get_decode_statvfs(int fd, struct sftp_s
 	flag = buffer_get_int64(&msg);
 	st->f_namemax = buffer_get_int64(&msg);
 
+#if 0
 	st->f_flag = (flag & SSH2_FXE_STATVFS_ST_RDONLY) ? ST_RDONLY : 0;
 	st->f_flag |= (flag & SSH2_FXE_STATVFS_ST_NOSUID) ? ST_NOSUID : 0;
+#endif
 
 	buffer_free(&msg);
 
Index: sftp-server.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/sftp-server.c,v
retrieving revision 1.84
diff -u -p -r1.84 sftp-server.c
--- sftp-server.c	26 Jun 2008 06:10:09 -0000	1.84
+++ sftp-server.c	23 Jul 2008 13:31:39 -0000
@@ -20,7 +20,9 @@
 #include <sys/time.h>
 #include <sys/param.h>
 #include <sys/mount.h>
+#if 0
 #include <sys/statvfs.h>
+#endif
 
 #include <dirent.h>
 #include <errno.h>
@@ -475,6 +477,7 @@ send_attrib(u_int32_t id, const Attrib *
 	buffer_free(&msg);
 }
 
+#if 0
 static void
 send_statvfs(u_int32_t id, struct statvfs *st)
 {
@@ -501,6 +504,7 @@ send_statvfs(u_int32_t id, struct statvf
 	send_msg(&msg);
 	buffer_free(&msg);
 }
+#endif
 
 /* parse incoming */
 
@@ -517,12 +521,14 @@ process_init(void)
 	/* POSIX rename extension */
 	buffer_put_cstring(&msg, "posix-rename@openssh.com");
 	buffer_put_cstring(&msg, "1"); /* version */
+#if 0
 	/* statvfs extension */
 	buffer_put_cstring(&msg, "statvfs@openssh.com");
 	buffer_put_cstring(&msg, "2"); /* version */
 	/* fstatvfs extension */
 	buffer_put_cstring(&msg, "fstatvfs@openssh.com");
 	buffer_put_cstring(&msg, "2"); /* version */
+#endif
 	send_msg(&msg);
 	buffer_free(&msg);
 }
@@ -1116,6 +1122,7 @@ process_extended_posix_rename(u_int32_t 
 	xfree(newpath);
 }
 
+#if 0
 static void
 process_extended_statvfs(u_int32_t id)
 {
@@ -1151,6 +1158,7 @@ process_extended_fstatvfs(u_int32_t id)
 	else
 		send_statvfs(id, &st);
 }
+#endif
 
 static void
 process_extended(void)
@@ -1162,10 +1170,12 @@ process_extended(void)
 	request = get_string(NULL);
 	if (strcmp(request, "posix-rename@openssh.com") == 0)
 		process_extended_posix_rename(id);
+#if 0
 	else if (strcmp(request, "statvfs@openssh.com") == 0)
 		process_extended_statvfs(id);
 	else if (strcmp(request, "fstatvfs@openssh.com") == 0)
 		process_extended_fstatvfs(id);
+#endif
 	else
 		send_status(id, SSH2_FX_OP_UNSUPPORTED);	/* MUST */
 	xfree(request);
Index: sftp.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/sftp.c,v
retrieving revision 1.103
diff -u -p -r1.103 sftp.c
--- sftp.c	13 Jul 2008 22:16:03 -0000	1.103
+++ sftp.c	23 Jul 2008 13:31:39 -0000
@@ -21,7 +21,6 @@
 #include <sys/stat.h>
 #include <sys/socket.h>
 #include <sys/param.h>
-#include <sys/statvfs.h>
 
 #include <ctype.h>
 #include <errno.h>