[ 19:30 bdrewery  ]

• 431698 security/openssh-portable/Makefile
• 431698 security/openssh-portable/distinfo
• 431698 security/openssh-portable/files/extra-patch-hpn
• 431698 security/openssh-portable/files/extra-patch-ldns
• 431698 security/openssh-portable/files/extra-patch-sctp
• 431698 security/openssh-portable/files/extra-patch-tcpwrappers
• 431698 security/openssh-portable/files/extra-patch-x509-glue
• 431698 security/openssh-portable/files/patch-kex.c
• 431698 security/openssh-portable/files/patch-misc.c
• 431698 security/openssh-portable/files/patch-readconf.c

Update to 7.4p1.

- Update X509 patch to 9.3
- SCTP patch from soralx@cydem.org

Changes: https://www.openssh.com/txt/release-7.4

[ 22:52 bdrewery  ]

• 424592 security/openssh-portable/Makefile
• 424592 security/openssh-portable/files/patch-kex.c

Bring in upstream commit ec165c392ca54317dbe3064a8c200de6531e89ad:
  Unregister the KEXINIT handler after message has been
  received. Otherwise an unauthenticated peer can repeat the KEXINIT and cause
  allocation of up to 128MB -- until the connection is closed. Reported by
  shilei-c at 360.cn

Security:	CVE-2016-8858