File openssh-6.6p1-disable_preauth_compression.patch of Package openssh.10219

# HG changeset patch
# Parent  8b672d8a8b1f0035e5abf831532f5bf3064f90b4
Remove preauth compression support for security reasons and cleanup unused
code.

CVE-2016-10012 - part 1
bsc#1016370

backported upstream commit 0082fba4efdd492f765ed4c53f0d0fbd3bdbdf7f
backported upstream commit 1cfd5c06efb121e58e8b6671548fda77ef4b4455
backported upstream commit 4577adead6a7d600c8e764619d99477a08192c8f
backported upstream commit b7689155f3f5c4999846c07a852b1c7a43b09cec

diff --git a/openssh-6.6p1/Makefile.in b/openssh-6.6p1/Makefile.in
--- a/openssh-6.6p1/Makefile.in
+++ b/openssh-6.6p1/Makefile.in
@@ -93,17 +93,17 @@ SSHOBJS= ssh.o readconf.o clientloop.o s
 
 SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
 	audit.o audit-bsm.o audit-linux.o platform.o \
 	sshpty.o sshlogin.o servconf.o serverloop.o \
 	auth.o auth1.o auth2.o auth-options.o session.o \
 	auth-chall.o auth2-chall.o groupaccess.o \
 	auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o \
 	auth2-none.o auth2-passwd.o auth2-pubkey.o \
-	monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o kexecdhs.o kexgsss.o \
+	monitor.o monitor_wrap.o kexdhs.o kexgexs.o kexecdhs.o kexgsss.o \
 	kexc25519s.o auth-krb5.o \
 	auth2-gss.o gss-serv.o gss-serv-krb5.o \
 	loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
 	sftp-server.o sftp-common.o \
 	roaming_common.o roaming_serv.o \
 	sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
 	sandbox-seccomp-filter.o sandbox-capsicum.o
 
diff --git a/openssh-6.6p1/README.privsep b/openssh-6.6p1/README.privsep
--- a/openssh-6.6p1/README.privsep
+++ b/openssh-6.6p1/README.privsep
@@ -3,20 +3,16 @@ operations that require root privilege a
 privileged monitor process.  Its purpose is to prevent privilege
 escalation by containing corruption to an unprivileged process.
 More information is available at:
 	http://www.citi.umich.edu/u/provos/ssh/privsep.html
 
 Privilege separation is now enabled by default; see the
 UsePrivilegeSeparation option in sshd_config(5).
 
-On systems which lack mmap or anonymous (MAP_ANON) memory mapping,
-compression must be disabled in order for privilege separation to
-function.
-
 When privsep is enabled, during the pre-authentication phase sshd will
 chroot(2) to "/var/empty" and change its privileges to the "sshd" user
 and its primary group.  sshd is a pseudo-account that should not be
 used by other daemons, and must be locked and should contain a
 "nologin" or invalid shell.
 
 You should do something like the following to prepare the privsep
 preauth environment:
@@ -30,19 +26,16 @@ preauth environment:
 /var/empty should not contain any files.
 
 configure supports the following options to change the default
 privsep user and chroot directory:
 
   --with-privsep-path=xxx Path for privilege separation chroot
   --with-privsep-user=user Specify non-privileged user for privilege separation
 
-Privsep requires operating system support for file descriptor passing.
-Compression will be disabled on systems without a working mmap MAP_ANON.
-
 PAM-enabled OpenSSH is known to function with privsep on AIX, FreeBSD, 
 HP-UX (including Trusted Mode), Linux, NetBSD and Solaris.
 
 On Cygwin, Tru64 Unix, OpenServer, and Unicos only the pre-authentication
 part of privsep is supported.  Post-authentication privsep is disabled
 automatically (so you won't see the additional process mentioned below).
 
 Note that for a normal interactive login with a shell, enabling privsep
diff --git a/openssh-6.6p1/TODO b/openssh-6.6p1/TODO
--- a/openssh-6.6p1/TODO
+++ b/openssh-6.6p1/TODO
@@ -64,20 +64,16 @@ Clean up configure/makefiles:
   similar tests. E.g move all the type detection stuff into one file,
   entropy related stuff into another.
 
 Packaging:
 - HP-UX: Provide DEPOT package scripts.
   (gilbert.r.loomis@saic.com)
 
 PrivSep Issues:
-- mmap() issues.
-  + /dev/zero solution (Solaris)
-  + No/broken MAP_ANON (Irix)
-  + broken /dev/zero parse (Linux)
 - PAM
   + See above PAM notes
 - AIX
   + usrinfo() does not set TTY, but only required for legacy systems.  Works
     with PrivSep.
 - OSF
   + SIA is broken
 - Cygwin
diff --git a/openssh-6.6p1/kex.c b/openssh-6.6p1/kex.c
--- a/openssh-6.6p1/kex.c
+++ b/openssh-6.6p1/kex.c
@@ -456,18 +456,16 @@ choose_comp(Comp *comp, char *client, ch
 	if (name == NULL) {
 #ifdef SSH_AUDIT_EVENTS
 		audit_unsupported(2);
 #endif
 		fatal("no matching comp found: client %s server %s", client, server);
 	}
 	if (strcmp(name, "zlib@openssh.com") == 0) {
 		comp->type = COMP_DELAYED;
-	} else if (strcmp(name, "zlib") == 0) {
-		comp->type = COMP_ZLIB;
 	} else if (strcmp(name, "none") == 0) {
 		comp->type = COMP_NONE;
 	} else {
 		fatal("unsupported comp %s", name);
 	}
 	comp->name = name;
 }
 
diff --git a/openssh-6.6p1/kex.h b/openssh-6.6p1/kex.h
--- a/openssh-6.6p1/kex.h
+++ b/openssh-6.6p1/kex.h
@@ -41,18 +41,17 @@
 #define	KEX_DHGEX_SHA256	"diffie-hellman-group-exchange-sha256"
 #define	KEX_RESUME		"resume@appgate.com"
 #define	KEX_ECDH_SHA2_NISTP256	"ecdh-sha2-nistp256"
 #define	KEX_ECDH_SHA2_NISTP384	"ecdh-sha2-nistp384"
 #define	KEX_ECDH_SHA2_NISTP521	"ecdh-sha2-nistp521"
 #define	KEX_CURVE25519_SHA256	"curve25519-sha256@libssh.org"
 
 #define COMP_NONE	0
-#define COMP_ZLIB	1
-#define COMP_DELAYED	2
+#define COMP_DELAYED	1
 
 enum kex_init_proposals {
 	PROPOSAL_KEX_ALGS,
 	PROPOSAL_SERVER_HOST_KEY_ALGS,
 	PROPOSAL_ENC_ALGS_CTOS,
 	PROPOSAL_ENC_ALGS_STOC,
 	PROPOSAL_MAC_ALGS_CTOS,
 	PROPOSAL_MAC_ALGS_STOC,
diff --git a/openssh-6.6p1/monitor.c b/openssh-6.6p1/monitor.c
--- a/openssh-6.6p1/monitor.c
+++ b/openssh-6.6p1/monitor.c
@@ -81,17 +81,16 @@
 #include "sshpty.h"
 #include "channels.h"
 #include "session.h"
 #include "sshlogin.h"
 #include "canohost.h"
 #include "log.h"
 #include "servconf.h"
 #include "monitor.h"
-#include "monitor_mm.h"
 #ifdef GSSAPI
 #include "ssh-gss.h"
 #endif
 #include "monitor_wrap.h"
 #include "monitor_fdpass.h"
 #include "misc.h"
 #include "compat.h"
 #include "ssh2.h"
@@ -114,18 +113,16 @@ extern Buffer auth_debug;
 extern int auth_debug_init;
 extern Buffer loginmsg;
 
 extern void destroy_sensitive_data(int);
 
 /* State exported from the child */
 
 struct {
-	z_stream incoming;
-	z_stream outgoing;
 	u_char *keyin;
 	u_int keyinlen;
 	u_char *keyout;
 	u_int keyoutlen;
 	u_char *ivin;
 	u_int ivinlen;
 	u_char *ivout;
 	u_int ivoutlen;
@@ -519,25 +516,16 @@ monitor_child_postauth(struct monitor *p
 		monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1);
 		monitor_permit(mon_dispatch, MONITOR_REQ_PTYCLEANUP, 1);
 	}
 
 	for (;;)
 		monitor_read(pmonitor, mon_dispatch, NULL);
 }
 
-void
-monitor_sync(struct monitor *pmonitor)
-{
-	if (options.compression) {
-		/* The member allocation is not visible, so sync it */
-		mm_share_sync(&pmonitor->m_zlib, &pmonitor->m_zback);
-	}
-}
-
 static int
 monitor_read_log(struct monitor *pmonitor)
 {
 	Buffer logmsg;
 	u_int len, level;
 	char *msg;
 
 	buffer_init(&logmsg);
@@ -1878,25 +1866,16 @@ monitor_apply_keystate(struct monitor *p
 
 	if (!compat20) {
 		packet_set_iv(MODE_OUT, child_state.ivout);
 		free(child_state.ivout);
 		packet_set_iv(MODE_IN, child_state.ivin);
 		free(child_state.ivin);
 	}
 
-	memcpy(&incoming_stream, &child_state.incoming,
-	    sizeof(incoming_stream));
-	memcpy(&outgoing_stream, &child_state.outgoing,
-	    sizeof(outgoing_stream));
-
-	/* Update with new address */
-	if (options.compression)
-		mm_init_compression(pmonitor->m_zlib);
-
 	if (options.rekey_limit || options.rekey_interval)
 		packet_set_rekey_limits((u_int32_t)options.rekey_limit,
 		    (time_t)options.rekey_interval);
 
 	/* Network I/O buffers */
 	/* XXX inefficient for large buffers, need: buffer_init_from_string */
 	buffer_clear(packet_get_input());
 	buffer_append(packet_get_input(), child_state.input, child_state.ilen);
@@ -1965,18 +1944,18 @@ mm_get_kex(Buffer *m)
 }
 
 /* This function requries careful sanity checking */
 
 void
 mm_get_keystate(struct monitor *pmonitor)
 {
 	Buffer m;
-	u_char *blob, *p;
-	u_int bloblen, plen;
+	u_char *blob;
+	u_int bloblen;
 	u_int32_t seqnr, packets;
 	u_int64_t blocks, bytes;
 
 	debug3("%s: Waiting for new keys", __func__);
 
 	buffer_init(&m);
 	mm_request_receive_expect(pmonitor->m_sendfd, MONITOR_REQ_KEYEXPORT, &m);
 	if (!compat20) {
@@ -2016,30 +1995,16 @@ mm_get_keystate(struct monitor *pmonitor
 	bytes = buffer_get_int64(&m);
 	packet_set_state(MODE_IN, seqnr, blocks, packets, bytes);
 
  skip:
 	/* Get the key context */
 	child_state.keyout = buffer_get_string(&m, &child_state.keyoutlen);
 	child_state.keyin  = buffer_get_string(&m, &child_state.keyinlen);
 
-	debug3("%s: Getting compression state", __func__);
-	/* Get compression state */
-	p = buffer_get_string(&m, &plen);
-	if (plen != sizeof(child_state.outgoing))
-		fatal("%s: bad request size", __func__);
-	memcpy(&child_state.outgoing, p, sizeof(child_state.outgoing));
-	free(p);
-
-	p = buffer_get_string(&m, &plen);
-	if (plen != sizeof(child_state.incoming))
-		fatal("%s: bad request size", __func__);
-	memcpy(&child_state.incoming, p, sizeof(child_state.incoming));
-	free(p);
-
 	/* Network I/O buffers */
 	debug3("%s: Getting Network I/O buffers", __func__);
 	child_state.input = buffer_get_string(&m, &child_state.ilen);
 	child_state.output = buffer_get_string(&m, &child_state.olen);
 
 	/* Roaming */
 	if (compat20) {
 		child_state.sent_bytes = buffer_get_int64(&m);
@@ -2060,49 +2025,16 @@ mm_get_keystate(struct monitor *pmonitor
 
 	/* Drain any buffered messages from the child */
 	while (pmonitor->m_log_recvfd >= 0 && monitor_read_log(pmonitor) == 0)
 		;
 
 }
 
 
-/* Allocation functions for zlib */
-void *
-mm_zalloc(struct mm_master *mm, u_int ncount, u_int size)
-{
-	size_t len = (size_t) size * ncount;
-	void *address;
-
-	if (len == 0 || ncount > SIZE_T_MAX / size)
-		fatal("%s: mm_zalloc(%u, %u)", __func__, ncount, size);
-
-	address = mm_malloc(mm, len);
-
-	return (address);
-}
-
-void
-mm_zfree(struct mm_master *mm, void *address)
-{
-	mm_free(mm, address);
-}
-
-void
-mm_init_compression(struct mm_master *mm)
-{
-	outgoing_stream.zalloc = (alloc_func)mm_zalloc;
-	outgoing_stream.zfree = (free_func)mm_zfree;
-	outgoing_stream.opaque = mm;
-
-	incoming_stream.zalloc = (alloc_func)mm_zalloc;
-	incoming_stream.zfree = (free_func)mm_zfree;
-	incoming_stream.opaque = mm;
-}
-
 /* XXX */
 
 #define FD_CLOSEONEXEC(x) do { \
 	if (fcntl(x, F_SETFD, FD_CLOEXEC) == -1) \
 		fatal("fcntl(%d, F_SETFD)", x); \
 } while (0)
 
 static void
@@ -2134,25 +2066,16 @@ struct monitor *
 monitor_init(void)
 {
 	struct monitor *mon;
 
 	mon = xcalloc(1, sizeof(*mon));
 
 	monitor_openfds(mon, 1);
 
-	/* Used to share zlib space across processes */
-	if (options.compression) {
-		mon->m_zback = mm_create(NULL, MM_MEMSIZE);
-		mon->m_zlib = mm_create(mon->m_zback, 20 * MM_MEMSIZE);
-
-		/* Compression needs to share state across borders */
-		mm_init_compression(mon->m_zlib);
-	}
-
 	return mon;
 }
 
 void
 monitor_reinit(struct monitor *mon)
 {
 	monitor_openfds(mon, 0);
 }
diff --git a/openssh-6.6p1/monitor.h b/openssh-6.6p1/monitor.h
--- a/openssh-6.6p1/monitor.h
+++ b/openssh-6.6p1/monitor.h
@@ -70,31 +70,27 @@ enum monitor_reqtype {
 	MONITOR_REQ_AUDIT_SESSION_KEY_FREE = 120, MONITOR_ANS_AUDIT_SESSION_KEY_FREE = 121,
 	MONITOR_REQ_AUDIT_SERVER_KEY_FREE = 122, MONITOR_ANS_AUDIT_SERVER_KEY_FREE = 123,
 
 	MONITOR_REQ_GSSSIGN = 201, MONITOR_ANS_GSSSIGN = 202,
 	MONITOR_REQ_GSSUPCREDS = 203, MONITOR_ANS_GSSUPCREDS = 204,
 
 };
 
-struct mm_master;
 struct monitor {
 	int			 m_recvfd;
 	int			 m_sendfd;
 	int			 m_log_recvfd;
 	int			 m_log_sendfd;
-	struct mm_master	*m_zback;
-	struct mm_master	*m_zlib;
 	struct Kex		**m_pkex;
 	pid_t			 m_pid;
 };
 
 struct monitor *monitor_init(void);
 void monitor_reinit(struct monitor *);
-void monitor_sync(struct monitor *);
 
 struct Authctxt;
 void monitor_child_preauth(struct Authctxt *, struct monitor *);
 void monitor_child_postauth(struct monitor *);
 
 struct mon_table;
 int monitor_read(struct monitor*, struct mon_table *, struct mon_table **);
 
diff --git a/openssh-6.6p1/monitor_mm.c b/openssh-6.6p1/monitor_mm.c
deleted file mode 100644
--- a/openssh-6.6p1/monitor_mm.c
+++ /dev/null
@@ -1,355 +0,0 @@
-/* $OpenBSD: monitor_mm.c,v 1.19 2014/01/04 17:50:55 tedu Exp $ */
-/*
- * Copyright 2002 Niels Provos <provos@citi.umich.edu>
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "includes.h"
-
-#include <sys/types.h>
-#ifdef HAVE_SYS_MMAN_H
-#include <sys/mman.h>
-#endif
-#include <sys/param.h>
-#include "openbsd-compat/sys-tree.h"
-
-#include <errno.h>
-#include <stdarg.h>
-#include <stddef.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include "xmalloc.h"
-#include "ssh.h"
-#include "log.h"
-#include "monitor_mm.h"
-
-static int
-mm_compare(struct mm_share *a, struct mm_share *b)
-{
-	ptrdiff_t diff = (char *)a->address - (char *)b->address;
-
-	if (diff == 0)
-		return (0);
-	else if (diff < 0)
-		return (-1);
-	else
-		return (1);
-}
-
-RB_GENERATE(mmtree, mm_share, next, mm_compare)
-
-static struct mm_share *
-mm_make_entry(struct mm_master *mm, struct mmtree *head,
-    void *address, size_t size)
-{
-	struct mm_share *tmp, *tmp2;
-
-	if (mm->mmalloc == NULL)
-		tmp = xcalloc(1, sizeof(struct mm_share));
-	else
-		tmp = mm_xmalloc(mm->mmalloc, sizeof(struct mm_share));
-	tmp->address = address;
-	tmp->size = size;
-
-	tmp2 = RB_INSERT(mmtree, head, tmp);
-	if (tmp2 != NULL)
-		fatal("mm_make_entry(%p): double address %p->%p(%zu)",
-		    mm, tmp2, address, size);
-
-	return (tmp);
-}
-
-/* Creates a shared memory area of a certain size */
-
-struct mm_master *
-mm_create(struct mm_master *mmalloc, size_t size)
-{
-	void *address;
-	struct mm_master *mm;
-
-	if (mmalloc == NULL)
-		mm = xcalloc(1, sizeof(struct mm_master));
-	else
-		mm = mm_xmalloc(mmalloc, sizeof(struct mm_master));
-
-	/*
-	 * If the memory map has a mm_master it can be completely
-	 * shared including authentication between the child
-	 * and the client.
-	 */
-	mm->mmalloc = mmalloc;
-
-	address = xmmap(size);
-	if (address == (void *)MAP_FAILED)
-		fatal("mmap(%zu): %s", size, strerror(errno));
-
-	mm->address = address;
-	mm->size = size;
-
-	RB_INIT(&mm->rb_free);
-	RB_INIT(&mm->rb_allocated);
-
-	mm_make_entry(mm, &mm->rb_free, address, size);
-
-	return (mm);
-}
-
-/* Frees either the allocated or the free list */
-
-static void
-mm_freelist(struct mm_master *mmalloc, struct mmtree *head)
-{
-	struct mm_share *mms, *next;
-
-	for (mms = RB_ROOT(head); mms; mms = next) {
-		next = RB_NEXT(mmtree, head, mms);
-		RB_REMOVE(mmtree, head, mms);
-		if (mmalloc == NULL)
-			free(mms);
-		else
-			mm_free(mmalloc, mms);
-	}
-}
-
-/* Destroys a memory mapped area */
-
-void
-mm_destroy(struct mm_master *mm)
-{
-	mm_freelist(mm->mmalloc, &mm->rb_free);
-	mm_freelist(mm->mmalloc, &mm->rb_allocated);
-
-#ifdef HAVE_MMAP
-	if (munmap(mm->address, mm->size) == -1)
-		fatal("munmap(%p, %zu): %s", mm->address, mm->size,
-		    strerror(errno));
-#else
-	fatal("%s: UsePrivilegeSeparation=yes and Compression=yes not supported",
-	    __func__);
-#endif
-	if (mm->mmalloc == NULL)
-		free(mm);
-	else
-		mm_free(mm->mmalloc, mm);
-}
-
-void *
-mm_xmalloc(struct mm_master *mm, size_t size)
-{
-	void *address;
-
-	address = mm_malloc(mm, size);
-	if (address == NULL)
-		fatal("%s: mm_malloc(%zu)", __func__, size);
-	memset(address, 0, size);
-	return (address);
-}
-
-
-/* Allocates data from a memory mapped area */
-
-void *
-mm_malloc(struct mm_master *mm, size_t size)
-{
-	struct mm_share *mms, *tmp;
-
-	if (size == 0)
-		fatal("mm_malloc: try to allocate 0 space");
-	if (size > SIZE_T_MAX - MM_MINSIZE + 1)
-		fatal("mm_malloc: size too big");
-
-	size = ((size + (MM_MINSIZE - 1)) / MM_MINSIZE) * MM_MINSIZE;
-
-	RB_FOREACH(mms, mmtree, &mm->rb_free) {
-		if (mms->size >= size)
-			break;
-	}
-
-	if (mms == NULL)
-		return (NULL);
-
-	/* Debug */
-	memset(mms->address, 0xd0, size);
-
-	tmp = mm_make_entry(mm, &mm->rb_allocated, mms->address, size);
-
-	/* Does not change order in RB tree */
-	mms->size -= size;
-	mms->address = (char *)mms->address + size;
-
-	if (mms->size == 0) {
-		RB_REMOVE(mmtree, &mm->rb_free, mms);
-		if (mm->mmalloc == NULL)
-			free(mms);
-		else
-			mm_free(mm->mmalloc, mms);
-	}
-
-	return (tmp->address);
-}
-
-/* Frees memory in a memory mapped area */
-
-void
-mm_free(struct mm_master *mm, void *address)
-{
-	struct mm_share *mms, *prev, tmp;
-
-	tmp.address = address;
-	mms = RB_FIND(mmtree, &mm->rb_allocated, &tmp);
-	if (mms == NULL)
-		fatal("mm_free(%p): can not find %p", mm, address);
-
-	/* Debug */
-	memset(mms->address, 0xd0, mms->size);
-
-	/* Remove from allocated list and insert in free list */
-	RB_REMOVE(mmtree, &mm->rb_allocated, mms);
-	if (RB_INSERT(mmtree, &mm->rb_free, mms) != NULL)
-		fatal("mm_free(%p): double address %p", mm, address);
-
-	/* Find previous entry */
-	prev = mms;
-	if (RB_LEFT(prev, next)) {
-		prev = RB_LEFT(prev, next);
-		while (RB_RIGHT(prev, next))
-			prev = RB_RIGHT(prev, next);
-	} else {
-		if (RB_PARENT(prev, next) &&
-		    (prev == RB_RIGHT(RB_PARENT(prev, next), next)))
-			prev = RB_PARENT(prev, next);
-		else {
-			while (RB_PARENT(prev, next) &&
-			    (prev == RB_LEFT(RB_PARENT(prev, next), next)))
-				prev = RB_PARENT(prev, next);
-			prev = RB_PARENT(prev, next);
-		}
-	}
-
-	/* Check if range does not overlap */
-	if (prev != NULL && MM_ADDRESS_END(prev) > address)
-		fatal("mm_free: memory corruption: %p(%zu) > %p",
-		    prev->address, prev->size, address);
-
-	/* See if we can merge backwards */
-	if (prev != NULL && MM_ADDRESS_END(prev) == address) {
-		prev->size += mms->size;
-		RB_REMOVE(mmtree, &mm->rb_free, mms);
-		if (mm->mmalloc == NULL)
-			free(mms);
-		else
-			mm_free(mm->mmalloc, mms);
-	} else
-		prev = mms;
-
-	if (prev == NULL)
-		return;
-
-	/* Check if we can merge forwards */
-	mms = RB_NEXT(mmtree, &mm->rb_free, prev);
-	if (mms == NULL)
-		return;
-
-	if (MM_ADDRESS_END(prev) > mms->address)
-		fatal("mm_free: memory corruption: %p < %p(%zu)",
-		    mms->address, prev->address, prev->size);
-	if (MM_ADDRESS_END(prev) != mms->address)
-		return;
-
-	prev->size += mms->size;
-	RB_REMOVE(mmtree, &mm->rb_free, mms);
-
-	if (mm->mmalloc == NULL)
-		free(mms);
-	else
-		mm_free(mm->mmalloc, mms);
-}
-
-static void
-mm_sync_list(struct mmtree *oldtree, struct mmtree *newtree,
-    struct mm_master *mm, struct mm_master *mmold)
-{
-	struct mm_master *mmalloc = mm->mmalloc;
-	struct mm_share *mms, *new;
-
-	/* Sync free list */
-	RB_FOREACH(mms, mmtree, oldtree) {
-		/* Check the values */
-		mm_memvalid(mmold, mms, sizeof(struct mm_share));
-		mm_memvalid(mm, mms->address, mms->size);
-
-		new = mm_xmalloc(mmalloc, sizeof(struct mm_share));
-		memcpy(new, mms, sizeof(struct mm_share));
-		RB_INSERT(mmtree, newtree, new);
-	}
-}
-
-void
-mm_share_sync(struct mm_master **pmm, struct mm_master **pmmalloc)
-{
-	struct mm_master *mm;
-	struct mm_master *mmalloc;
-	struct mm_master *mmold;
-	struct mmtree rb_free, rb_allocated;
-
-	debug3("%s: Share sync", __func__);
-
-	mm = *pmm;
-	mmold = mm->mmalloc;
-	mm_memvalid(mmold, mm, sizeof(*mm));
-
-	mmalloc = mm_create(NULL, mm->size);
-	mm = mm_xmalloc(mmalloc, sizeof(struct mm_master));
-	memcpy(mm, *pmm, sizeof(struct mm_master));
-	mm->mmalloc = mmalloc;
-
-	rb_free = mm->rb_free;
-	rb_allocated = mm->rb_allocated;
-
-	RB_INIT(&mm->rb_free);
-	RB_INIT(&mm->rb_allocated);
-
-	mm_sync_list(&rb_free, &mm->rb_free, mm, mmold);
-	mm_sync_list(&rb_allocated, &mm->rb_allocated, mm, mmold);
-
-	mm_destroy(mmold);
-
-	*pmm = mm;
-	*pmmalloc = mmalloc;
-
-	debug3("%s: Share sync end", __func__);
-}
-
-void
-mm_memvalid(struct mm_master *mm, void *address, size_t size)
-{
-	void *end = (char *)address + size;
-
-	if (address < mm->address)
-		fatal("mm_memvalid: address too small: %p", address);
-	if (end < address)
-		fatal("mm_memvalid: end < address: %p < %p", end, address);
-	if (end > MM_ADDRESS_END(mm))
-		fatal("mm_memvalid: address too large: %p", address);
-}
diff --git a/openssh-6.6p1/monitor_mm.h b/openssh-6.6p1/monitor_mm.h
deleted file mode 100644
--- a/openssh-6.6p1/monitor_mm.h
+++ /dev/null
@@ -1,62 +0,0 @@
-/* $OpenBSD: monitor_mm.h,v 1.6 2014/01/04 17:50:55 tedu Exp $ */
-
-/*
- * Copyright 2002 Niels Provos <provos@citi.umich.edu>
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#ifndef _MM_H_
-#define _MM_H_
-
-struct mm_share {
-	RB_ENTRY(mm_share) next;
-	void *address;
-	size_t size;
-};
-
-struct mm_master {
-	RB_HEAD(mmtree, mm_share) rb_free;
-	struct mmtree rb_allocated;
-	void *address;
-	size_t size;
-
-	struct mm_master *mmalloc;	/* Used to completely share */
-};
-
-RB_PROTOTYPE(mmtree, mm_share, next, mm_compare)
-
-#define MM_MINSIZE		128
-
-#define MM_ADDRESS_END(x)	(void *)((char *)(x)->address + (x)->size)
-
-struct mm_master *mm_create(struct mm_master *, size_t);
-void mm_destroy(struct mm_master *);
-
-void mm_share_sync(struct mm_master **, struct mm_master **);
-
-void *mm_malloc(struct mm_master *, size_t);
-void *mm_xmalloc(struct mm_master *, size_t);
-void mm_free(struct mm_master *, void *);
-
-void mm_memvalid(struct mm_master *, void *, size_t);
-#endif /* _MM_H_ */
diff --git a/openssh-6.6p1/monitor_wrap.c b/openssh-6.6p1/monitor_wrap.c
--- a/openssh-6.6p1/monitor_wrap.c
+++ b/openssh-6.6p1/monitor_wrap.c
@@ -140,17 +140,16 @@ mm_request_send(int sock, enum monitor_r
 
 void
 mm_request_receive(int sock, Buffer *m)
 {
 	u_char buf[4];
 	u_int msg_len;
 
 	debug3("%s entering", __func__);
-
 	if (atomicio(read, sock, buf, sizeof(buf)) != sizeof(buf)) {
 		if (errno == EPIPE)
 			cleanup_exit(255);
 		fatal("%s: read: %s", __func__, strerror(errno));
 	}
 	msg_len = get_u32(buf);
 	if (msg_len > 256 * 1024)
 		fatal("%s: read: bad msg_len %d", __func__, msg_len);
@@ -521,17 +520,16 @@ mm_newkeys_from_blob(u_char *blob, int b
 		if (len > mac->key_len)
 			fatal("%s: bad mac key length: %u > %d", __func__, len,
 			    mac->key_len);
 		mac->key_len = len;
 	}
 
 	/* Comp structure */
 	comp->type = buffer_get_int(&b);
-	comp->enabled = buffer_get_int(&b);
 	comp->name = buffer_get_string(&b, NULL);
 
 	len = buffer_len(&b);
 	if (len != 0)
 		error("newkeys_from_blob: remaining bytes in blob %u", len);
 	buffer_free(&b);
 	return (newkey);
 }
@@ -571,17 +569,16 @@ mm_newkeys_to_blob(int mode, u_char **bl
 	if (cipher_authlen(enc->cipher) == 0) {
 		buffer_put_cstring(&b, mac->name);
 		buffer_put_int(&b, mac->enabled);
 		buffer_put_string(&b, mac->key, mac->key_len);
 	}
 
 	/* Comp structure */
 	buffer_put_int(&b, comp->type);
-	buffer_put_int(&b, comp->enabled);
 	buffer_put_cstring(&b, comp->name);
 
 	len = buffer_len(&b);
 	if (lenp != NULL)
 		*lenp = len;
 	if (blobp != NULL) {
 		*blobp = xmalloc(len);
 		memcpy(*blobp, buffer_ptr(&b), len);
@@ -685,21 +682,16 @@ mm_send_keystate(struct monitor *monitor
 	free(p);
 
 	plen = packet_get_keycontext(MODE_IN, NULL);
 	p = xmalloc(plen+1);
 	packet_get_keycontext(MODE_IN, p);
 	buffer_put_string(&m, p, plen);
 	free(p);
 
-	/* Compression state */
-	debug3("%s: Sending compression state", __func__);
-	buffer_put_string(&m, &outgoing_stream, sizeof(outgoing_stream));
-	buffer_put_string(&m, &incoming_stream, sizeof(incoming_stream));
-
 	/* Network I/O buffers */
 	input = (Buffer *)packet_get_input();
 	output = (Buffer *)packet_get_output();
 	buffer_put_string(&m, buffer_ptr(input), buffer_len(input));
 	buffer_put_string(&m, buffer_ptr(output), buffer_len(output));
 
 	/* Roaming */
 	if (compat20) {
diff --git a/openssh-6.6p1/monitor_wrap.h b/openssh-6.6p1/monitor_wrap.h
--- a/openssh-6.6p1/monitor_wrap.h
+++ b/openssh-6.6p1/monitor_wrap.h
@@ -105,15 +105,9 @@ void mm_send_keystate(struct monitor*);
 /* bsdauth */
 int mm_bsdauth_query(void *, char **, char **, u_int *, char ***, u_int **);
 int mm_bsdauth_respond(void *, u_int, char **);
 
 /* skey */
 int mm_skey_query(void *, char **, char **, u_int *, char ***, u_int **);
 int mm_skey_respond(void *, u_int, char **);
 
-/* zlib allocation hooks */
-
-void *mm_zalloc(struct mm_master *, u_int, u_int);
-void mm_zfree(struct mm_master *, void *);
-void mm_init_compression(struct mm_master *);
-
 #endif /* _MM_WRAP_H_ */
diff --git a/openssh-6.6p1/myproposal.h b/openssh-6.6p1/myproposal.h
--- a/openssh-6.6p1/myproposal.h
+++ b/openssh-6.6p1/myproposal.h
@@ -142,17 +142,17 @@
 	"hmac-md5-96"
 #define	KEX_DEFAULT_MAC_FIPS140_2 \
 	"hmac-sha1-etm@openssh.com," \
 	"hmac-sha2-256-etm@openssh.com," \
 	"hmac-sha2-512-etm@openssh.com," \
 	"hmac-sha1," \
 	SHA2_HMAC_MODES \
 
-#define	KEX_DEFAULT_COMP	"none,zlib@openssh.com,zlib"
+#define	KEX_DEFAULT_COMP	"none,zlib@openssh.com"
 #define	KEX_DEFAULT_LANG	""
 
 
 static char *myproposal[PROPOSAL_MAX] = {
 	KEX_DEFAULT_KEX,
 	KEX_DEFAULT_PK_ALG,
 	KEX_DEFAULT_ENCRYPT,
 	KEX_DEFAULT_ENCRYPT,
diff --git a/openssh-6.6p1/openbsd-compat/Makefile.in b/openssh-6.6p1/openbsd-compat/Makefile.in
--- a/openssh-6.6p1/openbsd-compat/Makefile.in
+++ b/openssh-6.6p1/openbsd-compat/Makefile.in
@@ -13,17 +13,17 @@ CPPFLAGS=-I. -I.. -I$(srcdir) -I$(srcdir
 LIBS=@LIBS@
 AR=@AR@
 RANLIB=@RANLIB@
 INSTALL=@INSTALL@
 LDFLAGS=-L. @LDFLAGS@
 
 OPENBSD=base64.o basename.o bcrypt_pbkdf.o bindresvport.o blowfish.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt_long.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sha2.o sigact.o strlcat.o strlcpy.o strmode.o strnlen.o strptime.o strsep.o strtonum.o strtoll.o strtoul.o strtoull.o timingsafe_bcmp.o vis.o blowfish.o bcrypt_pbkdf.o explicit_bzero.o
 
-COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o
+COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xcrypt.o
 
 PORTS=port-aix.o port-irix.o port-linux.o port-linux-prng.o port-solaris.o port-tun.o port-uw.o
 
 .c.o:
 	$(CC) $(CFLAGS) $(CPPFLAGS) -c $<
 
 all: libopenbsd-compat.a
 
diff --git a/openssh-6.6p1/openbsd-compat/openbsd-compat.h b/openssh-6.6p1/openbsd-compat/openbsd-compat.h
--- a/openssh-6.6p1/openbsd-compat/openbsd-compat.h
+++ b/openssh-6.6p1/openbsd-compat/openbsd-compat.h
@@ -245,17 +245,16 @@ int timingsafe_bcmp(const void *, const 
 int	bcrypt_pbkdf(const char *, size_t, const u_int8_t *, size_t,
     u_int8_t *, size_t, unsigned int);
 #endif
 
 #ifndef HAVE_EXPLICIT_BZERO
 void explicit_bzero(void *p, size_t n);
 #endif
 
-void *xmmap(size_t size);
 char *xcrypt(const char *password, const char *salt);
 char *shadow_pw(struct passwd *pw);
 
 /* rfc2553 socket API replacements */
 #include "fake-rfc2553.h"
 
 /* Routines for a single OS platform */
 #include "bsd-cray.h"
diff --git a/openssh-6.6p1/openbsd-compat/xmmap.c b/openssh-6.6p1/openbsd-compat/xmmap.c
deleted file mode 100644
--- a/openssh-6.6p1/openbsd-compat/xmmap.c
+++ /dev/null
@@ -1,88 +0,0 @@
-/*
- * Copyright (c) 2002 Tim Rice.  All rights reserved.
- * MAP_FAILED code by Solar Designer.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/* $Id: xmmap.c,v 1.15 2009/02/16 04:21:40 djm Exp $ */
-
-#include "includes.h"
-
-#include <sys/types.h>
-#ifdef HAVE_SYS_MMAN_H
-#include <sys/mman.h>
-#endif
-#include <sys/stat.h>
-
-#ifdef HAVE_FCNTL_H
-# include <fcntl.h>
-#endif
-#include <errno.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-
-#include "log.h"
-
-void *
-xmmap(size_t size)
-{
-#ifdef HAVE_MMAP
-	void *address;
-
-# ifdef MAP_ANON
-	address = mmap(NULL, size, PROT_WRITE|PROT_READ, MAP_ANON|MAP_SHARED,
-	    -1, (off_t)0);
-# else
-	address = mmap(NULL, size, PROT_WRITE|PROT_READ, MAP_SHARED,
-	    open("/dev/zero", O_RDWR), (off_t)0);
-# endif
-
-#define MM_SWAP_TEMPLATE "/var/run/sshd.mm.XXXXXXXX"
-	if (address == (void *)MAP_FAILED) {
-		char tmpname[sizeof(MM_SWAP_TEMPLATE)] = MM_SWAP_TEMPLATE;
-		int tmpfd;
-		mode_t old_umask;
-
-		old_umask = umask(0177);
-		tmpfd = mkstemp(tmpname);
-		umask(old_umask);
-		if (tmpfd == -1)
-			fatal("mkstemp(\"%s\"): %s",
-			    MM_SWAP_TEMPLATE, strerror(errno));
-		unlink(tmpname);
-		if (ftruncate(tmpfd, size) != 0)
-			fatal("%s: ftruncate: %s", __func__, strerror(errno));
-		address = mmap(NULL, size, PROT_WRITE|PROT_READ, MAP_SHARED,
-		    tmpfd, (off_t)0);
-		close(tmpfd);
-	}
-
-	return (address);
-#else
-	fatal("%s: UsePrivilegeSeparation=yes and Compression=yes not supported",
-	    __func__);
-#endif /* HAVE_MMAP */
-
-}
-
diff --git a/openssh-6.6p1/packet.c b/openssh-6.6p1/packet.c
--- a/openssh-6.6p1/packet.c
+++ b/openssh-6.6p1/packet.c
@@ -808,25 +808,25 @@ set_newkeys(int mode)
 		mac->enabled = 1;
 	DBG(debug("cipher_init_context: %d", mode));
 	cipher_init(cc, enc->cipher, enc->key, enc->key_len,
 	    enc->iv, enc->iv_len, crypt_type);
 	/* Deleting the keys does not gain extra security */
 	/* explicit_bzero(enc->iv,  enc->block_size);
 	   explicit_bzero(enc->key, enc->key_len);
 	   explicit_bzero(mac->key, mac->key_len); */
-	if ((comp->type == COMP_ZLIB ||
-	    (comp->type == COMP_DELAYED &&
+	if (((comp->type == COMP_DELAYED &&
 	     active_state->after_authentication)) && comp->enabled == 0) {
 		packet_init_compression();
 		if (mode == MODE_OUT)
 			buffer_compress_init_send(6);
 		else
 			buffer_compress_init_recv();
 		comp->enabled = 1;
+
 	}
 	/*
 	 * The 2^(blocksize*2) limit is too expensive for 3DES,
 	 * blowfish, etc, so enforce a 1GB limit for small blocksizes.
 	 */
 	if (enc->block_size >= 16)
 		*max_blocks = (u_int64_t)1 << (enc->block_size*2);
 	else
@@ -2007,16 +2007,17 @@ packet_set_server(void)
 {
 	active_state->server_side = 1;
 }
 
 void
 packet_set_authenticated(void)
 {
 	active_state->after_authentication = 1;
+	packet_enable_delayed_compress();
 }
 
 void *
 packet_get_input(void)
 {
 	return (void *)&active_state->input;
 }
 
diff --git a/openssh-6.6p1/servconf.c b/openssh-6.6p1/servconf.c
--- a/openssh-6.6p1/servconf.c
+++ b/openssh-6.6p1/servconf.c
@@ -835,18 +835,18 @@ static const struct multistate multistat
 static const struct multistate multistate_permitrootlogin[] = {
 	{ "without-password",		PERMIT_NO_PASSWD },
 	{ "forced-commands-only",	PERMIT_FORCED_ONLY },
 	{ "yes",			PERMIT_YES },
 	{ "no",				PERMIT_NO },
 	{ NULL, -1 }
 };
 static const struct multistate multistate_compression[] = {
+	{ "yes",			COMP_DELAYED },
 	{ "delayed",			COMP_DELAYED },
-	{ "yes",			COMP_ZLIB },
 	{ "no",				COMP_NONE },
 	{ NULL, -1 }
 };
 static const struct multistate multistate_gatewayports[] = {
 	{ "clientspecified",		2 },
 	{ "yes",			1 },
 	{ "no",				0 },
 	{ NULL, -1 }
diff --git a/openssh-6.6p1/sshconnect2.c b/openssh-6.6p1/sshconnect2.c
--- a/openssh-6.6p1/sshconnect2.c
+++ b/openssh-6.6p1/sshconnect2.c
@@ -202,20 +202,20 @@ ssh_kex2(char *host, struct sockaddr *ho
 		myproposal[PROPOSAL_ENC_ALGS_STOC] = KEX_DEFAULT_ENCRYPT_FIPS140_2;
 	}
 	myproposal[PROPOSAL_ENC_ALGS_CTOS] =
 	    compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]);
 	myproposal[PROPOSAL_ENC_ALGS_STOC] =
 	    compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_STOC]);
 	if (options.compression) {
 		myproposal[PROPOSAL_COMP_ALGS_CTOS] =
-		myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib@openssh.com,zlib,none";
+		myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib@openssh.com,none";
 	} else {
 		myproposal[PROPOSAL_COMP_ALGS_CTOS] =
-		myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib@openssh.com,zlib";
+		myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib@openssh.com";
 	}
 	if (options.macs != NULL) {
 		myproposal[PROPOSAL_MAC_ALGS_CTOS] =
 		myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
 	} else if (fips_mode()) {
         /* TODO: use intersection of FIPS macs and those requested in
          * configuration */
 		myproposal[PROPOSAL_MAC_ALGS_CTOS] =
diff --git a/openssh-6.6p1/sshd.c b/openssh-6.6p1/sshd.c
--- a/openssh-6.6p1/sshd.c
+++ b/openssh-6.6p1/sshd.c
@@ -109,17 +109,16 @@
 #include "hostfile.h"
 #include "auth.h"
 #include "authfd.h"
 #include "misc.h"
 #include "msg.h"
 #include "dispatch.h"
 #include "channels.h"
 #include "session.h"
-#include "monitor_mm.h"
 #include "monitor.h"
 #ifdef GSSAPI
 #include "ssh-gss.h"
 #endif
 #include "monitor_wrap.h"
 #include "roaming.h"
 #include "ssh-sandbox.h"
 #include "version.h"
@@ -739,19 +738,16 @@ privsep_preauth(Authctxt *authctxt)
 
 		pmonitor->m_pid = pid;
 		if (have_agent)
 			auth_conn = ssh_get_authentication_connection();
 		if (box != NULL)
 			ssh_sandbox_parent_preauth(box, pid);
 		monitor_child_preauth(authctxt, pmonitor);
 
-		/* Sync memory */
-		monitor_sync(pmonitor);
-
 		/* Wait for the child's exit status */
 		while (waitpid(pid, &status, 0) < 0) {
 			if (errno == EINTR)
 				continue;
 			pmonitor->m_pid = -1;
 			fatal("%s: waitpid: %s", __func__, strerror(errno));
 		}
 		privsep_is_preauth = 0;
@@ -2664,19 +2660,16 @@ do_ssh2_kex(void)
 		myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
 	} else if (fips_mode()) {
 		myproposal[PROPOSAL_MAC_ALGS_CTOS] =
 		myproposal[PROPOSAL_MAC_ALGS_STOC] = KEX_DEFAULT_MAC_FIPS140_2;
 	}
 	if (options.compression == COMP_NONE) {
 		myproposal[PROPOSAL_COMP_ALGS_CTOS] =
 		myproposal[PROPOSAL_COMP_ALGS_STOC] = "none";
-	} else if (options.compression == COMP_DELAYED) {
-		myproposal[PROPOSAL_COMP_ALGS_CTOS] =
-		myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib@openssh.com";
 	}
 	if (options.kex_algorithms != NULL)
 		myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms;
 	else if (fips_mode())
 		myproposal[PROPOSAL_KEX_ALGS] = KEX_DEFAULT_KEX_FIPS140_2;
 
 	myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(
 	    myproposal[PROPOSAL_KEX_ALGS]);
diff --git a/openssh-6.6p1/sshd_config.5 b/openssh-6.6p1/sshd_config.5
--- a/openssh-6.6p1/sshd_config.5
+++ b/openssh-6.6p1/sshd_config.5
@@ -409,25 +409,27 @@ Sets a timeout interval in seconds after
 from the client,
 .Xr sshd 8
 will send a message through the encrypted
 channel to request a response from the client.
 The default
 is 0, indicating that these messages will not be sent to the client.
 This option applies to protocol version 2 only.
 .It Cm Compression
-Specifies whether compression is allowed, or delayed until
+Specifies whether compression is enabled after
 the user has authenticated successfully.
 The argument must be
 .Dq yes ,
-.Dq delayed ,
+.Dq delayed
+(a legacy synonym for
+.Dq yes )
 or
 .Dq no .
 The default is
-.Dq delayed .
+.Dq yes .
 .It Cm DenyGroups
 This keyword can be followed by a list of group name patterns, separated
 by spaces.
 Login is disallowed for users whose primary group or supplementary
 group list matches one of the patterns.
 Only group names are valid; a numerical group ID is not recognized.
 By default, login is allowed for all groups.
 The allow/deny directives are processed in the following order:
openSUSE Build Service is sponsored by