Bring in upstream commit ec165c392ca54317dbe3064a8c200de6531e89ad: Unregister the KEXINIT handler after message has been received. Otherwise an unauthenticated peer can repeat the KEXINIT and cause allocation of up to 128MB -- until the connection is closed. Reported by shilei-c at 360.cn Security: CVE-2016-8858
head/security/openssh-portable/Makefile
head/security/openssh-portable/files/patch-kex.c