gentoo resync : 13.10.2019

6 files changed, 753 insertions, 0 deletions

diff --git a/net-misc/openssh/files/openssh-8.0_p1-deny-shmget-shmat-shmdt-in-preauth-privsep-child.patch b/net-misc/openssh/files/openssh-8.0_p1-deny-shmget-shmat-shmdt-in-preauth-privsep-child.patch
new file mode 100644
index 000000000000..fe3be2409e2a
--- /dev/null
+++ b/net-misc/openssh/files/openssh-8.0_p1-deny-shmget-shmat-shmdt-in-preauth-privsep-child.patch
@@ -0,0 +1,31 @@
+From 3ef92a657444f172b61f92d5da66d94fa8265602 Mon Sep 17 00:00:00 2001
+From: Lonnie Abelbeck <lonnie@abelbeck.com>
+Date: Tue, 1 Oct 2019 09:05:09 -0500
+Subject: [PATCH] Deny (non-fatal) shmget/shmat/shmdt in preauth privsep child.
+
+New wait_random_seeded() function on OpenSSL 1.1.1d uses shmget, shmat, and shmdt
+in the preauth codepath, deny (non-fatal) in seccomp_filter sandbox.
+---
+ sandbox-seccomp-filter.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
+index 840c5232b..39dc289e3 100644
+--- a/sandbox-seccomp-filter.c
++++ b/sandbox-seccomp-filter.c
+@@ -168,6 +168,15 @@ static const struct sock_filter preauth_insns[] = {
+ #ifdef __NR_stat64
+ 	SC_DENY(__NR_stat64, EACCES),
+ #endif
++#ifdef __NR_shmget
++	SC_DENY(__NR_shmget, EACCES),
++#endif
++#ifdef __NR_shmat
++	SC_DENY(__NR_shmat, EACCES),
++#endif
++#ifdef __NR_shmdt
++	SC_DENY(__NR_shmdt, EACCES),
++#endif
+ 
+ 	/* Syscalls to permit */
+ #ifdef __NR_brk
diff --git a/net-misc/openssh/files/openssh-8.0_p1-fix-an-unreachable-integer-overflow-similar-to-the-XMSS-case.patch b/net-misc/openssh/files/openssh-8.0_p1-fix-an-unreachable-integer-overflow-similar-to-the-XMSS-case.patch
new file mode 100644
index 000000000000..bffc591ef667
--- /dev/null
+++ b/net-misc/openssh/files/openssh-8.0_p1-fix-an-unreachable-integer-overflow-similar-to-the-XMSS-case.patch
@@ -0,0 +1,76 @@
+https://github.com/openssh/openssh-portable/commit/29e0ecd9b4eb3b9f305e2240351f0c59cad9ef81
+
+--- a/sshkey.c
++++ b/sshkey.c
+@@ -3209,6 +3209,10 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp)
+ 		if ((r = sshkey_froms(buf, &k)) != 0 ||
+ 		    (r = sshbuf_get_bignum2(buf, &dsa_priv_key)) != 0)
+ 			goto out;
++		if (k->type != type) {
++			r = SSH_ERR_INVALID_FORMAT;
++			goto out;
++		}
+ 		if (!DSA_set0_key(k->dsa, NULL, dsa_priv_key)) {
+ 			r = SSH_ERR_LIBCRYPTO_ERROR;
+ 			goto out;
+@@ -3252,6 +3256,11 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp)
+ 		if ((r = sshkey_froms(buf, &k)) != 0 ||
+ 		    (r = sshbuf_get_bignum2(buf, &exponent)) != 0)
+ 			goto out;
++		if (k->type != type ||
++		    k->ecdsa_nid != sshkey_ecdsa_nid_from_name(tname)) {
++			r = SSH_ERR_INVALID_FORMAT;
++			goto out;
++		}
+ 		if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1) {
+ 			r = SSH_ERR_LIBCRYPTO_ERROR;
+ 			goto out;
+@@ -3296,6 +3305,10 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp)
+ 		    (r = sshbuf_get_bignum2(buf, &rsa_p)) != 0 ||
+ 		    (r = sshbuf_get_bignum2(buf, &rsa_q)) != 0)
+ 			goto out;
++		if (k->type != type) {
++			r = SSH_ERR_INVALID_FORMAT;
++			goto out;
++		}
+ 		if (!RSA_set0_key(k->rsa, NULL, NULL, rsa_d)) {
+ 			r = SSH_ERR_LIBCRYPTO_ERROR;
+ 			goto out;
+@@ -3333,13 +3346,17 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp)
+ 		    (r = sshbuf_get_string(buf, &ed25519_pk, &pklen)) != 0 ||
+ 		    (r = sshbuf_get_string(buf, &ed25519_sk, &sklen)) != 0)
+ 			goto out;
++		if (k->type != type) {
++			r = SSH_ERR_INVALID_FORMAT;
++			goto out;
++		}
+ 		if (pklen != ED25519_PK_SZ || sklen != ED25519_SK_SZ) {
+ 			r = SSH_ERR_INVALID_FORMAT;
+ 			goto out;
+ 		}
+ 		k->ed25519_pk = ed25519_pk;
+ 		k->ed25519_sk = ed25519_sk;
+-		ed25519_pk = ed25519_sk = NULL;
++		ed25519_pk = ed25519_sk = NULL; /* transferred */
+ 		break;
+ #ifdef WITH_XMSS
+ 	case KEY_XMSS:
+@@ -3370,7 +3387,7 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp)
+ 		    (r = sshbuf_get_string(buf, &xmss_pk, &pklen)) != 0 ||
+ 		    (r = sshbuf_get_string(buf, &xmss_sk, &sklen)) != 0)
+ 			goto out;
+-		if (strcmp(xmss_name, k->xmss_name)) {
++		if (k->type != type || strcmp(xmss_name, k->xmss_name) != 0) {
+ 			r = SSH_ERR_INVALID_FORMAT;
+ 			goto out;
+ 		}
+@@ -3877,7 +3894,8 @@ sshkey_parse_private2(struct sshbuf *blob, int type, const char *passphrase,
+ 	}
+ 
+ 	/* check that an appropriate amount of auth data is present */
+-	if (sshbuf_len(decoded) < encrypted_len + authlen) {
++	if (sshbuf_len(decoded) < authlen ||
++	    sshbuf_len(decoded) - authlen < encrypted_len) {
+ 		r = SSH_ERR_INVALID_FORMAT;
+ 		goto out;
+ 	}
diff --git a/net-misc/openssh/files/openssh-8.0_p1-fix-integer-overflow-in-XMSS-private-key-parsing.patch b/net-misc/openssh/files/openssh-8.0_p1-fix-integer-overflow-in-XMSS-private-key-parsing.patch
new file mode 100644
index 000000000000..ba0bd02371d4
--- /dev/null
+++ b/net-misc/openssh/files/openssh-8.0_p1-fix-integer-overflow-in-XMSS-private-key-parsing.patch
@@ -0,0 +1,14 @@
+https://github.com/openssh/openssh-portable/commit/a546b17bbaeb12beac4c9aeed56f74a42b18a93a
+
+--- a/sshkey-xmss.c
++++ b/sshkey-xmss.c
+@@ -977,7 +977,8 @@ sshkey_xmss_decrypt_state(const struct sshkey *k, struct sshbuf *encoded,
+ 		goto out;
+ 	}
+ 	/* check that an appropriate amount of auth data is present */
+-	if (sshbuf_len(encoded) < encrypted_len + authlen) {
++	if (sshbuf_len(encoded) < authlen ||
++	    sshbuf_len(encoded) - authlen < encrypted_len) {
+ 		r = SSH_ERR_INVALID_FORMAT;
+ 		goto out;
+ 	}
diff --git a/net-misc/openssh/files/openssh-8.0_p1-fix-putty-tests.patch b/net-misc/openssh/files/openssh-8.0_p1-fix-putty-tests.patch
new file mode 100644
index 000000000000..4310aa123fc8
--- /dev/null
+++ b/net-misc/openssh/files/openssh-8.0_p1-fix-putty-tests.patch
@@ -0,0 +1,57 @@
+Make sure that host keys are already accepted before
+running tests.
+
+https://bugs.gentoo.org/493866
+
+--- a/regress/putty-ciphers.sh
++++ b/regress/putty-ciphers.sh
+@@ -10,11 +10,17 @@ fi
+ 
+ for c in aes 3des aes128-ctr aes192-ctr aes256-ctr ; do
+ 	verbose "$tid: cipher $c"
++	rm -f ${COPY}
+ 	cp ${OBJ}/.putty/sessions/localhost_proxy \
+ 	    ${OBJ}/.putty/sessions/cipher_$c
+ 	echo "Cipher=$c" >> ${OBJ}/.putty/sessions/cipher_$c
+ 
+-	rm -f ${COPY}
++	env HOME=$PWD echo "y" | ${PLINK} -load cipher_$c \
++	    -i ${OBJ}/putty.rsa2 "exit"
++	if [ $? -ne 0 ]; then
++		fail "failed to pre-cache host key"
++	fi
++
+ 	env HOME=$PWD ${PLINK} -load cipher_$c -batch -i ${OBJ}/putty.rsa2 \
+ 	    cat ${DATA} > ${COPY}
+ 	if [ $? -ne 0 ]; then
+--- a/regress/putty-kex.sh
++++ b/regress/putty-kex.sh
+@@ -14,6 +14,12 @@ for k in dh-gex-sha1 dh-group1-sha1 dh-group14-sha1 ; do
+ 	    ${OBJ}/.putty/sessions/kex_$k
+ 	echo "KEX=$k" >> ${OBJ}/.putty/sessions/kex_$k
+ 
++	env HOME=$PWD echo "y" | ${PLINK} -load kex_$k \
++	    -i ${OBJ}/putty.rsa2 "exit"
++	if [ $? -ne 0 ]; then
++		fail "failed to pre-cache host key"
++	fi
++
+ 	env HOME=$PWD ${PLINK} -load kex_$k -batch -i ${OBJ}/putty.rsa2 true
+ 	if [ $? -ne 0 ]; then
+ 		fail "KEX $k failed"
+--- a/regress/putty-transfer.sh
++++ b/regress/putty-transfer.sh
+@@ -14,6 +14,13 @@ for c in 0 1 ; do
+ 	cp ${OBJ}/.putty/sessions/localhost_proxy \
+ 	    ${OBJ}/.putty/sessions/compression_$c
+ 	echo "Compression=$c" >> ${OBJ}/.putty/sessions/kex_$k
++
++	env HOME=$PWD echo "y" | ${PLINK} -load compression_$c \
++	    -i ${OBJ}/putty.rsa2 "exit"
++	if [ $? -ne 0 ]; then
++		fail "failed to pre-cache host key"
++	fi
++
+ 	env HOME=$PWD ${PLINK} -load compression_$c -batch \
+ 	    -i ${OBJ}/putty.rsa2 cat ${DATA} > ${COPY}
+ 	if [ $? -ne 0 ]; then
diff --git a/net-misc/openssh/files/openssh-8.1_p1-GSSAPI-dns.patch b/net-misc/openssh/files/openssh-8.1_p1-GSSAPI-dns.patch
new file mode 100644
index 000000000000..6aba6f266945
--- /dev/null
+++ b/net-misc/openssh/files/openssh-8.1_p1-GSSAPI-dns.patch
@@ -0,0 +1,359 @@
+diff --git a/auth.c b/auth.c
+index ca450f4e..2994a4e4 100644
+--- a/auth.c
++++ b/auth.c
+@@ -723,120 +723,6 @@ fakepw(void)
+ 	return (&fake);
+ }
+ 
+-/*
+- * Returns the remote DNS hostname as a string. The returned string must not
+- * be freed. NB. this will usually trigger a DNS query the first time it is
+- * called.
+- * This function does additional checks on the hostname to mitigate some
+- * attacks on legacy rhosts-style authentication.
+- * XXX is RhostsRSAAuthentication vulnerable to these?
+- * XXX Can we remove these checks? (or if not, remove RhostsRSAAuthentication?)
+- */
+-
+-static char *
+-remote_hostname(struct ssh *ssh)
+-{
+-	struct sockaddr_storage from;
+-	socklen_t fromlen;
+-	struct addrinfo hints, *ai, *aitop;
+-	char name[NI_MAXHOST], ntop2[NI_MAXHOST];
+-	const char *ntop = ssh_remote_ipaddr(ssh);
+-
+-	/* Get IP address of client. */
+-	fromlen = sizeof(from);
+-	memset(&from, 0, sizeof(from));
+-	if (getpeername(ssh_packet_get_connection_in(ssh),
+-	    (struct sockaddr *)&from, &fromlen) == -1) {
+-		debug("getpeername failed: %.100s", strerror(errno));
+-		return strdup(ntop);
+-	}
+-
+-	ipv64_normalise_mapped(&from, &fromlen);
+-	if (from.ss_family == AF_INET6)
+-		fromlen = sizeof(struct sockaddr_in6);
+-
+-	debug3("Trying to reverse map address %.100s.", ntop);
+-	/* Map the IP address to a host name. */
+-	if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name),
+-	    NULL, 0, NI_NAMEREQD) != 0) {
+-		/* Host name not found.  Use ip address. */
+-		return strdup(ntop);
+-	}
+-
+-	/*
+-	 * if reverse lookup result looks like a numeric hostname,
+-	 * someone is trying to trick us by PTR record like following:
+-	 *	1.1.1.10.in-addr.arpa.	IN PTR	2.3.4.5
+-	 */
+-	memset(&hints, 0, sizeof(hints));
+-	hints.ai_socktype = SOCK_DGRAM;	/*dummy*/
+-	hints.ai_flags = AI_NUMERICHOST;
+-	if (getaddrinfo(name, NULL, &hints, &ai) == 0) {
+-		logit("Nasty PTR record \"%s\" is set up for %s, ignoring",
+-		    name, ntop);
+-		freeaddrinfo(ai);
+-		return strdup(ntop);
+-	}
+-
+-	/* Names are stored in lowercase. */
+-	lowercase(name);
+-
+-	/*
+-	 * Map it back to an IP address and check that the given
+-	 * address actually is an address of this host.  This is
+-	 * necessary because anyone with access to a name server can
+-	 * define arbitrary names for an IP address. Mapping from
+-	 * name to IP address can be trusted better (but can still be
+-	 * fooled if the intruder has access to the name server of
+-	 * the domain).
+-	 */
+-	memset(&hints, 0, sizeof(hints));
+-	hints.ai_family = from.ss_family;
+-	hints.ai_socktype = SOCK_STREAM;
+-	if (getaddrinfo(name, NULL, &hints, &aitop) != 0) {
+-		logit("reverse mapping checking getaddrinfo for %.700s "
+-		    "[%s] failed.", name, ntop);
+-		return strdup(ntop);
+-	}
+-	/* Look for the address from the list of addresses. */
+-	for (ai = aitop; ai; ai = ai->ai_next) {
+-		if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop2,
+-		    sizeof(ntop2), NULL, 0, NI_NUMERICHOST) == 0 &&
+-		    (strcmp(ntop, ntop2) == 0))
+-				break;
+-	}
+-	freeaddrinfo(aitop);
+-	/* If we reached the end of the list, the address was not there. */
+-	if (ai == NULL) {
+-		/* Address not found for the host name. */
+-		logit("Address %.100s maps to %.600s, but this does not "
+-		    "map back to the address.", ntop, name);
+-		return strdup(ntop);
+-	}
+-	return strdup(name);
+-}
+-
+-/*
+- * Return the canonical name of the host in the other side of the current
+- * connection.  The host name is cached, so it is efficient to call this
+- * several times.
+- */
+-
+-const char *
+-auth_get_canonical_hostname(struct ssh *ssh, int use_dns)
+-{
+-	static char *dnsname;
+-
+-	if (!use_dns)
+-		return ssh_remote_ipaddr(ssh);
+-	else if (dnsname != NULL)
+-		return dnsname;
+-	else {
+-		dnsname = remote_hostname(ssh);
+-		return dnsname;
+-	}
+-}
+-
+ /*
+  * Runs command in a subprocess with a minimal environment.
+  * Returns pid on success, 0 on failure.
+diff --git a/canohost.c b/canohost.c
+index abea9c6e..4f4524d2 100644
+--- a/canohost.c
++++ b/canohost.c
+@@ -202,3 +202,117 @@ get_local_port(int sock)
+ {
+ 	return get_sock_port(sock, 1);
+ }
++
++/*
++ * Returns the remote DNS hostname as a string. The returned string must not
++ * be freed. NB. this will usually trigger a DNS query the first time it is
++ * called.
++ * This function does additional checks on the hostname to mitigate some
++ * attacks on legacy rhosts-style authentication.
++ * XXX is RhostsRSAAuthentication vulnerable to these?
++ * XXX Can we remove these checks? (or if not, remove RhostsRSAAuthentication?)
++ */
++
++static char *
++remote_hostname(struct ssh *ssh)
++{
++	struct sockaddr_storage from;
++	socklen_t fromlen;
++	struct addrinfo hints, *ai, *aitop;
++	char name[NI_MAXHOST], ntop2[NI_MAXHOST];
++	const char *ntop = ssh_remote_ipaddr(ssh);
++
++	/* Get IP address of client. */
++	fromlen = sizeof(from);
++	memset(&from, 0, sizeof(from));
++	if (getpeername(ssh_packet_get_connection_in(ssh),
++	    (struct sockaddr *)&from, &fromlen) < 0) {
++		debug("getpeername failed: %.100s", strerror(errno));
++		return strdup(ntop);
++	}
++
++	ipv64_normalise_mapped(&from, &fromlen);
++	if (from.ss_family == AF_INET6)
++		fromlen = sizeof(struct sockaddr_in6);
++
++	debug3("Trying to reverse map address %.100s.", ntop);
++	/* Map the IP address to a host name. */
++	if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name),
++	    NULL, 0, NI_NAMEREQD) != 0) {
++		/* Host name not found.  Use ip address. */
++		return strdup(ntop);
++	}
++
++	/*
++	 * if reverse lookup result looks like a numeric hostname,
++	 * someone is trying to trick us by PTR record like following:
++	 *	1.1.1.10.in-addr.arpa.	IN PTR	2.3.4.5
++	 */
++	memset(&hints, 0, sizeof(hints));
++	hints.ai_socktype = SOCK_DGRAM;	/*dummy*/
++	hints.ai_flags = AI_NUMERICHOST;
++	if (getaddrinfo(name, NULL, &hints, &ai) == 0) {
++		logit("Nasty PTR record \"%s\" is set up for %s, ignoring",
++		    name, ntop);
++		freeaddrinfo(ai);
++		return strdup(ntop);
++	}
++
++	/* Names are stored in lowercase. */
++	lowercase(name);
++
++	/*
++	 * Map it back to an IP address and check that the given
++	 * address actually is an address of this host.  This is
++	 * necessary because anyone with access to a name server can
++	 * define arbitrary names for an IP address. Mapping from
++	 * name to IP address can be trusted better (but can still be
++	 * fooled if the intruder has access to the name server of
++	 * the domain).
++	 */
++	memset(&hints, 0, sizeof(hints));
++	hints.ai_family = from.ss_family;
++	hints.ai_socktype = SOCK_STREAM;
++	if (getaddrinfo(name, NULL, &hints, &aitop) != 0) {
++		logit("reverse mapping checking getaddrinfo for %.700s "
++		    "[%s] failed.", name, ntop);
++		return strdup(ntop);
++	}
++	/* Look for the address from the list of addresses. */
++	for (ai = aitop; ai; ai = ai->ai_next) {
++		if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop2,
++		    sizeof(ntop2), NULL, 0, NI_NUMERICHOST) == 0 &&
++		    (strcmp(ntop, ntop2) == 0))
++				break;
++	}
++	freeaddrinfo(aitop);
++	/* If we reached the end of the list, the address was not there. */
++	if (ai == NULL) {
++		/* Address not found for the host name. */
++		logit("Address %.100s maps to %.600s, but this does not "
++		    "map back to the address.", ntop, name);
++		return strdup(ntop);
++	}
++	return strdup(name);
++}
++
++/*
++ * Return the canonical name of the host in the other side of the current
++ * connection.  The host name is cached, so it is efficient to call this
++ * several times.
++ */
++
++const char *
++auth_get_canonical_hostname(struct ssh *ssh, int use_dns)
++{
++	static char *dnsname;
++
++	if (!use_dns)
++		return ssh_remote_ipaddr(ssh);
++	else if (dnsname != NULL)
++		return dnsname;
++	else {
++		dnsname = remote_hostname(ssh);
++		return dnsname;
++	}
++}
+diff --git a/readconf.c b/readconf.c
+index f78b4d6f..747287f7 100644
+--- a/readconf.c
++++ b/readconf.c
+@@ -162,6 +162,7 @@ typedef enum {
+ 	oClearAllForwardings, oNoHostAuthenticationForLocalhost,
+ 	oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
+ 	oAddressFamily, oGssAuthentication, oGssDelegateCreds,
++	oGssTrustDns,
+ 	oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
+ 	oSendEnv, oSetEnv, oControlPath, oControlMaster, oControlPersist,
+ 	oHashKnownHosts,
+@@ -203,9 +204,11 @@ static struct {
+ #if defined(GSSAPI)
+ 	{ "gssapiauthentication", oGssAuthentication },
+ 	{ "gssapidelegatecredentials", oGssDelegateCreds },
++	{ "gssapitrustdns", oGssTrustDns },
+ # else
+ 	{ "gssapiauthentication", oUnsupported },
+ 	{ "gssapidelegatecredentials", oUnsupported },
++	{ "gssapitrustdns", oUnsupported },
+ #endif
+ #ifdef ENABLE_PKCS11
+ 	{ "pkcs11provider", oPKCS11Provider },
+@@ -992,6 +995,10 @@ parse_time:
+ 		intptr = &options->gss_deleg_creds;
+ 		goto parse_flag;
+ 
++	case oGssTrustDns:
++		intptr = &options->gss_trust_dns;
++		goto parse_flag;
++
+ 	case oBatchMode:
+ 		intptr = &options->batch_mode;
+ 		goto parse_flag;
+@@ -1864,6 +1871,7 @@ initialize_options(Options * options)
+ 	options->challenge_response_authentication = -1;
+ 	options->gss_authentication = -1;
+ 	options->gss_deleg_creds = -1;
++	options->gss_trust_dns = -1;
+ 	options->password_authentication = -1;
+ 	options->kbd_interactive_authentication = -1;
+ 	options->kbd_interactive_devices = NULL;
+@@ -2011,6 +2019,8 @@ fill_default_options(Options * options)
+ 		options->gss_authentication = 0;
+ 	if (options->gss_deleg_creds == -1)
+ 		options->gss_deleg_creds = 0;
++	if (options->gss_trust_dns == -1)
++		options->gss_trust_dns = 0;
+ 	if (options->password_authentication == -1)
+ 		options->password_authentication = 1;
+ 	if (options->kbd_interactive_authentication == -1)
+diff --git a/readconf.h b/readconf.h
+index 8e36bf32..c9e4718d 100644
+--- a/readconf.h
++++ b/readconf.h
+@@ -41,6 +41,7 @@ typedef struct {
+ 					/* Try S/Key or TIS, authentication. */
+ 	int     gss_authentication;	/* Try GSS authentication */
+ 	int     gss_deleg_creds;	/* Delegate GSS credentials */
++	int	gss_trust_dns;		/* Trust DNS for GSS canonicalization */
+ 	int     password_authentication;	/* Try password
+ 						 * authentication. */
+ 	int     kbd_interactive_authentication; /* Try keyboard-interactive auth. */
+diff --git a/ssh_config.5 b/ssh_config.5
+index 02a87892..95de538b 100644
+--- a/ssh_config.5
++++ b/ssh_config.5
+@@ -762,6 +762,16 @@ The default is
+ Forward (delegate) credentials to the server.
+ The default is
+ .Cm no .
++Note that this option applies to protocol version 2 connections using GSSAPI.
++.It Cm GSSAPITrustDns
++Set to
++.Dq yes to indicate that the DNS is trusted to securely canonicalize
++the name of the host being connected to. If
++.Dq no, the hostname entered on the
++command line will be passed untouched to the GSSAPI library.
++The default is
++.Dq no .
++This option only applies to protocol version 2 connections using GSSAPI.
+ .It Cm HashKnownHosts
+ Indicates that
+ .Xr ssh 1
+diff --git a/sshconnect2.c b/sshconnect2.c
+index 87fa70a4..a6ffdc96 100644
+--- a/sshconnect2.c
++++ b/sshconnect2.c
+@@ -697,6 +697,13 @@ userauth_gssapi(struct ssh *ssh)
+ 	OM_uint32 min;
+ 	int r, ok = 0;
+ 	gss_OID mech = NULL;
++	const char *gss_host;
++
++	if (options.gss_trust_dns) {
++		extern const char *auth_get_canonical_hostname(struct ssh *ssh, int use_dns);
++		gss_host = auth_get_canonical_hostname(ssh, 1);
++	} else
++		gss_host = authctxt->host;
+ 
+ 	/* Try one GSSAPI method at a time, rather than sending them all at
+ 	 * once. */
+@@ -711,7 +718,7 @@ userauth_gssapi(struct ssh *ssh)
+ 		    elements[authctxt->mech_tried];
+ 		/* My DER encoding requires length<128 */
+ 		if (mech->length < 128 && ssh_gssapi_check_mechanism(&gssctxt,
+-		    mech, authctxt->host)) {
++		    mech, gss_host)) {
+ 			ok = 1; /* Mechanism works */
+ 		} else {
+ 			authctxt->mech_tried++;
diff --git a/net-misc/openssh/files/openssh-8.1_p1-hpn-glue.patch b/net-misc/openssh/files/openssh-8.1_p1-hpn-glue.patch
new file mode 100644
index 000000000000..0ad814f95d87
--- /dev/null
+++ b/net-misc/openssh/files/openssh-8.1_p1-hpn-glue.patch
@@ -0,0 +1,216 @@
+Only in b: .openssh-7_8_P1-hpn-AES-CTR-14.16.diff.un~
+Only in b: .openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff.un~
+diff -ru a/openssh-7_8_P1-hpn-AES-CTR-14.16.diff b/openssh-7_8_P1-hpn-AES-CTR-14.16.diff
+--- a/openssh-7_8_P1-hpn-AES-CTR-14.16.diff	2019-10-10 13:48:31.513603947 -0700
++++ b/openssh-7_8_P1-hpn-AES-CTR-14.16.diff	2019-10-10 13:50:15.012495676 -0700
+@@ -17,8 +17,8 @@
+  	canohost.o channels.o cipher.o cipher-aes.o cipher-aesctr.o \
+ -	cipher-ctr.o cleanup.o \
+ +	cipher-ctr.o cleanup.o cipher-ctr-mt.o \
+- 	compat.o crc32.o fatal.o hostfile.o \
+- 	log.o match.o moduli.o nchan.o packet.o opacket.o \
++ 	compat.o fatal.o hostfile.o \
++ 	log.o match.o moduli.o nchan.o packet.o \
+  	readpass.o ttymodes.o xmalloc.o addrmatch.o \
+ diff --git a/cipher-ctr-mt.c b/cipher-ctr-mt.c
+ new file mode 100644
+@@ -998,7 +998,7 @@
+ +		 * so we repoint the define to the multithreaded evp. To start the threads we
+ +		 * then force a rekey
+ +		 */
+-+		const void *cc = ssh_packet_get_send_context(active_state);
+++		const void *cc = ssh_packet_get_send_context(ssh);
+ +		
+ +		/* only do this for the ctr cipher. otherwise gcm mode breaks. Don't know why though */
+ +		if (strstr(cipher_ctx_name(cc), "ctr")) {
+@@ -1028,7 +1028,7 @@
+ +		 * so we repoint the define to the multithreaded evp. To start the threads we
+ +		 * then force a rekey
+ +		 */
+-+		const void *cc = ssh_packet_get_send_context(active_state);
+++		const void *cc = ssh_packet_get_send_context(ssh);
+ +		
+ +		/* only rekey if necessary. If we don't do this gcm mode cipher breaks */
+ +		if (strstr(cipher_ctx_name(cc), "ctr")) {
+diff -ru a/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff b/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff
+--- a/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff	2019-10-10 13:47:54.801642144 -0700
++++ b/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff	2019-10-10 15:58:05.085803333 -0700
+@@ -162,24 +162,24 @@
+  }
+  
+ +static int
+-+channel_tcpwinsz(void)
+++channel_tcpwinsz(struct ssh *ssh)
+ +{
+ +	u_int32_t tcpwinsz = 0;
+ +	socklen_t optsz = sizeof(tcpwinsz);
+ +	int ret = -1;
+ +
+ +	/* if we aren't on a socket return 128KB */
+-+	if (!packet_connection_is_on_socket())
+++	if (!ssh_packet_connection_is_on_socket(ssh))
+ +		return 128 * 1024;
+ +
+-+	ret = getsockopt(packet_get_connection_in(),
+++	ret = getsockopt(ssh_packet_get_connection_in(ssh),
+ +			 SOL_SOCKET, SO_RCVBUF, &tcpwinsz, &optsz);
+ +	/* return no more than SSHBUF_SIZE_MAX (currently 256MB) */
+ +	if ((ret == 0) && tcpwinsz > SSHBUF_SIZE_MAX)
+ +		tcpwinsz = SSHBUF_SIZE_MAX;
+ +
+ +	debug2("tcpwinsz: tcp connection %d, Receive window: %d",
+-+	       packet_get_connection_in(), tcpwinsz);
+++	       ssh_packet_get_connection_in(ssh), tcpwinsz);
+ +	return tcpwinsz;
+ +}
+ +
+@@ -191,7 +191,7 @@
+  	    c->local_window < c->local_window_max/2) &&
+  	    c->local_consumed > 0) {
+ +		u_int addition = 0;
+-+		u_int32_t tcpwinsz = channel_tcpwinsz();
+++		u_int32_t tcpwinsz = channel_tcpwinsz(ssh);
+ +		/* adjust max window size if we are in a dynamic environment */
+ +		if (c->dynamic_window && (tcpwinsz > c->local_window_max)) {
+ +			/* grow the window somewhat aggressively to maintain pressure */
+@@ -409,18 +409,10 @@
+ index dcf35e6..da4ced0 100644
+ --- a/packet.c
+ +++ b/packet.c
+-@@ -920,6 +920,24 @@ ssh_set_newkeys(struct ssh *ssh, int mode)
++@@ -920,6 +920,16 @@ ssh_set_newkeys(struct ssh *ssh, int mode)
+  	return 0;
+  }
+  
+-+/* this supports the forced rekeying required for the NONE cipher */
+-+int rekey_requested = 0;
+-+void
+-+packet_request_rekeying(void)
+-+{
+-+	rekey_requested = 1;
+-+}
+-+
+ +/* used to determine if pre or post auth when rekeying for aes-ctr
+ + * and none cipher switch */
+ +int
+@@ -434,20 +426,6 @@
+  #define MAX_PACKETS	(1U<<31)
+  static int
+  ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
+-@@ -946,6 +964,13 @@ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
+- 	if (state->p_send.packets == 0 && state->p_read.packets == 0)
+- 		return 0;
+- 
+-+	/* used to force rekeying when called for by the none
+-+         * cipher switch methods -cjr */
+-+        if (rekey_requested == 1) {
+-+                rekey_requested = 0;
+-+                return 1;
+-+        }
+-+
+- 	/* Time-based rekeying */
+- 	if (state->rekey_interval != 0 &&
+- 	    (int64_t)state->rekey_time + state->rekey_interval <= monotime())
+ diff --git a/packet.h b/packet.h
+ index 170203c..f4d9df2 100644
+ --- a/packet.h
+@@ -476,9 +454,9 @@
+  /* Format of the configuration file:
+  
+ @@ -166,6 +167,8 @@ typedef enum {
+- 	oHashKnownHosts,
+  	oTunnel, oTunnelDevice,
+  	oLocalCommand, oPermitLocalCommand, oRemoteCommand,
++ 	oDisableMTAES,
+ +	oTcpRcvBufPoll, oTcpRcvBuf, oHPNDisabled, oHPNBufferSize,
+ +	oNoneEnabled, oNoneSwitch,
+  	oVisualHostKey,
+@@ -615,9 +593,9 @@
+  	int	ip_qos_bulk;		/* IP ToS/DSCP/class for bulk traffic */
+  	SyslogFacility log_facility;	/* Facility for system logging. */
+ @@ -111,7 +115,10 @@ typedef struct {
+- 
+  	int	enable_ssh_keysign;
+  	int64_t rekey_limit;
++ 	int     disable_multithreaded; /*disable multithreaded aes-ctr*/
+ +	int     none_switch;    /* Use none cipher */
+ +	int     none_enabled;   /* Allow none to be used */
+  	int	rekey_interval;
+@@ -633,7 +611,7 @@
+  	off_t i, statbytes;
+  	size_t amt, nr;
+  	int fd = -1, haderr, indx;
+--	char *last, *name, buf[2048], encname[PATH_MAX];
++-	char *last, *name, buf[PATH_MAX + 128], encname[PATH_MAX];
+ +	char *last, *name, buf[16384], encname[PATH_MAX];
+  	int len;
+  
+@@ -673,9 +651,9 @@
+  	/* Portable-specific options */
+  	if (options->use_pam == -1)
+ @@ -391,6 +400,43 @@ fill_default_server_options(ServerOptions *options)
+- 	}
+- 	if (options->permit_tun == -1)
+  		options->permit_tun = SSH_TUNMODE_NO;
++ 	if (options->disable_multithreaded == -1)
++ 		options->disable_multithreaded = 0;
+ +	if (options->none_enabled == -1)
+ +		options->none_enabled = 0;
+ +	if (options->hpn_disabled == -1)
+@@ -1092,7 +1070,7 @@
+  	xxx_host = host;
+  	xxx_hostaddr = hostaddr;
+  
+-@@ -412,6 +423,28 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host,
++@@ -412,6 +423,27 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host,
+  
+  	if (!authctxt.success)
+  		fatal("Authentication failed.");
+@@ -1108,7 +1086,7 @@
+ +			memcpy(&myproposal, &myproposal_default, sizeof(myproposal));
+ +			myproposal[PROPOSAL_ENC_ALGS_STOC] = "none";
+ +			myproposal[PROPOSAL_ENC_ALGS_CTOS] = "none";
+-+			kex_prop2buf(active_state->kex->my, myproposal);
+++			kex_prop2buf(ssh->kex->my, myproposal);
+ +			packet_request_rekeying();
+ +			fprintf(stderr, "WARNING: ENABLED NONE CIPHER\n");
+ +		} else {
+@@ -1117,23 +1095,13 @@
+ +			fprintf(stderr, "NONE cipher switch disabled when a TTY is allocated\n");
+ +		}
+ +	}
+-+
+- 	debug("Authentication succeeded (%s).", authctxt.method->name);
+- }
+  
++ #ifdef WITH_OPENSSL
++ 	if (options.disable_multithreaded == 0) {
+ diff --git a/sshd.c b/sshd.c
+ index a738c3a..b32dbe0 100644
+ --- a/sshd.c
+ +++ b/sshd.c
+-@@ -373,7 +373,7 @@ sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out)
+- 	char remote_version[256];	/* Must be at least as big as buf. */
+- 
+- 	xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s\r\n",
+--	    PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION,
+-+	    PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE,
+- 	    *options.version_addendum == '\0' ? "" : " ",
+- 	    options.version_addendum);
+- 
+ @@ -1037,6 +1037,8 @@ listen_on_addrs(struct listenaddr *la)
+  	int ret, listen_sock;
+  	struct addrinfo *ai;
+@@ -1217,11 +1185,10 @@
+ index f1bbf00..21a70c2 100644
+ --- a/version.h
+ +++ b/version.h
+-@@ -3,4 +3,6 @@
++@@ -3,4 +3,5 @@
+  #define SSH_VERSION	"OpenSSH_7.8"
+  
+  #define SSH_PORTABLE	"p1"
+ -#define SSH_RELEASE	SSH_VERSION SSH_PORTABLE
+-+#define SSH_HPN         "-hpn14v16"
+ +#define SSH_RELEASE	SSH_VERSION SSH_PORTABLE SSH_HPN
+ +