summaryrefslogtreecommitdiff
path: root/net-misc/openssh
diff options
context:
space:
mode:
authorV3n3RiX <venerix@redcorelinux.org>2021-07-28 10:27:13 +0100
committerV3n3RiX <venerix@redcorelinux.org>2021-07-28 10:27:13 +0100
commitf4fc10428424904caf2035cffc442195cb088b2c (patch)
tree72f320d5963e55586cfdeed2b14c72b8191b6327 /net-misc/openssh
parentfbd9734cedfe790955100b8e4ab3613457d77b1a (diff)
gentoo resync : 28.07.2021
Diffstat (limited to 'net-misc/openssh')
-rw-r--r--net-misc/openssh/Manifest4
-rw-r--r--net-misc/openssh/files/openssh-8.5_p1-X509-glue-13.0.patch73
-rw-r--r--net-misc/openssh/files/openssh-8.5_p1-hpn-15.1-X509-glue.patch325
-rw-r--r--net-misc/openssh/files/openssh-8.5_p1-hpn-15.1-glue.patch242
-rw-r--r--net-misc/openssh/files/openssh-8.5_p1-hpn-15.1-sctp-glue.patch18
5 files changed, 0 insertions, 662 deletions
diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest
index cb927c8a05c8..f9f75ae3f483 100644
--- a/net-misc/openssh/Manifest
+++ b/net-misc/openssh/Manifest
@@ -7,10 +7,6 @@ AUX openssh-8.0_p1-hpn-version.patch 590 BLAKE2B 1ff20ab17e7e1a20f7a96ded56ff7c0
AUX openssh-8.3_p1-sha2-include.patch 370 BLAKE2B 3d9ee891d9d647f4ff3b42d47cae4c7a32533bce917b35101fd3c5549717a6b285423894b3372ecb6983d4425c712f4b0590fc95799fd521523d9d74860863c6 SHA512 a1edda5dc43af79e9e4e7d3bcd78cc1c2dbf40e94f22189022dcaf1107c8f2cb2a37c949af5955144f6ada210417a695fe0c4d05d52ba2dbafb1dddf6a1bac3f
AUX openssh-8.5_p1-GSSAPI-dns.patch 11631 BLAKE2B 9ed39b04f320612f166b091979a21e7765d19afc3947a95dd3019da25eefcad32fcf2a3f17813441fce87cc03a28e0a52ac1aad3ac4b5b7ecdf3f4f8c391ba4a SHA512 d28f7df54af4cc998e1978a6c0fcb28f88affaad4a347084e429549bc0f74347dd8ad79c0ced0ca5a739e2c3cc19f6516aeb678f3a9709c40f1d0fa16d93b9e4
AUX openssh-8.5_p1-X509-glue-13.0.1.patch 2714 BLAKE2B 03a00a1b9c62d75688706e3f4950510bafea6ae524a3bdbd08a7f059663eae3ff386ffa1ea1edfbf3349231a53b314625778043f39bb52395ffe9ef2a45a8400 SHA512 1ddf7c62ff3e73278a88f9afe5085c4101ef2cae4383cfa7bddc90403db5ea2c9c0fc630d31dc72072c4c008034f02b30cfea149aeb95e70c74292f3b978471b
-AUX openssh-8.5_p1-X509-glue-13.0.patch 2773 BLAKE2B f6bfe7a9986a0804eacb83bd61718b2fb5c52b26740441878cadadcd4773abb7a9f441f9263a704c13de5e25c614d989010b6806bde43b767ae892e68733087d SHA512 27894c3a76ce7483585975b41e7b3a64b8e896daaaf958738f8cd4081d4ff0884d945beb11f9e2ae12b87532d9a30bd642e4442db3ced2cf8747c60459752aec
-AUX openssh-8.5_p1-hpn-15.1-X509-glue.patch 11216 BLAKE2B 88060a94be8eba6b9b01296f1109f930df38d8596dc3500a8ab40f660a159884783a4ea0be362fb52a86eac1e88e903a7eae4cd6fd293922d73acc9a75eee150 SHA512 7e9799c7ab5cf97e791cb1c2aa0370199e91eeaa01e685c0d164f47fcddbf0fc7f55a9fd7ccba79ee861259d0ebd56d083b77cd0b65472fe9bcc83ceb4f2ad0e
-AUX openssh-8.5_p1-hpn-15.1-glue.patch 8744 BLAKE2B 90358656ee0e9ea1dfc7117dc585b296e125b5567fb8e9b12b7da2f00d02a1aa40da4a8fb64158f5ebb0abbd9ed54310f974d389a0ec3e9cface8dd9e1ae9d03 SHA512 8167b35e5daccc6f48af48c17bf01eae54dbff0aa651333e745fda044131746f313cec324275bf5e83592eea53726207763eaccbfb9bbb00fae3247a94eb8322
-AUX openssh-8.5_p1-hpn-15.1-sctp-glue.patch 728 BLAKE2B a9e6000b45fd228fa3623ca9abe6f99efc8e50020cd9584ea8b23e5491eb78253f65adf4ec990cae177874a89d785fa45fec05accae8a97921f804f7581a5ba4 SHA512 a6913dc0cffc5184b38d12f5146085ac6f592350f427bd994ddfa93c0eea041c674e47a80b84cffca9fe72ff5efa7b6797d1eb39addf6b842a6cfc21de4fc3ad
AUX openssh-8.5_p1-hpn-15.2-X509-13.0.1-glue.patch 11238 BLAKE2B 3d16907f7330b3e30705610c10f5b5037837442df6840231073ae8d0202543b006bf9b9597df50a3173bbb823050e9c2cb5a391ed5f96c4ac2194fb1e97316a9 SHA512 d1fea164d8431282c150a513886c428f7225eb11980bd7c9cae88754d1165ec799e1ef30b17ffa38990b6c58d9626a412abd550909e34f623f311444e097baaa
AUX openssh-8.5_p1-hpn-15.2-glue.patch 3856 BLAKE2B 1661bb20e523141aae3f988f5dac664ec6f3d6517512596183c9c26d051a75b8d013e0d6e7c21aabb597b5c1a7e768c429bdef70bbfe59071f6e4cbb0956960d SHA512 0439ad0f0ab6dc21dd4279c6d252884e3c2ddaba76a207b3b26c88d8a6b8d873cc08345a1a90b8046ec79d33f47395d87e52d5b44b155a186a8aa16d316b82a9
AUX openssh-8.5_p1-hpn-15.2-sctp-glue.patch 727 BLAKE2B fafb6bc3ec680327abf01a7a2f673d4be601094d518d74f5afd0c596c1d60ddfc6f31add6b5533f85bc09cf2122b9e3f7243d5d26a2d6923c88c2f6a811ea2b8 SHA512 eda1c1613e94a7b10df9cc08c87ed8a39edb3f8a160600a74780877772bbd76cc9842d5d5d68ed6a9554e1e310675a1e461d894144d514b8e482d4a1affbc9bd
diff --git a/net-misc/openssh/files/openssh-8.5_p1-X509-glue-13.0.patch b/net-misc/openssh/files/openssh-8.5_p1-X509-glue-13.0.patch
deleted file mode 100644
index 71b27f284af4..000000000000
--- a/net-misc/openssh/files/openssh-8.5_p1-X509-glue-13.0.patch
+++ /dev/null
@@ -1,73 +0,0 @@
-diff -ur a/openssh-8.5p1+x509-13.0.diff b/openssh-8.5p1+x509-13.0.diff
---- a/openssh-8.5p1+x509-13.0.diff 2021-03-03 12:26:21.021212996 -0800
-+++ b/openssh-8.5p1+x509-13.0.diff 2021-03-03 18:20:06.476490271 -0800
-@@ -46675,12 +46675,11 @@
-
- install-files:
- $(MKDIR_P) $(DESTDIR)$(bindir)
--@@ -380,6 +364,8 @@
-+@@ -380,6 +364,7 @@
- $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)5
- $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)8
- $(MKDIR_P) $(DESTDIR)$(libexecdir)
- + $(MKDIR_P) $(DESTDIR)$(sshcadir)
--+ $(MKDIR_P) $(DESTDIR)$(piddir)
- $(MKDIR_P) -m 0755 $(DESTDIR)$(PRIVSEP_PATH)
- $(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) $(DESTDIR)$(bindir)/ssh$(EXEEXT)
- $(INSTALL) -m 0755 $(STRIP_OPT) scp$(EXEEXT) $(DESTDIR)$(bindir)/scp$(EXEEXT)
-@@ -63967,7 +63966,7 @@
- - echo "putty interop tests not enabled"
- - exit 0
- -fi
--+$REGRESS_INTEROP_PUTTY || { echo "putty interop tests are not enabled" >&1; exit 1; }
-++$REGRESS_INTEROP_PUTTY || { echo "putty interop tests are not enabled" >&1; exit 0; }
-
- for c in aes 3des aes128-ctr aes192-ctr aes256-ctr chacha20 ; do
- verbose "$tid: cipher $c"
-@@ -63982,7 +63981,7 @@
- - echo "putty interop tests not enabled"
- - exit 0
- -fi
--+$REGRESS_INTEROP_PUTTY || { echo "putty interop tests are not enabled" >&1; exit 1; }
-++$REGRESS_INTEROP_PUTTY || { echo "putty interop tests are not enabled" >&1; exit 0; }
-
- for k in dh-gex-sha1 dh-group1-sha1 dh-group14-sha1 ecdh ; do
- verbose "$tid: kex $k"
-@@ -63997,7 +63996,7 @@
- - echo "putty interop tests not enabled"
- - exit 0
- -fi
--+$REGRESS_INTEROP_PUTTY || { echo "putty interop tests are not enabled" >&1; exit 1; }
-++$REGRESS_INTEROP_PUTTY || { echo "putty interop tests are not enabled" >&1; exit 0; }
-
- if [ "`${SSH} -Q compression`" = "none" ]; then
- comp="0"
-@@ -64129,9 +64128,9 @@
-
- +# cross-project configuration
- +if test "$sshd_type" = "pkix" ; then
--+ unset_arg=''
-++ unset_arg=
- +else
--+ unset_arg=none
-++ unset_arg=
- +fi
- +
- cat > $OBJ/sshd_config.i << _EOF
-@@ -122238,16 +122237,6 @@
- +int asnmprintf(char **, size_t, int *, const char *, ...)
- __attribute__((format(printf, 4, 5)));
- void msetlocale(void);
--diff -ruN openssh-8.5p1/version.h openssh-8.5p1+x509-13.0/version.h
----- openssh-8.5p1/version.h 2021-03-02 12:31:47.000000000 +0200
--+++ openssh-8.5p1+x509-13.0/version.h 2021-03-03 19:07:00.000000000 +0200
--@@ -2,5 +2,4 @@
--
-- #define SSH_VERSION "OpenSSH_8.5"
--
---#define SSH_PORTABLE "p1"
---#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
--+#define SSH_RELEASE PACKAGE_STRING ", " SSH_VERSION "p1"
- diff -ruN openssh-8.5p1/version.m4 openssh-8.5p1+x509-13.0/version.m4
- --- openssh-8.5p1/version.m4 1970-01-01 02:00:00.000000000 +0200
- +++ openssh-8.5p1+x509-13.0/version.m4 2021-03-03 19:07:00.000000000 +0200
diff --git a/net-misc/openssh/files/openssh-8.5_p1-hpn-15.1-X509-glue.patch b/net-misc/openssh/files/openssh-8.5_p1-hpn-15.1-X509-glue.patch
deleted file mode 100644
index e2d4ce826ea7..000000000000
--- a/net-misc/openssh/files/openssh-8.5_p1-hpn-15.1-X509-glue.patch
+++ /dev/null
@@ -1,325 +0,0 @@
-diff -ur a/openssh-8_4_P1-hpn-AES-CTR-15.1.diff b/openssh-8_4_P1-hpn-AES-CTR-15.1.diff
---- a/openssh-8_4_P1-hpn-AES-CTR-15.1.diff 2021-03-03 12:57:01.975827879 -0800
-+++ b/openssh-8_4_P1-hpn-AES-CTR-15.1.diff 2021-03-03 18:25:21.929305944 -0800
-@@ -3,9 +3,9 @@
- --- a/Makefile.in
- +++ b/Makefile.in
- @@ -46,7 +46,7 @@ CFLAGS=@CFLAGS@
-- CFLAGS_NOPIE=@CFLAGS_NOPIE@
-- CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
-- PICFLAG=@PICFLAG@
-+ LD=@LD@
-+ CFLAGS=@CFLAGS@ $(CFLAGS_EXTRA)
-+ CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@
- -LIBS=@LIBS@
- +LIBS=@LIBS@ -lpthread
- K5LIBS=@K5LIBS@
-@@ -803,8 +803,8 @@
- ssh_packet_set_connection(struct ssh *ssh, int fd_in, int fd_out)
- {
- struct session_state *state;
--- const struct sshcipher *none = cipher_by_name("none");
--+ struct sshcipher *none = cipher_by_name("none");
-+- const struct sshcipher *none = cipher_none();
-++ struct sshcipher *none = cipher_none();
- int r;
-
- if (none == NULL) {
-@@ -894,24 +894,24 @@
- intptr = &options->compression;
- multistate_ptr = multistate_compression;
- @@ -2062,6 +2068,7 @@ initialize_options(Options * options)
-- options->hostbased_accepted_algos = NULL;
-- options->pubkey_accepted_algos = NULL;
-- options->known_hosts_command = NULL;
-+ options->revoked_host_keys = NULL;
-+ options->fingerprint_hash = -1;
-+ options->update_hostkeys = -1;
- + options->disable_multithreaded = -1;
- }
-
- /*
- @@ -2247,6 +2254,10 @@ fill_default_options(Options * options)
-+ options->update_hostkeys = 0;
- if (options->sk_provider == NULL)
- options->sk_provider = xstrdup("$SSH_SK_PROVIDER");
-- #endif
- + if (options->update_hostkeys == -1)
- + options->update_hostkeys = 0;
- + if (options->disable_multithreaded == -1)
- + options->disable_multithreaded = 0;
-
-- /* Expand KEX name lists */
-- all_cipher = cipher_alg_list(',', 0);
-+ /* expand KEX and etc. name lists */
-+ { char *all;
- diff --git a/readconf.h b/readconf.h
- index d6a15550..d2d20548 100644
- --- a/readconf.h
-@@ -950,9 +950,9 @@
- /* Portable-specific options */
- sUsePAM,
- + sDisableMTAES,
-- /* Standard Options */
-- sPort, sHostKeyFile, sLoginGraceTime,
-- sPermitRootLogin, sLogFacility, sLogLevel,
-+ /* X.509 Standard Options */
-+ sHostbasedAlgorithms,
-+ sPubkeyAlgorithms,
- @@ -672,6 +676,7 @@ static struct {
- { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },
- { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL },
-diff -ur a/openssh-8_4_P1-hpn-DynWinNoneSwitch-15.1.diff b/openssh-8_4_P1-hpn-DynWinNoneSwitch-15.1.diff
---- a/openssh-8_4_P1-hpn-DynWinNoneSwitch-15.1.diff 2021-03-03 19:05:28.942903961 -0800
-+++ b/openssh-8_4_P1-hpn-DynWinNoneSwitch-15.1.diff 2021-03-03 20:36:34.702362020 -0800
-@@ -157,6 +157,36 @@
- + Allan Jude provided the code for the NoneMac and buffer normalization.
- + This work was financed, in part, by Cisco System, Inc., the National
- + Library of Medicine, and the National Science Foundation.
-+diff --git a/auth2.c b/auth2.c
-+--- a/auth2.c 2021-03-03 20:34:51.312051369 -0800
-++++ b/auth2.c 2021-03-03 20:35:15.797888115 -0800
-+@@ -229,16 +229,17 @@
-+ double delay;
-+
-+ digest_alg = ssh_digest_maxbytes();
-+- len = ssh_digest_bytes(digest_alg);
-+- hash = xmalloc(len);
-++ if (len = ssh_digest_bytes(digest_alg) > 0) {
-++ hash = xmalloc(len);
-+
-+- (void)snprintf(b, sizeof b, "%llu%s",
-+- (unsigned long long)options.timing_secret, user);
-+- if (ssh_digest_memory(digest_alg, b, strlen(b), hash, len) != 0)
-+- fatal_f("ssh_digest_memory");
-+- /* 0-4.2 ms of delay */
-+- delay = (double)PEEK_U32(hash) / 1000 / 1000 / 1000 / 1000;
-+- freezero(hash, len);
-++ (void)snprintf(b, sizeof b, "%llu%s",
-++ (unsigned long long)options.timing_secret, user);
-++ if (ssh_digest_memory(digest_alg, b, strlen(b), hash, len) != 0)
-++ fatal_f("ssh_digest_memory");
-++ /* 0-4.2 ms of delay */
-++ delay = (double)PEEK_U32(hash) / 1000 / 1000 / 1000 / 1000;
-++ freezero(hash, len);
-++ }
-+ debug3_f("user specific delay %0.3lfms", delay/1000);
-+ return MIN_FAIL_DELAY_SECONDS + delay;
-+ }
- diff --git a/channels.c b/channels.c
- index e4917f3c..e0db582e 100644
- --- a/channels.c
-@@ -209,14 +239,14 @@
- static void
- channel_pre_open(struct ssh *ssh, Channel *c,
- fd_set *readset, fd_set *writeset)
--@@ -2179,22 +2206,31 @@ channel_check_window(struct ssh *ssh, Channel *c)
-+@@ -2179,21 +2206,31 @@ channel_check_window(struct ssh *ssh, Channel *c)
-
- if (c->type == SSH_CHANNEL_OPEN &&
- !(c->flags & (CHAN_CLOSE_SENT|CHAN_CLOSE_RCVD)) &&
- - ((c->local_window_max - c->local_window >
- - c->local_maxpacket*3) ||
--+ ((ssh_packet_is_interactive(ssh) &&
--+ c->local_window_max - c->local_window > c->local_maxpacket*3) ||
-++ ((ssh_packet_is_interactive(ssh) &&
-++ c->local_window_max - c->local_window > c->local_maxpacket*3) ||
- c->local_window < c->local_window_max/2) &&
- c->local_consumed > 0) {
- + u_int addition = 0;
-@@ -234,10 +264,12 @@
- SSH2_MSG_CHANNEL_WINDOW_ADJUST)) != 0 ||
- (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 ||
- - (r = sshpkt_put_u32(ssh, c->local_consumed)) != 0 ||
-+- (r = sshpkt_send(ssh)) != 0)
-+- fatal_fr(r, "channel %d", c->self);
- + (r = sshpkt_put_u32(ssh, c->local_consumed + addition)) != 0 ||
-- (r = sshpkt_send(ssh)) != 0) {
-- fatal_fr(r, "channel %i", c->self);
-- }
-++ (r = sshpkt_send(ssh)) != 0) {
-++ fatal_fr(r, "channel %i", c->self);
-++ }
- debug2("channel %d: window %d sent adjust %d", c->self,
- - c->local_window, c->local_consumed);
- - c->local_window += c->local_consumed;
-@@ -384,20 +416,38 @@
- index dec8e7e9..3c11558e 100644
- --- a/compat.c
- +++ b/compat.c
--@@ -150,6 +150,13 @@ compat_banner(struct ssh *ssh, const char *version)
-- debug_f("match: %s pat %s compat 0x%08x",
-+@@ -43,7 +43,7 @@
-+ static u_int
-+ compat_datafellows(const char *version)
-+ {
-+- int i;
-++ int i, bugs = 0;
-+ static struct {
-+ char *pat;
-+ int bugs;
-+@@ -147,11 +147,19 @@
-+ if (match_pattern_list(version, check[i].pat, 0) == 1) {
-+ debug("match: %s pat %s compat 0x%08x",
- version, check[i].pat, check[i].bugs);
-- ssh->compat = check[i].bugs;
--+ /* Check to see if the remote side is OpenSSH and not HPN */
--+ if (strstr(version, "OpenSSH") != NULL) {
--+ if (strstr(version, "hpn") == NULL) {
--+ ssh->compat |= SSH_BUG_LARGEWINDOW;
--+ debug("Remote is NON-HPN aware");
--+ }
--+ }
-- return;
-+- return check[i].bugs;
-++ bugs |= check[i].bugs;
- }
- }
-+- debug("no match: %s", version);
-+- return 0;
-++ /* Check to see if the remote side is OpenSSH and not HPN */
-++ if (strstr(version, "OpenSSH") != NULL) {
-++ if (strstr(version, "hpn") == NULL) {
-++ bugs |= SSH_BUG_LARGEWINDOW;
-++ debug("Remote is NON-HPN aware");
-++ }
-++ }
-++ if (bugs == 0)
-++ debug("no match: %s", version);
-++ return bugs;
-+ }
-+
-+ char *
- diff --git a/compat.h b/compat.h
- index 66db42cc..d4e811e4 100644
- --- a/compat.h
-@@ -456,7 +506,7 @@
- @@ -888,6 +888,10 @@ kex_choose_conf(struct ssh *ssh)
- int nenc, nmac, ncomp;
- u_int mode, ctos, need, dh_need, authlen;
-- int r, first_kex_follows;
-+ int r, first_kex_follows = 0;
- + int auth_flag = 0;
- +
- + auth_flag = packet_authentication_state(ssh);
-@@ -1033,19 +1083,6 @@
-
- /* File to read commands from */
- FILE* infile;
--diff --git a/ssh-keygen.c b/ssh-keygen.c
--index a12b79a5..8b839219 100644
----- a/ssh-keygen.c
--+++ b/ssh-keygen.c
--@@ -2999,7 +2999,7 @@ do_download_sk(const char *skprovider, const char *device)
-- freezero(pin, strlen(pin));
-- error("Unable to load resident keys: %s", ssh_err(r));
-- return -1;
--- }
--+ }
-- if (nkeys == 0)
-- logit("No keys to download");
-- if (pin != NULL)
- diff --git a/ssh.c b/ssh.c
- index f34ca0d7..d7d134f7 100644
- --- a/ssh.c
-@@ -1091,7 +1128,7 @@
- + else
- + options.hpn_buffer_size = 2 * 1024 * 1024;
- +
--+ if (ssh->compat & SSH_BUG_LARGEWINDOW) {
-++ if (ssh_compat_fellows(ssh, SSH_BUG_LARGEWINDOW)) {
- + debug("HPN to Non-HPN Connection");
- + } else {
- + int sock, socksize;
-@@ -1331,6 +1368,26 @@
- /* Bind the socket to the desired port. */
- if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) == -1) {
- error("Bind to port %s on %s failed: %.200s.",
-+@@ -1625,12 +1625,13 @@
-+ if (ssh_digest_update(ctx, sshbuf_ptr(server_cfg),
-+ sshbuf_len(server_cfg)) != 0)
-+ fatal_f("ssh_digest_update");
-+- len = ssh_digest_bytes(digest_alg);
-+- hash = xmalloc(len);
-+- if (ssh_digest_final(ctx, hash, len) != 0)
-+- fatal_f("ssh_digest_final");
-+- options.timing_secret = PEEK_U64(hash);
-+- freezero(hash, len);
-++ if (len = ssh_digest_bytes(digest_alg) > 0) {
-++ hash = xmalloc(len);
-++ if (ssh_digest_final(ctx, hash, len) != 0)
-++ fatal_f("ssh_digest_final");
-++ options.timing_secret = PEEK_U64(hash);
-++ freezero(hash, len);
-++ }
-+ ssh_digest_free(ctx);
-+ ctx = NULL;
-+ return;
- @@ -1746,6 +1753,19 @@ main(int ac, char **av)
- /* Fill in default values for those options not explicitly set. */
- fill_default_server_options(&options);
-@@ -1401,14 +1458,3 @@
- # Example of overriding settings on a per-user basis
- #Match User anoncvs
- # X11Forwarding no
--diff --git a/version.h b/version.h
--index c2f9c55b..f2e7fa80 100644
----- a/version.h
--+++ b/version.h
--@@ -3,4 +3,5 @@
-- #define SSH_VERSION "OpenSSH_8.4"
--
-- #define SSH_PORTABLE "p1"
---#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
--+#define SSH_HPN "-hpn15v1"
--+#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN
-diff -ur a/openssh-8_4_P1-hpn-PeakTput-15.1.diff b/openssh-8_4_P1-hpn-PeakTput-15.1.diff
---- a/openssh-8_4_P1-hpn-PeakTput-15.1.diff 2021-03-03 12:57:01.975827879 -0800
-+++ b/openssh-8_4_P1-hpn-PeakTput-15.1.diff 2021-03-03 18:25:21.930305937 -0800
-@@ -12,9 +12,9 @@
- static long stalled; /* how long we have been stalled */
- static int bytes_per_second; /* current speed in bytes per second */
- @@ -127,6 +129,7 @@ refresh_progress_meter(int force_update)
-+ off_t bytes_left;
- int cur_speed;
-- int hours, minutes, seconds;
-- int file_len;
-+ int len;
- + off_t delta_pos;
-
- if ((!force_update && !alarm_fired && !win_resized) || !can_output())
-@@ -33,12 +33,12 @@
- @@ -166,7 +173,7 @@ refresh_progress_meter(int force_update)
-
- /* filename */
-- buf[0] = '\0';
--- file_len = win_size - 36;
--+ file_len = win_size - 45;
-- if (file_len > 0) {
-- buf[0] = '\r';
-- snmprintf(buf+1, sizeof(buf)-1, &file_len, "%-*s",
-+ if (win_size > 36) {
-+- int file_len = win_size - 36;
-++ int file_len = win_size - 45;
-+ snmprintf(buf+1, sizeof(buf)-1, &file_len, "%-*s ",
-+ file_len, file);
-+ }
- @@ -191,6 +198,15 @@ refresh_progress_meter(int force_update)
- (off_t)bytes_per_second);
- strlcat(buf, "/s ", win_size);
-@@ -63,15 +63,3 @@
- }
-
- /*ARGSUSED*/
--diff --git a/ssh-keygen.c b/ssh-keygen.c
--index a12b79a5..76b22338 100644
----- a/ssh-keygen.c
--+++ b/ssh-keygen.c
--@@ -2987,7 +2987,6 @@ do_download_sk(const char *skprovider, const char *device)
--
-- if (skprovider == NULL)
-- fatal("Cannot download keys without provider");
---
-- pin = read_passphrase("Enter PIN for authenticator: ", RP_ALLOW_STDIN);
-- if (!quiet) {
-- printf("You may need to touch your authenticator "
diff --git a/net-misc/openssh/files/openssh-8.5_p1-hpn-15.1-glue.patch b/net-misc/openssh/files/openssh-8.5_p1-hpn-15.1-glue.patch
deleted file mode 100644
index ec6e687271cf..000000000000
--- a/net-misc/openssh/files/openssh-8.5_p1-hpn-15.1-glue.patch
+++ /dev/null
@@ -1,242 +0,0 @@
-diff -ur a/openssh-8_4_P1-hpn-AES-CTR-15.1.diff b/openssh-8_4_P1-hpn-AES-CTR-15.1.diff
---- a/openssh-8_4_P1-hpn-AES-CTR-15.1.diff 2021-03-03 11:08:18.300474672 -0800
-+++ b/openssh-8_4_P1-hpn-AES-CTR-15.1.diff 2021-03-03 11:18:42.408298903 -0800
-@@ -894,9 +894,9 @@
- intptr = &options->compression;
- multistate_ptr = multistate_compression;
- @@ -2062,6 +2068,7 @@ initialize_options(Options * options)
-- options->update_hostkeys = -1;
-- options->hostbased_key_types = NULL;
-- options->pubkey_key_types = NULL;
-+ options->hostbased_accepted_algos = NULL;
-+ options->pubkey_accepted_algos = NULL;
-+ options->known_hosts_command = NULL;
- + options->disable_multithreaded = -1;
- }
-
-diff -ur a/openssh-8_4_P1-hpn-DynWinNoneSwitch-15.1.diff b/openssh-8_4_P1-hpn-DynWinNoneSwitch-15.1.diff
---- a/openssh-8_4_P1-hpn-DynWinNoneSwitch-15.1.diff 2021-03-03 11:08:18.300474672 -0800
-+++ b/openssh-8_4_P1-hpn-DynWinNoneSwitch-15.1.diff 2021-03-03 12:53:24.117319233 -0800
-@@ -209,7 +209,7 @@
- static void
- channel_pre_open(struct ssh *ssh, Channel *c,
- fd_set *readset, fd_set *writeset)
--@@ -2179,25 +2206,34 @@ channel_check_window(struct ssh *ssh, Channel *c)
-+@@ -2179,22 +2206,31 @@ channel_check_window(struct ssh *ssh, Channel *c)
-
- if (c->type == SSH_CHANNEL_OPEN &&
- !(c->flags & (CHAN_CLOSE_SENT|CHAN_CLOSE_RCVD)) &&
-@@ -229,22 +229,19 @@
- + debug("Channel: Window growth to %d by %d bytes", c->local_window_max, addition);
- + }
- if (!c->have_remote_id)
-- fatal(":%s: channel %d: no remote id",
-- __func__, c->self);
-+ fatal_f("channel %d: no remote id", c->self);
- if ((r = sshpkt_start(ssh,
- SSH2_MSG_CHANNEL_WINDOW_ADJUST)) != 0 ||
- (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 ||
- - (r = sshpkt_put_u32(ssh, c->local_consumed)) != 0 ||
- + (r = sshpkt_put_u32(ssh, c->local_consumed + addition)) != 0 ||
- (r = sshpkt_send(ssh)) != 0) {
-- fatal("%s: channel %i: %s", __func__,
-- c->self, ssh_err(r));
-+ fatal_fr(r, "channel %i", c->self);
- }
-- debug2("channel %d: window %d sent adjust %d",
-- c->self, c->local_window,
--- c->local_consumed);
-+ debug2("channel %d: window %d sent adjust %d", c->self,
-+- c->local_window, c->local_consumed);
- - c->local_window += c->local_consumed;
--+ c->local_consumed + addition);
-++ c->local_window, c->local_consumed + addition);
- + c->local_window += c->local_consumed + addition;
- c->local_consumed = 0;
- }
-@@ -387,18 +384,18 @@
- index dec8e7e9..3c11558e 100644
- --- a/compat.c
- +++ b/compat.c
--@@ -150,6 +150,13 @@ compat_datafellows(const char *version)
-- debug("match: %s pat %s compat 0x%08x",
-+@@ -150,6 +150,13 @@ compat_banner(struct ssh *ssh, const char *version)
-+ debug_f("match: %s pat %s compat 0x%08x",
- version, check[i].pat, check[i].bugs);
-- datafellows = check[i].bugs; /* XXX for now */
-+ ssh->compat = check[i].bugs;
- + /* Check to see if the remote side is OpenSSH and not HPN */
- + if (strstr(version, "OpenSSH") != NULL) {
- + if (strstr(version, "hpn") == NULL) {
--+ datafellows |= SSH_BUG_LARGEWINDOW;
-++ ssh->compat |= SSH_BUG_LARGEWINDOW;
- + debug("Remote is NON-HPN aware");
- + }
- + }
-- return check[i].bugs;
-+ return;
- }
- }
- diff --git a/compat.h b/compat.h
-@@ -431,9 +428,9 @@
- --- a/digest-openssl.c
- +++ b/digest-openssl.c
- @@ -61,6 +61,7 @@ const struct ssh_digest digests[] = {
-- { SSH_DIGEST_SHA256, "SHA256", 32, EVP_sha256 },
-+ { SSH_DIGEST_SHA256, "SHA256", 32, EVP_sha256 },
- { SSH_DIGEST_SHA384, "SHA384", 48, EVP_sha384 },
-- { SSH_DIGEST_SHA512, "SHA512", 64, EVP_sha512 },
-+ { SSH_DIGEST_SHA512, "SHA512", 64, EVP_sha512 },
- + { SSH_DIGEST_NULL, "NONEMAC", 0, EVP_md_null},
- { -1, NULL, 0, NULL },
- };
-@@ -536,18 +533,10 @@
- if (state->rekey_limit)
- *max_blocks = MINIMUM(*max_blocks,
- state->rekey_limit / enc->block_size);
--@@ -966,6 +975,24 @@ ssh_set_newkeys(struct ssh *ssh, int mode)
-+@@ -966,6 +975,16 @@ ssh_set_newkeys(struct ssh *ssh, int mode)
- return 0;
- }
-
--+/* this supports the forced rekeying required for the NONE cipher */
--+int rekey_requested = 0;
--+void
--+packet_request_rekeying(void)
--+{
--+ rekey_requested = 1;
--+}
--+
- +/* used to determine if pre or post auth when rekeying for aes-ctr
- + * and none cipher switch */
- +int
-@@ -561,20 +550,6 @@
- #define MAX_PACKETS (1U<<31)
- static int
- ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
--@@ -992,6 +1019,13 @@ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
-- if (state->p_send.packets == 0 && state->p_read.packets == 0)
-- return 0;
--
--+ /* used to force rekeying when called for by the none
--+ * cipher switch methods -cjr */
--+ if (rekey_requested == 1) {
--+ rekey_requested = 0;
--+ return 1;
--+ }
--+
-- /* Time-based rekeying */
-- if (state->rekey_interval != 0 &&
-- (int64_t)state->rekey_time + state->rekey_interval <= monotime())
- @@ -1330,7 +1364,7 @@ ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
- struct session_state *state = ssh->state;
- int len, r, ms_remain;
-@@ -622,9 +597,9 @@
- /* Format of the configuration file:
-
- @@ -165,6 +166,8 @@ typedef enum {
-- oHashKnownHosts,
- oTunnel, oTunnelDevice,
- oLocalCommand, oPermitLocalCommand, oRemoteCommand,
-+ oDisableMTAES,
- + oTcpRcvBufPoll, oTcpRcvBuf, oHPNDisabled, oHPNBufferSize,
- + oNoneEnabled, oNoneMacEnabled, oNoneSwitch,
- oVisualHostKey,
-@@ -778,9 +753,9 @@
- int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */
- SyslogFacility log_facility; /* Facility for system logging. */
- @@ -115,7 +119,11 @@ typedef struct {
--
- int enable_ssh_keysign;
- int64_t rekey_limit;
-+ int disable_multithreaded; /*disable multithreaded aes-ctr*/
- + int none_switch; /* Use none cipher */
- + int none_enabled; /* Allow none cipher to be used */
- + int nonemac_enabled; /* Allow none MAC to be used */
-@@ -888,9 +863,9 @@
- + options->hpn_buffer_size = CHAN_TCP_WINDOW_DEFAULT;
- + }
- +
-+ if (options->disable_multithreaded == -1)
-+ options->disable_multithreaded = 0;
- if (options->ip_qos_interactive == -1)
-- options->ip_qos_interactive = IPTOS_DSCP_AF21;
-- if (options->ip_qos_bulk == -1)
- @@ -511,6 +564,8 @@ typedef enum {
- sPasswordAuthentication, sKbdInteractiveAuthentication,
- sListenAddress, sAddressFamily,
-@@ -1091,7 +1066,7 @@
- }
-
- +static void
--+hpn_options_init(void)
-++hpn_options_init(struct ssh *ssh)
- +{
- + /*
- + * We need to check to see if what they want to do about buffer
-@@ -1116,7 +1091,7 @@
- + else
- + options.hpn_buffer_size = 2 * 1024 * 1024;
- +
--+ if (datafellows & SSH_BUG_LARGEWINDOW) {
-++ if (ssh->compat & SSH_BUG_LARGEWINDOW) {
- + debug("HPN to Non-HPN Connection");
- + } else {
- + int sock, socksize;
-@@ -1186,7 +1161,7 @@
- + c->dynamic_window = 1;
- + debug("Enabled Dynamic Window Scaling");
- + }
-- debug3("%s: channel_new: %d", __func__, c->self);
-+ debug3_f("channel_new: %d", c->self);
-
- channel_send_open(ssh, c->self);
- @@ -2078,6 +2160,13 @@ ssh_session2(struct ssh *ssh, struct passwd *pw)
-@@ -1198,7 +1173,7 @@
- + * might open channels that use the hpn buffer sizes. We can't send a
- + * window of -1 (the default) to the server as it breaks things.
- + */
--+ hpn_options_init();
-++ hpn_options_init(ssh);
- +
- /* XXX should be pre-session */
- if (!options.control_persist)
-@@ -1297,11 +1272,10 @@
- xxx_host = host;
- xxx_hostaddr = hostaddr;
-
--@@ -482,6 +493,34 @@ ssh_userauth2(struct ssh *ssh, const char *local_user,
--
-+@@ -482,6 +493,33 @@ ssh_userauth2(struct ssh *ssh, const char *local_user,
- if (!authctxt.success)
- fatal("Authentication failed.");
--+
-+
- + /*
- + * If the user wants to use the none cipher, do it post authentication
- + * and only if the right conditions are met -- both of the NONE commands
-@@ -1329,9 +1303,9 @@
- + }
- + }
- +
-- debug("Authentication succeeded (%s).", authctxt.method->name);
-- }
--
-+ #ifdef WITH_OPENSSL
-+ if (options.disable_multithreaded == 0) {
-+ /* if we are using aes-ctr there can be issues in either a fork or sandbox
- diff --git a/sshd.c b/sshd.c
- index 8aa7f3df..d0e3f1b0 100644
- --- a/sshd.c
-@@ -1397,9 +1371,9 @@
- + if (options.nonemac_enabled == 1)
- + debug("WARNING: None MAC enabled");
- +
-- myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(
-+ myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(ssh,
- options.kex_algorithms);
-- myproposal[PROPOSAL_ENC_ALGS_CTOS] = compat_cipher_proposal(
-+ myproposal[PROPOSAL_ENC_ALGS_CTOS] = compat_cipher_proposal(ssh,
- diff --git a/sshd_config b/sshd_config
- index 19b7c91a..cdd889b2 100644
- --- a/sshd_config
diff --git a/net-misc/openssh/files/openssh-8.5_p1-hpn-15.1-sctp-glue.patch b/net-misc/openssh/files/openssh-8.5_p1-hpn-15.1-sctp-glue.patch
deleted file mode 100644
index d4835d1209b5..000000000000
--- a/net-misc/openssh/files/openssh-8.5_p1-hpn-15.1-sctp-glue.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-diff -ur a/openssh-8_4_P1-hpn-DynWinNoneSwitch-15.1.diff b/openssh-8_4_P1-hpn-DynWinNoneSwitch-15.1.diff
---- a/openssh-8_4_P1-hpn-DynWinNoneSwitch-15.1.diff 2021-03-03 15:36:29.211246123 -0800
-+++ b/openssh-8_4_P1-hpn-DynWinNoneSwitch-15.1.diff 2021-03-03 15:36:53.607089097 -0800
-@@ -1401,14 +1401,3 @@
- # Example of overriding settings on a per-user basis
- #Match User anoncvs
- # X11Forwarding no
--diff --git a/version.h b/version.h
--index c2f9c55b..f2e7fa80 100644
----- a/version.h
--+++ b/version.h
--@@ -3,4 +3,5 @@
-- #define SSH_VERSION "OpenSSH_8.4"
--
-- #define SSH_PORTABLE "p1"
---#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
--+#define SSH_HPN "-hpn15v1"
--+#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN