diff options
Diffstat (limited to 'net-misc/openssh')
5 files changed, 0 insertions, 662 deletions
diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest index cb927c8a05c8..f9f75ae3f483 100644 --- a/net-misc/openssh/Manifest +++ b/net-misc/openssh/Manifest @@ -7,10 +7,6 @@ AUX openssh-8.0_p1-hpn-version.patch 590 BLAKE2B 1ff20ab17e7e1a20f7a96ded56ff7c0 AUX openssh-8.3_p1-sha2-include.patch 370 BLAKE2B 3d9ee891d9d647f4ff3b42d47cae4c7a32533bce917b35101fd3c5549717a6b285423894b3372ecb6983d4425c712f4b0590fc95799fd521523d9d74860863c6 SHA512 a1edda5dc43af79e9e4e7d3bcd78cc1c2dbf40e94f22189022dcaf1107c8f2cb2a37c949af5955144f6ada210417a695fe0c4d05d52ba2dbafb1dddf6a1bac3f AUX openssh-8.5_p1-GSSAPI-dns.patch 11631 BLAKE2B 9ed39b04f320612f166b091979a21e7765d19afc3947a95dd3019da25eefcad32fcf2a3f17813441fce87cc03a28e0a52ac1aad3ac4b5b7ecdf3f4f8c391ba4a SHA512 d28f7df54af4cc998e1978a6c0fcb28f88affaad4a347084e429549bc0f74347dd8ad79c0ced0ca5a739e2c3cc19f6516aeb678f3a9709c40f1d0fa16d93b9e4 AUX openssh-8.5_p1-X509-glue-13.0.1.patch 2714 BLAKE2B 03a00a1b9c62d75688706e3f4950510bafea6ae524a3bdbd08a7f059663eae3ff386ffa1ea1edfbf3349231a53b314625778043f39bb52395ffe9ef2a45a8400 SHA512 1ddf7c62ff3e73278a88f9afe5085c4101ef2cae4383cfa7bddc90403db5ea2c9c0fc630d31dc72072c4c008034f02b30cfea149aeb95e70c74292f3b978471b -AUX openssh-8.5_p1-X509-glue-13.0.patch 2773 BLAKE2B f6bfe7a9986a0804eacb83bd61718b2fb5c52b26740441878cadadcd4773abb7a9f441f9263a704c13de5e25c614d989010b6806bde43b767ae892e68733087d SHA512 27894c3a76ce7483585975b41e7b3a64b8e896daaaf958738f8cd4081d4ff0884d945beb11f9e2ae12b87532d9a30bd642e4442db3ced2cf8747c60459752aec -AUX openssh-8.5_p1-hpn-15.1-X509-glue.patch 11216 BLAKE2B 88060a94be8eba6b9b01296f1109f930df38d8596dc3500a8ab40f660a159884783a4ea0be362fb52a86eac1e88e903a7eae4cd6fd293922d73acc9a75eee150 SHA512 7e9799c7ab5cf97e791cb1c2aa0370199e91eeaa01e685c0d164f47fcddbf0fc7f55a9fd7ccba79ee861259d0ebd56d083b77cd0b65472fe9bcc83ceb4f2ad0e -AUX openssh-8.5_p1-hpn-15.1-glue.patch 8744 BLAKE2B 90358656ee0e9ea1dfc7117dc585b296e125b5567fb8e9b12b7da2f00d02a1aa40da4a8fb64158f5ebb0abbd9ed54310f974d389a0ec3e9cface8dd9e1ae9d03 SHA512 8167b35e5daccc6f48af48c17bf01eae54dbff0aa651333e745fda044131746f313cec324275bf5e83592eea53726207763eaccbfb9bbb00fae3247a94eb8322 -AUX openssh-8.5_p1-hpn-15.1-sctp-glue.patch 728 BLAKE2B a9e6000b45fd228fa3623ca9abe6f99efc8e50020cd9584ea8b23e5491eb78253f65adf4ec990cae177874a89d785fa45fec05accae8a97921f804f7581a5ba4 SHA512 a6913dc0cffc5184b38d12f5146085ac6f592350f427bd994ddfa93c0eea041c674e47a80b84cffca9fe72ff5efa7b6797d1eb39addf6b842a6cfc21de4fc3ad AUX openssh-8.5_p1-hpn-15.2-X509-13.0.1-glue.patch 11238 BLAKE2B 3d16907f7330b3e30705610c10f5b5037837442df6840231073ae8d0202543b006bf9b9597df50a3173bbb823050e9c2cb5a391ed5f96c4ac2194fb1e97316a9 SHA512 d1fea164d8431282c150a513886c428f7225eb11980bd7c9cae88754d1165ec799e1ef30b17ffa38990b6c58d9626a412abd550909e34f623f311444e097baaa AUX openssh-8.5_p1-hpn-15.2-glue.patch 3856 BLAKE2B 1661bb20e523141aae3f988f5dac664ec6f3d6517512596183c9c26d051a75b8d013e0d6e7c21aabb597b5c1a7e768c429bdef70bbfe59071f6e4cbb0956960d SHA512 0439ad0f0ab6dc21dd4279c6d252884e3c2ddaba76a207b3b26c88d8a6b8d873cc08345a1a90b8046ec79d33f47395d87e52d5b44b155a186a8aa16d316b82a9 AUX openssh-8.5_p1-hpn-15.2-sctp-glue.patch 727 BLAKE2B fafb6bc3ec680327abf01a7a2f673d4be601094d518d74f5afd0c596c1d60ddfc6f31add6b5533f85bc09cf2122b9e3f7243d5d26a2d6923c88c2f6a811ea2b8 SHA512 eda1c1613e94a7b10df9cc08c87ed8a39edb3f8a160600a74780877772bbd76cc9842d5d5d68ed6a9554e1e310675a1e461d894144d514b8e482d4a1affbc9bd diff --git a/net-misc/openssh/files/openssh-8.5_p1-X509-glue-13.0.patch b/net-misc/openssh/files/openssh-8.5_p1-X509-glue-13.0.patch deleted file mode 100644 index 71b27f284af4..000000000000 --- a/net-misc/openssh/files/openssh-8.5_p1-X509-glue-13.0.patch +++ /dev/null @@ -1,73 +0,0 @@ -diff -ur a/openssh-8.5p1+x509-13.0.diff b/openssh-8.5p1+x509-13.0.diff ---- a/openssh-8.5p1+x509-13.0.diff 2021-03-03 12:26:21.021212996 -0800 -+++ b/openssh-8.5p1+x509-13.0.diff 2021-03-03 18:20:06.476490271 -0800 -@@ -46675,12 +46675,11 @@ - - install-files: - $(MKDIR_P) $(DESTDIR)$(bindir) --@@ -380,6 +364,8 @@ -+@@ -380,6 +364,7 @@ - $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)5 - $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)8 - $(MKDIR_P) $(DESTDIR)$(libexecdir) - + $(MKDIR_P) $(DESTDIR)$(sshcadir) --+ $(MKDIR_P) $(DESTDIR)$(piddir) - $(MKDIR_P) -m 0755 $(DESTDIR)$(PRIVSEP_PATH) - $(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) $(DESTDIR)$(bindir)/ssh$(EXEEXT) - $(INSTALL) -m 0755 $(STRIP_OPT) scp$(EXEEXT) $(DESTDIR)$(bindir)/scp$(EXEEXT) -@@ -63967,7 +63966,7 @@ - - echo "putty interop tests not enabled" - - exit 0 - -fi --+$REGRESS_INTEROP_PUTTY || { echo "putty interop tests are not enabled" >&1; exit 1; } -++$REGRESS_INTEROP_PUTTY || { echo "putty interop tests are not enabled" >&1; exit 0; } - - for c in aes 3des aes128-ctr aes192-ctr aes256-ctr chacha20 ; do - verbose "$tid: cipher $c" -@@ -63982,7 +63981,7 @@ - - echo "putty interop tests not enabled" - - exit 0 - -fi --+$REGRESS_INTEROP_PUTTY || { echo "putty interop tests are not enabled" >&1; exit 1; } -++$REGRESS_INTEROP_PUTTY || { echo "putty interop tests are not enabled" >&1; exit 0; } - - for k in dh-gex-sha1 dh-group1-sha1 dh-group14-sha1 ecdh ; do - verbose "$tid: kex $k" -@@ -63997,7 +63996,7 @@ - - echo "putty interop tests not enabled" - - exit 0 - -fi --+$REGRESS_INTEROP_PUTTY || { echo "putty interop tests are not enabled" >&1; exit 1; } -++$REGRESS_INTEROP_PUTTY || { echo "putty interop tests are not enabled" >&1; exit 0; } - - if [ "`${SSH} -Q compression`" = "none" ]; then - comp="0" -@@ -64129,9 +64128,9 @@ - - +# cross-project configuration - +if test "$sshd_type" = "pkix" ; then --+ unset_arg='' -++ unset_arg= - +else --+ unset_arg=none -++ unset_arg= - +fi - + - cat > $OBJ/sshd_config.i << _EOF -@@ -122238,16 +122237,6 @@ - +int asnmprintf(char **, size_t, int *, const char *, ...) - __attribute__((format(printf, 4, 5))); - void msetlocale(void); --diff -ruN openssh-8.5p1/version.h openssh-8.5p1+x509-13.0/version.h ----- openssh-8.5p1/version.h 2021-03-02 12:31:47.000000000 +0200 --+++ openssh-8.5p1+x509-13.0/version.h 2021-03-03 19:07:00.000000000 +0200 --@@ -2,5 +2,4 @@ -- -- #define SSH_VERSION "OpenSSH_8.5" -- ---#define SSH_PORTABLE "p1" ---#define SSH_RELEASE SSH_VERSION SSH_PORTABLE --+#define SSH_RELEASE PACKAGE_STRING ", " SSH_VERSION "p1" - diff -ruN openssh-8.5p1/version.m4 openssh-8.5p1+x509-13.0/version.m4 - --- openssh-8.5p1/version.m4 1970-01-01 02:00:00.000000000 +0200 - +++ openssh-8.5p1+x509-13.0/version.m4 2021-03-03 19:07:00.000000000 +0200 diff --git a/net-misc/openssh/files/openssh-8.5_p1-hpn-15.1-X509-glue.patch b/net-misc/openssh/files/openssh-8.5_p1-hpn-15.1-X509-glue.patch deleted file mode 100644 index e2d4ce826ea7..000000000000 --- a/net-misc/openssh/files/openssh-8.5_p1-hpn-15.1-X509-glue.patch +++ /dev/null @@ -1,325 +0,0 @@ -diff -ur a/openssh-8_4_P1-hpn-AES-CTR-15.1.diff b/openssh-8_4_P1-hpn-AES-CTR-15.1.diff ---- a/openssh-8_4_P1-hpn-AES-CTR-15.1.diff 2021-03-03 12:57:01.975827879 -0800 -+++ b/openssh-8_4_P1-hpn-AES-CTR-15.1.diff 2021-03-03 18:25:21.929305944 -0800 -@@ -3,9 +3,9 @@ - --- a/Makefile.in - +++ b/Makefile.in - @@ -46,7 +46,7 @@ CFLAGS=@CFLAGS@ -- CFLAGS_NOPIE=@CFLAGS_NOPIE@ -- CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ -- PICFLAG=@PICFLAG@ -+ LD=@LD@ -+ CFLAGS=@CFLAGS@ $(CFLAGS_EXTRA) -+ CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@ - -LIBS=@LIBS@ - +LIBS=@LIBS@ -lpthread - K5LIBS=@K5LIBS@ -@@ -803,8 +803,8 @@ - ssh_packet_set_connection(struct ssh *ssh, int fd_in, int fd_out) - { - struct session_state *state; --- const struct sshcipher *none = cipher_by_name("none"); --+ struct sshcipher *none = cipher_by_name("none"); -+- const struct sshcipher *none = cipher_none(); -++ struct sshcipher *none = cipher_none(); - int r; - - if (none == NULL) { -@@ -894,24 +894,24 @@ - intptr = &options->compression; - multistate_ptr = multistate_compression; - @@ -2062,6 +2068,7 @@ initialize_options(Options * options) -- options->hostbased_accepted_algos = NULL; -- options->pubkey_accepted_algos = NULL; -- options->known_hosts_command = NULL; -+ options->revoked_host_keys = NULL; -+ options->fingerprint_hash = -1; -+ options->update_hostkeys = -1; - + options->disable_multithreaded = -1; - } - - /* - @@ -2247,6 +2254,10 @@ fill_default_options(Options * options) -+ options->update_hostkeys = 0; - if (options->sk_provider == NULL) - options->sk_provider = xstrdup("$SSH_SK_PROVIDER"); -- #endif - + if (options->update_hostkeys == -1) - + options->update_hostkeys = 0; - + if (options->disable_multithreaded == -1) - + options->disable_multithreaded = 0; - -- /* Expand KEX name lists */ -- all_cipher = cipher_alg_list(',', 0); -+ /* expand KEX and etc. name lists */ -+ { char *all; - diff --git a/readconf.h b/readconf.h - index d6a15550..d2d20548 100644 - --- a/readconf.h -@@ -950,9 +950,9 @@ - /* Portable-specific options */ - sUsePAM, - + sDisableMTAES, -- /* Standard Options */ -- sPort, sHostKeyFile, sLoginGraceTime, -- sPermitRootLogin, sLogFacility, sLogLevel, -+ /* X.509 Standard Options */ -+ sHostbasedAlgorithms, -+ sPubkeyAlgorithms, - @@ -672,6 +676,7 @@ static struct { - { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, - { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL }, -diff -ur a/openssh-8_4_P1-hpn-DynWinNoneSwitch-15.1.diff b/openssh-8_4_P1-hpn-DynWinNoneSwitch-15.1.diff ---- a/openssh-8_4_P1-hpn-DynWinNoneSwitch-15.1.diff 2021-03-03 19:05:28.942903961 -0800 -+++ b/openssh-8_4_P1-hpn-DynWinNoneSwitch-15.1.diff 2021-03-03 20:36:34.702362020 -0800 -@@ -157,6 +157,36 @@ - + Allan Jude provided the code for the NoneMac and buffer normalization. - + This work was financed, in part, by Cisco System, Inc., the National - + Library of Medicine, and the National Science Foundation. -+diff --git a/auth2.c b/auth2.c -+--- a/auth2.c 2021-03-03 20:34:51.312051369 -0800 -++++ b/auth2.c 2021-03-03 20:35:15.797888115 -0800 -+@@ -229,16 +229,17 @@ -+ double delay; -+ -+ digest_alg = ssh_digest_maxbytes(); -+- len = ssh_digest_bytes(digest_alg); -+- hash = xmalloc(len); -++ if (len = ssh_digest_bytes(digest_alg) > 0) { -++ hash = xmalloc(len); -+ -+- (void)snprintf(b, sizeof b, "%llu%s", -+- (unsigned long long)options.timing_secret, user); -+- if (ssh_digest_memory(digest_alg, b, strlen(b), hash, len) != 0) -+- fatal_f("ssh_digest_memory"); -+- /* 0-4.2 ms of delay */ -+- delay = (double)PEEK_U32(hash) / 1000 / 1000 / 1000 / 1000; -+- freezero(hash, len); -++ (void)snprintf(b, sizeof b, "%llu%s", -++ (unsigned long long)options.timing_secret, user); -++ if (ssh_digest_memory(digest_alg, b, strlen(b), hash, len) != 0) -++ fatal_f("ssh_digest_memory"); -++ /* 0-4.2 ms of delay */ -++ delay = (double)PEEK_U32(hash) / 1000 / 1000 / 1000 / 1000; -++ freezero(hash, len); -++ } -+ debug3_f("user specific delay %0.3lfms", delay/1000); -+ return MIN_FAIL_DELAY_SECONDS + delay; -+ } - diff --git a/channels.c b/channels.c - index e4917f3c..e0db582e 100644 - --- a/channels.c -@@ -209,14 +239,14 @@ - static void - channel_pre_open(struct ssh *ssh, Channel *c, - fd_set *readset, fd_set *writeset) --@@ -2179,22 +2206,31 @@ channel_check_window(struct ssh *ssh, Channel *c) -+@@ -2179,21 +2206,31 @@ channel_check_window(struct ssh *ssh, Channel *c) - - if (c->type == SSH_CHANNEL_OPEN && - !(c->flags & (CHAN_CLOSE_SENT|CHAN_CLOSE_RCVD)) && - - ((c->local_window_max - c->local_window > - - c->local_maxpacket*3) || --+ ((ssh_packet_is_interactive(ssh) && --+ c->local_window_max - c->local_window > c->local_maxpacket*3) || -++ ((ssh_packet_is_interactive(ssh) && -++ c->local_window_max - c->local_window > c->local_maxpacket*3) || - c->local_window < c->local_window_max/2) && - c->local_consumed > 0) { - + u_int addition = 0; -@@ -234,10 +264,12 @@ - SSH2_MSG_CHANNEL_WINDOW_ADJUST)) != 0 || - (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 || - - (r = sshpkt_put_u32(ssh, c->local_consumed)) != 0 || -+- (r = sshpkt_send(ssh)) != 0) -+- fatal_fr(r, "channel %d", c->self); - + (r = sshpkt_put_u32(ssh, c->local_consumed + addition)) != 0 || -- (r = sshpkt_send(ssh)) != 0) { -- fatal_fr(r, "channel %i", c->self); -- } -++ (r = sshpkt_send(ssh)) != 0) { -++ fatal_fr(r, "channel %i", c->self); -++ } - debug2("channel %d: window %d sent adjust %d", c->self, - - c->local_window, c->local_consumed); - - c->local_window += c->local_consumed; -@@ -384,20 +416,38 @@ - index dec8e7e9..3c11558e 100644 - --- a/compat.c - +++ b/compat.c --@@ -150,6 +150,13 @@ compat_banner(struct ssh *ssh, const char *version) -- debug_f("match: %s pat %s compat 0x%08x", -+@@ -43,7 +43,7 @@ -+ static u_int -+ compat_datafellows(const char *version) -+ { -+- int i; -++ int i, bugs = 0; -+ static struct { -+ char *pat; -+ int bugs; -+@@ -147,11 +147,19 @@ -+ if (match_pattern_list(version, check[i].pat, 0) == 1) { -+ debug("match: %s pat %s compat 0x%08x", - version, check[i].pat, check[i].bugs); -- ssh->compat = check[i].bugs; --+ /* Check to see if the remote side is OpenSSH and not HPN */ --+ if (strstr(version, "OpenSSH") != NULL) { --+ if (strstr(version, "hpn") == NULL) { --+ ssh->compat |= SSH_BUG_LARGEWINDOW; --+ debug("Remote is NON-HPN aware"); --+ } --+ } -- return; -+- return check[i].bugs; -++ bugs |= check[i].bugs; - } - } -+- debug("no match: %s", version); -+- return 0; -++ /* Check to see if the remote side is OpenSSH and not HPN */ -++ if (strstr(version, "OpenSSH") != NULL) { -++ if (strstr(version, "hpn") == NULL) { -++ bugs |= SSH_BUG_LARGEWINDOW; -++ debug("Remote is NON-HPN aware"); -++ } -++ } -++ if (bugs == 0) -++ debug("no match: %s", version); -++ return bugs; -+ } -+ -+ char * - diff --git a/compat.h b/compat.h - index 66db42cc..d4e811e4 100644 - --- a/compat.h -@@ -456,7 +506,7 @@ - @@ -888,6 +888,10 @@ kex_choose_conf(struct ssh *ssh) - int nenc, nmac, ncomp; - u_int mode, ctos, need, dh_need, authlen; -- int r, first_kex_follows; -+ int r, first_kex_follows = 0; - + int auth_flag = 0; - + - + auth_flag = packet_authentication_state(ssh); -@@ -1033,19 +1083,6 @@ - - /* File to read commands from */ - FILE* infile; --diff --git a/ssh-keygen.c b/ssh-keygen.c --index a12b79a5..8b839219 100644 ----- a/ssh-keygen.c --+++ b/ssh-keygen.c --@@ -2999,7 +2999,7 @@ do_download_sk(const char *skprovider, const char *device) -- freezero(pin, strlen(pin)); -- error("Unable to load resident keys: %s", ssh_err(r)); -- return -1; --- } --+ } -- if (nkeys == 0) -- logit("No keys to download"); -- if (pin != NULL) - diff --git a/ssh.c b/ssh.c - index f34ca0d7..d7d134f7 100644 - --- a/ssh.c -@@ -1091,7 +1128,7 @@ - + else - + options.hpn_buffer_size = 2 * 1024 * 1024; - + --+ if (ssh->compat & SSH_BUG_LARGEWINDOW) { -++ if (ssh_compat_fellows(ssh, SSH_BUG_LARGEWINDOW)) { - + debug("HPN to Non-HPN Connection"); - + } else { - + int sock, socksize; -@@ -1331,6 +1368,26 @@ - /* Bind the socket to the desired port. */ - if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) == -1) { - error("Bind to port %s on %s failed: %.200s.", -+@@ -1625,12 +1625,13 @@ -+ if (ssh_digest_update(ctx, sshbuf_ptr(server_cfg), -+ sshbuf_len(server_cfg)) != 0) -+ fatal_f("ssh_digest_update"); -+- len = ssh_digest_bytes(digest_alg); -+- hash = xmalloc(len); -+- if (ssh_digest_final(ctx, hash, len) != 0) -+- fatal_f("ssh_digest_final"); -+- options.timing_secret = PEEK_U64(hash); -+- freezero(hash, len); -++ if (len = ssh_digest_bytes(digest_alg) > 0) { -++ hash = xmalloc(len); -++ if (ssh_digest_final(ctx, hash, len) != 0) -++ fatal_f("ssh_digest_final"); -++ options.timing_secret = PEEK_U64(hash); -++ freezero(hash, len); -++ } -+ ssh_digest_free(ctx); -+ ctx = NULL; -+ return; - @@ -1746,6 +1753,19 @@ main(int ac, char **av) - /* Fill in default values for those options not explicitly set. */ - fill_default_server_options(&options); -@@ -1401,14 +1458,3 @@ - # Example of overriding settings on a per-user basis - #Match User anoncvs - # X11Forwarding no --diff --git a/version.h b/version.h --index c2f9c55b..f2e7fa80 100644 ----- a/version.h --+++ b/version.h --@@ -3,4 +3,5 @@ -- #define SSH_VERSION "OpenSSH_8.4" -- -- #define SSH_PORTABLE "p1" ---#define SSH_RELEASE SSH_VERSION SSH_PORTABLE --+#define SSH_HPN "-hpn15v1" --+#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN -diff -ur a/openssh-8_4_P1-hpn-PeakTput-15.1.diff b/openssh-8_4_P1-hpn-PeakTput-15.1.diff ---- a/openssh-8_4_P1-hpn-PeakTput-15.1.diff 2021-03-03 12:57:01.975827879 -0800 -+++ b/openssh-8_4_P1-hpn-PeakTput-15.1.diff 2021-03-03 18:25:21.930305937 -0800 -@@ -12,9 +12,9 @@ - static long stalled; /* how long we have been stalled */ - static int bytes_per_second; /* current speed in bytes per second */ - @@ -127,6 +129,7 @@ refresh_progress_meter(int force_update) -+ off_t bytes_left; - int cur_speed; -- int hours, minutes, seconds; -- int file_len; -+ int len; - + off_t delta_pos; - - if ((!force_update && !alarm_fired && !win_resized) || !can_output()) -@@ -33,12 +33,12 @@ - @@ -166,7 +173,7 @@ refresh_progress_meter(int force_update) - - /* filename */ -- buf[0] = '\0'; --- file_len = win_size - 36; --+ file_len = win_size - 45; -- if (file_len > 0) { -- buf[0] = '\r'; -- snmprintf(buf+1, sizeof(buf)-1, &file_len, "%-*s", -+ if (win_size > 36) { -+- int file_len = win_size - 36; -++ int file_len = win_size - 45; -+ snmprintf(buf+1, sizeof(buf)-1, &file_len, "%-*s ", -+ file_len, file); -+ } - @@ -191,6 +198,15 @@ refresh_progress_meter(int force_update) - (off_t)bytes_per_second); - strlcat(buf, "/s ", win_size); -@@ -63,15 +63,3 @@ - } - - /*ARGSUSED*/ --diff --git a/ssh-keygen.c b/ssh-keygen.c --index a12b79a5..76b22338 100644 ----- a/ssh-keygen.c --+++ b/ssh-keygen.c --@@ -2987,7 +2987,6 @@ do_download_sk(const char *skprovider, const char *device) -- -- if (skprovider == NULL) -- fatal("Cannot download keys without provider"); --- -- pin = read_passphrase("Enter PIN for authenticator: ", RP_ALLOW_STDIN); -- if (!quiet) { -- printf("You may need to touch your authenticator " diff --git a/net-misc/openssh/files/openssh-8.5_p1-hpn-15.1-glue.patch b/net-misc/openssh/files/openssh-8.5_p1-hpn-15.1-glue.patch deleted file mode 100644 index ec6e687271cf..000000000000 --- a/net-misc/openssh/files/openssh-8.5_p1-hpn-15.1-glue.patch +++ /dev/null @@ -1,242 +0,0 @@ -diff -ur a/openssh-8_4_P1-hpn-AES-CTR-15.1.diff b/openssh-8_4_P1-hpn-AES-CTR-15.1.diff ---- a/openssh-8_4_P1-hpn-AES-CTR-15.1.diff 2021-03-03 11:08:18.300474672 -0800 -+++ b/openssh-8_4_P1-hpn-AES-CTR-15.1.diff 2021-03-03 11:18:42.408298903 -0800 -@@ -894,9 +894,9 @@ - intptr = &options->compression; - multistate_ptr = multistate_compression; - @@ -2062,6 +2068,7 @@ initialize_options(Options * options) -- options->update_hostkeys = -1; -- options->hostbased_key_types = NULL; -- options->pubkey_key_types = NULL; -+ options->hostbased_accepted_algos = NULL; -+ options->pubkey_accepted_algos = NULL; -+ options->known_hosts_command = NULL; - + options->disable_multithreaded = -1; - } - -diff -ur a/openssh-8_4_P1-hpn-DynWinNoneSwitch-15.1.diff b/openssh-8_4_P1-hpn-DynWinNoneSwitch-15.1.diff ---- a/openssh-8_4_P1-hpn-DynWinNoneSwitch-15.1.diff 2021-03-03 11:08:18.300474672 -0800 -+++ b/openssh-8_4_P1-hpn-DynWinNoneSwitch-15.1.diff 2021-03-03 12:53:24.117319233 -0800 -@@ -209,7 +209,7 @@ - static void - channel_pre_open(struct ssh *ssh, Channel *c, - fd_set *readset, fd_set *writeset) --@@ -2179,25 +2206,34 @@ channel_check_window(struct ssh *ssh, Channel *c) -+@@ -2179,22 +2206,31 @@ channel_check_window(struct ssh *ssh, Channel *c) - - if (c->type == SSH_CHANNEL_OPEN && - !(c->flags & (CHAN_CLOSE_SENT|CHAN_CLOSE_RCVD)) && -@@ -229,22 +229,19 @@ - + debug("Channel: Window growth to %d by %d bytes", c->local_window_max, addition); - + } - if (!c->have_remote_id) -- fatal(":%s: channel %d: no remote id", -- __func__, c->self); -+ fatal_f("channel %d: no remote id", c->self); - if ((r = sshpkt_start(ssh, - SSH2_MSG_CHANNEL_WINDOW_ADJUST)) != 0 || - (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 || - - (r = sshpkt_put_u32(ssh, c->local_consumed)) != 0 || - + (r = sshpkt_put_u32(ssh, c->local_consumed + addition)) != 0 || - (r = sshpkt_send(ssh)) != 0) { -- fatal("%s: channel %i: %s", __func__, -- c->self, ssh_err(r)); -+ fatal_fr(r, "channel %i", c->self); - } -- debug2("channel %d: window %d sent adjust %d", -- c->self, c->local_window, --- c->local_consumed); -+ debug2("channel %d: window %d sent adjust %d", c->self, -+- c->local_window, c->local_consumed); - - c->local_window += c->local_consumed; --+ c->local_consumed + addition); -++ c->local_window, c->local_consumed + addition); - + c->local_window += c->local_consumed + addition; - c->local_consumed = 0; - } -@@ -387,18 +384,18 @@ - index dec8e7e9..3c11558e 100644 - --- a/compat.c - +++ b/compat.c --@@ -150,6 +150,13 @@ compat_datafellows(const char *version) -- debug("match: %s pat %s compat 0x%08x", -+@@ -150,6 +150,13 @@ compat_banner(struct ssh *ssh, const char *version) -+ debug_f("match: %s pat %s compat 0x%08x", - version, check[i].pat, check[i].bugs); -- datafellows = check[i].bugs; /* XXX for now */ -+ ssh->compat = check[i].bugs; - + /* Check to see if the remote side is OpenSSH and not HPN */ - + if (strstr(version, "OpenSSH") != NULL) { - + if (strstr(version, "hpn") == NULL) { --+ datafellows |= SSH_BUG_LARGEWINDOW; -++ ssh->compat |= SSH_BUG_LARGEWINDOW; - + debug("Remote is NON-HPN aware"); - + } - + } -- return check[i].bugs; -+ return; - } - } - diff --git a/compat.h b/compat.h -@@ -431,9 +428,9 @@ - --- a/digest-openssl.c - +++ b/digest-openssl.c - @@ -61,6 +61,7 @@ const struct ssh_digest digests[] = { -- { SSH_DIGEST_SHA256, "SHA256", 32, EVP_sha256 }, -+ { SSH_DIGEST_SHA256, "SHA256", 32, EVP_sha256 }, - { SSH_DIGEST_SHA384, "SHA384", 48, EVP_sha384 }, -- { SSH_DIGEST_SHA512, "SHA512", 64, EVP_sha512 }, -+ { SSH_DIGEST_SHA512, "SHA512", 64, EVP_sha512 }, - + { SSH_DIGEST_NULL, "NONEMAC", 0, EVP_md_null}, - { -1, NULL, 0, NULL }, - }; -@@ -536,18 +533,10 @@ - if (state->rekey_limit) - *max_blocks = MINIMUM(*max_blocks, - state->rekey_limit / enc->block_size); --@@ -966,6 +975,24 @@ ssh_set_newkeys(struct ssh *ssh, int mode) -+@@ -966,6 +975,16 @@ ssh_set_newkeys(struct ssh *ssh, int mode) - return 0; - } - --+/* this supports the forced rekeying required for the NONE cipher */ --+int rekey_requested = 0; --+void --+packet_request_rekeying(void) --+{ --+ rekey_requested = 1; --+} --+ - +/* used to determine if pre or post auth when rekeying for aes-ctr - + * and none cipher switch */ - +int -@@ -561,20 +550,6 @@ - #define MAX_PACKETS (1U<<31) - static int - ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len) --@@ -992,6 +1019,13 @@ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len) -- if (state->p_send.packets == 0 && state->p_read.packets == 0) -- return 0; -- --+ /* used to force rekeying when called for by the none --+ * cipher switch methods -cjr */ --+ if (rekey_requested == 1) { --+ rekey_requested = 0; --+ return 1; --+ } --+ -- /* Time-based rekeying */ -- if (state->rekey_interval != 0 && -- (int64_t)state->rekey_time + state->rekey_interval <= monotime()) - @@ -1330,7 +1364,7 @@ ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) - struct session_state *state = ssh->state; - int len, r, ms_remain; -@@ -622,9 +597,9 @@ - /* Format of the configuration file: - - @@ -165,6 +166,8 @@ typedef enum { -- oHashKnownHosts, - oTunnel, oTunnelDevice, - oLocalCommand, oPermitLocalCommand, oRemoteCommand, -+ oDisableMTAES, - + oTcpRcvBufPoll, oTcpRcvBuf, oHPNDisabled, oHPNBufferSize, - + oNoneEnabled, oNoneMacEnabled, oNoneSwitch, - oVisualHostKey, -@@ -778,9 +753,9 @@ - int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */ - SyslogFacility log_facility; /* Facility for system logging. */ - @@ -115,7 +119,11 @@ typedef struct { -- - int enable_ssh_keysign; - int64_t rekey_limit; -+ int disable_multithreaded; /*disable multithreaded aes-ctr*/ - + int none_switch; /* Use none cipher */ - + int none_enabled; /* Allow none cipher to be used */ - + int nonemac_enabled; /* Allow none MAC to be used */ -@@ -888,9 +863,9 @@ - + options->hpn_buffer_size = CHAN_TCP_WINDOW_DEFAULT; - + } - + -+ if (options->disable_multithreaded == -1) -+ options->disable_multithreaded = 0; - if (options->ip_qos_interactive == -1) -- options->ip_qos_interactive = IPTOS_DSCP_AF21; -- if (options->ip_qos_bulk == -1) - @@ -511,6 +564,8 @@ typedef enum { - sPasswordAuthentication, sKbdInteractiveAuthentication, - sListenAddress, sAddressFamily, -@@ -1091,7 +1066,7 @@ - } - - +static void --+hpn_options_init(void) -++hpn_options_init(struct ssh *ssh) - +{ - + /* - + * We need to check to see if what they want to do about buffer -@@ -1116,7 +1091,7 @@ - + else - + options.hpn_buffer_size = 2 * 1024 * 1024; - + --+ if (datafellows & SSH_BUG_LARGEWINDOW) { -++ if (ssh->compat & SSH_BUG_LARGEWINDOW) { - + debug("HPN to Non-HPN Connection"); - + } else { - + int sock, socksize; -@@ -1186,7 +1161,7 @@ - + c->dynamic_window = 1; - + debug("Enabled Dynamic Window Scaling"); - + } -- debug3("%s: channel_new: %d", __func__, c->self); -+ debug3_f("channel_new: %d", c->self); - - channel_send_open(ssh, c->self); - @@ -2078,6 +2160,13 @@ ssh_session2(struct ssh *ssh, struct passwd *pw) -@@ -1198,7 +1173,7 @@ - + * might open channels that use the hpn buffer sizes. We can't send a - + * window of -1 (the default) to the server as it breaks things. - + */ --+ hpn_options_init(); -++ hpn_options_init(ssh); - + - /* XXX should be pre-session */ - if (!options.control_persist) -@@ -1297,11 +1272,10 @@ - xxx_host = host; - xxx_hostaddr = hostaddr; - --@@ -482,6 +493,34 @@ ssh_userauth2(struct ssh *ssh, const char *local_user, -- -+@@ -482,6 +493,33 @@ ssh_userauth2(struct ssh *ssh, const char *local_user, - if (!authctxt.success) - fatal("Authentication failed."); --+ -+ - + /* - + * If the user wants to use the none cipher, do it post authentication - + * and only if the right conditions are met -- both of the NONE commands -@@ -1329,9 +1303,9 @@ - + } - + } - + -- debug("Authentication succeeded (%s).", authctxt.method->name); -- } -- -+ #ifdef WITH_OPENSSL -+ if (options.disable_multithreaded == 0) { -+ /* if we are using aes-ctr there can be issues in either a fork or sandbox - diff --git a/sshd.c b/sshd.c - index 8aa7f3df..d0e3f1b0 100644 - --- a/sshd.c -@@ -1397,9 +1371,9 @@ - + if (options.nonemac_enabled == 1) - + debug("WARNING: None MAC enabled"); - + -- myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal( -+ myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(ssh, - options.kex_algorithms); -- myproposal[PROPOSAL_ENC_ALGS_CTOS] = compat_cipher_proposal( -+ myproposal[PROPOSAL_ENC_ALGS_CTOS] = compat_cipher_proposal(ssh, - diff --git a/sshd_config b/sshd_config - index 19b7c91a..cdd889b2 100644 - --- a/sshd_config diff --git a/net-misc/openssh/files/openssh-8.5_p1-hpn-15.1-sctp-glue.patch b/net-misc/openssh/files/openssh-8.5_p1-hpn-15.1-sctp-glue.patch deleted file mode 100644 index d4835d1209b5..000000000000 --- a/net-misc/openssh/files/openssh-8.5_p1-hpn-15.1-sctp-glue.patch +++ /dev/null @@ -1,18 +0,0 @@ -diff -ur a/openssh-8_4_P1-hpn-DynWinNoneSwitch-15.1.diff b/openssh-8_4_P1-hpn-DynWinNoneSwitch-15.1.diff ---- a/openssh-8_4_P1-hpn-DynWinNoneSwitch-15.1.diff 2021-03-03 15:36:29.211246123 -0800 -+++ b/openssh-8_4_P1-hpn-DynWinNoneSwitch-15.1.diff 2021-03-03 15:36:53.607089097 -0800 -@@ -1401,14 +1401,3 @@ - # Example of overriding settings on a per-user basis - #Match User anoncvs - # X11Forwarding no --diff --git a/version.h b/version.h --index c2f9c55b..f2e7fa80 100644 ----- a/version.h --+++ b/version.h --@@ -3,4 +3,5 @@ -- #define SSH_VERSION "OpenSSH_8.4" -- -- #define SSH_PORTABLE "p1" ---#define SSH_RELEASE SSH_VERSION SSH_PORTABLE --+#define SSH_HPN "-hpn15v1" --+#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN |