From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-977893-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id F35891396D9
	for <garchives@archives.gentoo.org>; Thu, 12 Oct 2017 00:42:27 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 2ECAEE0BFA;
	Thu, 12 Oct 2017 00:42:26 +0000 (UTC)
Received: from smtp.gentoo.org (mail.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id F18A3E0BFA
	for <gentoo-commits@lists.gentoo.org>; Thu, 12 Oct 2017 00:42:24 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 5BF1933BF24
	for <gentoo-commits@lists.gentoo.org>; Thu, 12 Oct 2017 00:42:23 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 998119094
	for <gentoo-commits@lists.gentoo.org>; Thu, 12 Oct 2017 00:42:21 +0000 (UTC)
From: "Patrick McLean" <chutzpah@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Patrick McLean" <chutzpah@gentoo.org>
Message-ID: <1507768900.457856fd81528d41551c5fed457e1bd627498093.chutzpah@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/files/, net-misc/openssh/
X-VCS-Repository: repo/gentoo
X-VCS-Files: net-misc/openssh/Manifest net-misc/openssh/files/openssh-7.6_p1-hpn-x509-11.0-glue.patch net-misc/openssh/files/openssh-7.6_p1-warnings.patch net-misc/openssh/openssh-7.6_p1.ebuild
X-VCS-Directories: net-misc/openssh/ net-misc/openssh/files/
X-VCS-Committer: chutzpah
X-VCS-Committer-Name: Patrick McLean
X-VCS-Revision: 457856fd81528d41551c5fed457e1bd627498093
X-VCS-Branch: master
Date: Thu, 12 Oct 2017 00:42:21 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Archives-Salt: ba1736f9-6ad5-46a9-a170-8db71ecb3dac
X-Archives-Hash: 7470f026fbb2c5c52b79d31177d87ff9

commit:     457856fd81528d41551c5fed457e1bd627498093
Author:     Patrick McLean <chutzpah <AT> gentoo <DOT> org>
AuthorDate: Wed Oct 11 22:51:05 2017 +0000
Commit:     Patrick McLean <chutzpah <AT> gentoo <DOT> org>
CommitDate: Thu Oct 12 00:41:40 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=457856fd

net-misc/openssh: Add updated X509 patchset to 7.6_p1

Had to drop the multithreaded aes-ctr cipher as it seems to cause
test failures with OpenSSH 7.6p1. We can re-add in the future if
a fix is found.

Package-Manager: Portage-2.3.11, Repoman-2.3.3

 net-misc/openssh/Manifest                          |  1 +
 .../files/openssh-7.6_p1-hpn-x509-11.0-glue.patch  | 50 ++++++++++++++++++++++
 .../openssh/files/openssh-7.6_p1-warnings.patch    | 12 ++++++
 net-misc/openssh/openssh-7.6_p1.ebuild             | 12 +++++-
 4 files changed, 73 insertions(+), 2 deletions(-)

diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest
index df01594ce28..c9efd08b421 100644
--- a/net-misc/openssh/Manifest
+++ b/net-misc/openssh/Manifest
@@ -5,6 +5,7 @@ DIST openssh-7.5p1-hpnssh14v12.tar.xz 23068 SHA256 8a1ed99c121a4ad21d7a26cd32627
 DIST openssh-7.5p1.tar.gz 1510857 SHA256 9846e3c5fab9f0547400b4d2c017992f914222b3fd1f8eee6c7dc6bc5e59f9f0 SHA512 58c542e8a110fb4316a68db94abb663fa1c810becd0638d45281df8aeca62c1f705090437a80e788e6c29121769b72a505feced537d3118c933fde01b5285c81 WHIRLPOOL 1a42c68d8e350bc4790dd4c1a98dd6571bfa353ad6871b1462c53b6412f752719daabd1a13bb4434d294de966a00428ac66334bab45f371420029b5e34a6914c
 DIST openssh-7.6_p1-sctp.patch.xz 6996 SHA256 ca61f0b015d2f7131620a2a4901800b70026755a52a7b882d437cd9813c2652d SHA512 8445a9a8ae8e8baa67c8f386117877ba3f39f33c9cdaff341c8d5fb4ce9dfe22f26d5aedc2b0d4aab67864994ec5a6a487d18b728bd5d5c6efe14175eb9c8151 WHIRLPOOL 27125d4a7d45f0bc67f424598542cf97e123824bce7911732891531b6a0aa37b7598f636e1643a6114626c2ccc622a50928ffcdb4357c7dc3d9c3d8c161d9626
 DIST openssh-7.6p1+x509-11.0.diff.gz 440219 SHA256 bc4175ed8efce14579f10e242b25a23c959b1ff0e63b7c15493503eb654a960e SHA512 add86ecdaa696d997f869e6878aaaef285590cc5eddf301be651944bbc6c80af6a891bad6f6aaa4b6e9919ad865a27dc6f45a6e0b923ca52c04f06523fa3197a WHIRLPOOL 1b324f72a6cb0c895b3994d59f3505ff2a4a0529829cea07344a33a68ee4d43c22ba534a55454792618cd9f766cd40fa5af73cc054ee3a08bccdb6e8d0073b29
+DIST openssh-7.6p1-hpnssh14v12.tar.xz 15392 SHA256 4ccb05096556233d81b68b330463ef2bd84384734ff3a8693ad28ac2d4681227 SHA512 0e2c62cdec360090b359edfd5bbe894fb25d22e387677e8a5d6cf6a0807b0572fda30b90c30390d5b68e359e9958cb1c65abae4afd9af5892c3f64f6f8001956 WHIRLPOOL c7bdc79d849bacaf1a6fb262a11b3b6cf905e95c11e9818c4434559fcea3bc5273496bb8d29e3a5edb116420b4dabc3ef17789e66864c488006c660331c18bc4
 DIST openssh-7.6p1.tar.gz 1489788 SHA256 a323caeeddfe145baaa0db16e98d784b1fbc7dd436a6bf1f479dfd5cd1d21723 SHA512 de17fdcb8239401f76740c8d689a8761802f6df94e68d953f3c70b9f4f8bdb403617c48c1d01cc8c368d88e9d50aee540bf03d5a36687dfb39dfd28d73029d72 WHIRLPOOL 537b94555c7b36b2f7ef2ecd89e6671028f7cff9be758e631690ecd068510d59d6518077bf951e779e3c8a39706adb1682c6d5305edd6fc611ec19ce7953c751
 DIST openssh-lpk-7.5p1-0.3.14.patch.xz 17040 SHA256 11060be996b291b8d78de698c68a92428430e4ff440553f5045c6de5c0e1dab3 SHA512 9ce5d7e5d831c972f0f866b686bf93a048a03979ab38627973f5491eeeaa45f9faab0520b3a7ed90a13a67213fdc9cd4cf11e423acad441ea91b71037c8b435b WHIRLPOOL 58526777475786bb5efa193f3a3ec0500c4d48b18fef67698f8b1999cb07f04fbca7b7d3ece469f3a1e1ceca5152cdd08d3dbe7cfa4e7494740dc2c233101b93
 DIST openssh-lpk-7.6p1-0.3.14.patch.xz 17044 SHA256 fd877cf084d4eb682c503b6e5f363b0564da2b50561367558a50ab239adf4017 SHA512 e9a2b18fd6a58354198b6e48199059d055451a5f09c99bf7293d0d54137a59c581a9cb3bd906f31589e03d8450fb017b9015e18c67b7b6ae840e336039436974 WHIRLPOOL 8410dc9dad24d8b3065ba85e7a7a66322b4d37eac0ef68e72143afa3aba2706e91c324798236b9d3e320e6903d27a7e426621bde92ded89ce26a16535e8c3d3c

diff --git a/net-misc/openssh/files/openssh-7.6_p1-hpn-x509-11.0-glue.patch b/net-misc/openssh/files/openssh-7.6_p1-hpn-x509-11.0-glue.patch
new file mode 100644
index 00000000000..d55656aae97
--- /dev/null
+++ b/net-misc/openssh/files/openssh-7.6_p1-hpn-x509-11.0-glue.patch
@@ -0,0 +1,50 @@
+--- a/openssh-7.6p1-hpnssh14v12/0004-support-dynamically-sized-receive-buffers.patch	2017-10-11 15:02:11.850912525 -0700
++++ b/openssh-7.6p1-hpnssh14v12/0004-support-dynamically-sized-receive-buffers.patch	2017-10-11 15:35:06.223424844 -0700
+@@ -907,9 +907,9 @@
+ @@ -517,7 +544,7 @@ send_client_banner(int connection_out, int minor1)
+  {
+  	/* Send our own protocol version identification. */
+- 	xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n",
+--	    PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION);
+-+	    PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE);
++ 	xasprintf(&client_version_string, "SSH-%d.%d-%.100s PKIX[%s]\r\n",
++-	    PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION, PACKAGE_VERSION);
+++	    PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE, PACKAGE_VERSION);
+  	if (atomicio(vwrite, connection_out, client_version_string,
+  	    strlen(client_version_string)) != strlen(client_version_string))
+  		fatal("write: %.100s", strerror(errno));
+@@ -918,11 +918,11 @@
+ --- a/sshd.c
+ +++ b/sshd.c
+ @@ -367,7 +367,7 @@ sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out)
+- 	char remote_version[256];	/* Must be at least as big as buf. */
++ 	}
+  
+- 	xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s\r\n",
+--	    PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION,
+-+	    PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE,
++	xasprintf(&server_version_string, "SSH-%d.%d-%s%s%s%s\r\n",
++-	    PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION, pkix_comment,
+++	    PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE, pkix_comment,
+  	    *options.version_addendum == '\0' ? "" : " ",
+  	    options.version_addendum);
+  
+@@ -982,13 +982,14 @@
+ index e093f623..83f0932d 100644
+ --- a/version.h
+ +++ b/version.h
+-@@ -3,4 +3,5 @@
++@@ -3,3 +3,6 @@
+  #define SSH_VERSION	"OpenSSH_7.6"
+  
+- #define SSH_PORTABLE	"p1"
+--#define SSH_RELEASE	SSH_VERSION SSH_PORTABLE
++-#define SSH_RELEASE	PACKAGE_STRING ", " SSH_VERSION "p1"
+++#define SSH_PORTABLE	"p1"
+ +#define SSH_HPN		"-hpn14v12"
+++#define SSH_X509		"-PKIXSSH-11.0"
+-+#define SSH_RELEASE	SSH_VERSION SSH_PORTABLE SSH_HPN
+++#define SSH_RELEASE	PACKAGE_STRING ", " SSH_VERSION "p1" SSH_HPN
+ -- 
+ 2.14.2
+ 

diff --git a/net-misc/openssh/files/openssh-7.6_p1-warnings.patch b/net-misc/openssh/files/openssh-7.6_p1-warnings.patch
new file mode 100644
index 00000000000..5843dd162cd
--- /dev/null
+++ b/net-misc/openssh/files/openssh-7.6_p1-warnings.patch
@@ -0,0 +1,12 @@
+diff --git a/openbsd-compat/freezero.c b/openbsd-compat/freezero.c
+index 3af8f4a7..7f6bc7fa 100644
+--- a/openbsd-compat/freezero.c
++++ b/openbsd-compat/freezero.c
+@@ -14,6 +14,7 @@
+  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+  */
+ 
++#include <string.h>
+ #include "includes.h"
+ 
+ #ifndef HAVE_FREEZERO

diff --git a/net-misc/openssh/openssh-7.6_p1.ebuild b/net-misc/openssh/openssh-7.6_p1.ebuild
index 1c315b793a6..a15c07cdc85 100644
--- a/net-misc/openssh/openssh-7.6_p1.ebuild
+++ b/net-misc/openssh/openssh-7.6_p1.ebuild
@@ -9,7 +9,7 @@ inherit user flag-o-matic multilib autotools pam systemd versionator
 # and _p? releases.
 PARCH=${P/_}
 
-#HPN_PATCH="${PARCH}-hpnssh14v12.tar.xz"
+HPN_PATCH="${PARCH}-hpnssh14v12.tar.xz"
 SCTP_PATCH="${PN}-7.6_p1-sctp.patch.xz"
 LDAP_PATCH="${PN}-lpk-7.6p1-0.3.14.patch.xz"
 X509_VER="11.0" X509_PATCH="${PN}-${PV/_}+x509-${X509_VER}.diff.gz"
@@ -109,12 +109,14 @@ src_prepare() {
 	# this file.
 	cp version.h version.h.pristine
 
+	eapply "${FILESDIR}/${P}-warnings.patch"
+
 	# don't break .ssh/authorized_keys2 for fun
 	sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die
 
 	if use X509 ; then
 		if use hpn ; then
-			pushd "${WORKDIR}"/${HPN_PATCH%.*.*} >/dev/null
+			pushd "${WORKDIR}" >/dev/null
 			eapply "${FILESDIR}"/${P}-hpn-x509-${X509_VER}-glue.patch
 			popd >/dev/null
 		fi
@@ -324,4 +326,10 @@ pkg_postinst() {
 		elog "no longer support dss/rsa/ecdsa keys.  You will need to generate ed25519 keys"
 		elog "and update all clients/servers that utilize them."
 	fi
+
+	# remove this if aes-ctr-mt gets fixed
+	if use hpn; then
+		elog "The multithreaded AES-CTR cipher has been temporarily dropped from the HPN patch"
+		elog "set since it does not (yet) work with >=openssh-7.6p1."
+	fi
 }