From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 758EE1382C5 for ; Sat, 20 Jun 2020 07:47:59 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id C0A77E07DB; Sat, 20 Jun 2020 07:47:57 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 1810DE082D for ; Sat, 20 Jun 2020 07:47:57 +0000 (UTC) Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id D79EE34F41D for ; Sat, 20 Jun 2020 07:47:54 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id DD6F52A9 for ; Sat, 20 Jun 2020 07:47:52 +0000 (UTC) From: "Michał Górny" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Michał Górny" Message-ID: <1592638541.1c1928e63aa1756ef887f1375aa79fee58f3aee5.mgorny@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/files/ X-VCS-Repository: repo/gentoo X-VCS-Files: net-misc/openssh/files/openssh-8.1_p1-hpn-glue.patch net-misc/openssh/files/sshd.confd net-misc/openssh/files/sshd.initd net-misc/openssh/files/sshd.rc6.4 X-VCS-Directories: net-misc/openssh/files/ X-VCS-Committer: mgorny X-VCS-Committer-Name: Michał Górny X-VCS-Revision: 1c1928e63aa1756ef887f1375aa79fee58f3aee5 X-VCS-Branch: master Date: Sat, 20 Jun 2020 07:47:52 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 2c17be28-6fd2-4f29-8542-9f06f745e1a7 X-Archives-Hash: 4f13acb1c9ff06e746f95bd000852a99 commit: 1c1928e63aa1756ef887f1375aa79fee58f3aee5 Author: Michael Mair-Keimberger gmail com> AuthorDate: Sat Jun 20 07:23:54 2020 +0000 Commit: Michał Górny gentoo org> CommitDate: Sat Jun 20 07:35:41 2020 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1c1928e6 net-misc/openssh: remove unused patch and files Package-Manager: Portage-2.3.101, Repoman-2.3.22 Signed-off-by: Michael Mair-Keimberger gmail.com> Closes: https://github.com/gentoo/gentoo/pull/16335 Signed-off-by: Michał Górny gentoo.org> .../openssh/files/openssh-8.1_p1-hpn-glue.patch | 216 --------------------- net-misc/openssh/files/sshd.confd | 21 -- net-misc/openssh/files/sshd.initd | 89 --------- net-misc/openssh/files/sshd.rc6.4 | 84 -------- 4 files changed, 410 deletions(-) diff --git a/net-misc/openssh/files/openssh-8.1_p1-hpn-glue.patch b/net-misc/openssh/files/openssh-8.1_p1-hpn-glue.patch deleted file mode 100644 index 0ad814f95d8..00000000000 --- a/net-misc/openssh/files/openssh-8.1_p1-hpn-glue.patch +++ /dev/null @@ -1,216 +0,0 @@ -Only in b: .openssh-7_8_P1-hpn-AES-CTR-14.16.diff.un~ -Only in b: .openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff.un~ -diff -ru a/openssh-7_8_P1-hpn-AES-CTR-14.16.diff b/openssh-7_8_P1-hpn-AES-CTR-14.16.diff ---- a/openssh-7_8_P1-hpn-AES-CTR-14.16.diff 2019-10-10 13:48:31.513603947 -0700 -+++ b/openssh-7_8_P1-hpn-AES-CTR-14.16.diff 2019-10-10 13:50:15.012495676 -0700 -@@ -17,8 +17,8 @@ - canohost.o channels.o cipher.o cipher-aes.o cipher-aesctr.o \ - - cipher-ctr.o cleanup.o \ - + cipher-ctr.o cleanup.o cipher-ctr-mt.o \ -- compat.o crc32.o fatal.o hostfile.o \ -- log.o match.o moduli.o nchan.o packet.o opacket.o \ -+ compat.o fatal.o hostfile.o \ -+ log.o match.o moduli.o nchan.o packet.o \ - readpass.o ttymodes.o xmalloc.o addrmatch.o \ - diff --git a/cipher-ctr-mt.c b/cipher-ctr-mt.c - new file mode 100644 -@@ -998,7 +998,7 @@ - + * so we repoint the define to the multithreaded evp. To start the threads we - + * then force a rekey - + */ --+ const void *cc = ssh_packet_get_send_context(active_state); -++ const void *cc = ssh_packet_get_send_context(ssh); - + - + /* only do this for the ctr cipher. otherwise gcm mode breaks. Don't know why though */ - + if (strstr(cipher_ctx_name(cc), "ctr")) { -@@ -1028,7 +1028,7 @@ - + * so we repoint the define to the multithreaded evp. To start the threads we - + * then force a rekey - + */ --+ const void *cc = ssh_packet_get_send_context(active_state); -++ const void *cc = ssh_packet_get_send_context(ssh); - + - + /* only rekey if necessary. If we don't do this gcm mode cipher breaks */ - + if (strstr(cipher_ctx_name(cc), "ctr")) { -diff -ru a/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff b/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff ---- a/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff 2019-10-10 13:47:54.801642144 -0700 -+++ b/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff 2019-10-10 15:58:05.085803333 -0700 -@@ -162,24 +162,24 @@ - } - - +static int --+channel_tcpwinsz(void) -++channel_tcpwinsz(struct ssh *ssh) - +{ - + u_int32_t tcpwinsz = 0; - + socklen_t optsz = sizeof(tcpwinsz); - + int ret = -1; - + - + /* if we aren't on a socket return 128KB */ --+ if (!packet_connection_is_on_socket()) -++ if (!ssh_packet_connection_is_on_socket(ssh)) - + return 128 * 1024; - + --+ ret = getsockopt(packet_get_connection_in(), -++ ret = getsockopt(ssh_packet_get_connection_in(ssh), - + SOL_SOCKET, SO_RCVBUF, &tcpwinsz, &optsz); - + /* return no more than SSHBUF_SIZE_MAX (currently 256MB) */ - + if ((ret == 0) && tcpwinsz > SSHBUF_SIZE_MAX) - + tcpwinsz = SSHBUF_SIZE_MAX; - + - + debug2("tcpwinsz: tcp connection %d, Receive window: %d", --+ packet_get_connection_in(), tcpwinsz); -++ ssh_packet_get_connection_in(ssh), tcpwinsz); - + return tcpwinsz; - +} - + -@@ -191,7 +191,7 @@ - c->local_window < c->local_window_max/2) && - c->local_consumed > 0) { - + u_int addition = 0; --+ u_int32_t tcpwinsz = channel_tcpwinsz(); -++ u_int32_t tcpwinsz = channel_tcpwinsz(ssh); - + /* adjust max window size if we are in a dynamic environment */ - + if (c->dynamic_window && (tcpwinsz > c->local_window_max)) { - + /* grow the window somewhat aggressively to maintain pressure */ -@@ -409,18 +409,10 @@ - index dcf35e6..da4ced0 100644 - --- a/packet.c - +++ b/packet.c --@@ -920,6 +920,24 @@ ssh_set_newkeys(struct ssh *ssh, int mode) -+@@ -920,6 +920,16 @@ ssh_set_newkeys(struct ssh *ssh, int mode) - return 0; - } - --+/* this supports the forced rekeying required for the NONE cipher */ --+int rekey_requested = 0; --+void --+packet_request_rekeying(void) --+{ --+ rekey_requested = 1; --+} --+ - +/* used to determine if pre or post auth when rekeying for aes-ctr - + * and none cipher switch */ - +int -@@ -434,20 +426,6 @@ - #define MAX_PACKETS (1U<<31) - static int - ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len) --@@ -946,6 +964,13 @@ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len) -- if (state->p_send.packets == 0 && state->p_read.packets == 0) -- return 0; -- --+ /* used to force rekeying when called for by the none --+ * cipher switch methods -cjr */ --+ if (rekey_requested == 1) { --+ rekey_requested = 0; --+ return 1; --+ } --+ -- /* Time-based rekeying */ -- if (state->rekey_interval != 0 && -- (int64_t)state->rekey_time + state->rekey_interval <= monotime()) - diff --git a/packet.h b/packet.h - index 170203c..f4d9df2 100644 - --- a/packet.h -@@ -476,9 +454,9 @@ - /* Format of the configuration file: - - @@ -166,6 +167,8 @@ typedef enum { -- oHashKnownHosts, - oTunnel, oTunnelDevice, - oLocalCommand, oPermitLocalCommand, oRemoteCommand, -+ oDisableMTAES, - + oTcpRcvBufPoll, oTcpRcvBuf, oHPNDisabled, oHPNBufferSize, - + oNoneEnabled, oNoneSwitch, - oVisualHostKey, -@@ -615,9 +593,9 @@ - int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */ - SyslogFacility log_facility; /* Facility for system logging. */ - @@ -111,7 +115,10 @@ typedef struct { -- - int enable_ssh_keysign; - int64_t rekey_limit; -+ int disable_multithreaded; /*disable multithreaded aes-ctr*/ - + int none_switch; /* Use none cipher */ - + int none_enabled; /* Allow none to be used */ - int rekey_interval; -@@ -633,7 +611,7 @@ - off_t i, statbytes; - size_t amt, nr; - int fd = -1, haderr, indx; --- char *last, *name, buf[2048], encname[PATH_MAX]; -+- char *last, *name, buf[PATH_MAX + 128], encname[PATH_MAX]; - + char *last, *name, buf[16384], encname[PATH_MAX]; - int len; - -@@ -673,9 +651,9 @@ - /* Portable-specific options */ - if (options->use_pam == -1) - @@ -391,6 +400,43 @@ fill_default_server_options(ServerOptions *options) -- } -- if (options->permit_tun == -1) - options->permit_tun = SSH_TUNMODE_NO; -+ if (options->disable_multithreaded == -1) -+ options->disable_multithreaded = 0; - + if (options->none_enabled == -1) - + options->none_enabled = 0; - + if (options->hpn_disabled == -1) -@@ -1092,7 +1070,7 @@ - xxx_host = host; - xxx_hostaddr = hostaddr; - --@@ -412,6 +423,28 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host, -+@@ -412,6 +423,27 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host, - - if (!authctxt.success) - fatal("Authentication failed."); -@@ -1108,7 +1086,7 @@ - + memcpy(&myproposal, &myproposal_default, sizeof(myproposal)); - + myproposal[PROPOSAL_ENC_ALGS_STOC] = "none"; - + myproposal[PROPOSAL_ENC_ALGS_CTOS] = "none"; --+ kex_prop2buf(active_state->kex->my, myproposal); -++ kex_prop2buf(ssh->kex->my, myproposal); - + packet_request_rekeying(); - + fprintf(stderr, "WARNING: ENABLED NONE CIPHER\n"); - + } else { -@@ -1117,23 +1095,13 @@ - + fprintf(stderr, "NONE cipher switch disabled when a TTY is allocated\n"); - + } - + } --+ -- debug("Authentication succeeded (%s).", authctxt.method->name); -- } - -+ #ifdef WITH_OPENSSL -+ if (options.disable_multithreaded == 0) { - diff --git a/sshd.c b/sshd.c - index a738c3a..b32dbe0 100644 - --- a/sshd.c - +++ b/sshd.c --@@ -373,7 +373,7 @@ sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out) -- char remote_version[256]; /* Must be at least as big as buf. */ -- -- xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s\r\n", --- PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION, --+ PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE, -- *options.version_addendum == '\0' ? "" : " ", -- options.version_addendum); -- - @@ -1037,6 +1037,8 @@ listen_on_addrs(struct listenaddr *la) - int ret, listen_sock; - struct addrinfo *ai; -@@ -1217,11 +1185,10 @@ - index f1bbf00..21a70c2 100644 - --- a/version.h - +++ b/version.h --@@ -3,4 +3,6 @@ -+@@ -3,4 +3,5 @@ - #define SSH_VERSION "OpenSSH_7.8" - - #define SSH_PORTABLE "p1" - -#define SSH_RELEASE SSH_VERSION SSH_PORTABLE --+#define SSH_HPN "-hpn14v16" - +#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN - + diff --git a/net-misc/openssh/files/sshd.confd b/net-misc/openssh/files/sshd.confd deleted file mode 100644 index 28952b4a285..00000000000 --- a/net-misc/openssh/files/sshd.confd +++ /dev/null @@ -1,21 +0,0 @@ -# /etc/conf.d/sshd: config file for /etc/init.d/sshd - -# Where is your sshd_config file stored? - -SSHD_CONFDIR="/etc/ssh" - - -# Any random options you want to pass to sshd. -# See the sshd(8) manpage for more info. - -SSHD_OPTS="" - - -# Pid file to use (needs to be absolute path). - -#SSHD_PIDFILE="/var/run/sshd.pid" - - -# Path to the sshd binary (needs to be absolute path). - -#SSHD_BINARY="/usr/sbin/sshd" diff --git a/net-misc/openssh/files/sshd.initd b/net-misc/openssh/files/sshd.initd deleted file mode 100644 index c5df4693dbe..00000000000 --- a/net-misc/openssh/files/sshd.initd +++ /dev/null @@ -1,89 +0,0 @@ -#!/sbin/openrc-run -# Copyright 1999-2018 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -extra_commands="checkconfig" -extra_started_commands="reload" - -: ${SSHD_CONFDIR:=${RC_PREFIX%/}/etc/ssh} -: ${SSHD_CONFIG:=${SSHD_CONFDIR}/sshd_config} -: ${SSHD_PIDFILE:=${RC_PREFIX%/}/run/${SVCNAME}.pid} -: ${SSHD_BINARY:=${RC_PREFIX%/}/usr/sbin/sshd} -: ${SSHD_KEYGEN_BINARY:=${RC_PREFIX%/}/usr/bin/ssh-keygen} - -command="${SSHD_BINARY}" -pidfile="${SSHD_PIDFILE}" -command_args="${SSHD_OPTS} -o PidFile=${pidfile} -f ${SSHD_CONFIG}" - -# Wait one second (length chosen arbitrarily) to see if sshd actually -# creates a PID file, or if it crashes for some reason like not being -# able to bind to the address in ListenAddress (bug 617596). -: ${SSHD_SSD_OPTS:=--wait 1000} -start_stop_daemon_args="${SSHD_SSD_OPTS}" - -depend() { - # Entropy can be used by ssh-keygen, among other things, but - # is not strictly required (bug 470020). - use logger dns entropy - if [ "${rc_need+set}" = "set" ] ; then - : # Do nothing, the user has explicitly set rc_need - else - local x warn_addr - for x in $(awk '/^ListenAddress/{ print $2 }' "$SSHD_CONFIG" 2>/dev/null) ; do - case "${x}" in - 0.0.0.0|0.0.0.0:*) ;; - ::|\[::\]*) ;; - *) warn_addr="${warn_addr} ${x}" ;; - esac - done - if [ -n "${warn_addr}" ] ; then - need net - ewarn "You are binding an interface in ListenAddress statement in your sshd_config!" - ewarn "You must add rc_need=\"net.FOO\" to your ${RC_PREFIX%/}/etc/conf.d/sshd" - ewarn "where FOO is the interface(s) providing the following address(es):" - ewarn "${warn_addr}" - fi - fi -} - -checkconfig() { - checkpath --mode 0755 --directory "${RC_PREFIX%/}/var/empty" - - if [ ! -e "${SSHD_CONFIG}" ] ; then - eerror "You need an ${SSHD_CONFIG} file to run sshd" - eerror "There is a sample file in /usr/share/doc/openssh" - return 1 - fi - - ${SSHD_KEYGEN_BINARY} -A || return 2 - - "${command}" -t ${command_args} || return 3 -} - -start_pre() { - # If this isn't a restart, make sure that the user's config isn't - # busted before we try to start the daemon (this will produce - # better error messages than if we just try to start it blindly). - # - # If, on the other hand, this *is* a restart, then the stop_pre - # action will have ensured that the config is usable and we don't - # need to do that again. - if [ "${RC_CMD}" != "restart" ] ; then - checkconfig || return $? - fi -} - -stop_pre() { - # If this is a restart, check to make sure the user's config - # isn't busted before we stop the running daemon. - if [ "${RC_CMD}" = "restart" ] ; then - checkconfig || return $? - fi -} - -reload() { - checkconfig || return $? - ebegin "Reloading ${SVCNAME}" - start-stop-daemon --signal HUP --pidfile "${pidfile}" - eend $? -} diff --git a/net-misc/openssh/files/sshd.rc6.4 b/net-misc/openssh/files/sshd.rc6.4 deleted file mode 100644 index 5e301420361..00000000000 --- a/net-misc/openssh/files/sshd.rc6.4 +++ /dev/null @@ -1,84 +0,0 @@ -#!/sbin/openrc-run -# Copyright 1999-2015 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -extra_commands="checkconfig" -extra_started_commands="reload" - -: ${SSHD_CONFDIR:=/etc/ssh} -: ${SSHD_CONFIG:=${SSHD_CONFDIR}/sshd_config} -: ${SSHD_PIDFILE:=/var/run/${SVCNAME}.pid} -: ${SSHD_BINARY:=/usr/sbin/sshd} - -depend() { - use logger dns - if [ "${rc_need+set}" = "set" ] ; then - : # Do nothing, the user has explicitly set rc_need - else - local x warn_addr - for x in $(awk '/^ListenAddress/{ print $2 }' "$SSHD_CONFIG" 2>/dev/null) ; do - case "${x}" in - 0.0.0.0|0.0.0.0:*) ;; - ::|\[::\]*) ;; - *) warn_addr="${warn_addr} ${x}" ;; - esac - done - if [ -n "${warn_addr}" ] ; then - need net - ewarn "You are binding an interface in ListenAddress statement in your sshd_config!" - ewarn "You must add rc_need=\"net.FOO\" to your /etc/conf.d/sshd" - ewarn "where FOO is the interface(s) providing the following address(es):" - ewarn "${warn_addr}" - fi - fi -} - -checkconfig() { - if [ ! -d /var/empty ] ; then - mkdir -p /var/empty || return 1 - fi - - if [ ! -e "${SSHD_CONFIG}" ] ; then - eerror "You need an ${SSHD_CONFIG} file to run sshd" - eerror "There is a sample file in /usr/share/doc/openssh" - return 1 - fi - - ssh-keygen -A || return 1 - - [ "${SSHD_PIDFILE}" != "/var/run/sshd.pid" ] \ - && SSHD_OPTS="${SSHD_OPTS} -o PidFile=${SSHD_PIDFILE}" - [ "${SSHD_CONFIG}" != "/etc/ssh/sshd_config" ] \ - && SSHD_OPTS="${SSHD_OPTS} -f ${SSHD_CONFIG}" - - "${SSHD_BINARY}" -t ${SSHD_OPTS} || return 1 -} - -start() { - checkconfig || return 1 - - ebegin "Starting ${SVCNAME}" - start-stop-daemon --start --exec "${SSHD_BINARY}" \ - --pidfile "${SSHD_PIDFILE}" \ - -- ${SSHD_OPTS} - eend $? -} - -stop() { - if [ "${RC_CMD}" = "restart" ] ; then - checkconfig || return 1 - fi - - ebegin "Stopping ${SVCNAME}" - start-stop-daemon --stop --exec "${SSHD_BINARY}" \ - --pidfile "${SSHD_PIDFILE}" --quiet - eend $? -} - -reload() { - checkconfig || return 1 - ebegin "Reloading ${SVCNAME}" - start-stop-daemon --signal HUP \ - --exec "${SSHD_BINARY}" --pidfile "${SSHD_PIDFILE}" - eend $? -}