* [gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/files/
@ 2016-08-06 8:59 Mike Frysinger
0 siblings, 0 replies; 40+ messages in thread
From: Mike Frysinger @ 2016-08-06 8:59 UTC (permalink / raw
To: gentoo-commits
commit: e6076963fcabaed3aff9b469a20f54d3063ce575
Author: Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Sat Aug 6 08:58:15 2016 +0000
Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Sat Aug 6 08:58:31 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e6076963
net-misc/openssh: fix implicit prototype warning w/USE=kerberos #590382
net-misc/openssh/files/openssh-7.3_p1-GSSAPI-dns.patch | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/net-misc/openssh/files/openssh-7.3_p1-GSSAPI-dns.patch b/net-misc/openssh/files/openssh-7.3_p1-GSSAPI-dns.patch
index d6798e2..806b36d 100644
--- a/net-misc/openssh/files/openssh-7.3_p1-GSSAPI-dns.patch
+++ b/net-misc/openssh/files/openssh-7.3_p1-GSSAPI-dns.patch
@@ -82,15 +82,16 @@ https://bugzilla.mindrot.org/show_bug.cgi?id=1008
.Xr ssh 1
--- a/sshconnect2.c
+++ b/sshconnect2.c
-@@ -656,6 +656,12 @@
+@@ -656,6 +656,13 @@
static u_int mech = 0;
OM_uint32 min;
int ok = 0;
+ const char *gss_host;
+
-+ if (options.gss_trust_dns)
++ if (options.gss_trust_dns) {
++ extern const char *auth_get_canonical_hostname(struct ssh *ssh, int use_dns);
+ gss_host = auth_get_canonical_hostname(active_state, 1);
-+ else
++ } else
+ gss_host = authctxt->host;
/* Try one GSSAPI method at a time, rather than sending them all at
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/files/
@ 2016-09-07 1:12 Patrick McLean
0 siblings, 0 replies; 40+ messages in thread
From: Patrick McLean @ 2016-09-07 1:12 UTC (permalink / raw
To: gentoo-commits
commit: c93af501f1fb49d758bb8a606231238716f4f3b4
Author: Patrick McLean <chutzpah <AT> gentoo <DOT> org>
AuthorDate: Wed Sep 7 01:07:15 2016 +0000
Commit: Patrick McLean <chutzpah <AT> gentoo <DOT> org>
CommitDate: Wed Sep 7 01:12:03 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c93af501
net-misc/openssh: Update hpn update patch to add fix for deadlock
Package-Manager: portage-2.3.0
.../openssh/files/openssh-7.3_p1-hpn-update.patch | 39 ++++++++++++++++------
1 file changed, 28 insertions(+), 11 deletions(-)
diff --git a/net-misc/openssh/files/openssh-7.3_p1-hpn-update.patch b/net-misc/openssh/files/openssh-7.3_p1-hpn-update.patch
index 2c4cc50..cb11524 100644
--- a/net-misc/openssh/files/openssh-7.3_p1-hpn-update.patch
+++ b/net-misc/openssh/files/openssh-7.3_p1-hpn-update.patch
@@ -1,5 +1,5 @@
--- openssh-7_2_P2-hpn-14.10.diff.orig 2016-09-01 10:34:05.905112131 -0700
-+++ openssh-7_2_P2-hpn-14.10.diff 2016-09-01 11:33:19.106664802 -0700
++++ openssh-7_2_P2-hpn-14.10.diff 2016-09-06 17:34:54.903466727 -0700
@@ -156,145 +156,6 @@
compat.o crc32.o deattack.o fatal.o hostfile.o \
log.o match.o md-sha256.o moduli.o nchan.o packet.o opacket.o \
@@ -146,7 +146,24 @@
diff --git a/channels.c b/channels.c
index c9d2015..13b30a1 100644
--- a/channels.c
-@@ -1270,7 +1131,7 @@
+@@ -519,7 +380,7 @@
+ index 0000000..fdc9b2f
+ --- /dev/null
+ +++ b/cipher-ctr-mt.c
+-@@ -0,0 +1,533 @@
++@@ -0,0 +1,534 @@
+ +/*
+ + * OpenSSH Multi-threaded AES-CTR Cipher
+ + *
+@@ -893,6 +754,7 @@
+ + pthread_cond_wait(&q->cond, &q->lock);
+ + }
+ + q->qstate = KQDRAINING;
+++ pthread_cond_broadcast(&q->cond);
+ + pthread_mutex_unlock(&q->lock);
+ +
+ + /* Mark consumed queue empty and signal producers */
+@@ -1270,7 +1132,7 @@
#include "ssherr.h"
#include "sshbuf.h"
@@ -155,7 +172,7 @@
#include "digest.h"
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
-@@ -1312,8 +1173,8 @@
+@@ -1312,8 +1174,8 @@
+ */
+ if (ctos && !log_flag) {
+ logit("SSH: Server;Ltype: Kex;Remote: %s-%d;Enc: %s;MAC: %s;Comp: %s",
@@ -166,7 +183,7 @@
+ newkeys->enc.name,
+ authlen == 0 ? newkeys->mac.name : "<implicit>",
+ newkeys->comp.name);
-@@ -1430,7 +1291,7 @@
+@@ -1430,7 +1292,7 @@
+ rekey_requested = 0;
+ return 1;
+ }
@@ -175,7 +192,7 @@
/* Time-based rekeying */
if (state->rekey_interval != 0 &&
state->rekey_time + state->rekey_interval <= monotime())
-@@ -1490,7 +1351,7 @@
+@@ -1490,7 +1352,7 @@
transferred = *counter - (cur_pos ? cur_pos : start_pos);
cur_pos = *counter;
@@ -184,7 +201,7 @@
bytes_left = end_pos - cur_pos;
+ delta_pos = cur_pos - last_pos;
-@@ -1564,8 +1425,8 @@
+@@ -1564,8 +1426,8 @@
{ "canonicaldomains", oCanonicalDomains },
{ "canonicalizefallbacklocal", oCanonicalizeFallbackLocal },
@@ -282,6 +287,11 @@ static struct {
@@ -194,7 +211,7 @@
+ { "tcprcvbufpoll", oTcpRcvBufPoll },
+ { "tcprcvbuf", oTcpRcvBuf },
-@@ -1736,8 +1597,8 @@
+@@ -1736,8 +1598,8 @@
off_t size, statbytes;
unsigned long long ull;
int setimes, targisdir, wrerrno = 0;
@@ -205,7 +222,7 @@
struct timeval tv[2];
#define atime tv[0]
-@@ -1956,32 +1817,6 @@
+@@ -1956,32 +1818,6 @@
}
/*
@@ -238,7 +255,7 @@
@@ -1041,8 +1064,12 @@ server_request_tun(void)
sock = tun_open(tun, mode);
if (sock < 0)
-@@ -2372,10 +2207,10 @@
+@@ -2372,10 +2208,10 @@
debug("Client protocol version %d.%d; client software version %.100s",
remote_major, remote_minor, remote_version);
+ logit("SSH: Server;Ltype: Version;Remote: %s-%d;Protocol: %d.%d;Client: %.100s",
@@ -251,7 +268,7 @@
@@ -1160,6 +1163,8 @@ server_listen(void)
int ret, listen_sock, on = 1;
-@@ -2413,7 +2248,7 @@
+@@ -2413,7 +2249,7 @@
if (options.challenge_response_authentication)
options.kbd_interactive_authentication = 1;
@@ -2151,6 +2168,9 @@ main(int ac, char **av)
@@ -260,7 +277,7 @@
free(laddr);
+ /* set the HPN options for the child */
-@@ -2486,11 +2321,10 @@
+@@ -2486,11 +2322,10 @@
index eb4e948..3692722 100644
--- a/version.h
+++ b/version.h
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/files/
@ 2016-09-07 2:43 Patrick McLean
0 siblings, 0 replies; 40+ messages in thread
From: Patrick McLean @ 2016-09-07 2:43 UTC (permalink / raw
To: gentoo-commits
commit: 1687c28dae603160485d5aeaf5e9dbf1b5805cb6
Author: Patrick McLean <chutzpah <AT> gentoo <DOT> org>
AuthorDate: Wed Sep 7 02:43:18 2016 +0000
Commit: Patrick McLean <chutzpah <AT> gentoo <DOT> org>
CommitDate: Wed Sep 7 02:43:18 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1687c28d
net-misc/openssh: Update hpn patch in another attempt to fix the deadlock being seen on OSX
Package-Manager: portage-2.3.0
.../openssh/files/openssh-7.3_p1-hpn-update.patch | 43 +++++++++++++++-------
1 file changed, 30 insertions(+), 13 deletions(-)
diff --git a/net-misc/openssh/files/openssh-7.3_p1-hpn-update.patch b/net-misc/openssh/files/openssh-7.3_p1-hpn-update.patch
index cb11524..980a666 100644
--- a/net-misc/openssh/files/openssh-7.3_p1-hpn-update.patch
+++ b/net-misc/openssh/files/openssh-7.3_p1-hpn-update.patch
@@ -1,5 +1,5 @@
--- openssh-7_2_P2-hpn-14.10.diff.orig 2016-09-01 10:34:05.905112131 -0700
-+++ openssh-7_2_P2-hpn-14.10.diff 2016-09-06 17:34:54.903466727 -0700
++++ openssh-7_2_P2-hpn-14.10.diff 2016-09-06 19:35:24.308215237 -0700
@@ -156,145 +156,6 @@
compat.o crc32.o deattack.o fatal.o hostfile.o \
log.o match.o md-sha256.o moduli.o nchan.o packet.o opacket.o \
@@ -151,11 +151,28 @@
--- /dev/null
+++ b/cipher-ctr-mt.c
-@@ -0,0 +1,533 @@
-+@@ -0,0 +1,534 @@
++@@ -0,0 +1,535 @@
+/*
+ * OpenSSH Multi-threaded AES-CTR Cipher
+ *
-@@ -893,6 +754,7 @@
+@@ -790,6 +651,7 @@
+ + * can see that it's being filled.
+ + */
+ + q->qstate = KQFILLING;
+++ pthread_cond_broadcast(&q->cond);
+ + pthread_mutex_unlock(&q->lock);
+ + for (i = 0; i < KQLEN; i++) {
+ + AES_encrypt(q->ctr, q->keys[i], &key);
+@@ -801,7 +663,7 @@
+ + ssh_ctr_add(q->ctr, KQLEN * (NUMKQ - 1), AES_BLOCK_SIZE);
+ + q->qstate = KQFULL;
+ + STATS_FILL(stats);
+-+ pthread_cond_signal(&q->cond);
+++ pthread_cond_broadcast(&q->cond);
+ + pthread_mutex_unlock(&q->lock);
+ + }
+ +
+@@ -893,6 +755,7 @@
+ pthread_cond_wait(&q->cond, &q->lock);
+ }
+ q->qstate = KQDRAINING;
@@ -163,7 +180,7 @@
+ pthread_mutex_unlock(&q->lock);
+
+ /* Mark consumed queue empty and signal producers */
-@@ -1270,7 +1132,7 @@
+@@ -1270,7 +1133,7 @@
#include "ssherr.h"
#include "sshbuf.h"
@@ -172,7 +189,7 @@
#include "digest.h"
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
-@@ -1312,8 +1174,8 @@
+@@ -1312,8 +1175,8 @@
+ */
+ if (ctos && !log_flag) {
+ logit("SSH: Server;Ltype: Kex;Remote: %s-%d;Enc: %s;MAC: %s;Comp: %s",
@@ -183,7 +200,7 @@
+ newkeys->enc.name,
+ authlen == 0 ? newkeys->mac.name : "<implicit>",
+ newkeys->comp.name);
-@@ -1430,7 +1292,7 @@
+@@ -1430,7 +1293,7 @@
+ rekey_requested = 0;
+ return 1;
+ }
@@ -192,7 +209,7 @@
/* Time-based rekeying */
if (state->rekey_interval != 0 &&
state->rekey_time + state->rekey_interval <= monotime())
-@@ -1490,7 +1352,7 @@
+@@ -1490,7 +1353,7 @@
transferred = *counter - (cur_pos ? cur_pos : start_pos);
cur_pos = *counter;
@@ -201,7 +218,7 @@
bytes_left = end_pos - cur_pos;
+ delta_pos = cur_pos - last_pos;
-@@ -1564,8 +1426,8 @@
+@@ -1564,8 +1427,8 @@
{ "canonicaldomains", oCanonicalDomains },
{ "canonicalizefallbacklocal", oCanonicalizeFallbackLocal },
@@ -282,6 +287,11 @@ static struct {
@@ -211,7 +228,7 @@
+ { "tcprcvbufpoll", oTcpRcvBufPoll },
+ { "tcprcvbuf", oTcpRcvBuf },
-@@ -1736,8 +1598,8 @@
+@@ -1736,8 +1599,8 @@
off_t size, statbytes;
unsigned long long ull;
int setimes, targisdir, wrerrno = 0;
@@ -222,7 +239,7 @@
struct timeval tv[2];
#define atime tv[0]
-@@ -1956,32 +1818,6 @@
+@@ -1956,32 +1819,6 @@
}
/*
@@ -255,7 +272,7 @@
@@ -1041,8 +1064,12 @@ server_request_tun(void)
sock = tun_open(tun, mode);
if (sock < 0)
-@@ -2372,10 +2208,10 @@
+@@ -2372,10 +2209,10 @@
debug("Client protocol version %d.%d; client software version %.100s",
remote_major, remote_minor, remote_version);
+ logit("SSH: Server;Ltype: Version;Remote: %s-%d;Protocol: %d.%d;Client: %.100s",
@@ -268,7 +285,7 @@
@@ -1160,6 +1163,8 @@ server_listen(void)
int ret, listen_sock, on = 1;
-@@ -2413,7 +2249,7 @@
+@@ -2413,7 +2250,7 @@
if (options.challenge_response_authentication)
options.kbd_interactive_authentication = 1;
@@ -2151,6 +2168,9 @@ main(int ac, char **av)
@@ -277,7 +294,7 @@
free(laddr);
+ /* set the HPN options for the child */
-@@ -2486,11 +2322,10 @@
+@@ -2486,11 +2323,10 @@
index eb4e948..3692722 100644
--- a/version.h
+++ b/version.h
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/files/
@ 2016-09-07 4:54 Patrick McLean
0 siblings, 0 replies; 40+ messages in thread
From: Patrick McLean @ 2016-09-07 4:54 UTC (permalink / raw
To: gentoo-commits
commit: fdc9882838209d6a427031ad87a79fa18a443851
Author: Patrick McLean <chutzpah <AT> gentoo <DOT> org>
AuthorDate: Wed Sep 7 04:54:04 2016 +0000
Commit: Patrick McLean <chutzpah <AT> gentoo <DOT> org>
CommitDate: Wed Sep 7 04:54:23 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fdc98828
net-misc/openssh: Add a workaround to HPN for the OSX threading implemntation
The MT AES-CTR has a section of code that compares the currently running thread's
thread id with the first thread created. It seems on OSX, the first thread will
sometimes run before the thread ID is filled in (hence is zero), so this test
will fail, and the initialization code does not get run. This makes the test
also check if the thread ID of the first thread is 0, and run the initialization
code in that case as well.
Package-Manager: portage-2.3.0
net-misc/openssh/files/openssh-7.3_p1-hpn-update.patch | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/net-misc/openssh/files/openssh-7.3_p1-hpn-update.patch b/net-misc/openssh/files/openssh-7.3_p1-hpn-update.patch
index 980a666..8ae29e1 100644
--- a/net-misc/openssh/files/openssh-7.3_p1-hpn-update.patch
+++ b/net-misc/openssh/files/openssh-7.3_p1-hpn-update.patch
@@ -1,5 +1,5 @@
--- openssh-7_2_P2-hpn-14.10.diff.orig 2016-09-01 10:34:05.905112131 -0700
-+++ openssh-7_2_P2-hpn-14.10.diff 2016-09-06 19:35:24.308215237 -0700
++++ openssh-7_2_P2-hpn-14.10.diff 2016-09-06 21:49:35.583704017 -0700
@@ -156,145 +156,6 @@
compat.o crc32.o deattack.o fatal.o hostfile.o \
log.o match.o md-sha256.o moduli.o nchan.o packet.o opacket.o \
@@ -155,6 +155,15 @@
+/*
+ * OpenSSH Multi-threaded AES-CTR Cipher
+ *
+@@ -737,7 +598,7 @@
+ + * Handle the special case of startup, one thread must fill
+ + * the first KQ then mark it as draining. Lock held throughout.
+ + */
+-+ if (pthread_equal(pthread_self(), c->tid[0])) {
+++ if (pthread_equal(pthread_self(), c->tid[0]) || c->tid[0] == 0) {
+ + q = &c->q[0];
+ + pthread_mutex_lock(&q->lock);
+ + if (q->qstate == KQINIT) {
@@ -790,6 +651,7 @@
+ * can see that it's being filled.
+ */
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/files/
@ 2016-09-07 18:54 Patrick McLean
0 siblings, 0 replies; 40+ messages in thread
From: Patrick McLean @ 2016-09-07 18:54 UTC (permalink / raw
To: gentoo-commits
commit: 91bcfc117370caec4bb5cf52a163e5ee52962f6a
Author: Patrick McLean <chutzpah <AT> gentoo <DOT> org>
AuthorDate: Wed Sep 7 18:54:06 2016 +0000
Commit: Patrick McLean <chutzpah <AT> gentoo <DOT> org>
CommitDate: Wed Sep 7 18:54:06 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=91bcfc11
net-misc/openssh: Final fix for deadlocks in the CTR-MT cipher
Package-Manager: portage-2.3.0
.../openssh/files/openssh-7.3_p1-hpn-update.patch | 86 +++++++++++++++++-----
1 file changed, 69 insertions(+), 17 deletions(-)
diff --git a/net-misc/openssh/files/openssh-7.3_p1-hpn-update.patch b/net-misc/openssh/files/openssh-7.3_p1-hpn-update.patch
index 8ae29e1..34acd5d 100644
--- a/net-misc/openssh/files/openssh-7.3_p1-hpn-update.patch
+++ b/net-misc/openssh/files/openssh-7.3_p1-hpn-update.patch
@@ -1,5 +1,5 @@
--- openssh-7_2_P2-hpn-14.10.diff.orig 2016-09-01 10:34:05.905112131 -0700
-+++ openssh-7_2_P2-hpn-14.10.diff 2016-09-06 21:49:35.583704017 -0700
++++ openssh-7_2_P2-hpn-14.10.diff 2016-09-07 11:37:21.455870893 -0700
@@ -156,145 +156,6 @@
compat.o crc32.o deattack.o fatal.o hostfile.o \
log.o match.o md-sha256.o moduli.o nchan.o packet.o opacket.o \
@@ -151,20 +151,44 @@
--- /dev/null
+++ b/cipher-ctr-mt.c
-@@ -0,0 +1,533 @@
-+@@ -0,0 +1,535 @@
++@@ -0,0 +1,546 @@
+/*
+ * OpenSSH Multi-threaded AES-CTR Cipher
+ *
-@@ -737,7 +598,7 @@
+@@ -663,6 +524,7 @@
+ + STATS_STRUCT(stats);
+ + u_char aes_counter[AES_BLOCK_SIZE];
+ + pthread_t tid[CIPHER_THREADS];
+++ pthread_rwlock_t thread_lock;
+ + int state;
+ + int qidx;
+ + int ridx;
+@@ -723,6 +585,7 @@
+ + struct kq *q;
+ + int i;
+ + int qidx;
+++ pthread_t first_tid;
+ +
+ + /* Threads stats on cancellation */
+ + STATS_INIT(stats);
+@@ -733,11 +596,15 @@
+ + /* Thread local copy of AES key */
+ + memcpy(&key, &c->aes_ctx, sizeof(key));
+ +
+++ pthread_rwlock_rdlock(&c->thread_lock);
+++ first_tid = c->tid[0];
+++ pthread_rwlock_unlock(&c->thread_lock);
+++
+ + /*
+ * Handle the special case of startup, one thread must fill
+ * the first KQ then mark it as draining. Lock held throughout.
+ */
-+ if (pthread_equal(pthread_self(), c->tid[0])) {
-++ if (pthread_equal(pthread_self(), c->tid[0]) || c->tid[0] == 0) {
+++ if (pthread_equal(pthread_self(), first_tid)) {
+ q = &c->q[0];
+ pthread_mutex_lock(&q->lock);
+ if (q->qstate == KQINIT) {
-@@ -790,6 +651,7 @@
+@@ -790,6 +657,7 @@
+ * can see that it's being filled.
+ */
+ q->qstate = KQFILLING;
@@ -172,7 +196,7 @@
+ pthread_mutex_unlock(&q->lock);
+ for (i = 0; i < KQLEN; i++) {
+ AES_encrypt(q->ctr, q->keys[i], &key);
-@@ -801,7 +663,7 @@
+@@ -801,7 +669,7 @@
+ ssh_ctr_add(q->ctr, KQLEN * (NUMKQ - 1), AES_BLOCK_SIZE);
+ q->qstate = KQFULL;
+ STATS_FILL(stats);
@@ -181,7 +205,7 @@
+ pthread_mutex_unlock(&q->lock);
+ }
+
-@@ -893,6 +755,7 @@
+@@ -893,6 +761,7 @@
+ pthread_cond_wait(&q->cond, &q->lock);
+ }
+ q->qstate = KQDRAINING;
@@ -189,7 +213,35 @@
+ pthread_mutex_unlock(&q->lock);
+
+ /* Mark consumed queue empty and signal producers */
-@@ -1270,7 +1133,7 @@
+@@ -919,6 +788,7 @@
+ +
+ + if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) {
+ + c = xmalloc(sizeof(*c));
+++ pthread_rwlock_init(&c->thread_lock, NULL);
+ +
+ + c->state = HAVE_NONE;
+ + for (i = 0; i < NUMKQ; i++) {
+@@ -966,7 +836,9 @@
+ + /* Start threads */
+ + for (i = 0; i < CIPHER_THREADS; i++) {
+ + debug("spawned a thread");
+++ pthread_rwlock_wrlock(&c->thread_lock);
+ + pthread_create(&c->tid[i], NULL, thread_loop, c);
+++ pthread_rwlock_unlock(&c->thread_lock);
+ + }
+ + pthread_mutex_lock(&c->q[0].lock);
+ + while (c->q[0].qstate != KQDRAINING)
+@@ -1003,7 +875,9 @@
+ + /* reconstruct threads */
+ + for (i = 0; i < CIPHER_THREADS; i++) {
+ + debug("spawned a thread");
+++ pthread_rwlock_wrlock(&c->thread_lock);
+ + pthread_create(&c->tid[i], NULL, thread_loop, c);
+++ pthread_rwlock_unlock(&c->thread_lock);
+ + }
+ +}
+ +
+@@ -1270,7 +1144,7 @@
#include "ssherr.h"
#include "sshbuf.h"
@@ -198,7 +250,7 @@
#include "digest.h"
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
-@@ -1312,8 +1175,8 @@
+@@ -1312,8 +1186,8 @@
+ */
+ if (ctos && !log_flag) {
+ logit("SSH: Server;Ltype: Kex;Remote: %s-%d;Enc: %s;MAC: %s;Comp: %s",
@@ -209,7 +261,7 @@
+ newkeys->enc.name,
+ authlen == 0 ? newkeys->mac.name : "<implicit>",
+ newkeys->comp.name);
-@@ -1430,7 +1293,7 @@
+@@ -1430,7 +1304,7 @@
+ rekey_requested = 0;
+ return 1;
+ }
@@ -218,7 +270,7 @@
/* Time-based rekeying */
if (state->rekey_interval != 0 &&
state->rekey_time + state->rekey_interval <= monotime())
-@@ -1490,7 +1353,7 @@
+@@ -1490,7 +1364,7 @@
transferred = *counter - (cur_pos ? cur_pos : start_pos);
cur_pos = *counter;
@@ -227,7 +279,7 @@
bytes_left = end_pos - cur_pos;
+ delta_pos = cur_pos - last_pos;
-@@ -1564,8 +1427,8 @@
+@@ -1564,8 +1438,8 @@
{ "canonicaldomains", oCanonicalDomains },
{ "canonicalizefallbacklocal", oCanonicalizeFallbackLocal },
@@ -282,6 +287,11 @@ static struct {
@@ -237,7 +289,7 @@
+ { "tcprcvbufpoll", oTcpRcvBufPoll },
+ { "tcprcvbuf", oTcpRcvBuf },
-@@ -1736,8 +1599,8 @@
+@@ -1736,8 +1610,8 @@
off_t size, statbytes;
unsigned long long ull;
int setimes, targisdir, wrerrno = 0;
@@ -248,7 +300,7 @@
struct timeval tv[2];
#define atime tv[0]
-@@ -1956,32 +1819,6 @@
+@@ -1956,32 +1830,6 @@
}
/*
@@ -281,7 +333,7 @@
@@ -1041,8 +1064,12 @@ server_request_tun(void)
sock = tun_open(tun, mode);
if (sock < 0)
-@@ -2372,10 +2209,10 @@
+@@ -2372,10 +2220,10 @@
debug("Client protocol version %d.%d; client software version %.100s",
remote_major, remote_minor, remote_version);
+ logit("SSH: Server;Ltype: Version;Remote: %s-%d;Protocol: %d.%d;Client: %.100s",
@@ -294,7 +346,7 @@
@@ -1160,6 +1163,8 @@ server_listen(void)
int ret, listen_sock, on = 1;
-@@ -2413,7 +2250,7 @@
+@@ -2413,7 +2261,7 @@
if (options.challenge_response_authentication)
options.kbd_interactive_authentication = 1;
@@ -2151,6 +2168,9 @@ main(int ac, char **av)
@@ -303,7 +355,7 @@
free(laddr);
+ /* set the HPN options for the child */
-@@ -2486,11 +2323,10 @@
+@@ -2486,11 +2334,10 @@
index eb4e948..3692722 100644
--- a/version.h
+++ b/version.h
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/files/
@ 2016-09-08 0:28 Patrick McLean
0 siblings, 0 replies; 40+ messages in thread
From: Patrick McLean @ 2016-09-08 0:28 UTC (permalink / raw
To: gentoo-commits
commit: 409a0440e04084350282ede71068c5233ca57ce4
Author: Patrick McLean <chutzpah <AT> gentoo <DOT> org>
AuthorDate: Wed Sep 7 23:54:05 2016 +0000
Commit: Patrick McLean <chutzpah <AT> gentoo <DOT> org>
CommitDate: Thu Sep 8 00:25:50 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=409a0440
net-misc/openssh: Update patch to avoid hangs at exit
Package-Manager: portage-2.3.0
.../openssh/files/openssh-7.3_p1-hpn-update.patch | 50 ++++++++++++++++------
1 file changed, 37 insertions(+), 13 deletions(-)
diff --git a/net-misc/openssh/files/openssh-7.3_p1-hpn-update.patch b/net-misc/openssh/files/openssh-7.3_p1-hpn-update.patch
index e8d462c..873f62f 100644
--- a/net-misc/openssh/files/openssh-7.3_p1-hpn-update.patch
+++ b/net-misc/openssh/files/openssh-7.3_p1-hpn-update.patch
@@ -1,5 +1,5 @@
--- openssh-7_2_P2-hpn-14.10.diff.orig 2016-09-01 10:34:05.905112131 -0700
-+++ openssh-7_2_P2-hpn-14.10.diff 2016-09-07 15:13:59.267910872 -0700
++++ openssh-7_2_P2-hpn-14.10.diff 2016-09-07 17:24:04.937948083 -0700
@@ -156,145 +156,6 @@
compat.o crc32.o deattack.o fatal.o hostfile.o \
log.o match.o md-sha256.o moduli.o nchan.o packet.o opacket.o \
@@ -151,7 +151,7 @@
--- /dev/null
+++ b/cipher-ctr-mt.c
-@@ -0,0 +1,533 @@
-+@@ -0,0 +1,546 @@
++@@ -0,0 +1,556 @@
+/*
+ * OpenSSH Multi-threaded AES-CTR Cipher
+ *
@@ -235,7 +235,19 @@
+ pthread_cond_wait(&c->q[0].cond, &c->q[0].lock);
+ pthread_mutex_unlock(&c->q[0].lock);
+ }
-@@ -1003,7 +875,9 @@
+@@ -989,6 +861,11 @@
+ + for (i = 0; i < CIPHER_THREADS; i++) {
+ + pthread_cancel(c->tid[i]);
+ + }
+++ for (i = 0; i < NUMKQ; i++) {
+++ pthread_mutex_lock(&c->q[i].lock);
+++ pthread_cond_broadcast(&c->q[i].cond);
+++ pthread_mutex_unlock(&c->q[i].lock);
+++ }
+ + for (i = 0; i < CIPHER_THREADS; i++) {
+ + pthread_join(c->tid[i], NULL);
+ + }
+@@ -1003,7 +880,9 @@
+ /* reconstruct threads */
+ for (i = 0; i < CIPHER_THREADS; i++) {
+ debug("spawned a thread");
@@ -245,7 +257,19 @@
+ }
+}
+
-@@ -1270,7 +1144,7 @@
+@@ -1021,6 +900,11 @@
+ + /* Cancel pregen threads */
+ + for (i = 0; i < CIPHER_THREADS; i++)
+ + pthread_cancel(c->tid[i]);
+++ for (i = 0; i < NUMKQ; i++) {
+++ pthread_mutex_lock(&c->q[i].lock);
+++ pthread_cond_broadcast(&c->q[i].cond);
+++ pthread_mutex_unlock(&c->q[i].lock);
+++ }
+ + for (i = 0; i < CIPHER_THREADS; i++)
+ + pthread_join(c->tid[i], NULL);
+ +
+@@ -1270,7 +1154,7 @@
#include "ssherr.h"
#include "sshbuf.h"
@@ -254,7 +278,7 @@
#include "digest.h"
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
-@@ -1312,8 +1186,8 @@
+@@ -1312,8 +1196,8 @@
+ */
+ if (ctos && !log_flag) {
+ logit("SSH: Server;Ltype: Kex;Remote: %s-%d;Enc: %s;MAC: %s;Comp: %s",
@@ -265,7 +289,7 @@
+ newkeys->enc.name,
+ authlen == 0 ? newkeys->mac.name : "<implicit>",
+ newkeys->comp.name);
-@@ -1430,7 +1304,7 @@
+@@ -1430,7 +1314,7 @@
+ rekey_requested = 0;
+ return 1;
+ }
@@ -274,7 +298,7 @@
/* Time-based rekeying */
if (state->rekey_interval != 0 &&
state->rekey_time + state->rekey_interval <= monotime())
-@@ -1490,7 +1364,7 @@
+@@ -1490,7 +1374,7 @@
transferred = *counter - (cur_pos ? cur_pos : start_pos);
cur_pos = *counter;
@@ -283,7 +307,7 @@
bytes_left = end_pos - cur_pos;
+ delta_pos = cur_pos - last_pos;
-@@ -1564,8 +1438,8 @@
+@@ -1564,8 +1448,8 @@
{ "canonicaldomains", oCanonicalDomains },
{ "canonicalizefallbacklocal", oCanonicalizeFallbackLocal },
@@ -282,6 +287,11 @@ static struct {
@@ -293,7 +317,7 @@
+ { "tcprcvbufpoll", oTcpRcvBufPoll },
+ { "tcprcvbuf", oTcpRcvBuf },
-@@ -1736,8 +1610,8 @@
+@@ -1736,8 +1620,8 @@
off_t size, statbytes;
unsigned long long ull;
int setimes, targisdir, wrerrno = 0;
@@ -304,7 +328,7 @@
struct timeval tv[2];
#define atime tv[0]
-@@ -1956,32 +1830,6 @@
+@@ -1956,32 +1840,6 @@
}
/*
@@ -337,7 +361,7 @@
@@ -1041,8 +1064,12 @@ server_request_tun(void)
sock = tun_open(tun, mode);
if (sock < 0)
-@@ -2372,10 +2220,10 @@
+@@ -2372,10 +2230,10 @@
debug("Client protocol version %d.%d; client software version %.100s",
remote_major, remote_minor, remote_version);
+ logit("SSH: Server;Ltype: Version;Remote: %s-%d;Protocol: %d.%d;Client: %.100s",
@@ -350,7 +374,7 @@
@@ -1160,6 +1163,8 @@ server_listen(void)
int ret, listen_sock, on = 1;
-@@ -2413,7 +2261,7 @@
+@@ -2413,7 +2271,7 @@
if (options.challenge_response_authentication)
options.kbd_interactive_authentication = 1;
@@ -2151,6 +2168,9 @@ main(int ac, char **av)
@@ -359,7 +383,7 @@
free(laddr);
+ /* set the HPN options for the child */
-@@ -2486,11 +2334,10 @@
+@@ -2486,11 +2344,10 @@
index eb4e948..3692722 100644
--- a/version.h
+++ b/version.h
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/files/
@ 2016-09-08 18:49 Patrick McLean
0 siblings, 0 replies; 40+ messages in thread
From: Patrick McLean @ 2016-09-08 18:49 UTC (permalink / raw
To: gentoo-commits
commit: 0fc28fadcf076c94c8d25e4f7c18b9b13cd31b9c
Author: Patrick McLean <chutzpah <AT> gentoo <DOT> org>
AuthorDate: Thu Sep 8 18:49:09 2016 +0000
Commit: Patrick McLean <chutzpah <AT> gentoo <DOT> org>
CommitDate: Thu Sep 8 18:49:09 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0fc28fad
net-misc/openssh: Make hpn patch in 7.3_p1 reliable on all platforms
Package-Manager: portage-2.3.0
.../openssh/files/openssh-7.3_p1-hpn-update.patch | 168 ++++++++++++++++-----
1 file changed, 129 insertions(+), 39 deletions(-)
diff --git a/net-misc/openssh/files/openssh-7.3_p1-hpn-update.patch b/net-misc/openssh/files/openssh-7.3_p1-hpn-update.patch
index 873f62f..40c775b 100644
--- a/net-misc/openssh/files/openssh-7.3_p1-hpn-update.patch
+++ b/net-misc/openssh/files/openssh-7.3_p1-hpn-update.patch
@@ -1,5 +1,5 @@
--- openssh-7_2_P2-hpn-14.10.diff.orig 2016-09-01 10:34:05.905112131 -0700
-+++ openssh-7_2_P2-hpn-14.10.diff 2016-09-07 17:24:04.937948083 -0700
++++ openssh-7_2_P2-hpn-14.10.diff 2016-09-08 11:35:18.015979358 -0700
@@ -156,145 +156,6 @@
compat.o crc32.o deattack.o fatal.o hostfile.o \
log.o match.o md-sha256.o moduli.o nchan.o packet.o opacket.o \
@@ -151,19 +151,50 @@
--- /dev/null
+++ b/cipher-ctr-mt.c
-@@ -0,0 +1,533 @@
-+@@ -0,0 +1,556 @@
++@@ -0,0 +1,585 @@
+/*
+ * OpenSSH Multi-threaded AES-CTR Cipher
+ *
-@@ -663,6 +524,7 @@
+@@ -649,7 +510,7 @@
+ + u_char keys[KQLEN][AES_BLOCK_SIZE];
+ + u_char ctr[AES_BLOCK_SIZE];
+ + u_char pad0[CACHELINE_LEN];
+-+ volatile int qstate;
+++ int qstate;
+ + pthread_mutex_t lock;
+ + pthread_cond_t cond;
+ + u_char pad1[CACHELINE_LEN];
+@@ -663,6 +524,9 @@
+ STATS_STRUCT(stats);
+ u_char aes_counter[AES_BLOCK_SIZE];
+ pthread_t tid[CIPHER_THREADS];
-++ pthread_rwlock_t thread_lock;
+++ pthread_rwlock_t tid_lock;
+++ pthread_rwlock_t stop_lock;
+++ int exit_flag;
+ int state;
+ int qidx;
+ int ridx;
-@@ -723,6 +585,7 @@
+@@ -709,6 +573,19 @@
+ + pthread_mutex_unlock((pthread_mutex_t *)x);
+ +}
+ +
+++static void
+++thread_loop_check_exit(struct ssh_aes_ctr_ctx *c)
+++{
+++ int exit_flag;
+++
+++ pthread_rwlock_rdlock(&c->stop_lock);
+++ exit_flag = c->exit_flag;
+++ pthread_rwlock_unlock(&c->stop_lock);
+++
+++ if (exit_flag == TRUE)
+++ pthread_exit(NULL);
+++}
+++
+ +/*
+ + * The life of a pregen thread:
+ + * Find empty keystream queues and fill them using their counter.
+@@ -723,6 +600,7 @@
+ struct kq *q;
+ int i;
+ int qidx;
@@ -171,13 +202,13 @@
+
+ /* Threads stats on cancellation */
+ STATS_INIT(stats);
-@@ -733,11 +596,15 @@
+@@ -733,11 +611,15 @@
+ /* Thread local copy of AES key */
+ memcpy(&key, &c->aes_ctx, sizeof(key));
+
-++ pthread_rwlock_rdlock(&c->thread_lock);
+++ pthread_rwlock_rdlock(&c->tid_lock);
++ first_tid = c->tid[0];
-++ pthread_rwlock_unlock(&c->thread_lock);
+++ pthread_rwlock_unlock(&c->tid_lock);
++
+ /*
+ * Handle the special case of startup, one thread must fill
@@ -188,7 +219,26 @@
+ q = &c->q[0];
+ pthread_mutex_lock(&q->lock);
+ if (q->qstate == KQINIT) {
-@@ -790,6 +657,7 @@
+@@ -764,8 +646,8 @@
+ + * others will move on to fill, skip, or wait on the next queue.
+ + */
+ + for (qidx = 1;; qidx = (qidx + 1) % NUMKQ) {
+-+ /* Check if I was cancelled, also checked in cond_wait */
+-+ pthread_testcancel();
+++ /* Check if we should exit */
+++ thread_loop_check_exit(c);
+ +
+ + /* Lock queue and block if its draining */
+ + q = &c->q[qidx];
+@@ -773,6 +655,7 @@
+ + pthread_cleanup_push(thread_loop_cleanup, &q->lock);
+ + while (q->qstate == KQDRAINING || q->qstate == KQINIT) {
+ + STATS_WAIT(stats);
+++ thread_loop_check_exit(c);
+ + pthread_cond_wait(&q->cond, &q->lock);
+ + }
+ + pthread_cleanup_pop(0);
+@@ -790,6 +673,7 @@
+ * can see that it's being filled.
+ */
+ q->qstate = KQFILLING;
@@ -196,7 +246,7 @@
+ pthread_mutex_unlock(&q->lock);
+ for (i = 0; i < KQLEN; i++) {
+ AES_encrypt(q->ctr, q->keys[i], &key);
-@@ -801,7 +669,7 @@
+@@ -801,7 +685,7 @@
+ ssh_ctr_add(q->ctr, KQLEN * (NUMKQ - 1), AES_BLOCK_SIZE);
+ q->qstate = KQFULL;
+ STATS_FILL(stats);
@@ -205,7 +255,7 @@
+ pthread_mutex_unlock(&q->lock);
+ }
+
-@@ -893,6 +761,7 @@
+@@ -893,6 +777,7 @@
+ pthread_cond_wait(&q->cond, &q->lock);
+ }
+ q->qstate = KQDRAINING;
@@ -213,21 +263,46 @@
+ pthread_mutex_unlock(&q->lock);
+
+ /* Mark consumed queue empty and signal producers */
-@@ -919,6 +788,7 @@
+@@ -919,6 +804,9 @@
+
+ if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) {
+ c = xmalloc(sizeof(*c));
-++ pthread_rwlock_init(&c->thread_lock, NULL);
+++ pthread_rwlock_init(&c->tid_lock, NULL);
+++ pthread_rwlock_init(&c->stop_lock, NULL);
+++ c->exit_flag = FALSE;
+
+ c->state = HAVE_NONE;
+ for (i = 0; i < NUMKQ; i++) {
-@@ -966,10 +836,12 @@
+@@ -931,11 +819,19 @@
+ + }
+ +
+ + if (c->state == (HAVE_KEY | HAVE_IV)) {
+-+ /* Cancel pregen threads */
+-+ for (i = 0; i < CIPHER_THREADS; i++)
+-+ pthread_cancel(c->tid[i]);
+++ /* tell the pregen threads to exit */
+++ pthread_rwlock_wrlock(&c->stop_lock);
+++ c->exit_flag = TRUE;
+++ pthread_rwlock_unlock(&c->stop_lock);
+++
+++ for (i = 0; i < NUMKQ; i++) {
+++ pthread_mutex_lock(&c->q[i].lock);
+++ pthread_cond_broadcast(&c->q[i].cond);
+++ pthread_mutex_unlock(&c->q[i].lock);
+++ }
+ + for (i = 0; i < CIPHER_THREADS; i++)
+ + pthread_join(c->tid[i], NULL);
+++
+ + /* Start over getting key & iv */
+ + c->state = HAVE_NONE;
+ + }
+@@ -966,10 +862,12 @@
+ /* Start threads */
+ for (i = 0; i < CIPHER_THREADS; i++) {
+ debug("spawned a thread");
-++ pthread_rwlock_wrlock(&c->thread_lock);
+++ pthread_rwlock_wrlock(&c->tid_lock);
+ pthread_create(&c->tid[i], NULL, thread_loop, c);
-++ pthread_rwlock_unlock(&c->thread_lock);
+++ pthread_rwlock_unlock(&c->tid_lock);
+ }
+ pthread_mutex_lock(&c->q[0].lock);
-+ while (c->q[0].qstate != KQDRAINING)
@@ -235,32 +310,47 @@
+ pthread_cond_wait(&c->q[0].cond, &c->q[0].lock);
+ pthread_mutex_unlock(&c->q[0].lock);
+ }
-@@ -989,6 +861,11 @@
- + for (i = 0; i < CIPHER_THREADS; i++) {
- + pthread_cancel(c->tid[i]);
- + }
+@@ -985,9 +883,15 @@
+ + struct ssh_aes_ctr_ctx *c;
+ + int i;
+ + c = EVP_CIPHER_CTX_get_app_data(ctx);
+-+ /* destroy threads */
+-+ for (i = 0; i < CIPHER_THREADS; i++) {
+-+ pthread_cancel(c->tid[i]);
+++ /* notify threads that they should exit */
+++ pthread_rwlock_wrlock(&c->stop_lock);
+++ c->exit_flag = TRUE;
+++ pthread_rwlock_unlock(&c->stop_lock);
+++
++ for (i = 0; i < NUMKQ; i++) {
++ pthread_mutex_lock(&c->q[i].lock);
++ pthread_cond_broadcast(&c->q[i].cond);
++ pthread_mutex_unlock(&c->q[i].lock);
-++ }
+ + }
+ for (i = 0; i < CIPHER_THREADS; i++) {
+ pthread_join(c->tid[i], NULL);
- + }
-@@ -1003,7 +880,9 @@
+@@ -1003,7 +907,9 @@
+ /* reconstruct threads */
+ for (i = 0; i < CIPHER_THREADS; i++) {
+ debug("spawned a thread");
-++ pthread_rwlock_wrlock(&c->thread_lock);
+++ pthread_rwlock_wrlock(&c->tid_lock);
+ pthread_create(&c->tid[i], NULL, thread_loop, c);
-++ pthread_rwlock_unlock(&c->thread_lock);
+++ pthread_rwlock_unlock(&c->tid_lock);
+ }
+}
+
-@@ -1021,6 +900,11 @@
- + /* Cancel pregen threads */
- + for (i = 0; i < CIPHER_THREADS; i++)
- + pthread_cancel(c->tid[i]);
+@@ -1018,9 +924,16 @@
+ + debug("main thread: %u drains, %u waits", c->stats.drains,
+ + c->stats.waits);
+ +#endif
+-+ /* Cancel pregen threads */
+-+ for (i = 0; i < CIPHER_THREADS; i++)
+-+ pthread_cancel(c->tid[i]);
+++ /* tell the pregen threads to exit */
+++ pthread_rwlock_wrlock(&c->stop_lock);
+++ c->exit_flag = TRUE;
+++ pthread_rwlock_unlock(&c->stop_lock);
+++
++ for (i = 0; i < NUMKQ; i++) {
++ pthread_mutex_lock(&c->q[i].lock);
++ pthread_cond_broadcast(&c->q[i].cond);
@@ -269,7 +359,7 @@
+ for (i = 0; i < CIPHER_THREADS; i++)
+ pthread_join(c->tid[i], NULL);
+
-@@ -1270,7 +1154,7 @@
+@@ -1270,7 +1183,7 @@
#include "ssherr.h"
#include "sshbuf.h"
@@ -278,7 +368,7 @@
#include "digest.h"
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
-@@ -1312,8 +1196,8 @@
+@@ -1312,8 +1225,8 @@
+ */
+ if (ctos && !log_flag) {
+ logit("SSH: Server;Ltype: Kex;Remote: %s-%d;Enc: %s;MAC: %s;Comp: %s",
@@ -289,7 +379,7 @@
+ newkeys->enc.name,
+ authlen == 0 ? newkeys->mac.name : "<implicit>",
+ newkeys->comp.name);
-@@ -1430,7 +1314,7 @@
+@@ -1430,7 +1343,7 @@
+ rekey_requested = 0;
+ return 1;
+ }
@@ -298,7 +388,7 @@
/* Time-based rekeying */
if (state->rekey_interval != 0 &&
state->rekey_time + state->rekey_interval <= monotime())
-@@ -1490,7 +1374,7 @@
+@@ -1490,7 +1403,7 @@
transferred = *counter - (cur_pos ? cur_pos : start_pos);
cur_pos = *counter;
@@ -307,7 +397,7 @@
bytes_left = end_pos - cur_pos;
+ delta_pos = cur_pos - last_pos;
-@@ -1564,8 +1448,8 @@
+@@ -1564,8 +1477,8 @@
{ "canonicaldomains", oCanonicalDomains },
{ "canonicalizefallbacklocal", oCanonicalizeFallbackLocal },
@@ -282,6 +287,11 @@ static struct {
@@ -317,7 +407,7 @@
+ { "tcprcvbufpoll", oTcpRcvBufPoll },
+ { "tcprcvbuf", oTcpRcvBuf },
-@@ -1736,8 +1620,8 @@
+@@ -1736,8 +1649,8 @@
off_t size, statbytes;
unsigned long long ull;
int setimes, targisdir, wrerrno = 0;
@@ -328,7 +418,7 @@
struct timeval tv[2];
#define atime tv[0]
-@@ -1956,32 +1840,6 @@
+@@ -1956,32 +1869,6 @@
}
/*
@@ -361,7 +451,7 @@
@@ -1041,8 +1064,12 @@ server_request_tun(void)
sock = tun_open(tun, mode);
if (sock < 0)
-@@ -2372,10 +2230,10 @@
+@@ -2372,10 +2259,10 @@
debug("Client protocol version %d.%d; client software version %.100s",
remote_major, remote_minor, remote_version);
+ logit("SSH: Server;Ltype: Version;Remote: %s-%d;Protocol: %d.%d;Client: %.100s",
@@ -374,7 +464,7 @@
@@ -1160,6 +1163,8 @@ server_listen(void)
int ret, listen_sock, on = 1;
-@@ -2413,7 +2271,7 @@
+@@ -2413,7 +2300,7 @@
if (options.challenge_response_authentication)
options.kbd_interactive_authentication = 1;
@@ -2151,6 +2168,9 @@ main(int ac, char **av)
@@ -383,7 +473,7 @@
free(laddr);
+ /* set the HPN options for the child */
-@@ -2486,11 +2344,10 @@
+@@ -2486,11 +2373,10 @@
index eb4e948..3692722 100644
--- a/version.h
+++ b/version.h
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/files/
@ 2016-09-09 6:43 Patrick McLean
0 siblings, 0 replies; 40+ messages in thread
From: Patrick McLean @ 2016-09-09 6:43 UTC (permalink / raw
To: gentoo-commits
commit: 3472fc87566576da097be49d35da77fe5ab4e760
Author: Patrick McLean <chutzpah <AT> gentoo <DOT> org>
AuthorDate: Fri Sep 9 06:42:39 2016 +0000
Commit: Patrick McLean <chutzpah <AT> gentoo <DOT> org>
CommitDate: Fri Sep 9 06:43:14 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3472fc87
net-misc/openssh: Update the ctr-mt patch to the final version upstream
Package-Manager: portage-2.3.0
...ssh-7.3_p1-hpn-cipher-ctr-mt-no-deadlocks.patch | 157 ++++++++++++---------
1 file changed, 92 insertions(+), 65 deletions(-)
diff --git a/net-misc/openssh/files/openssh-7.3_p1-hpn-cipher-ctr-mt-no-deadlocks.patch b/net-misc/openssh/files/openssh-7.3_p1-hpn-cipher-ctr-mt-no-deadlocks.patch
index cac4406..19bd08b 100644
--- a/net-misc/openssh/files/openssh-7.3_p1-hpn-cipher-ctr-mt-no-deadlocks.patch
+++ b/net-misc/openssh/files/openssh-7.3_p1-hpn-cipher-ctr-mt-no-deadlocks.patch
@@ -1,5 +1,5 @@
diff --git a/cipher-ctr-mt.c b/cipher-ctr-mt.c
-index fdc9b2f..0b35881 100644
+index fdc9b2f..3ffe6d1 100644
--- a/cipher-ctr-mt.c
+++ b/cipher-ctr-mt.c
@@ -127,7 +127,7 @@ struct kq {
@@ -11,23 +11,27 @@ index fdc9b2f..0b35881 100644
pthread_mutex_t lock;
pthread_cond_t cond;
u_char pad1[CACHELINE_LEN];
-@@ -141,6 +141,9 @@ struct ssh_aes_ctr_ctx
+@@ -141,6 +141,11 @@ struct ssh_aes_ctr_ctx
STATS_STRUCT(stats);
u_char aes_counter[AES_BLOCK_SIZE];
pthread_t tid[CIPHER_THREADS];
+ pthread_rwlock_t tid_lock;
++#ifdef __APPLE__
+ pthread_rwlock_t stop_lock;
+ int exit_flag;
++#endif /* __APPLE__ */
int state;
int qidx;
int ridx;
-@@ -187,6 +190,23 @@ thread_loop_cleanup(void *x)
+@@ -187,6 +192,57 @@ thread_loop_cleanup(void *x)
pthread_mutex_unlock((pthread_mutex_t *)x);
}
++#ifdef __APPLE__
+/* Check if we should exit, we are doing both cancel and exit condition
-+ * since OSX seems to misbehave with cancel sometimes, so we want to have
-+ * a backup to make sure that everything exits properly
++ * since on OSX threads seem to occasionally fail to notice when they have
++ * been cancelled. We want to have a backup to make sure that we won't hang
++ * when the main process join()-s the cancelled thread.
+ */
+static void
+thread_loop_check_exit(struct ssh_aes_ctr_ctx *c)
@@ -38,14 +42,46 @@ index fdc9b2f..0b35881 100644
+ exit_flag = c->exit_flag;
+ pthread_rwlock_unlock(&c->stop_lock);
+
-+ if (exit_flag == TRUE)
++ if (exit_flag)
+ pthread_exit(NULL);
+}
++#else
++# define thread_loop_check_exit(s)
++#endif /* __APPLE__ */
++
++/*
++ * Helper function to terminate the helper threads
++ */
++static void
++stop_and_join_pregen_threads(struct ssh_aes_ctr_ctx *c)
++{
++ int i;
++
++#ifdef __APPLE__
++ /* notify threads that they should exit */
++ pthread_rwlock_wrlock(&c->stop_lock);
++ c->exit_flag = TRUE;
++ pthread_rwlock_unlock(&c->stop_lock);
++#endif /* __APPLE__ */
++
++ /* Cancel pregen threads */
++ for (i = 0; i < CIPHER_THREADS; i++) {
++ pthread_cancel(c->tid[i]);
++ }
++ for (i = 0; i < NUMKQ; i++) {
++ pthread_mutex_lock(&c->q[i].lock);
++ pthread_cond_broadcast(&c->q[i].cond);
++ pthread_mutex_unlock(&c->q[i].lock);
++ }
++ for (i = 0; i < CIPHER_THREADS; i++) {
++ pthread_join(c->tid[i], NULL);
++ }
++}
+
/*
* The life of a pregen thread:
* Find empty keystream queues and fill them using their counter.
-@@ -201,6 +221,7 @@ thread_loop(void *x)
+@@ -201,6 +257,7 @@ thread_loop(void *x)
struct kq *q;
int i;
int qidx;
@@ -53,7 +89,7 @@ index fdc9b2f..0b35881 100644
/* Threads stats on cancellation */
STATS_INIT(stats);
-@@ -211,11 +232,15 @@ thread_loop(void *x)
+@@ -211,11 +268,15 @@ thread_loop(void *x)
/* Thread local copy of AES key */
memcpy(&key, &c->aes_ctx, sizeof(key));
@@ -70,7 +106,7 @@ index fdc9b2f..0b35881 100644
q = &c->q[0];
pthread_mutex_lock(&q->lock);
if (q->qstate == KQINIT) {
-@@ -245,12 +270,16 @@ thread_loop(void *x)
+@@ -245,12 +306,16 @@ thread_loop(void *x)
/* Check if I was cancelled, also checked in cond_wait */
pthread_testcancel();
@@ -87,7 +123,7 @@ index fdc9b2f..0b35881 100644
pthread_cond_wait(&q->cond, &q->lock);
}
pthread_cleanup_pop(0);
-@@ -268,6 +297,7 @@ thread_loop(void *x)
+@@ -268,6 +333,7 @@ thread_loop(void *x)
* can see that it's being filled.
*/
q->qstate = KQFILLING;
@@ -95,7 +131,7 @@ index fdc9b2f..0b35881 100644
pthread_mutex_unlock(&q->lock);
for (i = 0; i < KQLEN; i++) {
AES_encrypt(q->ctr, q->keys[i], &key);
-@@ -279,7 +309,7 @@ thread_loop(void *x)
+@@ -279,7 +345,7 @@ thread_loop(void *x)
ssh_ctr_add(q->ctr, KQLEN * (NUMKQ - 1), AES_BLOCK_SIZE);
q->qstate = KQFULL;
STATS_FILL(stats);
@@ -104,7 +140,7 @@ index fdc9b2f..0b35881 100644
pthread_mutex_unlock(&q->lock);
}
-@@ -371,6 +401,7 @@ ssh_aes_ctr(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src,
+@@ -371,6 +437,7 @@ ssh_aes_ctr(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src,
pthread_cond_wait(&q->cond, &q->lock);
}
q->qstate = KQDRAINING;
@@ -112,40 +148,34 @@ index fdc9b2f..0b35881 100644
pthread_mutex_unlock(&q->lock);
/* Mark consumed queue empty and signal producers */
-@@ -397,6 +428,9 @@ ssh_aes_ctr_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
+@@ -397,6 +464,11 @@ ssh_aes_ctr_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) {
c = xmalloc(sizeof(*c));
+ pthread_rwlock_init(&c->tid_lock, NULL);
++#ifdef __APPLE__
+ pthread_rwlock_init(&c->stop_lock, NULL);
+ c->exit_flag = FALSE;
++#endif /* __APPLE__ */
c->state = HAVE_NONE;
for (i = 0; i < NUMKQ; i++) {
-@@ -409,11 +443,22 @@ ssh_aes_ctr_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
+@@ -409,11 +481,9 @@ ssh_aes_ctr_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
}
if (c->state == (HAVE_KEY | HAVE_IV)) {
+- /* Cancel pregen threads */
+- for (i = 0; i < CIPHER_THREADS; i++)
+- pthread_cancel(c->tid[i]);
+- for (i = 0; i < CIPHER_THREADS; i++)
+- pthread_join(c->tid[i], NULL);
+ /* tell the pregen threads to exit */
-+ pthread_rwlock_wrlock(&c->stop_lock);
-+ c->exit_flag = TRUE;
-+ pthread_rwlock_unlock(&c->stop_lock);
-+
- /* Cancel pregen threads */
- for (i = 0; i < CIPHER_THREADS; i++)
- pthread_cancel(c->tid[i]);
-+ for (i = 0; i < NUMKQ; i++) {
-+ pthread_mutex_lock(&c->q[i].lock);
-+ pthread_cond_broadcast(&c->q[i].cond);
-+ pthread_mutex_unlock(&c->q[i].lock);
-+ }
- for (i = 0; i < CIPHER_THREADS; i++)
- pthread_join(c->tid[i], NULL);
++ stop_and_join_pregen_threads(c);
+
/* Start over getting key & iv */
c->state = HAVE_NONE;
}
-@@ -444,10 +489,12 @@ ssh_aes_ctr_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
+@@ -444,10 +514,12 @@ ssh_aes_ctr_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
/* Start threads */
for (i = 0; i < CIPHER_THREADS; i++) {
debug("spawned a thread");
@@ -159,29 +189,26 @@ index fdc9b2f..0b35881 100644
pthread_cond_wait(&c->q[0].cond, &c->q[0].lock);
pthread_mutex_unlock(&c->q[0].lock);
}
-@@ -463,10 +510,21 @@ ssh_aes_ctr_thread_destroy(EVP_CIPHER_CTX *ctx)
+@@ -461,15 +533,10 @@ void
+ ssh_aes_ctr_thread_destroy(EVP_CIPHER_CTX *ctx)
+ {
struct ssh_aes_ctr_ctx *c;
- int i;
- c = EVP_CIPHER_CTX_get_app_data(ctx);
+- int i;
+
-+ /* notify threads that they should exit */
-+ pthread_rwlock_wrlock(&c->stop_lock);
-+ c->exit_flag = TRUE;
-+ pthread_rwlock_unlock(&c->stop_lock);
+ c = EVP_CIPHER_CTX_get_app_data(ctx);
+- /* destroy threads */
+- for (i = 0; i < CIPHER_THREADS; i++) {
+- pthread_cancel(c->tid[i]);
+- }
+- for (i = 0; i < CIPHER_THREADS; i++) {
+- pthread_join(c->tid[i], NULL);
+- }
+
- /* destroy threads */
- for (i = 0; i < CIPHER_THREADS; i++) {
- pthread_cancel(c->tid[i]);
- }
-+ for (i = 0; i < NUMKQ; i++) {
-+ pthread_mutex_lock(&c->q[i].lock);
-+ pthread_cond_broadcast(&c->q[i].cond);
-+ pthread_mutex_unlock(&c->q[i].lock);
-+ }
- for (i = 0; i < CIPHER_THREADS; i++) {
- pthread_join(c->tid[i], NULL);
- }
-@@ -481,7 +539,9 @@ ssh_aes_ctr_thread_reconstruction(EVP_CIPHER_CTX *ctx)
++ stop_and_join_pregen_threads(c);
+ }
+
+ void
+@@ -481,7 +548,9 @@ ssh_aes_ctr_thread_reconstruction(EVP_CIPHER_CTX *ctx)
/* reconstruct threads */
for (i = 0; i < CIPHER_THREADS; i++) {
debug("spawned a thread");
@@ -191,23 +218,23 @@ index fdc9b2f..0b35881 100644
}
}
-@@ -496,9 +556,19 @@ ssh_aes_ctr_cleanup(EVP_CIPHER_CTX *ctx)
+@@ -489,18 +558,13 @@ static int
+ ssh_aes_ctr_cleanup(EVP_CIPHER_CTX *ctx)
+ {
+ struct ssh_aes_ctr_ctx *c;
+- int i;
+
+ if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) {
+ #ifdef CIPHER_THREAD_STATS
debug("main thread: %u drains, %u waits", c->stats.drains,
c->stats.waits);
#endif
-+ /* tell the pregen threads to exit */
-+ pthread_rwlock_wrlock(&c->stop_lock);
-+ c->exit_flag = TRUE;
-+ pthread_rwlock_unlock(&c->stop_lock);
-+
- /* Cancel pregen threads */
- for (i = 0; i < CIPHER_THREADS; i++)
- pthread_cancel(c->tid[i]);
-+ for (i = 0; i < NUMKQ; i++) {
-+ pthread_mutex_lock(&c->q[i].lock);
-+ pthread_cond_broadcast(&c->q[i].cond);
-+ pthread_mutex_unlock(&c->q[i].lock);
-+ }
- for (i = 0; i < CIPHER_THREADS; i++)
- pthread_join(c->tid[i], NULL);
+- /* Cancel pregen threads */
+- for (i = 0; i < CIPHER_THREADS; i++)
+- pthread_cancel(c->tid[i]);
+- for (i = 0; i < CIPHER_THREADS; i++)
+- pthread_join(c->tid[i], NULL);
++ stop_and_join_pregen_threads(c);
+ memset(c, 0, sizeof(*c));
+ free(c);
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/files/
@ 2016-09-09 17:20 Patrick McLean
0 siblings, 0 replies; 40+ messages in thread
From: Patrick McLean @ 2016-09-09 17:20 UTC (permalink / raw
To: gentoo-commits
commit: c2216a5c7ae4fa8bf28c41ef2440fd968320d8ab
Author: Patrick McLean <chutzpah <AT> gentoo <DOT> org>
AuthorDate: Fri Sep 9 17:19:38 2016 +0000
Commit: Patrick McLean <chutzpah <AT> gentoo <DOT> org>
CommitDate: Fri Sep 9 17:19:38 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c2216a5c
net-misc/openssh: Minor bugfix in 7.3_p1-r1 for OSX
Package-Manager: portage-2.3.0
.../openssh-7.3_p1-hpn-cipher-ctr-mt-no-deadlocks.patch | 17 +++++++++++------
1 file changed, 11 insertions(+), 6 deletions(-)
diff --git a/net-misc/openssh/files/openssh-7.3_p1-hpn-cipher-ctr-mt-no-deadlocks.patch b/net-misc/openssh/files/openssh-7.3_p1-hpn-cipher-ctr-mt-no-deadlocks.patch
index 19bd08b..9cc7b61 100644
--- a/net-misc/openssh/files/openssh-7.3_p1-hpn-cipher-ctr-mt-no-deadlocks.patch
+++ b/net-misc/openssh/files/openssh-7.3_p1-hpn-cipher-ctr-mt-no-deadlocks.patch
@@ -1,5 +1,5 @@
diff --git a/cipher-ctr-mt.c b/cipher-ctr-mt.c
-index fdc9b2f..3ffe6d1 100644
+index fdc9b2f..300cd90 100644
--- a/cipher-ctr-mt.c
+++ b/cipher-ctr-mt.c
@@ -127,7 +127,7 @@ struct kq {
@@ -160,7 +160,7 @@ index fdc9b2f..3ffe6d1 100644
c->state = HAVE_NONE;
for (i = 0; i < NUMKQ; i++) {
-@@ -409,11 +481,9 @@ ssh_aes_ctr_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
+@@ -409,11 +481,14 @@ ssh_aes_ctr_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
}
if (c->state == (HAVE_KEY | HAVE_IV)) {
@@ -172,10 +172,15 @@ index fdc9b2f..3ffe6d1 100644
+ /* tell the pregen threads to exit */
+ stop_and_join_pregen_threads(c);
+
++#ifdef __APPLE__
++ /* reset the exit flag */
++ c->exit_flag = FALSE;
++#endif /* __APPLE__ */
++
/* Start over getting key & iv */
c->state = HAVE_NONE;
}
-@@ -444,10 +514,12 @@ ssh_aes_ctr_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
+@@ -444,10 +519,12 @@ ssh_aes_ctr_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
/* Start threads */
for (i = 0; i < CIPHER_THREADS; i++) {
debug("spawned a thread");
@@ -189,7 +194,7 @@ index fdc9b2f..3ffe6d1 100644
pthread_cond_wait(&c->q[0].cond, &c->q[0].lock);
pthread_mutex_unlock(&c->q[0].lock);
}
-@@ -461,15 +533,10 @@ void
+@@ -461,15 +538,10 @@ void
ssh_aes_ctr_thread_destroy(EVP_CIPHER_CTX *ctx)
{
struct ssh_aes_ctr_ctx *c;
@@ -208,7 +213,7 @@ index fdc9b2f..3ffe6d1 100644
}
void
-@@ -481,7 +548,9 @@ ssh_aes_ctr_thread_reconstruction(EVP_CIPHER_CTX *ctx)
+@@ -481,7 +553,9 @@ ssh_aes_ctr_thread_reconstruction(EVP_CIPHER_CTX *ctx)
/* reconstruct threads */
for (i = 0; i < CIPHER_THREADS; i++) {
debug("spawned a thread");
@@ -218,7 +223,7 @@ index fdc9b2f..3ffe6d1 100644
}
}
-@@ -489,18 +558,13 @@ static int
+@@ -489,18 +563,13 @@ static int
ssh_aes_ctr_cleanup(EVP_CIPHER_CTX *ctx)
{
struct ssh_aes_ctr_ctx *c;
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/files/
@ 2017-01-09 21:09 Lars Wendler
0 siblings, 0 replies; 40+ messages in thread
From: Lars Wendler @ 2017-01-09 21:09 UTC (permalink / raw
To: gentoo-commits
commit: 23ef4c426436c6db690893a6291e6cd40e3b5d50
Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Mon Jan 9 21:06:23 2017 +0000
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Mon Jan 9 21:09:28 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=23ef4c42
net-misc/openssh: Removed unused patches.
Package-Manager: Portage-2.3.3, Repoman-2.3.1
.../files/openssh-7.1_p1-hpn-x509-glue.patch | 11 ---
.../openssh/files/openssh-7.2_p1-GSSAPI-dns.patch | 106 ---------------------
.../files/openssh-7.2_p1-sctp-x509-glue.patch | 74 --------------
.../files/openssh-7.3_p1-hpn-x509-glue.patch | 33 -------
4 files changed, 224 deletions(-)
diff --git a/net-misc/openssh/files/openssh-7.1_p1-hpn-x509-glue.patch b/net-misc/openssh/files/openssh-7.1_p1-hpn-x509-glue.patch
deleted file mode 100644
index 393ea99..00000000
--- a/net-misc/openssh/files/openssh-7.1_p1-hpn-x509-glue.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- openssh-7.0p1-hpnssh14v5/0002-add-support-for-the-NONE-cipher.patch.orig 2015-08-24 11:17:05.379280954 -0700
-+++ openssh-7.0p1-hpnssh14v5/0002-add-support-for-the-NONE-cipher.patch 2015-08-24 11:19:30.788424050 -0700
-@@ -80,7 +80,7 @@
- + else
- + fatal("Pre-authentication none cipher requests are not allowed.");
- + }
-- debug("kex: %s %s %s %s",
-+ debug("kex: %s cipher: %s MAC: %s compression: %s",
- ctos ? "client->server" : "server->client",
- newkeys->enc.name,
- diff --git a/myproposal.h b/myproposal.h
diff --git a/net-misc/openssh/files/openssh-7.2_p1-GSSAPI-dns.patch b/net-misc/openssh/files/openssh-7.2_p1-GSSAPI-dns.patch
deleted file mode 100644
index 29e94e4..00000000
--- a/net-misc/openssh/files/openssh-7.2_p1-GSSAPI-dns.patch
+++ /dev/null
@@ -1,106 +0,0 @@
-http://bugs.gentoo.org/165444
-https://bugzilla.mindrot.org/show_bug.cgi?id=1008
-
---- openssh-7.2p1/readconf.c
-+++ openssh-7.2p1/readconf.c
-@@ -148,6 +148,7 @@
- oClearAllForwardings, oNoHostAuthenticationForLocalhost,
- oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
- oAddressFamily, oGssAuthentication, oGssDelegateCreds,
-+ oGssTrustDns,
- oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
- oSendEnv, oControlPath, oControlMaster, oControlPersist,
- oHashKnownHosts,
-@@ -194,9 +195,11 @@
- #if defined(GSSAPI)
- { "gssapiauthentication", oGssAuthentication },
- { "gssapidelegatecredentials", oGssDelegateCreds },
-+ { "gssapitrustdns", oGssTrustDns },
- #else
- { "gssapiauthentication", oUnsupported },
- { "gssapidelegatecredentials", oUnsupported },
-+ { "gssapitrustdns", oUnsupported },
- #endif
- { "fallbacktorsh", oDeprecated },
- { "usersh", oDeprecated },
-@@ -930,6 +933,10 @@
- intptr = &options->gss_deleg_creds;
- goto parse_flag;
-
-+ case oGssTrustDns:
-+ intptr = &options->gss_trust_dns;
-+ goto parse_flag;
-+
- case oBatchMode:
- intptr = &options->batch_mode;
- goto parse_flag;
-@@ -1649,6 +1656,7 @@
- options->challenge_response_authentication = -1;
- options->gss_authentication = -1;
- options->gss_deleg_creds = -1;
-+ options->gss_trust_dns = -1;
- options->password_authentication = -1;
- options->kbd_interactive_authentication = -1;
- options->kbd_interactive_devices = NULL;
-@@ -1779,6 +1787,8 @@
- options->gss_authentication = 0;
- if (options->gss_deleg_creds == -1)
- options->gss_deleg_creds = 0;
-+ if (options->gss_trust_dns == -1)
-+ options->gss_trust_dns = 0;
- if (options->password_authentication == -1)
- options->password_authentication = 1;
- if (options->kbd_interactive_authentication == -1)
---- openssh-7.2p1/readconf.h
-+++ openssh-7.2p1/readconf.h
-@@ -46,6 +46,7 @@
- /* Try S/Key or TIS, authentication. */
- int gss_authentication; /* Try GSS authentication */
- int gss_deleg_creds; /* Delegate GSS credentials */
-+ int gss_trust_dns; /* Trust DNS for GSS canonicalization */
- int password_authentication; /* Try password
- * authentication. */
- int kbd_interactive_authentication; /* Try keyboard-interactive auth. */
---- openssh-7.2p1/ssh_config.5
-+++ openssh-7.2p1/ssh_config.5
-@@ -830,6 +830,16 @@
- Forward (delegate) credentials to the server.
- The default is
- .Dq no .
-+Note that this option applies to protocol version 2 connections using GSSAPI.
-+.It Cm GSSAPITrustDns
-+Set to
-+.Dq yes to indicate that the DNS is trusted to securely canonicalize
-+the name of the host being connected to. If
-+.Dq no, the hostname entered on the
-+command line will be passed untouched to the GSSAPI library.
-+The default is
-+.Dq no .
-+This option only applies to protocol version 2 connections using GSSAPI.
- .It Cm HashKnownHosts
- Indicates that
- .Xr ssh 1
---- openssh-7.2p1/sshconnect2.c
-+++ openssh-7.2p1/sshconnect2.c
-@@ -656,6 +656,12 @@
- static u_int mech = 0;
- OM_uint32 min;
- int ok = 0;
-+ const char *gss_host;
-+
-+ if (options.gss_trust_dns)
-+ gss_host = get_canonical_hostname(1);
-+ else
-+ gss_host = authctxt->host;
-
- /* Try one GSSAPI method at a time, rather than sending them all at
- * once. */
-@@ -668,7 +674,7 @@
- /* My DER encoding requires length<128 */
- if (gss_supported->elements[mech].length < 128 &&
- ssh_gssapi_check_mechanism(&gssctxt,
-- &gss_supported->elements[mech], authctxt->host)) {
-+ &gss_supported->elements[mech], gss_host)) {
- ok = 1; /* Mechanism works */
- } else {
- mech++;
diff --git a/net-misc/openssh/files/openssh-7.2_p1-sctp-x509-glue.patch b/net-misc/openssh/files/openssh-7.2_p1-sctp-x509-glue.patch
deleted file mode 100644
index 2884ee9..00000000
--- a/net-misc/openssh/files/openssh-7.2_p1-sctp-x509-glue.patch
+++ /dev/null
@@ -1,74 +0,0 @@
---- openssh-7.2_p1-sctp.patch
-+++ openssh-7.2_p1-sctp.patch
-@@ -195,14 +195,6 @@
- .Op Fl c Ar cipher
- .Op Fl F Ar ssh_config
- .Op Fl i Ar identity_file
--@@ -181,6 +181,7 @@ For full details of the options listed below, and their possible values, see
-- .It ServerAliveCountMax
-- .It StrictHostKeyChecking
-- .It TCPKeepAlive
--+.It Transport
-- .It UpdateHostKeys
-- .It UsePrivilegedPort
-- .It User
- @@ -222,6 +223,8 @@ and
- to print debugging messages about their progress.
- This is helpful in
-@@ -477,19 +469,11 @@
- .Sh SYNOPSIS
- .Nm ssh
- .Bk -words
---.Op Fl 1246AaCfGgKkMNnqsTtVvXxYy
--+.Op Fl 1246AaCfGgKkMNnqsTtVvXxYyz
-+-.Op Fl 1246AaCdfgKkMNnqsTtVvXxYy
-++.Op Fl 1246AaCdfgKkMNnqsTtVvXxYyz
- .Op Fl b Ar bind_address
- .Op Fl c Ar cipher_spec
- .Op Fl D Oo Ar bind_address : Oc Ns Ar port
--@@ -536,6 +536,7 @@ For full details of the options listed below, and their possible values, see
-- .It StreamLocalBindUnlink
-- .It StrictHostKeyChecking
-- .It TCPKeepAlive
--+.It Transport
-- .It Tunnel
-- .It TunnelDevice
-- .It UpdateHostKeys
- @@ -770,6 +771,8 @@ controls.
- .Pp
- .It Fl y
-@@ -501,7 +485,7 @@
- index f9ff91f..d0d92ce 100644
- --- a/ssh.c
- +++ b/ssh.c
--@@ -195,12 +195,17 @@ extern int muxserver_sock;
-+@@ -195,11 +195,16 @@ extern int muxserver_sock;
- extern u_int muxclient_command;
-
- /* Prints a help message to the user. This function never returns. */
-@@ -515,18 +499,17 @@
- usage(void)
- {
- fprintf(stderr,
---"usage: ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]\n"
--+"usage: ssh [-1246AaCfGgKkMNnqsTtVvXxYy" SCTP_OPT "] [-b bind_address] [-c cipher_spec]\n"
-+-"usage: ssh [-1246AaCdfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]\n"
-++"usage: ssh [-1246AaCdfgKkMNnqsTtVvXxYy" SCTP_OPT "] [-b bind_address] [-c cipher_spec]\n"
- " [-D [bind_address:]port] [-E log_file] [-e escape_char]\n"
- " [-F configfile] [-I pkcs11] [-i identity_file] [-L address]\n"
-- " [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n"
- @@ -605,7 +610,7 @@ main(int ac, char **av)
-- argv0 = av[0];
-+ # define ENGCONFIG ""
-+ #endif
-
-- again:
--- while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx"
--+ while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx" SCTP_OPT
-- "ACD:E:F:GI:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {
-+- while ((opt = getopt(ac, av, "1246ab:c:de:fgi:kl:m:no:p:qstvx"
-++ while ((opt = getopt(ac, av, "1246ab:c:de:fgi:kl:m:no:p:qstvx" SCTP_OPT
-+ "ACD:E:F:" ENGCONFIG "I:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {
- switch (opt) {
- case '1':
- @@ -845,6 +850,11 @@ main(int ac, char **av)
diff --git a/net-misc/openssh/files/openssh-7.3_p1-hpn-x509-glue.patch b/net-misc/openssh/files/openssh-7.3_p1-hpn-x509-glue.patch
deleted file mode 100644
index d458e9e..00000000
--- a/net-misc/openssh/files/openssh-7.3_p1-hpn-x509-glue.patch
+++ /dev/null
@@ -1,33 +0,0 @@
---- a/openssh-7.3_p1-hpn-14.10.patch 12:11:41.120750207 -0700
-+++ b/openssh-7.3_p1-hpn-14.10.patch 14:00:44.311487904 -0700
-@@ -141,7 +141,7 @@
- @@ -44,7 +44,7 @@ CC=@CC@
- LD=@LD@
- CFLAGS=@CFLAGS@
-- CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
-+ CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@
- -LIBS=@LIBS@
- +LIBS=@LIBS@ -lpthread
- K5LIBS=@K5LIBS@
-@@ -2098,7 +2098,7 @@
- @@ -527,10 +555,10 @@ send_client_banner(int connection_out, int minor1)
- /* Send our own protocol version identification. */
- if (compat20) {
-- xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n",
-+ xasprintf(&client_version_string, "SSH-%d.%d-%.100s PKIX\r\n",
- - PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION);
- + PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE);
- } else {
-@@ -2196,9 +2196,9 @@
- @@ -431,7 +431,7 @@ sshd_exchange_identification(int sock_in, int sock_out)
- }
-
-- xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s",
--- major, minor, SSH_VERSION,
--+ major, minor, SSH_RELEASE,
-+ xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s%s",
-+- major, minor, SSH_VERSION, comment,
-++ major, minor, SSH_RELEASE, comment,
- *options.version_addendum == '\0' ? "" : " ",
- options.version_addendum, newline);
-
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/files/
@ 2017-12-28 15:58 Lars Wendler
0 siblings, 0 replies; 40+ messages in thread
From: Lars Wendler @ 2017-12-28 15:58 UTC (permalink / raw
To: gentoo-commits
commit: 016688f8c6ff873aa32a1294b61dc871187a85f5
Author: Michael Mair-Keimberger <m.mairkeimberger <AT> gmail <DOT> com>
AuthorDate: Tue Dec 26 07:19:49 2017 +0000
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Thu Dec 28 15:58:05 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=016688f8
net-misc/openssh: remove unused patches
Closes: https://github.com/gentoo/gentoo/pull/6637
.../files/openssh-7.5_p1-hpn-x509-10.1-glue.patch | 63 -------
.../files/openssh-7.5p1-x509-libressl.patch | 202 ---------------------
2 files changed, 265 deletions(-)
diff --git a/net-misc/openssh/files/openssh-7.5_p1-hpn-x509-10.1-glue.patch b/net-misc/openssh/files/openssh-7.5_p1-hpn-x509-10.1-glue.patch
deleted file mode 100644
index e55a8b14c57..00000000000
--- a/net-misc/openssh/files/openssh-7.5_p1-hpn-x509-10.1-glue.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-diff -ur a/0003-Add-support-for-the-multi-threaded-AES-CTR-cipher.patch b/0003-Add-support-for-the-multi-threaded-AES-CTR-cipher.patch
---- a/0003-Add-support-for-the-multi-threaded-AES-CTR-cipher.patch 2017-03-27 13:31:01.816551100 -0700
-+++ b/0003-Add-support-for-the-multi-threaded-AES-CTR-cipher.patch 2017-03-27 13:51:03.894805846 -0700
-@@ -40,7 +40,7 @@
- @@ -44,7 +44,7 @@ CC=@CC@
- LD=@LD@
- CFLAGS=@CFLAGS@
-- CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
-+ CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@
- -LIBS=@LIBS@
- +LIBS=@LIBS@ -lpthread
- K5LIBS=@K5LIBS@
-@@ -1023,6 +1023,3 @@
- do_authenticated(authctxt);
-
- /* The connection has been terminated. */
----
--2.12.0
--
-diff -ur a/0004-support-dynamically-sized-receive-buffers.patch b/0004-support-dynamically-sized-receive-buffers.patch
---- a/0004-support-dynamically-sized-receive-buffers.patch 2017-03-27 13:31:01.816551100 -0700
-+++ b/0004-support-dynamically-sized-receive-buffers.patch 2017-03-27 13:49:44.513498976 -0700
-@@ -926,9 +926,9 @@
- @@ -526,10 +553,10 @@ send_client_banner(int connection_out, int minor1)
- /* Send our own protocol version identification. */
- if (compat20) {
-- xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n",
--- PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION);
--+ PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE);
-+ xasprintf(&client_version_string, "SSH-%d.%d-%.100s PKIX[%s]\r\n",
-+- PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION, PACKAGE_VERSION);
-++ PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE, PACKAGE_VERSION);
- } else {
- xasprintf(&client_version_string, "SSH-%d.%d-%.100s\n",
- - PROTOCOL_MAJOR_1, minor1, SSH_VERSION);
-@@ -943,11 +943,11 @@
- @@ -367,7 +367,7 @@ sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out)
- char remote_version[256]; /* Must be at least as big as buf. */
-
-- xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s\r\n",
--- PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION,
--+ PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE,
-+ xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s%s",
-+- major, minor, SSH_VERSION, comment,
-++ major, minor, SSH_RELEASE, comment,
- *options.version_addendum == '\0' ? "" : " ",
-- options.version_addendum);
-+ options.version_addendum, newline);
-
- @@ -1020,6 +1020,8 @@ server_listen(void)
- int ret, listen_sock, on = 1;
-@@ -1008,10 +1008,6 @@
- @@ -3,4 +3,5 @@
- #define SSH_VERSION "OpenSSH_7.5"
-
-- #define SSH_PORTABLE "p1"
---#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
-+-#define SSH_RELEASE PACKAGE_STRING ", " SSH_VERSION "p1"
- +#define SSH_HPN "-hpn14v12"
- +#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN
----
--2.12.0
--
diff --git a/net-misc/openssh/files/openssh-7.5p1-x509-libressl.patch b/net-misc/openssh/files/openssh-7.5p1-x509-libressl.patch
deleted file mode 100644
index b4f36a51318..00000000000
--- a/net-misc/openssh/files/openssh-7.5p1-x509-libressl.patch
+++ /dev/null
@@ -1,202 +0,0 @@
-diff -urN openssh-7.5p1.orig/a_utf8.c openssh-7.5p1/a_utf8.c
---- openssh-7.5p1.orig/a_utf8.c 1970-01-01 00:00:00.000000000 +0000
-+++ openssh-7.5p1/a_utf8.c 2017-03-30 17:38:25.179532110 +0000
-@@ -0,0 +1,186 @@
-+/*
-+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-+#include <stdio.h>
-+
-+/* UTF8 utilities */
-+
-+/*-
-+ * This parses a UTF8 string one character at a time. It is passed a pointer
-+ * to the string and the length of the string. It sets 'value' to the value of
-+ * the current character. It returns the number of characters read or a
-+ * negative error code:
-+ * -1 = string too short
-+ * -2 = illegal character
-+ * -3 = subsequent characters not of the form 10xxxxxx
-+ * -4 = character encoded incorrectly (not minimal length).
-+ */
-+
-+int UTF8_getc(const unsigned char *str, int len, unsigned long *val)
-+{
-+ const unsigned char *p;
-+ unsigned long value;
-+ int ret;
-+ if (len <= 0)
-+ return 0;
-+ p = str;
-+
-+ /* Check syntax and work out the encoded value (if correct) */
-+ if ((*p & 0x80) == 0) {
-+ value = *p++ & 0x7f;
-+ ret = 1;
-+ } else if ((*p & 0xe0) == 0xc0) {
-+ if (len < 2)
-+ return -1;
-+ if ((p[1] & 0xc0) != 0x80)
-+ return -3;
-+ value = (*p++ & 0x1f) << 6;
-+ value |= *p++ & 0x3f;
-+ if (value < 0x80)
-+ return -4;
-+ ret = 2;
-+ } else if ((*p & 0xf0) == 0xe0) {
-+ if (len < 3)
-+ return -1;
-+ if (((p[1] & 0xc0) != 0x80)
-+ || ((p[2] & 0xc0) != 0x80))
-+ return -3;
-+ value = (*p++ & 0xf) << 12;
-+ value |= (*p++ & 0x3f) << 6;
-+ value |= *p++ & 0x3f;
-+ if (value < 0x800)
-+ return -4;
-+ ret = 3;
-+ } else if ((*p & 0xf8) == 0xf0) {
-+ if (len < 4)
-+ return -1;
-+ if (((p[1] & 0xc0) != 0x80)
-+ || ((p[2] & 0xc0) != 0x80)
-+ || ((p[3] & 0xc0) != 0x80))
-+ return -3;
-+ value = ((unsigned long)(*p++ & 0x7)) << 18;
-+ value |= (*p++ & 0x3f) << 12;
-+ value |= (*p++ & 0x3f) << 6;
-+ value |= *p++ & 0x3f;
-+ if (value < 0x10000)
-+ return -4;
-+ ret = 4;
-+ } else if ((*p & 0xfc) == 0xf8) {
-+ if (len < 5)
-+ return -1;
-+ if (((p[1] & 0xc0) != 0x80)
-+ || ((p[2] & 0xc0) != 0x80)
-+ || ((p[3] & 0xc0) != 0x80)
-+ || ((p[4] & 0xc0) != 0x80))
-+ return -3;
-+ value = ((unsigned long)(*p++ & 0x3)) << 24;
-+ value |= ((unsigned long)(*p++ & 0x3f)) << 18;
-+ value |= ((unsigned long)(*p++ & 0x3f)) << 12;
-+ value |= (*p++ & 0x3f) << 6;
-+ value |= *p++ & 0x3f;
-+ if (value < 0x200000)
-+ return -4;
-+ ret = 5;
-+ } else if ((*p & 0xfe) == 0xfc) {
-+ if (len < 6)
-+ return -1;
-+ if (((p[1] & 0xc0) != 0x80)
-+ || ((p[2] & 0xc0) != 0x80)
-+ || ((p[3] & 0xc0) != 0x80)
-+ || ((p[4] & 0xc0) != 0x80)
-+ || ((p[5] & 0xc0) != 0x80))
-+ return -3;
-+ value = ((unsigned long)(*p++ & 0x1)) << 30;
-+ value |= ((unsigned long)(*p++ & 0x3f)) << 24;
-+ value |= ((unsigned long)(*p++ & 0x3f)) << 18;
-+ value |= ((unsigned long)(*p++ & 0x3f)) << 12;
-+ value |= (*p++ & 0x3f) << 6;
-+ value |= *p++ & 0x3f;
-+ if (value < 0x4000000)
-+ return -4;
-+ ret = 6;
-+ } else
-+ return -2;
-+ *val = value;
-+ return ret;
-+}
-+
-+/*
-+ * This takes a character 'value' and writes the UTF8 encoded value in 'str'
-+ * where 'str' is a buffer containing 'len' characters. Returns the number of
-+ * characters written or -1 if 'len' is too small. 'str' can be set to NULL
-+ * in which case it just returns the number of characters. It will need at
-+ * most 6 characters.
-+ */
-+
-+int UTF8_putc(unsigned char *str, int len, unsigned long value)
-+{
-+ if (!str)
-+ len = 6; /* Maximum we will need */
-+ else if (len <= 0)
-+ return -1;
-+ if (value < 0x80) {
-+ if (str)
-+ *str = (unsigned char)value;
-+ return 1;
-+ }
-+ if (value < 0x800) {
-+ if (len < 2)
-+ return -1;
-+ if (str) {
-+ *str++ = (unsigned char)(((value >> 6) & 0x1f) | 0xc0);
-+ *str = (unsigned char)((value & 0x3f) | 0x80);
-+ }
-+ return 2;
-+ }
-+ if (value < 0x10000) {
-+ if (len < 3)
-+ return -1;
-+ if (str) {
-+ *str++ = (unsigned char)(((value >> 12) & 0xf) | 0xe0);
-+ *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);
-+ *str = (unsigned char)((value & 0x3f) | 0x80);
-+ }
-+ return 3;
-+ }
-+ if (value < 0x200000) {
-+ if (len < 4)
-+ return -1;
-+ if (str) {
-+ *str++ = (unsigned char)(((value >> 18) & 0x7) | 0xf0);
-+ *str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80);
-+ *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);
-+ *str = (unsigned char)((value & 0x3f) | 0x80);
-+ }
-+ return 4;
-+ }
-+ if (value < 0x4000000) {
-+ if (len < 5)
-+ return -1;
-+ if (str) {
-+ *str++ = (unsigned char)(((value >> 24) & 0x3) | 0xf8);
-+ *str++ = (unsigned char)(((value >> 18) & 0x3f) | 0x80);
-+ *str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80);
-+ *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);
-+ *str = (unsigned char)((value & 0x3f) | 0x80);
-+ }
-+ return 5;
-+ }
-+ if (len < 6)
-+ return -1;
-+ if (str) {
-+ *str++ = (unsigned char)(((value >> 30) & 0x1) | 0xfc);
-+ *str++ = (unsigned char)(((value >> 24) & 0x3f) | 0x80);
-+ *str++ = (unsigned char)(((value >> 18) & 0x3f) | 0x80);
-+ *str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80);
-+ *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);
-+ *str = (unsigned char)((value & 0x3f) | 0x80);
-+ }
-+ return 6;
-+}
-diff -urN openssh-7.5p1.orig/Makefile.in openssh-7.5p1/Makefile.in
---- openssh-7.5p1.orig/Makefile.in 2017-03-30 17:33:30.983830629 +0000
-+++ openssh-7.5p1/Makefile.in 2017-03-30 17:39:28.392905858 +0000
-@@ -74,7 +74,7 @@
- @OCSP_ON@OCSP_OBJS=ssh-ocsp.o
- @OCSP_OFF@OCSP_OBJS=
-
--SSHX509_OBJS=ssh-x509.o ssh-xkalg.o x509_nm_cmp.o key-eng.o
-+SSHX509_OBJS=ssh-x509.o ssh-xkalg.o x509_nm_cmp.o key-eng.o a_utf8.o
- X509STORE_OBJS=x509store.o $(LDAP_OBJS)
-
- TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT)
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/files/
@ 2018-03-13 13:20 Lars Wendler
0 siblings, 0 replies; 40+ messages in thread
From: Lars Wendler @ 2018-03-13 13:20 UTC (permalink / raw
To: gentoo-commits
commit: bb6b4a5247765dda2b422806f39aa02cc0cab2eb
Author: Michael Mair-Keimberger <m.mairkeimberger <AT> gmail <DOT> com>
AuthorDate: Tue Mar 13 12:52:12 2018 +0000
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Tue Mar 13 13:20:01 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bb6b4a52
net-misc/openssh: remove unused patches
Closes: https://github.com/gentoo/gentoo/pull/7445
.../files/openssh-7.6_p1-hpn-x509-11.0-glue.patch | 50 ----------------------
.../files/openssh-7.6_p1-hpn-x509-11.1-glue.patch | 50 ----------------------
.../files/openssh-7.6_p1-x509-11.0-libressl.patch | 11 -----
.../files/openssh-7.6_p1-x509-11.1-libressl.patch | 11 -----
4 files changed, 122 deletions(-)
diff --git a/net-misc/openssh/files/openssh-7.6_p1-hpn-x509-11.0-glue.patch b/net-misc/openssh/files/openssh-7.6_p1-hpn-x509-11.0-glue.patch
deleted file mode 100644
index d55656aae97..00000000000
--- a/net-misc/openssh/files/openssh-7.6_p1-hpn-x509-11.0-glue.patch
+++ /dev/null
@@ -1,50 +0,0 @@
---- a/openssh-7.6p1-hpnssh14v12/0004-support-dynamically-sized-receive-buffers.patch 2017-10-11 15:02:11.850912525 -0700
-+++ b/openssh-7.6p1-hpnssh14v12/0004-support-dynamically-sized-receive-buffers.patch 2017-10-11 15:35:06.223424844 -0700
-@@ -907,9 +907,9 @@
- @@ -517,7 +544,7 @@ send_client_banner(int connection_out, int minor1)
- {
- /* Send our own protocol version identification. */
-- xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n",
--- PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION);
--+ PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE);
-+ xasprintf(&client_version_string, "SSH-%d.%d-%.100s PKIX[%s]\r\n",
-+- PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION, PACKAGE_VERSION);
-++ PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE, PACKAGE_VERSION);
- if (atomicio(vwrite, connection_out, client_version_string,
- strlen(client_version_string)) != strlen(client_version_string))
- fatal("write: %.100s", strerror(errno));
-@@ -918,11 +918,11 @@
- --- a/sshd.c
- +++ b/sshd.c
- @@ -367,7 +367,7 @@ sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out)
-- char remote_version[256]; /* Must be at least as big as buf. */
-+ }
-
-- xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s\r\n",
--- PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION,
--+ PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE,
-+ xasprintf(&server_version_string, "SSH-%d.%d-%s%s%s%s\r\n",
-+- PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION, pkix_comment,
-++ PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE, pkix_comment,
- *options.version_addendum == '\0' ? "" : " ",
- options.version_addendum);
-
-@@ -982,13 +982,14 @@
- index e093f623..83f0932d 100644
- --- a/version.h
- +++ b/version.h
--@@ -3,4 +3,5 @@
-+@@ -3,3 +3,6 @@
- #define SSH_VERSION "OpenSSH_7.6"
-
-- #define SSH_PORTABLE "p1"
---#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
-+-#define SSH_RELEASE PACKAGE_STRING ", " SSH_VERSION "p1"
-++#define SSH_PORTABLE "p1"
- +#define SSH_HPN "-hpn14v12"
-++#define SSH_X509 "-PKIXSSH-11.0"
--+#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN
-++#define SSH_RELEASE PACKAGE_STRING ", " SSH_VERSION "p1" SSH_HPN
- --
- 2.14.2
-
diff --git a/net-misc/openssh/files/openssh-7.6_p1-hpn-x509-11.1-glue.patch b/net-misc/openssh/files/openssh-7.6_p1-hpn-x509-11.1-glue.patch
deleted file mode 100644
index 2ed6a7b54a6..00000000000
--- a/net-misc/openssh/files/openssh-7.6_p1-hpn-x509-11.1-glue.patch
+++ /dev/null
@@ -1,50 +0,0 @@
---- a/openssh-7.6p1-hpnssh14v12-r1/0003-support-dynamically-sized-receive-buffers.patch 2017-10-11 15:02:11.850912525 -0700
-+++ b/openssh-7.6p1-hpnssh14v12-r1/0003-support-dynamically-sized-receive-buffers.patch 2017-10-11 15:35:06.223424844 -0700
-@@ -907,9 +907,9 @@
- @@ -517,7 +544,7 @@ send_client_banner(int connection_out, int minor1)
- {
- /* Send our own protocol version identification. */
-- xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n",
--- PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION);
--+ PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE);
-+ xasprintf(&client_version_string, "SSH-%d.%d-%.100s PKIX[%s]\r\n",
-+- PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION, PACKAGE_VERSION);
-++ PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE, PACKAGE_VERSION);
- if (atomicio(vwrite, connection_out, client_version_string,
- strlen(client_version_string)) != strlen(client_version_string))
- fatal("write: %.100s", strerror(errno));
-@@ -918,11 +918,11 @@
- --- a/sshd.c
- +++ b/sshd.c
- @@ -367,7 +367,7 @@ sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out)
-- char remote_version[256]; /* Must be at least as big as buf. */
-+ }
-
-- xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s\r\n",
--- PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION,
--+ PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE,
-+ xasprintf(&server_version_string, "SSH-%d.%d-%s%s%s%s\r\n",
-+- PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION, pkix_comment,
-++ PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE, pkix_comment,
- *options.version_addendum == '\0' ? "" : " ",
- options.version_addendum);
-
-@@ -982,13 +982,14 @@
- index e093f623..83f0932d 100644
- --- a/version.h
- +++ b/version.h
--@@ -3,4 +3,5 @@
-+@@ -3,3 +3,6 @@
- #define SSH_VERSION "OpenSSH_7.6"
-
-- #define SSH_PORTABLE "p1"
---#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
-+-#define SSH_RELEASE PACKAGE_STRING ", " SSH_VERSION "p1"
-++#define SSH_PORTABLE "p1"
- +#define SSH_HPN "-hpn14v12"
-++#define SSH_X509 "-PKIXSSH-11.0"
--+#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN
-++#define SSH_RELEASE PACKAGE_STRING ", " SSH_VERSION "p1" SSH_HPN
- --
- 2.14.2
-
diff --git a/net-misc/openssh/files/openssh-7.6_p1-x509-11.0-libressl.patch b/net-misc/openssh/files/openssh-7.6_p1-x509-11.0-libressl.patch
deleted file mode 100644
index b84ee64e4f7..00000000000
--- a/net-misc/openssh/files/openssh-7.6_p1-x509-11.0-libressl.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- a/openssh-7.6p1+x509-11.0.diff 2017-11-06 17:16:28.334140140 -0800
-+++ b/openssh-7.6p1+x509-11.0.diff 2017-11-06 17:16:55.338223563 -0800
-@@ -54732,7 +54732,7 @@
- +int/*bool*/ ssh_x509store_addlocations(const X509StoreOptions *locations);
- +
- +typedef char SSHXSTOREPATH;
--+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- +DECLARE_STACK_OF(SSHXSTOREPATH)
- +# define sk_SSHXSTOREPATH_new_null() SKM_sk_new_null(SSHXSTOREPATH)
- +# define sk_SSHXSTOREPATH_num(st) SKM_sk_num(SSHXSTOREPATH, (st))
diff --git a/net-misc/openssh/files/openssh-7.6_p1-x509-11.1-libressl.patch b/net-misc/openssh/files/openssh-7.6_p1-x509-11.1-libressl.patch
deleted file mode 100644
index c3b6b4d61a3..00000000000
--- a/net-misc/openssh/files/openssh-7.6_p1-x509-11.1-libressl.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- a/openssh-7.6p1+x509-11.1.diff 2017-11-06 17:16:28.334140140 -0800
-+++ b/openssh-7.6p1+x509-11.1.diff 2017-11-06 17:16:55.338223563 -0800
-@@ -54732,7 +54732,7 @@
- +int/*bool*/ ssh_x509store_addlocations(const X509StoreOptions *locations);
- +
- +typedef char SSHXSTOREPATH;
--+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- +DECLARE_STACK_OF(SSHXSTOREPATH)
- +# define sk_SSHXSTOREPATH_new_null() SKM_sk_new_null(SSHXSTOREPATH)
- +# define sk_SSHXSTOREPATH_num(st) SKM_sk_num(SSHXSTOREPATH, (st))
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/files/
@ 2018-10-23 23:27 Patrick McLean
0 siblings, 0 replies; 40+ messages in thread
From: Patrick McLean @ 2018-10-23 23:27 UTC (permalink / raw
To: gentoo-commits
commit: 09cfa8e77bf5c560f64e750c71df8a0099e40a14
Author: Patrick McLean <patrick.mclean <AT> sony <DOT> com>
AuthorDate: Tue Oct 23 23:26:55 2018 +0000
Commit: Patrick McLean <chutzpah <AT> gentoo <DOT> org>
CommitDate: Tue Oct 23 23:27:05 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=09cfa8e7
net-misc/openssh: Fix X509 glue patch in 7.9_p1
Fixes: 7e539010154b1efd978198ddd8902cfc0a5be957
Signed-off-by: Patrick McLean <chutzpah <AT> gentoo.org>
Package-Manager: Portage-2.3.51, Repoman-2.3.11
net-misc/openssh/files/openssh-7.9_p1-X509-glue.patch | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/net-misc/openssh/files/openssh-7.9_p1-X509-glue.patch b/net-misc/openssh/files/openssh-7.9_p1-X509-glue.patch
index e1d63ecc8ae..1f1ec4a4d77 100644
--- a/net-misc/openssh/files/openssh-7.9_p1-X509-glue.patch
+++ b/net-misc/openssh/files/openssh-7.9_p1-X509-glue.patch
@@ -1,11 +1,11 @@
---- a/openssh-7.9p1+x509-11.5.diff 2018-10-19 11:41:13.791285390 -0700
-+++ b/openssh-7.9p1+x509-11.5.diff 2018-10-19 11:45:42.584694215 -0700
+--- a/openssh-7.9p1+x509-11.5.diff 2018-10-23 16:21:22.580154353 -0700
++++ b/openssh-7.9p1+x509-11.5.diff 2018-10-23 16:22:39.600652048 -0700
@@ -44045,7 +44045,7 @@
ENGINE_register_all_complete();
+#endif
--#if OPENSSL_VERSION_NUMBER < 0x10001000L
-+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ /* OPENSSL_config will load buildin engines and engines
+ * specified in configuration file, i.e. method call
+ * ENGINE_load_builtin_engines. Latter is only for
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/files/
@ 2018-10-26 18:30 Patrick McLean
0 siblings, 0 replies; 40+ messages in thread
From: Patrick McLean @ 2018-10-26 18:30 UTC (permalink / raw
To: gentoo-commits
commit: d9479289f3cd4833538cc7c89fdc65a05685b439
Author: Patrick McLean <patrick.mclean <AT> sony <DOT> com>
AuthorDate: Fri Oct 26 18:29:06 2018 +0000
Commit: Patrick McLean <chutzpah <AT> gentoo <DOT> org>
CommitDate: Fri Oct 26 18:29:53 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d9479289
net-misc/openssl: Fix building on libressl with USE=hpn
Signed-off-by: Patrick McLean <chutzpah <AT> gentoo.org>
Package-Manager: Portage-2.3.51, Repoman-2.3.11
.../files/openssh-7.9_p1-hpn-openssl-1.1.patch | 24 +++++++++++-----------
1 file changed, 12 insertions(+), 12 deletions(-)
diff --git a/net-misc/openssh/files/openssh-7.9_p1-hpn-openssl-1.1.patch b/net-misc/openssh/files/openssh-7.9_p1-hpn-openssl-1.1.patch
index 524d05ad89d..c07ad0414ef 100644
--- a/net-misc/openssh/files/openssh-7.9_p1-hpn-openssl-1.1.patch
+++ b/net-misc/openssh/files/openssh-7.9_p1-hpn-openssl-1.1.patch
@@ -1,13 +1,13 @@
--- openssh-7.9p1.orig/cipher-ctr-mt.c 2018-10-24 20:48:00.909255466 -0000
+++ openssh-7.9p1/cipher-ctr-mt.c 2018-10-24 20:48:17.378155144 -0000
@@ -46,7 +46,7 @@
-
+
/*-------------------- TUNABLES --------------------*/
/* maximum number of threads and queues */
-#define MAX_THREADS 32
-+#define MAX_THREADS 32
++#define MAX_THREADS 32
#define MAX_NUMKQ (MAX_THREADS * 2)
-
+
/* Number of pregen threads to use */
@@ -435,7 +435,7 @@
destp.u += AES_BLOCK_SIZE;
@@ -15,7 +15,7 @@
len -= AES_BLOCK_SIZE;
- ssh_ctr_inc(ctx->iv, AES_BLOCK_SIZE);
+ ssh_ctr_inc(c->aes_counter, AES_BLOCK_SIZE);
-
+
/* Increment read index, switch queues on rollover */
if ((ridx = (ridx + 1) % KQLEN) == 0) {
@@ -481,8 +481,6 @@
@@ -28,9 +28,9 @@
cipher_threads = sysconf(_SC_NPROCESSORS_ONLN) / 2;
#endif /*__linux__*/
@@ -505,11 +503,12 @@
- if (cipher_threads < 2)
+ if (cipher_threads < 2)
cipher_threads = 2;
-
+
- /* assure that we aren't trying to create more threads than we have in the struct */
- /* cipher_threads is half the total of allowable threads hence the odd looking math here */
+ /* assure that we aren't trying to create more threads */
@@ -38,20 +38,20 @@
+ /* total of allowable threads hence the odd looking math here */
if (cipher_threads * 2 > MAX_THREADS)
cipher_threads = MAX_THREADS / 2;
--
+-
+
/* set the number of keystream queues */
numkq = cipher_threads * 2;
-
+
@@ -551,16 +550,16 @@
}
-
+
if (iv != NULL) {
- memcpy(ctx->iv, iv, AES_BLOCK_SIZE);
+ memcpy(c->aes_counter, iv, AES_BLOCK_SIZE);
c->state |= HAVE_IV;
}
-
+
if (c->state == (HAVE_KEY | HAVE_IV)) {
/* Clear queues */
- memcpy(c->q[0].ctr, ctx->iv, AES_BLOCK_SIZE);
@@ -67,7 +67,7 @@
const EVP_CIPHER *
evp_aes_ctr_mt(void)
{
-+# if OPENSSL_VERSION_NUMBER >= 0x10100000UL
++# if OPENSSL_VERSION_NUMBER >= 0x10100000UL && !defined(LIBRESSL_VERSION_NUMBER)
+ static EVP_CIPHER *aes_ctr;
+ aes_ctr = EVP_CIPHER_meth_new(NID_undef, 16/*block*/, 16/*key*/);
+ EVP_CIPHER_meth_set_iv_length(aes_ctr, AES_BLOCK_SIZE);
@@ -103,5 +103,5 @@
+ return &aes_ctr;
+# endif /*OPENSSH_VERSION_NUMBER*/
}
-
+
#endif /* defined(WITH_OPENSSL) */
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/files/
@ 2018-10-26 18:35 Patrick McLean
0 siblings, 0 replies; 40+ messages in thread
From: Patrick McLean @ 2018-10-26 18:35 UTC (permalink / raw
To: gentoo-commits
commit: 1b0868a46a94ecf8697e19f5761067c72ba9b355
Author: Patrick McLean <patrick.mclean <AT> sony <DOT> com>
AuthorDate: Fri Oct 26 18:34:55 2018 +0000
Commit: Patrick McLean <chutzpah <AT> gentoo <DOT> org>
CommitDate: Fri Oct 26 18:35:07 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1b0868a4
net-misc/openssh: Previous fix in 7.9_p1 broke patch
Fixes: d9479289f3cd4833538cc7c89fdc65a05685b439
Signed-off-by: Patrick McLean <chutzpah <AT> gentoo.org>
Package-Manager: Portage-2.3.51, Repoman-2.3.11
.../openssh/files/openssh-7.9_p1-hpn-openssl-1.1.patch | 16 ----------------
1 file changed, 16 deletions(-)
diff --git a/net-misc/openssh/files/openssh-7.9_p1-hpn-openssl-1.1.patch b/net-misc/openssh/files/openssh-7.9_p1-hpn-openssl-1.1.patch
index c07ad0414ef..78b75453274 100644
--- a/net-misc/openssh/files/openssh-7.9_p1-hpn-openssl-1.1.patch
+++ b/net-misc/openssh/files/openssh-7.9_p1-hpn-openssl-1.1.patch
@@ -27,22 +27,6 @@
#ifdef __linux__
cipher_threads = sysconf(_SC_NPROCESSORS_ONLN) / 2;
#endif /*__linux__*/
-@@ -505,11 +503,12 @@
- if (cipher_threads < 2)
- cipher_threads = 2;
-
-- /* assure that we aren't trying to create more threads than we have in the struct */
-- /* cipher_threads is half the total of allowable threads hence the odd looking math here */
-+ /* assure that we aren't trying to create more threads */
-+ /* than we have in the struct. cipher_threads is half the */
-+ /* total of allowable threads hence the odd looking math here */
- if (cipher_threads * 2 > MAX_THREADS)
- cipher_threads = MAX_THREADS / 2;
--
-+
- /* set the number of keystream queues */
- numkq = cipher_threads * 2;
-
@@ -551,16 +550,16 @@
}
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/files/
@ 2018-10-31 8:06 Lars Wendler
0 siblings, 0 replies; 40+ messages in thread
From: Lars Wendler @ 2018-10-31 8:06 UTC (permalink / raw
To: gentoo-commits
commit: ad8d70eefa33649860561489dd5cc7f52acb64ed
Author: Michael Mair-Keimberger <m.mairkeimberger <AT> gmail <DOT> com>
AuthorDate: Sun Sep 30 12:54:20 2018 +0000
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Wed Oct 31 08:06:10 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ad8d70ee
net-misc/openssh: remove unused patches
Signed-off-by: Michael Mair-Keimberger <m.mairkeimberger <AT> gmail.com>
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>
.../files/openssh-7.6_p1-hpn-x509-11.2-glue.patch | 50 ------------
.../openssh-7.6_p1-permitopen-x509-glue.patch | 44 -----------
.../openssh/files/openssh-7.6_p1-permitopen.patch | 49 ------------
.../openssh/files/openssh-7.6_p1-warnings.patch | 12 ---
net-misc/openssh/files/sshd.rc6.5 | 89 ----------------------
5 files changed, 244 deletions(-)
diff --git a/net-misc/openssh/files/openssh-7.6_p1-hpn-x509-11.2-glue.patch b/net-misc/openssh/files/openssh-7.6_p1-hpn-x509-11.2-glue.patch
deleted file mode 100644
index 2ed6a7b54a6..00000000000
--- a/net-misc/openssh/files/openssh-7.6_p1-hpn-x509-11.2-glue.patch
+++ /dev/null
@@ -1,50 +0,0 @@
---- a/openssh-7.6p1-hpnssh14v12-r1/0003-support-dynamically-sized-receive-buffers.patch 2017-10-11 15:02:11.850912525 -0700
-+++ b/openssh-7.6p1-hpnssh14v12-r1/0003-support-dynamically-sized-receive-buffers.patch 2017-10-11 15:35:06.223424844 -0700
-@@ -907,9 +907,9 @@
- @@ -517,7 +544,7 @@ send_client_banner(int connection_out, int minor1)
- {
- /* Send our own protocol version identification. */
-- xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n",
--- PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION);
--+ PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE);
-+ xasprintf(&client_version_string, "SSH-%d.%d-%.100s PKIX[%s]\r\n",
-+- PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION, PACKAGE_VERSION);
-++ PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE, PACKAGE_VERSION);
- if (atomicio(vwrite, connection_out, client_version_string,
- strlen(client_version_string)) != strlen(client_version_string))
- fatal("write: %.100s", strerror(errno));
-@@ -918,11 +918,11 @@
- --- a/sshd.c
- +++ b/sshd.c
- @@ -367,7 +367,7 @@ sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out)
-- char remote_version[256]; /* Must be at least as big as buf. */
-+ }
-
-- xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s\r\n",
--- PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION,
--+ PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE,
-+ xasprintf(&server_version_string, "SSH-%d.%d-%s%s%s%s\r\n",
-+- PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION, pkix_comment,
-++ PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE, pkix_comment,
- *options.version_addendum == '\0' ? "" : " ",
- options.version_addendum);
-
-@@ -982,13 +982,14 @@
- index e093f623..83f0932d 100644
- --- a/version.h
- +++ b/version.h
--@@ -3,4 +3,5 @@
-+@@ -3,3 +3,6 @@
- #define SSH_VERSION "OpenSSH_7.6"
-
-- #define SSH_PORTABLE "p1"
---#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
-+-#define SSH_RELEASE PACKAGE_STRING ", " SSH_VERSION "p1"
-++#define SSH_PORTABLE "p1"
- +#define SSH_HPN "-hpn14v12"
-++#define SSH_X509 "-PKIXSSH-11.0"
--+#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN
-++#define SSH_RELEASE PACKAGE_STRING ", " SSH_VERSION "p1" SSH_HPN
- --
- 2.14.2
-
diff --git a/net-misc/openssh/files/openssh-7.6_p1-permitopen-x509-glue.patch b/net-misc/openssh/files/openssh-7.6_p1-permitopen-x509-glue.patch
deleted file mode 100644
index 9d8f9a6cdef..00000000000
--- a/net-misc/openssh/files/openssh-7.6_p1-permitopen-x509-glue.patch
+++ /dev/null
@@ -1,44 +0,0 @@
---- a/openssh-7.6p1+x509-11.2.diff 2018-03-13 10:48:08.755434051 -0700
-+++ b/openssh-7.6p1+x509-11.2.diff 2018-03-13 10:51:27.217980071 -0700
-@@ -29025,13 +29025,6 @@
- diff -ruN openssh-7.6p1/servconf.c openssh-7.6p1+x509-11.2/servconf.c
- --- openssh-7.6p1/servconf.c 2017-10-02 22:34:26.000000000 +0300
- +++ openssh-7.6p1+x509-11.2/servconf.c 2018-02-11 12:07:01.000000000 +0200
--@@ -1,5 +1,5 @@
--
---/* $OpenBSD: servconf.c,v 1.312 2017/10/02 19:33:20 djm Exp $ */
--+/* $OpenBSD: servconf.c,v 1.313 2017/10/04 18:49:30 djm Exp $ */
-- /*
-- * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
-- * All rights reserved
- @@ -9,6 +9,29 @@
- * software must be clearly marked as such, and if the derived work is
- * incompatible with the protocol description in the RFC file, it must be
-@@ -29467,27 +29460,6 @@
- case sAllowUsers:
- while ((arg = strdelim(&cp)) && *arg != '\0') {
- if (options->num_allow_users >= MAX_ALLOW_USERS)
--@@ -1663,9 +1931,9 @@
-- if (!arg || *arg == '\0')
-- fatal("%s line %d: missing PermitOpen specification",
-- filename, linenum);
--- i = options->num_permitted_opens; /* modified later */
--+ value = options->num_permitted_opens; /* modified later */
-- if (strcmp(arg, "any") == 0 || strcmp(arg, "none") == 0) {
--- if (*activep && i == 0) {
--+ if (*activep && value == 0) {
-- options->num_permitted_opens = 1;
-- options->permitted_opens = xcalloc(1,
-- sizeof(*options->permitted_opens));
--@@ -1683,7 +1951,7 @@
-- if (arg == NULL || ((port = permitopen_port(arg)) < 0))
-- fatal("%s line %d: bad port number in "
-- "PermitOpen", filename, linenum);
--- if (*activep && i == 0) {
--+ if (*activep && value == 0) {
-- options->permitted_opens = xrecallocarray(
-- options->permitted_opens,
-- options->num_permitted_opens,
- @@ -1885,11 +2153,20 @@
-
- case sDeprecated:
diff --git a/net-misc/openssh/files/openssh-7.6_p1-permitopen.patch b/net-misc/openssh/files/openssh-7.6_p1-permitopen.patch
deleted file mode 100644
index 5dc96d4d0a3..00000000000
--- a/net-misc/openssh/files/openssh-7.6_p1-permitopen.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From 69bda0228861f3dacd4fb3d28b60ce9d103d254b Mon Sep 17 00:00:00 2001
-From: "djm@openbsd.org" <djm@openbsd.org>
-Date: Wed, 4 Oct 2017 18:49:30 +0000
-Subject: [PATCH] upstream commit
-
-fix (another) problem in PermitOpen introduced during the
-channels.c refactor: the third and subsequent arguments to PermitOpen were
-being silently ignored; ok markus@
-
-Upstream-ID: 067c89f1f53cbc381628012ba776d6861e6782fd
----
- servconf.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/servconf.c b/servconf.c
-index 2c321a4a..95686295 100644
---- a/servconf.c
-+++ b/servconf.c
-@@ -1,5 +1,5 @@
-
--/* $OpenBSD: servconf.c,v 1.312 2017/10/02 19:33:20 djm Exp $ */
-+/* $OpenBSD: servconf.c,v 1.313 2017/10/04 18:49:30 djm Exp $ */
- /*
- * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
- * All rights reserved
-@@ -1663,9 +1663,9 @@ process_server_config_line(ServerOptions *options, char *line,
- if (!arg || *arg == '\0')
- fatal("%s line %d: missing PermitOpen specification",
- filename, linenum);
-- i = options->num_permitted_opens; /* modified later */
-+ value = options->num_permitted_opens; /* modified later */
- if (strcmp(arg, "any") == 0 || strcmp(arg, "none") == 0) {
-- if (*activep && i == 0) {
-+ if (*activep && value == 0) {
- options->num_permitted_opens = 1;
- options->permitted_opens = xcalloc(1,
- sizeof(*options->permitted_opens));
-@@ -1683,7 +1683,7 @@ process_server_config_line(ServerOptions *options, char *line,
- if (arg == NULL || ((port = permitopen_port(arg)) < 0))
- fatal("%s line %d: bad port number in "
- "PermitOpen", filename, linenum);
-- if (*activep && i == 0) {
-+ if (*activep && value == 0) {
- options->permitted_opens = xrecallocarray(
- options->permitted_opens,
- options->num_permitted_opens,
---
-2.16.1
-
diff --git a/net-misc/openssh/files/openssh-7.6_p1-warnings.patch b/net-misc/openssh/files/openssh-7.6_p1-warnings.patch
deleted file mode 100644
index 5843dd162cd..00000000000
--- a/net-misc/openssh/files/openssh-7.6_p1-warnings.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff --git a/openbsd-compat/freezero.c b/openbsd-compat/freezero.c
-index 3af8f4a7..7f6bc7fa 100644
---- a/openbsd-compat/freezero.c
-+++ b/openbsd-compat/freezero.c
-@@ -14,6 +14,7 @@
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-+#include <string.h>
- #include "includes.h"
-
- #ifndef HAVE_FREEZERO
diff --git a/net-misc/openssh/files/sshd.rc6.5 b/net-misc/openssh/files/sshd.rc6.5
deleted file mode 100644
index 044cbe7268f..00000000000
--- a/net-misc/openssh/files/sshd.rc6.5
+++ /dev/null
@@ -1,89 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-extra_commands="checkconfig"
-extra_started_commands="reload"
-
-: ${SSHD_CONFDIR:=${RC_PREFIX%/}/etc/ssh}
-: ${SSHD_CONFIG:=${SSHD_CONFDIR}/sshd_config}
-: ${SSHD_PIDFILE:=${RC_PREFIX%/}/run/${SVCNAME}.pid}
-: ${SSHD_BINARY:=${RC_PREFIX%/}/usr/sbin/sshd}
-: ${SSHD_KEYGEN_BINARY:=${RC_PREFIX%/}/usr/bin/ssh-keygen}
-
-command="${SSHD_BINARY}"
-pidfile="${SSHD_PIDFILE}"
-command_args="${SSHD_OPTS} -o PidFile=${pidfile} -f ${SSHD_CONFIG}"
-
-# Wait one second (length chosen arbitrarily) to see if sshd actually
-# creates a PID file, or if it crashes for some reason like not being
-# able to bind to the address in ListenAddress (bug 617596).
-: ${SSHD_SSD_OPTS:=--wait 1000}
-start_stop_daemon_args="${SSHD_SSD_OPTS}"
-
-depend() {
- # Entropy can be used by ssh-keygen, among other things, but
- # is not strictly required (bug 470020).
- use logger dns entropy
- if [ "${rc_need+set}" = "set" ] ; then
- : # Do nothing, the user has explicitly set rc_need
- else
- local x warn_addr
- for x in $(awk '/^ListenAddress/{ print $2 }' "$SSHD_CONFIG" 2>/dev/null) ; do
- case "${x}" in
- 0.0.0.0|0.0.0.0:*) ;;
- ::|\[::\]*) ;;
- *) warn_addr="${warn_addr} ${x}" ;;
- esac
- done
- if [ -n "${warn_addr}" ] ; then
- need net
- ewarn "You are binding an interface in ListenAddress statement in your sshd_config!"
- ewarn "You must add rc_need=\"net.FOO\" to your ${RC_PREFIX%/}/etc/conf.d/sshd"
- ewarn "where FOO is the interface(s) providing the following address(es):"
- ewarn "${warn_addr}"
- fi
- fi
-}
-
-checkconfig() {
- checkpath --directory "${RC_PREFIX%/}/var/empty"
-
- if [ ! -e "${SSHD_CONFIG}" ] ; then
- eerror "You need an ${SSHD_CONFIG} file to run sshd"
- eerror "There is a sample file in /usr/share/doc/openssh"
- return 1
- fi
-
- ${SSHD_KEYGEN_BINARY} -A || return 2
-
- "${command}" -t ${command_args} || return 3
-}
-
-start_pre() {
- # If this isn't a restart, make sure that the user's config isn't
- # busted before we try to start the daemon (this will produce
- # better error messages than if we just try to start it blindly).
- #
- # If, on the other hand, this *is* a restart, then the stop_pre
- # action will have ensured that the config is usable and we don't
- # need to do that again.
- if [ "${RC_CMD}" != "restart" ] ; then
- checkconfig || return $?
- fi
-}
-
-stop_pre() {
- # If this is a restart, check to make sure the user's config
- # isn't busted before we stop the running daemon.
- if [ "${RC_CMD}" = "restart" ] ; then
- checkconfig || return $?
- fi
-}
-
-reload() {
- checkconfig || return $?
- ebegin "Reloading ${SVCNAME}"
- start-stop-daemon --signal HUP --pidfile "${pidfile}"
- eend $?
-}
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/files/
@ 2019-03-11 4:48 Aaron Bauman
0 siblings, 0 replies; 40+ messages in thread
From: Aaron Bauman @ 2019-03-11 4:48 UTC (permalink / raw
To: gentoo-commits
commit: 06fadf406d567c15a99affc5b27adc4a7e6846c2
Author: Michael Mair-Keimberger <m.mairkeimberger <AT> gmail <DOT> com>
AuthorDate: Tue Mar 5 16:51:24 2019 +0000
Commit: Aaron Bauman <bman <AT> gentoo <DOT> org>
CommitDate: Mon Mar 11 04:46:08 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=06fadf40
net-misc/openssh: remove unused patches
Signed-off-by: Michael Mair-Keimberger <m.mairkeimberger <AT> gmail.com>
Signed-off-by: Aaron Bauman <bman <AT> gentoo.org>
.../openssh-7.9_p1-X509-dont-make-piddir.patch | 16 -------------
.../openssh/files/openssh-7.9_p1-X509-glue.patch | 28 ----------------------
.../files/openssh-7.9_p1-libressl-2.8.patch | 16 -------------
3 files changed, 60 deletions(-)
diff --git a/net-misc/openssh/files/openssh-7.9_p1-X509-dont-make-piddir.patch b/net-misc/openssh/files/openssh-7.9_p1-X509-dont-make-piddir.patch
deleted file mode 100644
index c30ca278544..00000000000
--- a/net-misc/openssh/files/openssh-7.9_p1-X509-dont-make-piddir.patch
+++ /dev/null
@@ -1,16 +0,0 @@
---- a/openssh-7.9p1+x509-11.5.diff 2018-12-07 17:24:03.211328918 -0800
-+++ b/openssh-7.9p1+x509-11.5.diff 2018-12-07 17:24:13.399262277 -0800
-@@ -40681,12 +40681,11 @@
-
- install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf host-key check-config
- install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf
--@@ -333,6 +351,8 @@
-+@@ -333,6 +351,7 @@
- $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)5
- $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)8
- $(MKDIR_P) $(DESTDIR)$(libexecdir)
- + $(MKDIR_P) $(DESTDIR)$(sshcadir)
--+ $(MKDIR_P) $(DESTDIR)$(piddir)
- $(MKDIR_P) -m 0755 $(DESTDIR)$(PRIVSEP_PATH)
- $(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) $(DESTDIR)$(bindir)/ssh$(EXEEXT)
- $(INSTALL) -m 0755 $(STRIP_OPT) scp$(EXEEXT) $(DESTDIR)$(bindir)/scp$(EXEEXT)
diff --git a/net-misc/openssh/files/openssh-7.9_p1-X509-glue.patch b/net-misc/openssh/files/openssh-7.9_p1-X509-glue.patch
deleted file mode 100644
index 1f1ec4a4d77..00000000000
--- a/net-misc/openssh/files/openssh-7.9_p1-X509-glue.patch
+++ /dev/null
@@ -1,28 +0,0 @@
---- a/openssh-7.9p1+x509-11.5.diff 2018-10-23 16:21:22.580154353 -0700
-+++ b/openssh-7.9p1+x509-11.5.diff 2018-10-23 16:22:39.600652048 -0700
-@@ -44045,7 +44045,7 @@
- ENGINE_register_all_complete();
- +#endif
-
---#if OPENSSL_VERSION_NUMBER < 0x10001000L
-+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- + /* OPENSSL_config will load buildin engines and engines
- + * specified in configuration file, i.e. method call
- + * ENGINE_load_builtin_engines. Latter is only for
-@@ -77691,16 +77691,6 @@
- setlocale(LC_CTYPE, "POSIX.UTF-8") != NULL))
- return;
- setlocale(LC_CTYPE, "C");
--diff -ruN openssh-7.9p1/version.h openssh-7.9p1+x509-11.5/version.h
----- openssh-7.9p1/version.h 2018-10-17 03:01:20.000000000 +0300
--+++ openssh-7.9p1+x509-11.5/version.h 2018-10-19 19:07:00.000000000 +0300
--@@ -2,5 +2,4 @@
--
-- #define SSH_VERSION "OpenSSH_7.9"
--
---#define SSH_PORTABLE "p1"
---#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
--+#define SSH_RELEASE PACKAGE_STRING ", " SSH_VERSION "p1"
- diff -ruN openssh-7.9p1/version.m4 openssh-7.9p1+x509-11.5/version.m4
- --- openssh-7.9p1/version.m4 1970-01-01 02:00:00.000000000 +0200
- +++ openssh-7.9p1+x509-11.5/version.m4 2018-10-19 18:13:58.000000000 +0300
diff --git a/net-misc/openssh/files/openssh-7.9_p1-libressl-2.8.patch b/net-misc/openssh/files/openssh-7.9_p1-libressl-2.8.patch
deleted file mode 100644
index 58f3ce2922e..00000000000
--- a/net-misc/openssh/files/openssh-7.9_p1-libressl-2.8.patch
+++ /dev/null
@@ -1,16 +0,0 @@
---- openssh-7.9p1.orig/evp-compat.h 2018-12-07 17:07:37.929762570 -0800
-+++ openssh-7.9p1/evp-compat.h 2018-12-07 17:08:03.923592845 -0800
-@@ -100,11 +100,13 @@
- }
-
-
-+#if LIBRESSL_VERSION_NUMBER < 0x20800000L
- static inline int
- EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx)
- {
- return(ctx->encrypt);
- }
-+#endif /* LIBRESSL_VERSION_NUMBER < 0x20800000L */
-
-
- static inline void*
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/files/
@ 2019-04-19 16:58 Patrick McLean
0 siblings, 0 replies; 40+ messages in thread
From: Patrick McLean @ 2019-04-19 16:58 UTC (permalink / raw
To: gentoo-commits
commit: 5d0708a07f8a348e37009f056a7f215480b95fac
Author: Patrick McLean <patrick.mclean <AT> sony <DOT> com>
AuthorDate: Fri Apr 19 16:57:24 2019 +0000
Commit: Patrick McLean <chutzpah <AT> gentoo <DOT> org>
CommitDate: Fri Apr 19 16:57:24 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5d0708a0
net-misc/openssh: GSSAPI var rename in in 8.0_p1 (bug 683832)
Closes: https://bugs.gentoo.org/683832
Copyright: Sony Interactive Entertainment Inc.
Package-Manager: Portage-2.3.63, Repoman-2.3.12
Signed-off-by: Patrick McLean <chutzpah <AT> gentoo.org>
net-misc/openssh/files/openssh-8.0_p1-GSSAPI-dns.patch | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/net-misc/openssh/files/openssh-8.0_p1-GSSAPI-dns.patch b/net-misc/openssh/files/openssh-8.0_p1-GSSAPI-dns.patch
index a3bd128aa46..04d622191fa 100644
--- a/net-misc/openssh/files/openssh-8.0_p1-GSSAPI-dns.patch
+++ b/net-misc/openssh/files/openssh-8.0_p1-GSSAPI-dns.patch
@@ -5,7 +5,7 @@ index 8696f258..f4cd70a3 100644
@@ -723,120 +723,6 @@ fakepw(void)
return (&fake);
}
-
+
-/*
- * Returns the remote DNS hostname as a string. The returned string must not
- * be freed. NB. this will usually trigger a DNS query the first time it is
@@ -272,7 +272,7 @@ index 71a5c795..2a8c6990 100644
@@ -993,6 +996,10 @@ parse_time:
intptr = &options->gss_deleg_creds;
goto parse_flag;
-
+
+ case oGssTrustDns:
+ intptr = &options->gss_trust_dns;
+ goto parse_flag;
@@ -342,10 +342,10 @@ index dffee90b..a25a32b9 100644
+
+ if (options.gss_trust_dns) {
+ extern const char *auth_get_canonical_hostname(struct ssh *ssh, int use_dns);
-+ gss_host = auth_get_canonical_hostname(active_state, 1);
++ gss_host = auth_get_canonical_hostname(ssh, 1);
+ } else
+ gss_host = authctxt->host;
-
+
/* Try one GSSAPI method at a time, rather than sending them all at
* once. */
@@ -712,7 +719,7 @@ userauth_gssapi(struct ssh *ssh)
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/files/
@ 2019-11-17 18:40 Patrick McLean
0 siblings, 0 replies; 40+ messages in thread
From: Patrick McLean @ 2019-11-17 18:40 UTC (permalink / raw
To: gentoo-commits
commit: 8e881feefc3889237b733e407bf6f55049ed67ac
Author: Michael Mair-Keimberger <m.mairkeimberger <AT> gmail <DOT> com>
AuthorDate: Sun Nov 17 10:40:43 2019 +0000
Commit: Patrick McLean <chutzpah <AT> gentoo <DOT> org>
CommitDate: Sun Nov 17 18:39:12 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8e881fee
net-misc/openssh: remove unused patches
Signed-off-by: Michael Mair-Keimberger <m.mairkeimberger <AT> gmail.com>
Closes: https://github.com/gentoo/gentoo/pull/13687
Signed-off-by: Patrick McLean <chutzpah <AT> gentoo.org>
.../files/openssh-8.0_p1-X509-12.0-tests.patch | 12 ------------
.../openssh-8.0_p1-X509-dont-make-piddir-12.0.patch | 16 ----------------
.../openssh-8.0_p1-X509-dont-make-piddir-12.1.patch | 16 ----------------
.../openssh/files/openssh-8.0_p1-X509-glue-12.0.patch | 19 -------------------
.../openssh/files/openssh-8.0_p1-X509-glue-12.1.patch | 19 -------------------
5 files changed, 82 deletions(-)
diff --git a/net-misc/openssh/files/openssh-8.0_p1-X509-12.0-tests.patch b/net-misc/openssh/files/openssh-8.0_p1-X509-12.0-tests.patch
deleted file mode 100644
index 9766b1594ea..00000000000
--- a/net-misc/openssh/files/openssh-8.0_p1-X509-12.0-tests.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -ur openssh-7.9p1.orig/openbsd-compat/regress/Makefile.in openssh-7.9p1/openbsd-compat/regress/Makefile.in
---- openssh-7.9p1.orig/openbsd-compat/regress/Makefile.in 2018-10-16 17:01:20.000000000 -0700
-+++ openssh-7.9p1/openbsd-compat/regress/Makefile.in 2018-12-19 11:03:14.421028691 -0800
-@@ -7,7 +7,7 @@
- CC=@CC@
- LD=@LD@
- CFLAGS=@CFLAGS@
--CPPFLAGS=-I. -I.. -I$(srcdir) -I$(srcdir)/.. @CPPFLAGS@ @DEFS@
-+CPPFLAGS=-I. -I.. -I$(srcdir) -I../.. @CPPFLAGS@ @DEFS@
- EXEEXT=@EXEEXT@
- LIBCOMPAT=../libopenbsd-compat.a
- LIBS=@LIBS@
diff --git a/net-misc/openssh/files/openssh-8.0_p1-X509-dont-make-piddir-12.0.patch b/net-misc/openssh/files/openssh-8.0_p1-X509-dont-make-piddir-12.0.patch
deleted file mode 100644
index aac98fef35d..00000000000
--- a/net-misc/openssh/files/openssh-8.0_p1-X509-dont-make-piddir-12.0.patch
+++ /dev/null
@@ -1,16 +0,0 @@
---- a/openssh-8.0p1+x509-12.0.diff 2019-04-18 14:53:26.850768799 -0700
-+++ b/openssh-8.0p1+x509-12.0.diff 2019-04-18 14:56:48.870364519 -0700
-@@ -33578,12 +33578,11 @@
-
- install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf host-key check-config
- install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf
--@@ -334,6 +352,8 @@
-+@@ -334,6 +352,7 @@
- $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)5
- $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)8
- $(MKDIR_P) $(DESTDIR)$(libexecdir)
- + $(MKDIR_P) $(DESTDIR)$(sshcadir)
--+ $(MKDIR_P) $(DESTDIR)$(piddir)
- $(MKDIR_P) -m 0755 $(DESTDIR)$(PRIVSEP_PATH)
- $(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) $(DESTDIR)$(bindir)/ssh$(EXEEXT)
- $(INSTALL) -m 0755 $(STRIP_OPT) scp$(EXEEXT) $(DESTDIR)$(bindir)/scp$(EXEEXT)
diff --git a/net-misc/openssh/files/openssh-8.0_p1-X509-dont-make-piddir-12.1.patch b/net-misc/openssh/files/openssh-8.0_p1-X509-dont-make-piddir-12.1.patch
deleted file mode 100644
index 9bb081a5091..00000000000
--- a/net-misc/openssh/files/openssh-8.0_p1-X509-dont-make-piddir-12.1.patch
+++ /dev/null
@@ -1,16 +0,0 @@
---- a/openssh-8.0p1+x509-12.1.diff 2019-04-29 14:11:55.210175168 -0700
-+++ b/openssh-8.0p1+x509-12.1.diff 2019-04-29 14:12:55.603761971 -0700
-@@ -34176,12 +34176,11 @@
-
- install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf host-key check-config
- install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf
--@@ -334,6 +352,8 @@
-+@@ -334,6 +352,7 @@
- $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)5
- $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)8
- $(MKDIR_P) $(DESTDIR)$(libexecdir)
- + $(MKDIR_P) $(DESTDIR)$(sshcadir)
--+ $(MKDIR_P) $(DESTDIR)$(piddir)
- $(MKDIR_P) -m 0755 $(DESTDIR)$(PRIVSEP_PATH)
- $(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) $(DESTDIR)$(bindir)/ssh$(EXEEXT)
- $(INSTALL) -m 0755 $(STRIP_OPT) scp$(EXEEXT) $(DESTDIR)$(bindir)/scp$(EXEEXT)
diff --git a/net-misc/openssh/files/openssh-8.0_p1-X509-glue-12.0.patch b/net-misc/openssh/files/openssh-8.0_p1-X509-glue-12.0.patch
deleted file mode 100644
index 1667e13850c..00000000000
--- a/net-misc/openssh/files/openssh-8.0_p1-X509-glue-12.0.patch
+++ /dev/null
@@ -1,19 +0,0 @@
---- a/openssh-8.0p1+x509-12.0.diff 2019-04-18 14:53:02.804935946 -0700
-+++ b/openssh-8.0p1+x509-12.0.diff 2019-04-18 14:53:26.850768799 -0700
-@@ -75925,16 +75925,6 @@
- + return mbtowc(NULL, s, n);
- +}
- +#endif
--diff -ruN openssh-8.0p1/version.h openssh-8.0p1+x509-12.0/version.h
----- openssh-8.0p1/version.h 2019-04-18 01:52:57.000000000 +0300
--+++ openssh-8.0p1+x509-12.0/version.h 2019-04-18 19:07:00.000000000 +0300
--@@ -2,5 +2,4 @@
--
-- #define SSH_VERSION "OpenSSH_8.0"
--
---#define SSH_PORTABLE "p1"
---#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
--+#define SSH_RELEASE PACKAGE_STRING ", " SSH_VERSION "p1"
- diff -ruN openssh-8.0p1/version.m4 openssh-8.0p1+x509-12.0/version.m4
- --- openssh-8.0p1/version.m4 1970-01-01 02:00:00.000000000 +0200
- +++ openssh-8.0p1+x509-12.0/version.m4 2019-04-18 19:07:00.000000000 +0300
diff --git a/net-misc/openssh/files/openssh-8.0_p1-X509-glue-12.1.patch b/net-misc/openssh/files/openssh-8.0_p1-X509-glue-12.1.patch
deleted file mode 100644
index d6b6c5ac2f7..00000000000
--- a/net-misc/openssh/files/openssh-8.0_p1-X509-glue-12.1.patch
+++ /dev/null
@@ -1,19 +0,0 @@
---- a/openssh-8.0p1+x509-12.1.diff 2019-06-17 10:42:03.233392491 -0700
-+++ b/openssh-8.0p1+x509-12.1.diff 2019-06-17 10:42:24.696248976 -0700
-@@ -78536,16 +78536,6 @@
- + return mbtowc(NULL, s, n);
- +}
- +#endif
--diff -ruN openssh-8.0p1/version.h openssh-8.0p1+x509-12.1/version.h
----- openssh-8.0p1/version.h 2019-04-18 01:52:57.000000000 +0300
--+++ openssh-8.0p1+x509-12.1/version.h 2019-06-16 15:07:00.000000000 +0300
--@@ -2,5 +2,4 @@
--
-- #define SSH_VERSION "OpenSSH_8.0"
--
---#define SSH_PORTABLE "p1"
---#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
--+#define SSH_RELEASE PACKAGE_STRING ", " SSH_VERSION "p1"
- diff -ruN openssh-8.0p1/version.m4 openssh-8.0p1+x509-12.1/version.m4
- --- openssh-8.0p1/version.m4 1970-01-01 02:00:00.000000000 +0200
- +++ openssh-8.0p1+x509-12.1/version.m4 2019-06-16 15:07:00.000000000 +0300
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/files/
@ 2020-04-17 18:01 Patrick McLean
0 siblings, 0 replies; 40+ messages in thread
From: Patrick McLean @ 2020-04-17 18:01 UTC (permalink / raw
To: gentoo-commits
commit: ddb17b3e84ce379d60d2cb5c0ab4774bdb468d6c
Author: Patrick McLean <patrick.mclean <AT> sony <DOT> com>
AuthorDate: Fri Apr 17 18:01:37 2020 +0000
Commit: Patrick McLean <chutzpah <AT> gentoo <DOT> org>
CommitDate: Fri Apr 17 18:01:37 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ddb17b3e
net-misc/openssh-8.2_p1-r6: Fix libressl patch for openssl-1.1
Copyright: Sony Interactive Entertainment Inc.
Package-Manager: Portage-2.3.99, Repoman-2.3.22
Signed-off-by: Patrick McLean <chutzpah <AT> gentoo.org>
net-misc/openssh/files/openssh-8.2_p1-hpn-14.20-libressl.patch | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net-misc/openssh/files/openssh-8.2_p1-hpn-14.20-libressl.patch b/net-misc/openssh/files/openssh-8.2_p1-hpn-14.20-libressl.patch
index 31796e754a1..aa6eea44107 100644
--- a/net-misc/openssh/files/openssh-8.2_p1-hpn-14.20-libressl.patch
+++ b/net-misc/openssh/files/openssh-8.2_p1-hpn-14.20-libressl.patch
@@ -5,7 +5,7 @@
+evp_aes_ctr_mt(void)
+{
-+# if OPENSSL_VERSION_NUMBER >= 0x10100000UL
-++# ifdef HAVE_OPAQUE_STRUCTS
+++# if OPENSSL_VERSION_NUMBER >= 0x10100000UL || defined(HAVE_OPAQUE_STRUCTS)
+ static EVP_CIPHER *aes_ctr;
+ aes_ctr = EVP_CIPHER_meth_new(NID_undef, 16/*block*/, 16/*key*/);
+ EVP_CIPHER_meth_set_iv_length(aes_ctr, AES_BLOCK_SIZE);
@@ -14,7 +14,7 @@
+# endif /*SSH_OLD_EVP*/
+ return &aes_ctr;
-+# endif /*OPENSSH_VERSION_NUMBER*/
-++# endif /*HAVE_OPAQUE_STRUCTS*/
+++# endif /*OPENSSL_VERSION_NUMBER*/
+}
+
+#endif /* defined(WITH_OPENSSL) */
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/files/
@ 2020-05-12 1:41 Patrick McLean
0 siblings, 0 replies; 40+ messages in thread
From: Patrick McLean @ 2020-05-12 1:41 UTC (permalink / raw
To: gentoo-commits
commit: 740b5fac89a4a55fa350f3c2e1b87772df570d09
Author: Patrick McLean <patrick.mclean <AT> sony <DOT> com>
AuthorDate: Tue May 12 01:41:16 2020 +0000
Commit: Patrick McLean <chutzpah <AT> gentoo <DOT> org>
CommitDate: Tue May 12 01:41:16 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=740b5fac
net-misc/openssh-8.2_p1-r6: Fix libressl patch
Copyright: Sony Interactive Entertainment Inc.
Package-Manager: Portage-2.3.99, Repoman-2.3.22
Signed-off-by: Patrick McLean <chutzpah <AT> gentoo.org>
net-misc/openssh/files/openssh-8.2_p1-hpn-14.20-libressl.patch | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net-misc/openssh/files/openssh-8.2_p1-hpn-14.20-libressl.patch b/net-misc/openssh/files/openssh-8.2_p1-hpn-14.20-libressl.patch
index aa6eea44107..69dd22a5eeb 100644
--- a/net-misc/openssh/files/openssh-8.2_p1-hpn-14.20-libressl.patch
+++ b/net-misc/openssh/files/openssh-8.2_p1-hpn-14.20-libressl.patch
@@ -5,7 +5,7 @@
+evp_aes_ctr_mt(void)
+{
-+# if OPENSSL_VERSION_NUMBER >= 0x10100000UL
-++# if OPENSSL_VERSION_NUMBER >= 0x10100000UL || defined(HAVE_OPAQUE_STRUCTS)
+++# if (OPENSSL_VERSION_NUMBER >= 0x10100000UL || defined(HAVE_OPAQUE_STRUCTS)) && !defined(LIBRESSL_VERSION_NUMBER)
+ static EVP_CIPHER *aes_ctr;
+ aes_ctr = EVP_CIPHER_meth_new(NID_undef, 16/*block*/, 16/*key*/);
+ EVP_CIPHER_meth_set_iv_length(aes_ctr, AES_BLOCK_SIZE);
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/files/
@ 2020-06-20 7:47 Michał Górny
0 siblings, 0 replies; 40+ messages in thread
From: Michał Górny @ 2020-06-20 7:47 UTC (permalink / raw
To: gentoo-commits
commit: 1c1928e63aa1756ef887f1375aa79fee58f3aee5
Author: Michael Mair-Keimberger <m.mairkeimberger <AT> gmail <DOT> com>
AuthorDate: Sat Jun 20 07:23:54 2020 +0000
Commit: Michał Górny <mgorny <AT> gentoo <DOT> org>
CommitDate: Sat Jun 20 07:35:41 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1c1928e6
net-misc/openssh: remove unused patch and files
Package-Manager: Portage-2.3.101, Repoman-2.3.22
Signed-off-by: Michael Mair-Keimberger <m.mairkeimberger <AT> gmail.com>
Closes: https://github.com/gentoo/gentoo/pull/16335
Signed-off-by: Michał Górny <mgorny <AT> gentoo.org>
.../openssh/files/openssh-8.1_p1-hpn-glue.patch | 216 ---------------------
net-misc/openssh/files/sshd.confd | 21 --
net-misc/openssh/files/sshd.initd | 89 ---------
net-misc/openssh/files/sshd.rc6.4 | 84 --------
4 files changed, 410 deletions(-)
diff --git a/net-misc/openssh/files/openssh-8.1_p1-hpn-glue.patch b/net-misc/openssh/files/openssh-8.1_p1-hpn-glue.patch
deleted file mode 100644
index 0ad814f95d8..00000000000
--- a/net-misc/openssh/files/openssh-8.1_p1-hpn-glue.patch
+++ /dev/null
@@ -1,216 +0,0 @@
-Only in b: .openssh-7_8_P1-hpn-AES-CTR-14.16.diff.un~
-Only in b: .openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff.un~
-diff -ru a/openssh-7_8_P1-hpn-AES-CTR-14.16.diff b/openssh-7_8_P1-hpn-AES-CTR-14.16.diff
---- a/openssh-7_8_P1-hpn-AES-CTR-14.16.diff 2019-10-10 13:48:31.513603947 -0700
-+++ b/openssh-7_8_P1-hpn-AES-CTR-14.16.diff 2019-10-10 13:50:15.012495676 -0700
-@@ -17,8 +17,8 @@
- canohost.o channels.o cipher.o cipher-aes.o cipher-aesctr.o \
- - cipher-ctr.o cleanup.o \
- + cipher-ctr.o cleanup.o cipher-ctr-mt.o \
-- compat.o crc32.o fatal.o hostfile.o \
-- log.o match.o moduli.o nchan.o packet.o opacket.o \
-+ compat.o fatal.o hostfile.o \
-+ log.o match.o moduli.o nchan.o packet.o \
- readpass.o ttymodes.o xmalloc.o addrmatch.o \
- diff --git a/cipher-ctr-mt.c b/cipher-ctr-mt.c
- new file mode 100644
-@@ -998,7 +998,7 @@
- + * so we repoint the define to the multithreaded evp. To start the threads we
- + * then force a rekey
- + */
--+ const void *cc = ssh_packet_get_send_context(active_state);
-++ const void *cc = ssh_packet_get_send_context(ssh);
- +
- + /* only do this for the ctr cipher. otherwise gcm mode breaks. Don't know why though */
- + if (strstr(cipher_ctx_name(cc), "ctr")) {
-@@ -1028,7 +1028,7 @@
- + * so we repoint the define to the multithreaded evp. To start the threads we
- + * then force a rekey
- + */
--+ const void *cc = ssh_packet_get_send_context(active_state);
-++ const void *cc = ssh_packet_get_send_context(ssh);
- +
- + /* only rekey if necessary. If we don't do this gcm mode cipher breaks */
- + if (strstr(cipher_ctx_name(cc), "ctr")) {
-diff -ru a/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff b/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff
---- a/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff 2019-10-10 13:47:54.801642144 -0700
-+++ b/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff 2019-10-10 15:58:05.085803333 -0700
-@@ -162,24 +162,24 @@
- }
-
- +static int
--+channel_tcpwinsz(void)
-++channel_tcpwinsz(struct ssh *ssh)
- +{
- + u_int32_t tcpwinsz = 0;
- + socklen_t optsz = sizeof(tcpwinsz);
- + int ret = -1;
- +
- + /* if we aren't on a socket return 128KB */
--+ if (!packet_connection_is_on_socket())
-++ if (!ssh_packet_connection_is_on_socket(ssh))
- + return 128 * 1024;
- +
--+ ret = getsockopt(packet_get_connection_in(),
-++ ret = getsockopt(ssh_packet_get_connection_in(ssh),
- + SOL_SOCKET, SO_RCVBUF, &tcpwinsz, &optsz);
- + /* return no more than SSHBUF_SIZE_MAX (currently 256MB) */
- + if ((ret == 0) && tcpwinsz > SSHBUF_SIZE_MAX)
- + tcpwinsz = SSHBUF_SIZE_MAX;
- +
- + debug2("tcpwinsz: tcp connection %d, Receive window: %d",
--+ packet_get_connection_in(), tcpwinsz);
-++ ssh_packet_get_connection_in(ssh), tcpwinsz);
- + return tcpwinsz;
- +}
- +
-@@ -191,7 +191,7 @@
- c->local_window < c->local_window_max/2) &&
- c->local_consumed > 0) {
- + u_int addition = 0;
--+ u_int32_t tcpwinsz = channel_tcpwinsz();
-++ u_int32_t tcpwinsz = channel_tcpwinsz(ssh);
- + /* adjust max window size if we are in a dynamic environment */
- + if (c->dynamic_window && (tcpwinsz > c->local_window_max)) {
- + /* grow the window somewhat aggressively to maintain pressure */
-@@ -409,18 +409,10 @@
- index dcf35e6..da4ced0 100644
- --- a/packet.c
- +++ b/packet.c
--@@ -920,6 +920,24 @@ ssh_set_newkeys(struct ssh *ssh, int mode)
-+@@ -920,6 +920,16 @@ ssh_set_newkeys(struct ssh *ssh, int mode)
- return 0;
- }
-
--+/* this supports the forced rekeying required for the NONE cipher */
--+int rekey_requested = 0;
--+void
--+packet_request_rekeying(void)
--+{
--+ rekey_requested = 1;
--+}
--+
- +/* used to determine if pre or post auth when rekeying for aes-ctr
- + * and none cipher switch */
- +int
-@@ -434,20 +426,6 @@
- #define MAX_PACKETS (1U<<31)
- static int
- ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
--@@ -946,6 +964,13 @@ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
-- if (state->p_send.packets == 0 && state->p_read.packets == 0)
-- return 0;
--
--+ /* used to force rekeying when called for by the none
--+ * cipher switch methods -cjr */
--+ if (rekey_requested == 1) {
--+ rekey_requested = 0;
--+ return 1;
--+ }
--+
-- /* Time-based rekeying */
-- if (state->rekey_interval != 0 &&
-- (int64_t)state->rekey_time + state->rekey_interval <= monotime())
- diff --git a/packet.h b/packet.h
- index 170203c..f4d9df2 100644
- --- a/packet.h
-@@ -476,9 +454,9 @@
- /* Format of the configuration file:
-
- @@ -166,6 +167,8 @@ typedef enum {
-- oHashKnownHosts,
- oTunnel, oTunnelDevice,
- oLocalCommand, oPermitLocalCommand, oRemoteCommand,
-+ oDisableMTAES,
- + oTcpRcvBufPoll, oTcpRcvBuf, oHPNDisabled, oHPNBufferSize,
- + oNoneEnabled, oNoneSwitch,
- oVisualHostKey,
-@@ -615,9 +593,9 @@
- int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */
- SyslogFacility log_facility; /* Facility for system logging. */
- @@ -111,7 +115,10 @@ typedef struct {
--
- int enable_ssh_keysign;
- int64_t rekey_limit;
-+ int disable_multithreaded; /*disable multithreaded aes-ctr*/
- + int none_switch; /* Use none cipher */
- + int none_enabled; /* Allow none to be used */
- int rekey_interval;
-@@ -633,7 +611,7 @@
- off_t i, statbytes;
- size_t amt, nr;
- int fd = -1, haderr, indx;
--- char *last, *name, buf[2048], encname[PATH_MAX];
-+- char *last, *name, buf[PATH_MAX + 128], encname[PATH_MAX];
- + char *last, *name, buf[16384], encname[PATH_MAX];
- int len;
-
-@@ -673,9 +651,9 @@
- /* Portable-specific options */
- if (options->use_pam == -1)
- @@ -391,6 +400,43 @@ fill_default_server_options(ServerOptions *options)
-- }
-- if (options->permit_tun == -1)
- options->permit_tun = SSH_TUNMODE_NO;
-+ if (options->disable_multithreaded == -1)
-+ options->disable_multithreaded = 0;
- + if (options->none_enabled == -1)
- + options->none_enabled = 0;
- + if (options->hpn_disabled == -1)
-@@ -1092,7 +1070,7 @@
- xxx_host = host;
- xxx_hostaddr = hostaddr;
-
--@@ -412,6 +423,28 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host,
-+@@ -412,6 +423,27 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host,
-
- if (!authctxt.success)
- fatal("Authentication failed.");
-@@ -1108,7 +1086,7 @@
- + memcpy(&myproposal, &myproposal_default, sizeof(myproposal));
- + myproposal[PROPOSAL_ENC_ALGS_STOC] = "none";
- + myproposal[PROPOSAL_ENC_ALGS_CTOS] = "none";
--+ kex_prop2buf(active_state->kex->my, myproposal);
-++ kex_prop2buf(ssh->kex->my, myproposal);
- + packet_request_rekeying();
- + fprintf(stderr, "WARNING: ENABLED NONE CIPHER\n");
- + } else {
-@@ -1117,23 +1095,13 @@
- + fprintf(stderr, "NONE cipher switch disabled when a TTY is allocated\n");
- + }
- + }
--+
-- debug("Authentication succeeded (%s).", authctxt.method->name);
-- }
-
-+ #ifdef WITH_OPENSSL
-+ if (options.disable_multithreaded == 0) {
- diff --git a/sshd.c b/sshd.c
- index a738c3a..b32dbe0 100644
- --- a/sshd.c
- +++ b/sshd.c
--@@ -373,7 +373,7 @@ sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out)
-- char remote_version[256]; /* Must be at least as big as buf. */
--
-- xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s\r\n",
--- PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION,
--+ PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE,
-- *options.version_addendum == '\0' ? "" : " ",
-- options.version_addendum);
--
- @@ -1037,6 +1037,8 @@ listen_on_addrs(struct listenaddr *la)
- int ret, listen_sock;
- struct addrinfo *ai;
-@@ -1217,11 +1185,10 @@
- index f1bbf00..21a70c2 100644
- --- a/version.h
- +++ b/version.h
--@@ -3,4 +3,6 @@
-+@@ -3,4 +3,5 @@
- #define SSH_VERSION "OpenSSH_7.8"
-
- #define SSH_PORTABLE "p1"
- -#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
--+#define SSH_HPN "-hpn14v16"
- +#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN
- +
diff --git a/net-misc/openssh/files/sshd.confd b/net-misc/openssh/files/sshd.confd
deleted file mode 100644
index 28952b4a285..00000000000
--- a/net-misc/openssh/files/sshd.confd
+++ /dev/null
@@ -1,21 +0,0 @@
-# /etc/conf.d/sshd: config file for /etc/init.d/sshd
-
-# Where is your sshd_config file stored?
-
-SSHD_CONFDIR="/etc/ssh"
-
-
-# Any random options you want to pass to sshd.
-# See the sshd(8) manpage for more info.
-
-SSHD_OPTS=""
-
-
-# Pid file to use (needs to be absolute path).
-
-#SSHD_PIDFILE="/var/run/sshd.pid"
-
-
-# Path to the sshd binary (needs to be absolute path).
-
-#SSHD_BINARY="/usr/sbin/sshd"
diff --git a/net-misc/openssh/files/sshd.initd b/net-misc/openssh/files/sshd.initd
deleted file mode 100644
index c5df4693dbe..00000000000
--- a/net-misc/openssh/files/sshd.initd
+++ /dev/null
@@ -1,89 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-extra_commands="checkconfig"
-extra_started_commands="reload"
-
-: ${SSHD_CONFDIR:=${RC_PREFIX%/}/etc/ssh}
-: ${SSHD_CONFIG:=${SSHD_CONFDIR}/sshd_config}
-: ${SSHD_PIDFILE:=${RC_PREFIX%/}/run/${SVCNAME}.pid}
-: ${SSHD_BINARY:=${RC_PREFIX%/}/usr/sbin/sshd}
-: ${SSHD_KEYGEN_BINARY:=${RC_PREFIX%/}/usr/bin/ssh-keygen}
-
-command="${SSHD_BINARY}"
-pidfile="${SSHD_PIDFILE}"
-command_args="${SSHD_OPTS} -o PidFile=${pidfile} -f ${SSHD_CONFIG}"
-
-# Wait one second (length chosen arbitrarily) to see if sshd actually
-# creates a PID file, or if it crashes for some reason like not being
-# able to bind to the address in ListenAddress (bug 617596).
-: ${SSHD_SSD_OPTS:=--wait 1000}
-start_stop_daemon_args="${SSHD_SSD_OPTS}"
-
-depend() {
- # Entropy can be used by ssh-keygen, among other things, but
- # is not strictly required (bug 470020).
- use logger dns entropy
- if [ "${rc_need+set}" = "set" ] ; then
- : # Do nothing, the user has explicitly set rc_need
- else
- local x warn_addr
- for x in $(awk '/^ListenAddress/{ print $2 }' "$SSHD_CONFIG" 2>/dev/null) ; do
- case "${x}" in
- 0.0.0.0|0.0.0.0:*) ;;
- ::|\[::\]*) ;;
- *) warn_addr="${warn_addr} ${x}" ;;
- esac
- done
- if [ -n "${warn_addr}" ] ; then
- need net
- ewarn "You are binding an interface in ListenAddress statement in your sshd_config!"
- ewarn "You must add rc_need=\"net.FOO\" to your ${RC_PREFIX%/}/etc/conf.d/sshd"
- ewarn "where FOO is the interface(s) providing the following address(es):"
- ewarn "${warn_addr}"
- fi
- fi
-}
-
-checkconfig() {
- checkpath --mode 0755 --directory "${RC_PREFIX%/}/var/empty"
-
- if [ ! -e "${SSHD_CONFIG}" ] ; then
- eerror "You need an ${SSHD_CONFIG} file to run sshd"
- eerror "There is a sample file in /usr/share/doc/openssh"
- return 1
- fi
-
- ${SSHD_KEYGEN_BINARY} -A || return 2
-
- "${command}" -t ${command_args} || return 3
-}
-
-start_pre() {
- # If this isn't a restart, make sure that the user's config isn't
- # busted before we try to start the daemon (this will produce
- # better error messages than if we just try to start it blindly).
- #
- # If, on the other hand, this *is* a restart, then the stop_pre
- # action will have ensured that the config is usable and we don't
- # need to do that again.
- if [ "${RC_CMD}" != "restart" ] ; then
- checkconfig || return $?
- fi
-}
-
-stop_pre() {
- # If this is a restart, check to make sure the user's config
- # isn't busted before we stop the running daemon.
- if [ "${RC_CMD}" = "restart" ] ; then
- checkconfig || return $?
- fi
-}
-
-reload() {
- checkconfig || return $?
- ebegin "Reloading ${SVCNAME}"
- start-stop-daemon --signal HUP --pidfile "${pidfile}"
- eend $?
-}
diff --git a/net-misc/openssh/files/sshd.rc6.4 b/net-misc/openssh/files/sshd.rc6.4
deleted file mode 100644
index 5e301420361..00000000000
--- a/net-misc/openssh/files/sshd.rc6.4
+++ /dev/null
@@ -1,84 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-extra_commands="checkconfig"
-extra_started_commands="reload"
-
-: ${SSHD_CONFDIR:=/etc/ssh}
-: ${SSHD_CONFIG:=${SSHD_CONFDIR}/sshd_config}
-: ${SSHD_PIDFILE:=/var/run/${SVCNAME}.pid}
-: ${SSHD_BINARY:=/usr/sbin/sshd}
-
-depend() {
- use logger dns
- if [ "${rc_need+set}" = "set" ] ; then
- : # Do nothing, the user has explicitly set rc_need
- else
- local x warn_addr
- for x in $(awk '/^ListenAddress/{ print $2 }' "$SSHD_CONFIG" 2>/dev/null) ; do
- case "${x}" in
- 0.0.0.0|0.0.0.0:*) ;;
- ::|\[::\]*) ;;
- *) warn_addr="${warn_addr} ${x}" ;;
- esac
- done
- if [ -n "${warn_addr}" ] ; then
- need net
- ewarn "You are binding an interface in ListenAddress statement in your sshd_config!"
- ewarn "You must add rc_need=\"net.FOO\" to your /etc/conf.d/sshd"
- ewarn "where FOO is the interface(s) providing the following address(es):"
- ewarn "${warn_addr}"
- fi
- fi
-}
-
-checkconfig() {
- if [ ! -d /var/empty ] ; then
- mkdir -p /var/empty || return 1
- fi
-
- if [ ! -e "${SSHD_CONFIG}" ] ; then
- eerror "You need an ${SSHD_CONFIG} file to run sshd"
- eerror "There is a sample file in /usr/share/doc/openssh"
- return 1
- fi
-
- ssh-keygen -A || return 1
-
- [ "${SSHD_PIDFILE}" != "/var/run/sshd.pid" ] \
- && SSHD_OPTS="${SSHD_OPTS} -o PidFile=${SSHD_PIDFILE}"
- [ "${SSHD_CONFIG}" != "/etc/ssh/sshd_config" ] \
- && SSHD_OPTS="${SSHD_OPTS} -f ${SSHD_CONFIG}"
-
- "${SSHD_BINARY}" -t ${SSHD_OPTS} || return 1
-}
-
-start() {
- checkconfig || return 1
-
- ebegin "Starting ${SVCNAME}"
- start-stop-daemon --start --exec "${SSHD_BINARY}" \
- --pidfile "${SSHD_PIDFILE}" \
- -- ${SSHD_OPTS}
- eend $?
-}
-
-stop() {
- if [ "${RC_CMD}" = "restart" ] ; then
- checkconfig || return 1
- fi
-
- ebegin "Stopping ${SVCNAME}"
- start-stop-daemon --stop --exec "${SSHD_BINARY}" \
- --pidfile "${SSHD_PIDFILE}" --quiet
- eend $?
-}
-
-reload() {
- checkconfig || return 1
- ebegin "Reloading ${SVCNAME}"
- start-stop-daemon --signal HUP \
- --exec "${SSHD_BINARY}" --pidfile "${SSHD_PIDFILE}"
- eend $?
-}
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/files/
@ 2020-09-01 19:21 Mike Gilbert
0 siblings, 0 replies; 40+ messages in thread
From: Mike Gilbert @ 2020-09-01 19:21 UTC (permalink / raw
To: gentoo-commits
commit: e20c78340c592e113992835563671e9a786c21f5
Author: Alec Moskvin <alecm <AT> gmx <DOT> com>
AuthorDate: Sat Aug 29 12:27:39 2020 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Tue Sep 1 19:21:29 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e20c7834
net-misc/openssh: fix sshd@.service
Closes: https://bugs.gentoo.org/739492
Signed-off-by: Alec Moskvin <alecm <AT> gmx.com>
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
Closes: https://github.com/gentoo/gentoo/pull/17313
net-misc/openssh/files/sshd_at.service | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net-misc/openssh/files/sshd_at.service b/net-misc/openssh/files/sshd_at.service
index 2645ad047cc..ec2907b3b1a 100644
--- a/net-misc/openssh/files/sshd_at.service
+++ b/net-misc/openssh/files/sshd_at.service
@@ -5,4 +5,4 @@ After=syslog.target auditd.service
[Service]
ExecStart=-/usr/sbin/sshd -i -e
StandardInput=socket
-StandardError=syslog
+StandardError=journal
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/files/
@ 2021-02-20 22:43 Conrad Kostecki
0 siblings, 0 replies; 40+ messages in thread
From: Conrad Kostecki @ 2021-02-20 22:43 UTC (permalink / raw
To: gentoo-commits
commit: c96c8c568e8e870c55888ebfdda90e969a9bf32f
Author: Michael Mair-Keimberger <mmk <AT> levelnine <DOT> at>
AuthorDate: Fri Feb 19 08:42:20 2021 +0000
Commit: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
CommitDate: Sat Feb 20 22:43:42 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c96c8c56
net-misc/openssh: remove unused patches
Closes: https://github.com/gentoo/gentoo/pull/19536
Package-Manager: Portage-3.0.14, Repoman-3.0.2
Signed-off-by: Michael Mair-Keimberger <mmk <AT> levelnine.at>
Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>
.../files/openssh-8.0_p1-hpn-14.20-X509-glue.patch | 111 -------
.../openssh/files/openssh-8.1_p1-GSSAPI-dns.patch | 359 ---------------------
.../files/openssh-8.1_p1-X509-12.3-tests.patch | 11 -
.../files/openssh-8.1_p1-X509-glue-12.3.patch | 35 --
.../files/openssh-8.1_p1-hpn-14.20-glue.patch | 105 ------
.../files/openssh-8.1_p1-hpn-14.20-sctp-glue.patch | 19 --
.../openssh/files/openssh-8.1_p1-tests-2020.patch | 26 --
.../files/openssh-8.2_p1-X509-12.4.3-tests.patch | 11 -
.../files/openssh-8.2_p1-X509-glue-12.4.3.patch | 128 --------
.../files/openssh-8.2_p1-hpn-14.20-X509-glue.patch | 133 --------
.../files/openssh-8.2_p1-hpn-14.20-glue.patch | 151 ---------
.../files/openssh-8.2_p1-hpn-14.20-libressl.patch | 20 --
.../files/openssh-8.2_p1-hpn-14.20-sctp-glue.patch | 19 --
.../files/openssh-8.3_p1-X509-glue-12.5.1.patch | 35 --
.../files/openssh-8.3_p1-hpn-14.20-glue.patch | 177 ----------
15 files changed, 1340 deletions(-)
diff --git a/net-misc/openssh/files/openssh-8.0_p1-hpn-14.20-X509-glue.patch b/net-misc/openssh/files/openssh-8.0_p1-hpn-14.20-X509-glue.patch
deleted file mode 100644
index 167adfcaefb..00000000000
--- a/net-misc/openssh/files/openssh-8.0_p1-hpn-14.20-X509-glue.patch
+++ /dev/null
@@ -1,111 +0,0 @@
-diff -ur a/openssh-8_1_P1-hpn-AES-CTR-14.20.diff b/openssh-8_1_P1-hpn-AES-CTR-14.20.diff
---- a/openssh-8_1_P1-hpn-AES-CTR-14.20.diff 2020-02-04 15:49:15.746095444 -0800
-+++ b/openssh-8_1_P1-hpn-AES-CTR-14.20.diff 2020-02-04 15:49:54.181853707 -0800
-@@ -4,8 +4,8 @@
- +++ b/Makefile.in
- @@ -42,7 +42,7 @@ CC=@CC@
- LD=@LD@
-- CFLAGS=@CFLAGS@
-- CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
-+ CFLAGS=@CFLAGS@ $(CFLAGS_EXTRA)
-+ CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@
- -LIBS=@LIBS@
- +LIBS=@LIBS@ -lpthread
- K5LIBS=@K5LIBS@
-@@ -803,8 +803,8 @@
- ssh_packet_set_connection(struct ssh *ssh, int fd_in, int fd_out)
- {
- struct session_state *state;
--- const struct sshcipher *none = cipher_by_name("none");
--+ struct sshcipher *none = cipher_by_name("none");
-+- const struct sshcipher *none = cipher_none();
-++ struct sshcipher *none = cipher_none();
- int r;
-
- if (none == NULL) {
-@@ -948,9 +948,9 @@
- /* Portable-specific options */
- sUsePAM,
- + sDisableMTAES,
-- /* Standard Options */
-- sPort, sHostKeyFile, sLoginGraceTime,
-- sPermitRootLogin, sLogFacility, sLogLevel,
-+ /* X.509 Standard Options */
-+ sHostbasedAlgorithms,
-+ sPubkeyAlgorithms,
- @@ -643,6 +647,7 @@ static struct {
- { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
- { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },
-diff -ur a/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff b/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff
---- a/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff 2020-02-04 15:41:42.512910357 -0800
-+++ b/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff 2020-02-04 15:56:40.323299499 -0800
-@@ -382,7 +382,7 @@
- @@ -884,6 +884,10 @@ kex_choose_conf(struct ssh *ssh)
- int nenc, nmac, ncomp;
- u_int mode, ctos, need, dh_need, authlen;
-- int r, first_kex_follows;
-+ int r, first_kex_follows = 0;
- + int auth_flag;
- +
- + auth_flag = packet_authentication_state(ssh);
-@@ -391,8 +391,8 @@
- debug2("local %s KEXINIT proposal", kex->server ? "server" : "client");
- if ((r = kex_buf2prop(kex->my, NULL, &my)) != 0)
- @@ -954,6 +958,14 @@ kex_choose_conf(struct ssh *ssh)
-- peer[ncomp] = NULL;
-- goto out;
-+ else
-+ fatal("Pre-authentication none cipher requests are not allowed.");
- }
- + debug("REQUESTED ENC.NAME is '%s'", newkeys->enc.name);
- + if (strcmp(newkeys->enc.name, "none") == 0) {
-@@ -1169,15 +1169,3 @@
- # Example of overriding settings on a per-user basis
- #Match User anoncvs
- # X11Forwarding no
--diff --git a/version.h b/version.h
--index 6b3fadf8..ec1d2e27 100644
----- a/version.h
--+++ b/version.h
--@@ -3,4 +3,6 @@
-- #define SSH_VERSION "OpenSSH_8.1"
--
-- #define SSH_PORTABLE "p1"
---#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
--+#define SSH_HPN "-hpn14v20"
--+#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN
--+
-diff -ur a/openssh-8_1_P1-hpn-PeakTput-14.20.diff b/openssh-8_1_P1-hpn-PeakTput-14.20.diff
---- a/openssh-8_1_P1-hpn-PeakTput-14.20.diff 2020-02-04 15:41:42.512910357 -0800
-+++ b/openssh-8_1_P1-hpn-PeakTput-14.20.diff 2020-02-04 16:02:42.203023609 -0800
-@@ -12,9 +12,9 @@
- static long stalled; /* how long we have been stalled */
- static int bytes_per_second; /* current speed in bytes per second */
- @@ -127,6 +129,7 @@ refresh_progress_meter(int force_update)
-+ off_t bytes_left;
- int cur_speed;
-- int hours, minutes, seconds;
-- int file_len;
-+ int len;
- + off_t delta_pos;
-
- if ((!force_update && !alarm_fired && !win_resized) || !can_output())
-@@ -33,12 +33,12 @@
- @@ -166,7 +173,7 @@ refresh_progress_meter(int force_update)
-
- /* filename */
-- buf[0] = '\0';
--- file_len = win_size - 36;
--+ file_len = win_size - 45;
-- if (file_len > 0) {
-- buf[0] = '\r';
-- snmprintf(buf+1, sizeof(buf)-1, &file_len, "%-*s",
-+ if (win_size > 36) {
-+- int file_len = win_size - 36;
-++ int file_len = win_size - 45;
-+ snmprintf(buf+1, sizeof(buf)-1, &file_len, "%-*s ",
-+ file_len, file);
-+ }
- @@ -191,6 +198,15 @@ refresh_progress_meter(int force_update)
- (off_t)bytes_per_second);
- strlcat(buf, "/s ", win_size);
diff --git a/net-misc/openssh/files/openssh-8.1_p1-GSSAPI-dns.patch b/net-misc/openssh/files/openssh-8.1_p1-GSSAPI-dns.patch
deleted file mode 100644
index 6aba6f26694..00000000000
--- a/net-misc/openssh/files/openssh-8.1_p1-GSSAPI-dns.patch
+++ /dev/null
@@ -1,359 +0,0 @@
-diff --git a/auth.c b/auth.c
-index ca450f4e..2994a4e4 100644
---- a/auth.c
-+++ b/auth.c
-@@ -723,120 +723,6 @@ fakepw(void)
- return (&fake);
- }
-
--/*
-- * Returns the remote DNS hostname as a string. The returned string must not
-- * be freed. NB. this will usually trigger a DNS query the first time it is
-- * called.
-- * This function does additional checks on the hostname to mitigate some
-- * attacks on legacy rhosts-style authentication.
-- * XXX is RhostsRSAAuthentication vulnerable to these?
-- * XXX Can we remove these checks? (or if not, remove RhostsRSAAuthentication?)
-- */
--
--static char *
--remote_hostname(struct ssh *ssh)
--{
-- struct sockaddr_storage from;
-- socklen_t fromlen;
-- struct addrinfo hints, *ai, *aitop;
-- char name[NI_MAXHOST], ntop2[NI_MAXHOST];
-- const char *ntop = ssh_remote_ipaddr(ssh);
--
-- /* Get IP address of client. */
-- fromlen = sizeof(from);
-- memset(&from, 0, sizeof(from));
-- if (getpeername(ssh_packet_get_connection_in(ssh),
-- (struct sockaddr *)&from, &fromlen) == -1) {
-- debug("getpeername failed: %.100s", strerror(errno));
-- return strdup(ntop);
-- }
--
-- ipv64_normalise_mapped(&from, &fromlen);
-- if (from.ss_family == AF_INET6)
-- fromlen = sizeof(struct sockaddr_in6);
--
-- debug3("Trying to reverse map address %.100s.", ntop);
-- /* Map the IP address to a host name. */
-- if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name),
-- NULL, 0, NI_NAMEREQD) != 0) {
-- /* Host name not found. Use ip address. */
-- return strdup(ntop);
-- }
--
-- /*
-- * if reverse lookup result looks like a numeric hostname,
-- * someone is trying to trick us by PTR record like following:
-- * 1.1.1.10.in-addr.arpa. IN PTR 2.3.4.5
-- */
-- memset(&hints, 0, sizeof(hints));
-- hints.ai_socktype = SOCK_DGRAM; /*dummy*/
-- hints.ai_flags = AI_NUMERICHOST;
-- if (getaddrinfo(name, NULL, &hints, &ai) == 0) {
-- logit("Nasty PTR record \"%s\" is set up for %s, ignoring",
-- name, ntop);
-- freeaddrinfo(ai);
-- return strdup(ntop);
-- }
--
-- /* Names are stored in lowercase. */
-- lowercase(name);
--
-- /*
-- * Map it back to an IP address and check that the given
-- * address actually is an address of this host. This is
-- * necessary because anyone with access to a name server can
-- * define arbitrary names for an IP address. Mapping from
-- * name to IP address can be trusted better (but can still be
-- * fooled if the intruder has access to the name server of
-- * the domain).
-- */
-- memset(&hints, 0, sizeof(hints));
-- hints.ai_family = from.ss_family;
-- hints.ai_socktype = SOCK_STREAM;
-- if (getaddrinfo(name, NULL, &hints, &aitop) != 0) {
-- logit("reverse mapping checking getaddrinfo for %.700s "
-- "[%s] failed.", name, ntop);
-- return strdup(ntop);
-- }
-- /* Look for the address from the list of addresses. */
-- for (ai = aitop; ai; ai = ai->ai_next) {
-- if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop2,
-- sizeof(ntop2), NULL, 0, NI_NUMERICHOST) == 0 &&
-- (strcmp(ntop, ntop2) == 0))
-- break;
-- }
-- freeaddrinfo(aitop);
-- /* If we reached the end of the list, the address was not there. */
-- if (ai == NULL) {
-- /* Address not found for the host name. */
-- logit("Address %.100s maps to %.600s, but this does not "
-- "map back to the address.", ntop, name);
-- return strdup(ntop);
-- }
-- return strdup(name);
--}
--
--/*
-- * Return the canonical name of the host in the other side of the current
-- * connection. The host name is cached, so it is efficient to call this
-- * several times.
-- */
--
--const char *
--auth_get_canonical_hostname(struct ssh *ssh, int use_dns)
--{
-- static char *dnsname;
--
-- if (!use_dns)
-- return ssh_remote_ipaddr(ssh);
-- else if (dnsname != NULL)
-- return dnsname;
-- else {
-- dnsname = remote_hostname(ssh);
-- return dnsname;
-- }
--}
--
- /*
- * Runs command in a subprocess with a minimal environment.
- * Returns pid on success, 0 on failure.
-diff --git a/canohost.c b/canohost.c
-index abea9c6e..4f4524d2 100644
---- a/canohost.c
-+++ b/canohost.c
-@@ -202,3 +202,117 @@ get_local_port(int sock)
- {
- return get_sock_port(sock, 1);
- }
-+
-+/*
-+ * Returns the remote DNS hostname as a string. The returned string must not
-+ * be freed. NB. this will usually trigger a DNS query the first time it is
-+ * called.
-+ * This function does additional checks on the hostname to mitigate some
-+ * attacks on legacy rhosts-style authentication.
-+ * XXX is RhostsRSAAuthentication vulnerable to these?
-+ * XXX Can we remove these checks? (or if not, remove RhostsRSAAuthentication?)
-+ */
-+
-+static char *
-+remote_hostname(struct ssh *ssh)
-+{
-+ struct sockaddr_storage from;
-+ socklen_t fromlen;
-+ struct addrinfo hints, *ai, *aitop;
-+ char name[NI_MAXHOST], ntop2[NI_MAXHOST];
-+ const char *ntop = ssh_remote_ipaddr(ssh);
-+
-+ /* Get IP address of client. */
-+ fromlen = sizeof(from);
-+ memset(&from, 0, sizeof(from));
-+ if (getpeername(ssh_packet_get_connection_in(ssh),
-+ (struct sockaddr *)&from, &fromlen) < 0) {
-+ debug("getpeername failed: %.100s", strerror(errno));
-+ return strdup(ntop);
-+ }
-+
-+ ipv64_normalise_mapped(&from, &fromlen);
-+ if (from.ss_family == AF_INET6)
-+ fromlen = sizeof(struct sockaddr_in6);
-+
-+ debug3("Trying to reverse map address %.100s.", ntop);
-+ /* Map the IP address to a host name. */
-+ if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name),
-+ NULL, 0, NI_NAMEREQD) != 0) {
-+ /* Host name not found. Use ip address. */
-+ return strdup(ntop);
-+ }
-+
-+ /*
-+ * if reverse lookup result looks like a numeric hostname,
-+ * someone is trying to trick us by PTR record like following:
-+ * 1.1.1.10.in-addr.arpa. IN PTR 2.3.4.5
-+ */
-+ memset(&hints, 0, sizeof(hints));
-+ hints.ai_socktype = SOCK_DGRAM; /*dummy*/
-+ hints.ai_flags = AI_NUMERICHOST;
-+ if (getaddrinfo(name, NULL, &hints, &ai) == 0) {
-+ logit("Nasty PTR record \"%s\" is set up for %s, ignoring",
-+ name, ntop);
-+ freeaddrinfo(ai);
-+ return strdup(ntop);
-+ }
-+
-+ /* Names are stored in lowercase. */
-+ lowercase(name);
-+
-+ /*
-+ * Map it back to an IP address and check that the given
-+ * address actually is an address of this host. This is
-+ * necessary because anyone with access to a name server can
-+ * define arbitrary names for an IP address. Mapping from
-+ * name to IP address can be trusted better (but can still be
-+ * fooled if the intruder has access to the name server of
-+ * the domain).
-+ */
-+ memset(&hints, 0, sizeof(hints));
-+ hints.ai_family = from.ss_family;
-+ hints.ai_socktype = SOCK_STREAM;
-+ if (getaddrinfo(name, NULL, &hints, &aitop) != 0) {
-+ logit("reverse mapping checking getaddrinfo for %.700s "
-+ "[%s] failed.", name, ntop);
-+ return strdup(ntop);
-+ }
-+ /* Look for the address from the list of addresses. */
-+ for (ai = aitop; ai; ai = ai->ai_next) {
-+ if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop2,
-+ sizeof(ntop2), NULL, 0, NI_NUMERICHOST) == 0 &&
-+ (strcmp(ntop, ntop2) == 0))
-+ break;
-+ }
-+ freeaddrinfo(aitop);
-+ /* If we reached the end of the list, the address was not there. */
-+ if (ai == NULL) {
-+ /* Address not found for the host name. */
-+ logit("Address %.100s maps to %.600s, but this does not "
-+ "map back to the address.", ntop, name);
-+ return strdup(ntop);
-+ }
-+ return strdup(name);
-+}
-+
-+/*
-+ * Return the canonical name of the host in the other side of the current
-+ * connection. The host name is cached, so it is efficient to call this
-+ * several times.
-+ */
-+
-+const char *
-+auth_get_canonical_hostname(struct ssh *ssh, int use_dns)
-+{
-+ static char *dnsname;
-+
-+ if (!use_dns)
-+ return ssh_remote_ipaddr(ssh);
-+ else if (dnsname != NULL)
-+ return dnsname;
-+ else {
-+ dnsname = remote_hostname(ssh);
-+ return dnsname;
-+ }
-+}
-diff --git a/readconf.c b/readconf.c
-index f78b4d6f..747287f7 100644
---- a/readconf.c
-+++ b/readconf.c
-@@ -162,6 +162,7 @@ typedef enum {
- oClearAllForwardings, oNoHostAuthenticationForLocalhost,
- oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
- oAddressFamily, oGssAuthentication, oGssDelegateCreds,
-+ oGssTrustDns,
- oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
- oSendEnv, oSetEnv, oControlPath, oControlMaster, oControlPersist,
- oHashKnownHosts,
-@@ -203,9 +204,11 @@ static struct {
- #if defined(GSSAPI)
- { "gssapiauthentication", oGssAuthentication },
- { "gssapidelegatecredentials", oGssDelegateCreds },
-+ { "gssapitrustdns", oGssTrustDns },
- # else
- { "gssapiauthentication", oUnsupported },
- { "gssapidelegatecredentials", oUnsupported },
-+ { "gssapitrustdns", oUnsupported },
- #endif
- #ifdef ENABLE_PKCS11
- { "pkcs11provider", oPKCS11Provider },
-@@ -992,6 +995,10 @@ parse_time:
- intptr = &options->gss_deleg_creds;
- goto parse_flag;
-
-+ case oGssTrustDns:
-+ intptr = &options->gss_trust_dns;
-+ goto parse_flag;
-+
- case oBatchMode:
- intptr = &options->batch_mode;
- goto parse_flag;
-@@ -1864,6 +1871,7 @@ initialize_options(Options * options)
- options->challenge_response_authentication = -1;
- options->gss_authentication = -1;
- options->gss_deleg_creds = -1;
-+ options->gss_trust_dns = -1;
- options->password_authentication = -1;
- options->kbd_interactive_authentication = -1;
- options->kbd_interactive_devices = NULL;
-@@ -2011,6 +2019,8 @@ fill_default_options(Options * options)
- options->gss_authentication = 0;
- if (options->gss_deleg_creds == -1)
- options->gss_deleg_creds = 0;
-+ if (options->gss_trust_dns == -1)
-+ options->gss_trust_dns = 0;
- if (options->password_authentication == -1)
- options->password_authentication = 1;
- if (options->kbd_interactive_authentication == -1)
-diff --git a/readconf.h b/readconf.h
-index 8e36bf32..c9e4718d 100644
---- a/readconf.h
-+++ b/readconf.h
-@@ -41,6 +41,7 @@ typedef struct {
- /* Try S/Key or TIS, authentication. */
- int gss_authentication; /* Try GSS authentication */
- int gss_deleg_creds; /* Delegate GSS credentials */
-+ int gss_trust_dns; /* Trust DNS for GSS canonicalization */
- int password_authentication; /* Try password
- * authentication. */
- int kbd_interactive_authentication; /* Try keyboard-interactive auth. */
-diff --git a/ssh_config.5 b/ssh_config.5
-index 02a87892..95de538b 100644
---- a/ssh_config.5
-+++ b/ssh_config.5
-@@ -762,6 +762,16 @@ The default is
- Forward (delegate) credentials to the server.
- The default is
- .Cm no .
-+Note that this option applies to protocol version 2 connections using GSSAPI.
-+.It Cm GSSAPITrustDns
-+Set to
-+.Dq yes to indicate that the DNS is trusted to securely canonicalize
-+the name of the host being connected to. If
-+.Dq no, the hostname entered on the
-+command line will be passed untouched to the GSSAPI library.
-+The default is
-+.Dq no .
-+This option only applies to protocol version 2 connections using GSSAPI.
- .It Cm HashKnownHosts
- Indicates that
- .Xr ssh 1
-diff --git a/sshconnect2.c b/sshconnect2.c
-index 87fa70a4..a6ffdc96 100644
---- a/sshconnect2.c
-+++ b/sshconnect2.c
-@@ -697,6 +697,13 @@ userauth_gssapi(struct ssh *ssh)
- OM_uint32 min;
- int r, ok = 0;
- gss_OID mech = NULL;
-+ const char *gss_host;
-+
-+ if (options.gss_trust_dns) {
-+ extern const char *auth_get_canonical_hostname(struct ssh *ssh, int use_dns);
-+ gss_host = auth_get_canonical_hostname(ssh, 1);
-+ } else
-+ gss_host = authctxt->host;
-
- /* Try one GSSAPI method at a time, rather than sending them all at
- * once. */
-@@ -711,7 +718,7 @@ userauth_gssapi(struct ssh *ssh)
- elements[authctxt->mech_tried];
- /* My DER encoding requires length<128 */
- if (mech->length < 128 && ssh_gssapi_check_mechanism(&gssctxt,
-- mech, authctxt->host)) {
-+ mech, gss_host)) {
- ok = 1; /* Mechanism works */
- } else {
- authctxt->mech_tried++;
diff --git a/net-misc/openssh/files/openssh-8.1_p1-X509-12.3-tests.patch b/net-misc/openssh/files/openssh-8.1_p1-X509-12.3-tests.patch
deleted file mode 100644
index 67a93fe2a0b..00000000000
--- a/net-misc/openssh/files/openssh-8.1_p1-X509-12.3-tests.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- a/openbsd-compat/regress/Makefile.in 2019-06-17 10:59:01.210601434 -0700
-+++ b/openbsd-compat/regress/Makefile.in 2019-06-17 10:59:18.753485852 -0700
-@@ -7,7 +7,7 @@
- CC=@CC@
- LD=@LD@
- CFLAGS=@CFLAGS@
--CPPFLAGS=-I. -I.. -I$(srcdir) -I$(srcdir)/.. @CPPFLAGS@ @DEFS@
-+CPPFLAGS=-I. -I.. -I../.. -I$(srcdir) -I$(srcdir)/.. @CPPFLAGS@ @DEFS@
- EXEEXT=@EXEEXT@
- LIBCOMPAT=../libopenbsd-compat.a
- LIBS=@LIBS@
diff --git a/net-misc/openssh/files/openssh-8.1_p1-X509-glue-12.3.patch b/net-misc/openssh/files/openssh-8.1_p1-X509-glue-12.3.patch
deleted file mode 100644
index 48cce797904..00000000000
--- a/net-misc/openssh/files/openssh-8.1_p1-X509-glue-12.3.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-Only in b: .openssh-8.1p1+x509-12.3.diff.un~
-diff -ur a/openssh-8.1p1+x509-12.3.diff b/openssh-8.1p1+x509-12.3.diff
---- a/openssh-8.1p1+x509-12.3.diff 2019-10-14 11:33:45.796485604 -0700
-+++ b/openssh-8.1p1+x509-12.3.diff 2019-10-14 11:39:44.960312587 -0700
-@@ -35343,12 +35343,11 @@
-
- install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf host-key check-config
- install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf
--@@ -339,6 +360,8 @@
-+@@ -339,6 +360,7 @@
- $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)5
- $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)8
- $(MKDIR_P) $(DESTDIR)$(libexecdir)
- + $(MKDIR_P) $(DESTDIR)$(sshcadir)
--+ $(MKDIR_P) $(DESTDIR)$(piddir)
- $(MKDIR_P) -m 0755 $(DESTDIR)$(PRIVSEP_PATH)
- $(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) $(DESTDIR)$(bindir)/ssh$(EXEEXT)
- $(INSTALL) -m 0755 $(STRIP_OPT) scp$(EXEEXT) $(DESTDIR)$(bindir)/scp$(EXEEXT)
-@@ -83536,16 +83535,6 @@
- + return mbtowc(NULL, s, n);
- +}
- +#endif
--diff -ruN openssh-8.1p1/version.h openssh-8.1p1+x509-12.3/version.h
----- openssh-8.1p1/version.h 2019-10-09 03:31:03.000000000 +0300
--+++ openssh-8.1p1+x509-12.3/version.h 2019-10-13 09:07:00.000000000 +0300
--@@ -2,5 +2,4 @@
--
-- #define SSH_VERSION "OpenSSH_8.1"
--
---#define SSH_PORTABLE "p1"
---#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
--+#define SSH_RELEASE PACKAGE_STRING ", " SSH_VERSION "p1"
- diff -ruN openssh-8.1p1/version.m4 openssh-8.1p1+x509-12.3/version.m4
- --- openssh-8.1p1/version.m4 1970-01-01 02:00:00.000000000 +0200
- +++ openssh-8.1p1+x509-12.3/version.m4 2019-10-13 09:07:00.000000000 +0300
diff --git a/net-misc/openssh/files/openssh-8.1_p1-hpn-14.20-glue.patch b/net-misc/openssh/files/openssh-8.1_p1-hpn-14.20-glue.patch
deleted file mode 100644
index 90fa248fcba..00000000000
--- a/net-misc/openssh/files/openssh-8.1_p1-hpn-14.20-glue.patch
+++ /dev/null
@@ -1,105 +0,0 @@
-diff -ur a/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff b/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff
---- a/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff 2020-02-04 14:55:30.408567718 -0800
-+++ b/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff 2020-02-04 15:16:14.646567224 -0800
-@@ -409,18 +409,10 @@
- index 817da43b..b2bcf78f 100644
- --- a/packet.c
- +++ b/packet.c
--@@ -925,6 +925,24 @@ ssh_set_newkeys(struct ssh *ssh, int mode)
-+@@ -925,6 +925,16 @@ ssh_set_newkeys(struct ssh *ssh, int mode)
- return 0;
- }
-
--+/* this supports the forced rekeying required for the NONE cipher */
--+int rekey_requested = 0;
--+void
--+packet_request_rekeying(void)
--+{
--+ rekey_requested = 1;
--+}
--+
- +/* used to determine if pre or post auth when rekeying for aes-ctr
- + * and none cipher switch */
- +int
-@@ -434,20 +426,6 @@
- #define MAX_PACKETS (1U<<31)
- static int
- ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
--@@ -951,6 +969,13 @@ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
-- if (state->p_send.packets == 0 && state->p_read.packets == 0)
-- return 0;
--
--+ /* used to force rekeying when called for by the none
--+ * cipher switch methods -cjr */
--+ if (rekey_requested == 1) {
--+ rekey_requested = 0;
--+ return 1;
--+ }
--+
-- /* Time-based rekeying */
-- if (state->rekey_interval != 0 &&
-- (int64_t)state->rekey_time + state->rekey_interval <= monotime())
- diff --git a/packet.h b/packet.h
- index 8ccfd2e0..1ad9bc06 100644
- --- a/packet.h
-@@ -476,9 +454,9 @@
- /* Format of the configuration file:
-
- @@ -167,6 +168,8 @@ typedef enum {
-- oHashKnownHosts,
- oTunnel, oTunnelDevice,
- oLocalCommand, oPermitLocalCommand, oRemoteCommand,
-+ oDisableMTAES,
- + oTcpRcvBufPoll, oTcpRcvBuf, oHPNDisabled, oHPNBufferSize,
- + oNoneEnabled, oNoneSwitch,
- oVisualHostKey,
-@@ -615,9 +593,9 @@
- int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */
- SyslogFacility log_facility; /* Facility for system logging. */
- @@ -112,7 +116,10 @@ typedef struct {
--
- int enable_ssh_keysign;
- int64_t rekey_limit;
-+ int disable_multithreaded; /*disable multithreaded aes-ctr*/
- + int none_switch; /* Use none cipher */
- + int none_enabled; /* Allow none to be used */
- int rekey_interval;
-@@ -700,9 +678,9 @@
- + options->hpn_buffer_size = CHAN_TCP_WINDOW_DEFAULT;
- + }
- +
-+ if (options->disable_multithreaded == -1)
-+ options->disable_multithreaded = 0;
- if (options->ip_qos_interactive == -1)
-- options->ip_qos_interactive = IPTOS_DSCP_AF21;
-- if (options->ip_qos_bulk == -1)
- @@ -486,6 +532,8 @@ typedef enum {
- sPasswordAuthentication, sKbdInteractiveAuthentication,
- sListenAddress, sAddressFamily,
-@@ -1079,11 +1057,11 @@
- xxx_host = host;
- xxx_hostaddr = hostaddr;
-
--@@ -422,6 +433,28 @@ ssh_userauth2(struct ssh *ssh, const char *local_user,
-+@@ -422,7 +433,28 @@ ssh_userauth2(struct ssh *ssh, const char *local_user,
-
- if (!authctxt.success)
- fatal("Authentication failed.");
--+
-+
- + /*
- + * If the user wants to use the none cipher, do it post authentication
- + * and only if the right conditions are met -- both of the NONE commands
-@@ -1105,9 +1083,9 @@
- + }
- + }
- +
-- debug("Authentication succeeded (%s).", authctxt.method->name);
-- }
--
-+ #ifdef WITH_OPENSSL
-+ if (options.disable_multithreaded == 0) {
-+ /* if we are using aes-ctr there can be issues in either a fork or sandbox
- diff --git a/sshd.c b/sshd.c
- index 11571c01..23a06022 100644
- --- a/sshd.c
diff --git a/net-misc/openssh/files/openssh-8.1_p1-hpn-14.20-sctp-glue.patch b/net-misc/openssh/files/openssh-8.1_p1-hpn-14.20-sctp-glue.patch
deleted file mode 100644
index 3f5c7a47d9c..00000000000
--- a/net-misc/openssh/files/openssh-8.1_p1-hpn-14.20-sctp-glue.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-diff -ur a/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff b/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff
---- a/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff 2020-02-04 14:55:30.408567718 -0800
-+++ b/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff 2020-02-04 16:36:51.394069720 -0800
-@@ -1191,15 +1191,3 @@
- # Example of overriding settings on a per-user basis
- #Match User anoncvs
- # X11Forwarding no
--diff --git a/version.h b/version.h
--index 6b3fadf8..ec1d2e27 100644
----- a/version.h
--+++ b/version.h
--@@ -3,4 +3,6 @@
-- #define SSH_VERSION "OpenSSH_8.1"
--
-- #define SSH_PORTABLE "p1"
---#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
--+#define SSH_HPN "-hpn14v20"
--+#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN
--+
diff --git a/net-misc/openssh/files/openssh-8.1_p1-tests-2020.patch b/net-misc/openssh/files/openssh-8.1_p1-tests-2020.patch
deleted file mode 100644
index 505e34db9d2..00000000000
--- a/net-misc/openssh/files/openssh-8.1_p1-tests-2020.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff --git a/regress/cert-hostkey.sh b/regress/cert-hostkey.sh
-index 86ea6250..844adabc 100644
---- a/regress/cert-hostkey.sh
-+++ b/regress/cert-hostkey.sh
-@@ -252,7 +252,7 @@ test_one() {
- test_one "user-certificate" failure "-n $HOSTS"
- test_one "empty principals" success "-h"
- test_one "wrong principals" failure "-h -n foo"
--test_one "cert not yet valid" failure "-h -V20200101:20300101"
-+test_one "cert not yet valid" failure "-h -V20300101:20320101"
- test_one "cert expired" failure "-h -V19800101:19900101"
- test_one "cert valid interval" success "-h -V-1w:+2w"
- test_one "cert has constraints" failure "-h -Oforce-command=false"
-diff --git a/regress/cert-userkey.sh b/regress/cert-userkey.sh
-index 38c14a69..5cd02fc3 100644
---- a/regress/cert-userkey.sh
-+++ b/regress/cert-userkey.sh
-@@ -338,7 +338,7 @@ test_one() {
- test_one "correct principal" success "-n ${USER}"
- test_one "host-certificate" failure "-n ${USER} -h"
- test_one "wrong principals" failure "-n foo"
--test_one "cert not yet valid" failure "-n ${USER} -V20200101:20300101"
-+test_one "cert not yet valid" failure "-n ${USER} -V20300101:20320101"
- test_one "cert expired" failure "-n ${USER} -V19800101:19900101"
- test_one "cert valid interval" success "-n ${USER} -V-1w:+2w"
- test_one "wrong source-address" failure "-n ${USER} -Osource-address=10.0.0.0/8"
diff --git a/net-misc/openssh/files/openssh-8.2_p1-X509-12.4.3-tests.patch b/net-misc/openssh/files/openssh-8.2_p1-X509-12.4.3-tests.patch
deleted file mode 100644
index 1c58d0d5d82..00000000000
--- a/net-misc/openssh/files/openssh-8.2_p1-X509-12.4.3-tests.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- a/openbsd-compat/regress/Makefile.in 2020-02-15 10:59:01.210601434 -0700
-+++ b/openbsd-compat/regress/Makefile.in 2020-02-15 10:59:18.753485852 -0700
-@@ -7,7 +7,7 @@
- CC=@CC@
- LD=@LD@
- CFLAGS=@CFLAGS@
--CPPFLAGS=-I. -I.. -I$(srcdir) -I$(srcdir)/.. @CPPFLAGS@ @DEFS@
-+CPPFLAGS=-I. -I.. -I../.. -I$(srcdir) -I$(srcdir)/.. @CPPFLAGS@ @DEFS@
- EXEEXT=@EXEEXT@
- LIBCOMPAT=../libopenbsd-compat.a
- LIBS=@LIBS@
diff --git a/net-misc/openssh/files/openssh-8.2_p1-X509-glue-12.4.3.patch b/net-misc/openssh/files/openssh-8.2_p1-X509-glue-12.4.3.patch
deleted file mode 100644
index e73c499d5c4..00000000000
--- a/net-misc/openssh/files/openssh-8.2_p1-X509-glue-12.4.3.patch
+++ /dev/null
@@ -1,128 +0,0 @@
---- a/openssh-8.2p1+x509-12.4.3.diff 2020-03-21 11:15:05.939809371 -0700
-+++ b/openssh-8.2p1+x509-12.4.3.diff 2020-03-21 11:23:15.424752355 -0700
-@@ -39298,16 +39298,15 @@
-
- install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf host-key check-config
- install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf
--@@ -378,6 +379,8 @@
-+@@ -378,6 +379,7 @@
- $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)5
- $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)8
- $(MKDIR_P) $(DESTDIR)$(libexecdir)
- + $(MKDIR_P) $(DESTDIR)$(sshcadir)
--+ $(MKDIR_P) $(DESTDIR)$(piddir)
- $(MKDIR_P) -m 0755 $(DESTDIR)$(PRIVSEP_PATH)
- $(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) $(DESTDIR)$(bindir)/ssh$(EXEEXT)
- $(INSTALL) -m 0755 $(STRIP_OPT) scp$(EXEEXT) $(DESTDIR)$(bindir)/scp$(EXEEXT)
--@@ -386,11 +389,14 @@
-+@@ -386,11 +388,14 @@
- $(INSTALL) -m 0755 $(STRIP_OPT) ssh-keygen$(EXEEXT) $(DESTDIR)$(bindir)/ssh-keygen$(EXEEXT)
- $(INSTALL) -m 0755 $(STRIP_OPT) ssh-keyscan$(EXEEXT) $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT)
- $(INSTALL) -m 0755 $(STRIP_OPT) sshd$(EXEEXT) $(DESTDIR)$(sbindir)/sshd$(EXEEXT)
-@@ -39326,7 +39325,7 @@
- $(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
- $(INSTALL) -m 644 scp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1
- $(INSTALL) -m 644 ssh-add.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1
--@@ -400,12 +406,12 @@
-+@@ -400,12 +405,12 @@
- $(INSTALL) -m 644 moduli.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/moduli.5
- $(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5
- $(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh_config.5
-@@ -39340,7 +39339,7 @@
-
- install-sysconf:
- $(MKDIR_P) $(DESTDIR)$(sysconfdir)
--@@ -463,10 +469,9 @@
-+@@ -463,10 +468,9 @@
- -rm -f $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT)
- -rm -f $(DESTDIR)$(bindir)/sftp$(EXEEXT)
- -rm -f $(DESTDIR)$(sbindir)/sshd$(EXEEXT)
-@@ -39354,7 +39353,7 @@
- -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
- -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1
- -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1
--@@ -478,7 +483,6 @@
-+@@ -478,7 +482,6 @@
- -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
- -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
- -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8
-@@ -39362,7 +39361,7 @@
-
- regress-prep:
- $(MKDIR_P) `pwd`/regress/unittests/test_helper
--@@ -491,11 +495,11 @@
-+@@ -491,11 +494,11 @@
- $(MKDIR_P) `pwd`/regress/unittests/match
- $(MKDIR_P) `pwd`/regress/unittests/utf8
- $(MKDIR_P) `pwd`/regress/misc/kexfuzz
-@@ -39376,7 +39375,7 @@
-
- regress/modpipe$(EXEEXT): $(srcdir)/regress/modpipe.c $(REGRESSLIBS)
- $(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $(srcdir)/regress/modpipe.c \
--@@ -546,8 +550,7 @@
-+@@ -546,8 +549,7 @@
- regress/unittests/sshkey/tests.o \
- regress/unittests/sshkey/common.o \
- regress/unittests/sshkey/test_file.o \
-@@ -39406,7 +39405,7 @@
-
- regress/unittests/hostkeys/test_hostkeys$(EXEEXT): \
- ${UNITTESTS_TEST_HOSTKEYS_OBJS} \
--@@ -618,35 +619,18 @@
-+@@ -618,35 +618,18 @@
- -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
-
- MISC_KEX_FUZZ_OBJS=\
-@@ -39444,7 +39443,7 @@
- regress/unittests/sshbuf/test_sshbuf$(EXEEXT) \
- regress/unittests/sshkey/test_sshkey$(EXEEXT) \
- regress/unittests/bitmap/test_bitmap$(EXEEXT) \
--@@ -657,36 +641,29 @@
-+@@ -657,36 +640,29 @@
- regress/unittests/utf8/test_utf8$(EXEEXT) \
- regress/misc/kexfuzz/kexfuzz$(EXEEXT)
-
-@@ -39501,7 +39500,7 @@
- TEST_SSH_IPV6="@TEST_SSH_IPV6@" ; \
- TEST_SSH_UTF8="@TEST_SSH_UTF8@" ; \
- TEST_SSH_ECC="@TEST_SSH_ECC@" ; \
--@@ -708,8 +685,6 @@
-+@@ -708,8 +684,6 @@
- TEST_SSH_SSHPKCS11HELPER="$${TEST_SSH_SSHPKCS11HELPER}" \
- TEST_SSH_SSHKEYSCAN="$${TEST_SSH_SSHKEYSCAN}" \
- TEST_SSH_SFTP="$${TEST_SSH_SFTP}" \
-@@ -39510,7 +39509,7 @@
- TEST_SSH_SFTPSERVER="$${TEST_SSH_SFTPSERVER}" \
- TEST_SSH_PLINK="$${TEST_SSH_PLINK}" \
- TEST_SSH_PUTTYGEN="$${TEST_SSH_PUTTYGEN}" \
--@@ -717,17 +692,35 @@
-+@@ -717,17 +691,35 @@
- TEST_SSH_IPV6="$${TEST_SSH_IPV6}" \
- TEST_SSH_UTF8="$${TEST_SSH_UTF8}" \
- TEST_SSH_ECC="$${TEST_SSH_ECC}" \
-@@ -39549,7 +39548,7 @@
-
- survey: survey.sh ssh
- @$(SHELL) ./survey.sh > survey
--@@ -743,4 +736,8 @@
-+@@ -743,4 +735,8 @@
- sh buildpkg.sh; \
- fi
-
-@@ -98215,16 +98214,6 @@
- + return mbtowc(NULL, s, n);
- +}
- +#endif
--diff -ruN openssh-8.2p1/version.h openssh-8.2p1+x509-12.4.3/version.h
----- openssh-8.2p1/version.h 2020-02-14 02:40:54.000000000 +0200
--+++ openssh-8.2p1+x509-12.4.3/version.h 2020-03-21 19:07:00.000000000 +0200
--@@ -2,5 +2,4 @@
--
-- #define SSH_VERSION "OpenSSH_8.2"
--
---#define SSH_PORTABLE "p1"
---#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
--+#define SSH_RELEASE PACKAGE_STRING ", " SSH_VERSION "p1"
- diff -ruN openssh-8.2p1/version.m4 openssh-8.2p1+x509-12.4.3/version.m4
- --- openssh-8.2p1/version.m4 1970-01-01 02:00:00.000000000 +0200
- +++ openssh-8.2p1+x509-12.4.3/version.m4 2020-03-21 19:07:00.000000000 +0200
diff --git a/net-misc/openssh/files/openssh-8.2_p1-hpn-14.20-X509-glue.patch b/net-misc/openssh/files/openssh-8.2_p1-hpn-14.20-X509-glue.patch
deleted file mode 100644
index 5af4534ce77..00000000000
--- a/net-misc/openssh/files/openssh-8.2_p1-hpn-14.20-X509-glue.patch
+++ /dev/null
@@ -1,133 +0,0 @@
-diff -ur '--exclude=*.un~' a/openssh-8_1_P1-hpn-AES-CTR-14.20.diff b/openssh-8_1_P1-hpn-AES-CTR-14.20.diff
---- a/openssh-8_1_P1-hpn-AES-CTR-14.20.diff 2020-02-15 13:41:56.143193830 -0800
-+++ b/openssh-8_1_P1-hpn-AES-CTR-14.20.diff 2020-02-15 13:46:40.060133610 -0800
-@@ -3,9 +3,9 @@
- --- a/Makefile.in
- +++ b/Makefile.in
- @@ -42,7 +42,7 @@ CC=@CC@
-- CFLAGS_NOPIE=@CFLAGS_NOPIE@
-- CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
-- PICFLAG=@PICFLAG@
-+ LD=@LD@
-+ CFLAGS=@CFLAGS@ $(CFLAGS_EXTRA)
-+ CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@
- -LIBS=@LIBS@
- +LIBS=@LIBS@ -lpthread
- K5LIBS=@K5LIBS@
-@@ -803,8 +803,8 @@
- ssh_packet_set_connection(struct ssh *ssh, int fd_in, int fd_out)
- {
- struct session_state *state;
--- const struct sshcipher *none = cipher_by_name("none");
--+ struct sshcipher *none = cipher_by_name("none");
-+- const struct sshcipher *none = cipher_none();
-++ struct sshcipher *none = cipher_none();
- int r;
-
- if (none == NULL) {
-@@ -902,14 +902,14 @@
-
- /*
- @@ -2118,6 +2125,8 @@ fill_default_options(Options * options)
-- options->canonicalize_hostname = SSH_CANONICALISE_NO;
-- if (options->fingerprint_hash == -1)
- options->fingerprint_hash = SSH_FP_HASH_DEFAULT;
-+ if (options->update_hostkeys == -1)
-+ options->update_hostkeys = 0;
- + if (options->disable_multithreaded == -1)
- + options->disable_multithreaded = 0;
-- #ifdef ENABLE_SK_INTERNAL
- if (options->sk_provider == NULL)
-- options->sk_provider = xstrdup("internal");
-+ options->sk_provider = xstrdup("$SSH_SK_PROVIDER");
-+
- diff --git a/readconf.h b/readconf.h
- index 8e36bf32..c803eca7 100644
- --- a/readconf.h
-@@ -948,9 +948,9 @@
- /* Portable-specific options */
- sUsePAM,
- + sDisableMTAES,
-- /* Standard Options */
-- sPort, sHostKeyFile, sLoginGraceTime,
-- sPermitRootLogin, sLogFacility, sLogLevel,
-+ /* X.509 Standard Options */
-+ sHostbasedAlgorithms,
-+ sPubkeyAlgorithms,
- @@ -643,6 +647,7 @@ static struct {
- { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },
- { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL },
-Only in b: openssh-8_1_P1-hpn-AES-CTR-14.20.diff.orig
-diff -ur '--exclude=*.un~' a/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff b/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff
---- a/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff 2020-02-15 13:41:56.144193830 -0800
-+++ b/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff 2020-02-15 13:45:36.665147504 -0800
-@@ -382,7 +382,7 @@
- @@ -884,6 +884,10 @@ kex_choose_conf(struct ssh *ssh)
- int nenc, nmac, ncomp;
- u_int mode, ctos, need, dh_need, authlen;
-- int r, first_kex_follows;
-+ int r, first_kex_follows = 0;
- + int auth_flag;
- +
- + auth_flag = packet_authentication_state(ssh);
-@@ -391,8 +391,8 @@
- debug2("local %s KEXINIT proposal", kex->server ? "server" : "client");
- if ((r = kex_buf2prop(kex->my, NULL, &my)) != 0)
- @@ -954,6 +958,14 @@ kex_choose_conf(struct ssh *ssh)
-- peer[ncomp] = NULL;
-- goto out;
-+ else
-+ fatal("Pre-authentication none cipher requests are not allowed.");
- }
- + debug("REQUESTED ENC.NAME is '%s'", newkeys->enc.name);
- + if (strcmp(newkeys->enc.name, "none") == 0) {
-@@ -1169,15 +1169,3 @@
- # Example of overriding settings on a per-user basis
- #Match User anoncvs
- # X11Forwarding no
--diff --git a/version.h b/version.h
--index 6b3fadf8..ec1d2e27 100644
----- a/version.h
--+++ b/version.h
--@@ -3,4 +3,6 @@
-- #define SSH_VERSION "OpenSSH_8.1"
--
-- #define SSH_PORTABLE "p1"
---#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
--+#define SSH_HPN "-hpn14v20"
--+#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN
--+
-diff -ur '--exclude=*.un~' a/openssh-8_1_P1-hpn-PeakTput-14.20.diff b/openssh-8_1_P1-hpn-PeakTput-14.20.diff
---- a/openssh-8_1_P1-hpn-PeakTput-14.20.diff 2020-02-15 13:41:43.834196317 -0800
-+++ b/openssh-8_1_P1-hpn-PeakTput-14.20.diff 2020-02-15 13:45:36.665147504 -0800
-@@ -12,9 +12,9 @@
- static long stalled; /* how long we have been stalled */
- static int bytes_per_second; /* current speed in bytes per second */
- @@ -127,6 +129,7 @@ refresh_progress_meter(int force_update)
-+ off_t bytes_left;
- int cur_speed;
-- int hours, minutes, seconds;
-- int file_len;
-+ int len;
- + off_t delta_pos;
-
- if ((!force_update && !alarm_fired && !win_resized) || !can_output())
-@@ -33,12 +33,12 @@
- @@ -166,7 +173,7 @@ refresh_progress_meter(int force_update)
-
- /* filename */
-- buf[0] = '\0';
--- file_len = win_size - 36;
--+ file_len = win_size - 45;
-- if (file_len > 0) {
-- buf[0] = '\r';
-- snmprintf(buf+1, sizeof(buf)-1, &file_len, "%-*s",
-+ if (win_size > 36) {
-+- int file_len = win_size - 36;
-++ int file_len = win_size - 45;
-+ snmprintf(buf+1, sizeof(buf)-1, &file_len, "%-*s ",
-+ file_len, file);
-+ }
- @@ -191,6 +198,15 @@ refresh_progress_meter(int force_update)
- (off_t)bytes_per_second);
- strlcat(buf, "/s ", win_size);
diff --git a/net-misc/openssh/files/openssh-8.2_p1-hpn-14.20-glue.patch b/net-misc/openssh/files/openssh-8.2_p1-hpn-14.20-glue.patch
deleted file mode 100644
index b2163fe5ad5..00000000000
--- a/net-misc/openssh/files/openssh-8.2_p1-hpn-14.20-glue.patch
+++ /dev/null
@@ -1,151 +0,0 @@
-diff -ur '--exclude=*.un~' a/openssh-8_1_P1-hpn-AES-CTR-14.20.diff b/openssh-8_1_P1-hpn-AES-CTR-14.20.diff
---- a/openssh-8_1_P1-hpn-AES-CTR-14.20.diff 2020-02-15 12:50:44.413776914 -0800
-+++ b/openssh-8_1_P1-hpn-AES-CTR-14.20.diff 2020-02-15 12:53:06.190742744 -0800
-@@ -3,9 +3,9 @@
- --- a/Makefile.in
- +++ b/Makefile.in
- @@ -42,7 +42,7 @@ CC=@CC@
-- LD=@LD@
-- CFLAGS=@CFLAGS@
-+ CFLAGS_NOPIE=@CFLAGS_NOPIE@
- CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
-+ PICFLAG=@PICFLAG@
- -LIBS=@LIBS@
- +LIBS=@LIBS@ -lpthread
- K5LIBS=@K5LIBS@
-@@ -902,14 +902,14 @@
-
- /*
- @@ -2118,6 +2125,8 @@ fill_default_options(Options * options)
-+ options->canonicalize_hostname = SSH_CANONICALISE_NO;
-+ if (options->fingerprint_hash == -1)
- options->fingerprint_hash = SSH_FP_HASH_DEFAULT;
-- if (options->update_hostkeys == -1)
-- options->update_hostkeys = 0;
- + if (options->disable_multithreaded == -1)
- + options->disable_multithreaded = 0;
--
-- /* Expand KEX name lists */
-- all_cipher = cipher_alg_list(',', 0);
-+ #ifdef ENABLE_SK_INTERNAL
-+ if (options->sk_provider == NULL)
-+ options->sk_provider = xstrdup("internal");
- diff --git a/readconf.h b/readconf.h
- index 8e36bf32..c803eca7 100644
- --- a/readconf.h
-@@ -952,9 +952,9 @@
- sPort, sHostKeyFile, sLoginGraceTime,
- sPermitRootLogin, sLogFacility, sLogLevel,
- @@ -643,6 +647,7 @@ static struct {
-- { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
- { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },
- { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL },
-+ { "include", sInclude, SSHCFG_ALL },
- + { "disableMTAES", sDisableMTAES, SSHCFG_ALL },
- { "ipqos", sIPQoS, SSHCFG_ALL },
- { "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL },
-diff -ur '--exclude=*.un~' a/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff b/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff
---- a/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff 2020-02-15 12:50:44.413776914 -0800
-+++ b/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff 2020-02-15 12:51:19.541768656 -0800
-@@ -409,18 +409,10 @@
- index 817da43b..b2bcf78f 100644
- --- a/packet.c
- +++ b/packet.c
--@@ -925,6 +925,24 @@ ssh_set_newkeys(struct ssh *ssh, int mode)
-+@@ -925,6 +925,16 @@ ssh_set_newkeys(struct ssh *ssh, int mode)
- return 0;
- }
-
--+/* this supports the forced rekeying required for the NONE cipher */
--+int rekey_requested = 0;
--+void
--+packet_request_rekeying(void)
--+{
--+ rekey_requested = 1;
--+}
--+
- +/* used to determine if pre or post auth when rekeying for aes-ctr
- + * and none cipher switch */
- +int
-@@ -434,20 +426,6 @@
- #define MAX_PACKETS (1U<<31)
- static int
- ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
--@@ -951,6 +969,13 @@ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
-- if (state->p_send.packets == 0 && state->p_read.packets == 0)
-- return 0;
--
--+ /* used to force rekeying when called for by the none
--+ * cipher switch methods -cjr */
--+ if (rekey_requested == 1) {
--+ rekey_requested = 0;
--+ return 1;
--+ }
--+
-- /* Time-based rekeying */
-- if (state->rekey_interval != 0 &&
-- (int64_t)state->rekey_time + state->rekey_interval <= monotime())
- diff --git a/packet.h b/packet.h
- index 8ccfd2e0..1ad9bc06 100644
- --- a/packet.h
-@@ -476,9 +454,9 @@
- /* Format of the configuration file:
-
- @@ -167,6 +168,8 @@ typedef enum {
-- oHashKnownHosts,
- oTunnel, oTunnelDevice,
- oLocalCommand, oPermitLocalCommand, oRemoteCommand,
-+ oDisableMTAES,
- + oTcpRcvBufPoll, oTcpRcvBuf, oHPNDisabled, oHPNBufferSize,
- + oNoneEnabled, oNoneSwitch,
- oVisualHostKey,
-@@ -615,9 +593,9 @@
- int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */
- SyslogFacility log_facility; /* Facility for system logging. */
- @@ -112,7 +116,10 @@ typedef struct {
--
- int enable_ssh_keysign;
- int64_t rekey_limit;
-+ int disable_multithreaded; /*disable multithreaded aes-ctr*/
- + int none_switch; /* Use none cipher */
- + int none_enabled; /* Allow none to be used */
- int rekey_interval;
-@@ -700,9 +678,9 @@
- + options->hpn_buffer_size = CHAN_TCP_WINDOW_DEFAULT;
- + }
- +
-+ if (options->disable_multithreaded == -1)
-+ options->disable_multithreaded = 0;
- if (options->ip_qos_interactive == -1)
-- options->ip_qos_interactive = IPTOS_DSCP_AF21;
-- if (options->ip_qos_bulk == -1)
- @@ -486,6 +532,8 @@ typedef enum {
- sPasswordAuthentication, sKbdInteractiveAuthentication,
- sListenAddress, sAddressFamily,
-@@ -1079,11 +1057,11 @@
- xxx_host = host;
- xxx_hostaddr = hostaddr;
-
--@@ -422,6 +433,28 @@ ssh_userauth2(struct ssh *ssh, const char *local_user,
-+@@ -422,7 +433,28 @@ ssh_userauth2(struct ssh *ssh, const char *local_user,
-
- if (!authctxt.success)
- fatal("Authentication failed.");
--+
-+
- + /*
- + * If the user wants to use the none cipher, do it post authentication
- + * and only if the right conditions are met -- both of the NONE commands
-@@ -1105,9 +1083,9 @@
- + }
- + }
- +
-- debug("Authentication succeeded (%s).", authctxt.method->name);
-- }
--
-+ #ifdef WITH_OPENSSL
-+ if (options.disable_multithreaded == 0) {
-+ /* if we are using aes-ctr there can be issues in either a fork or sandbox
- diff --git a/sshd.c b/sshd.c
- index 11571c01..23a06022 100644
- --- a/sshd.c
diff --git a/net-misc/openssh/files/openssh-8.2_p1-hpn-14.20-libressl.patch b/net-misc/openssh/files/openssh-8.2_p1-hpn-14.20-libressl.patch
deleted file mode 100644
index 69dd22a5eeb..00000000000
--- a/net-misc/openssh/files/openssh-8.2_p1-hpn-14.20-libressl.patch
+++ /dev/null
@@ -1,20 +0,0 @@
---- a/openssh-8_1_P1-hpn-AES-CTR-14.20.diff 2020-04-17 10:31:37.392120799 -0700
-+++ b/openssh-8_1_P1-hpn-AES-CTR-14.20.diff 2020-04-17 10:32:46.143684424 -0700
-@@ -672,7 +672,7 @@
- +const EVP_CIPHER *
- +evp_aes_ctr_mt(void)
- +{
--+# if OPENSSL_VERSION_NUMBER >= 0x10100000UL
-++# if (OPENSSL_VERSION_NUMBER >= 0x10100000UL || defined(HAVE_OPAQUE_STRUCTS)) && !defined(LIBRESSL_VERSION_NUMBER)
- + static EVP_CIPHER *aes_ctr;
- + aes_ctr = EVP_CIPHER_meth_new(NID_undef, 16/*block*/, 16/*key*/);
- + EVP_CIPHER_meth_set_iv_length(aes_ctr, AES_BLOCK_SIZE);
-@@ -701,7 +701,7 @@
- + EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV;
- +# endif /*SSH_OLD_EVP*/
- + return &aes_ctr;
--+# endif /*OPENSSH_VERSION_NUMBER*/
-++# endif /*OPENSSL_VERSION_NUMBER*/
- +}
- +
- +#endif /* defined(WITH_OPENSSL) */
diff --git a/net-misc/openssh/files/openssh-8.2_p1-hpn-14.20-sctp-glue.patch b/net-misc/openssh/files/openssh-8.2_p1-hpn-14.20-sctp-glue.patch
deleted file mode 100644
index 2397aad96f2..00000000000
--- a/net-misc/openssh/files/openssh-8.2_p1-hpn-14.20-sctp-glue.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-diff -ur '--exclude=*.un~' a/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff b/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff
---- a/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff 2020-02-15 12:10:00.321998279 -0800
-+++ b/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff 2020-02-15 12:10:21.759980508 -0800
-@@ -1169,15 +1169,3 @@
- # Example of overriding settings on a per-user basis
- #Match User anoncvs
- # X11Forwarding no
--diff --git a/version.h b/version.h
--index 6b3fadf8..ec1d2e27 100644
----- a/version.h
--+++ b/version.h
--@@ -3,4 +3,6 @@
-- #define SSH_VERSION "OpenSSH_8.1"
--
-- #define SSH_PORTABLE "p1"
---#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
--+#define SSH_HPN "-hpn14v20"
--+#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN
--+
diff --git a/net-misc/openssh/files/openssh-8.3_p1-X509-glue-12.5.1.patch b/net-misc/openssh/files/openssh-8.3_p1-X509-glue-12.5.1.patch
deleted file mode 100644
index d1651bc187f..00000000000
--- a/net-misc/openssh/files/openssh-8.3_p1-X509-glue-12.5.1.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-Only in b: .openssh-8.3p1+x509-12.5.1.diff.un~
-diff -u a/openssh-8.3p1+x509-12.5.1.diff b/openssh-8.3p1+x509-12.5.1.diff
---- a/openssh-8.3p1+x509-12.5.1.diff 2020-06-08 10:13:08.937543708 -0700
-+++ b/openssh-8.3p1+x509-12.5.1.diff 2020-06-08 10:16:33.417271984 -0700
-@@ -35541,12 +35541,11 @@
-
- install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf host-key check-config
- install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf
--@@ -382,6 +363,8 @@
-+@@ -382,6 +363,7 @@
- $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)5
- $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)8
- $(MKDIR_P) $(DESTDIR)$(libexecdir)
- + $(MKDIR_P) $(DESTDIR)$(sshcadir)
--+ $(MKDIR_P) $(DESTDIR)$(piddir)
- $(MKDIR_P) -m 0755 $(DESTDIR)$(PRIVSEP_PATH)
- $(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) $(DESTDIR)$(bindir)/ssh$(EXEEXT)
- $(INSTALL) -m 0755 $(STRIP_OPT) scp$(EXEEXT) $(DESTDIR)$(bindir)/scp$(EXEEXT)
-@@ -97028,16 +97027,6 @@
- +int asnmprintf(char **, size_t, int *, const char *, ...)
- __attribute__((format(printf, 4, 5)));
- void msetlocale(void);
--diff -ruN openssh-8.3p1/version.h openssh-8.3p1+x509-12.5.1/version.h
----- openssh-8.3p1/version.h 2020-05-27 03:38:00.000000000 +0300
--+++ openssh-8.3p1+x509-12.5.1/version.h 2020-06-07 11:07:00.000000000 +0300
--@@ -2,5 +2,4 @@
--
-- #define SSH_VERSION "OpenSSH_8.3"
--
---#define SSH_PORTABLE "p1"
---#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
--+#define SSH_RELEASE PACKAGE_STRING ", " SSH_VERSION "p1"
- diff -ruN openssh-8.3p1/version.m4 openssh-8.3p1+x509-12.5.1/version.m4
- --- openssh-8.3p1/version.m4 1970-01-01 02:00:00.000000000 +0200
- +++ openssh-8.3p1+x509-12.5.1/version.m4 2020-06-07 11:07:00.000000000 +0300
diff --git a/net-misc/openssh/files/openssh-8.3_p1-hpn-14.20-glue.patch b/net-misc/openssh/files/openssh-8.3_p1-hpn-14.20-glue.patch
deleted file mode 100644
index 4414f9be533..00000000000
--- a/net-misc/openssh/files/openssh-8.3_p1-hpn-14.20-glue.patch
+++ /dev/null
@@ -1,177 +0,0 @@
-Only in b: .openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff.un~
-diff -ur a/openssh-8_1_P1-hpn-AES-CTR-14.20.diff b/openssh-8_1_P1-hpn-AES-CTR-14.20.diff
---- a/openssh-8_1_P1-hpn-AES-CTR-14.20.diff 2020-05-27 13:52:27.704108928 -0700
-+++ b/openssh-8_1_P1-hpn-AES-CTR-14.20.diff 2020-05-27 13:52:49.803967500 -0700
-@@ -3,9 +3,9 @@
- --- a/Makefile.in
- +++ b/Makefile.in
- @@ -42,7 +42,7 @@ CC=@CC@
-- LD=@LD@
-- CFLAGS=@CFLAGS@
-+ CFLAGS_NOPIE=@CFLAGS_NOPIE@
- CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
-+ PICFLAG=@PICFLAG@
- -LIBS=@LIBS@
- +LIBS=@LIBS@ -lpthread
- K5LIBS=@K5LIBS@
-@@ -902,14 +902,14 @@
-
- /*
- @@ -2118,6 +2125,8 @@ fill_default_options(Options * options)
-+ options->canonicalize_hostname = SSH_CANONICALISE_NO;
-+ if (options->fingerprint_hash == -1)
- options->fingerprint_hash = SSH_FP_HASH_DEFAULT;
-- if (options->update_hostkeys == -1)
-- options->update_hostkeys = 0;
- + if (options->disable_multithreaded == -1)
- + options->disable_multithreaded = 0;
--
-- /* Expand KEX name lists */
-- all_cipher = cipher_alg_list(',', 0);
-+ #ifdef ENABLE_SK_INTERNAL
-+ if (options->sk_provider == NULL)
-+ options->sk_provider = xstrdup("internal");
- diff --git a/readconf.h b/readconf.h
- index 8e36bf32..c803eca7 100644
- --- a/readconf.h
-@@ -952,9 +952,9 @@
- sPort, sHostKeyFile, sLoginGraceTime,
- sPermitRootLogin, sLogFacility, sLogLevel,
- @@ -643,6 +647,7 @@ static struct {
-- { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
- { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },
- { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL },
-+ { "include", sInclude, SSHCFG_ALL },
- + { "disableMTAES", sDisableMTAES, SSHCFG_ALL },
- { "ipqos", sIPQoS, SSHCFG_ALL },
- { "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL },
-diff -ur a/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff b/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff
---- a/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff 2020-05-27 13:52:27.705108921 -0700
-+++ b/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff 2020-05-27 14:03:57.888683100 -0700
-@@ -409,18 +409,10 @@
- index 817da43b..b2bcf78f 100644
- --- a/packet.c
- +++ b/packet.c
--@@ -925,6 +925,24 @@ ssh_set_newkeys(struct ssh *ssh, int mode)
-+@@ -925,6 +925,16 @@ ssh_set_newkeys(struct ssh *ssh, int mode)
- return 0;
- }
-
--+/* this supports the forced rekeying required for the NONE cipher */
--+int rekey_requested = 0;
--+void
--+packet_request_rekeying(void)
--+{
--+ rekey_requested = 1;
--+}
--+
- +/* used to determine if pre or post auth when rekeying for aes-ctr
- + * and none cipher switch */
- +int
-@@ -434,20 +426,6 @@
- #define MAX_PACKETS (1U<<31)
- static int
- ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
--@@ -951,6 +969,13 @@ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
-- if (state->p_send.packets == 0 && state->p_read.packets == 0)
-- return 0;
--
--+ /* used to force rekeying when called for by the none
--+ * cipher switch methods -cjr */
--+ if (rekey_requested == 1) {
--+ rekey_requested = 0;
--+ return 1;
--+ }
--+
-- /* Time-based rekeying */
-- if (state->rekey_interval != 0 &&
-- (int64_t)state->rekey_time + state->rekey_interval <= monotime())
- diff --git a/packet.h b/packet.h
- index 8ccfd2e0..1ad9bc06 100644
- --- a/packet.h
-@@ -476,9 +454,9 @@
- /* Format of the configuration file:
-
- @@ -167,6 +168,8 @@ typedef enum {
-- oHashKnownHosts,
- oTunnel, oTunnelDevice,
- oLocalCommand, oPermitLocalCommand, oRemoteCommand,
-+ oDisableMTAES,
- + oTcpRcvBufPoll, oTcpRcvBuf, oHPNDisabled, oHPNBufferSize,
- + oNoneEnabled, oNoneSwitch,
- oVisualHostKey,
-@@ -615,9 +593,9 @@
- int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */
- SyslogFacility log_facility; /* Facility for system logging. */
- @@ -112,7 +116,10 @@ typedef struct {
--
- int enable_ssh_keysign;
- int64_t rekey_limit;
-+ int disable_multithreaded; /*disable multithreaded aes-ctr*/
- + int none_switch; /* Use none cipher */
- + int none_enabled; /* Allow none to be used */
- int rekey_interval;
-@@ -700,9 +678,9 @@
- + options->hpn_buffer_size = CHAN_TCP_WINDOW_DEFAULT;
- + }
- +
-+ if (options->disable_multithreaded == -1)
-+ options->disable_multithreaded = 0;
- if (options->ip_qos_interactive == -1)
-- options->ip_qos_interactive = IPTOS_DSCP_AF21;
-- if (options->ip_qos_bulk == -1)
- @@ -486,6 +532,8 @@ typedef enum {
- sPasswordAuthentication, sKbdInteractiveAuthentication,
- sListenAddress, sAddressFamily,
-@@ -731,11 +709,10 @@
- *flags = keywords[i].flags;
- return keywords[i].opcode;
- }
--@@ -1424,10 +1477,27 @@ process_server_config_line(ServerOptions *options, char *line,
-- multistate_ptr = multistate_flag;
-+@@ -1424,12 +1477,28 @@ process_server_config_line(ServerOptions *options, char *line,
-+ multistate_ptr = multistate_ignore_rhosts;
- goto parse_multistate;
-
--+
- + case sTcpRcvBufPoll:
- + intptr = &options->tcp_rcv_buf_poll;
- + goto parse_flag;
-@@ -750,7 +727,9 @@
- +
- case sIgnoreUserKnownHosts:
- intptr = &options->ignore_user_known_hosts;
-- goto parse_flag;
-+ parse_flag:
-+ multistate_ptr = multistate_flag;
-+ goto parse_multistate;
-
- + case sNoneEnabled:
- + intptr = &options->none_enabled;
-@@ -1079,11 +1058,11 @@
- xxx_host = host;
- xxx_hostaddr = hostaddr;
-
--@@ -422,6 +433,28 @@ ssh_userauth2(struct ssh *ssh, const char *local_user,
-+@@ -422,7 +433,28 @@ ssh_userauth2(struct ssh *ssh, const char *local_user,
-
- if (!authctxt.success)
- fatal("Authentication failed.");
--+
-+
- + /*
- + * If the user wants to use the none cipher, do it post authentication
- + * and only if the right conditions are met -- both of the NONE commands
-@@ -1105,9 +1084,9 @@
- + }
- + }
- +
-- debug("Authentication succeeded (%s).", authctxt.method->name);
-- }
--
-+ #ifdef WITH_OPENSSL
-+ if (options.disable_multithreaded == 0) {
-+ /* if we are using aes-ctr there can be issues in either a fork or sandbox
- diff --git a/sshd.c b/sshd.c
- index 11571c01..23a06022 100644
- --- a/sshd.c
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/files/
@ 2021-03-04 22:39 Patrick McLean
0 siblings, 0 replies; 40+ messages in thread
From: Patrick McLean @ 2021-03-04 22:39 UTC (permalink / raw
To: gentoo-commits
commit: ceea1a160b9e2c0583c54e1df9039b9c49b401b6
Author: Patrick McLean <patrick.mclean <AT> sony <DOT> com>
AuthorDate: Thu Mar 4 22:37:59 2021 +0000
Commit: Patrick McLean <chutzpah <AT> gentoo <DOT> org>
CommitDate: Thu Mar 4 22:38:47 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ceea1a16
net-misc/openssh-8.5_p1: Fix GSSAPI patch (bug #774177)
Closes: https://bugs.gentoo.org/774177
Copyright: Sony Interactive Entertainment Inc.
Package-Manager: Portage-3.0.16, Repoman-3.0.2
Signed-off-by: Patrick McLean <chutzpah <AT> gentoo.org>
.../openssh/files/openssh-8.5_p1-GSSAPI-dns.patch | 242 +++++++++++++++++++++
1 file changed, 242 insertions(+)
diff --git a/net-misc/openssh/files/openssh-8.5_p1-GSSAPI-dns.patch b/net-misc/openssh/files/openssh-8.5_p1-GSSAPI-dns.patch
index 718eacb8a7e..eec66ade4b4 100644
--- a/net-misc/openssh/files/openssh-8.5_p1-GSSAPI-dns.patch
+++ b/net-misc/openssh/files/openssh-8.5_p1-GSSAPI-dns.patch
@@ -1,3 +1,245 @@
+--- a/auth.c 2021-03-02 04:31:47.000000000 -0600
++++ b/auth.c 2021-03-04 11:22:44.590041696 -0600
+@@ -727,119 +727,6 @@ fakepw(void)
+ return (&fake);
+ }
+
+-/*
+- * Returns the remote DNS hostname as a string. The returned string must not
+- * be freed. NB. this will usually trigger a DNS query the first time it is
+- * called.
+- * This function does additional checks on the hostname to mitigate some
+- * attacks on legacy rhosts-style authentication.
+- * XXX is RhostsRSAAuthentication vulnerable to these?
+- * XXX Can we remove these checks? (or if not, remove RhostsRSAAuthentication?)
+- */
+-
+-static char *
+-remote_hostname(struct ssh *ssh)
+-{
+- struct sockaddr_storage from;
+- socklen_t fromlen;
+- struct addrinfo hints, *ai, *aitop;
+- char name[NI_MAXHOST], ntop2[NI_MAXHOST];
+- const char *ntop = ssh_remote_ipaddr(ssh);
+-
+- /* Get IP address of client. */
+- fromlen = sizeof(from);
+- memset(&from, 0, sizeof(from));
+- if (getpeername(ssh_packet_get_connection_in(ssh),
+- (struct sockaddr *)&from, &fromlen) == -1) {
+- debug("getpeername failed: %.100s", strerror(errno));
+- return xstrdup(ntop);
+- }
+-
+- ipv64_normalise_mapped(&from, &fromlen);
+- if (from.ss_family == AF_INET6)
+- fromlen = sizeof(struct sockaddr_in6);
+-
+- debug3("Trying to reverse map address %.100s.", ntop);
+- /* Map the IP address to a host name. */
+- if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name),
+- NULL, 0, NI_NAMEREQD) != 0) {
+- /* Host name not found. Use ip address. */
+- return xstrdup(ntop);
+- }
+-
+- /*
+- * if reverse lookup result looks like a numeric hostname,
+- * someone is trying to trick us by PTR record like following:
+- * 1.1.1.10.in-addr.arpa. IN PTR 2.3.4.5
+- */
+- memset(&hints, 0, sizeof(hints));
+- hints.ai_socktype = SOCK_DGRAM; /*dummy*/
+- hints.ai_flags = AI_NUMERICHOST;
+- if (getaddrinfo(name, NULL, &hints, &ai) == 0) {
+- logit("Nasty PTR record \"%s\" is set up for %s, ignoring",
+- name, ntop);
+- freeaddrinfo(ai);
+- return xstrdup(ntop);
+- }
+-
+- /* Names are stored in lowercase. */
+- lowercase(name);
+-
+- /*
+- * Map it back to an IP address and check that the given
+- * address actually is an address of this host. This is
+- * necessary because anyone with access to a name server can
+- * define arbitrary names for an IP address. Mapping from
+- * name to IP address can be trusted better (but can still be
+- * fooled if the intruder has access to the name server of
+- * the domain).
+- */
+- memset(&hints, 0, sizeof(hints));
+- hints.ai_family = from.ss_family;
+- hints.ai_socktype = SOCK_STREAM;
+- if (getaddrinfo(name, NULL, &hints, &aitop) != 0) {
+- logit("reverse mapping checking getaddrinfo for %.700s "
+- "[%s] failed.", name, ntop);
+- return xstrdup(ntop);
+- }
+- /* Look for the address from the list of addresses. */
+- for (ai = aitop; ai; ai = ai->ai_next) {
+- if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop2,
+- sizeof(ntop2), NULL, 0, NI_NUMERICHOST) == 0 &&
+- (strcmp(ntop, ntop2) == 0))
+- break;
+- }
+- freeaddrinfo(aitop);
+- /* If we reached the end of the list, the address was not there. */
+- if (ai == NULL) {
+- /* Address not found for the host name. */
+- logit("Address %.100s maps to %.600s, but this does not "
+- "map back to the address.", ntop, name);
+- return xstrdup(ntop);
+- }
+- return xstrdup(name);
+-}
+-
+-/*
+- * Return the canonical name of the host in the other side of the current
+- * connection. The host name is cached, so it is efficient to call this
+- * several times.
+- */
+-
+-const char *
+-auth_get_canonical_hostname(struct ssh *ssh, int use_dns)
+-{
+- static char *dnsname;
+-
+- if (!use_dns)
+- return ssh_remote_ipaddr(ssh);
+- else if (dnsname != NULL)
+- return dnsname;
+- else {
+- dnsname = remote_hostname(ssh);
+- return dnsname;
+- }
+-}
+
+ /* These functions link key/cert options to the auth framework */
+
+--- a/canohost.c 2021-03-02 04:31:47.000000000 -0600
++++ b/canohost.c 2021-03-04 11:22:54.854211183 -0600
+@@ -202,3 +202,117 @@ get_local_port(int sock)
+ {
+ return get_sock_port(sock, 1);
+ }
++
++/*
++ * Returns the remote DNS hostname as a string. The returned string must not
++ * be freed. NB. this will usually trigger a DNS query the first time it is
++ * called.
++ * This function does additional checks on the hostname to mitigate some
++ * attacks on legacy rhosts-style authentication.
++ * XXX is RhostsRSAAuthentication vulnerable to these?
++ * XXX Can we remove these checks? (or if not, remove RhostsRSAAuthentication?)
++ */
++
++static char *
++remote_hostname(struct ssh *ssh)
++{
++ struct sockaddr_storage from;
++ socklen_t fromlen;
++ struct addrinfo hints, *ai, *aitop;
++ char name[NI_MAXHOST], ntop2[NI_MAXHOST];
++ const char *ntop = ssh_remote_ipaddr(ssh);
++
++ /* Get IP address of client. */
++ fromlen = sizeof(from);
++ memset(&from, 0, sizeof(from));
++ if (getpeername(ssh_packet_get_connection_in(ssh),
++ (struct sockaddr *)&from, &fromlen) == -1) {
++ debug("getpeername failed: %.100s", strerror(errno));
++ return xstrdup(ntop);
++ }
++
++ ipv64_normalise_mapped(&from, &fromlen);
++ if (from.ss_family == AF_INET6)
++ fromlen = sizeof(struct sockaddr_in6);
++
++ debug3("Trying to reverse map address %.100s.", ntop);
++ /* Map the IP address to a host name. */
++ if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name),
++ NULL, 0, NI_NAMEREQD) != 0) {
++ /* Host name not found. Use ip address. */
++ return xstrdup(ntop);
++ }
++
++ /*
++ * if reverse lookup result looks like a numeric hostname,
++ * someone is trying to trick us by PTR record like following:
++ * 1.1.1.10.in-addr.arpa. IN PTR 2.3.4.5
++ */
++ memset(&hints, 0, sizeof(hints));
++ hints.ai_socktype = SOCK_DGRAM; /*dummy*/
++ hints.ai_flags = AI_NUMERICHOST;
++ if (getaddrinfo(name, NULL, &hints, &ai) == 0) {
++ logit("Nasty PTR record \"%s\" is set up for %s, ignoring",
++ name, ntop);
++ freeaddrinfo(ai);
++ return xstrdup(ntop);
++ }
++
++ /* Names are stored in lowercase. */
++ lowercase(name);
++
++ /*
++ * Map it back to an IP address and check that the given
++ * address actually is an address of this host. This is
++ * necessary because anyone with access to a name server can
++ * define arbitrary names for an IP address. Mapping from
++ * name to IP address can be trusted better (but can still be
++ * fooled if the intruder has access to the name server of
++ * the domain).
++ */
++ memset(&hints, 0, sizeof(hints));
++ hints.ai_family = from.ss_family;
++ hints.ai_socktype = SOCK_STREAM;
++ if (getaddrinfo(name, NULL, &hints, &aitop) != 0) {
++ logit("reverse mapping checking getaddrinfo for %.700s "
++ "[%s] failed.", name, ntop);
++ return xstrdup(ntop);
++ }
++ /* Look for the address from the list of addresses. */
++ for (ai = aitop; ai; ai = ai->ai_next) {
++ if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop2,
++ sizeof(ntop2), NULL, 0, NI_NUMERICHOST) == 0 &&
++ (strcmp(ntop, ntop2) == 0))
++ break;
++ }
++ freeaddrinfo(aitop);
++ /* If we reached the end of the list, the address was not there. */
++ if (ai == NULL) {
++ /* Address not found for the host name. */
++ logit("Address %.100s maps to %.600s, but this does not "
++ "map back to the address.", ntop, name);
++ return xstrdup(ntop);
++ }
++ return xstrdup(name);
++}
++
++/*
++ * Return the canonical name of the host in the other side of the current
++ * connection. The host name is cached, so it is efficient to call this
++ * several times.
++ */
++
++const char *
++auth_get_canonical_hostname(struct ssh *ssh, int use_dns)
++{
++ static char *dnsname;
++
++ if (!use_dns)
++ return ssh_remote_ipaddr(ssh);
++ else if (dnsname != NULL)
++ return dnsname;
++ else {
++ dnsname = remote_hostname(ssh);
++ return dnsname;
++ }
++}
diff --git a/readconf.c b/readconf.c
index 724974b7..97a1ffd8 100644
--- a/readconf.c
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/files/
@ 2021-04-25 12:59 Conrad Kostecki
0 siblings, 0 replies; 40+ messages in thread
From: Conrad Kostecki @ 2021-04-25 12:59 UTC (permalink / raw
To: gentoo-commits
commit: 43e109f8b606b23588f7f5e53bfcbe62d9362a18
Author: Michael Mair-Keimberger <mmk <AT> levelnine <DOT> at>
AuthorDate: Sat Apr 24 15:51:11 2021 +0000
Commit: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
CommitDate: Sun Apr 25 12:59:33 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=43e109f8
net-misc/openssh: remove unused patch
Closes: https://github.com/gentoo/gentoo/pull/20527
Package-Manager: Portage-3.0.18, Repoman-3.0.3
Signed-off-by: Michael Mair-Keimberger <mmk <AT> levelnine.at>
Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>
.../files/openssh-8.6_p1-X509-glue-13.0.1.patch | 73 ----------------------
1 file changed, 73 deletions(-)
diff --git a/net-misc/openssh/files/openssh-8.6_p1-X509-glue-13.0.1.patch b/net-misc/openssh/files/openssh-8.6_p1-X509-glue-13.0.1.patch
deleted file mode 100644
index f9da7bbc345..00000000000
--- a/net-misc/openssh/files/openssh-8.6_p1-X509-glue-13.0.1.patch
+++ /dev/null
@@ -1,73 +0,0 @@
-diff --exclude '*.un~' -ubr a/openssh-8.5p1+x509-13.0.1.diff b/openssh-8.5p1+x509-13.0.1.diff
---- a/openssh-8.5p1+x509-13.0.1.diff 2021-04-19 14:21:08.076526576 -0700
-+++ b/openssh-8.5p1+x509-13.0.1.diff 2021-04-19 14:21:23.160563489 -0700
-@@ -46675,12 +46675,11 @@
-
- install-files:
- $(MKDIR_P) $(DESTDIR)$(bindir)
--@@ -380,6 +364,8 @@
-+@@ -380,6 +364,7 @@
- $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)5
- $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)8
- $(MKDIR_P) $(DESTDIR)$(libexecdir)
- + $(MKDIR_P) $(DESTDIR)$(sshcadir)
--+ $(MKDIR_P) $(DESTDIR)$(piddir)
- $(MKDIR_P) -m 0755 $(DESTDIR)$(PRIVSEP_PATH)
- $(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) $(DESTDIR)$(bindir)/ssh$(EXEEXT)
- $(INSTALL) -m 0755 $(STRIP_OPT) scp$(EXEEXT) $(DESTDIR)$(bindir)/scp$(EXEEXT)
-@@ -63967,7 +63966,7 @@
- - echo "putty interop tests not enabled"
- - exit 0
- -fi
--+$REGRESS_INTEROP_PUTTY || { echo "putty interop tests are not enabled" >&1; exit 1; }
-++$REGRESS_INTEROP_PUTTY || { echo "putty interop tests are not enabled" >&1; exit 0; }
-
- for c in aes 3des aes128-ctr aes192-ctr aes256-ctr chacha20 ; do
- verbose "$tid: cipher $c"
-@@ -63982,7 +63981,7 @@
- - echo "putty interop tests not enabled"
- - exit 0
- -fi
--+$REGRESS_INTEROP_PUTTY || { echo "putty interop tests are not enabled" >&1; exit 1; }
-++$REGRESS_INTEROP_PUTTY || { echo "putty interop tests are not enabled" >&1; exit 0; }
-
- for k in dh-gex-sha1 dh-group1-sha1 dh-group14-sha1 ecdh ; do
- verbose "$tid: kex $k"
-@@ -63997,7 +63996,7 @@
- - echo "putty interop tests not enabled"
- - exit 0
- -fi
--+$REGRESS_INTEROP_PUTTY || { echo "putty interop tests are not enabled" >&1; exit 1; }
-++$REGRESS_INTEROP_PUTTY || { echo "putty interop tests are not enabled" >&1; exit 0; }
-
- if [ "`${SSH} -Q compression`" = "none" ]; then
- comp="0"
-@@ -64129,9 +64128,9 @@
-
- +# cross-project configuration
- +if test "$sshd_type" = "pkix" ; then
--+ unset_arg=''
-++ unset_arg=
- +else
--+ unset_arg=none
-++ unset_arg=
- +fi
- +
- cat > $OBJ/sshd_config.i << _EOF
-@@ -122247,16 +122246,6 @@
- +int asnmprintf(char **, size_t, int *, const char *, ...)
- __attribute__((format(printf, 4, 5)));
- void msetlocale(void);
--diff -ruN openssh-8.5p1/version.h openssh-8.5p1+x509-13.0.1/version.h
----- openssh-8.5p1/version.h 2021-03-02 12:31:47.000000000 +0200
--+++ openssh-8.5p1+x509-13.0.1/version.h 2021-03-15 20:07:00.000000000 +0200
--@@ -2,5 +2,4 @@
--
-- #define SSH_VERSION "OpenSSH_8.5"
--
---#define SSH_PORTABLE "p1"
---#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
--+#define SSH_RELEASE PACKAGE_STRING ", " SSH_VERSION "p1"
- diff -ruN openssh-8.5p1/version.m4 openssh-8.5p1+x509-13.0.1/version.m4
- --- openssh-8.5p1/version.m4 1970-01-01 02:00:00.000000000 +0200
- +++ openssh-8.5p1+x509-13.0.1/version.m4 2021-03-15 20:07:00.000000000 +0200
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/files/
@ 2021-04-26 20:23 Mike Gilbert
0 siblings, 0 replies; 40+ messages in thread
From: Mike Gilbert @ 2021-04-26 20:23 UTC (permalink / raw
To: gentoo-commits
commit: 28ae62f0ee4f0fc34987713043a036d581e4a3e8
Author: Roy Yang <royyang <AT> google <DOT> com>
AuthorDate: Mon Apr 26 19:50:42 2021 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Mon Apr 26 20:22:33 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=28ae62f0
net-misc/openssh: Add KillMode=process to sshd.service
Closes: https://bugs.gentoo.org/785874
Closes: https://github.com/gentoo/gentoo/pull/20551
Signed-off-by: Roy Yang <royyang <AT> google.com>
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
net-misc/openssh/files/sshd.service | 1 +
1 file changed, 1 insertion(+)
diff --git a/net-misc/openssh/files/sshd.service b/net-misc/openssh/files/sshd.service
index b5e96b3a251..6b4da9132fa 100644
--- a/net-misc/openssh/files/sshd.service
+++ b/net-misc/openssh/files/sshd.service
@@ -6,6 +6,7 @@ After=syslog.target network.target auditd.service
ExecStartPre=/usr/bin/ssh-keygen -A
ExecStart=/usr/sbin/sshd -D -e
ExecReload=/bin/kill -HUP $MAINPID
+KillMode=process
[Install]
WantedBy=multi-user.target
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/files/
@ 2021-05-03 11:28 Mikle Kolyada
0 siblings, 0 replies; 40+ messages in thread
From: Mikle Kolyada @ 2021-05-03 11:28 UTC (permalink / raw
To: gentoo-commits
commit: ebccfebd1e9a5999357933ffda08b3e11fce375a
Author: Michael Mair-Keimberger <mmk <AT> levelnine <DOT> at>
AuthorDate: Sun May 2 11:55:23 2021 +0000
Commit: Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Mon May 3 11:28:41 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ebccfebd
net-misc/openssh: remove unused patch
Package-Manager: Portage-3.0.18, Repoman-3.0.3
Signed-off-by: Michael Mair-Keimberger <mmk <AT> levelnine.at>
Closes: https://github.com/gentoo/gentoo/pull/20653
Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>
.../files/openssh-8.4_p1-hpn-14.22-libressl.patch | 20 --------------------
1 file changed, 20 deletions(-)
diff --git a/net-misc/openssh/files/openssh-8.4_p1-hpn-14.22-libressl.patch b/net-misc/openssh/files/openssh-8.4_p1-hpn-14.22-libressl.patch
deleted file mode 100644
index 79cc3e5c2d8..00000000000
--- a/net-misc/openssh/files/openssh-8.4_p1-hpn-14.22-libressl.patch
+++ /dev/null
@@ -1,20 +0,0 @@
---- a/openssh-8_3_P1-hpn-AES-CTR-14.22.diff 2020-04-17 10:31:37.392120799 -0700
-+++ b/openssh-8_3_P1-hpn-AES-CTR-14.22.diff 2020-04-17 10:32:46.143684424 -0700
-@@ -672,7 +672,7 @@
- +const EVP_CIPHER *
- +evp_aes_ctr_mt(void)
- +{
--+# if OPENSSL_VERSION_NUMBER >= 0x10100000UL
-++# if (OPENSSL_VERSION_NUMBER >= 0x10100000UL || defined(HAVE_OPAQUE_STRUCTS)) && !defined(LIBRESSL_VERSION_NUMBER)
- + static EVP_CIPHER *aes_ctr;
- + aes_ctr = EVP_CIPHER_meth_new(NID_undef, 16/*block*/, 16/*key*/);
- + EVP_CIPHER_meth_set_iv_length(aes_ctr, AES_BLOCK_SIZE);
-@@ -701,7 +701,7 @@
- + EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV;
- +# endif /*SSH_OLD_EVP*/
- + return &aes_ctr;
--+# endif /*OPENSSH_VERSION_NUMBER*/
-++# endif /*OPENSSL_VERSION_NUMBER*/
- +}
- +
- +#endif /* defined(WITH_OPENSSL) */
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/files/
@ 2021-07-25 21:32 Conrad Kostecki
0 siblings, 0 replies; 40+ messages in thread
From: Conrad Kostecki @ 2021-07-25 21:32 UTC (permalink / raw
To: gentoo-commits
commit: b8d72dd3cab0e6f7a5f1dc4c04566737a230d8f5
Author: Michael Mair-Keimberger <mmk <AT> levelnine <DOT> at>
AuthorDate: Sat Jul 24 18:28:25 2021 +0000
Commit: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
CommitDate: Sun Jul 25 21:32:46 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b8d72dd3
net-misc/openssh: remove unused patches
Closes: https://github.com/gentoo/gentoo/pull/21769
Package-Manager: Portage-3.0.20, Repoman-3.0.3
Signed-off-by: Michael Mair-Keimberger <mmk <AT> levelnine.at>
Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>
.../files/openssh-8.5_p1-X509-glue-13.0.patch | 73 -----
.../files/openssh-8.5_p1-hpn-15.1-X509-glue.patch | 325 ---------------------
.../files/openssh-8.5_p1-hpn-15.1-glue.patch | 242 ---------------
.../files/openssh-8.5_p1-hpn-15.1-sctp-glue.patch | 18 --
4 files changed, 658 deletions(-)
diff --git a/net-misc/openssh/files/openssh-8.5_p1-X509-glue-13.0.patch b/net-misc/openssh/files/openssh-8.5_p1-X509-glue-13.0.patch
deleted file mode 100644
index 71b27f284af..00000000000
--- a/net-misc/openssh/files/openssh-8.5_p1-X509-glue-13.0.patch
+++ /dev/null
@@ -1,73 +0,0 @@
-diff -ur a/openssh-8.5p1+x509-13.0.diff b/openssh-8.5p1+x509-13.0.diff
---- a/openssh-8.5p1+x509-13.0.diff 2021-03-03 12:26:21.021212996 -0800
-+++ b/openssh-8.5p1+x509-13.0.diff 2021-03-03 18:20:06.476490271 -0800
-@@ -46675,12 +46675,11 @@
-
- install-files:
- $(MKDIR_P) $(DESTDIR)$(bindir)
--@@ -380,6 +364,8 @@
-+@@ -380,6 +364,7 @@
- $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)5
- $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)8
- $(MKDIR_P) $(DESTDIR)$(libexecdir)
- + $(MKDIR_P) $(DESTDIR)$(sshcadir)
--+ $(MKDIR_P) $(DESTDIR)$(piddir)
- $(MKDIR_P) -m 0755 $(DESTDIR)$(PRIVSEP_PATH)
- $(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) $(DESTDIR)$(bindir)/ssh$(EXEEXT)
- $(INSTALL) -m 0755 $(STRIP_OPT) scp$(EXEEXT) $(DESTDIR)$(bindir)/scp$(EXEEXT)
-@@ -63967,7 +63966,7 @@
- - echo "putty interop tests not enabled"
- - exit 0
- -fi
--+$REGRESS_INTEROP_PUTTY || { echo "putty interop tests are not enabled" >&1; exit 1; }
-++$REGRESS_INTEROP_PUTTY || { echo "putty interop tests are not enabled" >&1; exit 0; }
-
- for c in aes 3des aes128-ctr aes192-ctr aes256-ctr chacha20 ; do
- verbose "$tid: cipher $c"
-@@ -63982,7 +63981,7 @@
- - echo "putty interop tests not enabled"
- - exit 0
- -fi
--+$REGRESS_INTEROP_PUTTY || { echo "putty interop tests are not enabled" >&1; exit 1; }
-++$REGRESS_INTEROP_PUTTY || { echo "putty interop tests are not enabled" >&1; exit 0; }
-
- for k in dh-gex-sha1 dh-group1-sha1 dh-group14-sha1 ecdh ; do
- verbose "$tid: kex $k"
-@@ -63997,7 +63996,7 @@
- - echo "putty interop tests not enabled"
- - exit 0
- -fi
--+$REGRESS_INTEROP_PUTTY || { echo "putty interop tests are not enabled" >&1; exit 1; }
-++$REGRESS_INTEROP_PUTTY || { echo "putty interop tests are not enabled" >&1; exit 0; }
-
- if [ "`${SSH} -Q compression`" = "none" ]; then
- comp="0"
-@@ -64129,9 +64128,9 @@
-
- +# cross-project configuration
- +if test "$sshd_type" = "pkix" ; then
--+ unset_arg=''
-++ unset_arg=
- +else
--+ unset_arg=none
-++ unset_arg=
- +fi
- +
- cat > $OBJ/sshd_config.i << _EOF
-@@ -122238,16 +122237,6 @@
- +int asnmprintf(char **, size_t, int *, const char *, ...)
- __attribute__((format(printf, 4, 5)));
- void msetlocale(void);
--diff -ruN openssh-8.5p1/version.h openssh-8.5p1+x509-13.0/version.h
----- openssh-8.5p1/version.h 2021-03-02 12:31:47.000000000 +0200
--+++ openssh-8.5p1+x509-13.0/version.h 2021-03-03 19:07:00.000000000 +0200
--@@ -2,5 +2,4 @@
--
-- #define SSH_VERSION "OpenSSH_8.5"
--
---#define SSH_PORTABLE "p1"
---#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
--+#define SSH_RELEASE PACKAGE_STRING ", " SSH_VERSION "p1"
- diff -ruN openssh-8.5p1/version.m4 openssh-8.5p1+x509-13.0/version.m4
- --- openssh-8.5p1/version.m4 1970-01-01 02:00:00.000000000 +0200
- +++ openssh-8.5p1+x509-13.0/version.m4 2021-03-03 19:07:00.000000000 +0200
diff --git a/net-misc/openssh/files/openssh-8.5_p1-hpn-15.1-X509-glue.patch b/net-misc/openssh/files/openssh-8.5_p1-hpn-15.1-X509-glue.patch
deleted file mode 100644
index e2d4ce826ea..00000000000
--- a/net-misc/openssh/files/openssh-8.5_p1-hpn-15.1-X509-glue.patch
+++ /dev/null
@@ -1,325 +0,0 @@
-diff -ur a/openssh-8_4_P1-hpn-AES-CTR-15.1.diff b/openssh-8_4_P1-hpn-AES-CTR-15.1.diff
---- a/openssh-8_4_P1-hpn-AES-CTR-15.1.diff 2021-03-03 12:57:01.975827879 -0800
-+++ b/openssh-8_4_P1-hpn-AES-CTR-15.1.diff 2021-03-03 18:25:21.929305944 -0800
-@@ -3,9 +3,9 @@
- --- a/Makefile.in
- +++ b/Makefile.in
- @@ -46,7 +46,7 @@ CFLAGS=@CFLAGS@
-- CFLAGS_NOPIE=@CFLAGS_NOPIE@
-- CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
-- PICFLAG=@PICFLAG@
-+ LD=@LD@
-+ CFLAGS=@CFLAGS@ $(CFLAGS_EXTRA)
-+ CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@
- -LIBS=@LIBS@
- +LIBS=@LIBS@ -lpthread
- K5LIBS=@K5LIBS@
-@@ -803,8 +803,8 @@
- ssh_packet_set_connection(struct ssh *ssh, int fd_in, int fd_out)
- {
- struct session_state *state;
--- const struct sshcipher *none = cipher_by_name("none");
--+ struct sshcipher *none = cipher_by_name("none");
-+- const struct sshcipher *none = cipher_none();
-++ struct sshcipher *none = cipher_none();
- int r;
-
- if (none == NULL) {
-@@ -894,24 +894,24 @@
- intptr = &options->compression;
- multistate_ptr = multistate_compression;
- @@ -2062,6 +2068,7 @@ initialize_options(Options * options)
-- options->hostbased_accepted_algos = NULL;
-- options->pubkey_accepted_algos = NULL;
-- options->known_hosts_command = NULL;
-+ options->revoked_host_keys = NULL;
-+ options->fingerprint_hash = -1;
-+ options->update_hostkeys = -1;
- + options->disable_multithreaded = -1;
- }
-
- /*
- @@ -2247,6 +2254,10 @@ fill_default_options(Options * options)
-+ options->update_hostkeys = 0;
- if (options->sk_provider == NULL)
- options->sk_provider = xstrdup("$SSH_SK_PROVIDER");
-- #endif
- + if (options->update_hostkeys == -1)
- + options->update_hostkeys = 0;
- + if (options->disable_multithreaded == -1)
- + options->disable_multithreaded = 0;
-
-- /* Expand KEX name lists */
-- all_cipher = cipher_alg_list(',', 0);
-+ /* expand KEX and etc. name lists */
-+ { char *all;
- diff --git a/readconf.h b/readconf.h
- index d6a15550..d2d20548 100644
- --- a/readconf.h
-@@ -950,9 +950,9 @@
- /* Portable-specific options */
- sUsePAM,
- + sDisableMTAES,
-- /* Standard Options */
-- sPort, sHostKeyFile, sLoginGraceTime,
-- sPermitRootLogin, sLogFacility, sLogLevel,
-+ /* X.509 Standard Options */
-+ sHostbasedAlgorithms,
-+ sPubkeyAlgorithms,
- @@ -672,6 +676,7 @@ static struct {
- { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },
- { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL },
-diff -ur a/openssh-8_4_P1-hpn-DynWinNoneSwitch-15.1.diff b/openssh-8_4_P1-hpn-DynWinNoneSwitch-15.1.diff
---- a/openssh-8_4_P1-hpn-DynWinNoneSwitch-15.1.diff 2021-03-03 19:05:28.942903961 -0800
-+++ b/openssh-8_4_P1-hpn-DynWinNoneSwitch-15.1.diff 2021-03-03 20:36:34.702362020 -0800
-@@ -157,6 +157,36 @@
- + Allan Jude provided the code for the NoneMac and buffer normalization.
- + This work was financed, in part, by Cisco System, Inc., the National
- + Library of Medicine, and the National Science Foundation.
-+diff --git a/auth2.c b/auth2.c
-+--- a/auth2.c 2021-03-03 20:34:51.312051369 -0800
-++++ b/auth2.c 2021-03-03 20:35:15.797888115 -0800
-+@@ -229,16 +229,17 @@
-+ double delay;
-+
-+ digest_alg = ssh_digest_maxbytes();
-+- len = ssh_digest_bytes(digest_alg);
-+- hash = xmalloc(len);
-++ if (len = ssh_digest_bytes(digest_alg) > 0) {
-++ hash = xmalloc(len);
-+
-+- (void)snprintf(b, sizeof b, "%llu%s",
-+- (unsigned long long)options.timing_secret, user);
-+- if (ssh_digest_memory(digest_alg, b, strlen(b), hash, len) != 0)
-+- fatal_f("ssh_digest_memory");
-+- /* 0-4.2 ms of delay */
-+- delay = (double)PEEK_U32(hash) / 1000 / 1000 / 1000 / 1000;
-+- freezero(hash, len);
-++ (void)snprintf(b, sizeof b, "%llu%s",
-++ (unsigned long long)options.timing_secret, user);
-++ if (ssh_digest_memory(digest_alg, b, strlen(b), hash, len) != 0)
-++ fatal_f("ssh_digest_memory");
-++ /* 0-4.2 ms of delay */
-++ delay = (double)PEEK_U32(hash) / 1000 / 1000 / 1000 / 1000;
-++ freezero(hash, len);
-++ }
-+ debug3_f("user specific delay %0.3lfms", delay/1000);
-+ return MIN_FAIL_DELAY_SECONDS + delay;
-+ }
- diff --git a/channels.c b/channels.c
- index e4917f3c..e0db582e 100644
- --- a/channels.c
-@@ -209,14 +239,14 @@
- static void
- channel_pre_open(struct ssh *ssh, Channel *c,
- fd_set *readset, fd_set *writeset)
--@@ -2179,22 +2206,31 @@ channel_check_window(struct ssh *ssh, Channel *c)
-+@@ -2179,21 +2206,31 @@ channel_check_window(struct ssh *ssh, Channel *c)
-
- if (c->type == SSH_CHANNEL_OPEN &&
- !(c->flags & (CHAN_CLOSE_SENT|CHAN_CLOSE_RCVD)) &&
- - ((c->local_window_max - c->local_window >
- - c->local_maxpacket*3) ||
--+ ((ssh_packet_is_interactive(ssh) &&
--+ c->local_window_max - c->local_window > c->local_maxpacket*3) ||
-++ ((ssh_packet_is_interactive(ssh) &&
-++ c->local_window_max - c->local_window > c->local_maxpacket*3) ||
- c->local_window < c->local_window_max/2) &&
- c->local_consumed > 0) {
- + u_int addition = 0;
-@@ -234,10 +264,12 @@
- SSH2_MSG_CHANNEL_WINDOW_ADJUST)) != 0 ||
- (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 ||
- - (r = sshpkt_put_u32(ssh, c->local_consumed)) != 0 ||
-+- (r = sshpkt_send(ssh)) != 0)
-+- fatal_fr(r, "channel %d", c->self);
- + (r = sshpkt_put_u32(ssh, c->local_consumed + addition)) != 0 ||
-- (r = sshpkt_send(ssh)) != 0) {
-- fatal_fr(r, "channel %i", c->self);
-- }
-++ (r = sshpkt_send(ssh)) != 0) {
-++ fatal_fr(r, "channel %i", c->self);
-++ }
- debug2("channel %d: window %d sent adjust %d", c->self,
- - c->local_window, c->local_consumed);
- - c->local_window += c->local_consumed;
-@@ -384,20 +416,38 @@
- index dec8e7e9..3c11558e 100644
- --- a/compat.c
- +++ b/compat.c
--@@ -150,6 +150,13 @@ compat_banner(struct ssh *ssh, const char *version)
-- debug_f("match: %s pat %s compat 0x%08x",
-+@@ -43,7 +43,7 @@
-+ static u_int
-+ compat_datafellows(const char *version)
-+ {
-+- int i;
-++ int i, bugs = 0;
-+ static struct {
-+ char *pat;
-+ int bugs;
-+@@ -147,11 +147,19 @@
-+ if (match_pattern_list(version, check[i].pat, 0) == 1) {
-+ debug("match: %s pat %s compat 0x%08x",
- version, check[i].pat, check[i].bugs);
-- ssh->compat = check[i].bugs;
--+ /* Check to see if the remote side is OpenSSH and not HPN */
--+ if (strstr(version, "OpenSSH") != NULL) {
--+ if (strstr(version, "hpn") == NULL) {
--+ ssh->compat |= SSH_BUG_LARGEWINDOW;
--+ debug("Remote is NON-HPN aware");
--+ }
--+ }
-- return;
-+- return check[i].bugs;
-++ bugs |= check[i].bugs;
- }
- }
-+- debug("no match: %s", version);
-+- return 0;
-++ /* Check to see if the remote side is OpenSSH and not HPN */
-++ if (strstr(version, "OpenSSH") != NULL) {
-++ if (strstr(version, "hpn") == NULL) {
-++ bugs |= SSH_BUG_LARGEWINDOW;
-++ debug("Remote is NON-HPN aware");
-++ }
-++ }
-++ if (bugs == 0)
-++ debug("no match: %s", version);
-++ return bugs;
-+ }
-+
-+ char *
- diff --git a/compat.h b/compat.h
- index 66db42cc..d4e811e4 100644
- --- a/compat.h
-@@ -456,7 +506,7 @@
- @@ -888,6 +888,10 @@ kex_choose_conf(struct ssh *ssh)
- int nenc, nmac, ncomp;
- u_int mode, ctos, need, dh_need, authlen;
-- int r, first_kex_follows;
-+ int r, first_kex_follows = 0;
- + int auth_flag = 0;
- +
- + auth_flag = packet_authentication_state(ssh);
-@@ -1033,19 +1083,6 @@
-
- /* File to read commands from */
- FILE* infile;
--diff --git a/ssh-keygen.c b/ssh-keygen.c
--index a12b79a5..8b839219 100644
----- a/ssh-keygen.c
--+++ b/ssh-keygen.c
--@@ -2999,7 +2999,7 @@ do_download_sk(const char *skprovider, const char *device)
-- freezero(pin, strlen(pin));
-- error("Unable to load resident keys: %s", ssh_err(r));
-- return -1;
--- }
--+ }
-- if (nkeys == 0)
-- logit("No keys to download");
-- if (pin != NULL)
- diff --git a/ssh.c b/ssh.c
- index f34ca0d7..d7d134f7 100644
- --- a/ssh.c
-@@ -1091,7 +1128,7 @@
- + else
- + options.hpn_buffer_size = 2 * 1024 * 1024;
- +
--+ if (ssh->compat & SSH_BUG_LARGEWINDOW) {
-++ if (ssh_compat_fellows(ssh, SSH_BUG_LARGEWINDOW)) {
- + debug("HPN to Non-HPN Connection");
- + } else {
- + int sock, socksize;
-@@ -1331,6 +1368,26 @@
- /* Bind the socket to the desired port. */
- if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) == -1) {
- error("Bind to port %s on %s failed: %.200s.",
-+@@ -1625,12 +1625,13 @@
-+ if (ssh_digest_update(ctx, sshbuf_ptr(server_cfg),
-+ sshbuf_len(server_cfg)) != 0)
-+ fatal_f("ssh_digest_update");
-+- len = ssh_digest_bytes(digest_alg);
-+- hash = xmalloc(len);
-+- if (ssh_digest_final(ctx, hash, len) != 0)
-+- fatal_f("ssh_digest_final");
-+- options.timing_secret = PEEK_U64(hash);
-+- freezero(hash, len);
-++ if (len = ssh_digest_bytes(digest_alg) > 0) {
-++ hash = xmalloc(len);
-++ if (ssh_digest_final(ctx, hash, len) != 0)
-++ fatal_f("ssh_digest_final");
-++ options.timing_secret = PEEK_U64(hash);
-++ freezero(hash, len);
-++ }
-+ ssh_digest_free(ctx);
-+ ctx = NULL;
-+ return;
- @@ -1746,6 +1753,19 @@ main(int ac, char **av)
- /* Fill in default values for those options not explicitly set. */
- fill_default_server_options(&options);
-@@ -1401,14 +1458,3 @@
- # Example of overriding settings on a per-user basis
- #Match User anoncvs
- # X11Forwarding no
--diff --git a/version.h b/version.h
--index c2f9c55b..f2e7fa80 100644
----- a/version.h
--+++ b/version.h
--@@ -3,4 +3,5 @@
-- #define SSH_VERSION "OpenSSH_8.4"
--
-- #define SSH_PORTABLE "p1"
---#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
--+#define SSH_HPN "-hpn15v1"
--+#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN
-diff -ur a/openssh-8_4_P1-hpn-PeakTput-15.1.diff b/openssh-8_4_P1-hpn-PeakTput-15.1.diff
---- a/openssh-8_4_P1-hpn-PeakTput-15.1.diff 2021-03-03 12:57:01.975827879 -0800
-+++ b/openssh-8_4_P1-hpn-PeakTput-15.1.diff 2021-03-03 18:25:21.930305937 -0800
-@@ -12,9 +12,9 @@
- static long stalled; /* how long we have been stalled */
- static int bytes_per_second; /* current speed in bytes per second */
- @@ -127,6 +129,7 @@ refresh_progress_meter(int force_update)
-+ off_t bytes_left;
- int cur_speed;
-- int hours, minutes, seconds;
-- int file_len;
-+ int len;
- + off_t delta_pos;
-
- if ((!force_update && !alarm_fired && !win_resized) || !can_output())
-@@ -33,12 +33,12 @@
- @@ -166,7 +173,7 @@ refresh_progress_meter(int force_update)
-
- /* filename */
-- buf[0] = '\0';
--- file_len = win_size - 36;
--+ file_len = win_size - 45;
-- if (file_len > 0) {
-- buf[0] = '\r';
-- snmprintf(buf+1, sizeof(buf)-1, &file_len, "%-*s",
-+ if (win_size > 36) {
-+- int file_len = win_size - 36;
-++ int file_len = win_size - 45;
-+ snmprintf(buf+1, sizeof(buf)-1, &file_len, "%-*s ",
-+ file_len, file);
-+ }
- @@ -191,6 +198,15 @@ refresh_progress_meter(int force_update)
- (off_t)bytes_per_second);
- strlcat(buf, "/s ", win_size);
-@@ -63,15 +63,3 @@
- }
-
- /*ARGSUSED*/
--diff --git a/ssh-keygen.c b/ssh-keygen.c
--index a12b79a5..76b22338 100644
----- a/ssh-keygen.c
--+++ b/ssh-keygen.c
--@@ -2987,7 +2987,6 @@ do_download_sk(const char *skprovider, const char *device)
--
-- if (skprovider == NULL)
-- fatal("Cannot download keys without provider");
---
-- pin = read_passphrase("Enter PIN for authenticator: ", RP_ALLOW_STDIN);
-- if (!quiet) {
-- printf("You may need to touch your authenticator "
diff --git a/net-misc/openssh/files/openssh-8.5_p1-hpn-15.1-glue.patch b/net-misc/openssh/files/openssh-8.5_p1-hpn-15.1-glue.patch
deleted file mode 100644
index ec6e687271c..00000000000
--- a/net-misc/openssh/files/openssh-8.5_p1-hpn-15.1-glue.patch
+++ /dev/null
@@ -1,242 +0,0 @@
-diff -ur a/openssh-8_4_P1-hpn-AES-CTR-15.1.diff b/openssh-8_4_P1-hpn-AES-CTR-15.1.diff
---- a/openssh-8_4_P1-hpn-AES-CTR-15.1.diff 2021-03-03 11:08:18.300474672 -0800
-+++ b/openssh-8_4_P1-hpn-AES-CTR-15.1.diff 2021-03-03 11:18:42.408298903 -0800
-@@ -894,9 +894,9 @@
- intptr = &options->compression;
- multistate_ptr = multistate_compression;
- @@ -2062,6 +2068,7 @@ initialize_options(Options * options)
-- options->update_hostkeys = -1;
-- options->hostbased_key_types = NULL;
-- options->pubkey_key_types = NULL;
-+ options->hostbased_accepted_algos = NULL;
-+ options->pubkey_accepted_algos = NULL;
-+ options->known_hosts_command = NULL;
- + options->disable_multithreaded = -1;
- }
-
-diff -ur a/openssh-8_4_P1-hpn-DynWinNoneSwitch-15.1.diff b/openssh-8_4_P1-hpn-DynWinNoneSwitch-15.1.diff
---- a/openssh-8_4_P1-hpn-DynWinNoneSwitch-15.1.diff 2021-03-03 11:08:18.300474672 -0800
-+++ b/openssh-8_4_P1-hpn-DynWinNoneSwitch-15.1.diff 2021-03-03 12:53:24.117319233 -0800
-@@ -209,7 +209,7 @@
- static void
- channel_pre_open(struct ssh *ssh, Channel *c,
- fd_set *readset, fd_set *writeset)
--@@ -2179,25 +2206,34 @@ channel_check_window(struct ssh *ssh, Channel *c)
-+@@ -2179,22 +2206,31 @@ channel_check_window(struct ssh *ssh, Channel *c)
-
- if (c->type == SSH_CHANNEL_OPEN &&
- !(c->flags & (CHAN_CLOSE_SENT|CHAN_CLOSE_RCVD)) &&
-@@ -229,22 +229,19 @@
- + debug("Channel: Window growth to %d by %d bytes", c->local_window_max, addition);
- + }
- if (!c->have_remote_id)
-- fatal(":%s: channel %d: no remote id",
-- __func__, c->self);
-+ fatal_f("channel %d: no remote id", c->self);
- if ((r = sshpkt_start(ssh,
- SSH2_MSG_CHANNEL_WINDOW_ADJUST)) != 0 ||
- (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 ||
- - (r = sshpkt_put_u32(ssh, c->local_consumed)) != 0 ||
- + (r = sshpkt_put_u32(ssh, c->local_consumed + addition)) != 0 ||
- (r = sshpkt_send(ssh)) != 0) {
-- fatal("%s: channel %i: %s", __func__,
-- c->self, ssh_err(r));
-+ fatal_fr(r, "channel %i", c->self);
- }
-- debug2("channel %d: window %d sent adjust %d",
-- c->self, c->local_window,
--- c->local_consumed);
-+ debug2("channel %d: window %d sent adjust %d", c->self,
-+- c->local_window, c->local_consumed);
- - c->local_window += c->local_consumed;
--+ c->local_consumed + addition);
-++ c->local_window, c->local_consumed + addition);
- + c->local_window += c->local_consumed + addition;
- c->local_consumed = 0;
- }
-@@ -387,18 +384,18 @@
- index dec8e7e9..3c11558e 100644
- --- a/compat.c
- +++ b/compat.c
--@@ -150,6 +150,13 @@ compat_datafellows(const char *version)
-- debug("match: %s pat %s compat 0x%08x",
-+@@ -150,6 +150,13 @@ compat_banner(struct ssh *ssh, const char *version)
-+ debug_f("match: %s pat %s compat 0x%08x",
- version, check[i].pat, check[i].bugs);
-- datafellows = check[i].bugs; /* XXX for now */
-+ ssh->compat = check[i].bugs;
- + /* Check to see if the remote side is OpenSSH and not HPN */
- + if (strstr(version, "OpenSSH") != NULL) {
- + if (strstr(version, "hpn") == NULL) {
--+ datafellows |= SSH_BUG_LARGEWINDOW;
-++ ssh->compat |= SSH_BUG_LARGEWINDOW;
- + debug("Remote is NON-HPN aware");
- + }
- + }
-- return check[i].bugs;
-+ return;
- }
- }
- diff --git a/compat.h b/compat.h
-@@ -431,9 +428,9 @@
- --- a/digest-openssl.c
- +++ b/digest-openssl.c
- @@ -61,6 +61,7 @@ const struct ssh_digest digests[] = {
-- { SSH_DIGEST_SHA256, "SHA256", 32, EVP_sha256 },
-+ { SSH_DIGEST_SHA256, "SHA256", 32, EVP_sha256 },
- { SSH_DIGEST_SHA384, "SHA384", 48, EVP_sha384 },
-- { SSH_DIGEST_SHA512, "SHA512", 64, EVP_sha512 },
-+ { SSH_DIGEST_SHA512, "SHA512", 64, EVP_sha512 },
- + { SSH_DIGEST_NULL, "NONEMAC", 0, EVP_md_null},
- { -1, NULL, 0, NULL },
- };
-@@ -536,18 +533,10 @@
- if (state->rekey_limit)
- *max_blocks = MINIMUM(*max_blocks,
- state->rekey_limit / enc->block_size);
--@@ -966,6 +975,24 @@ ssh_set_newkeys(struct ssh *ssh, int mode)
-+@@ -966,6 +975,16 @@ ssh_set_newkeys(struct ssh *ssh, int mode)
- return 0;
- }
-
--+/* this supports the forced rekeying required for the NONE cipher */
--+int rekey_requested = 0;
--+void
--+packet_request_rekeying(void)
--+{
--+ rekey_requested = 1;
--+}
--+
- +/* used to determine if pre or post auth when rekeying for aes-ctr
- + * and none cipher switch */
- +int
-@@ -561,20 +550,6 @@
- #define MAX_PACKETS (1U<<31)
- static int
- ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
--@@ -992,6 +1019,13 @@ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
-- if (state->p_send.packets == 0 && state->p_read.packets == 0)
-- return 0;
--
--+ /* used to force rekeying when called for by the none
--+ * cipher switch methods -cjr */
--+ if (rekey_requested == 1) {
--+ rekey_requested = 0;
--+ return 1;
--+ }
--+
-- /* Time-based rekeying */
-- if (state->rekey_interval != 0 &&
-- (int64_t)state->rekey_time + state->rekey_interval <= monotime())
- @@ -1330,7 +1364,7 @@ ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
- struct session_state *state = ssh->state;
- int len, r, ms_remain;
-@@ -622,9 +597,9 @@
- /* Format of the configuration file:
-
- @@ -165,6 +166,8 @@ typedef enum {
-- oHashKnownHosts,
- oTunnel, oTunnelDevice,
- oLocalCommand, oPermitLocalCommand, oRemoteCommand,
-+ oDisableMTAES,
- + oTcpRcvBufPoll, oTcpRcvBuf, oHPNDisabled, oHPNBufferSize,
- + oNoneEnabled, oNoneMacEnabled, oNoneSwitch,
- oVisualHostKey,
-@@ -778,9 +753,9 @@
- int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */
- SyslogFacility log_facility; /* Facility for system logging. */
- @@ -115,7 +119,11 @@ typedef struct {
--
- int enable_ssh_keysign;
- int64_t rekey_limit;
-+ int disable_multithreaded; /*disable multithreaded aes-ctr*/
- + int none_switch; /* Use none cipher */
- + int none_enabled; /* Allow none cipher to be used */
- + int nonemac_enabled; /* Allow none MAC to be used */
-@@ -888,9 +863,9 @@
- + options->hpn_buffer_size = CHAN_TCP_WINDOW_DEFAULT;
- + }
- +
-+ if (options->disable_multithreaded == -1)
-+ options->disable_multithreaded = 0;
- if (options->ip_qos_interactive == -1)
-- options->ip_qos_interactive = IPTOS_DSCP_AF21;
-- if (options->ip_qos_bulk == -1)
- @@ -511,6 +564,8 @@ typedef enum {
- sPasswordAuthentication, sKbdInteractiveAuthentication,
- sListenAddress, sAddressFamily,
-@@ -1091,7 +1066,7 @@
- }
-
- +static void
--+hpn_options_init(void)
-++hpn_options_init(struct ssh *ssh)
- +{
- + /*
- + * We need to check to see if what they want to do about buffer
-@@ -1116,7 +1091,7 @@
- + else
- + options.hpn_buffer_size = 2 * 1024 * 1024;
- +
--+ if (datafellows & SSH_BUG_LARGEWINDOW) {
-++ if (ssh->compat & SSH_BUG_LARGEWINDOW) {
- + debug("HPN to Non-HPN Connection");
- + } else {
- + int sock, socksize;
-@@ -1186,7 +1161,7 @@
- + c->dynamic_window = 1;
- + debug("Enabled Dynamic Window Scaling");
- + }
-- debug3("%s: channel_new: %d", __func__, c->self);
-+ debug3_f("channel_new: %d", c->self);
-
- channel_send_open(ssh, c->self);
- @@ -2078,6 +2160,13 @@ ssh_session2(struct ssh *ssh, struct passwd *pw)
-@@ -1198,7 +1173,7 @@
- + * might open channels that use the hpn buffer sizes. We can't send a
- + * window of -1 (the default) to the server as it breaks things.
- + */
--+ hpn_options_init();
-++ hpn_options_init(ssh);
- +
- /* XXX should be pre-session */
- if (!options.control_persist)
-@@ -1297,11 +1272,10 @@
- xxx_host = host;
- xxx_hostaddr = hostaddr;
-
--@@ -482,6 +493,34 @@ ssh_userauth2(struct ssh *ssh, const char *local_user,
--
-+@@ -482,6 +493,33 @@ ssh_userauth2(struct ssh *ssh, const char *local_user,
- if (!authctxt.success)
- fatal("Authentication failed.");
--+
-+
- + /*
- + * If the user wants to use the none cipher, do it post authentication
- + * and only if the right conditions are met -- both of the NONE commands
-@@ -1329,9 +1303,9 @@
- + }
- + }
- +
-- debug("Authentication succeeded (%s).", authctxt.method->name);
-- }
--
-+ #ifdef WITH_OPENSSL
-+ if (options.disable_multithreaded == 0) {
-+ /* if we are using aes-ctr there can be issues in either a fork or sandbox
- diff --git a/sshd.c b/sshd.c
- index 8aa7f3df..d0e3f1b0 100644
- --- a/sshd.c
-@@ -1397,9 +1371,9 @@
- + if (options.nonemac_enabled == 1)
- + debug("WARNING: None MAC enabled");
- +
-- myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(
-+ myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(ssh,
- options.kex_algorithms);
-- myproposal[PROPOSAL_ENC_ALGS_CTOS] = compat_cipher_proposal(
-+ myproposal[PROPOSAL_ENC_ALGS_CTOS] = compat_cipher_proposal(ssh,
- diff --git a/sshd_config b/sshd_config
- index 19b7c91a..cdd889b2 100644
- --- a/sshd_config
diff --git a/net-misc/openssh/files/openssh-8.5_p1-hpn-15.1-sctp-glue.patch b/net-misc/openssh/files/openssh-8.5_p1-hpn-15.1-sctp-glue.patch
deleted file mode 100644
index d4835d1209b..00000000000
--- a/net-misc/openssh/files/openssh-8.5_p1-hpn-15.1-sctp-glue.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-diff -ur a/openssh-8_4_P1-hpn-DynWinNoneSwitch-15.1.diff b/openssh-8_4_P1-hpn-DynWinNoneSwitch-15.1.diff
---- a/openssh-8_4_P1-hpn-DynWinNoneSwitch-15.1.diff 2021-03-03 15:36:29.211246123 -0800
-+++ b/openssh-8_4_P1-hpn-DynWinNoneSwitch-15.1.diff 2021-03-03 15:36:53.607089097 -0800
-@@ -1401,14 +1401,3 @@
- # Example of overriding settings on a per-user basis
- #Match User anoncvs
- # X11Forwarding no
--diff --git a/version.h b/version.h
--index c2f9c55b..f2e7fa80 100644
----- a/version.h
--+++ b/version.h
--@@ -3,4 +3,5 @@
-- #define SSH_VERSION "OpenSSH_8.4"
--
-- #define SSH_PORTABLE "p1"
---#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
--+#define SSH_HPN "-hpn15v1"
--+#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/files/
@ 2021-12-24 13:29 Conrad Kostecki
0 siblings, 0 replies; 40+ messages in thread
From: Conrad Kostecki @ 2021-12-24 13:29 UTC (permalink / raw
To: gentoo-commits
commit: d7606e5ba83aa4850811f60aeb449e62a2b6a2f1
Author: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
AuthorDate: Fri Dec 24 13:27:01 2021 +0000
Commit: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
CommitDate: Fri Dec 24 13:29:07 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d7606e5b
net-misc/openssh: re-add openssh-8.5_p1-hpn-15.2-sctp-glue.patch
In commit cb24554516cbb10be9b7c75328b46a620b83be75, the still used patch
openssh-8.5_p1-hpn-15.2-sctp-glue.patch got accidentally removed.
Restoring again.
Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>
.../files/openssh-8.5_p1-hpn-15.2-sctp-glue.patch | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/net-misc/openssh/files/openssh-8.5_p1-hpn-15.2-sctp-glue.patch b/net-misc/openssh/files/openssh-8.5_p1-hpn-15.2-sctp-glue.patch
new file mode 100644
index 000000000000..7199227589c6
--- /dev/null
+++ b/net-misc/openssh/files/openssh-8.5_p1-hpn-15.2-sctp-glue.patch
@@ -0,0 +1,18 @@
+diff -u a/openssh-8_5_P1-hpn-DynWinNoneSwitch-15.2.diff b/openssh-8_5_P1-hpn-DynWinNoneSwitch-15.2.diff
+--- a/openssh-8_5_P1-hpn-DynWinNoneSwitch-15.2.diff 2021-03-16 10:06:45.020527770 -0700
++++ b/openssh-8_5_P1-hpn-DynWinNoneSwitch-15.2.diff 2021-03-16 10:07:01.294423665 -0700
+@@ -1414,14 +1414,3 @@
+ # Example of overriding settings on a per-user basis
+ #Match User anoncvs
+ # X11Forwarding no
+-diff --git a/version.h b/version.h
+-index 6b4fa372..332fb486 100644
+---- a/version.h
+-+++ b/version.h
+-@@ -3,4 +3,5 @@
+- #define SSH_VERSION "OpenSSH_8.5"
+-
+- #define SSH_PORTABLE "p1"
+--#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
+-+#define SSH_HPN "-hpn15v2"
+-+#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/files/
@ 2022-02-16 14:59 Mike Gilbert
0 siblings, 0 replies; 40+ messages in thread
From: Mike Gilbert @ 2022-02-16 14:59 UTC (permalink / raw
To: gentoo-commits
commit: 72c302840f08041f0820d38d1e8942d9aed96ae0
Author: Michael Mair-Keimberger <mmk <AT> levelnine <DOT> at>
AuthorDate: Wed Feb 16 14:40:49 2022 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Wed Feb 16 14:59:02 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=72c30284
net-misc/openssh: remove unused file
Closes: https://github.com/gentoo/gentoo/pull/24210
Package-Manager: Portage-3.0.30, Repoman-3.0.3
Signed-off-by: Michael Mair-Keimberger <m.mairkeimberger <AT> gmail.com>
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
net-misc/openssh/files/sshd-r2.initd | 100 -----------------------------------
1 file changed, 100 deletions(-)
diff --git a/net-misc/openssh/files/sshd-r2.initd b/net-misc/openssh/files/sshd-r2.initd
deleted file mode 100644
index 3381fb965dd8..000000000000
--- a/net-misc/openssh/files/sshd-r2.initd
+++ /dev/null
@@ -1,100 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-extra_commands="checkconfig"
-extra_started_commands="reload"
-
-: ${SSHD_CONFDIR:=${RC_PREFIX%/}/etc/ssh}
-: ${SSHD_CONFIG:=${SSHD_CONFDIR}/sshd_config}
-: ${SSHD_PIDFILE:=${RC_PREFIX%/}/run/${SVCNAME}.pid}
-: ${SSHD_BINARY:=${RC_PREFIX%/}/usr/sbin/sshd}
-: ${SSHD_KEYGEN_BINARY:=${RC_PREFIX%/}/usr/bin/ssh-keygen}
-
-command="${SSHD_BINARY}"
-pidfile="${SSHD_PIDFILE}"
-command_args="${SSHD_OPTS} -o PidFile=${pidfile} -f ${SSHD_CONFIG}"
-
-# Wait one second (length chosen arbitrarily) to see if sshd actually
-# creates a PID file, or if it crashes for some reason like not being
-# able to bind to the address in ListenAddress (bug 617596).
-: ${SSHD_SSD_OPTS:=--wait 1000}
-start_stop_daemon_args="${SSHD_SSD_OPTS}"
-
-depend() {
- # Entropy can be used by ssh-keygen, among other things, but
- # is not strictly required (bug 470020).
- use logger dns entropy
- if [ "${rc_need+set}" = "set" ] ; then
- : # Do nothing, the user has explicitly set rc_need
- else
- local x warn_addr
- for x in $(awk '/^ListenAddress/{ print $2 }' "$SSHD_CONFIG" 2>/dev/null) ; do
- case "${x}" in
- 0.0.0.0|0.0.0.0:*) ;;
- ::|\[::\]*) ;;
- *) warn_addr="${warn_addr} ${x}" ;;
- esac
- done
- if [ -n "${warn_addr}" ] ; then
- need net
- ewarn "You are binding an interface in ListenAddress statement in your sshd_config!"
- ewarn "You must add rc_need=\"net.FOO\" to your ${RC_PREFIX%/}/etc/conf.d/sshd"
- ewarn "where FOO is the interface(s) providing the following address(es):"
- ewarn "${warn_addr}"
- fi
- fi
-}
-
-checkconfig() {
- checkpath --mode 0755 --directory "${RC_PREFIX%/}/var/empty"
-
- if [ ! -e "${SSHD_CONFIG}" ] ; then
- eerror "You need an ${SSHD_CONFIG} file to run sshd"
- eerror "There is a sample file in /usr/share/doc/openssh"
- return 1
- fi
-
- ${SSHD_KEYGEN_BINARY} -A || return 2
-
- "${command}" -t ${command_args} || return 3
-}
-
-start_pre() {
- # Make sure that the user's config isn't busted before we try
- # to start the daemon (this will produce better error messages
- # than if we just try to start it blindly).
- #
- # We always need to call checkconfig because this function will
- # also generate any missing host key and you can start a
- # non-running service with "restart" argument.
- checkconfig || return $?
-}
-
-stop_pre() {
- if [ "${RC_CMD}" = "restart" ] ; then
- # If this is a restart, check to make sure the user's config
- # isn't busted before we stop the running daemon.
- checkconfig || return $?
- elif yesno "${RC_GOINGDOWN}" && [ -s "${pidfile}" ] && hash pgrep 2>/dev/null ; then
- # Disconnect any clients before killing the master process
- local pid=$(cat "${pidfile}" 2>/dev/null)
- if [ -n "${pid}" ] ; then
- local ssh_session_pattern='sshd: \S.*@pts/[0-9]+'
-
- IFS="${IFS}@"
- local daemon pid pty user
- pgrep -a -P ${pid} -f "$ssh_session_pattern" | while read pid daemon user pty ; do
- ewarn "Found ${daemon%:} session ${pid} on ${pty}; sending SIGTERM ..."
- kill "${pid}" || true
- done
- fi
- fi
-}
-
-reload() {
- checkconfig || return $?
- ebegin "Reloading ${SVCNAME}"
- start-stop-daemon --signal HUP --pidfile "${pidfile}"
- eend $?
-}
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/files/
@ 2022-02-26 3:02 Sam James
0 siblings, 0 replies; 40+ messages in thread
From: Sam James @ 2022-02-26 3:02 UTC (permalink / raw
To: gentoo-commits
commit: 0a95f1e46d021f8442f644c8c0bbec4cf6ade090
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Feb 26 03:01:52 2022 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Feb 26 03:01:52 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0a95f1e4
net-misc/openssh: drop duplicate patch hunk
Already applied in other patch file.
Signed-off-by: Sam James <sam <AT> gentoo.org>
.../files/openssh-8.9_p1-gss-use-HOST_NAME_MAX.patch | 14 --------------
1 file changed, 14 deletions(-)
diff --git a/net-misc/openssh/files/openssh-8.9_p1-gss-use-HOST_NAME_MAX.patch b/net-misc/openssh/files/openssh-8.9_p1-gss-use-HOST_NAME_MAX.patch
index 98c87ecf5f47..9e08b2a553c2 100644
--- a/net-misc/openssh/files/openssh-8.9_p1-gss-use-HOST_NAME_MAX.patch
+++ b/net-misc/openssh/files/openssh-8.9_p1-gss-use-HOST_NAME_MAX.patch
@@ -11,17 +11,3 @@ index b5d4bb2d..00e3d118 100644
gss_release_oid_set(&status, &oidset);
return (-1);
}
-diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
-index 2e065ba3..4ce80cb2 100644
---- a/sandbox-seccomp-filter.c
-+++ b/sandbox-seccomp-filter.c
-@@ -276,6 +276,9 @@ static const struct sock_filter preauth_insns[] = {
- #ifdef __NR_ppoll
- SC_ALLOW(__NR_ppoll),
- #endif
-+#ifdef __NR_ppoll_time64
-+ SC_ALLOW(__NR_ppoll_time64),
-+#endif
- #ifdef __NR_poll
- SC_ALLOW(__NR_poll),
- #endif
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/files/
@ 2022-10-30 9:28 Sam James
0 siblings, 0 replies; 40+ messages in thread
From: Sam James @ 2022-10-30 9:28 UTC (permalink / raw
To: gentoo-commits
commit: 591c528cc536c3e28daaf6356084d356c5e82eec
Author: Michael Mair-Keimberger <mmk <AT> levelnine <DOT> at>
AuthorDate: Sun Oct 30 07:55:44 2022 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Oct 30 09:27:00 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=591c528c
net-misc/openssh: remove unused patch
Signed-off-by: Michael Mair-Keimberger <mmk <AT> levelnine.at>
Closes: https://github.com/gentoo/gentoo/pull/28031
Signed-off-by: Sam James <sam <AT> gentoo.org>
.../files/openssh-9.0_p1-X509-glue-13.3.2.patch | 54 ----------------------
1 file changed, 54 deletions(-)
diff --git a/net-misc/openssh/files/openssh-9.0_p1-X509-glue-13.3.2.patch b/net-misc/openssh/files/openssh-9.0_p1-X509-glue-13.3.2.patch
deleted file mode 100644
index 3d702eb35be8..000000000000
--- a/net-misc/openssh/files/openssh-9.0_p1-X509-glue-13.3.2.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-diff -ur '--exclude=.*.un~' a/openssh-9.0p1+x509-13.3.2.diff b/openssh-9.0p1+x509-13.3.2.diff
---- a/openssh-9.0p1+x509-13.3.2.diff 2022-04-11 10:32:02.364576985 -0700
-+++ b/openssh-9.0p1+x509-13.3.2.diff 2022-04-11 10:38:29.267348410 -0700
-@@ -47526,8 +47526,8 @@
- gss_create_empty_oid_set(&status, &oidset);
- gss_add_oid_set_member(&status, ctx->oid, &oidset);
-
--- if (gethostname(lname, MAXHOSTNAMELEN)) {
--+ if (gethostname(lname, MAXHOSTNAMELEN) == -1) {
-+- if (gethostname(lname, HOST_NAME_MAX)) {
-++ if (gethostname(lname, HOST_NAME_MAX) == -1) {
- gss_release_oid_set(&status, &oidset);
- return (-1);
- }
-@@ -55662,12 +55662,11 @@
-
- install-files:
- $(MKDIR_P) $(DESTDIR)$(bindir)
--@@ -395,6 +372,8 @@
-+@@ -395,6 +372,7 @@
- $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)5
- $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)8
- $(MKDIR_P) $(DESTDIR)$(libexecdir)
- + $(MKDIR_P) $(DESTDIR)$(sshcadir)
--+ $(MKDIR_P) $(DESTDIR)$(piddir)
- $(MKDIR_P) -m 0755 $(DESTDIR)$(PRIVSEP_PATH)
- $(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) $(DESTDIR)$(bindir)/ssh$(EXEEXT)
- $(INSTALL) -m 0755 $(STRIP_OPT) scp$(EXEEXT) $(DESTDIR)$(bindir)/scp$(EXEEXT)
-@@ -76764,7 +76763,7 @@
- +if test "$sshd_type" = "pkix" ; then
- + unset_arg=''
- +else
--+ unset_arg=none
-++ unset_arg=''
- +fi
- +
- cat > $OBJ/sshd_config.i << _EOF
-@@ -141144,16 +141143,6 @@
- +int asnmprintf(char **, size_t, int *, const char *, ...)
- __attribute__((format(printf, 4, 5)));
- void msetlocale(void);
--diff -ruN openssh-9.0p1/version.h openssh-9.0p1+x509-13.3.2/version.h
----- openssh-9.0p1/version.h 2022-04-06 03:47:48.000000000 +0300
--+++ openssh-9.0p1+x509-13.3.2/version.h 2022-04-11 09:07:00.000000000 +0300
--@@ -2,5 +2,4 @@
--
-- #define SSH_VERSION "OpenSSH_9.0"
--
---#define SSH_PORTABLE "p1"
---#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
--+#define SSH_RELEASE PACKAGE_STRING ", " SSH_VERSION "p1"
- diff -ruN openssh-9.0p1/version.m4 openssh-9.0p1+x509-13.3.2/version.m4
- --- openssh-9.0p1/version.m4 1970-01-01 02:00:00.000000000 +0200
- +++ openssh-9.0p1+x509-13.3.2/version.m4 2022-04-11 09:07:00.000000000 +0300
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/files/
@ 2023-01-01 18:16 Conrad Kostecki
0 siblings, 0 replies; 40+ messages in thread
From: Conrad Kostecki @ 2023-01-01 18:16 UTC (permalink / raw
To: gentoo-commits
commit: d80452b5bce46df84fcfee0e324b1626da4ad7b8
Author: Michael Mair-Keimberger <mmk <AT> levelnine <DOT> at>
AuthorDate: Tue Dec 27 17:09:14 2022 +0000
Commit: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
CommitDate: Sun Jan 1 18:16:22 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d80452b5
net-misc/openssh: remove unused patches
Signed-off-by: Michael Mair-Keimberger <mmk <AT> levelnine.at>
Closes: https://github.com/gentoo/gentoo/pull/28857
Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>
.../files/openssh-8.9_p1-X509-glue-13.3.1.patch | 126 ---------------------
.../openssh-8.9_p1-fzero-call-used-regs.patch | 32 ------
2 files changed, 158 deletions(-)
diff --git a/net-misc/openssh/files/openssh-8.9_p1-X509-glue-13.3.1.patch b/net-misc/openssh/files/openssh-8.9_p1-X509-glue-13.3.1.patch
deleted file mode 100644
index eab5b5344d6a..000000000000
--- a/net-misc/openssh/files/openssh-8.9_p1-X509-glue-13.3.1.patch
+++ /dev/null
@@ -1,126 +0,0 @@
-diff -ur '--exclude=.*.un~' a/openssh-8.9p1+x509-13.3.1.diff b/openssh-8.9p1+x509-13.3.1.diff
---- a/openssh-8.9p1+x509-13.3.1.diff 2022-03-05 21:49:32.673126122 -0800
-+++ b/openssh-8.9p1+x509-13.3.1.diff 2022-03-05 21:52:52.581776560 -0800
-@@ -1002,15 +1002,16 @@
- char b[512];
- - size_t len = ssh_digest_bytes(SSH_DIGEST_SHA512);
- - u_char *hash = xmalloc(len);
-+- double delay;
- + int digest_alg;
- + size_t len;
- + u_char *hash;
-- double delay;
--
-++ double delay = 0;
-++
- + digest_alg = ssh_digest_maxbytes();
- + len = ssh_digest_bytes(digest_alg);
- + hash = xmalloc(len);
--+
-+
- (void)snprintf(b, sizeof b, "%llu%s",
- (unsigned long long)options.timing_secret, user);
- - if (ssh_digest_memory(SSH_DIGEST_SHA512, b, strlen(b), hash, len) != 0)
-@@ -44746,8 +44747,8 @@
- gss_create_empty_oid_set(&status, &oidset);
- gss_add_oid_set_member(&status, ctx->oid, &oidset);
-
--- if (gethostname(lname, MAXHOSTNAMELEN)) {
--+ if (gethostname(lname, MAXHOSTNAMELEN) == -1) {
-+- if (gethostname(lname, HOST_NAME_MAX)) {
-++ if (gethostname(lname, HOST_NAME_MAX) == -1) {
- gss_release_oid_set(&status, &oidset);
- return (-1);
- }
-@@ -52143,7 +52144,7 @@
- diff -ruN openssh-8.9p1/m4/openssh.m4 openssh-8.9p1+x509-13.3.1/m4/openssh.m4
- --- openssh-8.9p1/m4/openssh.m4 2022-02-23 13:31:11.000000000 +0200
- +++ openssh-8.9p1+x509-13.3.1/m4/openssh.m4 1970-01-01 02:00:00.000000000 +0200
--@@ -1,200 +0,0 @@
-+@@ -1,203 +0,0 @@
- -dnl OpenSSH-specific autoconf macros
- -dnl
- -
-@@ -52160,6 +52161,8 @@
- - AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
- -#include <stdlib.h>
- -#include <stdio.h>
-+-/* Trivial function to help test for -fzero-call-used-regs */
-+-void f(int n) {}
- -int main(int argc, char **argv) {
- - (void)argv;
- - /* Some math to catch -ftrapv problems in the toolchain */
-@@ -52167,6 +52170,7 @@
- - float l = i * 2.1;
- - double m = l / 0.5;
- - long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
-+- f(0);
- - printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
- - /*
- - * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does
-@@ -52884,12 +52888,11 @@
-
- install-files:
- $(MKDIR_P) $(DESTDIR)$(bindir)
--@@ -396,6 +372,8 @@
-+@@ -396,6 +372,7 @@
- $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)5
- $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)8
- $(MKDIR_P) $(DESTDIR)$(libexecdir)
- + $(MKDIR_P) $(DESTDIR)$(sshcadir)
--+ $(MKDIR_P) $(DESTDIR)$(piddir)
- $(MKDIR_P) -m 0755 $(DESTDIR)$(PRIVSEP_PATH)
- $(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) $(DESTDIR)$(bindir)/ssh$(EXEEXT)
- $(INSTALL) -m 0755 $(STRIP_OPT) scp$(EXEEXT) $(DESTDIR)$(bindir)/scp$(EXEEXT)
-@@ -73836,7 +73839,7 @@
- +if test "$sshd_type" = "pkix" ; then
- + unset_arg=''
- +else
--+ unset_arg=none
-++ unset_arg=
- +fi
- +
- cat > $OBJ/sshd_config.i << _EOF
-@@ -79691,25 +79694,6 @@
- #ifdef __NR_getrandom
- SC_ALLOW(__NR_getrandom),
- #endif
--@@ -267,15 +273,15 @@
-- #ifdef __NR_clock_nanosleep_time64
-- SC_ALLOW(__NR_clock_nanosleep_time64),
-- #endif
---#ifdef __NR_clock_gettime64
--- SC_ALLOW(__NR_clock_gettime64),
---#endif
-- #ifdef __NR__newselect
-- SC_ALLOW(__NR__newselect),
-- #endif
-- #ifdef __NR_ppoll
-- SC_ALLOW(__NR_ppoll),
-- #endif
--+#ifdef __NR_ppoll_time64
--+ SC_ALLOW(__NR_ppoll_time64),
--+#endif
-- #ifdef __NR_poll
-- SC_ALLOW(__NR_poll),
-- #endif
- @@ -288,6 +294,9 @@
- #ifdef __NR_read
- SC_ALLOW(__NR_read),
-@@ -137848,16 +137832,6 @@
- +int asnmprintf(char **, size_t, int *, const char *, ...)
- __attribute__((format(printf, 4, 5)));
- void msetlocale(void);
--diff -ruN openssh-8.9p1/version.h openssh-8.9p1+x509-13.3.1/version.h
----- openssh-8.9p1/version.h 2022-02-23 13:31:11.000000000 +0200
--+++ openssh-8.9p1+x509-13.3.1/version.h 2022-03-05 10:07:00.000000000 +0200
--@@ -2,5 +2,4 @@
--
-- #define SSH_VERSION "OpenSSH_8.9"
--
---#define SSH_PORTABLE "p1"
---#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
--+#define SSH_RELEASE PACKAGE_STRING ", " SSH_VERSION "p1"
- diff -ruN openssh-8.9p1/version.m4 openssh-8.9p1+x509-13.3.1/version.m4
- --- openssh-8.9p1/version.m4 1970-01-01 02:00:00.000000000 +0200
- +++ openssh-8.9p1+x509-13.3.1/version.m4 2022-03-05 10:07:00.000000000 +0200
diff --git a/net-misc/openssh/files/openssh-8.9_p1-fzero-call-used-regs.patch b/net-misc/openssh/files/openssh-8.9_p1-fzero-call-used-regs.patch
deleted file mode 100644
index 0231ce46d7b1..000000000000
--- a/net-misc/openssh/files/openssh-8.9_p1-fzero-call-used-regs.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From f107467179428a0e3ea9e4aa9738ac12ff02822d Mon Sep 17 00:00:00 2001
-From: Colin Watson <cjwatson@debian.org>
-Date: Thu, 24 Feb 2022 16:04:18 +0000
-Subject: [PATCH] Improve detection of -fzero-call-used-regs=all support
-
-GCC doesn't tell us whether this option is supported unless it runs into
-the situation where it would need to emit corresponding code.
----
- m4/openssh.m4 | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/m4/openssh.m4 b/m4/openssh.m4
-index 4f9c3792dc1..8c33c701b8b 100644
---- a/m4/openssh.m4
-+++ b/m4/openssh.m4
-@@ -14,6 +14,8 @@ AC_DEFUN([OSSH_CHECK_CFLAG_COMPILE], [{
- AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
- #include <stdlib.h>
- #include <stdio.h>
-+/* Trivial function to help test for -fzero-call-used-regs */
-+void f(int n) {}
- int main(int argc, char **argv) {
- (void)argv;
- /* Some math to catch -ftrapv problems in the toolchain */
-@@ -21,6 +23,7 @@ int main(int argc, char **argv) {
- float l = i * 2.1;
- double m = l / 0.5;
- long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
-+ f(0);
- printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
- /*
- * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/files/
@ 2023-01-14 19:17 Sam James
0 siblings, 0 replies; 40+ messages in thread
From: Sam James @ 2023-01-14 19:17 UTC (permalink / raw
To: gentoo-commits
commit: 38705b064b00347f0c9c1ca579b8d48ca1834cb6
Author: Michael Mair-Keimberger <mmk <AT> levelnine <DOT> at>
AuthorDate: Tue Jan 10 16:29:20 2023 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Jan 14 19:15:52 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=38705b06
net-misc/openssh: remove unused patches
Signed-off-by: Michael Mair-Keimberger <mmk <AT> levelnine.at>
Closes: https://github.com/gentoo/gentoo/pull/29048
Signed-off-by: Sam James <sam <AT> gentoo.org>
.../files/openssh-8.9_p1-hpn-15.2-X509-glue.patch | 431 ---------------------
.../files/openssh-8.9_p1-hpn-15.2-glue.patch | 238 ------------
.../files/openssh-9.0_p1-X509-glue-13.4.1.patch | 54 ---
...enssh-9.0_p1-implicit-func-decl-vsnprintf.patch | 32 --
4 files changed, 755 deletions(-)
diff --git a/net-misc/openssh/files/openssh-8.9_p1-hpn-15.2-X509-glue.patch b/net-misc/openssh/files/openssh-8.9_p1-hpn-15.2-X509-glue.patch
deleted file mode 100644
index a98e1adcb54c..000000000000
--- a/net-misc/openssh/files/openssh-8.9_p1-hpn-15.2-X509-glue.patch
+++ /dev/null
@@ -1,431 +0,0 @@
-diff -ur '--exclude=.*.un~' a/openssh-8_5_P1-hpn-AES-CTR-15.2.diff b/openssh-8_5_P1-hpn-AES-CTR-15.2.diff
---- a/openssh-8_5_P1-hpn-AES-CTR-15.2.diff 2022-02-24 18:48:19.078457000 -0800
-+++ b/openssh-8_5_P1-hpn-AES-CTR-15.2.diff 2022-02-24 18:49:22.195632128 -0800
-@@ -3,9 +3,9 @@
- --- a/Makefile.in
- +++ b/Makefile.in
- @@ -46,7 +46,7 @@ CFLAGS=@CFLAGS@
-- CFLAGS_NOPIE=@CFLAGS_NOPIE@
-- CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
-- PICFLAG=@PICFLAG@
-+ LD=@LD@
-+ CFLAGS=@CFLAGS@ $(CFLAGS_EXTRA)
-+ CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@
- -LIBS=@LIBS@
- +LIBS=@LIBS@ -lpthread
- K5LIBS=@K5LIBS@
-@@ -803,8 +803,8 @@
- ssh_packet_set_connection(struct ssh *ssh, int fd_in, int fd_out)
- {
- struct session_state *state;
--- const struct sshcipher *none = cipher_by_name("none");
--+ struct sshcipher *none = cipher_by_name("none");
-+- const struct sshcipher *none = cipher_none();
-++ struct sshcipher *none = cipher_none();
- int r;
-
- if (none == NULL) {
-@@ -894,24 +894,24 @@
- intptr = &options->compression;
- multistate_ptr = multistate_compression;
- @@ -2272,6 +2278,7 @@ initialize_options(Options * options)
-- options->revoked_host_keys = NULL;
- options->fingerprint_hash = -1;
- options->update_hostkeys = -1;
-+ options->known_hosts_command = NULL;
- + options->disable_multithreaded = -1;
-- options->hostbased_accepted_algos = NULL;
-- options->pubkey_accepted_algos = NULL;
-- options->known_hosts_command = NULL;
-+ }
-+
-+ /*
- @@ -2467,6 +2474,10 @@ fill_default_options(Options * options)
-+ options->update_hostkeys = 0;
- if (options->sk_provider == NULL)
- options->sk_provider = xstrdup("$SSH_SK_PROVIDER");
-- #endif
- + if (options->update_hostkeys == -1)
- + options->update_hostkeys = 0;
- + if (options->disable_multithreaded == -1)
- + options->disable_multithreaded = 0;
-
-- /* Expand KEX name lists */
-- all_cipher = cipher_alg_list(',', 0);
-+ /* expand KEX and etc. name lists */
-+ { char *all;
- diff --git a/readconf.h b/readconf.h
- index 2fba866e..7f8f0227 100644
- --- a/readconf.h
-@@ -950,9 +950,9 @@
- /* Portable-specific options */
- sUsePAM,
- + sDisableMTAES,
-- /* Standard Options */
-- sPort, sHostKeyFile, sLoginGraceTime,
-- sPermitRootLogin, sLogFacility, sLogLevel, sLogVerbose,
-+ /* X.509 Standard Options */
-+ sHostbasedAlgorithms,
-+ sPubkeyAlgorithms,
- @@ -662,6 +666,7 @@ static struct {
- { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },
- { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL },
-diff -ur '--exclude=.*.un~' a/openssh-8_5_P1-hpn-DynWinNoneSwitch-15.2.diff b/openssh-8_5_P1-hpn-DynWinNoneSwitch-15.2.diff
---- a/openssh-8_5_P1-hpn-DynWinNoneSwitch-15.2.diff 2022-02-24 18:48:19.078457000 -0800
-+++ b/openssh-8_5_P1-hpn-DynWinNoneSwitch-15.2.diff 2022-02-24 18:54:51.800546480 -0800
-@@ -157,6 +157,36 @@
- + Allan Jude provided the code for the NoneMac and buffer normalization.
- + This work was financed, in part, by Cisco System, Inc., the National
- + Library of Medicine, and the National Science Foundation.
-+diff --git a/auth2.c b/auth2.c
-+--- a/auth2.c 2021-03-15 19:30:45.404060786 -0700
-++++ b/auth2.c 2021-03-15 19:37:22.078476597 -0700
-+@@ -229,16 +229,17 @@
-+ double delay;
-+
-+ digest_alg = ssh_digest_maxbytes();
-+- len = ssh_digest_bytes(digest_alg);
-+- hash = xmalloc(len);
-++ if (len = ssh_digest_bytes(digest_alg) > 0) {
-++ hash = xmalloc(len);
-+
-+- (void)snprintf(b, sizeof b, "%llu%s",
-+- (unsigned long long)options.timing_secret, user);
-+- if (ssh_digest_memory(digest_alg, b, strlen(b), hash, len) != 0)
-+- fatal_f("ssh_digest_memory");
-+- /* 0-4.2 ms of delay */
-+- delay = (double)PEEK_U32(hash) / 1000 / 1000 / 1000 / 1000;
-+- freezero(hash, len);
-++ (void)snprintf(b, sizeof b, "%llu%s",
-++ (unsigned long long)options.timing_secret, user);
-++ if (ssh_digest_memory(digest_alg, b, strlen(b), hash, len) != 0)
-++ fatal_f("ssh_digest_memory");
-++ /* 0-4.2 ms of delay */
-++ delay = (double)PEEK_U32(hash) / 1000 / 1000 / 1000 / 1000;
-++ freezero(hash, len);
-++ }
-+ debug3_f("user specific delay %0.3lfms", delay/1000);
-+ return MIN_FAIL_DELAY_SECONDS + delay;
-+ }
- diff --git a/channels.c b/channels.c
- index b60d56c4..0e363c15 100644
- --- a/channels.c
-@@ -209,14 +239,14 @@
- static void
- channel_pre_open(struct ssh *ssh, Channel *c,
- fd_set *readset, fd_set *writeset)
--@@ -2120,22 +2147,32 @@ channel_check_window(struct ssh *ssh, Channel *c)
-+@@ -2164,21 +2191,31 @@ channel_check_window(struct ssh *ssh, Channel *c)
-
- if (c->type == SSH_CHANNEL_OPEN &&
- !(c->flags & (CHAN_CLOSE_SENT|CHAN_CLOSE_RCVD)) &&
- - ((c->local_window_max - c->local_window >
- - c->local_maxpacket*3) ||
--+ ((ssh_packet_is_interactive(ssh) &&
--+ c->local_window_max - c->local_window > c->local_maxpacket*3) ||
-++ ((ssh_packet_is_interactive(ssh) &&
-++ c->local_window_max - c->local_window > c->local_maxpacket*3) ||
- c->local_window < c->local_window_max/2) &&
- c->local_consumed > 0) {
- + u_int addition = 0;
-@@ -235,9 +265,8 @@
- (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 ||
- - (r = sshpkt_put_u32(ssh, c->local_consumed)) != 0 ||
- + (r = sshpkt_put_u32(ssh, c->local_consumed + addition)) != 0 ||
-- (r = sshpkt_send(ssh)) != 0) {
-- fatal_fr(r, "channel %i", c->self);
-- }
-+ (r = sshpkt_send(ssh)) != 0)
-+ fatal_fr(r, "channel %d", c->self);
- - debug2("channel %d: window %d sent adjust %d", c->self,
- - c->local_window, c->local_consumed);
- - c->local_window += c->local_consumed;
-@@ -337,70 +366,92 @@
- index 70f492f8..5503af1d 100644
- --- a/clientloop.c
- +++ b/clientloop.c
--@@ -1578,9 +1578,11 @@ client_request_x11(struct ssh *ssh, const char *request_type, int rchan)
-+@@ -1578,10 +1578,11 @@ client_request_x11(struct ssh *ssh, const char *request_type, int rchan)
- sock = x11_connect_display(ssh);
- if (sock < 0)
- return NULL;
- - c = channel_new(ssh, "x11",
- - SSH_CHANNEL_X11_OPEN, sock, sock, -1,
--- CHAN_TCP_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, 0, "x11", 1);
--+ c = channel_new(ssh, "x11",
--+ SSH_CHANNEL_X11_OPEN, sock, sock, -1,
--+ /* again is this really necessary for X11? */
--+ options.hpn_disabled ? CHAN_TCP_WINDOW_DEFAULT : options.hpn_buffer_size,
--+ CHAN_X11_PACKET_DEFAULT, 0, "x11", 1);
-+- CHAN_TCP_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, 0, "x11",
-+- CHANNEL_NONBLOCK_SET);
-++ c = channel_new(ssh, "x11",
-++ SSH_CHANNEL_X11_OPEN, sock, sock, -1,
-++ /* again is this really necessary for X11? */
-++ options.hpn_disabled ? CHAN_TCP_WINDOW_DEFAULT : options.hpn_buffer_size,
-++ CHAN_X11_PACKET_DEFAULT, 0, "x11", CHANNEL_NONBLOCK_SET);
- c->force_drain = 1;
- return c;
- }
--@@ -1608,9 +1610,10 @@ client_request_agent(struct ssh *ssh, const char *request_type, int rchan)
-+@@ -1608,9 +1609,10 @@ client_request_agent(struct ssh *ssh, const char *request_type, int rchan)
- return NULL;
- }
- c = channel_new(ssh, "authentication agent connection",
- - SSH_CHANNEL_OPEN, sock, sock, -1,
- - CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0,
--- "authentication agent connection", 1);
--+ SSH_CHANNEL_OPEN, sock, sock, -1,
--+ options.hpn_disabled ? CHAN_X11_WINDOW_DEFAULT : options.hpn_buffer_size,
--+ CHAN_TCP_PACKET_DEFAULT, 0,
--+ "authentication agent connection", 1);
-+- "authentication agent connection", CHANNEL_NONBLOCK_SET);
-++ SSH_CHANNEL_OPEN, sock, sock, -1,
-++ options.hpn_disabled ? CHAN_X11_WINDOW_DEFAULT : options.hpn_buffer_size,
-++ CHAN_TCP_PACKET_DEFAULT, 0,
-++ "authentication agent connection", CHANNEL_NONBLOCK_SET);
- c->force_drain = 1;
- return c;
- }
--@@ -1635,10 +1638,13 @@ client_request_tun_fwd(struct ssh *ssh, int tun_mode,
-+@@ -1635,9 +1637,9 @@ client_request_tun_fwd(struct ssh *ssh, int tun_mode,
- }
- debug("Tunnel forwarding using interface %s", ifname);
-
- - c = channel_new(ssh, "tun", SSH_CHANNEL_OPENING, fd, fd, -1,
--- CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
--+ c = channel_new(ssh, "tun", SSH_CHANNEL_OPENING, fd, fd, -1,
-+- CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun",
-+- CHANNEL_NONBLOCK_SET);
-++ c = channel_new(ssh, "tun", SSH_CHANNEL_OPENING, fd, fd, -1,
- + options.hpn_disabled ? CHAN_TCP_WINDOW_DEFAULT : options.hpn_buffer_size,
--+ CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
-++ CHAN_TCP_PACKET_DEFAULT, 0, "tun", CHANNEL_NONBLOCK_SET);
- c->datagram = 1;
-
--+
--+
- #if defined(SSH_TUN_FILTER)
-- if (options.tun_open == SSH_TUNMODE_POINTOPOINT)
-- channel_register_filter(ssh, c->self, sys_tun_infilter,
- diff --git a/compat.c b/compat.c
- index 69befa96..90b5f338 100644
- --- a/compat.c
- +++ b/compat.c
--@@ -149,6 +149,14 @@ compat_banner(struct ssh *ssh, const char *version)
-- debug_f("match: %s pat %s compat 0x%08x",
-+@@ -43,7 +43,7 @@ compat_datafellows(const char *version)
-+ static u_int
-+ compat_datafellows(const char *version)
-+ {
-+- int i;
-++ int i, bugs = 0;
-+ static struct {
-+ char *pat;
-+ int bugs;
-+@@ -147,11 +147,26 @@
-+ if (match_pattern_list(version, check[i].pat, 0) == 1) {
-+ debug("match: %s pat %s compat 0x%08x",
- version, check[i].pat, check[i].bugs);
-- ssh->compat = check[i].bugs;
- + /* Check to see if the remote side is OpenSSH and not HPN */
--+ /* TODO: need to use new method to test for this */
- + if (strstr(version, "OpenSSH") != NULL) {
- + if (strstr(version, "hpn") == NULL) {
--+ ssh->compat |= SSH_BUG_LARGEWINDOW;
-++ bugs |= SSH_BUG_LARGEWINDOW;
- + debug("Remote is NON-HPN aware");
- + }
- + }
-- return;
-+- return check[i].bugs;
-++ bugs |= check[i].bugs;
- }
- }
-+- debug("no match: %s", version);
-+- return 0;
-++ /* Check to see if the remote side is OpenSSH and not HPN */
-++ if (strstr(version, "OpenSSH") != NULL) {
-++ if (strstr(version, "hpn") == NULL) {
-++ bugs |= SSH_BUG_LARGEWINDOW;
-++ debug("Remote is NON-HPN aware");
-++ }
-++ }
-++ if (bugs == 0)
-++ debug("no match: %s", version);
-++ return bugs;
-+ }
-+
-+ char *
- diff --git a/compat.h b/compat.h
- index c197fafc..ea2e17a7 100644
- --- a/compat.h
-@@ -459,7 +510,7 @@
- @@ -890,6 +890,10 @@ kex_choose_conf(struct ssh *ssh)
- int nenc, nmac, ncomp;
- u_int mode, ctos, need, dh_need, authlen;
-- int r, first_kex_follows;
-+ int r, first_kex_follows = 0;
- + int auth_flag = 0;
- +
- + auth_flag = packet_authentication_state(ssh);
-@@ -553,10 +604,10 @@
- #define MAX_PACKETS (1U<<31)
- static int
- ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
--@@ -1317,7 +1351,7 @@ ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
-+@@ -1317,7 +1336,7 @@ ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
-+ {
- struct session_state *state = ssh->state;
- int len, r, ms_remain;
-- struct pollfd pfd;
- - char buf[8192];
- + char buf[SSH_IOBUFSZ];
- struct timeval start;
-@@ -1072,7 +1123,7 @@
- + else
- + options.hpn_buffer_size = 2 * 1024 * 1024;
- +
--+ if (ssh->compat & SSH_BUG_LARGEWINDOW) {
-++ if (ssh_compat_fellows(ssh, SSH_BUG_LARGEWINDOW)) {
- + debug("HPN to Non-HPN Connection");
- + } else {
- + int sock, socksize;
-@@ -1136,14 +1187,14 @@
- }
- @@ -2089,6 +2167,11 @@ ssh_session2_open(struct ssh *ssh)
- window, packetmax, CHAN_EXTENDED_WRITE,
-- "client-session", /*nonblock*/0);
-+ "client-session", CHANNEL_NONBLOCK_STDIO);
-
- + if ((options.tcp_rcv_buf_poll > 0) && !options.hpn_disabled) {
- + c->dynamic_window = 1;
- + debug("Enabled Dynamic Window Scaling");
- + }
- +
-- debug3_f("channel_new: %d", c->self);
-+ debug2_f("channel %d", c->self);
-
- channel_send_open(ssh, c->self);
- @@ -2105,6 +2188,13 @@ ssh_session2(struct ssh *ssh, const struct ssh_conn_info *cinfo)
-@@ -1314,7 +1365,29 @@
- /* Bind the socket to the desired port. */
- if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) == -1) {
- error("Bind to port %s on %s failed: %.200s.",
--@@ -1727,6 +1734,19 @@ main(int ac, char **av)
-+@@ -1625,13 +1632,14 @@
-+ if (ssh_digest_update(ctx, sshbuf_ptr(server_cfg),
-+ sshbuf_len(server_cfg)) != 0)
-+ fatal_f("ssh_digest_update");
-+- len = ssh_digest_bytes(digest_alg);
-+- hash = xmalloc(len);
-+- if (ssh_digest_final(ctx, hash, len) != 0)
-+- fatal_f("ssh_digest_final");
-+- options.timing_secret = PEEK_U64(hash);
-+- freezero(hash, len);
-+- ssh_digest_free(ctx);
-++ if ((len = ssh_digest_bytes(digest_alg)) > 0) {
-++ hash = xmalloc(len);
-++ if (ssh_digest_final(ctx, hash, len) != 0)
-++ fatal_f("ssh_digest_final");
-++ options.timing_secret = PEEK_U64(hash);
-++ freezero(hash, len);
-++ ssh_digest_free(ctx);
-++ }
-+ ctx = NULL;
-+ return;
-+ }
-+@@ -1727,6 +1735,19 @@ main(int ac, char **av)
- fatal("AuthorizedPrincipalsCommand set without "
- "AuthorizedPrincipalsCommandUser");
-
-@@ -1334,7 +1407,7 @@
- /*
- * Check whether there is any path through configured auth methods.
- * Unfortunately it is not possible to verify this generally before
--@@ -2166,6 +2186,9 @@ main(int ac, char **av)
-+@@ -2166,6 +2187,9 @@ main(int ac, char **av)
- rdomain == NULL ? "" : "\"");
- free(laddr);
-
-@@ -1344,7 +1417,7 @@
- /*
- * We don't want to listen forever unless the other side
- * successfully authenticates itself. So we set up an alarm which is
--@@ -2343,6 +2366,12 @@ do_ssh2_kex(struct ssh *ssh)
-+@@ -2343,6 +2367,12 @@ do_ssh2_kex(struct ssh *ssh)
- struct kex *kex;
- int r;
-
-@@ -1384,14 +1457,3 @@
- # Example of overriding settings on a per-user basis
- #Match User anoncvs
- # X11Forwarding no
--diff --git a/version.h b/version.h
--index 6b4fa372..332fb486 100644
----- a/version.h
--+++ b/version.h
--@@ -3,4 +3,5 @@
-- #define SSH_VERSION "OpenSSH_8.5"
--
-- #define SSH_PORTABLE "p1"
---#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
--+#define SSH_HPN "-hpn15v2"
--+#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN
-diff -ur '--exclude=.*.un~' a/openssh-8_5_P1-hpn-PeakTput-15.2.diff b/openssh-8_5_P1-hpn-PeakTput-15.2.diff
---- a/openssh-8_5_P1-hpn-PeakTput-15.2.diff 2022-02-24 18:48:19.078457000 -0800
-+++ b/openssh-8_5_P1-hpn-PeakTput-15.2.diff 2022-02-24 18:49:22.196632131 -0800
-@@ -12,9 +12,9 @@
- static long stalled; /* how long we have been stalled */
- static int bytes_per_second; /* current speed in bytes per second */
- @@ -127,6 +129,7 @@ refresh_progress_meter(int force_update)
-+ off_t bytes_left;
- int cur_speed;
-- int hours, minutes, seconds;
-- int file_len;
-+ int len;
- + off_t delta_pos;
-
- if ((!force_update && !alarm_fired && !win_resized) || !can_output())
-@@ -30,15 +30,17 @@
- if (bytes_left > 0)
- elapsed = now - last_update;
- else {
--@@ -166,7 +173,7 @@ refresh_progress_meter(int force_update)
--
-+@@ -166,8 +173,8 @@ refresh_progress_meter(int force_update)
-+ buf[1] = '\0';
-+
- /* filename */
-- buf[0] = '\0';
--- file_len = win_size - 36;
--+ file_len = win_size - 45;
-- if (file_len > 0) {
-- buf[0] = '\r';
-- snmprintf(buf+1, sizeof(buf)-1, &file_len, "%-*s",
-+- if (win_size > 36) {
-++ if (win_size > 45) {
-+- int file_len = win_size - 36;
-++ int file_len = win_size - 45;
-+ snmprintf(buf+1, sizeof(buf)-1, &file_len, "%-*s ",
-+ file_len, file);
-+ }
- @@ -191,6 +198,15 @@ refresh_progress_meter(int force_update)
- (off_t)bytes_per_second);
- strlcat(buf, "/s ", win_size);
-@@ -63,15 +65,3 @@
- }
-
- /*ARGSUSED*/
--diff --git a/ssh-keygen.c b/ssh-keygen.c
--index cfb5f115..986ff59b 100644
----- a/ssh-keygen.c
--+++ b/ssh-keygen.c
--@@ -2959,7 +2959,6 @@ do_download_sk(const char *skprovider, const char *device)
--
-- if (skprovider == NULL)
-- fatal("Cannot download keys without provider");
---
-- pin = read_passphrase("Enter PIN for authenticator: ", RP_ALLOW_STDIN);
-- if (!quiet) {
-- printf("You may need to touch your authenticator "
diff --git a/net-misc/openssh/files/openssh-8.9_p1-hpn-15.2-glue.patch b/net-misc/openssh/files/openssh-8.9_p1-hpn-15.2-glue.patch
deleted file mode 100644
index 272270b7e985..000000000000
--- a/net-misc/openssh/files/openssh-8.9_p1-hpn-15.2-glue.patch
+++ /dev/null
@@ -1,238 +0,0 @@
-diff -ur '--exclude=.*.un~' a/openssh-8_5_P1-hpn-AES-CTR-15.2.diff b/openssh-8_5_P1-hpn-AES-CTR-15.2.diff
---- a/openssh-8_5_P1-hpn-AES-CTR-15.2.diff 2022-02-23 17:10:24.843395097 -0800
-+++ b/openssh-8_5_P1-hpn-AES-CTR-15.2.diff 2022-02-23 17:10:38.206451595 -0800
-@@ -1026,9 +1026,9 @@
- + }
- +#endif
- +
-- debug("Authentication succeeded (%s).", authctxt.method->name);
-- }
--
-+ if (ssh_packet_connection_is_on_socket(ssh)) {
-+ verbose("Authenticated to %s ([%s]:%d) using \"%s\".", host,
-+ ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),
- diff --git a/sshd.c b/sshd.c
- index 6277e6d6..bf3d6e4a 100644
- --- a/sshd.c
-diff -ur '--exclude=.*.un~' a/openssh-8_5_P1-hpn-DynWinNoneSwitch-15.2.diff b/openssh-8_5_P1-hpn-DynWinNoneSwitch-15.2.diff
---- a/openssh-8_5_P1-hpn-DynWinNoneSwitch-15.2.diff 2022-02-23 17:08:38.124943587 -0800
-+++ b/openssh-8_5_P1-hpn-DynWinNoneSwitch-15.2.diff 2022-02-23 17:20:59.432070316 -0800
-@@ -536,18 +536,10 @@
- if (state->rekey_limit)
- *max_blocks = MINIMUM(*max_blocks,
- state->rekey_limit / enc->block_size);
--@@ -954,6 +963,24 @@ ssh_set_newkeys(struct ssh *ssh, int mode)
-+@@ -954,6 +963,16 @@ ssh_set_newkeys(struct ssh *ssh, int mode)
- return 0;
- }
-
--+/* this supports the forced rekeying required for the NONE cipher */
--+int rekey_requested = 0;
--+void
--+packet_request_rekeying(void)
--+{
--+ rekey_requested = 1;
--+}
--+
- +/* used to determine if pre or post auth when rekeying for aes-ctr
- + * and none cipher switch */
- +int
-@@ -561,27 +553,14 @@
- #define MAX_PACKETS (1U<<31)
- static int
- ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
--@@ -980,6 +1007,13 @@ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
-- if (state->p_send.packets == 0 && state->p_read.packets == 0)
-- return 0;
--
--+ /* used to force rekeying when called for by the none
--+ * cipher switch methods -cjr */
--+ if (rekey_requested == 1) {
--+ rekey_requested = 0;
--+ return 1;
--+ }
--+
-- /* Time-based rekeying */
-- if (state->rekey_interval != 0 &&
-- (int64_t)state->rekey_time + state->rekey_interval <= monotime())
- @@ -1317,7 +1351,7 @@ ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
- struct session_state *state = ssh->state;
- int len, r, ms_remain;
-- fd_set *setp;
-+ struct pollfd pfd;
- - char buf[8192];
- + char buf[SSH_IOBUFSZ];
-- struct timeval timeout, start, *timeoutp = NULL;
-+ struct timeval start;
-+ struct timespec timespec, *timespecp = NULL;
-
- DBG(debug("packet_read()"));
- diff --git a/packet.h b/packet.h
-@@ -598,12 +577,11 @@
- };
-
- typedef int (ssh_packet_hook_fn)(struct ssh *, struct sshbuf *,
--@@ -155,6 +158,10 @@ int ssh_packet_inc_alive_timeouts(struct ssh *);
-+@@ -155,6 +158,9 @@ int ssh_packet_inc_alive_timeouts(struct ssh *);
- int ssh_packet_set_maxsize(struct ssh *, u_int);
- u_int ssh_packet_get_maxsize(struct ssh *);
-
- +/* for forced packet rekeying post auth */
--+void packet_request_rekeying(void);
- +int packet_authentication_state(const struct ssh *);
- +
- int ssh_packet_get_state(struct ssh *, struct sshbuf *);
-@@ -627,9 +605,9 @@
- oLocalCommand, oPermitLocalCommand, oRemoteCommand,
- + oTcpRcvBufPoll, oTcpRcvBuf, oHPNDisabled, oHPNBufferSize,
- + oNoneEnabled, oNoneMacEnabled, oNoneSwitch,
-+ oDisableMTAES,
- oVisualHostKey,
- oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass,
-- oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots,
- @@ -297,6 +300,9 @@ static struct {
- { "kexalgorithms", oKexAlgorithms },
- { "ipqos", oIPQoS },
-@@ -637,9 +615,9 @@
- + { "noneenabled", oNoneEnabled },
- + { "nonemacenabled", oNoneMacEnabled },
- + { "noneswitch", oNoneSwitch },
-- { "proxyusefdpass", oProxyUseFdpass },
-- { "canonicaldomains", oCanonicalDomains },
-- { "canonicalizefallbacklocal", oCanonicalizeFallbackLocal },
-+ { "sessiontype", oSessionType },
-+ { "stdinnull", oStdinNull },
-+ { "forkafterauthentication", oForkAfterAuthentication },
- @@ -317,6 +323,11 @@ static struct {
- { "securitykeyprovider", oSecurityKeyProvider },
- { "knownhostscommand", oKnownHostsCommand },
-@@ -717,9 +695,9 @@
- + options->hpn_buffer_size = -1;
- + options->tcp_rcv_buf_poll = -1;
- + options->tcp_rcv_buf = -1;
-- options->proxy_use_fdpass = -1;
-- options->ignored_unknown = NULL;
-- options->num_canonical_domains = 0;
-+ options->session_type = -1;
-+ options->stdin_null = -1;
-+ options->fork_after_authentication = -1;
- @@ -2426,6 +2484,41 @@ fill_default_options(Options * options)
- options->server_alive_interval = 0;
- if (options->server_alive_count_max == -1)
-@@ -778,9 +756,9 @@
- int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */
- SyslogFacility log_facility; /* Facility for system logging. */
- @@ -120,7 +124,11 @@ typedef struct {
--
- int enable_ssh_keysign;
- int64_t rekey_limit;
-+ int disable_multithreaded; /*disable multithreaded aes-ctr*/
- + int none_switch; /* Use none cipher */
- + int none_enabled; /* Allow none cipher to be used */
- + int nonemac_enabled; /* Allow none MAC to be used */
-@@ -842,9 +820,9 @@
- /* Portable-specific options */
- if (options->use_pam == -1)
- @@ -424,6 +434,49 @@ fill_default_server_options(ServerOptions *options)
-- }
-- if (options->permit_tun == -1)
- options->permit_tun = SSH_TUNMODE_NO;
-+ if (options->disable_multithreaded == -1)
-+ options->disable_multithreaded = 0;
- + if (options->none_enabled == -1)
- + options->none_enabled = 0;
- + if (options->nonemac_enabled == -1)
-@@ -975,15 +953,6 @@
- index 306658cb..d4309903 100644
- --- a/serverloop.c
- +++ b/serverloop.c
--@@ -322,7 +322,7 @@ static int
-- process_input(struct ssh *ssh, fd_set *readset, int connection_in)
-- {
-- int r, len;
--- char buf[16384];
--+ char buf[SSH_IOBUFSZ];
--
-- /* Read and buffer any input data from the client. */
-- if (FD_ISSET(connection_in, readset)) {
- @@ -608,7 +608,8 @@ server_request_tun(struct ssh *ssh)
- debug("Tunnel forwarding using interface %s", ifname);
-
-@@ -1047,30 +1016,17 @@
- Note that
- diff --git a/sftp.c b/sftp.c
- index fb3c08d1..89bebbb2 100644
----- a/sftp.c
--+++ b/sftp.c
--@@ -71,7 +71,7 @@ typedef void EditLine;
-- #include "sftp-client.h"
--
-- #define DEFAULT_COPY_BUFLEN 32768 /* Size of buffer for up/download */
---#define DEFAULT_NUM_REQUESTS 64 /* # concurrent outstanding requests */
--+#define DEFAULT_NUM_REQUESTS 256 /* # concurrent outstanding requests */
--
-- /* File to read commands from */
-- FILE* infile;
--diff --git a/ssh-keygen.c b/ssh-keygen.c
--index cfb5f115..36a6e519 100644
----- a/ssh-keygen.c
--+++ b/ssh-keygen.c
--@@ -2971,7 +2971,7 @@ do_download_sk(const char *skprovider, const char *device)
-- freezero(pin, strlen(pin));
-- error_r(r, "Unable to load resident keys");
-- return -1;
--- }
--+ }
-- if (nkeys == 0)
-- logit("No keys to download");
-- if (pin != NULL)
-+--- a/sftp-client.c
-++++ b/sftp-client.c
-+@@ -65,7 +65,7 @@ typedef void EditLine;
-+ #define DEFAULT_COPY_BUFLEN 32768
-+
-+ /* Default number of concurrent outstanding requests */
-+-#define DEFAULT_NUM_REQUESTS 64
-++#define DEFAULT_NUM_REQUESTS 256
-+
-+ /* Minimum amount of data to read at a time */
-+ #define MIN_READ_SIZE 512
- diff --git a/ssh.c b/ssh.c
- index 53330da5..27b9770e 100644
- --- a/ssh.c
-@@ -1330,9 +1286,9 @@
- + }
- + }
- +
-- debug("Authentication succeeded (%s).", authctxt.method->name);
-- }
-
-+ #ifdef WITH_OPENSSL
-+ if (options.disable_multithreaded == 0) {
- diff --git a/sshd.c b/sshd.c
- index 6277e6d6..d66fa41a 100644
- --- a/sshd.c
-@@ -1359,8 +1315,8 @@
- if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) == -1) {
- error("Bind to port %s on %s failed: %.200s.",
- @@ -1727,6 +1734,19 @@ main(int ac, char **av)
-- /* Fill in default values for those options not explicitly set. */
-- fill_default_server_options(&options);
-+ fatal("AuthorizedPrincipalsCommand set without "
-+ "AuthorizedPrincipalsCommandUser");
-
- + if (options.none_enabled == 1) {
- + char *old_ciphers = options.ciphers;
-@@ -1375,9 +1331,9 @@
- + }
- + }
- +
-- /* challenge-response is implemented via keyboard interactive */
-- if (options.challenge_response_authentication)
-- options.kbd_interactive_authentication = 1;
-+ /*
-+ * Check whether there is any path through configured auth methods.
-+ * Unfortunately it is not possible to verify this generally before
- @@ -2166,6 +2186,9 @@ main(int ac, char **av)
- rdomain == NULL ? "" : "\"");
- free(laddr);
diff --git a/net-misc/openssh/files/openssh-9.0_p1-X509-glue-13.4.1.patch b/net-misc/openssh/files/openssh-9.0_p1-X509-glue-13.4.1.patch
deleted file mode 100644
index dc93182e1d4c..000000000000
--- a/net-misc/openssh/files/openssh-9.0_p1-X509-glue-13.4.1.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-diff -ur '--exclude=.*.un~' a/openssh-9.0p1+x509-13.4.1.diff b/openssh-9.0p1+x509-13.4.1.diff
---- a/openssh-9.0p1+x509-13.4.1.diff 2022-06-23 10:43:33.957093896 -0700
-+++ b/openssh-9.0p1+x509-13.4.1.diff 2022-06-23 10:44:17.232396805 -0700
-@@ -48941,8 +48941,8 @@
- gss_create_empty_oid_set(&status, &oidset);
- gss_add_oid_set_member(&status, ctx->oid, &oidset);
-
--- if (gethostname(lname, MAXHOSTNAMELEN)) {
--+ if (gethostname(lname, MAXHOSTNAMELEN) == -1) {
-+- if (gethostname(lname, HOST_NAME_MAX)) {
-++ if (gethostname(lname, HOST_NAME_MAX) == -1) {
- gss_release_oid_set(&status, &oidset);
- return (-1);
- }
-@@ -57102,12 +57102,11 @@
-
- install-files:
- $(MKDIR_P) $(DESTDIR)$(bindir)
--@@ -395,6 +372,8 @@
-+@@ -395,6 +372,7 @@
- $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)5
- $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)8
- $(MKDIR_P) $(DESTDIR)$(libexecdir)
- + $(MKDIR_P) $(DESTDIR)$(sshcadir)
--+ $(MKDIR_P) $(DESTDIR)$(piddir)
- $(MKDIR_P) -m 0755 $(DESTDIR)$(PRIVSEP_PATH)
- $(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) $(DESTDIR)$(bindir)/ssh$(EXEEXT)
- $(INSTALL) -m 0755 $(STRIP_OPT) scp$(EXEEXT) $(DESTDIR)$(bindir)/scp$(EXEEXT)
-@@ -78638,7 +78637,7 @@
- +if test "$sshd_type" = "pkix" ; then
- + unset_arg=''
- +else
--+ unset_arg=none
-++ unset_arg=''
- +fi
- +
- cat > $OBJ/sshd_config.i << _EOF
-@@ -143777,16 +143776,6 @@
- +int asnmprintf(char **, size_t, int *, const char *, ...)
- __attribute__((format(printf, 4, 5)));
- void msetlocale(void);
--diff -ruN openssh-9.0p1/version.h openssh-9.0p1+x509-13.4.1/version.h
----- openssh-9.0p1/version.h 2022-04-06 03:47:48.000000000 +0300
--+++ openssh-9.0p1+x509-13.4.1/version.h 2022-06-23 09:07:00.000000000 +0300
--@@ -2,5 +2,4 @@
--
-- #define SSH_VERSION "OpenSSH_9.0"
--
---#define SSH_PORTABLE "p1"
---#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
--+#define SSH_RELEASE PACKAGE_STRING ", " SSH_VERSION "p1"
- diff -ruN openssh-9.0p1/version.m4 openssh-9.0p1+x509-13.4.1/version.m4
- --- openssh-9.0p1/version.m4 1970-01-01 02:00:00.000000000 +0200
- +++ openssh-9.0p1+x509-13.4.1/version.m4 2022-06-23 09:07:00.000000000 +0300
diff --git a/net-misc/openssh/files/openssh-9.0_p1-implicit-func-decl-vsnprintf.patch b/net-misc/openssh/files/openssh-9.0_p1-implicit-func-decl-vsnprintf.patch
deleted file mode 100644
index c3a464eb3fe8..000000000000
--- a/net-misc/openssh/files/openssh-9.0_p1-implicit-func-decl-vsnprintf.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-https://github.com/openssh/openssh-portable/pull/339
-
-From a15d08a25f1ccc3ee803dfe790cc1f608651464c Mon Sep 17 00:00:00 2001
-From: Sam James <sam@gentoo.org>
-Date: Thu, 8 Sep 2022 02:49:29 +0100
-Subject: [PATCH] openbsd-compat/bsd-asprintf: add <stdio.h> include for
- vsnprintf
-
-Fixes the following build failure with Clang 15 on musl:
-```
-bsd-asprintf.c:51:8: error: call to undeclared library function 'vsnprintf' with type 'int (char *, unsigned long, const char *, struct __va_list_tag *)'; ISO C99 and laterclang -O2 -pipe -fdiagnostics-color=always -frecord-gcc-switches -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wmisleading-indentation -Wbitwise-instead-of-logical -fno-strict-aliasing -mretpoline -ftrapv -fzero-call-used-regs=all -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -DSSHDIR=\"/etc/ssh\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/lib/misc/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/lib/misc/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/lib/misc/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/lib/misc/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/lib/misc/ssh-sk-helper\" -D_PA
TH_SSH_PIDDIR=\"/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c cipher-aes.c -o cipher-aes.o
- do not support
- implicit function declarations [-Wimplicit-function-declaration]
- ret = vsnprintf(string, INIT_SZ, fmt, ap2);
- ^
-bsd-asprintf.c:51:8: note: include the header <stdio.h> or explicitly provide a declaration for 'vsnprintf'
-1 error generated.
-```
-
-See also: https://lists.mindrot.org/pipermail/openssh-unix-dev/2019-June/037811.html
-See also: 73eb6cef41daba0359c1888e4756108d41b4e819
---- a/openbsd-compat/bsd-asprintf.c
-+++ b/openbsd-compat/bsd-asprintf.c
-@@ -32,6 +32,7 @@
-
- #include <errno.h>
- #include <stdarg.h>
-+#include <stdio.h>
- #include <stdlib.h>
-
- #define INIT_SZ 128
-
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/files/
@ 2023-03-23 6:02 Sam James
0 siblings, 0 replies; 40+ messages in thread
From: Sam James @ 2023-03-23 6:02 UTC (permalink / raw
To: gentoo-commits
commit: c1bbac96c183b2608224002c0ed24bb325560578
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Mar 23 06:01:44 2023 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Mar 23 06:01:44 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c1bbac96
net-misc/openssh: restore patch metadata
It was lost in the 9.3_p1 rebase.
Signed-off-by: Sam James <sam <AT> gentoo.org>
.../openssh/files/openssh-9.3_p1-openssl-version-compat-check.patch | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/net-misc/openssh/files/openssh-9.3_p1-openssl-version-compat-check.patch b/net-misc/openssh/files/openssh-9.3_p1-openssl-version-compat-check.patch
index caccfd17c11d..b571ae253fff 100644
--- a/net-misc/openssh/files/openssh-9.3_p1-openssl-version-compat-check.patch
+++ b/net-misc/openssh/files/openssh-9.3_p1-openssl-version-compat-check.patch
@@ -1,5 +1,4 @@
-diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c
-index 033f35763..efc387fa7 100644
+https://bugzilla.mindrot.org/show_bug.cgi?id=3548
--- a/openbsd-compat/openssl-compat.c
+++ b/openbsd-compat/openssl-compat.c
@@ -48,19 +48,25 @@ ssh_compatible_openssl(long headerver, long libver)
@@ -37,8 +36,6 @@ index 033f35763..efc387fa7 100644
if ( (headerver & mask) == (libver & mask) && lfix >= hfix)
return 1;
return 0;
-diff --git a/openbsd-compat/regress/opensslvertest.c b/openbsd-compat/regress/opensslvertest.c
-index d50066609..60a8a4e6c 100644
--- a/openbsd-compat/regress/opensslvertest.c
+++ b/openbsd-compat/regress/opensslvertest.c
@@ -31,7 +31,7 @@ struct version_test {
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/files/
@ 2023-04-01 19:13 Conrad Kostecki
0 siblings, 0 replies; 40+ messages in thread
From: Conrad Kostecki @ 2023-04-01 19:13 UTC (permalink / raw
To: gentoo-commits
commit: 89388df8828ca7f3f759077caa139a6e34d2665b
Author: Michael Mair-Keimberger <mmk <AT> levelnine <DOT> at>
AuthorDate: Fri Mar 24 13:54:56 2023 +0000
Commit: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
CommitDate: Sat Apr 1 19:10:58 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=89388df8
net-misc/openssh: remove unused patch
Signed-off-by: Michael Mair-Keimberger <mmk <AT> levelnine.at>
Closes: https://github.com/gentoo/gentoo/pull/30332
Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>
net-misc/openssh/files/openssh-9.1_p1-build-tests.patch | 13 -------------
1 file changed, 13 deletions(-)
diff --git a/net-misc/openssh/files/openssh-9.1_p1-build-tests.patch b/net-misc/openssh/files/openssh-9.1_p1-build-tests.patch
deleted file mode 100644
index 62f51a87823d..000000000000
--- a/net-misc/openssh/files/openssh-9.1_p1-build-tests.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-diff --git a/openbsd-compat/regress/Makefile.in b/openbsd-compat/regress/Makefile.in
-index dd8cdc4b7..c446f0aa2 100644
---- a/openbsd-compat/regress/Makefile.in
-+++ b/openbsd-compat/regress/Makefile.in
-@@ -10,7 +10,7 @@ CFLAGS=@CFLAGS@
- CPPFLAGS=-I. -I.. -I../.. -I$(srcdir) -I$(srcdir)/.. -I$(srcdir)/../.. @CPPFLAGS@ @DEFS@
- EXEEXT=@EXEEXT@
- LIBCOMPAT=../libopenbsd-compat.a
--LIBS=@LIBS@
-+LIBS=@LIBS@ -lssl -lcrypto
- LDFLAGS=@LDFLAGS@ $(LIBCOMPAT)
-
- TESTPROGS=closefromtest$(EXEEXT) snprintftest$(EXEEXT) strduptest$(EXEEXT) \
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/files/
@ 2023-05-07 10:11 David Seifert
0 siblings, 0 replies; 40+ messages in thread
From: David Seifert @ 2023-05-07 10:11 UTC (permalink / raw
To: gentoo-commits
commit: 943030b8b90300a6a459d4ac368a6dc676275982
Author: David Seifert <soap <AT> gentoo <DOT> org>
AuthorDate: Sun May 7 10:10:58 2023 +0000
Commit: David Seifert <soap <AT> gentoo <DOT> org>
CommitDate: Sun May 7 10:10:58 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=943030b8
net-misc/openssh/files: remove unused systemd units
Signed-off-by: David Seifert <soap <AT> gentoo.org>
net-misc/openssh/files/sshd.service | 12 ------------
net-misc/openssh/files/sshd_at.service | 8 --------
2 files changed, 20 deletions(-)
diff --git a/net-misc/openssh/files/sshd.service b/net-misc/openssh/files/sshd.service
deleted file mode 100644
index 6b4da9132fad..000000000000
--- a/net-misc/openssh/files/sshd.service
+++ /dev/null
@@ -1,12 +0,0 @@
-[Unit]
-Description=OpenSSH server daemon
-After=syslog.target network.target auditd.service
-
-[Service]
-ExecStartPre=/usr/bin/ssh-keygen -A
-ExecStart=/usr/sbin/sshd -D -e
-ExecReload=/bin/kill -HUP $MAINPID
-KillMode=process
-
-[Install]
-WantedBy=multi-user.target
diff --git a/net-misc/openssh/files/sshd_at.service b/net-misc/openssh/files/sshd_at.service
deleted file mode 100644
index ec2907b3b1ac..000000000000
--- a/net-misc/openssh/files/sshd_at.service
+++ /dev/null
@@ -1,8 +0,0 @@
-[Unit]
-Description=OpenSSH per-connection server daemon
-After=syslog.target auditd.service
-
-[Service]
-ExecStart=-/usr/sbin/sshd -i -e
-StandardInput=socket
-StandardError=journal
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/files/
@ 2023-12-31 2:38 Conrad Kostecki
0 siblings, 0 replies; 40+ messages in thread
From: Conrad Kostecki @ 2023-12-31 2:38 UTC (permalink / raw
To: gentoo-commits
commit: 3bf5a85eff555d9659c70b8187737c56614f25d3
Author: Michael Mair-Keimberger <mmk <AT> levelnine <DOT> at>
AuthorDate: Fri Dec 29 14:11:31 2023 +0000
Commit: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
CommitDate: Sun Dec 31 02:37:55 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3bf5a85e
net-misc/openssh: remove unused patches
Signed-off-by: Michael Mair-Keimberger <mmk <AT> levelnine.at>
Closes: https://github.com/gentoo/gentoo/pull/34531
Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>
.../openssh-9.3_p1-gss-use-HOST_NAME_MAX.patch | 11 ----
.../openssh-9.3_p1-openssl-ignore-status.patch | 17 -------
...enssh-9.3_p1-openssl-version-compat-check.patch | 58 ----------------------
3 files changed, 86 deletions(-)
diff --git a/net-misc/openssh/files/openssh-9.3_p1-gss-use-HOST_NAME_MAX.patch b/net-misc/openssh/files/openssh-9.3_p1-gss-use-HOST_NAME_MAX.patch
deleted file mode 100644
index b50ac7c00181..000000000000
--- a/net-misc/openssh/files/openssh-9.3_p1-gss-use-HOST_NAME_MAX.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- a/gss-serv.c
-+++ b/gss-serv.c
-@@ -105,7 +105,7 @@ ssh_gssapi_acquire_cred(Gssctxt *ctx)
- gss_create_empty_oid_set(&status, &oidset);
- gss_add_oid_set_member(&status, ctx->oid, &oidset);
-
-- if (gethostname(lname, MAXHOSTNAMELEN)) {
-+ if (gethostname(lname, HOST_NAME_MAX)) {
- gss_release_oid_set(&status, &oidset);
- return (-1);
- }
diff --git a/net-misc/openssh/files/openssh-9.3_p1-openssl-ignore-status.patch b/net-misc/openssh/files/openssh-9.3_p1-openssl-ignore-status.patch
deleted file mode 100644
index fa33af39b6f8..000000000000
--- a/net-misc/openssh/files/openssh-9.3_p1-openssl-ignore-status.patch
+++ /dev/null
@@ -1,17 +0,0 @@
-the last nibble of the openssl version represents the status. that is,
-whether it is a beta or release. when it comes to version checks in
-openssh, this component does not matter, so ignore it.
-
-https://bugzilla.mindrot.org/show_bug.cgi?id=2212
-
---- a/openbsd-compat/openssl-compat.c
-+++ b/openbsd-compat/openssl-compat.c
-@@ -58,7 +58,7 @@ ssh_compatible_openssl(long headerver, long libver)
- * For versions >= 1.0.0, major,minor,status must match and library
- * fix version must be equal to or newer than the header.
- */
-- mask = 0xfff0000fL; /* major,minor,status */
-+ mask = 0xfff00000L; /* major,minor,status */
- hfix = (headerver & 0x000ff000) >> 12;
- lfix = (libver & 0x000ff000) >> 12;
- if ( (headerver & mask) == (libver & mask) && lfix >= hfix)
diff --git a/net-misc/openssh/files/openssh-9.3_p1-openssl-version-compat-check.patch b/net-misc/openssh/files/openssh-9.3_p1-openssl-version-compat-check.patch
deleted file mode 100644
index b571ae253fff..000000000000
--- a/net-misc/openssh/files/openssh-9.3_p1-openssl-version-compat-check.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-https://bugzilla.mindrot.org/show_bug.cgi?id=3548
---- a/openbsd-compat/openssl-compat.c
-+++ b/openbsd-compat/openssl-compat.c
-@@ -48,19 +48,25 @@ ssh_compatible_openssl(long headerver, long libver)
- if (headerver == libver)
- return 1;
-
-- /* for versions < 1.0.0, major,minor,fix,status must match */
-- if (headerver < 0x1000000f) {
-- mask = 0xfffff00fL; /* major,minor,fix,status */
-- return (headerver & mask) == (libver & mask);
-+ /*
-+ * For versions < 3.0.0, major,minor,status must match and library
-+ * fix version must be equal to or newer than the header.
-+ */
-+ if (headerver < 0x3000000f) {
-+ mask = 0xfff0000fL; /* major,minor,status */
-+ hfix = (headerver & 0x000ff000) >> 12;
-+ lfix = (libver & 0x000ff000) >> 12;
-+ if ( (headerver & mask) == (libver & mask) && lfix >= hfix)
-+ return 1;
- }
-
- /*
-- * For versions >= 1.0.0, major,minor,status must match and library
-- * fix version must be equal to or newer than the header.
-+ * For versions >= 3.0.0, major must match and minor,status must be
-+ * equal to or greater than the header.
- */
-- mask = 0xfff00000L; /* major,minor,status */
-- hfix = (headerver & 0x000ff000) >> 12;
-- lfix = (libver & 0x000ff000) >> 12;
-+ mask = 0xf000000fL; /* major, status */
-+ hfix = (headerver & 0x0ffffff0L) >> 12;
-+ lfix = (libver & 0x0ffffff0L) >> 12;
- if ( (headerver & mask) == (libver & mask) && lfix >= hfix)
- return 1;
- return 0;
---- a/openbsd-compat/regress/opensslvertest.c
-+++ b/openbsd-compat/regress/opensslvertest.c
-@@ -31,7 +31,7 @@ struct version_test {
- { 0x0090802fL, 0x0090804fL, 1}, /* newer library fix version: ok */
- { 0x0090802fL, 0x0090801fL, 1}, /* older library fix version: ok */
- { 0x0090802fL, 0x0090702fL, 0}, /* older library minor version: NO */
-- { 0x0090802fL, 0x0090902fL, 0}, /* newer library minor version: NO */
-+ { 0x0090802fL, 0x0090902fL, 1}, /* newer library minor version: ok */
- { 0x0090802fL, 0x0080802fL, 0}, /* older library major version: NO */
- { 0x0090802fL, 0x1000100fL, 0}, /* newer library major version: NO */
-
-@@ -41,7 +41,7 @@ struct version_test {
- { 0x1000101fL, 0x1000100fL, 1}, /* older library patch version: ok */
- { 0x1000101fL, 0x1000201fL, 1}, /* newer library fix version: ok */
- { 0x1000101fL, 0x1000001fL, 0}, /* older library fix version: NO */
-- { 0x1000101fL, 0x1010101fL, 0}, /* newer library minor version: NO */
-+ { 0x1000101fL, 0x1010101fL, 1}, /* newer library minor version: ok */
- { 0x1000101fL, 0x0000101fL, 0}, /* older library major version: NO */
- { 0x1000101fL, 0x2000101fL, 0}, /* newer library major version: NO */
- };
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/files/
@ 2024-07-07 8:44 Sam James
0 siblings, 0 replies; 40+ messages in thread
From: Sam James @ 2024-07-07 8:44 UTC (permalink / raw
To: gentoo-commits
commit: d791fcea11352d79bb896d131433a4c12d5e2fee
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Jul 7 08:43:34 2024 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Jul 7 08:43:57 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d791fcea
net-misc/openssh: switch to upstream variant of patch
Bug: https://bugs.gentoo.org/935353
Signed-off-by: Sam James <sam <AT> gentoo.org>
net-misc/openssh/files/openssh-9.8_p1-musl-connect.patch | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/net-misc/openssh/files/openssh-9.8_p1-musl-connect.patch b/net-misc/openssh/files/openssh-9.8_p1-musl-connect.patch
index 98c480445f53..c0546e747a1f 100644
--- a/net-misc/openssh/files/openssh-9.8_p1-musl-connect.patch
+++ b/net-misc/openssh/files/openssh-9.8_p1-musl-connect.patch
@@ -1,13 +1,14 @@
-# Pulled patch from Voidlinux
-# Bug: https://bugs.gentoo.org/935353
+https://bugzilla.mindrot.org/show_bug.cgi?id=3707
+https://bugs.gentoo.org/935353
--- a/openbsd-compat/port-linux.c
+++ b/openbsd-compat/port-linux.c
-@@ -366,7 +366,7 @@
+@@ -366,7 +366,7 @@ ssh_systemd_notify(const char *fmt, ...)
error_f("socket \"%s\": %s", path, strerror(errno));
goto out;
}
- if (connect(fd, &addr, sizeof(addr)) != 0) {
-+ if (connect(fd, (const struct sockaddr *)&addr, sizeof(addr)) != 0) {
++ if (connect(fd, (struct sockaddr *)&addr, sizeof(addr)) != 0) {
error_f("socket \"%s\" connect: %s", path, strerror(errno));
goto out;
}
+
^ permalink raw reply related [flat|nested] 40+ messages in thread
end of thread, other threads:[~2024-07-07 8:44 UTC | newest]
Thread overview: 40+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-04-01 19:13 [gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/files/ Conrad Kostecki
-- strict thread matches above, loose matches on Subject: below --
2024-07-07 8:44 Sam James
2023-12-31 2:38 Conrad Kostecki
2023-05-07 10:11 David Seifert
2023-03-23 6:02 Sam James
2023-01-14 19:17 Sam James
2023-01-01 18:16 Conrad Kostecki
2022-10-30 9:28 Sam James
2022-02-26 3:02 Sam James
2022-02-16 14:59 Mike Gilbert
2021-12-24 13:29 Conrad Kostecki
2021-07-25 21:32 Conrad Kostecki
2021-05-03 11:28 Mikle Kolyada
2021-04-26 20:23 Mike Gilbert
2021-04-25 12:59 Conrad Kostecki
2021-03-04 22:39 Patrick McLean
2021-02-20 22:43 Conrad Kostecki
2020-09-01 19:21 Mike Gilbert
2020-06-20 7:47 Michał Górny
2020-05-12 1:41 Patrick McLean
2020-04-17 18:01 Patrick McLean
2019-11-17 18:40 Patrick McLean
2019-04-19 16:58 Patrick McLean
2019-03-11 4:48 Aaron Bauman
2018-10-31 8:06 Lars Wendler
2018-10-26 18:35 Patrick McLean
2018-10-26 18:30 Patrick McLean
2018-10-23 23:27 Patrick McLean
2018-03-13 13:20 Lars Wendler
2017-12-28 15:58 Lars Wendler
2017-01-09 21:09 Lars Wendler
2016-09-09 17:20 Patrick McLean
2016-09-09 6:43 Patrick McLean
2016-09-08 18:49 Patrick McLean
2016-09-08 0:28 Patrick McLean
2016-09-07 18:54 Patrick McLean
2016-09-07 4:54 Patrick McLean
2016-09-07 2:43 Patrick McLean
2016-09-07 1:12 Patrick McLean
2016-08-06 8:59 Mike Frysinger
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox