1 |
commit: dd069ebac8b0f15edc1dee19bb77f9611b5a812a |
2 |
Author: Patrick McLean <chutzpah <AT> gentoo <DOT> org> |
3 |
AuthorDate: Fri Apr 23 23:14:10 2021 +0000 |
4 |
Commit: Patrick McLean <chutzpah <AT> gentoo <DOT> org> |
5 |
CommitDate: Fri Apr 23 23:14:16 2021 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dd069eba |
7 |
|
8 |
net-misc/openssh-8.6_p1: revbump, add X509 patch |
9 |
|
10 |
Bug: https://bugs.gentoo.org/785034 |
11 |
Bug: https://bugs.gentoo.org/784896 |
12 |
Package-Manager: Portage-3.0.18, Repoman-3.0.3 |
13 |
Signed-off-by: Patrick McLean <chutzpah <AT> gentoo.org> |
14 |
|
15 |
net-misc/openssh/Manifest | 1 + |
16 |
.../files/openssh-8.6_p1-X509-glue-13.1.patch | 72 +++++ |
17 |
.../files/openssh-8.6_p1-hpn-15.2-X509-glue.patch | 357 +++++++++++++++++++++ |
18 |
...nssh-8.6_p1.ebuild => openssh-8.6_p1-r1.ebuild} | 4 +- |
19 |
4 files changed, 432 insertions(+), 2 deletions(-) |
20 |
|
21 |
diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest |
22 |
index 95555068cf8..51b6a2c9d3f 100644 |
23 |
--- a/net-misc/openssh/Manifest |
24 |
+++ b/net-misc/openssh/Manifest |
25 |
@@ -5,6 +5,7 @@ DIST openssh-8.5p1+x509-13.0.1.diff.gz 997005 BLAKE2B b6cdc9ba12dc642c7073463fb8 |
26 |
DIST openssh-8.5p1+x509-13.0.diff.gz 996872 BLAKE2B 136937e4e65e5e73d1d1b596ae6188f359daa8e95aafd57fab8cf947b59fde573ff4e6259781d1a0fd89718d14469ca4aed01bae6f37cc16df109c673fa2c73c SHA512 2276b0ac577162f7f6a56115637636a6eaaa8b3cc06e5ef053ec06e00a7c3459efe8de8dbc5f55c9f6a192534e2f7c8c7064fcdbf56d28b628bb301c5072802c |
27 |
DIST openssh-8.5p1-sctp-1.2.patch.xz 7692 BLAKE2B 298bf5e2004fd864bdbb6d6f354d1fbcb7052a9caaf8e39863b840a7af8e31f87790f6aa10ae84df177d450bb34a43c4a3aa87d7472e2505d727757c016ce92b SHA512 84990f95e22c90dbc4d04d47ea88b761ff1d0101018661ff2376ac2a726b5fca43f1b5f5d926ccbe1c8d0143ac36b104616bd1a6b5dcdba4addf48a5dd196e2b |
28 |
DIST openssh-8.5p1.tar.gz 1779733 BLAKE2B f4e4bd39e2dd275d4811e06ca994f2239ad27c804b003c74cc26f9dffae28f1b4006fc618580f0dc9c45f0b7361c24728c23688b45f41cb8a15cf6206c3f15c3 SHA512 af9c34d89170a30fc92a63973e32c766ed4a6d254bb210e317c000d46913e78d0c60c7befe62d993d659be000b828b9d4d3832fc40df1c3d33850aaa6293846f |
29 |
+DIST openssh-8.6p1+x509-13.1.diff.gz 1011666 BLAKE2B 0ac0cf2ff962b8ef677c49de0bb586f375f14d8964e077c10f6a88ec15734807940ab6c0277e44ebdfde0e50c2c80103cff614a6cde4d66e9986152032eeaa90 SHA512 ae4986dd079678c7b0cfd805136ff7ac940d1049fdddeb5a7c4ea2141bfcca70463b951485fb2b113bc930f519b1b41562900ced0269f5673dbdad867f464251 |
30 |
DIST openssh-8.6p1-sctp-1.2.patch.xz 7696 BLAKE2B 37f9e943a1881af05d9cf2234433711dc45ca30c60af4c0ea38a1d361df02abb491fa114f3698285f582b40b838414c1a048c4f09aa4f7ae9499adb09201d2ac SHA512 ba8c4d38a3d90854e79dc18918fffde246d7609a3f1c3a35e06c0fbe33d3688ed29b0ec33556ae37d1654e1dc2133d892613ad8d1ecbdce9aaa5b9eb10dcbb7a |
31 |
DIST openssh-8.6p1.tar.gz 1786328 BLAKE2B 261a0f1a6235275894d487cce37537755c86835e3a34871462fe29bfe72b49cd9a6b6a547aea4bd554f0957e110c84458cc75a5f2560717fb04804d62228562a SHA512 9854eda0b773c64c9f1f74844ce466b2b42ee8845f58ad062b73141d617af944fa4ebafdf72069f400106d2c2bd0a69c92fe805ec1fc26d4f0faadf06c3fbbe6 |
32 |
DIST openssh-8_3_P1-hpn-AES-CTR-14.22.diff 29963 BLAKE2B 19b82f4ff820f52dafaa5b3f09f8a0a67f318771c1c7276b9d37e4a6412052c9c53347f880f2d78981af3830432704b9ad74b375241965326530ae23ec8d74a2 SHA512 49f2778831dc768850870a1755da9cdd7d3bc83fa87069070f5a1d357ce9bdadeb2506c8ff3c6b055708da12a70e9ede7ed0e8a29fcab441abb55c9d483663be |
33 |
|
34 |
diff --git a/net-misc/openssh/files/openssh-8.6_p1-X509-glue-13.1.patch b/net-misc/openssh/files/openssh-8.6_p1-X509-glue-13.1.patch |
35 |
new file mode 100644 |
36 |
index 00000000000..e23063b5db2 |
37 |
--- /dev/null |
38 |
+++ b/net-misc/openssh/files/openssh-8.6_p1-X509-glue-13.1.patch |
39 |
@@ -0,0 +1,72 @@ |
40 |
+--- a/openssh-8.6p1+x509-13.1.diff 2021-04-23 14:46:58.184683047 -0700 |
41 |
++++ b/openssh-8.6p1+x509-13.1.diff 2021-04-23 15:00:08.455087549 -0700 |
42 |
+@@ -47728,12 +47728,11 @@ |
43 |
+ |
44 |
+ install-files: |
45 |
+ $(MKDIR_P) $(DESTDIR)$(bindir) |
46 |
+-@@ -389,6 +366,8 @@ |
47 |
++@@ -389,6 +366,7 @@ |
48 |
+ $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)5 |
49 |
+ $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)8 |
50 |
+ $(MKDIR_P) $(DESTDIR)$(libexecdir) |
51 |
+ + $(MKDIR_P) $(DESTDIR)$(sshcadir) |
52 |
+-+ $(MKDIR_P) $(DESTDIR)$(piddir) |
53 |
+ $(MKDIR_P) -m 0755 $(DESTDIR)$(PRIVSEP_PATH) |
54 |
+ $(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) $(DESTDIR)$(bindir)/ssh$(EXEEXT) |
55 |
+ $(INSTALL) -m 0755 $(STRIP_OPT) scp$(EXEEXT) $(DESTDIR)$(bindir)/scp$(EXEEXT) |
56 |
+@@ -65001,7 +65000,7 @@ |
57 |
+ - echo "putty interop tests not enabled" |
58 |
+ - exit 0 |
59 |
+ -fi |
60 |
+-+$REGRESS_INTEROP_PUTTY || { echo "putty interop tests are not enabled" >&1; exit 1; } |
61 |
+++$REGRESS_INTEROP_PUTTY || { echo "putty interop tests are not enabled" >&1; exit 0; } |
62 |
+ |
63 |
+ for c in aes 3des aes128-ctr aes192-ctr aes256-ctr chacha20 ; do |
64 |
+ verbose "$tid: cipher $c" |
65 |
+@@ -65016,7 +65015,7 @@ |
66 |
+ - echo "putty interop tests not enabled" |
67 |
+ - exit 0 |
68 |
+ -fi |
69 |
+-+$REGRESS_INTEROP_PUTTY || { echo "putty interop tests are not enabled" >&1; exit 1; } |
70 |
+++$REGRESS_INTEROP_PUTTY || { echo "putty interop tests are not enabled" >&1; exit 0; } |
71 |
+ |
72 |
+ for k in dh-gex-sha1 dh-group1-sha1 dh-group14-sha1 ecdh ; do |
73 |
+ verbose "$tid: kex $k" |
74 |
+@@ -65031,7 +65030,7 @@ |
75 |
+ - echo "putty interop tests not enabled" |
76 |
+ - exit 0 |
77 |
+ -fi |
78 |
+-+$REGRESS_INTEROP_PUTTY || { echo "putty interop tests are not enabled" >&1; exit 1; } |
79 |
+++$REGRESS_INTEROP_PUTTY || { echo "putty interop tests are not enabled" >&1; exit 0; } |
80 |
+ |
81 |
+ if [ "`${SSH} -Q compression`" = "none" ]; then |
82 |
+ comp="0" |
83 |
+@@ -65163,9 +65162,9 @@ |
84 |
+ |
85 |
+ +# cross-project configuration |
86 |
+ +if test "$sshd_type" = "pkix" ; then |
87 |
+-+ unset_arg='' |
88 |
+++ unset_arg= |
89 |
+ +else |
90 |
+-+ unset_arg=none |
91 |
+++ unset_arg= |
92 |
+ +fi |
93 |
+ + |
94 |
+ cat > $OBJ/sshd_config.i << _EOF |
95 |
+@@ -124084,16 +124083,6 @@ |
96 |
+ +int asnmprintf(char **, size_t, int *, const char *, ...) |
97 |
+ __attribute__((format(printf, 4, 5))); |
98 |
+ void msetlocale(void); |
99 |
+-diff -ruN openssh-8.6p1/version.h openssh-8.6p1+x509-13.1/version.h |
100 |
+---- openssh-8.6p1/version.h 2021-04-16 06:55:25.000000000 +0300 |
101 |
+-+++ openssh-8.6p1+x509-13.1/version.h 2021-04-21 21:07:00.000000000 +0300 |
102 |
+-@@ -2,5 +2,4 @@ |
103 |
+- |
104 |
+- #define SSH_VERSION "OpenSSH_8.6" |
105 |
+- |
106 |
+--#define SSH_PORTABLE "p1" |
107 |
+--#define SSH_RELEASE SSH_VERSION SSH_PORTABLE |
108 |
+-+#define SSH_RELEASE PACKAGE_STRING ", " SSH_VERSION "p1" |
109 |
+ diff -ruN openssh-8.6p1/version.m4 openssh-8.6p1+x509-13.1/version.m4 |
110 |
+ --- openssh-8.6p1/version.m4 1970-01-01 02:00:00.000000000 +0200 |
111 |
+ +++ openssh-8.6p1+x509-13.1/version.m4 2021-04-21 21:07:00.000000000 +0300 |
112 |
|
113 |
diff --git a/net-misc/openssh/files/openssh-8.6_p1-hpn-15.2-X509-glue.patch b/net-misc/openssh/files/openssh-8.6_p1-hpn-15.2-X509-glue.patch |
114 |
new file mode 100644 |
115 |
index 00000000000..714dffc4171 |
116 |
--- /dev/null |
117 |
+++ b/net-misc/openssh/files/openssh-8.6_p1-hpn-15.2-X509-glue.patch |
118 |
@@ -0,0 +1,357 @@ |
119 |
+diff -ur a/openssh-8_5_P1-hpn-AES-CTR-15.2.diff b/openssh-8_5_P1-hpn-AES-CTR-15.2.diff |
120 |
+--- a/openssh-8_5_P1-hpn-AES-CTR-15.2.diff 2021-04-23 15:31:47.247434467 -0700 |
121 |
++++ b/openssh-8_5_P1-hpn-AES-CTR-15.2.diff 2021-04-23 15:32:29.807508606 -0700 |
122 |
+@@ -3,9 +3,9 @@ |
123 |
+ --- a/Makefile.in |
124 |
+ +++ b/Makefile.in |
125 |
+ @@ -46,7 +46,7 @@ CFLAGS=@CFLAGS@ |
126 |
+- CFLAGS_NOPIE=@CFLAGS_NOPIE@ |
127 |
+- CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ |
128 |
+- PICFLAG=@PICFLAG@ |
129 |
++ LD=@LD@ |
130 |
++ CFLAGS=@CFLAGS@ $(CFLAGS_EXTRA) |
131 |
++ CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@ |
132 |
+ -LIBS=@LIBS@ |
133 |
+ +LIBS=@LIBS@ -lpthread |
134 |
+ K5LIBS=@K5LIBS@ |
135 |
+@@ -803,8 +803,8 @@ |
136 |
+ ssh_packet_set_connection(struct ssh *ssh, int fd_in, int fd_out) |
137 |
+ { |
138 |
+ struct session_state *state; |
139 |
+-- const struct sshcipher *none = cipher_by_name("none"); |
140 |
+-+ struct sshcipher *none = cipher_by_name("none"); |
141 |
++- const struct sshcipher *none = cipher_none(); |
142 |
+++ struct sshcipher *none = cipher_none(); |
143 |
+ int r; |
144 |
+ |
145 |
+ if (none == NULL) { |
146 |
+@@ -898,20 +898,20 @@ |
147 |
+ options->fingerprint_hash = -1; |
148 |
+ options->update_hostkeys = -1; |
149 |
+ + options->disable_multithreaded = -1; |
150 |
+- options->hostbased_accepted_algos = NULL; |
151 |
+- options->pubkey_accepted_algos = NULL; |
152 |
+- options->known_hosts_command = NULL; |
153 |
++ } |
154 |
++ |
155 |
++ /* |
156 |
+ @@ -2467,6 +2474,10 @@ fill_default_options(Options * options) |
157 |
++ options->update_hostkeys = 0; |
158 |
+ if (options->sk_provider == NULL) |
159 |
+ options->sk_provider = xstrdup("$SSH_SK_PROVIDER"); |
160 |
+- #endif |
161 |
+ + if (options->update_hostkeys == -1) |
162 |
+ + options->update_hostkeys = 0; |
163 |
+ + if (options->disable_multithreaded == -1) |
164 |
+ + options->disable_multithreaded = 0; |
165 |
+ |
166 |
+- /* Expand KEX name lists */ |
167 |
+- all_cipher = cipher_alg_list(',', 0); |
168 |
++ /* expand KEX and etc. name lists */ |
169 |
++ { char *all; |
170 |
+ diff --git a/readconf.h b/readconf.h |
171 |
+ index 2fba866e..7f8f0227 100644 |
172 |
+ --- a/readconf.h |
173 |
+@@ -950,9 +950,9 @@ |
174 |
+ /* Portable-specific options */ |
175 |
+ sUsePAM, |
176 |
+ + sDisableMTAES, |
177 |
+- /* Standard Options */ |
178 |
+- sPort, sHostKeyFile, sLoginGraceTime, |
179 |
+- sPermitRootLogin, sLogFacility, sLogLevel, sLogVerbose, |
180 |
++ /* X.509 Standard Options */ |
181 |
++ sHostbasedAlgorithms, |
182 |
++ sPubkeyAlgorithms, |
183 |
+ @@ -662,6 +666,7 @@ static struct { |
184 |
+ { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, |
185 |
+ { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL }, |
186 |
+diff -ur a/openssh-8_5_P1-hpn-DynWinNoneSwitch-15.2.diff b/openssh-8_5_P1-hpn-DynWinNoneSwitch-15.2.diff |
187 |
+--- a/openssh-8_5_P1-hpn-DynWinNoneSwitch-15.2.diff 2021-04-23 15:31:47.247434467 -0700 |
188 |
++++ b/openssh-8_5_P1-hpn-DynWinNoneSwitch-15.2.diff 2021-04-23 15:46:32.296026606 -0700 |
189 |
+@@ -157,6 +157,36 @@ |
190 |
+ + Allan Jude provided the code for the NoneMac and buffer normalization. |
191 |
+ + This work was financed, in part, by Cisco System, Inc., the National |
192 |
+ + Library of Medicine, and the National Science Foundation. |
193 |
++diff --git a/auth2.c b/auth2.c |
194 |
++--- a/auth2.c 2021-03-15 19:30:45.404060786 -0700 |
195 |
+++++ b/auth2.c 2021-03-15 19:37:22.078476597 -0700 |
196 |
++@@ -229,16 +229,17 @@ |
197 |
++ double delay; |
198 |
++ |
199 |
++ digest_alg = ssh_digest_maxbytes(); |
200 |
++- len = ssh_digest_bytes(digest_alg); |
201 |
++- hash = xmalloc(len); |
202 |
+++ if (len = ssh_digest_bytes(digest_alg) > 0) { |
203 |
+++ hash = xmalloc(len); |
204 |
++ |
205 |
++- (void)snprintf(b, sizeof b, "%llu%s", |
206 |
++- (unsigned long long)options.timing_secret, user); |
207 |
++- if (ssh_digest_memory(digest_alg, b, strlen(b), hash, len) != 0) |
208 |
++- fatal_f("ssh_digest_memory"); |
209 |
++- /* 0-4.2 ms of delay */ |
210 |
++- delay = (double)PEEK_U32(hash) / 1000 / 1000 / 1000 / 1000; |
211 |
++- freezero(hash, len); |
212 |
+++ (void)snprintf(b, sizeof b, "%llu%s", |
213 |
+++ (unsigned long long)options.timing_secret, user); |
214 |
+++ if (ssh_digest_memory(digest_alg, b, strlen(b), hash, len) != 0) |
215 |
+++ fatal_f("ssh_digest_memory"); |
216 |
+++ /* 0-4.2 ms of delay */ |
217 |
+++ delay = (double)PEEK_U32(hash) / 1000 / 1000 / 1000 / 1000; |
218 |
+++ freezero(hash, len); |
219 |
+++ } |
220 |
++ debug3_f("user specific delay %0.3lfms", delay/1000); |
221 |
++ return MIN_FAIL_DELAY_SECONDS + delay; |
222 |
++ } |
223 |
+ diff --git a/channels.c b/channels.c |
224 |
+ index b60d56c4..0e363c15 100644 |
225 |
+ --- a/channels.c |
226 |
+@@ -209,14 +239,14 @@ |
227 |
+ static void |
228 |
+ channel_pre_open(struct ssh *ssh, Channel *c, |
229 |
+ fd_set *readset, fd_set *writeset) |
230 |
+-@@ -2120,22 +2147,32 @@ channel_check_window(struct ssh *ssh, Channel *c) |
231 |
++@@ -2164,21 +2191,31 @@ channel_check_window(struct ssh *ssh, Channel *c) |
232 |
+ |
233 |
+ if (c->type == SSH_CHANNEL_OPEN && |
234 |
+ !(c->flags & (CHAN_CLOSE_SENT|CHAN_CLOSE_RCVD)) && |
235 |
+ - ((c->local_window_max - c->local_window > |
236 |
+ - c->local_maxpacket*3) || |
237 |
+-+ ((ssh_packet_is_interactive(ssh) && |
238 |
+-+ c->local_window_max - c->local_window > c->local_maxpacket*3) || |
239 |
+++ ((ssh_packet_is_interactive(ssh) && |
240 |
+++ c->local_window_max - c->local_window > c->local_maxpacket*3) || |
241 |
+ c->local_window < c->local_window_max/2) && |
242 |
+ c->local_consumed > 0) { |
243 |
+ + u_int addition = 0; |
244 |
+@@ -235,9 +265,8 @@ |
245 |
+ (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 || |
246 |
+ - (r = sshpkt_put_u32(ssh, c->local_consumed)) != 0 || |
247 |
+ + (r = sshpkt_put_u32(ssh, c->local_consumed + addition)) != 0 || |
248 |
+- (r = sshpkt_send(ssh)) != 0) { |
249 |
+- fatal_fr(r, "channel %i", c->self); |
250 |
+- } |
251 |
++ (r = sshpkt_send(ssh)) != 0) |
252 |
++ fatal_fr(r, "channel %d", c->self); |
253 |
+ - debug2("channel %d: window %d sent adjust %d", c->self, |
254 |
+ - c->local_window, c->local_consumed); |
255 |
+ - c->local_window += c->local_consumed; |
256 |
+@@ -386,21 +415,45 @@ |
257 |
+ index 69befa96..90b5f338 100644 |
258 |
+ --- a/compat.c |
259 |
+ +++ b/compat.c |
260 |
+-@@ -149,6 +149,14 @@ compat_banner(struct ssh *ssh, const char *version) |
261 |
+- debug_f("match: %s pat %s compat 0x%08x", |
262 |
++@@ -43,7 +43,7 @@ compat_datafellows(const char *version) |
263 |
++ static u_int |
264 |
++ compat_datafellows(const char *version) |
265 |
++ { |
266 |
++- int i; |
267 |
+++ int i, bugs = 0; |
268 |
++ static struct { |
269 |
++ char *pat; |
270 |
++ int bugs; |
271 |
++@@ -147,11 +147,26 @@ |
272 |
++ if (match_pattern_list(version, check[i].pat, 0) == 1) { |
273 |
++ debug("match: %s pat %s compat 0x%08x", |
274 |
+ version, check[i].pat, check[i].bugs); |
275 |
+- ssh->compat = check[i].bugs; |
276 |
+ + /* Check to see if the remote side is OpenSSH and not HPN */ |
277 |
+-+ /* TODO: need to use new method to test for this */ |
278 |
+ + if (strstr(version, "OpenSSH") != NULL) { |
279 |
+ + if (strstr(version, "hpn") == NULL) { |
280 |
+-+ ssh->compat |= SSH_BUG_LARGEWINDOW; |
281 |
+++ bugs |= SSH_BUG_LARGEWINDOW; |
282 |
+ + debug("Remote is NON-HPN aware"); |
283 |
+ + } |
284 |
+ + } |
285 |
+- return; |
286 |
++- return check[i].bugs; |
287 |
+++ bugs |= check[i].bugs; |
288 |
+ } |
289 |
+ } |
290 |
++- debug("no match: %s", version); |
291 |
++- return 0; |
292 |
+++ /* Check to see if the remote side is OpenSSH and not HPN */ |
293 |
+++ if (strstr(version, "OpenSSH") != NULL) { |
294 |
+++ if (strstr(version, "hpn") == NULL) { |
295 |
+++ bugs |= SSH_BUG_LARGEWINDOW; |
296 |
+++ debug("Remote is NON-HPN aware"); |
297 |
+++ } |
298 |
+++ } |
299 |
+++ if (bugs == 0) |
300 |
+++ debug("no match: %s", version); |
301 |
+++ return bugs; |
302 |
++ } |
303 |
++ |
304 |
++ char * |
305 |
+ diff --git a/compat.h b/compat.h |
306 |
+ index c197fafc..ea2e17a7 100644 |
307 |
+ --- a/compat.h |
308 |
+@@ -459,7 +512,7 @@ |
309 |
+ @@ -890,6 +890,10 @@ kex_choose_conf(struct ssh *ssh) |
310 |
+ int nenc, nmac, ncomp; |
311 |
+ u_int mode, ctos, need, dh_need, authlen; |
312 |
+- int r, first_kex_follows; |
313 |
++ int r, first_kex_follows = 0; |
314 |
+ + int auth_flag = 0; |
315 |
+ + |
316 |
+ + auth_flag = packet_authentication_state(ssh); |
317 |
+@@ -553,7 +606,7 @@ |
318 |
+ #define MAX_PACKETS (1U<<31) |
319 |
+ static int |
320 |
+ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len) |
321 |
+-@@ -1317,7 +1351,7 @@ ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) |
322 |
++@@ -1317,7 +1336,7 @@ ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) |
323 |
+ struct session_state *state = ssh->state; |
324 |
+ int len, r, ms_remain; |
325 |
+ fd_set *setp; |
326 |
+@@ -1035,19 +1088,6 @@ |
327 |
+ |
328 |
+ /* Minimum amount of data to read at a time */ |
329 |
+ #define MIN_READ_SIZE 512 |
330 |
+-diff --git a/ssh-keygen.c b/ssh-keygen.c |
331 |
+-index cfb5f115..36a6e519 100644 |
332 |
+---- a/ssh-keygen.c |
333 |
+-+++ b/ssh-keygen.c |
334 |
+-@@ -2971,7 +2971,7 @@ do_download_sk(const char *skprovider, const char *device) |
335 |
+- freezero(pin, strlen(pin)); |
336 |
+- error_r(r, "Unable to load resident keys"); |
337 |
+- return -1; |
338 |
+-- } |
339 |
+-+ } |
340 |
+- if (nkeys == 0) |
341 |
+- logit("No keys to download"); |
342 |
+- if (pin != NULL) |
343 |
+ diff --git a/ssh.c b/ssh.c |
344 |
+ index 53330da5..27b9770e 100644 |
345 |
+ --- a/ssh.c |
346 |
+@@ -1093,7 +1133,7 @@ |
347 |
+ + else |
348 |
+ + options.hpn_buffer_size = 2 * 1024 * 1024; |
349 |
+ + |
350 |
+-+ if (ssh->compat & SSH_BUG_LARGEWINDOW) { |
351 |
+++ if (ssh_compat_fellows(ssh, SSH_BUG_LARGEWINDOW)) { |
352 |
+ + debug("HPN to Non-HPN Connection"); |
353 |
+ + } else { |
354 |
+ + int sock, socksize; |
355 |
+@@ -1335,7 +1375,29 @@ |
356 |
+ /* Bind the socket to the desired port. */ |
357 |
+ if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) == -1) { |
358 |
+ error("Bind to port %s on %s failed: %.200s.", |
359 |
+-@@ -1727,6 +1734,19 @@ main(int ac, char **av) |
360 |
++@@ -1625,13 +1632,14 @@ |
361 |
++ if (ssh_digest_update(ctx, sshbuf_ptr(server_cfg), |
362 |
++ sshbuf_len(server_cfg)) != 0) |
363 |
++ fatal_f("ssh_digest_update"); |
364 |
++- len = ssh_digest_bytes(digest_alg); |
365 |
++- hash = xmalloc(len); |
366 |
++- if (ssh_digest_final(ctx, hash, len) != 0) |
367 |
++- fatal_f("ssh_digest_final"); |
368 |
++- options.timing_secret = PEEK_U64(hash); |
369 |
++- freezero(hash, len); |
370 |
++- ssh_digest_free(ctx); |
371 |
+++ if ((len = ssh_digest_bytes(digest_alg)) > 0) { |
372 |
+++ hash = xmalloc(len); |
373 |
+++ if (ssh_digest_final(ctx, hash, len) != 0) |
374 |
+++ fatal_f("ssh_digest_final"); |
375 |
+++ options.timing_secret = PEEK_U64(hash); |
376 |
+++ freezero(hash, len); |
377 |
+++ ssh_digest_free(ctx); |
378 |
+++ } |
379 |
++ ctx = NULL; |
380 |
++ return; |
381 |
++ } |
382 |
++@@ -1727,6 +1735,19 @@ main(int ac, char **av) |
383 |
+ /* Fill in default values for those options not explicitly set. */ |
384 |
+ fill_default_server_options(&options); |
385 |
+ |
386 |
+@@ -1355,7 +1417,7 @@ |
387 |
+ /* challenge-response is implemented via keyboard interactive */ |
388 |
+ if (options.challenge_response_authentication) |
389 |
+ options.kbd_interactive_authentication = 1; |
390 |
+-@@ -2166,6 +2186,9 @@ main(int ac, char **av) |
391 |
++@@ -2166,6 +2187,9 @@ main(int ac, char **av) |
392 |
+ rdomain == NULL ? "" : "\""); |
393 |
+ free(laddr); |
394 |
+ |
395 |
+@@ -1365,7 +1427,7 @@ |
396 |
+ /* |
397 |
+ * We don't want to listen forever unless the other side |
398 |
+ * successfully authenticates itself. So we set up an alarm which is |
399 |
+-@@ -2343,6 +2366,12 @@ do_ssh2_kex(struct ssh *ssh) |
400 |
++@@ -2343,6 +2367,12 @@ do_ssh2_kex(struct ssh *ssh) |
401 |
+ struct kex *kex; |
402 |
+ int r; |
403 |
+ |
404 |
+@@ -1405,14 +1467,3 @@ |
405 |
+ # Example of overriding settings on a per-user basis |
406 |
+ #Match User anoncvs |
407 |
+ # X11Forwarding no |
408 |
+-diff --git a/version.h b/version.h |
409 |
+-index 6b4fa372..332fb486 100644 |
410 |
+---- a/version.h |
411 |
+-+++ b/version.h |
412 |
+-@@ -3,4 +3,5 @@ |
413 |
+- #define SSH_VERSION "OpenSSH_8.5" |
414 |
+- |
415 |
+- #define SSH_PORTABLE "p1" |
416 |
+--#define SSH_RELEASE SSH_VERSION SSH_PORTABLE |
417 |
+-+#define SSH_HPN "-hpn15v2" |
418 |
+-+#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN |
419 |
+diff -ur a/openssh-8_5_P1-hpn-PeakTput-15.2.diff b/openssh-8_5_P1-hpn-PeakTput-15.2.diff |
420 |
+--- a/openssh-8_5_P1-hpn-PeakTput-15.2.diff 2021-04-23 15:31:47.247434467 -0700 |
421 |
++++ b/openssh-8_5_P1-hpn-PeakTput-15.2.diff 2021-04-23 15:32:29.808508608 -0700 |
422 |
+@@ -12,9 +12,9 @@ |
423 |
+ static long stalled; /* how long we have been stalled */ |
424 |
+ static int bytes_per_second; /* current speed in bytes per second */ |
425 |
+ @@ -127,6 +129,7 @@ refresh_progress_meter(int force_update) |
426 |
++ off_t bytes_left; |
427 |
+ int cur_speed; |
428 |
+- int hours, minutes, seconds; |
429 |
+- int file_len; |
430 |
++ int len; |
431 |
+ + off_t delta_pos; |
432 |
+ |
433 |
+ if ((!force_update && !alarm_fired && !win_resized) || !can_output()) |
434 |
+@@ -30,15 +30,17 @@ |
435 |
+ if (bytes_left > 0) |
436 |
+ elapsed = now - last_update; |
437 |
+ else { |
438 |
+-@@ -166,7 +173,7 @@ refresh_progress_meter(int force_update) |
439 |
+- |
440 |
++@@ -166,8 +173,8 @@ refresh_progress_meter(int force_update) |
441 |
++ buf[1] = '\0'; |
442 |
++ |
443 |
+ /* filename */ |
444 |
+- buf[0] = '\0'; |
445 |
+-- file_len = win_size - 36; |
446 |
+-+ file_len = win_size - 45; |
447 |
+- if (file_len > 0) { |
448 |
+- buf[0] = '\r'; |
449 |
+- snmprintf(buf+1, sizeof(buf)-1, &file_len, "%-*s", |
450 |
++- if (win_size > 36) { |
451 |
+++ if (win_size > 45) { |
452 |
++- int file_len = win_size - 36; |
453 |
+++ int file_len = win_size - 45; |
454 |
++ snmprintf(buf+1, sizeof(buf)-1, &file_len, "%-*s ", |
455 |
++ file_len, file); |
456 |
++ } |
457 |
+ @@ -191,6 +198,15 @@ refresh_progress_meter(int force_update) |
458 |
+ (off_t)bytes_per_second); |
459 |
+ strlcat(buf, "/s ", win_size); |
460 |
+@@ -63,15 +65,3 @@ |
461 |
+ } |
462 |
+ |
463 |
+ /*ARGSUSED*/ |
464 |
+-diff --git a/ssh-keygen.c b/ssh-keygen.c |
465 |
+-index cfb5f115..986ff59b 100644 |
466 |
+---- a/ssh-keygen.c |
467 |
+-+++ b/ssh-keygen.c |
468 |
+-@@ -2959,7 +2959,6 @@ do_download_sk(const char *skprovider, const char *device) |
469 |
+- |
470 |
+- if (skprovider == NULL) |
471 |
+- fatal("Cannot download keys without provider"); |
472 |
+-- |
473 |
+- pin = read_passphrase("Enter PIN for authenticator: ", RP_ALLOW_STDIN); |
474 |
+- if (!quiet) { |
475 |
+- printf("You may need to touch your authenticator " |
476 |
|
477 |
diff --git a/net-misc/openssh/openssh-8.6_p1.ebuild b/net-misc/openssh/openssh-8.6_p1-r1.ebuild |
478 |
similarity index 99% |
479 |
rename from net-misc/openssh/openssh-8.6_p1.ebuild |
480 |
rename to net-misc/openssh/openssh-8.6_p1-r1.ebuild |
481 |
index d3c60891be0..a09b6842fbe 100644 |
482 |
--- a/net-misc/openssh/openssh-8.6_p1.ebuild |
483 |
+++ b/net-misc/openssh/openssh-8.6_p1-r1.ebuild |
484 |
@@ -21,7 +21,7 @@ HPN_PATCHES=( |
485 |
) |
486 |
|
487 |
SCTP_VER="1.2" SCTP_PATCH="${PARCH}-sctp-${SCTP_VER}.patch.xz" |
488 |
-#X509_VER="13.1" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz" |
489 |
+X509_VER="13.1" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz" |
490 |
|
491 |
DESCRIPTION="Port of OpenBSD's free SSH release" |
492 |
HOMEPAGE="https://www.openssh.com/" |
493 |
@@ -191,7 +191,7 @@ src_prepare() { |
494 |
cp $(printf -- "${DISTDIR}/%s\n" "${HPN_PATCHES[@]}") "${hpn_patchdir}" || die |
495 |
pushd "${hpn_patchdir}" &>/dev/null || die |
496 |
eapply "${FILESDIR}"/${P}-hpn-${HPN_VER}-glue.patch |
497 |
- use X509 && eapply "${FILESDIR}"/${PN}-8.5_p1-hpn-${HPN_VER}-X509-glue.patch |
498 |
+ use X509 && eapply "${FILESDIR}"/${PN}-8.6_p1-hpn-${HPN_VER}-X509-glue.patch |
499 |
use sctp && eapply "${FILESDIR}"/${PN}-8.5_p1-hpn-${HPN_VER}-sctp-glue.patch |
500 |
popd &>/dev/null || die |