Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Patrick McLean <chutzpah@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/, net-misc/openssh/files/
Date: Fri, 23 Apr 2021 23:14:27
Message-Id: 1619219656.dd069ebac8b0f15edc1dee19bb77f9611b5a812a.chutzpah@gentoo
1 commit: dd069ebac8b0f15edc1dee19bb77f9611b5a812a
2 Author: Patrick McLean <chutzpah <AT> gentoo <DOT> org>
3 AuthorDate: Fri Apr 23 23:14:10 2021 +0000
4 Commit: Patrick McLean <chutzpah <AT> gentoo <DOT> org>
5 CommitDate: Fri Apr 23 23:14:16 2021 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dd069eba
7
8 net-misc/openssh-8.6_p1: revbump, add X509 patch
9
10 Bug: https://bugs.gentoo.org/785034
11 Bug: https://bugs.gentoo.org/784896
12 Package-Manager: Portage-3.0.18, Repoman-3.0.3
13 Signed-off-by: Patrick McLean <chutzpah <AT> gentoo.org>
14
15 net-misc/openssh/Manifest | 1 +
16 .../files/openssh-8.6_p1-X509-glue-13.1.patch | 72 +++++
17 .../files/openssh-8.6_p1-hpn-15.2-X509-glue.patch | 357 +++++++++++++++++++++
18 ...nssh-8.6_p1.ebuild => openssh-8.6_p1-r1.ebuild} | 4 +-
19 4 files changed, 432 insertions(+), 2 deletions(-)
20
21 diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest
22 index 95555068cf8..51b6a2c9d3f 100644
23 --- a/net-misc/openssh/Manifest
24 +++ b/net-misc/openssh/Manifest
25 @@ -5,6 +5,7 @@ DIST openssh-8.5p1+x509-13.0.1.diff.gz 997005 BLAKE2B b6cdc9ba12dc642c7073463fb8
26 DIST openssh-8.5p1+x509-13.0.diff.gz 996872 BLAKE2B 136937e4e65e5e73d1d1b596ae6188f359daa8e95aafd57fab8cf947b59fde573ff4e6259781d1a0fd89718d14469ca4aed01bae6f37cc16df109c673fa2c73c SHA512 2276b0ac577162f7f6a56115637636a6eaaa8b3cc06e5ef053ec06e00a7c3459efe8de8dbc5f55c9f6a192534e2f7c8c7064fcdbf56d28b628bb301c5072802c
27 DIST openssh-8.5p1-sctp-1.2.patch.xz 7692 BLAKE2B 298bf5e2004fd864bdbb6d6f354d1fbcb7052a9caaf8e39863b840a7af8e31f87790f6aa10ae84df177d450bb34a43c4a3aa87d7472e2505d727757c016ce92b SHA512 84990f95e22c90dbc4d04d47ea88b761ff1d0101018661ff2376ac2a726b5fca43f1b5f5d926ccbe1c8d0143ac36b104616bd1a6b5dcdba4addf48a5dd196e2b
28 DIST openssh-8.5p1.tar.gz 1779733 BLAKE2B f4e4bd39e2dd275d4811e06ca994f2239ad27c804b003c74cc26f9dffae28f1b4006fc618580f0dc9c45f0b7361c24728c23688b45f41cb8a15cf6206c3f15c3 SHA512 af9c34d89170a30fc92a63973e32c766ed4a6d254bb210e317c000d46913e78d0c60c7befe62d993d659be000b828b9d4d3832fc40df1c3d33850aaa6293846f
29 +DIST openssh-8.6p1+x509-13.1.diff.gz 1011666 BLAKE2B 0ac0cf2ff962b8ef677c49de0bb586f375f14d8964e077c10f6a88ec15734807940ab6c0277e44ebdfde0e50c2c80103cff614a6cde4d66e9986152032eeaa90 SHA512 ae4986dd079678c7b0cfd805136ff7ac940d1049fdddeb5a7c4ea2141bfcca70463b951485fb2b113bc930f519b1b41562900ced0269f5673dbdad867f464251
30 DIST openssh-8.6p1-sctp-1.2.patch.xz 7696 BLAKE2B 37f9e943a1881af05d9cf2234433711dc45ca30c60af4c0ea38a1d361df02abb491fa114f3698285f582b40b838414c1a048c4f09aa4f7ae9499adb09201d2ac SHA512 ba8c4d38a3d90854e79dc18918fffde246d7609a3f1c3a35e06c0fbe33d3688ed29b0ec33556ae37d1654e1dc2133d892613ad8d1ecbdce9aaa5b9eb10dcbb7a
31 DIST openssh-8.6p1.tar.gz 1786328 BLAKE2B 261a0f1a6235275894d487cce37537755c86835e3a34871462fe29bfe72b49cd9a6b6a547aea4bd554f0957e110c84458cc75a5f2560717fb04804d62228562a SHA512 9854eda0b773c64c9f1f74844ce466b2b42ee8845f58ad062b73141d617af944fa4ebafdf72069f400106d2c2bd0a69c92fe805ec1fc26d4f0faadf06c3fbbe6
32 DIST openssh-8_3_P1-hpn-AES-CTR-14.22.diff 29963 BLAKE2B 19b82f4ff820f52dafaa5b3f09f8a0a67f318771c1c7276b9d37e4a6412052c9c53347f880f2d78981af3830432704b9ad74b375241965326530ae23ec8d74a2 SHA512 49f2778831dc768850870a1755da9cdd7d3bc83fa87069070f5a1d357ce9bdadeb2506c8ff3c6b055708da12a70e9ede7ed0e8a29fcab441abb55c9d483663be
33
34 diff --git a/net-misc/openssh/files/openssh-8.6_p1-X509-glue-13.1.patch b/net-misc/openssh/files/openssh-8.6_p1-X509-glue-13.1.patch
35 new file mode 100644
36 index 00000000000..e23063b5db2
37 --- /dev/null
38 +++ b/net-misc/openssh/files/openssh-8.6_p1-X509-glue-13.1.patch
39 @@ -0,0 +1,72 @@
40 +--- a/openssh-8.6p1+x509-13.1.diff 2021-04-23 14:46:58.184683047 -0700
41 ++++ b/openssh-8.6p1+x509-13.1.diff 2021-04-23 15:00:08.455087549 -0700
42 +@@ -47728,12 +47728,11 @@
43 +
44 + install-files:
45 + $(MKDIR_P) $(DESTDIR)$(bindir)
46 +-@@ -389,6 +366,8 @@
47 ++@@ -389,6 +366,7 @@
48 + $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)5
49 + $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)8
50 + $(MKDIR_P) $(DESTDIR)$(libexecdir)
51 + + $(MKDIR_P) $(DESTDIR)$(sshcadir)
52 +-+ $(MKDIR_P) $(DESTDIR)$(piddir)
53 + $(MKDIR_P) -m 0755 $(DESTDIR)$(PRIVSEP_PATH)
54 + $(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) $(DESTDIR)$(bindir)/ssh$(EXEEXT)
55 + $(INSTALL) -m 0755 $(STRIP_OPT) scp$(EXEEXT) $(DESTDIR)$(bindir)/scp$(EXEEXT)
56 +@@ -65001,7 +65000,7 @@
57 + - echo "putty interop tests not enabled"
58 + - exit 0
59 + -fi
60 +-+$REGRESS_INTEROP_PUTTY || { echo "putty interop tests are not enabled" >&1; exit 1; }
61 +++$REGRESS_INTEROP_PUTTY || { echo "putty interop tests are not enabled" >&1; exit 0; }
62 +
63 + for c in aes 3des aes128-ctr aes192-ctr aes256-ctr chacha20 ; do
64 + verbose "$tid: cipher $c"
65 +@@ -65016,7 +65015,7 @@
66 + - echo "putty interop tests not enabled"
67 + - exit 0
68 + -fi
69 +-+$REGRESS_INTEROP_PUTTY || { echo "putty interop tests are not enabled" >&1; exit 1; }
70 +++$REGRESS_INTEROP_PUTTY || { echo "putty interop tests are not enabled" >&1; exit 0; }
71 +
72 + for k in dh-gex-sha1 dh-group1-sha1 dh-group14-sha1 ecdh ; do
73 + verbose "$tid: kex $k"
74 +@@ -65031,7 +65030,7 @@
75 + - echo "putty interop tests not enabled"
76 + - exit 0
77 + -fi
78 +-+$REGRESS_INTEROP_PUTTY || { echo "putty interop tests are not enabled" >&1; exit 1; }
79 +++$REGRESS_INTEROP_PUTTY || { echo "putty interop tests are not enabled" >&1; exit 0; }
80 +
81 + if [ "`${SSH} -Q compression`" = "none" ]; then
82 + comp="0"
83 +@@ -65163,9 +65162,9 @@
84 +
85 + +# cross-project configuration
86 + +if test "$sshd_type" = "pkix" ; then
87 +-+ unset_arg=''
88 +++ unset_arg=
89 + +else
90 +-+ unset_arg=none
91 +++ unset_arg=
92 + +fi
93 + +
94 + cat > $OBJ/sshd_config.i << _EOF
95 +@@ -124084,16 +124083,6 @@
96 + +int asnmprintf(char **, size_t, int *, const char *, ...)
97 + __attribute__((format(printf, 4, 5)));
98 + void msetlocale(void);
99 +-diff -ruN openssh-8.6p1/version.h openssh-8.6p1+x509-13.1/version.h
100 +---- openssh-8.6p1/version.h 2021-04-16 06:55:25.000000000 +0300
101 +-+++ openssh-8.6p1+x509-13.1/version.h 2021-04-21 21:07:00.000000000 +0300
102 +-@@ -2,5 +2,4 @@
103 +-
104 +- #define SSH_VERSION "OpenSSH_8.6"
105 +-
106 +--#define SSH_PORTABLE "p1"
107 +--#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
108 +-+#define SSH_RELEASE PACKAGE_STRING ", " SSH_VERSION "p1"
109 + diff -ruN openssh-8.6p1/version.m4 openssh-8.6p1+x509-13.1/version.m4
110 + --- openssh-8.6p1/version.m4 1970-01-01 02:00:00.000000000 +0200
111 + +++ openssh-8.6p1+x509-13.1/version.m4 2021-04-21 21:07:00.000000000 +0300
112
113 diff --git a/net-misc/openssh/files/openssh-8.6_p1-hpn-15.2-X509-glue.patch b/net-misc/openssh/files/openssh-8.6_p1-hpn-15.2-X509-glue.patch
114 new file mode 100644
115 index 00000000000..714dffc4171
116 --- /dev/null
117 +++ b/net-misc/openssh/files/openssh-8.6_p1-hpn-15.2-X509-glue.patch
118 @@ -0,0 +1,357 @@
119 +diff -ur a/openssh-8_5_P1-hpn-AES-CTR-15.2.diff b/openssh-8_5_P1-hpn-AES-CTR-15.2.diff
120 +--- a/openssh-8_5_P1-hpn-AES-CTR-15.2.diff 2021-04-23 15:31:47.247434467 -0700
121 ++++ b/openssh-8_5_P1-hpn-AES-CTR-15.2.diff 2021-04-23 15:32:29.807508606 -0700
122 +@@ -3,9 +3,9 @@
123 + --- a/Makefile.in
124 + +++ b/Makefile.in
125 + @@ -46,7 +46,7 @@ CFLAGS=@CFLAGS@
126 +- CFLAGS_NOPIE=@CFLAGS_NOPIE@
127 +- CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
128 +- PICFLAG=@PICFLAG@
129 ++ LD=@LD@
130 ++ CFLAGS=@CFLAGS@ $(CFLAGS_EXTRA)
131 ++ CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@
132 + -LIBS=@LIBS@
133 + +LIBS=@LIBS@ -lpthread
134 + K5LIBS=@K5LIBS@
135 +@@ -803,8 +803,8 @@
136 + ssh_packet_set_connection(struct ssh *ssh, int fd_in, int fd_out)
137 + {
138 + struct session_state *state;
139 +-- const struct sshcipher *none = cipher_by_name("none");
140 +-+ struct sshcipher *none = cipher_by_name("none");
141 ++- const struct sshcipher *none = cipher_none();
142 +++ struct sshcipher *none = cipher_none();
143 + int r;
144 +
145 + if (none == NULL) {
146 +@@ -898,20 +898,20 @@
147 + options->fingerprint_hash = -1;
148 + options->update_hostkeys = -1;
149 + + options->disable_multithreaded = -1;
150 +- options->hostbased_accepted_algos = NULL;
151 +- options->pubkey_accepted_algos = NULL;
152 +- options->known_hosts_command = NULL;
153 ++ }
154 ++
155 ++ /*
156 + @@ -2467,6 +2474,10 @@ fill_default_options(Options * options)
157 ++ options->update_hostkeys = 0;
158 + if (options->sk_provider == NULL)
159 + options->sk_provider = xstrdup("$SSH_SK_PROVIDER");
160 +- #endif
161 + + if (options->update_hostkeys == -1)
162 + + options->update_hostkeys = 0;
163 + + if (options->disable_multithreaded == -1)
164 + + options->disable_multithreaded = 0;
165 +
166 +- /* Expand KEX name lists */
167 +- all_cipher = cipher_alg_list(',', 0);
168 ++ /* expand KEX and etc. name lists */
169 ++ { char *all;
170 + diff --git a/readconf.h b/readconf.h
171 + index 2fba866e..7f8f0227 100644
172 + --- a/readconf.h
173 +@@ -950,9 +950,9 @@
174 + /* Portable-specific options */
175 + sUsePAM,
176 + + sDisableMTAES,
177 +- /* Standard Options */
178 +- sPort, sHostKeyFile, sLoginGraceTime,
179 +- sPermitRootLogin, sLogFacility, sLogLevel, sLogVerbose,
180 ++ /* X.509 Standard Options */
181 ++ sHostbasedAlgorithms,
182 ++ sPubkeyAlgorithms,
183 + @@ -662,6 +666,7 @@ static struct {
184 + { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },
185 + { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL },
186 +diff -ur a/openssh-8_5_P1-hpn-DynWinNoneSwitch-15.2.diff b/openssh-8_5_P1-hpn-DynWinNoneSwitch-15.2.diff
187 +--- a/openssh-8_5_P1-hpn-DynWinNoneSwitch-15.2.diff 2021-04-23 15:31:47.247434467 -0700
188 ++++ b/openssh-8_5_P1-hpn-DynWinNoneSwitch-15.2.diff 2021-04-23 15:46:32.296026606 -0700
189 +@@ -157,6 +157,36 @@
190 + + Allan Jude provided the code for the NoneMac and buffer normalization.
191 + + This work was financed, in part, by Cisco System, Inc., the National
192 + + Library of Medicine, and the National Science Foundation.
193 ++diff --git a/auth2.c b/auth2.c
194 ++--- a/auth2.c 2021-03-15 19:30:45.404060786 -0700
195 +++++ b/auth2.c 2021-03-15 19:37:22.078476597 -0700
196 ++@@ -229,16 +229,17 @@
197 ++ double delay;
198 ++
199 ++ digest_alg = ssh_digest_maxbytes();
200 ++- len = ssh_digest_bytes(digest_alg);
201 ++- hash = xmalloc(len);
202 +++ if (len = ssh_digest_bytes(digest_alg) > 0) {
203 +++ hash = xmalloc(len);
204 ++
205 ++- (void)snprintf(b, sizeof b, "%llu%s",
206 ++- (unsigned long long)options.timing_secret, user);
207 ++- if (ssh_digest_memory(digest_alg, b, strlen(b), hash, len) != 0)
208 ++- fatal_f("ssh_digest_memory");
209 ++- /* 0-4.2 ms of delay */
210 ++- delay = (double)PEEK_U32(hash) / 1000 / 1000 / 1000 / 1000;
211 ++- freezero(hash, len);
212 +++ (void)snprintf(b, sizeof b, "%llu%s",
213 +++ (unsigned long long)options.timing_secret, user);
214 +++ if (ssh_digest_memory(digest_alg, b, strlen(b), hash, len) != 0)
215 +++ fatal_f("ssh_digest_memory");
216 +++ /* 0-4.2 ms of delay */
217 +++ delay = (double)PEEK_U32(hash) / 1000 / 1000 / 1000 / 1000;
218 +++ freezero(hash, len);
219 +++ }
220 ++ debug3_f("user specific delay %0.3lfms", delay/1000);
221 ++ return MIN_FAIL_DELAY_SECONDS + delay;
222 ++ }
223 + diff --git a/channels.c b/channels.c
224 + index b60d56c4..0e363c15 100644
225 + --- a/channels.c
226 +@@ -209,14 +239,14 @@
227 + static void
228 + channel_pre_open(struct ssh *ssh, Channel *c,
229 + fd_set *readset, fd_set *writeset)
230 +-@@ -2120,22 +2147,32 @@ channel_check_window(struct ssh *ssh, Channel *c)
231 ++@@ -2164,21 +2191,31 @@ channel_check_window(struct ssh *ssh, Channel *c)
232 +
233 + if (c->type == SSH_CHANNEL_OPEN &&
234 + !(c->flags & (CHAN_CLOSE_SENT|CHAN_CLOSE_RCVD)) &&
235 + - ((c->local_window_max - c->local_window >
236 + - c->local_maxpacket*3) ||
237 +-+ ((ssh_packet_is_interactive(ssh) &&
238 +-+ c->local_window_max - c->local_window > c->local_maxpacket*3) ||
239 +++ ((ssh_packet_is_interactive(ssh) &&
240 +++ c->local_window_max - c->local_window > c->local_maxpacket*3) ||
241 + c->local_window < c->local_window_max/2) &&
242 + c->local_consumed > 0) {
243 + + u_int addition = 0;
244 +@@ -235,9 +265,8 @@
245 + (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 ||
246 + - (r = sshpkt_put_u32(ssh, c->local_consumed)) != 0 ||
247 + + (r = sshpkt_put_u32(ssh, c->local_consumed + addition)) != 0 ||
248 +- (r = sshpkt_send(ssh)) != 0) {
249 +- fatal_fr(r, "channel %i", c->self);
250 +- }
251 ++ (r = sshpkt_send(ssh)) != 0)
252 ++ fatal_fr(r, "channel %d", c->self);
253 + - debug2("channel %d: window %d sent adjust %d", c->self,
254 + - c->local_window, c->local_consumed);
255 + - c->local_window += c->local_consumed;
256 +@@ -386,21 +415,45 @@
257 + index 69befa96..90b5f338 100644
258 + --- a/compat.c
259 + +++ b/compat.c
260 +-@@ -149,6 +149,14 @@ compat_banner(struct ssh *ssh, const char *version)
261 +- debug_f("match: %s pat %s compat 0x%08x",
262 ++@@ -43,7 +43,7 @@ compat_datafellows(const char *version)
263 ++ static u_int
264 ++ compat_datafellows(const char *version)
265 ++ {
266 ++- int i;
267 +++ int i, bugs = 0;
268 ++ static struct {
269 ++ char *pat;
270 ++ int bugs;
271 ++@@ -147,11 +147,26 @@
272 ++ if (match_pattern_list(version, check[i].pat, 0) == 1) {
273 ++ debug("match: %s pat %s compat 0x%08x",
274 + version, check[i].pat, check[i].bugs);
275 +- ssh->compat = check[i].bugs;
276 + + /* Check to see if the remote side is OpenSSH and not HPN */
277 +-+ /* TODO: need to use new method to test for this */
278 + + if (strstr(version, "OpenSSH") != NULL) {
279 + + if (strstr(version, "hpn") == NULL) {
280 +-+ ssh->compat |= SSH_BUG_LARGEWINDOW;
281 +++ bugs |= SSH_BUG_LARGEWINDOW;
282 + + debug("Remote is NON-HPN aware");
283 + + }
284 + + }
285 +- return;
286 ++- return check[i].bugs;
287 +++ bugs |= check[i].bugs;
288 + }
289 + }
290 ++- debug("no match: %s", version);
291 ++- return 0;
292 +++ /* Check to see if the remote side is OpenSSH and not HPN */
293 +++ if (strstr(version, "OpenSSH") != NULL) {
294 +++ if (strstr(version, "hpn") == NULL) {
295 +++ bugs |= SSH_BUG_LARGEWINDOW;
296 +++ debug("Remote is NON-HPN aware");
297 +++ }
298 +++ }
299 +++ if (bugs == 0)
300 +++ debug("no match: %s", version);
301 +++ return bugs;
302 ++ }
303 ++
304 ++ char *
305 + diff --git a/compat.h b/compat.h
306 + index c197fafc..ea2e17a7 100644
307 + --- a/compat.h
308 +@@ -459,7 +512,7 @@
309 + @@ -890,6 +890,10 @@ kex_choose_conf(struct ssh *ssh)
310 + int nenc, nmac, ncomp;
311 + u_int mode, ctos, need, dh_need, authlen;
312 +- int r, first_kex_follows;
313 ++ int r, first_kex_follows = 0;
314 + + int auth_flag = 0;
315 + +
316 + + auth_flag = packet_authentication_state(ssh);
317 +@@ -553,7 +606,7 @@
318 + #define MAX_PACKETS (1U<<31)
319 + static int
320 + ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
321 +-@@ -1317,7 +1351,7 @@ ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
322 ++@@ -1317,7 +1336,7 @@ ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
323 + struct session_state *state = ssh->state;
324 + int len, r, ms_remain;
325 + fd_set *setp;
326 +@@ -1035,19 +1088,6 @@
327 +
328 + /* Minimum amount of data to read at a time */
329 + #define MIN_READ_SIZE 512
330 +-diff --git a/ssh-keygen.c b/ssh-keygen.c
331 +-index cfb5f115..36a6e519 100644
332 +---- a/ssh-keygen.c
333 +-+++ b/ssh-keygen.c
334 +-@@ -2971,7 +2971,7 @@ do_download_sk(const char *skprovider, const char *device)
335 +- freezero(pin, strlen(pin));
336 +- error_r(r, "Unable to load resident keys");
337 +- return -1;
338 +-- }
339 +-+ }
340 +- if (nkeys == 0)
341 +- logit("No keys to download");
342 +- if (pin != NULL)
343 + diff --git a/ssh.c b/ssh.c
344 + index 53330da5..27b9770e 100644
345 + --- a/ssh.c
346 +@@ -1093,7 +1133,7 @@
347 + + else
348 + + options.hpn_buffer_size = 2 * 1024 * 1024;
349 + +
350 +-+ if (ssh->compat & SSH_BUG_LARGEWINDOW) {
351 +++ if (ssh_compat_fellows(ssh, SSH_BUG_LARGEWINDOW)) {
352 + + debug("HPN to Non-HPN Connection");
353 + + } else {
354 + + int sock, socksize;
355 +@@ -1335,7 +1375,29 @@
356 + /* Bind the socket to the desired port. */
357 + if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) == -1) {
358 + error("Bind to port %s on %s failed: %.200s.",
359 +-@@ -1727,6 +1734,19 @@ main(int ac, char **av)
360 ++@@ -1625,13 +1632,14 @@
361 ++ if (ssh_digest_update(ctx, sshbuf_ptr(server_cfg),
362 ++ sshbuf_len(server_cfg)) != 0)
363 ++ fatal_f("ssh_digest_update");
364 ++- len = ssh_digest_bytes(digest_alg);
365 ++- hash = xmalloc(len);
366 ++- if (ssh_digest_final(ctx, hash, len) != 0)
367 ++- fatal_f("ssh_digest_final");
368 ++- options.timing_secret = PEEK_U64(hash);
369 ++- freezero(hash, len);
370 ++- ssh_digest_free(ctx);
371 +++ if ((len = ssh_digest_bytes(digest_alg)) > 0) {
372 +++ hash = xmalloc(len);
373 +++ if (ssh_digest_final(ctx, hash, len) != 0)
374 +++ fatal_f("ssh_digest_final");
375 +++ options.timing_secret = PEEK_U64(hash);
376 +++ freezero(hash, len);
377 +++ ssh_digest_free(ctx);
378 +++ }
379 ++ ctx = NULL;
380 ++ return;
381 ++ }
382 ++@@ -1727,6 +1735,19 @@ main(int ac, char **av)
383 + /* Fill in default values for those options not explicitly set. */
384 + fill_default_server_options(&options);
385 +
386 +@@ -1355,7 +1417,7 @@
387 + /* challenge-response is implemented via keyboard interactive */
388 + if (options.challenge_response_authentication)
389 + options.kbd_interactive_authentication = 1;
390 +-@@ -2166,6 +2186,9 @@ main(int ac, char **av)
391 ++@@ -2166,6 +2187,9 @@ main(int ac, char **av)
392 + rdomain == NULL ? "" : "\"");
393 + free(laddr);
394 +
395 +@@ -1365,7 +1427,7 @@
396 + /*
397 + * We don't want to listen forever unless the other side
398 + * successfully authenticates itself. So we set up an alarm which is
399 +-@@ -2343,6 +2366,12 @@ do_ssh2_kex(struct ssh *ssh)
400 ++@@ -2343,6 +2367,12 @@ do_ssh2_kex(struct ssh *ssh)
401 + struct kex *kex;
402 + int r;
403 +
404 +@@ -1405,14 +1467,3 @@
405 + # Example of overriding settings on a per-user basis
406 + #Match User anoncvs
407 + # X11Forwarding no
408 +-diff --git a/version.h b/version.h
409 +-index 6b4fa372..332fb486 100644
410 +---- a/version.h
411 +-+++ b/version.h
412 +-@@ -3,4 +3,5 @@
413 +- #define SSH_VERSION "OpenSSH_8.5"
414 +-
415 +- #define SSH_PORTABLE "p1"
416 +--#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
417 +-+#define SSH_HPN "-hpn15v2"
418 +-+#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN
419 +diff -ur a/openssh-8_5_P1-hpn-PeakTput-15.2.diff b/openssh-8_5_P1-hpn-PeakTput-15.2.diff
420 +--- a/openssh-8_5_P1-hpn-PeakTput-15.2.diff 2021-04-23 15:31:47.247434467 -0700
421 ++++ b/openssh-8_5_P1-hpn-PeakTput-15.2.diff 2021-04-23 15:32:29.808508608 -0700
422 +@@ -12,9 +12,9 @@
423 + static long stalled; /* how long we have been stalled */
424 + static int bytes_per_second; /* current speed in bytes per second */
425 + @@ -127,6 +129,7 @@ refresh_progress_meter(int force_update)
426 ++ off_t bytes_left;
427 + int cur_speed;
428 +- int hours, minutes, seconds;
429 +- int file_len;
430 ++ int len;
431 + + off_t delta_pos;
432 +
433 + if ((!force_update && !alarm_fired && !win_resized) || !can_output())
434 +@@ -30,15 +30,17 @@
435 + if (bytes_left > 0)
436 + elapsed = now - last_update;
437 + else {
438 +-@@ -166,7 +173,7 @@ refresh_progress_meter(int force_update)
439 +-
440 ++@@ -166,8 +173,8 @@ refresh_progress_meter(int force_update)
441 ++ buf[1] = '\0';
442 ++
443 + /* filename */
444 +- buf[0] = '\0';
445 +-- file_len = win_size - 36;
446 +-+ file_len = win_size - 45;
447 +- if (file_len > 0) {
448 +- buf[0] = '\r';
449 +- snmprintf(buf+1, sizeof(buf)-1, &file_len, "%-*s",
450 ++- if (win_size > 36) {
451 +++ if (win_size > 45) {
452 ++- int file_len = win_size - 36;
453 +++ int file_len = win_size - 45;
454 ++ snmprintf(buf+1, sizeof(buf)-1, &file_len, "%-*s ",
455 ++ file_len, file);
456 ++ }
457 + @@ -191,6 +198,15 @@ refresh_progress_meter(int force_update)
458 + (off_t)bytes_per_second);
459 + strlcat(buf, "/s ", win_size);
460 +@@ -63,15 +65,3 @@
461 + }
462 +
463 + /*ARGSUSED*/
464 +-diff --git a/ssh-keygen.c b/ssh-keygen.c
465 +-index cfb5f115..986ff59b 100644
466 +---- a/ssh-keygen.c
467 +-+++ b/ssh-keygen.c
468 +-@@ -2959,7 +2959,6 @@ do_download_sk(const char *skprovider, const char *device)
469 +-
470 +- if (skprovider == NULL)
471 +- fatal("Cannot download keys without provider");
472 +--
473 +- pin = read_passphrase("Enter PIN for authenticator: ", RP_ALLOW_STDIN);
474 +- if (!quiet) {
475 +- printf("You may need to touch your authenticator "
476
477 diff --git a/net-misc/openssh/openssh-8.6_p1.ebuild b/net-misc/openssh/openssh-8.6_p1-r1.ebuild
478 similarity index 99%
479 rename from net-misc/openssh/openssh-8.6_p1.ebuild
480 rename to net-misc/openssh/openssh-8.6_p1-r1.ebuild
481 index d3c60891be0..a09b6842fbe 100644
482 --- a/net-misc/openssh/openssh-8.6_p1.ebuild
483 +++ b/net-misc/openssh/openssh-8.6_p1-r1.ebuild
484 @@ -21,7 +21,7 @@ HPN_PATCHES=(
485 )
486
487 SCTP_VER="1.2" SCTP_PATCH="${PARCH}-sctp-${SCTP_VER}.patch.xz"
488 -#X509_VER="13.1" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz"
489 +X509_VER="13.1" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz"
490
491 DESCRIPTION="Port of OpenBSD's free SSH release"
492 HOMEPAGE="https://www.openssh.com/"
493 @@ -191,7 +191,7 @@ src_prepare() {
494 cp $(printf -- "${DISTDIR}/%s\n" "${HPN_PATCHES[@]}") "${hpn_patchdir}" || die
495 pushd "${hpn_patchdir}" &>/dev/null || die
496 eapply "${FILESDIR}"/${P}-hpn-${HPN_VER}-glue.patch
497 - use X509 && eapply "${FILESDIR}"/${PN}-8.5_p1-hpn-${HPN_VER}-X509-glue.patch
498 + use X509 && eapply "${FILESDIR}"/${PN}-8.6_p1-hpn-${HPN_VER}-X509-glue.patch
499 use sctp && eapply "${FILESDIR}"/${PN}-8.5_p1-hpn-${HPN_VER}-sctp-glue.patch
500 popd &>/dev/null || die
Report Message
Find on MARC Find on Google Groups