Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/net-misc/openssh/files
diff options
context:
space:
mode:
authorPatrick McLean <patrick.mclean@sony.com>2018-10-19 16:58:42 -0700
committerPatrick McLean <chutzpah@gentoo.org>2018-10-19 16:59:17 -0700
commit1e31c03626df1f0848684e56fb84f0697d038085 (patch)
tree5ac667c45368e885abeef4e3552e9ac9952d3228 /net-misc/openssh/files
parentprofiles/thirdpartymirrors: Use new CDN addresses for openbsd (diff)
downloadgentoo-1e31c03626df1f0848684e56fb84f0697d038085.tar.gz
gentoo-1e31c03626df1f0848684e56fb84f0697d038085.tar.bz2
gentoo-1e31c03626df1f0848684e56fb84f0697d038085.zip
net-misc/openssh: Version bump to 7.9_p1
Signed-off-by: Patrick McLean <chutzpah@gentoo.org> Package-Manager: Portage-2.3.51, Repoman-2.3.11
Diffstat (limited to 'net-misc/openssh/files')
-rw-r--r--net-misc/openssh/files/openssh-7.9_p1-X509-glue.patch28
-rw-r--r--net-misc/openssh/files/openssh-7.9_p1-hpn-X509-glue.patch79
-rw-r--r--net-misc/openssh/files/openssh-7.9_p1-hpn-glue.patch112
-rw-r--r--net-misc/openssh/files/openssh-7.9_p1-hpn-sctp-glue.patch17
-rw-r--r--net-misc/openssh/files/openssh-7.9_p1-openssl-1.0.2-compat.patch13
5 files changed, 249 insertions, 0 deletions
diff --git a/net-misc/openssh/files/openssh-7.9_p1-X509-glue.patch b/net-misc/openssh/files/openssh-7.9_p1-X509-glue.patch
new file mode 100644
index 000000000000..e1d63ecc8aef
--- /dev/null
+++ b/net-misc/openssh/files/openssh-7.9_p1-X509-glue.patch
@@ -0,0 +1,28 @@
+--- a/openssh-7.9p1+x509-11.5.diff 2018-10-19 11:41:13.791285390 -0700
++++ b/openssh-7.9p1+x509-11.5.diff 2018-10-19 11:45:42.584694215 -0700
+@@ -44045,7 +44045,7 @@
+ ENGINE_register_all_complete();
+ +#endif
+
+--#if OPENSSL_VERSION_NUMBER < 0x10001000L
++-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ + /* OPENSSL_config will load buildin engines and engines
+ + * specified in configuration file, i.e. method call
+ + * ENGINE_load_builtin_engines. Latter is only for
+@@ -77691,16 +77691,6 @@
+ setlocale(LC_CTYPE, "POSIX.UTF-8") != NULL))
+ return;
+ setlocale(LC_CTYPE, "C");
+-diff -ruN openssh-7.9p1/version.h openssh-7.9p1+x509-11.5/version.h
+---- openssh-7.9p1/version.h 2018-10-17 03:01:20.000000000 +0300
+-+++ openssh-7.9p1+x509-11.5/version.h 2018-10-19 19:07:00.000000000 +0300
+-@@ -2,5 +2,4 @@
+-
+- #define SSH_VERSION "OpenSSH_7.9"
+-
+--#define SSH_PORTABLE "p1"
+--#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
+-+#define SSH_RELEASE PACKAGE_STRING ", " SSH_VERSION "p1"
+ diff -ruN openssh-7.9p1/version.m4 openssh-7.9p1+x509-11.5/version.m4
+ --- openssh-7.9p1/version.m4 1970-01-01 02:00:00.000000000 +0200
+ +++ openssh-7.9p1+x509-11.5/version.m4 2018-10-19 18:13:58.000000000 +0300
diff --git a/net-misc/openssh/files/openssh-7.9_p1-hpn-X509-glue.patch b/net-misc/openssh/files/openssh-7.9_p1-hpn-X509-glue.patch
new file mode 100644
index 000000000000..c76d454c92f8
--- /dev/null
+++ b/net-misc/openssh/files/openssh-7.9_p1-hpn-X509-glue.patch
@@ -0,0 +1,79 @@
+--- temp/openssh-7_8_P1-hpn-AES-CTR-14.16.diff.orig 2018-09-12 15:58:57.377986085 -0700
++++ temp/openssh-7_8_P1-hpn-AES-CTR-14.16.diff 2018-09-12 16:07:15.376711327 -0700
+@@ -4,8 +4,8 @@
+ +++ b/Makefile.in
+ @@ -42,7 +42,7 @@ CC=@CC@
+ LD=@LD@
+- CFLAGS=@CFLAGS@
+- CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
++ CFLAGS=@CFLAGS@ $(CFLAGS_EXTRA)
++ CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@
+ -LIBS=@LIBS@
+ +LIBS=@LIBS@ -lpthread
+ K5LIBS=@K5LIBS@
+@@ -788,8 +788,8 @@
+ ssh_packet_set_connection(struct ssh *ssh, int fd_in, int fd_out)
+ {
+ struct session_state *state;
+-- const struct sshcipher *none = cipher_by_name("none");
+-+ struct sshcipher *none = cipher_by_name("none");
++- const struct sshcipher *none = cipher_none();
+++ struct sshcipher *none = cipher_none();
+ int r;
+
+ if (none == NULL) {
+@@ -933,9 +933,9 @@
+ /* Portable-specific options */
+ sUsePAM,
+ + sDisableMTAES,
+- /* Standard Options */
+- sPort, sHostKeyFile, sLoginGraceTime,
+- sPermitRootLogin, sLogFacility, sLogLevel,
++ /* X.509 Standard Options */
++ sHostbasedAlgorithms,
++ sPubkeyAlgorithms,
+ @@ -626,6 +630,7 @@ static struct {
+ { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
+ { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },
+--- temp/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff.orig 2018-09-12 16:38:16.947447218 -0700
++++ temp/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff 2018-09-12 16:32:35.479700864 -0700
+@@ -382,7 +382,7 @@
+ @@ -822,6 +822,10 @@ kex_choose_conf(struct ssh *ssh)
+ int nenc, nmac, ncomp;
+ u_int mode, ctos, need, dh_need, authlen;
+- int r, first_kex_follows;
++ int r, first_kex_follows = 0;
+ + int auth_flag;
+ +
+ + auth_flag = packet_authentication_state(ssh);
+@@ -1125,15 +1125,6 @@
+ index a738c3a..b32dbe0 100644
+ --- a/sshd.c
+ +++ b/sshd.c
+-@@ -373,7 +373,7 @@ sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out)
+- char remote_version[256]; /* Must be at least as big as buf. */
+-
+- xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s\r\n",
+-- PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION,
+-+ PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE,
+- *options.version_addendum == '\0' ? "" : " ",
+- options.version_addendum);
+-
+ @@ -1037,6 +1037,8 @@ listen_on_addrs(struct listenaddr *la)
+ int ret, listen_sock;
+ struct addrinfo *ai;
+@@ -1213,14 +1204,3 @@
+ # Example of overriding settings on a per-user basis
+ #Match User anoncvs
+ # X11Forwarding no
+-diff --git a/version.h b/version.h
+-index f1bbf00..21a70c2 100644
+---- a/version.h
+-+++ b/version.h
+-@@ -3,4 +3,5 @@
+- #define SSH_VERSION "OpenSSH_7.8"
+-
+- #define SSH_PORTABLE "p1"
+--#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
+-+#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN
+-+
diff --git a/net-misc/openssh/files/openssh-7.9_p1-hpn-glue.patch b/net-misc/openssh/files/openssh-7.9_p1-hpn-glue.patch
new file mode 100644
index 000000000000..0561e3814067
--- /dev/null
+++ b/net-misc/openssh/files/openssh-7.9_p1-hpn-glue.patch
@@ -0,0 +1,112 @@
+--- temp/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff.orig 2018-09-11 17:19:19.968420409 -0700
++++ temp/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff 2018-09-11 17:39:19.977535398 -0700
+@@ -409,18 +409,10 @@
+ index dcf35e6..da4ced0 100644
+ --- a/packet.c
+ +++ b/packet.c
+-@@ -920,6 +920,24 @@ ssh_set_newkeys(struct ssh *ssh, int mode)
++@@ -920,6 +920,16 @@ ssh_set_newkeys(struct ssh *ssh, int mode)
+ return 0;
+ }
+
+-+/* this supports the forced rekeying required for the NONE cipher */
+-+int rekey_requested = 0;
+-+void
+-+packet_request_rekeying(void)
+-+{
+-+ rekey_requested = 1;
+-+}
+-+
+ +/* used to determine if pre or post auth when rekeying for aes-ctr
+ + * and none cipher switch */
+ +int
+@@ -434,20 +426,6 @@
+ #define MAX_PACKETS (1U<<31)
+ static int
+ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
+-@@ -946,6 +964,13 @@ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
+- if (state->p_send.packets == 0 && state->p_read.packets == 0)
+- return 0;
+-
+-+ /* used to force rekeying when called for by the none
+-+ * cipher switch methods -cjr */
+-+ if (rekey_requested == 1) {
+-+ rekey_requested = 0;
+-+ return 1;
+-+ }
+-+
+- /* Time-based rekeying */
+- if (state->rekey_interval != 0 &&
+- (int64_t)state->rekey_time + state->rekey_interval <= monotime())
+ diff --git a/packet.h b/packet.h
+ index 170203c..f4d9df2 100644
+ --- a/packet.h
+@@ -476,9 +454,9 @@
+ /* Format of the configuration file:
+
+ @@ -166,6 +167,8 @@ typedef enum {
+- oHashKnownHosts,
+ oTunnel, oTunnelDevice,
+ oLocalCommand, oPermitLocalCommand, oRemoteCommand,
++ oDisableMTAES,
+ + oTcpRcvBufPoll, oTcpRcvBuf, oHPNDisabled, oHPNBufferSize,
+ + oNoneEnabled, oNoneSwitch,
+ oVisualHostKey,
+@@ -615,9 +593,9 @@
+ int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */
+ SyslogFacility log_facility; /* Facility for system logging. */
+ @@ -111,7 +115,10 @@ typedef struct {
+-
+ int enable_ssh_keysign;
+ int64_t rekey_limit;
++ int disable_multithreaded; /*disable multithreaded aes-ctr*/
+ + int none_switch; /* Use none cipher */
+ + int none_enabled; /* Allow none to be used */
+ int rekey_interval;
+@@ -673,9 +651,9 @@
+ /* Portable-specific options */
+ if (options->use_pam == -1)
+ @@ -391,6 +400,43 @@ fill_default_server_options(ServerOptions *options)
+- }
+- if (options->permit_tun == -1)
+ options->permit_tun = SSH_TUNMODE_NO;
++ if (options->disable_multithreaded == -1)
++ options->disable_multithreaded = 0;
+ + if (options->none_enabled == -1)
+ + options->none_enabled = 0;
+ + if (options->hpn_disabled == -1)
+@@ -1092,7 +1070,7 @@
+ xxx_host = host;
+ xxx_hostaddr = hostaddr;
+
+-@@ -412,6 +423,28 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host,
++@@ -412,6 +423,27 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host,
+
+ if (!authctxt.success)
+ fatal("Authentication failed.");
+@@ -1117,10 +1095,9 @@
+ + fprintf(stderr, "NONE cipher switch disabled when a TTY is allocated\n");
+ + }
+ + }
+-+
+- debug("Authentication succeeded (%s).", authctxt.method->name);
+- }
+
++ #ifdef WITH_OPENSSL
++ if (options.disable_multithreaded == 0) {
+ diff --git a/sshd.c b/sshd.c
+ index a738c3a..b32dbe0 100644
+ --- a/sshd.c
+@@ -1217,11 +1194,10 @@
+ index f1bbf00..21a70c2 100644
+ --- a/version.h
+ +++ b/version.h
+-@@ -3,4 +3,6 @@
++@@ -3,4 +3,5 @@
+ #define SSH_VERSION "OpenSSH_7.8"
+
+ #define SSH_PORTABLE "p1"
+ -#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
+-+#define SSH_HPN "-hpn14v16"
+ +#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN
+ +
diff --git a/net-misc/openssh/files/openssh-7.9_p1-hpn-sctp-glue.patch b/net-misc/openssh/files/openssh-7.9_p1-hpn-sctp-glue.patch
new file mode 100644
index 000000000000..a7d51ad94839
--- /dev/null
+++ b/net-misc/openssh/files/openssh-7.9_p1-hpn-sctp-glue.patch
@@ -0,0 +1,17 @@
+--- dd/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff.orig 2018-09-12 18:18:51.851536374 -0700
++++ dd/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff 2018-09-12 18:19:01.116475099 -0700
+@@ -1190,14 +1190,3 @@
+ # Example of overriding settings on a per-user basis
+ #Match User anoncvs
+ # X11Forwarding no
+-diff --git a/version.h b/version.h
+-index f1bbf00..21a70c2 100644
+---- a/version.h
+-+++ b/version.h
+-@@ -3,4 +3,5 @@
+- #define SSH_VERSION "OpenSSH_7.8"
+-
+- #define SSH_PORTABLE "p1"
+--#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
+-+#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN
+-+
diff --git a/net-misc/openssh/files/openssh-7.9_p1-openssl-1.0.2-compat.patch b/net-misc/openssh/files/openssh-7.9_p1-openssl-1.0.2-compat.patch
new file mode 100644
index 000000000000..9fc6d0a9dcec
--- /dev/null
+++ b/net-misc/openssh/files/openssh-7.9_p1-openssl-1.0.2-compat.patch
@@ -0,0 +1,13 @@
+diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c
+index 8b4a3627..590b66d1 100644
+--- a/openbsd-compat/openssl-compat.c
++++ b/openbsd-compat/openssl-compat.c
+@@ -76,7 +76,7 @@ ssh_OpenSSL_add_all_algorithms(void)
+ ENGINE_load_builtin_engines();
+ ENGINE_register_all_complete();
+
+-#if OPENSSL_VERSION_NUMBER < 0x10001000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ OPENSSL_config(NULL);
+ #else
+ OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS |