gentoo resync : 12.05.2022

1 files changed, 0 insertions, 198 deletions

diff --git a/net-misc/openssh/files/openssh-8.7_p1-hpn-15.2-glue.patch b/net-misc/openssh/files/openssh-8.7_p1-hpn-15.2-glue.patch
deleted file mode 100644
index 309e57e88643..000000000000
--- a/net-misc/openssh/files/openssh-8.7_p1-hpn-15.2-glue.patch
+++ /dev/null
@@ -1,198 +0,0 @@
-diff -ur '--exclude=.*.un~' a/openssh-8_5_P1-hpn-AES-CTR-15.2.diff b/openssh-8_5_P1-hpn-AES-CTR-15.2.diff
---- a/openssh-8_5_P1-hpn-AES-CTR-15.2.diff	2021-08-20 11:49:32.351767063 -0700
-+++ b/openssh-8_5_P1-hpn-AES-CTR-15.2.diff	2021-08-20 11:58:08.746214945 -0700
-@@ -1026,9 +1026,9 @@
- +	}
- +#endif
- +
-- 	debug("Authentication succeeded (%s).", authctxt.method->name);
-- }
-- 
-+ 	if (ssh_packet_connection_is_on_socket(ssh)) {
-+ 		verbose("Authenticated to %s ([%s]:%d) using \"%s\".", host,
-+ 		    ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),
- diff --git a/sshd.c b/sshd.c
- index 6277e6d6..bf3d6e4a 100644
- --- a/sshd.c
-diff -ur '--exclude=.*.un~' a/openssh-8_5_P1-hpn-DynWinNoneSwitch-15.2.diff b/openssh-8_5_P1-hpn-DynWinNoneSwitch-15.2.diff
---- a/openssh-8_5_P1-hpn-DynWinNoneSwitch-15.2.diff	2021-08-20 11:49:32.351767063 -0700
-+++ b/openssh-8_5_P1-hpn-DynWinNoneSwitch-15.2.diff	2021-08-20 12:04:45.008038085 -0700
-@@ -536,18 +536,10 @@
-  	if (state->rekey_limit)
-  		*max_blocks = MINIMUM(*max_blocks,
-  		    state->rekey_limit / enc->block_size);
--@@ -954,6 +963,24 @@ ssh_set_newkeys(struct ssh *ssh, int mode)
-+@@ -954,6 +963,16 @@ ssh_set_newkeys(struct ssh *ssh, int mode)
-  	return 0;
-  }
-  
--+/* this supports the forced rekeying required for the NONE cipher */
--+int rekey_requested = 0;
--+void
--+packet_request_rekeying(void)
--+{
--+	rekey_requested = 1;
--+}
--+
- +/* used to determine if pre or post auth when rekeying for aes-ctr
- + * and none cipher switch */
- +int
-@@ -561,20 +553,6 @@
-  #define MAX_PACKETS	(1U<<31)
-  static int
-  ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
--@@ -980,6 +1007,13 @@ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
-- 	if (state->p_send.packets == 0 && state->p_read.packets == 0)
-- 		return 0;
-- 
--+	/* used to force rekeying when called for by the none
--+         * cipher switch methods -cjr */
--+        if (rekey_requested == 1) {
--+                rekey_requested = 0;
--+                return 1;
--+        }
--+
-- 	/* Time-based rekeying */
-- 	if (state->rekey_interval != 0 &&
-- 	    (int64_t)state->rekey_time + state->rekey_interval <= monotime())
- @@ -1317,7 +1351,7 @@ ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
-  	struct session_state *state = ssh->state;
-  	int len, r, ms_remain;
-@@ -598,12 +576,11 @@
-  };
-  
-  typedef int (ssh_packet_hook_fn)(struct ssh *, struct sshbuf *,
--@@ -155,6 +158,10 @@ int	 ssh_packet_inc_alive_timeouts(struct ssh *);
-+@@ -155,6 +158,9 @@ int	 ssh_packet_inc_alive_timeouts(struct ssh *);
-  int	 ssh_packet_set_maxsize(struct ssh *, u_int);
-  u_int	 ssh_packet_get_maxsize(struct ssh *);
-  
- +/* for forced packet rekeying post auth */
--+void	 packet_request_rekeying(void);
- +int	 packet_authentication_state(const struct ssh *);
- +
-  int	 ssh_packet_get_state(struct ssh *, struct sshbuf *);
-@@ -627,9 +604,9 @@
-  	oLocalCommand, oPermitLocalCommand, oRemoteCommand,
- +	oTcpRcvBufPoll, oTcpRcvBuf, oHPNDisabled, oHPNBufferSize,
- +	oNoneEnabled, oNoneMacEnabled, oNoneSwitch,
-+ 	oDisableMTAES,
-  	oVisualHostKey,
-  	oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass,
-- 	oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots,
- @@ -297,6 +300,9 @@ static struct {
-  	{ "kexalgorithms", oKexAlgorithms },
-  	{ "ipqos", oIPQoS },
-@@ -637,9 +614,9 @@
- +	{ "noneenabled", oNoneEnabled },
- +	{ "nonemacenabled", oNoneMacEnabled },
- +	{ "noneswitch", oNoneSwitch },
-- 	{ "proxyusefdpass", oProxyUseFdpass },
-- 	{ "canonicaldomains", oCanonicalDomains },
-- 	{ "canonicalizefallbacklocal", oCanonicalizeFallbackLocal },
-+ 	{ "sessiontype", oSessionType },
-+ 	{ "stdinnull", oStdinNull },
-+ 	{ "forkafterauthentication", oForkAfterAuthentication },
- @@ -317,6 +323,11 @@ static struct {
-  	{ "securitykeyprovider", oSecurityKeyProvider },
-  	{ "knownhostscommand", oKnownHostsCommand },
-@@ -717,9 +694,9 @@
- +	options->hpn_buffer_size = -1;
- +	options->tcp_rcv_buf_poll = -1;
- +	options->tcp_rcv_buf = -1;
-- 	options->proxy_use_fdpass = -1;
-- 	options->ignored_unknown = NULL;
-- 	options->num_canonical_domains = 0;
-+ 	options->session_type = -1;
-+ 	options->stdin_null = -1;
-+ 	options->fork_after_authentication = -1;
- @@ -2426,6 +2484,41 @@ fill_default_options(Options * options)
-  		options->server_alive_interval = 0;
-  	if (options->server_alive_count_max == -1)
-@@ -778,9 +755,9 @@
-  	int	ip_qos_bulk;		/* IP ToS/DSCP/class for bulk traffic */
-  	SyslogFacility log_facility;	/* Facility for system logging. */
- @@ -120,7 +124,11 @@ typedef struct {
-- 
-  	int	enable_ssh_keysign;
-  	int64_t rekey_limit;
-+ 	int     disable_multithreaded; /*disable multithreaded aes-ctr*/
- +	int     none_switch;    /* Use none cipher */
- +	int     none_enabled;   /* Allow none cipher to be used */
- +  	int     nonemac_enabled;   /* Allow none MAC to be used */
-@@ -842,9 +819,9 @@
-  	/* Portable-specific options */
-  	if (options->use_pam == -1)
- @@ -424,6 +434,49 @@ fill_default_server_options(ServerOptions *options)
-- 	}
-- 	if (options->permit_tun == -1)
-  		options->permit_tun = SSH_TUNMODE_NO;
-+ 	if (options->disable_multithreaded == -1)
-+ 		options->disable_multithreaded = 0;
- +	if (options->none_enabled == -1)
- +		options->none_enabled = 0;
- +	if (options->nonemac_enabled == -1)
-@@ -1047,17 +1024,17 @@
-  Note that
- diff --git a/sftp.c b/sftp.c
- index fb3c08d1..89bebbb2 100644
----- a/sftp.c
--+++ b/sftp.c
--@@ -71,7 +71,7 @@ typedef void EditLine;
-- #include "sftp-client.h"
-- 
-- #define DEFAULT_COPY_BUFLEN	32768	/* Size of buffer for up/download */
---#define DEFAULT_NUM_REQUESTS	64	/* # concurrent outstanding requests */
--+#define DEFAULT_NUM_REQUESTS	256	/* # concurrent outstanding requests */
-+--- a/sftp-client.c
-++++ b/sftp-client.c
-+@@ -65,7 +65,7 @@ typedef void EditLine;
-+ #define DEFAULT_COPY_BUFLEN	32768
-+ 
-+ /* Default number of concurrent outstanding requests */
-+-#define DEFAULT_NUM_REQUESTS	64
-++#define DEFAULT_NUM_REQUESTS	256
-  
-- /* File to read commands from */
-- FILE* infile;
-+ /* Minimum amount of data to read at a time */
-+ #define MIN_READ_SIZE	512
- diff --git a/ssh-keygen.c b/ssh-keygen.c
- index cfb5f115..36a6e519 100644
- --- a/ssh-keygen.c
-@@ -1330,9 +1307,9 @@
- +		}
- +	}
- +
-- 	debug("Authentication succeeded (%s).", authctxt.method->name);
-- }
-  
-+ #ifdef WITH_OPENSSL
-+ 	if (options.disable_multithreaded == 0) {
- diff --git a/sshd.c b/sshd.c
- index 6277e6d6..d66fa41a 100644
- --- a/sshd.c
-@@ -1359,8 +1336,8 @@
-  		if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) == -1) {
-  			error("Bind to port %s on %s failed: %.200s.",
- @@ -1727,6 +1734,19 @@ main(int ac, char **av)
-- 	/* Fill in default values for those options not explicitly set. */
-- 	fill_default_server_options(&options);
-+ 		fatal("AuthorizedPrincipalsCommand set without "
-+ 		    "AuthorizedPrincipalsCommandUser");
-  
- +	if (options.none_enabled == 1) {
- +		char *old_ciphers = options.ciphers;
-@@ -1375,9 +1352,9 @@
- +		}
- +	}
- +
-- 	/* challenge-response is implemented via keyboard interactive */
-- 	if (options.challenge_response_authentication)
-- 		options.kbd_interactive_authentication = 1;
-+ 	/*
-+ 	 * Check whether there is any path through configured auth methods.
-+ 	 * Unfortunately it is not possible to verify this generally before
- @@ -2166,6 +2186,9 @@ main(int ac, char **av)
-  	    rdomain == NULL ? "" : "\"");
-  	free(laddr);