gentoo resync : 01.10.2020

3 files changed, 132 insertions, 0 deletions

diff --git a/net-misc/openssh/files/openssh-8.4_p1-hpn-14.22-glue.patch b/net-misc/openssh/files/openssh-8.4_p1-hpn-14.22-glue.patch
new file mode 100644
index 000000000000..884063c60f13
--- /dev/null
+++ b/net-misc/openssh/files/openssh-8.4_p1-hpn-14.22-glue.patch
@@ -0,0 +1,94 @@
+diff -ur a/openssh-8_3_P1-hpn-DynWinNoneSwitch-14.22.diff b/openssh-8_3_P1-hpn-DynWinNoneSwitch-14.22.diff
+--- a/openssh-8_3_P1-hpn-DynWinNoneSwitch-14.22.diff	2020-09-28 13:15:17.780747192 -0700
++++ b/openssh-8_3_P1-hpn-DynWinNoneSwitch-14.22.diff	2020-09-28 13:34:03.576552219 -0700
+@@ -409,18 +409,10 @@
+ index e7abb341..c23276d4 100644
+ --- a/packet.c
+ +++ b/packet.c
+-@@ -961,6 +961,24 @@ ssh_set_newkeys(struct ssh *ssh, int mode)
++@@ -961,6 +961,16 @@ ssh_set_newkeys(struct ssh *ssh, int mode)
+  	return 0;
+  }
+  
+-+/* this supports the forced rekeying required for the NONE cipher */
+-+int rekey_requested = 0;
+-+void
+-+packet_request_rekeying(void)
+-+{
+-+	rekey_requested = 1;
+-+}
+-+
+ +/* used to determine if pre or post auth when rekeying for aes-ctr
+ + * and none cipher switch */
+ +int
+@@ -434,20 +426,6 @@
+  #define MAX_PACKETS	(1U<<31)
+  static int
+  ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
+-@@ -987,6 +1005,13 @@ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
+- 	if (state->p_send.packets == 0 && state->p_read.packets == 0)
+- 		return 0;
+- 
+-+	/* used to force rekeying when called for by the none
+-+         * cipher switch methods -cjr */
+-+        if (rekey_requested == 1) {
+-+                rekey_requested = 0;
+-+                return 1;
+-+        }
+-+
+- 	/* Time-based rekeying */
+- 	if (state->rekey_interval != 0 &&
+- 	    (int64_t)state->rekey_time + state->rekey_interval <= monotime())
+ diff --git a/packet.h b/packet.h
+ index c2544bd9..ebd85c88 100644
+ --- a/packet.h
+@@ -481,9 +459,9 @@
+  	oLocalCommand, oPermitLocalCommand, oRemoteCommand,
+ +	oTcpRcvBufPoll, oTcpRcvBuf, oHPNDisabled, oHPNBufferSize,
+ +	oNoneEnabled, oNoneSwitch,
++ 	oDisableMTAES,
+  	oVisualHostKey,
+  	oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass,
+- 	oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots,
+ @@ -294,6 +297,8 @@ static struct {
+  	{ "kexalgorithms", oKexAlgorithms },
+  	{ "ipqos", oIPQoS },
+@@ -615,9 +593,9 @@
+  	int	ip_qos_bulk;		/* IP ToS/DSCP/class for bulk traffic */
+  	SyslogFacility log_facility;	/* Facility for system logging. */
+ @@ -114,7 +118,10 @@ typedef struct {
+- 
+  	int	enable_ssh_keysign;
+  	int64_t rekey_limit;
++ 	int     disable_multithreaded; /*disable multithreaded aes-ctr*/
+ +	int     none_switch;    /* Use none cipher */
+ +	int     none_enabled;   /* Allow none to be used */
+  	int	rekey_interval;
+@@ -700,9 +678,9 @@
+ +			options->hpn_buffer_size = CHAN_TCP_WINDOW_DEFAULT;
+ +	}
+ +
++ 	if (options->disable_multithreaded == -1)
++ 		options->disable_multithreaded = 0;
+  	if (options->ip_qos_interactive == -1)
+- 		options->ip_qos_interactive = IPTOS_DSCP_AF21;
+- 	if (options->ip_qos_bulk == -1)
+ @@ -519,6 +565,8 @@ typedef enum {
+  	sPasswordAuthentication, sKbdInteractiveAuthentication,
+  	sListenAddress, sAddressFamily,
+@@ -1081,11 +1059,11 @@
+  	xxx_host = host;
+  	xxx_hostaddr = hostaddr;
+  
+-@@ -435,6 +446,28 @@ ssh_userauth2(struct ssh *ssh, const char *local_user,
++@@ -435,7 +446,28 @@ ssh_userauth2(struct ssh *ssh, const char *local_user,
++ 		}
++ 	}
++ #endif
+  
+- 	if (!authctxt.success)
+- 		fatal("Authentication failed.");
+-+
+ +	/*
+ +	 * If the user wants to use the none cipher, do it post authentication
+ +	 * and only if the right conditions are met -- both of the NONE commands
diff --git a/net-misc/openssh/files/openssh-8.4_p1-hpn-14.22-libressl.patch b/net-misc/openssh/files/openssh-8.4_p1-hpn-14.22-libressl.patch
new file mode 100644
index 000000000000..79cc3e5c2d81
--- /dev/null
+++ b/net-misc/openssh/files/openssh-8.4_p1-hpn-14.22-libressl.patch
@@ -0,0 +1,20 @@
+--- a/openssh-8_3_P1-hpn-AES-CTR-14.22.diff	2020-04-17 10:31:37.392120799 -0700
++++ b/openssh-8_3_P1-hpn-AES-CTR-14.22.diff	2020-04-17 10:32:46.143684424 -0700
+@@ -672,7 +672,7 @@
+ +const EVP_CIPHER *
+ +evp_aes_ctr_mt(void)
+ +{
+-+# if OPENSSL_VERSION_NUMBER >= 0x10100000UL
+++# if (OPENSSL_VERSION_NUMBER >= 0x10100000UL || defined(HAVE_OPAQUE_STRUCTS)) && !defined(LIBRESSL_VERSION_NUMBER)
+ +	static EVP_CIPHER *aes_ctr;
+ +	aes_ctr = EVP_CIPHER_meth_new(NID_undef, 16/*block*/, 16/*key*/);
+ +	EVP_CIPHER_meth_set_iv_length(aes_ctr, AES_BLOCK_SIZE);
+@@ -701,7 +701,7 @@
+ +		EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV;
+ +#  endif /*SSH_OLD_EVP*/
+ +        return &aes_ctr;
+-+# endif /*OPENSSH_VERSION_NUMBER*/
+++# endif /*OPENSSL_VERSION_NUMBER*/
+ +}
+ +
+ +#endif /* defined(WITH_OPENSSL) */
diff --git a/net-misc/openssh/files/openssh-8.4_p1-hpn-14.22-sctp-glue.patch b/net-misc/openssh/files/openssh-8.4_p1-hpn-14.22-sctp-glue.patch
new file mode 100644
index 000000000000..52ec42e37fd3
--- /dev/null
+++ b/net-misc/openssh/files/openssh-8.4_p1-hpn-14.22-sctp-glue.patch
@@ -0,0 +1,18 @@
+diff -ur a/openssh-8_3_P1-hpn-DynWinNoneSwitch-14.22.diff b/openssh-8_3_P1-hpn-DynWinNoneSwitch-14.22.diff
+--- a/openssh-8_3_P1-hpn-DynWinNoneSwitch-14.22.diff	2020-09-28 16:42:34.168386903 -0700
++++ b/openssh-8_3_P1-hpn-DynWinNoneSwitch-14.22.diff	2020-09-28 16:42:43.806325434 -0700
+@@ -1171,14 +1171,3 @@
+  # Example of overriding settings on a per-user basis
+  #Match User anoncvs
+  #	X11Forwarding no
+-diff --git a/version.h b/version.h
+-index a2eca3ec..ff654fc3 100644
+---- a/version.h
+-+++ b/version.h
+-@@ -3,4 +3,5 @@
+- #define SSH_VERSION	"OpenSSH_8.3"
+- 
+- #define SSH_PORTABLE	"p1"
+--#define SSH_RELEASE	SSH_VERSION SSH_PORTABLE
+-+#define SSH_HPN         "-hpn14v22"
+-+#define SSH_RELEASE	SSH_VERSION SSH_PORTABLE SSH_HPN