From 2e34d110f164bf74d55fced27fe0000201b3eec5 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Thu, 1 Oct 2020 23:05:41 +0100 Subject: gentoo resync : 01.10.2020 --- .../files/openssh-8.4_p1-hpn-14.22-glue.patch | 94 ++++++++++++++++++++++ .../files/openssh-8.4_p1-hpn-14.22-libressl.patch | 20 +++++ .../files/openssh-8.4_p1-hpn-14.22-sctp-glue.patch | 18 +++++ 3 files changed, 132 insertions(+) create mode 100644 net-misc/openssh/files/openssh-8.4_p1-hpn-14.22-glue.patch create mode 100644 net-misc/openssh/files/openssh-8.4_p1-hpn-14.22-libressl.patch create mode 100644 net-misc/openssh/files/openssh-8.4_p1-hpn-14.22-sctp-glue.patch (limited to 'net-misc/openssh/files') diff --git a/net-misc/openssh/files/openssh-8.4_p1-hpn-14.22-glue.patch b/net-misc/openssh/files/openssh-8.4_p1-hpn-14.22-glue.patch new file mode 100644 index 000000000000..884063c60f13 --- /dev/null +++ b/net-misc/openssh/files/openssh-8.4_p1-hpn-14.22-glue.patch @@ -0,0 +1,94 @@ +diff -ur a/openssh-8_3_P1-hpn-DynWinNoneSwitch-14.22.diff b/openssh-8_3_P1-hpn-DynWinNoneSwitch-14.22.diff +--- a/openssh-8_3_P1-hpn-DynWinNoneSwitch-14.22.diff 2020-09-28 13:15:17.780747192 -0700 ++++ b/openssh-8_3_P1-hpn-DynWinNoneSwitch-14.22.diff 2020-09-28 13:34:03.576552219 -0700 +@@ -409,18 +409,10 @@ + index e7abb341..c23276d4 100644 + --- a/packet.c + +++ b/packet.c +-@@ -961,6 +961,24 @@ ssh_set_newkeys(struct ssh *ssh, int mode) ++@@ -961,6 +961,16 @@ ssh_set_newkeys(struct ssh *ssh, int mode) + return 0; + } + +-+/* this supports the forced rekeying required for the NONE cipher */ +-+int rekey_requested = 0; +-+void +-+packet_request_rekeying(void) +-+{ +-+ rekey_requested = 1; +-+} +-+ + +/* used to determine if pre or post auth when rekeying for aes-ctr + + * and none cipher switch */ + +int +@@ -434,20 +426,6 @@ + #define MAX_PACKETS (1U<<31) + static int + ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len) +-@@ -987,6 +1005,13 @@ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len) +- if (state->p_send.packets == 0 && state->p_read.packets == 0) +- return 0; +- +-+ /* used to force rekeying when called for by the none +-+ * cipher switch methods -cjr */ +-+ if (rekey_requested == 1) { +-+ rekey_requested = 0; +-+ return 1; +-+ } +-+ +- /* Time-based rekeying */ +- if (state->rekey_interval != 0 && +- (int64_t)state->rekey_time + state->rekey_interval <= monotime()) + diff --git a/packet.h b/packet.h + index c2544bd9..ebd85c88 100644 + --- a/packet.h +@@ -481,9 +459,9 @@ + oLocalCommand, oPermitLocalCommand, oRemoteCommand, + + oTcpRcvBufPoll, oTcpRcvBuf, oHPNDisabled, oHPNBufferSize, + + oNoneEnabled, oNoneSwitch, ++ oDisableMTAES, + oVisualHostKey, + oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass, +- oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots, + @@ -294,6 +297,8 @@ static struct { + { "kexalgorithms", oKexAlgorithms }, + { "ipqos", oIPQoS }, +@@ -615,9 +593,9 @@ + int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */ + SyslogFacility log_facility; /* Facility for system logging. */ + @@ -114,7 +118,10 @@ typedef struct { +- + int enable_ssh_keysign; + int64_t rekey_limit; ++ int disable_multithreaded; /*disable multithreaded aes-ctr*/ + + int none_switch; /* Use none cipher */ + + int none_enabled; /* Allow none to be used */ + int rekey_interval; +@@ -700,9 +678,9 @@ + + options->hpn_buffer_size = CHAN_TCP_WINDOW_DEFAULT; + + } + + ++ if (options->disable_multithreaded == -1) ++ options->disable_multithreaded = 0; + if (options->ip_qos_interactive == -1) +- options->ip_qos_interactive = IPTOS_DSCP_AF21; +- if (options->ip_qos_bulk == -1) + @@ -519,6 +565,8 @@ typedef enum { + sPasswordAuthentication, sKbdInteractiveAuthentication, + sListenAddress, sAddressFamily, +@@ -1081,11 +1059,11 @@ + xxx_host = host; + xxx_hostaddr = hostaddr; + +-@@ -435,6 +446,28 @@ ssh_userauth2(struct ssh *ssh, const char *local_user, ++@@ -435,7 +446,28 @@ ssh_userauth2(struct ssh *ssh, const char *local_user, ++ } ++ } ++ #endif + +- if (!authctxt.success) +- fatal("Authentication failed."); +-+ + + /* + + * If the user wants to use the none cipher, do it post authentication + + * and only if the right conditions are met -- both of the NONE commands diff --git a/net-misc/openssh/files/openssh-8.4_p1-hpn-14.22-libressl.patch b/net-misc/openssh/files/openssh-8.4_p1-hpn-14.22-libressl.patch new file mode 100644 index 000000000000..79cc3e5c2d81 --- /dev/null +++ b/net-misc/openssh/files/openssh-8.4_p1-hpn-14.22-libressl.patch @@ -0,0 +1,20 @@ +--- a/openssh-8_3_P1-hpn-AES-CTR-14.22.diff 2020-04-17 10:31:37.392120799 -0700 ++++ b/openssh-8_3_P1-hpn-AES-CTR-14.22.diff 2020-04-17 10:32:46.143684424 -0700 +@@ -672,7 +672,7 @@ + +const EVP_CIPHER * + +evp_aes_ctr_mt(void) + +{ +-+# if OPENSSL_VERSION_NUMBER >= 0x10100000UL +++# if (OPENSSL_VERSION_NUMBER >= 0x10100000UL || defined(HAVE_OPAQUE_STRUCTS)) && !defined(LIBRESSL_VERSION_NUMBER) + + static EVP_CIPHER *aes_ctr; + + aes_ctr = EVP_CIPHER_meth_new(NID_undef, 16/*block*/, 16/*key*/); + + EVP_CIPHER_meth_set_iv_length(aes_ctr, AES_BLOCK_SIZE); +@@ -701,7 +701,7 @@ + + EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV; + +# endif /*SSH_OLD_EVP*/ + + return &aes_ctr; +-+# endif /*OPENSSH_VERSION_NUMBER*/ +++# endif /*OPENSSL_VERSION_NUMBER*/ + +} + + + +#endif /* defined(WITH_OPENSSL) */ diff --git a/net-misc/openssh/files/openssh-8.4_p1-hpn-14.22-sctp-glue.patch b/net-misc/openssh/files/openssh-8.4_p1-hpn-14.22-sctp-glue.patch new file mode 100644 index 000000000000..52ec42e37fd3 --- /dev/null +++ b/net-misc/openssh/files/openssh-8.4_p1-hpn-14.22-sctp-glue.patch @@ -0,0 +1,18 @@ +diff -ur a/openssh-8_3_P1-hpn-DynWinNoneSwitch-14.22.diff b/openssh-8_3_P1-hpn-DynWinNoneSwitch-14.22.diff +--- a/openssh-8_3_P1-hpn-DynWinNoneSwitch-14.22.diff 2020-09-28 16:42:34.168386903 -0700 ++++ b/openssh-8_3_P1-hpn-DynWinNoneSwitch-14.22.diff 2020-09-28 16:42:43.806325434 -0700 +@@ -1171,14 +1171,3 @@ + # Example of overriding settings on a per-user basis + #Match User anoncvs + # X11Forwarding no +-diff --git a/version.h b/version.h +-index a2eca3ec..ff654fc3 100644 +---- a/version.h +-+++ b/version.h +-@@ -3,4 +3,5 @@ +- #define SSH_VERSION "OpenSSH_8.3" +- +- #define SSH_PORTABLE "p1" +--#define SSH_RELEASE SSH_VERSION SSH_PORTABLE +-+#define SSH_HPN "-hpn14v22" +-+#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN -- cgit v1.2.3