From f516638b7fe9592837389826a6152a7e1b251c54 Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@redcorelinux.org>
Date: Sat, 30 May 2020 11:44:06 +0100
Subject: gentoo resync : 30.05.2020

---
 .../files/openssh-8.3_p1-hpn-14.20-glue.patch      | 177 +++++++++++++++++++++
 1 file changed, 177 insertions(+)
 create mode 100644 net-misc/openssh/files/openssh-8.3_p1-hpn-14.20-glue.patch

(limited to 'net-misc/openssh/files')

diff --git a/net-misc/openssh/files/openssh-8.3_p1-hpn-14.20-glue.patch b/net-misc/openssh/files/openssh-8.3_p1-hpn-14.20-glue.patch
new file mode 100644
index 000000000000..4414f9be5331
--- /dev/null
+++ b/net-misc/openssh/files/openssh-8.3_p1-hpn-14.20-glue.patch
@@ -0,0 +1,177 @@
+Only in b: .openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff.un~
+diff -ur a/openssh-8_1_P1-hpn-AES-CTR-14.20.diff b/openssh-8_1_P1-hpn-AES-CTR-14.20.diff
+--- a/openssh-8_1_P1-hpn-AES-CTR-14.20.diff	2020-05-27 13:52:27.704108928 -0700
++++ b/openssh-8_1_P1-hpn-AES-CTR-14.20.diff	2020-05-27 13:52:49.803967500 -0700
+@@ -3,9 +3,9 @@
+ --- a/Makefile.in
+ +++ b/Makefile.in
+ @@ -42,7 +42,7 @@ CC=@CC@
+- LD=@LD@
+- CFLAGS=@CFLAGS@
++ CFLAGS_NOPIE=@CFLAGS_NOPIE@
+  CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
++ PICFLAG=@PICFLAG@
+ -LIBS=@LIBS@
+ +LIBS=@LIBS@ -lpthread
+  K5LIBS=@K5LIBS@
+@@ -902,14 +902,14 @@
+  
+  /*
+ @@ -2118,6 +2125,8 @@ fill_default_options(Options * options)
++ 		options->canonicalize_hostname = SSH_CANONICALISE_NO;
++ 	if (options->fingerprint_hash == -1)
+  		options->fingerprint_hash = SSH_FP_HASH_DEFAULT;
+- 	if (options->update_hostkeys == -1)
+- 		options->update_hostkeys = 0;
+ +	if (options->disable_multithreaded == -1)
+ +		options->disable_multithreaded = 0;
+- 
+- 	/* Expand KEX name lists */
+- 	all_cipher = cipher_alg_list(',', 0);
++ #ifdef ENABLE_SK_INTERNAL
++ 	if (options->sk_provider == NULL)
++ 		options->sk_provider = xstrdup("internal");
+ diff --git a/readconf.h b/readconf.h
+ index 8e36bf32..c803eca7 100644
+ --- a/readconf.h
+@@ -952,9 +952,9 @@
+  	sPort, sHostKeyFile, sLoginGraceTime,
+  	sPermitRootLogin, sLogFacility, sLogLevel,
+ @@ -643,6 +647,7 @@ static struct {
+- 	{ "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
+  	{ "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },
+  	{ "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL },
++ 	{ "include", sInclude, SSHCFG_ALL },
+ +	{ "disableMTAES", sDisableMTAES, SSHCFG_ALL },
+  	{ "ipqos", sIPQoS, SSHCFG_ALL },
+  	{ "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL },
+diff -ur a/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff b/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff
+--- a/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff	2020-05-27 13:52:27.705108921 -0700
++++ b/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff	2020-05-27 14:03:57.888683100 -0700
+@@ -409,18 +409,10 @@
+ index 817da43b..b2bcf78f 100644
+ --- a/packet.c
+ +++ b/packet.c
+-@@ -925,6 +925,24 @@ ssh_set_newkeys(struct ssh *ssh, int mode)
++@@ -925,6 +925,16 @@ ssh_set_newkeys(struct ssh *ssh, int mode)
+  	return 0;
+  }
+  
+-+/* this supports the forced rekeying required for the NONE cipher */
+-+int rekey_requested = 0;
+-+void
+-+packet_request_rekeying(void)
+-+{
+-+	rekey_requested = 1;
+-+}
+-+
+ +/* used to determine if pre or post auth when rekeying for aes-ctr
+ + * and none cipher switch */
+ +int
+@@ -434,20 +426,6 @@
+  #define MAX_PACKETS	(1U<<31)
+  static int
+  ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
+-@@ -951,6 +969,13 @@ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
+- 	if (state->p_send.packets == 0 && state->p_read.packets == 0)
+- 		return 0;
+- 
+-+	/* used to force rekeying when called for by the none
+-+         * cipher switch methods -cjr */
+-+        if (rekey_requested == 1) {
+-+                rekey_requested = 0;
+-+                return 1;
+-+        }
+-+
+- 	/* Time-based rekeying */
+- 	if (state->rekey_interval != 0 &&
+- 	    (int64_t)state->rekey_time + state->rekey_interval <= monotime())
+ diff --git a/packet.h b/packet.h
+ index 8ccfd2e0..1ad9bc06 100644
+ --- a/packet.h
+@@ -476,9 +454,9 @@
+  /* Format of the configuration file:
+  
+ @@ -167,6 +168,8 @@ typedef enum {
+- 	oHashKnownHosts,
+  	oTunnel, oTunnelDevice,
+  	oLocalCommand, oPermitLocalCommand, oRemoteCommand,
++ 	oDisableMTAES,
+ +	oTcpRcvBufPoll, oTcpRcvBuf, oHPNDisabled, oHPNBufferSize,
+ +	oNoneEnabled, oNoneSwitch,
+  	oVisualHostKey,
+@@ -615,9 +593,9 @@
+  	int	ip_qos_bulk;		/* IP ToS/DSCP/class for bulk traffic */
+  	SyslogFacility log_facility;	/* Facility for system logging. */
+ @@ -112,7 +116,10 @@ typedef struct {
+- 
+  	int	enable_ssh_keysign;
+  	int64_t rekey_limit;
++ 	int     disable_multithreaded; /*disable multithreaded aes-ctr*/
+ +	int     none_switch;    /* Use none cipher */
+ +	int     none_enabled;   /* Allow none to be used */
+  	int	rekey_interval;
+@@ -700,9 +678,9 @@
+ +			options->hpn_buffer_size = CHAN_TCP_WINDOW_DEFAULT;
+ +	}
+ +
++ 	if (options->disable_multithreaded == -1)
++ 		options->disable_multithreaded = 0;
+  	if (options->ip_qos_interactive == -1)
+- 		options->ip_qos_interactive = IPTOS_DSCP_AF21;
+- 	if (options->ip_qos_bulk == -1)
+ @@ -486,6 +532,8 @@ typedef enum {
+  	sPasswordAuthentication, sKbdInteractiveAuthentication,
+  	sListenAddress, sAddressFamily,
+@@ -731,11 +709,10 @@
+  			*flags = keywords[i].flags;
+  			return keywords[i].opcode;
+  		}
+-@@ -1424,10 +1477,27 @@ process_server_config_line(ServerOptions *options, char *line,
+- 		multistate_ptr = multistate_flag;
++@@ -1424,12 +1477,28 @@ process_server_config_line(ServerOptions *options, char *line,
++ 		multistate_ptr = multistate_ignore_rhosts;
+  		goto parse_multistate;
+  
+-+
+ +	case sTcpRcvBufPoll:
+ +		intptr = &options->tcp_rcv_buf_poll;
+ +		goto parse_flag;
+@@ -750,7 +727,9 @@
+ +
+  	case sIgnoreUserKnownHosts:
+  		intptr = &options->ignore_user_known_hosts;
+- 		goto parse_flag;
++  parse_flag:
++ 		multistate_ptr = multistate_flag;
++ 		goto parse_multistate;
+  
+ +	case sNoneEnabled:
+ +		intptr = &options->none_enabled;
+@@ -1079,11 +1058,11 @@
+  	xxx_host = host;
+  	xxx_hostaddr = hostaddr;
+  
+-@@ -422,6 +433,28 @@ ssh_userauth2(struct ssh *ssh, const char *local_user,
++@@ -422,7 +433,28 @@ ssh_userauth2(struct ssh *ssh, const char *local_user,
+  
+  	if (!authctxt.success)
+  		fatal("Authentication failed.");
+-+
++ 
+ +	/*
+ +	 * If the user wants to use the none cipher, do it post authentication
+ +	 * and only if the right conditions are met -- both of the NONE commands
+@@ -1105,9 +1084,9 @@
+ +		}
+ +	}
+ +
+- 	debug("Authentication succeeded (%s).", authctxt.method->name);
+- }
+- 
++ #ifdef WITH_OPENSSL
++ 	if (options.disable_multithreaded == 0) {
++ 		/* if we are using aes-ctr there can be issues in either a fork or sandbox
+ diff --git a/sshd.c b/sshd.c
+ index 11571c01..23a06022 100644
+ --- a/sshd.c
-- 
cgit v1.2.3