net-misc/openssh : pull from gentoo

1 files changed, 0 insertions, 151 deletions

diff --git a/net-misc/openssh/files/openssh-8.2_p1-hpn-14.20-glue.patch b/net-misc/openssh/files/openssh-8.2_p1-hpn-14.20-glue.patch
deleted file mode 100644
index b2163fe5..00000000
--- a/net-misc/openssh/files/openssh-8.2_p1-hpn-14.20-glue.patch
+++ /dev/null
@@ -1,151 +0,0 @@
-diff -ur '--exclude=*.un~' a/openssh-8_1_P1-hpn-AES-CTR-14.20.diff b/openssh-8_1_P1-hpn-AES-CTR-14.20.diff
---- a/openssh-8_1_P1-hpn-AES-CTR-14.20.diff	2020-02-15 12:50:44.413776914 -0800
-+++ b/openssh-8_1_P1-hpn-AES-CTR-14.20.diff	2020-02-15 12:53:06.190742744 -0800
-@@ -3,9 +3,9 @@
- --- a/Makefile.in
- +++ b/Makefile.in
- @@ -42,7 +42,7 @@ CC=@CC@
-- LD=@LD@
-- CFLAGS=@CFLAGS@
-+ CFLAGS_NOPIE=@CFLAGS_NOPIE@
-  CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
-+ PICFLAG=@PICFLAG@
- -LIBS=@LIBS@
- +LIBS=@LIBS@ -lpthread
-  K5LIBS=@K5LIBS@
-@@ -902,14 +902,14 @@
-  
-  /*
- @@ -2118,6 +2125,8 @@ fill_default_options(Options * options)
-+ 		options->canonicalize_hostname = SSH_CANONICALISE_NO;
-+ 	if (options->fingerprint_hash == -1)
-  		options->fingerprint_hash = SSH_FP_HASH_DEFAULT;
-- 	if (options->update_hostkeys == -1)
-- 		options->update_hostkeys = 0;
- +	if (options->disable_multithreaded == -1)
- +		options->disable_multithreaded = 0;
-- 
-- 	/* Expand KEX name lists */
-- 	all_cipher = cipher_alg_list(',', 0);
-+ #ifdef ENABLE_SK_INTERNAL
-+ 	if (options->sk_provider == NULL)
-+ 		options->sk_provider = xstrdup("internal");
- diff --git a/readconf.h b/readconf.h
- index 8e36bf32..c803eca7 100644
- --- a/readconf.h
-@@ -952,9 +952,9 @@
-  	sPort, sHostKeyFile, sLoginGraceTime,
-  	sPermitRootLogin, sLogFacility, sLogLevel,
- @@ -643,6 +647,7 @@ static struct {
-- 	{ "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
-  	{ "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },
-  	{ "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL },
-+ 	{ "include", sInclude, SSHCFG_ALL },
- +	{ "disableMTAES", sDisableMTAES, SSHCFG_ALL },
-  	{ "ipqos", sIPQoS, SSHCFG_ALL },
-  	{ "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL },
-diff -ur '--exclude=*.un~' a/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff b/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff
---- a/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff	2020-02-15 12:50:44.413776914 -0800
-+++ b/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff	2020-02-15 12:51:19.541768656 -0800
-@@ -409,18 +409,10 @@
- index 817da43b..b2bcf78f 100644
- --- a/packet.c
- +++ b/packet.c
--@@ -925,6 +925,24 @@ ssh_set_newkeys(struct ssh *ssh, int mode)
-+@@ -925,6 +925,16 @@ ssh_set_newkeys(struct ssh *ssh, int mode)
-  	return 0;
-  }
-  
--+/* this supports the forced rekeying required for the NONE cipher */
--+int rekey_requested = 0;
--+void
--+packet_request_rekeying(void)
--+{
--+	rekey_requested = 1;
--+}
--+
- +/* used to determine if pre or post auth when rekeying for aes-ctr
- + * and none cipher switch */
- +int
-@@ -434,20 +426,6 @@
-  #define MAX_PACKETS	(1U<<31)
-  static int
-  ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
--@@ -951,6 +969,13 @@ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
-- 	if (state->p_send.packets == 0 && state->p_read.packets == 0)
-- 		return 0;
-- 
--+	/* used to force rekeying when called for by the none
--+         * cipher switch methods -cjr */
--+        if (rekey_requested == 1) {
--+                rekey_requested = 0;
--+                return 1;
--+        }
--+
-- 	/* Time-based rekeying */
-- 	if (state->rekey_interval != 0 &&
-- 	    (int64_t)state->rekey_time + state->rekey_interval <= monotime())
- diff --git a/packet.h b/packet.h
- index 8ccfd2e0..1ad9bc06 100644
- --- a/packet.h
-@@ -476,9 +454,9 @@
-  /* Format of the configuration file:
-  
- @@ -167,6 +168,8 @@ typedef enum {
-- 	oHashKnownHosts,
-  	oTunnel, oTunnelDevice,
-  	oLocalCommand, oPermitLocalCommand, oRemoteCommand,
-+ 	oDisableMTAES,
- +	oTcpRcvBufPoll, oTcpRcvBuf, oHPNDisabled, oHPNBufferSize,
- +	oNoneEnabled, oNoneSwitch,
-  	oVisualHostKey,
-@@ -615,9 +593,9 @@
-  	int	ip_qos_bulk;		/* IP ToS/DSCP/class for bulk traffic */
-  	SyslogFacility log_facility;	/* Facility for system logging. */
- @@ -112,7 +116,10 @@ typedef struct {
-- 
-  	int	enable_ssh_keysign;
-  	int64_t rekey_limit;
-+ 	int     disable_multithreaded; /*disable multithreaded aes-ctr*/
- +	int     none_switch;    /* Use none cipher */
- +	int     none_enabled;   /* Allow none to be used */
-  	int	rekey_interval;
-@@ -700,9 +678,9 @@
- +			options->hpn_buffer_size = CHAN_TCP_WINDOW_DEFAULT;
- +	}
- +
-+ 	if (options->disable_multithreaded == -1)
-+ 		options->disable_multithreaded = 0;
-  	if (options->ip_qos_interactive == -1)
-- 		options->ip_qos_interactive = IPTOS_DSCP_AF21;
-- 	if (options->ip_qos_bulk == -1)
- @@ -486,6 +532,8 @@ typedef enum {
-  	sPasswordAuthentication, sKbdInteractiveAuthentication,
-  	sListenAddress, sAddressFamily,
-@@ -1079,11 +1057,11 @@
-  	xxx_host = host;
-  	xxx_hostaddr = hostaddr;
-  
--@@ -422,6 +433,28 @@ ssh_userauth2(struct ssh *ssh, const char *local_user,
-+@@ -422,7 +433,28 @@ ssh_userauth2(struct ssh *ssh, const char *local_user,
-  
-  	if (!authctxt.success)
-  		fatal("Authentication failed.");
--+
-+ 
- +	/*
- +	 * If the user wants to use the none cipher, do it post authentication
- +	 * and only if the right conditions are met -- both of the NONE commands
-@@ -1105,9 +1083,9 @@
- +		}
- +	}
- +
-- 	debug("Authentication succeeded (%s).", authctxt.method->name);
-- }
-- 
-+ #ifdef WITH_OPENSSL
-+ 	if (options.disable_multithreaded == 0) {
-+ 		/* if we are using aes-ctr there can be issues in either a fork or sandbox
- diff --git a/sshd.c b/sshd.c
- index 11571c01..23a06022 100644
- --- a/sshd.c