net-misc/openssh/files/openssh-8.2_p1-hpn-14.20-X509-glue.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133

diff -ur '--exclude=*.un~' a/openssh-8_1_P1-hpn-AES-CTR-14.20.diff b/openssh-8_1_P1-hpn-AES-CTR-14.20.diff
--- a/openssh-8_1_P1-hpn-AES-CTR-14.20.diff	2020-02-15 13:41:56.143193830 -0800
+++ b/openssh-8_1_P1-hpn-AES-CTR-14.20.diff	2020-02-15 13:46:40.060133610 -0800
@@ -3,9 +3,9 @@
 --- a/Makefile.in
 +++ b/Makefile.in
 @@ -42,7 +42,7 @@ CC=@CC@
- CFLAGS_NOPIE=@CFLAGS_NOPIE@
- CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
- PICFLAG=@PICFLAG@
+ LD=@LD@
+ CFLAGS=@CFLAGS@ $(CFLAGS_EXTRA)
+ CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@
 -LIBS=@LIBS@
 +LIBS=@LIBS@ -lpthread
  K5LIBS=@K5LIBS@
@@ -803,8 +803,8 @@
  ssh_packet_set_connection(struct ssh *ssh, int fd_in, int fd_out)
  {
  	struct session_state *state;
--	const struct sshcipher *none = cipher_by_name("none");
-+	struct sshcipher *none = cipher_by_name("none");
+-	const struct sshcipher *none = cipher_none();
++	struct sshcipher *none = cipher_none();
  	int r;
  
  	if (none == NULL) {
@@ -902,14 +902,14 @@
  
  /*
 @@ -2118,6 +2125,8 @@ fill_default_options(Options * options)
- 		options->canonicalize_hostname = SSH_CANONICALISE_NO;
- 	if (options->fingerprint_hash == -1)
  		options->fingerprint_hash = SSH_FP_HASH_DEFAULT;
+ 	if (options->update_hostkeys == -1)
+ 		options->update_hostkeys = 0;
 +	if (options->disable_multithreaded == -1)
 +		options->disable_multithreaded = 0;
- #ifdef ENABLE_SK_INTERNAL
  	if (options->sk_provider == NULL)
- 		options->sk_provider = xstrdup("internal");
+ 		options->sk_provider = xstrdup("$SSH_SK_PROVIDER");
+  
 diff --git a/readconf.h b/readconf.h
 index 8e36bf32..c803eca7 100644
 --- a/readconf.h
@@ -948,9 +948,9 @@
  	/* Portable-specific options */
  	sUsePAM,
 +	sDisableMTAES,
- 	/* Standard Options */
- 	sPort, sHostKeyFile, sLoginGraceTime,
- 	sPermitRootLogin, sLogFacility, sLogLevel,
+ 	/* X.509 Standard Options */
+ 	sHostbasedAlgorithms,
+ 	sPubkeyAlgorithms,
 @@ -643,6 +647,7 @@ static struct {
  	{ "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },
  	{ "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL },
Only in b: openssh-8_1_P1-hpn-AES-CTR-14.20.diff.orig
diff -ur '--exclude=*.un~' a/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff b/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff
--- a/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff	2020-02-15 13:41:56.144193830 -0800
+++ b/openssh-8_1_P1-hpn-DynWinNoneSwitch-14.20.diff	2020-02-15 13:45:36.665147504 -0800
@@ -382,7 +382,7 @@
 @@ -884,6 +884,10 @@ kex_choose_conf(struct ssh *ssh)
  	int nenc, nmac, ncomp;
  	u_int mode, ctos, need, dh_need, authlen;
- 	int r, first_kex_follows;
+ 	int r, first_kex_follows = 0;
 +	int auth_flag;
 +
 +	auth_flag = packet_authentication_state(ssh);
@@ -391,8 +391,8 @@
  	debug2("local %s KEXINIT proposal", kex->server ? "server" : "client");
  	if ((r = kex_buf2prop(kex->my, NULL, &my)) != 0)
 @@ -954,6 +958,14 @@ kex_choose_conf(struct ssh *ssh)
- 			peer[ncomp] = NULL;
- 			goto out;
+ 			else
+ 				fatal("Pre-authentication none cipher requests are not allowed.");
  		}
 +		debug("REQUESTED ENC.NAME is '%s'", newkeys->enc.name);
 +		if (strcmp(newkeys->enc.name, "none") == 0) {
@@ -1169,15 +1169,3 @@
  # Example of overriding settings on a per-user basis
  #Match User anoncvs
  #	X11Forwarding no
-diff --git a/version.h b/version.h
-index 6b3fadf8..ec1d2e27 100644
---- a/version.h
-+++ b/version.h
-@@ -3,4 +3,6 @@
- #define SSH_VERSION	"OpenSSH_8.1"
- 
- #define SSH_PORTABLE	"p1"
--#define SSH_RELEASE	SSH_VERSION SSH_PORTABLE
-+#define SSH_HPN         "-hpn14v20"
-+#define SSH_RELEASE	SSH_VERSION SSH_PORTABLE SSH_HPN
-+ 
diff -ur '--exclude=*.un~' a/openssh-8_1_P1-hpn-PeakTput-14.20.diff b/openssh-8_1_P1-hpn-PeakTput-14.20.diff
--- a/openssh-8_1_P1-hpn-PeakTput-14.20.diff	2020-02-15 13:41:43.834196317 -0800
+++ b/openssh-8_1_P1-hpn-PeakTput-14.20.diff	2020-02-15 13:45:36.665147504 -0800
@@ -12,9 +12,9 @@
  static long stalled;		/* how long we have been stalled */
  static int bytes_per_second;	/* current speed in bytes per second */
 @@ -127,6 +129,7 @@ refresh_progress_meter(int force_update)
+ 	off_t bytes_left;
  	int cur_speed;
- 	int hours, minutes, seconds;
- 	int file_len;
+ 	int len;
 +	off_t delta_pos;
  
  	if ((!force_update && !alarm_fired && !win_resized) || !can_output())
@@ -33,12 +33,12 @@
 @@ -166,7 +173,7 @@ refresh_progress_meter(int force_update)
  
  	/* filename */
- 	buf[0] = '\0';
--	file_len = win_size - 36;
-+	file_len = win_size - 45;
- 	if (file_len > 0) {
- 		buf[0] = '\r';
- 		snmprintf(buf+1, sizeof(buf)-1, &file_len, "%-*s",
+ 	if (win_size > 36) {
+-		int file_len = win_size - 36;
++		int file_len = win_size - 45;
+ 		snmprintf(buf+1, sizeof(buf)-1, &file_len, "%-*s ",
+ 		    file_len, file);
+ 	}
 @@ -191,6 +198,15 @@ refresh_progress_meter(int force_update)
  	    (off_t)bytes_per_second);
  	strlcat(buf, "/s ", win_size);