Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/net-misc/openssh/files/openssh-8.0_p1-hpn-X509-glue.patch
diff options
context:
space:
mode:
Diffstat (limited to 'net-misc/openssh/files/openssh-8.0_p1-hpn-X509-glue.patch')
-rw-r--r--net-misc/openssh/files/openssh-8.0_p1-hpn-X509-glue.patch114
1 files changed, 114 insertions, 0 deletions
diff --git a/net-misc/openssh/files/openssh-8.0_p1-hpn-X509-glue.patch b/net-misc/openssh/files/openssh-8.0_p1-hpn-X509-glue.patch
new file mode 100644
index 000000000000..2a9d3bd2f331
--- /dev/null
+++ b/net-misc/openssh/files/openssh-8.0_p1-hpn-X509-glue.patch
@@ -0,0 +1,114 @@
+--- a/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff 2019-04-18 17:07:59.413376785 -0700
++++ b/openssh-7_8_P1-hpn-DynWinNoneSwitch-14.16.diff 2019-04-18 20:05:12.622588051 -0700
+@@ -382,7 +382,7 @@
+ @@ -822,6 +822,10 @@ kex_choose_conf(struct ssh *ssh)
+ int nenc, nmac, ncomp;
+ u_int mode, ctos, need, dh_need, authlen;
+- int r, first_kex_follows;
++ int r, first_kex_follows = 0;
+ + int auth_flag;
+ +
+ + auth_flag = packet_authentication_state(ssh);
+@@ -441,6 +441,39 @@
+ int ssh_packet_get_state(struct ssh *, struct sshbuf *);
+ int ssh_packet_set_state(struct ssh *, struct sshbuf *);
+
++diff --git a/packet.c b/packet.c
++index dcf35e6..9433f08 100644
++--- a/packet.c
+++++ b/packet.c
++@@ -920,6 +920,14 @@ ssh_set_newkeys(struct ssh *ssh, int mode)
++ return 0;
++ }
++
+++/* this supports the forced rekeying required for the NONE cipher */
+++int rekey_requested = 0;
+++void
+++packet_request_rekeying(void)
+++{
+++ rekey_requested = 1;
+++}
+++
++ #define MAX_PACKETS (1U<<31)
++ static int
++ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
++@@ -946,6 +954,13 @@ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
++ if (state->p_send.packets == 0 && state->p_read.packets == 0)
++ return 0;
++
+++ /* used to force rekeying when called for by the none
+++ * cipher switch and aes-mt-ctr methods -cjr */
+++ if (rekey_requested == 1) {
+++ rekey_requested = 0;
+++ return 1;
+++ }
+++
++ /* Time-based rekeying */
++ if (state->rekey_interval != 0 &&
++ (int64_t)state->rekey_time + state->rekey_interval <= monotime())
+ diff --git a/readconf.c b/readconf.c
+ index db5f2d5..33f18c9 100644
+ --- a/readconf.c
+@@ -453,10 +486,9 @@
+
+ /* Format of the configuration file:
+
+-@@ -166,6 +167,8 @@ typedef enum {
++@@ -166,5 +167,7 @@ typedef enum {
+ oTunnel, oTunnelDevice,
+ oLocalCommand, oPermitLocalCommand, oRemoteCommand,
+- oDisableMTAES,
+ + oTcpRcvBufPoll, oTcpRcvBuf, oHPNDisabled, oHPNBufferSize,
+ + oNoneEnabled, oNoneSwitch,
+ oVisualHostKey,
+@@ -592,10 +624,9 @@
+ int ip_qos_interactive; /* IP ToS/DSCP/class for interactive */
+ int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */
+ SyslogFacility log_facility; /* Facility for system logging. */
+-@@ -111,7 +115,10 @@ typedef struct {
++@@ -111,6 +115,9 @@ typedef struct {
+ int enable_ssh_keysign;
+ int64_t rekey_limit;
+- int disable_multithreaded; /*disable multithreaded aes-ctr*/
+ + int none_switch; /* Use none cipher */
+ + int none_enabled; /* Allow none to be used */
+ int rekey_interval;
+@@ -650,10 +681,8 @@
+
+ /* Portable-specific options */
+ if (options->use_pam == -1)
+-@@ -391,6 +400,43 @@ fill_default_server_options(ServerOptions *options)
++@@ -391,4 +400,41 @@ fill_default_server_options(ServerOptions *options)
+ options->permit_tun = SSH_TUNMODE_NO;
+- if (options->disable_multithreaded == -1)
+- options->disable_multithreaded = 0;
+ + if (options->none_enabled == -1)
+ + options->none_enabled = 0;
+ + if (options->hpn_disabled == -1)
+@@ -1095,9 +1124,9 @@
+ + fprintf(stderr, "NONE cipher switch disabled when a TTY is allocated\n");
+ + }
+ + }
++ debug("Authentication succeeded (%s).", authctxt.method->name);
++ }
+
+- #ifdef WITH_OPENSSL
+- if (options.disable_multithreaded == 0) {
+ diff --git a/sshd.c b/sshd.c
+ index a738c3a..b32dbe0 100644
+ --- a/sshd.c
+@@ -1181,14 +1210,3 @@
+ # Example of overriding settings on a per-user basis
+ #Match User anoncvs
+ # X11Forwarding no
+-diff --git a/version.h b/version.h
+-index f1bbf00..21a70c2 100644
+---- a/version.h
+-+++ b/version.h
+-@@ -3,4 +3,5 @@
+- #define SSH_VERSION "OpenSSH_7.8"
+-
+- #define SSH_PORTABLE "p1"
+--#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
+-+#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN
+-+