summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Mair-Keimberger <mmk@levelnine.at>2023-01-10 17:29:20 +0100
committerSam James <sam@gentoo.org>2023-01-14 19:15:52 +0000
commit38705b064b00347f0c9c1ca579b8d48ca1834cb6 (patch)
tree6060b52b3f8ca85c8b5a734bf08517fbc410d24c /net-misc/openssh
parentsys-libs/db: remove unused patches (diff)
downloadgentoo-38705b064b00347f0c9c1ca579b8d48ca1834cb6.tar.gz
gentoo-38705b064b00347f0c9c1ca579b8d48ca1834cb6.tar.bz2
gentoo-38705b064b00347f0c9c1ca579b8d48ca1834cb6.zip
net-misc/openssh: remove unused patches
Signed-off-by: Michael Mair-Keimberger <mmk@levelnine.at> Closes: https://github.com/gentoo/gentoo/pull/29048 Signed-off-by: Sam James <sam@gentoo.org>
Diffstat (limited to 'net-misc/openssh')
-rw-r--r--net-misc/openssh/files/openssh-8.9_p1-hpn-15.2-X509-glue.patch431
-rw-r--r--net-misc/openssh/files/openssh-8.9_p1-hpn-15.2-glue.patch238
-rw-r--r--net-misc/openssh/files/openssh-9.0_p1-X509-glue-13.4.1.patch54
-rw-r--r--net-misc/openssh/files/openssh-9.0_p1-implicit-func-decl-vsnprintf.patch32
4 files changed, 0 insertions, 755 deletions
diff --git a/net-misc/openssh/files/openssh-8.9_p1-hpn-15.2-X509-glue.patch b/net-misc/openssh/files/openssh-8.9_p1-hpn-15.2-X509-glue.patch
deleted file mode 100644
index a98e1adcb54c..000000000000
--- a/net-misc/openssh/files/openssh-8.9_p1-hpn-15.2-X509-glue.patch
+++ /dev/null
@@ -1,431 +0,0 @@
-diff -ur '--exclude=.*.un~' a/openssh-8_5_P1-hpn-AES-CTR-15.2.diff b/openssh-8_5_P1-hpn-AES-CTR-15.2.diff
---- a/openssh-8_5_P1-hpn-AES-CTR-15.2.diff 2022-02-24 18:48:19.078457000 -0800
-+++ b/openssh-8_5_P1-hpn-AES-CTR-15.2.diff 2022-02-24 18:49:22.195632128 -0800
-@@ -3,9 +3,9 @@
- --- a/Makefile.in
- +++ b/Makefile.in
- @@ -46,7 +46,7 @@ CFLAGS=@CFLAGS@
-- CFLAGS_NOPIE=@CFLAGS_NOPIE@
-- CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
-- PICFLAG=@PICFLAG@
-+ LD=@LD@
-+ CFLAGS=@CFLAGS@ $(CFLAGS_EXTRA)
-+ CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@
- -LIBS=@LIBS@
- +LIBS=@LIBS@ -lpthread
- K5LIBS=@K5LIBS@
-@@ -803,8 +803,8 @@
- ssh_packet_set_connection(struct ssh *ssh, int fd_in, int fd_out)
- {
- struct session_state *state;
--- const struct sshcipher *none = cipher_by_name("none");
--+ struct sshcipher *none = cipher_by_name("none");
-+- const struct sshcipher *none = cipher_none();
-++ struct sshcipher *none = cipher_none();
- int r;
-
- if (none == NULL) {
-@@ -894,24 +894,24 @@
- intptr = &options->compression;
- multistate_ptr = multistate_compression;
- @@ -2272,6 +2278,7 @@ initialize_options(Options * options)
-- options->revoked_host_keys = NULL;
- options->fingerprint_hash = -1;
- options->update_hostkeys = -1;
-+ options->known_hosts_command = NULL;
- + options->disable_multithreaded = -1;
-- options->hostbased_accepted_algos = NULL;
-- options->pubkey_accepted_algos = NULL;
-- options->known_hosts_command = NULL;
-+ }
-+
-+ /*
- @@ -2467,6 +2474,10 @@ fill_default_options(Options * options)
-+ options->update_hostkeys = 0;
- if (options->sk_provider == NULL)
- options->sk_provider = xstrdup("$SSH_SK_PROVIDER");
-- #endif
- + if (options->update_hostkeys == -1)
- + options->update_hostkeys = 0;
- + if (options->disable_multithreaded == -1)
- + options->disable_multithreaded = 0;
-
-- /* Expand KEX name lists */
-- all_cipher = cipher_alg_list(',', 0);
-+ /* expand KEX and etc. name lists */
-+ { char *all;
- diff --git a/readconf.h b/readconf.h
- index 2fba866e..7f8f0227 100644
- --- a/readconf.h
-@@ -950,9 +950,9 @@
- /* Portable-specific options */
- sUsePAM,
- + sDisableMTAES,
-- /* Standard Options */
-- sPort, sHostKeyFile, sLoginGraceTime,
-- sPermitRootLogin, sLogFacility, sLogLevel, sLogVerbose,
-+ /* X.509 Standard Options */
-+ sHostbasedAlgorithms,
-+ sPubkeyAlgorithms,
- @@ -662,6 +666,7 @@ static struct {
- { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },
- { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL },
-diff -ur '--exclude=.*.un~' a/openssh-8_5_P1-hpn-DynWinNoneSwitch-15.2.diff b/openssh-8_5_P1-hpn-DynWinNoneSwitch-15.2.diff
---- a/openssh-8_5_P1-hpn-DynWinNoneSwitch-15.2.diff 2022-02-24 18:48:19.078457000 -0800
-+++ b/openssh-8_5_P1-hpn-DynWinNoneSwitch-15.2.diff 2022-02-24 18:54:51.800546480 -0800
-@@ -157,6 +157,36 @@
- + Allan Jude provided the code for the NoneMac and buffer normalization.
- + This work was financed, in part, by Cisco System, Inc., the National
- + Library of Medicine, and the National Science Foundation.
-+diff --git a/auth2.c b/auth2.c
-+--- a/auth2.c 2021-03-15 19:30:45.404060786 -0700
-++++ b/auth2.c 2021-03-15 19:37:22.078476597 -0700
-+@@ -229,16 +229,17 @@
-+ double delay;
-+
-+ digest_alg = ssh_digest_maxbytes();
-+- len = ssh_digest_bytes(digest_alg);
-+- hash = xmalloc(len);
-++ if (len = ssh_digest_bytes(digest_alg) > 0) {
-++ hash = xmalloc(len);
-+
-+- (void)snprintf(b, sizeof b, "%llu%s",
-+- (unsigned long long)options.timing_secret, user);
-+- if (ssh_digest_memory(digest_alg, b, strlen(b), hash, len) != 0)
-+- fatal_f("ssh_digest_memory");
-+- /* 0-4.2 ms of delay */
-+- delay = (double)PEEK_U32(hash) / 1000 / 1000 / 1000 / 1000;
-+- freezero(hash, len);
-++ (void)snprintf(b, sizeof b, "%llu%s",
-++ (unsigned long long)options.timing_secret, user);
-++ if (ssh_digest_memory(digest_alg, b, strlen(b), hash, len) != 0)
-++ fatal_f("ssh_digest_memory");
-++ /* 0-4.2 ms of delay */
-++ delay = (double)PEEK_U32(hash) / 1000 / 1000 / 1000 / 1000;
-++ freezero(hash, len);
-++ }
-+ debug3_f("user specific delay %0.3lfms", delay/1000);
-+ return MIN_FAIL_DELAY_SECONDS + delay;
-+ }
- diff --git a/channels.c b/channels.c
- index b60d56c4..0e363c15 100644
- --- a/channels.c
-@@ -209,14 +239,14 @@
- static void
- channel_pre_open(struct ssh *ssh, Channel *c,
- fd_set *readset, fd_set *writeset)
--@@ -2120,22 +2147,32 @@ channel_check_window(struct ssh *ssh, Channel *c)
-+@@ -2164,21 +2191,31 @@ channel_check_window(struct ssh *ssh, Channel *c)
-
- if (c->type == SSH_CHANNEL_OPEN &&
- !(c->flags & (CHAN_CLOSE_SENT|CHAN_CLOSE_RCVD)) &&
- - ((c->local_window_max - c->local_window >
- - c->local_maxpacket*3) ||
--+ ((ssh_packet_is_interactive(ssh) &&
--+ c->local_window_max - c->local_window > c->local_maxpacket*3) ||
-++ ((ssh_packet_is_interactive(ssh) &&
-++ c->local_window_max - c->local_window > c->local_maxpacket*3) ||
- c->local_window < c->local_window_max/2) &&
- c->local_consumed > 0) {
- + u_int addition = 0;
-@@ -235,9 +265,8 @@
- (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 ||
- - (r = sshpkt_put_u32(ssh, c->local_consumed)) != 0 ||
- + (r = sshpkt_put_u32(ssh, c->local_consumed + addition)) != 0 ||
-- (r = sshpkt_send(ssh)) != 0) {
-- fatal_fr(r, "channel %i", c->self);
-- }
-+ (r = sshpkt_send(ssh)) != 0)
-+ fatal_fr(r, "channel %d", c->self);
- - debug2("channel %d: window %d sent adjust %d", c->self,
- - c->local_window, c->local_consumed);
- - c->local_window += c->local_consumed;
-@@ -337,70 +366,92 @@
- index 70f492f8..5503af1d 100644
- --- a/clientloop.c
- +++ b/clientloop.c
--@@ -1578,9 +1578,11 @@ client_request_x11(struct ssh *ssh, const char *request_type, int rchan)
-+@@ -1578,10 +1578,11 @@ client_request_x11(struct ssh *ssh, const char *request_type, int rchan)
- sock = x11_connect_display(ssh);
- if (sock < 0)
- return NULL;
- - c = channel_new(ssh, "x11",
- - SSH_CHANNEL_X11_OPEN, sock, sock, -1,
--- CHAN_TCP_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, 0, "x11", 1);
--+ c = channel_new(ssh, "x11",
--+ SSH_CHANNEL_X11_OPEN, sock, sock, -1,
--+ /* again is this really necessary for X11? */
--+ options.hpn_disabled ? CHAN_TCP_WINDOW_DEFAULT : options.hpn_buffer_size,
--+ CHAN_X11_PACKET_DEFAULT, 0, "x11", 1);
-+- CHAN_TCP_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, 0, "x11",
-+- CHANNEL_NONBLOCK_SET);
-++ c = channel_new(ssh, "x11",
-++ SSH_CHANNEL_X11_OPEN, sock, sock, -1,
-++ /* again is this really necessary for X11? */
-++ options.hpn_disabled ? CHAN_TCP_WINDOW_DEFAULT : options.hpn_buffer_size,
-++ CHAN_X11_PACKET_DEFAULT, 0, "x11", CHANNEL_NONBLOCK_SET);
- c->force_drain = 1;
- return c;
- }
--@@ -1608,9 +1610,10 @@ client_request_agent(struct ssh *ssh, const char *request_type, int rchan)
-+@@ -1608,9 +1609,10 @@ client_request_agent(struct ssh *ssh, const char *request_type, int rchan)
- return NULL;
- }
- c = channel_new(ssh, "authentication agent connection",
- - SSH_CHANNEL_OPEN, sock, sock, -1,
- - CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0,
--- "authentication agent connection", 1);
--+ SSH_CHANNEL_OPEN, sock, sock, -1,
--+ options.hpn_disabled ? CHAN_X11_WINDOW_DEFAULT : options.hpn_buffer_size,
--+ CHAN_TCP_PACKET_DEFAULT, 0,
--+ "authentication agent connection", 1);
-+- "authentication agent connection", CHANNEL_NONBLOCK_SET);
-++ SSH_CHANNEL_OPEN, sock, sock, -1,
-++ options.hpn_disabled ? CHAN_X11_WINDOW_DEFAULT : options.hpn_buffer_size,
-++ CHAN_TCP_PACKET_DEFAULT, 0,
-++ "authentication agent connection", CHANNEL_NONBLOCK_SET);
- c->force_drain = 1;
- return c;
- }
--@@ -1635,10 +1638,13 @@ client_request_tun_fwd(struct ssh *ssh, int tun_mode,
-+@@ -1635,9 +1637,9 @@ client_request_tun_fwd(struct ssh *ssh, int tun_mode,
- }
- debug("Tunnel forwarding using interface %s", ifname);
-
- - c = channel_new(ssh, "tun", SSH_CHANNEL_OPENING, fd, fd, -1,
--- CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
--+ c = channel_new(ssh, "tun", SSH_CHANNEL_OPENING, fd, fd, -1,
-+- CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun",
-+- CHANNEL_NONBLOCK_SET);
-++ c = channel_new(ssh, "tun", SSH_CHANNEL_OPENING, fd, fd, -1,
- + options.hpn_disabled ? CHAN_TCP_WINDOW_DEFAULT : options.hpn_buffer_size,
--+ CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
-++ CHAN_TCP_PACKET_DEFAULT, 0, "tun", CHANNEL_NONBLOCK_SET);
- c->datagram = 1;
-
--+
--+
- #if defined(SSH_TUN_FILTER)
-- if (options.tun_open == SSH_TUNMODE_POINTOPOINT)
-- channel_register_filter(ssh, c->self, sys_tun_infilter,
- diff --git a/compat.c b/compat.c
- index 69befa96..90b5f338 100644
- --- a/compat.c
- +++ b/compat.c
--@@ -149,6 +149,14 @@ compat_banner(struct ssh *ssh, const char *version)
-- debug_f("match: %s pat %s compat 0x%08x",
-+@@ -43,7 +43,7 @@ compat_datafellows(const char *version)
-+ static u_int
-+ compat_datafellows(const char *version)
-+ {
-+- int i;
-++ int i, bugs = 0;
-+ static struct {
-+ char *pat;
-+ int bugs;
-+@@ -147,11 +147,26 @@
-+ if (match_pattern_list(version, check[i].pat, 0) == 1) {
-+ debug("match: %s pat %s compat 0x%08x",
- version, check[i].pat, check[i].bugs);
-- ssh->compat = check[i].bugs;
- + /* Check to see if the remote side is OpenSSH and not HPN */
--+ /* TODO: need to use new method to test for this */
- + if (strstr(version, "OpenSSH") != NULL) {
- + if (strstr(version, "hpn") == NULL) {
--+ ssh->compat |= SSH_BUG_LARGEWINDOW;
-++ bugs |= SSH_BUG_LARGEWINDOW;
- + debug("Remote is NON-HPN aware");
- + }
- + }
-- return;
-+- return check[i].bugs;
-++ bugs |= check[i].bugs;
- }
- }
-+- debug("no match: %s", version);
-+- return 0;
-++ /* Check to see if the remote side is OpenSSH and not HPN */
-++ if (strstr(version, "OpenSSH") != NULL) {
-++ if (strstr(version, "hpn") == NULL) {
-++ bugs |= SSH_BUG_LARGEWINDOW;
-++ debug("Remote is NON-HPN aware");
-++ }
-++ }
-++ if (bugs == 0)
-++ debug("no match: %s", version);
-++ return bugs;
-+ }
-+
-+ char *
- diff --git a/compat.h b/compat.h
- index c197fafc..ea2e17a7 100644
- --- a/compat.h
-@@ -459,7 +510,7 @@
- @@ -890,6 +890,10 @@ kex_choose_conf(struct ssh *ssh)
- int nenc, nmac, ncomp;
- u_int mode, ctos, need, dh_need, authlen;
-- int r, first_kex_follows;
-+ int r, first_kex_follows = 0;
- + int auth_flag = 0;
- +
- + auth_flag = packet_authentication_state(ssh);
-@@ -553,10 +604,10 @@
- #define MAX_PACKETS (1U<<31)
- static int
- ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
--@@ -1317,7 +1351,7 @@ ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
-+@@ -1317,7 +1336,7 @@ ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
-+ {
- struct session_state *state = ssh->state;
- int len, r, ms_remain;
-- struct pollfd pfd;
- - char buf[8192];
- + char buf[SSH_IOBUFSZ];
- struct timeval start;
-@@ -1072,7 +1123,7 @@
- + else
- + options.hpn_buffer_size = 2 * 1024 * 1024;
- +
--+ if (ssh->compat & SSH_BUG_LARGEWINDOW) {
-++ if (ssh_compat_fellows(ssh, SSH_BUG_LARGEWINDOW)) {
- + debug("HPN to Non-HPN Connection");
- + } else {
- + int sock, socksize;
-@@ -1136,14 +1187,14 @@
- }
- @@ -2089,6 +2167,11 @@ ssh_session2_open(struct ssh *ssh)
- window, packetmax, CHAN_EXTENDED_WRITE,
-- "client-session", /*nonblock*/0);
-+ "client-session", CHANNEL_NONBLOCK_STDIO);
-
- + if ((options.tcp_rcv_buf_poll > 0) && !options.hpn_disabled) {
- + c->dynamic_window = 1;
- + debug("Enabled Dynamic Window Scaling");
- + }
- +
-- debug3_f("channel_new: %d", c->self);
-+ debug2_f("channel %d", c->self);
-
- channel_send_open(ssh, c->self);
- @@ -2105,6 +2188,13 @@ ssh_session2(struct ssh *ssh, const struct ssh_conn_info *cinfo)
-@@ -1314,7 +1365,29 @@
- /* Bind the socket to the desired port. */
- if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) == -1) {
- error("Bind to port %s on %s failed: %.200s.",
--@@ -1727,6 +1734,19 @@ main(int ac, char **av)
-+@@ -1625,13 +1632,14 @@
-+ if (ssh_digest_update(ctx, sshbuf_ptr(server_cfg),
-+ sshbuf_len(server_cfg)) != 0)
-+ fatal_f("ssh_digest_update");
-+- len = ssh_digest_bytes(digest_alg);
-+- hash = xmalloc(len);
-+- if (ssh_digest_final(ctx, hash, len) != 0)
-+- fatal_f("ssh_digest_final");
-+- options.timing_secret = PEEK_U64(hash);
-+- freezero(hash, len);
-+- ssh_digest_free(ctx);
-++ if ((len = ssh_digest_bytes(digest_alg)) > 0) {
-++ hash = xmalloc(len);
-++ if (ssh_digest_final(ctx, hash, len) != 0)
-++ fatal_f("ssh_digest_final");
-++ options.timing_secret = PEEK_U64(hash);
-++ freezero(hash, len);
-++ ssh_digest_free(ctx);
-++ }
-+ ctx = NULL;
-+ return;
-+ }
-+@@ -1727,6 +1735,19 @@ main(int ac, char **av)
- fatal("AuthorizedPrincipalsCommand set without "
- "AuthorizedPrincipalsCommandUser");
-
-@@ -1334,7 +1407,7 @@
- /*
- * Check whether there is any path through configured auth methods.
- * Unfortunately it is not possible to verify this generally before
--@@ -2166,6 +2186,9 @@ main(int ac, char **av)
-+@@ -2166,6 +2187,9 @@ main(int ac, char **av)
- rdomain == NULL ? "" : "\"");
- free(laddr);
-
-@@ -1344,7 +1417,7 @@
- /*
- * We don't want to listen forever unless the other side
- * successfully authenticates itself. So we set up an alarm which is
--@@ -2343,6 +2366,12 @@ do_ssh2_kex(struct ssh *ssh)
-+@@ -2343,6 +2367,12 @@ do_ssh2_kex(struct ssh *ssh)
- struct kex *kex;
- int r;
-
-@@ -1384,14 +1457,3 @@
- # Example of overriding settings on a per-user basis
- #Match User anoncvs
- # X11Forwarding no
--diff --git a/version.h b/version.h
--index 6b4fa372..332fb486 100644
----- a/version.h
--+++ b/version.h
--@@ -3,4 +3,5 @@
-- #define SSH_VERSION "OpenSSH_8.5"
--
-- #define SSH_PORTABLE "p1"
---#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
--+#define SSH_HPN "-hpn15v2"
--+#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN
-diff -ur '--exclude=.*.un~' a/openssh-8_5_P1-hpn-PeakTput-15.2.diff b/openssh-8_5_P1-hpn-PeakTput-15.2.diff
---- a/openssh-8_5_P1-hpn-PeakTput-15.2.diff 2022-02-24 18:48:19.078457000 -0800
-+++ b/openssh-8_5_P1-hpn-PeakTput-15.2.diff 2022-02-24 18:49:22.196632131 -0800
-@@ -12,9 +12,9 @@
- static long stalled; /* how long we have been stalled */
- static int bytes_per_second; /* current speed in bytes per second */
- @@ -127,6 +129,7 @@ refresh_progress_meter(int force_update)
-+ off_t bytes_left;
- int cur_speed;
-- int hours, minutes, seconds;
-- int file_len;
-+ int len;
- + off_t delta_pos;
-
- if ((!force_update && !alarm_fired && !win_resized) || !can_output())
-@@ -30,15 +30,17 @@
- if (bytes_left > 0)
- elapsed = now - last_update;
- else {
--@@ -166,7 +173,7 @@ refresh_progress_meter(int force_update)
--
-+@@ -166,8 +173,8 @@ refresh_progress_meter(int force_update)
-+ buf[1] = '\0';
-+
- /* filename */
-- buf[0] = '\0';
--- file_len = win_size - 36;
--+ file_len = win_size - 45;
-- if (file_len > 0) {
-- buf[0] = '\r';
-- snmprintf(buf+1, sizeof(buf)-1, &file_len, "%-*s",
-+- if (win_size > 36) {
-++ if (win_size > 45) {
-+- int file_len = win_size - 36;
-++ int file_len = win_size - 45;
-+ snmprintf(buf+1, sizeof(buf)-1, &file_len, "%-*s ",
-+ file_len, file);
-+ }
- @@ -191,6 +198,15 @@ refresh_progress_meter(int force_update)
- (off_t)bytes_per_second);
- strlcat(buf, "/s ", win_size);
-@@ -63,15 +65,3 @@
- }
-
- /*ARGSUSED*/
--diff --git a/ssh-keygen.c b/ssh-keygen.c
--index cfb5f115..986ff59b 100644
----- a/ssh-keygen.c
--+++ b/ssh-keygen.c
--@@ -2959,7 +2959,6 @@ do_download_sk(const char *skprovider, const char *device)
--
-- if (skprovider == NULL)
-- fatal("Cannot download keys without provider");
---
-- pin = read_passphrase("Enter PIN for authenticator: ", RP_ALLOW_STDIN);
-- if (!quiet) {
-- printf("You may need to touch your authenticator "
diff --git a/net-misc/openssh/files/openssh-8.9_p1-hpn-15.2-glue.patch b/net-misc/openssh/files/openssh-8.9_p1-hpn-15.2-glue.patch
deleted file mode 100644
index 272270b7e985..000000000000
--- a/net-misc/openssh/files/openssh-8.9_p1-hpn-15.2-glue.patch
+++ /dev/null
@@ -1,238 +0,0 @@
-diff -ur '--exclude=.*.un~' a/openssh-8_5_P1-hpn-AES-CTR-15.2.diff b/openssh-8_5_P1-hpn-AES-CTR-15.2.diff
---- a/openssh-8_5_P1-hpn-AES-CTR-15.2.diff 2022-02-23 17:10:24.843395097 -0800
-+++ b/openssh-8_5_P1-hpn-AES-CTR-15.2.diff 2022-02-23 17:10:38.206451595 -0800
-@@ -1026,9 +1026,9 @@
- + }
- +#endif
- +
-- debug("Authentication succeeded (%s).", authctxt.method->name);
-- }
--
-+ if (ssh_packet_connection_is_on_socket(ssh)) {
-+ verbose("Authenticated to %s ([%s]:%d) using \"%s\".", host,
-+ ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),
- diff --git a/sshd.c b/sshd.c
- index 6277e6d6..bf3d6e4a 100644
- --- a/sshd.c
-diff -ur '--exclude=.*.un~' a/openssh-8_5_P1-hpn-DynWinNoneSwitch-15.2.diff b/openssh-8_5_P1-hpn-DynWinNoneSwitch-15.2.diff
---- a/openssh-8_5_P1-hpn-DynWinNoneSwitch-15.2.diff 2022-02-23 17:08:38.124943587 -0800
-+++ b/openssh-8_5_P1-hpn-DynWinNoneSwitch-15.2.diff 2022-02-23 17:20:59.432070316 -0800
-@@ -536,18 +536,10 @@
- if (state->rekey_limit)
- *max_blocks = MINIMUM(*max_blocks,
- state->rekey_limit / enc->block_size);
--@@ -954,6 +963,24 @@ ssh_set_newkeys(struct ssh *ssh, int mode)
-+@@ -954,6 +963,16 @@ ssh_set_newkeys(struct ssh *ssh, int mode)
- return 0;
- }
-
--+/* this supports the forced rekeying required for the NONE cipher */
--+int rekey_requested = 0;
--+void
--+packet_request_rekeying(void)
--+{
--+ rekey_requested = 1;
--+}
--+
- +/* used to determine if pre or post auth when rekeying for aes-ctr
- + * and none cipher switch */
- +int
-@@ -561,27 +553,14 @@
- #define MAX_PACKETS (1U<<31)
- static int
- ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
--@@ -980,6 +1007,13 @@ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
-- if (state->p_send.packets == 0 && state->p_read.packets == 0)
-- return 0;
--
--+ /* used to force rekeying when called for by the none
--+ * cipher switch methods -cjr */
--+ if (rekey_requested == 1) {
--+ rekey_requested = 0;
--+ return 1;
--+ }
--+
-- /* Time-based rekeying */
-- if (state->rekey_interval != 0 &&
-- (int64_t)state->rekey_time + state->rekey_interval <= monotime())
- @@ -1317,7 +1351,7 @@ ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
- struct session_state *state = ssh->state;
- int len, r, ms_remain;
-- fd_set *setp;
-+ struct pollfd pfd;
- - char buf[8192];
- + char buf[SSH_IOBUFSZ];
-- struct timeval timeout, start, *timeoutp = NULL;
-+ struct timeval start;
-+ struct timespec timespec, *timespecp = NULL;
-
- DBG(debug("packet_read()"));
- diff --git a/packet.h b/packet.h
-@@ -598,12 +577,11 @@
- };
-
- typedef int (ssh_packet_hook_fn)(struct ssh *, struct sshbuf *,
--@@ -155,6 +158,10 @@ int ssh_packet_inc_alive_timeouts(struct ssh *);
-+@@ -155,6 +158,9 @@ int ssh_packet_inc_alive_timeouts(struct ssh *);
- int ssh_packet_set_maxsize(struct ssh *, u_int);
- u_int ssh_packet_get_maxsize(struct ssh *);
-
- +/* for forced packet rekeying post auth */
--+void packet_request_rekeying(void);
- +int packet_authentication_state(const struct ssh *);
- +
- int ssh_packet_get_state(struct ssh *, struct sshbuf *);
-@@ -627,9 +605,9 @@
- oLocalCommand, oPermitLocalCommand, oRemoteCommand,
- + oTcpRcvBufPoll, oTcpRcvBuf, oHPNDisabled, oHPNBufferSize,
- + oNoneEnabled, oNoneMacEnabled, oNoneSwitch,
-+ oDisableMTAES,
- oVisualHostKey,
- oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass,
-- oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots,
- @@ -297,6 +300,9 @@ static struct {
- { "kexalgorithms", oKexAlgorithms },
- { "ipqos", oIPQoS },
-@@ -637,9 +615,9 @@
- + { "noneenabled", oNoneEnabled },
- + { "nonemacenabled", oNoneMacEnabled },
- + { "noneswitch", oNoneSwitch },
-- { "proxyusefdpass", oProxyUseFdpass },
-- { "canonicaldomains", oCanonicalDomains },
-- { "canonicalizefallbacklocal", oCanonicalizeFallbackLocal },
-+ { "sessiontype", oSessionType },
-+ { "stdinnull", oStdinNull },
-+ { "forkafterauthentication", oForkAfterAuthentication },
- @@ -317,6 +323,11 @@ static struct {
- { "securitykeyprovider", oSecurityKeyProvider },
- { "knownhostscommand", oKnownHostsCommand },
-@@ -717,9 +695,9 @@
- + options->hpn_buffer_size = -1;
- + options->tcp_rcv_buf_poll = -1;
- + options->tcp_rcv_buf = -1;
-- options->proxy_use_fdpass = -1;
-- options->ignored_unknown = NULL;
-- options->num_canonical_domains = 0;
-+ options->session_type = -1;
-+ options->stdin_null = -1;
-+ options->fork_after_authentication = -1;
- @@ -2426,6 +2484,41 @@ fill_default_options(Options * options)
- options->server_alive_interval = 0;
- if (options->server_alive_count_max == -1)
-@@ -778,9 +756,9 @@
- int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */
- SyslogFacility log_facility; /* Facility for system logging. */
- @@ -120,7 +124,11 @@ typedef struct {
--
- int enable_ssh_keysign;
- int64_t rekey_limit;
-+ int disable_multithreaded; /*disable multithreaded aes-ctr*/
- + int none_switch; /* Use none cipher */
- + int none_enabled; /* Allow none cipher to be used */
- + int nonemac_enabled; /* Allow none MAC to be used */
-@@ -842,9 +820,9 @@
- /* Portable-specific options */
- if (options->use_pam == -1)
- @@ -424,6 +434,49 @@ fill_default_server_options(ServerOptions *options)
-- }
-- if (options->permit_tun == -1)
- options->permit_tun = SSH_TUNMODE_NO;
-+ if (options->disable_multithreaded == -1)
-+ options->disable_multithreaded = 0;
- + if (options->none_enabled == -1)
- + options->none_enabled = 0;
- + if (options->nonemac_enabled == -1)
-@@ -975,15 +953,6 @@
- index 306658cb..d4309903 100644
- --- a/serverloop.c
- +++ b/serverloop.c
--@@ -322,7 +322,7 @@ static int
-- process_input(struct ssh *ssh, fd_set *readset, int connection_in)
-- {
-- int r, len;
--- char buf[16384];
--+ char buf[SSH_IOBUFSZ];
--
-- /* Read and buffer any input data from the client. */
-- if (FD_ISSET(connection_in, readset)) {
- @@ -608,7 +608,8 @@ server_request_tun(struct ssh *ssh)
- debug("Tunnel forwarding using interface %s", ifname);
-
-@@ -1047,30 +1016,17 @@
- Note that
- diff --git a/sftp.c b/sftp.c
- index fb3c08d1..89bebbb2 100644
----- a/sftp.c
--+++ b/sftp.c
--@@ -71,7 +71,7 @@ typedef void EditLine;
-- #include "sftp-client.h"
--
-- #define DEFAULT_COPY_BUFLEN 32768 /* Size of buffer for up/download */
---#define DEFAULT_NUM_REQUESTS 64 /* # concurrent outstanding requests */
--+#define DEFAULT_NUM_REQUESTS 256 /* # concurrent outstanding requests */
--
-- /* File to read commands from */
-- FILE* infile;
--diff --git a/ssh-keygen.c b/ssh-keygen.c
--index cfb5f115..36a6e519 100644
----- a/ssh-keygen.c
--+++ b/ssh-keygen.c
--@@ -2971,7 +2971,7 @@ do_download_sk(const char *skprovider, const char *device)
-- freezero(pin, strlen(pin));
-- error_r(r, "Unable to load resident keys");
-- return -1;
--- }
--+ }
-- if (nkeys == 0)
-- logit("No keys to download");
-- if (pin != NULL)
-+--- a/sftp-client.c
-++++ b/sftp-client.c
-+@@ -65,7 +65,7 @@ typedef void EditLine;
-+ #define DEFAULT_COPY_BUFLEN 32768
-+
-+ /* Default number of concurrent outstanding requests */
-+-#define DEFAULT_NUM_REQUESTS 64
-++#define DEFAULT_NUM_REQUESTS 256
-+
-+ /* Minimum amount of data to read at a time */
-+ #define MIN_READ_SIZE 512
- diff --git a/ssh.c b/ssh.c
- index 53330da5..27b9770e 100644
- --- a/ssh.c
-@@ -1330,9 +1286,9 @@
- + }
- + }
- +
-- debug("Authentication succeeded (%s).", authctxt.method->name);
-- }
-
-+ #ifdef WITH_OPENSSL
-+ if (options.disable_multithreaded == 0) {
- diff --git a/sshd.c b/sshd.c
- index 6277e6d6..d66fa41a 100644
- --- a/sshd.c
-@@ -1359,8 +1315,8 @@
- if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) == -1) {
- error("Bind to port %s on %s failed: %.200s.",
- @@ -1727,6 +1734,19 @@ main(int ac, char **av)
-- /* Fill in default values for those options not explicitly set. */
-- fill_default_server_options(&options);
-+ fatal("AuthorizedPrincipalsCommand set without "
-+ "AuthorizedPrincipalsCommandUser");
-
- + if (options.none_enabled == 1) {
- + char *old_ciphers = options.ciphers;
-@@ -1375,9 +1331,9 @@
- + }
- + }
- +
-- /* challenge-response is implemented via keyboard interactive */
-- if (options.challenge_response_authentication)
-- options.kbd_interactive_authentication = 1;
-+ /*
-+ * Check whether there is any path through configured auth methods.
-+ * Unfortunately it is not possible to verify this generally before
- @@ -2166,6 +2186,9 @@ main(int ac, char **av)
- rdomain == NULL ? "" : "\"");
- free(laddr);
diff --git a/net-misc/openssh/files/openssh-9.0_p1-X509-glue-13.4.1.patch b/net-misc/openssh/files/openssh-9.0_p1-X509-glue-13.4.1.patch
deleted file mode 100644
index dc93182e1d4c..000000000000
--- a/net-misc/openssh/files/openssh-9.0_p1-X509-glue-13.4.1.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-diff -ur '--exclude=.*.un~' a/openssh-9.0p1+x509-13.4.1.diff b/openssh-9.0p1+x509-13.4.1.diff
---- a/openssh-9.0p1+x509-13.4.1.diff 2022-06-23 10:43:33.957093896 -0700
-+++ b/openssh-9.0p1+x509-13.4.1.diff 2022-06-23 10:44:17.232396805 -0700
-@@ -48941,8 +48941,8 @@
- gss_create_empty_oid_set(&status, &oidset);
- gss_add_oid_set_member(&status, ctx->oid, &oidset);
-
--- if (gethostname(lname, MAXHOSTNAMELEN)) {
--+ if (gethostname(lname, MAXHOSTNAMELEN) == -1) {
-+- if (gethostname(lname, HOST_NAME_MAX)) {
-++ if (gethostname(lname, HOST_NAME_MAX) == -1) {
- gss_release_oid_set(&status, &oidset);
- return (-1);
- }
-@@ -57102,12 +57102,11 @@
-
- install-files:
- $(MKDIR_P) $(DESTDIR)$(bindir)
--@@ -395,6 +372,8 @@
-+@@ -395,6 +372,7 @@
- $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)5
- $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)8
- $(MKDIR_P) $(DESTDIR)$(libexecdir)
- + $(MKDIR_P) $(DESTDIR)$(sshcadir)
--+ $(MKDIR_P) $(DESTDIR)$(piddir)
- $(MKDIR_P) -m 0755 $(DESTDIR)$(PRIVSEP_PATH)
- $(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) $(DESTDIR)$(bindir)/ssh$(EXEEXT)
- $(INSTALL) -m 0755 $(STRIP_OPT) scp$(EXEEXT) $(DESTDIR)$(bindir)/scp$(EXEEXT)
-@@ -78638,7 +78637,7 @@
- +if test "$sshd_type" = "pkix" ; then
- + unset_arg=''
- +else
--+ unset_arg=none
-++ unset_arg=''
- +fi
- +
- cat > $OBJ/sshd_config.i << _EOF
-@@ -143777,16 +143776,6 @@
- +int asnmprintf(char **, size_t, int *, const char *, ...)
- __attribute__((format(printf, 4, 5)));
- void msetlocale(void);
--diff -ruN openssh-9.0p1/version.h openssh-9.0p1+x509-13.4.1/version.h
----- openssh-9.0p1/version.h 2022-04-06 03:47:48.000000000 +0300
--+++ openssh-9.0p1+x509-13.4.1/version.h 2022-06-23 09:07:00.000000000 +0300
--@@ -2,5 +2,4 @@
--
-- #define SSH_VERSION "OpenSSH_9.0"
--
---#define SSH_PORTABLE "p1"
---#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
--+#define SSH_RELEASE PACKAGE_STRING ", " SSH_VERSION "p1"
- diff -ruN openssh-9.0p1/version.m4 openssh-9.0p1+x509-13.4.1/version.m4
- --- openssh-9.0p1/version.m4 1970-01-01 02:00:00.000000000 +0200
- +++ openssh-9.0p1+x509-13.4.1/version.m4 2022-06-23 09:07:00.000000000 +0300
diff --git a/net-misc/openssh/files/openssh-9.0_p1-implicit-func-decl-vsnprintf.patch b/net-misc/openssh/files/openssh-9.0_p1-implicit-func-decl-vsnprintf.patch
deleted file mode 100644
index c3a464eb3fe8..000000000000
--- a/net-misc/openssh/files/openssh-9.0_p1-implicit-func-decl-vsnprintf.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-https://github.com/openssh/openssh-portable/pull/339
-
-From a15d08a25f1ccc3ee803dfe790cc1f608651464c Mon Sep 17 00:00:00 2001
-From: Sam James <sam@gentoo.org>
-Date: Thu, 8 Sep 2022 02:49:29 +0100
-Subject: [PATCH] openbsd-compat/bsd-asprintf: add <stdio.h> include for
- vsnprintf
-
-Fixes the following build failure with Clang 15 on musl:
-```
-bsd-asprintf.c:51:8: error: call to undeclared library function 'vsnprintf' with type 'int (char *, unsigned long, const char *, struct __va_list_tag *)'; ISO C99 and laterclang -O2 -pipe -fdiagnostics-color=always -frecord-gcc-switches -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wmisleading-indentation -Wbitwise-instead-of-logical -fno-strict-aliasing -mretpoline -ftrapv -fzero-call-used-regs=all -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -DSSHDIR=\"/etc/ssh\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/lib/misc/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/lib/misc/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/lib/misc/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/lib/misc/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/lib/misc/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c cipher-aes.c -o cipher-aes.o
- do not support
- implicit function declarations [-Wimplicit-function-declaration]
- ret = vsnprintf(string, INIT_SZ, fmt, ap2);
- ^
-bsd-asprintf.c:51:8: note: include the header <stdio.h> or explicitly provide a declaration for 'vsnprintf'
-1 error generated.
-```
-
-See also: https://lists.mindrot.org/pipermail/openssh-unix-dev/2019-June/037811.html
-See also: 73eb6cef41daba0359c1888e4756108d41b4e819
---- a/openbsd-compat/bsd-asprintf.c
-+++ b/openbsd-compat/bsd-asprintf.c
-@@ -32,6 +32,7 @@
-
- #include <errno.h>
- #include <stdarg.h>
-+#include <stdio.h>
- #include <stdlib.h>
-
- #define INIT_SZ 128
-