svn commit: r473485 - in head/security/openssh-portable: . files
Bryan Drewery
bdrewery at FreeBSD.org
Thu Jun 28 03:38:34 UTC 2018
Author: bdrewery
Date: Thu Jun 28 03:38:32 2018
New Revision: 473485
URL: https://svnweb.freebsd.org/changeset/ports/473485
Log:
- Fix and update HPN patch to latest from upstream but leave it off by
default.
- Add an 'hpn' FLAVOR to produce a package for users with HPN and
NONECIPHER enabled.
Approved by: portmgr (implicit)
Modified:
head/security/openssh-portable/Makefile
head/security/openssh-portable/files/extra-patch-hpn
head/security/openssh-portable/files/patch-servconf.c
Modified: head/security/openssh-portable/Makefile
==============================================================================
--- head/security/openssh-portable/Makefile Thu Jun 28 03:11:45 2018 (r473484)
+++ head/security/openssh-portable/Makefile Thu Jun 28 03:38:32 2018 (r473485)
@@ -3,7 +3,7 @@
PORTNAME= openssh
DISTVERSION= 7.7p1
-PORTREVISION= 4
+PORTREVISION= 5
PORTEPOCH= 1
CATEGORIES= security ipv6
MASTER_SITES= OPENBSD/OpenSSH/portable
@@ -29,10 +29,18 @@ ETCOLD= ${PREFIX}/etc
BROKEN_SSL= openssl-devel
BROKEN_SSL_REASON_openssl-devel= error: OpenSSL >= 1.1.0 is not yet supported
+FLAVORS= default hpn
+default_CONFLICTS_INSTALL= openssl-portable-hpn-[0-9]*
+hpn_CONFLICTS_INSTALL= openssh-portable-[0-9]*
+hpn_PKGNAMESUFFIX= -portable-hpn
+
OPTIONS_DEFINE= PAM TCP_WRAPPERS LIBEDIT BSM \
HPN X509 KERB_GSSAPI \
LDNS NONECIPHER XMSS
OPTIONS_DEFAULT= LIBEDIT PAM TCP_WRAPPERS LDNS
+.if ${FLAVOR:U} == hpn
+OPTIONS_DEFAULT+= HPN NONECIPHER
+.endif
OPTIONS_RADIO= KERBEROS
OPTIONS_RADIO_KERBEROS= MIT HEIMDAL HEIMDAL_BASE
TCP_WRAPPERS_DESC= tcp_wrappers support
@@ -57,7 +65,6 @@ LDNS_EXTRA_PATCHES= ${FILESDIR}/extra-patch-ldns
LDNS_CFLAGS= -I${LOCALBASE}/include
LDNS_CONFIGURE_ON= --with-ldflags='-L${LOCALBASE}/lib'
-# http://www.psc.edu/index.php/hpn-ssh
HPN_CONFIGURE_WITH= hpn
NONECIPHER_CONFIGURE_WITH= nonecipher
@@ -103,12 +110,12 @@ EXTRA_PATCHES+= ${FILESDIR}/extra-patch-hpn-gss-glue
PATCHFILES+= openssh-7.7p1-gsskex-all-20141021-debian-rh-20171004.patch.gz:-p1:gsskex
.endif
-# http://www.psc.edu/index.php/hpn-ssh https://github.com/rapier1/hpn-ssh https://github.com/rapier1/openssh-portable
+# https://www.psc.edu/hpn-ssh https://github.com/rapier1/openssh-portable/tree/hpn-openssl1.1-7_7_P1
.if ${PORT_OPTIONS:MHPN} || ${PORT_OPTIONS:MNONECIPHER}
-BROKEN= HPN: Not yet updated for ${DISTVERSION} and disabled in base
+#BROKEN= HPN: Not yet updated for ${DISTVERSION} and disabled in base
PORTDOCS+= HPN-README
-HPN_VERSION= 14v5
-HPN_DISTVERSION= 6.7p1
+HPN_VERSION= 14v15
+HPN_DISTVERSION= 7.7p1
#PATCH_SITES+= SOURCEFORGE/hpnssh/HPN-SSH%20${HPN_VERSION}%20${HPN_DISTVERSION}/:hpn
#PATCHFILES+= ${PORTNAME}-${HPN_DISTVERSION}-hpnssh${HPN_VERSION}.diff.gz:-p1:hpn
EXTRA_PATCHES+= ${FILESDIR}/extra-patch-hpn:-p2
Modified: head/security/openssh-portable/files/extra-patch-hpn
==============================================================================
--- head/security/openssh-portable/files/extra-patch-hpn Thu Jun 28 03:11:45 2018 (r473484)
+++ head/security/openssh-portable/files/extra-patch-hpn Thu Jun 28 03:38:32 2018 (r473485)
@@ -131,11 +131,11 @@ diff -urN -x configure -x config.guess -x config.h.in
+ (tasota at gmail.com) an NSF REU grant recipient for 2013.
+ This work was financed, in part, by Cisco System, Inc., the National
+ Library of Medicine, and the National Science Foundation.
---- work.clean/openssh-6.8p1/channels.c 2015-03-17 00:49:20.000000000 -0500
-+++ work/openssh-6.8p1/channels.c 2015-04-03 15:51:59.599537000 -0500
-@@ -183,8 +183,14 @@
- static int connect_next(struct channel_connect *);
- static void channel_connect_ctx_free(struct channel_connect *);
+--- work/openssh-7.7p1/channels.c.orig 2018-04-01 22:38:28.000000000 -0700
++++ work/openssh-7.7p1/channels.c 2018-06-27 16:37:07.663857000 -0700
+@@ -215,6 +215,12 @@ static int rdynamic_connect_finish(struct ssh *, Chann
+ /* Setup helper */
+ static void channel_handler_init(struct ssh_channels *sc);
+
+#ifdef HPN_ENABLED
@@ -145,25 +145,23 @@ diff -urN -x configure -x config.guess -x config.h.in
+
/* -- channel core */
- Channel *
- channel_by_id(int id)
- {
-@@ -333,6 +339,9 @@
+ void
+@@ -391,6 +397,9 @@ channel_new(struct ssh *ssh, char *ctype, int type, in
+ c->local_window = window;
c->local_window_max = window;
- c->local_consumed = 0;
c->local_maxpacket = maxpack;
+#ifdef HPN_ENABLED
+ c->dynamic_window = 0;
+#endif
- c->remote_id = -1;
c->remote_name = xstrdup(remote_name);
- c->remote_window = 0;
-@@ -837,11 +846,41 @@
- FD_SET(c->sock, writeset);
+ c->ctl_chan = -1;
+ c->delayed = 1; /* prevent call to channel_post handler */
+@@ -977,6 +986,30 @@ channel_pre_connecting(struct ssh *ssh, Channel *c,
+ FD_SET(c->sock, writeset);
}
+#ifdef HPN_ENABLED
-+static u_int
++static int
+channel_tcpwinsz(void)
+{
+ u_int32_t tcpwinsz = 0;
@@ -172,56 +170,60 @@ diff -urN -x configure -x config.guess -x config.h.in
+
+ /* if we aren't on a socket return 128KB */
+ if (!packet_connection_is_on_socket())
-+ return (128*1024);
++ return 128 * 1024;
++
+ ret = getsockopt(packet_get_connection_in(),
-+ SOL_SOCKET, SO_RCVBUF, &tcpwinsz, &optsz);
-+ /* return no more than SSHBUF_SIZE_MAX */
-+ if (ret == 0 && tcpwinsz > SSHBUF_SIZE_MAX)
++ SOL_SOCKET, SO_RCVBUF, &tcpwinsz, &optsz);
++ /* return no more than SSHBUF_SIZE_MAX (currently 256MB) */
++ if ((ret == 0) && tcpwinsz > SSHBUF_SIZE_MAX)
+ tcpwinsz = SSHBUF_SIZE_MAX;
-+ debug2("tcpwinsz: %d for connection: %d", tcpwinsz,
-+ packet_get_connection_in());
-+ return (tcpwinsz);
++
++ debug2("tcpwinsz: tcp connection %d, Receive window: %d",
++ packet_get_connection_in(), tcpwinsz);
++ return tcpwinsz;
+}
+#endif
+
static void
- channel_pre_open(Channel *c, fd_set *readset, fd_set *writeset)
- {
- u_int limit = compat20 ? c->remote_window : packet_get_maxsize();
-
-+#ifdef HPN_ENABLED
-+ /* check buffer limits */
-+ if (!c->tcpwinsz || c->dynamic_window > 0)
-+ c->tcpwinsz = channel_tcpwinsz();
-+
-+ limit = MIN(limit, 2 * c->tcpwinsz);
-+#endif
-+
- if (c->istate == CHAN_INPUT_OPEN &&
- limit > 0 &&
- buffer_len(&c->input) < limit &&
-@@ -1846,6 +1885,20 @@
+ channel_pre_open(struct ssh *ssh, Channel *c,
+ fd_set *readset, fd_set *writeset)
+@@ -2074,21 +2107,32 @@ channel_check_window(struct ssh *ssh, Channel *c)
c->local_maxpacket*3) ||
c->local_window < c->local_window_max/2) &&
c->local_consumed > 0) {
++ u_int addition = 0;
+#ifdef HPN_ENABLED
++ u_int32_t tcpwinsz = channel_tcpwinsz();
+ /* adjust max window size if we are in a dynamic environment */
-+ if (c->dynamic_window && (c->tcpwinsz > c->local_window_max)) {
-+ u_int addition = 0;
-+
-+ /*
-+ * grow the window somewhat aggressively to maintain
-+ * pressure
-+ */
-+ addition = 1.5*(c->tcpwinsz - c->local_window_max);
++ if (c->dynamic_window && (tcpwinsz > c->local_window_max)) {
++ /* grow the window somewhat aggressively to maintain pressure */
++ addition = 1.5 * (tcpwinsz - c->local_window_max);
+ c->local_window_max += addition;
-+ c->local_consumed += addition;
++ debug("Channel: Window growth to %d by %d bytes", c->local_window_max, addition);
+ }
+#endif
- packet_start(SSH2_MSG_CHANNEL_WINDOW_ADJUST);
- packet_put_int(c->remote_id);
- packet_put_int(c->local_consumed);
-@@ -2794,6 +2847,17 @@
+ if (!c->have_remote_id)
+ fatal(":%s: channel %d: no remote id",
+ __func__, c->self);
+ if ((r = sshpkt_start(ssh,
+ SSH2_MSG_CHANNEL_WINDOW_ADJUST)) != 0 ||
+ (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 ||
+- (r = sshpkt_put_u32(ssh, c->local_consumed)) != 0 ||
++ (r = sshpkt_put_u32(ssh, c->local_consumed + addition)) != 0 ||
+ (r = sshpkt_send(ssh)) != 0) {
+ fatal("%s: channel %i: %s", __func__,
+ c->self, ssh_err(r));
+ }
+ debug2("channel %d: window %d sent adjust %d",
+ c->self, c->local_window,
+- c->local_consumed);
+- c->local_window += c->local_consumed;
++ c->local_consumed + addition);
++ c->local_window += c->local_consumed + addition;
+ c->local_consumed = 0;
+ }
+ return 1;
+@@ -3258,6 +3302,17 @@ channel_fwd_bind_addr(const char *listen_addr, int *wi
return addr;
}
@@ -237,9 +239,9 @@ diff -urN -x configure -x config.guess -x config.h.in
+#endif
+
static int
- channel_setup_fwd_listener_tcpip(int type, struct Forward *fwd,
- int *allocated_listen_port, struct ForwardOptions *fwd_opts)
-@@ -2918,9 +2982,20 @@
+ channel_setup_fwd_listener_tcpip(struct ssh *ssh, int type,
+ struct Forward *fwd, int *allocated_listen_port,
+@@ -3398,6 +3453,17 @@ channel_setup_fwd_listener_tcpip(struct ssh *ssh, int
}
/* Allocate a channel number for the socket. */
@@ -249,136 +251,111 @@ diff -urN -x configure -x config.guess -x config.h.in
+ * window size.
+ */
+ if (!hpn_disabled)
-+ c = channel_new("port listener", type, sock, sock, -1,
++ c = channel_new(ssh, "port listener", type, sock, sock, -1,
+ hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT,
+ 0, "port listener", 1);
+ else
+#endif
- c = channel_new("port listener", type, sock, sock, -1,
+ c = channel_new(ssh, "port listener", type, sock, sock, -1,
CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
0, "port listener", 1);
- c->path = xstrdup(host);
- c->host_port = fwd->connect_port;
- c->listening_addr = addr == NULL ? NULL : xstrdup(addr);
-@@ -3952,6 +4027,14 @@
+@@ -4457,6 +4523,14 @@ x11_create_display_inet(struct ssh *ssh, int x11_displ
*chanids = xcalloc(num_socks + 1, sizeof(**chanids));
for (n = 0; n < num_socks; n++) {
sock = socks[n];
+#ifdef HPN_ENABLED
+ if (!hpn_disabled)
-+ nc = channel_new("x11 listener",
++ nc = channel_new(ssh, "x11 listener",
+ SSH_CHANNEL_X11_LISTENER, sock, sock, -1,
+ hpn_buffer_size, CHAN_X11_PACKET_DEFAULT,
+ 0, "X11 inet listener", 1);
+ else
+#endif
- nc = channel_new("x11 listener",
+ nc = channel_new(ssh, "x11 listener",
SSH_CHANNEL_X11_LISTENER, sock, sock, -1,
CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
---- work.clean/openssh-6.8p1/channels.h 2015-03-17 00:49:20.000000000 -0500
-+++ work/openssh-6.8p1/channels.h 2015-04-03 13:58:44.472717000 -0500
-@@ -136,6 +136,10 @@
+--- work/openssh-7.7p1/channels.h.orig 2018-04-01 22:38:28.000000000 -0700
++++ work/openssh-7.7p1/channels.h 2018-06-27 16:38:40.766588000 -0700
+@@ -143,6 +143,9 @@ struct Channel {
u_int local_maxpacket;
int extended_usage;
int single_connection;
+#ifdef HPN_ENABLED
+ int dynamic_window;
-+ u_int tcpwinsz;
+#endif
char *ctype; /* type */
-@@ -311,4 +315,9 @@
- void chan_write_failed(Channel *);
- void chan_obuf_empty(Channel *);
-
+@@ -335,5 +338,10 @@ void chan_ibuf_empty(struct ssh *, Channel *);
+ void chan_rcvd_ieof(struct ssh *, Channel *);
+ void chan_write_failed(struct ssh *, Channel *);
+ void chan_obuf_empty(struct ssh *, Channel *);
++
+#ifdef HPN_ENABLED
+/* hpn handler */
+void channel_set_hpn(int, int);
+#endif
-+
+
#endif
---- work.clean/openssh-6.8p1/cipher.c 2015-03-17 00:49:20.000000000 -0500
-+++ work/openssh-6.8p1/cipher.c 2015-04-03 16:22:04.972592000 -0500
-@@ -273,7 +273,13 @@ ciphers_valid(const char *names)
+--- work/openssh-7.7p1/cipher.c.orig 2018-04-01 22:38:28.000000000 -0700
++++ work/openssh-7.7p1/cipher.c 2018-06-27 16:55:43.165788000 -0700
+@@ -212,7 +212,12 @@ ciphers_valid(const char *names)
for ((p = strsep(&cp, CIPHER_SEP)); p && *p != '\0';
(p = strsep(&cp, CIPHER_SEP))) {
c = cipher_by_name(p);
-- if (c == NULL || c->number != SSH_CIPHER_SSH2) {
-+ if (c == NULL || (c->number != SSH_CIPHER_SSH2 &&
+#ifdef NONE_CIPHER_ENABLED
-+ c->number != SSH_CIPHER_NONE
++ if (c == NULL || ((c->flags & CFLAG_INTERNAL) != 0 &&
++ (c->flags & CFLAG_NONE) != 0)) {
+#else
-+ 1
+ if (c == NULL || (c->flags & CFLAG_INTERNAL) != 0) {
+#endif
-+ )) {
free(cipher_list);
return 0;
}
-@@ -605,6 +611,9 @@ cipher_get_keyiv(struct sshcipher_ctx *c
-
- switch (c->number) {
- #ifdef WITH_OPENSSL
-+#ifdef NONE_CIPHER_ENABLED
-+ case SSH_CIPHER_NONE:
-+#endif
- case SSH_CIPHER_SSH2:
- case SSH_CIPHER_DES:
- case SSH_CIPHER_BLOWFISH:
-@@ -653,6 +662,9 @@ cipher_set_keyiv(struct sshcipher_ctx *c
-
- switch (c->number) {
- #ifdef WITH_OPENSSL
-+#ifdef NONE_CIPHER_ENABLED
-+ case SSH_CIPHER_NONE:
-+#endif
- case SSH_CIPHER_SSH2:
- case SSH_CIPHER_DES:
- case SSH_CIPHER_BLOWFISH:
---- work.clean/openssh-6.8p1/clientloop.c 2015-03-17 00:49:20.000000000 -0500
-+++ work/openssh-6.8p1/clientloop.c 2015-04-03 17:29:40.618489000 -0500
-@@ -1909,6 +1909,15 @@
- sock = x11_connect_display();
+--- work/openssh-7.7p1/clientloop.c.orig 2018-04-01 22:38:28.000000000 -0700
++++ work/openssh-7.7p1/clientloop.c 2018-06-27 16:40:24.560906000 -0700
+@@ -1549,6 +1549,15 @@ client_request_x11(struct ssh *ssh, const char *reques
+ sock = x11_connect_display(ssh);
if (sock < 0)
return NULL;
+#ifdef HPN_ENABLED
+ /* again is this really necessary for X11? */
+ if (!options.hpn_disabled)
-+ c = channel_new("x11",
++ c = channel_new(ssh, "x11",
+ SSH_CHANNEL_X11_OPEN, sock, sock, -1,
+ options.hpn_buffer_size,
+ CHAN_X11_PACKET_DEFAULT, 0, "x11", 1);
+ else
+#endif
- c = channel_new("x11",
+ c = channel_new(ssh, "x11",
SSH_CHANNEL_X11_OPEN, sock, sock, -1,
CHAN_TCP_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, 0, "x11", 1);
-@@ -1934,6 +1943,14 @@
+@@ -1574,6 +1583,14 @@ client_request_agent(struct ssh *ssh, const char *requ
__func__, ssh_err(r));
return NULL;
}
+#ifdef HPN_ENABLED
+ if (!options.hpn_disabled)
-+ c = channel_new("authentication agent connection",
++ c = channel_new(ssh, "authentication agent connection",
+ SSH_CHANNEL_OPEN, sock, sock, -1,
+ options.hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT, 0,
+ "authentication agent connection", 1);
+ else
+#endif
- c = channel_new("authentication agent connection",
+ c = channel_new(ssh, "authentication agent connection",
SSH_CHANNEL_OPEN, sock, sock, -1,
CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0,
-@@ -1964,6 +1981,12 @@
- return -1;
+@@ -1602,6 +1619,12 @@ client_request_tun_fwd(struct ssh *ssh, int tun_mode,
}
+ debug("Tunnel forwarding using interface %s", ifname);
+#ifdef HPN_ENABLED
+ if (!options.hpn_disabled)
-+ c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1,
++ c = channel_new(ssh, "tun", SSH_CHANNEL_OPENING, fd, fd, -1,
+ options.hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
+ else
+#endif
- c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1,
+ c = channel_new(ssh, "tun", SSH_CHANNEL_OPENING, fd, fd, -1,
CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
c->datagram = 1;
--- work.clean/openssh-6.8p1/compat.c 2015-03-17 00:49:20.000000000 -0500
@@ -470,9 +447,9 @@ diff -urN -x configure -x config.guess -x config.h.in
debug("kex: %s cipher: %s MAC: %s compression: %s",
ctos ? "client->server" : "server->client",
newkeys->enc.name,
---- work.clean/openssh-7.2p1/packet.c.orig 2016-02-25 19:40:04.000000000 -0800
-+++ work.clean/openssh-7.2p1/packet.c 2016-02-29 08:05:15.744201000 -0800
-@@ -1037,6 +1037,24 @@ ssh_set_newkeys(struct ssh *ssh, int mod
+--- work/openssh-7.7p1/packet.c.orig 2018-04-01 22:38:28.000000000 -0700
++++ work/openssh-7.7p1/packet.c 2018-06-27 16:42:42.739507000 -0700
+@@ -926,6 +926,24 @@ ssh_set_newkeys(struct ssh *ssh, int mode)
return 0;
}
@@ -497,11 +474,13 @@ diff -urN -x configure -x config.guess -x config.h.in
#define MAX_PACKETS (1U<<31)
static int
ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
-@@ -1055,6 +1073,12 @@ ssh_packet_need_rekeying(struct ssh *ssh
+@@ -944,6 +962,14 @@ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbou
/* Peer can't rekey */
if (ssh->compat & SSH_BUG_NOREKEY)
return 0;
+#ifdef NONE_CIPHER_ENABLED
++ /* used to force rekeying when called for by the none
++ * cipher switch methods -cjr */
+ if (rekey_requested == 1) {
+ rekey_requested = 0;
+ return 1;
@@ -524,11 +503,21 @@ diff -urN -x configure -x config.guess -x config.h.in
/* OLD API */
extern struct ssh *active_state;
#include "opacket.h"
---- work/openssh-6.9p1/readconf.c.orig 2015-07-27 13:32:13.169218000 -0500
-+++ work/openssh-6.9p1/readconf.c 2015-07-27 13:33:00.429332000 -0500
-@@ -153,6 +153,12 @@ typedef enum {
- oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
- oVisualHostKey, oUseRoaming,
+--- work/openssh-7.7p1/readconf.c.orig 2018-04-01 22:38:28.000000000 -0700
++++ work/openssh-7.7p1/readconf.c 2018-06-27 16:58:41.109275000 -0700
+@@ -66,6 +66,9 @@
+ #include "uidswap.h"
+ #include "myproposal.h"
+ #include "digest.h"
++#ifdef HPN_ENABLED
++#include "sshbuf.h"
++#endif
+
+ /* Format of the configuration file:
+
+@@ -167,6 +170,12 @@ typedef enum {
+ oLocalCommand, oPermitLocalCommand, oRemoteCommand,
+ oVisualHostKey,
oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass,
+#ifdef HPN_ENABLED
+ oHPNDisabled, oHPNBufferSize, oTcpRcvBufPoll, oTcpRcvBuf,
@@ -539,7 +528,7 @@ diff -urN -x configure -x config.guess -x config.h.in
oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots,
oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs,
oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys,
-@@ -277,6 +283,16 @@ static struct {
+@@ -304,6 +313,16 @@ static struct {
{ "updatehostkeys", oUpdateHostkeys },
{ "hostbasedkeytypes", oHostbasedKeyTypes },
{ "pubkeyacceptedkeytypes", oPubkeyAcceptedKeyTypes },
@@ -554,9 +543,9 @@ diff -urN -x configure -x config.guess -x config.h.in
+ { "hpnbuffersize", oHPNBufferSize },
+#endif
{ "ignoreunknown", oIgnoreUnknown },
+ { "proxyjump", oProxyJump },
- { NULL, oBadOption }
-@@ -906,6 +922,44 @@ parse_time:
+@@ -962,6 +981,44 @@ parse_time:
intptr = &options->check_host_ip;
goto parse_flag;
@@ -601,7 +590,7 @@ diff -urN -x configure -x config.guess -x config.h.in
case oVerifyHostKeyDNS:
intptr = &options->verify_host_key_dns;
multistate_ptr = multistate_yesnoask;
-@@ -1665,6 +1719,16 @@ initialize_options(Options * options)
+@@ -1833,6 +1890,16 @@ initialize_options(Options * options)
options->ip_qos_interactive = -1;
options->ip_qos_bulk = -1;
options->request_tty = -1;
@@ -618,7 +607,7 @@ diff -urN -x configure -x config.guess -x config.h.in
options->proxy_use_fdpass = -1;
options->ignored_unknown = NULL;
options->num_canonical_domains = 0;
-@@ -1826,6 +1890,35 @@ fill_default_options(Options * options)
+@@ -1979,6 +2046,34 @@ fill_default_options(Options * options)
options->server_alive_interval = 0;
if (options->server_alive_count_max == -1)
options->server_alive_count_max = 3;
@@ -635,11 +624,10 @@ diff -urN -x configure -x config.guess -x config.h.in
+ /* if a user tries to set the size to 0 set it to 1KB */
+ if (options->hpn_buffer_size == 0)
+ options->hpn_buffer_size = 1;
-+ /* limit the buffer to 64MB */
-+ if (options->hpn_buffer_size > 64*1024) {
-+ options->hpn_buffer_size = 64*1024*1024;
-+ debug("User requested buffer larger than 64MB. Request"
-+ " reverted to 64MB");
++ /* limit the buffer to SSHBUF_SIZE_MAX (currently 256MB) */
++ if (options->hpn_buffer_size > (SSHBUF_SIZE_MAX / 1024)) {
++ options->hpn_buffer_size = SSHBUF_SIZE_MAX;
++ debug("User requested buffer larger than 256MB. Request reverted to 256MB");
+ } else
+ options->hpn_buffer_size *= 1024;
+ debug("hpn_buffer_size set to %d", options->hpn_buffer_size);
@@ -693,9 +681,19 @@ diff -urN -x configure -x config.guess -x config.h.in
struct timeval tv[2];
#define atime tv[0]
---- work/openssh/servconf.c.orig 2015-05-29 03:27:21.000000000 -0500
-+++ work/openssh/servconf.c 2015-06-02 09:56:36.041601000 -0500
-@@ -159,6 +159,14 @@ initialize_server_options(ServerOptions
+--- work/openssh-7.7p1/servconf.c.orig 2018-04-01 22:38:28.000000000 -0700
++++ work/openssh-7.7p1/servconf.c 2018-06-27 17:01:05.276677000 -0700
+@@ -63,6 +63,9 @@
+ #include "auth.h"
+ #include "myproposal.h"
+ #include "digest.h"
++#ifdef HPN_ENABLED
++#include "sshbuf.h"
++#endif
+
+ static void add_listen_addr(ServerOptions *, const char *,
+ const char *, int);
+@@ -169,6 +172,14 @@ initialize_server_options(ServerOptions *options)
options->authorized_principals_file = NULL;
options->authorized_principals_command = NULL;
options->authorized_principals_command_user = NULL;
@@ -710,7 +708,7 @@ diff -urN -x configure -x config.guess -x config.h.in
options->ip_qos_interactive = -1;
options->ip_qos_bulk = -1;
options->version_addendum = NULL;
-@@ -319,6 +327,57 @@ fill_default_server_options(ServerOption
+@@ -371,6 +382,57 @@ fill_default_server_options(ServerOptions *options)
}
if (options->permit_tun == -1)
options->permit_tun = SSH_TUNMODE_NO;
@@ -754,9 +752,9 @@ diff -urN -x configure -x config.guess -x config.h.in
+ if (options->hpn_disabled <= 0) {
+ if (options->hpn_buffer_size == 0)
+ options->hpn_buffer_size = 1;
-+ /* limit the maximum buffer to 64MB */
-+ if (options->hpn_buffer_size > 64*1024) {
-+ options->hpn_buffer_size = 64*1024*1024;
++ /* limit the maximum buffer to SSHBUF_SIZE_MAX (currently 256MB) */
++ if (options->hpn_buffer_size > (SSHBUF_SIZE_MAX / 1024)) {
++ options->hpn_buffer_size = SSHBUF_SIZE_MAX;
+ } else {
+ options->hpn_buffer_size *= 1024;
+ }
@@ -768,7 +766,7 @@ diff -urN -x configure -x config.guess -x config.h.in
if (options->ip_qos_interactive == -1)
options->ip_qos_interactive = IPTOS_LOWDELAY;
if (options->ip_qos_bulk == -1)
-@@ -412,6 +471,12 @@ typedef enum {
+@@ -466,6 +528,12 @@ typedef enum {
sUsePrivilegeSeparation, sAllowAgentForwarding,
sHostCertificate,
sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
@@ -781,7 +779,7 @@ diff -urN -x configure -x config.guess -x config.h.in
sAuthorizedPrincipalsCommand, sAuthorizedPrincipalsCommandUser,
sKexAlgorithms, sIPQoS, sVersionAddendum,
sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
-@@ -548,6 +613,14 @@ static struct {
+@@ -603,6 +671,14 @@ static struct {
{ "revokedkeys", sRevokedKeys, SSHCFG_ALL },
{ "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
{ "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },
@@ -796,10 +794,11 @@ diff -urN -x configure -x config.guess -x config.h.in
{ "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL },
{ "ipqos", sIPQoS, SSHCFG_ALL },
{ "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL },
-@@ -1153,6 +1226,25 @@ process_server_config_line(ServerOptions
+@@ -1351,6 +1427,25 @@ process_server_config_line(ServerOptions *options, cha
+ case sIgnoreUserKnownHosts:
intptr = &options->ignore_user_known_hosts;
goto parse_flag;
-
++
+#ifdef NONE_CIPHER_ENABLED
+ case sNoneEnabled:
+ intptr = &options->none_enabled;
@@ -818,10 +817,9 @@ diff -urN -x configure -x config.guess -x config.h.in
+ intptr = &options->hpn_buffer_size;
+ goto parse_int;
+#endif
-+
+
case sHostbasedAuthentication:
intptr = &options->hostbased_authentication;
- goto parse_flag;
--- work.clean/openssh-6.8p1/servconf.h 2015-03-17 00:49:20.000000000 -0500
+++ work/openssh-6.8p1/servconf.h 2015-04-03 13:48:37.316827000 -0500
@@ -169,6 +169,15 @@
@@ -840,23 +838,23 @@ diff -urN -x configure -x config.guess -x config.h.in
int permit_tun;
int num_permitted_opens;
---- work.clean/openssh-6.8p1/serverloop.c 2015-03-17 00:49:20.000000000 -0500
-+++ work/openssh-6.8p1/serverloop.c 2015-04-03 17:14:15.182548000 -0500
-@@ -526,6 +526,12 @@ server_request_tun(void)
- sock = tun_open(tun, mode);
- if (sock < 0)
+--- work/openssh-7.7p1/serverloop.c.orig 2018-04-01 22:38:28.000000000 -0700
++++ work/openssh-7.7p1/serverloop.c 2018-06-27 16:53:02.246871000 -0700
+@@ -550,6 +550,12 @@ server_request_tun(struct ssh *ssh)
goto done;
+ debug("Tunnel forwarding using interface %s", ifname);
+
+#ifdef HPN_ENABLED
+ if (!options.hpn_disabled)
-+ c = channel_new("tun", SSH_CHANNEL_OPEN, sock, sock, -1,
++ c = channel_new(ssh, "tun", SSH_CHANNEL_OPEN, sock, sock, -1,
+ options.hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
+ else
+#endif
- c = channel_new("tun", SSH_CHANNEL_OPEN, sock, sock, -1,
+ c = channel_new(ssh, "tun", SSH_CHANNEL_OPEN, sock, sock, -1,
CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
c->datagram = 1;
-@@ -563,6 +569,10 @@ server_request_session(void)
- c = channel_new("session", SSH_CHANNEL_LARVAL,
+@@ -600,6 +606,10 @@ server_request_session(struct ssh *ssh)
+ c = channel_new(ssh, "session", SSH_CHANNEL_LARVAL,
-1, -1, -1, /*window size*/0, CHAN_SES_PACKET_DEFAULT,
0, "server-session", 1);
+#ifdef HPN_ENABLED
@@ -865,22 +863,22 @@ diff -urN -x configure -x config.guess -x config.h.in
+#endif
if (session_open(the_authctxt, c->self) != 1) {
debug("session open failed, free channel %d", c->self);
- channel_free(c);
---- work.clean/openssh-6.8p1/session.c 2015-04-01 22:07:18.149110000 -0500
-+++ work/openssh-6.8p1/session.c 2015-04-03 17:09:02.984097000 -0500
-@@ -2340,6 +2340,14 @@
+ channel_free(ssh, c);
+--- work/openssh-7.7p1/session.c.orig 2018-04-01 22:38:28.000000000 -0700
++++ work/openssh-7.7p1/session.c 2018-06-27 17:01:40.730347000 -0700
+@@ -2116,6 +2116,14 @@ session_set_fds(struct ssh *ssh, Session *s,
*/
if (s->chanid == -1)
fatal("no channel for session %d", s->self);
+#ifdef HPN_ENABLED
+ if (!options.hpn_disabled)
-+ channel_set_fds(s->chanid,
++ channel_set_fds(ssh, s->chanid,
+ fdout, fdin, fderr,
+ ignore_fderr ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ,
+ 1, is_tty, options.hpn_buffer_size);
+ else
+#endif
- channel_set_fds(s->chanid,
+ channel_set_fds(ssh, s->chanid,
fdout, fdin, fderr,
ignore_fderr ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ,
--- work.clean/openssh-6.8p1/sftp.1 2015-03-17 00:49:20.000000000 -0500
@@ -909,9 +907,9 @@ diff -urN -x configure -x config.guess -x config.h.in
/* File to read commands from */
FILE* infile;
---- work.clean/openssh-6.8p1/ssh.c 2015-04-01 22:07:18.166356000 -0500
-+++ work/openssh-6.8p1/ssh.c 2015-04-03 17:16:34.114673000 -0500
-@@ -885,6 +885,14 @@
+--- work/openssh-7.7p1/ssh.c.orig 2018-04-01 22:38:28.000000000 -0700
++++ work/openssh-7.7p1/ssh.c 2018-06-27 17:05:30.011979000 -0700
+@@ -954,6 +954,14 @@ main(int ac, char **av)
break;
case 'T':
options.request_tty = REQUEST_TTY_NO;
@@ -926,80 +924,91 @@ diff -urN -x configure -x config.guess -x config.h.in
break;
case 'o':
line = xstrdup(optarg);
-@@ -1848,9 +1856,85 @@
- if (!isatty(err))
- set_nonblock(err);
+@@ -1833,6 +1841,78 @@ ssh_session2_setup(struct ssh *ssh, int id, int succes
+ NULL, fileno(stdin), &command, environ);
+ }
-+#ifdef HPN_ENABLED
++static void
++hpn_options_init(void)
++{
+ /*
-+ * we need to check to see if what they want to do about buffer
++ * We need to check to see if what they want to do about buffer
+ * sizes here. In a hpn to nonhpn connection we want to limit
+ * the window size to something reasonable in case the far side
+ * has the large window bug. In hpn to hpn connection we want to
+ * use the max window size but allow the user to override it
-+ * lastly if they disabled hpn then use the ssh std window size
-+
-+ * so why don't we just do a getsockopt() here and set the
++ * lastly if they disabled hpn then use the ssh std window size.
++ *
++ * So why don't we just do a getsockopt() here and set the
+ * ssh window to that? In the case of a autotuning receive
+ * window the window would get stuck at the initial buffer
+ * size generally less than 96k. Therefore we need to set the
+ * maximum ssh window size to the maximum hpn buffer size
+ * unless the user has specifically set the tcprcvbufpoll
+ * to no. In which case we *can* just set the window to the
-+ * minimum of the hpn buffer size and tcp receive buffer size
++ * minimum of the hpn buffer size and tcp receive buffer size.
+ */
+
+ if (tty_flag)
+ options.hpn_buffer_size = CHAN_SES_WINDOW_DEFAULT;
+ else
-+ options.hpn_buffer_size = 2*1024*1024;
++ options.hpn_buffer_size = 2 * 1024 * 1024;
+
+ if (datafellows & SSH_BUG_LARGEWINDOW) {
+ debug("HPN to Non-HPN Connection");
+ } else {
+ int sock, socksize;
-+ socklen_t socksizelen = sizeof(socksize);
-+
++ socklen_t socksizelen;
+ if (options.tcp_rcv_buf_poll <= 0) {
+ sock = socket(AF_INET, SOCK_STREAM, 0);
++ socksizelen = sizeof(socksize);
+ getsockopt(sock, SOL_SOCKET, SO_RCVBUF,
-+ &socksize, &socksizelen);
++ &socksize, &socksizelen);
+ close(sock);
+ debug("socksize %d", socksize);
+ options.hpn_buffer_size = socksize;
-+ debug ("HPNBufferSize set to TCP RWIN: %d",
-+ options.hpn_buffer_size);
++ debug("HPNBufferSize set to TCP RWIN: %d", options.hpn_buffer_size);
+ } else {
+ if (options.tcp_rcv_buf > 0) {
+ /*
-+ * create a socket but don't connect it.
++ * Create a socket but don't connect it:
+ * we use that the get the rcv socket size
+ */
+ sock = socket(AF_INET, SOCK_STREAM, 0);
+ /*
-+ * if they are using the tcp_rcv_buf option
-+ * attempt to set the buffer size to that
++ * If they are using the tcp_rcv_buf option,
++ * attempt to set the buffer size to that.
+ */
-+ if (options.tcp_rcv_buf)
++ if (options.tcp_rcv_buf) {
++ socksizelen = sizeof(options.tcp_rcv_buf);
+ setsockopt(sock, SOL_SOCKET, SO_RCVBUF,
-+ (void *)&options.tcp_rcv_buf,
-+ sizeof(options.tcp_rcv_buf));
++ &options.tcp_rcv_buf, socksizelen);
++ }
++ socksizelen = sizeof(socksize);
+ getsockopt(sock, SOL_SOCKET, SO_RCVBUF,
-+ &socksize, &socksizelen);
++ &socksize, &socksizelen);
+ close(sock);
+ debug("socksize %d", socksize);
+ options.hpn_buffer_size = socksize;
-+ debug ("HPNBufferSize set to user TCPRcvBuf: "
-+ "%d", options.hpn_buffer_size);
++ debug("HPNBufferSize set to user TCPRcvBuf: %d", options.hpn_buffer_size);
+ }
+ }
+ }
+
+ debug("Final hpn_buffer_size = %d", options.hpn_buffer_size);
+
-+ window = options.hpn_buffer_size;
-+
+ channel_set_hpn(options.hpn_disabled, options.hpn_buffer_size);
++}
++
+ /* open new channel for a session */
+ static int
+ ssh_session2_open(struct ssh *ssh)
+@@ -1859,9 +1939,17 @@ ssh_session2_open(struct ssh *ssh)
+ if (!isatty(err))
+ set_nonblock(err);
+
++#ifdef HPN_ENABLED
++ window = options.hpn_buffer_size;
+#else
window = CHAN_SES_WINDOW_DEFAULT;
+#endif
@@ -1012,7 +1021,7 @@ diff -urN -x configure -x config.guess -x config.h.in
window >>= 1;
packetmax >>= 1;
}
-@@ -1859,6 +1943,12 @@
+@@ -1870,6 +1958,12 @@ ssh_session2_open(struct ssh *ssh)
window, packetmax, CHAN_EXTENDED_WRITE,
"client-session", /*nonblock*/0);
@@ -1022,17 +1031,47 @@ diff -urN -x configure -x config.guess -x config.h.in
+ debug ("Enabled Dynamic Window Scaling");
+ }
+#endif
- debug3("ssh_session2_open: channel_new: %d", c->self);
+ debug3("%s: channel_new: %d", __func__, c->self);
- channel_send_open(c->self);
---- work.clean/openssh-6.8p1/sshconnect.c 2015-03-17 00:49:20.000000000 -0500
-+++ work/openssh-6.8p1/sshconnect.c 2015-04-03 16:32:38.204744000 -0500
-@@ -266,6 +266,31 @@
- kill(proxy_command_pid, SIGHUP);
+ channel_send_open(ssh, c->self);
+@@ -1885,6 +1979,15 @@ ssh_session2(struct ssh *ssh, struct passwd *pw)
+ {
+ int devnull, id = -1;
+ char *cp, *tun_fwd_ifname = NULL;
++
++#ifdef HPN_ENABLED
++ /*
++ * We need to initialize this early because the forwarding logic below
++ * might open channels that use the hpn buffer sizes. We can't send a
++ * window of -1 (the default) to the server as it breaks things.
++ */
++ hpn_options_init();
++#endif
+
+ /* XXX should be pre-session */
+ if (!options.control_persist)
+--- work/openssh-7.7p1/sshbuf.h.orig 2018-06-27 16:11:24.503058000 -0700
++++ work/openssh-7.7p1/sshbuf.h 2018-06-27 16:12:01.359375000 -0700
+@@ -28,7 +28,11 @@
+ # endif /* OPENSSL_HAS_ECC */
+ #endif /* WITH_OPENSSL */
+
++#ifdef HPN_ENABLED
++#define SSHBUF_SIZE_MAX 0xF000000 /* Hard maximum size 256MB */
++#else
+ #define SSHBUF_SIZE_MAX 0x8000000 /* Hard maximum size */
++#endif
+ #define SSHBUF_REFS_MAX 0x100000 /* Max child buffers */
+ #define SSHBUF_MAX_BIGNUM (16384 / 8) /* Max bignum *bytes* */
+ #define SSHBUF_MAX_ECPOINT ((528 * 2 / 8) + 1) /* Max EC point *bytes* */
+--- work/openssh-7.7p1/sshconnect.c.orig 2018-04-01 22:38:28.000000000 -0700
++++ work/openssh-7.7p1/sshconnect.c 2018-06-26 15:55:19.103812000 -0700
+@@ -337,7 +337,32 @@ check_ifaddrs(const char *ifname, int af, const struct
}
+ #endif
+#ifdef HPN_ENABLED
-+/*
+ /*
+ * Set TCP receive buffer if requested.
+ * Note: tuning needs to happen after the socket is
+ * created but before the connection happens
@@ -1056,10 +1095,11 @@ diff -urN -x configure -x config.guess -x config.h.in
+}
+#endif
+
- /*
++/*
* Creates a (possibly privileged) socket for use as the ssh connection.
*/
-@@ -282,6 +307,11 @@
+ static int
+@@ -359,6 +384,11 @@ ssh_create_socket(int privileged, struct addrinfo *ai)
}
fcntl(sock, F_SETFD, FD_CLOEXEC);
@@ -1069,54 +1109,42 @@ diff -urN -x configure -x config.guess -x config.h.in
+#endif
+
/* Bind the socket to an alternative local IP address */
- if (options.bind_address == NULL && !privileged)
- return sock;
-@@ -523,11 +553,23 @@ send_client_banner(int connection_out, i
+ if (options.bind_address == NULL && options.bind_interface == NULL &&
+ !privileged)
+@@ -637,8 +667,14 @@ static void
+ send_client_banner(int connection_out, int minor1)
{
/* Send our own protocol version identification. */
- if (compat20) {
-- xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n",
-- PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION);
-+ xasprintf(&client_version_string, "SSH-%d.%d-%.100s%s\r\n",
-+ PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION,
+- xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n",
+- PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION);
++ xasprintf(&client_version_string, "SSH-%d.%d-%.100s%s\r\n",
++ PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION,
+#ifdef HPN_ENABLED
-+ options.hpn_disabled ? "" : SSH_HPN
++ options.hpn_disabled ? "" : SSH_HPN
+#else
-+ ""
++ ""
+#endif
-+ );
- } else {
-- xasprintf(&client_version_string, "SSH-%d.%d-%.100s\n",
-- PROTOCOL_MAJOR_1, minor1, SSH_VERSION);
-+ xasprintf(&client_version_string, "SSH-%d.%d-%.100s%s\n",
-+ PROTOCOL_MAJOR_1, minor1, SSH_VERSION,
-+#ifdef HPN_ENABLED
-+ options.hpn_disabled ? "" : SSH_HPN
-+#else
-+ ""
-+#endif
-+ );
- }
- if (roaming_atomicio(vwrite, connection_out, client_version_string,
++ );
+ if (atomicio(vwrite, connection_out, client_version_string,
strlen(client_version_string)) != strlen(client_version_string))
---- work.clean/openssh-7.2p1/sshconnect2.c.orig 2016-02-25 19:40:04.000000000 -0800
-+++ work.clean/openssh-7.2p1/sshconnect2.c 2016-02-29 08:06:31.134954000 -0800
-@@ -81,6 +81,14 @@
+ fatal("write: %.100s", strerror(errno));
+--- work/openssh-7.7p1/sshconnect2.c.orig 2018-04-01 22:38:28.000000000 -0700
++++ work/openssh-7.7p1/sshconnect2.c 2018-06-27 17:11:17.543893000 -0700
+@@ -81,7 +81,13 @@
extern char *client_version_string;
extern char *server_version_string;
extern Options options;
+#ifdef NONE_CIPHER_ENABLED
-+struct kex *xxx_kex;
-+
+/* tty_flag is set in ssh.c. use this in ssh_userauth2 */
+/* if it is set then prevent the switch to the null cipher */
-+
+
+extern int tty_flag;
+#endif
-
++
/*
* SSH2 key exchange
-@@ -154,14 +162,17 @@ order_hostkeyalgs(char *host, struct soc
+ */
+@@ -154,14 +160,17 @@ order_hostkeyalgs(char *host, struct sockaddr *hostadd
return ret;
}
@@ -1135,18 +1163,8 @@ diff -urN -x configure -x config.guess -x config.h.in
xxx_host = host;
xxx_hostaddr = hostaddr;
-@@ -235,6 +246,9 @@ ssh_kex2(char *host, struct sockaddr *ho
- packet_send();
- packet_write_wait();
- #endif
-+#ifdef NONE_CIPHER_ENABLED
-+ xxx_kex = kex;
-+#endif
- }
+@@ -409,6 +418,30 @@ ssh_userauth2(const char *local_user, const char *serv
- /*
-@@ -407,6 +421,29 @@ ssh_userauth2(const char *local_user, co
-
if (!authctxt.success)
fatal("Authentication failed.");
+#ifdef NONE_CIPHER_ENABLED
@@ -1159,9 +1177,10 @@ diff -urN -x configure -x config.guess -x config.h.in
+ if ((options.none_switch == 1) && (options.none_enabled == 1)) {
+ if (!tty_flag) { /* no null on tty sessions */
+ debug("Requesting none rekeying...");
++ memcpy(&myproposal, &myproposal_default, sizeof(myproposal));
+ myproposal[PROPOSAL_ENC_ALGS_STOC] = "none";
+ myproposal[PROPOSAL_ENC_ALGS_CTOS] = "none";
-+ kex_prop2buf(xxx_kex->my, myproposal);
++ kex_prop2buf(active_state->kex->my, myproposal);
+ packet_request_rekeying();
+ fprintf(stderr, "WARNING: ENABLED NONE CIPHER\n");
+ } else {
@@ -1175,9 +1194,9 @@ diff -urN -x configure -x config.guess -x config.h.in
debug("Authentication succeeded (%s).", authctxt.method->name);
}
---- work.clean/openssh-7.1p1/sshd.c.orig 2015-08-20 21:49:03.000000000 -0700
-+++ work.clean/openssh-7.1p1/sshd.c 2015-11-11 12:45:48.202186000 -0800
-@@ -373,8 +373,13 @@ sshd_exchange_identification(struct ssh
+--- work/openssh-7.7p1/sshd.c.orig 2018-04-01 22:38:28.000000000 -0700
++++ work/openssh-7.7p1/sshd.c 2018-06-27 17:13:03.176633000 -0700
+@@ -372,8 +372,13 @@ sshd_exchange_identification(struct ssh *ssh, int sock
char buf[256]; /* Must not be larger than remote_version. */
char remote_version[256]; /* Must be at least as big as buf. */
@@ -1192,8 +1211,8 @@ diff -urN -x configure -x config.guess -x config.h.in
*options.version_addendum == '\0' ? "" : " ",
options.version_addendum);
-@@ -1027,6 +1032,10 @@ server_listen(void)
- int ret, listen_sock, on = 1;
+@@ -1025,6 +1030,10 @@ listen_on_addrs(struct listenaddr *la)
+ int ret, listen_sock;
struct addrinfo *ai;
char ntop[NI_MAXHOST], strport[NI_MAXSERV];
+#ifdef HPN_ENABLED
@@ -1201,9 +1220,9 @@ diff -urN -x configure -x config.guess -x config.h.in
+ socklen_t socksizelen = sizeof(socksize);
+#endif
- for (ai = options.listen_addrs; ai; ai = ai->ai_next) {
+ for (ai = la->addrs; ai; ai = ai->ai_next) {
if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
-@@ -1072,6 +1081,13 @@ server_listen(void)
+@@ -1070,6 +1079,13 @@ listen_on_addrs(struct listenaddr *la)
debug("Bind to port %s on %s.", strport, ntop);
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-ports-all
mailing list