diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2015-07-15 07:34:48 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2015-07-15 07:34:48 +0000 |
commit | faffde9ccccbd0e68c6dcaccfe4aa7476fd5fbf7 (patch) | |
tree | d5a466ad61495d6905180e5c131f0f38a2425c69 /main | |
parent | 4c6cc479563c5e0230cd1c959387d58246af9d7d (diff) | |
download | aports-faffde9ccccbd0e68c6dcaccfe4aa7476fd5fbf7.tar.bz2 aports-faffde9ccccbd0e68c6dcaccfe4aa7476fd5fbf7.tar.xz |
main/openssh: upgrade to 6.9_p1
Diffstat (limited to 'main')
-rw-r--r-- | main/openssh/APKBUILD | 18 | ||||
-rw-r--r-- | main/openssh/openssh6.9-dynwindows.diff (renamed from main/openssh/openssh6.8-dynwindows.diff) | 255 |
2 files changed, 159 insertions, 114 deletions
diff --git a/main/openssh/APKBUILD b/main/openssh/APKBUILD index e1b8291f92..21cc81c422 100644 --- a/main/openssh/APKBUILD +++ b/main/openssh/APKBUILD @@ -1,8 +1,8 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=openssh -pkgver=6.8_p1 +pkgver=6.9_p1 _myver=${pkgver%_*}${pkgver#*_} -pkgrel=2 +pkgrel=0 pkgdesc="Port of OpenBSD's free SSH release" url="http://www.openssh.org/portable.html" arch="all" @@ -13,7 +13,7 @@ makedepends="openssl-dev zlib-dev" subpackages="$pkgname-doc $pkgname-client $pkgname-keysign" source="ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/$pkgname-$_myver.tar.gz openssh6.5-peaktput.diff - openssh6.8-dynwindows.diff + openssh6.9-dynwindows.diff openssh-fix-utmp.diff sshd.initd sshd.confd @@ -106,23 +106,23 @@ keysign() { "$subpkgdir"/usr/lib/ssh/ || return 1 } -md5sums="08f72de6751acfbd0892b5f003922701 openssh-6.8p1.tar.gz +md5sums="0b161c44fc31fbc6b76a6f8ae639f16f openssh-6.9p1.tar.gz cd52fe99cb4b7d0d847bf5d710d93564 openssh6.5-peaktput.diff -c6e29d7d88529a66d857657753f39694 openssh6.8-dynwindows.diff +3880d0b657ed1c58f8747c17e6be4483 openssh6.9-dynwindows.diff 37fbfe9cfb9a5e2454382ea8c79ed2e1 openssh-fix-utmp.diff e3fd4d42e2664b6c37f0c636f5e7a5d8 sshd.initd b35e9f3829f4cfca07168fcba98749c7 sshd.confd 2dd7e366607e95f9762273067309fd6e openssh-sftp-interactive.diff" -sha256sums="3ff64ce73ee124480b5bf767b9830d7d3c03bbcb6abe716b78f0192c37ce160e openssh-6.8p1.tar.gz +sha256sums="6e074df538f357d440be6cf93dc581a21f22d39e236f217fcd8eacbb6c896cfe openssh-6.9p1.tar.gz bf49212e47a86d10650f739532cea514a310925e6445b4f8011031b6b55f3249 openssh6.5-peaktput.diff -bf0f00bd88a7224ea0618f6e347a6a805c4e5acd869196725a3923d711ff1246 openssh6.8-dynwindows.diff +6340934b3178fda8ce9f70a2349389fcd2d17c156209f7d08ba38076bee73560 openssh6.9-dynwindows.diff 1c85437fd94aa4fc269e6297e4eb790baa98c39949ec0410792c09ee31ba9782 openssh-fix-utmp.diff cf053bee46c7037bdab3b3575c7080f4b514d8623c023a4dcfccb4cdcff179cf sshd.initd 29c6d57ac3ec6018cadc6ba6cd9b90c9ed46e20049b970fdcc68ee2481a2ee41 sshd.confd 4ce1ad5f767c0f4e854a0cfeef0e2e400f333c649e552df1ecc317e6a6557376 openssh-sftp-interactive.diff" -sha512sums="7c4457e4525a56cdabb1164ffaf6bed1c094294ae7d06dd3484dcffcd87738fcffe7019b6cae0032c254b0389832644522d5a9f2603b50637ffeb9999b5fcede openssh-6.8p1.tar.gz +sha512sums="68fec9b4e512fe126a5d35b01e2cc656d810b75052ed8a36bc85cd0a05de7318b15ed287bc95cf9bcb3fa2f385029151d85aced55e07fbcc79e6c779bee6751d openssh-6.9p1.tar.gz e041398e177674f698480e23be037160bd07b751c754956a3ddf1b964da24c85e826fb75e7c23c9826d36761da73d08db9583c047d58a08dc7b2149a949075b1 openssh6.5-peaktput.diff -307ca56d2bae53f2f2852a695de440843a457c4000524d1b7dbcf2f46f70ae4f8ba7309273b62287ad5eef2005e2911dd737a0f55605352397b8f557d78e18df openssh6.8-dynwindows.diff +b86f78d7de20c957f58a228a5a1385e6ccf9608c280630524cdbdd1300b04d8382fb86cf42852354f24f0a7d7132520a7c7edb4f2227ce70a99bec269ff33438 openssh6.9-dynwindows.diff f35fffcd26635249ce5d820e7b3e406e586f2d2d7f6a045f221e2f9fb53aebc1ab1dd1e603b3389462296ed77921a1d08456e7aaa3825cbed08f405b381a58e1 openssh-fix-utmp.diff 4c24dd9c3cc9ca97bc77bbabb4128e9e043d71523a4bfb93dae65882db1b397f80dc432a9dd013a0aafba1bc0864700d0c8613d444de244d540ff026ffc57e80 sshd.initd b9ae816af54a55e134a9307e376f05367b815f1b3fd545c2a2c312d18aedcf907f413e8bad8db980cdd9aad4011a72a79e1e94594f69500939a9cb46287f2f81 sshd.confd diff --git a/main/openssh/openssh6.8-dynwindows.diff b/main/openssh/openssh6.9-dynwindows.diff index 161173dbb3..1fb5a89b93 100644 --- a/main/openssh/openssh6.8-dynwindows.diff +++ b/main/openssh/openssh6.9-dynwindows.diff @@ -1,6 +1,7 @@ -diff -ruNp openssh-6.8p1.orig/buffer.h openssh-6.8p1/buffer.h ---- openssh-6.8p1.orig/buffer.h 2015-03-17 07:49:20.000000000 -0200 -+++ openssh-6.8p1/buffer.h 2015-03-19 10:13:33.493591054 -0200 +diff --git a/buffer.h b/buffer.h +index df1aebc..898ecef 100644 +--- a/buffer.h ++++ b/buffer.h @@ -16,6 +16,9 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ @@ -11,10 +12,11 @@ diff -ruNp openssh-6.8p1.orig/buffer.h openssh-6.8p1/buffer.h /* Emulation wrappers for legacy OpenSSH buffer API atop sshbuf */ #ifndef BUFFER_H -diff -ruNp openssh-6.8p1.orig/channels.c openssh-6.8p1/channels.c ---- openssh-6.8p1.orig/channels.c 2015-03-17 07:49:20.000000000 -0200 -+++ openssh-6.8p1/channels.c 2015-03-19 10:13:33.496924388 -0200 -@@ -183,8 +183,14 @@ static void port_open_helper(Channel *c, +diff --git a/channels.c b/channels.c +index a84b487..d4568ae 100644 +--- a/channels.c ++++ b/channels.c +@@ -186,8 +186,14 @@ static void port_open_helper(Channel *c, char *rtype); static int connect_next(struct channel_connect *); static void channel_connect_ctx_free(struct channel_connect *); @@ -29,7 +31,7 @@ diff -ruNp openssh-6.8p1.orig/channels.c openssh-6.8p1/channels.c Channel * channel_by_id(int id) { -@@ -333,6 +339,7 @@ channel_new(char *ctype, int type, int r +@@ -336,6 +342,7 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd, c->local_window_max = window; c->local_consumed = 0; c->local_maxpacket = maxpack; @@ -37,7 +39,7 @@ diff -ruNp openssh-6.8p1.orig/channels.c openssh-6.8p1/channels.c c->remote_id = -1; c->remote_name = xstrdup(remote_name); c->remote_window = 0; -@@ -837,11 +844,35 @@ channel_pre_open_13(Channel *c, fd_set * +@@ -840,11 +847,35 @@ channel_pre_open_13(Channel *c, fd_set *readset, fd_set *writeset) FD_SET(c->sock, writeset); } @@ -73,7 +75,7 @@ diff -ruNp openssh-6.8p1.orig/channels.c openssh-6.8p1/channels.c if (c->istate == CHAN_INPUT_OPEN && limit > 0 && buffer_len(&c->input) < limit && -@@ -1846,14 +1877,21 @@ channel_check_window(Channel *c) +@@ -1862,14 +1893,21 @@ channel_check_window(Channel *c) c->local_maxpacket*3) || c->local_window < c->local_window_max/2) && c->local_consumed > 0) { @@ -97,7 +99,7 @@ diff -ruNp openssh-6.8p1.orig/channels.c openssh-6.8p1/channels.c c->local_consumed = 0; } return 1; -@@ -2794,6 +2832,15 @@ channel_fwd_bind_addr(const char *listen +@@ -2813,6 +2851,15 @@ channel_fwd_bind_addr(const char *listen_addr, int *wildcardp, return addr; } @@ -113,7 +115,7 @@ diff -ruNp openssh-6.8p1.orig/channels.c openssh-6.8p1/channels.c static int channel_setup_fwd_listener_tcpip(int type, struct Forward *fwd, int *allocated_listen_port, struct ForwardOptions *fwd_opts) -@@ -2918,9 +2965,15 @@ channel_setup_fwd_listener_tcpip(int typ +@@ -2941,9 +2988,15 @@ channel_setup_fwd_listener_tcpip(int type, struct Forward *fwd, } /* Allocate a channel number for the socket. */ @@ -129,7 +131,7 @@ diff -ruNp openssh-6.8p1.orig/channels.c openssh-6.8p1/channels.c c->path = xstrdup(host); c->host_port = fwd->connect_port; c->listening_addr = addr == NULL ? NULL : xstrdup(addr); -@@ -3952,10 +4005,17 @@ x11_create_display_inet(int x11_display_ +@@ -3975,10 +4028,17 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost, *chanids = xcalloc(num_socks + 1, sizeof(**chanids)); for (n = 0; n < num_socks; n++) { sock = socks[n]; @@ -147,9 +149,10 @@ diff -ruNp openssh-6.8p1.orig/channels.c openssh-6.8p1/channels.c nc->single_connection = single_connection; (*chanids)[n] = nc->self; } -diff -ruNp openssh-6.8p1.orig/channels.h openssh-6.8p1/channels.h ---- openssh-6.8p1.orig/channels.h 2015-03-17 07:49:20.000000000 -0200 -+++ openssh-6.8p1/channels.h 2015-03-19 10:13:33.496924388 -0200 +diff --git a/channels.h b/channels.h +index 9d76c9d..ecece7f 100644 +--- a/channels.h ++++ b/channels.h @@ -134,8 +134,10 @@ struct Channel { u_int local_window_max; u_int local_consumed; @@ -172,7 +175,7 @@ diff -ruNp openssh-6.8p1.orig/channels.h openssh-6.8p1/channels.h #define CHAN_X11_PACKET_DEFAULT (16*1024) #define CHAN_X11_WINDOW_DEFAULT (4*CHAN_X11_PACKET_DEFAULT) -@@ -311,4 +315,7 @@ void chan_rcvd_ieof(Channel *); +@@ -312,4 +316,7 @@ void chan_rcvd_ieof(Channel *); void chan_write_failed(Channel *); void chan_obuf_empty(Channel *); @@ -180,10 +183,11 @@ diff -ruNp openssh-6.8p1.orig/channels.h openssh-6.8p1/channels.h +void channel_set_hpn(int, int); + #endif -diff -ruNp openssh-6.8p1.orig/clientloop.c openssh-6.8p1/clientloop.c ---- openssh-6.8p1.orig/clientloop.c 2015-03-17 07:49:20.000000000 -0200 -+++ openssh-6.8p1/clientloop.c 2015-03-19 10:16:54.303593060 -0200 -@@ -1909,9 +1909,15 @@ client_request_x11(const char *request_t +diff --git a/clientloop.c b/clientloop.c +index dc0e557..1e52726 100644 +--- a/clientloop.c ++++ b/clientloop.c +@@ -1922,9 +1922,15 @@ client_request_x11(const char *request_type, int rchan) sock = x11_connect_display(); if (sock < 0) return NULL; @@ -199,7 +203,7 @@ diff -ruNp openssh-6.8p1.orig/clientloop.c openssh-6.8p1/clientloop.c c->force_drain = 1; return c; } -@@ -1934,10 +1940,16 @@ client_request_agent(const char *request +@@ -1947,10 +1953,16 @@ client_request_agent(const char *request_type, int rchan) __func__, ssh_err(r)); return NULL; } @@ -217,17 +221,17 @@ diff -ruNp openssh-6.8p1.orig/clientloop.c openssh-6.8p1/clientloop.c c->force_drain = 1; return c; } -@@ -1964,10 +1976,18 @@ client_request_tun_fwd(int tun_mode, int +@@ -1977,10 +1989,18 @@ client_request_tun_fwd(int tun_mode, int local_tun, int remote_tun) return -1; } + if(options.hpn_disabled) -+ c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1, + c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1, +- CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1); + CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, + 0, "tun", 1); + else - c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1, -- CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1); ++ c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1, + options.hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT, + 0, "tun", 1); c->datagram = 1; @@ -237,10 +241,29 @@ diff -ruNp openssh-6.8p1.orig/clientloop.c openssh-6.8p1/clientloop.c #if defined(SSH_TUN_FILTER) if (options.tun_open == SSH_TUNMODE_POINTOPOINT) channel_register_filter(c->self, sys_tun_infilter, -diff -ruNp openssh-6.8p1.orig/compat.c openssh-6.8p1/compat.c ---- openssh-6.8p1.orig/compat.c 2015-03-17 07:49:20.000000000 -0200 -+++ openssh-6.8p1/compat.c 2015-03-19 10:25:00.433597851 -0200 -@@ -177,6 +177,12 @@ compat_datafellows(const char *version) +diff --git a/compat.c b/compat.c +index 0631024..7cee2f0 100644 +--- a/compat.c ++++ b/compat.c +@@ -40,7 +40,7 @@ + + int compat13 = 0; + int compat20 = 0; +-int datafellows = 0; ++unsigned int datafellows = 0; + + void + enable_compat20(void) +@@ -63,7 +63,7 @@ compat_datafellows(const char *version) + int i; + static struct { + char *pat; +- int bugs; ++ unsigned int bugs; + } check[] = { + { "OpenSSH-2.0*," + "OpenSSH-2.1*," +@@ -197,6 +197,12 @@ compat_datafellows(const char *version) debug("match: %s pat %s compat 0x%08x", version, check[i].pat, check[i].bugs); datafellows = check[i].bugs; /* XXX for now */ @@ -253,20 +276,29 @@ diff -ruNp openssh-6.8p1.orig/compat.c openssh-6.8p1/compat.c return check[i].bugs; } } -diff -ruNp openssh-6.8p1.orig/compat.h openssh-6.8p1/compat.h ---- openssh-6.8p1.orig/compat.h 2015-03-17 07:49:20.000000000 -0200 -+++ openssh-6.8p1/compat.h 2015-03-19 10:13:33.496924388 -0200 -@@ -60,6 +60,7 @@ - #define SSH_NEW_OPENSSH 0x04000000 - #define SSH_BUG_DYNAMIC_RPORT 0x08000000 +diff --git a/compat.h b/compat.h +index 2be290a..453c85e 100644 +--- a/compat.h ++++ b/compat.h +@@ -62,6 +62,7 @@ #define SSH_BUG_CURVE25519PAD 0x10000000 -+#define SSH_BUG_LARGEWINDOW 0x20000000 + #define SSH_BUG_HOSTKEYS 0x20000000 + #define SSH_BUG_DHGEX_LARGE 0x40000000 ++#define SSH_BUG_LARGEWINDOW 0x80000000 void enable_compat13(void); void enable_compat20(void); -diff -ruNp openssh-6.8p1.orig/readconf.c openssh-6.8p1/readconf.c ---- openssh-6.8p1.orig/readconf.c 2015-03-17 07:49:20.000000000 -0200 -+++ openssh-6.8p1/readconf.c 2015-03-19 10:26:16.100265293 -0200 +@@ -73,5 +74,5 @@ char *compat_kex_proposal(char *); + + extern int compat13; + extern int compat20; +-extern int datafellows; ++extern unsigned int datafellows; + #endif +diff --git a/readconf.c b/readconf.c +index db7d0bb..d6ddeec 100644 +--- a/readconf.c ++++ b/readconf.c @@ -157,6 +157,7 @@ typedef enum { oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs, oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys, @@ -357,9 +389,10 @@ diff -ruNp openssh-6.8p1.orig/readconf.c openssh-6.8p1/readconf.c if (options->control_master == -1) options->control_master = 0; if (options->control_persist == -1) { -diff -ruNp openssh-6.8p1.orig/readconf.h openssh-6.8p1/readconf.h ---- openssh-6.8p1.orig/readconf.h 2015-03-17 07:49:20.000000000 -0200 -+++ openssh-6.8p1/readconf.h 2015-03-19 10:13:33.496924388 -0200 +diff --git a/readconf.h b/readconf.h +index 576b9e3..7ac9710 100644 +--- a/readconf.h ++++ b/readconf.h @@ -57,6 +57,10 @@ typedef struct { int compression_level; /* Compression level 1 (fast) to 9 * (best). */ @@ -371,9 +404,10 @@ diff -ruNp openssh-6.8p1.orig/readconf.h openssh-6.8p1/readconf.h int ip_qos_interactive; /* IP ToS/DSCP/class for interactive */ int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */ LogLevel log_level; /* Level for logging. */ -diff -ruNp openssh-6.8p1.orig/scp.c openssh-6.8p1/scp.c ---- openssh-6.8p1.orig/scp.c 2015-03-17 07:49:20.000000000 -0200 -+++ openssh-6.8p1/scp.c 2015-03-19 10:14:40.790258386 -0200 +diff --git a/scp.c b/scp.c +index 593fe89..c6922ee 100644 +--- a/scp.c ++++ b/scp.c @@ -750,7 +750,7 @@ source(int argc, char **argv) off_t i, statbytes; size_t amt, nr; @@ -392,20 +426,21 @@ diff -ruNp openssh-6.8p1.orig/scp.c openssh-6.8p1/scp.c struct timeval tv[2]; #define atime tv[0] -diff -ruNp openssh-6.8p1.orig/servconf.c openssh-6.8p1/servconf.c ---- openssh-6.8p1.orig/servconf.c 2015-03-17 07:49:20.000000000 -0200 -+++ openssh-6.8p1/servconf.c 2015-03-19 10:27:19.056932557 -0200 -@@ -159,6 +159,9 @@ initialize_server_options(ServerOptions - options->revoked_keys_file = NULL; - options->trusted_user_ca_keys = NULL; +diff --git a/servconf.c b/servconf.c +index df93fc4..ea821e7 100644 +--- a/servconf.c ++++ b/servconf.c +@@ -163,6 +163,9 @@ initialize_server_options(ServerOptions *options) options->authorized_principals_file = NULL; + options->authorized_principals_command = NULL; + options->authorized_principals_command_user = NULL; + options->tcp_rcv_buf_poll = -1; + options->hpn_disabled = -1; + options->hpn_buffer_size = -1; options->ip_qos_interactive = -1; options->ip_qos_bulk = -1; options->version_addendum = NULL; -@@ -175,6 +178,7 @@ option_clear_or_none(const char *o) +@@ -179,6 +182,7 @@ option_clear_or_none(const char *o) void fill_default_server_options(ServerOptions *options) { @@ -413,7 +448,7 @@ diff -ruNp openssh-6.8p1.orig/servconf.c openssh-6.8p1/servconf.c int i; /* Portable-specific options */ -@@ -321,6 +325,41 @@ fill_default_server_options(ServerOption +@@ -329,6 +333,41 @@ fill_default_server_options(ServerOptions *options) } if (options->permit_tun == -1) options->permit_tun = SSH_TUNMODE_NO; @@ -455,15 +490,15 @@ diff -ruNp openssh-6.8p1.orig/servconf.c openssh-6.8p1/servconf.c if (options->ip_qos_interactive == -1) options->ip_qos_interactive = IPTOS_LOWDELAY; if (options->ip_qos_bulk == -1) -@@ -396,6 +435,7 @@ typedef enum { - sUsePrivilegeSeparation, sAllowAgentForwarding, +@@ -407,6 +446,7 @@ typedef enum { sHostCertificate, sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, + sAuthorizedPrincipalsCommand, sAuthorizedPrincipalsCommandUser, + sTcpRcvBufPoll, sHPNDisabled, sHPNBufferSize, sKexAlgorithms, sIPQoS, sVersionAddendum, sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, -@@ -524,6 +564,9 @@ static struct { +@@ -537,6 +577,9 @@ static struct { { "revokedkeys", sRevokedKeys, SSHCFG_ALL }, { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, @@ -473,7 +508,7 @@ diff -ruNp openssh-6.8p1.orig/servconf.c openssh-6.8p1/servconf.c { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL }, { "ipqos", sIPQoS, SSHCFG_ALL }, { "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL }, -@@ -560,6 +603,7 @@ parse_token(const char *cp, const char * +@@ -575,6 +618,7 @@ parse_token(const char *cp, const char *filename, for (i = 0; keywords[i].name; i++) if (strcasecmp(cp, keywords[i].name) == 0) { @@ -481,7 +516,7 @@ diff -ruNp openssh-6.8p1.orig/servconf.c openssh-6.8p1/servconf.c *flags = keywords[i].flags; return keywords[i].opcode; } -@@ -1104,6 +1148,19 @@ process_server_config_line(ServerOptions +@@ -1152,6 +1196,19 @@ process_server_config_line(ServerOptions *options, char *line, *intptr = value; break; @@ -501,10 +536,11 @@ diff -ruNp openssh-6.8p1.orig/servconf.c openssh-6.8p1/servconf.c case sIgnoreUserKnownHosts: intptr = &options->ignore_user_known_hosts; goto parse_flag; -diff -ruNp openssh-6.8p1.orig/servconf.h openssh-6.8p1/servconf.h ---- openssh-6.8p1.orig/servconf.h 2015-03-17 07:49:20.000000000 -0200 -+++ openssh-6.8p1/servconf.h 2015-03-19 10:13:33.500257721 -0200 -@@ -168,6 +168,9 @@ typedef struct { +diff --git a/servconf.h b/servconf.h +index 606d80c..d2854f2 100644 +--- a/servconf.h ++++ b/servconf.h +@@ -171,6 +171,9 @@ typedef struct { char *adm_forced_command; int use_pam; /* Enable auth via PAM */ @@ -514,9 +550,10 @@ diff -ruNp openssh-6.8p1.orig/servconf.h openssh-6.8p1/servconf.h int permit_tun; -diff -ruNp openssh-6.8p1.orig/serverloop.c openssh-6.8p1/serverloop.c ---- openssh-6.8p1.orig/serverloop.c 2015-03-17 07:49:20.000000000 -0200 -+++ openssh-6.8p1/serverloop.c 2015-03-19 10:13:33.500257721 -0200 +diff --git a/serverloop.c b/serverloop.c +index 306ac36..2fd1ad5 100644 +--- a/serverloop.c ++++ b/serverloop.c @@ -1051,8 +1051,12 @@ server_request_tun(void) sock = tun_open(tun, mode); if (sock < 0) @@ -539,10 +576,11 @@ diff -ruNp openssh-6.8p1.orig/serverloop.c openssh-6.8p1/serverloop.c if (session_open(the_authctxt, c->self) != 1) { debug("session open failed, free channel %d", c->self); channel_free(c); -diff -ruNp openssh-6.8p1.orig/session.c openssh-6.8p1/session.c ---- openssh-6.8p1.orig/session.c 2015-03-17 07:49:20.000000000 -0200 -+++ openssh-6.8p1/session.c 2015-03-19 10:13:33.500257721 -0200 -@@ -220,6 +220,7 @@ auth_input_request_forwarding(struct pas +diff --git a/session.c b/session.c +index 5a64715..00856ea 100644 +--- a/session.c ++++ b/session.c +@@ -220,6 +220,7 @@ auth_input_request_forwarding(struct passwd * pw) goto authsock_err; /* Allocate a channel for the authentication agent socket. */ @@ -550,7 +588,7 @@ diff -ruNp openssh-6.8p1.orig/session.c openssh-6.8p1/session.c nc = channel_new("auth socket", SSH_CHANNEL_AUTH_SOCKET, sock, sock, -1, CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, -@@ -2329,10 +2330,16 @@ session_set_fds(Session *s, int fdin, in +@@ -2329,10 +2330,16 @@ session_set_fds(Session *s, int fdin, int fdout, int fderr, int ignore_fderr, */ if (s->chanid == -1) fatal("no channel for session %d", s->self); @@ -567,9 +605,10 @@ diff -ruNp openssh-6.8p1.orig/session.c openssh-6.8p1/session.c } /* -diff -ruNp openssh-6.8p1.orig/sftp.1 openssh-6.8p1/sftp.1 ---- openssh-6.8p1.orig/sftp.1 2015-03-17 07:49:20.000000000 -0200 -+++ openssh-6.8p1/sftp.1 2015-03-19 10:13:33.500257721 -0200 +diff --git a/sftp.1 b/sftp.1 +index 214f011..55d6eec 100644 +--- a/sftp.1 ++++ b/sftp.1 @@ -263,7 +263,8 @@ diagnostic messages from Specify how many requests may be outstanding at any one time. Increasing this may slightly improve file transfer speed @@ -580,9 +619,10 @@ diff -ruNp openssh-6.8p1.orig/sftp.1 openssh-6.8p1/sftp.1 .It Fl r Recursively copy entire directories when uploading and downloading. Note that -diff -ruNp openssh-6.8p1.orig/sftp.c openssh-6.8p1/sftp.c ---- openssh-6.8p1.orig/sftp.c 2015-03-19 09:58:59.000000000 -0200 -+++ openssh-6.8p1/sftp.c 2015-03-19 10:13:33.500257721 -0200 +diff --git a/sftp.c b/sftp.c +index cb9b967..dda3809 100644 +--- a/sftp.c ++++ b/sftp.c @@ -71,7 +71,7 @@ typedef void EditLine; #include "sftp-client.h" @@ -592,10 +632,11 @@ diff -ruNp openssh-6.8p1.orig/sftp.c openssh-6.8p1/sftp.c /* File to read commands from */ FILE* infile; -diff -ruNp openssh-6.8p1.orig/ssh.c openssh-6.8p1/ssh.c ---- openssh-6.8p1.orig/ssh.c 2015-03-17 07:49:20.000000000 -0200 -+++ openssh-6.8p1/ssh.c 2015-03-19 10:13:33.503591053 -0200 -@@ -1811,6 +1811,9 @@ ssh_session2_open(void) +diff --git a/ssh.c b/ssh.c +index 3fd5a94..79f97c8 100644 +--- a/ssh.c ++++ b/ssh.c +@@ -1813,6 +1813,9 @@ ssh_session2_open(void) { Channel *c; int window, packetmax, in, out, err; @@ -605,7 +646,7 @@ diff -ruNp openssh-6.8p1.orig/ssh.c openssh-6.8p1/ssh.c if (stdin_null_flag) { in = open(_PATH_DEVNULL, O_RDONLY); -@@ -1831,9 +1834,74 @@ ssh_session2_open(void) +@@ -1833,9 +1836,74 @@ ssh_session2_open(void) if (!isatty(err)) set_nonblock(err); @@ -681,7 +722,7 @@ diff -ruNp openssh-6.8p1.orig/ssh.c openssh-6.8p1/ssh.c window >>= 1; packetmax >>= 1; } -@@ -1842,6 +1910,10 @@ ssh_session2_open(void) +@@ -1844,6 +1912,10 @@ ssh_session2_open(void) window, packetmax, CHAN_EXTENDED_WRITE, "client-session", /*nonblock*/0); @@ -692,9 +733,10 @@ diff -ruNp openssh-6.8p1.orig/ssh.c openssh-6.8p1/ssh.c debug3("ssh_session2_open: channel_new: %d", c->self); channel_send_open(c->self); -diff -ruNp openssh-6.8p1.orig/sshconnect.c openssh-6.8p1/sshconnect.c ---- openssh-6.8p1.orig/sshconnect.c 2015-03-17 07:49:20.000000000 -0200 -+++ openssh-6.8p1/sshconnect.c 2015-03-19 10:13:33.503591053 -0200 +diff --git a/sshconnect.c b/sshconnect.c +index f41960c..a36834e 100644 +--- a/sshconnect.c ++++ b/sshconnect.c @@ -267,6 +267,31 @@ ssh_kill_proxy_command(void) } @@ -727,7 +769,7 @@ diff -ruNp openssh-6.8p1.orig/sshconnect.c openssh-6.8p1/sshconnect.c * Creates a (possibly privileged) socket for use as the ssh connection. */ static int -@@ -282,6 +307,9 @@ ssh_create_socket(int privileged, struct +@@ -282,6 +307,9 @@ ssh_create_socket(int privileged, struct addrinfo *ai) } fcntl(sock, F_SETFD, FD_CLOEXEC); @@ -737,7 +779,7 @@ diff -ruNp openssh-6.8p1.orig/sshconnect.c openssh-6.8p1/sshconnect.c /* Bind the socket to an alternative local IP address */ if (options.bind_address == NULL && !privileged) return sock; -@@ -524,10 +552,10 @@ send_client_banner(int connection_out, i +@@ -524,10 +552,10 @@ send_client_banner(int connection_out, int minor1) /* Send our own protocol version identification. */ if (compat20) { xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n", @@ -750,10 +792,11 @@ diff -ruNp openssh-6.8p1.orig/sshconnect.c openssh-6.8p1/sshconnect.c } if (roaming_atomicio(vwrite, connection_out, client_version_string, strlen(client_version_string)) != strlen(client_version_string)) -diff -ruNp openssh-6.8p1.orig/sshd.c openssh-6.8p1/sshd.c ---- openssh-6.8p1.orig/sshd.c 2015-03-17 07:49:20.000000000 -0200 -+++ openssh-6.8p1/sshd.c 2015-03-19 10:13:33.503591053 -0200 -@@ -431,7 +431,7 @@ sshd_exchange_identification(int sock_in +diff --git a/sshd.c b/sshd.c +index 6f8c6f2..77888cb 100644 +--- a/sshd.c ++++ b/sshd.c +@@ -431,7 +431,7 @@ sshd_exchange_identification(int sock_in, int sock_out) } xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s", @@ -762,7 +805,7 @@ diff -ruNp openssh-6.8p1.orig/sshd.c openssh-6.8p1/sshd.c *options.version_addendum == '\0' ? "" : " ", options.version_addendum, newline); -@@ -1149,6 +1149,8 @@ server_listen(void) +@@ -1151,6 +1151,8 @@ server_listen(void) int ret, listen_sock, on = 1; struct addrinfo *ai; char ntop[NI_MAXHOST], strport[NI_MAXSERV]; @@ -771,7 +814,7 @@ diff -ruNp openssh-6.8p1.orig/sshd.c openssh-6.8p1/sshd.c for (ai = options.listen_addrs; ai; ai = ai->ai_next) { if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) -@@ -1189,6 +1191,11 @@ server_listen(void) +@@ -1191,6 +1193,11 @@ server_listen(void) debug("Bind to port %s on %s.", strport, ntop); @@ -783,9 +826,9 @@ diff -ruNp openssh-6.8p1.orig/sshd.c openssh-6.8p1/sshd.c /* Bind the socket to the desired port. */ if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) { error("Bind to port %s on %s failed: %.200s.", -@@ -2132,6 +2139,9 @@ main(int ac, char **av) - remote_ip, remote_port, - get_local_ipaddr(sock_in), get_local_port()); +@@ -2141,6 +2148,9 @@ main(int ac, char **av) + remote_ip, remote_port, laddr, get_local_port()); + free(laddr); + /* set the HPN options for the child */ + channel_set_hpn(options.hpn_disabled, options.hpn_buffer_size); @@ -793,10 +836,11 @@ diff -ruNp openssh-6.8p1.orig/sshd.c openssh-6.8p1/sshd.c /* * We don't want to listen forever unless the other side * successfully authenticates itself. So we set up an alarm which is -diff -ruNp openssh-6.8p1.orig/sshd_config openssh-6.8p1/sshd_config ---- openssh-6.8p1.orig/sshd_config 2015-03-17 07:49:20.000000000 -0200 -+++ openssh-6.8p1/sshd_config 2015-03-19 10:13:33.503591053 -0200 -@@ -125,6 +125,17 @@ UsePrivilegeSeparation sandbox # Defaul +diff --git a/sshd_config b/sshd_config +index cf7d8e1..0263bee 100644 +--- a/sshd_config ++++ b/sshd_config +@@ -125,6 +125,17 @@ UsePrivilegeSeparation sandbox # Default for new installations. # override default of no subsystems Subsystem sftp /usr/libexec/sftp-server @@ -814,11 +858,12 @@ diff -ruNp openssh-6.8p1.orig/sshd_config openssh-6.8p1/sshd_config # Example of overriding settings on a per-user basis #Match User anoncvs # X11Forwarding no -diff -ruNp openssh-6.8p1.orig/version.h openssh-6.8p1/version.h ---- openssh-6.8p1.orig/version.h 2015-03-17 07:49:20.000000000 -0200 -+++ openssh-6.8p1/version.h 2015-03-19 10:13:33.503591053 -0200 +diff --git a/version.h b/version.h +index b58fbe1..32b6aec 100644 +--- a/version.h ++++ b/version.h @@ -3,4 +3,5 @@ - #define SSH_VERSION "OpenSSH_6.8" + #define SSH_VERSION "OpenSSH_6.9" #define SSH_PORTABLE "p1" -#define SSH_RELEASE SSH_VERSION SSH_PORTABLE |