aboutsummaryrefslogtreecommitdiffstats
path: root/main
diff options
context:
space:
mode:
Diffstat (limited to 'main')
-rw-r--r--main/openssh/APKBUILD30
-rw-r--r--main/openssh/openssh-hmac-accel.diff10
-rw-r--r--main/openssh/openssh6.5-peaktput.diff (renamed from main/openssh/openssh-peaktput.diff)27
-rw-r--r--main/openssh/openssh6.6-dynwindows.diff (renamed from main/openssh/openssh6.2-dynwindows.diff)507
4 files changed, 212 insertions, 362 deletions
diff --git a/main/openssh/APKBUILD b/main/openssh/APKBUILD
index 70b5103e6c..122933deaa 100644
--- a/main/openssh/APKBUILD
+++ b/main/openssh/APKBUILD
@@ -1,8 +1,8 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=openssh
-pkgver=6.4_p1
+pkgver=6.6_p1
_myver=${pkgver%_*}${pkgver#*_}
-pkgrel=1
+pkgrel=0
pkgdesc="Port of OpenBSD's free SSH release"
url="http://www.openssh.org/portable.html"
arch="all"
@@ -11,9 +11,8 @@ depends="openssh-client"
makedepends="openssl-dev zlib-dev"
subpackages="$pkgname-doc $pkgname-client"
source="ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/$pkgname-$_myver.tar.gz
- openssh6.2-dynwindows.diff
- openssh-peaktput.diff
- openssh-hmac-accel.diff
+ openssh6.6-dynwindows.diff
+ openssh6.5-peaktput.diff
openssh-fix-includes.diff
openssh-fix-utmp.diff
sshd.initd
@@ -102,28 +101,25 @@ client() {
"$subpkgdir"/usr/bin/ssh-copy-id || return 1
}
-md5sums="a62b88b884df0b09b8a8c5789ac9e51b openssh-6.4p1.tar.gz
-2306a0f6ba8915c02c533e7bf6e64fe8 openssh6.2-dynwindows.diff
-77da1e0dd9bfe98a9c84747e7e3dc7b3 openssh-peaktput.diff
-c65d454dc5b149647273485fc184636d openssh-hmac-accel.diff
+md5sums="3e9800e6bca1fbac0eea4d41baa7f239 openssh-6.6p1.tar.gz
+776fca63396b534736d26f776d1dca7b openssh6.6-dynwindows.diff
+cd52fe99cb4b7d0d847bf5d710d93564 openssh6.5-peaktput.diff
7c86680602f7ad71b0773d9e98a30d73 openssh-fix-includes.diff
f7d9d6f96940ef66bd3c3a0aa27e57a7 openssh-fix-utmp.diff
cb0dd08c413fad346f0c594107b4a2e0 sshd.initd
b35e9f3829f4cfca07168fcba98749c7 sshd.confd
e4cf579145106ce3d4465453b70ea50d CVE-2014-2532.patch"
-sha256sums="5530f616513b14aea3662c4c373bafd6a97a269938674c006377e381f68975d2 openssh-6.4p1.tar.gz
-4f78f16807c6b6a3a3773c000b85df0c56ea8a93dc35eaa6bbdffe6e30328e58 openssh6.2-dynwindows.diff
-6e803be3b3569eedfe69d9e9aeabef2e3fec2ed28f75bc456dfd69c2ef2c8198 openssh-peaktput.diff
-902ea83a9ef726f32b096280da0f1b722f4372886c65c4e28985ee57e725d95c openssh-hmac-accel.diff
+sha256sums="48c1f0664b4534875038004cc4f3555b8329c2a81c1df48db5c517800de203bb openssh-6.6p1.tar.gz
+83f2b2c07988c6321875240c02a161a83ec84661d592cbd2188ea8c962f9b1ad openssh6.6-dynwindows.diff
+bf49212e47a86d10650f739532cea514a310925e6445b4f8011031b6b55f3249 openssh6.5-peaktput.diff
c3189ba0e17e60e83851ac2d6f18ad5b08cb90cccfce31d61cccb9fd76d44d59 openssh-fix-includes.diff
f2748da45d0bc31055727f8c80d93e1872cc043ced3202e2f6d150aca3c08dde openssh-fix-utmp.diff
3fa062fd4bfac64abf21f3c1d0548f1dfcf3c6e56e84ece14c848f53a293024e sshd.initd
29c6d57ac3ec6018cadc6ba6cd9b90c9ed46e20049b970fdcc68ee2481a2ee41 sshd.confd
323d1a7a0ff72143580ac1b0ce2a28b9640f956368bc6629890c22c79af28aaa CVE-2014-2532.patch"
-sha512sums="f87b3e1d3110b87c1dfff729459ff26024863480c8eb4449b9e3b0b750d187acdfedb199ca4ea133b5dfa436bed0e2eea7607392d451b18c626c4dc1d38bb52a openssh-6.4p1.tar.gz
-773cc0629e17a8f78e82be56e579855ea9b3ca8fd26360964aee854d717a7cfc2c9d4d654cf0fda5723c3aabe96e48ee2cfe6d1fd64b5717f0ef5eb997d00293 openssh6.2-dynwindows.diff
-64f5aff3fc1a0d2f7c65ea875d1c2c4d98a3d305ff2677d9d4ca82f20778df9e317b1bfc428cee2b0df1bfa01a65dfcf83b68435a227a23a2cf3400fef35d656 openssh-peaktput.diff
-aaa128126400171d0755038a846672aa7b1e87340edf73a672962d403abf404ef1821466b17da51dde25f04ec7533ae4a653399ccc912ea9c4a7b1a14032e76f openssh-hmac-accel.diff
+sha512sums="3d3566ed87649882702cad52db1adefebfb3ef788c9f77a493f99db7e9ca2e8edcde793dd426df7df0aed72a42a31c20a63ef51506111369d3a7c49e0bf6c82b openssh-6.6p1.tar.gz
+3aab8b8e1f86ce04ebc69bbdbf3c70cefd510d7b4080b99067ec49957b5e421b49e3b8a0a62103d17cf644cd7c0b30e9283a62a24988b1bbb0fbdabbdc1202fd openssh6.6-dynwindows.diff
+e041398e177674f698480e23be037160bd07b751c754956a3ddf1b964da24c85e826fb75e7c23c9826d36761da73d08db9583c047d58a08dc7b2149a949075b1 openssh6.5-peaktput.diff
70e2c6613ab77ec379e03ddf029c1c38e5d852bb225db40ceaa63e642d58b0261fa7c954b288710736bb1dc71f8057f2598ea0d1f5b1214135fa5e9541d5f05a openssh-fix-includes.diff
cc909f68d9da1b264926973b96d36162b5c588299c98d62f526faf2ef1273d98bb8d8dea4d482770a2aef88bcbf15fa61144401aef9ab916c15e1623bcf449b5 openssh-fix-utmp.diff
1483e2bcd700da9b02f04508d490b472c816344787bf1675fef2f7e27f72b91e4323e4e8c1db701e47d81d37d6d4b0623eaeac46b2cf589ae5ad69f363baa594 sshd.initd
diff --git a/main/openssh/openssh-hmac-accel.diff b/main/openssh/openssh-hmac-accel.diff
deleted file mode 100644
index 91140263cb..0000000000
--- a/main/openssh/openssh-hmac-accel.diff
+++ /dev/null
@@ -1,10 +0,0 @@
---- a/mac.c
-+++ b/mac.c
-@@ -142,6 +142,7 @@
- /* reset HMAC context */
- HMAC_Init(&mac->evp_ctx, NULL, 0, NULL);
- HMAC_Update(&mac->evp_ctx, b, sizeof(b));
-+ HMAC_CTX_set_flags(&mac->evp_ctx, EVP_MD_CTX_FLAG_ONESHOT);
- HMAC_Update(&mac->evp_ctx, data, datalen);
- HMAC_Final(&mac->evp_ctx, m, NULL);
- break;
diff --git a/main/openssh/openssh-peaktput.diff b/main/openssh/openssh6.5-peaktput.diff
index d511242944..7307563783 100644
--- a/main/openssh/openssh-peaktput.diff
+++ b/main/openssh/openssh6.5-peaktput.diff
@@ -1,17 +1,9 @@
-From: Timo Teräs <timo.teras@iki.fi>
-Date: Tue, 17 Jan 2012 07:45:35 +0000
-Subject: [PATCH 1/2] peakput
-
----
- progressmeter.c | 19 ++++++++++++++++++-
- 1 files changed, 18 insertions(+), 1 deletions(-)
-
diff --git a/progressmeter.c b/progressmeter.c
-index 0f95222..6b22511 100644
+index bbbc706..02e5d6d 100644
--- a/progressmeter.c
+++ b/progressmeter.c
-@@ -68,6 +68,8 @@ static time_t last_update; /* last progress update */
- static char *file; /* name of the file being transferred */
+@@ -69,6 +69,8 @@ static char *file; /* name of the file being transferred */
+ static off_t start_pos; /* initial position of transfer */
static off_t end_pos; /* ending position of transfer */
static off_t cur_pos; /* transfer position as of last refresh */
+static off_t last_pos;
@@ -19,13 +11,13 @@ index 0f95222..6b22511 100644
static volatile off_t *counter; /* progress counter */
static long stalled; /* how long we have been stalled */
static int bytes_per_second; /* current speed in bytes per second */
-@@ -128,12 +130,17 @@ refresh_progress_meter(void)
+@@ -129,12 +131,17 @@ refresh_progress_meter(void)
int hours, minutes, seconds;
int i, len;
int file_len;
+ off_t delta_pos;
- transferred = *counter - cur_pos;
+ transferred = *counter - (cur_pos ? cur_pos : start_pos);
cur_pos = *counter;
now = monotime();
bytes_left = end_pos - cur_pos;
@@ -37,7 +29,7 @@ index 0f95222..6b22511 100644
if (bytes_left > 0)
elapsed = now - last_update;
else {
-@@ -158,7 +165,7 @@ refresh_progress_meter(void)
+@@ -159,7 +166,7 @@ refresh_progress_meter(void)
/* filename */
buf[0] = '\0';
@@ -46,7 +38,7 @@ index 0f95222..6b22511 100644
if (file_len > 0) {
len = snprintf(buf, file_len + 1, "\r%s", file);
if (len < 0)
-@@ -188,6 +195,15 @@ refresh_progress_meter(void)
+@@ -189,6 +196,15 @@ refresh_progress_meter(void)
(off_t)bytes_per_second);
strlcat(buf, "/s ", win_size);
@@ -62,7 +54,7 @@ index 0f95222..6b22511 100644
/* ETA */
if (!transferred)
stalled += elapsed;
-@@ -224,6 +240,7 @@ refresh_progress_meter(void)
+@@ -225,6 +241,7 @@ refresh_progress_meter(void)
atomicio(vwrite, STDOUT_FILENO, buf, win_size - 1);
last_update = now;
@@ -70,6 +62,3 @@ index 0f95222..6b22511 100644
}
/*ARGSUSED*/
---
-1.7.8.3
-
diff --git a/main/openssh/openssh6.2-dynwindows.diff b/main/openssh/openssh6.6-dynwindows.diff
index 2e1492792d..1708caa752 100644
--- a/main/openssh/openssh6.2-dynwindows.diff
+++ b/main/openssh/openssh6.6-dynwindows.diff
@@ -1,7 +1,8 @@
-diff -rNuwpB canonical/buffer.c dynamic/buffer.c
---- canonical/buffer.c 2010-02-11 17:23:40.000000000 -0500
-+++ dynamic/buffer.c 2013-08-14 13:56:39.111508385 -0400
-@@ -127,7 +127,7 @@ restart:
+diff --git a/buffer.c b/buffer.c
+index d240f67..88e16d0 100644
+--- a/buffer.c
++++ b/buffer.c
+@@ -128,7 +128,7 @@ restart:
/* Increase the size of the buffer and retry. */
newlen = roundup(buffer->alloc + len, BUFFER_ALLOCSZ);
@@ -10,9 +11,10 @@ diff -rNuwpB canonical/buffer.c dynamic/buffer.c
fatal("buffer_append_space: alloc %u not supported",
newlen);
buffer->buf = xrealloc(buffer->buf, 1, newlen);
-diff -rNuwpB canonical/buffer.h dynamic/buffer.h
---- canonical/buffer.h 2010-09-09 21:39:27.000000000 -0400
-+++ dynamic/buffer.h 2013-08-14 13:56:39.113507594 -0400
+diff --git a/buffer.h b/buffer.h
+index 7df8a38..244de01 100644
+--- a/buffer.h
++++ b/buffer.h
@@ -16,6 +16,9 @@
#ifndef BUFFER_H
#define BUFFER_H
@@ -23,10 +25,11 @@ diff -rNuwpB canonical/buffer.h dynamic/buffer.h
typedef struct {
u_char *buf; /* Buffer for data. */
u_int alloc; /* Number of bytes allocated for data. */
-diff -rNuwpB canonical/channels.c dynamic/channels.c
---- canonical/channels.c 2012-12-02 17:50:55.000000000 -0500
-+++ dynamic/channels.c 2013-08-14 13:56:39.132511340 -0400
-@@ -173,8 +173,14 @@ static void port_open_helper(Channel *c,
+diff --git a/channels.c b/channels.c
+index 9efe89c..bb01516 100644
+--- a/channels.c
++++ b/channels.c
+@@ -173,8 +173,14 @@ static void port_open_helper(Channel *c, char *rtype);
static int connect_next(struct channel_connect *);
static void channel_connect_ctx_free(struct channel_connect *);
@@ -41,7 +44,7 @@ diff -rNuwpB canonical/channels.c dynamic/channels.c
Channel *
channel_by_id(int id)
{
-@@ -319,6 +325,7 @@ channel_new(char *ctype, int type, int r
+@@ -323,6 +329,7 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd,
c->local_window_max = window;
c->local_consumed = 0;
c->local_maxpacket = maxpack;
@@ -49,7 +52,7 @@ diff -rNuwpB canonical/channels.c dynamic/channels.c
c->remote_id = -1;
c->remote_name = xstrdup(remote_name);
c->remote_window = 0;
-@@ -818,11 +825,35 @@ channel_pre_open_13(Channel *c, fd_set *
+@@ -819,11 +826,35 @@ channel_pre_open_13(Channel *c, fd_set *readset, fd_set *writeset)
FD_SET(c->sock, writeset);
}
@@ -85,7 +88,7 @@ diff -rNuwpB canonical/channels.c dynamic/channels.c
if (c->istate == CHAN_INPUT_OPEN &&
limit > 0 &&
buffer_len(&c->input) < limit &&
-@@ -1806,14 +1837,21 @@ channel_check_window(Channel *c)
+@@ -1815,14 +1846,21 @@ channel_check_window(Channel *c)
c->local_maxpacket*3) ||
c->local_window < c->local_window_max/2) &&
c->local_consumed > 0) {
@@ -109,7 +112,7 @@ diff -rNuwpB canonical/channels.c dynamic/channels.c
c->local_consumed = 0;
}
return 1;
-@@ -2719,6 +2757,15 @@ channel_fwd_bind_addr(const char *listen
+@@ -2738,6 +2776,15 @@ channel_fwd_bind_addr(const char *listen_addr, int *wildcardp,
return addr;
}
@@ -125,7 +128,7 @@ diff -rNuwpB canonical/channels.c dynamic/channels.c
static int
channel_setup_fwd_listener(int type, const char *listen_addr,
u_short listen_port, int *allocated_listen_port,
-@@ -2845,9 +2892,15 @@ channel_setup_fwd_listener(int type, con
+@@ -2864,9 +2911,15 @@ channel_setup_fwd_listener(int type, const char *listen_addr,
}
/* Allocate a channel number for the socket. */
@@ -141,7 +144,7 @@ diff -rNuwpB canonical/channels.c dynamic/channels.c
c->path = xstrdup(host);
c->host_port = port_to_connect;
c->listening_addr = addr == NULL ? NULL : xstrdup(addr);
-@@ -3503,10 +3556,17 @@ x11_create_display_inet(int x11_display_
+@@ -3514,10 +3567,17 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost,
*chanids = xcalloc(num_socks + 1, sizeof(**chanids));
for (n = 0; n < num_socks; n++) {
sock = socks[n];
@@ -159,10 +162,11 @@ diff -rNuwpB canonical/channels.c dynamic/channels.c
nc->single_connection = single_connection;
(*chanids)[n] = nc->self;
}
-diff -rNuwpB canonical/channels.h dynamic/channels.h
---- canonical/channels.h 2012-04-21 21:21:10.000000000 -0400
-+++ dynamic/channels.h 2013-08-14 13:56:39.115508853 -0400
-@@ -129,8 +129,10 @@ struct Channel {
+diff --git a/channels.h b/channels.h
+index 4fab9d7..91ef316 100644
+--- a/channels.h
++++ b/channels.h
+@@ -132,8 +132,10 @@ struct Channel {
u_int local_window_max;
u_int local_consumed;
u_int local_maxpacket;
@@ -173,21 +177,18 @@ diff -rNuwpB canonical/channels.h dynamic/channels.h
char *ctype; /* type */
-@@ -165,9 +167,11 @@ struct Channel {
-
+@@ -169,8 +171,10 @@ struct Channel {
/* default window/packet sizes for tcp/x11-fwd-channel */
#define CHAN_SES_PACKET_DEFAULT (32*1024)
--#define CHAN_SES_WINDOW_DEFAULT (64*CHAN_SES_PACKET_DEFAULT)
-+#define CHAN_SES_WINDOW_DEFAULT (4*CHAN_SES_PACKET_DEFAULT)
+ #define CHAN_SES_WINDOW_DEFAULT (64*CHAN_SES_PACKET_DEFAULT)
+
#define CHAN_TCP_PACKET_DEFAULT (32*1024)
--#define CHAN_TCP_WINDOW_DEFAULT (64*CHAN_TCP_PACKET_DEFAULT)
-+#define CHAN_TCP_WINDOW_DEFAULT (4*CHAN_TCP_PACKET_DEFAULT)
+ #define CHAN_TCP_WINDOW_DEFAULT (64*CHAN_TCP_PACKET_DEFAULT)
+
#define CHAN_X11_PACKET_DEFAULT (16*1024)
#define CHAN_X11_WINDOW_DEFAULT (4*CHAN_X11_PACKET_DEFAULT)
-@@ -303,4 +307,7 @@ void chan_rcvd_ieof(Channel *);
+@@ -306,4 +310,7 @@ void chan_rcvd_ieof(Channel *);
void chan_write_failed(Channel *);
void chan_obuf_empty(Channel *);
@@ -195,10 +196,33 @@ diff -rNuwpB canonical/channels.h dynamic/channels.h
+void channel_set_hpn(int, int);
+
#endif
-diff -rNuwpB canonical/clientloop.c dynamic/clientloop.c
---- canonical/clientloop.c 2013-01-08 23:55:51.000000000 -0500
-+++ dynamic/clientloop.c 2013-08-14 13:56:39.135511385 -0400
-@@ -1884,9 +1884,15 @@ client_request_x11(const char *request_t
+diff --git a/cipher.c b/cipher.c
+index 53d9b4f..74ba34e 100644
+--- a/cipher.c
++++ b/cipher.c
+@@ -71,7 +71,7 @@ struct Cipher {
+ const EVP_CIPHER *(*evptype)(void);
+ };
+
+-static const struct Cipher ciphers[] = {
++static struct Cipher ciphers[] = {
+ { "none", SSH_CIPHER_NONE, 8, 0, 0, 0, 0, 0, EVP_enc_null },
+ { "des", SSH_CIPHER_DES, 8, 8, 0, 0, 0, 1, EVP_des_cbc },
+ { "3des", SSH_CIPHER_3DES, 8, 16, 0, 0, 0, 1, evp_ssh1_3des },
+@@ -193,7 +193,7 @@ cipher_mask_ssh1(int client)
+ const Cipher *
+ cipher_by_name(const char *name)
+ {
+- const Cipher *c;
++ Cipher *c;
+ for (c = ciphers; c->name != NULL; c++)
+ if (strcmp(c->name, name) == 0)
+ return c;
+diff --git a/clientloop.c b/clientloop.c
+index 59ad3a2..e144fb6 100644
+--- a/clientloop.c
++++ b/clientloop.c
+@@ -1891,9 +1891,15 @@ client_request_x11(const char *request_type, int rchan)
sock = x11_connect_display();
if (sock < 0)
return NULL;
@@ -214,34 +238,34 @@ diff -rNuwpB canonical/clientloop.c dynamic/clientloop.c
c->force_drain = 1;
return c;
}
-@@ -1906,9 +1912,15 @@ client_request_agent(const char *request
+@@ -1913,9 +1919,15 @@ client_request_agent(const char *request_type, int rchan)
sock = ssh_get_authentication_socket();
if (sock < 0)
return NULL;
+ if (options.hpn_disabled)
- c = channel_new("authentication agent connection",
- SSH_CHANNEL_OPEN, sock, sock, -1,
-- CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0,
++ c = channel_new("authentication agent connection",
++ SSH_CHANNEL_OPEN, sock, sock, -1,
+ CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_WINDOW_DEFAULT, 0,
+ "authentication agent connection", 1);
+ else
-+ c = channel_new("authentication agent connection",
-+ SSH_CHANNEL_OPEN, sock, sock, -1,
+ c = channel_new("authentication agent connection",
+ SSH_CHANNEL_OPEN, sock, sock, -1,
+- CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0,
+ options.hpn_buffer_size, options.hpn_buffer_size, 0,
"authentication agent connection", 1);
c->force_drain = 1;
return c;
-@@ -1936,10 +1948,18 @@ client_request_tun_fwd(int tun_mode, int
+@@ -1943,10 +1955,18 @@ client_request_tun_fwd(int tun_mode, int local_tun, int remote_tun)
return -1;
}
+ if(options.hpn_disabled)
-+ c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1,
+ c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1,
+- CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
+ CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
+ 0, "tun", 1);
+ else
- c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1,
-- CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
++ c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1,
+ options.hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT,
+ 0, "tun", 1);
c->datagram = 1;
@@ -251,12 +275,13 @@ diff -rNuwpB canonical/clientloop.c dynamic/clientloop.c
#if defined(SSH_TUN_FILTER)
if (options.tun_open == SSH_TUNMODE_POINTOPOINT)
channel_register_filter(c->self, sys_tun_infilter,
-diff -rNuwpB canonical/compat.c dynamic/compat.c
---- canonical/compat.c 2012-09-06 07:21:56.000000000 -0400
-+++ dynamic/compat.c 2013-08-14 13:56:39.114506902 -0400
-@@ -173,6 +173,15 @@ compat_datafellows(const char *version)
+diff --git a/compat.c b/compat.c
+index 9d9fabe..235fc59 100644
+--- a/compat.c
++++ b/compat.c
+@@ -172,6 +172,15 @@ compat_datafellows(const char *version)
+ if (match_pattern_list(version, check[i].pat,
strlen(check[i].pat), 0) == 1) {
- debug("match: %s pat %s", version, check[i].pat);
datafellows = check[i].bugs;
+ /* Check to see if the remote side is OpenSSH and not HPN */
+ if(strstr(version,"OpenSSH") != NULL)
@@ -267,12 +292,13 @@ diff -rNuwpB canonical/compat.c dynamic/compat.c
+ debug("Remote is NON-HPN aware");
+ }
+ }
+ debug("match: %s pat %s compat 0x%08x",
+ version, check[i].pat, datafellows);
return;
- }
- }
-diff -rNuwpB canonical/compat.h dynamic/compat.h
---- canonical/compat.h 2011-10-02 03:59:03.000000000 -0400
-+++ dynamic/compat.h 2013-08-14 13:56:39.137511347 -0400
+diff --git a/compat.h b/compat.h
+index b174fa1..9937347 100644
+--- a/compat.h
++++ b/compat.h
@@ -59,6 +59,7 @@
#define SSH_BUG_RFWD_ADDR 0x02000000
#define SSH_NEW_OPENSSH 0x04000000
@@ -281,153 +307,21 @@ diff -rNuwpB canonical/compat.h dynamic/compat.h
void enable_compat13(void);
void enable_compat20(void);
-diff -rNuwpB canonical/HPN-README dynamic/HPN-README
---- canonical/HPN-README 1969-12-31 19:00:00.000000000 -0500
-+++ dynamic/HPN-README 2013-08-14 13:56:39.121511284 -0400
-@@ -0,0 +1,129 @@
-+Notes:
-+
-+MULTI-THREADED CIPHER:
-+The AES cipher in CTR mode has been multithreaded (MTR-AES-CTR). This will allow ssh installations
-+on hosts with multiple cores to use more than one processing core during encryption.
-+Tests have show significant throughput performance increases when using MTR-AES-CTR up
-+to and including a full gigabit per second on quad core systems. It should be possible to
-+achieve full line rate on dual core systems but OS and data management overhead makes this
-+more difficult to achieve. The cipher stream from MTR-AES-CTR is entirely compatible with single
-+thread AES-CTR (ST-AES-CTR) implementations and should be 100% backward compatible. Optimal
-+performance requires the MTR-AES-CTR mode be enabled on both ends of the connection.
-+The MTR-AES-CTR replaces ST-AES-CTR and is used in exactly the same way with the same
-+nomenclature.
-+Use examples: ssh -caes128-ctr you@host.com
-+ scp -oCipher=aes256-ctr file you@host.com:~/file
-+
-+NONE CIPHER:
-+To use the NONE option you must have the NoneEnabled switch set on the server and
-+you *must* have *both* NoneEnabled and NoneSwitch set to yes on the client. The NONE
-+feature works with ALL ssh subsystems (as far as we can tell) *AS LONG AS* a tty is not
-+spawned. If a user uses the -T switch to prevent a tty being created the NONE cipher will
-+be disabled.
-+
-+The performance increase will only be as good as the network and TCP stack tuning
-+on the reciever side of the connection allows. As a rule of thumb a user will need
-+at least 10Mb/s connection with a 100ms RTT to see a doubling of performance. The
-+HPN-SSH home page describes this in greater detail.
-+
-+http://www.psc.edu/networking/projects/hpn-ssh
-+
-+BUFFER SIZES:
-+
-+If HPN is disabled the receive buffer size will be set to the
-+OpenSSH default of 64K.
-+
-+If an HPN system connects to a nonHPN system the receive buffer will
-+be set to the HPNBufferSize value. The default is 2MB but user adjustable.
-+
-+If an HPN to HPN connection is established a number of different things might
-+happen based on the user options and conditions.
-+
-+Conditions: HPNBufferSize NOT Set, TCPRcvBufPoll enabled, TCPRcvBuf NOT Set
-+HPN Buffer Size = up to 64MB
-+This is the default state. The HPN buffer size will grow to a maximum of 64MB
-+as the TCP receive buffer grows. The maximum HPN Buffer size of 64MB is
-+geared towards 10GigE transcontinental connections.
-+
-+Conditions: HPNBufferSize NOT Set, TCPRcvBufPoll disabled, TCPRcvBuf NOT Set
-+HPN Buffer Size = TCP receive buffer value.
-+Users on non-autotuning systesm should disable TCPRcvBufPoll in the
-+ssh_cofig and sshd_config
-+
-+Conditions: HPNBufferSize SET, TCPRcvBufPoll disabled, TCPRcvBuf NOT Set
-+HPN Buffer Size = minmum of TCP receive buffer and HPNBufferSize.
-+This would be the system defined TCP receive buffer (RWIN).
-+
-+Conditions: HPNBufferSize SET, TCPRcvBufPoll disabled, TCPRcvBuf SET
-+HPN Buffer Size = minmum of TCPRcvBuf and HPNBufferSize.
-+Generally there is no need to set both.
-+
-+Conditions: HPNBufferSize SET, TCPRcvBufPoll enabled, TCPRcvBuf NOT Set
-+HPN Buffer Size = grows to HPNBufferSize
-+The buffer will grow up to the maximum size specified here.
-+
-+Conditions: HPNBufferSize SET, TCPRcvBufPoll enabled, TCPRcvBuf SET
-+HPN Buffer Size = minmum of TCPRcvBuf and HPNBufferSize.
-+Generally there is no need to set both of these, especially on autotuning
-+systems. However, if the users wishes to override the autotuning this would be
-+one way to do it.
-+
-+Conditions: HPNBufferSize NOT Set, TCPRcvBufPoll enabled, TCPRcvBuf SET
-+HPN Buffer Size = TCPRcvBuf.
-+This will override autotuning and set the TCP recieve buffer to the user defined
-+value.
-+
-+
-+HPN Specific Configuration options
-+
-+TcpRcvBuf=[int]KB client
-+ set the TCP socket receive buffer to n Kilobytes. It can be set up to the
-+maximum socket size allowed by the system. This is useful in situations where
-+the tcp receive window is set low but the maximum buffer size is set
-+higher (as is typical). This works on a per TCP connection basis. You can also
-+use this to artifically limit the transfer rate of the connection. In these
-+cases the throughput will be no more than n/RTT. The minimum buffer size is 1KB.
-+Default is the current system wide tcp receive buffer size.
-+
-+TcpRcvBufPoll=[yes/no] client/server
-+ enable of disable the polling of the tcp receive buffer through the life
-+of the connection. You would want to make sure that this option is enabled
-+for systems making use of autotuning kernels (linux 2.4.24+, 2.6, MS Vista)
-+default is yes.
-+
-+NoneEnabled=[yes/no] client/server
-+ enable or disable the use of the None cipher. Care must always be used
-+when enabling this as it will allow users to send data in the clear. However,
-+it is important to note that authentication information remains encrypted
-+even if this option is enabled. Set to no by default.
-+
-+NoneSwitch=[yes/no] client
-+ Switch the encryption cipher being used to the None cipher after
-+authentication takes place. NoneEnabled must be enabled on both the client
-+and server side of the connection. When the connection switches to the NONE
-+cipher a warning is sent to STDERR. The connection attempt will fail with an
-+error if a client requests a NoneSwitch from the server that does not explicitly
-+have NoneEnabled set to yes. Note: The NONE cipher cannot be used in
-+interactive (shell) sessions and it will fail silently. Set to no by default.
-+
-+HPNDisabled=[yes/no] client/server
-+ In some situations, such as transfers on a local area network, the impact
-+of the HPN code produces a net decrease in performance. In these cases it is
-+helpful to disable the HPN functionality. By default HPNDisabled is set to no.
-+
-+HPNBufferSize=[int]KB client/server
-+ This is the default buffer size the HPN functionality uses when interacting
-+with nonHPN SSH installations. Conceptually this is similar to the TcpRcvBuf
-+option as applied to the internal SSH flow control. This value can range from
-+1KB to 64MB (1-65536). Use of oversized or undersized buffers can cause performance
-+problems depending on the length of the network path. The default size of this buffer
-+is 2MB.
-+
-+
-+Credits: This patch was conceived, designed, and led by Chris Rapier (rapier@psc.edu)
-+ The majority of the actual coding for versions up to HPN12v1 was performed
-+ by Michael Stevens (mstevens@andrew.cmu.edu). The MT-AES-CTR cipher was
-+ implemented by Ben Bennet (ben@psc.edu) and improved by Mike Tasota
-+ (tasota@gmail.com) an NSF REU grant recipient for 2013.
-+ This work was financed, in part, by Cisco System, Inc., the National
-+ Library of Medicine, and the National Science Foundation.
-diff -rNuwpB canonical/readconf.c dynamic/readconf.c
---- canonical/readconf.c 2013-04-04 20:18:58.000000000 -0400
-+++ dynamic/readconf.c 2013-08-14 14:06:00.895326378 -0400
-@@ -135,6 +135,7 @@ typedef enum {
- oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
- oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication,
- oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown,
+diff --git a/readconf.c b/readconf.c
+index dc884c9..ce083f4 100644
+--- a/readconf.c
++++ b/readconf.c
+@@ -149,6 +149,7 @@ typedef enum {
+ oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass,
+ oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots,
+ oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs,
+ oTcpRcvBufPoll, oTcpRcvBuf, oHPNDisabled, oHPNBufferSize,
oIgnoredUnknownOption, oDeprecated, oUnsupported
} OpCodes;
-@@ -247,6 +248,11 @@ static struct {
- { "ipqos", oIPQoS },
- { "requesttty", oRequestTTY },
+@@ -263,6 +264,11 @@ static struct {
+ { "canonicalizepermittedcnames", oCanonicalizePermittedCNAMEs },
+ { "ignoreunknown", oIgnoreUnknown },
+ { "tcprcvbufpoll", oTcpRcvBufPoll },
+ { "tcprcvbuf", oTcpRcvBuf },
@@ -437,7 +331,7 @@ diff -rNuwpB canonical/readconf.c dynamic/readconf.c
{ NULL, oBadOption }
};
-@@ -515,6 +521,18 @@ parse_flag:
+@@ -853,6 +859,18 @@ parse_time:
intptr = &options->check_host_ip;
goto parse_flag;
@@ -455,8 +349,8 @@ diff -rNuwpB canonical/readconf.c dynamic/readconf.c
+
case oVerifyHostKeyDNS:
intptr = &options->verify_host_key_dns;
- goto parse_yesnoask;
-@@ -698,6 +716,10 @@ parse_int:
+ multistate_ptr = multistate_yesnoask;
+@@ -1015,6 +1033,10 @@ parse_int:
intptr = &options->connection_attempts;
goto parse_int;
@@ -467,20 +361,18 @@ diff -rNuwpB canonical/readconf.c dynamic/readconf.c
case oCipher:
intptr = &options->cipher;
arg = strdelim(&s);
-@@ -1222,6 +1244,11 @@ initialize_options(Options * options)
+@@ -1561,6 +1583,10 @@ initialize_options(Options * options)
options->ip_qos_interactive = -1;
options->ip_qos_bulk = -1;
options->request_tty = -1;
- options->ignored_unknown = NULL;
-+
+ options->hpn_disabled = -1;
+ options->hpn_buffer_size = -1;
+ options->tcp_rcv_buf_poll = -1;
+ options->tcp_rcv_buf = -1;
- }
-
- /*
-@@ -1345,6 +1372,28 @@ fill_default_options(Options * options)
+ options->proxy_use_fdpass = -1;
+ options->ignored_unknown = NULL;
+ options->num_canonical_domains = 0;
+@@ -1707,6 +1733,28 @@ fill_default_options(Options * options)
options->server_alive_interval = 0;
if (options->server_alive_count_max == -1)
options->server_alive_count_max = 3;
@@ -509,10 +401,11 @@ diff -rNuwpB canonical/readconf.c dynamic/readconf.c
if (options->control_master == -1)
options->control_master = 0;
if (options->control_persist == -1) {
-diff -rNuwpB canonical/readconf.h dynamic/readconf.h
---- canonical/readconf.h 2013-04-04 20:18:58.000000000 -0400
-+++ dynamic/readconf.h 2013-08-14 14:06:26.768478684 -0400
-@@ -61,6 +61,10 @@ typedef struct {
+diff --git a/readconf.h b/readconf.h
+index 75e3f8f..a471114 100644
+--- a/readconf.h
++++ b/readconf.h
+@@ -66,6 +66,10 @@ typedef struct {
int compression_level; /* Compression level 1 (fast) to 9
* (best). */
int tcp_keep_alive; /* Set SO_KEEPALIVE. */
@@ -523,10 +416,11 @@ diff -rNuwpB canonical/readconf.h dynamic/readconf.h
int ip_qos_interactive; /* IP ToS/DSCP/class for interactive */
int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */
LogLevel log_level; /* Level for logging. */
-diff -rNuwpB canonical/scp.c dynamic/scp.c
---- canonical/scp.c 2013-03-19 21:55:15.000000000 -0400
-+++ dynamic/scp.c 2013-08-14 13:56:39.131511381 -0400
-@@ -731,7 +731,7 @@ source(int argc, char **argv)
+diff --git a/scp.c b/scp.c
+index 18d3b1d..2ab8f15 100644
+--- a/scp.c
++++ b/scp.c
+@@ -749,7 +749,7 @@ source(int argc, char **argv)
off_t i, statbytes;
size_t amt;
int fd = -1, haderr, indx;
@@ -535,19 +429,20 @@ diff -rNuwpB canonical/scp.c dynamic/scp.c
int len;
for (indx = 0; indx < argc; ++indx) {
-@@ -913,7 +913,7 @@ sink(int argc, char **argv)
- mode_t mode, omode, mask;
+@@ -914,7 +914,7 @@ sink(int argc, char **argv)
off_t size, statbytes;
+ unsigned long long ull;
int setimes, targisdir, wrerrno = 0;
- char ch, *cp, *np, *targ, *why, *vect[1], buf[2048];
+ char ch, *cp, *np, *targ, *why, *vect[1], buf[16384];
struct timeval tv[2];
#define atime tv[0]
-diff -rNuwpB canonical/servconf.c dynamic/servconf.c
---- canonical/servconf.c 2013-02-11 19:02:08.000000000 -0500
-+++ dynamic/servconf.c 2013-08-14 14:07:46.843512578 -0400
-@@ -143,6 +143,9 @@ initialize_server_options(ServerOptions
+diff --git a/servconf.c b/servconf.c
+index 7ba65d5..32bb711 100644
+--- a/servconf.c
++++ b/servconf.c
+@@ -150,6 +150,9 @@ initialize_server_options(ServerOptions *options)
options->revoked_keys_file = NULL;
options->trusted_user_ca_keys = NULL;
options->authorized_principals_file = NULL;
@@ -557,7 +452,7 @@ diff -rNuwpB canonical/servconf.c dynamic/servconf.c
options->ip_qos_interactive = -1;
options->ip_qos_bulk = -1;
options->version_addendum = NULL;
-@@ -151,6 +154,11 @@ initialize_server_options(ServerOptions
+@@ -158,6 +161,11 @@ initialize_server_options(ServerOptions *options)
void
fill_default_server_options(ServerOptions *options)
{
@@ -569,14 +464,14 @@ diff -rNuwpB canonical/servconf.c dynamic/servconf.c
/* Portable-specific options */
if (options->use_pam == -1)
options->use_pam = 0;
-@@ -281,6 +289,43 @@ fill_default_server_options(ServerOption
+@@ -294,6 +302,41 @@ fill_default_server_options(ServerOptions *options)
+ }
+ if (options->permit_tun == -1)
options->permit_tun = SSH_TUNMODE_NO;
- if (options->zero_knowledge_password_authentication == -1)
- options->zero_knowledge_password_authentication = 0;
-+ if (options->hpn_disabled == -1)
-+ options->hpn_disabled = 0;
++ if (options->hpn_disabled == -1)
++ options->hpn_disabled = 0;
+
-+ if (options->hpn_buffer_size == -1) {
++ if (options->hpn_buffer_size == -1) {
+ /* option not explicitly set. Now we have to figure out */
+ /* what value to use */
+ if (options->hpn_disabled == 1) {
@@ -586,13 +481,12 @@ diff -rNuwpB canonical/servconf.c dynamic/servconf.c
+ /*create a socket but don't connect it */
+ /* we use that the get the rcv socket size */
+ sock = socket(AF_INET, SOCK_STREAM, 0);
-+ getsockopt(sock, SOL_SOCKET, SO_RCVBUF,
++ getsockopt(sock, SOL_SOCKET, SO_RCVBUF,
+ &socksize, &socksizelen);
+ close(sock);
+ options->hpn_buffer_size = socksize;
+ debug ("HPN Buffer Size: %d", options->hpn_buffer_size);
-+
-+ }
++ }
+ } else {
+ /* we have to do this incase the user sets both values in a contradictory */
+ /* manner. hpn_disabled overrrides hpn_buffer_size*/
@@ -609,19 +503,18 @@ diff -rNuwpB canonical/servconf.c dynamic/servconf.c
+ options->hpn_buffer_size = CHAN_TCP_WINDOW_DEFAULT;
+ }
+
-+
if (options->ip_qos_interactive == -1)
options->ip_qos_interactive = IPTOS_LOWDELAY;
if (options->ip_qos_bulk == -1)
-@@ -332,6 +377,7 @@ typedef enum {
+@@ -345,6 +388,7 @@ typedef enum {
sUsePrivilegeSeparation, sAllowAgentForwarding,
- sZeroKnowledgePasswordAuthentication, sHostCertificate,
+ sHostCertificate,
sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
+ sTcpRcvBufPoll, sHPNDisabled, sHPNBufferSize,
sKexAlgorithms, sIPQoS, sVersionAddendum,
sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
- sAuthenticationMethods,
-@@ -457,6 +503,9 @@ static struct {
+ sAuthenticationMethods, sHostKeyAgent,
+@@ -468,6 +512,9 @@ static struct {
{ "revokedkeys", sRevokedKeys, SSHCFG_ALL },
{ "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
{ "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },
@@ -631,7 +524,7 @@ diff -rNuwpB canonical/servconf.c dynamic/servconf.c
{ "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL },
{ "ipqos", sIPQoS, SSHCFG_ALL },
{ "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL },
-@@ -489,6 +538,7 @@ parse_token(const char *cp, const char *
+@@ -500,6 +547,7 @@ parse_token(const char *cp, const char *filename,
for (i = 0; keywords[i].name; i++)
if (strcasecmp(cp, keywords[i].name) == 0) {
@@ -639,7 +532,7 @@ diff -rNuwpB canonical/servconf.c dynamic/servconf.c
*flags = keywords[i].flags;
return keywords[i].opcode;
}
-@@ -1005,6 +1055,19 @@ process_server_config_line(ServerOptions
+@@ -1042,6 +1090,19 @@ process_server_config_line(ServerOptions *options, char *line,
*intptr = value;
break;
@@ -659,9 +552,10 @@ diff -rNuwpB canonical/servconf.c dynamic/servconf.c
case sIgnoreUserKnownHosts:
intptr = &options->ignore_user_known_hosts;
goto parse_flag;
-diff -rNuwpB canonical/servconf.h dynamic/servconf.h
---- canonical/servconf.h 2013-01-08 23:56:45.000000000 -0500
-+++ dynamic/servconf.h 2013-08-14 14:08:00.893421688 -0400
+diff --git a/servconf.h b/servconf.h
+index 752d1c5..0b9f59d 100644
+--- a/servconf.h
++++ b/servconf.h
@@ -164,6 +164,9 @@ typedef struct {
char *adm_forced_command;
@@ -672,10 +566,11 @@ diff -rNuwpB canonical/servconf.h dynamic/servconf.h
int permit_tun;
-diff -rNuwpB canonical/serverloop.c dynamic/serverloop.c
---- canonical/serverloop.c 2012-12-06 21:07:47.000000000 -0500
-+++ dynamic/serverloop.c 2013-08-14 13:56:39.128511264 -0400
-@@ -1011,8 +1011,12 @@ server_request_tun(void)
+diff --git a/serverloop.c b/serverloop.c
+index 2f8e3a0..4868e5f 100644
+--- a/serverloop.c
++++ b/serverloop.c
+@@ -1015,8 +1015,12 @@ server_request_tun(void)
sock = tun_open(tun, mode);
if (sock < 0)
goto done;
@@ -688,7 +583,7 @@ diff -rNuwpB canonical/serverloop.c dynamic/serverloop.c
c->datagram = 1;
#if defined(SSH_TUN_FILTER)
if (mode == SSH_TUNMODE_POINTOPOINT)
-@@ -1048,6 +1052,8 @@ server_request_session(void)
+@@ -1052,6 +1056,8 @@ server_request_session(void)
c = channel_new("session", SSH_CHANNEL_LARVAL,
-1, -1, -1, /*window size*/0, CHAN_SES_PACKET_DEFAULT,
0, "server-session", 1);
@@ -697,10 +592,11 @@ diff -rNuwpB canonical/serverloop.c dynamic/serverloop.c
if (session_open(the_authctxt, c->self) != 1) {
debug("session open failed, free channel %d", c->self);
channel_free(c);
-diff -rNuwpB canonical/session.c dynamic/session.c
---- canonical/session.c 2013-03-14 20:22:37.000000000 -0400
-+++ dynamic/session.c 2013-08-14 13:56:39.146511349 -0400
-@@ -236,6 +236,7 @@ auth_input_request_forwarding(struct pas
+diff --git a/session.c b/session.c
+index 2bcf818..817afc9 100644
+--- a/session.c
++++ b/session.c
+@@ -237,6 +237,7 @@ auth_input_request_forwarding(struct passwd * pw)
}
/* Allocate a channel for the authentication agent socket. */
@@ -708,7 +604,7 @@ diff -rNuwpB canonical/session.c dynamic/session.c
nc = channel_new("auth socket",
SSH_CHANNEL_AUTH_SOCKET, sock, sock, -1,
CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
-@@ -2286,10 +2287,16 @@ session_set_fds(Session *s, int fdin, in
+@@ -2331,10 +2332,16 @@ session_set_fds(Session *s, int fdin, int fdout, int fderr, int ignore_fderr,
*/
if (s->chanid == -1)
fatal("no channel for session %d", s->self);
@@ -725,10 +621,11 @@ diff -rNuwpB canonical/session.c dynamic/session.c
}
/*
-diff -rNuwpB canonical/sftp.1 dynamic/sftp.1
---- canonical/sftp.1 2011-09-22 07:34:15.000000000 -0400
-+++ dynamic/sftp.1 2013-08-14 13:56:39.114506902 -0400
-@@ -247,7 +247,8 @@ diagnostic messages from
+diff --git a/sftp.1 b/sftp.1
+index a700c2a..8e00b13 100644
+--- a/sftp.1
++++ b/sftp.1
+@@ -261,7 +261,8 @@ diagnostic messages from
Specify how many requests may be outstanding at any one time.
Increasing this may slightly improve file transfer speed
but will increase memory usage.
@@ -738,10 +635,11 @@ diff -rNuwpB canonical/sftp.1 dynamic/sftp.1
.It Fl r
Recursively copy entire directories when uploading and downloading.
Note that
-diff -rNuwpB canonical/sftp.c dynamic/sftp.c
---- canonical/sftp.c 2013-02-22 17:12:24.000000000 -0500
-+++ dynamic/sftp.c 2013-08-14 13:56:39.129511313 -0400
-@@ -65,7 +65,7 @@ typedef void EditLine;
+diff --git a/sftp.c b/sftp.c
+index ad1f8c8..1575d5e 100644
+--- a/sftp.c
++++ b/sftp.c
+@@ -68,7 +68,7 @@ typedef void EditLine;
#include "sftp-client.h"
#define DEFAULT_COPY_BUFLEN 32768 /* Size of buffer for up/download */
@@ -750,10 +648,11 @@ diff -rNuwpB canonical/sftp.c dynamic/sftp.c
/* File to read commands from */
FILE* infile;
-diff -rNuwpB canonical/ssh.c dynamic/ssh.c
---- canonical/ssh.c 2013-04-04 20:22:36.000000000 -0400
-+++ dynamic/ssh.c 2013-08-14 14:09:15.549478496 -0400
-@@ -1369,6 +1369,9 @@ ssh_session2_open(void)
+diff --git a/ssh.c b/ssh.c
+index 1e6cb90..7c91d6d 100644
+--- a/ssh.c
++++ b/ssh.c
+@@ -1611,6 +1611,9 @@ ssh_session2_open(void)
{
Channel *c;
int window, packetmax, in, out, err;
@@ -763,7 +662,7 @@ diff -rNuwpB canonical/ssh.c dynamic/ssh.c
if (stdin_null_flag) {
in = open(_PATH_DEVNULL, O_RDONLY);
-@@ -1389,9 +1392,74 @@ ssh_session2_open(void)
+@@ -1631,9 +1634,74 @@ ssh_session2_open(void)
if (!isatty(err))
set_nonblock(err);
@@ -839,7 +738,7 @@ diff -rNuwpB canonical/ssh.c dynamic/ssh.c
window >>= 1;
packetmax >>= 1;
}
-@@ -1400,6 +1468,10 @@ ssh_session2_open(void)
+@@ -1642,6 +1710,10 @@ ssh_session2_open(void)
window, packetmax, CHAN_EXTENDED_WRITE,
"client-session", /*nonblock*/0);
@@ -850,10 +749,11 @@ diff -rNuwpB canonical/ssh.c dynamic/ssh.c
debug3("ssh_session2_open: channel_new: %d", c->self);
channel_send_open(c->self);
-diff -rNuwpB canonical/sshconnect.c dynamic/sshconnect.c
---- canonical/sshconnect.c 2013-04-04 20:20:19.000000000 -0400
-+++ dynamic/sshconnect.c 2013-08-14 13:56:39.130511360 -0400
-@@ -189,6 +189,31 @@ ssh_kill_proxy_command(void)
+diff --git a/sshconnect.c b/sshconnect.c
+index 573d7a8..9cf6947 100644
+--- a/sshconnect.c
++++ b/sshconnect.c
+@@ -263,6 +263,31 @@ ssh_kill_proxy_command(void)
}
/*
@@ -885,16 +785,7 @@ diff -rNuwpB canonical/sshconnect.c dynamic/sshconnect.c
* Creates a (possibly privileged) socket for use as the ssh connection.
*/
static int
-@@ -211,6 +236,8 @@ ssh_create_socket(int privileged, struct
- strerror(errno));
- else
- debug("Allocated local port %d.", p);
-+ if (options.tcp_rcv_buf > 0)
-+ ssh_set_socket_recvbuf(sock);
- return sock;
- }
- sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
-@@ -220,6 +247,9 @@ ssh_create_socket(int privileged, struct
+@@ -278,6 +303,9 @@ ssh_create_socket(int privileged, struct addrinfo *ai)
}
fcntl(sock, F_SETFD, FD_CLOEXEC);
@@ -902,9 +793,9 @@ diff -rNuwpB canonical/sshconnect.c dynamic/sshconnect.c
+ ssh_set_socket_recvbuf(sock);
+
/* Bind the socket to an alternative local IP address */
- if (options.bind_address == NULL)
+ if (options.bind_address == NULL && !privileged)
return sock;
-@@ -442,10 +472,10 @@ send_client_banner(int connection_out, i
+@@ -520,10 +548,10 @@ send_client_banner(int connection_out, int minor1)
/* Send our own protocol version identification. */
if (compat20) {
xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n",
@@ -917,20 +808,11 @@ diff -rNuwpB canonical/sshconnect.c dynamic/sshconnect.c
}
if (roaming_atomicio(vwrite, connection_out, client_version_string,
strlen(client_version_string)) != strlen(client_version_string))
-diff -rNuwpB canonical/sshd.c dynamic/sshd.c
---- canonical/sshd.c 2013-02-11 19:04:48.000000000 -0500
-+++ dynamic/sshd.c 2013-08-14 14:10:20.793512623 -0400
-@@ -138,6 +138,9 @@ int deny_severity;
- #define REEXEC_CONFIG_PASS_FD (STDERR_FILENO + 3)
- #define REEXEC_MIN_FREE_FD (STDERR_FILENO + 4)
-
-+int myflag = 0;
-+
-+
- extern char *__progname;
-
- /* Server configuration options. */
-@@ -430,7 +433,7 @@ sshd_exchange_identification(int sock_in
+diff --git a/sshd.c b/sshd.c
+index 7523de9..9623887 100644
+--- a/sshd.c
++++ b/sshd.c
+@@ -436,7 +436,7 @@ sshd_exchange_identification(int sock_in, int sock_out)
}
xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s",
@@ -939,7 +821,7 @@ diff -rNuwpB canonical/sshd.c dynamic/sshd.c
*options.version_addendum == '\0' ? "" : " ",
options.version_addendum, newline);
-@@ -1038,6 +1041,8 @@ server_listen(void)
+@@ -1082,6 +1082,8 @@ server_listen(void)
int ret, listen_sock, on = 1;
struct addrinfo *ai;
char ntop[NI_MAXHOST], strport[NI_MAXSERV];
@@ -948,7 +830,7 @@ diff -rNuwpB canonical/sshd.c dynamic/sshd.c
for (ai = options.listen_addrs; ai; ai = ai->ai_next) {
if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
-@@ -1078,6 +1083,11 @@ server_listen(void)
+@@ -1122,6 +1124,11 @@ server_listen(void)
debug("Bind to port %s on %s.", strport, ntop);
@@ -960,9 +842,9 @@ diff -rNuwpB canonical/sshd.c dynamic/sshd.c
/* Bind the socket to the desired port. */
if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) {
error("Bind to port %s on %s failed: %.200s.",
-@@ -1976,6 +1986,9 @@ main(int ac, char **av)
- /* Log the connection. */
- verbose("Connection from %.500s port %d", remote_ip, remote_port);
+@@ -2058,6 +2065,9 @@ main(int ac, char **av)
+ remote_ip, remote_port,
+ get_local_ipaddr(sock_in), get_local_port());
+ /* set the HPN options for the child */
+ channel_set_hpn(options.hpn_disabled, options.hpn_buffer_size);
@@ -970,19 +852,11 @@ diff -rNuwpB canonical/sshd.c dynamic/sshd.c
/*
* We don't want to listen forever unless the other side
* successfully authenticates itself. So we set up an alarm which is
-@@ -2332,6 +2345,8 @@ do_ssh2_kex(void)
- {
- Kex *kex;
-
-+ myflag++;
-+ debug ("MYFLAG IS %d", myflag);
- if (options.ciphers != NULL) {
- myproposal[PROPOSAL_ENC_ALGS_CTOS] =
- myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
-diff -rNuwpB canonical/sshd_config dynamic/sshd_config
---- canonical/sshd_config 2013-02-11 19:02:09.000000000 -0500
-+++ dynamic/sshd_config 2013-08-14 14:09:54.107478485 -0400
-@@ -120,6 +120,17 @@ UsePrivilegeSeparation sandbox # Defaul
+diff --git a/sshd_config b/sshd_config
+index e9045bc..7495fc9 100644
+--- a/sshd_config
++++ b/sshd_config
+@@ -125,6 +125,17 @@ UsePrivilegeSeparation sandbox # Default for new installations.
# override default of no subsystems
Subsystem sftp /usr/libexec/sftp-server
@@ -1000,13 +874,14 @@ diff -rNuwpB canonical/sshd_config dynamic/sshd_config
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
-diff -rNuwpB canonical/version.h dynamic/version.h
---- canonical/version.h 2013-05-10 02:02:21.000000000 -0400
-+++ dynamic/version.h 2013-08-14 15:27:52.736478576 -0400
+diff --git a/version.h b/version.h
+index a1579ac..4fe1849 100644
+--- a/version.h
++++ b/version.h
@@ -3,4 +3,5 @@
- #define SSH_VERSION "OpenSSH_6.3"
+ #define SSH_VERSION "OpenSSH_6.6"
#define SSH_PORTABLE "p1"
-#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
-+#define SSH_HPN "-hpn14v1"
++#define SSH_HPN "-hpn14v4"
+#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN