summaryrefslogtreecommitdiffstats
path: root/main/openssh
diff options
context:
space:
mode:
authorTimo Teräs <timo.teras@iki.fi>2012-09-04 09:03:14 +0300
committerTimo Teräs <timo.teras@iki.fi>2012-09-04 09:03:48 +0300
commite15b1ac0e33da466a04766b59929885a42c1b0cd (patch)
tree9be289a27742cbea0ad6af26283ddf468275d2a9 /main/openssh
parent9e42b43c71a68d51d14fa939bb5873bb41f64ff4 (diff)
downloadaports-e15b1ac0e33da466a04766b59929885a42c1b0cd.tar.bz2
aports-e15b1ac0e33da466a04766b59929885a42c1b0cd.tar.xz
main/openssh: upgrade to 6.1
* rebase hpn dynamic window patch
Diffstat (limited to 'main/openssh')
-rw-r--r--main/openssh/APKBUILD12
-rw-r--r--main/openssh/openssh-dynwindow_noneswitch.diff (renamed from main/openssh/openssh6.0-dynwindow_noneswitch.diff)250
-rw-r--r--main/openssh/openssh-peaktput.diff (renamed from main/openssh/openssh6.0-peaktput.diff)0
3 files changed, 110 insertions, 152 deletions
diff --git a/main/openssh/APKBUILD b/main/openssh/APKBUILD
index 7ba855f1d..ca4877188 100644
--- a/main/openssh/APKBUILD
+++ b/main/openssh/APKBUILD
@@ -1,6 +1,6 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=openssh
-pkgver=6.0_p1
+pkgver=6.1_p1
_myver=${pkgver%_*}${pkgver#*_}
pkgrel=0
pkgdesc="Port of OpenBSD's free SSH release"
@@ -11,8 +11,8 @@ depends="openssh-client libcrypto1.0>=1.0.1c-r2"
makedepends="openssl-dev zlib-dev"
subpackages="$pkgname-doc $pkgname-client"
source="ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/$pkgname-$_myver.tar.gz
- openssh${pkgver%_*}-dynwindow_noneswitch.diff
- openssh${pkgver%_*}-peaktput.diff
+ openssh-dynwindow_noneswitch.diff
+ openssh-peaktput.diff
openssh-hmac-accel.diff
sshd.initd
sshd.confd
@@ -84,9 +84,9 @@ client() {
"$subpkgdir"/etc/ssh/
}
-md5sums="3c9347aa67862881c5da3f3b1c08da7b openssh-6.0p1.tar.gz
-77dfe8b990a369c02a581801aa40d487 openssh6.0-dynwindow_noneswitch.diff
-949ff348573438163240c60d6c3618eb openssh6.0-peaktput.diff
+md5sums="3345cbf4efe90ffb06a78670ab2d05d5 openssh-6.1p1.tar.gz
+b6a71aab576d592b4645a5a4e21a9116 openssh-dynwindow_noneswitch.diff
+949ff348573438163240c60d6c3618eb openssh-peaktput.diff
c65d454dc5b149647273485fc184636d openssh-hmac-accel.diff
cb0dd08c413fad346f0c594107b4a2e0 sshd.initd
b35e9f3829f4cfca07168fcba98749c7 sshd.confd"
diff --git a/main/openssh/openssh6.0-dynwindow_noneswitch.diff b/main/openssh/openssh-dynwindow_noneswitch.diff
index 04158ab01..f0c7f0da1 100644
--- a/main/openssh/openssh6.0-dynwindow_noneswitch.diff
+++ b/main/openssh/openssh-dynwindow_noneswitch.diff
@@ -1,41 +1,3 @@
-From: Timo Teräs <timo.teras@iki.fi>
-Date: Tue, 17 Jan 2012 07:54:46 +0000
-Subject: [PATCH 2/2] dynwindow_noneswitch
-
----
- HPN-README | 128 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- auth2.c | 9 ++++
- buffer.c | 2 +-
- buffer.h | 3 +
- channels.c | 74 ++++++++++++++++++++++++++++++---
- channels.h | 13 ++++-
- cipher.c | 5 ++-
- clientloop.c | 24 ++++++++++-
- compat.c | 9 ++++
- compat.h | 1 +
- kex.c | 34 +++++++++++++++-
- kex.h | 2 +
- myproposal.h | 2 +
- packet.c | 42 +++++++++++++++----
- packet.h | 8 +++-
- readconf.c | 73 ++++++++++++++++++++++++++++++++
- readconf.h | 6 +++
- scp.c | 4 +-
- servconf.c | 66 +++++++++++++++++++++++++++++
- servconf.h | 4 ++
- serverloop.c | 39 +++++++++++++++--
- session.c | 7 +++
- sftp.1 | 3 +-
- sftp.c | 2 +-
- ssh.c | 78 ++++++++++++++++++++++++++++++++++-
- sshconnect.c | 32 ++++++++++++++-
- sshconnect2.c | 28 ++++++++++++
- sshd.c | 24 ++++++++++-
- sshd_config | 14 ++++++
- version.h | 3 +-
- 30 files changed, 701 insertions(+), 38 deletions(-)
- create mode 100644 HPN-README
-
diff --git a/HPN-README b/HPN-README
new file mode 100644
index 0000000..72d822f
@@ -171,7 +133,7 @@ index 0000000..72d822f
+ by Cisco System, Inc., the National Library of Medicine,
+ and the National Science Foundation.
diff --git a/auth2.c b/auth2.c
-index c06c95f..699a522 100644
+index b66bef6..9e75803 100644
--- a/auth2.c
+++ b/auth2.c
@@ -49,6 +49,7 @@
@@ -232,10 +194,10 @@ index e2a9dd1..2c0b65c 100644
u_char *buf; /* Buffer for data. */
u_int alloc; /* Number of bytes allocated for data. */
diff --git a/channels.c b/channels.c
-index 24d4a9f..a43235f 100644
+index 7791feb..7f66ca9 100644
--- a/channels.c
+++ b/channels.c
-@@ -170,8 +170,14 @@ static void port_open_helper(Channel *c, char *rtype);
+@@ -173,8 +173,14 @@ static void port_open_helper(Channel *c, char *rtype);
static int connect_next(struct channel_connect *);
static void channel_connect_ctx_free(struct channel_connect *);
@@ -250,7 +212,7 @@ index 24d4a9f..a43235f 100644
Channel *
channel_by_id(int id)
{
-@@ -313,6 +319,7 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd,
+@@ -319,6 +325,7 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd,
c->local_window_max = window;
c->local_consumed = 0;
c->local_maxpacket = maxpack;
@@ -258,7 +220,7 @@ index 24d4a9f..a43235f 100644
c->remote_id = -1;
c->remote_name = xstrdup(remote_name);
c->remote_window = 0;
-@@ -808,11 +815,35 @@ channel_pre_open_13(Channel *c, fd_set *readset, fd_set *writeset)
+@@ -818,11 +825,35 @@ channel_pre_open_13(Channel *c, fd_set *readset, fd_set *writeset)
FD_SET(c->sock, writeset);
}
@@ -294,7 +256,7 @@ index 24d4a9f..a43235f 100644
if (c->istate == CHAN_INPUT_OPEN &&
limit > 0 &&
buffer_len(&c->input) < limit &&
-@@ -1789,14 +1820,21 @@ channel_check_window(Channel *c)
+@@ -1806,14 +1837,21 @@ channel_check_window(Channel *c)
c->local_maxpacket*3) ||
c->local_window < c->local_window_max/2) &&
c->local_consumed > 0) {
@@ -318,7 +280,7 @@ index 24d4a9f..a43235f 100644
c->local_consumed = 0;
}
return 1;
-@@ -2128,11 +2166,12 @@ channel_after_select(fd_set *readset, fd_set *writeset)
+@@ -2173,11 +2211,12 @@ channel_after_select(fd_set *readset, fd_set *writeset)
/* If there is data to send to the connection, enqueue some of it now. */
@@ -332,7 +294,7 @@ index 24d4a9f..a43235f 100644
for (i = 0; i < channels_alloc; i++) {
c = channels[i];
-@@ -2180,7 +2219,7 @@ channel_output_poll(void)
+@@ -2225,7 +2264,7 @@ channel_output_poll(void)
packet_start(SSH2_MSG_CHANNEL_DATA);
packet_put_int(c->remote_id);
packet_put_string(data, dlen);
@@ -341,7 +303,7 @@ index 24d4a9f..a43235f 100644
c->remote_window -= dlen + 4;
xfree(data);
}
-@@ -2210,7 +2249,7 @@ channel_output_poll(void)
+@@ -2255,7 +2294,7 @@ channel_output_poll(void)
SSH2_MSG_CHANNEL_DATA : SSH_MSG_CHANNEL_DATA);
packet_put_int(c->remote_id);
packet_put_string(buffer_ptr(&c->input), len);
@@ -350,7 +312,7 @@ index 24d4a9f..a43235f 100644
buffer_consume(&c->input, len);
c->remote_window -= len;
}
-@@ -2245,12 +2284,13 @@ channel_output_poll(void)
+@@ -2290,12 +2329,13 @@ channel_output_poll(void)
packet_put_int(c->remote_id);
packet_put_int(SSH2_EXTENDED_DATA_STDERR);
packet_put_string(buffer_ptr(&c->extended), len);
@@ -365,8 +327,8 @@ index 24d4a9f..a43235f 100644
}
-@@ -2634,6 +2674,15 @@ channel_set_af(int af)
- IPv4or6 = af;
+@@ -2719,6 +2759,15 @@ channel_fwd_bind_addr(const char *listen_addr, int *wildcardp,
+ return addr;
}
+
@@ -381,7 +343,7 @@ index 24d4a9f..a43235f 100644
static int
channel_setup_fwd_listener(int type, const char *listen_addr,
u_short listen_port, int *allocated_listen_port,
-@@ -2787,9 +2836,15 @@ channel_setup_fwd_listener(int type, const char *listen_addr,
+@@ -2845,9 +2894,15 @@ channel_setup_fwd_listener(int type, const char *listen_addr,
}
/* Allocate a channel number for the socket. */
@@ -396,8 +358,8 @@ index 24d4a9f..a43235f 100644
+ 0, "port listener", 1);
c->path = xstrdup(host);
c->host_port = port_to_connect;
- c->listening_port = listen_port;
-@@ -3334,10 +3389,17 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost,
+ c->listening_addr = addr == NULL ? NULL : xstrdup(addr);
+@@ -3505,10 +3560,17 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost,
*chanids = xcalloc(num_socks + 1, sizeof(**chanids));
for (n = 0; n < num_socks; n++) {
sock = socks[n];
@@ -416,10 +378,10 @@ index 24d4a9f..a43235f 100644
(*chanids)[n] = nc->self;
}
diff --git a/channels.h b/channels.h
-index e2941c8..fa90ccf 100644
+index d75b800..0a95283 100644
--- a/channels.h
+++ b/channels.h
-@@ -125,8 +125,10 @@ struct Channel {
+@@ -129,8 +129,10 @@ struct Channel {
u_int local_window_max;
u_int local_consumed;
u_int local_maxpacket;
@@ -430,7 +392,7 @@ index e2941c8..fa90ccf 100644
char *ctype; /* type */
-@@ -161,9 +163,11 @@ struct Channel {
+@@ -165,9 +167,11 @@ struct Channel {
/* default window/packet sizes for tcp/x11-fwd-channel */
#define CHAN_SES_PACKET_DEFAULT (32*1024)
@@ -444,16 +406,16 @@ index e2941c8..fa90ccf 100644
#define CHAN_X11_PACKET_DEFAULT (16*1024)
#define CHAN_X11_WINDOW_DEFAULT (4*CHAN_X11_PACKET_DEFAULT)
-@@ -237,7 +241,7 @@ void channel_input_status_confirm(int, u_int32_t, void *);
-
- void channel_prepare_select(fd_set **, fd_set **, int *, u_int*, int);
+@@ -242,7 +246,7 @@ void channel_input_status_confirm(int, u_int32_t, void *);
+ void channel_prepare_select(fd_set **, fd_set **, int *, u_int*,
+ time_t*, int);
void channel_after_select(fd_set *, fd_set *);
-void channel_output_poll(void);
+int channel_output_poll(void);
int channel_not_very_much_buffered_data(void);
void channel_close_all(void);
-@@ -294,4 +298,7 @@ void chan_rcvd_ieof(Channel *);
+@@ -303,4 +307,7 @@ void chan_rcvd_ieof(Channel *);
void chan_write_failed(Channel *);
void chan_obuf_empty(Channel *);
@@ -492,10 +454,10 @@ index bb5c0ac..32ad40e 100644
case SSH_CIPHER_DES:
case SSH_CIPHER_BLOWFISH:
diff --git a/clientloop.c b/clientloop.c
-index c19b01f..8de3984 100644
+index 1c1a770..b9910e4 100644
--- a/clientloop.c
+++ b/clientloop.c
-@@ -1793,9 +1793,15 @@ client_request_x11(const char *request_type, int rchan)
+@@ -1829,9 +1829,15 @@ client_request_x11(const char *request_type, int rchan)
sock = x11_connect_display();
if (sock < 0)
return NULL;
@@ -511,7 +473,7 @@ index c19b01f..8de3984 100644
c->force_drain = 1;
return c;
}
-@@ -1815,9 +1821,15 @@ client_request_agent(const char *request_type, int rchan)
+@@ -1851,9 +1857,15 @@ client_request_agent(const char *request_type, int rchan)
sock = ssh_get_authentication_socket();
if (sock < 0)
return NULL;
@@ -528,7 +490,7 @@ index c19b01f..8de3984 100644
"authentication agent connection", 1);
c->force_drain = 1;
return c;
-@@ -1845,10 +1857,18 @@ client_request_tun_fwd(int tun_mode, int local_tun, int remote_tun)
+@@ -1881,10 +1893,18 @@ client_request_tun_fwd(int tun_mode, int local_tun, int remote_tun)
return -1;
}
@@ -549,10 +511,10 @@ index c19b01f..8de3984 100644
if (options.tun_open == SSH_TUNMODE_POINTOPOINT)
channel_register_filter(c->self, sys_tun_infilter,
diff --git a/compat.c b/compat.c
-index df3541d..0b3df86 100644
+index 0dc089f..9ab3688 100644
--- a/compat.c
+++ b/compat.c
-@@ -170,6 +170,15 @@ compat_datafellows(const char *version)
+@@ -171,6 +171,15 @@ compat_datafellows(const char *version)
strlen(check[i].pat), 0) == 1) {
debug("match: %s pat %s", version, check[i].pat);
datafellows = check[i].bugs;
@@ -569,10 +531,10 @@ index df3541d..0b3df86 100644
}
}
diff --git a/compat.h b/compat.h
-index 16cf282..6feaa6b 100644
+index 3ae5d9c..6a7aeb2 100644
--- a/compat.h
+++ b/compat.h
-@@ -58,6 +58,7 @@
+@@ -59,6 +59,7 @@
#define SSH_BUG_RFWD_ADDR 0x02000000
#define SSH_NEW_OPENSSH 0x04000000
#define SSH_BUG_DYNAMIC_RPORT 0x08000000
@@ -665,10 +627,10 @@ index 7373d3c..3b4d4b5 100644
void kex_finish(Kex *);
diff --git a/myproposal.h b/myproposal.h
-index 0bc1c77..e9b273d 100644
+index b9b819c..429b5cb 100644
--- a/myproposal.h
+++ b/myproposal.h
-@@ -97,6 +97,8 @@
+@@ -95,6 +95,8 @@
#define KEX_DEFAULT_COMP "none,zlib@openssh.com,zlib"
#define KEX_DEFAULT_LANG ""
@@ -678,10 +640,10 @@ index 0bc1c77..e9b273d 100644
static char *myproposal[PROPOSAL_MAX] = {
KEX_DEFAULT_KEX,
diff --git a/packet.c b/packet.c
-index ba93417..d16140a 100644
+index d0c66fe..9f6f530 100644
--- a/packet.c
+++ b/packet.c
-@@ -840,7 +840,7 @@ packet_enable_delayed_compress(void)
+@@ -838,7 +838,7 @@ packet_enable_delayed_compress(void)
/*
* Finalize packet in SSH2 format (compress, mac, encrypt, enqueue)
*/
@@ -690,7 +652,7 @@ index ba93417..d16140a 100644
packet_send2_wrapped(void)
{
u_char type, *cp, *macbuf = NULL;
-@@ -959,11 +959,13 @@ packet_send2_wrapped(void)
+@@ -957,11 +957,13 @@ packet_send2_wrapped(void)
set_newkeys(MODE_OUT);
else if (type == SSH2_MSG_USERAUTH_SUCCESS && active_state->server_side)
packet_enable_delayed_compress();
@@ -749,7 +711,7 @@ index ba93417..d16140a 100644
}
/*
-@@ -1653,7 +1658,7 @@ packet_disconnect(const char *fmt,...)
+@@ -1647,7 +1652,7 @@ packet_disconnect(const char *fmt,...)
/* Checks if there is any buffered output, and tries to write some of the output. */
@@ -758,7 +720,7 @@ index ba93417..d16140a 100644
packet_write_poll(void)
{
int len = buffer_len(&active_state->output);
-@@ -1666,13 +1671,14 @@ packet_write_poll(void)
+@@ -1660,13 +1665,14 @@ packet_write_poll(void)
if (len == -1) {
if (errno == EINTR || errno == EAGAIN ||
errno == EWOULDBLOCK)
@@ -774,7 +736,7 @@ index ba93417..d16140a 100644
}
/*
-@@ -1873,12 +1879,24 @@ packet_send_ignore(int nbytes)
+@@ -1867,12 +1873,24 @@ packet_send_ignore(int nbytes)
}
}
@@ -799,7 +761,7 @@ index ba93417..d16140a 100644
return
(active_state->p_send.packets > MAX_PACKETS) ||
(active_state->p_read.packets > MAX_PACKETS) ||
-@@ -1970,3 +1988,9 @@ packet_restore_state(void)
+@@ -1964,3 +1982,9 @@ packet_restore_state(void)
add_recv_bytes(len);
}
}
@@ -810,7 +772,7 @@ index ba93417..d16140a 100644
+ return(active_state->after_authentication);
+}
diff --git a/packet.h b/packet.h
-index 90eec17..4730824 100644
+index 09ba079..d3833dd 100644
--- a/packet.h
+++ b/packet.h
@@ -23,6 +23,9 @@
@@ -840,7 +802,7 @@ index 90eec17..4730824 100644
int packet_read(void);
void packet_read_expect(int type);
-@@ -86,7 +90,7 @@ int packet_get_ssh1_cipher(void);
+@@ -85,7 +89,7 @@ int packet_get_ssh1_cipher(void);
void packet_set_iv(int, u_char *);
void *packet_get_newkeys(int);
@@ -850,7 +812,7 @@ index 90eec17..4730824 100644
int packet_have_data_to_write(void);
int packet_not_very_much_data_to_write(void);
diff --git a/readconf.c b/readconf.c
-index 91dfa56..7d3e695 100644
+index 097bb05..b9b2fd6 100644
--- a/readconf.c
+++ b/readconf.c
@@ -135,6 +135,8 @@ typedef enum {
@@ -876,7 +838,7 @@ index 91dfa56..7d3e695 100644
{ NULL, oBadOption }
};
-@@ -494,6 +503,36 @@ parse_flag:
+@@ -495,6 +504,36 @@ parse_flag:
intptr = &options->check_host_ip;
goto parse_flag;
@@ -913,7 +875,7 @@ index 91dfa56..7d3e695 100644
case oVerifyHostKeyDNS:
intptr = &options->verify_host_key_dns;
goto parse_yesnoask;
-@@ -679,6 +718,10 @@ parse_int:
+@@ -680,6 +719,10 @@ parse_int:
intptr = &options->connection_attempts;
goto parse_int;
@@ -924,7 +886,7 @@ index 91dfa56..7d3e695 100644
case oCipher:
intptr = &options->cipher;
arg = strdelim(&s);
-@@ -1202,6 +1245,13 @@ initialize_options(Options * options)
+@@ -1203,6 +1246,13 @@ initialize_options(Options * options)
options->ip_qos_interactive = -1;
options->ip_qos_bulk = -1;
options->request_tty = -1;
@@ -938,7 +900,7 @@ index 91dfa56..7d3e695 100644
}
/*
-@@ -1338,6 +1388,29 @@ fill_default_options(Options * options)
+@@ -1339,6 +1389,29 @@ fill_default_options(Options * options)
options->server_alive_interval = 0;
if (options->server_alive_count_max == -1)
options->server_alive_count_max = 3;
@@ -969,10 +931,10 @@ index 91dfa56..7d3e695 100644
options->control_master = 0;
if (options->control_persist == -1) {
diff --git a/readconf.h b/readconf.h
-index 5944cff..bfcddf7 100644
+index be30ee0..6480539 100644
--- a/readconf.h
+++ b/readconf.h
-@@ -60,6 +60,10 @@ typedef struct {
+@@ -61,6 +61,10 @@ typedef struct {
int compression_level; /* Compression level 1 (fast) to 9
* (best). */
int tcp_keep_alive; /* Set SO_KEEPALIVE. */
@@ -983,7 +945,7 @@ index 5944cff..bfcddf7 100644
int ip_qos_interactive; /* IP ToS/DSCP/class for interactive */
int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */
LogLevel log_level; /* Level for logging. */
-@@ -108,6 +112,8 @@ typedef struct {
+@@ -109,6 +113,8 @@ typedef struct {
int enable_ssh_keysign;
int64_t rekey_limit;
@@ -993,10 +955,10 @@ index 5944cff..bfcddf7 100644
int identities_only;
int server_alive_interval;
diff --git a/scp.c b/scp.c
-index 18b2597..3841f10 100644
+index 08587b5..c9c20f0 100644
--- a/scp.c
+++ b/scp.c
-@@ -727,7 +727,7 @@ source(int argc, char **argv)
+@@ -731,7 +731,7 @@ source(int argc, char **argv)
off_t i, statbytes;
size_t amt;
int fd = -1, haderr, indx;
@@ -1005,7 +967,7 @@ index 18b2597..3841f10 100644
int len;
for (indx = 0; indx < argc; ++indx) {
-@@ -909,7 +909,7 @@ sink(int argc, char **argv)
+@@ -913,7 +913,7 @@ sink(int argc, char **argv)
mode_t mode, omode, mask;
off_t size, statbytes;
int setimes, targisdir, wrerrno = 0;
@@ -1015,10 +977,10 @@ index 18b2597..3841f10 100644
#define atime tv[0]
diff --git a/servconf.c b/servconf.c
-index 91986e5..d5e45bc 100644
+index ee2e531..e4af66c 100644
--- a/servconf.c
+++ b/servconf.c
-@@ -136,6 +136,10 @@ initialize_server_options(ServerOptions *options)
+@@ -139,6 +139,10 @@ initialize_server_options(ServerOptions *options)
options->revoked_keys_file = NULL;
options->trusted_user_ca_keys = NULL;
options->authorized_principals_file = NULL;
@@ -1028,8 +990,8 @@ index 91986e5..d5e45bc 100644
+ options->hpn_buffer_size = -1;
options->ip_qos_interactive = -1;
options->ip_qos_bulk = -1;
- }
-@@ -143,6 +147,11 @@ initialize_server_options(ServerOptions *options)
+ options->version_addendum = NULL;
+@@ -147,6 +151,11 @@ initialize_server_options(ServerOptions *options)
void
fill_default_server_options(ServerOptions *options)
{
@@ -1041,13 +1003,12 @@ index 91986e5..d5e45bc 100644
/* Portable-specific options */
if (options->use_pam == -1)
options->use_pam = 0;
-@@ -278,6 +287,41 @@ fill_default_server_options(ServerOptions *options)
- if (options->ip_qos_bulk == -1)
- options->ip_qos_bulk = IPTOS_THROUGHPUT;
+@@ -287,6 +296,40 @@ fill_default_server_options(ServerOptions *options)
+ if (use_privsep == -1)
+ use_privsep = PRIVSEP_NOSANDBOX;
+ if (options->hpn_disabled == -1)
+ options->hpn_disabled = 0;
-+
+ if (options->hpn_buffer_size == -1) {
+ /* option not explicitly set. Now we have to figure out */
+ /* what value to use */
@@ -1080,18 +1041,18 @@ index 91986e5..d5e45bc 100644
+ options->hpn_buffer_size = CHAN_TCP_WINDOW_DEFAULT;
+ }
+
- /* Turn privilege separation on by default */
- if (use_privsep == -1)
- use_privsep = PRIVSEP_ON;
-@@ -323,6 +367,7 @@ typedef enum {
+ #ifndef HAVE_MMAP
+ if (use_privsep && options->compression == 1) {
+ error("This platform does not support both privilege "
+@@ -328,6 +371,7 @@ typedef enum {
sUsePrivilegeSeparation, sAllowAgentForwarding,
sZeroKnowledgePasswordAuthentication, sHostCertificate,
sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
+ sNoneEnabled, sTcpRcvBufPoll, sHPNDisabled, sHPNBufferSize,
- sKexAlgorithms, sIPQoS,
+ sKexAlgorithms, sIPQoS, sVersionAddendum,
sDeprecated, sUnsupported
} ServerOpCodes;
-@@ -446,6 +491,10 @@ static struct {
+@@ -451,6 +495,10 @@ static struct {
{ "revokedkeys", sRevokedKeys, SSHCFG_ALL },
{ "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
{ "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },
@@ -1101,8 +1062,8 @@ index 91986e5..d5e45bc 100644
+ { "tcprcvbufpoll", sTcpRcvBufPoll, SSHCFG_ALL },
{ "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL },
{ "ipqos", sIPQoS, SSHCFG_ALL },
- { NULL, sBadOption, 0 }
-@@ -474,6 +523,7 @@ parse_token(const char *cp, const char *filename,
+ { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL },
+@@ -480,6 +528,7 @@ parse_token(const char *cp, const char *filename,
for (i = 0; keywords[i].name; i++)
if (strcasecmp(cp, keywords[i].name) == 0) {
@@ -1110,7 +1071,7 @@ index 91986e5..d5e45bc 100644
*flags = keywords[i].flags;
return keywords[i].opcode;
}
-@@ -918,6 +968,22 @@ process_server_config_line(ServerOptions *options, char *line,
+@@ -987,6 +1036,22 @@ process_server_config_line(ServerOptions *options, char *line,
*intptr = value;
break;
@@ -1134,7 +1095,7 @@ index 91986e5..d5e45bc 100644
intptr = &options->ignore_user_known_hosts;
goto parse_flag;
diff --git a/servconf.h b/servconf.h
-index 89f38e2..3a2510a 100644
+index 096d596..714473d 100644
--- a/servconf.h
+++ b/servconf.h
@@ -157,6 +157,10 @@ typedef struct {
@@ -1149,7 +1110,7 @@ index 89f38e2..3a2510a 100644
int permit_tun;
diff --git a/serverloop.c b/serverloop.c
-index 19b84ff..38d8bdc 100644
+index 741c5be..34b3771 100644
--- a/serverloop.c
+++ b/serverloop.c
@@ -94,10 +94,10 @@ static int fdin; /* Descriptor for stdin (for writing) */
@@ -1188,7 +1149,7 @@ index 19b84ff..38d8bdc 100644
* we write to this pipe if a SIGCHLD is caught in order to avoid
* the race between select() and child_terminated
*/
-@@ -414,6 +428,7 @@ process_input(fd_set *readset)
+@@ -420,6 +434,7 @@ process_input(fd_set *readset)
} else {
/* Buffer any received data. */
packet_process_incoming(buf, len);
@@ -1196,7 +1157,7 @@ index 19b84ff..38d8bdc 100644
}
}
if (compat20)
-@@ -436,6 +451,7 @@ process_input(fd_set *readset)
+@@ -442,6 +457,7 @@ process_input(fd_set *readset)
} else {
buffer_append(&stdout_buffer, buf, len);
fdout_bytes += len;
@@ -1204,7 +1165,7 @@ index 19b84ff..38d8bdc 100644
}
}
/* Read and buffer any available stderr data from the program. */
-@@ -503,7 +519,7 @@ process_output(fd_set *writeset)
+@@ -509,7 +525,7 @@ process_output(fd_set *writeset)
}
/* Send any buffered packet data to the client. */
if (FD_ISSET(connection_out, writeset))
@@ -1213,7 +1174,7 @@ index 19b84ff..38d8bdc 100644
}
/*
-@@ -820,8 +836,10 @@ server_loop2(Authctxt *authctxt)
+@@ -826,8 +842,10 @@ server_loop2(Authctxt *authctxt)
{
fd_set *readset = NULL, *writeset = NULL;
int rekeying = 0, max_fd, nalloc = 0;
@@ -1224,7 +1185,7 @@ index 19b84ff..38d8bdc 100644
mysignal(SIGCHLD, sigchld_handler);
child_terminated = 0;
-@@ -883,6 +901,11 @@ server_loop2(Authctxt *authctxt)
+@@ -889,6 +907,11 @@ server_loop2(Authctxt *authctxt)
/* free remaining sessions, e.g. remove wtmp entries */
session_destroy_all(NULL);
@@ -1236,7 +1197,7 @@ index 19b84ff..38d8bdc 100644
}
static void
-@@ -998,8 +1021,12 @@ server_request_tun(void)
+@@ -1004,8 +1027,12 @@ server_request_tun(void)
sock = tun_open(tun, mode);
if (sock < 0)
goto done;
@@ -1249,7 +1210,7 @@ index 19b84ff..38d8bdc 100644
c->datagram = 1;
#if defined(SSH_TUN_FILTER)
if (mode == SSH_TUNMODE_POINTOPOINT)
-@@ -1035,6 +1062,8 @@ server_request_session(void)
+@@ -1041,6 +1068,8 @@ server_request_session(void)
c = channel_new("session", SSH_CHANNEL_LARVAL,
-1, -1, -1, /*window size*/0, CHAN_SES_PACKET_DEFAULT,
0, "server-session", 1);
@@ -1259,7 +1220,7 @@ index 19b84ff..38d8bdc 100644
debug("session open failed, free channel %d", c->self);
channel_free(c);
diff --git a/session.c b/session.c
-index 6a70400..4ffffe0 100644
+index 65bf287..c74f655 100644
--- a/session.c
+++ b/session.c
@@ -236,6 +236,7 @@ auth_input_request_forwarding(struct passwd * pw)
@@ -1288,10 +1249,10 @@ index 6a70400..4ffffe0 100644
/*
diff --git a/sftp.1 b/sftp.1
-index eb88014..afb092b 100644
+index bcb4721..284d618 100644
--- a/sftp.1
+++ b/sftp.1
-@@ -245,7 +245,8 @@ diagnostic messages from
+@@ -247,7 +247,8 @@ diagnostic messages from
Specify how many requests may be outstanding at any one time.
Increasing this may slightly improve file transfer speed
but will increase memory usage.
@@ -1302,7 +1263,7 @@ index eb88014..afb092b 100644
Recursively copy entire directories when uploading and downloading.
Note that
diff --git a/sftp.c b/sftp.c
-index ab667f5..f87d5fb 100644
+index 235c6ad..bae79f2 100644
--- a/sftp.c
+++ b/sftp.c
@@ -69,7 +69,7 @@ typedef void EditLine;
@@ -1315,10 +1276,10 @@ index ab667f5..f87d5fb 100644
/* File to read commands from */
FILE* infile;
diff --git a/ssh.c b/ssh.c
-index c717dcf..6b71bf2 100644
+index 3f61eb0..62f56de 100644
--- a/ssh.c
+++ b/ssh.c
-@@ -577,6 +577,10 @@ main(int ac, char **av)
+@@ -579,6 +579,10 @@ main(int ac, char **av)
break;
case 'T':
options.request_tty = REQUEST_TTY_NO;
@@ -1329,7 +1290,7 @@ index c717dcf..6b71bf2 100644
break;
case 'o':
dummy = 1;
-@@ -1362,6 +1366,9 @@ ssh_session2_open(void)
+@@ -1372,6 +1376,9 @@ ssh_session2_open(void)
{
Channel *c;
int window, packetmax, in, out, err;
@@ -1339,7 +1300,7 @@ index c717dcf..6b71bf2 100644
if (stdin_null_flag) {
in = open(_PATH_DEVNULL, O_RDONLY);
-@@ -1382,9 +1389,74 @@ ssh_session2_open(void)
+@@ -1392,9 +1399,74 @@ ssh_session2_open(void)
if (!isatty(err))
set_nonblock(err);
@@ -1415,7 +1376,7 @@ index c717dcf..6b71bf2 100644
window >>= 1;
packetmax >>= 1;
}
-@@ -1393,6 +1465,10 @@ ssh_session2_open(void)
+@@ -1403,6 +1475,10 @@ ssh_session2_open(void)
window, packetmax, CHAN_EXTENDED_WRITE,
"client-session", /*nonblock*/0);
@@ -1491,7 +1452,7 @@ index 0ee7266..f90cbe2 100644
!= strlen(buf))
fatal("write: %.100s", strerror(errno));
diff --git a/sshconnect2.c b/sshconnect2.c
-index c24b202..551ad20 100644
+index 7c369d7..0b02824 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -81,6 +81,12 @@
@@ -1537,7 +1498,7 @@ index c24b202..551ad20 100644
}
diff --git a/sshd.c b/sshd.c
-index cc10395..d873edb 100644
+index 9aff5e8..a42dea8 100644
--- a/sshd.c
+++ b/sshd.c
@@ -138,6 +138,9 @@ int deny_severity;
@@ -1550,16 +1511,16 @@ index cc10395..d873edb 100644
extern char *__progname;
/* Server configuration options. */
-@@ -419,7 +422,7 @@ sshd_exchange_identification(int sock_in, int sock_out)
- minor = PROTOCOL_MINOR_1;
+@@ -421,7 +424,7 @@ sshd_exchange_identification(int sock_in, int sock_out)
}
- snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", major, minor,
-- SSH_VERSION, newline);
-+ SSH_RELEASE, newline);
- server_version_string = xstrdup(buf);
- /* Send our protocol version identification. */
-@@ -470,6 +473,9 @@ sshd_exchange_identification(int sock_in, int sock_out)
+ xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s",
+- major, minor, SSH_VERSION,
++ major, minor, SSH_RELEASE,
+ *options.version_addendum == '\0' ? "" : " ",
+ options.version_addendum, newline);
+
+@@ -473,6 +476,9 @@ sshd_exchange_identification(int sock_in, int sock_out)
}
debug("Client protocol version %d.%d; client software version %.100s",
remote_major, remote_minor, remote_version);
@@ -1569,7 +1530,7 @@ index cc10395..d873edb 100644
compat_datafellows(remote_version);
-@@ -1023,6 +1029,8 @@ server_listen(void)
+@@ -1029,6 +1035,8 @@ server_listen(void)
int ret, listen_sock, on = 1;
struct addrinfo *ai;
char ntop[NI_MAXHOST], strport[NI_MAXSERV];
@@ -1578,7 +1539,7 @@ index cc10395..d873edb 100644
for (ai = options.listen_addrs; ai; ai = ai->ai_next) {
if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
-@@ -1063,6 +1071,11 @@ server_listen(void)
+@@ -1069,6 +1077,11 @@ server_listen(void)
debug("Bind to port %s on %s.", strport, ntop);
@@ -1590,7 +1551,7 @@ index cc10395..d873edb 100644
/* Bind the socket to the desired port. */
if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) {
error("Bind to port %s on %s failed: %.200s.",
-@@ -1944,6 +1957,9 @@ main(int ac, char **av)
+@@ -1938,6 +1951,9 @@ main(int ac, char **av)
/* Log the connection. */
verbose("Connection from %.500s port %d", remote_ip, remote_port);
@@ -1600,7 +1561,7 @@ index cc10395..d873edb 100644
/*
* We don't want to listen forever unless the other side
* successfully authenticates itself. So we set up an alarm which is
-@@ -2300,9 +2316,15 @@ do_ssh2_kex(void)
+@@ -2294,9 +2310,15 @@ do_ssh2_kex(void)
{
Kex *kex;
@@ -1617,10 +1578,10 @@ index cc10395..d873edb 100644
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]);
diff --git a/sshd_config b/sshd_config
-index 473e866..41bd4a3 100644
+index 9424ee2..04f51d6 100644
--- a/sshd_config
+++ b/sshd_config
-@@ -114,6 +114,20 @@ AuthorizedKeysFile .ssh/authorized_keys
+@@ -117,6 +117,20 @@ UsePrivilegeSeparation sandbox # Default for new installations.
# override default of no subsystems
Subsystem sftp /usr/libexec/sftp-server
@@ -1642,16 +1603,13 @@ index 473e866..41bd4a3 100644
#Match User anoncvs
# X11Forwarding no
diff --git a/version.h b/version.h
-index 6a1acb3..a6a5b32 100644
+index 76adaaf..44172ac 100644
--- a/version.h
+++ b/version.h
@@ -3,4 +3,5 @@
- #define SSH_VERSION "OpenSSH_5.9"
+ #define SSH_VERSION "OpenSSH_6.1"
#define SSH_PORTABLE "p1"
-#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
+#define SSH_HPN "-hpn13v11"
+#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN
---
-1.7.7.3
-
diff --git a/main/openssh/openssh6.0-peaktput.diff b/main/openssh/openssh-peaktput.diff
index b376433d8..b376433d8 100644
--- a/main/openssh/openssh6.0-peaktput.diff
+++ b/main/openssh/openssh-peaktput.diff