diff options
author | Timo Teräs <timo.teras@iki.fi> | 2012-09-04 09:03:14 +0300 |
---|---|---|
committer | Timo Teräs <timo.teras@iki.fi> | 2012-09-04 09:03:48 +0300 |
commit | e15b1ac0e33da466a04766b59929885a42c1b0cd (patch) | |
tree | 9be289a27742cbea0ad6af26283ddf468275d2a9 /main | |
parent | 9e42b43c71a68d51d14fa939bb5873bb41f64ff4 (diff) | |
download | aports-e15b1ac0e33da466a04766b59929885a42c1b0cd.tar.bz2 aports-e15b1ac0e33da466a04766b59929885a42c1b0cd.tar.xz |
main/openssh: upgrade to 6.1
* rebase hpn dynamic window patch
Diffstat (limited to 'main')
-rw-r--r-- | main/openssh/APKBUILD | 12 | ||||
-rw-r--r-- | main/openssh/openssh-dynwindow_noneswitch.diff (renamed from main/openssh/openssh6.0-dynwindow_noneswitch.diff) | 250 | ||||
-rw-r--r-- | main/openssh/openssh-peaktput.diff (renamed from main/openssh/openssh6.0-peaktput.diff) | 0 |
3 files changed, 110 insertions, 152 deletions
diff --git a/main/openssh/APKBUILD b/main/openssh/APKBUILD index 7ba855f1d..ca4877188 100644 --- a/main/openssh/APKBUILD +++ b/main/openssh/APKBUILD @@ -1,6 +1,6 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=openssh -pkgver=6.0_p1 +pkgver=6.1_p1 _myver=${pkgver%_*}${pkgver#*_} pkgrel=0 pkgdesc="Port of OpenBSD's free SSH release" @@ -11,8 +11,8 @@ depends="openssh-client libcrypto1.0>=1.0.1c-r2" makedepends="openssl-dev zlib-dev" subpackages="$pkgname-doc $pkgname-client" source="ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/$pkgname-$_myver.tar.gz - openssh${pkgver%_*}-dynwindow_noneswitch.diff - openssh${pkgver%_*}-peaktput.diff + openssh-dynwindow_noneswitch.diff + openssh-peaktput.diff openssh-hmac-accel.diff sshd.initd sshd.confd @@ -84,9 +84,9 @@ client() { "$subpkgdir"/etc/ssh/ } -md5sums="3c9347aa67862881c5da3f3b1c08da7b openssh-6.0p1.tar.gz -77dfe8b990a369c02a581801aa40d487 openssh6.0-dynwindow_noneswitch.diff -949ff348573438163240c60d6c3618eb openssh6.0-peaktput.diff +md5sums="3345cbf4efe90ffb06a78670ab2d05d5 openssh-6.1p1.tar.gz +b6a71aab576d592b4645a5a4e21a9116 openssh-dynwindow_noneswitch.diff +949ff348573438163240c60d6c3618eb openssh-peaktput.diff c65d454dc5b149647273485fc184636d openssh-hmac-accel.diff cb0dd08c413fad346f0c594107b4a2e0 sshd.initd b35e9f3829f4cfca07168fcba98749c7 sshd.confd" diff --git a/main/openssh/openssh6.0-dynwindow_noneswitch.diff b/main/openssh/openssh-dynwindow_noneswitch.diff index 04158ab01..f0c7f0da1 100644 --- a/main/openssh/openssh6.0-dynwindow_noneswitch.diff +++ b/main/openssh/openssh-dynwindow_noneswitch.diff @@ -1,41 +1,3 @@ -From: Timo Teräs <timo.teras@iki.fi> -Date: Tue, 17 Jan 2012 07:54:46 +0000 -Subject: [PATCH 2/2] dynwindow_noneswitch - ---- - HPN-README | 128 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - auth2.c | 9 ++++ - buffer.c | 2 +- - buffer.h | 3 + - channels.c | 74 ++++++++++++++++++++++++++++++--- - channels.h | 13 ++++- - cipher.c | 5 ++- - clientloop.c | 24 ++++++++++- - compat.c | 9 ++++ - compat.h | 1 + - kex.c | 34 +++++++++++++++- - kex.h | 2 + - myproposal.h | 2 + - packet.c | 42 +++++++++++++++---- - packet.h | 8 +++- - readconf.c | 73 ++++++++++++++++++++++++++++++++ - readconf.h | 6 +++ - scp.c | 4 +- - servconf.c | 66 +++++++++++++++++++++++++++++ - servconf.h | 4 ++ - serverloop.c | 39 +++++++++++++++-- - session.c | 7 +++ - sftp.1 | 3 +- - sftp.c | 2 +- - ssh.c | 78 ++++++++++++++++++++++++++++++++++- - sshconnect.c | 32 ++++++++++++++- - sshconnect2.c | 28 ++++++++++++ - sshd.c | 24 ++++++++++- - sshd_config | 14 ++++++ - version.h | 3 +- - 30 files changed, 701 insertions(+), 38 deletions(-) - create mode 100644 HPN-README - diff --git a/HPN-README b/HPN-README new file mode 100644 index 0000000..72d822f @@ -171,7 +133,7 @@ index 0000000..72d822f + by Cisco System, Inc., the National Library of Medicine, + and the National Science Foundation. diff --git a/auth2.c b/auth2.c -index c06c95f..699a522 100644 +index b66bef6..9e75803 100644 --- a/auth2.c +++ b/auth2.c @@ -49,6 +49,7 @@ @@ -232,10 +194,10 @@ index e2a9dd1..2c0b65c 100644 u_char *buf; /* Buffer for data. */ u_int alloc; /* Number of bytes allocated for data. */ diff --git a/channels.c b/channels.c -index 24d4a9f..a43235f 100644 +index 7791feb..7f66ca9 100644 --- a/channels.c +++ b/channels.c -@@ -170,8 +170,14 @@ static void port_open_helper(Channel *c, char *rtype); +@@ -173,8 +173,14 @@ static void port_open_helper(Channel *c, char *rtype); static int connect_next(struct channel_connect *); static void channel_connect_ctx_free(struct channel_connect *); @@ -250,7 +212,7 @@ index 24d4a9f..a43235f 100644 Channel * channel_by_id(int id) { -@@ -313,6 +319,7 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd, +@@ -319,6 +325,7 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd, c->local_window_max = window; c->local_consumed = 0; c->local_maxpacket = maxpack; @@ -258,7 +220,7 @@ index 24d4a9f..a43235f 100644 c->remote_id = -1; c->remote_name = xstrdup(remote_name); c->remote_window = 0; -@@ -808,11 +815,35 @@ channel_pre_open_13(Channel *c, fd_set *readset, fd_set *writeset) +@@ -818,11 +825,35 @@ channel_pre_open_13(Channel *c, fd_set *readset, fd_set *writeset) FD_SET(c->sock, writeset); } @@ -294,7 +256,7 @@ index 24d4a9f..a43235f 100644 if (c->istate == CHAN_INPUT_OPEN && limit > 0 && buffer_len(&c->input) < limit && -@@ -1789,14 +1820,21 @@ channel_check_window(Channel *c) +@@ -1806,14 +1837,21 @@ channel_check_window(Channel *c) c->local_maxpacket*3) || c->local_window < c->local_window_max/2) && c->local_consumed > 0) { @@ -318,7 +280,7 @@ index 24d4a9f..a43235f 100644 c->local_consumed = 0; } return 1; -@@ -2128,11 +2166,12 @@ channel_after_select(fd_set *readset, fd_set *writeset) +@@ -2173,11 +2211,12 @@ channel_after_select(fd_set *readset, fd_set *writeset) /* If there is data to send to the connection, enqueue some of it now. */ @@ -332,7 +294,7 @@ index 24d4a9f..a43235f 100644 for (i = 0; i < channels_alloc; i++) { c = channels[i]; -@@ -2180,7 +2219,7 @@ channel_output_poll(void) +@@ -2225,7 +2264,7 @@ channel_output_poll(void) packet_start(SSH2_MSG_CHANNEL_DATA); packet_put_int(c->remote_id); packet_put_string(data, dlen); @@ -341,7 +303,7 @@ index 24d4a9f..a43235f 100644 c->remote_window -= dlen + 4; xfree(data); } -@@ -2210,7 +2249,7 @@ channel_output_poll(void) +@@ -2255,7 +2294,7 @@ channel_output_poll(void) SSH2_MSG_CHANNEL_DATA : SSH_MSG_CHANNEL_DATA); packet_put_int(c->remote_id); packet_put_string(buffer_ptr(&c->input), len); @@ -350,7 +312,7 @@ index 24d4a9f..a43235f 100644 buffer_consume(&c->input, len); c->remote_window -= len; } -@@ -2245,12 +2284,13 @@ channel_output_poll(void) +@@ -2290,12 +2329,13 @@ channel_output_poll(void) packet_put_int(c->remote_id); packet_put_int(SSH2_EXTENDED_DATA_STDERR); packet_put_string(buffer_ptr(&c->extended), len); @@ -365,8 +327,8 @@ index 24d4a9f..a43235f 100644 } -@@ -2634,6 +2674,15 @@ channel_set_af(int af) - IPv4or6 = af; +@@ -2719,6 +2759,15 @@ channel_fwd_bind_addr(const char *listen_addr, int *wildcardp, + return addr; } + @@ -381,7 +343,7 @@ index 24d4a9f..a43235f 100644 static int channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_port, int *allocated_listen_port, -@@ -2787,9 +2836,15 @@ channel_setup_fwd_listener(int type, const char *listen_addr, +@@ -2845,9 +2894,15 @@ channel_setup_fwd_listener(int type, const char *listen_addr, } /* Allocate a channel number for the socket. */ @@ -396,8 +358,8 @@ index 24d4a9f..a43235f 100644 + 0, "port listener", 1); c->path = xstrdup(host); c->host_port = port_to_connect; - c->listening_port = listen_port; -@@ -3334,10 +3389,17 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost, + c->listening_addr = addr == NULL ? NULL : xstrdup(addr); +@@ -3505,10 +3560,17 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost, *chanids = xcalloc(num_socks + 1, sizeof(**chanids)); for (n = 0; n < num_socks; n++) { sock = socks[n]; @@ -416,10 +378,10 @@ index 24d4a9f..a43235f 100644 (*chanids)[n] = nc->self; } diff --git a/channels.h b/channels.h -index e2941c8..fa90ccf 100644 +index d75b800..0a95283 100644 --- a/channels.h +++ b/channels.h -@@ -125,8 +125,10 @@ struct Channel { +@@ -129,8 +129,10 @@ struct Channel { u_int local_window_max; u_int local_consumed; u_int local_maxpacket; @@ -430,7 +392,7 @@ index e2941c8..fa90ccf 100644 char *ctype; /* type */ -@@ -161,9 +163,11 @@ struct Channel { +@@ -165,9 +167,11 @@ struct Channel { /* default window/packet sizes for tcp/x11-fwd-channel */ #define CHAN_SES_PACKET_DEFAULT (32*1024) @@ -444,16 +406,16 @@ index e2941c8..fa90ccf 100644 #define CHAN_X11_PACKET_DEFAULT (16*1024) #define CHAN_X11_WINDOW_DEFAULT (4*CHAN_X11_PACKET_DEFAULT) -@@ -237,7 +241,7 @@ void channel_input_status_confirm(int, u_int32_t, void *); - - void channel_prepare_select(fd_set **, fd_set **, int *, u_int*, int); +@@ -242,7 +246,7 @@ void channel_input_status_confirm(int, u_int32_t, void *); + void channel_prepare_select(fd_set **, fd_set **, int *, u_int*, + time_t*, int); void channel_after_select(fd_set *, fd_set *); -void channel_output_poll(void); +int channel_output_poll(void); int channel_not_very_much_buffered_data(void); void channel_close_all(void); -@@ -294,4 +298,7 @@ void chan_rcvd_ieof(Channel *); +@@ -303,4 +307,7 @@ void chan_rcvd_ieof(Channel *); void chan_write_failed(Channel *); void chan_obuf_empty(Channel *); @@ -492,10 +454,10 @@ index bb5c0ac..32ad40e 100644 case SSH_CIPHER_DES: case SSH_CIPHER_BLOWFISH: diff --git a/clientloop.c b/clientloop.c -index c19b01f..8de3984 100644 +index 1c1a770..b9910e4 100644 --- a/clientloop.c +++ b/clientloop.c -@@ -1793,9 +1793,15 @@ client_request_x11(const char *request_type, int rchan) +@@ -1829,9 +1829,15 @@ client_request_x11(const char *request_type, int rchan) sock = x11_connect_display(); if (sock < 0) return NULL; @@ -511,7 +473,7 @@ index c19b01f..8de3984 100644 c->force_drain = 1; return c; } -@@ -1815,9 +1821,15 @@ client_request_agent(const char *request_type, int rchan) +@@ -1851,9 +1857,15 @@ client_request_agent(const char *request_type, int rchan) sock = ssh_get_authentication_socket(); if (sock < 0) return NULL; @@ -528,7 +490,7 @@ index c19b01f..8de3984 100644 "authentication agent connection", 1); c->force_drain = 1; return c; -@@ -1845,10 +1857,18 @@ client_request_tun_fwd(int tun_mode, int local_tun, int remote_tun) +@@ -1881,10 +1893,18 @@ client_request_tun_fwd(int tun_mode, int local_tun, int remote_tun) return -1; } @@ -549,10 +511,10 @@ index c19b01f..8de3984 100644 if (options.tun_open == SSH_TUNMODE_POINTOPOINT) channel_register_filter(c->self, sys_tun_infilter, diff --git a/compat.c b/compat.c -index df3541d..0b3df86 100644 +index 0dc089f..9ab3688 100644 --- a/compat.c +++ b/compat.c -@@ -170,6 +170,15 @@ compat_datafellows(const char *version) +@@ -171,6 +171,15 @@ compat_datafellows(const char *version) strlen(check[i].pat), 0) == 1) { debug("match: %s pat %s", version, check[i].pat); datafellows = check[i].bugs; @@ -569,10 +531,10 @@ index df3541d..0b3df86 100644 } } diff --git a/compat.h b/compat.h -index 16cf282..6feaa6b 100644 +index 3ae5d9c..6a7aeb2 100644 --- a/compat.h +++ b/compat.h -@@ -58,6 +58,7 @@ +@@ -59,6 +59,7 @@ #define SSH_BUG_RFWD_ADDR 0x02000000 #define SSH_NEW_OPENSSH 0x04000000 #define SSH_BUG_DYNAMIC_RPORT 0x08000000 @@ -665,10 +627,10 @@ index 7373d3c..3b4d4b5 100644 void kex_finish(Kex *); diff --git a/myproposal.h b/myproposal.h -index 0bc1c77..e9b273d 100644 +index b9b819c..429b5cb 100644 --- a/myproposal.h +++ b/myproposal.h -@@ -97,6 +97,8 @@ +@@ -95,6 +95,8 @@ #define KEX_DEFAULT_COMP "none,zlib@openssh.com,zlib" #define KEX_DEFAULT_LANG "" @@ -678,10 +640,10 @@ index 0bc1c77..e9b273d 100644 static char *myproposal[PROPOSAL_MAX] = { KEX_DEFAULT_KEX, diff --git a/packet.c b/packet.c -index ba93417..d16140a 100644 +index d0c66fe..9f6f530 100644 --- a/packet.c +++ b/packet.c -@@ -840,7 +840,7 @@ packet_enable_delayed_compress(void) +@@ -838,7 +838,7 @@ packet_enable_delayed_compress(void) /* * Finalize packet in SSH2 format (compress, mac, encrypt, enqueue) */ @@ -690,7 +652,7 @@ index ba93417..d16140a 100644 packet_send2_wrapped(void) { u_char type, *cp, *macbuf = NULL; -@@ -959,11 +959,13 @@ packet_send2_wrapped(void) +@@ -957,11 +957,13 @@ packet_send2_wrapped(void) set_newkeys(MODE_OUT); else if (type == SSH2_MSG_USERAUTH_SUCCESS && active_state->server_side) packet_enable_delayed_compress(); @@ -749,7 +711,7 @@ index ba93417..d16140a 100644 } /* -@@ -1653,7 +1658,7 @@ packet_disconnect(const char *fmt,...) +@@ -1647,7 +1652,7 @@ packet_disconnect(const char *fmt,...) /* Checks if there is any buffered output, and tries to write some of the output. */ @@ -758,7 +720,7 @@ index ba93417..d16140a 100644 packet_write_poll(void) { int len = buffer_len(&active_state->output); -@@ -1666,13 +1671,14 @@ packet_write_poll(void) +@@ -1660,13 +1665,14 @@ packet_write_poll(void) if (len == -1) { if (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK) @@ -774,7 +736,7 @@ index ba93417..d16140a 100644 } /* -@@ -1873,12 +1879,24 @@ packet_send_ignore(int nbytes) +@@ -1867,12 +1873,24 @@ packet_send_ignore(int nbytes) } } @@ -799,7 +761,7 @@ index ba93417..d16140a 100644 return (active_state->p_send.packets > MAX_PACKETS) || (active_state->p_read.packets > MAX_PACKETS) || -@@ -1970,3 +1988,9 @@ packet_restore_state(void) +@@ -1964,3 +1982,9 @@ packet_restore_state(void) add_recv_bytes(len); } } @@ -810,7 +772,7 @@ index ba93417..d16140a 100644 + return(active_state->after_authentication); +} diff --git a/packet.h b/packet.h -index 90eec17..4730824 100644 +index 09ba079..d3833dd 100644 --- a/packet.h +++ b/packet.h @@ -23,6 +23,9 @@ @@ -840,7 +802,7 @@ index 90eec17..4730824 100644 int packet_read(void); void packet_read_expect(int type); -@@ -86,7 +90,7 @@ int packet_get_ssh1_cipher(void); +@@ -85,7 +89,7 @@ int packet_get_ssh1_cipher(void); void packet_set_iv(int, u_char *); void *packet_get_newkeys(int); @@ -850,7 +812,7 @@ index 90eec17..4730824 100644 int packet_have_data_to_write(void); int packet_not_very_much_data_to_write(void); diff --git a/readconf.c b/readconf.c -index 91dfa56..7d3e695 100644 +index 097bb05..b9b2fd6 100644 --- a/readconf.c +++ b/readconf.c @@ -135,6 +135,8 @@ typedef enum { @@ -876,7 +838,7 @@ index 91dfa56..7d3e695 100644 { NULL, oBadOption } }; -@@ -494,6 +503,36 @@ parse_flag: +@@ -495,6 +504,36 @@ parse_flag: intptr = &options->check_host_ip; goto parse_flag; @@ -913,7 +875,7 @@ index 91dfa56..7d3e695 100644 case oVerifyHostKeyDNS: intptr = &options->verify_host_key_dns; goto parse_yesnoask; -@@ -679,6 +718,10 @@ parse_int: +@@ -680,6 +719,10 @@ parse_int: intptr = &options->connection_attempts; goto parse_int; @@ -924,7 +886,7 @@ index 91dfa56..7d3e695 100644 case oCipher: intptr = &options->cipher; arg = strdelim(&s); -@@ -1202,6 +1245,13 @@ initialize_options(Options * options) +@@ -1203,6 +1246,13 @@ initialize_options(Options * options) options->ip_qos_interactive = -1; options->ip_qos_bulk = -1; options->request_tty = -1; @@ -938,7 +900,7 @@ index 91dfa56..7d3e695 100644 } /* -@@ -1338,6 +1388,29 @@ fill_default_options(Options * options) +@@ -1339,6 +1389,29 @@ fill_default_options(Options * options) options->server_alive_interval = 0; if (options->server_alive_count_max == -1) options->server_alive_count_max = 3; @@ -969,10 +931,10 @@ index 91dfa56..7d3e695 100644 options->control_master = 0; if (options->control_persist == -1) { diff --git a/readconf.h b/readconf.h -index 5944cff..bfcddf7 100644 +index be30ee0..6480539 100644 --- a/readconf.h +++ b/readconf.h -@@ -60,6 +60,10 @@ typedef struct { +@@ -61,6 +61,10 @@ typedef struct { int compression_level; /* Compression level 1 (fast) to 9 * (best). */ int tcp_keep_alive; /* Set SO_KEEPALIVE. */ @@ -983,7 +945,7 @@ index 5944cff..bfcddf7 100644 int ip_qos_interactive; /* IP ToS/DSCP/class for interactive */ int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */ LogLevel log_level; /* Level for logging. */ -@@ -108,6 +112,8 @@ typedef struct { +@@ -109,6 +113,8 @@ typedef struct { int enable_ssh_keysign; int64_t rekey_limit; @@ -993,10 +955,10 @@ index 5944cff..bfcddf7 100644 int identities_only; int server_alive_interval; diff --git a/scp.c b/scp.c -index 18b2597..3841f10 100644 +index 08587b5..c9c20f0 100644 --- a/scp.c +++ b/scp.c -@@ -727,7 +727,7 @@ source(int argc, char **argv) +@@ -731,7 +731,7 @@ source(int argc, char **argv) off_t i, statbytes; size_t amt; int fd = -1, haderr, indx; @@ -1005,7 +967,7 @@ index 18b2597..3841f10 100644 int len; for (indx = 0; indx < argc; ++indx) { -@@ -909,7 +909,7 @@ sink(int argc, char **argv) +@@ -913,7 +913,7 @@ sink(int argc, char **argv) mode_t mode, omode, mask; off_t size, statbytes; int setimes, targisdir, wrerrno = 0; @@ -1015,10 +977,10 @@ index 18b2597..3841f10 100644 #define atime tv[0] diff --git a/servconf.c b/servconf.c -index 91986e5..d5e45bc 100644 +index ee2e531..e4af66c 100644 --- a/servconf.c +++ b/servconf.c -@@ -136,6 +136,10 @@ initialize_server_options(ServerOptions *options) +@@ -139,6 +139,10 @@ initialize_server_options(ServerOptions *options) options->revoked_keys_file = NULL; options->trusted_user_ca_keys = NULL; options->authorized_principals_file = NULL; @@ -1028,8 +990,8 @@ index 91986e5..d5e45bc 100644 + options->hpn_buffer_size = -1; options->ip_qos_interactive = -1; options->ip_qos_bulk = -1; - } -@@ -143,6 +147,11 @@ initialize_server_options(ServerOptions *options) + options->version_addendum = NULL; +@@ -147,6 +151,11 @@ initialize_server_options(ServerOptions *options) void fill_default_server_options(ServerOptions *options) { @@ -1041,13 +1003,12 @@ index 91986e5..d5e45bc 100644 /* Portable-specific options */ if (options->use_pam == -1) options->use_pam = 0; -@@ -278,6 +287,41 @@ fill_default_server_options(ServerOptions *options) - if (options->ip_qos_bulk == -1) - options->ip_qos_bulk = IPTOS_THROUGHPUT; +@@ -287,6 +296,40 @@ fill_default_server_options(ServerOptions *options) + if (use_privsep == -1) + use_privsep = PRIVSEP_NOSANDBOX; + if (options->hpn_disabled == -1) + options->hpn_disabled = 0; -+ + if (options->hpn_buffer_size == -1) { + /* option not explicitly set. Now we have to figure out */ + /* what value to use */ @@ -1080,18 +1041,18 @@ index 91986e5..d5e45bc 100644 + options->hpn_buffer_size = CHAN_TCP_WINDOW_DEFAULT; + } + - /* Turn privilege separation on by default */ - if (use_privsep == -1) - use_privsep = PRIVSEP_ON; -@@ -323,6 +367,7 @@ typedef enum { + #ifndef HAVE_MMAP + if (use_privsep && options->compression == 1) { + error("This platform does not support both privilege " +@@ -328,6 +371,7 @@ typedef enum { sUsePrivilegeSeparation, sAllowAgentForwarding, sZeroKnowledgePasswordAuthentication, sHostCertificate, sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, + sNoneEnabled, sTcpRcvBufPoll, sHPNDisabled, sHPNBufferSize, - sKexAlgorithms, sIPQoS, + sKexAlgorithms, sIPQoS, sVersionAddendum, sDeprecated, sUnsupported } ServerOpCodes; -@@ -446,6 +491,10 @@ static struct { +@@ -451,6 +495,10 @@ static struct { { "revokedkeys", sRevokedKeys, SSHCFG_ALL }, { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, @@ -1101,8 +1062,8 @@ index 91986e5..d5e45bc 100644 + { "tcprcvbufpoll", sTcpRcvBufPoll, SSHCFG_ALL }, { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL }, { "ipqos", sIPQoS, SSHCFG_ALL }, - { NULL, sBadOption, 0 } -@@ -474,6 +523,7 @@ parse_token(const char *cp, const char *filename, + { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL }, +@@ -480,6 +528,7 @@ parse_token(const char *cp, const char *filename, for (i = 0; keywords[i].name; i++) if (strcasecmp(cp, keywords[i].name) == 0) { @@ -1110,7 +1071,7 @@ index 91986e5..d5e45bc 100644 *flags = keywords[i].flags; return keywords[i].opcode; } -@@ -918,6 +968,22 @@ process_server_config_line(ServerOptions *options, char *line, +@@ -987,6 +1036,22 @@ process_server_config_line(ServerOptions *options, char *line, *intptr = value; break; @@ -1134,7 +1095,7 @@ index 91986e5..d5e45bc 100644 intptr = &options->ignore_user_known_hosts; goto parse_flag; diff --git a/servconf.h b/servconf.h -index 89f38e2..3a2510a 100644 +index 096d596..714473d 100644 --- a/servconf.h +++ b/servconf.h @@ -157,6 +157,10 @@ typedef struct { @@ -1149,7 +1110,7 @@ index 89f38e2..3a2510a 100644 int permit_tun; diff --git a/serverloop.c b/serverloop.c -index 19b84ff..38d8bdc 100644 +index 741c5be..34b3771 100644 --- a/serverloop.c +++ b/serverloop.c @@ -94,10 +94,10 @@ static int fdin; /* Descriptor for stdin (for writing) */ @@ -1188,7 +1149,7 @@ index 19b84ff..38d8bdc 100644 * we write to this pipe if a SIGCHLD is caught in order to avoid * the race between select() and child_terminated */ -@@ -414,6 +428,7 @@ process_input(fd_set *readset) +@@ -420,6 +434,7 @@ process_input(fd_set *readset) } else { /* Buffer any received data. */ packet_process_incoming(buf, len); @@ -1196,7 +1157,7 @@ index 19b84ff..38d8bdc 100644 } } if (compat20) -@@ -436,6 +451,7 @@ process_input(fd_set *readset) +@@ -442,6 +457,7 @@ process_input(fd_set *readset) } else { buffer_append(&stdout_buffer, buf, len); fdout_bytes += len; @@ -1204,7 +1165,7 @@ index 19b84ff..38d8bdc 100644 } } /* Read and buffer any available stderr data from the program. */ -@@ -503,7 +519,7 @@ process_output(fd_set *writeset) +@@ -509,7 +525,7 @@ process_output(fd_set *writeset) } /* Send any buffered packet data to the client. */ if (FD_ISSET(connection_out, writeset)) @@ -1213,7 +1174,7 @@ index 19b84ff..38d8bdc 100644 } /* -@@ -820,8 +836,10 @@ server_loop2(Authctxt *authctxt) +@@ -826,8 +842,10 @@ server_loop2(Authctxt *authctxt) { fd_set *readset = NULL, *writeset = NULL; int rekeying = 0, max_fd, nalloc = 0; @@ -1224,7 +1185,7 @@ index 19b84ff..38d8bdc 100644 mysignal(SIGCHLD, sigchld_handler); child_terminated = 0; -@@ -883,6 +901,11 @@ server_loop2(Authctxt *authctxt) +@@ -889,6 +907,11 @@ server_loop2(Authctxt *authctxt) /* free remaining sessions, e.g. remove wtmp entries */ session_destroy_all(NULL); @@ -1236,7 +1197,7 @@ index 19b84ff..38d8bdc 100644 } static void -@@ -998,8 +1021,12 @@ server_request_tun(void) +@@ -1004,8 +1027,12 @@ server_request_tun(void) sock = tun_open(tun, mode); if (sock < 0) goto done; @@ -1249,7 +1210,7 @@ index 19b84ff..38d8bdc 100644 c->datagram = 1; #if defined(SSH_TUN_FILTER) if (mode == SSH_TUNMODE_POINTOPOINT) -@@ -1035,6 +1062,8 @@ server_request_session(void) +@@ -1041,6 +1068,8 @@ server_request_session(void) c = channel_new("session", SSH_CHANNEL_LARVAL, -1, -1, -1, /*window size*/0, CHAN_SES_PACKET_DEFAULT, 0, "server-session", 1); @@ -1259,7 +1220,7 @@ index 19b84ff..38d8bdc 100644 debug("session open failed, free channel %d", c->self); channel_free(c); diff --git a/session.c b/session.c -index 6a70400..4ffffe0 100644 +index 65bf287..c74f655 100644 --- a/session.c +++ b/session.c @@ -236,6 +236,7 @@ auth_input_request_forwarding(struct passwd * pw) @@ -1288,10 +1249,10 @@ index 6a70400..4ffffe0 100644 /* diff --git a/sftp.1 b/sftp.1 -index eb88014..afb092b 100644 +index bcb4721..284d618 100644 --- a/sftp.1 +++ b/sftp.1 -@@ -245,7 +245,8 @@ diagnostic messages from +@@ -247,7 +247,8 @@ diagnostic messages from Specify how many requests may be outstanding at any one time. Increasing this may slightly improve file transfer speed but will increase memory usage. @@ -1302,7 +1263,7 @@ index eb88014..afb092b 100644 Recursively copy entire directories when uploading and downloading. Note that diff --git a/sftp.c b/sftp.c -index ab667f5..f87d5fb 100644 +index 235c6ad..bae79f2 100644 --- a/sftp.c +++ b/sftp.c @@ -69,7 +69,7 @@ typedef void EditLine; @@ -1315,10 +1276,10 @@ index ab667f5..f87d5fb 100644 /* File to read commands from */ FILE* infile; diff --git a/ssh.c b/ssh.c -index c717dcf..6b71bf2 100644 +index 3f61eb0..62f56de 100644 --- a/ssh.c +++ b/ssh.c -@@ -577,6 +577,10 @@ main(int ac, char **av) +@@ -579,6 +579,10 @@ main(int ac, char **av) break; case 'T': options.request_tty = REQUEST_TTY_NO; @@ -1329,7 +1290,7 @@ index c717dcf..6b71bf2 100644 break; case 'o': dummy = 1; -@@ -1362,6 +1366,9 @@ ssh_session2_open(void) +@@ -1372,6 +1376,9 @@ ssh_session2_open(void) { Channel *c; int window, packetmax, in, out, err; @@ -1339,7 +1300,7 @@ index c717dcf..6b71bf2 100644 if (stdin_null_flag) { in = open(_PATH_DEVNULL, O_RDONLY); -@@ -1382,9 +1389,74 @@ ssh_session2_open(void) +@@ -1392,9 +1399,74 @@ ssh_session2_open(void) if (!isatty(err)) set_nonblock(err); @@ -1415,7 +1376,7 @@ index c717dcf..6b71bf2 100644 window >>= 1; packetmax >>= 1; } -@@ -1393,6 +1465,10 @@ ssh_session2_open(void) +@@ -1403,6 +1475,10 @@ ssh_session2_open(void) window, packetmax, CHAN_EXTENDED_WRITE, "client-session", /*nonblock*/0); @@ -1491,7 +1452,7 @@ index 0ee7266..f90cbe2 100644 != strlen(buf)) fatal("write: %.100s", strerror(errno)); diff --git a/sshconnect2.c b/sshconnect2.c -index c24b202..551ad20 100644 +index 7c369d7..0b02824 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -81,6 +81,12 @@ @@ -1537,7 +1498,7 @@ index c24b202..551ad20 100644 } diff --git a/sshd.c b/sshd.c -index cc10395..d873edb 100644 +index 9aff5e8..a42dea8 100644 --- a/sshd.c +++ b/sshd.c @@ -138,6 +138,9 @@ int deny_severity; @@ -1550,16 +1511,16 @@ index cc10395..d873edb 100644 extern char *__progname; /* Server configuration options. */ -@@ -419,7 +422,7 @@ sshd_exchange_identification(int sock_in, int sock_out) - minor = PROTOCOL_MINOR_1; +@@ -421,7 +424,7 @@ sshd_exchange_identification(int sock_in, int sock_out) } - snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", major, minor, -- SSH_VERSION, newline); -+ SSH_RELEASE, newline); - server_version_string = xstrdup(buf); - /* Send our protocol version identification. */ -@@ -470,6 +473,9 @@ sshd_exchange_identification(int sock_in, int sock_out) + xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s", +- major, minor, SSH_VERSION, ++ major, minor, SSH_RELEASE, + *options.version_addendum == '\0' ? "" : " ", + options.version_addendum, newline); + +@@ -473,6 +476,9 @@ sshd_exchange_identification(int sock_in, int sock_out) } debug("Client protocol version %d.%d; client software version %.100s", remote_major, remote_minor, remote_version); @@ -1569,7 +1530,7 @@ index cc10395..d873edb 100644 compat_datafellows(remote_version); -@@ -1023,6 +1029,8 @@ server_listen(void) +@@ -1029,6 +1035,8 @@ server_listen(void) int ret, listen_sock, on = 1; struct addrinfo *ai; char ntop[NI_MAXHOST], strport[NI_MAXSERV]; @@ -1578,7 +1539,7 @@ index cc10395..d873edb 100644 for (ai = options.listen_addrs; ai; ai = ai->ai_next) { if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) -@@ -1063,6 +1071,11 @@ server_listen(void) +@@ -1069,6 +1077,11 @@ server_listen(void) debug("Bind to port %s on %s.", strport, ntop); @@ -1590,7 +1551,7 @@ index cc10395..d873edb 100644 /* Bind the socket to the desired port. */ if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) { error("Bind to port %s on %s failed: %.200s.", -@@ -1944,6 +1957,9 @@ main(int ac, char **av) +@@ -1938,6 +1951,9 @@ main(int ac, char **av) /* Log the connection. */ verbose("Connection from %.500s port %d", remote_ip, remote_port); @@ -1600,7 +1561,7 @@ index cc10395..d873edb 100644 /* * We don't want to listen forever unless the other side * successfully authenticates itself. So we set up an alarm which is -@@ -2300,9 +2316,15 @@ do_ssh2_kex(void) +@@ -2294,9 +2310,15 @@ do_ssh2_kex(void) { Kex *kex; @@ -1617,10 +1578,10 @@ index cc10395..d873edb 100644 myproposal[PROPOSAL_ENC_ALGS_CTOS] = compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]); diff --git a/sshd_config b/sshd_config -index 473e866..41bd4a3 100644 +index 9424ee2..04f51d6 100644 --- a/sshd_config +++ b/sshd_config -@@ -114,6 +114,20 @@ AuthorizedKeysFile .ssh/authorized_keys +@@ -117,6 +117,20 @@ UsePrivilegeSeparation sandbox # Default for new installations. # override default of no subsystems Subsystem sftp /usr/libexec/sftp-server @@ -1642,16 +1603,13 @@ index 473e866..41bd4a3 100644 #Match User anoncvs # X11Forwarding no diff --git a/version.h b/version.h -index 6a1acb3..a6a5b32 100644 +index 76adaaf..44172ac 100644 --- a/version.h +++ b/version.h @@ -3,4 +3,5 @@ - #define SSH_VERSION "OpenSSH_5.9" + #define SSH_VERSION "OpenSSH_6.1" #define SSH_PORTABLE "p1" -#define SSH_RELEASE SSH_VERSION SSH_PORTABLE +#define SSH_HPN "-hpn13v11" +#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN --- -1.7.7.3 - diff --git a/main/openssh/openssh6.0-peaktput.diff b/main/openssh/openssh-peaktput.diff index b376433d8..b376433d8 100644 --- a/main/openssh/openssh6.0-peaktput.diff +++ b/main/openssh/openssh-peaktput.diff |