Pour Ubuntu il faut vérifier aussi lucid-updates.
[sftp.git] / openssh-5.3p1-hpn13v7.diff.auf-patch
CommitLineData
ac22828a
NC
1--- openssh-5.3p1-hpn13v7.diff.orig 2012-11-13 16:50:13.483128779 -0500
2+++ openssh-5.3p1-hpn13v7.diff.auf 2012-11-13 18:24:09.482929432 -0500
3@@ -1,6 +1,6 @@
4 diff -NupwB canonincal/HPN-README kitchen_sink-done/HPN-README
5 --- canonincal/HPN-README 1969-12-31 19:00:00.000000000 -0500
6-+++ kitchen_sink-done/HPN-README 2010-01-06 11:56:40.000000000 -0500
7++++ kitchen_sink-done/HPN-README 2012-11-13 18:07:14.134965345 -0500
8 @@ -0,0 +1,128 @@
9 +Notes:
10 +
11@@ -131,9 +131,9 @@
12 + by Cisco System, Inc., the National Library of Medicine,
13 + and the National Science Foundation.
14 diff -NupwB canonincal/Makefile.in kitchen_sink-done/Makefile.in
15---- canonincal/Makefile.in 2009-08-27 20:47:38.000000000 -0400
16-+++ kitchen_sink-done/Makefile.in 2010-01-06 11:56:40.000000000 -0500
17-@@ -43,7 +43,7 @@ CC=@CC@
18+--- canonincal/Makefile.in 2012-11-13 18:06:35.000000000 -0500
19++++ kitchen_sink-done/Makefile.in 2012-11-13 18:07:14.134965345 -0500
20+@@ -45,7 +45,7 @@ CC=@CC@
21 LD=@LD@
22 CFLAGS=@CFLAGS@
23 CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
24@@ -142,7 +142,7 @@
25 SSHDLIBS=@SSHDLIBS@
26 LIBEDIT=@LIBEDIT@
27 AR=@AR@
28-@@ -64,7 +64,7 @@ TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-a
29+@@ -66,7 +66,7 @@ TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-a
30
31 LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o bufbn.o buffer.o \
32 canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \
33@@ -152,8 +152,8 @@
34 log.o match.o md-sha256.o moduli.o nchan.o packet.o \
35 readpass.o rsa.o ttymodes.o xmalloc.o addrmatch.o \
36 diff -NupwB canonincal/auth2.c kitchen_sink-done/auth2.c
37---- canonincal/auth2.c 2009-06-22 02:11:07.000000000 -0400
38-+++ kitchen_sink-done/auth2.c 2010-01-06 11:56:40.000000000 -0500
39+--- canonincal/auth2.c 2012-11-13 18:06:35.000000000 -0500
40++++ kitchen_sink-done/auth2.c 2012-11-13 18:07:14.138965345 -0500
41 @@ -49,6 +49,7 @@
42 #include "dispatch.h"
43 #include "pathnames.h"
44@@ -162,7 +162,7 @@
45
46 #ifdef GSSAPI
47 #include "ssh-gss.h"
48-@@ -75,6 +76,9 @@ extern Authmethod method_gssapi;
49+@@ -76,6 +77,9 @@ extern Authmethod method_gssapi;
50 extern Authmethod method_jpake;
51 #endif
52
53@@ -172,7 +172,7 @@
54 Authmethod *authmethods[] = {
55 &method_none,
56 &method_pubkey,
57-@@ -225,6 +229,11 @@ input_userauth_request(int type, u_int32
58+@@ -227,6 +231,11 @@ input_userauth_request(int type, u_int32
59 service = packet_get_string(NULL);
60 method = packet_get_string(NULL);
61 debug("userauth-request for user %s service %s method %s", user, service, method);
62@@ -183,10 +183,10 @@
63 + }
64 debug("attempt %d failures %d", authctxt->attempt, authctxt->failures);
65
66- if ((style = strchr(user, ':')) != NULL)
67+ if ((role = strchr(user, '/')) != NULL)
68 diff -NupwB canonincal/buffer.c kitchen_sink-done/buffer.c
69 --- canonincal/buffer.c 2006-08-04 22:39:39.000000000 -0400
70-+++ kitchen_sink-done/buffer.c 2010-01-06 11:56:40.000000000 -0500
71++++ kitchen_sink-done/buffer.c 2012-11-13 18:07:14.138965345 -0500
72 @@ -127,7 +127,7 @@ restart:
73
74 /* Increase the size of the buffer and retry. */
75@@ -198,7 +198,7 @@
76 buffer->buf = xrealloc(buffer->buf, 1, newlen);
77 diff -NupwB canonincal/buffer.h kitchen_sink-done/buffer.h
78 --- canonincal/buffer.h 2008-05-19 00:59:37.000000000 -0400
79-+++ kitchen_sink-done/buffer.h 2010-01-06 11:56:40.000000000 -0500
80++++ kitchen_sink-done/buffer.h 2012-11-13 18:07:14.138965345 -0500
81 @@ -16,6 +16,9 @@
82 #ifndef BUFFER_H
83 #define BUFFER_H
84@@ -210,8 +210,8 @@
85 u_char *buf; /* Buffer for data. */
86 u_int alloc; /* Number of bytes allocated for data. */
87 diff -NupwB canonincal/channels.c kitchen_sink-done/channels.c
88---- canonincal/channels.c 2009-08-27 21:02:37.000000000 -0400
89-+++ kitchen_sink-done/channels.c 2010-01-06 11:56:40.000000000 -0500
90+--- canonincal/channels.c 2012-11-13 18:06:35.000000000 -0500
91++++ kitchen_sink-done/channels.c 2012-11-13 18:07:14.138965345 -0500
92 @@ -169,8 +169,14 @@ static void port_open_helper(Channel *c,
93 static int connect_next(struct channel_connect *);
94 static void channel_connect_ctx_free(struct channel_connect *);
95@@ -374,7 +374,7 @@
96 c->path = xstrdup(host);
97 c->host_port = port_to_connect;
98 c->listening_port = listen_port;
99-@@ -3153,10 +3208,17 @@ x11_create_display_inet(int x11_display_
100+@@ -3157,10 +3212,17 @@ x11_create_display_inet(int x11_display_
101 *chanids = xcalloc(num_socks + 1, sizeof(**chanids));
102 for (n = 0; n < num_socks; n++) {
103 sock = socks[n];
104@@ -394,7 +394,7 @@
105 }
106 diff -NupwB canonincal/channels.h kitchen_sink-done/channels.h
107 --- canonincal/channels.h 2009-02-14 00:28:21.000000000 -0500
108-+++ kitchen_sink-done/channels.h 2010-01-06 11:56:40.000000000 -0500
109++++ kitchen_sink-done/channels.h 2012-11-13 18:07:14.138965345 -0500
110 @@ -115,8 +115,10 @@ struct Channel {
111 u_int local_window_max;
112 u_int local_consumed;
113@@ -439,7 +439,7 @@
114 #endif
115 diff -NupwB canonincal/cipher-ctr-mt.c kitchen_sink-done/cipher-ctr-mt.c
116 --- canonincal/cipher-ctr-mt.c 1969-12-31 19:00:00.000000000 -0500
117-+++ kitchen_sink-done/cipher-ctr-mt.c 2010-01-06 11:56:40.000000000 -0500
118++++ kitchen_sink-done/cipher-ctr-mt.c 2012-11-13 18:07:14.138965345 -0500
119 @@ -0,0 +1,473 @@
120 +/*
121 + * OpenSSH Multi-threaded AES-CTR Cipher
122@@ -916,7 +916,7 @@
123 +}
124 diff -NupwB canonincal/cipher.c kitchen_sink-done/cipher.c
125 --- canonincal/cipher.c 2009-01-28 00:38:41.000000000 -0500
126-+++ kitchen_sink-done/cipher.c 2010-01-06 11:56:40.000000000 -0500
127++++ kitchen_sink-done/cipher.c 2012-11-13 18:07:14.138965345 -0500
128 @@ -55,6 +55,7 @@ extern const EVP_CIPHER *evp_ssh1_bf(voi
129 extern const EVP_CIPHER *evp_ssh1_3des(void);
130 extern void ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int);
131@@ -965,9 +965,9 @@
132 case SSH_CIPHER_DES:
133 case SSH_CIPHER_BLOWFISH:
134 diff -NupwB canonincal/clientloop.c kitchen_sink-done/clientloop.c
135---- canonincal/clientloop.c 2009-08-27 21:21:07.000000000 -0400
136-+++ kitchen_sink-done/clientloop.c 2010-01-06 11:56:40.000000000 -0500
137-@@ -1697,9 +1697,15 @@ client_request_x11(const char *request_t
138+--- canonincal/clientloop.c 2012-11-13 18:06:35.000000000 -0500
139++++ kitchen_sink-done/clientloop.c 2012-11-13 18:07:14.138965345 -0500
140+@@ -1717,9 +1717,15 @@ client_request_x11(const char *request_t
141 sock = x11_connect_display();
142 if (sock < 0)
143 return NULL;
144@@ -983,7 +983,7 @@
145 c->force_drain = 1;
146 return c;
147 }
148-@@ -1719,9 +1725,15 @@ client_request_agent(const char *request
149+@@ -1739,9 +1745,15 @@ client_request_agent(const char *request
150 sock = ssh_get_authentication_socket();
151 if (sock < 0)
152 return NULL;
153@@ -1000,7 +1000,7 @@
154 "authentication agent connection", 1);
155 c->force_drain = 1;
156 return c;
157-@@ -1749,10 +1761,18 @@ client_request_tun_fwd(int tun_mode, int
158+@@ -1769,10 +1781,18 @@ client_request_tun_fwd(int tun_mode, int
159 return -1;
160 }
161
162@@ -1022,7 +1022,7 @@
163 channel_register_filter(c->self, sys_tun_infilter,
164 diff -NupwB canonincal/compat.c kitchen_sink-done/compat.c
165 --- canonincal/compat.c 2008-11-03 03:20:14.000000000 -0500
166-+++ kitchen_sink-done/compat.c 2010-01-06 11:56:40.000000000 -0500
167++++ kitchen_sink-done/compat.c 2012-11-13 18:07:14.138965345 -0500
168 @@ -170,6 +170,15 @@ compat_datafellows(const char *version)
169 strlen(check[i].pat), 0) == 1) {
170 debug("match: %s pat %s", version, check[i].pat);
171@@ -1041,7 +1041,7 @@
172 }
173 diff -NupwB canonincal/compat.h kitchen_sink-done/compat.h
174 --- canonincal/compat.h 2008-11-03 03:20:14.000000000 -0500
175-+++ kitchen_sink-done/compat.h 2010-01-06 11:56:40.000000000 -0500
176++++ kitchen_sink-done/compat.h 2012-11-13 18:07:14.142965345 -0500
177 @@ -58,6 +58,7 @@
178 #define SSH_OLD_FORWARD_ADDR 0x01000000
179 #define SSH_BUG_RFWD_ADDR 0x02000000
180@@ -1051,18 +1051,19 @@
181 void enable_compat13(void);
182 void enable_compat20(void);
183 Common subdirectories: canonincal/contrib and kitchen_sink-done/contrib
184+Common subdirectories: canonincal/debian and kitchen_sink-done/debian
185 diff -NupwB canonincal/kex.c kitchen_sink-done/kex.c
186---- canonincal/kex.c 2009-06-21 04:15:25.000000000 -0400
187-+++ kitchen_sink-done/kex.c 2010-01-06 11:56:40.000000000 -0500
188+--- canonincal/kex.c 2012-11-13 18:06:35.000000000 -0500
189++++ kitchen_sink-done/kex.c 2012-11-13 18:07:14.142965345 -0500
190 @@ -48,6 +48,7 @@
191 #include "match.h"
192 #include "dispatch.h"
193 #include "monitor.h"
194 +#include "canohost.h"
195
196- #if OPENSSL_VERSION_NUMBER >= 0x00907000L
197- # if defined(HAVE_EVP_SHA256)
198-@@ -62,7 +63,8 @@ static void kex_kexinit_finish(Kex *);
199+ #ifdef GSSAPI
200+ #include "ssh-gss.h"
201+@@ -66,7 +67,8 @@ static void kex_kexinit_finish(Kex *);
202 static void kex_choose_conf(Kex *);
203
204 /* put algorithm proposal into buffer */
205@@ -1072,7 +1073,7 @@
206 kex_prop2buf(Buffer *b, char *proposal[PROPOSAL_MAX])
207 {
208 u_int i;
209-@@ -374,6 +376,13 @@ kex_choose_conf(Kex *kex)
210+@@ -392,6 +394,13 @@ kex_choose_conf(Kex *kex)
211 int nenc, nmac, ncomp;
212 u_int mode, ctos, need;
213 int first_kex_follows, type;
214@@ -1086,7 +1087,7 @@
215
216 my = kex_buf2prop(&kex->my, NULL);
217 peer = kex_buf2prop(&kex->peer, &first_kex_follows);
218-@@ -398,11 +407,34 @@ kex_choose_conf(Kex *kex)
219+@@ -416,11 +425,34 @@ kex_choose_conf(Kex *kex)
220 choose_enc (&newkeys->enc, cprop[nenc], sprop[nenc]);
221 choose_mac (&newkeys->mac, cprop[nmac], sprop[nmac]);
222 choose_comp(&newkeys->comp, cprop[ncomp], sprop[ncomp]);
223@@ -1122,9 +1123,9 @@
224 choose_kex(kex, cprop[PROPOSAL_KEX_ALGS], sprop[PROPOSAL_KEX_ALGS]);
225 choose_hostkeyalg(kex, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS],
226 diff -NupwB canonincal/kex.h kitchen_sink-done/kex.h
227---- canonincal/kex.h 2009-06-21 04:15:25.000000000 -0400
228-+++ kitchen_sink-done/kex.h 2010-01-06 11:56:40.000000000 -0500
229-@@ -129,6 +129,8 @@ struct Kex {
230+--- canonincal/kex.h 2012-11-13 18:06:35.000000000 -0500
231++++ kitchen_sink-done/kex.h 2012-11-13 18:07:14.142965345 -0500
232+@@ -138,6 +138,8 @@ struct Kex {
233 void (*kex[KEX_MAX])(Kex *);
234 };
235
236@@ -1135,7 +1136,7 @@
237
238 diff -NupwB canonincal/myproposal.h kitchen_sink-done/myproposal.h
239 --- canonincal/myproposal.h 2009-01-28 00:33:31.000000000 -0500
240-+++ kitchen_sink-done/myproposal.h 2010-01-06 11:56:40.000000000 -0500
241++++ kitchen_sink-done/myproposal.h 2012-11-13 18:07:14.142965345 -0500
242 @@ -47,6 +47,8 @@
243 "arcfour256,arcfour128," \
244 "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \
245@@ -1148,7 +1149,7 @@
246 Common subdirectories: canonincal/openbsd-compat and kitchen_sink-done/openbsd-compat
247 diff -NupwB canonincal/packet.c kitchen_sink-done/packet.c
248 --- canonincal/packet.c 2009-09-26 00:54:00.000000000 -0400
249-+++ kitchen_sink-done/packet.c 2010-01-06 16:14:53.000000000 -0500
250++++ kitchen_sink-done/packet.c 2012-11-13 18:07:14.142965345 -0500
251 @@ -835,7 +835,7 @@ packet_enable_delayed_compress(void)
252 /*
253 * Finalize packet in SSH2 format (compress, mac, encrypt, enqueue)
254@@ -1287,7 +1288,7 @@
255 +}
256 diff -NupwB canonincal/packet.h kitchen_sink-done/packet.h
257 --- canonincal/packet.h 2009-07-05 17:11:13.000000000 -0400
258-+++ kitchen_sink-done/packet.h 2010-01-06 14:04:18.000000000 -0500
259++++ kitchen_sink-done/packet.h 2012-11-13 18:07:14.142965345 -0500
260 @@ -20,6 +20,9 @@
261
262 #include <openssl/bn.h>
263@@ -1324,9 +1325,10 @@
264 void packet_write_wait(void);
265 int packet_have_data_to_write(void);
266 int packet_not_very_much_data_to_write(void);
267+Common subdirectories: canonincal/.pc and kitchen_sink-done/.pc
268 diff -NupwB canonincal/progressmeter.c kitchen_sink-done/progressmeter.c
269 --- canonincal/progressmeter.c 2006-08-04 22:39:40.000000000 -0400
270-+++ kitchen_sink-done/progressmeter.c 2010-01-06 11:56:40.000000000 -0500
271++++ kitchen_sink-done/progressmeter.c 2012-11-13 18:07:14.142965345 -0500
272 @@ -68,6 +68,8 @@ static time_t last_update; /* last progr
273 static char *file; /* name of the file being transferred */
274 static off_t end_pos; /* ending position of transfer */
275@@ -1398,18 +1400,18 @@
276
277 /*ARGSUSED*/
278 diff -NupwB canonincal/readconf.c kitchen_sink-done/readconf.c
279---- canonincal/readconf.c 2009-07-05 17:12:27.000000000 -0400
280-+++ kitchen_sink-done/readconf.c 2010-01-06 12:00:28.000000000 -0500
281-@@ -131,6 +131,8 @@ typedef enum {
282- oSendEnv, oControlPath, oControlMaster, oHashKnownHosts,
283+--- canonincal/readconf.c 2012-11-13 18:06:35.000000000 -0500
284++++ kitchen_sink-done/readconf.c 2012-11-13 18:07:14.146965345 -0500
285+@@ -136,6 +136,8 @@ typedef enum {
286 oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
287 oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication,
288+ oProtocolKeepAlives, oSetupTimeOut,
289 + oNoneEnabled, oTcpRcvBufPoll, oTcpRcvBuf, oNoneSwitch, oHPNDisabled,
290 + oHPNBufferSize,
291 oDeprecated, oUnsupported
292 } OpCodes;
293
294-@@ -235,6 +237,12 @@ static struct {
295+@@ -249,6 +251,12 @@ static struct {
296 #else
297 { "zeroknowledgepasswordauthentication", oUnsupported },
298 #endif
299@@ -1419,10 +1421,10 @@
300 + { "noneswitch", oNoneSwitch },
301 + { "hpndisabled", oHPNDisabled },
302 + { "hpnbuffersize", oHPNBufferSize },
303+ { "protocolkeepalives", oProtocolKeepAlives },
304+ { "setuptimeout", oSetupTimeOut },
305
306- { NULL, oBadOption }
307- };
308-@@ -466,6 +474,37 @@ parse_flag:
309+@@ -502,6 +510,37 @@ parse_flag:
310 intptr = &options->check_host_ip;
311 goto parse_flag;
312
313@@ -1460,7 +1462,7 @@
314 case oVerifyHostKeyDNS:
315 intptr = &options->verify_host_key_dns;
316 goto parse_yesnoask;
317-@@ -644,6 +683,10 @@ parse_int:
318+@@ -680,6 +719,10 @@ parse_int:
319 intptr = &options->connection_attempts;
320 goto parse_int;
321
322@@ -1471,7 +1473,7 @@
323 case oCipher:
324 intptr = &options->cipher;
325 arg = strdelim(&s);
326-@@ -1071,6 +1114,12 @@ initialize_options(Options * options)
327+@@ -1133,6 +1176,12 @@ initialize_options(Options * options)
328 options->use_roaming = -1;
329 options->visual_host_key = -1;
330 options->zero_knowledge_password_authentication = -1;
331@@ -1484,8 +1486,8 @@
332 }
333
334 /*
335-@@ -1193,6 +1242,29 @@ fill_default_options(Options * options)
336- options->server_alive_interval = 0;
337+@@ -1268,6 +1317,29 @@ fill_default_options(Options * options)
338+ }
339 if (options->server_alive_count_max == -1)
340 options->server_alive_count_max = 3;
341 + if (options->none_switch == -1)
342@@ -1515,9 +1517,9 @@
343 options->control_master = 0;
344 if (options->hash_known_hosts == -1)
345 diff -NupwB canonincal/readconf.h kitchen_sink-done/readconf.h
346---- canonincal/readconf.h 2009-07-05 17:12:27.000000000 -0400
347-+++ kitchen_sink-done/readconf.h 2010-01-06 11:56:44.000000000 -0500
348-@@ -57,6 +57,11 @@ typedef struct {
349+--- canonincal/readconf.h 2012-11-13 18:06:35.000000000 -0500
350++++ kitchen_sink-done/readconf.h 2012-11-13 18:07:14.146965345 -0500
351+@@ -62,6 +62,11 @@ typedef struct {
352 int compression_level; /* Compression level 1 (fast) to 9
353 * (best). */
354 int tcp_keep_alive; /* Set SO_KEEPALIVE. */
355@@ -1529,7 +1531,7 @@
356 LogLevel log_level; /* Level for logging. */
357
358 int port; /* Port to connect. */
359-@@ -102,6 +107,8 @@ typedef struct {
360+@@ -107,6 +112,8 @@ typedef struct {
361
362 int enable_ssh_keysign;
363 int64_t rekey_limit;
364@@ -1538,12 +1540,10 @@
365 int no_host_authentication_for_localhost;
366 int identities_only;
367 int server_alive_interval;
368-Common subdirectories: canonincal/regress and kitchen_sink-done/regress
369-Common subdirectories: canonincal/scard and kitchen_sink-done/scard
370 diff -NupwB canonincal/scp.c kitchen_sink-done/scp.c
371---- canonincal/scp.c 2008-11-03 03:23:45.000000000 -0500
372-+++ kitchen_sink-done/scp.c 2010-01-06 11:56:44.000000000 -0500
373-@@ -632,7 +632,7 @@ source(int argc, char **argv)
374+--- canonincal/scp.c 2012-11-13 18:06:35.000000000 -0500
375++++ kitchen_sink-done/scp.c 2012-11-13 18:07:14.146965345 -0500
376+@@ -640,7 +640,7 @@ source(int argc, char **argv)
377 off_t i, statbytes;
378 size_t amt;
379 int fd = -1, haderr, indx;
380@@ -1552,7 +1552,7 @@
381 int len;
382
383 for (indx = 0; indx < argc; ++indx) {
384-@@ -868,7 +868,7 @@ sink(int argc, char **argv)
385+@@ -876,7 +876,7 @@ sink(int argc, char **argv)
386 mode_t mode, omode, mask;
387 off_t size, statbytes;
388 int setimes, targisdir, wrerrno = 0;
389@@ -1562,12 +1562,12 @@
390
391 #define atime tv[0]
392 diff -NupwB canonincal/servconf.c kitchen_sink-done/servconf.c
393---- canonincal/servconf.c 2009-06-21 06:26:17.000000000 -0400
394-+++ kitchen_sink-done/servconf.c 2010-01-06 11:56:44.000000000 -0500
395-@@ -128,11 +128,20 @@ initialize_server_options(ServerOptions
396- options->adm_forced_command = NULL;
397+--- canonincal/servconf.c 2012-11-13 18:06:35.000000000 -0500
398++++ kitchen_sink-done/servconf.c 2012-11-13 18:07:14.150965345 -0500
399+@@ -133,11 +133,20 @@ initialize_server_options(ServerOptions
400 options->chroot_directory = NULL;
401 options->zero_knowledge_password_authentication = -1;
402+ options->debian_banner = -1;
403 + options->none_enabled = -1;
404 + options->tcp_rcv_buf_poll = -1;
405 + options->hpn_disabled = -1;
406@@ -1585,9 +1585,9 @@
407 /* Portable-specific options */
408 if (options->use_pam == -1)
409 options->use_pam = 0;
410-@@ -262,6 +271,42 @@ fill_default_server_options(ServerOption
411- if (options->zero_knowledge_password_authentication == -1)
412- options->zero_knowledge_password_authentication = 0;
413+@@ -277,6 +286,42 @@ fill_default_server_options(ServerOption
414+ if (options->debian_banner == -1)
415+ options->debian_banner = 1;
416
417 + if (options->hpn_disabled == -1)
418 + options->hpn_disabled = 0;
419@@ -1628,18 +1628,18 @@
420 /* Turn privilege separation on by default */
421 if (use_privsep == -1)
422 use_privsep = 1;
423-@@ -306,6 +351,7 @@ typedef enum {
424- sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
425+@@ -324,6 +369,7 @@ typedef enum {
426 sUsePrivilegeSeparation, sAllowAgentForwarding,
427 sZeroKnowledgePasswordAuthentication,
428+ sDebianBanner,
429 + sNoneEnabled, sTcpRcvBufPoll, sHPNDisabled, sHPNBufferSize,
430 sDeprecated, sUnsupported
431 } ServerOpCodes;
432
433-@@ -424,6 +470,10 @@ static struct {
434- { "permitopen", sPermitOpen, SSHCFG_ALL },
435+@@ -454,6 +500,10 @@ static struct {
436 { "forcecommand", sForceCommand, SSHCFG_ALL },
437 { "chrootdirectory", sChrootDirectory, SSHCFG_ALL },
438+ { "debianbanner", sDebianBanner, SSHCFG_GLOBAL },
439 + { "noneenabled", sNoneEnabled },
440 + { "hpndisabled", sHPNDisabled },
441 + { "hpnbuffersize", sHPNBufferSize },
442@@ -1647,7 +1647,7 @@
443 { NULL, sBadOption, 0 }
444 };
445
446-@@ -450,6 +500,7 @@ parse_token(const char *cp, const char *
447+@@ -480,6 +530,7 @@ parse_token(const char *cp, const char *
448
449 for (i = 0; keywords[i].name; i++)
450 if (strcasecmp(cp, keywords[i].name) == 0) {
451@@ -1655,7 +1655,7 @@
452 *flags = keywords[i].flags;
453 return keywords[i].opcode;
454 }
455-@@ -847,6 +898,22 @@ process_server_config_line(ServerOptions
456+@@ -877,6 +928,22 @@ process_server_config_line(ServerOptions
457 *intptr = value;
458 break;
459
460@@ -1679,9 +1679,9 @@
461 intptr = &options->ignore_user_known_hosts;
462 goto parse_flag;
463 diff -NupwB canonincal/servconf.h kitchen_sink-done/servconf.h
464---- canonincal/servconf.h 2009-01-28 00:31:23.000000000 -0500
465-+++ kitchen_sink-done/servconf.h 2010-01-06 11:56:44.000000000 -0500
466-@@ -145,6 +145,10 @@ typedef struct {
467+--- canonincal/servconf.h 2012-11-13 18:06:35.000000000 -0500
468++++ kitchen_sink-done/servconf.h 2012-11-13 18:07:14.150965345 -0500
469+@@ -149,6 +149,10 @@ typedef struct {
470 char *adm_forced_command;
471
472 int use_pam; /* Enable auth via PAM */
473@@ -1693,8 +1693,8 @@
474 int permit_tun;
475
476 diff -NupwB canonincal/serverloop.c kitchen_sink-done/serverloop.c
477---- canonincal/serverloop.c 2009-09-08 21:07:28.000000000 -0400
478-+++ kitchen_sink-done/serverloop.c 2010-01-06 11:56:44.000000000 -0500
479+--- canonincal/serverloop.c 2012-11-13 18:06:35.000000000 -0500
480++++ kitchen_sink-done/serverloop.c 2012-11-13 18:07:14.150965345 -0500
481 @@ -94,10 +94,10 @@ static int fdin; /* Descriptor for stdi
482 static int fdout; /* Descriptor for stdout (for reading);
483 May be same number as fdin. */
484@@ -1802,9 +1802,9 @@
485 debug("session open failed, free channel %d", c->self);
486 channel_free(c);
487 diff -NupwB canonincal/session.c kitchen_sink-done/session.c
488---- canonincal/session.c 2009-08-20 02:20:50.000000000 -0400
489-+++ kitchen_sink-done/session.c 2010-01-06 11:56:44.000000000 -0500
490-@@ -230,6 +230,7 @@ auth_input_request_forwarding(struct pas
491+--- canonincal/session.c 2012-11-13 18:06:35.000000000 -0500
492++++ kitchen_sink-done/session.c 2012-11-13 18:07:14.150965345 -0500
493+@@ -231,6 +231,7 @@ auth_input_request_forwarding(struct pas
494 }
495
496 /* Allocate a channel for the authentication agent socket. */
497@@ -1812,7 +1812,7 @@
498 nc = channel_new("auth socket",
499 SSH_CHANNEL_AUTH_SOCKET, sock, sock, -1,
500 CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
501-@@ -2295,10 +2296,16 @@ session_set_fds(Session *s, int fdin, in
502+@@ -2304,10 +2305,16 @@ session_set_fds(Session *s, int fdin, in
503 */
504 if (s->chanid == -1)
505 fatal("no channel for session %d", s->self);
506@@ -1831,7 +1831,7 @@
507 /*
508 diff -NupwB canonincal/sftp.1 kitchen_sink-done/sftp.1
509 --- canonincal/sftp.1 2009-01-28 00:14:09.000000000 -0500
510-+++ kitchen_sink-done/sftp.1 2010-01-06 11:56:44.000000000 -0500
511++++ kitchen_sink-done/sftp.1 2012-11-13 18:07:14.150965345 -0500
512 @@ -203,7 +203,8 @@ This option may be useful in debugging t
513 Specify how many requests may be outstanding at any one time.
514 Increasing this may slightly improve file transfer speed
515@@ -1844,7 +1844,7 @@
516 .Ar program
517 diff -NupwB canonincal/sftp.c kitchen_sink-done/sftp.c
518 --- canonincal/sftp.c 2009-02-14 00:26:19.000000000 -0500
519-+++ kitchen_sink-done/sftp.c 2010-01-06 11:56:44.000000000 -0500
520++++ kitchen_sink-done/sftp.c 2012-11-13 18:07:14.150965345 -0500
521 @@ -75,7 +75,7 @@ int batchmode = 0;
522 size_t copy_buffer_len = 32768;
523
524@@ -1855,9 +1855,9 @@
525 /* PID of ssh transport process */
526 static pid_t sshpid = -1;
527 diff -NupwB canonincal/ssh.c kitchen_sink-done/ssh.c
528---- canonincal/ssh.c 2009-07-05 17:16:56.000000000 -0400
529-+++ kitchen_sink-done/ssh.c 2010-01-06 11:56:44.000000000 -0500
530-@@ -494,9 +494,6 @@ main(int ac, char **av)
531+--- canonincal/ssh.c 2012-11-13 18:06:35.000000000 -0500
532++++ kitchen_sink-done/ssh.c 2012-11-13 18:07:14.154965345 -0500
533+@@ -499,9 +499,6 @@ main(int ac, char **av)
534 no_shell_flag = 1;
535 no_tty_flag = 1;
536 break;
537@@ -1867,7 +1867,7 @@
538 case 'o':
539 dummy = 1;
540 line = xstrdup(optarg);
541-@@ -505,6 +502,13 @@ main(int ac, char **av)
542+@@ -510,6 +507,13 @@ main(int ac, char **av)
543 exit(255);
544 xfree(line);
545 break;
546@@ -1881,7 +1881,7 @@
547 case 's':
548 subsystem_flag = 1;
549 break;
550-@@ -1145,6 +1149,9 @@ ssh_session2_open(void)
551+@@ -1150,6 +1154,9 @@ ssh_session2_open(void)
552 {
553 Channel *c;
554 int window, packetmax, in, out, err;
555@@ -1891,7 +1891,7 @@
556
557 if (stdin_null_flag) {
558 in = open(_PATH_DEVNULL, O_RDONLY);
559-@@ -1165,9 +1172,75 @@ ssh_session2_open(void)
560+@@ -1170,9 +1177,75 @@ ssh_session2_open(void)
561 if (!isatty(err))
562 set_nonblock(err);
563
564@@ -1968,7 +1968,7 @@
565 window >>= 1;
566 packetmax >>= 1;
567 }
568-@@ -1175,7 +1248,10 @@ ssh_session2_open(void)
569+@@ -1180,7 +1253,10 @@ ssh_session2_open(void)
570 "session", SSH_CHANNEL_OPENING, in, out, err,
571 window, packetmax, CHAN_EXTENDED_WRITE,
572 "client-session", /*nonblock*/0);
573@@ -1981,8 +1981,8 @@
574
575 channel_send_open(c->self);
576 diff -NupwB canonincal/sshconnect.c kitchen_sink-done/sshconnect.c
577---- canonincal/sshconnect.c 2009-06-21 04:53:53.000000000 -0400
578-+++ kitchen_sink-done/sshconnect.c 2010-01-06 12:02:31.000000000 -0500
579+--- canonincal/sshconnect.c 2012-11-13 18:06:35.000000000 -0500
580++++ kitchen_sink-done/sshconnect.c 2012-11-13 18:07:14.154965345 -0500
581 @@ -166,6 +166,31 @@ ssh_proxy_connect(const char *host, u_sh
582 }
583
584@@ -2034,18 +2034,9 @@
585 /* Bind the socket to an alternative local IP address */
586 if (options.bind_address == NULL)
587 return sock;
588-@@ -537,7 +568,7 @@ ssh_exchange_identification(int timeout_
589- snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s",
590- compat20 ? PROTOCOL_MAJOR_2 : PROTOCOL_MAJOR_1,
591- compat20 ? PROTOCOL_MINOR_2 : minor1,
592-- SSH_VERSION, compat20 ? "\r\n" : "\n");
593-+ SSH_RELEASE, compat20 ? "\r\n" : "\n");
594- if (roaming_atomicio(vwrite, connection_out, buf, strlen(buf))
595- != strlen(buf))
596- fatal("write: %.100s", strerror(errno));
597 diff -NupwB canonincal/sshconnect2.c kitchen_sink-done/sshconnect2.c
598---- canonincal/sshconnect2.c 2009-03-05 08:58:22.000000000 -0500
599-+++ kitchen_sink-done/sshconnect2.c 2010-01-06 11:56:44.000000000 -0500
600+--- canonincal/sshconnect2.c 2012-11-13 18:06:35.000000000 -0500
601++++ kitchen_sink-done/sshconnect2.c 2012-11-13 18:07:14.154965345 -0500
602 @@ -79,6 +79,12 @@
603 extern char *client_version_string;
604 extern char *server_version_string;
605@@ -2059,7 +2050,7 @@
606
607 /*
608 * SSH2 key exchange
609-@@ -351,6 +357,28 @@ ssh_userauth2(const char *local_user, co
610+@@ -414,6 +420,28 @@ ssh_userauth2(const char *local_user, co
611 pubkey_cleanup(&authctxt);
612 dispatch_range(SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL);
613
614@@ -2089,9 +2080,9 @@
615 }
616
617 diff -NupwB canonincal/sshd.c kitchen_sink-done/sshd.c
618---- canonincal/sshd.c 2009-06-21 06:26:17.000000000 -0400
619-+++ kitchen_sink-done/sshd.c 2010-01-06 11:56:44.000000000 -0500
620-@@ -137,6 +137,9 @@ int deny_severity;
621+--- canonincal/sshd.c 2012-11-13 18:06:35.000000000 -0500
622++++ kitchen_sink-done/sshd.c 2012-11-13 18:07:14.154965345 -0500
623+@@ -141,6 +141,9 @@ int deny_severity;
624 #define REEXEC_CONFIG_PASS_FD (STDERR_FILENO + 3)
625 #define REEXEC_MIN_FREE_FD (STDERR_FILENO + 4)
626
627@@ -2101,16 +2092,7 @@
628 extern char *__progname;
629
630 /* Server configuration options. */
631-@@ -416,7 +419,7 @@ sshd_exchange_identification(int sock_in
632- minor = PROTOCOL_MINOR_1;
633- }
634- snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", major, minor,
635-- SSH_VERSION, newline);
636-+ SSH_RELEASE, newline);
637- server_version_string = xstrdup(buf);
638-
639- /* Send our protocol version identification. */
640-@@ -467,6 +470,9 @@ sshd_exchange_identification(int sock_in
641+@@ -478,6 +481,9 @@ sshd_exchange_identification(int sock_in
642 }
643 debug("Client protocol version %d.%d; client software version %.100s",
644 remote_major, remote_minor, remote_version);
645@@ -2120,7 +2102,7 @@
646
647 compat_datafellows(remote_version);
648
649-@@ -945,6 +951,8 @@ server_listen(void)
650+@@ -981,6 +987,8 @@ server_listen(void)
651 int ret, listen_sock, on = 1;
652 struct addrinfo *ai;
653 char ntop[NI_MAXHOST], strport[NI_MAXSERV];
654@@ -2129,7 +2111,7 @@
655
656 for (ai = options.listen_addrs; ai; ai = ai->ai_next) {
657 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
658-@@ -991,6 +999,11 @@ server_listen(void)
659+@@ -1027,6 +1035,11 @@ server_listen(void)
660
661 debug("Bind to port %s on %s.", strport, ntop);
662
663@@ -2141,17 +2123,17 @@
664 /* Bind the socket to the desired port. */
665 if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) {
666 error("Bind to port %s on %s failed: %.200s.",
667-@@ -1818,6 +1831,9 @@ main(int ac, char **av)
668+@@ -1876,6 +1889,9 @@ main(int ac, char **av)
669 /* Log the connection. */
670 verbose("Connection from %.500s port %d", remote_ip, remote_port);
671
672 + /* set the HPN options for the child */
673 + channel_set_hpn(options.hpn_disabled, options.hpn_buffer_size);
674 +
675+ #ifdef USE_SECURITY_SESSION_API
676 /*
677- * We don't want to listen forever unless the other side
678- * successfully authenticates itself. So we set up an alarm which is
679-@@ -2172,9 +2188,15 @@ do_ssh2_kex(void)
680+ * Create a new security session for use by the new user login if
681+@@ -2284,9 +2300,15 @@ do_ssh2_kex(void)
682 {
683 Kex *kex;
684
685@@ -2168,9 +2150,9 @@
686 myproposal[PROPOSAL_ENC_ALGS_CTOS] =
687 compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]);
688 diff -NupwB canonincal/sshd_config kitchen_sink-done/sshd_config
689---- canonincal/sshd_config 2008-07-02 08:35:43.000000000 -0400
690-+++ kitchen_sink-done/sshd_config 2010-01-06 11:56:44.000000000 -0500
691-@@ -112,6 +112,20 @@ Protocol 2
692+--- canonincal/sshd_config 2012-11-13 18:06:35.000000000 -0500
693++++ kitchen_sink-done/sshd_config 2012-11-13 18:07:14.154965345 -0500
694+@@ -115,6 +115,20 @@ Protocol 2
695 # override default of no subsystems
696 Subsystem sftp /usr/libexec/sftp-server
697
698@@ -2192,12 +2174,15 @@
699 #Match User anoncvs
700 # X11Forwarding no
701 diff -NupwB canonincal/version.h kitchen_sink-done/version.h
702---- canonincal/version.h 2009-07-05 17:13:04.000000000 -0400
703-+++ kitchen_sink-done/version.h 2010-01-06 16:54:49.000000000 -0500
704-@@ -3,4 +3,5 @@
705+--- canonincal/version.h 2012-11-13 18:06:35.000000000 -0500
706++++ kitchen_sink-done/version.h 2012-11-13 18:07:14.154965345 -0500
707+@@ -3,7 +3,8 @@
708 #define SSH_VERSION "OpenSSH_5.3"
709
710 #define SSH_PORTABLE "p1"
711--#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
712+-#define SSH_RELEASE_MINIMUM SSH_VERSION SSH_PORTABLE
713 +#define SSH_HPN "-hpn13v7"
714-+#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN
715++#define SSH_RELEASE_MINIMUM SSH_VERSION SSH_PORTABLE SSH_HPN
716+ #ifdef SSH_EXTRAVERSION
717+ #define SSH_RELEASE SSH_RELEASE_MINIMUM " " SSH_EXTRAVERSION
718+ #else