Pour Ubuntu il faut vérifier aussi lucid-updates.
[sftp.git] / openssh-5.5p1-hpn13v9.diff.auf-patch
CommitLineData
973b5a1f
NC
1--- openssh-5.5p1-hpn13v9.diff.orig 2012-11-25 21:59:11.262388427 +0000
2+++ openssh-5.5p1-hpn13v9.diff.auf 2012-11-25 21:52:24.462402816 +0000
3@@ -1,6 +1,6 @@
4 diff -NupwB canonical-openssh5.5/auth2.c kitchensink-openssh5.5/auth2.c
5---- canonical-openssh5.5/auth2.c 2010-06-08 17:17:08.000000000 -0400
6-+++ kitchensink-openssh5.5/auth2.c 2010-06-08 17:20:56.000000000 -0400
7+--- canonical-openssh5.5/auth2.c 2012-11-25 21:46:51.000000000 +0000
8++++ kitchensink-openssh5.5/auth2.c 2012-11-25 21:46:19.000000000 +0000
9 @@ -49,6 +49,7 @@
10 #include "dispatch.h"
11 #include "pathnames.h"
12@@ -9,7 +9,7 @@
13
14 #ifdef GSSAPI
15 #include "ssh-gss.h"
16-@@ -75,6 +76,9 @@ extern Authmethod method_gssapi;
17+@@ -76,6 +77,9 @@ extern Authmethod method_gssapi;
18 extern Authmethod method_jpake;
19 #endif
20
21@@ -19,7 +19,7 @@
22 Authmethod *authmethods[] = {
23 &method_none,
24 &method_pubkey,
25-@@ -225,6 +229,11 @@ input_userauth_request(int type, u_int32
26+@@ -227,6 +231,11 @@ input_userauth_request(int type, u_int32
27 service = packet_get_string(NULL);
28 method = packet_get_string(NULL);
29 debug("userauth-request for user %s service %s method %s", user, service, method);
30@@ -30,10 +30,10 @@
31 + }
32 debug("attempt %d failures %d", authctxt->attempt, authctxt->failures);
33
34- if ((style = strchr(user, ':')) != NULL)
35+ if ((role = strchr(user, '/')) != NULL)
36 diff -NupwB canonical-openssh5.5/buffer.c kitchensink-openssh5.5/buffer.c
37---- canonical-openssh5.5/buffer.c 2010-06-08 17:17:08.000000000 -0400
38-+++ kitchensink-openssh5.5/buffer.c 2010-06-08 17:20:56.000000000 -0400
39+--- canonical-openssh5.5/buffer.c 2010-02-11 22:23:40.000000000 +0000
40++++ kitchensink-openssh5.5/buffer.c 2012-11-25 21:46:19.000000000 +0000
41 @@ -127,7 +127,7 @@ restart:
42
43 /* Increase the size of the buffer and retry. */
44@@ -44,8 +44,8 @@
45 newlen);
46 buffer->buf = xrealloc(buffer->buf, 1, newlen);
47 diff -NupwB canonical-openssh5.5/buffer.h kitchensink-openssh5.5/buffer.h
48---- canonical-openssh5.5/buffer.h 2010-06-08 17:17:08.000000000 -0400
49-+++ kitchensink-openssh5.5/buffer.h 2010-06-08 17:20:56.000000000 -0400
50+--- canonical-openssh5.5/buffer.h 2010-02-11 22:23:40.000000000 +0000
51++++ kitchensink-openssh5.5/buffer.h 2012-11-25 21:46:19.000000000 +0000
52 @@ -16,6 +16,9 @@
53 #ifndef BUFFER_H
54 #define BUFFER_H
55@@ -57,8 +57,8 @@
56 u_char *buf; /* Buffer for data. */
57 u_int alloc; /* Number of bytes allocated for data. */
58 diff -NupwB canonical-openssh5.5/channels.c kitchensink-openssh5.5/channels.c
59---- canonical-openssh5.5/channels.c 2010-06-08 17:17:08.000000000 -0400
60-+++ kitchensink-openssh5.5/channels.c 2010-06-08 17:20:56.000000000 -0400
61+--- canonical-openssh5.5/channels.c 2010-03-26 00:09:45.000000000 +0000
62++++ kitchensink-openssh5.5/channels.c 2012-11-25 21:46:19.000000000 +0000
63 @@ -170,8 +170,14 @@ static void port_open_helper(Channel *c,
64 static int connect_next(struct channel_connect *);
65 static void channel_connect_ctx_free(struct channel_connect *);
66@@ -240,8 +240,8 @@
67 (*chanids)[n] = nc->self;
68 }
69 diff -NupwB canonical-openssh5.5/channels.h kitchensink-openssh5.5/channels.h
70---- canonical-openssh5.5/channels.h 2010-06-08 17:17:08.000000000 -0400
71-+++ kitchensink-openssh5.5/channels.h 2010-06-08 17:20:56.000000000 -0400
72+--- canonical-openssh5.5/channels.h 2010-01-26 02:26:22.000000000 +0000
73++++ kitchensink-openssh5.5/channels.h 2012-11-25 21:46:19.000000000 +0000
74 @@ -124,8 +124,10 @@ struct Channel {
75 u_int local_window_max;
76 u_int local_consumed;
77@@ -267,7 +267,7 @@
78 #define CHAN_X11_PACKET_DEFAULT (16*1024)
79 #define CHAN_X11_WINDOW_DEFAULT (4*CHAN_X11_PACKET_DEFAULT)
80
81-@@ -235,7 +239,7 @@ void channel_input_status_confirm(int,
82+@@ -235,7 +239,7 @@ void channel_input_status_confirm(int,
83
84 void channel_prepare_select(fd_set **, fd_set **, int *, u_int*, int);
85 void channel_after_select(fd_set *, fd_set *);
86@@ -285,8 +285,8 @@
87 +
88 #endif
89 diff -NupwB canonical-openssh5.5/cipher.c kitchensink-openssh5.5/cipher.c
90---- canonical-openssh5.5/cipher.c 2010-06-08 17:17:08.000000000 -0400
91-+++ kitchensink-openssh5.5/cipher.c 2010-06-08 17:20:56.000000000 -0400
92+--- canonical-openssh5.5/cipher.c 2009-01-28 05:38:41.000000000 +0000
93++++ kitchensink-openssh5.5/cipher.c 2012-11-25 21:46:19.000000000 +0000
94 @@ -55,6 +55,7 @@ extern const EVP_CIPHER *evp_ssh1_bf(voi
95 extern const EVP_CIPHER *evp_ssh1_3des(void);
96 extern void ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int);
97@@ -335,8 +335,8 @@
98 case SSH_CIPHER_DES:
99 case SSH_CIPHER_BLOWFISH:
100 diff -NupwB canonical-openssh5.5/cipher-ctr-mt.c kitchensink-openssh5.5/cipher-ctr-mt.c
101---- canonical-openssh5.5/cipher-ctr-mt.c 1969-12-31 19:00:00.000000000 -0500
102-+++ kitchensink-openssh5.5/cipher-ctr-mt.c 2010-06-08 17:20:56.000000000 -0400
103+--- canonical-openssh5.5/cipher-ctr-mt.c 1970-01-01 00:00:00.000000000 +0000
104++++ kitchensink-openssh5.5/cipher-ctr-mt.c 2012-11-25 21:46:19.000000000 +0000
105 @@ -0,0 +1,473 @@
106 +/*
107 + * OpenSSH Multi-threaded AES-CTR Cipher
108@@ -812,9 +812,9 @@
109 + return (&aes_ctr);
110 +}
111 diff -NupwB canonical-openssh5.5/clientloop.c kitchensink-openssh5.5/clientloop.c
112---- canonical-openssh5.5/clientloop.c 2010-06-08 17:17:08.000000000 -0400
113-+++ kitchensink-openssh5.5/clientloop.c 2010-06-08 17:20:56.000000000 -0400
114-@@ -1701,9 +1701,15 @@ client_request_x11(const char *request_t
115+--- canonical-openssh5.5/clientloop.c 2012-11-25 21:46:51.000000000 +0000
116++++ kitchensink-openssh5.5/clientloop.c 2012-11-25 21:46:19.000000000 +0000
117+@@ -1721,9 +1721,15 @@ client_request_x11(const char *request_t
118 sock = x11_connect_display();
119 if (sock < 0)
120 return NULL;
121@@ -830,24 +830,24 @@
122 c->force_drain = 1;
123 return c;
124 }
125-@@ -1723,9 +1729,15 @@ client_request_agent(const char *request
126+@@ -1743,9 +1749,15 @@ client_request_agent(const char *request
127 sock = ssh_get_authentication_socket();
128 if (sock < 0)
129 return NULL;
130 + if (options.hpn_disabled)
131- c = channel_new("authentication agent connection",
132- SSH_CHANNEL_OPEN, sock, sock, -1,
133-- CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0,
134++ c = channel_new("authentication agent connection",
135++ SSH_CHANNEL_OPEN, sock, sock, -1,
136 + CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_WINDOW_DEFAULT, 0,
137 + "authentication agent connection", 1);
138 + else
139-+ c = channel_new("authentication agent connection",
140-+ SSH_CHANNEL_OPEN, sock, sock, -1,
141+ c = channel_new("authentication agent connection",
142+ SSH_CHANNEL_OPEN, sock, sock, -1,
143+- CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0,
144 + options.hpn_buffer_size, options.hpn_buffer_size, 0,
145 "authentication agent connection", 1);
146 c->force_drain = 1;
147 return c;
148-@@ -1753,10 +1765,18 @@ client_request_tun_fwd(int tun_mode, int
149+@@ -1773,10 +1785,18 @@ client_request_tun_fwd(int tun_mode, int
150 return -1;
151 }
152
153@@ -868,8 +868,8 @@
154 if (options.tun_open == SSH_TUNMODE_POINTOPOINT)
155 channel_register_filter(c->self, sys_tun_infilter,
156 diff -NupwB canonical-openssh5.5/compat.c kitchensink-openssh5.5/compat.c
157---- canonical-openssh5.5/compat.c 2010-06-08 17:17:08.000000000 -0400
158-+++ kitchensink-openssh5.5/compat.c 2010-06-08 17:20:56.000000000 -0400
159+--- canonical-openssh5.5/compat.c 2008-11-03 08:20:14.000000000 +0000
160++++ kitchensink-openssh5.5/compat.c 2012-11-25 21:46:19.000000000 +0000
161 @@ -170,6 +170,15 @@ compat_datafellows(const char *version)
162 strlen(check[i].pat), 0) == 1) {
163 debug("match: %s pat %s", version, check[i].pat);
164@@ -887,8 +887,8 @@
165 }
166 }
167 diff -NupwB canonical-openssh5.5/compat.h kitchensink-openssh5.5/compat.h
168---- canonical-openssh5.5/compat.h 2010-06-08 17:17:08.000000000 -0400
169-+++ kitchensink-openssh5.5/compat.h 2010-06-08 17:20:56.000000000 -0400
170+--- canonical-openssh5.5/compat.h 2008-11-03 08:20:14.000000000 +0000
171++++ kitchensink-openssh5.5/compat.h 2012-11-25 21:46:19.000000000 +0000
172 @@ -58,6 +58,7 @@
173 #define SSH_OLD_FORWARD_ADDR 0x01000000
174 #define SSH_BUG_RFWD_ADDR 0x02000000
175@@ -898,9 +898,10 @@
176 void enable_compat13(void);
177 void enable_compat20(void);
178 Common subdirectories: canonical-openssh5.5/contrib and kitchensink-openssh5.5/contrib
179+Common subdirectories: canonical-openssh5.5/debian and kitchensink-openssh5.5/debian
180 diff -NupwB canonical-openssh5.5/HPN-README kitchensink-openssh5.5/HPN-README
181---- canonical-openssh5.5/HPN-README 1969-12-31 19:00:00.000000000 -0500
182-+++ kitchensink-openssh5.5/HPN-README 2010-06-08 17:20:56.000000000 -0400
183+--- canonical-openssh5.5/HPN-README 1970-01-01 00:00:00.000000000 +0000
184++++ kitchensink-openssh5.5/HPN-README 2012-11-25 21:46:19.000000000 +0000
185 @@ -0,0 +1,128 @@
186 +Notes:
187 +
188@@ -1031,17 +1032,17 @@
189 + by Cisco System, Inc., the National Library of Medicine,
190 + and the National Science Foundation.
191 diff -NupwB canonical-openssh5.5/kex.c kitchensink-openssh5.5/kex.c
192---- canonical-openssh5.5/kex.c 2010-06-08 17:17:08.000000000 -0400
193-+++ kitchensink-openssh5.5/kex.c 2010-06-08 17:20:56.000000000 -0400
194+--- canonical-openssh5.5/kex.c 2012-11-25 21:46:51.000000000 +0000
195++++ kitchensink-openssh5.5/kex.c 2012-11-25 21:46:19.000000000 +0000
196 @@ -49,6 +49,7 @@
197 #include "dispatch.h"
198 #include "monitor.h"
199 #include "roaming.h"
200 +#include "canohost.h"
201
202- #if OPENSSL_VERSION_NUMBER >= 0x00907000L
203- # if defined(HAVE_EVP_SHA256)
204-@@ -63,7 +64,8 @@ static void kex_kexinit_finish(Kex *);
205+ #ifdef GSSAPI
206+ #include "ssh-gss.h"
207+@@ -67,7 +68,8 @@ static void kex_kexinit_finish(Kex *);
208 static void kex_choose_conf(Kex *);
209
210 /* put algorithm proposal into buffer */
211@@ -1051,7 +1052,7 @@
212 kex_prop2buf(Buffer *b, char *proposal[PROPOSAL_MAX])
213 {
214 u_int i;
215-@@ -375,6 +377,13 @@ kex_choose_conf(Kex *kex)
216+@@ -393,6 +395,13 @@ kex_choose_conf(Kex *kex)
217 int nenc, nmac, ncomp;
218 u_int mode, ctos, need;
219 int first_kex_follows, type;
220@@ -1065,7 +1066,7 @@
221
222 my = kex_buf2prop(&kex->my, NULL);
223 peer = kex_buf2prop(&kex->peer, &first_kex_follows);
224-@@ -409,11 +418,34 @@ kex_choose_conf(Kex *kex)
225+@@ -427,11 +436,34 @@ kex_choose_conf(Kex *kex)
226 choose_enc (&newkeys->enc, cprop[nenc], sprop[nenc]);
227 choose_mac (&newkeys->mac, cprop[nmac], sprop[nmac]);
228 choose_comp(&newkeys->comp, cprop[ncomp], sprop[ncomp]);
229@@ -1101,9 +1102,9 @@
230 choose_kex(kex, cprop[PROPOSAL_KEX_ALGS], sprop[PROPOSAL_KEX_ALGS]);
231 choose_hostkeyalg(kex, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS],
232 diff -NupwB canonical-openssh5.5/kex.h kitchensink-openssh5.5/kex.h
233---- canonical-openssh5.5/kex.h 2010-06-08 17:17:08.000000000 -0400
234-+++ kitchensink-openssh5.5/kex.h 2010-06-08 17:20:56.000000000 -0400
235-@@ -132,6 +132,8 @@ struct Kex {
236+--- canonical-openssh5.5/kex.h 2012-11-25 21:46:51.000000000 +0000
237++++ kitchensink-openssh5.5/kex.h 2012-11-25 21:46:19.000000000 +0000
238+@@ -141,6 +141,8 @@ struct Kex {
239 void (*kex[KEX_MAX])(Kex *);
240 };
241
242@@ -1113,9 +1114,9 @@
243 void kex_finish(Kex *);
244
245 diff -NupwB canonical-openssh5.5/Makefile.in kitchensink-openssh5.5/Makefile.in
246---- canonical-openssh5.5/Makefile.in 2010-06-08 17:17:08.000000000 -0400
247-+++ kitchensink-openssh5.5/Makefile.in 2010-06-08 17:20:56.000000000 -0400
248-@@ -45,7 +45,7 @@ CC=@CC@
249+--- canonical-openssh5.5/Makefile.in 2012-11-25 21:46:51.000000000 +0000
250++++ kitchensink-openssh5.5/Makefile.in 2012-11-25 21:46:19.000000000 +0000
251+@@ -47,7 +47,7 @@ CC=@CC@
252 LD=@LD@
253 CFLAGS=@CFLAGS@
254 CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
255@@ -1124,7 +1125,7 @@
256 SSHDLIBS=@SSHDLIBS@
257 LIBEDIT=@LIBEDIT@
258 AR=@AR@
259-@@ -66,7 +66,7 @@ TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-a
260+@@ -68,7 +68,7 @@ TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-a
261
262 LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o bufbn.o buffer.o \
263 canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \
264@@ -1134,8 +1135,8 @@
265 log.o match.o md-sha256.o moduli.o nchan.o packet.o \
266 readpass.o rsa.o ttymodes.o xmalloc.o addrmatch.o \
267 diff -NupwB canonical-openssh5.5/myproposal.h kitchensink-openssh5.5/myproposal.h
268---- canonical-openssh5.5/myproposal.h 2010-06-08 17:17:08.000000000 -0400
269-+++ kitchensink-openssh5.5/myproposal.h 2010-06-08 17:20:56.000000000 -0400
270+--- canonical-openssh5.5/myproposal.h 2010-02-26 20:55:05.000000000 +0000
271++++ kitchensink-openssh5.5/myproposal.h 2012-11-25 21:46:19.000000000 +0000
272 @@ -49,6 +49,8 @@
273 "arcfour256,arcfour128," \
274 "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \
275@@ -1147,8 +1148,8 @@
276 "hmac-ripemd160@openssh.com," \
277 Common subdirectories: canonical-openssh5.5/openbsd-compat and kitchensink-openssh5.5/openbsd-compat
278 diff -NupwB canonical-openssh5.5/packet.c kitchensink-openssh5.5/packet.c
279---- canonical-openssh5.5/packet.c 2010-06-08 17:17:08.000000000 -0400
280-+++ kitchensink-openssh5.5/packet.c 2010-06-08 17:20:56.000000000 -0400
281+--- canonical-openssh5.5/packet.c 2009-10-02 01:49:04.000000000 +0000
282++++ kitchensink-openssh5.5/packet.c 2012-11-25 21:46:19.000000000 +0000
283 @@ -835,7 +835,7 @@ packet_enable_delayed_compress(void)
284 /*
285 * Finalize packet in SSH2 format (compress, mac, encrypt, enqueue)
286@@ -1286,8 +1287,8 @@
287 + return(active_state->after_authentication);
288 +}
289 diff -NupwB canonical-openssh5.5/packet.h kitchensink-openssh5.5/packet.h
290---- canonical-openssh5.5/packet.h 2010-06-08 17:17:08.000000000 -0400
291-+++ kitchensink-openssh5.5/packet.h 2010-06-08 17:20:56.000000000 -0400
292+--- canonical-openssh5.5/packet.h 2009-07-05 21:11:13.000000000 +0000
293++++ kitchensink-openssh5.5/packet.h 2012-11-25 21:46:19.000000000 +0000
294 @@ -20,6 +20,9 @@
295
296 #include <openssl/bn.h>
297@@ -1324,9 +1325,10 @@
298 void packet_write_wait(void);
299 int packet_have_data_to_write(void);
300 int packet_not_very_much_data_to_write(void);
301+Common subdirectories: canonical-openssh5.5/.pc and kitchensink-openssh5.5/.pc
302 diff -NupwB canonical-openssh5.5/progressmeter.c kitchensink-openssh5.5/progressmeter.c
303---- canonical-openssh5.5/progressmeter.c 2010-06-08 17:17:08.000000000 -0400
304-+++ kitchensink-openssh5.5/progressmeter.c 2010-06-08 17:20:56.000000000 -0400
305+--- canonical-openssh5.5/progressmeter.c 2006-08-05 02:39:40.000000000 +0000
306++++ kitchensink-openssh5.5/progressmeter.c 2012-11-25 21:46:19.000000000 +0000
307 @@ -68,6 +68,8 @@ static time_t last_update; /* last progr
308 static char *file; /* name of the file being transferred */
309 static off_t end_pos; /* ending position of transfer */
310@@ -1398,18 +1400,18 @@
311
312 /*ARGSUSED*/
313 diff -NupwB canonical-openssh5.5/readconf.c kitchensink-openssh5.5/readconf.c
314---- canonical-openssh5.5/readconf.c 2010-06-08 17:17:08.000000000 -0400
315-+++ kitchensink-openssh5.5/readconf.c 2010-06-08 17:20:56.000000000 -0400
316-@@ -131,6 +131,8 @@ typedef enum {
317- oSendEnv, oControlPath, oControlMaster, oHashKnownHosts,
318+--- canonical-openssh5.5/readconf.c 2012-11-25 21:46:51.000000000 +0000
319++++ kitchensink-openssh5.5/readconf.c 2012-11-25 21:46:19.000000000 +0000
320+@@ -136,6 +136,8 @@ typedef enum {
321 oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
322 oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication,
323+ oProtocolKeepAlives, oSetupTimeOut,
324 + oNoneEnabled, oTcpRcvBufPoll, oTcpRcvBuf, oNoneSwitch, oHPNDisabled,
325 + oHPNBufferSize,
326 oDeprecated, oUnsupported
327 } OpCodes;
328
329-@@ -237,6 +239,12 @@ static struct {
330+@@ -251,6 +253,12 @@ static struct {
331 #else
332 { "zeroknowledgepasswordauthentication", oUnsupported },
333 #endif
334@@ -1419,10 +1421,10 @@
335 + { "noneswitch", oNoneSwitch },
336 + { "hpndisabled", oHPNDisabled },
337 + { "hpnbuffersize", oHPNBufferSize },
338+ { "protocolkeepalives", oProtocolKeepAlives },
339+ { "setuptimeout", oSetupTimeOut },
340
341- { NULL, oBadOption }
342- };
343-@@ -468,6 +476,37 @@ parse_flag:
344+@@ -504,6 +512,37 @@ parse_flag:
345 intptr = &options->check_host_ip;
346 goto parse_flag;
347
348@@ -1460,7 +1462,7 @@
349 case oVerifyHostKeyDNS:
350 intptr = &options->verify_host_key_dns;
351 goto parse_yesnoask;
352-@@ -646,6 +685,10 @@ parse_int:
353+@@ -682,6 +721,10 @@ parse_int:
354 intptr = &options->connection_attempts;
355 goto parse_int;
356
357@@ -1471,7 +1473,7 @@
358 case oCipher:
359 intptr = &options->cipher;
360 arg = strdelim(&s);
361-@@ -1073,6 +1116,12 @@ initialize_options(Options * options)
362+@@ -1115,6 +1158,12 @@ initialize_options(Options * options)
363 options->use_roaming = -1;
364 options->visual_host_key = -1;
365 options->zero_knowledge_password_authentication = -1;
366@@ -1484,8 +1486,8 @@
367 }
368
369 /*
370-@@ -1195,6 +1244,29 @@ fill_default_options(Options * options)
371- options->server_alive_interval = 0;
372+@@ -1250,6 +1299,29 @@ fill_default_options(Options * options)
373+ }
374 if (options->server_alive_count_max == -1)
375 options->server_alive_count_max = 3;
376 + if (options->none_switch == -1)
377@@ -1515,9 +1517,9 @@
378 options->control_master = 0;
379 if (options->hash_known_hosts == -1)
380 diff -NupwB canonical-openssh5.5/readconf.h kitchensink-openssh5.5/readconf.h
381---- canonical-openssh5.5/readconf.h 2010-06-08 17:17:08.000000000 -0400
382-+++ kitchensink-openssh5.5/readconf.h 2010-06-08 17:20:56.000000000 -0400
383-@@ -57,6 +57,11 @@ typedef struct {
384+--- canonical-openssh5.5/readconf.h 2012-11-25 21:46:51.000000000 +0000
385++++ kitchensink-openssh5.5/readconf.h 2012-11-25 21:46:19.000000000 +0000
386+@@ -62,6 +62,11 @@ typedef struct {
387 int compression_level; /* Compression level 1 (fast) to 9
388 * (best). */
389 int tcp_keep_alive; /* Set SO_KEEPALIVE. */
390@@ -1529,7 +1531,7 @@
391 LogLevel log_level; /* Level for logging. */
392
393 int port; /* Port to connect. */
394-@@ -102,6 +107,8 @@ typedef struct {
395+@@ -107,6 +112,8 @@ typedef struct {
396
397 int enable_ssh_keysign;
398 int64_t rekey_limit;
399@@ -1541,9 +1543,9 @@
400 Common subdirectories: canonical-openssh5.5/regress and kitchensink-openssh5.5/regress
401 Common subdirectories: canonical-openssh5.5/scard and kitchensink-openssh5.5/scard
402 diff -NupwB canonical-openssh5.5/scp.c kitchensink-openssh5.5/scp.c
403---- canonical-openssh5.5/scp.c 2010-06-08 17:17:08.000000000 -0400
404-+++ kitchensink-openssh5.5/scp.c 2010-06-08 17:20:56.000000000 -0400
405-@@ -639,7 +639,7 @@ source(int argc, char **argv)
406+--- canonical-openssh5.5/scp.c 2012-11-25 21:46:51.000000000 +0000
407++++ kitchensink-openssh5.5/scp.c 2012-11-25 21:46:19.000000000 +0000
408+@@ -647,7 +647,7 @@ source(int argc, char **argv)
409 off_t i, statbytes;
410 size_t amt;
411 int fd = -1, haderr, indx;
412@@ -1552,7 +1554,7 @@
413 int len;
414
415 for (indx = 0; indx < argc; ++indx) {
416-@@ -875,7 +875,7 @@ sink(int argc, char **argv)
417+@@ -883,7 +883,7 @@ sink(int argc, char **argv)
418 mode_t mode, omode, mask;
419 off_t size, statbytes;
420 int setimes, targisdir, wrerrno = 0;
421@@ -1562,12 +1564,12 @@
422
423 #define atime tv[0]
424 diff -NupwB canonical-openssh5.5/servconf.c kitchensink-openssh5.5/servconf.c
425---- canonical-openssh5.5/servconf.c 2010-06-08 17:17:08.000000000 -0400
426-+++ kitchensink-openssh5.5/servconf.c 2010-06-08 17:20:56.000000000 -0400
427-@@ -131,11 +131,21 @@ initialize_server_options(ServerOptions
428- options->zero_knowledge_password_authentication = -1;
429+--- canonical-openssh5.5/servconf.c 2012-11-25 21:46:51.000000000 +0000
430++++ kitchensink-openssh5.5/servconf.c 2012-11-25 21:46:19.000000000 +0000
431+@@ -136,11 +136,21 @@ initialize_server_options(ServerOptions
432 options->revoked_keys_file = NULL;
433 options->trusted_user_ca_keys = NULL;
434+ options->debian_banner = -1;
435 + options->none_enabled = -1;
436 + options->tcp_rcv_buf_poll = -1;
437 + options->hpn_disabled = -1;
438@@ -1586,9 +1588,9 @@
439 /* Portable-specific options */
440 if (options->use_pam == -1)
441 options->use_pam = 0;
442-@@ -266,6 +276,42 @@ fill_default_server_options(ServerOption
443- if (options->zero_knowledge_password_authentication == -1)
444- options->zero_knowledge_password_authentication = 0;
445+@@ -281,6 +291,42 @@ fill_default_server_options(ServerOption
446+ if (options->debian_banner == -1)
447+ options->debian_banner = 1;
448
449 + if (options->hpn_disabled == -1)
450 + options->hpn_disabled = 0;
451@@ -1629,18 +1631,18 @@
452 /* Turn privilege separation on by default */
453 if (use_privsep == -1)
454 use_privsep = 1;
455-@@ -311,6 +357,7 @@ typedef enum {
456- sUsePrivilegeSeparation, sAllowAgentForwarding,
457+@@ -329,6 +375,7 @@ typedef enum {
458 sZeroKnowledgePasswordAuthentication, sHostCertificate,
459 sRevokedKeys, sTrustedUserCAKeys,
460+ sDebianBanner,
461 + sNoneEnabled, sTcpRcvBufPoll, sHPNDisabled, sHPNBufferSize,
462 sDeprecated, sUnsupported
463 } ServerOpCodes;
464
465-@@ -432,6 +479,10 @@ static struct {
466- { "hostcertificate", sHostCertificate, SSHCFG_GLOBAL },
467+@@ -462,6 +509,10 @@ static struct {
468 { "revokedkeys", sRevokedKeys, SSHCFG_ALL },
469 { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
470+ { "debianbanner", sDebianBanner, SSHCFG_GLOBAL },
471 + { "noneenabled", sNoneEnabled },
472 + { "hpndisabled", sHPNDisabled },
473 + { "hpnbuffersize", sHPNBufferSize },
474@@ -1648,7 +1650,7 @@
475 { NULL, sBadOption, 0 }
476 };
477
478-@@ -458,6 +509,7 @@ parse_token(const char *cp, const char *
479+@@ -488,6 +539,7 @@ parse_token(const char *cp, const char *
480
481 for (i = 0; keywords[i].name; i++)
482 if (strcasecmp(cp, keywords[i].name) == 0) {
483@@ -1656,7 +1658,7 @@
484 *flags = keywords[i].flags;
485 return keywords[i].opcode;
486 }
487-@@ -880,6 +932,22 @@ process_server_config_line(ServerOptions
488+@@ -910,6 +962,22 @@ process_server_config_line(ServerOptions
489 *intptr = value;
490 break;
491
492@@ -1680,9 +1682,9 @@
493 intptr = &options->ignore_user_known_hosts;
494 goto parse_flag;
495 diff -NupwB canonical-openssh5.5/servconf.h kitchensink-openssh5.5/servconf.h
496---- canonical-openssh5.5/servconf.h 2010-06-08 17:17:08.000000000 -0400
497-+++ kitchensink-openssh5.5/servconf.h 2010-06-08 17:20:56.000000000 -0400
498-@@ -148,6 +148,10 @@ typedef struct {
499+--- canonical-openssh5.5/servconf.h 2012-11-25 21:46:51.000000000 +0000
500++++ kitchensink-openssh5.5/servconf.h 2012-11-25 21:46:19.000000000 +0000
501+@@ -152,6 +152,10 @@ typedef struct {
502 char *adm_forced_command;
503
504 int use_pam; /* Enable auth via PAM */
505@@ -1694,8 +1696,8 @@
506 int permit_tun;
507
508 diff -NupwB canonical-openssh5.5/serverloop.c kitchensink-openssh5.5/serverloop.c
509---- canonical-openssh5.5/serverloop.c 2010-06-08 17:17:08.000000000 -0400
510-+++ kitchensink-openssh5.5/serverloop.c 2010-06-08 17:20:56.000000000 -0400
511+--- canonical-openssh5.5/serverloop.c 2012-11-25 21:46:51.000000000 +0000
512++++ kitchensink-openssh5.5/serverloop.c 2012-11-25 21:46:19.000000000 +0000
513 @@ -94,10 +94,10 @@ static int fdin; /* Descriptor for stdi
514 static int fdout; /* Descriptor for stdout (for reading);
515 May be same number as fdin. */
516@@ -1803,8 +1805,8 @@
517 debug("session open failed, free channel %d", c->self);
518 channel_free(c);
519 diff -NupwB canonical-openssh5.5/session.c kitchensink-openssh5.5/session.c
520---- canonical-openssh5.5/session.c 2010-06-08 17:17:08.000000000 -0400
521-+++ kitchensink-openssh5.5/session.c 2010-06-08 17:20:56.000000000 -0400
522+--- canonical-openssh5.5/session.c 2010-03-26 00:04:09.000000000 +0000
523++++ kitchensink-openssh5.5/session.c 2012-11-25 21:46:19.000000000 +0000
524 @@ -231,6 +231,7 @@ auth_input_request_forwarding(struct pas
525 }
526
527@@ -1831,8 +1833,8 @@
528
529 /*
530 diff -NupwB canonical-openssh5.5/sftp.1 kitchensink-openssh5.5/sftp.1
531---- canonical-openssh5.5/sftp.1 2010-06-08 17:17:08.000000000 -0400
532-+++ kitchensink-openssh5.5/sftp.1 2010-06-08 17:20:56.000000000 -0400
533+--- canonical-openssh5.5/sftp.1 2010-02-11 22:21:03.000000000 +0000
534++++ kitchensink-openssh5.5/sftp.1 2012-11-25 21:46:19.000000000 +0000
535 @@ -234,7 +234,8 @@ diagnostic messages from
536 Specify how many requests may be outstanding at any one time.
537 Increasing this may slightly improve file transfer speed
538@@ -1844,8 +1846,8 @@
539 Recursively copy entire directories when uploading and downloading.
540 Note that
541 diff -NupwB canonical-openssh5.5/sftp.c kitchensink-openssh5.5/sftp.c
542---- canonical-openssh5.5/sftp.c 2010-06-08 17:17:08.000000000 -0400
543-+++ kitchensink-openssh5.5/sftp.c 2010-06-08 17:20:56.000000000 -0400
544+--- canonical-openssh5.5/sftp.c 2010-01-27 19:27:54.000000000 +0000
545++++ kitchensink-openssh5.5/sftp.c 2012-11-25 21:46:19.000000000 +0000
546 @@ -69,7 +69,7 @@ typedef void EditLine;
547 #include "sftp-client.h"
548
549@@ -1856,8 +1858,8 @@
550 /* File to read commands from */
551 FILE* infile;
552 diff -NupwB canonical-openssh5.5/ssh.c kitchensink-openssh5.5/ssh.c
553---- canonical-openssh5.5/ssh.c 2010-06-08 17:17:08.000000000 -0400
554-+++ kitchensink-openssh5.5/ssh.c 2010-06-08 17:20:56.000000000 -0400
555+--- canonical-openssh5.5/ssh.c 2012-11-25 21:46:51.000000000 +0000
556++++ kitchensink-openssh5.5/ssh.c 2012-11-25 21:46:19.000000000 +0000
557 @@ -526,9 +526,6 @@ main(int ac, char **av)
558 no_shell_flag = 1;
559 no_tty_flag = 1;
560@@ -1982,8 +1984,8 @@
561
562 channel_send_open(c->self);
563 diff -NupwB canonical-openssh5.5/sshconnect2.c kitchensink-openssh5.5/sshconnect2.c
564---- canonical-openssh5.5/sshconnect2.c 2010-06-08 17:17:08.000000000 -0400
565-+++ kitchensink-openssh5.5/sshconnect2.c 2010-06-08 17:20:56.000000000 -0400
566+--- canonical-openssh5.5/sshconnect2.c 2012-11-25 21:46:51.000000000 +0000
567++++ kitchensink-openssh5.5/sshconnect2.c 2012-11-25 21:46:19.000000000 +0000
568 @@ -80,6 +80,12 @@
569 extern char *client_version_string;
570 extern char *server_version_string;
571@@ -1997,7 +1999,7 @@
572
573 /*
574 * SSH2 key exchange
575-@@ -358,6 +364,28 @@ ssh_userauth2(const char *local_user, co
576+@@ -416,6 +422,28 @@ ssh_userauth2(const char *local_user, co
577 pubkey_cleanup(&authctxt);
578 dispatch_range(SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL);
579
580@@ -2027,8 +2029,8 @@
581 }
582
583 diff -NupwB canonical-openssh5.5/sshconnect.c kitchensink-openssh5.5/sshconnect.c
584---- canonical-openssh5.5/sshconnect.c 2010-06-08 17:17:08.000000000 -0400
585-+++ kitchensink-openssh5.5/sshconnect.c 2010-06-08 17:20:56.000000000 -0400
586+--- canonical-openssh5.5/sshconnect.c 2012-11-25 21:46:51.000000000 +0000
587++++ kitchensink-openssh5.5/sshconnect.c 2012-11-25 21:46:19.000000000 +0000
588 @@ -168,6 +168,31 @@ ssh_proxy_connect(const char *host, u_sh
589 }
590
591@@ -2080,19 +2082,10 @@
592 /* Bind the socket to an alternative local IP address */
593 if (options.bind_address == NULL)
594 return sock;
595-@@ -542,7 +572,7 @@ ssh_exchange_identification(int timeout_
596- snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s",
597- compat20 ? PROTOCOL_MAJOR_2 : PROTOCOL_MAJOR_1,
598- compat20 ? PROTOCOL_MINOR_2 : minor1,
599-- SSH_VERSION, compat20 ? "\r\n" : "\n");
600-+ SSH_RELEASE, compat20 ? "\r\n" : "\n");
601- if (roaming_atomicio(vwrite, connection_out, buf, strlen(buf))
602- != strlen(buf))
603- fatal("write: %.100s", strerror(errno));
604 diff -NupwB canonical-openssh5.5/sshd.c kitchensink-openssh5.5/sshd.c
605---- canonical-openssh5.5/sshd.c 2010-06-08 17:17:08.000000000 -0400
606-+++ kitchensink-openssh5.5/sshd.c 2010-06-08 17:20:56.000000000 -0400
607-@@ -137,6 +137,9 @@ int deny_severity;
608+--- canonical-openssh5.5/sshd.c 2012-11-25 21:46:51.000000000 +0000
609++++ kitchensink-openssh5.5/sshd.c 2012-11-25 21:46:19.000000000 +0000
610+@@ -141,6 +141,9 @@ int deny_severity;
611 #define REEXEC_CONFIG_PASS_FD (STDERR_FILENO + 3)
612 #define REEXEC_MIN_FREE_FD (STDERR_FILENO + 4)
613
614@@ -2102,16 +2095,7 @@
615 extern char *__progname;
616
617 /* Server configuration options. */
618-@@ -418,7 +421,7 @@ sshd_exchange_identification(int sock_in
619- minor = PROTOCOL_MINOR_1;
620- }
621- snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", major, minor,
622-- SSH_VERSION, newline);
623-+ SSH_RELEASE, newline);
624- server_version_string = xstrdup(buf);
625-
626- /* Send our protocol version identification. */
627-@@ -469,6 +472,9 @@ sshd_exchange_identification(int sock_in
628+@@ -474,6 +477,9 @@ sshd_exchange_identification(int sock_in
629 }
630 debug("Client protocol version %d.%d; client software version %.100s",
631 remote_major, remote_minor, remote_version);
632@@ -2121,7 +2105,7 @@
633
634 compat_datafellows(remote_version);
635
636-@@ -988,6 +994,8 @@ server_listen(void)
637+@@ -993,6 +999,8 @@ server_listen(void)
638 int ret, listen_sock, on = 1;
639 struct addrinfo *ai;
640 char ntop[NI_MAXHOST], strport[NI_MAXSERV];
641@@ -2130,7 +2114,7 @@
642
643 for (ai = options.listen_addrs; ai; ai = ai->ai_next) {
644 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
645-@@ -1028,6 +1036,11 @@ server_listen(void)
646+@@ -1033,6 +1041,11 @@ server_listen(void)
647
648 debug("Bind to port %s on %s.", strport, ntop);
649
650@@ -2142,17 +2126,17 @@
651 /* Bind the socket to the desired port. */
652 if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) {
653 error("Bind to port %s on %s failed: %.200s.",
654-@@ -1909,6 +1922,9 @@ main(int ac, char **av)
655+@@ -1922,6 +1935,9 @@ main(int ac, char **av)
656 /* Log the connection. */
657 verbose("Connection from %.500s port %d", remote_ip, remote_port);
658
659 + /* set the HPN options for the child */
660 + channel_set_hpn(options.hpn_disabled, options.hpn_buffer_size);
661 +
662+ #ifdef USE_SECURITY_SESSION_API
663 /*
664- * We don't want to listen forever unless the other side
665- * successfully authenticates itself. So we set up an alarm which is
666-@@ -2264,9 +2280,15 @@ do_ssh2_kex(void)
667+ * Create a new security session for use by the new user login if
668+@@ -2331,9 +2347,15 @@ do_ssh2_kex(void)
669 {
670 Kex *kex;
671
672@@ -2169,9 +2153,9 @@
673 myproposal[PROPOSAL_ENC_ALGS_CTOS] =
674 compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]);
675 diff -NupwB canonical-openssh5.5/sshd_config kitchensink-openssh5.5/sshd_config
676---- canonical-openssh5.5/sshd_config 2010-06-08 17:17:08.000000000 -0400
677-+++ kitchensink-openssh5.5/sshd_config 2010-06-08 17:20:56.000000000 -0400
678-@@ -110,6 +110,20 @@
679+--- canonical-openssh5.5/sshd_config 2012-11-25 21:46:51.000000000 +0000
680++++ kitchensink-openssh5.5/sshd_config 2012-11-25 21:46:19.000000000 +0000
681+@@ -113,6 +113,20 @@
682 # override default of no subsystems
683 Subsystem sftp /usr/libexec/sftp-server
684
685@@ -2193,12 +2177,15 @@
686 #Match User anoncvs
687 # X11Forwarding no
688 diff -NupwB canonical-openssh5.5/version.h kitchensink-openssh5.5/version.h
689---- canonical-openssh5.5/version.h 2010-06-08 17:17:08.000000000 -0400
690-+++ kitchensink-openssh5.5/version.h 2010-06-08 17:21:14.000000000 -0400
691-@@ -3,4 +3,5 @@
692+--- canonical-openssh5.5/version.h 2012-11-25 21:46:51.000000000 +0000
693++++ kitchensink-openssh5.5/version.h 2012-11-25 21:46:19.000000000 +0000
694+@@ -3,7 +3,8 @@
695 #define SSH_VERSION "OpenSSH_5.5"
696
697 #define SSH_PORTABLE "p1"
698--#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
699+-#define SSH_RELEASE_MINIMUM SSH_VERSION SSH_PORTABLE
700 +#define SSH_HPN "-hpn13v9"
701-+#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN
702++#define SSH_RELEASE_MINIMUM SSH_VERSION SSH_PORTABLE SSH_HPN
703+ #ifdef SSH_EXTRAVERSION
704+ #define SSH_RELEASE SSH_RELEASE_MINIMUM " " SSH_EXTRAVERSION
705+ #else