Pour Ubuntu il faut vérifier aussi lucid-updates.
[sftp.git] / openssh-5.3p1-hpn13v7.diff.auf-patch
1 --- openssh-5.3p1-hpn13v7.diff.orig     2012-11-13 16:50:13.483128779 -0500
2 +++ openssh-5.3p1-hpn13v7.diff.auf      2012-11-13 18:24:09.482929432 -0500
3 @@ -1,6 +1,6 @@
4  diff -NupwB canonincal/HPN-README kitchen_sink-done/HPN-README
5  --- canonincal/HPN-README      1969-12-31 19:00:00.000000000 -0500
6 -+++ kitchen_sink-done/HPN-README       2010-01-06 11:56:40.000000000 -0500
7 ++++ kitchen_sink-done/HPN-README       2012-11-13 18:07:14.134965345 -0500
8  @@ -0,0 +1,128 @@
9  +Notes:
10  +
11 @@ -131,9 +131,9 @@
12  +         by Cisco System, Inc., the National Library of Medicine, 
13  +       and the National Science Foundation. 
14  diff -NupwB canonincal/Makefile.in kitchen_sink-done/Makefile.in
15 ---- canonincal/Makefile.in     2009-08-27 20:47:38.000000000 -0400
16 -+++ kitchen_sink-done/Makefile.in      2010-01-06 11:56:40.000000000 -0500
17 -@@ -43,7 +43,7 @@ CC=@CC@
18 +--- canonincal/Makefile.in     2012-11-13 18:06:35.000000000 -0500
19 ++++ kitchen_sink-done/Makefile.in      2012-11-13 18:07:14.134965345 -0500
20 +@@ -45,7 +45,7 @@ CC=@CC@
21   LD=@LD@
22   CFLAGS=@CFLAGS@
23   CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
24 @@ -142,7 +142,7 @@
25   SSHDLIBS=@SSHDLIBS@
26   LIBEDIT=@LIBEDIT@
27   AR=@AR@
28 -@@ -64,7 +64,7 @@ TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-a
29 +@@ -66,7 +66,7 @@ TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-a
30   
31   LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o bufbn.o buffer.o \
32         canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \
33 @@ -152,8 +152,8 @@
34         log.o match.o md-sha256.o moduli.o nchan.o packet.o \
35         readpass.o rsa.o ttymodes.o xmalloc.o addrmatch.o \
36  diff -NupwB canonincal/auth2.c kitchen_sink-done/auth2.c
37 ---- canonincal/auth2.c 2009-06-22 02:11:07.000000000 -0400
38 -+++ kitchen_sink-done/auth2.c  2010-01-06 11:56:40.000000000 -0500
39 +--- canonincal/auth2.c 2012-11-13 18:06:35.000000000 -0500
40 ++++ kitchen_sink-done/auth2.c  2012-11-13 18:07:14.138965345 -0500
41  @@ -49,6 +49,7 @@
42   #include "dispatch.h"
43   #include "pathnames.h"
44 @@ -162,7 +162,7 @@
45   
46   #ifdef GSSAPI
47   #include "ssh-gss.h"
48 -@@ -75,6 +76,9 @@ extern Authmethod method_gssapi;
49 +@@ -76,6 +77,9 @@ extern Authmethod method_gssapi;
50   extern Authmethod method_jpake;
51   #endif
52   
53 @@ -172,7 +172,7 @@
54   Authmethod *authmethods[] = {
55         &method_none,
56         &method_pubkey,
57 -@@ -225,6 +229,11 @@ input_userauth_request(int type, u_int32
58 +@@ -227,6 +231,11 @@ input_userauth_request(int type, u_int32
59         service = packet_get_string(NULL);
60         method = packet_get_string(NULL);
61         debug("userauth-request for user %s service %s method %s", user, service, method);
62 @@ -183,10 +183,10 @@
63  +      }
64         debug("attempt %d failures %d", authctxt->attempt, authctxt->failures);
65   
66 -       if ((style = strchr(user, ':')) != NULL)
67 +       if ((role = strchr(user, '/')) != NULL)
68  diff -NupwB canonincal/buffer.c kitchen_sink-done/buffer.c
69  --- canonincal/buffer.c        2006-08-04 22:39:39.000000000 -0400
70 -+++ kitchen_sink-done/buffer.c 2010-01-06 11:56:40.000000000 -0500
71 ++++ kitchen_sink-done/buffer.c 2012-11-13 18:07:14.138965345 -0500
72  @@ -127,7 +127,7 @@ restart:
73   
74         /* Increase the size of the buffer and retry. */
75 @@ -198,7 +198,7 @@
76         buffer->buf = xrealloc(buffer->buf, 1, newlen);
77  diff -NupwB canonincal/buffer.h kitchen_sink-done/buffer.h
78  --- canonincal/buffer.h        2008-05-19 00:59:37.000000000 -0400
79 -+++ kitchen_sink-done/buffer.h 2010-01-06 11:56:40.000000000 -0500
80 ++++ kitchen_sink-done/buffer.h 2012-11-13 18:07:14.138965345 -0500
81  @@ -16,6 +16,9 @@
82   #ifndef BUFFER_H
83   #define BUFFER_H
84 @@ -210,8 +210,8 @@
85         u_char  *buf;           /* Buffer for data. */
86         u_int    alloc;         /* Number of bytes allocated for data. */
87  diff -NupwB canonincal/channels.c kitchen_sink-done/channels.c
88 ---- canonincal/channels.c      2009-08-27 21:02:37.000000000 -0400
89 -+++ kitchen_sink-done/channels.c       2010-01-06 11:56:40.000000000 -0500
90 +--- canonincal/channels.c      2012-11-13 18:06:35.000000000 -0500
91 ++++ kitchen_sink-done/channels.c       2012-11-13 18:07:14.138965345 -0500
92  @@ -169,8 +169,14 @@ static void port_open_helper(Channel *c,
93   static int connect_next(struct channel_connect *);
94   static void channel_connect_ctx_free(struct channel_connect *);
95 @@ -374,7 +374,7 @@
96                 c->path = xstrdup(host);
97                 c->host_port = port_to_connect;
98                 c->listening_port = listen_port;
99 -@@ -3153,10 +3208,17 @@ x11_create_display_inet(int x11_display_
100 +@@ -3157,10 +3212,17 @@ x11_create_display_inet(int x11_display_
101         *chanids = xcalloc(num_socks + 1, sizeof(**chanids));
102         for (n = 0; n < num_socks; n++) {
103                 sock = socks[n];
104 @@ -394,7 +394,7 @@
105         }
106  diff -NupwB canonincal/channels.h kitchen_sink-done/channels.h
107  --- canonincal/channels.h      2009-02-14 00:28:21.000000000 -0500
108 -+++ kitchen_sink-done/channels.h       2010-01-06 11:56:40.000000000 -0500
109 ++++ kitchen_sink-done/channels.h       2012-11-13 18:07:14.138965345 -0500
110  @@ -115,8 +115,10 @@ struct Channel {
111         u_int   local_window_max;
112         u_int   local_consumed;
113 @@ -439,7 +439,7 @@
114   #endif
115  diff -NupwB canonincal/cipher-ctr-mt.c kitchen_sink-done/cipher-ctr-mt.c
116  --- canonincal/cipher-ctr-mt.c 1969-12-31 19:00:00.000000000 -0500
117 -+++ kitchen_sink-done/cipher-ctr-mt.c  2010-01-06 11:56:40.000000000 -0500
118 ++++ kitchen_sink-done/cipher-ctr-mt.c  2012-11-13 18:07:14.138965345 -0500
119  @@ -0,0 +1,473 @@
120  +/*
121  + * OpenSSH Multi-threaded AES-CTR Cipher
122 @@ -916,7 +916,7 @@
123  +}
124  diff -NupwB canonincal/cipher.c kitchen_sink-done/cipher.c
125  --- canonincal/cipher.c        2009-01-28 00:38:41.000000000 -0500
126 -+++ kitchen_sink-done/cipher.c 2010-01-06 11:56:40.000000000 -0500
127 ++++ kitchen_sink-done/cipher.c 2012-11-13 18:07:14.138965345 -0500
128  @@ -55,6 +55,7 @@ extern const EVP_CIPHER *evp_ssh1_bf(voi
129   extern const EVP_CIPHER *evp_ssh1_3des(void);
130   extern void ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int);
131 @@ -965,9 +965,9 @@
132         case SSH_CIPHER_DES:
133         case SSH_CIPHER_BLOWFISH:
134  diff -NupwB canonincal/clientloop.c kitchen_sink-done/clientloop.c
135 ---- canonincal/clientloop.c    2009-08-27 21:21:07.000000000 -0400
136 -+++ kitchen_sink-done/clientloop.c     2010-01-06 11:56:40.000000000 -0500
137 -@@ -1697,9 +1697,15 @@ client_request_x11(const char *request_t
138 +--- canonincal/clientloop.c    2012-11-13 18:06:35.000000000 -0500
139 ++++ kitchen_sink-done/clientloop.c     2012-11-13 18:07:14.138965345 -0500
140 +@@ -1717,9 +1717,15 @@ client_request_x11(const char *request_t
141         sock = x11_connect_display();
142         if (sock < 0)
143                 return NULL;
144 @@ -983,7 +983,7 @@
145         c->force_drain = 1;
146         return c;
147   }
148 -@@ -1719,9 +1725,15 @@ client_request_agent(const char *request
149 +@@ -1739,9 +1745,15 @@ client_request_agent(const char *request
150         sock = ssh_get_authentication_socket();
151         if (sock < 0)
152                 return NULL;
153 @@ -1000,7 +1000,7 @@
154             "authentication agent connection", 1);
155         c->force_drain = 1;
156         return c;
157 -@@ -1749,10 +1761,18 @@ client_request_tun_fwd(int tun_mode, int
158 +@@ -1769,10 +1781,18 @@ client_request_tun_fwd(int tun_mode, int
159                 return -1;
160         }
161   
162 @@ -1022,7 +1022,7 @@
163                 channel_register_filter(c->self, sys_tun_infilter,
164  diff -NupwB canonincal/compat.c kitchen_sink-done/compat.c
165  --- canonincal/compat.c        2008-11-03 03:20:14.000000000 -0500
166 -+++ kitchen_sink-done/compat.c 2010-01-06 11:56:40.000000000 -0500
167 ++++ kitchen_sink-done/compat.c 2012-11-13 18:07:14.138965345 -0500
168  @@ -170,6 +170,15 @@ compat_datafellows(const char *version)
169                     strlen(check[i].pat), 0) == 1) {
170                         debug("match: %s pat %s", version, check[i].pat);
171 @@ -1041,7 +1041,7 @@
172         }
173  diff -NupwB canonincal/compat.h kitchen_sink-done/compat.h
174  --- canonincal/compat.h        2008-11-03 03:20:14.000000000 -0500
175 -+++ kitchen_sink-done/compat.h 2010-01-06 11:56:40.000000000 -0500
176 ++++ kitchen_sink-done/compat.h 2012-11-13 18:07:14.142965345 -0500
177  @@ -58,6 +58,7 @@
178   #define SSH_OLD_FORWARD_ADDR  0x01000000
179   #define SSH_BUG_RFWD_ADDR     0x02000000
180 @@ -1051,18 +1051,19 @@
181   void     enable_compat13(void);
182   void     enable_compat20(void);
183  Common subdirectories: canonincal/contrib and kitchen_sink-done/contrib
184 +Common subdirectories: canonincal/debian and kitchen_sink-done/debian
185  diff -NupwB canonincal/kex.c kitchen_sink-done/kex.c
186 ---- canonincal/kex.c   2009-06-21 04:15:25.000000000 -0400
187 -+++ kitchen_sink-done/kex.c    2010-01-06 11:56:40.000000000 -0500
188 +--- canonincal/kex.c   2012-11-13 18:06:35.000000000 -0500
189 ++++ kitchen_sink-done/kex.c    2012-11-13 18:07:14.142965345 -0500
190  @@ -48,6 +48,7 @@
191   #include "match.h"
192   #include "dispatch.h"
193   #include "monitor.h"
194  +#include "canohost.h"
195   
196 - #if OPENSSL_VERSION_NUMBER >= 0x00907000L
197 - # if defined(HAVE_EVP_SHA256)
198 -@@ -62,7 +63,8 @@ static void kex_kexinit_finish(Kex *);
199 + #ifdef GSSAPI
200 + #include "ssh-gss.h"
201 +@@ -66,7 +67,8 @@ static void kex_kexinit_finish(Kex *);
202   static void kex_choose_conf(Kex *);
203   
204   /* put algorithm proposal into buffer */
205 @@ -1072,7 +1073,7 @@
206   kex_prop2buf(Buffer *b, char *proposal[PROPOSAL_MAX])
207   {
208         u_int i;
209 -@@ -374,6 +376,13 @@ kex_choose_conf(Kex *kex)
210 +@@ -392,6 +394,13 @@ kex_choose_conf(Kex *kex)
211         int nenc, nmac, ncomp;
212         u_int mode, ctos, need;
213         int first_kex_follows, type;
214 @@ -1086,7 +1087,7 @@
215   
216         my   = kex_buf2prop(&kex->my, NULL);
217         peer = kex_buf2prop(&kex->peer, &first_kex_follows);
218 -@@ -398,11 +407,34 @@ kex_choose_conf(Kex *kex)
219 +@@ -416,11 +425,34 @@ kex_choose_conf(Kex *kex)
220                 choose_enc (&newkeys->enc,  cprop[nenc],  sprop[nenc]);
221                 choose_mac (&newkeys->mac,  cprop[nmac],  sprop[nmac]);
222                 choose_comp(&newkeys->comp, cprop[ncomp], sprop[ncomp]);
223 @@ -1122,9 +1123,9 @@
224         choose_kex(kex, cprop[PROPOSAL_KEX_ALGS], sprop[PROPOSAL_KEX_ALGS]);
225         choose_hostkeyalg(kex, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS],
226  diff -NupwB canonincal/kex.h kitchen_sink-done/kex.h
227 ---- canonincal/kex.h   2009-06-21 04:15:25.000000000 -0400
228 -+++ kitchen_sink-done/kex.h    2010-01-06 11:56:40.000000000 -0500
229 -@@ -129,6 +129,8 @@ struct Kex {
230 +--- canonincal/kex.h   2012-11-13 18:06:35.000000000 -0500
231 ++++ kitchen_sink-done/kex.h    2012-11-13 18:07:14.142965345 -0500
232 +@@ -138,6 +138,8 @@ struct Kex {
233         void    (*kex[KEX_MAX])(Kex *);
234   };
235   
236 @@ -1135,7 +1136,7 @@
237   
238  diff -NupwB canonincal/myproposal.h kitchen_sink-done/myproposal.h
239  --- canonincal/myproposal.h    2009-01-28 00:33:31.000000000 -0500
240 -+++ kitchen_sink-done/myproposal.h     2010-01-06 11:56:40.000000000 -0500
241 ++++ kitchen_sink-done/myproposal.h     2012-11-13 18:07:14.142965345 -0500
242  @@ -47,6 +47,8 @@
243         "arcfour256,arcfour128," \
244         "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \
245 @@ -1148,7 +1149,7 @@
246  Common subdirectories: canonincal/openbsd-compat and kitchen_sink-done/openbsd-compat
247  diff -NupwB canonincal/packet.c kitchen_sink-done/packet.c
248  --- canonincal/packet.c        2009-09-26 00:54:00.000000000 -0400
249 -+++ kitchen_sink-done/packet.c 2010-01-06 16:14:53.000000000 -0500
250 ++++ kitchen_sink-done/packet.c 2012-11-13 18:07:14.142965345 -0500
251  @@ -835,7 +835,7 @@ packet_enable_delayed_compress(void)
252   /*
253    * Finalize packet in SSH2 format (compress, mac, encrypt, enqueue)
254 @@ -1287,7 +1288,7 @@
255  +}
256  diff -NupwB canonincal/packet.h kitchen_sink-done/packet.h
257  --- canonincal/packet.h        2009-07-05 17:11:13.000000000 -0400
258 -+++ kitchen_sink-done/packet.h 2010-01-06 14:04:18.000000000 -0500
259 ++++ kitchen_sink-done/packet.h 2012-11-13 18:07:14.142965345 -0500
260  @@ -20,6 +20,9 @@
261   
262   #include <openssl/bn.h>
263 @@ -1324,9 +1325,10 @@
264   void     packet_write_wait(void);
265   int      packet_have_data_to_write(void);
266   int      packet_not_very_much_data_to_write(void);
267 +Common subdirectories: canonincal/.pc and kitchen_sink-done/.pc
268  diff -NupwB canonincal/progressmeter.c kitchen_sink-done/progressmeter.c
269  --- canonincal/progressmeter.c 2006-08-04 22:39:40.000000000 -0400
270 -+++ kitchen_sink-done/progressmeter.c  2010-01-06 11:56:40.000000000 -0500
271 ++++ kitchen_sink-done/progressmeter.c  2012-11-13 18:07:14.142965345 -0500
272  @@ -68,6 +68,8 @@ static time_t last_update;   /* last progr
273   static char *file;            /* name of the file being transferred */
274   static off_t end_pos;         /* ending position of transfer */
275 @@ -1398,18 +1400,18 @@
276   
277   /*ARGSUSED*/
278  diff -NupwB canonincal/readconf.c kitchen_sink-done/readconf.c
279 ---- canonincal/readconf.c      2009-07-05 17:12:27.000000000 -0400
280 -+++ kitchen_sink-done/readconf.c       2010-01-06 12:00:28.000000000 -0500
281 -@@ -131,6 +131,8 @@ typedef enum {
282 -       oSendEnv, oControlPath, oControlMaster, oHashKnownHosts,
283 +--- canonincal/readconf.c      2012-11-13 18:06:35.000000000 -0500
284 ++++ kitchen_sink-done/readconf.c       2012-11-13 18:07:14.146965345 -0500
285 +@@ -136,6 +136,8 @@ typedef enum {
286         oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
287         oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication,
288 +       oProtocolKeepAlives, oSetupTimeOut,
289  +      oNoneEnabled, oTcpRcvBufPoll, oTcpRcvBuf, oNoneSwitch, oHPNDisabled,
290  +      oHPNBufferSize,
291         oDeprecated, oUnsupported
292   } OpCodes;
293   
294 -@@ -235,6 +237,12 @@ static struct {
295 +@@ -249,6 +251,12 @@ static struct {
296   #else
297         { "zeroknowledgepasswordauthentication", oUnsupported },
298   #endif
299 @@ -1419,10 +1421,10 @@
300  +      { "noneswitch", oNoneSwitch },
301  +      { "hpndisabled", oHPNDisabled },
302  +      { "hpnbuffersize", oHPNBufferSize },
303 +       { "protocolkeepalives", oProtocolKeepAlives },
304 +       { "setuptimeout", oSetupTimeOut },
305   
306 -       { NULL, oBadOption }
307 - };
308 -@@ -466,6 +474,37 @@ parse_flag:
309 +@@ -502,6 +510,37 @@ parse_flag:
310                 intptr = &options->check_host_ip;
311                 goto parse_flag;
312   
313 @@ -1460,7 +1462,7 @@
314         case oVerifyHostKeyDNS:
315                 intptr = &options->verify_host_key_dns;
316                 goto parse_yesnoask;
317 -@@ -644,6 +683,10 @@ parse_int:
318 +@@ -680,6 +719,10 @@ parse_int:
319                 intptr = &options->connection_attempts;
320                 goto parse_int;
321   
322 @@ -1471,7 +1473,7 @@
323         case oCipher:
324                 intptr = &options->cipher;
325                 arg = strdelim(&s);
326 -@@ -1071,6 +1114,12 @@ initialize_options(Options * options)
327 +@@ -1133,6 +1176,12 @@ initialize_options(Options * options)
328         options->use_roaming = -1;
329         options->visual_host_key = -1;
330         options->zero_knowledge_password_authentication = -1;
331 @@ -1484,8 +1486,8 @@
332   }
333   
334   /*
335 -@@ -1193,6 +1242,29 @@ fill_default_options(Options * options)
336 -               options->server_alive_interval = 0;
337 +@@ -1268,6 +1317,29 @@ fill_default_options(Options * options)
338 +       }
339         if (options->server_alive_count_max == -1)
340                 options->server_alive_count_max = 3;
341  +      if (options->none_switch == -1)
342 @@ -1515,9 +1517,9 @@
343                 options->control_master = 0;
344         if (options->hash_known_hosts == -1)
345  diff -NupwB canonincal/readconf.h kitchen_sink-done/readconf.h
346 ---- canonincal/readconf.h      2009-07-05 17:12:27.000000000 -0400
347 -+++ kitchen_sink-done/readconf.h       2010-01-06 11:56:44.000000000 -0500
348 -@@ -57,6 +57,11 @@ typedef struct {
349 +--- canonincal/readconf.h      2012-11-13 18:06:35.000000000 -0500
350 ++++ kitchen_sink-done/readconf.h       2012-11-13 18:07:14.146965345 -0500
351 +@@ -62,6 +62,11 @@ typedef struct {
352         int     compression_level;      /* Compression level 1 (fast) to 9
353                                          * (best). */
354         int     tcp_keep_alive; /* Set SO_KEEPALIVE. */
355 @@ -1529,7 +1531,7 @@
356         LogLevel log_level;     /* Level for logging. */
357   
358         int     port;           /* Port to connect. */
359 -@@ -102,6 +107,8 @@ typedef struct {
360 +@@ -107,6 +112,8 @@ typedef struct {
361   
362         int     enable_ssh_keysign;
363         int64_t rekey_limit;
364 @@ -1538,12 +1540,10 @@
365         int     no_host_authentication_for_localhost;
366         int     identities_only;
367         int     server_alive_interval;
368 -Common subdirectories: canonincal/regress and kitchen_sink-done/regress
369 -Common subdirectories: canonincal/scard and kitchen_sink-done/scard
370  diff -NupwB canonincal/scp.c kitchen_sink-done/scp.c
371 ---- canonincal/scp.c   2008-11-03 03:23:45.000000000 -0500
372 -+++ kitchen_sink-done/scp.c    2010-01-06 11:56:44.000000000 -0500
373 -@@ -632,7 +632,7 @@ source(int argc, char **argv)
374 +--- canonincal/scp.c   2012-11-13 18:06:35.000000000 -0500
375 ++++ kitchen_sink-done/scp.c    2012-11-13 18:07:14.146965345 -0500
376 +@@ -640,7 +640,7 @@ source(int argc, char **argv)
377         off_t i, statbytes;
378         size_t amt;
379         int fd = -1, haderr, indx;
380 @@ -1552,7 +1552,7 @@
381         int len;
382   
383         for (indx = 0; indx < argc; ++indx) {
384 -@@ -868,7 +868,7 @@ sink(int argc, char **argv)
385 +@@ -876,7 +876,7 @@ sink(int argc, char **argv)
386         mode_t mode, omode, mask;
387         off_t size, statbytes;
388         int setimes, targisdir, wrerrno = 0;
389 @@ -1562,12 +1562,12 @@
390   
391   #define       atime   tv[0]
392  diff -NupwB canonincal/servconf.c kitchen_sink-done/servconf.c
393 ---- canonincal/servconf.c      2009-06-21 06:26:17.000000000 -0400
394 -+++ kitchen_sink-done/servconf.c       2010-01-06 11:56:44.000000000 -0500
395 -@@ -128,11 +128,20 @@ initialize_server_options(ServerOptions 
396 -       options->adm_forced_command = NULL;
397 +--- canonincal/servconf.c      2012-11-13 18:06:35.000000000 -0500
398 ++++ kitchen_sink-done/servconf.c       2012-11-13 18:07:14.150965345 -0500
399 +@@ -133,11 +133,20 @@ initialize_server_options(ServerOptions 
400         options->chroot_directory = NULL;
401         options->zero_knowledge_password_authentication = -1;
402 +       options->debian_banner = -1;
403  +      options->none_enabled = -1;
404  +      options->tcp_rcv_buf_poll = -1;
405  +      options->hpn_disabled = -1;
406 @@ -1585,9 +1585,9 @@
407         /* Portable-specific options */
408         if (options->use_pam == -1)
409                 options->use_pam = 0;
410 -@@ -262,6 +271,42 @@ fill_default_server_options(ServerOption
411 -       if (options->zero_knowledge_password_authentication == -1)
412 -               options->zero_knowledge_password_authentication = 0;
413 +@@ -277,6 +286,42 @@ fill_default_server_options(ServerOption
414 +       if (options->debian_banner == -1)
415 +               options->debian_banner = 1;
416   
417  +      if (options->hpn_disabled == -1) 
418  +              options->hpn_disabled = 0;
419 @@ -1628,18 +1628,18 @@
420         /* Turn privilege separation on by default */
421         if (use_privsep == -1)
422                 use_privsep = 1;
423 -@@ -306,6 +351,7 @@ typedef enum {
424 -       sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
425 +@@ -324,6 +369,7 @@ typedef enum {
426         sUsePrivilegeSeparation, sAllowAgentForwarding,
427         sZeroKnowledgePasswordAuthentication,
428 +       sDebianBanner,
429  +      sNoneEnabled, sTcpRcvBufPoll, sHPNDisabled, sHPNBufferSize,
430         sDeprecated, sUnsupported
431   } ServerOpCodes;
432   
433 -@@ -424,6 +470,10 @@ static struct {
434 -       { "permitopen", sPermitOpen, SSHCFG_ALL },
435 +@@ -454,6 +500,10 @@ static struct {
436         { "forcecommand", sForceCommand, SSHCFG_ALL },
437         { "chrootdirectory", sChrootDirectory, SSHCFG_ALL },
438 +       { "debianbanner", sDebianBanner, SSHCFG_GLOBAL },
439  +      { "noneenabled", sNoneEnabled },
440  +      { "hpndisabled", sHPNDisabled },
441  +      { "hpnbuffersize", sHPNBufferSize },
442 @@ -1647,7 +1647,7 @@
443         { NULL, sBadOption, 0 }
444   };
445   
446 -@@ -450,6 +500,7 @@ parse_token(const char *cp, const char *
447 +@@ -480,6 +530,7 @@ parse_token(const char *cp, const char *
448   
449         for (i = 0; keywords[i].name; i++)
450                 if (strcasecmp(cp, keywords[i].name) == 0) {
451 @@ -1655,7 +1655,7 @@
452                         *flags = keywords[i].flags;
453                         return keywords[i].opcode;
454                 }
455 -@@ -847,6 +898,22 @@ process_server_config_line(ServerOptions
456 +@@ -877,6 +928,22 @@ process_server_config_line(ServerOptions
457                         *intptr = value;
458                 break;
459   
460 @@ -1679,9 +1679,9 @@
461                 intptr = &options->ignore_user_known_hosts;
462                 goto parse_flag;
463  diff -NupwB canonincal/servconf.h kitchen_sink-done/servconf.h
464 ---- canonincal/servconf.h      2009-01-28 00:31:23.000000000 -0500
465 -+++ kitchen_sink-done/servconf.h       2010-01-06 11:56:44.000000000 -0500
466 -@@ -145,6 +145,10 @@ typedef struct {
467 +--- canonincal/servconf.h      2012-11-13 18:06:35.000000000 -0500
468 ++++ kitchen_sink-done/servconf.h       2012-11-13 18:07:14.150965345 -0500
469 +@@ -149,6 +149,10 @@ typedef struct {
470         char   *adm_forced_command;
471   
472         int     use_pam;                /* Enable auth via PAM */
473 @@ -1693,8 +1693,8 @@
474         int     permit_tun;
475   
476  diff -NupwB canonincal/serverloop.c kitchen_sink-done/serverloop.c
477 ---- canonincal/serverloop.c    2009-09-08 21:07:28.000000000 -0400
478 -+++ kitchen_sink-done/serverloop.c     2010-01-06 11:56:44.000000000 -0500
479 +--- canonincal/serverloop.c    2012-11-13 18:06:35.000000000 -0500
480 ++++ kitchen_sink-done/serverloop.c     2012-11-13 18:07:14.150965345 -0500
481  @@ -94,10 +94,10 @@ static int fdin;           /* Descriptor for stdi
482   static int fdout;             /* Descriptor for stdout (for reading);
483                                    May be same number as fdin. */
484 @@ -1802,9 +1802,9 @@
485                 debug("session open failed, free channel %d", c->self);
486                 channel_free(c);
487  diff -NupwB canonincal/session.c kitchen_sink-done/session.c
488 ---- canonincal/session.c       2009-08-20 02:20:50.000000000 -0400
489 -+++ kitchen_sink-done/session.c        2010-01-06 11:56:44.000000000 -0500
490 -@@ -230,6 +230,7 @@ auth_input_request_forwarding(struct pas
491 +--- canonincal/session.c       2012-11-13 18:06:35.000000000 -0500
492 ++++ kitchen_sink-done/session.c        2012-11-13 18:07:14.150965345 -0500
493 +@@ -231,6 +231,7 @@ auth_input_request_forwarding(struct pas
494         }
495   
496         /* Allocate a channel for the authentication agent socket. */
497 @@ -1812,7 +1812,7 @@
498         nc = channel_new("auth socket",
499             SSH_CHANNEL_AUTH_SOCKET, sock, sock, -1,
500             CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
501 -@@ -2295,10 +2296,16 @@ session_set_fds(Session *s, int fdin, in
502 +@@ -2304,10 +2305,16 @@ session_set_fds(Session *s, int fdin, in
503          */
504         if (s->chanid == -1)
505                 fatal("no channel for session %d", s->self);
506 @@ -1831,7 +1831,7 @@
507   /*
508  diff -NupwB canonincal/sftp.1 kitchen_sink-done/sftp.1
509  --- canonincal/sftp.1  2009-01-28 00:14:09.000000000 -0500
510 -+++ kitchen_sink-done/sftp.1   2010-01-06 11:56:44.000000000 -0500
511 ++++ kitchen_sink-done/sftp.1   2012-11-13 18:07:14.150965345 -0500
512  @@ -203,7 +203,8 @@ This option may be useful in debugging t
513   Specify how many requests may be outstanding at any one time.
514   Increasing this may slightly improve file transfer speed
515 @@ -1844,7 +1844,7 @@
516   .Ar program
517  diff -NupwB canonincal/sftp.c kitchen_sink-done/sftp.c
518  --- canonincal/sftp.c  2009-02-14 00:26:19.000000000 -0500
519 -+++ kitchen_sink-done/sftp.c   2010-01-06 11:56:44.000000000 -0500
520 ++++ kitchen_sink-done/sftp.c   2012-11-13 18:07:14.150965345 -0500
521  @@ -75,7 +75,7 @@ int batchmode = 0;
522   size_t copy_buffer_len = 32768;
523   
524 @@ -1855,9 +1855,9 @@
525   /* PID of ssh transport process */
526   static pid_t sshpid = -1;
527  diff -NupwB canonincal/ssh.c kitchen_sink-done/ssh.c
528 ---- canonincal/ssh.c   2009-07-05 17:16:56.000000000 -0400
529 -+++ kitchen_sink-done/ssh.c    2010-01-06 11:56:44.000000000 -0500
530 -@@ -494,9 +494,6 @@ main(int ac, char **av)
531 +--- canonincal/ssh.c   2012-11-13 18:06:35.000000000 -0500
532 ++++ kitchen_sink-done/ssh.c    2012-11-13 18:07:14.154965345 -0500
533 +@@ -499,9 +499,6 @@ main(int ac, char **av)
534                         no_shell_flag = 1;
535                         no_tty_flag = 1;
536                         break;
537 @@ -1867,7 +1867,7 @@
538                 case 'o':
539                         dummy = 1;
540                         line = xstrdup(optarg);
541 -@@ -505,6 +502,13 @@ main(int ac, char **av)
542 +@@ -510,6 +507,13 @@ main(int ac, char **av)
543                                 exit(255);
544                         xfree(line);
545                         break;
546 @@ -1881,7 +1881,7 @@
547                 case 's':
548                         subsystem_flag = 1;
549                         break;
550 -@@ -1145,6 +1149,9 @@ ssh_session2_open(void)
551 +@@ -1150,6 +1154,9 @@ ssh_session2_open(void)
552   {
553         Channel *c;
554         int window, packetmax, in, out, err;
555 @@ -1891,7 +1891,7 @@
556   
557         if (stdin_null_flag) {
558                 in = open(_PATH_DEVNULL, O_RDONLY);
559 -@@ -1165,9 +1172,75 @@ ssh_session2_open(void)
560 +@@ -1170,9 +1177,75 @@ ssh_session2_open(void)
561         if (!isatty(err))
562                 set_nonblock(err);
563   
564 @@ -1968,7 +1968,7 @@
565                 window >>= 1;
566                 packetmax >>= 1;
567         }
568 -@@ -1175,7 +1248,10 @@ ssh_session2_open(void)
569 +@@ -1180,7 +1253,10 @@ ssh_session2_open(void)
570             "session", SSH_CHANNEL_OPENING, in, out, err,
571             window, packetmax, CHAN_EXTENDED_WRITE,
572             "client-session", /*nonblock*/0);
573 @@ -1981,8 +1981,8 @@
574   
575         channel_send_open(c->self);
576  diff -NupwB canonincal/sshconnect.c kitchen_sink-done/sshconnect.c
577 ---- canonincal/sshconnect.c    2009-06-21 04:53:53.000000000 -0400
578 -+++ kitchen_sink-done/sshconnect.c     2010-01-06 12:02:31.000000000 -0500
579 +--- canonincal/sshconnect.c    2012-11-13 18:06:35.000000000 -0500
580 ++++ kitchen_sink-done/sshconnect.c     2012-11-13 18:07:14.154965345 -0500
581  @@ -166,6 +166,31 @@ ssh_proxy_connect(const char *host, u_sh
582   }
583   
584 @@ -2034,18 +2034,9 @@
585         /* Bind the socket to an alternative local IP address */
586         if (options.bind_address == NULL)
587                 return sock;
588 -@@ -537,7 +568,7 @@ ssh_exchange_identification(int timeout_
589 -       snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s",
590 -           compat20 ? PROTOCOL_MAJOR_2 : PROTOCOL_MAJOR_1,
591 -           compat20 ? PROTOCOL_MINOR_2 : minor1,
592 --          SSH_VERSION, compat20 ? "\r\n" : "\n");
593 -+          SSH_RELEASE, compat20 ? "\r\n" : "\n");
594 -       if (roaming_atomicio(vwrite, connection_out, buf, strlen(buf))
595 -           != strlen(buf))
596 -               fatal("write: %.100s", strerror(errno));
597  diff -NupwB canonincal/sshconnect2.c kitchen_sink-done/sshconnect2.c
598 ---- canonincal/sshconnect2.c   2009-03-05 08:58:22.000000000 -0500
599 -+++ kitchen_sink-done/sshconnect2.c    2010-01-06 11:56:44.000000000 -0500
600 +--- canonincal/sshconnect2.c   2012-11-13 18:06:35.000000000 -0500
601 ++++ kitchen_sink-done/sshconnect2.c    2012-11-13 18:07:14.154965345 -0500
602  @@ -79,6 +79,12 @@
603   extern char *client_version_string;
604   extern char *server_version_string;
605 @@ -2059,7 +2050,7 @@
606   
607   /*
608    * SSH2 key exchange
609 -@@ -351,6 +357,28 @@ ssh_userauth2(const char *local_user, co
610 +@@ -414,6 +420,28 @@ ssh_userauth2(const char *local_user, co
611         pubkey_cleanup(&authctxt);
612         dispatch_range(SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL);
613   
614 @@ -2089,9 +2080,9 @@
615   }
616   
617  diff -NupwB canonincal/sshd.c kitchen_sink-done/sshd.c
618 ---- canonincal/sshd.c  2009-06-21 06:26:17.000000000 -0400
619 -+++ kitchen_sink-done/sshd.c   2010-01-06 11:56:44.000000000 -0500
620 -@@ -137,6 +137,9 @@ int deny_severity;
621 +--- canonincal/sshd.c  2012-11-13 18:06:35.000000000 -0500
622 ++++ kitchen_sink-done/sshd.c   2012-11-13 18:07:14.154965345 -0500
623 +@@ -141,6 +141,9 @@ int deny_severity;
624   #define REEXEC_CONFIG_PASS_FD         (STDERR_FILENO + 3)
625   #define REEXEC_MIN_FREE_FD            (STDERR_FILENO + 4)
626   
627 @@ -2101,16 +2092,7 @@
628   extern char *__progname;
629   
630   /* Server configuration options. */
631 -@@ -416,7 +419,7 @@ sshd_exchange_identification(int sock_in
632 -               minor = PROTOCOL_MINOR_1;
633 -       }
634 -       snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", major, minor,
635 --          SSH_VERSION, newline);
636 -+          SSH_RELEASE, newline);
637 -       server_version_string = xstrdup(buf);
638
639 -       /* Send our protocol version identification. */
640 -@@ -467,6 +470,9 @@ sshd_exchange_identification(int sock_in
641 +@@ -478,6 +481,9 @@ sshd_exchange_identification(int sock_in
642         }
643         debug("Client protocol version %d.%d; client software version %.100s",
644             remote_major, remote_minor, remote_version);
645 @@ -2120,7 +2102,7 @@
646   
647         compat_datafellows(remote_version);
648   
649 -@@ -945,6 +951,8 @@ server_listen(void)
650 +@@ -981,6 +987,8 @@ server_listen(void)
651         int ret, listen_sock, on = 1;
652         struct addrinfo *ai;
653         char ntop[NI_MAXHOST], strport[NI_MAXSERV];
654 @@ -2129,7 +2111,7 @@
655   
656         for (ai = options.listen_addrs; ai; ai = ai->ai_next) {
657                 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
658 -@@ -991,6 +999,11 @@ server_listen(void)
659 +@@ -1027,6 +1035,11 @@ server_listen(void)
660   
661                 debug("Bind to port %s on %s.", strport, ntop);
662   
663 @@ -2141,17 +2123,17 @@
664                 /* Bind the socket to the desired port. */
665                 if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) {
666                         error("Bind to port %s on %s failed: %.200s.",
667 -@@ -1818,6 +1831,9 @@ main(int ac, char **av)
668 +@@ -1876,6 +1889,9 @@ main(int ac, char **av)
669         /* Log the connection. */
670         verbose("Connection from %.500s port %d", remote_ip, remote_port);
671   
672  +      /* set the HPN options for the child */
673  +      channel_set_hpn(options.hpn_disabled, options.hpn_buffer_size);
674  +
675 + #ifdef USE_SECURITY_SESSION_API
676         /*
677 -        * We don't want to listen forever unless the other side
678 -        * successfully authenticates itself.  So we set up an alarm which is
679 -@@ -2172,9 +2188,15 @@ do_ssh2_kex(void)
680 +        * Create a new security session for use by the new user login if
681 +@@ -2284,9 +2300,15 @@ do_ssh2_kex(void)
682   {
683         Kex *kex;
684   
685 @@ -2168,9 +2150,9 @@
686         myproposal[PROPOSAL_ENC_ALGS_CTOS] =
687             compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]);
688  diff -NupwB canonincal/sshd_config kitchen_sink-done/sshd_config
689 ---- canonincal/sshd_config     2008-07-02 08:35:43.000000000 -0400
690 -+++ kitchen_sink-done/sshd_config      2010-01-06 11:56:44.000000000 -0500
691 -@@ -112,6 +112,20 @@ Protocol 2
692 +--- canonincal/sshd_config     2012-11-13 18:06:35.000000000 -0500
693 ++++ kitchen_sink-done/sshd_config      2012-11-13 18:07:14.154965345 -0500
694 +@@ -115,6 +115,20 @@ Protocol 2
695   # override default of no subsystems
696   Subsystem     sftp    /usr/libexec/sftp-server
697   
698 @@ -2192,12 +2174,15 @@
699   #Match User anoncvs
700   #     X11Forwarding no
701  diff -NupwB canonincal/version.h kitchen_sink-done/version.h
702 ---- canonincal/version.h       2009-07-05 17:13:04.000000000 -0400
703 -+++ kitchen_sink-done/version.h        2010-01-06 16:54:49.000000000 -0500
704 -@@ -3,4 +3,5 @@
705 +--- canonincal/version.h       2012-11-13 18:06:35.000000000 -0500
706 ++++ kitchen_sink-done/version.h        2012-11-13 18:07:14.154965345 -0500
707 +@@ -3,7 +3,8 @@
708   #define SSH_VERSION   "OpenSSH_5.3"
709   
710   #define SSH_PORTABLE  "p1"
711 --#define SSH_RELEASE   SSH_VERSION SSH_PORTABLE
712 +-#define SSH_RELEASE_MINIMUM   SSH_VERSION SSH_PORTABLE
713  +#define SSH_HPN         "-hpn13v7"
714 -+#define SSH_RELEASE   SSH_VERSION SSH_PORTABLE SSH_HPN
715 ++#define SSH_RELEASE_MINIMUM   SSH_VERSION SSH_PORTABLE SSH_HPN
716 + #ifdef SSH_EXTRAVERSION
717 + #define SSH_RELEASE   SSH_RELEASE_MINIMUM " " SSH_EXTRAVERSION
718 + #else