Ajouté la patch et un makefile pour produire un paquet patché avec HPN
authorNicolas Cadou <ncadou@cadou.ca>
Tue, 13 Nov 2012 23:55:09 +0000 (18:55 -0500)
committerNicolas Cadou <ncadou@cadou.ca>
Tue, 13 Nov 2012 23:55:09 +0000 (18:55 -0500)
Makefile [new file with mode: 0644]
openssh-5.3p1-hpn13v7.diff.auf-patch [new file with mode: 0644]
openssh-5.3p1-hpn13v7.diff.gz [new file with mode: 0644]

diff --git a/Makefile b/Makefile
new file mode 100644 (file)
index 0000000..731fdf2
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,14 @@
+
+lucid:
+       grep DGET_VERIFY=no ~/.devscripts \
+               || (echo 'SVP ajoutez "DGET_VERIFY=no" à ~/.devscripts'; false)
+       rm -r openssh-5.3p1
+       dget http://archive.ubuntu.com/ubuntu/pool/main/o/openssh/openssh_5.3p1-3ubuntu3.dsc
+       # Get the following patch from http://www.psc.edu/index.php/component/remository/HPN-SSH/OpenSSH-5.3-patches/OpenSSH-5.3-Kitchen-Sink-patch/
+       zcat openssh-5.3p1-hpn13v7.diff.gz > openssh-5.3p1-hpn13v7.diff
+       patch openssh-5.3p1-hpn13v7.diff < openssh-5.3p1-hpn13v7.diff.auf-patch
+       asrt
+       (cd openssh-5.3p1; \
+               cat ../openssh-5.3p1-hpn13v7.diff | patch -p1; \
+               debuild -us -uc; \
+       )
diff --git a/openssh-5.3p1-hpn13v7.diff.auf-patch b/openssh-5.3p1-hpn13v7.diff.auf-patch
new file mode 100644 (file)
index 0000000..9f990a2
--- /dev/null
@@ -0,0 +1,718 @@
+--- openssh-5.3p1-hpn13v7.diff.orig    2012-11-13 16:50:13.483128779 -0500
++++ openssh-5.3p1-hpn13v7.diff.auf     2012-11-13 18:24:09.482929432 -0500
+@@ -1,6 +1,6 @@
+ diff -NupwB canonincal/HPN-README kitchen_sink-done/HPN-README
+ --- canonincal/HPN-README     1969-12-31 19:00:00.000000000 -0500
+-+++ kitchen_sink-done/HPN-README      2010-01-06 11:56:40.000000000 -0500
+++++ kitchen_sink-done/HPN-README      2012-11-13 18:07:14.134965345 -0500
+ @@ -0,0 +1,128 @@
+ +Notes:
+ +
+@@ -131,9 +131,9 @@
+ +         by Cisco System, Inc., the National Library of Medicine, 
+ +      and the National Science Foundation. 
+ diff -NupwB canonincal/Makefile.in kitchen_sink-done/Makefile.in
+---- canonincal/Makefile.in    2009-08-27 20:47:38.000000000 -0400
+-+++ kitchen_sink-done/Makefile.in     2010-01-06 11:56:40.000000000 -0500
+-@@ -43,7 +43,7 @@ CC=@CC@
++--- canonincal/Makefile.in    2012-11-13 18:06:35.000000000 -0500
+++++ kitchen_sink-done/Makefile.in     2012-11-13 18:07:14.134965345 -0500
++@@ -45,7 +45,7 @@ CC=@CC@
+  LD=@LD@
+  CFLAGS=@CFLAGS@
+  CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
+@@ -142,7 +142,7 @@
+  SSHDLIBS=@SSHDLIBS@
+  LIBEDIT=@LIBEDIT@
+  AR=@AR@
+-@@ -64,7 +64,7 @@ TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-a
++@@ -66,7 +66,7 @@ TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-a
+  
+  LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o bufbn.o buffer.o \
+       canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \
+@@ -152,8 +152,8 @@
+       log.o match.o md-sha256.o moduli.o nchan.o packet.o \
+       readpass.o rsa.o ttymodes.o xmalloc.o addrmatch.o \
+ diff -NupwB canonincal/auth2.c kitchen_sink-done/auth2.c
+---- canonincal/auth2.c        2009-06-22 02:11:07.000000000 -0400
+-+++ kitchen_sink-done/auth2.c 2010-01-06 11:56:40.000000000 -0500
++--- canonincal/auth2.c        2012-11-13 18:06:35.000000000 -0500
+++++ kitchen_sink-done/auth2.c 2012-11-13 18:07:14.138965345 -0500
+ @@ -49,6 +49,7 @@
+  #include "dispatch.h"
+  #include "pathnames.h"
+@@ -162,7 +162,7 @@
+  
+  #ifdef GSSAPI
+  #include "ssh-gss.h"
+-@@ -75,6 +76,9 @@ extern Authmethod method_gssapi;
++@@ -76,6 +77,9 @@ extern Authmethod method_gssapi;
+  extern Authmethod method_jpake;
+  #endif
+  
+@@ -172,7 +172,7 @@
+  Authmethod *authmethods[] = {
+       &method_none,
+       &method_pubkey,
+-@@ -225,6 +229,11 @@ input_userauth_request(int type, u_int32
++@@ -227,6 +231,11 @@ input_userauth_request(int type, u_int32
+       service = packet_get_string(NULL);
+       method = packet_get_string(NULL);
+       debug("userauth-request for user %s service %s method %s", user, service, method);
+@@ -183,10 +183,10 @@
+ +     }
+       debug("attempt %d failures %d", authctxt->attempt, authctxt->failures);
+  
+-      if ((style = strchr(user, ':')) != NULL)
++      if ((role = strchr(user, '/')) != NULL)
+ diff -NupwB canonincal/buffer.c kitchen_sink-done/buffer.c
+ --- canonincal/buffer.c       2006-08-04 22:39:39.000000000 -0400
+-+++ kitchen_sink-done/buffer.c        2010-01-06 11:56:40.000000000 -0500
+++++ kitchen_sink-done/buffer.c        2012-11-13 18:07:14.138965345 -0500
+ @@ -127,7 +127,7 @@ restart:
+  
+       /* Increase the size of the buffer and retry. */
+@@ -198,7 +198,7 @@
+       buffer->buf = xrealloc(buffer->buf, 1, newlen);
+ diff -NupwB canonincal/buffer.h kitchen_sink-done/buffer.h
+ --- canonincal/buffer.h       2008-05-19 00:59:37.000000000 -0400
+-+++ kitchen_sink-done/buffer.h        2010-01-06 11:56:40.000000000 -0500
+++++ kitchen_sink-done/buffer.h        2012-11-13 18:07:14.138965345 -0500
+ @@ -16,6 +16,9 @@
+  #ifndef BUFFER_H
+  #define BUFFER_H
+@@ -210,8 +210,8 @@
+       u_char  *buf;           /* Buffer for data. */
+       u_int    alloc;         /* Number of bytes allocated for data. */
+ diff -NupwB canonincal/channels.c kitchen_sink-done/channels.c
+---- canonincal/channels.c     2009-08-27 21:02:37.000000000 -0400
+-+++ kitchen_sink-done/channels.c      2010-01-06 11:56:40.000000000 -0500
++--- canonincal/channels.c     2012-11-13 18:06:35.000000000 -0500
+++++ kitchen_sink-done/channels.c      2012-11-13 18:07:14.138965345 -0500
+ @@ -169,8 +169,14 @@ static void port_open_helper(Channel *c,
+  static int connect_next(struct channel_connect *);
+  static void channel_connect_ctx_free(struct channel_connect *);
+@@ -374,7 +374,7 @@
+               c->path = xstrdup(host);
+               c->host_port = port_to_connect;
+               c->listening_port = listen_port;
+-@@ -3153,10 +3208,17 @@ x11_create_display_inet(int x11_display_
++@@ -3157,10 +3212,17 @@ x11_create_display_inet(int x11_display_
+       *chanids = xcalloc(num_socks + 1, sizeof(**chanids));
+       for (n = 0; n < num_socks; n++) {
+               sock = socks[n];
+@@ -394,7 +394,7 @@
+       }
+ diff -NupwB canonincal/channels.h kitchen_sink-done/channels.h
+ --- canonincal/channels.h     2009-02-14 00:28:21.000000000 -0500
+-+++ kitchen_sink-done/channels.h      2010-01-06 11:56:40.000000000 -0500
+++++ kitchen_sink-done/channels.h      2012-11-13 18:07:14.138965345 -0500
+ @@ -115,8 +115,10 @@ struct Channel {
+       u_int   local_window_max;
+       u_int   local_consumed;
+@@ -439,7 +439,7 @@
+  #endif
+ diff -NupwB canonincal/cipher-ctr-mt.c kitchen_sink-done/cipher-ctr-mt.c
+ --- canonincal/cipher-ctr-mt.c        1969-12-31 19:00:00.000000000 -0500
+-+++ kitchen_sink-done/cipher-ctr-mt.c 2010-01-06 11:56:40.000000000 -0500
+++++ kitchen_sink-done/cipher-ctr-mt.c 2012-11-13 18:07:14.138965345 -0500
+ @@ -0,0 +1,473 @@
+ +/*
+ + * OpenSSH Multi-threaded AES-CTR Cipher
+@@ -916,7 +916,7 @@
+ +}
+ diff -NupwB canonincal/cipher.c kitchen_sink-done/cipher.c
+ --- canonincal/cipher.c       2009-01-28 00:38:41.000000000 -0500
+-+++ kitchen_sink-done/cipher.c        2010-01-06 11:56:40.000000000 -0500
+++++ kitchen_sink-done/cipher.c        2012-11-13 18:07:14.138965345 -0500
+ @@ -55,6 +55,7 @@ extern const EVP_CIPHER *evp_ssh1_bf(voi
+  extern const EVP_CIPHER *evp_ssh1_3des(void);
+  extern void ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int);
+@@ -965,9 +965,9 @@
+       case SSH_CIPHER_DES:
+       case SSH_CIPHER_BLOWFISH:
+ diff -NupwB canonincal/clientloop.c kitchen_sink-done/clientloop.c
+---- canonincal/clientloop.c   2009-08-27 21:21:07.000000000 -0400
+-+++ kitchen_sink-done/clientloop.c    2010-01-06 11:56:40.000000000 -0500
+-@@ -1697,9 +1697,15 @@ client_request_x11(const char *request_t
++--- canonincal/clientloop.c   2012-11-13 18:06:35.000000000 -0500
+++++ kitchen_sink-done/clientloop.c    2012-11-13 18:07:14.138965345 -0500
++@@ -1717,9 +1717,15 @@ client_request_x11(const char *request_t
+       sock = x11_connect_display();
+       if (sock < 0)
+               return NULL;
+@@ -983,7 +983,7 @@
+       c->force_drain = 1;
+       return c;
+  }
+-@@ -1719,9 +1725,15 @@ client_request_agent(const char *request
++@@ -1739,9 +1745,15 @@ client_request_agent(const char *request
+       sock = ssh_get_authentication_socket();
+       if (sock < 0)
+               return NULL;
+@@ -1000,7 +1000,7 @@
+           "authentication agent connection", 1);
+       c->force_drain = 1;
+       return c;
+-@@ -1749,10 +1761,18 @@ client_request_tun_fwd(int tun_mode, int
++@@ -1769,10 +1781,18 @@ client_request_tun_fwd(int tun_mode, int
+               return -1;
+       }
+  
+@@ -1022,7 +1022,7 @@
+               channel_register_filter(c->self, sys_tun_infilter,
+ diff -NupwB canonincal/compat.c kitchen_sink-done/compat.c
+ --- canonincal/compat.c       2008-11-03 03:20:14.000000000 -0500
+-+++ kitchen_sink-done/compat.c        2010-01-06 11:56:40.000000000 -0500
+++++ kitchen_sink-done/compat.c        2012-11-13 18:07:14.138965345 -0500
+ @@ -170,6 +170,15 @@ compat_datafellows(const char *version)
+                   strlen(check[i].pat), 0) == 1) {
+                       debug("match: %s pat %s", version, check[i].pat);
+@@ -1041,7 +1041,7 @@
+       }
+ diff -NupwB canonincal/compat.h kitchen_sink-done/compat.h
+ --- canonincal/compat.h       2008-11-03 03:20:14.000000000 -0500
+-+++ kitchen_sink-done/compat.h        2010-01-06 11:56:40.000000000 -0500
+++++ kitchen_sink-done/compat.h        2012-11-13 18:07:14.142965345 -0500
+ @@ -58,6 +58,7 @@
+  #define SSH_OLD_FORWARD_ADDR 0x01000000
+  #define SSH_BUG_RFWD_ADDR    0x02000000
+@@ -1051,18 +1051,19 @@
+  void     enable_compat13(void);
+  void     enable_compat20(void);
+ Common subdirectories: canonincal/contrib and kitchen_sink-done/contrib
++Common subdirectories: canonincal/debian and kitchen_sink-done/debian
+ diff -NupwB canonincal/kex.c kitchen_sink-done/kex.c
+---- canonincal/kex.c  2009-06-21 04:15:25.000000000 -0400
+-+++ kitchen_sink-done/kex.c   2010-01-06 11:56:40.000000000 -0500
++--- canonincal/kex.c  2012-11-13 18:06:35.000000000 -0500
+++++ kitchen_sink-done/kex.c   2012-11-13 18:07:14.142965345 -0500
+ @@ -48,6 +48,7 @@
+  #include "match.h"
+  #include "dispatch.h"
+  #include "monitor.h"
+ +#include "canohost.h"
+  
+- #if OPENSSL_VERSION_NUMBER >= 0x00907000L
+- # if defined(HAVE_EVP_SHA256)
+-@@ -62,7 +63,8 @@ static void kex_kexinit_finish(Kex *);
++ #ifdef GSSAPI
++ #include "ssh-gss.h"
++@@ -66,7 +67,8 @@ static void kex_kexinit_finish(Kex *);
+  static void kex_choose_conf(Kex *);
+  
+  /* put algorithm proposal into buffer */
+@@ -1072,7 +1073,7 @@
+  kex_prop2buf(Buffer *b, char *proposal[PROPOSAL_MAX])
+  {
+       u_int i;
+-@@ -374,6 +376,13 @@ kex_choose_conf(Kex *kex)
++@@ -392,6 +394,13 @@ kex_choose_conf(Kex *kex)
+       int nenc, nmac, ncomp;
+       u_int mode, ctos, need;
+       int first_kex_follows, type;
+@@ -1086,7 +1087,7 @@
+  
+       my   = kex_buf2prop(&kex->my, NULL);
+       peer = kex_buf2prop(&kex->peer, &first_kex_follows);
+-@@ -398,11 +407,34 @@ kex_choose_conf(Kex *kex)
++@@ -416,11 +425,34 @@ kex_choose_conf(Kex *kex)
+               choose_enc (&newkeys->enc,  cprop[nenc],  sprop[nenc]);
+               choose_mac (&newkeys->mac,  cprop[nmac],  sprop[nmac]);
+               choose_comp(&newkeys->comp, cprop[ncomp], sprop[ncomp]);
+@@ -1122,9 +1123,9 @@
+       choose_kex(kex, cprop[PROPOSAL_KEX_ALGS], sprop[PROPOSAL_KEX_ALGS]);
+       choose_hostkeyalg(kex, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS],
+ diff -NupwB canonincal/kex.h kitchen_sink-done/kex.h
+---- canonincal/kex.h  2009-06-21 04:15:25.000000000 -0400
+-+++ kitchen_sink-done/kex.h   2010-01-06 11:56:40.000000000 -0500
+-@@ -129,6 +129,8 @@ struct Kex {
++--- canonincal/kex.h  2012-11-13 18:06:35.000000000 -0500
+++++ kitchen_sink-done/kex.h   2012-11-13 18:07:14.142965345 -0500
++@@ -138,6 +138,8 @@ struct Kex {
+       void    (*kex[KEX_MAX])(Kex *);
+  };
+  
+@@ -1135,7 +1136,7 @@
+  
+ diff -NupwB canonincal/myproposal.h kitchen_sink-done/myproposal.h
+ --- canonincal/myproposal.h   2009-01-28 00:33:31.000000000 -0500
+-+++ kitchen_sink-done/myproposal.h    2010-01-06 11:56:40.000000000 -0500
+++++ kitchen_sink-done/myproposal.h    2012-11-13 18:07:14.142965345 -0500
+ @@ -47,6 +47,8 @@
+       "arcfour256,arcfour128," \
+       "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \
+@@ -1148,7 +1149,7 @@
+ Common subdirectories: canonincal/openbsd-compat and kitchen_sink-done/openbsd-compat
+ diff -NupwB canonincal/packet.c kitchen_sink-done/packet.c
+ --- canonincal/packet.c       2009-09-26 00:54:00.000000000 -0400
+-+++ kitchen_sink-done/packet.c        2010-01-06 16:14:53.000000000 -0500
+++++ kitchen_sink-done/packet.c        2012-11-13 18:07:14.142965345 -0500
+ @@ -835,7 +835,7 @@ packet_enable_delayed_compress(void)
+  /*
+   * Finalize packet in SSH2 format (compress, mac, encrypt, enqueue)
+@@ -1287,7 +1288,7 @@
+ +}
+ diff -NupwB canonincal/packet.h kitchen_sink-done/packet.h
+ --- canonincal/packet.h       2009-07-05 17:11:13.000000000 -0400
+-+++ kitchen_sink-done/packet.h        2010-01-06 14:04:18.000000000 -0500
+++++ kitchen_sink-done/packet.h        2012-11-13 18:07:14.142965345 -0500
+ @@ -20,6 +20,9 @@
+  
+  #include <openssl/bn.h>
+@@ -1324,9 +1325,10 @@
+  void     packet_write_wait(void);
+  int      packet_have_data_to_write(void);
+  int      packet_not_very_much_data_to_write(void);
++Common subdirectories: canonincal/.pc and kitchen_sink-done/.pc
+ diff -NupwB canonincal/progressmeter.c kitchen_sink-done/progressmeter.c
+ --- canonincal/progressmeter.c        2006-08-04 22:39:40.000000000 -0400
+-+++ kitchen_sink-done/progressmeter.c 2010-01-06 11:56:40.000000000 -0500
+++++ kitchen_sink-done/progressmeter.c 2012-11-13 18:07:14.142965345 -0500
+ @@ -68,6 +68,8 @@ static time_t last_update;  /* last progr
+  static char *file;           /* name of the file being transferred */
+  static off_t end_pos;                /* ending position of transfer */
+@@ -1398,18 +1400,18 @@
+  
+  /*ARGSUSED*/
+ diff -NupwB canonincal/readconf.c kitchen_sink-done/readconf.c
+---- canonincal/readconf.c     2009-07-05 17:12:27.000000000 -0400
+-+++ kitchen_sink-done/readconf.c      2010-01-06 12:00:28.000000000 -0500
+-@@ -131,6 +131,8 @@ typedef enum {
+-      oSendEnv, oControlPath, oControlMaster, oHashKnownHosts,
++--- canonincal/readconf.c     2012-11-13 18:06:35.000000000 -0500
+++++ kitchen_sink-done/readconf.c      2012-11-13 18:07:14.146965345 -0500
++@@ -136,6 +136,8 @@ typedef enum {
+       oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
+       oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication,
++      oProtocolKeepAlives, oSetupTimeOut,
+ +     oNoneEnabled, oTcpRcvBufPoll, oTcpRcvBuf, oNoneSwitch, oHPNDisabled,
+ +     oHPNBufferSize,
+       oDeprecated, oUnsupported
+  } OpCodes;
+  
+-@@ -235,6 +237,12 @@ static struct {
++@@ -249,6 +251,12 @@ static struct {
+  #else
+       { "zeroknowledgepasswordauthentication", oUnsupported },
+  #endif
+@@ -1419,10 +1421,10 @@
+ +     { "noneswitch", oNoneSwitch },
+ +     { "hpndisabled", oHPNDisabled },
+ +     { "hpnbuffersize", oHPNBufferSize },
++      { "protocolkeepalives", oProtocolKeepAlives },
++      { "setuptimeout", oSetupTimeOut },
+  
+-      { NULL, oBadOption }
+- };
+-@@ -466,6 +474,37 @@ parse_flag:
++@@ -502,6 +510,37 @@ parse_flag:
+               intptr = &options->check_host_ip;
+               goto parse_flag;
+  
+@@ -1460,7 +1462,7 @@
+       case oVerifyHostKeyDNS:
+               intptr = &options->verify_host_key_dns;
+               goto parse_yesnoask;
+-@@ -644,6 +683,10 @@ parse_int:
++@@ -680,6 +719,10 @@ parse_int:
+               intptr = &options->connection_attempts;
+               goto parse_int;
+  
+@@ -1471,7 +1473,7 @@
+       case oCipher:
+               intptr = &options->cipher;
+               arg = strdelim(&s);
+-@@ -1071,6 +1114,12 @@ initialize_options(Options * options)
++@@ -1133,6 +1176,12 @@ initialize_options(Options * options)
+       options->use_roaming = -1;
+       options->visual_host_key = -1;
+       options->zero_knowledge_password_authentication = -1;
+@@ -1484,8 +1486,8 @@
+  }
+  
+  /*
+-@@ -1193,6 +1242,29 @@ fill_default_options(Options * options)
+-              options->server_alive_interval = 0;
++@@ -1268,6 +1317,29 @@ fill_default_options(Options * options)
++      }
+       if (options->server_alive_count_max == -1)
+               options->server_alive_count_max = 3;
+ +     if (options->none_switch == -1)
+@@ -1515,9 +1517,9 @@
+               options->control_master = 0;
+       if (options->hash_known_hosts == -1)
+ diff -NupwB canonincal/readconf.h kitchen_sink-done/readconf.h
+---- canonincal/readconf.h     2009-07-05 17:12:27.000000000 -0400
+-+++ kitchen_sink-done/readconf.h      2010-01-06 11:56:44.000000000 -0500
+-@@ -57,6 +57,11 @@ typedef struct {
++--- canonincal/readconf.h     2012-11-13 18:06:35.000000000 -0500
+++++ kitchen_sink-done/readconf.h      2012-11-13 18:07:14.146965345 -0500
++@@ -62,6 +62,11 @@ typedef struct {
+       int     compression_level;      /* Compression level 1 (fast) to 9
+                                        * (best). */
+       int     tcp_keep_alive; /* Set SO_KEEPALIVE. */
+@@ -1529,7 +1531,7 @@
+       LogLevel log_level;     /* Level for logging. */
+  
+       int     port;           /* Port to connect. */
+-@@ -102,6 +107,8 @@ typedef struct {
++@@ -107,6 +112,8 @@ typedef struct {
+  
+       int     enable_ssh_keysign;
+       int64_t rekey_limit;
+@@ -1538,12 +1540,10 @@
+       int     no_host_authentication_for_localhost;
+       int     identities_only;
+       int     server_alive_interval;
+-Common subdirectories: canonincal/regress and kitchen_sink-done/regress
+-Common subdirectories: canonincal/scard and kitchen_sink-done/scard
+ diff -NupwB canonincal/scp.c kitchen_sink-done/scp.c
+---- canonincal/scp.c  2008-11-03 03:23:45.000000000 -0500
+-+++ kitchen_sink-done/scp.c   2010-01-06 11:56:44.000000000 -0500
+-@@ -632,7 +632,7 @@ source(int argc, char **argv)
++--- canonincal/scp.c  2012-11-13 18:06:35.000000000 -0500
+++++ kitchen_sink-done/scp.c   2012-11-13 18:07:14.146965345 -0500
++@@ -640,7 +640,7 @@ source(int argc, char **argv)
+       off_t i, statbytes;
+       size_t amt;
+       int fd = -1, haderr, indx;
+@@ -1552,7 +1552,7 @@
+       int len;
+  
+       for (indx = 0; indx < argc; ++indx) {
+-@@ -868,7 +868,7 @@ sink(int argc, char **argv)
++@@ -876,7 +876,7 @@ sink(int argc, char **argv)
+       mode_t mode, omode, mask;
+       off_t size, statbytes;
+       int setimes, targisdir, wrerrno = 0;
+@@ -1562,12 +1562,12 @@
+  
+  #define      atime   tv[0]
+ diff -NupwB canonincal/servconf.c kitchen_sink-done/servconf.c
+---- canonincal/servconf.c     2009-06-21 06:26:17.000000000 -0400
+-+++ kitchen_sink-done/servconf.c      2010-01-06 11:56:44.000000000 -0500
+-@@ -128,11 +128,20 @@ initialize_server_options(ServerOptions 
+-      options->adm_forced_command = NULL;
++--- canonincal/servconf.c     2012-11-13 18:06:35.000000000 -0500
+++++ kitchen_sink-done/servconf.c      2012-11-13 18:07:14.150965345 -0500
++@@ -133,11 +133,20 @@ initialize_server_options(ServerOptions 
+       options->chroot_directory = NULL;
+       options->zero_knowledge_password_authentication = -1;
++      options->debian_banner = -1;
+ +     options->none_enabled = -1;
+ +     options->tcp_rcv_buf_poll = -1;
+ +     options->hpn_disabled = -1;
+@@ -1585,9 +1585,9 @@
+       /* Portable-specific options */
+       if (options->use_pam == -1)
+               options->use_pam = 0;
+-@@ -262,6 +271,42 @@ fill_default_server_options(ServerOption
+-      if (options->zero_knowledge_password_authentication == -1)
+-              options->zero_knowledge_password_authentication = 0;
++@@ -277,6 +286,42 @@ fill_default_server_options(ServerOption
++      if (options->debian_banner == -1)
++              options->debian_banner = 1;
+  
+ +     if (options->hpn_disabled == -1) 
+ +             options->hpn_disabled = 0;
+@@ -1628,18 +1628,18 @@
+       /* Turn privilege separation on by default */
+       if (use_privsep == -1)
+               use_privsep = 1;
+-@@ -306,6 +351,7 @@ typedef enum {
+-      sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
++@@ -324,6 +369,7 @@ typedef enum {
+       sUsePrivilegeSeparation, sAllowAgentForwarding,
+       sZeroKnowledgePasswordAuthentication,
++      sDebianBanner,
+ +     sNoneEnabled, sTcpRcvBufPoll, sHPNDisabled, sHPNBufferSize,
+       sDeprecated, sUnsupported
+  } ServerOpCodes;
+  
+-@@ -424,6 +470,10 @@ static struct {
+-      { "permitopen", sPermitOpen, SSHCFG_ALL },
++@@ -454,6 +500,10 @@ static struct {
+       { "forcecommand", sForceCommand, SSHCFG_ALL },
+       { "chrootdirectory", sChrootDirectory, SSHCFG_ALL },
++      { "debianbanner", sDebianBanner, SSHCFG_GLOBAL },
+ +     { "noneenabled", sNoneEnabled },
+ +     { "hpndisabled", sHPNDisabled },
+ +     { "hpnbuffersize", sHPNBufferSize },
+@@ -1647,7 +1647,7 @@
+       { NULL, sBadOption, 0 }
+  };
+  
+-@@ -450,6 +500,7 @@ parse_token(const char *cp, const char *
++@@ -480,6 +530,7 @@ parse_token(const char *cp, const char *
+  
+       for (i = 0; keywords[i].name; i++)
+               if (strcasecmp(cp, keywords[i].name) == 0) {
+@@ -1655,7 +1655,7 @@
+                       *flags = keywords[i].flags;
+                       return keywords[i].opcode;
+               }
+-@@ -847,6 +898,22 @@ process_server_config_line(ServerOptions
++@@ -877,6 +928,22 @@ process_server_config_line(ServerOptions
+                       *intptr = value;
+               break;
+  
+@@ -1679,9 +1679,9 @@
+               intptr = &options->ignore_user_known_hosts;
+               goto parse_flag;
+ diff -NupwB canonincal/servconf.h kitchen_sink-done/servconf.h
+---- canonincal/servconf.h     2009-01-28 00:31:23.000000000 -0500
+-+++ kitchen_sink-done/servconf.h      2010-01-06 11:56:44.000000000 -0500
+-@@ -145,6 +145,10 @@ typedef struct {
++--- canonincal/servconf.h     2012-11-13 18:06:35.000000000 -0500
+++++ kitchen_sink-done/servconf.h      2012-11-13 18:07:14.150965345 -0500
++@@ -149,6 +149,10 @@ typedef struct {
+       char   *adm_forced_command;
+  
+       int     use_pam;                /* Enable auth via PAM */
+@@ -1693,8 +1693,8 @@
+       int     permit_tun;
+  
+ diff -NupwB canonincal/serverloop.c kitchen_sink-done/serverloop.c
+---- canonincal/serverloop.c   2009-09-08 21:07:28.000000000 -0400
+-+++ kitchen_sink-done/serverloop.c    2010-01-06 11:56:44.000000000 -0500
++--- canonincal/serverloop.c   2012-11-13 18:06:35.000000000 -0500
+++++ kitchen_sink-done/serverloop.c    2012-11-13 18:07:14.150965345 -0500
+ @@ -94,10 +94,10 @@ static int fdin;          /* Descriptor for stdi
+  static int fdout;            /* Descriptor for stdout (for reading);
+                                  May be same number as fdin. */
+@@ -1802,9 +1802,9 @@
+               debug("session open failed, free channel %d", c->self);
+               channel_free(c);
+ diff -NupwB canonincal/session.c kitchen_sink-done/session.c
+---- canonincal/session.c      2009-08-20 02:20:50.000000000 -0400
+-+++ kitchen_sink-done/session.c       2010-01-06 11:56:44.000000000 -0500
+-@@ -230,6 +230,7 @@ auth_input_request_forwarding(struct pas
++--- canonincal/session.c      2012-11-13 18:06:35.000000000 -0500
+++++ kitchen_sink-done/session.c       2012-11-13 18:07:14.150965345 -0500
++@@ -231,6 +231,7 @@ auth_input_request_forwarding(struct pas
+       }
+  
+       /* Allocate a channel for the authentication agent socket. */
+@@ -1812,7 +1812,7 @@
+       nc = channel_new("auth socket",
+           SSH_CHANNEL_AUTH_SOCKET, sock, sock, -1,
+           CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
+-@@ -2295,10 +2296,16 @@ session_set_fds(Session *s, int fdin, in
++@@ -2304,10 +2305,16 @@ session_set_fds(Session *s, int fdin, in
+        */
+       if (s->chanid == -1)
+               fatal("no channel for session %d", s->self);
+@@ -1831,7 +1831,7 @@
+  /*
+ diff -NupwB canonincal/sftp.1 kitchen_sink-done/sftp.1
+ --- canonincal/sftp.1 2009-01-28 00:14:09.000000000 -0500
+-+++ kitchen_sink-done/sftp.1  2010-01-06 11:56:44.000000000 -0500
+++++ kitchen_sink-done/sftp.1  2012-11-13 18:07:14.150965345 -0500
+ @@ -203,7 +203,8 @@ This option may be useful in debugging t
+  Specify how many requests may be outstanding at any one time.
+  Increasing this may slightly improve file transfer speed
+@@ -1844,7 +1844,7 @@
+  .Ar program
+ diff -NupwB canonincal/sftp.c kitchen_sink-done/sftp.c
+ --- canonincal/sftp.c 2009-02-14 00:26:19.000000000 -0500
+-+++ kitchen_sink-done/sftp.c  2010-01-06 11:56:44.000000000 -0500
+++++ kitchen_sink-done/sftp.c  2012-11-13 18:07:14.150965345 -0500
+ @@ -75,7 +75,7 @@ int batchmode = 0;
+  size_t copy_buffer_len = 32768;
+  
+@@ -1855,9 +1855,9 @@
+  /* PID of ssh transport process */
+  static pid_t sshpid = -1;
+ diff -NupwB canonincal/ssh.c kitchen_sink-done/ssh.c
+---- canonincal/ssh.c  2009-07-05 17:16:56.000000000 -0400
+-+++ kitchen_sink-done/ssh.c   2010-01-06 11:56:44.000000000 -0500
+-@@ -494,9 +494,6 @@ main(int ac, char **av)
++--- canonincal/ssh.c  2012-11-13 18:06:35.000000000 -0500
+++++ kitchen_sink-done/ssh.c   2012-11-13 18:07:14.154965345 -0500
++@@ -499,9 +499,6 @@ main(int ac, char **av)
+                       no_shell_flag = 1;
+                       no_tty_flag = 1;
+                       break;
+@@ -1867,7 +1867,7 @@
+               case 'o':
+                       dummy = 1;
+                       line = xstrdup(optarg);
+-@@ -505,6 +502,13 @@ main(int ac, char **av)
++@@ -510,6 +507,13 @@ main(int ac, char **av)
+                               exit(255);
+                       xfree(line);
+                       break;
+@@ -1881,7 +1881,7 @@
+               case 's':
+                       subsystem_flag = 1;
+                       break;
+-@@ -1145,6 +1149,9 @@ ssh_session2_open(void)
++@@ -1150,6 +1154,9 @@ ssh_session2_open(void)
+  {
+       Channel *c;
+       int window, packetmax, in, out, err;
+@@ -1891,7 +1891,7 @@
+  
+       if (stdin_null_flag) {
+               in = open(_PATH_DEVNULL, O_RDONLY);
+-@@ -1165,9 +1172,75 @@ ssh_session2_open(void)
++@@ -1170,9 +1177,75 @@ ssh_session2_open(void)
+       if (!isatty(err))
+               set_nonblock(err);
+  
+@@ -1968,7 +1968,7 @@
+               window >>= 1;
+               packetmax >>= 1;
+       }
+-@@ -1175,7 +1248,10 @@ ssh_session2_open(void)
++@@ -1180,7 +1253,10 @@ ssh_session2_open(void)
+           "session", SSH_CHANNEL_OPENING, in, out, err,
+           window, packetmax, CHAN_EXTENDED_WRITE,
+           "client-session", /*nonblock*/0);
+@@ -1981,8 +1981,8 @@
+  
+       channel_send_open(c->self);
+ diff -NupwB canonincal/sshconnect.c kitchen_sink-done/sshconnect.c
+---- canonincal/sshconnect.c   2009-06-21 04:53:53.000000000 -0400
+-+++ kitchen_sink-done/sshconnect.c    2010-01-06 12:02:31.000000000 -0500
++--- canonincal/sshconnect.c   2012-11-13 18:06:35.000000000 -0500
+++++ kitchen_sink-done/sshconnect.c    2012-11-13 18:07:14.154965345 -0500
+ @@ -166,6 +166,31 @@ ssh_proxy_connect(const char *host, u_sh
+  }
+  
+@@ -2034,18 +2034,9 @@
+       /* Bind the socket to an alternative local IP address */
+       if (options.bind_address == NULL)
+               return sock;
+-@@ -537,7 +568,7 @@ ssh_exchange_identification(int timeout_
+-      snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s",
+-          compat20 ? PROTOCOL_MAJOR_2 : PROTOCOL_MAJOR_1,
+-          compat20 ? PROTOCOL_MINOR_2 : minor1,
+--         SSH_VERSION, compat20 ? "\r\n" : "\n");
+-+         SSH_RELEASE, compat20 ? "\r\n" : "\n");
+-      if (roaming_atomicio(vwrite, connection_out, buf, strlen(buf))
+-          != strlen(buf))
+-              fatal("write: %.100s", strerror(errno));
+ diff -NupwB canonincal/sshconnect2.c kitchen_sink-done/sshconnect2.c
+---- canonincal/sshconnect2.c  2009-03-05 08:58:22.000000000 -0500
+-+++ kitchen_sink-done/sshconnect2.c   2010-01-06 11:56:44.000000000 -0500
++--- canonincal/sshconnect2.c  2012-11-13 18:06:35.000000000 -0500
+++++ kitchen_sink-done/sshconnect2.c   2012-11-13 18:07:14.154965345 -0500
+ @@ -79,6 +79,12 @@
+  extern char *client_version_string;
+  extern char *server_version_string;
+@@ -2059,7 +2050,7 @@
+  
+  /*
+   * SSH2 key exchange
+-@@ -351,6 +357,28 @@ ssh_userauth2(const char *local_user, co
++@@ -414,6 +420,28 @@ ssh_userauth2(const char *local_user, co
+       pubkey_cleanup(&authctxt);
+       dispatch_range(SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL);
+  
+@@ -2089,9 +2080,9 @@
+  }
+  
+ diff -NupwB canonincal/sshd.c kitchen_sink-done/sshd.c
+---- canonincal/sshd.c 2009-06-21 06:26:17.000000000 -0400
+-+++ kitchen_sink-done/sshd.c  2010-01-06 11:56:44.000000000 -0500
+-@@ -137,6 +137,9 @@ int deny_severity;
++--- canonincal/sshd.c 2012-11-13 18:06:35.000000000 -0500
+++++ kitchen_sink-done/sshd.c  2012-11-13 18:07:14.154965345 -0500
++@@ -141,6 +141,9 @@ int deny_severity;
+  #define REEXEC_CONFIG_PASS_FD                (STDERR_FILENO + 3)
+  #define REEXEC_MIN_FREE_FD           (STDERR_FILENO + 4)
+  
+@@ -2101,16 +2092,7 @@
+  extern char *__progname;
+  
+  /* Server configuration options. */
+-@@ -416,7 +419,7 @@ sshd_exchange_identification(int sock_in
+-              minor = PROTOCOL_MINOR_1;
+-      }
+-      snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", major, minor,
+--         SSH_VERSION, newline);
+-+         SSH_RELEASE, newline);
+-      server_version_string = xstrdup(buf);
+- 
+-      /* Send our protocol version identification. */
+-@@ -467,6 +470,9 @@ sshd_exchange_identification(int sock_in
++@@ -478,6 +481,9 @@ sshd_exchange_identification(int sock_in
+       }
+       debug("Client protocol version %d.%d; client software version %.100s",
+           remote_major, remote_minor, remote_version);
+@@ -2120,7 +2102,7 @@
+  
+       compat_datafellows(remote_version);
+  
+-@@ -945,6 +951,8 @@ server_listen(void)
++@@ -981,6 +987,8 @@ server_listen(void)
+       int ret, listen_sock, on = 1;
+       struct addrinfo *ai;
+       char ntop[NI_MAXHOST], strport[NI_MAXSERV];
+@@ -2129,7 +2111,7 @@
+  
+       for (ai = options.listen_addrs; ai; ai = ai->ai_next) {
+               if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
+-@@ -991,6 +999,11 @@ server_listen(void)
++@@ -1027,6 +1035,11 @@ server_listen(void)
+  
+               debug("Bind to port %s on %s.", strport, ntop);
+  
+@@ -2141,17 +2123,17 @@
+               /* Bind the socket to the desired port. */
+               if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) {
+                       error("Bind to port %s on %s failed: %.200s.",
+-@@ -1818,6 +1831,9 @@ main(int ac, char **av)
++@@ -1876,6 +1889,9 @@ main(int ac, char **av)
+       /* Log the connection. */
+       verbose("Connection from %.500s port %d", remote_ip, remote_port);
+  
+ +     /* set the HPN options for the child */
+ +     channel_set_hpn(options.hpn_disabled, options.hpn_buffer_size);
+ +
++ #ifdef USE_SECURITY_SESSION_API
+       /*
+-       * We don't want to listen forever unless the other side
+-       * successfully authenticates itself.  So we set up an alarm which is
+-@@ -2172,9 +2188,15 @@ do_ssh2_kex(void)
++       * Create a new security session for use by the new user login if
++@@ -2284,9 +2300,15 @@ do_ssh2_kex(void)
+  {
+       Kex *kex;
+  
+@@ -2168,9 +2150,9 @@
+       myproposal[PROPOSAL_ENC_ALGS_CTOS] =
+           compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]);
+ diff -NupwB canonincal/sshd_config kitchen_sink-done/sshd_config
+---- canonincal/sshd_config    2008-07-02 08:35:43.000000000 -0400
+-+++ kitchen_sink-done/sshd_config     2010-01-06 11:56:44.000000000 -0500
+-@@ -112,6 +112,20 @@ Protocol 2
++--- canonincal/sshd_config    2012-11-13 18:06:35.000000000 -0500
+++++ kitchen_sink-done/sshd_config     2012-11-13 18:07:14.154965345 -0500
++@@ -115,6 +115,20 @@ Protocol 2
+  # override default of no subsystems
+  Subsystem    sftp    /usr/libexec/sftp-server
+  
+@@ -2192,12 +2174,15 @@
+  #Match User anoncvs
+  #    X11Forwarding no
+ diff -NupwB canonincal/version.h kitchen_sink-done/version.h
+---- canonincal/version.h      2009-07-05 17:13:04.000000000 -0400
+-+++ kitchen_sink-done/version.h       2010-01-06 16:54:49.000000000 -0500
+-@@ -3,4 +3,5 @@
++--- canonincal/version.h      2012-11-13 18:06:35.000000000 -0500
+++++ kitchen_sink-done/version.h       2012-11-13 18:07:14.154965345 -0500
++@@ -3,7 +3,8 @@
+  #define SSH_VERSION  "OpenSSH_5.3"
+  
+  #define SSH_PORTABLE "p1"
+--#define SSH_RELEASE  SSH_VERSION SSH_PORTABLE
++-#define SSH_RELEASE_MINIMUM  SSH_VERSION SSH_PORTABLE
+ +#define SSH_HPN         "-hpn13v7"
+-+#define SSH_RELEASE  SSH_VERSION SSH_PORTABLE SSH_HPN
+++#define SSH_RELEASE_MINIMUM  SSH_VERSION SSH_PORTABLE SSH_HPN
++ #ifdef SSH_EXTRAVERSION
++ #define SSH_RELEASE  SSH_RELEASE_MINIMUM " " SSH_EXTRAVERSION
++ #else
diff --git a/openssh-5.3p1-hpn13v7.diff.gz b/openssh-5.3p1-hpn13v7.diff.gz
new file mode 100644 (file)
index 0000000..56ee215
Binary files /dev/null and b/openssh-5.3p1-hpn13v7.diff.gz differ