summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPatrick McLean <chutzpah@gentoo.org>2016-09-08 18:36:46 -0700
committerPatrick McLean <chutzpah@gentoo.org>2016-09-08 18:37:33 -0700
commit31f5deb488712534fee522f663ca6bd6b50a888d (patch)
treebcd97141efaa72ff1b7fd255199c71eaec32ba47 /net-misc
parentapp-emulation/xen: security bump, XSA-185/186/187 (diff)
downloadgentoo-31f5deb488712534fee522f663ca6bd6b50a888d.tar.gz
gentoo-31f5deb488712534fee522f663ca6bd6b50a888d.tar.bz2
gentoo-31f5deb488712534fee522f663ca6bd6b50a888d.zip
net-misc/openssh: Refactor new HPN patch to be it's own patch
Make my own patch rather than going with the patches on patches approach Package-Manager: portage-2.3.0
Diffstat (limited to 'net-misc')
-rw-r--r--net-misc/openssh/Manifest2
-rw-r--r--net-misc/openssh/files/openssh-7.3_p1-hpn-cipher-ctr-mt-no-deadlocks.patch213
-rw-r--r--net-misc/openssh/files/openssh-7.3_p1-hpn-update.patch490
-rw-r--r--net-misc/openssh/files/openssh-7.3_p1-hpn-x509-glue.patch4
-rw-r--r--net-misc/openssh/openssh-7.3_p1-r3.ebuild22
5 files changed, 224 insertions, 507 deletions
diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest
index c6667a52a2d8..81eba752e644 100644
--- a/net-misc/openssh/Manifest
+++ b/net-misc/openssh/Manifest
@@ -5,11 +5,11 @@ DIST openssh-7.1p2.tar.gz 1475829 SHA256 dd75f024dcf21e06a0d6421d582690bf987a1f6
DIST openssh-7.2_p1-sctp.patch.xz 8088 SHA256 b9cc21336e23d44548e87964da9ff85ac83ce84693162abb172afb46be4a666e SHA512 b287684337a101a26ab8df6894b679b063cdaa7dfc7b78fcc0ce8350c27526f150a6463c515019beb0af2ff005cc109d2913998f95f828e553b835a4df8b64df WHIRLPOOL 16646a896f746946af84961974be08418b951c80249dce2fd4ae533a4d66e79d4372fd979aeda9c51aff51b86edf4178af18379e948195696a6fa114e2757306
DIST openssh-7.2p2+x509-8.9.diff.gz 449308 SHA256 bd77fcd285d10a86fb2934e90776fe39e4cd2da043384ec2ca45296a60669589 SHA512 c7ed07aae72fd4f967ab5717831c51ad639ca59633c3768f6930bab0947f5429391e3911a7570288a1c688c8c21747f3cb722538ae96de6b50a021010e1506fa WHIRLPOOL 7c1328e471b0e5e9576117ec563b66fea142886b0666b6d51ac9b8ec09286ba7a965b62796c32206e855e484180797a2c31d500c27289f3bc8c7db2d3af95e6f
DIST openssh-7.2p2.tar.gz 1499808 SHA256 a72781d1a043876a224ff1b0032daa4094d87565a68528759c1c2cab5482548c SHA512 44f62b3a7bc50a0735d496a5aedeefb71550d8c10ad8f22b94e29fcc8084842db96e8c4ca41fced17af69e1aab09ed1182a12ad8650d9a46fd8743a0344df95b WHIRLPOOL 95e16af6d1d82f4a660b56854b8e9da947b89e47775c06fe277a612cd1a7cabe7454087eb45034aedfb9b08096ce4aa427b9a37f43f70ccf1073664bdec13386
+DIST openssh-7.3_p1-hpn-14.10.patch.xz 20764 SHA256 1c3799d83b52fc5d9370a0d7ccc11f45db0cf089ece7b7b2f5f24943df16f918 SHA512 95e7dfbd3246678f997cb7818add9910136004b9e2e575122981f50b4eadd2517eb38a8de16bfe3a387e6cc65dbd15dae116649d55768767fc13f796a6d15a09 WHIRLPOOL 4167970087e17c8d9c2184109e85226f9a77d040868bd8b9ccab6ebc3d94f81b0d93489c3ad15b028e3fa842786cd2898dce54822b2e870470113634884285b4
DIST openssh-7.3_p1-sctp.patch.xz 9968 SHA256 18c3db45ed1e5495db29626938d8432aee509e88057494f052cfc09d40824c7f SHA512 f249b76898af0c6f1f65f2a1cfb422648aa712818d0dc051b85a171f26bdddf7980fff5de7761161aa41c309e528b3801b4234f5cdd9f79f8eef173ae83f1e3c WHIRLPOOL 1d92b969154b77d8ce9e3a6d0302aa17ec95e2d5ea4de72c0fb5680a8ee12f518ee5b1c47f22ad5d1a923a74c43829ed36cf478fe75fe400de967ab48d93dc99
DIST openssh-7.3p1+x509-9.0.diff.gz 571918 SHA256 ed468fe2e6220065b2bf3e2ed9eb0c7c8183f32f50fa50d64505d5feaef2d900 SHA512 b6183f4441eb036a6e70e35290454faa67da411b60315f6d51779c187abdef377895d5ecfc4fbebac08d5a7a49ce16378b2ed208aee701337f256fd66f779dcd WHIRLPOOL 91107f0040a7d9e09340a1c67547df34c9ed2e7a61d0ca59161574d9e9db90d2a99b1f2a7fa1edf0f820db5712695287c5731cc46cc9264297b5d348d4ce53c4
DIST openssh-7.3p1+x509-9.1.diff.gz 584945 SHA256 1ce361813d585fb543f632d19f73a583e257a404c013587a2ee7a1c57710ae95 SHA512 11165544513eaff2b2e1f6dd11b9fb2870e59eb7e16377cf8fc1bf7e459cf8d09a91cf52f0d252df1bf618423ea8fb93099b96670cebc42aa2523dd439e59a89 WHIRLPOOL 8732cc52ef851a35c0dc8b35e8b6666d347f40ee60792aa23bae8e193ec6fa24928b67e6d8ebfc2c52090e78c525e908596020071495452965fa6244df1e459e
DIST openssh-7.3p1.tar.gz 1522617 SHA256 3ffb989a6dcaa69594c3b550d4855a5a2e1718ccdde7f5e36387b424220fbecc SHA512 7ba2d6140f38bd359ebf32ef17626e0ae1c00c3a38c01877b7c6b0317d030f10a8f82a0a51fc3b6273619de9ed73e24b8cf107b1e968f927053a3bedf97ff801 WHIRLPOOL f852026638d173d455f74e3fce16673fc4b10f32d954d5bb8c7c65df8d1ca7efd0938177dd9fb6e1f7354383f21c7bca8a2f01e89793e32f8ca68c30456a611c
-DIST openssh-7_2_P2-hpn-14.10.diff 78587 SHA256 f083d4c4a2054808386e974accda385542ce150f0c0f079ec1a0d4fa78888b17 SHA512 49d772c6a071fe1883d5d2844aba1d327c40938af368ba349b44c643e10f4e2d02e5c889810f8914c61324fbf90e53547aa346fdbd47b22b2f8da6afc174692c WHIRLPOOL 516621cdbccae3ecc900fde1b1edd2bac807b628d631289e3002747901d7663f5a2545f6b0396415a850f9695dd57e2ab5dbc548584f2c973726b38ca4d57bac
DIST openssh-lpk-7.1p2-0.3.14.patch.xz 17704 SHA256 fbf2e1560cac707f819a539999c758a444ba6bfe140ef80d1af7ef1c9a95f0df SHA512 95851baa699da16720358249d54d2f6a3c57b0ae082375bef228b97697c501c626ab860916c5b17e3c649b44f14f4009ff369962597438dfd60480a0e4882471 WHIRLPOOL 4629b3a7d1f373a678935e889a6cd0d66d70b420e93e40ae0ad19aa7f91be7dcf2169fb797d89df93005a885d54ebaa0d46c2e5418bd2d0a77ad64e65897b518
DIST openssh-lpk-7.2p2-0.3.14.patch.xz 17692 SHA256 2cd4108d60112bd97402f9c27aac2c24d334a37afe0933ad9c6377a257a68aee SHA512 e6a25f8f0106fadcb799300452d6f22034d3fc69bd1c95a3365884873861f41b1e9d49f2c5223dde6fcd00562c652ba466bc8c48833ce5ab353af3a041f75b15 WHIRLPOOL 237343b320772a1588b64c4135758af840199214129d7e8cfa9798f976c32902ca5493ee0c33b16003854fea243556997bc688640a9872b82c06f72c86f2586d
DIST openssh-lpk-7.3p1-0.3.14.patch.xz 17800 SHA256 cf1f60235cb8b0e561cd36cbf9e4f437e16fd748c2616d3f511c128c02deb76c SHA512 e9a73c5f13e41f6e11c744fdbcdb2e399c394479f79249e901cb3c101efb06f23d51d3ba4869db872184fa034a5910fc93a730fe906266c8d7409e39ad5b1ecd WHIRLPOOL bbdeadbed8f901148713bd9e4a082a4be2992c3151f995febd8be89bbb85d91185e1f0413b5a94a9340f2f404d18c9cee2aa6e032adaee0306aa1c624f6cc09c
diff --git a/net-misc/openssh/files/openssh-7.3_p1-hpn-cipher-ctr-mt-no-deadlocks.patch b/net-misc/openssh/files/openssh-7.3_p1-hpn-cipher-ctr-mt-no-deadlocks.patch
new file mode 100644
index 000000000000..cac440608d20
--- /dev/null
+++ b/net-misc/openssh/files/openssh-7.3_p1-hpn-cipher-ctr-mt-no-deadlocks.patch
@@ -0,0 +1,213 @@
+diff --git a/cipher-ctr-mt.c b/cipher-ctr-mt.c
+index fdc9b2f..0b35881 100644
+--- a/cipher-ctr-mt.c
++++ b/cipher-ctr-mt.c
+@@ -127,7 +127,7 @@ struct kq {
+ u_char keys[KQLEN][AES_BLOCK_SIZE];
+ u_char ctr[AES_BLOCK_SIZE];
+ u_char pad0[CACHELINE_LEN];
+- volatile int qstate;
++ int qstate;
+ pthread_mutex_t lock;
+ pthread_cond_t cond;
+ u_char pad1[CACHELINE_LEN];
+@@ -141,6 +141,9 @@ struct ssh_aes_ctr_ctx
+ STATS_STRUCT(stats);
+ u_char aes_counter[AES_BLOCK_SIZE];
+ pthread_t tid[CIPHER_THREADS];
++ pthread_rwlock_t tid_lock;
++ pthread_rwlock_t stop_lock;
++ int exit_flag;
+ int state;
+ int qidx;
+ int ridx;
+@@ -187,6 +190,23 @@ thread_loop_cleanup(void *x)
+ pthread_mutex_unlock((pthread_mutex_t *)x);
+ }
+
++/* Check if we should exit, we are doing both cancel and exit condition
++ * since OSX seems to misbehave with cancel sometimes, so we want to have
++ * a backup to make sure that everything exits properly
++ */
++static void
++thread_loop_check_exit(struct ssh_aes_ctr_ctx *c)
++{
++ int exit_flag;
++
++ pthread_rwlock_rdlock(&c->stop_lock);
++ exit_flag = c->exit_flag;
++ pthread_rwlock_unlock(&c->stop_lock);
++
++ if (exit_flag == TRUE)
++ pthread_exit(NULL);
++}
++
+ /*
+ * The life of a pregen thread:
+ * Find empty keystream queues and fill them using their counter.
+@@ -201,6 +221,7 @@ thread_loop(void *x)
+ struct kq *q;
+ int i;
+ int qidx;
++ pthread_t first_tid;
+
+ /* Threads stats on cancellation */
+ STATS_INIT(stats);
+@@ -211,11 +232,15 @@ thread_loop(void *x)
+ /* Thread local copy of AES key */
+ memcpy(&key, &c->aes_ctx, sizeof(key));
+
++ pthread_rwlock_rdlock(&c->tid_lock);
++ first_tid = c->tid[0];
++ pthread_rwlock_unlock(&c->tid_lock);
++
+ /*
+ * Handle the special case of startup, one thread must fill
+ * the first KQ then mark it as draining. Lock held throughout.
+ */
+- if (pthread_equal(pthread_self(), c->tid[0])) {
++ if (pthread_equal(pthread_self(), first_tid)) {
+ q = &c->q[0];
+ pthread_mutex_lock(&q->lock);
+ if (q->qstate == KQINIT) {
+@@ -245,12 +270,16 @@ thread_loop(void *x)
+ /* Check if I was cancelled, also checked in cond_wait */
+ pthread_testcancel();
+
++ /* Check if we should exit as well */
++ thread_loop_check_exit(c);
++
+ /* Lock queue and block if its draining */
+ q = &c->q[qidx];
+ pthread_mutex_lock(&q->lock);
+ pthread_cleanup_push(thread_loop_cleanup, &q->lock);
+ while (q->qstate == KQDRAINING || q->qstate == KQINIT) {
+ STATS_WAIT(stats);
++ thread_loop_check_exit(c);
+ pthread_cond_wait(&q->cond, &q->lock);
+ }
+ pthread_cleanup_pop(0);
+@@ -268,6 +297,7 @@ thread_loop(void *x)
+ * can see that it's being filled.
+ */
+ q->qstate = KQFILLING;
++ pthread_cond_broadcast(&q->cond);
+ pthread_mutex_unlock(&q->lock);
+ for (i = 0; i < KQLEN; i++) {
+ AES_encrypt(q->ctr, q->keys[i], &key);
+@@ -279,7 +309,7 @@ thread_loop(void *x)
+ ssh_ctr_add(q->ctr, KQLEN * (NUMKQ - 1), AES_BLOCK_SIZE);
+ q->qstate = KQFULL;
+ STATS_FILL(stats);
+- pthread_cond_signal(&q->cond);
++ pthread_cond_broadcast(&q->cond);
+ pthread_mutex_unlock(&q->lock);
+ }
+
+@@ -371,6 +401,7 @@ ssh_aes_ctr(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src,
+ pthread_cond_wait(&q->cond, &q->lock);
+ }
+ q->qstate = KQDRAINING;
++ pthread_cond_broadcast(&q->cond);
+ pthread_mutex_unlock(&q->lock);
+
+ /* Mark consumed queue empty and signal producers */
+@@ -397,6 +428,9 @@ ssh_aes_ctr_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
+
+ if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) {
+ c = xmalloc(sizeof(*c));
++ pthread_rwlock_init(&c->tid_lock, NULL);
++ pthread_rwlock_init(&c->stop_lock, NULL);
++ c->exit_flag = FALSE;
+
+ c->state = HAVE_NONE;
+ for (i = 0; i < NUMKQ; i++) {
+@@ -409,11 +443,22 @@ ssh_aes_ctr_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
+ }
+
+ if (c->state == (HAVE_KEY | HAVE_IV)) {
++ /* tell the pregen threads to exit */
++ pthread_rwlock_wrlock(&c->stop_lock);
++ c->exit_flag = TRUE;
++ pthread_rwlock_unlock(&c->stop_lock);
++
+ /* Cancel pregen threads */
+ for (i = 0; i < CIPHER_THREADS; i++)
+ pthread_cancel(c->tid[i]);
++ for (i = 0; i < NUMKQ; i++) {
++ pthread_mutex_lock(&c->q[i].lock);
++ pthread_cond_broadcast(&c->q[i].cond);
++ pthread_mutex_unlock(&c->q[i].lock);
++ }
+ for (i = 0; i < CIPHER_THREADS; i++)
+ pthread_join(c->tid[i], NULL);
++
+ /* Start over getting key & iv */
+ c->state = HAVE_NONE;
+ }
+@@ -444,10 +489,12 @@ ssh_aes_ctr_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
+ /* Start threads */
+ for (i = 0; i < CIPHER_THREADS; i++) {
+ debug("spawned a thread");
++ pthread_rwlock_wrlock(&c->tid_lock);
+ pthread_create(&c->tid[i], NULL, thread_loop, c);
++ pthread_rwlock_unlock(&c->tid_lock);
+ }
+ pthread_mutex_lock(&c->q[0].lock);
+- while (c->q[0].qstate != KQDRAINING)
++ while (c->q[0].qstate == KQINIT)
+ pthread_cond_wait(&c->q[0].cond, &c->q[0].lock);
+ pthread_mutex_unlock(&c->q[0].lock);
+ }
+@@ -463,10 +510,21 @@ ssh_aes_ctr_thread_destroy(EVP_CIPHER_CTX *ctx)
+ struct ssh_aes_ctr_ctx *c;
+ int i;
+ c = EVP_CIPHER_CTX_get_app_data(ctx);
++
++ /* notify threads that they should exit */
++ pthread_rwlock_wrlock(&c->stop_lock);
++ c->exit_flag = TRUE;
++ pthread_rwlock_unlock(&c->stop_lock);
++
+ /* destroy threads */
+ for (i = 0; i < CIPHER_THREADS; i++) {
+ pthread_cancel(c->tid[i]);
+ }
++ for (i = 0; i < NUMKQ; i++) {
++ pthread_mutex_lock(&c->q[i].lock);
++ pthread_cond_broadcast(&c->q[i].cond);
++ pthread_mutex_unlock(&c->q[i].lock);
++ }
+ for (i = 0; i < CIPHER_THREADS; i++) {
+ pthread_join(c->tid[i], NULL);
+ }
+@@ -481,7 +539,9 @@ ssh_aes_ctr_thread_reconstruction(EVP_CIPHER_CTX *ctx)
+ /* reconstruct threads */
+ for (i = 0; i < CIPHER_THREADS; i++) {
+ debug("spawned a thread");
++ pthread_rwlock_wrlock(&c->tid_lock);
+ pthread_create(&c->tid[i], NULL, thread_loop, c);
++ pthread_rwlock_unlock(&c->tid_lock);
+ }
+ }
+
+@@ -496,9 +556,19 @@ ssh_aes_ctr_cleanup(EVP_CIPHER_CTX *ctx)
+ debug("main thread: %u drains, %u waits", c->stats.drains,
+ c->stats.waits);
+ #endif
++ /* tell the pregen threads to exit */
++ pthread_rwlock_wrlock(&c->stop_lock);
++ c->exit_flag = TRUE;
++ pthread_rwlock_unlock(&c->stop_lock);
++
+ /* Cancel pregen threads */
+ for (i = 0; i < CIPHER_THREADS; i++)
+ pthread_cancel(c->tid[i]);
++ for (i = 0; i < NUMKQ; i++) {
++ pthread_mutex_lock(&c->q[i].lock);
++ pthread_cond_broadcast(&c->q[i].cond);
++ pthread_mutex_unlock(&c->q[i].lock);
++ }
+ for (i = 0; i < CIPHER_THREADS; i++)
+ pthread_join(c->tid[i], NULL);
+
diff --git a/net-misc/openssh/files/openssh-7.3_p1-hpn-update.patch b/net-misc/openssh/files/openssh-7.3_p1-hpn-update.patch
deleted file mode 100644
index 40c775bc32db..000000000000
--- a/net-misc/openssh/files/openssh-7.3_p1-hpn-update.patch
+++ /dev/null
@@ -1,490 +0,0 @@
---- openssh-7_2_P2-hpn-14.10.diff.orig 2016-09-01 10:34:05.905112131 -0700
-+++ openssh-7_2_P2-hpn-14.10.diff 2016-09-08 11:35:18.015979358 -0700
-@@ -156,145 +156,6 @@
- compat.o crc32.o deattack.o fatal.o hostfile.o \
- log.o match.o md-sha256.o moduli.o nchan.o packet.o opacket.o \
- readpass.o rsa.o ttymodes.o xmalloc.o addrmatch.o \
--diff --git a/auth2.c b/auth2.c
--index 7177962..4af53f0 100644
----- a/auth2.c
--+++ b/auth2.c
--@@ -50,6 +50,7 @@
-- #include "dispatch.h"
-- #include "pathnames.h"
-- #include "buffer.h"
--+#include "canohost.h"
--
-- #ifdef GSSAPI
-- #include "ssh-gss.h"
--@@ -73,6 +74,8 @@ extern Authmethod method_hostbased;
-- extern Authmethod method_gssapi;
-- #endif
--
--+static int log_flag = 0;
--+
-- Authmethod *authmethods[] = {
-- &method_none,
-- &method_pubkey,
--@@ -224,6 +227,11 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
-- service = packet_get_cstring(NULL);
-- method = packet_get_cstring(NULL);
-- debug("userauth-request for user %s service %s method %s", user, service, method);
--+ if (!log_flag) {
--+ logit("SSH: Server;Ltype: Authname;Remote: %s-%d;Name: %s",
--+ get_remote_ipaddr(), get_remote_port(), user);
--+ log_flag = 1;
--+ }
-- debug("attempt %d failures %d", authctxt->attempt, authctxt->failures);
--
-- if ((style = strchr(user, ':')) != NULL)
--diff --git a/canohost.c b/canohost.c
--index 223964e..db35f73 100644
----- a/canohost.c
--+++ b/canohost.c
--@@ -338,13 +338,13 @@ clear_cached_addr(void)
-- */
--
-- const char *
---get_remote_ipaddr(void)
--+ssh_get_remote_ipaddr(struct ssh *ssh)
-- {
-- /* Check whether we have cached the ipaddr. */
-- if (canonical_host_ip == NULL) {
--- if (packet_connection_is_on_socket()) {
--+ if (ssh_packet_connection_is_on_socket(ssh)) {
-- canonical_host_ip =
--- get_peer_ipaddr(packet_get_connection_in());
--+ get_peer_ipaddr(ssh_packet_get_connection_in(ssh));
-- if (canonical_host_ip == NULL)
-- cleanup_exit(255);
-- } else {
--@@ -356,6 +356,12 @@ get_remote_ipaddr(void)
-- }
--
-- const char *
--+get_remote_ipaddr(void)
--+{
--+ return ssh_get_remote_ipaddr(active_state);
--+}
--+
--+const char *
-- get_remote_name_or_ip(u_int utmp_len, int use_dns)
-- {
-- static const char *remote = "";
--@@ -410,17 +416,17 @@ get_sock_port(int sock, int local)
-- /* Returns remote/local port number for the current connection. */
--
-- static int
---get_port(int local)
--+get_port(struct ssh *ssh, int local)
-- {
-- /*
-- * If the connection is not a socket, return 65535. This is
-- * intentionally chosen to be an unprivileged port number.
-- */
--- if (!packet_connection_is_on_socket())
--+ if (!ssh_packet_connection_is_on_socket(ssh))
-- return 65535;
--
-- /* Get socket and return the port number. */
--- return get_sock_port(packet_get_connection_in(), local);
--+ return get_sock_port(ssh_packet_get_connection_in(ssh), local);
-- }
--
-- int
--@@ -430,17 +436,23 @@ get_peer_port(int sock)
-- }
--
-- int
---get_remote_port(void)
--+ssh_get_remote_port(struct ssh *ssh)
-- {
-- /* Cache to avoid getpeername() on a dead connection */
-- if (cached_port == -1)
--- cached_port = get_port(0);
--+ cached_port = get_port(ssh, 0);
--
-- return cached_port;
-- }
--
-- int
--+get_remote_port(void)
--+{
--+ return ssh_get_remote_port(active_state);
--+}
--+
--+int
-- get_local_port(void)
-- {
--- return get_port(1);
--+ return get_port(active_state, 1);
-- }
--diff --git a/canohost.h b/canohost.h
--index 4c8636f..4d60b27 100644
----- a/canohost.h
--+++ b/canohost.h
--@@ -12,8 +12,11 @@
-- * called by a name other than "ssh" or "Secure Shell".
-- */
--
--+struct ssh;
--+
-- const char *get_canonical_hostname(int);
-- const char *get_remote_ipaddr(void);
--+const char *ssh_get_remote_ipaddr(struct ssh *);
-- const char *get_remote_name_or_ip(u_int, int);
--
-- char *get_peer_ipaddr(int);
--@@ -22,6 +25,7 @@ char *get_local_ipaddr(int);
-- char *get_local_name(int);
--
-- int get_remote_port(void);
--+int ssh_get_remote_port(struct ssh *);
-- int get_local_port(void);
-- int get_sock_port(int, int);
-- void clear_cached_addr(void);
- diff --git a/channels.c b/channels.c
- index c9d2015..13b30a1 100644
- --- a/channels.c
-@@ -519,7 +380,7 @@
- index 0000000..fdc9b2f
- --- /dev/null
- +++ b/cipher-ctr-mt.c
--@@ -0,0 +1,533 @@
-+@@ -0,0 +1,585 @@
- +/*
- + * OpenSSH Multi-threaded AES-CTR Cipher
- + *
-@@ -649,7 +510,7 @@
- + u_char keys[KQLEN][AES_BLOCK_SIZE];
- + u_char ctr[AES_BLOCK_SIZE];
- + u_char pad0[CACHELINE_LEN];
--+ volatile int qstate;
-++ int qstate;
- + pthread_mutex_t lock;
- + pthread_cond_t cond;
- + u_char pad1[CACHELINE_LEN];
-@@ -663,6 +524,9 @@
- + STATS_STRUCT(stats);
- + u_char aes_counter[AES_BLOCK_SIZE];
- + pthread_t tid[CIPHER_THREADS];
-++ pthread_rwlock_t tid_lock;
-++ pthread_rwlock_t stop_lock;
-++ int exit_flag;
- + int state;
- + int qidx;
- + int ridx;
-@@ -709,6 +573,19 @@
- + pthread_mutex_unlock((pthread_mutex_t *)x);
- +}
- +
-++static void
-++thread_loop_check_exit(struct ssh_aes_ctr_ctx *c)
-++{
-++ int exit_flag;
-++
-++ pthread_rwlock_rdlock(&c->stop_lock);
-++ exit_flag = c->exit_flag;
-++ pthread_rwlock_unlock(&c->stop_lock);
-++
-++ if (exit_flag == TRUE)
-++ pthread_exit(NULL);
-++}
-++
- +/*
- + * The life of a pregen thread:
- + * Find empty keystream queues and fill them using their counter.
-@@ -723,6 +600,7 @@
- + struct kq *q;
- + int i;
- + int qidx;
-++ pthread_t first_tid;
- +
- + /* Threads stats on cancellation */
- + STATS_INIT(stats);
-@@ -733,11 +611,15 @@
- + /* Thread local copy of AES key */
- + memcpy(&key, &c->aes_ctx, sizeof(key));
- +
-++ pthread_rwlock_rdlock(&c->tid_lock);
-++ first_tid = c->tid[0];
-++ pthread_rwlock_unlock(&c->tid_lock);
-++
- + /*
- + * Handle the special case of startup, one thread must fill
- + * the first KQ then mark it as draining. Lock held throughout.
- + */
--+ if (pthread_equal(pthread_self(), c->tid[0])) {
-++ if (pthread_equal(pthread_self(), first_tid)) {
- + q = &c->q[0];
- + pthread_mutex_lock(&q->lock);
- + if (q->qstate == KQINIT) {
-@@ -764,8 +646,8 @@
- + * others will move on to fill, skip, or wait on the next queue.
- + */
- + for (qidx = 1;; qidx = (qidx + 1) % NUMKQ) {
--+ /* Check if I was cancelled, also checked in cond_wait */
--+ pthread_testcancel();
-++ /* Check if we should exit */
-++ thread_loop_check_exit(c);
- +
- + /* Lock queue and block if its draining */
- + q = &c->q[qidx];
-@@ -773,6 +655,7 @@
- + pthread_cleanup_push(thread_loop_cleanup, &q->lock);
- + while (q->qstate == KQDRAINING || q->qstate == KQINIT) {
- + STATS_WAIT(stats);
-++ thread_loop_check_exit(c);
- + pthread_cond_wait(&q->cond, &q->lock);
- + }
- + pthread_cleanup_pop(0);
-@@ -790,6 +673,7 @@
- + * can see that it's being filled.
- + */
- + q->qstate = KQFILLING;
-++ pthread_cond_broadcast(&q->cond);
- + pthread_mutex_unlock(&q->lock);
- + for (i = 0; i < KQLEN; i++) {
- + AES_encrypt(q->ctr, q->keys[i], &key);
-@@ -801,7 +685,7 @@
- + ssh_ctr_add(q->ctr, KQLEN * (NUMKQ - 1), AES_BLOCK_SIZE);
- + q->qstate = KQFULL;
- + STATS_FILL(stats);
--+ pthread_cond_signal(&q->cond);
-++ pthread_cond_broadcast(&q->cond);
- + pthread_mutex_unlock(&q->lock);
- + }
- +
-@@ -893,6 +777,7 @@
- + pthread_cond_wait(&q->cond, &q->lock);
- + }
- + q->qstate = KQDRAINING;
-++ pthread_cond_broadcast(&q->cond);
- + pthread_mutex_unlock(&q->lock);
- +
- + /* Mark consumed queue empty and signal producers */
-@@ -919,6 +804,9 @@
- +
- + if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) {
- + c = xmalloc(sizeof(*c));
-++ pthread_rwlock_init(&c->tid_lock, NULL);
-++ pthread_rwlock_init(&c->stop_lock, NULL);
-++ c->exit_flag = FALSE;
- +
- + c->state = HAVE_NONE;
- + for (i = 0; i < NUMKQ; i++) {
-@@ -931,11 +819,19 @@
- + }
- +
- + if (c->state == (HAVE_KEY | HAVE_IV)) {
--+ /* Cancel pregen threads */
--+ for (i = 0; i < CIPHER_THREADS; i++)
--+ pthread_cancel(c->tid[i]);
-++ /* tell the pregen threads to exit */
-++ pthread_rwlock_wrlock(&c->stop_lock);
-++ c->exit_flag = TRUE;
-++ pthread_rwlock_unlock(&c->stop_lock);
-++
-++ for (i = 0; i < NUMKQ; i++) {
-++ pthread_mutex_lock(&c->q[i].lock);
-++ pthread_cond_broadcast(&c->q[i].cond);
-++ pthread_mutex_unlock(&c->q[i].lock);
-++ }
- + for (i = 0; i < CIPHER_THREADS; i++)
- + pthread_join(c->tid[i], NULL);
-++
- + /* Start over getting key & iv */
- + c->state = HAVE_NONE;
- + }
-@@ -966,10 +862,12 @@
- + /* Start threads */
- + for (i = 0; i < CIPHER_THREADS; i++) {
- + debug("spawned a thread");
-++ pthread_rwlock_wrlock(&c->tid_lock);
- + pthread_create(&c->tid[i], NULL, thread_loop, c);
-++ pthread_rwlock_unlock(&c->tid_lock);
- + }
- + pthread_mutex_lock(&c->q[0].lock);
--+ while (c->q[0].qstate != KQDRAINING)
-++ while (c->q[0].qstate == KQINIT)
- + pthread_cond_wait(&c->q[0].cond, &c->q[0].lock);
- + pthread_mutex_unlock(&c->q[0].lock);
- + }
-@@ -985,9 +883,15 @@
- + struct ssh_aes_ctr_ctx *c;
- + int i;
- + c = EVP_CIPHER_CTX_get_app_data(ctx);
--+ /* destroy threads */
--+ for (i = 0; i < CIPHER_THREADS; i++) {
--+ pthread_cancel(c->tid[i]);
-++ /* notify threads that they should exit */
-++ pthread_rwlock_wrlock(&c->stop_lock);
-++ c->exit_flag = TRUE;
-++ pthread_rwlock_unlock(&c->stop_lock);
-++
-++ for (i = 0; i < NUMKQ; i++) {
-++ pthread_mutex_lock(&c->q[i].lock);
-++ pthread_cond_broadcast(&c->q[i].cond);
-++ pthread_mutex_unlock(&c->q[i].lock);
- + }
- + for (i = 0; i < CIPHER_THREADS; i++) {
- + pthread_join(c->tid[i], NULL);
-@@ -1003,7 +907,9 @@
- + /* reconstruct threads */
- + for (i = 0; i < CIPHER_THREADS; i++) {
- + debug("spawned a thread");
-++ pthread_rwlock_wrlock(&c->tid_lock);
- + pthread_create(&c->tid[i], NULL, thread_loop, c);
-++ pthread_rwlock_unlock(&c->tid_lock);
- + }
- +}
- +
-@@ -1018,9 +924,16 @@
- + debug("main thread: %u drains, %u waits", c->stats.drains,
- + c->stats.waits);
- +#endif
--+ /* Cancel pregen threads */
--+ for (i = 0; i < CIPHER_THREADS; i++)
--+ pthread_cancel(c->tid[i]);
-++ /* tell the pregen threads to exit */
-++ pthread_rwlock_wrlock(&c->stop_lock);
-++ c->exit_flag = TRUE;
-++ pthread_rwlock_unlock(&c->stop_lock);
-++
-++ for (i = 0; i < NUMKQ; i++) {
-++ pthread_mutex_lock(&c->q[i].lock);
-++ pthread_cond_broadcast(&c->q[i].cond);
-++ pthread_mutex_unlock(&c->q[i].lock);
-++ }
- + for (i = 0; i < CIPHER_THREADS; i++)
- + pthread_join(c->tid[i], NULL);
- +
-@@ -1270,7 +1183,7 @@
-
- #include "ssherr.h"
- #include "sshbuf.h"
--+#include "canohost.h"
-++#include "packet.h"
- #include "digest.h"
-
- #if OPENSSL_VERSION_NUMBER >= 0x00907000L
-@@ -1312,8 +1225,8 @@
- + */
- + if (ctos && !log_flag) {
- + logit("SSH: Server;Ltype: Kex;Remote: %s-%d;Enc: %s;MAC: %s;Comp: %s",
--+ ssh_get_remote_ipaddr(ssh),
--+ ssh_get_remote_port(ssh),
-++ ssh_remote_ipaddr(ssh),
-++ ssh_remote_port(ssh),
- + newkeys->enc.name,
- + authlen == 0 ? newkeys->mac.name : "<implicit>",
- + newkeys->comp.name);
-@@ -1430,7 +1343,7 @@
- + rekey_requested = 0;
- + return 1;
- + }
--+
-++
- /* Time-based rekeying */
- if (state->rekey_interval != 0 &&
- state->rekey_time + state->rekey_interval <= monotime())
-@@ -1490,7 +1403,7 @@
-
- transferred = *counter - (cur_pos ? cur_pos : start_pos);
- cur_pos = *counter;
-- now = monotime();
-+ now = monotime_double();
- bytes_left = end_pos - cur_pos;
-
- + delta_pos = cur_pos - last_pos;
-@@ -1564,8 +1477,8 @@
- { "canonicaldomains", oCanonicalDomains },
- { "canonicalizefallbacklocal", oCanonicalizeFallbackLocal },
- @@ -282,6 +287,11 @@ static struct {
-- { "pubkeyacceptedkeytypes", oPubkeyAcceptedKeyTypes },
- { "ignoreunknown", oIgnoreUnknown },
-+ { "proxyjump", oProxyJump },
-
- + { "tcprcvbufpoll", oTcpRcvBufPoll },
- + { "tcprcvbuf", oTcpRcvBuf },
-@@ -1736,8 +1649,8 @@
- off_t size, statbytes;
- unsigned long long ull;
- int setimes, targisdir, wrerrno = 0;
--- char ch, *cp, *np, *targ, *why, *vect[1], buf[2048];
--+ char ch, *cp, *np, *targ, *why, *vect[1], buf[16384];
-+- char ch, *cp, *np, *targ, *why, *vect[1], buf[2048], visbuf[2048];
-++ char ch, *cp, *np, *targ, *why, *vect[1], buf[16384], visbuf[16384];
- struct timeval tv[2];
-
- #define atime tv[0]
-@@ -1956,32 +1869,6 @@
- }
-
- /*
--@@ -820,11 +836,13 @@ void
-- server_loop2(Authctxt *authctxt)
-- {
-- fd_set *readset = NULL, *writeset = NULL;
--+ double start_time, total_time;
-- int max_fd;
-- u_int nalloc = 0;
-- u_int64_t rekey_timeout_ms = 0;
--
-- debug("Entering interactive session for SSH2.");
--+ start_time = get_current_time();
--
-- mysignal(SIGCHLD, sigchld_handler);
-- child_terminated = 0;
--@@ -883,6 +901,11 @@ server_loop2(Authctxt *authctxt)
--
-- /* free remaining sessions, e.g. remove wtmp entries */
-- session_destroy_all(NULL);
--+ total_time = get_current_time() - start_time;
--+ logit("SSH: Server;LType: Throughput;Remote: %s-%d;IN: %lu;OUT: %lu;Duration: %.1f;tPut_in: %.1f;tPut_out: %.1f",
--+ get_remote_ipaddr(), get_remote_port(),
--+ stdin_bytes, fdout_bytes, total_time, stdin_bytes / total_time,
--+ fdout_bytes / total_time);
-- }
--
-- static int
- @@ -1041,8 +1064,12 @@ server_request_tun(void)
- sock = tun_open(tun, mode);
- if (sock < 0)
-@@ -2372,10 +2259,10 @@
- debug("Client protocol version %d.%d; client software version %.100s",
- remote_major, remote_minor, remote_version);
- + logit("SSH: Server;Ltype: Version;Remote: %s-%d;Protocol: %d.%d;Client: %.100s",
--+ get_remote_ipaddr(), get_remote_port(),
-++ ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),
- + remote_major, remote_minor, remote_version);
-
-- active_state->compat = compat_datafellows(remote_version);
-+ ssh->compat = compat_datafellows(remote_version);
-
- @@ -1160,6 +1163,8 @@ server_listen(void)
- int ret, listen_sock, on = 1;
-@@ -2413,7 +2300,7 @@
- if (options.challenge_response_authentication)
- options.kbd_interactive_authentication = 1;
- @@ -2151,6 +2168,9 @@ main(int ac, char **av)
-- remote_ip, remote_port, laddr, get_local_port());
-+ remote_ip, remote_port, laddr, ssh_local_port(ssh));
- free(laddr);
-
- + /* set the HPN options for the child */
-@@ -2486,11 +2373,10 @@
- index eb4e948..3692722 100644
- --- a/version.h
- +++ b/version.h
--@@ -3,4 +3,6 @@
-- #define SSH_VERSION "OpenSSH_7.2"
-+@@ -3,4 +3,5 @@
-+ #define SSH_VERSION "OpenSSH_7.3"
-
-- #define SSH_PORTABLE "p2"
-+ #define SSH_PORTABLE "p1"
- -#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
- +#define SSH_HPN "-hpn14v11"
- +#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN
--+
diff --git a/net-misc/openssh/files/openssh-7.3_p1-hpn-x509-glue.patch b/net-misc/openssh/files/openssh-7.3_p1-hpn-x509-glue.patch
index 443392540f6c..d458e9efd7c0 100644
--- a/net-misc/openssh/files/openssh-7.3_p1-hpn-x509-glue.patch
+++ b/net-misc/openssh/files/openssh-7.3_p1-hpn-x509-glue.patch
@@ -1,5 +1,5 @@
---- openssh-7_2_P2-hpn-14.10.diff.clean 2016-09-01 12:11:41.120750207 -0700
-+++ openssh-7_2_P2-hpn-14.10.diff 2016-09-01 14:00:44.311487904 -0700
+--- a/openssh-7.3_p1-hpn-14.10.patch 12:11:41.120750207 -0700
++++ b/openssh-7.3_p1-hpn-14.10.patch 14:00:44.311487904 -0700
@@ -141,7 +141,7 @@
@@ -44,7 +44,7 @@ CC=@CC@
LD=@LD@
diff --git a/net-misc/openssh/openssh-7.3_p1-r3.ebuild b/net-misc/openssh/openssh-7.3_p1-r3.ebuild
index be91ad461a22..0e26a92de406 100644
--- a/net-misc/openssh/openssh-7.3_p1-r3.ebuild
+++ b/net-misc/openssh/openssh-7.3_p1-r3.ebuild
@@ -9,13 +9,10 @@ inherit eutils user flag-o-matic multilib autotools pam systemd versionator
# Make it more portable between straight releases
# and _p? releases.
PARCH=${P/_}
-HPN_PV="7.2_p2"
+HPN_PV="${PV}"
HPN_VER="14.10"
-HPN_DIR_PV="${HPN_PV/_}"
-HPN_PV="${HPN_PV/./_}"
-
-HPN_PATCH="${PN}-${HPN_PV/p/P}-hpn-14.10.diff"
+HPN_PATCH="${PN}-${HPN_PV}-hpn-14.10.patch"
SCTP_PATCH="${PN}-7.3_p1-sctp.patch.xz"
LDAP_PATCH="${PN}-lpk-7.3p1-0.3.14.patch.xz"
X509_VER="9.1" X509_PATCH="${PN}-${PV/_}+x509-${X509_VER}.diff.gz"
@@ -25,8 +22,8 @@ HOMEPAGE="http://www.openssh.org/"
SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
${SCTP_PATCH:+mirror://gentoo/${SCTP_PATCH}}
${HPN_PATCH:+hpn? (
- mirror://gentoo/${HPN_PATCH}
- mirror://sourceforge/project/hpnssh/HPN-SSH%20${HPN_VER/./v}%20${HPN_DIR_PV}/${HPN_PATCH}
+ mirror://gentoo/${HPN_PATCH}.xz
+ http://dev.gentoo.org/~chutzpah/${HPN_PATCH}.xz
)}
${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )}
${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )}
@@ -121,8 +118,6 @@ src_prepare() {
# don't break .ssh/authorized_keys2 for fun
sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die
- use hpn && cp -L "${DISTDIR}"/${HPN_PATCH} "${WORKDIR}"/${HPN_PATCH}
-
if use X509 ; then
pushd .. >/dev/null
if use hpn ; then
@@ -133,24 +128,23 @@ src_prepare() {
epatch "${FILESDIR}"/${PN}-7.3_p1-sctp-x509-glue.patch
popd >/dev/null
epatch "${WORKDIR}"/${X509_PATCH%.*}
- #epatch "${FILESDIR}"/${PN}-7.1_p2-x509-hpn14v10-glue.patch
- #save_version X509
+ save_version X509
fi
if use ldap ; then
epatch "${WORKDIR}"/${LDAP_PATCH%.*}
save_version LPK
fi
+
epatch "${FILESDIR}"/${PN}-7.3_p1-GSSAPI-dns.patch #165444 integrated into gsskex
epatch "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch
epatch "${WORKDIR}"/${SCTP_PATCH%.*}
+
if use hpn ; then
#EPATCH_FORCE="yes" EPATCH_SUFFIX="patch" \
# EPATCH_MULTI_MSG="Applying HPN patchset ..." \
# epatch "${WORKDIR}"/${HPN_PATCH%.*.*}
- pushd "${WORKDIR}" >/dev/null
- epatch "${FILESDIR}"/${P}-hpn-update.patch
- popd >/dev/null
epatch "${WORKDIR}"/${HPN_PATCH}
+ epatch "${FILESDIR}"/${P}-hpn-cipher-ctr-mt-no-deadlocks.patch
save_version HPN
fi