Sophie: openssh-6.6p1-5.10.mga5 src

openssh-6.6p1-5.10.mga5.src.rpm

--- openssh-6.6p1/kex.c.orig	2017-12-27 19:05:27.270978025 -0500
+++ openssh-6.6p1/kex.c	2017-12-27 19:07:10.806525184 -0500
@@ -391,8 +391,6 @@ choose_comp(Comp *comp, char *client, ch
 		fatal("no matching comp found: client %s server %s", client, server);
 	if (strcmp(name, "zlib@openssh.com") == 0) {
 		comp->type = COMP_DELAYED;
-	} else if (strcmp(name, "zlib") == 0) {
-		comp->type = COMP_ZLIB;
 	} else if (strcmp(name, "none") == 0) {
 		comp->type = COMP_NONE;
 	} else {
--- a/kex.h
+++ b/kex.h
@@ -44,12 +44,11 @@ 
 #define	KEX_ECDH_SHA2_NISTP384	"ecdh-sha2-nistp384"
 #define	KEX_ECDH_SHA2_NISTP521	"ecdh-sha2-nistp521"
 #define	KEX_CURVE25519_SHA256	"curve25519-sha256@libssh.org"
 
 #define COMP_NONE	0
-#define COMP_ZLIB	1
-#define COMP_DELAYED	2
+#define COMP_DELAYED	1
 
 enum kex_init_proposals {
 	PROPOSAL_KEX_ALGS,
 	PROPOSAL_SERVER_HOST_KEY_ALGS,
 	PROPOSAL_ENC_ALGS_CTOS,
--- openssh-6.6p1/Makefile.in.orig	2017-12-27 19:05:24.785989150 -0500
+++ openssh-6.6p1/Makefile.in	2017-12-27 19:05:27.271978020 -0500
@@ -92,7 +92,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw
 	auth-chall.o auth2-chall.o groupaccess.o \
 	auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o \
 	auth2-none.o auth2-passwd.o auth2-pubkey.o \
-	monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o kexecdhs.o \
+	monitor.o monitor_wrap.o kexdhs.o kexgexs.o kexecdhs.o \
 	kexc25519s.o auth-krb5.o \
 	auth2-gss.o gss-serv.o gss-serv-krb5.o \
 	loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
--- openssh-6.6p1/monitor.c.orig	2017-12-27 19:05:24.791989123 -0500
+++ openssh-6.6p1/monitor.c	2017-12-27 19:05:27.271978020 -0500
@@ -86,7 +86,6 @@
 #include "log.h"
 #include "servconf.h"
 #include "monitor.h"
-#include "monitor_mm.h"
 #ifdef GSSAPI
 #include "ssh-gss.h"
 #endif
@@ -116,8 +115,6 @@ extern Buffer loginmsg;
 /* State exported from the child */
 
 struct {
-	z_stream incoming;
-	z_stream outgoing;
 	u_char *keyin;
 	u_int keyinlen;
 	u_char *keyout;
@@ -478,15 +475,6 @@ monitor_child_postauth(struct monitor *p
 		monitor_read(pmonitor, mon_dispatch, NULL);
 }
 
-void
-monitor_sync(struct monitor *pmonitor)
-{
-	if (options.compression) {
-		/* The member allocation is not visible, so sync it */
-		mm_share_sync(&pmonitor->m_zlib, &pmonitor->m_zback);
-	}
-}
-
 static int
 monitor_read_log(struct monitor *pmonitor)
 {
@@ -1783,15 +1771,6 @@ monitor_apply_keystate(struct monitor *p
 		free(child_state.ivin);
 	}
 
-	memcpy(&incoming_stream, &child_state.incoming,
-	    sizeof(incoming_stream));
-	memcpy(&outgoing_stream, &child_state.outgoing,
-	    sizeof(outgoing_stream));
-
-	/* Update with new address */
-	if (options.compression)
-		mm_init_compression(pmonitor->m_zlib);
-
 	if (options.rekey_limit || options.rekey_interval)
 		packet_set_rekey_limits((u_int32_t)options.rekey_limit,
 		    (time_t)options.rekey_interval);
@@ -1863,8 +1842,8 @@ void
 mm_get_keystate(struct monitor *pmonitor)
 {
 	Buffer m;
-	u_char *blob, *p;
-	u_int bloblen, plen;
+	u_char *blob;
+	u_int bloblen;
 	u_int32_t seqnr, packets;
 	u_int64_t blocks, bytes;
 
@@ -1912,20 +1891,6 @@ mm_get_keystate(struct monitor *pmonitor
 	child_state.keyout = buffer_get_string(&m, &child_state.keyoutlen);
 	child_state.keyin  = buffer_get_string(&m, &child_state.keyinlen);
 
-	debug3("%s: Getting compression state", __func__);
-	/* Get compression state */
-	p = buffer_get_string(&m, &plen);
-	if (plen != sizeof(child_state.outgoing))
-		fatal("%s: bad request size", __func__);
-	memcpy(&child_state.outgoing, p, sizeof(child_state.outgoing));
-	free(p);
-
-	p = buffer_get_string(&m, &plen);
-	if (plen != sizeof(child_state.incoming))
-		fatal("%s: bad request size", __func__);
-	memcpy(&child_state.incoming, p, sizeof(child_state.incoming));
-	free(p);
-
 	/* Network I/O buffers */
 	debug3("%s: Getting Network I/O buffers", __func__);
 	child_state.input = buffer_get_string(&m, &child_state.ilen);
@@ -1940,40 +1905,6 @@ mm_get_keystate(struct monitor *pmonitor
 	buffer_free(&m);
 }
 
-
-/* Allocation functions for zlib */
-void *
-mm_zalloc(struct mm_master *mm, u_int ncount, u_int size)
-{
-	size_t len = (size_t) size * ncount;
-	void *address;
-
-	if (len == 0 || ncount > SIZE_T_MAX / size)
-		fatal("%s: mm_zalloc(%u, %u)", __func__, ncount, size);
-
-	address = mm_malloc(mm, len);
-
-	return (address);
-}
-
-void
-mm_zfree(struct mm_master *mm, void *address)
-{
-	mm_free(mm, address);
-}
-
-void
-mm_init_compression(struct mm_master *mm)
-{
-	outgoing_stream.zalloc = (alloc_func)mm_zalloc;
-	outgoing_stream.zfree = (free_func)mm_zfree;
-	outgoing_stream.opaque = mm;
-
-	incoming_stream.zalloc = (alloc_func)mm_zalloc;
-	incoming_stream.zfree = (free_func)mm_zfree;
-	incoming_stream.opaque = mm;
-}
-
 /* XXX */
 
 #define FD_CLOSEONEXEC(x) do { \
@@ -2015,14 +1946,6 @@ monitor_init(void)
 
 	monitor_openfds(mon, 1);
 
-	/* Used to share zlib space across processes */
-	if (options.compression) {
-		mon->m_zback = mm_create(NULL, MM_MEMSIZE);
-		mon->m_zlib = mm_create(mon->m_zback, 20 * MM_MEMSIZE);
-
-		/* Compression needs to share state across borders */
-		mm_init_compression(mon->m_zlib);
-	}
 
 	return mon;
 }
--- openssh-6.6p1/monitor.h.orig	2014-02-03 19:12:57.000000000 -0500
+++ openssh-6.6p1/monitor.h	2017-12-27 19:05:27.271978020 -0500
@@ -67,21 +67,17 @@ enum monitor_reqtype {
 
 };
 
-struct mm_master;
 struct monitor {
 	int			 m_recvfd;
 	int			 m_sendfd;
 	int			 m_log_recvfd;
 	int			 m_log_sendfd;
-	struct mm_master	*m_zback;
-	struct mm_master	*m_zlib;
 	struct Kex		**m_pkex;
 	pid_t			 m_pid;
 };
 
 struct monitor *monitor_init(void);
 void monitor_reinit(struct monitor *);
-void monitor_sync(struct monitor *);
 
 struct Authctxt;
 void monitor_child_preauth(struct Authctxt *, struct monitor *);
--- openssh-6.6p1/monitor_wrap.c.orig	2017-12-27 19:05:24.792989119 -0500
+++ openssh-6.6p1/monitor_wrap.c	2017-12-27 19:05:27.271978020 -0500
@@ -145,7 +145,6 @@ mm_request_receive(int sock, Buffer *m)
 	u_int msg_len;
 
 	debug3("%s entering", __func__);
-
 	if (atomicio(read, sock, buf, sizeof(buf)) != sizeof(buf)) {
 		if (errno == EPIPE)
 			cleanup_exit(255);
@@ -512,7 +511,6 @@ mm_newkeys_from_blob(u_char *blob, int b
 
 	/* Comp structure */
 	comp->type = buffer_get_int(&b);
-	comp->enabled = buffer_get_int(&b);
 	comp->name = buffer_get_string(&b, NULL);
 
 	len = buffer_len(&b);
@@ -562,7 +560,6 @@ mm_newkeys_to_blob(int mode, u_char **bl
 
 	/* Comp structure */
 	buffer_put_int(&b, comp->type);
-	buffer_put_int(&b, comp->enabled);
 	buffer_put_cstring(&b, comp->name);
 
 	len = buffer_len(&b);
@@ -674,11 +671,6 @@ mm_send_keystate(struct monitor *monitor
 	buffer_put_string(&m, p, plen);
 	free(p);
 
-	/* Compression state */
-	debug3("%s: Sending compression state", __func__);
-	buffer_put_string(&m, &outgoing_stream, sizeof(outgoing_stream));
-	buffer_put_string(&m, &incoming_stream, sizeof(incoming_stream));
-
 	/* Network I/O buffers */
 	input = (Buffer *)packet_get_input();
 	output = (Buffer *)packet_get_output();
--- openssh-6.6p1/monitor_wrap.h.orig	2014-02-03 19:12:57.000000000 -0500
+++ openssh-6.6p1/monitor_wrap.h	2017-12-27 19:05:27.271978020 -0500
@@ -102,10 +102,4 @@ int mm_bsdauth_respond(void *, u_int, ch
 int mm_skey_query(void *, char **, char **, u_int *, char ***, u_int **);
 int mm_skey_respond(void *, u_int, char **);
 
-/* zlib allocation hooks */
-
-void *mm_zalloc(struct mm_master *, u_int, u_int);
-void mm_zfree(struct mm_master *, void *);
-void mm_init_compression(struct mm_master *);
-
 #endif /* _MM_WRAP_H_ */
--- openssh-6.6p1/myproposal.h.orig	2013-12-06 19:24:02.000000000 -0500
+++ openssh-6.6p1/myproposal.h	2017-12-27 19:05:27.271978020 -0500
@@ -130,7 +130,7 @@
 	"hmac-sha1-96," \
 	"hmac-md5-96"
 
-#define	KEX_DEFAULT_COMP	"none,zlib@openssh.com,zlib"
+#define	KEX_DEFAULT_COMP	"none,zlib@openssh.com"
 #define	KEX_DEFAULT_LANG	""
 
 
--- openssh-6.6p1/packet.c.orig	2014-02-03 19:20:15.000000000 -0500
+++ openssh-6.6p1/packet.c	2017-12-27 19:05:27.272978015 -0500
@@ -790,8 +790,7 @@ set_newkeys(int mode)
 	/* explicit_bzero(enc->iv,  enc->block_size);
 	   explicit_bzero(enc->key, enc->key_len);
 	   explicit_bzero(mac->key, mac->key_len); */
-	if ((comp->type == COMP_ZLIB ||
-	    (comp->type == COMP_DELAYED &&
+	if (((comp->type == COMP_DELAYED &&
 	     active_state->after_authentication)) && comp->enabled == 0) {
 		packet_init_compression();
 		if (mode == MODE_OUT)
@@ -799,6 +798,7 @@ set_newkeys(int mode)
 		else
 			buffer_compress_init_recv();
 		comp->enabled = 1;
+
 	}
 	/*
 	 * The 2^(blocksize*2) limit is too expensive for 3DES,
@@ -1989,6 +1989,7 @@ void
 packet_set_authenticated(void)
 {
 	active_state->after_authentication = 1;
+	packet_enable_delayed_compress();
 }
 
 void *
--- openssh-6.6p1/servconf.c.orig	2014-02-03 19:12:57.000000000 -0500
+++ openssh-6.6p1/servconf.c	2017-12-27 19:05:27.272978015 -0500
@@ -794,8 +794,8 @@ static const struct multistate multistat
 	{ NULL, -1 }
 };
 static const struct multistate multistate_compression[] = {
+	{ "yes",			COMP_DELAYED },
 	{ "delayed",			COMP_DELAYED },
-	{ "yes",			COMP_ZLIB },
 	{ "no",				COMP_NONE },
 	{ NULL, -1 }
 };
--- openssh-6.6p1/sshd.c.orig	2017-12-27 19:05:24.789989132 -0500
+++ openssh-6.6p1/sshd.c	2017-12-27 19:05:27.272978015 -0500
@@ -112,7 +112,6 @@
 #include "dispatch.h"
 #include "channels.h"
 #include "session.h"
-#include "monitor_mm.h"
 #include "monitor.h"
 #ifdef GSSAPI
 #include "ssh-gss.h"
@@ -680,9 +679,6 @@ privsep_preauth(Authctxt *authctxt)
 			ssh_sandbox_parent_preauth(box, pid);
 		monitor_child_preauth(authctxt, pmonitor);
 
-		/* Sync memory */
-		monitor_sync(pmonitor);
-
 		/* Wait for the child's exit status */
 		while (waitpid(pid, &status, 0) < 0) {
 			if (errno == EINTR)
@@ -2455,9 +2451,6 @@ do_ssh2_kex(void)
 	if (options.compression == COMP_NONE) {
 		myproposal[PROPOSAL_COMP_ALGS_CTOS] =
 		myproposal[PROPOSAL_COMP_ALGS_STOC] = "none";
-	} else if (options.compression == COMP_DELAYED) {
-		myproposal[PROPOSAL_COMP_ALGS_CTOS] =
-		myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib@openssh.com";
 	}
 	if (options.kex_algorithms != NULL)
 		myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms;
--- openssh-6.6p1/sshd_config.5.orig	2014-02-27 18:01:28.000000000 -0500
+++ openssh-6.6p1/sshd_config.5	2017-12-27 19:05:27.272978015 -0500
@@ -404,15 +404,17 @@ The default
 is 0, indicating that these messages will not be sent to the client.
 This option applies to protocol version 2 only.
 .It Cm Compression
-Specifies whether compression is allowed, or delayed until
+Specifies whether compression is enabled after
 the user has authenticated successfully.
 The argument must be
 .Dq yes ,
-.Dq delayed ,
+.Dq delayed
+(a legacy synonym for
+.Dq yes )
 or
 .Dq no .
 The default is
-.Dq delayed .
+.Dq yes .
 .It Cm DenyGroups
 This keyword can be followed by a list of group name patterns, separated
 by spaces.