1 |
--- openssh-6.6p1/kex.c.orig 2017-12-27 19:05:27.270978025 -0500 |
2 |
+++ openssh-6.6p1/kex.c 2017-12-27 19:07:10.806525184 -0500 |
3 |
@@ -391,8 +391,6 @@ choose_comp(Comp *comp, char *client, ch |
4 |
fatal("no matching comp found: client %s server %s", client, server); |
5 |
if (strcmp(name, "zlib@openssh.com") == 0) { |
6 |
comp->type = COMP_DELAYED; |
7 |
- } else if (strcmp(name, "zlib") == 0) { |
8 |
- comp->type = COMP_ZLIB; |
9 |
} else if (strcmp(name, "none") == 0) { |
10 |
comp->type = COMP_NONE; |
11 |
} else { |
12 |
--- a/kex.h |
13 |
+++ b/kex.h |
14 |
@@ -44,12 +44,11 @@ |
15 |
#define KEX_ECDH_SHA2_NISTP384 "ecdh-sha2-nistp384" |
16 |
#define KEX_ECDH_SHA2_NISTP521 "ecdh-sha2-nistp521" |
17 |
#define KEX_CURVE25519_SHA256 "curve25519-sha256@libssh.org" |
18 |
|
19 |
#define COMP_NONE 0 |
20 |
-#define COMP_ZLIB 1 |
21 |
-#define COMP_DELAYED 2 |
22 |
+#define COMP_DELAYED 1 |
23 |
|
24 |
enum kex_init_proposals { |
25 |
PROPOSAL_KEX_ALGS, |
26 |
PROPOSAL_SERVER_HOST_KEY_ALGS, |
27 |
PROPOSAL_ENC_ALGS_CTOS, |
28 |
--- openssh-6.6p1/Makefile.in.orig 2017-12-27 19:05:24.785989150 -0500 |
29 |
+++ openssh-6.6p1/Makefile.in 2017-12-27 19:05:27.271978020 -0500 |
30 |
@@ -92,7 +92,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw |
31 |
auth-chall.o auth2-chall.o groupaccess.o \ |
32 |
auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o \ |
33 |
auth2-none.o auth2-passwd.o auth2-pubkey.o \ |
34 |
- monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o kexecdhs.o \ |
35 |
+ monitor.o monitor_wrap.o kexdhs.o kexgexs.o kexecdhs.o \ |
36 |
kexc25519s.o auth-krb5.o \ |
37 |
auth2-gss.o gss-serv.o gss-serv-krb5.o \ |
38 |
loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \ |
39 |
--- openssh-6.6p1/monitor.c.orig 2017-12-27 19:05:24.791989123 -0500 |
40 |
+++ openssh-6.6p1/monitor.c 2017-12-27 19:05:27.271978020 -0500 |
41 |
@@ -86,7 +86,6 @@ |
42 |
#include "log.h" |
43 |
#include "servconf.h" |
44 |
#include "monitor.h" |
45 |
-#include "monitor_mm.h" |
46 |
#ifdef GSSAPI |
47 |
#include "ssh-gss.h" |
48 |
#endif |
49 |
@@ -116,8 +115,6 @@ extern Buffer loginmsg; |
50 |
/* State exported from the child */ |
51 |
|
52 |
struct { |
53 |
- z_stream incoming; |
54 |
- z_stream outgoing; |
55 |
u_char *keyin; |
56 |
u_int keyinlen; |
57 |
u_char *keyout; |
58 |
@@ -478,15 +475,6 @@ monitor_child_postauth(struct monitor *p |
59 |
monitor_read(pmonitor, mon_dispatch, NULL); |
60 |
} |
61 |
|
62 |
-void |
63 |
-monitor_sync(struct monitor *pmonitor) |
64 |
-{ |
65 |
- if (options.compression) { |
66 |
- /* The member allocation is not visible, so sync it */ |
67 |
- mm_share_sync(&pmonitor->m_zlib, &pmonitor->m_zback); |
68 |
- } |
69 |
-} |
70 |
- |
71 |
static int |
72 |
monitor_read_log(struct monitor *pmonitor) |
73 |
{ |
74 |
@@ -1783,15 +1771,6 @@ monitor_apply_keystate(struct monitor *p |
75 |
free(child_state.ivin); |
76 |
} |
77 |
|
78 |
- memcpy(&incoming_stream, &child_state.incoming, |
79 |
- sizeof(incoming_stream)); |
80 |
- memcpy(&outgoing_stream, &child_state.outgoing, |
81 |
- sizeof(outgoing_stream)); |
82 |
- |
83 |
- /* Update with new address */ |
84 |
- if (options.compression) |
85 |
- mm_init_compression(pmonitor->m_zlib); |
86 |
- |
87 |
if (options.rekey_limit || options.rekey_interval) |
88 |
packet_set_rekey_limits((u_int32_t)options.rekey_limit, |
89 |
(time_t)options.rekey_interval); |
90 |
@@ -1863,8 +1842,8 @@ void |
91 |
mm_get_keystate(struct monitor *pmonitor) |
92 |
{ |
93 |
Buffer m; |
94 |
- u_char *blob, *p; |
95 |
- u_int bloblen, plen; |
96 |
+ u_char *blob; |
97 |
+ u_int bloblen; |
98 |
u_int32_t seqnr, packets; |
99 |
u_int64_t blocks, bytes; |
100 |
|
101 |
@@ -1912,20 +1891,6 @@ mm_get_keystate(struct monitor *pmonitor |
102 |
child_state.keyout = buffer_get_string(&m, &child_state.keyoutlen); |
103 |
child_state.keyin = buffer_get_string(&m, &child_state.keyinlen); |
104 |
|
105 |
- debug3("%s: Getting compression state", __func__); |
106 |
- /* Get compression state */ |
107 |
- p = buffer_get_string(&m, &plen); |
108 |
- if (plen != sizeof(child_state.outgoing)) |
109 |
- fatal("%s: bad request size", __func__); |
110 |
- memcpy(&child_state.outgoing, p, sizeof(child_state.outgoing)); |
111 |
- free(p); |
112 |
- |
113 |
- p = buffer_get_string(&m, &plen); |
114 |
- if (plen != sizeof(child_state.incoming)) |
115 |
- fatal("%s: bad request size", __func__); |
116 |
- memcpy(&child_state.incoming, p, sizeof(child_state.incoming)); |
117 |
- free(p); |
118 |
- |
119 |
/* Network I/O buffers */ |
120 |
debug3("%s: Getting Network I/O buffers", __func__); |
121 |
child_state.input = buffer_get_string(&m, &child_state.ilen); |
122 |
@@ -1940,40 +1905,6 @@ mm_get_keystate(struct monitor *pmonitor |
123 |
buffer_free(&m); |
124 |
} |
125 |
|
126 |
- |
127 |
-/* Allocation functions for zlib */ |
128 |
-void * |
129 |
-mm_zalloc(struct mm_master *mm, u_int ncount, u_int size) |
130 |
-{ |
131 |
- size_t len = (size_t) size * ncount; |
132 |
- void *address; |
133 |
- |
134 |
- if (len == 0 || ncount > SIZE_T_MAX / size) |
135 |
- fatal("%s: mm_zalloc(%u, %u)", __func__, ncount, size); |
136 |
- |
137 |
- address = mm_malloc(mm, len); |
138 |
- |
139 |
- return (address); |
140 |
-} |
141 |
- |
142 |
-void |
143 |
-mm_zfree(struct mm_master *mm, void *address) |
144 |
-{ |
145 |
- mm_free(mm, address); |
146 |
-} |
147 |
- |
148 |
-void |
149 |
-mm_init_compression(struct mm_master *mm) |
150 |
-{ |
151 |
- outgoing_stream.zalloc = (alloc_func)mm_zalloc; |
152 |
- outgoing_stream.zfree = (free_func)mm_zfree; |
153 |
- outgoing_stream.opaque = mm; |
154 |
- |
155 |
- incoming_stream.zalloc = (alloc_func)mm_zalloc; |
156 |
- incoming_stream.zfree = (free_func)mm_zfree; |
157 |
- incoming_stream.opaque = mm; |
158 |
-} |
159 |
- |
160 |
/* XXX */ |
161 |
|
162 |
#define FD_CLOSEONEXEC(x) do { \ |
163 |
@@ -2015,14 +1946,6 @@ monitor_init(void) |
164 |
|
165 |
monitor_openfds(mon, 1); |
166 |
|
167 |
- /* Used to share zlib space across processes */ |
168 |
- if (options.compression) { |
169 |
- mon->m_zback = mm_create(NULL, MM_MEMSIZE); |
170 |
- mon->m_zlib = mm_create(mon->m_zback, 20 * MM_MEMSIZE); |
171 |
- |
172 |
- /* Compression needs to share state across borders */ |
173 |
- mm_init_compression(mon->m_zlib); |
174 |
- } |
175 |
|
176 |
return mon; |
177 |
} |
178 |
--- openssh-6.6p1/monitor.h.orig 2014-02-03 19:12:57.000000000 -0500 |
179 |
+++ openssh-6.6p1/monitor.h 2017-12-27 19:05:27.271978020 -0500 |
180 |
@@ -67,21 +67,17 @@ enum monitor_reqtype { |
181 |
|
182 |
}; |
183 |
|
184 |
-struct mm_master; |
185 |
struct monitor { |
186 |
int m_recvfd; |
187 |
int m_sendfd; |
188 |
int m_log_recvfd; |
189 |
int m_log_sendfd; |
190 |
- struct mm_master *m_zback; |
191 |
- struct mm_master *m_zlib; |
192 |
struct Kex **m_pkex; |
193 |
pid_t m_pid; |
194 |
}; |
195 |
|
196 |
struct monitor *monitor_init(void); |
197 |
void monitor_reinit(struct monitor *); |
198 |
-void monitor_sync(struct monitor *); |
199 |
|
200 |
struct Authctxt; |
201 |
void monitor_child_preauth(struct Authctxt *, struct monitor *); |
202 |
--- openssh-6.6p1/monitor_wrap.c.orig 2017-12-27 19:05:24.792989119 -0500 |
203 |
+++ openssh-6.6p1/monitor_wrap.c 2017-12-27 19:05:27.271978020 -0500 |
204 |
@@ -145,7 +145,6 @@ mm_request_receive(int sock, Buffer *m) |
205 |
u_int msg_len; |
206 |
|
207 |
debug3("%s entering", __func__); |
208 |
- |
209 |
if (atomicio(read, sock, buf, sizeof(buf)) != sizeof(buf)) { |
210 |
if (errno == EPIPE) |
211 |
cleanup_exit(255); |
212 |
@@ -512,7 +511,6 @@ mm_newkeys_from_blob(u_char *blob, int b |
213 |
|
214 |
/* Comp structure */ |
215 |
comp->type = buffer_get_int(&b); |
216 |
- comp->enabled = buffer_get_int(&b); |
217 |
comp->name = buffer_get_string(&b, NULL); |
218 |
|
219 |
len = buffer_len(&b); |
220 |
@@ -562,7 +560,6 @@ mm_newkeys_to_blob(int mode, u_char **bl |
221 |
|
222 |
/* Comp structure */ |
223 |
buffer_put_int(&b, comp->type); |
224 |
- buffer_put_int(&b, comp->enabled); |
225 |
buffer_put_cstring(&b, comp->name); |
226 |
|
227 |
len = buffer_len(&b); |
228 |
@@ -674,11 +671,6 @@ mm_send_keystate(struct monitor *monitor |
229 |
buffer_put_string(&m, p, plen); |
230 |
free(p); |
231 |
|
232 |
- /* Compression state */ |
233 |
- debug3("%s: Sending compression state", __func__); |
234 |
- buffer_put_string(&m, &outgoing_stream, sizeof(outgoing_stream)); |
235 |
- buffer_put_string(&m, &incoming_stream, sizeof(incoming_stream)); |
236 |
- |
237 |
/* Network I/O buffers */ |
238 |
input = (Buffer *)packet_get_input(); |
239 |
output = (Buffer *)packet_get_output(); |
240 |
--- openssh-6.6p1/monitor_wrap.h.orig 2014-02-03 19:12:57.000000000 -0500 |
241 |
+++ openssh-6.6p1/monitor_wrap.h 2017-12-27 19:05:27.271978020 -0500 |
242 |
@@ -102,10 +102,4 @@ int mm_bsdauth_respond(void *, u_int, ch |
243 |
int mm_skey_query(void *, char **, char **, u_int *, char ***, u_int **); |
244 |
int mm_skey_respond(void *, u_int, char **); |
245 |
|
246 |
-/* zlib allocation hooks */ |
247 |
- |
248 |
-void *mm_zalloc(struct mm_master *, u_int, u_int); |
249 |
-void mm_zfree(struct mm_master *, void *); |
250 |
-void mm_init_compression(struct mm_master *); |
251 |
- |
252 |
#endif /* _MM_WRAP_H_ */ |
253 |
--- openssh-6.6p1/myproposal.h.orig 2013-12-06 19:24:02.000000000 -0500 |
254 |
+++ openssh-6.6p1/myproposal.h 2017-12-27 19:05:27.271978020 -0500 |
255 |
@@ -130,7 +130,7 @@ |
256 |
"hmac-sha1-96," \ |
257 |
"hmac-md5-96" |
258 |
|
259 |
-#define KEX_DEFAULT_COMP "none,zlib@openssh.com,zlib" |
260 |
+#define KEX_DEFAULT_COMP "none,zlib@openssh.com" |
261 |
#define KEX_DEFAULT_LANG "" |
262 |
|
263 |
|
264 |
--- openssh-6.6p1/packet.c.orig 2014-02-03 19:20:15.000000000 -0500 |
265 |
+++ openssh-6.6p1/packet.c 2017-12-27 19:05:27.272978015 -0500 |
266 |
@@ -790,8 +790,7 @@ set_newkeys(int mode) |
267 |
/* explicit_bzero(enc->iv, enc->block_size); |
268 |
explicit_bzero(enc->key, enc->key_len); |
269 |
explicit_bzero(mac->key, mac->key_len); */ |
270 |
- if ((comp->type == COMP_ZLIB || |
271 |
- (comp->type == COMP_DELAYED && |
272 |
+ if (((comp->type == COMP_DELAYED && |
273 |
active_state->after_authentication)) && comp->enabled == 0) { |
274 |
packet_init_compression(); |
275 |
if (mode == MODE_OUT) |
276 |
@@ -799,6 +798,7 @@ set_newkeys(int mode) |
277 |
else |
278 |
buffer_compress_init_recv(); |
279 |
comp->enabled = 1; |
280 |
+ |
281 |
} |
282 |
/* |
283 |
* The 2^(blocksize*2) limit is too expensive for 3DES, |
284 |
@@ -1989,6 +1989,7 @@ void |
285 |
packet_set_authenticated(void) |
286 |
{ |
287 |
active_state->after_authentication = 1; |
288 |
+ packet_enable_delayed_compress(); |
289 |
} |
290 |
|
291 |
void * |
292 |
--- openssh-6.6p1/servconf.c.orig 2014-02-03 19:12:57.000000000 -0500 |
293 |
+++ openssh-6.6p1/servconf.c 2017-12-27 19:05:27.272978015 -0500 |
294 |
@@ -794,8 +794,8 @@ static const struct multistate multistat |
295 |
{ NULL, -1 } |
296 |
}; |
297 |
static const struct multistate multistate_compression[] = { |
298 |
+ { "yes", COMP_DELAYED }, |
299 |
{ "delayed", COMP_DELAYED }, |
300 |
- { "yes", COMP_ZLIB }, |
301 |
{ "no", COMP_NONE }, |
302 |
{ NULL, -1 } |
303 |
}; |
304 |
--- openssh-6.6p1/sshd.c.orig 2017-12-27 19:05:24.789989132 -0500 |
305 |
+++ openssh-6.6p1/sshd.c 2017-12-27 19:05:27.272978015 -0500 |
306 |
@@ -112,7 +112,6 @@ |
307 |
#include "dispatch.h" |
308 |
#include "channels.h" |
309 |
#include "session.h" |
310 |
-#include "monitor_mm.h" |
311 |
#include "monitor.h" |
312 |
#ifdef GSSAPI |
313 |
#include "ssh-gss.h" |
314 |
@@ -680,9 +679,6 @@ privsep_preauth(Authctxt *authctxt) |
315 |
ssh_sandbox_parent_preauth(box, pid); |
316 |
monitor_child_preauth(authctxt, pmonitor); |
317 |
|
318 |
- /* Sync memory */ |
319 |
- monitor_sync(pmonitor); |
320 |
- |
321 |
/* Wait for the child's exit status */ |
322 |
while (waitpid(pid, &status, 0) < 0) { |
323 |
if (errno == EINTR) |
324 |
@@ -2455,9 +2451,6 @@ do_ssh2_kex(void) |
325 |
if (options.compression == COMP_NONE) { |
326 |
myproposal[PROPOSAL_COMP_ALGS_CTOS] = |
327 |
myproposal[PROPOSAL_COMP_ALGS_STOC] = "none"; |
328 |
- } else if (options.compression == COMP_DELAYED) { |
329 |
- myproposal[PROPOSAL_COMP_ALGS_CTOS] = |
330 |
- myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib@openssh.com"; |
331 |
} |
332 |
if (options.kex_algorithms != NULL) |
333 |
myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms; |
334 |
--- openssh-6.6p1/sshd_config.5.orig 2014-02-27 18:01:28.000000000 -0500 |
335 |
+++ openssh-6.6p1/sshd_config.5 2017-12-27 19:05:27.272978015 -0500 |
336 |
@@ -404,15 +404,17 @@ The default |
337 |
is 0, indicating that these messages will not be sent to the client. |
338 |
This option applies to protocol version 2 only. |
339 |
.It Cm Compression |
340 |
-Specifies whether compression is allowed, or delayed until |
341 |
+Specifies whether compression is enabled after |
342 |
the user has authenticated successfully. |
343 |
The argument must be |
344 |
.Dq yes , |
345 |
-.Dq delayed , |
346 |
+.Dq delayed |
347 |
+(a legacy synonym for |
348 |
+.Dq yes ) |
349 |
or |
350 |
.Dq no . |
351 |
The default is |
352 |
-.Dq delayed . |
353 |
+.Dq yes . |
354 |
.It Cm DenyGroups |
355 |
This keyword can be followed by a list of group name patterns, separated |
356 |
by spaces. |