Drop unused patch
This commit is contained in:
Jakub Jelen
parent
bbf61daf97
commit
afaf23f6c3
@ -1,54 +0,0 @@
|
|||||||
diff -up openssh-6.8p1/compat.c.cisco-dh openssh-6.8p1/compat.c
|
|
||||||
--- openssh-6.8p1/compat.c.cisco-dh 2015-03-17 06:49:20.000000000 +0100
|
|
||||||
+++ openssh-6.8p1/compat.c 2015-03-19 12:57:58.862606969 +0100
|
|
||||||
@@ -167,6 +167,7 @@ compat_datafellows(const char *version)
|
|
||||||
SSH_BUG_SCANNER },
|
|
||||||
{ "Probe-*",
|
|
||||||
SSH_BUG_PROBE },
|
|
||||||
+ { "Cisco-*", SSH_BUG_MAX4096DH },
|
|
||||||
{ NULL, 0 }
|
|
||||||
};
|
|
||||||
|
|
||||||
diff -up openssh-6.8p1/compat.h.cisco-dh openssh-6.8p1/compat.h
|
|
||||||
--- openssh-6.8p1/compat.h.cisco-dh 2015-03-17 06:49:20.000000000 +0100
|
|
||||||
+++ openssh-6.8p1/compat.h 2015-03-19 12:57:58.862606969 +0100
|
|
||||||
@@ -60,6 +60,7 @@
|
|
||||||
#define SSH_NEW_OPENSSH 0x04000000
|
|
||||||
#define SSH_BUG_DYNAMIC_RPORT 0x08000000
|
|
||||||
#define SSH_BUG_CURVE25519PAD 0x10000000
|
|
||||||
+#define SSH_BUG_MAX4096DH 0x20000000
|
|
||||||
|
|
||||||
void enable_compat13(void);
|
|
||||||
void enable_compat20(void);
|
|
||||||
diff -up openssh-6.8p1/kexgexc.c.cisco-dh openssh-6.8p1/kexgexc.c
|
|
||||||
--- openssh-6.8p1/kexgexc.c.cisco-dh 2015-03-19 12:57:58.862606969 +0100
|
|
||||||
+++ openssh-6.8p1/kexgexc.c 2015-03-19 13:11:52.320519969 +0100
|
|
||||||
@@ -64,8 +64,27 @@ kexgex_client(struct ssh *ssh)
|
|
||||||
|
|
||||||
kex->min = DH_GRP_MIN;
|
|
||||||
kex->max = DH_GRP_MAX;
|
|
||||||
+
|
|
||||||
+ /* Servers with MAX4096DH need a preferred size (nbits) <= 4096.
|
|
||||||
+ * We need to also ensure that min < nbits < max */
|
|
||||||
+
|
|
||||||
+ if (datafellows & SSH_BUG_MAX4096DH) {
|
|
||||||
+ /* The largest min for these servers is 4096 */
|
|
||||||
+ kex->min = MIN(kex->min, 4096);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
kex->nbits = nbits;
|
|
||||||
- if (ssh->compat & SSH_OLD_DHGEX) {
|
|
||||||
+ kex->nbits = MIN(nbits, kex->max);
|
|
||||||
+ kex->nbits = MAX(nbits, kex->min);
|
|
||||||
+
|
|
||||||
+ if (ssh->compat & SSH_BUG_MAX4096DH) {
|
|
||||||
+ /* Cannot have a nbits > 4096 for these servers */
|
|
||||||
+ kex->nbits = MIN(kex->nbits, 4096);
|
|
||||||
+ /* nbits has to be powers of two */
|
|
||||||
+ if (kex->nbits == 3072)
|
|
||||||
+ kex->nbits = 4096;
|
|
||||||
+ }
|
|
||||||
+ if (ssh->compat & SSH_OLD_DHGEX) { /* Old GEX request */
|
|
||||||
/* Old GEX request */
|
|
||||||
if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_REQUEST_OLD))
|
|
||||||
!= 0 ||
|
|
||||||
@ -193,8 +193,6 @@ Patch901: openssh-6.6p1-kuserok.patch
|
|||||||
Patch906: openssh-6.4p1-fromto-remote.patch
|
Patch906: openssh-6.4p1-fromto-remote.patch
|
||||||
# privsep_preauth: use SELinux context from selinux-policy (#1008580)
|
# privsep_preauth: use SELinux context from selinux-policy (#1008580)
|
||||||
Patch916: openssh-6.6.1p1-selinux-contexts.patch
|
Patch916: openssh-6.6.1p1-selinux-contexts.patch
|
||||||
# use different values for DH for Cisco servers (#1026430)
|
|
||||||
Patch917: openssh-6.6.1p1-cisco-dh-keys.patch
|
|
||||||
# log via monitor in chroots without /dev/log (#2681)
|
# log via monitor in chroots without /dev/log (#2681)
|
||||||
Patch918: openssh-6.6.1p1-log-in-chroot.patch
|
Patch918: openssh-6.6.1p1-log-in-chroot.patch
|
||||||
# scp file into non-existing directory (#1142223)
|
# scp file into non-existing directory (#1142223)
|
||||||
@ -428,7 +426,6 @@ popd
|
|||||||
%patch901 -p1 -b .kuserok
|
%patch901 -p1 -b .kuserok
|
||||||
%patch906 -p1 -b .fromto-remote
|
%patch906 -p1 -b .fromto-remote
|
||||||
%patch916 -p1 -b .contexts
|
%patch916 -p1 -b .contexts
|
||||||
#%patch917 -p1 -b .cisco-dh # investigate
|
|
||||||
%patch918 -p1 -b .log-in-chroot
|
%patch918 -p1 -b .log-in-chroot
|
||||||
%patch919 -p1 -b .scp
|
%patch919 -p1 -b .scp
|
||||||
%patch920 -p1 -b .config
|
%patch920 -p1 -b .config
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user