From deb1e497fe65e4952478e5fd0705290ac740f9de Mon Sep 17 00:00:00 2001
From: Nalin Dahyabhai <nalin@fedoraproject.org>
Date: Mon, 13 Sep 2004 19:39:41 +0000
Subject: [PATCH] - switch to a modified tarball, as we did for OpenSSL, for
 removing ACSS     support

---
 .cvsignore          |  1 +
 openssh-nukeacss.sh | 28 ++++++++++++++++++++++++++++
 openssh.spec        |  9 +++++++--
 sources             |  2 +-
 4 files changed, 37 insertions(+), 3 deletions(-)
 create mode 100755 openssh-nukeacss.sh

diff --git a/.cvsignore b/.cvsignore
index 1e69018..8b56f80 100644
--- a/.cvsignore
+++ b/.cvsignore
@@ -1,2 +1,3 @@
 openssh-3.9p1.tar.gz
 x11-ssh-askpass-1.2.4.1.tar.gz
+openssh-3.9p1-noacss.tar.gz
diff --git a/openssh-nukeacss.sh b/openssh-nukeacss.sh
new file mode 100755
index 0000000..e07b0f6
--- /dev/null
+++ b/openssh-nukeacss.sh
@@ -0,0 +1,28 @@
+#!/bin/sh
+#
+#  Remove the ACSS implementation from OpenSSH, and disable its use so that the
+#  rest of the package can still be built.
+#
+> acss.c
+patch -sp1 << EOF
+--- openssh/cipher.c
++++ openssh/cipher.c
+@@ -53,6 +53,7 @@
+ extern void ssh_rijndael_iv(EVP_CIPHER_CTX *, int, u_char *, u_int);
+ #endif
+ 
++#if 0
+ #if !defined(EVP_CTRL_SET_ACSS_MODE)
+ # if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
+ extern const EVP_CIPHER *evp_acss(void);
+@@ -62,6 +63,9 @@
+ #  define EVP_acss NULL /* Don't try to support ACSS on older OpenSSL */
+ # endif /* (OPENSSL_VERSION_NUMBER >= 0x00906000L) */
+ #endif /* !defined(EVP_CTRL_SET_ACSS_MODE) */
++#else
++#define EVP_acss NULL
++#endif /* 0 */
+ 
+ extern const EVP_CIPHER *evp_ssh1_bf(void);
+ extern const EVP_CIPHER *evp_ssh1_3des(void);
+EOF
diff --git a/openssh.spec b/openssh.spec
index dec571f..5ad96f6 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -86,8 +86,10 @@ Release: %{rel}rescue
 Release: %{rel}
 %endif
 URL: http://www.openssh.com/portable.html
-Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
-Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.sig
+#Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
+#Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.sig
+Source0: openssh-%{version}-noacss.tar.gz
+Source1: openssh-nukeacss.sh
 Source2: http://www.pobox.com/~jmknoble/software/x11-ssh-askpass/x11-ssh-askpass-%{aversion}.tar.gz
 Patch0: openssh-3.9p1-redhat.patch
 Patch1: openssh-3.6.1p2-groups.patch
@@ -491,6 +493,9 @@ fi
 %endif
 
 %changelog
+* Mon Sep 13 2004 Nalin Dahyabhai <nalin@redhat.com>
+- disable ACSS support
+
 * Thu Sep 2 2004 Daniel Walsh <dwalsh@redhat.com> 3.9p1-5
 - Change selinux patch to use get_default_context_with_role in libselinux.
 
diff --git a/sources b/sources
index e87b0f7..5dd6396 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-8e1774d0b52aff08f817f3987442a16e  openssh-3.9p1.tar.gz
 8f2e41f3f7eaa8543a2440454637f3c3  x11-ssh-askpass-1.2.4.1.tar.gz
+9b010148cd1afbee4ab35ce42d0cf340  openssh-3.9p1-noacss.tar.gz