From a93c98bb95d9b2fecfaec7c6347c57bf90e51c31 Mon Sep 17 00:00:00 2001
From: Gustavo Zacarias <gustavo@zacarias.com.ar>
Date: Sun, 2 Feb 2014 23:01:28 -0300
Subject: openssh: bump to version 6.5p1

Convert the ever growing drop-SUSv3-legacy patch to a sed expression.
Modify the initscript to create ed25519 server key.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
 package/openssh/S50sshd                            |   9 +-
 package/openssh/openssh-01-drop-SUSv3-legacy.patch | 579 ---------------------
 .../openssh-01-fix-pam-uclibc-pthreads-clash.patch |  44 ++
 .../openssh-02-fix-pam-uclibc-pthreads-clash.patch |  44 --
 package/openssh/openssh.mk                         |  12 +-
 5 files changed, 62 insertions(+), 626 deletions(-)
 delete mode 100644 package/openssh/openssh-01-drop-SUSv3-legacy.patch
 create mode 100644 package/openssh/openssh-01-fix-pam-uclibc-pthreads-clash.patch
 delete mode 100644 package/openssh/openssh-02-fix-pam-uclibc-pthreads-clash.patch

(limited to 'package/openssh')

diff --git a/package/openssh/S50sshd b/package/openssh/S50sshd
index b65b3c8a70..d3abf7c8ea 100644
--- a/package/openssh/S50sshd
+++ b/package/openssh/S50sshd
@@ -21,7 +21,6 @@ fi
 # Check for the SSH2 DSA key
 if [ ! -f /etc/ssh_host_dsa_key ] ; then
 	echo Generating DSA Key...
-	echo THIS CAN TAKE A MINUTE OR TWO DEPENDING ON YOUR PROCESSOR!
 	echo
 	/usr/bin/ssh-keygen -t dsa -f /etc/ssh_host_dsa_key -C '' -N ''
 fi
@@ -29,11 +28,17 @@ fi
 # Check for the SSH2 ECDSA key
 if [ ! -f /etc/ssh_host_ecdsa_key ]; then
 	echo Generating ECDSA Key...
-	echo THIS CAN TAKE A MINUTE OR TWO DEPENDING ON YOUR PROCESSOR!
 	echo
 	/usr/bin/ssh-keygen -t ecdsa -f /etc/ssh_host_ecdsa_key -C '' -N ''
 fi
 
+# Check for the ed25519 key
+if [ ! -f /etc/ssh_host_ed25519_key ]; then
+	echo Generating ed25519 Key...
+	echo
+	/usr/bin/ssh-keygen -t ed25519 -f /etc/ssh_host_ed25519_key -C '' -N ''
+fi
+
 umask 077
 
 start() {
diff --git a/package/openssh/openssh-01-drop-SUSv3-legacy.patch b/package/openssh/openssh-01-drop-SUSv3-legacy.patch
deleted file mode 100644
index 39a63e4c56..0000000000
--- a/package/openssh/openssh-01-drop-SUSv3-legacy.patch
+++ /dev/null
@@ -1,579 +0,0 @@
-Switch usage of SUSv3-deprecated bzero(a,b) to memset(a, 0, b).
-
-Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
-
-diff -Nura openssh-6.3p1.orig/auth2-chall.c openssh-6.3p1/auth2-chall.c
---- openssh-6.3p1.orig/auth2-chall.c	2013-06-01 18:31:18.000000000 -0300
-+++ openssh-6.3p1/auth2-chall.c	2013-10-22 09:47:38.665516102 -0300
-@@ -148,7 +148,7 @@
- 	if (kbdintctxt->device)
- 		kbdint_reset_device(kbdintctxt);
- 	free(kbdintctxt->devices);
--	bzero(kbdintctxt, sizeof(*kbdintctxt));
-+	memset(kbdintctxt, 0, sizeof(*kbdintctxt));
- 	free(kbdintctxt);
- }
- /* get next device */
-diff -Nura openssh-6.3p1.orig/auth2-jpake.c openssh-6.3p1/auth2-jpake.c
---- openssh-6.3p1.orig/auth2-jpake.c	2013-06-01 18:31:18.000000000 -0300
-+++ openssh-6.3p1/auth2-jpake.c	2013-10-22 09:43:32.504472356 -0300
-@@ -178,7 +178,7 @@
- 		fatal("%s: not enough bytes for rawsalt (want %u have %u)",
- 		    __func__, len, digest_len);
- 	memcpy(rawsalt, digest, len);
--	bzero(digest, digest_len);
-+	memset(digest, 0, digest_len);
- 	free(digest);
- }
- 
-@@ -203,10 +203,10 @@
- 		fatal("%s: want %u", __func__, want);
- 
- 	derive_rawsalt(user, rawsalt, sizeof(rawsalt));
--	bzero(ret, sizeof(ret));
-+	memset(ret, 0, sizeof(ret));
- 	for (i = 0; i < want; i++)
- 		ret[i] = pw_encode64(rawsalt[i]);
--	bzero(rawsalt, sizeof(rawsalt));
-+	memset(rawsalt, 0, sizeof(rawsalt));
- 
- 	return ret;
- }
-@@ -360,7 +360,7 @@
- 	debug3("%s: scheme = %s", __func__, *hash_scheme);
- 	JPAKE_DEBUG_BN((*s, "%s: s = ", __func__));
- #endif
--	bzero(secret, secret_len);
-+	memset(secret, 0, secret_len);
- 	free(secret);
- }
- 
-@@ -401,12 +401,12 @@
- 	packet_send();
- 	packet_write_wait();
- 
--	bzero(hash_scheme, strlen(hash_scheme));
--	bzero(salt, strlen(salt));
-+	memset(hash_scheme, 0, strlen(hash_scheme));
-+	memset(salt, 0, strlen(salt));
- 	free(hash_scheme);
- 	free(salt);
--	bzero(x3_proof, x3_proof_len);
--	bzero(x4_proof, x4_proof_len);
-+	memset(x3_proof, 0, x3_proof_len);
-+	memset(x4_proof, 0, x4_proof_len);
- 	free(x3_proof);
- 	free(x4_proof);
- 
-@@ -453,8 +453,8 @@
- 	    &pctx->b,
- 	    &x4_s_proof, &x4_s_proof_len));
- 
--	bzero(x1_proof, x1_proof_len);
--	bzero(x2_proof, x2_proof_len);
-+	memset(x1_proof, 0, x1_proof_len);
-+	memset(x2_proof, 0, x2_proof_len);
- 	free(x1_proof);
- 	free(x2_proof);
- 
-@@ -468,7 +468,7 @@
- 	packet_send();
- 	packet_write_wait();
- 
--	bzero(x4_s_proof, x4_s_proof_len);
-+	memset(x4_s_proof, 0, x4_s_proof_len);
- 	free(x4_s_proof);
- 
- 	/* Expect step 2 packet from peer */
-@@ -509,7 +509,7 @@
- 	    &pctx->k,
- 	    &pctx->h_k_sid_sessid, &pctx->h_k_sid_sessid_len));
- 
--	bzero(x2_s_proof, x2_s_proof_len);
-+	memset(x2_s_proof, 0, x2_s_proof_len);
- 	free(x2_s_proof);
- 
- 	if (!use_privsep)
-diff -Nura openssh-6.3p1.orig/authfd.c openssh-6.3p1/authfd.c
---- openssh-6.3p1.orig/authfd.c	2013-06-01 18:31:18.000000000 -0300
-+++ openssh-6.3p1/authfd.c	2013-10-22 09:47:48.208827946 -0300
-@@ -102,7 +102,7 @@
- 	if (!authsocket)
- 		return -1;
- 
--	bzero(&sunaddr, sizeof(sunaddr));
-+	memset(&sunaddr, 0, sizeof(sunaddr));
- 	sunaddr.sun_family = AF_UNIX;
- 	strlcpy(sunaddr.sun_path, authsocket, sizeof(sunaddr.sun_path));
- 
-diff -Nura openssh-6.3p1.orig/authfile.c openssh-6.3p1/authfile.c
---- openssh-6.3p1.orig/authfile.c	2013-06-01 18:31:18.000000000 -0300
-+++ openssh-6.3p1/authfile.c	2013-10-22 09:47:08.538531649 -0300
-@@ -349,17 +349,17 @@
- 			    __func__, filename == NULL ? "" : filename,
- 			    filename == NULL ? "" : " ", strerror(errno));
- 			buffer_clear(blob);
--			bzero(buf, sizeof(buf));
-+			memset(buf, 0, sizeof(buf));
- 			return 0;
- 		}
- 		buffer_append(blob, buf, len);
- 		if (buffer_len(blob) > MAX_KEY_FILE_SIZE) {
- 			buffer_clear(blob);
--			bzero(buf, sizeof(buf));
-+			memset(buf, 0, sizeof(buf));
- 			goto toobig;
- 		}
- 	}
--	bzero(buf, sizeof(buf));
-+	memset(buf, 0, sizeof(buf));
- 	if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 &&
- 	    st.st_size != buffer_len(blob)) {
- 		debug("%s: key file %.200s%schanged size while reading",
-diff -Nura openssh-6.3p1.orig/bufaux.c openssh-6.3p1/bufaux.c
---- openssh-6.3p1.orig/bufaux.c	2013-07-18 03:12:44.000000000 -0300
-+++ openssh-6.3p1/bufaux.c	2013-10-22 09:47:56.220089728 -0300
-@@ -215,7 +215,7 @@
- 		if (cp == ret + length - 1)
- 			error("buffer_get_cstring_ret: string contains \\0");
- 		else {
--			bzero(ret, length);
-+			memset(ret, 0, length);
- 			free(ret);
- 			return NULL;
- 		}
-diff -Nura openssh-6.3p1.orig/bufec.c openssh-6.3p1/bufec.c
---- openssh-6.3p1.orig/bufec.c	2013-06-01 18:31:18.000000000 -0300
-+++ openssh-6.3p1/bufec.c	2013-10-22 09:48:07.798468072 -0300
-@@ -77,7 +77,7 @@
- 	ret = 0;
-  out:
- 	if (buf != NULL) {
--		bzero(buf, len);
-+		memset(buf, 0, len);
- 		free(buf);
- 	}
- 	BN_CTX_free(bnctx);
-@@ -130,7 +130,7 @@
- 	ret = 0;
-  out:
- 	BN_CTX_free(bnctx);
--	bzero(buf, len);
-+	memset(buf, 0, len);
- 	free(buf);
- 	return ret;
- }
-diff -Nura openssh-6.3p1.orig/canohost.c openssh-6.3p1/canohost.c
---- openssh-6.3p1.orig/canohost.c	2013-06-01 18:31:18.000000000 -0300
-+++ openssh-6.3p1/canohost.c	2013-10-22 09:48:16.484751912 -0300
-@@ -199,7 +199,7 @@
- 	memcpy(&inaddr, ((char *)&a6->sin6_addr) + 12, sizeof(inaddr));
- 	port = a6->sin6_port;
- 
--	bzero(a4, sizeof(*a4));
-+	memset(a4, 0, sizeof(*a4));
- 
- 	a4->sin_family = AF_INET;
- 	*len = sizeof(*a4);
-diff -Nura openssh-6.3p1.orig/channels.c openssh-6.3p1/channels.c
---- openssh-6.3p1.orig/channels.c	2013-09-13 03:19:31.000000000 -0300
-+++ openssh-6.3p1/channels.c	2013-10-22 09:50:37.059773902 -0300
-@@ -423,7 +423,7 @@
- 		if (cc->abandon_cb != NULL)
- 			cc->abandon_cb(c, cc->ctx);
- 		TAILQ_REMOVE(&c->status_confirms, cc, entry);
--		bzero(cc, sizeof(*cc));
-+		memset(cc, 0, sizeof(*cc));
- 		free(cc);
- 	}
- 	if (c->filter_cleanup != NULL && c->filter_ctx != NULL)
-@@ -2668,7 +2668,7 @@
- 		return;
- 	cc->cb(type, c, cc->ctx);
- 	TAILQ_REMOVE(&c->status_confirms, cc, entry);
--	bzero(cc, sizeof(*cc));
-+	memset(cc, 0, sizeof(*cc));
- 	free(cc);
- }
- 
-@@ -3289,7 +3289,7 @@
- 	free(cctx->host);
- 	if (cctx->aitop)
- 		freeaddrinfo(cctx->aitop);
--	bzero(cctx, sizeof(*cctx));
-+	memset(cctx, 0, sizeof(*cctx));
- 	cctx->host = NULL;
- 	cctx->ai = cctx->aitop = NULL;
- }
-diff -Nura openssh-6.3p1.orig/clientloop.c openssh-6.3p1/clientloop.c
---- openssh-6.3p1.orig/clientloop.c	2013-06-10 00:07:12.000000000 -0300
-+++ openssh-6.3p1/clientloop.c	2013-10-22 09:50:20.361228247 -0300
-@@ -549,7 +549,7 @@
- 		gc->cb(type, seq, gc->ctx);
- 	if (--gc->ref_count <= 0) {
- 		TAILQ_REMOVE(&global_confirms, gc, entry);
--		bzero(gc, sizeof(*gc));
-+		memset(gc, 0, sizeof(*gc));
- 		free(gc);
- 	}
- 
-@@ -876,7 +876,7 @@
- 	int cancel_port, ok;
- 	Forward fwd;
- 
--	bzero(&fwd, sizeof(fwd));
-+	memset(&fwd, 0, sizeof(fwd));
- 	fwd.listen_host = fwd.connect_host = NULL;
- 
- 	leave_raw_mode(options.request_tty == REQUEST_TTY_FORCE);
-diff -Nura openssh-6.3p1.orig/hostfile.c openssh-6.3p1/hostfile.c
---- openssh-6.3p1.orig/hostfile.c	2013-07-18 03:12:45.000000000 -0300
-+++ openssh-6.3p1/hostfile.c	2013-10-22 09:50:06.438773307 -0300
-@@ -333,10 +333,10 @@
- 		free(hostkeys->entries[i].host);
- 		free(hostkeys->entries[i].file);
- 		key_free(hostkeys->entries[i].key);
--		bzero(hostkeys->entries + i, sizeof(*hostkeys->entries));
-+		memset(hostkeys->entries + i, 0, sizeof(*hostkeys->entries));
- 	}
- 	free(hostkeys->entries);
--	bzero(hostkeys, sizeof(*hostkeys));
-+	memset(hostkeys, 0, sizeof(*hostkeys));
- 	free(hostkeys);
- }
- 
-diff -Nura openssh-6.3p1.orig/jpake.c openssh-6.3p1/jpake.c
---- openssh-6.3p1.orig/jpake.c	2013-06-01 18:31:18.000000000 -0300
-+++ openssh-6.3p1/jpake.c	2013-10-22 09:49:54.371378983 -0300
-@@ -105,7 +105,7 @@
- #define JPAKE_BUF_CLEAR_FREE(v, l)		\
- 	do {					\
- 		if ((v) != NULL) {		\
--			bzero((v), (l));	\
-+			memset((v), 0, (l));	\
- 			free(v);		\
- 			(v) = NULL;		\
- 			(l) = 0;		\
-@@ -133,7 +133,7 @@
- #undef JPAKE_BN_CLEAR_FREE
- #undef JPAKE_BUF_CLEAR_FREE
- 
--	bzero(pctx, sizeof(*pctx));
-+	memset(pctx, 0, sizeof(*pctx));
- 	free(pctx);
- }
- 
-@@ -444,7 +444,7 @@
- 	else if (timingsafe_bcmp(peer_confirm_hash, expected_confirm_hash,
- 	    expected_confirm_hash_len) == 0)
- 		success = 1;
--	bzero(expected_confirm_hash, expected_confirm_hash_len);
-+	memset(expected_confirm_hash, 0, expected_confirm_hash_len);
- 	free(expected_confirm_hash);
- 	debug3("%s: success = %d", __func__, success);
- 	return success;
-diff -Nura openssh-6.3p1.orig/krl.c openssh-6.3p1/krl.c
---- openssh-6.3p1.orig/krl.c	2013-07-24 22:52:49.000000000 -0300
-+++ openssh-6.3p1/krl.c	2013-10-22 09:49:27.731508478 -0300
-@@ -238,7 +238,7 @@
- 	struct revoked_serial rs, *ers, *crs, *irs;
- 
- 	KRL_DBG(("%s: insert %llu:%llu", __func__, lo, hi));
--	bzero(&rs, sizeof(rs));
-+	memset(&rs, 0, sizeof(rs));
- 	rs.lo = lo;
- 	rs.hi = hi;
- 	ers = RB_NFIND(revoked_serial_tree, rt, &rs);
-@@ -1115,7 +1115,7 @@
- 	struct revoked_certs *rc;
- 
- 	/* Check explicitly revoked hashes first */
--	bzero(&rb, sizeof(rb));
-+	memset(&rb, 0, sizeof(rb));
- 	if ((rb.blob = key_fingerprint_raw(key, SSH_FP_SHA1, &rb.len)) == NULL)
- 		return -1;
- 	erb = RB_FIND(revoked_blob_tree, &krl->revoked_sha1s, &rb);
-@@ -1126,7 +1126,7 @@
- 	}
- 
- 	/* Next, explicit keys */
--	bzero(&rb, sizeof(rb));
-+	memset(&rb, 0, sizeof(rb));
- 	if (plain_key_blob(key, &rb.blob, &rb.len) != 0)
- 		return -1;
- 	erb = RB_FIND(revoked_blob_tree, &krl->revoked_keys, &rb);
-@@ -1147,7 +1147,7 @@
- 		return 0; /* No entry for this CA */
- 
- 	/* Check revocation by cert key ID */
--	bzero(&rki, sizeof(rki));
-+	memset(&rki, 0, sizeof(rki));
- 	rki.key_id = key->cert->key_id;
- 	erki = RB_FIND(revoked_key_id_tree, &rc->revoked_key_ids, &rki);
- 	if (erki != NULL) {
-@@ -1162,7 +1162,7 @@
- 	if (key_cert_is_legacy(key) || key->cert->serial == 0)
- 		return 0;
- 
--	bzero(&rs, sizeof(rs));
-+	memset(&rs, 0, sizeof(rs));
- 	rs.lo = rs.hi = key->cert->serial;
- 	ers = RB_FIND(revoked_serial_tree, &rc->revoked_serials, &rs);
- 	if (ers != NULL) {
-diff -Nura openssh-6.3p1.orig/monitor.c openssh-6.3p1/monitor.c
---- openssh-6.3p1.orig/monitor.c	2013-07-20 00:21:53.000000000 -0300
-+++ openssh-6.3p1/monitor.c	2013-10-22 09:46:48.592879890 -0300
-@@ -566,7 +566,7 @@
- 	struct pollfd pfd[2];
- 
- 	for (;;) {
--		bzero(&pfd, sizeof(pfd));
-+		memset(&pfd, 0, sizeof(pfd));
- 		pfd[0].fd = pmonitor->m_sendfd;
- 		pfd[0].events = POLLIN;
- 		pfd[1].fd = pmonitor->m_log_recvfd;
-@@ -2193,8 +2193,8 @@
- 	debug3("%s: sending step1", __func__);
- 	mm_request_send(sock, MONITOR_ANS_JPAKE_STEP1, m);
- 
--	bzero(x3_proof, x3_proof_len);
--	bzero(x4_proof, x4_proof_len);
-+	memset(x3_proof, 0, x3_proof_len);
-+	memset(x4_proof, 0, x4_proof_len);
- 	free(x3_proof);
- 	free(x4_proof);
- 
-@@ -2223,8 +2223,8 @@
- 	debug3("%s: sending pwdata", __func__);
- 	mm_request_send(sock, MONITOR_ANS_JPAKE_GET_PWDATA, m);
- 
--	bzero(hash_scheme, strlen(hash_scheme));
--	bzero(salt, strlen(salt));
-+	memset(hash_scheme, 0, strlen(hash_scheme));
-+	memset(salt, 0, strlen(salt));
- 	free(hash_scheme);
- 	free(salt);
- 
-@@ -2263,8 +2263,8 @@
- 
- 	JPAKE_DEBUG_CTX((pctx, "step2 done in %s", __func__));
- 
--	bzero(x1_proof, x1_proof_len);
--	bzero(x2_proof, x2_proof_len);
-+	memset(x1_proof, 0, x1_proof_len);
-+	memset(x2_proof, 0, x2_proof_len);
- 	free(x1_proof);
- 	free(x2_proof);
- 
-@@ -2276,7 +2276,7 @@
- 	debug3("%s: sending step2", __func__);
- 	mm_request_send(sock, MONITOR_ANS_JPAKE_STEP2, m);
- 
--	bzero(x4_s_proof, x4_s_proof_len);
-+	memset(x4_s_proof, 0, x4_s_proof_len);
- 	free(x4_s_proof);
- 
- 	monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_KEY_CONFIRM, 1);
-@@ -2310,7 +2310,7 @@
- 
- 	JPAKE_DEBUG_CTX((pctx, "key_confirm done in %s", __func__));
- 
--	bzero(x2_s_proof, x2_s_proof_len);
-+	memset(x2_s_proof, 0, x2_s_proof_len);
- 	buffer_clear(m);
- 
- 	/* pctx->k is sensitive, not sent */
-@@ -2344,7 +2344,7 @@
- 
- 	JPAKE_DEBUG_CTX((pctx, "check_confirm done in %s", __func__));
- 
--	bzero(peer_confirm_hash, peer_confirm_hash_len);
-+	memset(peer_confirm_hash, 0, peer_confirm_hash_len);
- 	free(peer_confirm_hash);
- 
- 	buffer_clear(m);
-diff -Nura openssh-6.3p1.orig/sandbox-systrace.c openssh-6.3p1/sandbox-systrace.c
---- openssh-6.3p1.orig/sandbox-systrace.c	2013-06-01 18:46:17.000000000 -0300
-+++ openssh-6.3p1/sandbox-systrace.c	2013-10-22 09:49:02.048669246 -0300
-@@ -141,7 +141,7 @@
- 		    box->systrace_fd, child_pid, strerror(errno));
- 
- 	/* Allocate and assign policy */
--	bzero(&policy, sizeof(policy));
-+	memset(&policy, 0, sizeof(policy));
- 	policy.strp_op = SYSTR_POLICY_NEW;
- 	policy.strp_maxents = SYS_MAXSYSCALL;
- 	if (ioctl(box->systrace_fd, STRIOCPOLICY, &policy) == -1)
-diff -Nura openssh-6.3p1.orig/schnorr.c openssh-6.3p1/schnorr.c
---- openssh-6.3p1.orig/schnorr.c	2013-06-01 18:31:19.000000000 -0300
-+++ openssh-6.3p1/schnorr.c	2013-10-22 09:47:27.631155534 -0300
-@@ -101,7 +101,7 @@
- 	SCHNORR_DEBUG_BN((h, "%s: h = ", __func__));
-  out:
- 	buffer_free(&b);
--	bzero(digest, digest_len);
-+	memset(digest, 0, digest_len);
- 	free(digest);
- 	digest_len = 0;
- 	if (success == 0)
-@@ -477,7 +477,7 @@
- 	success = 0;
-  out:
- 	EVP_MD_CTX_cleanup(&evp_md_ctx);
--	bzero(digest, sizeof(digest));
-+	memset(digest, 0, sizeof(digest));
- 	digest_len = 0;
- 	return success;
- }
-@@ -572,7 +572,7 @@
- 		BN_clear_free(grp->p);
- 	if (grp->q != NULL)
- 		BN_clear_free(grp->q);
--	bzero(grp, sizeof(*grp));
-+	memset(grp, 0, sizeof(*grp));
- 	free(grp);
- }
- 
-diff -Nura openssh-6.3p1.orig/session.c openssh-6.3p1/session.c
---- openssh-6.3p1.orig/session.c	2013-07-20 00:21:53.000000000 -0300
-+++ openssh-6.3p1/session.c	2013-10-22 09:49:35.085748791 -0300
-@@ -1861,7 +1861,7 @@
- 		fatal("%s: insane session id %d (max %d nalloc %d)",
- 		    __func__, id, options.max_sessions, sessions_nalloc);
- 	}
--	bzero(&sessions[id], sizeof(*sessions));
-+	memset(&sessions[id], 0, sizeof(*sessions));
- 	sessions[id].self = id;
- 	sessions[id].used = 0;
- 	sessions[id].chanid = -1;
-diff -Nura openssh-6.3p1.orig/sftp-client.c openssh-6.3p1/sftp-client.c
---- openssh-6.3p1.orig/sftp-client.c	2013-07-25 19:40:00.000000000 -0300
-+++ openssh-6.3p1/sftp-client.c	2013-10-22 09:48:47.139753618 -0300
-@@ -308,7 +308,7 @@
- 		    SSH2_FXP_EXTENDED_REPLY, type);
- 	}
- 
--	bzero(st, sizeof(*st));
-+	memset(st, 0, sizeof(*st));
- 	st->f_bsize = buffer_get_int64(&msg);
- 	st->f_frsize = buffer_get_int64(&msg);
- 	st->f_blocks = buffer_get_int64(&msg);
-diff -Nura openssh-6.3p1.orig/ssh.c openssh-6.3p1/ssh.c
---- openssh-6.3p1.orig/ssh.c	2013-07-24 22:55:53.000000000 -0300
-+++ openssh-6.3p1/ssh.c	2013-10-22 09:45:52.967062218 -0300
-@@ -1539,8 +1539,8 @@
- #endif /* PKCS11 */
- 
- 	n_ids = 0;
--	bzero(identity_files, sizeof(identity_files));
--	bzero(identity_keys, sizeof(identity_keys));
-+	memset(identity_files, 0, sizeof(identity_files));
-+	memset(identity_keys, 0, sizeof(identity_keys));
- 
- #ifdef ENABLE_PKCS11
- 	if (options.pkcs11_provider != NULL &&
-@@ -1615,9 +1615,9 @@
- 	memcpy(options.identity_files, identity_files, sizeof(identity_files));
- 	memcpy(options.identity_keys, identity_keys, sizeof(identity_keys));
- 
--	bzero(pwname, strlen(pwname));
-+	memset(pwname, 0, strlen(pwname));
- 	free(pwname);
--	bzero(pwdir, strlen(pwdir));
-+	memset(pwdir, 0, strlen(pwdir));
- 	free(pwdir);
- }
- 
-diff -Nura openssh-6.3p1.orig/sshconnect2.c openssh-6.3p1/sshconnect2.c
---- openssh-6.3p1.orig/sshconnect2.c	2013-06-05 19:22:05.000000000 -0300
-+++ openssh-6.3p1/sshconnect2.c	2013-10-22 09:44:58.967297681 -0300
-@@ -1008,14 +1008,14 @@
- 	    &secret, &secret_len) != 0)
- 		fatal("%s: hash_buffer", __func__);
- 
--	bzero(password, strlen(password));
--	bzero(crypted, strlen(crypted));
-+	memset(password, 0, strlen(password));
-+	memset(crypted, 0, strlen(crypted));
- 	free(password);
- 	free(crypted);
- 
- 	if ((ret = BN_bin2bn(secret, secret_len, NULL)) == NULL)
- 		fatal("%s: BN_bin2bn (secret)", __func__);
--	bzero(secret, secret_len);
-+	memset(secret, 0, secret_len);
- 	free(secret);
- 
- 	return ret;
-@@ -1052,8 +1052,8 @@
- 
- 	/* Obtain password and derive secret */
- 	pctx->s = jpake_password_to_secret(authctxt, crypt_scheme, salt);
--	bzero(crypt_scheme, strlen(crypt_scheme));
--	bzero(salt, strlen(salt));
-+	memset(crypt_scheme, 0, strlen(crypt_scheme));
-+	memset(salt, 0, strlen(salt));
- 	free(crypt_scheme);
- 	free(salt);
- 	JPAKE_DEBUG_BN((pctx->s, "%s: s = ", __func__));
-@@ -1068,8 +1068,8 @@
- 	    &pctx->a,
- 	    &x2_s_proof, &x2_s_proof_len);
- 
--	bzero(x3_proof, x3_proof_len);
--	bzero(x4_proof, x4_proof_len);
-+	memset(x3_proof, 0, x3_proof_len);
-+	memset(x4_proof, 0, x4_proof_len);
- 	free(x3_proof);
- 	free(x4_proof);
- 
-@@ -1081,7 +1081,7 @@
- 	packet_put_string(x2_s_proof, x2_s_proof_len);
- 	packet_send();
- 
--	bzero(x2_s_proof, x2_s_proof_len);
-+	memset(x2_s_proof, 0, x2_s_proof_len);
- 	free(x2_s_proof);
- 
- 	/* Expect step 2 packet from peer */
-@@ -1121,7 +1121,7 @@
- 	    &pctx->k,
- 	    &pctx->h_k_cid_sessid, &pctx->h_k_cid_sessid_len);
- 
--	bzero(x4_s_proof, x4_s_proof_len);
-+	memset(x4_s_proof, 0, x4_s_proof_len);
- 	free(x4_s_proof);
- 
- 	JPAKE_DEBUG_CTX((pctx, "confirm sending in %s", __func__));
-@@ -1406,7 +1406,7 @@
- 		/* If IdentitiesOnly set and key not found then don't use it */
- 		if (!found && options.identities_only) {
- 			TAILQ_REMOVE(&files, id, next);
--			bzero(id, sizeof(*id));
-+			memset(id, 0, sizeof(*id));
- 			free(id);
- 		}
- 	}
-@@ -1814,8 +1814,8 @@
- 	packet_put_string(x2_proof, x2_proof_len);
- 	packet_send();
- 
--	bzero(x1_proof, x1_proof_len);
--	bzero(x2_proof, x2_proof_len);
-+	memset(x1_proof, 0, x1_proof_len);
-+	memset(x2_proof, 0, x2_proof_len);
- 	free(x1_proof);
- 	free(x2_proof);
- 
-diff -Nura openssh-6.3p1.orig/ssh-keygen.c openssh-6.3p1/ssh-keygen.c
---- openssh-6.3p1.orig/ssh-keygen.c	2013-07-20 00:22:32.000000000 -0300
-+++ openssh-6.3p1/ssh-keygen.c	2013-10-22 09:45:10.003658313 -0300
-@@ -1693,7 +1693,7 @@
- 		fatal("Invalid certificate time format %s", s);
- 	}
- 
--	bzero(&tm, sizeof(tm));
-+	memset(&tm, 0, sizeof(tm));
- 	if (strptime(buf, fmt, &tm) == NULL)
- 		fatal("Invalid certificate time %s", s);
- 	if ((tt = mktime(&tm)) < 0)
diff --git a/package/openssh/openssh-01-fix-pam-uclibc-pthreads-clash.patch b/package/openssh/openssh-01-fix-pam-uclibc-pthreads-clash.patch
new file mode 100644
index 0000000000..d9bc6e5d0c
--- /dev/null
+++ b/package/openssh/openssh-01-fix-pam-uclibc-pthreads-clash.patch
@@ -0,0 +1,44 @@
+When PAM is enabled, openssh makes its own static versions of pthreads
+functions.  But when built with a uclibc toolchain, pthreads.h gets
+indirectly included.  The clashing exported and static definitions of
+the pthreads functions then cause a compile error.  This patch fixes
+the problem by changing the static pthread function names with macros
+when the static functions are defined.
+
+Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
+
+diff -urN openssh-6.1p1.orig/auth-pam.c openssh-6.1p1/auth-pam.c
+--- openssh-6.1p1.orig/auth-pam.c	2009-07-12 08:07:21.000000000 -0400
++++ openssh-6.1p1/auth-pam.c	2012-09-15 19:49:47.677288199 -0400
+@@ -166,6 +166,7 @@
+ 		sigdie("PAM: authentication thread exited uncleanly");
+ }
+ 
++#define pthread_exit pthread_exit_AVOID_UCLIBC_PTHREAD_CLASH
+ /* ARGSUSED */
+ static void
+ pthread_exit(void *value)
+@@ -173,6 +174,7 @@
+ 	_exit(0);
+ }
+ 
++#define pthread_create pthread_create_AVOID_UCLIBC_PTHREAD_CLASH
+ /* ARGSUSED */
+ static int
+ pthread_create(sp_pthread_t *thread, const void *attr,
+@@ -200,6 +202,7 @@
+ 	}
+ }
+ 
++#define pthread_cancel pthread_cancel_AVOID_UCLIBC_PTHREAD_CLASH
+ static int
+ pthread_cancel(sp_pthread_t thread)
+ {
+@@ -207,6 +210,7 @@
+ 	return (kill(thread, SIGTERM));
+ }
+ 
++#define pthread_join pthread_join_AVOID_UCLIBC_PTHREAD_CLASH
+ /* ARGSUSED */
+ static int
+ pthread_join(sp_pthread_t thread, void **value)
diff --git a/package/openssh/openssh-02-fix-pam-uclibc-pthreads-clash.patch b/package/openssh/openssh-02-fix-pam-uclibc-pthreads-clash.patch
deleted file mode 100644
index d9bc6e5d0c..0000000000
--- a/package/openssh/openssh-02-fix-pam-uclibc-pthreads-clash.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-When PAM is enabled, openssh makes its own static versions of pthreads
-functions.  But when built with a uclibc toolchain, pthreads.h gets
-indirectly included.  The clashing exported and static definitions of
-the pthreads functions then cause a compile error.  This patch fixes
-the problem by changing the static pthread function names with macros
-when the static functions are defined.
-
-Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
-
-diff -urN openssh-6.1p1.orig/auth-pam.c openssh-6.1p1/auth-pam.c
---- openssh-6.1p1.orig/auth-pam.c	2009-07-12 08:07:21.000000000 -0400
-+++ openssh-6.1p1/auth-pam.c	2012-09-15 19:49:47.677288199 -0400
-@@ -166,6 +166,7 @@
- 		sigdie("PAM: authentication thread exited uncleanly");
- }
- 
-+#define pthread_exit pthread_exit_AVOID_UCLIBC_PTHREAD_CLASH
- /* ARGSUSED */
- static void
- pthread_exit(void *value)
-@@ -173,6 +174,7 @@
- 	_exit(0);
- }
- 
-+#define pthread_create pthread_create_AVOID_UCLIBC_PTHREAD_CLASH
- /* ARGSUSED */
- static int
- pthread_create(sp_pthread_t *thread, const void *attr,
-@@ -200,6 +202,7 @@
- 	}
- }
- 
-+#define pthread_cancel pthread_cancel_AVOID_UCLIBC_PTHREAD_CLASH
- static int
- pthread_cancel(sp_pthread_t thread)
- {
-@@ -207,6 +210,7 @@
- 	return (kill(thread, SIGTERM));
- }
- 
-+#define pthread_join pthread_join_AVOID_UCLIBC_PTHREAD_CLASH
- /* ARGSUSED */
- static int
- pthread_join(sp_pthread_t thread, void **value)
diff --git a/package/openssh/openssh.mk b/package/openssh/openssh.mk
index 60b65af331..f5f334ed0c 100644
--- a/package/openssh/openssh.mk
+++ b/package/openssh/openssh.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-OPENSSH_VERSION = 6.4p1
+OPENSSH_VERSION = 6.5p1
 OPENSSH_SITE = http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable
 OPENSSH_CONF_ENV = LD="$(TARGET_CC)" LDFLAGS="$(TARGET_CFLAGS)"
 OPENSSH_CONF_OPT = --disable-lastlog --disable-utmp \
@@ -30,4 +30,14 @@ define OPENSSH_INSTALL_INIT_SYSV
 		$(TARGET_DIR)/etc/init.d/S50sshd
 endef
 
+# Replace deprecated bcopy/bzero with memset/memcpy
+define OPENSSH_REPLACE_SUSV3_DEPRECATED
+	for src in `find $(@D) -name \*.c`; do \
+		$(SED) "s/bzero(\(.*,\)/memset(\1 0, /" $${src} ;\
+		$(SED) "s/bcopy(\(.*,\) \(.*,\)/memcpy(\2 \1/" $${src} ;\
+	done
+endef
+
+OPENSSH_POST_PATCH_HOOKS += OPENSSH_REPLACE_SUSV3_DEPRECATED
+
 $(eval $(autotools-package))
-- 
cgit v1.2.1