From owner-freebsd-ports-bugs@FreeBSD.ORG Wed Dec 19 11:30:00 2012 Return-Path: Delivered-To: freebsd-ports-bugs@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 8984626C for ; Wed, 19 Dec 2012 11:30:00 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id 5C2238FC12 for ; Wed, 19 Dec 2012 11:30:00 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id qBJBU09H084201 for ; Wed, 19 Dec 2012 11:30:00 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id qBJBU0bk084200; Wed, 19 Dec 2012 11:30:00 GMT (envelope-from gnats) Resent-Date: Wed, 19 Dec 2012 11:30:00 GMT Resent-Message-Id: <201212191130.qBJBU0bk084200@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, oleg Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 45F2B1B7 for ; Wed, 19 Dec 2012 11:21:17 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22]) by mx1.freebsd.org (Postfix) with ESMTP id 2B6A28FC0A for ; Wed, 19 Dec 2012 11:21:17 +0000 (UTC) Received: from red.freebsd.org (localhost [127.0.0.1]) by red.freebsd.org (8.14.5/8.14.5) with ESMTP id qBJBLHIb091431 for ; Wed, 19 Dec 2012 11:21:17 GMT (envelope-from nobody@red.freebsd.org) Received: (from nobody@localhost) by red.freebsd.org (8.14.5/8.14.5/Submit) id qBJBLHJg091428; Wed, 19 Dec 2012 11:21:17 GMT (envelope-from nobody) Message-Id: <201212191121.qBJBLHJg091428@red.freebsd.org> Date: Wed, 19 Dec 2012 11:21:17 GMT From: oleg To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Subject: ports/174570: update security/openssh-portable with new sctp patch X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Dec 2012 11:30:00 -0000 >Number: 174570 >Category: ports >Synopsis: update security/openssh-portable with new sctp patch >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Wed Dec 19 11:30:00 UTC 2012 >Closed-Date: >Last-Modified: >Originator: oleg >Release: >Organization: >Environment: >Description: Update to 5.9p1 with sctp patch but this patches may be broken: openssh-5.8p1-hpn13v11.diff.gz openssh-5.8p1+x509-7.0.diff.gz openssh-5.7p1-gsskex-all-20110125.patch >How-To-Repeat: >Fix: Patch attached with submission follows: diff -ruN --exclude=CVS /usr/ports/security/openssh-portable/Makefile ./Makefile --- /usr/ports/security/openssh-portable/Makefile 2012-12-06 02:36:31.000000000 +0400 +++ ./Makefile 2012-12-19 02:43:02.000000000 +0400 @@ -2,7 +2,7 @@ # $FreeBSD: ports/security/openssh-portable/Makefile,v 1.166 2012/12/05 22:36:31 svnexp Exp $ PORTNAME= openssh -DISTVERSION= 5.8p2 +DISTVERSION= 5.9p1 PORTREVISION= 3 PORTEPOCH= 1 CATEGORIES= security ipv6 @@ -31,12 +31,13 @@ ssh_host_rsa_key ssh_host_rsa_key.pub ssh_host_dsa_key \ ssh_host_dsa_key.pub ETCOLD= ${PREFIX}/etc +USE_AUTOTOOLS= autoconf SUDO?= # empty MAKE_ENV+= SUDO="${SUDO}" OPTIONS_DEFINE= PAM TCP_WRAPPERS LIBEDIT SUID_SSH BSM KERBEROS \ - KERB_GSSAPI OPENSSH_CHROOT HPN LPK X509 FILECONTROL \ + KERB_GSSAPI OPENSSH_CHROOT HPN LPK X509 FILECONTROL SCTP \ OVERWRITE_BASE OPTIONS_DEFAULT= LIBEDIT PAM TCP_WRAPPERS TCP_WRAPPERS_DESC= Enable tcp_wrappers support @@ -49,11 +50,12 @@ X509_DESC= Enable x509 certificate patch FILECONTROL_DESC= Enable file control patch (broken) OVERWRITE_BASE_DESC= OpenSSH overwrite base +SCTP_DESC= SCTP support .include .if ${OSVERSION} >= 900000 -EXTRA_PATCHES= ${FILESDIR}/extra-patch-configure +#EXTRA_PATCHES= ${FILESDIR}/extra-patch-configure .endif .if ${OSVERSION} >= 900007 @@ -152,13 +154,19 @@ EXTRA_PATCHES+= ${FILESDIR}/openssh-${DISTVERSION}.sftpfilecontrol-v1.3.patch .endif +# See https://bugzilla.mindrot.org/show_bug.cgi?id=2016 +.if ${PORT_OPTIONS:MSCTP} +EXTRA_PATCHES+= ${FILESDIR}/sctp.patch +CONFIGURE_ARGS+= --with-sctp +.endif + .if ${PORT_OPTIONS:MOVERWRITE_BASE} WITH_OPENSSL_BASE= yes CONFIGURE_ARGS+= --localstatedir=/var EMPTYDIR= /var/empty PREFIX= /usr ETCSSH= /etc/ssh -USE_RCORDER= openssh +USE_RC_SUBRR= openssh PLIST_SUB+= NOTBASE="@comment " PLIST_SUB+= BASE="" PLIST_SUB+= BASEPREFIX="${PREFIX}" @@ -184,6 +192,11 @@ RC_SCRIPT_NAME= openssh +run-autotools: run-autotools-autoreconf + +run-autotools-autoreconf: + @cd ${CONFIGURE_WRKSRC} && ${SETENV} ${AUTOTOOLS_ENV} ${AUTORECONF} -i + post-patch: @${REINPLACE_CMD} -e 's|-ldes|-lcrypto|g' ${WRKSRC}/configure @${REINPLACE_CMD} -e 's|%%PREFIX%%|${LOCALBASE}|' \ diff -ruN --exclude=CVS /usr/ports/security/openssh-portable/distinfo ./distinfo --- /usr/ports/security/openssh-portable/distinfo 2011-10-21 20:18:56.000000000 +0400 +++ ./distinfo 2012-12-19 02:36:35.000000000 +0400 @@ -1,5 +1,5 @@ -SHA256 (openssh-5.8p2.tar.gz) = 5c35ec7c966ce05cc4497ac59c0b54a556e55ae7368165cc8c4129694654f314 -SIZE (openssh-5.8p2.tar.gz) = 1115475 +SHA256 (openssh-5.9p1.tar.gz) = 8d3e8b6b6ff04b525a6dfa6fdeb6a99043ccf6c3310cc32eba84c939b07777d5 +SIZE (openssh-5.9p1.tar.gz) = 1110014 SHA256 (openssh-5.8p1-hpn13v11.diff.gz) = 62b500d29d8889ce76c8b596eb65731d8ac3469d89d9c6eb29fec2a845159df7 SIZE (openssh-5.8p1-hpn13v11.diff.gz) = 22993 SHA256 (openssh-5.8p1+x509-7.0.diff.gz) = 3b578cbf69f25e630e8da52b6586a36c62c0c7ce026f95acda91c023dc47c85b diff -ruN --exclude=CVS /usr/ports/security/openssh-portable/files/extra-patch-configure ./files/extra-patch-configure --- /usr/ports/security/openssh-portable/files/extra-patch-configure 2011-10-21 20:18:56.000000000 +0400 +++ ./files/extra-patch-configure 1970-01-01 03:00:00.000000000 +0300 @@ -1,10 +0,0 @@ ---- configure.orig 2011-09-01 20:36:35.000000000 +0400 -+++ configure 2011-09-02 13:59:02.000000000 +0400 -@@ -12856,6 +12856,7 @@ - - - -+LIBS="-lutil $LIBS" - for ac_func in \ - arc4random \ - arc4random_buf \ \ No newline at end of file diff -ruN --exclude=CVS /usr/ports/security/openssh-portable/files/patch-Makefile.in ./files/patch-Makefile.in --- /usr/ports/security/openssh-portable/files/patch-Makefile.in 2011-10-21 20:18:56.000000000 +0400 +++ ./files/patch-Makefile.in 2012-12-19 02:33:14.000000000 +0400 @@ -1,11 +1,11 @@ ---- Makefile.in.orig 2010-05-12 00:51:39.000000000 -0600 -+++ Makefile.in 2010-09-14 16:14:12.000000000 -0600 -@@ -238,7 +238,7 @@ +--- Makefile.in.orig 2011-08-06 00:15:18.000000000 +0400 ++++ Makefile.in 2012-12-19 02:32:58.000000000 +0400 +@@ -231,7 +231,7 @@ $(AUTORECONF) -rm -rf autom4te.cache --install: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files install-sysconf host-key check-config -+install: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files install-sysconf - install-nokeys: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files install-sysconf - install-nosysconf: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files +-install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf host-key check-config ++install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf + install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf + install-nosysconf: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files diff -ruN --exclude=CVS /usr/ports/security/openssh-portable/files/patch-configure.ac ./files/patch-configure.ac --- /usr/ports/security/openssh-portable/files/patch-configure.ac 1970-01-01 03:00:00.000000000 +0300 +++ ./files/patch-configure.ac 2012-12-19 02:13:34.000000000 +0400 @@ -0,0 +1,10 @@ +--- configure.ac.orig 2012-12-19 02:11:30.000000000 +0400 ++++ configure.ac 2012-12-19 02:13:30.000000000 +0400 +@@ -679,6 +679,7 @@ + AC_CHECK_HEADER([net/if_tap.h], , + AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) + AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need]) ++ LIBS="$LIBS -lutil" + ;; + *-*-bsdi*) + AC_DEFINE([SETEUID_BREAKS_SETUID]) diff -ruN --exclude=CVS /usr/ports/security/openssh-portable/files/sctp.patch ./files/sctp.patch --- /usr/ports/security/openssh-portable/files/sctp.patch 1970-01-01 03:00:00.000000000 +0300 +++ ./files/sctp.patch 2012-12-18 23:59:28.000000000 +0400 @@ -0,0 +1,788 @@ +Index: configure.ac +=================================================================== +RCS file: /cvs/openssh/configure.ac,v +retrieving revision 1.492 +diff -u -r1.492 configure.ac +--- configure.ac 19 May 2012 05:24:37 -0000 1.492 ++++ configure.ac 8 Jun 2012 11:52:49 -0000 +@@ -3479,6 +3479,17 @@ + AC_SUBST([SSHLIBS]) + AC_SUBST([SSHDLIBS]) + ++#check whether user wants SCTP support ++SCTP_MSG="no" ++AC_ARG_WITH(sctp, ++ [ --with-sctp Enable SCTP support], ++ [ if test "x$withval" != "xno" ; then ++ AC_DEFINE(SCTP,1,[Define if you want SCTP support.]) ++ AC_CHECK_FUNCS(sctp_recvmsg, , AC_CHECK_LIB(sctp, sctp_recvmsg)) ++ SCTP_MSG="yes" ++ fi ] ++) ++ + # Check whether user wants Kerberos 5 support + KRB5_MSG="no" + AC_ARG_WITH([kerberos5], +@@ -4338,6 +4349,7 @@ + echo " OSF SIA support: $SIA_MSG" + echo " KerberosV support: $KRB5_MSG" + echo " SELinux support: $SELINUX_MSG" ++echo " SCTP support: $SCTP_MSG" + echo " Smartcard support: $SCARD_MSG" + echo " S/KEY support: $SKEY_MSG" + echo " TCP Wrappers support: $TCPW_MSG" +Index: misc.c +=================================================================== +RCS file: /cvs/openssh/misc.c,v +retrieving revision 1.111 +diff -u -r1.111 misc.c +--- misc.c 22 Sep 2011 11:34:36 -0000 1.111 ++++ misc.c 8 Jun 2012 11:52:49 -0000 +@@ -59,6 +59,10 @@ + #include "log.h" + #include "ssh.h" + ++#ifdef SCTP ++#include ++#endif ++ + /* remove newline at end of string */ + char * + chop(char *s) +@@ -141,17 +145,29 @@ + + optlen = sizeof opt; + if (getsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &opt, &optlen) == -1) { +- debug("getsockopt TCP_NODELAY: %.100s", strerror(errno)); ++#ifdef SCTP ++ /* TCP_NODELAY failed, try SCTP_NODELAY */ ++ if (getsockopt(fd, IPPROTO_SCTP, SCTP_NODELAY, &opt, &optlen) == -1) { ++ debug("getsockopt TCP_NODELAY/SCTP_NODELAY: %.100s", strerror(errno)); ++ return; ++ } ++#else + return; ++#endif + } + if (opt == 1) { +- debug2("fd %d is TCP_NODELAY", fd); ++ debug2("fd %d is TCP_NODELAY/SCTP_NODELAY", fd); + return; + } + opt = 1; +- debug2("fd %d setting TCP_NODELAY", fd); +- if (setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &opt, sizeof opt) == -1) +- error("setsockopt TCP_NODELAY: %.100s", strerror(errno)); ++ debug2("fd %d setting TCP_NODELAY/SCTP_NODELAY", fd); ++ if (setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &opt, sizeof opt) == -1) { ++#ifdef SCTP ++ /* TCP_NODELAY failed, try SCTP_NODELAY */ ++ if (getsockopt(fd, IPPROTO_SCTP, SCTP_NODELAY, &opt, &optlen) == -1) ++ error("getsockopt TCP_NODELAY/SCTP_NODELAY: %.100s", strerror(errno)); ++#endif ++ } + } + + /* Characters considered whitespace in strsep calls. */ +Index: readconf.c +=================================================================== +RCS file: /cvs/openssh/readconf.c,v +retrieving revision 1.174 +diff -u -r1.174 readconf.c +--- readconf.c 2 Oct 2011 07:59:03 -0000 1.174 ++++ readconf.c 8 Jun 2012 11:52:49 -0000 +@@ -117,6 +117,9 @@ + oPasswordAuthentication, oRSAAuthentication, + oChallengeResponseAuthentication, oXAuthLocation, + oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward, ++#ifdef SCTP ++ oTransport, ++#endif + oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand, + oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, + oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression, +@@ -182,6 +185,9 @@ + { "hostname", oHostName }, + { "hostkeyalias", oHostKeyAlias }, + { "proxycommand", oProxyCommand }, ++#ifdef SCTP ++ { "transport", oTransport }, ++#endif + { "port", oPort }, + { "cipher", oCipher }, + { "ciphers", oCiphers }, +@@ -659,6 +665,22 @@ + *charptr = xstrdup(s + len); + return 0; + ++#ifdef SCTP ++ case oTransport: ++ arg = strdelim(&s); ++ if (!arg || *arg == '\0') ++ fatal("%s line %d: missing transport protocol specification", ++ filename, linenum); ++ if (strcmp(arg, "tcp") == 0) ++ options->transport = TRANSPORT_TCP; ++ else if (strcmp(arg, "sctp") == 0) ++ options->transport = TRANSPORT_SCTP; ++ else ++ fatal("%s line %d: unknown transport protocol specified", ++ filename, linenum); ++ break; ++#endif ++ + case oPort: + intptr = &options->port; + parse_int: +@@ -1151,6 +1173,9 @@ + options->compression = -1; + options->tcp_keep_alive = -1; + options->compression_level = -1; ++#ifdef SCTP ++ options->transport = -1; ++#endif + options->port = -1; + options->address_family = -1; + options->connection_attempts = -1; +@@ -1261,6 +1286,10 @@ + options->tcp_keep_alive = 1; + if (options->compression_level == -1) + options->compression_level = 6; ++#ifdef SCTP ++ if (options->transport == -1) ++ options->transport = TRANSPORT_TCP; ++#endif + if (options->port == -1) + options->port = 0; /* Filled in ssh_connect. */ + if (options->address_family == -1) +Index: readconf.h +=================================================================== +RCS file: /cvs/openssh/readconf.h,v +retrieving revision 1.83 +diff -u -r1.83 readconf.h +--- readconf.h 2 Oct 2011 07:59:03 -0000 1.83 ++++ readconf.h 8 Jun 2012 11:52:49 -0000 +@@ -31,6 +31,10 @@ + #define MAX_SEND_ENV 256 + #define SSH_MAX_HOSTS_FILES 256 + ++/* Transport protocols */ ++#define TRANSPORT_TCP 1 ++#define TRANSPORT_SCTP 2 ++ + typedef struct { + int forward_agent; /* Forward authentication agent. */ + int forward_x11; /* Forward X11 display. */ +@@ -65,6 +69,9 @@ + int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */ + LogLevel log_level; /* Level for logging. */ + ++#ifdef SCTP ++ int transport; /* Transport protocol used. */ ++#endif + int port; /* Port to connect. */ + int address_family; + int connection_attempts; /* Max attempts (seconds) before +Index: scp.c +=================================================================== +RCS file: /cvs/openssh/scp.c,v +retrieving revision 1.189 +diff -u -r1.189 scp.c +--- scp.c 22 Sep 2011 11:38:01 -0000 1.189 ++++ scp.c 8 Jun 2012 11:52:50 -0000 +@@ -395,7 +395,11 @@ + addargs(&args, "-oClearAllForwardings=yes"); + + fflag = tflag = 0; ++#ifdef SCTP ++ while ((ch = getopt(argc, argv, "dfl:prtvBCc:i:P:q12346S:o:F:z")) != -1) ++#else + while ((ch = getopt(argc, argv, "dfl:prtvBCc:i:P:q12346S:o:F:")) != -1) ++#endif + switch (ch) { + /* User-visible flags. */ + case '1': +@@ -403,6 +407,9 @@ + case '4': + case '6': + case 'C': ++#ifdef SCTP ++ case 'z': ++#endif + addargs(&args, "-%c", ch); + addargs(&remote_remote_args, "-%c", ch); + break; +Index: servconf.c +=================================================================== +RCS file: /cvs/openssh/servconf.c,v +retrieving revision 1.223 +diff -u -r1.223 servconf.c +--- servconf.c 19 May 2012 09:37:01 -0000 1.223 ++++ servconf.c 8 Jun 2012 11:52:51 -0000 +@@ -117,6 +117,9 @@ + options->ciphers = NULL; + options->macs = NULL; + options->kex_algorithms = NULL; ++#ifdef SCTP ++ options->transport = -1; ++#endif + options->protocol = SSH_PROTO_UNKNOWN; + options->gateway_ports = -1; + options->num_subsystems = 0; +@@ -249,6 +252,10 @@ + options->allow_tcp_forwarding = 1; + if (options->allow_agent_forwarding == -1) + options->allow_agent_forwarding = 1; ++#ifdef SCTP ++ if (options->transport == -1) ++ options->transport = TRANSPORT_TCP; ++#endif + if (options->gateway_ports == -1) + options->gateway_ports = 0; + if (options->max_startups == -1) +@@ -312,6 +319,9 @@ + sKerberosTgtPassing, sChallengeResponseAuthentication, + sPasswordAuthentication, sKbdInteractiveAuthentication, + sListenAddress, sAddressFamily, ++#ifdef SCTP ++ sTransport, sListenMultipleAddresses, ++#endif + sPrintMotd, sPrintLastLog, sIgnoreRhosts, + sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, + sStrictModes, sEmptyPasswd, sTCPKeepAlive, +@@ -402,6 +412,9 @@ + #endif + { "checkmail", sDeprecated, SSHCFG_GLOBAL }, + { "listenaddress", sListenAddress, SSHCFG_GLOBAL }, ++#ifdef SCTP ++ { "listenmultipleaddresses", sListenMultipleAddresses, SSHCFG_GLOBAL }, ++#endif + { "addressfamily", sAddressFamily, SSHCFG_GLOBAL }, + { "printmotd", sPrintMotd, SSHCFG_GLOBAL }, + { "printlastlog", sPrintLastLog, SSHCFG_GLOBAL }, +@@ -426,6 +439,9 @@ + { "denygroups", sDenyGroups, SSHCFG_GLOBAL }, + { "ciphers", sCiphers, SSHCFG_GLOBAL }, + { "macs", sMacs, SSHCFG_GLOBAL }, ++#ifdef SCTP ++ { "transport", sTransport, SSHCFG_GLOBAL }, ++#endif + { "protocol", sProtocol, SSHCFG_GLOBAL }, + { "gatewayports", sGatewayPorts, SSHCFG_ALL }, + { "subsystem", sSubsystem, SSHCFG_GLOBAL }, +@@ -556,6 +572,81 @@ + return &ci; + } + ++#ifdef SCTP ++static void ++add_one_listen_multiple_addr(ServerOptions *options, char *addr, int port, int last) ++{ ++ struct addrinfo hints, *ai, *aitop; ++ char strport[NI_MAXSERV]; ++ int gaierr; ++ ++ memset(&hints, 0, sizeof(hints)); ++ hints.ai_family = options->address_family; ++ hints.ai_socktype = SOCK_STREAM; ++ hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0; ++ snprintf(strport, sizeof strport, "%d", port); ++ if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0) ++ fatal("bad addr or host: %s (%s)", ++ addr ? addr : "", ++ ssh_gai_strerror(gaierr)); ++ /* Mark addresses as multihomed */ ++ for (ai = aitop; ai->ai_next; ai = ai->ai_next) ++ ai->ai_flags = IS_MULTIPLE_ADDR; ++ ai->ai_flags = IS_MULTIPLE_ADDR; ++ ai->ai_next = options->listen_addrs; ++ options->listen_addrs = aitop; ++ ++ if (last) { ++ aitop->ai_flags = 0; ++ } ++} ++ ++static void ++add_listen_multiple_addrs(ServerOptions *options, char *addrs, int port) ++{ ++ u_int i, num_addrs; ++ char **addrsptr, *p; ++ ++ if (options->num_ports == 0) ++ options->ports[options->num_ports++] = SSH_DEFAULT_PORT; ++ if (options->address_family == -1) ++ options->address_family = AF_UNSPEC; ++ ++ num_addrs = 1; ++ p = addrs; ++ while ((p = strchr(p, ',')) != NULL) { ++ num_addrs++; ++ p++; ++ } ++ debug("found %d addresses for multi-homing", num_addrs); ++ ++ addrsptr = xmalloc(num_addrs * sizeof(char*)); ++ p = addrs; ++ for (i = 0; i < num_addrs; i++) { ++ addrsptr[i] = p; ++ p = strchr(p+1, ','); ++ if (p != NULL) ++ *(p++) = '\0'; ++ } ++ ++ if (port == 0) ++ for (i = 0; i < options->num_ports; i++) { ++ while (--num_addrs) { ++ add_one_listen_multiple_addr(options, addrsptr[num_addrs], options->ports[i], 0); ++ } ++ add_one_listen_multiple_addr(options, addrs, options->ports[i], 1); ++ } ++ else { ++ while (--num_addrs) { ++ add_one_listen_multiple_addr(options, addrsptr[num_addrs], port, 0); ++ } ++ add_one_listen_multiple_addr(options, addrs, port, 1); ++ } ++ ++ xfree(addrsptr); ++} ++#endif ++ + /* + * The strategy for the Match blocks is that the config file is parsed twice. + * +@@ -879,6 +970,26 @@ + intptr = &options->key_regeneration_time; + goto parse_time; + ++#ifdef SCTP ++ case sListenMultipleAddresses: ++ arg = strdelim(&cp); ++ if (arg == NULL || *arg == '\0') ++ fatal("%s line %d: missing addresses", ++ filename, linenum); ++ ++ /* Check for appended port */ ++ p = strchr(arg, ';'); ++ if (p != NULL) { ++ if ((port = a2port(p + 1)) <= 0) ++ fatal("%s line %d: bad port number", filename, linenum); ++ *p = '\0'; ++ } else { ++ port = 0; ++ } ++ add_listen_multiple_addrs(options, arg, port); ++ break; ++#endif ++ + case sListenAddress: + arg = strdelim(&cp); + if (arg == NULL || *arg == '\0') +@@ -1216,6 +1327,24 @@ + options->kex_algorithms = xstrdup(arg); + break; + ++#ifdef SCTP ++ case sTransport: ++ arg = strdelim(&cp); ++ if (!arg || *arg == '\0') ++ fatal("%s line %d: missing transport protocol specification", ++ filename, linenum); ++ if (strcmp(arg, "all") == 0) ++ options->transport = TRANSPORT_ALL; ++ else if (strcmp(arg, "tcp") == 0) ++ options->transport = TRANSPORT_TCP; ++ else if (strcmp(arg, "sctp") == 0) ++ options->transport = TRANSPORT_SCTP; ++ else ++ fatal("%s line %d: unknown transport protocol specified", ++ filename, linenum); ++ break; ++#endif ++ + case sProtocol: + intptr = &options->protocol; + arg = strdelim(&cp); +@@ -1639,6 +1768,9 @@ + M_CP_INTOPT(allow_tcp_forwarding); + M_CP_INTOPT(allow_agent_forwarding); + M_CP_INTOPT(permit_tun); ++#ifdef SCTP ++ M_CP_INTOPT(transport); ++#endif + M_CP_INTOPT(gateway_ports); + M_CP_INTOPT(x11_display_offset); + M_CP_INTOPT(x11_forwarding); +@@ -1875,6 +2007,9 @@ + dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env); + dump_cfg_fmtint(sUseLogin, o->use_login); + dump_cfg_fmtint(sCompression, o->compression); ++#ifdef SCTP ++ dump_cfg_fmtint(sTransport, o->transport); ++#endif + dump_cfg_fmtint(sGatewayPorts, o->gateway_ports); + dump_cfg_fmtint(sUseDNS, o->use_dns); + dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding); +Index: servconf.h +=================================================================== +RCS file: /cvs/openssh/servconf.h,v +retrieving revision 1.93 +diff -u -r1.93 servconf.h +--- servconf.h 19 May 2012 09:37:01 -0000 1.93 ++++ servconf.h 8 Jun 2012 11:52:51 -0000 +@@ -47,6 +47,15 @@ + /* Magic name for internal sftp-server */ + #define INTERNAL_SFTP_NAME "internal-sftp" + ++#ifdef SCTP ++/* Transport protocols */ ++#define TRANSPORT_TCP 1 ++#define TRANSPORT_SCTP 2 ++#define TRANSPORT_ALL (TRANSPORT_TCP | TRANSPORT_SCTP) ++ ++#define IS_MULTIPLE_ADDR 0x1000 ++#endif ++ + typedef struct { + u_int num_ports; + u_int ports_from_cmdline; +@@ -81,6 +90,9 @@ + char *ciphers; /* Supported SSH2 ciphers. */ + char *macs; /* Supported SSH2 macs. */ + char *kex_algorithms; /* SSH2 kex methods in order of preference. */ ++#ifdef SCTP ++ int transport; /* Transport protocol(s) used */ ++#endif + int protocol; /* Supported protocol versions. */ + int gateway_ports; /* If true, allow remote connects to forwarded ports. */ + SyslogFacility log_facility; /* Facility for system logging. */ +Index: ssh.c +=================================================================== +RCS file: /cvs/openssh/ssh.c,v +retrieving revision 1.364 +diff -u -r1.364 ssh.c +--- ssh.c 3 Nov 2011 23:54:22 -0000 1.364 ++++ ssh.c 8 Jun 2012 11:52:54 -0000 +@@ -196,7 +196,11 @@ + usage(void) + { + fprintf(stderr, ++#ifdef SCTP ++"usage: ssh [-1246AaCfgKkMNnqsTtVvXxYyz] [-b bind_address] [-c cipher_spec]\n" ++#else + "usage: ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]\n" ++#endif + " [-D [bind_address:]port] [-e escape_char] [-F configfile]\n" + " [-I pkcs11] [-i identity_file]\n" + " [-L [bind_address:]port:host:hostport]\n" +@@ -329,7 +335,11 @@ + argv0 = av[0]; + + again: ++#ifdef SCTP ++ while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvxz" ++#else + while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx" ++#endif + "ACD:F:I:KL:MNO:PR:S:TVw:W:XYy")) != -1) { + switch (opt) { + case '1': +@@ -526,6 +534,11 @@ + else + options.control_master = SSHCTL_MASTER_YES; + break; ++#ifdef SCTP ++ case 'z': ++ options.transport = TRANSPORT_SCTP; ++ break; ++#endif + case 'p': + options.port = a2port(optarg); + if (options.port <= 0) { +Index: sshconnect.c +=================================================================== +RCS file: /cvs/openssh/sshconnect.c,v +retrieving revision 1.207 +diff -u -r1.207 sshconnect.c +--- sshconnect.c 29 May 2011 11:42:34 -0000 1.207 ++++ sshconnect.c 8 Jun 2012 11:52:54 -0000 +@@ -62,6 +62,10 @@ + #include "ssh2.h" + #include "version.h" + ++#ifdef SCTP ++#include ++#endif ++ + char *client_version_string = NULL; + char *server_version_string = NULL; + +@@ -189,6 +193,9 @@ + { + int sock, gaierr; + struct addrinfo hints, *res; ++#ifdef SCTP ++ char *more_addrs, *next_addr; ++#endif + + /* + * If we are running as root and want to connect to a privileged +@@ -217,10 +224,22 @@ + if (options.bind_address == NULL) + return sock; + ++#ifdef SCTP ++ /* Check if multiple addresses have been specified */ ++ if ((more_addrs = strchr(options.bind_address, ',')) != NULL) { ++ *(more_addrs++) = '\0'; ++ } ++#endif ++ + memset(&hints, 0, sizeof(hints)); + hints.ai_family = ai->ai_family; + hints.ai_socktype = ai->ai_socktype; ++#ifndef SCTP ++ /* Only specify protocol if SCTP is not used, due ++ * to the lack of SCTP support for getaddrinfo() ++ */ + hints.ai_protocol = ai->ai_protocol; ++#endif + hints.ai_flags = AI_PASSIVE; + gaierr = getaddrinfo(options.bind_address, NULL, &hints, &res); + if (gaierr) { +@@ -235,6 +254,34 @@ + freeaddrinfo(res); + return -1; + } ++#ifdef SCTP ++ /* If there are multiple addresses, bind them too */ ++ if (more_addrs) { ++ do { ++ next_addr = strchr(more_addrs, ','); ++ if (next_addr != NULL) { ++ *(next_addr++) = '\0'; ++ } ++ ++ gaierr = getaddrinfo(more_addrs, NULL, &hints, &res); ++ if (gaierr) { ++ error("getaddrinfo: %s: %s", more_addrs, ++ ssh_gai_strerror(gaierr)); ++ close(sock); ++ return -1; ++ } ++ if (sctp_bindx(sock, (struct sockaddr *)res->ai_addr, ++ 1, SCTP_BINDX_ADD_ADDR) != 0) { ++ error("bind: %s: %s", options.bind_address, strerror(errno)); ++ close(sock); ++ freeaddrinfo(res); ++ return -1; ++ } ++ ++ more_addrs = next_addr; ++ } while (next_addr != NULL); ++ } ++#endif + freeaddrinfo(res); + return sock; + } +@@ -359,6 +406,15 @@ + if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0) + fatal("%s: Could not resolve hostname %.100s: %s", __progname, + host, ssh_gai_strerror(gaierr)); ++ ++#ifdef SCTP ++ /* Use SCTP if requested */ ++ if (options.transport == TRANSPORT_SCTP) { ++ for (ai = aitop; ai; ai = ai->ai_next) { ++ ai->ai_protocol = IPPROTO_SCTP; ++ } ++ } ++#endif + + for (attempt = 0; attempt < connection_attempts; attempt++) { + if (attempt > 0) { +Index: sshd.c +=================================================================== +RCS file: /cvs/openssh/sshd.c,v +retrieving revision 1.414 +diff -u -r1.414 sshd.c +--- sshd.c 19 May 2012 09:37:01 -0000 1.414 ++++ sshd.c 8 Jun 2012 11:52:55 -0000 +@@ -128,6 +128,10 @@ + int deny_severity; + #endif /* LIBWRAP */ + ++#ifdef SCTP ++#include ++#endif ++ + #ifndef O_NOCTTY + #define O_NOCTTY 0 + #endif +@@ -1033,6 +1037,12 @@ + for (ai = options.listen_addrs; ai; ai = ai->ai_next) { + if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) + continue; ++#ifdef SCTP ++ /* Ignore multi-homing addresses for TCP */ ++ if (ai->ai_flags & IS_MULTIPLE_ADDR || ++ (ai->ai_next != NULL && ai->ai_next->ai_flags & IS_MULTIPLE_ADDR)) ++ continue; ++#endif + if (num_listen_socks >= MAX_LISTEN_SOCKS) + fatal("Too many listen sockets. " + "Enlarge MAX_LISTEN_SOCKS"); +@@ -1091,6 +1101,127 @@ + fatal("Cannot bind any address."); + } + ++#ifdef SCTP ++/* ++ * Listen for SCTP connections ++ */ ++static void ++server_listen_sctp(void) ++{ ++ int ret, listen_sock, on = 1; ++ struct addrinfo *ai, *aiv6; ++ char ntop[NI_MAXHOST], strport[NI_MAXSERV]; ++ ++ for (ai = options.listen_addrs; ai; ai = ai->ai_next) { ++ if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) ++ continue; ++ /* Ignore multi-homing addresses at this point */ ++ if (ai->ai_flags & IS_MULTIPLE_ADDR) ++ continue; ++ if (num_listen_socks >= MAX_LISTEN_SOCKS) ++ fatal("Too many listen sockets. " ++ "Enlarge MAX_LISTEN_SOCKS"); ++ if ((ret = getnameinfo(ai->ai_addr, ai->ai_addrlen, ++ ntop, sizeof(ntop), strport, sizeof(strport), ++ NI_NUMERICHOST|NI_NUMERICSERV)) != 0) { ++ error("getnameinfo failed: %.100s", ++ ssh_gai_strerror(ret)); ++ continue; ++ } ++ /* Check for multi-homed IPv6 addresses if family is IPv4 */ ++ if (ai->ai_family == AF_INET) { ++ aiv6 = ai->ai_next; ++ while (aiv6 != NULL && aiv6->ai_flags & IS_MULTIPLE_ADDR) { ++ if (aiv6->ai_family == AF_INET6) { ++ ai->ai_family = AF_INET6; ++ break; ++ } ++ aiv6 = aiv6->ai_next; ++ } ++ } ++ ++ /* Create socket for listening. */ ++ listen_sock = socket(ai->ai_family, ai->ai_socktype, ++ IPPROTO_SCTP); ++ if (listen_sock < 0) { ++ /* kernel may not support ipv6 */ ++ verbose("SCTP socket: %.100s", strerror(errno)); ++ continue; ++ } ++ if (set_nonblock(listen_sock) == -1) { ++ close(listen_sock); ++ continue; ++ } ++ /* ++ * Set socket options. ++ * Allow local port reuse in TIME_WAIT. ++ */ ++ if (setsockopt(listen_sock, SOL_SOCKET, SO_REUSEADDR, ++ &on, sizeof(on)) == -1) ++ error("SCTP setsockopt SO_REUSEADDR: %s", strerror(errno)); ++ ++ /* Only communicate in IPv6 over AF_INET6 sockets if not multi-homed. */ ++ if (ai->ai_family == AF_INET6 && (ai->ai_next == NULL || ++ (ai->ai_next != NULL && ai->ai_next->ai_flags == 0))) ++ sock_set_v6only(listen_sock); ++ ++ if (ai->ai_next != NULL && ai->ai_next->ai_flags & IS_MULTIPLE_ADDR) ++ debug("Bind multi-homed to SCTP port %s on %s.", strport, ntop); ++ else ++ debug("Bind to SCTP port %s on %s.", strport, ntop); ++ ++ /* Bind the socket to the desired port. */ ++ if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) { ++ error("Bind to SCTP port %s on %s failed: %.200s.", ++ strport, ntop, strerror(errno)); ++ close(listen_sock); ++ continue; ++ } ++ ++ /* Bind multi-homing addresses */ ++ while (ai->ai_next != NULL && ++ ai->ai_next->ai_flags & IS_MULTIPLE_ADDR) { ++ ai = ai->ai_next; ++ ++ if ((ret = getnameinfo(ai->ai_addr, ai->ai_addrlen, ++ ntop, sizeof(ntop), strport, sizeof(strport), ++ NI_NUMERICHOST|NI_NUMERICSERV)) != 0) { ++ error("getnameinfo failed: %.100s", ++ ssh_gai_strerror(ret)); ++ continue; ++ } ++ ++ debug("Bind multi-homed to SCTP port %s on %s.", strport, ntop); ++ ++ if (sctp_bindx(listen_sock, (struct sockaddr *)ai->ai_addr, 1, SCTP_BINDX_ADD_ADDR) != 0) { ++ error("Bind to SCTP port %s on %s failed: %.200s.", ++ strport, ntop, strerror(errno)); ++ close(listen_sock); ++ continue; ++ } ++ } ++ ++ listen_socks[num_listen_socks] = listen_sock; ++ num_listen_socks++; ++ ++ /* Start listening on the port. */ ++ if (listen(listen_sock, SSH_LISTEN_BACKLOG) < 0) ++ fatal("SCTP listen on [%s]:%s: %.100s", ++ ntop, strport, strerror(errno)); ++ if (ai->ai_flags & IS_MULTIPLE_ADDR) ++ logit("Server listening multi-homed with SCTP on port %s.", strport); ++ else ++ logit("Server listening with SCTP on %s port %s.", ntop, strport); ++ } ++ /* Only free addresses if SCTP is the only used protocol */ ++ if (options.transport == TRANSPORT_SCTP) ++ freeaddrinfo(options.listen_addrs); ++ ++ if (!num_listen_socks) ++ fatal("Cannot bind any address for SCTP."); ++} ++#endif ++ + /* + * The main TCP accept loop. Note that, for the non-debug case, returns + * from this function are in a forked subprocess. +@@ -1778,7 +1909,14 @@ + server_accept_inetd(&sock_in, &sock_out); + } else { + platform_pre_listen(); +- server_listen(); ++ ++#ifdef SCTP ++ if (options.transport & TRANSPORT_SCTP) ++ server_listen_sctp(); ++ ++ if (options.transport & TRANSPORT_TCP) ++#endif ++ server_listen(); + + if (options.protocol & SSH_PROTO_1) + generate_ephemeral_server_key(); +--- sshd_config.orig 2012-12-18 23:50:47.000000000 +0400 ++++ sshd_config 2012-12-18 23:51:15.000000000 +0400 +@@ -12,6 +12,7 @@ + + #Port 22 + #AddressFamily any ++#Transport all + #ListenAddress 0.0.0.0 + #ListenAddress :: >Release-Note: >Audit-Trail: >Unformatted: