[packages] openssh: update to 6.4p1

This release fixes a security bug:

 * sshd(8): fix a memory corruption problem triggered during rekeying
   when an AES-GCM cipher is selected. Full details of the vulnerability
   are available at: http://www.openssh.com/txt/gcmrekey.adv

Signed-off-by: Peter Wagner <tripolar@gmx.at>


git-svn-id: svn://svn.openwrt.org/openwrt/packages@38693 3c298f89-4303-0410-b956-a3cf2f4a3e73

net/openssh/Makefile

@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openssh
-PKG_VERSION:=6.3p1
+PKG_VERSION:=6.4p1
 PKG_RELEASE:=3
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
@@ -16,7 +16,7 @@ PKG_SOURCE_URL:=ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \
 		ftp://openbsd.wiretapped.net/pub/OpenBSD/OpenSSH/portable/ \
 		ftp://ftp.belnet.be/packages/openbsd/OpenSSH/portable/ \
 		ftp://ftp.de.openbsd.org/pub/unix/OpenBSD/OpenSSH/portable/
-PKG_MD5SUM:=225e75c9856f76011966013163784038
+PKG_MD5SUM:=a62b88b884df0b09b8a8c5789ac9e51b
 
 
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)

net/openssh/patches/100-no_cast_fix.patch

@@ -1,8 +1,6 @@
-diff --git a/cipher.c b/cipher.c
-index 9ca1d00..a6c1324 100644
 --- a/cipher.c
 +++ b/cipher.c
-@@ -74,8 +74,10 @@ struct Cipher {
+@@ -76,8 +76,10 @@ static const struct Cipher ciphers[] = {
  	{ "3des-cbc",	SSH_CIPHER_SSH2, 8, 24, 0, 0, 0, 1, EVP_des_ede3_cbc },
  	{ "blowfish-cbc",
  			SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_bf_cbc },

net/openssh/patches/110-no_ripemd_fix.patch

@@ -1,8 +1,6 @@
-diff --git a/mac.c b/mac.c
-index 3f2dc6f..73d2d4e 100644
 --- a/mac.c
 +++ b/mac.c
-@@ -68,8 +68,10 @@ struct {
+@@ -70,8 +70,10 @@ static const struct macalg macs[] = {
  #endif
  	{ "hmac-md5",				SSH_EVP, EVP_md5, 0, 0, 0, 0 },
  	{ "hmac-md5-96",			SSH_EVP, EVP_md5, 96, 0, 0, 0 },
@@ -13,7 +11,7 @@ index 3f2dc6f..73d2d4e 100644
  	{ "umac-64@openssh.com",		SSH_UMAC, NULL, 0, 128, 64, 0 },
  	{ "umac-128@openssh.com",		SSH_UMAC128, NULL, 0, 128, 128, 0 },
  
-@@ -82,7 +84,9 @@ struct {
+@@ -84,7 +86,9 @@ static const struct macalg macs[] = {
  #endif
  	{ "hmac-md5-etm@openssh.com",		SSH_EVP, EVP_md5, 0, 0, 0, 1 },
  	{ "hmac-md5-96-etm@openssh.com",	SSH_EVP, EVP_md5, 96, 0, 0, 1 },

net/openssh/patches/130-implicit_memset_decl_fix.patch

@@ -1,6 +1,6 @@
 --- a/includes.h
 +++ b/includes.h
-@@ -57,6 +57,9 @@
+@@ -59,6 +59,9 @@
  /*
   *-*-nto-qnx needs these headers for strcasecmp and LASTLOG_FILE respectively
   */

net/openssh/patches/140-pam_uclibc_pthreads_fix.patch

@@ -44,7 +44,7 @@
  {
  	int status;
  
-@@ -509,7 +509,7 @@ sshpam_thread(void *ctxtp)
+@@ -508,7 +508,7 @@ sshpam_thread(void *ctxtp)
  	/* XXX - can't do much about an error here */
  	ssh_msg_send(ctxt->pam_csock, sshpam_err, &buffer);
  	buffer_free(&buffer);
@@ -53,7 +53,7 @@
  
   auth_fail:
  	buffer_put_cstring(&buffer,
-@@ -520,7 +520,7 @@ sshpam_thread(void *ctxtp)
+@@ -519,7 +519,7 @@ sshpam_thread(void *ctxtp)
  	else
  		ssh_msg_send(ctxt->pam_csock, PAM_AUTH_ERR, &buffer);
  	buffer_free(&buffer);
@@ -62,7 +62,7 @@
  
  	return (NULL); /* Avoid warning for non-pthread case */
  }
-@@ -532,8 +532,8 @@ sshpam_thread_cleanup(void)
+@@ -531,8 +531,8 @@ sshpam_thread_cleanup(void)
  
  	debug3("PAM: %s entering", __func__);
  	if (ctxt != NULL && ctxt->pam_thread != 0) {
@@ -73,7 +73,7 @@
  		close(ctxt->pam_psock);
  		close(ctxt->pam_csock);
  		memset(ctxt, 0, sizeof(*ctxt));
-@@ -698,7 +698,7 @@ sshpam_init_ctx(Authctxt *authctxt)
+@@ -696,7 +696,7 @@ sshpam_init_ctx(Authctxt *authctxt)
  	}
  	ctxt->pam_psock = socks[0];
  	ctxt->pam_csock = socks[1];

net/openssh/patches/200-dscp-qos.patch

@@ -9,7 +9,7 @@
 +#IPQoS AF21 AF11
 --- a/sshd_config
 +++ b/sshd_config
-@@ -120,6 +120,9 @@ UsePrivilegeSeparation sandbox		# Default for new installations.
+@@ -120,6 +120,9 @@ UsePrivilegeSeparation sandbox		# Defaul
  # no default banner path
  #Banner none