Fix clients getting 'Bad packet length' and 'Disconnecting: Packet corrupt'

when the NONECIPHER option is selected but not the HPN option.  The server
banner was improperly sending a NULL byte after the newline causing confusion
on the client.  This was an error in my own modifications to the HPN patch
in r383231.

This may have occurred with stale builds as well, such as running
'make configure' then 'portsnap update' and then 'make build'.

Pointyhat to:	bdrewery
Reported by:	many
PR:		199352

2 files changed, 11 insertions, 8 deletions

diff --git a/security/openssh-portable/Makefile b/security/openssh-portable/Makefile
index 18585022504d..f84e4ea00f59 100644
--- a/security/openssh-portable/Makefile
+++ b/security/openssh-portable/Makefile
@@ -3,7 +3,7 @@
 
 PORTNAME=	openssh
 DISTVERSION=	6.8p1
-PORTREVISION=	5
+PORTREVISION=	6
 PORTEPOCH=	1
 CATEGORIES=	security ipv6
 MASTER_SITES=	${MASTER_SITE_OPENBSD}
diff --git a/security/openssh-portable/files/extra-patch-hpn b/security/openssh-portable/files/extra-patch-hpn
index 9d2149077acf..87c7bfadbeab 100644
--- a/security/openssh-portable/files/extra-patch-hpn
+++ b/security/openssh-portable/files/extra-patch-hpn
@@ -1200,9 +1200,10 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o
  	debug("Authentication succeeded (%s).", authctxt.method->name);
  }
  
---- work.clean/openssh-6.8p1/sshd.c	2015-04-01 22:07:18.190233000 -0500
-+++ work/openssh-6.8p1/sshd.c	2015-04-03 17:17:03.227774000 -0500
-@@ -439,7 +439,10 @@
+--- work.clean/openssh-6.8p1/sshd.c.orig	2015-03-17 00:49:20.000000000 -0500
++++ work/openssh-6.8p1/sshd.c	2015-05-06 13:29:02.129507000 -0500
+@@ -430,8 +430,13 @@ sshd_exchange_identification(int sock_in
+ 		minor = PROTOCOL_MINOR_1;
  	}
  
 -	xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s",
@@ -1210,11 +1211,13 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o
  	    major, minor, SSH_VERSION,
 +#ifdef HPN_ENABLED
 +	    options.hpn_disabled ? "" : SSH_HPN,
++#else
++	    "",
 +#endif
  	    *options.version_addendum == '\0' ? "" : " ",
  	    options.version_addendum, newline);
  
-@@ -1157,6 +1160,10 @@
+@@ -1149,6 +1154,10 @@ server_listen(void)
  	int ret, listen_sock, on = 1;
  	struct addrinfo *ai;
  	char ntop[NI_MAXHOST], strport[NI_MAXSERV];
@@ -1225,7 +1228,7 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o
  
  	for (ai = options.listen_addrs; ai; ai = ai->ai_next) {
  		if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
-@@ -1197,6 +1204,13 @@
+@@ -1189,6 +1198,13 @@ server_listen(void)
  
  		debug("Bind to port %s on %s.", strport, ntop);
  
@@ -1239,7 +1242,7 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o
  		/* Bind the socket to the desired port. */
  		if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) {
  			error("Bind to port %s on %s failed: %.200s.",
-@@ -2167,6 +2181,11 @@
+@@ -2132,6 +2148,11 @@ main(int ac, char **av)
  	    remote_ip, remote_port,
  	    get_local_ipaddr(sock_in), get_local_port());
  
@@ -1251,7 +1254,7 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o
  	/*
  	 * We don't want to listen forever unless the other side
  	 * successfully authenticates itself.  So we set up an alarm which is
-@@ -2566,6 +2585,12 @@
+@@ -2531,6 +2552,12 @@ do_ssh2_kex(void)
  	if (options.ciphers != NULL) {
  		myproposal[PROPOSAL_ENC_ALGS_CTOS] =
  		myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;