main/openssh: upgrade to 6.0p1

* also add support for hmac oneshot mode (requires patched openssl;
   we have these patches in Alpine)
 * rebase hpn patches
 * remove obsolete patch (upstreamed)

main/openssh/APKBUILD

@@ -1,19 +1,19 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=openssh
-pkgver=5.9_p1
+pkgver=6.0_p1
 _myver=${pkgver%_*}${pkgver#*_}
-pkgrel=2
+pkgrel=0
 pkgdesc="Port of OpenBSD's free SSH release"
 url="http://www.openssh.org/portable.html"
 arch="all"
 license="as-is"
-depends="openssh-client"
+depends="openssh-client libcrypto1.0>=1.0.1c-r2"
 makedepends="openssl-dev zlib-dev"
 subpackages="$pkgname-doc $pkgname-client"
 source="ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/$pkgname-$_myver.tar.gz
 	openssh${pkgver%_*}-dynwindow_noneswitch.diff
 	openssh${pkgver%_*}-peaktput.diff
-	openssh-fix-openssl-abi.diff
+	openssh-hmac-accel.diff
 	sshd.initd
 	sshd.confd
 	"
@@ -29,10 +29,7 @@ prepare() {
 			;;
 		*.diff)
 			msg "Applying $i"
-			patch -p1 -N -i "$srcdir"/${i##*/}
-			if [ $? -gt 1 ]; then
-				return 1
-			fi
+			patch -p1 -N -i "$srcdir"/${i##*/} || return 1
 			;;
 		esac
 	done
@@ -87,9 +84,9 @@ client() {
 		"$subpkgdir"/etc/ssh/
 }
 
-md5sums="afe17eee7e98d3b8550cc349834a85d0  openssh-5.9p1.tar.gz
-f3db05e57e7af4cb2b55b85117652ed3  openssh5.9-dynwindow_noneswitch.diff
-949ff348573438163240c60d6c3618eb  openssh5.9-peaktput.diff
-c6f0728f19a80f680b0ee3922f3084cf  openssh-fix-openssl-abi.diff
+md5sums="3c9347aa67862881c5da3f3b1c08da7b  openssh-6.0p1.tar.gz
+77dfe8b990a369c02a581801aa40d487  openssh6.0-dynwindow_noneswitch.diff
+949ff348573438163240c60d6c3618eb  openssh6.0-peaktput.diff
+c65d454dc5b149647273485fc184636d  openssh-hmac-accel.diff
 cb0dd08c413fad346f0c594107b4a2e0  sshd.initd
 b35e9f3829f4cfca07168fcba98749c7  sshd.confd"

main/openssh/openssh-fix-openssl-abi.diff

@@ -1,20 +0,0 @@
---- openssh-5.9p1/entropy.c.orig
-+++ openssh-5.9p1/entropy.c
-@@ -206,6 +206,7 @@
- void
- seed_rng(void)
- {
-+	u_long mask;
- #ifndef OPENSSL_PRNG_ONLY
- 	unsigned char buf[RANDOM_SEED_SIZE];
- #endif
-@@ -213,7 +214,8 @@
- 	 * OpenSSL version numbers: MNNFFPPS: major minor fix patch status
- 	 * We match major, minor, fix and status (not patch)
- 	 */
--	if ((SSLeay() ^ OPENSSL_VERSION_NUMBER) & ~0xff0L)
-+	mask = (OPENSSL_VERSION_NUMBER >= 0x10000000) ? 0xffff0L : 0xff0L;
-+	if ((SSLeay() ^ OPENSSL_VERSION_NUMBER) & ~mask)
- 		fatal("OpenSSL version mismatch. Built against %lx, you "
- 		    "have %lx", (u_long)OPENSSL_VERSION_NUMBER, SSLeay());
- 

main/openssh/openssh-hmac-accel.diff

@@ -0,0 +1,10 @@
+--- a/mac.c
++++ b/mac.c
+@@ -142,6 +142,7 @@
+ 		/* reset HMAC context */
+ 		HMAC_Init(&mac->evp_ctx, NULL, 0, NULL);
+ 		HMAC_Update(&mac->evp_ctx, b, sizeof(b));
++		HMAC_CTX_set_flags(&mac->evp_ctx, EVP_MD_CTX_FLAG_ONESHOT);
+ 		HMAC_Update(&mac->evp_ctx, data, datalen);
+ 		HMAC_Final(&mac->evp_ctx, m, NULL);
+ 		break;

main/openssh/openssh6.0-dynwindow_noneswitch.diff

@@ -573,10 +573,10 @@ index 16cf282..6feaa6b 100644
 --- a/compat.h
 +++ b/compat.h
 @@ -58,6 +58,7 @@
- #define SSH_OLD_FORWARD_ADDR	0x01000000
  #define SSH_BUG_RFWD_ADDR	0x02000000
  #define SSH_NEW_OPENSSH		0x04000000
-+#define SSH_BUG_LARGEWINDOW     0x08000000
+ #define SSH_BUG_DYNAMIC_RPORT	0x08000000
++#define SSH_BUG_LARGEWINDOW     0x10000000
  
  void     enable_compat13(void);
  void     enable_compat20(void);