Update cryptlib to 3.4.7

2b3c02d6 · Deucе · Rob Swindell · b33a40e7 · b33a40e7 · 2b3c02d6
Commit 2b3c02d6 authored 1 year ago by Deucе Committed by Rob Swindell 1 year ago
--- a/3rdp/build/cl-random-openbsd.patch
+++ b/3rdp/build/cl-random-openbsd.patch
--- random/unix.c.orig	2021-03-15 18:02:42.743073000 -0400
-+++ random/unix.c	2021-03-15 18:04:17.393934000 -0400
-@@ -398,7 +398,7 @@
-   #include <net/route.h>			/* For CTL_NET:AF_ROUTE:0:AF_INET:\
- 									   NET_RT_FLAGS idents */
-   #include <sys/gmon.h>				/* For CTL_KERN:KERN_PROF identifiers */
-  #if defined( __NetBSD__ )
-+  #if defined( __NetBSD__ ) || defined( __OpenBSD__ )
- 	#include <uvm/uvm_param.h>		/* For CTL_VM identifiers */
-   #else
- 	#include <vm/vm_param.h>		/* For CTL_VM identifiers */
-@@ -414,7 +414,9 @@
- static const SYSCTL_INFO sysctlInfo[] = {
- 	/* Hardware info */
- 	{ 2, { CTL_HW, HW_MACHINE } },	/* Machine class */
-+#ifdef HW_MACHINE_ARCH
- 	{ 2, { CTL_HW, HW_MACHINE_ARCH } }, /* Machine architecture */
-+#endif
- 	{ 2, { CTL_HW, HW_MODEL } },	/* Machine model */
- #ifdef HW_IOSTATS
- 	{ 2, { CTL_HW, HW_IOSTATS } },	/* struct io_sysctl for each device 
-@@ -517,11 +519,13 @@
- 									/* Terminal chars sent/received */
- #endif /* KERN_TKSTAT */
- 	{ 2, { CTL_KERN, KERN_VERSION } }, /* System version string  */
-+#ifdef KERN_VNODE
- 	{ 2, { CTL_KERN, KERN_VNODE }, 15 }, 
- 									/* struct xvnode for each vnode, see 
- 									   /sys/sys/vnode.h.  Produces a huge 
- 									   amount of output so typically gets
- 									   truncated at SYSCTL_BUFFER_SIZE */
-+#endif
- 
- 	/* Networking info */
- 	{ 6, { CTL_NET, AF_ROUTE, 0, AF_INET, NET_RT_DUMP, 0 }, 5 },
--- a/3rdp/build/cl-read-timeout-every-time.patch
+++ b/3rdp/build/cl-read-timeout-every-time.patch
+--- ./session/sess_rd.c.orig	2024-01-14 19:55:23.556519000 -0500
+++ ./session/sess_rd.c	2024-01-14 19:55:55.611225000 -0500
+@@ -884,28 +884,28 @@
+ 		return( status );
+ 		}
+ 
+-	/* Update the stream read timeout to the current user-selected read 
+-	   timeout in case the user has changed the timeout setting.
+-	   
+-	   This isn't perfect in the case of the extremely chatty SSH protocol 
+-	   because what looks like a read to the user can involve several reads 
+-	   and writes under the hood, and what gets used for those is the 
+-	   overall high-level timeout for the operation as a whole, with the 
+-	   hidden internal reads and writes using that as their shared setting.  
+-	   
+-	   For example if the code performs a read and hits an SSH channel 
+-	   command it has to send back a response, leading possibly to further 
+-	   reads and writes, before it can actually read any data.  So the top-
+-	   level read command sets a read timeout and then the much lower-level 
+-	   code ends up in a hidden long exchange with the other side using the
+-	   same timeout that was set for the overall read before the higher-
+-	   level read code gets to complete the actual read */
+-	sioctlSet( &sessionInfoPtr->stream, STREAM_IOCTL_READTIMEOUT, 
+-			   sessionInfoPtr->readTimeout );
+-
+ 	LOOP_MAX_REV_INITCHECK( dataLength = dataMaxLength, dataLength > 0 )
+ 		{
+ 		int byteCount;
+
+		/* Update the stream read timeout to the current user-selected read 
+		   timeout in case the user has changed the timeout setting.
+	   
+		   This isn't perfect in the case of the extremely chatty SSH protocol 
+		   because what looks like a read to the user can involve several reads 
+		   and writes under the hood, and what gets used for those is the 
+		   overall high-level timeout for the operation as a whole, with the 
+		   hidden internal reads and writes using that as their shared setting.  
+	   
+		   For example if the code performs a read and hits an SSH channel 
+		   command it has to send back a response, leading possibly to further 
+		   reads and writes, before it can actually read any data.  So the top-
+		   level read command sets a read timeout and then the much lower-level 
+		   code ends up in a hidden long exchange with the other side using the
+		   same timeout that was set for the overall read before the higher-
+		   level read code gets to complete the actual read */
+		sioctlSet( &sessionInfoPtr->stream, STREAM_IOCTL_READTIMEOUT, 
+				   sessionInfoPtr->readTimeout );
+ 
+ 		ENSURES( LOOP_INVARIANT_MAX_REV_XXX( dataLength, 1, dataMaxLength ) );
+ 				 /* dataLength is decremented by the number of bytes read */
--- a/3rdp/build/cl-remove-march.patch
+++ b/3rdp/build/cl-remove-march.patch
--- tools/ccopts.sh.sbbs	2022-02-25 13:17:06.665485787 +1100
-+++ tools/ccopts.sh	2022-02-25 13:03:43.969689324 +1100
-@@ -591,7 +591,7 @@
+--- tools/ccopts.sh.orig	2023-12-31 08:25:17.141687000 -0500
+++ tools/ccopts.sh	2023-12-31 08:33:58.559121000 -0500
+@@ -1055,34 +1055,35 @@
+ # -march=native.  As a result we have to use the pretty bad -march=x86-64
+ # for most gcc versions, which doesn't even get us native AES support.
 
- if [ "$ARCH" = "i586" ] || [ "$ARCH" = "i686" ] || [ "$ARCH" = "x86_64" ] ; then
- 	if [ "$GCC_VER" -ge 45 ] ; then
-		CCARGS="$CCARGS -march=native -mtune=generic" ;
-+		CCARGS="$CCARGS -mtune=generic" ;
- 		if [ "$ARCH" = "x86_64" ] ; then
- 			CCARGS="$CCARGS -fPIC" ;
- 		fi ;
+-if [ "$ARCH" = "i586" ] || [ "$ARCH" = "i686" ] || [ "$ARCH" = "x86_64" ] ; then
+-	if [ "$COMPILER_VER" -ge 110 ] ; then
+-		if [ $GENERICBUILD -gt 0 ] ; then
+-			echo "  (Enabling lowest-common-denominator build options for cross-platform library)." >&2 ;
+-		else
+-			CCARGS="$CCARGS -march=x86-64-v3" ;
+-		fi
+-	elif [ "$COMPILER_VER" -ge 45 ] ; then
+-		if [ $GENERICBUILD -gt 0 ] ; then
+-			echo "  (Enabling lowest-common-denominator build options for cross-platform library)." >&2 ;
+-		else
+-			CCARGS="$CCARGS -march=x86-64" ;
+-		fi
+-	elif [ "$COMPILER_VER" -ge 30 ] ; then
+-		case $ARCH in
+-			'x86_64')
+-				CCARGS="$CCARGS -march=opteron -fPIC" ;;
+-
+-			'i686')
+-				CCARGS="$CCARGS -march=pentiumpro" ;;
+-
+-			*)
+-				CCARGS="$CCARGS -march=pentium" ;;
+-		esac ;
+-	else
+-		CCARGS="$CCARGS -mcpu=pentium" ;
+-	fi ;
+-fi
+# We can't use the generic target because we use an explcit target for mingw
+#if [ "$ARCH" = "i586" ] || [ "$ARCH" = "i686" ] || [ "$ARCH" = "x86_64" ] ; then
+#	if [ "$COMPILER_VER" -ge 110 ] ; then
+#		if [ $GENERICBUILD -gt 0 ] ; then
+#			echo "  (Enabling lowest-common-denominator build options for cross-platform library)." >&2 ;
+#		else
+#			CCARGS="$CCARGS -march=x86-64-v3" ;
+#		fi
+#	elif [ "$COMPILER_VER" -ge 45 ] ; then
+#		if [ $GENERICBUILD -gt 0 ] ; then
+#			echo "  (Enabling lowest-common-denominator build options for cross-platform library)." >&2 ;
+#		else
+#			CCARGS="$CCARGS -march=x86-64" ;
+#		fi
+#	elif [ "$COMPILER_VER" -ge 30 ] ; then
+#		case $ARCH in
+#			'x86_64')
+#				CCARGS="$CCARGS -march=opteron -fPIC" ;;
+#
+#			'i686')
+#				CCARGS="$CCARGS -march=pentiumpro" ;;
+#
+#			*)
+#				CCARGS="$CCARGS -march=pentium" ;;
+#		esac ;
+#	else
+#		CCARGS="$CCARGS -mcpu=pentium" ;
+#	fi ;
+#fi
+ 
+ # gcc 4.x for 64-bit architectures has an optimiser bug that removes an
+ # empty-list check in cryptlib's list-management code (this has been
--- a/3rdp/build/cl-select-fix.patch
+++ b/3rdp/build/cl-select-fix.patch
--- io/tcp.c.orig	2018-03-12 13:47:37.385998000 -0400
-+++ io/tcp.c	2018-03-12 13:48:12.696032000 -0400
-@@ -402,7 +402,7 @@
- 		return( status );
- 	LOOP_MED( ( selectIterations = 0, status = SOCKET_ERROR ), \
- 			  isSocketError( status ) && \
-				!checkMonoTimerExpired( &timerInfo ) && \
-+				(selectIterations == 0 || !checkMonoTimerExpired( &timerInfo )) && \
- 				selectIterations < 20, 
- 			  selectIterations++ )
- 		{
--- a/3rdp/build/cl-server-term-support.patch
+++ b/3rdp/build/cl-server-term-support.patch
--- session/ssh2_chn.c.orig	2019-02-05 18:18:26.000000000 -0500
-+++ session/ssh2_chn.c	2023-12-24 08:09:36.669204000 -0500
+--- session/ssh2_channel.c.orig	2019-02-05 18:18:26.000000000 -0500
+++ session/ssh2_channel.c	2023-12-24 08:09:36.669204000 -0500
 @@ -59,6 +59,9 @@
 
 	/* Channel extra data.  This contains encoded oddball protocol-specific
@@ -99,64 +99,8 @@
 										 data, dataLength ) );
 		}
 
--- session/ssh.c.orig	2023-12-24 07:59:01.180636000 -0500
-+++ session/ssh.c	2023-12-24 08:11:02.562401000 -0500
-@@ -978,7 +978,10 @@
- 			  type == CRYPT_SESSINFO_SSH_CHANNEL_TYPE || \
- 			  type == CRYPT_SESSINFO_SSH_CHANNEL_ARG1 || \
- 			  type == CRYPT_SESSINFO_SSH_CHANNEL_ARG2 || \
-			  type == CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE );
-+			  type == CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE || \
-+			  type == CRYPT_SESSINFO_SSH_CHANNEL_WIDTH || \
-+			  type == CRYPT_SESSINFO_SSH_CHANNEL_HEIGHT || \
-+			  type == CRYPT_SESSINFO_SSH_CHANNEL_TERMINAL);
- 
- 	if( type == CRYPT_SESSINFO_SSH_OPTIONS )
- 		{
-@@ -993,7 +996,9 @@
- 		}
- 
- 	if( type == CRYPT_SESSINFO_SSH_CHANNEL || \
-		type == CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE )
-+		type == CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE || \
-+		type == CRYPT_SESSINFO_SSH_CHANNEL_WIDTH || \
-+		type == CRYPT_SESSINFO_SSH_CHANNEL_HEIGHT)
- 		{
- 		status = getChannelAttribute( sessionInfoPtr, type, data );
- 		}
-@@ -1023,12 +1028,17 @@
- 			  type == CRYPT_SESSINFO_SSH_CHANNEL_ARG1 || \
- 			  type == CRYPT_SESSINFO_SSH_CHANNEL_ARG2 || \
- 			  type == CRYPT_SESSINFO_SSH_OPTIONS || \
-			  type == CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE );
-+			  type == CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE || \
-+			  type == CRYPT_SESSINFO_SSH_CHANNEL_WIDTH || \
-+			  type == CRYPT_SESSINFO_SSH_CHANNEL_HEIGHT || \
-+			  type == CRYPT_SESSINFO_SSH_CHANNEL_TERMINAL);
- 
- 	/* Get the data value if it's an integer parameter */
- 	if( type == CRYPT_SESSINFO_SSH_CHANNEL || \
- 		type == CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE || \
-		type == CRYPT_SESSINFO_SSH_OPTIONS)
-+		type == CRYPT_SESSINFO_SSH_OPTIONS || \
-+		type == CRYPT_SESSINFO_SSH_CHANNEL_HEIGHT || \
-+		type == CRYPT_SESSINFO_SSH_CHANNEL_WIDTH) 
- 		value = *( ( int * ) data );
- 
- 	/* If we're selecting a channel and there's unwritten data from a
-@@ -1069,7 +1079,9 @@
- 		return( closeChannel( sessionInfoPtr, FALSE ) );
- 		}
- 
-	if( type == CRYPT_SESSINFO_SSH_CHANNEL )
-+	if( type == CRYPT_SESSINFO_SSH_CHANNEL || \
-+		type == CRYPT_SESSINFO_SSH_CHANNEL_WIDTH || \
-+		type == CRYPT_SESSINFO_SSH_CHANNEL_HEIGHT)
- 		status = setChannelAttribute( sessionInfoPtr, type, value );
- 	else
- 		{
--- session/ssh2_msgc.c.orig	2023-12-24 07:59:00.803690000 -0500
-+++ session/ssh2_msgc.c	2023-12-24 08:12:21.955372000 -0500
+--- session/ssh2_msgcli.c.orig	2023-12-24 07:59:00.803690000 -0500
+++ session/ssh2_msgcli.c	2023-12-24 08:12:21.955372000 -0500
 @@ -553,15 +553,15 @@
 	writeUint32( stream, channelNo );
 	writeString32( stream, "pty-req", 7 );
@@ -176,8 +120,8 @@
 		writeUint32( stream, 48 );		/* 48 x 80 (24 x 80 is so 1970s) */
 	else
 		writeUint32( stream, value);
--- session/ssh2_msgs.c.orig	2019-02-05 18:18:26.000000000 -0500
-+++ session/ssh2_msgs.c	2023-12-24 08:15:19.887857000 -0500
+--- session/ssh2_msgsvr.c.orig	2019-02-05 18:18:26.000000000 -0500
+++ session/ssh2_msgsvr.c	2023-12-24 08:15:19.887857000 -0500
 @@ -655,8 +655,20 @@
 	   problem but just deny the request */
 	switch( requestInfoPtr->requestType )
@@ -275,9 +219,9 @@
 		case CRYPT_SESSINFO_USERNAME:
 		case CRYPT_SESSINFO_PASSWORD:
 		case CRYPT_SESSINFO_SERVER_NAME:
--- kernel/attr_acl.c.orig	2023-12-24 08:27:15.033674000 -0500
-+++ kernel/attr_acl.c	2023-12-24 08:30:04.633826000 -0500
-@@ -3564,6 +3564,49 @@
+--- kernel/attr_acl.c.orig	2023-12-31 08:42:47.250931000 -0500
+++ kernel/attr_acl.c	2023-12-31 08:43:02.362902000 -0500
+@@ -3648,6 +3648,49 @@
 	MKACL_END_SUBACL(), MKACL_END_SUBACL()
 	};
 
@@ -327,7 +271,7 @@
 /* Session attributes */
 
 static const ATTRIBUTE_ACL sessionACL[] = {
-@@ -3774,24 +3817,24 @@
+@@ -3877,24 +3920,24 @@
 		MKPERM_TSP( xWD_xWD ),
 		ROUTE( OBJECT_TYPE_SESSION ), &objectCtxHash ),
 
@@ -335,7 +279,7 @@
 -		CRYPT_SESSINFO_SSH_TERMINAL,
 -		ST_NONE, ST_NONE, ST_SESS_SSH, 
 -		0xffffffff /*MKPERM_SSH_EXT( RWD_RWD )*/,
-+	MKACL_X(	/* SSH client: Read/write */
+	MKACL_ST(	/* SSH client: Read/write */
 +		CRYPT_SESSINFO_SSH_CHANNEL_TERMINAL,
 +		ST_NONE, ST_NONE, ST_SESS_SSH | ST_SESS_SSH_SVR, 
 +		MKPERM_SSH_EXT( RWx_RWx ),
@@ -346,7 +290,7 @@
 -		ST_NONE, ST_NONE, ST_SESS_SSH, 
 -		0xffffffff /*MKPERM_SSH_EXT( RWD_RWD )*/,
 +		subACL_SessinfoSSHChannelTerminal ),
-+	MKACL_X(	/* SSH client: Read/write */
+	MKACL_ST(	/* SSH client: Read/write */
 +		CRYPT_SESSINFO_SSH_CHANNEL_WIDTH,
 +		ST_NONE, ST_NONE, ST_SESS_SSH | ST_SESS_SSH_SVR, 
 +		MKPERM_SSH_EXT( RWx_RWx ),
@@ -357,7 +301,7 @@
 -		ST_NONE, ST_NONE, ST_SESS_SSH, 
 -		0xffffffff /*MKPERM_SSH_EXT( RWD_RWD )*/,
 +		subACL_SessinfoSSHChannelWidth ),
-+	MKACL_X(	/* SSH client: Read/write */
+	MKACL_ST(	/* SSH client: Read/write */
 +		CRYPT_SESSINFO_SSH_CHANNEL_HEIGHT,
 +		ST_NONE, ST_NONE, ST_SESS_SSH | ST_SESS_SSH_SVR, 
 +		MKPERM_SSH_EXT( RWx_RWx ),
@@ -367,12 +311,67 @@
 
 	MKACL_END(), MKACL_END()
 	};
-@@ -4659,7 +4702,7 @@
+@@ -4883,7 +4926,7 @@
 	static_assert( CRYPT_CERTINFO_FIRST_EXTENSION == 2200, "Attribute value" );
 	static_assert( CRYPT_CERTINFO_FIRST_CMS == 2500, "Attribute value" );
- 	static_assert( CRYPT_SESSINFO_FIRST_SPECIFIC == 6016, "Attribute value" );
-	static_assert( CRYPT_SESSINFO_LAST_SPECIFIC == 6032, "Attribute value" );
-+	static_assert( CRYPT_SESSINFO_LAST_SPECIFIC == 6035, "Attribute value" );
- 	static_assert( CRYPT_CERTFORMAT_LAST == 12, "Attribute value" );
+ 	static_assert( CRYPT_SESSINFO_FIRST_SPECIFIC == 6017, "Attribute value" );
+-	static_assert( CRYPT_SESSINFO_LAST_SPECIFIC == 6036, "Attribute value" );
+	static_assert( CRYPT_SESSINFO_LAST_SPECIFIC == 6039, "Attribute value" );
+ 	static_assert( CRYPT_CERTFORMAT_LAST == 13, "Attribute value" );
 
 	/* Perform a consistency check on the attribute ACLs.  The ACLs are
+--- ./session/ssh.c.orig	2024-01-07 21:24:52.912681000 -0500
+++ ./session/ssh.c	2024-01-07 21:25:24.857224000 -0500
+@@ -541,6 +541,9 @@
+ 			  type == CRYPT_SESSINFO_SSH_CHANNEL_ARG2 || \
+ 			  type == CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE || \
+ 			  type == CRYPT_SESSINFO_SSH_OPTIONS || \
+			  type == CRYPT_SESSINFO_SSH_CHANNEL_WIDTH || \
+			  type == CRYPT_SESSINFO_SSH_CHANNEL_HEIGHT || \
+			  type == CRYPT_SESSINFO_SSH_CHANNEL_TERMINAL || \
+ 			  type == CRYPT_SESSINFO_SSH_PREAUTH );
+ #else
+ 	REQUIRES( type == CRYPT_SESSINFO_SSH_PREAUTH );
+@@ -576,7 +579,9 @@
+ 
+ 
+ 	if( type == CRYPT_SESSINFO_SSH_CHANNEL || \
+-		type == CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE )
+		type == CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE || \
+		type == CRYPT_SESSINFO_SSH_CHANNEL_WIDTH || \
+		type == CRYPT_SESSINFO_SSH_CHANNEL_HEIGHT)
+ 		{
+ 		status = getChannelAttribute( sessionInfoPtr, type, data );
+ 		}
+@@ -611,6 +616,9 @@
+ 			  type == CRYPT_SESSINFO_SSH_CHANNEL_ARG2 || \
+ 			  type == CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE || \
+ 			  type == CRYPT_SESSINFO_SSH_OPTIONS || \
+			  type == CRYPT_SESSINFO_SSH_CHANNEL_WIDTH || \
+			  type == CRYPT_SESSINFO_SSH_CHANNEL_HEIGHT || \
+			  type == CRYPT_SESSINFO_SSH_CHANNEL_TERMINAL || \
+ 			  type == CRYPT_SESSINFO_SSH_PREAUTH );
+ #else
+ 	REQUIRES( type == CRYPT_SESSINFO_SSH_PREAUTH );
+@@ -629,7 +637,9 @@
+ 	/* Get the data value if it's an integer parameter */
+ 	if( type == CRYPT_SESSINFO_SSH_CHANNEL || \
+ 		type == CRYPT_SESSINFO_SSH_CHANNEL_ACTIVE || \
+-		type == CRYPT_SESSINFO_SSH_OPTIONS )
+		type == CRYPT_SESSINFO_SSH_OPTIONS || \
+		type == CRYPT_SESSINFO_SSH_CHANNEL_HEIGHT || \
+		type == CRYPT_SESSINFO_SSH_CHANNEL_WIDTH) 
+ 		value = *( ( int * ) data );
+ 
+ 	/* If we're selecting a channel and there's unwritten data from a
+@@ -680,7 +690,9 @@
+ 		return( closeChannel( sessionInfoPtr, FALSE ) );
+ 		}
+ 
+-	if( type == CRYPT_SESSINFO_SSH_CHANNEL )
+	if( type == CRYPT_SESSINFO_SSH_CHANNEL || \
+		type == CRYPT_SESSINFO_SSH_CHANNEL_WIDTH || \
+		type == CRYPT_SESSINFO_SSH_CHANNEL_HEIGHT)
+ 		status = setChannelAttribute( sessionInfoPtr, type, value );
+ 	else
+ 		{
--- a/3rdp/build/cl-short-client-name.patch
+++ b/3rdp/build/cl-short-client-name.patch
--- session/ssh.c.orig	2018-03-12 21:28:40.049142000 -0400
-+++ session/ssh.c	2018-03-12 21:28:57.425639000 -0400
-@@ -306,8 +306,8 @@
- 
- 	/* Make sure that we got enough data to work with.  We need at least 
- 	   "SSH-" (ID, size SSH_ID_SIZE) + "x.y-" (protocol version) + "xxxxx" 
-	   (software version/ID, of which the shortest-known is "ConfD") */
-	if( length < SSH_ID_SIZE + 9 || length > SSH_ID_MAX_SIZE )
-+	   (software version/ID, of which the shortest-known is "Go") */
-+	if( length < SSH_ID_SIZE + 6 || length > SSH_ID_MAX_SIZE )
- 		{
- 		retExt( CRYPT_ERROR_BADDATA,
- 				( CRYPT_ERROR_BADDATA, SESSION_ERRINFO, 
--- a/3rdp/build/cl-ssh-incCtr.patch
+++ b/3rdp/build/cl-ssh-incCtr.patch
--- session/ssh2_crypt.c.orig	2019-01-21 16:56:04.000000000 -0500
-+++ session/ssh2_crypt.c	2020-02-14 14:15:11.144585000 -0500
-@@ -55,12 +55,12 @@
- 	/* Walk along the counter incrementing each byte if required */
- 	LOOP_MED( i = blockSize - 1, i >= 0, i-- )
- 		{
-		if( ctrPtr[ i ]++ != 0 )
-+		if( ++ctrPtr[ i ] != 0 )
- 			break;
- 		}
- 	ENSURES( LOOP_BOUND_OK );
- 	ENSURES( ctrMSB != ctrPtr[ blockSize - 1 ] );
-	ENSURES( ctrMSB != 0 || ctrMSBnext != ctrPtr[ blockSize - 2 ] );
-+	ENSURES( (ctrPtr[ blockSize - 1 ] != 0 || ctrMSBnext != ctrPtr[ blockSize - 2 ]) );
- 
- 	return( CRYPT_OK );
- 	}
-@@ -388,7 +388,7 @@
- 		memcpy( sshInfo->writeCTR, buffer, sessionInfoPtr->cryptBlocksize );
- 	else
- 		memcpy( sshInfo->readCTR, buffer, sessionInfoPtr->cryptBlocksize );
-	zeroise( buffer, CRYPT_MAX_KEYSIZE );
-+	zeroise( buffer, CRYPT_MAX_HASHSIZE );
- 
- 	return( CRYPT_OK );
- 	}
--- a/3rdp/build/cl-ssh-list-ctr-modes.patch
+++ b/3rdp/build/cl-ssh-list-ctr-modes.patch
--- session/ssh2.c.orig	2019-01-26 20:39:00.000000000 -0500
-+++ session/ssh2.c	2020-02-14 02:31:35.785792000 -0500
-@@ -851,6 +851,7 @@
+--- ./session/ssh2_algo.c.orig	2024-01-20 16:21:25.993730000 -0500
+++ ./session/ssh2_algo.c	2024-01-20 16:21:59.153489000 -0500
+@@ -837,6 +837,7 @@
 
 		/* Make sure that any required sub-algorithms are available */
 		if( algoStringInfo->subAlgo != CRYPT_ALGO_NONE && \

--- a/3rdp/build/cl-ssl-suite-blocksizes.patch
+++ b/3rdp/build/cl-ssl-suite-blocksizes.patch
--- session/ssl_suites.c.orig	2020-02-17 15:42:41.411268000 -0500
-+++ session/ssl_suites.c	2020-02-17 16:05:59.563026000 -0500
-@@ -135,7 +135,7 @@
+--- session/tls_suites.c.orig	2023-12-31 07:45:33.902489000 -0500
+++ session/tls_suites.c	2023-12-31 07:49:12.514913000 -0500
+@@ -129,7 +129,7 @@
 	{ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, 
 	  DESCRIPTION( "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" )
 	  CRYPT_ALGO_ECDH, CRYPT_ALGO_RSA, CRYPT_ALGO_AES,
-	  CRYPT_ALGO_HMAC_SHA2, 0, 32, SHA2MAC_SIZE, 
-+	  CRYPT_ALGO_HMAC_SHA2, 0, 16, SHA2MAC_SIZE, 
- 	  CIPHERSUITE_FLAG_ECC | CIPHERSUITE_FLAG_TLS12 },
- /*	{ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, 
+-	  CRYPT_ALGO_HMAC_SHA2, 0, 32, SHA2MAC_SIZE, CIPHERSUITE_FLAG_TLS12 },
+	  CRYPT_ALGO_HMAC_SHA2, 0, 16, SHA2MAC_SIZE, CIPHERSUITE_FLAG_TLS12 },
+   #ifdef CONFIG_SUITEB
+ 	{ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, 
 	  DESCRIPTION( "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" )
-@@ -187,11 +187,11 @@
- 	  CRYPT_ALGO_ECDH, CRYPT_ALGO_RSA, CRYPT_ALGO_AES,
- 	  CRYPT_ALGO_HMAC_SHA2, 0, 16, GCMICV_SIZE, 
- 	  CIPHERSUITE_FLAG_ECC | CIPHERSUITE_FLAG_GCM | CIPHERSUITE_FLAG_TLS12 },
-	{ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 
-+/*	{ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 
- 	  DESCRIPTION( "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" )
- 	  CRYPT_ALGO_ECDH, CRYPT_ALGO_RSA, CRYPT_ALGO_AES,
-	  CRYPT_ALGO_HMAC_SHA2, 48, 16, GCMICV_SIZE, 
-	  CIPHERSUITE_FLAG_ECC | CIPHERSUITE_FLAG_GCM | CIPHERSUITE_FLAG_TLS12 },
-+	  CRYPT_ALGO_HMAC_SHA2, 48, 32, GCMICV_SIZE, 
-+	  CIPHERSUITE_FLAG_ECC | CIPHERSUITE_FLAG_GCM | CIPHERSUITE_FLAG_TLS12 },*/
- 
- 	/* AES-GCM with DH */
- 	{ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
-@@ -200,9 +200,9 @@
- 	  CRYPT_ALGO_HMAC_SHA2, 0, 16, GCMICV_SIZE, 
- 	  CIPHERSUITE_FLAG_DH | CIPHERSUITE_FLAG_GCM | CIPHERSUITE_FLAG_TLS12 },
- /*	{ TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
-	  DESCRIPTION( "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" )
-+	  DESCRIPTION( "TLS_DHE_RSA_WITH_AES_256_GCM_SHA256" )
- 	  CRYPT_ALGO_DH, CRYPT_ALGO_RSA, CRYPT_ALGO_AES,
-	  CRYPT_ALGO_HMAC_SHA2, 0, 16, GCMICV_SIZE, 
-+	  CRYPT_ALGO_HMAC_SHA2, 0, 32, GCMICV_SIZE, 
- 	  CIPHERSUITE_FLAG_DH | CIPHERSUITE_FLAG_GCM | CIPHERSUITE_FLAG_TLS12 }, */
- 
- 	/* AES-GCM with RSA */
-@@ -214,7 +214,7 @@
- /*	{ TLS_RSA_WITH_AES_256_GCM_SHA384,
- 	  DESCRIPTION( "TLS_RSA_WITH_AES_256_GCM_SHA384" )
- 	  CRYPT_ALGO_RSA, CRYPT_ALGO_RSA, CRYPT_ALGO_AES,
-	  CRYPT_ALGO_HMAC_SHA2, 48, 16, GCMICV_SIZE, 
-+	  CRYPT_ALGO_HMAC_SHA2, 48, 32, GCMICV_SIZE, 
- 	  CIPHERSUITE_FLAG_GCM | CIPHERSUITE_FLAG_TLS12 }, */
- 
- 	/* End-of-list marker */
--- a/3rdp/build/cl-suites.patch
+++ b/3rdp/build/cl-suites.patch
--- ./session/ssl_suites.c.orig	2019-07-03 13:16:53.917656000 -0400
-+++ ./session/ssl_suites.c	2019-07-03 13:17:06.390635000 -0400
-@@ -187,11 +187,11 @@
- 	  CRYPT_ALGO_ECDH, CRYPT_ALGO_RSA, CRYPT_ALGO_AES,
- 	  CRYPT_ALGO_HMAC_SHA2, 0, 16, GCMICV_SIZE, 
- 	  CIPHERSUITE_FLAG_ECC | CIPHERSUITE_FLAG_GCM | CIPHERSUITE_FLAG_TLS12 },
-	{ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 
-+/*	{ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 
- 	  DESCRIPTION( "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" )
- 	  CRYPT_ALGO_ECDH, CRYPT_ALGO_RSA, CRYPT_ALGO_AES,
- 	  CRYPT_ALGO_HMAC_SHA2, 48, 16, GCMICV_SIZE, 
-	  CIPHERSUITE_FLAG_ECC | CIPHERSUITE_FLAG_GCM | CIPHERSUITE_FLAG_TLS12 },
-+	  CIPHERSUITE_FLAG_ECC | CIPHERSUITE_FLAG_GCM | CIPHERSUITE_FLAG_TLS12 },*/
- 
- 	/* AES-GCM with DH */
- 	{ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
--- a/3rdp/build/terminal-params.patch
+++ b/3rdp/build/terminal-params.patch
@@ -94,9 +94,9 @@ diff -ur ../tmp2/session/sess_attr.c ./session/sess_attr.c
 		case CRYPT_SESSINFO_USERNAME:
 		case CRYPT_SESSINFO_PASSWORD:
 		case CRYPT_SESSINFO_SERVER_NAME:
-diff -ur ../tmp2/session/ssh2_msgc.c ./session/ssh2_msgc.c
--- ../tmp2/session/ssh2_msgc.c	2021-03-13 02:55:27.112993000 -0500
-+++ ./session/ssh2_msgc.c	2021-03-13 02:56:03.671662000 -0500
+diff -ur ../tmp2/session/ssh2_msgcli.c ./session/ssh2_msgcli.c
+--- ../tmp2/session/ssh2_msgcli.c	2021-03-13 02:55:27.112993000 -0500
+++ ./session/ssh2_msgcli.c	2021-03-13 02:56:03.671662000 -0500
 @@ -448,6 +448,12 @@
 												CHANNEL_WRITE );
 	int packetOffset, status;

--- a/3rdp/build/cl-thats-not-asm.patch
+++ b/3rdp/build/cl-thats-not-asm.patch
+--- bn/bn_lcl.h.orig	2024-01-07 22:16:23.377711000 -0500
+++ bn/bn_lcl.h	2024-01-07 22:16:36.330481000 -0500
+@@ -232,7 +232,7 @@
+ #  define PTR_SIZE_INT size_t
+ # endif                         /* defined(OPENSSL_SYS_VMS) [else] */
+ 
+-# if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC)
+# if !defined(PEDANTIC)
+ 
+ /* The original OpenSSL code has a mass of inline asm to handle 64-bit 
+    multiplies across different architectures, however if the compiler 
--- a/3rdp/build/cl-tls-psk-userfix.patch
+++ b/3rdp/build/cl-tls-psk-userfix.patch
--- session/ssl_cli.c.orig	2014-08-22 03:20:26.000000000 -0700
-+++ session/ssl_cli.c	2014-08-22 03:20:53.000000000 -0700
-@@ -1342,7 +1342,7 @@
- 										 CRYPT_SESSINFO_PASSWORD );
- 			const ATTRIBUTE_LIST *userNamePtr = \
- 						findSessionInfo( sessionInfoPtr->attributeList,
-										 CRYPT_SESSINFO_PASSWORD );
-+										 CRYPT_SESSINFO_USERNAME );
- 
- 			REQUIRES( passwordPtr != NULL );
- 			REQUIRES( userNamePtr != NULL );
--- a/3rdp/build/cl-tpm-linux.patch
+++ b/3rdp/build/cl-tpm-linux.patch
--- ../tmp2/tools/ccopts.sh	2019-03-04 16:32:32.000000000 -0500
-+++ tools/ccopts.sh	2019-06-03 16:30:45.060050000 -0400
-@@ -241,13 +241,15 @@
- 	done
- 
- 	# TPM support
-	for includepath in $TPMPATHS ; do
-		if [ -f $includepath ] ; then
-			echo "TPM interface detected, enabling TPM support." >&2 ;
-			CCARGS="$CCARGS -DHAS_TPM -I"$(dirname $includepath)"" ;
-			break ;
-		fi
-	done
-+	if [ "$(uname -s)" = "Linux" ] ; then
-+		for includepath in $TPMPATHS ; do
-+			if [ -f $includepath ] ; then
-+				echo "TPM interface detected, enabling TPM support." >&2 ;
-+				CCARGS="$CCARGS -DHAS_TPM -I"$(dirname $includepath)"" ;
-+				break ;
-+			fi
-+		done
-+	fi
- 
- 	# /dev/crypto support
- 	for includepath in $DEVCRYPTOPATHS ; do
--- a/3rdp/build/cl-uint64_t-redefine.patch
+++ b/3rdp/build/cl-uint64_t-redefine.patch
--- crypt/brg_types.h.orig	2021-03-15 17:59:00.031496000 -0400
-+++ crypt/brg_types.h	2021-03-15 17:59:49.685028000 -0400
-@@ -133,7 +133,7 @@
- #    if ULONG_MAX == 18446744073709551615ul
- #      define BRG_UI64
- #      define li_64(h) 0x##h##ul
-	#ifndef _UINT64_T	/* Apple define their own version - pcg */
-+	#if !defined(_UINT64_T) && !defined(_UINT64_T_DEFINED_)	/* Apple define their own version - pcg */
- 	   typedef unsigned long uint64_t;		/* AES-GCM - pcg */
- 	#endif /* !_UINT64_T */
- #    endif
--- a/3rdp/build/cl-use-tls-1.3.patch
+++ b/3rdp/build/cl-use-tls-1.3.patch
+--- misc/config.h.orig	2024-01-14 23:08:30.593591000 -0500
+++ misc/config.h	2024-01-14 23:10:25.859020000 -0500
+@@ -33,6 +33,8 @@
+ #define PREFER_ECC
+ #define USE_SSH_CTR
+ #define CONFIG_NUM_OBJECTS 16384
+#define USE_TLS13
+#define USE_PSS
+ /****************************************************************************
+ *																			*
+ *						Custom Configuration Profiles						*
--- a/3rdp/build/cl-vcxproj.patch
+++ b/3rdp/build/cl-vcxproj.patch
--- crypt32.vcxproj.orig	2018-01-03 01:05:54.648617000 -0500
-+++ crypt32.vcxproj	2018-01-03 01:14:08.964397000 -0500
-@@ -109,6 +109,8 @@
+--- crypt32.vcxproj.orig	2023-06-14 23:54:56.000000000 -0400
+++ crypt32.vcxproj	2023-12-31 06:32:59.386199000 -0500
+@@ -208,6 +208,8 @@
+       <ControlFlowGuard>false</ControlFlowGuard>
+       <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+       <BasicRuntimeChecks>UninitializedLocalUsageCheck</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <EnableEnhancedInstructionSet>NoExtensions</EnableEnhancedInstructionSet>
+     </ClCompile>
+     <Link>
+       <SubSystem>Windows</SubSystem>
+@@ -216,6 +218,7 @@
+       <OutputFile>$(OutDir)$(TargetName)$(TargetExt)</OutputFile>
+       <ManifestFile>$(IntDir)$(TargetName)$(TargetExt).intermediate.manifest</ManifestFile>
+       <ModuleDefinitionFile>.\crypt32.def</ModuleDefinitionFile>
+      <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
+       <Profile>false</Profile>
+     </Link>
+   </ItemDefinitionGroup>
+@@ -232,6 +235,8 @@
+       <ControlFlowGuard>false</ControlFlowGuard>
+       <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+       <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <EnableEnhancedInstructionSet>NoExtensions</EnableEnhancedInstructionSet>
+     </ClCompile>
+     <Link>
+       <SubSystem>Windows</SubSystem>
+@@ -240,6 +245,7 @@
+       <OutputFile>$(OutDir)$(TargetName)$(TargetExt)</OutputFile>
+       <ManifestFile>$(IntDir)$(TargetName)$(TargetExt).intermediate.manifest</ManifestFile>
+       <ModuleDefinitionFile>.\crypt32.def</ModuleDefinitionFile>
+      <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
+       <Profile>false</Profile>
+     </Link>
+   </ItemDefinitionGroup>
+@@ -254,6 +260,8 @@
       <SmallerTypeCheck>false</SmallerTypeCheck>
       <AdditionalIncludeDirectories>.\</AdditionalIncludeDirectories>
       <ControlFlowGuard>false</ControlFlowGuard>
@@ -9,16 +43,50 @@
     </ClCompile>
     <Link>
       <SubSystem>Windows</SubSystem>
-@@ -117,6 +119,7 @@
+@@ -262,6 +270,7 @@
       <OutputFile>$(OutDir)$(TargetName)$(TargetExt)</OutputFile>
       <ManifestFile>$(IntDir)$(TargetName)$(TargetExt).intermediate.manifest</ManifestFile>
-       <ModuleDefinitionFile>.\crypt32.def</ModuleDefinitionFile>
+       <ModuleDefinitionFile>.\crypt32_fuzz.def</ModuleDefinitionFile>
+      <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
+       <Profile>false</Profile>
+     </Link>
+   </ItemDefinitionGroup>
+@@ -276,6 +285,8 @@
+       <SmallerTypeCheck>false</SmallerTypeCheck>
+       <AdditionalIncludeDirectories>.\</AdditionalIncludeDirectories>
+       <ControlFlowGuard>false</ControlFlowGuard>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <EnableEnhancedInstructionSet>NoExtensions</EnableEnhancedInstructionSet>
+     </ClCompile>
+     <Link>
+       <SubSystem>Windows</SubSystem>
+@@ -284,6 +295,7 @@
+       <OutputFile>$(OutDir)$(TargetName)$(TargetExt)</OutputFile>
+       <ManifestFile>$(IntDir)$(TargetName)$(TargetExt).intermediate.manifest</ManifestFile>
+       <ModuleDefinitionFile>.\crypt32_fuzz.def</ModuleDefinitionFile>
 +      <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
       <Profile>false</Profile>
     </Link>
   </ItemDefinitionGroup>
-@@ -131,6 +134,8 @@
-       <SmallerTypeCheck>true</SmallerTypeCheck>
+@@ -300,6 +312,8 @@
+       <ControlFlowGuard>false</ControlFlowGuard>
+       <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+       <BasicRuntimeChecks>UninitializedLocalUsageCheck</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <EnableEnhancedInstructionSet>NoExtensions</EnableEnhancedInstructionSet>
+     </ClCompile>
+     <Link>
+       <SubSystem>Windows</SubSystem>
+@@ -309,6 +323,7 @@
+       <ManifestFile>$(IntDir)$(TargetName)$(TargetExt).intermediate.manifest</ManifestFile>
+       <ModuleDefinitionFile>
+       </ModuleDefinitionFile>
+      <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
+       <Profile>false</Profile>
+     </Link>
+     <ResourceCompile>
+@@ -326,6 +341,8 @@
+       <SmallerTypeCheck>false</SmallerTypeCheck>
       <AdditionalIncludeDirectories>.\</AdditionalIncludeDirectories>
       <ControlFlowGuard>false</ControlFlowGuard>
 +      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
@@ -26,7 +94,15 @@
     </ClCompile>
     <Link>
       <SubSystem>Windows</SubSystem>
-@@ -160,6 +165,8 @@
+@@ -335,6 +352,7 @@
+       <ManifestFile>$(IntDir)$(TargetName)$(TargetExt).intermediate.manifest</ManifestFile>
+       <ModuleDefinitionFile>
+       </ModuleDefinitionFile>
+      <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
+       <Profile>false</Profile>
+     </Link>
+     <ResourceCompile>
+@@ -355,6 +373,8 @@
       <ExceptionHandling>false</ExceptionHandling>
       <ControlFlowGuard>Guard</ControlFlowGuard>
       <WholeProgramOptimization>true</WholeProgramOptimization>
@@ -35,7 +111,24 @@
     </ClCompile>
     <Link>
       <SubSystem>Windows</SubSystem>
-@@ -187,6 +194,8 @@
+@@ -367,6 +387,7 @@
+       <ModuleDefinitionFile>.\crypt32.def</ModuleDefinitionFile>
+       <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
+       <LinkTimeCodeGeneration>UseLinkTimeCodeGeneration</LinkTimeCodeGeneration>
+      <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
+     </Link>
+   </ItemDefinitionGroup>
+   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">
+@@ -383,6 +404,8 @@
+       <ExceptionHandling>false</ExceptionHandling>
+       <ControlFlowGuard>Guard</ControlFlowGuard>
+       <WholeProgramOptimization>true</WholeProgramOptimization>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <EnableEnhancedInstructionSet>NoExtensions</EnableEnhancedInstructionSet>
+     </ClCompile>
+     <Link>
+       <SubSystem>Windows</SubSystem>
+@@ -410,6 +433,8 @@
       <ExceptionHandling>false</ExceptionHandling>
       <StringPooling>true</StringPooling>
       <ControlFlowGuard>Guard</ControlFlowGuard>
@@ -44,7 +137,15 @@
     </ClCompile>
     <Link>
       <SubSystem>Windows</SubSystem>
-@@ -607,4 +616,4 @@
+@@ -422,6 +447,7 @@
+       <ModuleDefinitionFile>
+       </ModuleDefinitionFile>
+       <LinkTimeCodeGeneration>UseLinkTimeCodeGeneration</LinkTimeCodeGeneration>
+      <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
+     </Link>
+     <ResourceCompile>
+       <PreprocessorDefinitions>_WIN64</PreprocessorDefinitions>
+@@ -896,4 +922,4 @@
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
   <ImportGroup Label="ExtensionTargets">
   </ImportGroup>

--- a/3rdp/build/cl-vt-lt-2005-always-defined.patch
+++ b/3rdp/build/cl-vt-lt-2005-always-defined.patch
+--- io/file.c.orig	2023-12-31 10:28:41.818647000 -0500
+++ io/file.c	2023-12-31 10:28:56.618717000 -0500
+@@ -5226,7 +5226,7 @@
+ CHECK_RETVAL_BOOL STDC_NONNULL_ARG( ( 1 ) ) \
+ static BOOLEAN isSpecialSID( INOUT_PTR SID *pUserSid )
+ 	{
+-#if defined( _MSC_VER ) && VC_LT_2005( _MSC_VER )
+#if VC_LT_2005( _MSC_VER )
+ 	BYTE sidBuffer[ SID_BUFFER_SIZE + 8 ];
+ 	SID *pSid = ( PSID ) sidBuffer;
+ 	SID_IDENTIFIER_AUTHORITY identifierAuthority = SECURITY_NT_AUTHORITY;
--- a/3rdp/build/cl-win32-compile.patch
+++ b/3rdp/build/cl-win32-compile.patch
--- test/certs.c.orig	2018-01-03 02:46:59.742613000 -0500
-+++ test/certs.c	2018-01-03 02:47:14.150003000 -0500
-@@ -17,7 +17,7 @@
-   #define _OSSPEC_DEFINED
-   #if !defined( __WIN32__ ) && ( defined( WIN32 ) || defined( _WIN32 ) )
- 	#define __WIN32__
-  #elif !defined( __WIN64__ ) defined( _M_X64 )
-+  #elif !defined( __WIN64__ ) && defined( _M_X64 )
- 	#define __WIN64__
-   #endif /* Win32/Win64 */
-   #define VC_LT_2005( version )		( version < 1400 )
--- a/3rdp/build/cl-win32-compile2.patch
+++ b/3rdp/build/cl-win32-compile2.patch
--- test/ssh.c.orig	2018-01-03 02:55:55.133827000 -0500
-+++ test/ssh.c	2018-01-03 02:56:03.891978000 -0500
-@@ -17,7 +17,7 @@
-   #define _OSSPEC_DEFINED
-   #if !defined( __WIN32__ ) && ( defined( WIN32 ) || defined( _WIN32 ) )
- 	#define __WIN32__
-  #elif !defined( __WIN64__ ) defined( _M_X64 )
-+  #elif !defined( __WIN64__ ) && defined( _M_X64 )
- 	#define __WIN64__
-   #endif /* Win32/Win64 */
-   #define VC_16BIT( version )		( version <= 800 )