diff --git a/3rdp/build/Dynamic-linked-static-lib.patch b/3rdp/build/Dynamic-linked-static-lib.patch
index 31d1ab6fac2bba382bb868cbec28f8d9c22ee7ff..1b267f6c9b982bb3e281431aefa36a43baee5219 100644
--- a/3rdp/build/Dynamic-linked-static-lib.patch
+++ b/3rdp/build/Dynamic-linked-static-lib.patch
@@ -1,31 +1,14 @@
---- tools/ccopts.sh.orig 2017-07-11 01:21:48.000000000 -0400
-+++ tools/ccopts.sh 2018-01-03 02:46:02.958592000 -0500
-@@ -159,6 +159,7 @@
- # checking if this is set.
-
- HASDYNLOAD=0
-+DISABLE_AUTODETECT=1
- case $OSNAME in
- 'Darwin'|'Linux'|'FreeBSD')
- HASDYNLOAD=1 ;;
-@@ -204,7 +205,7 @@
- CCARGS="$CCARGS -DNCIPHER_PKCS11" ;
- fi
- fi
--if [ -f /usr/include/zlib.h ] ; then
-+if [ -f /usr/include/zlib.h -a 0 = 3 ] ; then
- echo " (Enabling use of system zlib)." >&2 ;
- CCARGS="$CCARGS -DHAS_ZLIB" ;
- fi
-@@ -302,7 +303,6 @@
+--- ../tmp2/tools/ccopts.sh 2019-03-04 16:32:32.000000000 -0500
++++ tools/ccopts.sh 2019-06-03 16:56:55.005703000 -0400
+@@ -393,7 +393,6 @@
# of large-displacement jumps, so if you're tuning the code for size/speed
# you can try -fpic to see if you get any improvement.
--if [ $# -eq 2 ] ; then
+-if [ $SHARED -gt 0 ] ; then
case $OSNAME in
'Darwin')
CCARGS="$CCARGS -fPIC -fno-common" ;;
-@@ -329,7 +329,6 @@
+@@ -420,7 +419,6 @@
*)
CCARGS="$CCARGS -fPIC" ;;
esac ;
@@ -33,15 +16,3 @@
# Conversely, if we're building a static lib and the system requires it, set
# up static lib-specific options.
-@@ -643,9 +642,9 @@
- # '--param=ssp-buffer-size=4' (the default size is 8), but this isn't
- # necessary for cryptlib since it doesn't allocate any 4-byte buffers.
-
--if [ "$GCC_VER" -ge 49 ] ; then
-+if [ "$GCC_VER" -ge 49 -a 1 = 3 ] ; then
- CCARGS="$CCARGS -fstack-protector-strong -D_FORTIFY_SOURCE=2" ;
--elif [ "$GCC_VER" -ge 42 ] ; then
-+elif [ "$GCC_VER" -ge 42 -a 1 = 3 ] ; then
- if [ "$($CC -fstack-protector -S -o /dev/null -xc /dev/null 2>&1 | grep -c "unrecog")" -eq 0 ] ; then
- CCARGS="$CCARGS -fstack-protector" ;
- fi ;
diff --git a/3rdp/build/GNUmakefile b/3rdp/build/GNUmakefile
index 383bfeb6e05483537f9dac3daa98054145919112..1d6e1e1fa6e03f6204ea3cff444c77cacf6346cd 100644
--- a/3rdp/build/GNUmakefile
+++ b/3rdp/build/GNUmakefile
@@ -67,30 +67,29 @@ $(CRYPT_SRC): | $(3RDPSRCDIR)
$(CRYPT_IDIR): | $(3RDPODIR)
$(QUIET)$(IFNOTEXIST) mkdir $(CRYPT_IDIR)
-$(CRYPTLIB_BUILD): $(3RDP_ROOT)$(DIRSEP)dist/cryptlib.zip $(3RDP_ROOT)$(DIRSEP)build/SSL-fix.patch $(3RDP_ROOT)$(DIRSEP)build/Dynamic-linked-static-lib.patch $(3RDP_ROOT)$(DIRSEP)build/terminal-params.patch $(3RDP_ROOT)$(DIRSEP)build/cl-mingw32-static.patch $(3RDP_ROOT)$(DIRSEP)build/cl-ranlib.patch $(3RDP_ROOT)$(DIRSEP)build/cl-PAM-noprompts.patch $(3RDP_ROOT)$(DIRSEP)build/cl-getseed64.patch $(3RDP_ROOT)$(DIRSEP)build/cl-endian.patch $(3RDP_ROOT)$(DIRSEP)build/cl-win32-compile.patch $(3RDP_ROOT)$(DIRSEP)build/cl-win32-compile2.patch $(3RDP_ROOT)$(DIRSEP)build/cl-win32-noasm.patch $(3RDP_ROOT)$(DIRSEP)build/cl-zz-country.patch $(3RDP_ROOT)$(DIRSEP)build/cl-algorithms.patch $(3RDP_ROOT)$(DIRSEP)build/cl-allow-duplicate-ext.patch $(3RDP_ROOT)$(DIRSEP)build/cl-select-fix.patch $(3RDP_ROOT)$(DIRSEP)build/cl-short-client-name.patch $(3RDP_ROOT)$(DIRSEP)build/cl-bn_div2.patch $(3RDP_ROOT)$(DIRSEP)build/cl-macosx-minver.patch | $(CRYPT_SRC) $(CRYPT_IDIR)
+$(CRYPTLIB_BUILD): $(3RDP_ROOT)$(DIRSEP)dist/cryptlib.zip $(3RDP_ROOT)$(DIRSEP)build/terminal-params.patch $(3RDP_ROOT)$(DIRSEP)build/cl-mingw32-static.patch $(3RDP_ROOT)$(DIRSEP)build/cl-ranlib.patch $(3RDP_ROOT)$(DIRSEP)build/cl-win32-noasm.patch $(3RDP_ROOT)$(DIRSEP)build/cl-zz-country.patch $(3RDP_ROOT)$(DIRSEP)build/cl-algorithms.patch $(3RDP_ROOT)$(DIRSEP)build/cl-allow-duplicate-ext.patch $(3RDP_ROOT)$(DIRSEP)build/cl-macosx-minver.patch $(3RDP_ROOT)$(DIRSEP)build/cl-endian.patch $(3RDP_ROOT)$(DIRSEP)build/cl-cryptodev.patch $(3RDP_ROOT)$(DIRSEP)build/cl-posix-me-gently.patch $(3RDP_ROOT)$(DIRSEP)build/cl-tpm-linux.patch $(3RDP_ROOT)$(DIRSEP)build/cl-PAM-noprompts.patch $(3RDP_ROOT)$(DIRSEP)build/cl-zlib.patch $(3RDP_ROOT)$(DIRSEP)build/Dynamic-linked-static-lib.patch $(3RDP_ROOT)$(DIRSEP)build/SSL-fix.patch $(3RDP_ROOT)$(DIRSEP)build/cl-bigger-maxattribute.patch $(3RDP_ROOT)$(DIRSEP)build/cl-vcxproj.patch | $(CRYPT_SRC) $(CRYPT_IDIR)
@echo Creating $@ ...
$(QUIET)-rm -rf $(CRYPT_SRC)/*
$(QUIET)unzip -oa $(3RDPDISTDIR)$(DIRSEP)cryptlib.zip -d $(CRYPT_SRC)
$(QUIET)perl -pi.bak -e 's/\r//' $(CRYPT_SRC)/crypt32.vcxproj
- $(QUIET)patch -p0 -d $(CRYPT_SRC) < SSL-fix.patch
- $(QUIET)patch -p0 -d $(CRYPT_SRC) < Dynamic-linked-static-lib.patch
$(QUIET)patch -p0 -d $(CRYPT_SRC) < terminal-params.patch
$(QUIET)patch -p0 -d $(CRYPT_SRC) < cl-mingw32-static.patch
$(QUIET)patch -p0 -d $(CRYPT_SRC) < cl-ranlib.patch
$(QUIET)patch -p0 -d $(CRYPT_SRC) < cl-vcxproj.patch
- $(QUIET)patch -p0 -d $(CRYPT_SRC) < cl-PAM-noprompts.patch
- $(QUIET)patch -p0 -d $(CRYPT_SRC) < cl-getseed64.patch
$(QUIET)patch -p0 -d $(CRYPT_SRC) < cl-endian.patch
- $(QUIET)patch -p0 -d $(CRYPT_SRC) < cl-win32-compile.patch
- $(QUIET)patch -p0 -d $(CRYPT_SRC) < cl-win32-compile2.patch
$(QUIET)patch -p0 -d $(CRYPT_SRC) < cl-win32-noasm.patch
$(QUIET)patch -p0 -d $(CRYPT_SRC) < cl-zz-country.patch
$(QUIET)patch -p0 -d $(CRYPT_SRC) < cl-algorithms.patch
$(QUIET)patch -p0 -d $(CRYPT_SRC) < cl-allow-duplicate-ext.patch
- $(QUIET)patch -p0 -d $(CRYPT_SRC) < cl-select-fix.patch
- $(QUIET)patch -p0 -d $(CRYPT_SRC) < cl-short-client-name.patch
- $(QUIET)patch -p0 -d $(CRYPT_SRC) < cl-bn_div2.patch
$(QUIET)patch -p0 -d $(CRYPT_SRC) < cl-macosx-minver.patch
+ $(QUIET)patch -p0 -d $(CRYPT_SRC) < cl-cryptodev.patch
+ $(QUIET)patch -p0 -d $(CRYPT_SRC) < cl-posix-me-gently.patch
+ $(QUIET)patch -p0 -d $(CRYPT_SRC) < cl-tpm-linux.patch
+ $(QUIET)patch -p0 -d $(CRYPT_SRC) < cl-PAM-noprompts.patch
+ $(QUIET)patch -p0 -d $(CRYPT_SRC) < cl-zlib.patch
+ $(QUIET)patch -p0 -d $(CRYPT_SRC) < Dynamic-linked-static-lib.patch
+ $(QUIET)patch -p0 -d $(CRYPT_SRC) < SSL-fix.patch
+ $(QUIET)patch -p0 -d $(CRYPT_SRC) < cl-bigger-maxattribute.patch
ifeq ($(CC),mingw32-gcc)
$(QUIET)cd $(CRYPT_SRC) && env - PATH="$(PATH)" CC="$(CC)" AR="$(AR)" RANLIB="$(RANLIB)" make directories
$(QUIET)cd $(CRYPT_SRC) && env - PATH="$(PATH)" CC="$(CC)" AR="$(AR)" RANLIB="$(RANLIB)" make toolscripts
diff --git a/3rdp/build/SSL-fix.patch b/3rdp/build/SSL-fix.patch
index 91583aa27b1bed0d8f3baee279825f827e4f5ba3..8c5e319f1f31b05e39fcd536b0d514273443470c 100644
--- a/3rdp/build/SSL-fix.patch
+++ b/3rdp/build/SSL-fix.patch
@@ -1,9 +1,9 @@
---- session/sess_attr.c.orig 2017-07-27 17:58:38.000000000 -0400
-+++ session/sess_attr.c 2018-01-03 01:44:45.682545000 -0500
-@@ -103,11 +103,13 @@
- then we can't set a server name as well */
- if( sessionInfoPtr->transportSession != CRYPT_ERROR )
- return( exitErrorInited( sessionInfoPtr, CRYPT_SESSINFO_SESSION ) );
+--- ../tmp2/session/sess_attr.c 2019-02-05 18:18:28.000000000 -0500
++++ session/sess_attr.c 2019-06-03 17:06:34.378151000 -0400
+@@ -102,11 +102,13 @@
+
+ /* If there's already a network socket specified then we can't set a
+ server name as well */
+/*
if( sessionInfoPtr->networkSocket != CRYPT_ERROR )
{
diff --git a/3rdp/build/cl-PAM-noprompts.patch b/3rdp/build/cl-PAM-noprompts.patch
index 277e746c83c043ca165ce494ed207929b58f9245..e99ed54aec03255c2cc5563e2aabed9440ba32c2 100644
--- a/3rdp/build/cl-PAM-noprompts.patch
+++ b/3rdp/build/cl-PAM-noprompts.patch
@@ -1,6 +1,6 @@
---- session/ssh2_authc.c.orig 2017-01-18 22:42:06.000000000 -0500
-+++ session/ssh2_authc.c 2018-01-03 01:24:48.768379000 -0500
-@@ -530,7 +530,7 @@
+--- ../tmp2/session/ssh2_authc.c 2018-12-14 17:31:34.000000000 -0500
++++ session/ssh2_authc.c 2019-06-03 16:41:49.956986000 -0400
+@@ -868,7 +868,7 @@
if( !cryptStatusError( status ) )
{
status = CRYPT_OK; /* readUint32() returns a count value */
@@ -9,7 +9,7 @@
{
/* Requesting zero or more than a small number of prompts is
suspicious */
-@@ -538,46 +538,49 @@
+@@ -876,49 +876,52 @@
}
}
}
@@ -17,21 +17,27 @@
+ if( noPrompts > 0 )
{
- status = readString32( &stream, promptBuffer,
-- CRYPT_MAX_TEXTSIZE, &promptLength );
-- if( cryptStatusOK( status ) && promptLength <= 0 )
+ if( cryptStatusOK( status ) )
- {
-- /* We must have at least some sort of prompt given that we
-- require num_prompts to be nonzero */
-- status = CRYPT_ERROR_BADDATA;
++ {
+ status = readString32( &stream, promptBuffer,
-+ CRYPT_MAX_TEXTSIZE, &promptLength );
+ CRYPT_MAX_TEXTSIZE, &promptLength );
+- if( cryptStatusOK( status ) && promptLength <= 0 )
+ if( cryptStatusOK( status ) && promptLength <= 0 )
+ {
+ /* We must have at least some sort of prompt given that we
+ require num_prompts to be nonzero */
+ status = CRYPT_ERROR_BADDATA;
+ }
++ }
++ sMemDisconnect( &stream );
++ if( cryptStatusError( status ) )
+ {
+- /* We must have at least some sort of prompt given that we
+- require num_prompts to be nonzero */
+- status = CRYPT_ERROR_BADDATA;
++ retExt( status,
++ ( status, SESSION_ERRINFO,
++ "Invalid PAM authentication request packet" ) );
}
- }
- sMemDisconnect( &stream );
@@ -41,13 +47,10 @@
- ( status, SESSION_ERRINFO,
- "Invalid PAM authentication request packet" ) );
- }
-+ sMemDisconnect( &stream );
-+ if( cryptStatusError( status ) )
-+ {
-+ retExt( status,
-+ ( status, SESSION_ERRINFO,
-+ "Invalid PAM authentication request packet" ) );
-+ }
+- REQUIRES( nameLength >= 0 && nameLength <= CRYPT_MAX_TEXTSIZE );
+- REQUIRES( promptLength >= 1 && promptLength <= CRYPT_MAX_TEXTSIZE );
++ REQUIRES( nameLength >= 0 && nameLength <= CRYPT_MAX_TEXTSIZE );
++ REQUIRES( promptLength >= 1 && promptLength <= CRYPT_MAX_TEXTSIZE );
- /* Make sure that we're being asked for some form of password
- authentication. This assumes that the prompt string begins with the
@@ -70,6 +73,7 @@
- nameLength ) : \
- sanitiseString( promptBuffer, CRYPT_MAX_TEXTSIZE, \
- promptLength ) ) );
+- }
+ /* Make sure that we're being asked for some form of password
+ authentication. This assumes that the prompt string begins with the
+ word "password" (which always seems to be the case), if it isn't then
@@ -92,6 +96,7 @@
+ sanitiseString( promptBuffer, CRYPT_MAX_TEXTSIZE, \
+ promptLength ) ) );
+ }
- }
++ }
REQUIRES( passwordPtr != NULL && \
+ passwordPtr->valueLength > 0 && \
diff --git a/3rdp/build/cl-algorithms.patch b/3rdp/build/cl-algorithms.patch
index 81cede2f057b67f418ba8459b86f37dd677a7cb6..95371ce30e69f9e546fa59f98793e4185b470ab3 100644
--- a/3rdp/build/cl-algorithms.patch
+++ b/3rdp/build/cl-algorithms.patch
@@ -1,11 +1,12 @@
--- misc/config.h.orig 2018-02-15 02:26:59.017103000 -0500
+++ misc/config.h 2018-02-15 02:27:50.400787000 -0500
-@@ -9,6 +9,8 @@
+@@ -9,6 +9,9 @@
#define _CONFIG_DEFINED
+#define USE_PROBLEMATIC_ALGORITHMS
+#define USE_SSH_EXTENDED
++#define USE_CERTLEVEL_STANDARD
/****************************************************************************
* *
* Custom Configuration Profiles *
diff --git a/3rdp/build/cl-cryptodev.patch b/3rdp/build/cl-cryptodev.patch
new file mode 100644
index 0000000000000000000000000000000000000000..ed489d04ee9bf952eadfeac3e9215fb6f0d87ead
--- /dev/null
+++ b/3rdp/build/cl-cryptodev.patch
@@ -0,0 +1,23 @@
+--- ../tmp2/tools/ccopts.sh 2019-03-04 16:32:32.000000000 -0500
++++ tools/ccopts.sh 2019-06-03 16:22:10.631518000 -0400
+@@ -250,13 +250,13 @@
+ done
+
+ # /dev/crypto support
+- for includepath in $DEVCRYPTOPATHS ; do
+- if [ -f $includepath ] ; then
+- echo "/dev/crypto interface detected, enabling crypto hardware support." >&2 ;
+- CCARGS="$CCARGS -DHAS_DEVCRYPTO -I"$(dirname $includepath)"" ;
+- break ;
+- fi
+- done
++ #for includepath in $DEVCRYPTOPATHS ; do
++ # if [ -f $includepath ] ; then
++ # echo "/dev/crypto interface detected, enabling crypto hardware support." >&2 ;
++ # CCARGS="$CCARGS -DHAS_DEVCRYPTO -I"$(dirname $includepath)"" ;
++ # break ;
++ # fi
++ #done
+
+ fi
+ if [ -f /usr/include/zlib.h ] ; then
diff --git a/3rdp/build/cl-endian.patch b/3rdp/build/cl-endian.patch
index d55f764dd869d4e5aa4b38386a7eba2f160a6777..e4c5a4fceb0dd41740a47127f391fdf5b504bbd0 100644
--- a/3rdp/build/cl-endian.patch
+++ b/3rdp/build/cl-endian.patch
@@ -1,26 +1,11 @@
---- misc/os_spec.h.orig 2018-01-10 01:39:04.000000000 -0500
-+++ misc/os_spec.h 2018-01-29 18:20:02.023299000 -0500
-@@ -223,10 +223,11 @@
- preprocessors get confused if they aren't defined */
- #define VC_16BIT( version ) 0
- #define VC_LE_VC6( version ) 0
-- #define VC_GE_2002( version ) 0
-- #define VC_LT_2005( version ) 0
-+ #define VC_GE_2002( version ) 1
-+ #define VC_LT_2005( version ) 1
- #define VC_GE_2005( version ) 0
- #define VC_GE_2008( version ) 0
-+ #define VC_LT_2010( version ) 1
- #define VC_GE_2010( version ) 0
- #define VC_GE_2012( version ) 0
- #define VC_GE_2013( version ) 0
-@@ -947,6 +948,9 @@
+--- misc/os_detect.h.orig 2019-06-03 15:44:11.100399000 -0400
++++ misc/os_detect.h 2019-06-03 15:44:27.559718000 -0400
+@@ -566,6 +566,8 @@
#include <machine/endian.h>
#elif defined( __NetBSD__ )
#include <sys/endian.h>
+ #elif defined( __FreeBSD__ )
+ #include <sys/endian.h>
-+ #elif defined(__MINGW32__)
#else
#include <endian.h>
#endif /* Apple vs. everyone else */
diff --git a/3rdp/build/cl-posix-me-gently.patch b/3rdp/build/cl-posix-me-gently.patch
new file mode 100644
index 0000000000000000000000000000000000000000..3e9441f914555d9a7eed870acd6964c581ed889e
--- /dev/null
+++ b/3rdp/build/cl-posix-me-gently.patch
@@ -0,0 +1,11 @@
+--- ../tmp2/crypt.h 2019-01-31 14:52:00.000000000 -0500
++++ crypt.h 2019-06-03 16:26:35.672044000 -0400
+@@ -79,7 +79,7 @@
+ #ifndef _POSIX_C_SOURCE
+ #if defined( __xlc__ ) || defined( __IBMC__ )
+ #define _POSIX_C_SOURCE 200112L /* Posix 2001 */
+- #elif defined( __GNUC__ )
++ #elif defined( __GNUC__ ) && defined( __linux__ )
+ #define _POSIX_C_SOURCE 200809L /* Posix 2008 */
+ #define _DEFAULT_SOURCE 1 /* See note above */
+ #define _BSD_SOURCE 1 /* Undo breakage */
diff --git a/3rdp/build/cl-tpm-linux.patch b/3rdp/build/cl-tpm-linux.patch
new file mode 100644
index 0000000000000000000000000000000000000000..e6f3d817b4b81469bf0b69bf84b67fe0df37e3b7
--- /dev/null
+++ b/3rdp/build/cl-tpm-linux.patch
@@ -0,0 +1,25 @@
+--- ../tmp2/tools/ccopts.sh 2019-03-04 16:32:32.000000000 -0500
++++ tools/ccopts.sh 2019-06-03 16:30:45.060050000 -0400
+@@ -241,13 +241,15 @@
+ done
+
+ # TPM support
+- for includepath in $TPMPATHS ; do
+- if [ -f $includepath ] ; then
+- echo "TPM interface detected, enabling TPM support." >&2 ;
+- CCARGS="$CCARGS -DHAS_TPM -I"$(dirname $includepath)"" ;
+- break ;
+- fi
+- done
++ if [ "$(uname -s)" = "Linux" ] ; then
++ for includepath in $TPMPATHS ; do
++ if [ -f $includepath ] ; then
++ echo "TPM interface detected, enabling TPM support." >&2 ;
++ CCARGS="$CCARGS -DHAS_TPM -I"$(dirname $includepath)"" ;
++ break ;
++ fi
++ done
++ fi
+
+ # /dev/crypto support
+ for includepath in $DEVCRYPTOPATHS ; do
diff --git a/3rdp/build/cl-zlib.patch b/3rdp/build/cl-zlib.patch
new file mode 100644
index 0000000000000000000000000000000000000000..65cdc98f91a90faa00f6375eee3d3510894c5287
--- /dev/null
+++ b/3rdp/build/cl-zlib.patch
@@ -0,0 +1,17 @@
+--- ../tmp2/tools/ccopts.sh 2019-03-04 16:32:32.000000000 -0500
++++ tools/ccopts.sh 2019-06-03 16:50:00.486529000 -0400
+@@ -259,10 +259,10 @@
+ done
+
+ fi
+-if [ -f /usr/include/zlib.h ] ; then
+- echo " (Enabling use of system zlib)." >&2 ;
+- CCARGS="$CCARGS -DHAS_ZLIB" ;
+-fi
++#if [ -f /usr/include/zlib.h ] ; then
++# echo " (Enabling use of system zlib)." >&2 ;
++# CCARGS="$CCARGS -DHAS_ZLIB" ;
++#fi
+
+ # If we're building a development or analysis build, enable various unsafe
+ # options that are normally disabled by default
diff --git a/3rdp/build/terminal-params.patch b/3rdp/build/terminal-params.patch
index c6850d126d3341398dc5d0b8199625b634f7e4b4..7c43a0b6871c2c48c7d12fc9160059fdb77ac658 100644
--- a/3rdp/build/terminal-params.patch
+++ b/3rdp/build/terminal-params.patch
@@ -1,8 +1,8 @@
-diff -ur ../cl.patched/cryptlib.h ./cryptlib.h
---- ../cl.patched/cryptlib.h 2014-06-20 12:40:45.000000000 -0700
-+++ ./cryptlib.h 2014-06-20 12:47:00.000000000 -0700
-@@ -1237,6 +1237,11 @@
- CRYPT_SESSINFO_SSL_OPTIONS, /* SSL/TLS protocol options */
+diff -ur ../tmp2/cryptlib.h ./cryptlib.h
+--- ../tmp2/cryptlib.h 2019-02-22 03:16:30.000000000 -0500
++++ ./cryptlib.h 2019-06-03 15:26:26.741166000 -0400
+@@ -1222,6 +1222,11 @@
+ CRYPT_SESSINFO_SSL_EAPKEY, /* SSL/TLS EAP key */
CRYPT_SESSINFO_TSP_MSGIMPRINT, /* TSP message imprint */
+ /* Terminal attributes */
@@ -13,10 +13,10 @@ diff -ur ../cl.patched/cryptlib.h ./cryptlib.h
/* Used internally */
CRYPT_SESSINFO_LAST, CRYPT_USERINFO_FIRST = 7000,
-diff -ur ../cl.patched/kernel/attr_acl.c ./kernel/attr_acl.c
---- ../cl.patched/kernel/attr_acl.c 2014-06-20 12:40:39.000000000 -0700
-+++ ./kernel/attr_acl.c 2014-06-20 20:32:54.000000000 -0700
-@@ -3742,6 +3742,25 @@
+diff -ur ../tmp2/kernel/attr_acl.c ./kernel/attr_acl.c
+--- ../tmp2/kernel/attr_acl.c 2019-02-05 18:16:32.000000000 -0500
++++ ./kernel/attr_acl.c 2019-06-03 15:26:26.745123000 -0400
+@@ -3768,6 +3768,25 @@
MKPERM_TSP( xWD_xWD ),
ROUTE( OBJECT_TYPE_SESSION ), &objectCtxHash ),
@@ -41,28 +41,19 @@ diff -ur ../cl.patched/kernel/attr_acl.c ./kernel/attr_acl.c
+
MKACL_END(), MKACL_END()
};
-
-diff -ur ../cl.patched/session/sess_attr.c ./session/sess_attr.c
---- ../cl.patched/session/sess_attr.c 2014-06-20 12:40:41.000000000 -0700
-+++ ./session/sess_attr.c 2014-06-20 20:33:27.000000000 -0700
-@@ -323,6 +323,8 @@
- TRUE : FALSE;
- return( CRYPT_OK );
-
-+ case CRYPT_SESSINFO_SSH_WIDTH:
-+ case CRYPT_SESSINFO_SSH_HEIGHT:
- case CRYPT_SESSINFO_SERVER_PORT:
- case CRYPT_SESSINFO_CLIENT_PORT:
- {
-@@ -392,6 +394,7 @@
+ #endif /* USE_SESSIONS */
+diff -ur ../tmp2/session/sess_attr.c ./session/sess_attr.c
+--- ../tmp2/session/sess_attr.c 2019-02-05 18:18:28.000000000 -0500
++++ ./session/sess_attr.c 2019-06-03 15:26:26.746525000 -0400
+@@ -639,6 +639,7 @@
return( CRYPT_ERROR_NOTFOUND );
}
+ case CRYPT_SESSINFO_SSH_TERMINAL:
case CRYPT_SESSINFO_USERNAME:
case CRYPT_SESSINFO_PASSWORD:
- case CRYPT_SESSINFO_SERVER_FINGERPRINT_SHA1:
-@@ -532,6 +535,13 @@
+ /* If the session was resumed from cached information then the
+@@ -797,6 +798,13 @@
return( status );
}
@@ -74,30 +65,30 @@ diff -ur ../cl.patched/session/sess_attr.c ./session/sess_attr.c
+ CRYPT_SESSINFO_SSH_HEIGHT, value ) );
+
case CRYPT_SESSINFO_SERVER_PORT:
- /* If there's already a transport session or network socket
- specified then we can't set a port as well */
-@@ -883,6 +893,7 @@
- attribute, data, dataLength, flags ) );
- }
+ /* If there's already a network socket specified then we can't
+ set a port as well */
+@@ -954,6 +964,9 @@
+ return( addCredential( sessionInfoPtr, data, dataLength,
+ attribute ) );
+ case CRYPT_SESSINFO_SSH_TERMINAL:
++ case CRYPT_SESSINFO_SSH_WIDTH:
++ case CRYPT_SESSINFO_SSH_HEIGHT:
case CRYPT_SESSINFO_SERVER_FINGERPRINT_SHA1:
/* Remember the value */
- return( addSessionInfoS( sessionInfoPtr,
-@@ -938,6 +949,9 @@
+ return( addSessionInfoS( sessionInfoPtr, attribute, data,
+@@ -1016,6 +1027,7 @@
sessionInfoPtr->writeTimeout = CRYPT_ERROR;
return( CRYPT_OK );
+ case CRYPT_SESSINFO_SSH_TERMINAL:
-+ case CRYPT_SESSINFO_SSH_WIDTH:
-+ case CRYPT_SESSINFO_SSH_HEIGHT:
case CRYPT_SESSINFO_USERNAME:
case CRYPT_SESSINFO_PASSWORD:
case CRYPT_SESSINFO_SERVER_NAME:
-diff -ur ../cl.patched/session/ssh2_msgc.c ./session/ssh2_msgc.c
---- ../cl.patched/session/ssh2_msgc.c 2014-06-20 12:40:41.000000000 -0700
-+++ ./session/ssh2_msgc.c 2014-06-20 20:36:36.000000000 -0700
-@@ -447,6 +447,12 @@
+diff -ur ../tmp2/session/ssh2_msgc.c ./session/ssh2_msgc.c
+--- ../tmp2/session/ssh2_msgc.c 2018-12-21 03:52:10.000000000 -0500
++++ ./session/ssh2_msgc.c 2019-06-03 15:26:26.747402000 -0400
+@@ -448,6 +448,12 @@
CHANNEL_WRITE );
int packetOffset, status;
@@ -110,7 +101,7 @@ diff -ur ../cl.patched/session/ssh2_msgc.c ./session/ssh2_msgc.c
assert( isWritePtr( sessionInfoPtr, sizeof( SESSION_INFO ) ) );
assert( isWritePtr( stream, sizeof( STREAM ) ) );
-@@ -545,9 +551,18 @@
+@@ -547,9 +553,18 @@
writeUint32( stream, channelNo );
writeString32( stream, "pty-req", 7 );
sputc( stream, 0 ); /* No reply */
diff --git a/3rdp/dist/cryptlib.zip b/3rdp/dist/cryptlib.zip
index d3c5a94ef1fecbd39836ef49286e2b1b55a9a60f..e4e5b02a8c33694a1a0b96748aaed01c1049ec76 100644
Binary files a/3rdp/dist/cryptlib.zip and b/3rdp/dist/cryptlib.zip differ