From 4577adead6a7d600c8e764619d99477a08192c8f Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Wed, 28 Sep 2016 20:32:42 +0000
Subject: [PATCH] upstream commit

restore pre-auth compression support in the client -- the
previous commit was intended to remove it from the server only.

remove a few server-side pre-auth compression bits that escaped

adjust wording of Compression directive in sshd_config(5)

pointed out by naddy@ ok markus@

Upstream-ID: d23696ed72a228dacd4839dd9f2dec424ba2016b
---
 kex.c         |  4 +---
 kex.h         |  5 ++---
 packet.c      |  7 +++----
 servconf.c    |  4 ++--
 sshconnect2.c |  4 ++--
 sshd_config.5 | 12 +++++++-----
 6 files changed, 17 insertions(+), 19 deletions(-)

diff --git a/kex.c b/kex.c
index 811e2cf6c..c122361f2 100644
--- a/kex.c
+++ b/kex.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.c,v 1.124 2016/09/22 17:52:53 djm Exp $ */
+/* $OpenBSD: kex.c,v 1.125 2016/09/28 20:32:42 djm Exp $ */
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
  *
@@ -684,8 +684,6 @@ choose_comp(struct sshcomp *comp, char *client, char *server)
 		return SSH_ERR_NO_COMPRESS_ALG_MATCH;
 	if (strcmp(name, "zlib@openssh.com") == 0) {
 		comp->type = COMP_DELAYED;
-	} else if (strcmp(name, "zlib") == 0) {
-		comp->type = COMP_ZLIB;
 	} else if (strcmp(name, "none") == 0) {
 		comp->type = COMP_NONE;
 	} else {
diff --git a/kex.h b/kex.h
index 382630660..318c41d4a 100644
--- a/kex.h
+++ b/kex.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.h,v 1.79 2016/09/22 21:15:41 djm Exp $ */
+/* $OpenBSD: kex.h,v 1.80 2016/09/28 20:32:42 djm Exp $ */
 
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
@@ -64,8 +64,7 @@
 #define	KEX_CURVE25519_SHA256_OLD	"curve25519-sha256@libssh.org"
 
 #define COMP_NONE	0
-#define COMP_ZLIB	1
-#define COMP_DELAYED	2
+#define COMP_DELAYED	1
 
 #define CURVE25519_SIZE 32
 
diff --git a/packet.c b/packet.c
index 002e8d49a..337304bd0 100644
--- a/packet.c
+++ b/packet.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: packet.c,v 1.239 2016/09/28 16:33:07 djm Exp $ */
+/* $OpenBSD: packet.c,v 1.240 2016/09/28 20:32:42 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -965,9 +965,8 @@ ssh_set_newkeys(struct ssh *ssh, int mode)
 	/* explicit_bzero(enc->iv,  enc->block_size);
 	   explicit_bzero(enc->key, enc->key_len);
 	   explicit_bzero(mac->key, mac->key_len); */
-	if ((comp->type == COMP_ZLIB ||
-	    (comp->type == COMP_DELAYED &&
-	     state->after_authentication)) && comp->enabled == 0) {
+	if (comp->type == COMP_DELAYED && state->after_authentication &&
+	    comp->enabled == 0) {
 		if ((r = ssh_packet_init_compression(ssh)) < 0)
 			return r;
 		if (mode == MODE_OUT) {
diff --git a/servconf.c b/servconf.c
index 51feb051f..4bf0b2a35 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,5 +1,5 @@
 
-/* $OpenBSD: servconf.c,v 1.296 2016/09/28 16:33:07 djm Exp $ */
+/* $OpenBSD: servconf.c,v 1.297 2016/09/28 20:32:42 djm Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -920,8 +920,8 @@ static const struct multistate multistate_permitrootlogin[] = {
 	{ NULL, -1 }
 };
 static const struct multistate multistate_compression[] = {
-	{ "delayed",			COMP_DELAYED },
 	{ "yes",			COMP_DELAYED },
+	{ "delayed",			COMP_DELAYED },
 	{ "no",				COMP_NONE },
 	{ NULL, -1 }
 };
diff --git a/sshconnect2.c b/sshconnect2.c
index a633e76cb..7a8b7ea97 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.249 2016/09/28 16:33:07 djm Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.250 2016/09/28 20:32:42 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Damien Miller.  All rights reserved.
@@ -174,7 +174,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
 	    compat_cipher_proposal(options.ciphers);
 	myproposal[PROPOSAL_COMP_ALGS_CTOS] =
 	    myproposal[PROPOSAL_COMP_ALGS_STOC] = options.compression ?
-	    "zlib@openssh.com,none" : "none,zlib@openssh.com";
+	    "zlib@openssh.com,zlib,none" : "none,zlib@openssh.com,zlib";
 	myproposal[PROPOSAL_MAC_ALGS_CTOS] =
 	    myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
 	if (options.hostkeyalgorithms != NULL) {
diff --git a/sshd_config.5 b/sshd_config.5
index 59c9ea471..b5d361e1d 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.235 2016/09/22 19:19:01 jmc Exp $
-.Dd $Mdocdate: September 22 2016 $
+.\" $OpenBSD: sshd_config.5,v 1.236 2016/09/28 20:32:42 djm Exp $
+.Dd $Mdocdate: September 28 2016 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -529,15 +529,17 @@ channel to request a response from the client.
 The default
 is 0, indicating that these messages will not be sent to the client.
 .It Cm Compression
-Specifies whether compression is allowed, or delayed until
+Specifies whether compression is enabled after
 the user has authenticated successfully.
 The argument must be
 .Dq yes ,
-.Dq delayed ,
+.Dq delayed
+(a legacy synonym for
+.Dq yes )
 or
 .Dq no .
 The default is
-.Dq delayed .
+.Dq yes .
 .It Cm DenyGroups
 This keyword can be followed by a list of group name patterns, separated
 by spaces.