From cc2dc243e09c0b0ab73cb7a67b347c8e93ca5148 Mon Sep 17 00:00:00 2001
From: Tess Gauthier <tessgauthier@microsoft.com>
Date: Tue, 27 Aug 2024 11:22:27 -0400
Subject: [PATCH 1/5] Update ZLib version

---
 contrib/win32/openssh/paths.targets | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/contrib/win32/openssh/paths.targets b/contrib/win32/openssh/paths.targets
index f90360c29..34ec8b77c 100644
--- a/contrib/win32/openssh/paths.targets
+++ b/contrib/win32/openssh/paths.targets
@@ -5,7 +5,7 @@
     <OpenSSH-Bin-Path>$(SolutionDir)..\..\..\bin\</OpenSSH-Bin-Path>
     <OpenSSH-Lib-Path>$(SolutionDir)lib\</OpenSSH-Lib-Path>
     <LibreSSLVersion>3.8.2.0</LibreSSLVersion>
-    <ZLibVersion>1.3</ZLibVersion>
+    <ZLibVersion>1.3.1</ZLibVersion>
     <fido2Version>1.14.0</fido2Version>
     <!--libcbor version is not used in the build; it is needed for pipeline compliance tasks-->  
     <libcborVersion>0.10.1</libcborVersion> 

From b240ddf209e854d64e31f42bfbc8fc5923d5f4f3 Mon Sep 17 00:00:00 2001
From: Tess Gauthier <tessgauthier@microsoft.com>
Date: Fri, 13 Sep 2024 14:50:53 -0400
Subject: [PATCH 2/5] bump libressl and libfido2 versions

---
 contrib/win32/openssh/paths.targets | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/contrib/win32/openssh/paths.targets b/contrib/win32/openssh/paths.targets
index 34ec8b77c..4e8a31658 100644
--- a/contrib/win32/openssh/paths.targets
+++ b/contrib/win32/openssh/paths.targets
@@ -4,9 +4,9 @@
     <OpenSSH-Src-Path>$(SolutionDir)..\..\..\</OpenSSH-Src-Path>
     <OpenSSH-Bin-Path>$(SolutionDir)..\..\..\bin\</OpenSSH-Bin-Path>
     <OpenSSH-Lib-Path>$(SolutionDir)lib\</OpenSSH-Lib-Path>
-    <LibreSSLVersion>3.8.2.0</LibreSSLVersion>
+    <LibreSSLVersion>3.9.2.0</LibreSSLVersion>
     <ZLibVersion>1.3.1</ZLibVersion>
-    <fido2Version>1.14.0</fido2Version>
+    <fido2Version>1.15.0</fido2Version>
     <!--libcbor version is not used in the build; it is needed for pipeline compliance tasks-->  
     <libcborVersion>0.10.1</libcborVersion> 
     <LibreSSL-Path>$(SolutionDir)\LibreSSL\sdk\</LibreSSL-Path>

From dcdd707699af514d6a9e7402d51bdd20df41a6e1 Mon Sep 17 00:00:00 2001
From: Tess Gauthier <tessgauthier@microsoft.com>
Date: Wed, 21 Aug 2024 16:58:49 -0400
Subject: [PATCH 3/5] fix function definitions

---
 contrib/win32/openssh/openbsd_compat.vcxproj         | 1 +
 contrib/win32/openssh/openbsd_compat.vcxproj.filters | 3 +++
 contrib/win32/win32compat/misc.c                     | 4 ++--
 3 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/contrib/win32/openssh/openbsd_compat.vcxproj b/contrib/win32/openssh/openbsd_compat.vcxproj
index 340088be1..5f6616796 100644
--- a/contrib/win32/openssh/openbsd_compat.vcxproj
+++ b/contrib/win32/openssh/openbsd_compat.vcxproj
@@ -104,6 +104,7 @@
     <ClCompile Include="$(OpenSSH-Src-Path)openbsd-compat\strcasestr.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)openbsd-compat\strndup.c" />
     <ClCompile Include="..\..\..\openbsd-compat\bsd-pselect.c" />
+    <ClCompile Include="..\..\..\openbsd-compat\bsd-timegm.c" />
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="$(OpenSSH-Src-Path)openbsd-compat\base64.h" />
diff --git a/contrib/win32/openssh/openbsd_compat.vcxproj.filters b/contrib/win32/openssh/openbsd_compat.vcxproj.filters
index 8b6432b9f..802c71b90 100644
--- a/contrib/win32/openssh/openbsd_compat.vcxproj.filters
+++ b/contrib/win32/openssh/openbsd_compat.vcxproj.filters
@@ -219,6 +219,9 @@
     <ClCompile Include="..\..\..\openbsd-compat\bsd-pselect.c">
       <Filter>Source Files</Filter>
     </ClCompile>
+    <ClCompile Include="..\..\..\openbsd-compat\bsd-timegm.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="$(OpenSSH-Src-Path)openbsd-compat\base64.h">
diff --git a/contrib/win32/win32compat/misc.c b/contrib/win32/win32compat/misc.c
index fd9e29e98..78a1dd143 100644
--- a/contrib/win32/win32compat/misc.c
+++ b/contrib/win32/win32compat/misc.c
@@ -191,7 +191,7 @@ nanosleep(const struct timespec *req, struct timespec *rem)
  * Copyright (c) 2009, 2010 NoMachine
  * All rights reserved
  */
-static int
+int
 gettimeofday(struct timeval *tv, void *tz)
 {
 	union {
@@ -213,7 +213,7 @@ gettimeofday(struct timeval *tv, void *tz)
 	return 0;
 }
 
-static void
+void
 explicit_bzero(void *b, size_t len)
 {
 	SecureZeroMemory(b, len);

From 251eb8d5225fa344d9765e103c206cbc27e90c6d Mon Sep 17 00:00:00 2001
From: Tess Gauthier <tessgauthier@microsoft.com>
Date: Thu, 22 Aug 2024 11:41:00 -0400
Subject: [PATCH 4/5] using openbsd compat for arc4random

---
 contrib/win32/openssh/config.h.vs             |  6 +-
 contrib/win32/openssh/openbsd_compat.vcxproj  |  3 +
 .../openssh/openbsd_compat.vcxproj.filters    |  9 +++
 openbsd-compat/arc4random.c                   |  6 +-
 openbsd-compat/arc4random_win.h               | 78 +++++++++++++++++++
 5 files changed, 98 insertions(+), 4 deletions(-)
 create mode 100644 openbsd-compat/arc4random_win.h

diff --git a/contrib/win32/openssh/config.h.vs b/contrib/win32/openssh/config.h.vs
index 4322af57f..3f8deebdd 100644
--- a/contrib/win32/openssh/config.h.vs
+++ b/contrib/win32/openssh/config.h.vs
@@ -207,13 +207,13 @@
 /* #undef HAVE_ADDR_V6_IN_UTMPX */
 
 /* Define to 1 if you have the `arc4random' function. */
-#define HAVE_ARC4RANDOM 1
+/* #undef HAVE_ARC4RANDOM */
 
 /* Define to 1 if you have the `arc4random_buf' function. */
-#define HAVE_ARC4RANDOM_BUF 1
+/* #undef HAVE_ARC4RANDOM_BUF */
 
 /* Define to 1 if you have the `arc4random_uniform' function. */
-#define HAVE_ARC4RANDOM_UNIFORM 1
+/* #undef HAVE_ARC4RANDOM_UNIFORM */
 
 /* Define to 1 if you have the `asprintf' function. */
 /* #undef HAVE_ASPRINTF */
diff --git a/contrib/win32/openssh/openbsd_compat.vcxproj b/contrib/win32/openssh/openbsd_compat.vcxproj
index 5f6616796..2f851ea00 100644
--- a/contrib/win32/openssh/openbsd_compat.vcxproj
+++ b/contrib/win32/openssh/openbsd_compat.vcxproj
@@ -103,6 +103,8 @@
     <ClCompile Include="$(OpenSSH-Src-Path)openbsd-compat\glob.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)openbsd-compat\strcasestr.c" />
     <ClCompile Include="$(OpenSSH-Src-Path)openbsd-compat\strndup.c" />
+    <ClCompile Include="..\..\..\openbsd-compat\arc4random_uniform.c" />
+    <ClCompile Include="..\..\..\openbsd-compat\bsd-getentropy.c" />
     <ClCompile Include="..\..\..\openbsd-compat\bsd-pselect.c" />
     <ClCompile Include="..\..\..\openbsd-compat\bsd-timegm.c" />
   </ItemGroup>
@@ -138,6 +140,7 @@
     <ClInclude Include="$(OpenSSH-Src-Path)openbsd-compat\sys-queue.h" />
     <ClInclude Include="$(OpenSSH-Src-Path)openbsd-compat\sys-tree.h" />
     <ClInclude Include="$(OpenSSH-Src-Path)openbsd-compat\vis.h" />
+    <ClInclude Include="..\..\..\openbsd-compat\arc4random_win.h" />
   </ItemGroup>
   <PropertyGroup Label="Globals">
     <ProjectGuid>{DD483F7D-C553-4740-BC1A-903805AD0174}</ProjectGuid>
diff --git a/contrib/win32/openssh/openbsd_compat.vcxproj.filters b/contrib/win32/openssh/openbsd_compat.vcxproj.filters
index 802c71b90..f109029e7 100644
--- a/contrib/win32/openssh/openbsd_compat.vcxproj.filters
+++ b/contrib/win32/openssh/openbsd_compat.vcxproj.filters
@@ -222,6 +222,12 @@
     <ClCompile Include="..\..\..\openbsd-compat\bsd-timegm.c">
       <Filter>Source Files</Filter>
     </ClCompile>
+    <ClCompile Include="..\..\..\openbsd-compat\arc4random_uniform.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\..\openbsd-compat\bsd-getentropy.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="$(OpenSSH-Src-Path)openbsd-compat\base64.h">
@@ -317,5 +323,8 @@
     <ClInclude Include="$(OpenSSH-Src-Path)openbsd-compat\vis.h">
       <Filter>Header Files</Filter>
     </ClInclude>
+    <ClInclude Include="..\..\..\openbsd-compat\arc4random_win.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
   </ItemGroup>
 </Project>
\ No newline at end of file
diff --git a/openbsd-compat/arc4random.c b/openbsd-compat/arc4random.c
index a97bb7b89..af6f32b88 100644
--- a/openbsd-compat/arc4random.c
+++ b/openbsd-compat/arc4random.c
@@ -88,12 +88,16 @@ static struct _rsx {
 
 static inline int _rs_allocate(struct _rs **, struct _rsx **);
 static inline void _rs_forkdetect(void);
+#ifdef WINDOWS
+#include "arc4random_win.h"
+#else
 #include "arc4random.h"
+#endif /* WINDOWS*/
 
 static inline void _rs_rekey(u_char *dat, size_t datlen);
 
 static inline void
-_rs_init(u_char *buf, size_t n)
+_rs_init(u_char* buf, size_t n)
 {
 	if (n < KEYSZ + IVSZ)
 		return;
diff --git a/openbsd-compat/arc4random_win.h b/openbsd-compat/arc4random_win.h
new file mode 100644
index 000000000..deec8a1ef
--- /dev/null
+++ b/openbsd-compat/arc4random_win.h
@@ -0,0 +1,78 @@
+/*	$OpenBSD: arc4random_win.h,v 1.6 2016/06/30 12:17:29 bcook Exp $	*/
+
+/*
+ * Copyright (c) 1996, David Mazieres <dm@uun.org>
+ * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
+ * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
+ * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * Stub functions for portability.
+ */
+
+#include <windows.h>
+
+static volatile HANDLE arc4random_mtx = NULL;
+
+/*
+ * Initialize the mutex on the first lock attempt. On collision, each thread
+ * will attempt to allocate a mutex and compare-and-swap it into place as the
+ * global mutex. On failure to swap in the global mutex, the mutex is closed.
+ */
+#define _ARC4_LOCK() { \
+	if (!arc4random_mtx) { \
+		HANDLE p = CreateMutex(NULL, FALSE, NULL); \
+		if (InterlockedCompareExchangePointer((void **)&arc4random_mtx, (void *)p, NULL)) \
+			CloseHandle(p); \
+	} \
+	WaitForSingleObject(arc4random_mtx, INFINITE); \
+} \
+
+#define _ARC4_UNLOCK() ReleaseMutex(arc4random_mtx)
+
+static inline void
+_getentropy_fail(void)
+{
+	TerminateProcess(GetCurrentProcess(), 0);
+}
+
+static inline int
+_rs_allocate(struct _rs **rsp, struct _rsx **rsxp)
+{
+	*rsp = VirtualAlloc(NULL, sizeof(**rsp),
+	    MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
+	if (*rsp == NULL)
+		return (-1);
+
+	*rsxp = VirtualAlloc(NULL, sizeof(**rsxp),
+	    MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
+	if (*rsxp == NULL) {
+		VirtualFree(*rsp, 0, MEM_RELEASE);
+		*rsp = NULL;
+		return (-1);
+	}
+	return (0);
+}
+
+static inline void
+_rs_forkhandler(void)
+{
+}
+
+static inline void
+_rs_forkdetect(void)
+{
+}

From 0e69c3dd2b0c01c286906e53a3860c72b5cd29f6 Mon Sep 17 00:00:00 2001
From: Tess Gauthier <tessgauthier@microsoft.com>
Date: Mon, 16 Sep 2024 11:24:27 -0400
Subject: [PATCH 5/5] fix spacing

---
 contrib/win32/openssh/openbsd_compat.vcxproj.filters | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/contrib/win32/openssh/openbsd_compat.vcxproj.filters b/contrib/win32/openssh/openbsd_compat.vcxproj.filters
index f109029e7..eded89fd7 100644
--- a/contrib/win32/openssh/openbsd_compat.vcxproj.filters
+++ b/contrib/win32/openssh/openbsd_compat.vcxproj.filters
@@ -327,4 +327,4 @@
       <Filter>Header Files</Filter>
     </ClInclude>
   </ItemGroup>
-</Project>
\ No newline at end of file
+</Project>