nortti
/
sortix-mirror
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Update to openssh-9.3p1.

This commit is contained in:
Jonas 'Sortie' Termansen 2023-03-16 10:49:47 +01:00
parent 47e1cc439a
commit 98c92bcdcc
2 changed files with 54 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

104
ports/ssh/ssh.patch
View File

@ -1,7 +1,7 @@
diff -Paur --no-dereference -- ssh.upstream/auth.c ssh/auth.c diff -Paur --no-dereference -- ssh.upstream/auth.c ssh/auth.c
--- ssh.upstream/auth.c --- ssh.upstream/auth.c
+++ ssh/auth.c +++ ssh/auth.c
@@ -100,7 +100,9 @@ @@ -99,7 +99,9 @@
int int
allowed_user(struct ssh *ssh, struct passwd * pw) allowed_user(struct ssh *ssh, struct passwd * pw)
{ {
@ -11,7 +11,7 @@ diff -Paur --no-dereference -- ssh.upstream/auth.c ssh/auth.c
const char *hostname = NULL, *ipaddr = NULL; const char *hostname = NULL, *ipaddr = NULL;
u_int i; u_int i;
int r; int r;
@@ -121,6 +123,8 @@ @@ -120,6 +122,8 @@
*/ */
if (options.chroot_directory == NULL || if (options.chroot_directory == NULL ||
strcasecmp(options.chroot_directory, "none") == 0) { strcasecmp(options.chroot_directory, "none") == 0) {
@ -20,7 +20,7 @@ diff -Paur --no-dereference -- ssh.upstream/auth.c ssh/auth.c
char *shell = xstrdup((pw->pw_shell[0] == '\0') ? char *shell = xstrdup((pw->pw_shell[0] == '\0') ?
_PATH_BSHELL : pw->pw_shell); /* empty = /bin/sh */ _PATH_BSHELL : pw->pw_shell); /* empty = /bin/sh */
@@ -138,6 +142,7 @@ @@ -137,6 +141,7 @@
return 0; return 0;
} }
free(shell); free(shell);
@ -83,7 +83,7 @@ diff -Paur --no-dereference -- ssh.upstream/channels.c ssh/channels.c
c->path = xstrdup(host); c->path = xstrdup(host);
} else { /* SOCKS4A: two strings */ } else { /* SOCKS4A: two strings */
have = sshbuf_len(input); have = sshbuf_len(input);
@@ -2450,8 +2451,8 @@ @@ -2458,8 +2459,8 @@
return; return;
} }
if ((euid != 0) && (getuid() != euid)) { if ((euid != 0) && (getuid() != euid)) {
@ -482,7 +482,7 @@ diff -Paur --no-dereference -- ssh.upstream/Makefile.in ssh/Makefile.in
-rmdir $(DESTDIR)$(sysconfdir) -rmdir $(DESTDIR)$(sysconfdir)
-rmdir $(DESTDIR)$(bindir) -rmdir $(DESTDIR)$(bindir)
-rmdir $(DESTDIR)$(sbindir) -rmdir $(DESTDIR)$(sbindir)
@@ -553,7 +544,7 @@ @@ -557,7 +548,7 @@
regress/unittests/sshbuf/test_sshbuf$(EXEEXT): ${UNITTESTS_TEST_SSHBUF_OBJS} \ regress/unittests/sshbuf/test_sshbuf$(EXEEXT): ${UNITTESTS_TEST_SSHBUF_OBJS} \
regress/unittests/test_helper/libtest_helper.a libssh.a regress/unittests/test_helper/libtest_helper.a libssh.a
@ -491,7 +491,7 @@ diff -Paur --no-dereference -- ssh.upstream/Makefile.in ssh/Makefile.in
regress/unittests/test_helper/libtest_helper.a \ regress/unittests/test_helper/libtest_helper.a \
-lssh -lopenbsd-compat -lssh -lopenbsd-compat $(TESTLIBS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(TESTLIBS)
@@ -567,7 +558,7 @@ @@ -571,7 +562,7 @@
regress/unittests/sshkey/test_sshkey$(EXEEXT): ${UNITTESTS_TEST_SSHKEY_OBJS} \ regress/unittests/sshkey/test_sshkey$(EXEEXT): ${UNITTESTS_TEST_SSHKEY_OBJS} \
regress/unittests/test_helper/libtest_helper.a libssh.a regress/unittests/test_helper/libtest_helper.a libssh.a
@ -500,7 +500,7 @@ diff -Paur --no-dereference -- ssh.upstream/Makefile.in ssh/Makefile.in
regress/unittests/test_helper/libtest_helper.a \ regress/unittests/test_helper/libtest_helper.a \
-lssh -lopenbsd-compat -lssh -lopenbsd-compat $(TESTLIBS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(TESTLIBS)
@@ -578,7 +569,7 @@ @@ -582,7 +573,7 @@
regress/unittests/sshsig/test_sshsig$(EXEEXT): ${UNITTESTS_TEST_SSHSIG_OBJS} \ regress/unittests/sshsig/test_sshsig$(EXEEXT): ${UNITTESTS_TEST_SSHSIG_OBJS} \
regress/unittests/test_helper/libtest_helper.a libssh.a regress/unittests/test_helper/libtest_helper.a libssh.a
@ -509,7 +509,7 @@ diff -Paur --no-dereference -- ssh.upstream/Makefile.in ssh/Makefile.in
regress/unittests/test_helper/libtest_helper.a \ regress/unittests/test_helper/libtest_helper.a \
-lssh -lopenbsd-compat -lssh -lopenbsd-compat $(TESTLIBS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(TESTLIBS)
@@ -587,7 +578,7 @@ @@ -591,7 +582,7 @@
regress/unittests/bitmap/test_bitmap$(EXEEXT): ${UNITTESTS_TEST_BITMAP_OBJS} \ regress/unittests/bitmap/test_bitmap$(EXEEXT): ${UNITTESTS_TEST_BITMAP_OBJS} \
regress/unittests/test_helper/libtest_helper.a libssh.a regress/unittests/test_helper/libtest_helper.a libssh.a
@ -518,7 +518,7 @@ diff -Paur --no-dereference -- ssh.upstream/Makefile.in ssh/Makefile.in
regress/unittests/test_helper/libtest_helper.a \ regress/unittests/test_helper/libtest_helper.a \
-lssh -lopenbsd-compat -lssh -lopenbsd-compat $(TESTLIBS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(TESTLIBS)
@@ -599,7 +590,7 @@ @@ -603,7 +594,7 @@
regress/unittests/authopt/test_authopt$(EXEEXT): \ regress/unittests/authopt/test_authopt$(EXEEXT): \
${UNITTESTS_TEST_AUTHOPT_OBJS} \ ${UNITTESTS_TEST_AUTHOPT_OBJS} \
regress/unittests/test_helper/libtest_helper.a libssh.a regress/unittests/test_helper/libtest_helper.a libssh.a
@ -527,7 +527,7 @@ diff -Paur --no-dereference -- ssh.upstream/Makefile.in ssh/Makefile.in
regress/unittests/test_helper/libtest_helper.a \ regress/unittests/test_helper/libtest_helper.a \
-lssh -lopenbsd-compat -lssh -lopenbsd-compat $(TESTLIBS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(TESTLIBS)
@@ -609,7 +600,7 @@ @@ -613,7 +604,7 @@
regress/unittests/conversion/test_conversion$(EXEEXT): \ regress/unittests/conversion/test_conversion$(EXEEXT): \
${UNITTESTS_TEST_CONVERSION_OBJS} \ ${UNITTESTS_TEST_CONVERSION_OBJS} \
regress/unittests/test_helper/libtest_helper.a libssh.a regress/unittests/test_helper/libtest_helper.a libssh.a
@ -536,7 +536,7 @@ diff -Paur --no-dereference -- ssh.upstream/Makefile.in ssh/Makefile.in
regress/unittests/test_helper/libtest_helper.a \ regress/unittests/test_helper/libtest_helper.a \
-lssh -lopenbsd-compat -lssh -lopenbsd-compat $(TESTLIBS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(TESTLIBS)
@@ -621,7 +612,7 @@ @@ -625,7 +616,7 @@
regress/unittests/kex/test_kex$(EXEEXT): ${UNITTESTS_TEST_KEX_OBJS} \ regress/unittests/kex/test_kex$(EXEEXT): ${UNITTESTS_TEST_KEX_OBJS} \
regress/unittests/test_helper/libtest_helper.a libssh.a regress/unittests/test_helper/libtest_helper.a libssh.a
@ -545,7 +545,7 @@ diff -Paur --no-dereference -- ssh.upstream/Makefile.in ssh/Makefile.in
regress/unittests/test_helper/libtest_helper.a \ regress/unittests/test_helper/libtest_helper.a \
-lssh -lopenbsd-compat -lssh -lopenbsd-compat $(TESTLIBS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(TESTLIBS)
@@ -633,7 +624,7 @@ @@ -637,7 +628,7 @@
regress/unittests/hostkeys/test_hostkeys$(EXEEXT): \ regress/unittests/hostkeys/test_hostkeys$(EXEEXT): \
${UNITTESTS_TEST_HOSTKEYS_OBJS} \ ${UNITTESTS_TEST_HOSTKEYS_OBJS} \
regress/unittests/test_helper/libtest_helper.a libssh.a regress/unittests/test_helper/libtest_helper.a libssh.a
@ -554,7 +554,7 @@ diff -Paur --no-dereference -- ssh.upstream/Makefile.in ssh/Makefile.in
regress/unittests/test_helper/libtest_helper.a \ regress/unittests/test_helper/libtest_helper.a \
-lssh -lopenbsd-compat -lssh -lopenbsd-compat $(TESTLIBS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(TESTLIBS)
@@ -643,7 +634,7 @@ @@ -647,7 +638,7 @@
regress/unittests/match/test_match$(EXEEXT): \ regress/unittests/match/test_match$(EXEEXT): \
${UNITTESTS_TEST_MATCH_OBJS} \ ${UNITTESTS_TEST_MATCH_OBJS} \
regress/unittests/test_helper/libtest_helper.a libssh.a regress/unittests/test_helper/libtest_helper.a libssh.a
@ -563,7 +563,7 @@ diff -Paur --no-dereference -- ssh.upstream/Makefile.in ssh/Makefile.in
regress/unittests/test_helper/libtest_helper.a \ regress/unittests/test_helper/libtest_helper.a \
-lssh -lopenbsd-compat -lssh -lopenbsd-compat $(TESTLIBS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(TESTLIBS)
@@ -660,7 +651,7 @@ @@ -664,7 +655,7 @@
regress/unittests/misc/test_misc$(EXEEXT): \ regress/unittests/misc/test_misc$(EXEEXT): \
${UNITTESTS_TEST_MISC_OBJS} \ ${UNITTESTS_TEST_MISC_OBJS} \
regress/unittests/test_helper/libtest_helper.a libssh.a regress/unittests/test_helper/libtest_helper.a libssh.a
@ -572,7 +572,7 @@ diff -Paur --no-dereference -- ssh.upstream/Makefile.in ssh/Makefile.in
regress/unittests/test_helper/libtest_helper.a \ regress/unittests/test_helper/libtest_helper.a \
-lssh -lopenbsd-compat -lssh -lopenbsd-compat $(TESTLIBS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(TESTLIBS)
@@ -670,7 +661,7 @@ @@ -674,7 +665,7 @@
regress/unittests/utf8/test_utf8$(EXEEXT): \ regress/unittests/utf8/test_utf8$(EXEEXT): \
${UNITTESTS_TEST_UTF8_OBJS} \ ${UNITTESTS_TEST_UTF8_OBJS} \
regress/unittests/test_helper/libtest_helper.a libssh.a regress/unittests/test_helper/libtest_helper.a libssh.a
@ -618,7 +618,7 @@ diff -Paur --no-dereference -- ssh.upstream/misc.c ssh/misc.c
/* remove newline at end of string */ /* remove newline at end of string */
char * char *
chop(char *s) chop(char *s)
@@ -2745,17 +2772,17 @@ @@ -2742,17 +2769,17 @@
if (geteuid() == 0 && if (geteuid() == 0 &&
initgroups(pw->pw_name, pw->pw_gid) == -1) { initgroups(pw->pw_name, pw->pw_gid) == -1) {
@ -669,7 +669,7 @@ diff -Paur --no-dereference -- ssh.upstream/monitor_fdpass.c ssh/monitor_fdpass.
diff -Paur --no-dereference -- ssh.upstream/mux.c ssh/mux.c diff -Paur --no-dereference -- ssh.upstream/mux.c ssh/mux.c
--- ssh.upstream/mux.c --- ssh.upstream/mux.c
+++ ssh/mux.c +++ ssh/mux.c
@@ -497,7 +497,7 @@ @@ -495,7 +495,7 @@
/* prepare reply */ /* prepare reply */
if ((r = sshbuf_put_u32(reply, MUX_S_ALIVE)) != 0 || if ((r = sshbuf_put_u32(reply, MUX_S_ALIVE)) != 0 ||
(r = sshbuf_put_u32(reply, rid)) != 0 || (r = sshbuf_put_u32(reply, rid)) != 0 ||
@ -829,7 +829,7 @@ diff -Paur --no-dereference -- ssh.upstream/openbsd-compat/getrrsetbyname.c ssh/
#if defined(HAVE_DECL_H_ERRNO) && !HAVE_DECL_H_ERRNO #if defined(HAVE_DECL_H_ERRNO) && !HAVE_DECL_H_ERRNO
extern int h_errno; extern int h_errno;
#endif #endif
@@ -612,4 +634,6 @@ @@ -643,4 +665,6 @@
return (n); return (n);
} }
@ -922,7 +922,7 @@ diff -Paur --no-dereference -- ssh.upstream/pathnames.h ssh/pathnames.h
diff -Paur --no-dereference -- ssh.upstream/progressmeter.c ssh/progressmeter.c diff -Paur --no-dereference -- ssh.upstream/progressmeter.c ssh/progressmeter.c
--- ssh.upstream/progressmeter.c --- ssh.upstream/progressmeter.c
+++ ssh/progressmeter.c +++ ssh/progressmeter.c
@@ -81,7 +81,8 @@ @@ -80,7 +80,8 @@
static int static int
can_output(void) can_output(void)
{ {
@ -931,11 +931,11 @@ diff -Paur --no-dereference -- ssh.upstream/progressmeter.c ssh/progressmeter.c
+ return (getpgid(0) == tcgetpgrp(STDOUT_FILENO)); + return (getpgid(0) == tcgetpgrp(STDOUT_FILENO));
} }
static void /* size needed to format integer type v, using (nbits(v) * log2(10) / 10) */
diff -Paur --no-dereference -- ssh.upstream/readconf.c ssh/readconf.c diff -Paur --no-dereference -- ssh.upstream/readconf.c ssh/readconf.c
--- ssh.upstream/readconf.c --- ssh.upstream/readconf.c
+++ ssh/readconf.c +++ ssh/readconf.c
@@ -510,6 +510,10 @@ @@ -509,6 +509,10 @@
int int
default_ssh_port(void) default_ssh_port(void)
{ {
@ -946,7 +946,7 @@ diff -Paur --no-dereference -- ssh.upstream/readconf.c ssh/readconf.c
static int port; static int port;
struct servent *sp; struct servent *sp;
@@ -518,6 +522,7 @@ @@ -517,6 +521,7 @@
port = sp ? ntohs(sp->s_port) : SSH_DEFAULT_PORT; port = sp ? ntohs(sp->s_port) : SSH_DEFAULT_PORT;
} }
return port; return port;
@ -974,7 +974,7 @@ diff -Paur --no-dereference -- ssh.upstream/regress/netcat.c ssh/regress/netcat.
diff -Paur --no-dereference -- ssh.upstream/scp.c ssh/scp.c diff -Paur --no-dereference -- ssh.upstream/scp.c ssh/scp.c
--- ssh.upstream/scp.c --- ssh.upstream/scp.c
+++ ssh/scp.c +++ ssh/scp.c
@@ -645,7 +645,7 @@ @@ -647,7 +647,7 @@
mode = MODE_SCP; mode = MODE_SCP;
if ((pwd = getpwuid(userid = getuid())) == NULL) if ((pwd = getpwuid(userid = getuid())) == NULL)
@ -983,7 +983,7 @@ diff -Paur --no-dereference -- ssh.upstream/scp.c ssh/scp.c
if (!isatty(STDOUT_FILENO)) if (!isatty(STDOUT_FILENO))
showprogress = 0; showprogress = 0;
@@ -1007,7 +1007,7 @@ @@ -1009,7 +1009,7 @@
static struct sftp_conn * static struct sftp_conn *
do_sftp_connect(char *host, char *user, int port, char *sftp_direct, do_sftp_connect(char *host, char *user, int port, char *sftp_direct,
@ -995,7 +995,7 @@ diff -Paur --no-dereference -- ssh.upstream/scp.c ssh/scp.c
diff -Paur --no-dereference -- ssh.upstream/servconf.c ssh/servconf.c diff -Paur --no-dereference -- ssh.upstream/servconf.c ssh/servconf.c
--- ssh.upstream/servconf.c --- ssh.upstream/servconf.c
+++ ssh/servconf.c +++ ssh/servconf.c
@@ -309,7 +309,10 @@ @@ -308,7 +308,10 @@
if (options->pid_file == NULL) if (options->pid_file == NULL)
options->pid_file = xstrdup(_PATH_SSH_DAEMON_PID_FILE); options->pid_file = xstrdup(_PATH_SSH_DAEMON_PID_FILE);
if (options->moduli_file == NULL) if (options->moduli_file == NULL)
@ -1007,7 +1007,7 @@ diff -Paur --no-dereference -- ssh.upstream/servconf.c ssh/servconf.c
if (options->login_grace_time == -1) if (options->login_grace_time == -1)
options->login_grace_time = 120; options->login_grace_time = 120;
if (options->permit_root_login == PERMIT_NOT_SET) if (options->permit_root_login == PERMIT_NOT_SET)
@@ -454,7 +457,12 @@ @@ -453,7 +456,12 @@
/* Turn privilege separation and sandboxing on by default */ /* Turn privilege separation and sandboxing on by default */
if (use_privsep == -1) if (use_privsep == -1)
@ -1023,7 +1023,7 @@ diff -Paur --no-dereference -- ssh.upstream/servconf.c ssh/servconf.c
diff -Paur --no-dereference -- ssh.upstream/session.c ssh/session.c diff -Paur --no-dereference -- ssh.upstream/session.c ssh/session.c
--- ssh.upstream/session.c --- ssh.upstream/session.c
+++ ssh/session.c +++ ssh/session.c
@@ -104,6 +104,15 @@ @@ -103,6 +103,15 @@
#include <selinux/selinux.h> #include <selinux/selinux.h>
#endif #endif
@ -1039,7 +1039,7 @@ diff -Paur --no-dereference -- ssh.upstream/session.c ssh/session.c
#define IS_INTERNAL_SFTP(c) \ #define IS_INTERNAL_SFTP(c) \
(!strncmp(c, INTERNAL_SFTP_NAME, sizeof(INTERNAL_SFTP_NAME) - 1) && \ (!strncmp(c, INTERNAL_SFTP_NAME, sizeof(INTERNAL_SFTP_NAME) - 1) && \
(c[sizeof(INTERNAL_SFTP_NAME) - 1] == '\0' || \ (c[sizeof(INTERNAL_SFTP_NAME) - 1] == '\0' || \
@@ -1052,9 +1061,11 @@ @@ -1051,9 +1060,11 @@
#endif /* HAVE_LOGIN_CAP */ #endif /* HAVE_LOGIN_CAP */
if (!options.use_pam) { if (!options.use_pam) {
@ -1157,7 +1157,7 @@ diff -Paur --no-dereference -- ssh.upstream/sftp-server-main.c ssh/sftp-server-m
diff -Paur --no-dereference -- ssh.upstream/ssh-add.c ssh/ssh-add.c diff -Paur --no-dereference -- ssh.upstream/ssh-add.c ssh/ssh-add.c
--- ssh.upstream/ssh-add.c --- ssh.upstream/ssh-add.c
+++ ssh/ssh-add.c +++ ssh/ssh-add.c
@@ -979,8 +979,8 @@ @@ -982,8 +982,8 @@
int count = 0; int count = 0;
if ((pw = getpwuid(getuid())) == NULL) { if ((pw = getpwuid(getuid())) == NULL) {
@ -1171,7 +1171,7 @@ diff -Paur --no-dereference -- ssh.upstream/ssh-add.c ssh/ssh-add.c
diff -Paur --no-dereference -- ssh.upstream/ssh-agent.c ssh/ssh-agent.c diff -Paur --no-dereference -- ssh.upstream/ssh-agent.c ssh/ssh-agent.c
--- ssh.upstream/ssh-agent.c --- ssh.upstream/ssh-agent.c
+++ ssh/ssh-agent.c +++ ssh/ssh-agent.c
@@ -1749,8 +1749,8 @@ @@ -1748,8 +1748,8 @@
return -1; return -1;
} }
if ((euid != 0) && (getuid() != euid)) { if ((euid != 0) && (getuid() != euid)) {
@ -1218,7 +1218,7 @@ diff -Paur --no-dereference -- ssh.upstream/ssh.c ssh/ssh.c
diff -Paur --no-dereference -- ssh.upstream/sshconnect.c ssh/sshconnect.c diff -Paur --no-dereference -- ssh.upstream/sshconnect.c ssh/sshconnect.c
--- ssh.upstream/sshconnect.c --- ssh.upstream/sshconnect.c
+++ ssh/sshconnect.c +++ ssh/sshconnect.c
@@ -164,7 +164,8 @@ @@ -163,7 +163,8 @@
* Execute the proxy command. * Execute the proxy command.
* Note that we gave up any extra privileges above. * Note that we gave up any extra privileges above.
*/ */
@ -1228,7 +1228,7 @@ diff -Paur --no-dereference -- ssh.upstream/sshconnect.c ssh/sshconnect.c
perror(argv[0]); perror(argv[0]);
exit(1); exit(1);
} }
@@ -248,7 +249,7 @@ @@ -247,7 +248,7 @@
* extra privileges above. * extra privileges above.
*/ */
ssh_signal(SIGPIPE, SIG_DFL); ssh_signal(SIGPIPE, SIG_DFL);
@ -1237,7 +1237,7 @@ diff -Paur --no-dereference -- ssh.upstream/sshconnect.c ssh/sshconnect.c
perror(argv[0]); perror(argv[0]);
exit(1); exit(1);
} }
@@ -306,7 +307,9 @@ @@ -305,7 +306,9 @@
for (allow_local = 0; allow_local < 2; allow_local++) { for (allow_local = 0; allow_local < 2; allow_local++) {
for (ifa = ifaddrs; ifa != NULL; ifa = ifa->ifa_next) { for (ifa = ifaddrs; ifa != NULL; ifa = ifa->ifa_next) {
if (ifa->ifa_addr == NULL || ifa->ifa_name == NULL || if (ifa->ifa_addr == NULL || ifa->ifa_name == NULL ||
@ -1247,7 +1247,7 @@ diff -Paur --no-dereference -- ssh.upstream/sshconnect.c ssh/sshconnect.c
ifa->ifa_addr->sa_family != af || ifa->ifa_addr->sa_family != af ||
strcmp(ifa->ifa_name, options.bind_interface) != 0) strcmp(ifa->ifa_name, options.bind_interface) != 0)
continue; continue;
@@ -1671,7 +1674,7 @@ @@ -1670,7 +1673,7 @@
if (pid == 0) { if (pid == 0) {
ssh_signal(SIGPIPE, SIG_DFL); ssh_signal(SIGPIPE, SIG_DFL);
debug3("Executing %s -c \"%s\"", shell, args); debug3("Executing %s -c \"%s\"", shell, args);
@ -1279,7 +1279,7 @@ diff -Paur --no-dereference -- ssh.upstream/sshd.8 ssh/sshd.8
.Pp .Pp
The options are as follows: The options are as follows:
.Bl -tag -width Ds .Bl -tag -width Ds
@@ -994,14 +994,6 @@ @@ -1008,14 +1008,6 @@
during privilege separation in the pre-authentication phase. during privilege separation in the pre-authentication phase.
The directory should not contain any files and must be owned by root The directory should not contain any files and must be owned by root
and not group or world-writable. and not group or world-writable.
@ -1297,7 +1297,7 @@ diff -Paur --no-dereference -- ssh.upstream/sshd.8 ssh/sshd.8
diff -Paur --no-dereference -- ssh.upstream/sshd.c ssh/sshd.c diff -Paur --no-dereference -- ssh.upstream/sshd.c ssh/sshd.c
--- ssh.upstream/sshd.c --- ssh.upstream/sshd.c
+++ ssh/sshd.c +++ ssh/sshd.c
@@ -129,6 +129,15 @@ @@ -128,6 +128,15 @@
#include "srclimit.h" #include "srclimit.h"
#include "dh.h" #include "dh.h"
@ -1313,7 +1313,7 @@ diff -Paur --no-dereference -- ssh.upstream/sshd.c ssh/sshd.c
/* Re-exec fds */ /* Re-exec fds */
#define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1) #define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1)
#define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2) #define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2)
@@ -234,7 +243,11 @@ @@ -233,7 +242,11 @@
static int startup_pipe = -1; /* in child */ static int startup_pipe = -1; /* in child */
/* variables used for privilege separation */ /* variables used for privilege separation */
@ -1325,7 +1325,7 @@ diff -Paur --no-dereference -- ssh.upstream/sshd.c ssh/sshd.c
struct monitor *pmonitor = NULL; struct monitor *pmonitor = NULL;
int privsep_is_preauth = 1; int privsep_is_preauth = 1;
static int privsep_chroot = 1; static int privsep_chroot = 1;
@@ -460,8 +473,8 @@ @@ -455,8 +468,8 @@
fatal("chdir(\"/\"): %s", strerror(errno)); fatal("chdir(\"/\"): %s", strerror(errno));
/* Drop our privileges */ /* Drop our privileges */
@ -1336,7 +1336,7 @@ diff -Paur --no-dereference -- ssh.upstream/sshd.c ssh/sshd.c
gidset[0] = privsep_pw->pw_gid; gidset[0] = privsep_pw->pw_gid;
if (setgroups(1, gidset) == -1) if (setgroups(1, gidset) == -1)
fatal("setgroups: %.100s", strerror(errno)); fatal("setgroups: %.100s", strerror(errno));
@@ -1579,6 +1592,10 @@ @@ -1589,6 +1602,10 @@
/* Initialize configuration options to their default values. */ /* Initialize configuration options to their default values. */
initialize_server_options(&options); initialize_server_options(&options);
@ -1346,10 +1346,10 @@ diff -Paur --no-dereference -- ssh.upstream/sshd.c ssh/sshd.c
+ +
/* Parse command-line arguments. */ /* Parse command-line arguments. */
while ((opt = getopt(ac, av, while ((opt = getopt(ac, av,
"C:E:b:c:f:g:h:k:o:p:u:46DQRTdeiqrtV")) != -1) { "C:E:b:c:f:g:h:k:o:p:u:46DGQRTdeiqrtV")) != -1) {
@@ -1695,10 +1712,32 @@ @@ -1708,10 +1725,32 @@
rexec_flag = 0; rexec_flag = 0;
if (!test_flag && rexec_flag && !path_absolute(av[0])) if (!test_flag && !do_dump_cfg && rexec_flag && !path_absolute(av[0]))
fatal("sshd re-exec requires execution with an absolute path"); fatal("sshd re-exec requires execution with an absolute path");
- if (rexeced_flag) - if (rexeced_flag)
- closefrom(REEXEC_MIN_FREE_FD); - closefrom(REEXEC_MIN_FREE_FD);
@ -1384,7 +1384,7 @@ diff -Paur --no-dereference -- ssh.upstream/sshd.c ssh/sshd.c
seed_rng(); seed_rng();
@@ -2074,7 +2113,8 @@ @@ -2081,7 +2120,8 @@
* Write out the pid file after the sigterm handler * Write out the pid file after the sigterm handler
* is setup and the listen sockets are bound * is setup and the listen sockets are bound
*/ */
@ -1394,7 +1394,7 @@ diff -Paur --no-dereference -- ssh.upstream/sshd.c ssh/sshd.c
FILE *f = fopen(options.pid_file, "w"); FILE *f = fopen(options.pid_file, "w");
if (f == NULL) { if (f == NULL) {
@@ -2086,6 +2126,15 @@ @@ -2093,6 +2133,15 @@
} }
} }
@ -1410,7 +1410,7 @@ diff -Paur --no-dereference -- ssh.upstream/sshd.c ssh/sshd.c
/* Accept a connection and return in a forked child */ /* Accept a connection and return in a forked child */
server_accept_loop(&sock_in, &sock_out, server_accept_loop(&sock_in, &sock_out,
&newsock, config_s); &newsock, config_s);
@@ -2445,10 +2494,10 @@ @@ -2447,10 +2496,10 @@
do_cleanup(the_active_state, the_authctxt); do_cleanup(the_active_state, the_authctxt);
if (use_privsep && privsep_is_preauth && if (use_privsep && privsep_is_preauth &&
pmonitor != NULL && pmonitor->m_pid > 1) { pmonitor != NULL && pmonitor->m_pid > 1) {
@ -1473,7 +1473,7 @@ diff -Paur --no-dereference -- ssh.upstream/ssh-keygen.1 ssh/ssh-keygen.1
diff -Paur --no-dereference -- ssh.upstream/ssh-keygen.c ssh/ssh-keygen.c diff -Paur --no-dereference -- ssh.upstream/ssh-keygen.c ssh/ssh-keygen.c
--- ssh.upstream/ssh-keygen.c --- ssh.upstream/ssh-keygen.c
+++ ssh/ssh-keygen.c +++ ssh/ssh-keygen.c
@@ -829,7 +829,7 @@ @@ -831,7 +831,7 @@
} }
sshkey_free(prv); sshkey_free(prv);
free(comment); free(comment);
@ -1482,7 +1482,7 @@ diff -Paur --no-dereference -- ssh.upstream/ssh-keygen.c ssh/ssh-keygen.c
} }
static void static void
@@ -987,7 +987,7 @@ @@ -989,7 +989,7 @@
free(line); free(line);
fclose(f); fclose(f);
fingerprint_private(path); fingerprint_private(path);
@ -1491,7 +1491,7 @@ diff -Paur --no-dereference -- ssh.upstream/ssh-keygen.c ssh/ssh-keygen.c
} }
/* /*
@@ -1035,7 +1035,7 @@ @@ -1037,7 +1037,7 @@
if (invalid) if (invalid)
fatal("%s is not a public key file.", path); fatal("%s is not a public key file.", path);
@ -1500,7 +1500,7 @@ diff -Paur --no-dereference -- ssh.upstream/ssh-keygen.c ssh/ssh-keygen.c
} }
static void static void
@@ -1075,14 +1075,32 @@ @@ -1077,14 +1077,32 @@
/* Check whether private key exists and is not zero-length */ /* Check whether private key exists and is not zero-length */
if (stat(prv_file, &st) == 0) { if (stat(prv_file, &st) == 0) {
@ -1534,7 +1534,7 @@ diff -Paur --no-dereference -- ssh.upstream/ssh-keygen.c ssh/ssh-keygen.c
/* /*
* Private key doesn't exist or is invalid; proceed with * Private key doesn't exist or is invalid; proceed with
* key generation. * key generation.
@@ -3347,7 +3365,7 @@ @@ -3363,7 +3381,7 @@
/* we need this for the home * directory. */ /* we need this for the home * directory. */
pw = getpwuid(getuid()); pw = getpwuid(getuid());
if (!pw) if (!pw)
@ -1543,7 +1543,7 @@ diff -Paur --no-dereference -- ssh.upstream/ssh-keygen.c ssh/ssh-keygen.c
pw = pwcopy(pw); pw = pwcopy(pw);
if (gethostname(hostname, sizeof(hostname)) == -1) if (gethostname(hostname, sizeof(hostname)) == -1)
fatal("gethostname: %s", strerror(errno)); fatal("gethostname: %s", strerror(errno));
@@ -3703,8 +3721,10 @@ @@ -3719,8 +3737,10 @@
} }
return do_download_sk(sk_provider, sk_device); return do_download_sk(sk_provider, sk_device);
} }
@ -1570,7 +1570,7 @@ diff -Paur --no-dereference -- ssh.upstream/ssh-keyscan.c ssh/ssh-keyscan.c
#include "xmalloc.h" #include "xmalloc.h"
#include "ssh.h" #include "ssh.h"
#include "sshbuf.h" #include "sshbuf.h"
@@ -54,6 +59,14 @@ @@ -55,6 +60,14 @@
#include "dns.h" #include "dns.h"
#include "addr.h" #include "addr.h"

4
ports/ssh/ssh.port
View File

@ -1,10 +1,10 @@
NAME=ssh NAME=ssh
BUILD_LIBRARIES='libz libssl' BUILD_LIBRARIES='libz libssl'
VERSION=9.2p1 VERSION=9.3p1
DISTNAME=openssh-$VERSION DISTNAME=openssh-$VERSION
COMPRESSION=tar.gz COMPRESSION=tar.gz
ARCHIVE=$DISTNAME.$COMPRESSION ARCHIVE=$DISTNAME.$COMPRESSION
SHA256SUM=3f66dbf1655fb45f50e1c56da62ab01218c228807b21338d634ebcdf9d71cf46 SHA256SUM=e9baba7701a76a51f3d85a62c383a3c9dcd97fa900b859bc7db114c1868af8a8
UPSTREAM_SITE=https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable UPSTREAM_SITE=https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable
UPSTREAM_ARCHIVE=$ARCHIVE UPSTREAM_ARCHIVE=$ARCHIVE
LICENSE='SSH-OpenSSH AND BSD-2-Clause AND BSD-3-Clause AND ISC AND MIT' LICENSE='SSH-OpenSSH AND BSD-2-Clause AND BSD-3-Clause AND ISC AND MIT'