commit: 7b0cb105f5b1362c834cd5381414341e257f3b8c
parent d70f79aeb3e6f62a093d56180654baf69e70ad62
Author: Michael Forney <mforney@mforney.org>
Date: Mon, 28 Apr 2025 16:44:24 -0700
openssh: Update to 10.0p2
Diffstat:
3 files changed, 75 insertions(+), 25 deletions(-)
diff --git a/pkg/openssh/config.h b/pkg/openssh/config.h
@@ -5,6 +5,8 @@
#define _PATH_SFTP_SERVER "/libexec/sftp-server"
#define _PATH_SSH_ASKPASS_DEFAULT "/libexec/ssh-askpass"
#define _PATH_SSH_KEY_SIGN "/libexec/ssh-keysign"
+#define _PATH_SSHD_SESSION "/libexec/sshd-session"
+#define _PATH_SSHD_AUTH "/libexec/sshd-auth"
#define _PATH_SSH_PIDDIR "/run"
#define _PATH_SSH_PKCS11_HELPER "/libexec/ssh-pkcs11-helper"
#define _PATH_SSH_SK_HELPER "/libexec/ssh-sk-helper"
@@ -84,6 +86,8 @@
#define HAVE_ATTRIBUTE__NONNULL__ 1
/* #undef HAVE_ATTRIBUTE__SENTINEL__ */
/* #undef HAVE_AUG_GET_MACHINE */
+/* #undef HAVE_AUTH_HOSTOK */
+/* #undef HAVE_AUTH_TIMEOK */
#define HAVE_B64_NTOP 1
#define HAVE_B64_PTON 1
#define HAVE_BASENAME 1
@@ -101,6 +105,8 @@
/* #undef HAVE_BSTRING_H */
#define HAVE_BZERO 1
#define HAVE_CALLOC 1
+/* #undef HAVE_CAPH_CACHE_TZDATA */
+/* #undef HAVE_CAPSICUM_HELPERS_H */
/* #undef HAVE_CAP_RIGHTS_LIMIT */
#define HAVE_CLOCK 1
#define HAVE_CLOCK_GETTIME 1
@@ -118,16 +124,20 @@
/* #undef HAVE_DECL_AUTHENTICATE */
#define HAVE_DECL_BZERO 1
#define HAVE_DECL_FTRUNCATE 1
+#define HAVE_DECL_GETENTROPY 1
#define HAVE_DECL_GETPEEREID 0
#define HAVE_DECL_GLOB_NOMATCH 1
/* #undef HAVE_DECL_GSS_C_NT_HOSTBASED_SERVICE */
#define HAVE_DECL_HOWMANY 1
+#define HAVE_DECL_HTOLE64 1
#define HAVE_DECL_H_ERRNO 1
+#define HAVE_DECL_LE32TOH 1
+#define HAVE_DECL_LE64TOH 1
/* #undef HAVE_DECL_LOGINFAILED */
/* #undef HAVE_DECL_LOGINRESTRICTIONS */
/* #undef HAVE_DECL_LOGINSUCCESS */
#define HAVE_DECL_MAXSYMLINKS 1
-#define HAVE_DECL_MEMMEM 0
+#define HAVE_DECL_MEMMEM 1
#define HAVE_DECL_NFDBITS 1
#define HAVE_DECL_OFFSETOF 1
#define HAVE_DECL_O_NONBLOCK 1
@@ -171,6 +181,7 @@
#define HAVE_FIDO_CRED_SET_PROT 1
#define HAVE_FIDO_DEV_GET_TOUCH_BEGIN 1
#define HAVE_FIDO_DEV_GET_TOUCH_STATUS 1
+#define HAVE_FIDO_DEV_IS_WINHELLO 1
#define HAVE_FIDO_DEV_SUPPORTS_CRED_PROT 1
/* #undef HAVE_FLOATINGPOINT_H */
#define HAVE_FLOCK 1
@@ -189,6 +200,7 @@
/* #undef HAVE_GETAUDIT */
/* #undef HAVE_GETAUDIT_ADDR */
#define HAVE_GETCWD 1
+#define HAVE_GETENTROPY 1
#define HAVE_GETGROUPLIST 1
/* #undef HAVE_GETGRSET */
/* #undef HAVE_GETLASTLOGXBYNAME */
@@ -379,7 +391,7 @@
/* #undef HAVE_SHA512UPDATE */
#define HAVE_SHADOW_H 1
#define HAVE_SIGACTION 1
-/* #undef HAVE_SIGHANDLER_T */
+#define HAVE_SIGHANDLER_T 1
/* #undef HAVE_SIGVEC */
#define HAVE_SIG_ATOMIC_T 1
#define HAVE_SIZE_T 1
@@ -431,7 +443,6 @@
#define HAVE_STRUCT_STAT_ST_MTIME 1
#define HAVE_STRUCT_TIMESPEC 1
#define HAVE_STRUCT_TIMEVAL 1
-/* #undef HAVE_SWAP32 */
#define HAVE_SYSCONF 1
/* #undef HAVE_SYSLEN_IN_UTMPX */
/* #undef HAVE_SYS_AUDIT_H */
@@ -473,6 +484,7 @@
#define HAVE_TCGETPGRP 1
#define HAVE_TCSENDBREAK 1
#define HAVE_TIME 1
+#define HAVE_TIMEGM 1
#define HAVE_TIME_H 1
/* #undef HAVE_TIME_IN_UTMP */
/* #undef HAVE_TIME_IN_UTMPX */
@@ -533,6 +545,7 @@
/* #undef KRB5 */
/* #undef LASTLOG_WRITE_PUTUTXLINE */
#define LINK_OPNOTSUPP_ERRNO EPERM
+/* #undef LINUX_MEMLOCK_ONFAULT */
#define LINUX_OOM_ADJUST 1
/* #undef LLONG_MAX */
/* #undef LLONG_MIN */
@@ -541,6 +554,7 @@
/* #undef LOCKED_PASSWD_SUBSTR */
/* #undef LOGIN_NEEDS_UTMPX */
/* #undef MAIL_DIRECTORY */
+/* #undef MISSING_BUILTIN_POPCOUNT */
/* #undef NEED_SETPGRP */
/* #undef NO_ATTRIBUTE_ON_PROTOTYPE_ARGS */
/* #undef NO_ATTRIBUTE_ON_RETURN_TYPE */
@@ -561,11 +575,12 @@
/* #undef SANDBOX_CAPSICUM */
/* #undef SANDBOX_DARWIN */
/* #undef SANDBOX_NULL */
-/* #undef SANDBOX_PLEDGE */
+/* #undef SANDBOX_RLIMIT */
+/* #undef SANDBOX_SECCOMP_FILTER */
/* #undef SANDBOX_SKIP_RLIMIT_FSIZE */
/* #undef SANDBOX_SKIP_RLIMIT_NOFILE */
/* #undef SANDBOX_SOLARIS */
-/* #undef SANDBOX_SYSTRACE */
+/* #undef SECCOMP_AUDIT_ARCH */
/* #undef SETEUID_BREAKS_SETUID */
#define SIZEOF_INT 4
#define SIZEOF_LONG_INT SIZEOF_LONG
@@ -573,6 +588,7 @@
#define SIZEOF_SHORT_INT 2
/* probe SIZEOF_TIME_T */
#define SNPRINTF_CONST const
+/* #undef SOCK_HAS_LEN */
#define SPT_TYPE SPT_REUSEARGV
/* #undef SSHD_ACQUIRES_CTTY */
/* #undef SSHD_PAM_SERVICE */
@@ -589,6 +605,7 @@
#define STDC_HEADERS 1
/* #undef SUPERUSER_PATH */
/* #undef SYSLOG_R_SAFE_IN_SIGHAND */
+/* #undef SYSTEMD_NOTIFY */
#define SYS_RDOMAIN_LINUX 1
/* #undef UNIXWARE_LONG_PASSWORDS */
#define USER_PATH "/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin"
@@ -602,6 +619,7 @@
/* #undef USE_SOLARIS_PRIVS */
/* #undef USE_SOLARIS_PROCESS_CONTRACTS */
/* #undef USE_SOLARIS_PROJECTS */
+/* #undef USE_WTMPDB */
#define VARIABLE_DECLARATION_AFTER_CODE 1
/* #undef VARIABLE_LENGTH_ARRAYS */
/* #undef WITH_ABBREV_NO_TTY */
diff --git a/pkg/openssh/gen.lua b/pkg/openssh/gen.lua
@@ -85,23 +85,32 @@ lib('libssh.a', [[
ssh-pkcs11.c smult_curve25519_ref.c
poly1305.c chacha.c cipher-chachapoly.c cipher-chachapoly-bearssl.c
ssh-ed25519.c digest-bearssl.c digest-libc.c
- hmac.c sc25519.c ge25519.c fe25519.c ed25519.c verify.c hash.c
- kex.c kexdh.c kexgex.c kexecdh.c kexc25519.c
+ hmac.c ed25519.c hash.c
+ kex.c kex-names.c kexdh.c kexgex.c kexecdh.c kexc25519.c
kexgexc.c kexgexs.c
- kexsntrup761x25519.c sntrup761.c kexgen.c
+ kexsntrup761x25519.c kexmlkem768x25519.c sntrup761.c kexgen.c
sftp-realpath.c platform-pledge.c platform-tracing.c platform-misc.c
sshbuf-io.c
ssh-sk-client.c
- sftp-common.c sftp-client.c sftp-glob.c sftp-server.c
-
libopenbsd-compat.a
$builddir/pkg/bearssl/libbearssl.a
$builddir/pkg/libfido2/libfido2.a.d
$builddir/pkg/zlib/libz.a
]])
+lib('sftp-client.a', [[
+ sftp-common.c
+ sftp-client.c
+ sftp-glob.c
+]])
+
+lib('sftp-server.a', [[
+ sftp-common.c.o
+ sftp-server.c
+]])
+
exe('ssh', [[
ssh.c readconf.c clientloop.c sshtty.c
sshconnect.c sshconnect2.c mux.c
@@ -110,25 +119,48 @@ exe('ssh', [[
file('bin/ssh', '755', '$outdir/ssh')
exe('sshd', [[
- sshd.c auth-rhosts.c auth-passwd.c
+ sshd.c
+ platform-listen.c
+ servconf.c sshpty.c srclimit.c groupaccess.c auth2-methods.c
+ libssh.a.d
+]])
+file('bin/sshd', '755', '$outdir/sshd')
+
+-- used by sshd-session and sshd-auth
+lib('sshd-common.a', [[
+ auth-rhosts.c auth-passwd.c
audit.c audit-bsm.c audit-linux.c platform.c
- sshpty.c sshlogin.c servconf.c serverloop.c
- auth.c auth2.c auth-options.c session.c
- auth2-chall.c groupaccess.c
+ sshpty.c.o sshlogin.c.o servconf.c.o serverloop.c
+ auth.c auth2.c auth2-methods.c.o auth-options.c session.c
+ auth2-chall.c groupaccess.c.o
auth-bsdauth.c auth2-hostbased.c auth2-kbdint.c
- auth2-none.c auth2-passwd.c auth2-pubkey.c
- monitor.c monitor_wrap.c auth-krb5.c
+ auth2-none.c auth2-passwd.c auth2-pubkey.c auth2-pubkeyfile.c
+ monitor_wrap.c auth-krb5.c
auth2-gss.c gss-serv.c gss-serv-krb5.c
loginrec.c auth-pam.c auth-shadow.c auth-sia.c
- srclimit.c
- sandbox-null.c sandbox-rlimit.c sandbox-systrace.c sandbox-darwin.c
- sandbox-seccomp-filter.c sandbox-capsicum.c sandbox-pledge.c
- sandbox-solaris.c uidswap.c
+ uidswap.c
+]])
+
+exe('sshd-session', [[
+ sshd-session.c
+ monitor.c platform-listen.c.o
+ sshd-common.a
+ sftp-server.a
libssh.a.d
]])
-file('bin/sshd', '755', '$outdir/sshd')
+file('libexec/sshd-session', '755', '$outdir/sshd-session')
+
+exe('sshd-auth', [[
+ sshd-auth.c
+ sandbox-null.c sandbox-rlimit.c sandbox-darwin.c
+ sandbox-seccomp-filter.c sandbox-capsicum.c sandbox-solaris.c
+ sshd-common.a
+ sftp-server.a
+ libssh.a.d
+]])
+file('libexec/sshd-auth', '755', '$outdir/sshd-auth')
-exe('scp', {'scp.c', 'libssh.a.d'})
+exe('scp', {'scp.c', 'sftp-client.a', 'libssh.a.d'})
file('bin/scp', '755', '$outdir/scp')
exe('ssh-add', {'ssh-add.c', 'libssh.a.d'})
@@ -146,10 +178,10 @@ file('bin/ssh-keyscan', '755', '$outdir/ssh-keyscan')
exe('ssh-sk-helper', {'ssh-sk-helper.c', 'ssh-sk.c', 'sk-usbhid.c', 'libssh.a.d'})
file('libexec/ssh-sk-helper', '755', '$outdir/ssh-sk-helper')
-exe('sftp-server', {'sftp-server-main.c', 'libssh.a.d'})
+exe('sftp-server', {'sftp-server-main.c', 'sftp-server.a', 'libssh.a.d'})
file('libexec/sftp-server', '755', '$outdir/sftp-server')
-exe('sftp', {'sftp.c', 'libssh.a.d'})
+exe('sftp', {'sftp.c', 'sftp-usergroup.c', 'sftp-client.a', 'libssh.a.d'})
file('bin/sftp', '755', '$outdir/sftp')
man{
diff --git a/pkg/openssh/ver b/pkg/openssh/ver
@@ -1 +1 @@
-9.0p1 r0
+10.0p2 r0
