commit: 91d3dd6504b51cd18f4b6a61eec00388c33b70af
parent f7af542972d1d55f3973d1f1b888b7eed3b07f51
Author: Michael Forney <mforney@mforney.org>
Date: Fri, 18 Oct 2019 00:44:32 -0700
openssh: Update to 8.1p1
Diffstat:
6 files changed, 20 insertions(+), 291 deletions(-)
diff --git a/pkg/openssh/config.h b/pkg/openssh/config.h
@@ -24,7 +24,6 @@
/* #undef BROKEN_ONE_BYTE_DIRENT_D_NAME */
/* #undef BROKEN_READV_COMPARISON */
/* #undef BROKEN_READ_COMPARISON */
-#define BROKEN_REALPATH 1
/* #undef BROKEN_SAVED_UIDS */
/* #undef BROKEN_SETREGID */
/* #undef BROKEN_SETRESGID */
@@ -175,6 +174,8 @@
#define HAVE_EVP_PKEY_GET0_RSA 1
#define HAVE_EVP_RIPEMD160 1
#define HAVE_EVP_SHA256 1
+#define HAVE_EVP_SHA384 1
+#define HAVE_EVP_SHA512 1
#define HAVE_EXIT_IN_UTMP 1
#define HAVE_EXPLICIT_BZERO 1
#define HAVE_FCHMOD 1
@@ -273,6 +274,7 @@
/* #undef HAVE_LIBIAF */
/* #undef HAVE_LIBNETWORK */
/* #undef HAVE_LIBPAM */
+/* #undef HAVE_LIBPROC_H */
/* #undef HAVE_LIBSOCKET */
/* #undef HAVE_LIBUTIL_H */
/* #undef HAVE_LIBXNET */
@@ -298,6 +300,7 @@
#define HAVE_MBTOWC 1
/* #undef HAVE_MD5_CRYPT */
/* #undef HAVE_MD5_PASSWORDS */
+#define HAVE_MEMMEM 1
#define HAVE_MEMMOVE 1
#define HAVE_MEMORY_H 1
/* #undef HAVE_MEMSET_S */
@@ -335,6 +338,7 @@
/* #undef HAVE_PRIV_BASICSET */
/* #undef HAVE_PRIV_H */
#define HAVE_PROC_PID 1
+/* #undef HAVE_PROC_PIDINFO */
/* #undef HAVE_PSTAT */
#define HAVE_PTY_H 1
#define HAVE_PUTUTLINE 1
@@ -344,7 +348,6 @@
#define HAVE_READPASSPHRASE_H 1
#define HAVE_REALLOC 1
#define HAVE_REALLOCARRAY 1
-#define HAVE_REALPATH 1
#define HAVE_RECALLOCARRAY 1
#define HAVE_RECVMSG 1
#define HAVE_RLIMIT_NPROC /**/
@@ -398,8 +401,10 @@
#define HAVE_SETUTXENT 1
#define HAVE_SETVBUF 1
/* #undef HAVE_SET_ID */
-#define HAVE_SHA256_UPDATE 1
+/* #undef HAVE_SHA256UPDATE */
/* #undef HAVE_SHA2_H */
+/* #undef HAVE_SHA384UPDATE */
+/* #undef HAVE_SHA512UPDATE */
#define HAVE_SHADOW_H 1
#define HAVE_SIGACTION 1
/* #undef HAVE_SIGVEC */
@@ -614,7 +619,7 @@
#define STDC_HEADERS 1
/* #undef SUPERUSER_PATH */
/* #undef SYSLOG_R_SAFE_IN_SIGHAND */
-/* #undef SYS_RDOMAIN_LINUX */
+#define SYS_RDOMAIN_LINUX 1
/* #undef UNIXWARE_LONG_PASSWORDS */
#define USER_PATH "/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin"
/* #undef USE_AFS */
diff --git a/pkg/openssh/gen.lua b/pkg/openssh/gen.lua
@@ -24,11 +24,11 @@ lib('libopenbsd-compat.a', [[openbsd-compat/(
base64.c basename.c bcrypt_pbkdf.c bindresvport.c blowfish.c daemon.c
dirname.c explicit_bzero.c fmt_scaled.c freezero.c getcwd.c
getgrouplist.c getopt_long.c getrrsetbyname.c glob.c inet_aton.c
- inet_ntoa.c inet_ntop.c md5.c mktemp.c pwcache.c readpassphrase.c
- reallocarray.c realpath.c recallocarray.c rmd160.c rresvport.c setenv.c
- setproctitle.c sha1.c sha2.c sigact.c strcasestr.c strlcat.c strlcpy.c
- strmode.c strndup.c strnlen.c strptime.c strsep.c strtoll.c strtonum.c
- strtoull.c strtoul.c timingsafe_bcmp.c vis.c
+ inet_ntoa.c inet_ntop.c md5.c memmem.c mktemp.c pwcache.c
+ readpassphrase.c reallocarray.c recallocarray.c rmd160.c rresvport.c
+ setenv.c setproctitle.c sha1.c sha2.c sigact.c strcasestr.c strlcat.c
+ strlcpy.c strmode.c strndup.c strnlen.c strptime.c strsep.c strtoll.c
+ strtonum.c strtoull.c strtoul.c timingsafe_bcmp.c vis.c
arc4random.c bsd-asprintf.c bsd-closefrom.c bsd-cygwin_util.c bsd-err.c
bsd-flock.c bsd-getpagesize.c bsd-getpeereid.c bsd-malloc.c bsd-misc.c
@@ -64,10 +64,10 @@ lib('libssh.a', [[
authfd.c authfile.c
canohost.c channels.c cipher.c cipher-aes.c cipher-aesctr.c
cipher-ctr.c cleanup.c
- compat.c crc32.c fatal.c hostfile.c
+ compat.c fatal.c hostfile.c
log.c match.c moduli.c nchan.c packet.c
readpass.c ttymodes.c xmalloc.c addrmatch.c
- atomicio.c dispatch.c mac.c uuencode.c misc.c utf8.c
+ atomicio.c dispatch.c mac.c misc.c utf8.c
monitor_fdpass.c rijndael.c ssh-dss.c ssh-ecdsa.c ssh-rsa.c dh.c
msg.c progressmeter.c dns.c entropy.c gss-genr.c umac.c umac128.c
ssh-pkcs11.c smult_curve25519_ref.c
@@ -91,6 +91,7 @@ file('bin/ssh', '755', '$outdir/ssh')
cc('sftp-server.c')
cc('sftp-common.c')
+cc('sftp-realpath.c')
exe('sshd', [[
sshd.c auth-rhosts.c auth-passwd.c
@@ -103,7 +104,7 @@ exe('sshd', [[
monitor.c monitor_wrap.c auth-krb5.c
auth2-gss.c gss-serv.c gss-serv-krb5.c
loginrec.c auth-pam.c auth-shadow.c auth-sia.c md5crypt.c
- sftp-server.c.o sftp-common.c.o
+ sftp-server.c.o sftp-common.c.o sftp-realpath.c.o
sandbox-null.c sandbox-rlimit.c sandbox-systrace.c sandbox-darwin.c
sandbox-seccomp-filter.c sandbox-capsicum.c sandbox-pledge.c
sandbox-solaris.c uidswap.c
@@ -120,10 +121,10 @@ file('bin/ssh-add', '755', '$outdir/ssh-add')
exe('ssh-agent', {'ssh-agent.c', 'ssh-pkcs11-client.c', 'libssh.a.d'})
file('bin/ssh-agent', '755', '$outdir/ssh-agent')
-exe('ssh-keygen', {'ssh-keygen.c', 'libssh.a.d'})
+exe('ssh-keygen', {'ssh-keygen.c', 'sshsig.c', 'libssh.a.d'})
file('bin/ssh-keygen', '755', '$outdir/ssh-keygen')
-exe('sftp-server', {'sftp-common.c.o', 'sftp-server.c.o', 'sftp-server-main.c', 'libssh.a.d'})
+exe('sftp-server', {'sftp-common.c.o', 'sftp-server.c.o', 'sftp-realpath.c.o', 'sftp-server-main.c', 'libssh.a.d'})
file('libexec/sftp-server', '755', '$outdir/sftp-server')
exe('sftp', {'sftp.c', 'sftp-client.c', 'sftp-common.c.o', 'sftp-glob.c', 'libssh.a.d'})
diff --git a/pkg/openssh/patch/0001-Include-stdio.h-for-vsnprintf.patch b/pkg/openssh/patch/0001-Include-stdio.h-for-vsnprintf.patch
@@ -1,25 +0,0 @@
-From 0584947cce192034cbbaea92db1a628a5496a51a Mon Sep 17 00:00:00 2001
-From: Darren Tucker <dtucker@dtucker.net>
-Date: Sun, 16 Jun 2019 12:55:27 +1000
-Subject: [PATCH] Include stdio.h for vsnprintf.
-
-Patch from mforney at mforney.org.
----
- openbsd-compat/setproctitle.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/openbsd-compat/setproctitle.c b/openbsd-compat/setproctitle.c
-index dbd1a95a..e4064323 100644
---- a/openbsd-compat/setproctitle.c
-+++ b/openbsd-compat/setproctitle.c
-@@ -36,6 +36,7 @@
- #ifndef HAVE_SETPROCTITLE
-
- #include <stdarg.h>
-+#include <stdio.h>
- #include <stdlib.h>
- #include <unistd.h>
- #ifdef HAVE_SYS_PSTAT_H
---
-2.20.1
-
diff --git a/pkg/openssh/patch/0004-Include-stdlib.h-for-arc4random_uniform.patch b/pkg/openssh/patch/0001-Include-stdlib.h-for-arc4random_uniform.patch
diff --git a/pkg/openssh/patch/0002-Always-replace-realpath.patch b/pkg/openssh/patch/0002-Always-replace-realpath.patch
@@ -1,120 +0,0 @@
-From f16d8ca1735373b9da42f15955a50c2cfff4e6e3 Mon Sep 17 00:00:00 2001
-From: Michael Forney <mforney@mforney.org>
-Date: Wed, 19 Jun 2019 19:32:01 -0700
-Subject: [PATCH] Always replace realpath
-
----
- misc.c | 4 ++--
- openbsd-compat/openbsd-compat.h | 12 +-----------
- openbsd-compat/realpath.c | 5 +----
- sftp-server.c | 2 +-
- ssh-agent.c | 4 ++--
- 5 files changed, 7 insertions(+), 20 deletions(-)
-
-diff --git a/misc.c b/misc.c
-index 009e02bc..8669e7d0 100644
---- a/misc.c
-+++ b/misc.c
-@@ -1848,12 +1848,12 @@ safe_path(const char *name, struct stat *stp, const char *pw_dir,
- int comparehome = 0;
- struct stat st;
-
-- if (realpath(name, buf) == NULL) {
-+ if (_ssh_compat_realpath(name, buf) == NULL) {
- snprintf(err, errlen, "realpath %s failed: %s", name,
- strerror(errno));
- return -1;
- }
-- if (pw_dir != NULL && realpath(pw_dir, homedir) != NULL)
-+ if (pw_dir != NULL && _ssh_compat_realpath(pw_dir, homedir) != NULL)
- comparehome = 1;
-
- if (!S_ISREG(stp->st_mode)) {
-diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h
-index 865aaee5..4a5fd8cb 100644
---- a/openbsd-compat/openbsd-compat.h
-+++ b/openbsd-compat/openbsd-compat.h
-@@ -81,17 +81,7 @@ void *reallocarray(void *, size_t, size_t);
- void *recallocarray(void *, size_t, size_t, size_t);
- #endif
-
--#if !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH)
--/*
-- * glibc's FORTIFY_SOURCE can redefine this and prevent us picking up the
-- * compat version.
-- */
--# ifdef BROKEN_REALPATH
--# define realpath(x, y) _ssh_compat_realpath(x, y)
--# endif
--
--char *realpath(const char *path, char *resolved);
--#endif
-+char *_ssh_compat_realpath(const char *path, char *resolved);
-
- #ifndef HAVE_RRESVPORT_AF
- int rresvport_af(int *alport, sa_family_t af);
-diff --git a/openbsd-compat/realpath.c b/openbsd-compat/realpath.c
-index a2f090e5..0f0cea78 100644
---- a/openbsd-compat/realpath.c
-+++ b/openbsd-compat/realpath.c
-@@ -31,8 +31,6 @@
-
- #include "includes.h"
-
--#if !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH)
--
- #include <sys/types.h>
- #include <sys/param.h>
- #include <sys/stat.h>
-@@ -58,7 +56,7 @@
- * in which case the path which caused trouble is left in (resolved).
- */
- char *
--realpath(const char *path, char *resolved)
-+_ssh_compat_realpath(const char *path, char *resolved)
- {
- struct stat sb;
- char *p, *q, *s;
-@@ -226,4 +224,3 @@ err:
- free(resolved);
- return (NULL);
- }
--#endif /* !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH) */
-diff --git a/sftp-server.c b/sftp-server.c
-index 19a132bd..bc0257af 100644
---- a/sftp-server.c
-+++ b/sftp-server.c
-@@ -1174,7 +1174,7 @@ process_realpath(u_int32_t id)
- }
- debug3("request %u: realpath", id);
- verbose("realpath \"%s\"", path);
-- if (realpath(path, resolvedname) == NULL) {
-+ if (_ssh_compat_realpath(path, resolvedname) == NULL) {
- send_status(id, errno_to_portable(errno));
- } else {
- Stat s;
-diff --git a/ssh-agent.c b/ssh-agent.c
-index d06ecfd9..04a684de 100644
---- a/ssh-agent.c
-+++ b/ssh-agent.c
-@@ -587,7 +587,7 @@ process_add_smartcard_key(SocketEntry *e)
- goto send;
- }
- }
-- if (realpath(provider, canonical_provider) == NULL) {
-+ if (_ssh_compat_realpath(provider, canonical_provider) == NULL) {
- verbose("failed PKCS#11 add of \"%.100s\": realpath: %s",
- provider, strerror(errno));
- goto send;
-@@ -640,7 +640,7 @@ process_remove_smartcard_key(SocketEntry *e)
- }
- free(pin);
-
-- if (realpath(provider, canonical_provider) == NULL) {
-+ if (_ssh_compat_realpath(provider, canonical_provider) == NULL) {
- verbose("failed PKCS#11 add of \"%.100s\": realpath: %s",
- provider, strerror(errno));
- goto send;
---
-2.20.1
-
diff --git a/pkg/openssh/patch/0003-Remove-some-empty-top-level-declarations.patch b/pkg/openssh/patch/0003-Remove-some-empty-top-level-declarations.patch
@@ -1,132 +0,0 @@
-From a98535df996adc9e1028760b699b38bdb417a638 Mon Sep 17 00:00:00 2001
-From: Michael Forney <mforney@mforney.org>
-Date: Wed, 19 Jun 2019 20:00:52 -0700
-Subject: [PATCH] Remove some empty top-level declarations
-
----
- defines.h | 7 -------
- krl.c | 6 +++---
- openbsd-compat/readpassphrase.c | 1 -
- openbsd-compat/recallocarray.c | 1 -
- openbsd-compat/strcasestr.c | 1 -
- openbsd-compat/strndup.c | 2 +-
- openbsd-compat/vis.c | 2 --
- 7 files changed, 4 insertions(+), 16 deletions(-)
-
-diff --git a/defines.h b/defines.h
-index 8f421306..7a54ee2e 100644
---- a/defines.h
-+++ b/defines.h
-@@ -831,13 +831,6 @@ struct winsize {
- # define SSH_IOBUFSZ 8192
- #endif
-
--/*
-- * We want functions in openbsd-compat, if enabled, to override system ones.
-- * We no-op out the weak symbol definition rather than remove it to reduce
-- * future sync problems.
-- */
--#define DEF_WEAK(x)
--
- /*
- * Platforms that have arc4random_uniform() and not arc4random_stir()
- * shouldn't need the latter.
-diff --git a/krl.c b/krl.c
-index 8e2d5d5d..65f40205 100644
---- a/krl.c
-+++ b/krl.c
-@@ -59,7 +59,7 @@ struct revoked_serial {
- };
- static int serial_cmp(struct revoked_serial *a, struct revoked_serial *b);
- RB_HEAD(revoked_serial_tree, revoked_serial);
--RB_GENERATE_STATIC(revoked_serial_tree, revoked_serial, tree_entry, serial_cmp);
-+RB_GENERATE_STATIC(revoked_serial_tree, revoked_serial, tree_entry, serial_cmp)
-
- /* Tree of key IDs */
- struct revoked_key_id {
-@@ -68,7 +68,7 @@ struct revoked_key_id {
- };
- static int key_id_cmp(struct revoked_key_id *a, struct revoked_key_id *b);
- RB_HEAD(revoked_key_id_tree, revoked_key_id);
--RB_GENERATE_STATIC(revoked_key_id_tree, revoked_key_id, tree_entry, key_id_cmp);
-+RB_GENERATE_STATIC(revoked_key_id_tree, revoked_key_id, tree_entry, key_id_cmp)
-
- /* Tree of blobs (used for keys and fingerprints) */
- struct revoked_blob {
-@@ -78,7 +78,7 @@ struct revoked_blob {
- };
- static int blob_cmp(struct revoked_blob *a, struct revoked_blob *b);
- RB_HEAD(revoked_blob_tree, revoked_blob);
--RB_GENERATE_STATIC(revoked_blob_tree, revoked_blob, tree_entry, blob_cmp);
-+RB_GENERATE_STATIC(revoked_blob_tree, revoked_blob, tree_entry, blob_cmp)
-
- /* Tracks revoked certs for a single CA */
- struct revoked_certs {
-diff --git a/openbsd-compat/readpassphrase.c b/openbsd-compat/readpassphrase.c
-index ff8ff3de..6862a5e9 100644
---- a/openbsd-compat/readpassphrase.c
-+++ b/openbsd-compat/readpassphrase.c
-@@ -191,7 +191,6 @@ restart:
- errno = save_errno;
- return(nr == -1 ? NULL : buf);
- }
--DEF_WEAK(readpassphrase);
-
- #if 0
- char *
-diff --git a/openbsd-compat/recallocarray.c b/openbsd-compat/recallocarray.c
-index 3e1156ce..e391b979 100644
---- a/openbsd-compat/recallocarray.c
-+++ b/openbsd-compat/recallocarray.c
-@@ -85,6 +85,5 @@ recallocarray(void *ptr, size_t oldnmemb, size_t newnmemb, size_t size)
-
- return newptr;
- }
--/* DEF_WEAK(recallocarray); */
-
- #endif /* HAVE_RECALLOCARRAY */
-diff --git a/openbsd-compat/strcasestr.c b/openbsd-compat/strcasestr.c
-index 4c4d1475..020f3475 100644
---- a/openbsd-compat/strcasestr.c
-+++ b/openbsd-compat/strcasestr.c
-@@ -64,6 +64,5 @@ strcasestr(const char *s, const char *find)
- }
- return ((char *)s);
- }
--DEF_WEAK(strcasestr);
-
- #endif
-diff --git a/openbsd-compat/strndup.c b/openbsd-compat/strndup.c
-index 30ac6f04..30e47544 100644
---- a/openbsd-compat/strndup.c
-+++ b/openbsd-compat/strndup.c
-@@ -39,5 +39,5 @@ strndup(const char *str, size_t maxlen)
-
- return copy;
- }
--DEF_WEAK(strndup);
-+
- #endif /* HAVE_STRNDUP */
-diff --git a/openbsd-compat/vis.c b/openbsd-compat/vis.c
-index 0e04ed02..a5a05b1b 100644
---- a/openbsd-compat/vis.c
-+++ b/openbsd-compat/vis.c
-@@ -142,7 +142,6 @@ done:
- *dst = '\0';
- return (dst);
- }
--DEF_WEAK(vis);
-
- /*
- * strvis, strnvis, strvisx - visually encode characters from src into dst
-@@ -168,7 +167,6 @@ strvis(char *dst, const char *src, int flag)
- *dst = '\0';
- return (dst - start);
- }
--DEF_WEAK(strvis);
-
- int
- strnvis(char *dst, const char *src, size_t siz, int flag)
---
-2.20.1
-
