~olbohlen/oi-userland.git

parent: 2cbe7cbf | patch | commit | ignore whitespace

Andreas Wacknitz

2023-08-12 49165adb6e4a174bea92e1d95f5960bbd69bed2a

openssh: update to 9.4p1

1 files deleted

3 files modified

	components/network/openssh/Makefile	7 ●●●●● patch \| view \| raw \| blame \| history
	components/network/openssh/patches/0008-Add-DisableBanner-option.patch	32 ●●●●● patch \| view \| raw \| blame \| history
	components/network/openssh/patches/0019-PubKeyPlugin-support.patch	20 ●●●●● patch \| view \| raw \| blame \| history
	components/network/openssh/patches/1003-sk-dummy-openssl.patch	117 ●●●●● patch \| view \| raw \| blame \| history

 components/network/openssh/Makefile

@@ -31,14 +31,13 @@
COMPONENT_NAME=        openssh
#   OpenSSH <x>.<y>p<n>     => IPS <x>.<y>.0.<n>
#   OpenSSH <x>.<y>.<z>p<n> => IPS <x>.<y>.<z>.<n>
COMPONENT_VERSION=    9.3.0.2
HUMAN_VERSION=        9.3p2
COMPONENT_REVISION=    1
COMPONENT_VERSION=    9.4.0.1
HUMAN_VERSION=        9.4p1
COMPONENT_SUMMARY=    OpenSSH client and associated utilities
COMPONENT_SRC=        $(COMPONENT_NAME)-$(HUMAN_VERSION)
COMPONENT_PROJECT_URL=    https://www.openssh.org
COMPONENT_ARCHIVE=    $(COMPONENT_SRC).tar.gz
COMPONENT_ARCHIVE_HASH=    sha256:200ebe147f6cb3f101fd0cdf9e02442af7ddca298dffd9f456878e7ccac676e8
COMPONENT_ARCHIVE_HASH=    sha256:3608fd9088db2163ceb3e600c85ab79d0de3d221e59192ea1923e23263866a85
COMPONENT_ARCHIVE_URL=    https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/$(COMPONENT_ARCHIVE)
COMPONENT_FMRI=    network/ssh
COMPONENT_LICENSE=    BSD, BSD-like

 components/network/openssh/patches/0008-Add-DisableBanner-option.patch

@@ -1,7 +1,7 @@
diff -wpruN '--exclude=*.orig' a~/readconf.c a/readconf.c
diff -wpruN --no-dereference '--exclude=*.orig' a~/readconf.c a/readconf.c
--- a~/readconf.c    1970-01-01 00:00:00
+++ a/readconf.c    1970-01-01 00:00:00
@@ -164,6 +164,9 @@ typedef enum {
@@ -167,6 +167,9 @@ typedef enum {
     oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
     oSendEnv, oSetEnv, oControlPath, oControlMaster, oControlPersist,
     oHashKnownHosts,
@@ -11,7 +11,7 @@
     oTunnel, oTunnelDevice,
     oLocalCommand, oPermitLocalCommand, oRemoteCommand,
     oVisualHostKey,
@@ -289,6 +292,9 @@ static struct {
@@ -294,6 +297,9 @@ static struct {
     { "controlpersist", oControlPersist },
     { "hashknownhosts", oHashKnownHosts },
     { "include", oInclude },
@@ -21,7 +21,7 @@
     { "tunnel", oTunnel },
     { "tunneldevice", oTunnelDevice },
     { "localcommand", oLocalCommand },
@@ -921,6 +927,17 @@ parse_multistate_value(const char *arg,
@@ -1005,6 +1011,17 @@ parse_multistate_value(const char *arg,
     return -1;
 }
 
@@ -39,7 +39,7 @@
 /*
  * Processes a single option line as used in the configuration files. This
  * only sets those values that have not already been set.
@@ -2181,6 +2198,13 @@ parse_pubkey_algos:
@@ -2280,6 +2297,13 @@ parse_pubkey_algos:
         intptr = &options->required_rsa_size;
         goto parse_int;
 
@@ -53,7 +53,7 @@
     case oDeprecated:
         debug("%s line %d: Deprecated option \"%s\"",
             filename, linenum, keyword);
@@ -2416,6 +2440,9 @@ initialize_options(Options * options)
@@ -2516,6 +2540,9 @@ initialize_options(Options * options)
     options->stdin_null = -1;
     options->fork_after_authentication = -1;
     options->proxy_use_fdpass = -1;
@@ -63,7 +63,7 @@
     options->ignored_unknown = NULL;
     options->num_canonical_domains = 0;
     options->num_permitted_cnames = 0;
@@ -2616,6 +2643,10 @@ fill_default_options(Options * options)
@@ -2718,6 +2745,10 @@ fill_default_options(Options * options)
         options->canonicalize_fallback_local = 1;
     if (options->canonicalize_hostname == -1)
         options->canonicalize_hostname = SSH_CANONICALISE_NO;
@@ -74,11 +74,11 @@
     if (options->fingerprint_hash == -1)
         options->fingerprint_hash = SSH_FP_HASH_DEFAULT;
 #ifdef ENABLE_SK_INTERNAL
diff -wpruN '--exclude=*.orig' a~/readconf.h a/readconf.h
diff -wpruN --no-dereference '--exclude=*.orig' a~/readconf.h a/readconf.h
--- a~/readconf.h    1970-01-01 00:00:00
+++ a/readconf.h    1970-01-01 00:00:00
@@ -179,6 +179,9 @@ typedef struct {
     int    required_rsa_size;    /* minimum size of RSA keys */
@@ -182,6 +182,9 @@ typedef struct {
     int    enable_escape_commandline;    /* ~C commandline */
 
     char    *ignored_unknown; /* Pattern list of unknown tokens to ignore */
+#ifdef DISABLE_BANNER
@@ -87,7 +87,7 @@
 }       Options;
 
 #define SSH_PUBKEY_AUTH_NO    0x00
@@ -219,6 +222,12 @@ typedef struct {
@@ -222,6 +225,12 @@ typedef struct {
 #define SSH_STRICT_HOSTKEY_YES    2
 #define SSH_STRICT_HOSTKEY_ASK    3
 
@@ -100,10 +100,10 @@
 const char *kex_default_pk_alg(void);
 char    *ssh_connection_hash(const char *thishost, const char *host,
     const char *portstr, const char *user);
diff -wpruN '--exclude=*.orig' a~/ssh_config.5 a/ssh_config.5
diff -wpruN --no-dereference '--exclude=*.orig' a~/ssh_config.5 a/ssh_config.5
--- a~/ssh_config.5    1970-01-01 00:00:00
+++ a/ssh_config.5    1970-01-01 00:00:00
@@ -611,6 +611,14 @@ If set to a time in seconds, or a time i
@@ -633,6 +633,14 @@ If set to a time in seconds, or a time i
 then the backgrounded master connection will automatically terminate
 after it has remained idle (with no client connections) for the
 specified time.
@@ -118,10 +118,10 @@
 .It Cm DynamicForward
 Specifies that a TCP port on the local machine be forwarded
 over the secure channel, and the application
diff -wpruN '--exclude=*.orig' a~/sshconnect2.c a/sshconnect2.c
diff -wpruN --no-dereference '--exclude=*.orig' a~/sshconnect2.c a/sshconnect2.c
--- a~/sshconnect2.c    1970-01-01 00:00:00
+++ a/sshconnect2.c    1970-01-01 00:00:00
@@ -85,6 +85,10 @@ extern char *client_version_string;
@@ -84,6 +84,10 @@ extern char *client_version_string;
 extern char *server_version_string;
 extern Options options;
 
@@ -132,7 +132,7 @@
 /*
  * SSH2 key exchange
  */
@@ -603,8 +607,28 @@ input_userauth_banner(int type, u_int32_
@@ -585,8 +589,28 @@ input_userauth_banner(int type, u_int32_
     if ((r = sshpkt_get_cstring(ssh, &msg, &len)) != 0 ||
         (r = sshpkt_get_cstring(ssh, NULL, NULL)) != 0)
         goto out;

 components/network/openssh/patches/0019-PubKeyPlugin-support.patch

@@ -7,7 +7,7 @@
SunSSH, allowing an in-process shared library to be called
into to check public keys for authentication.

diff -wpruN '--exclude=*.orig' a~/auth2-pubkey.c a/auth2-pubkey.c
diff -wpruN --no-dereference '--exclude=*.orig' a~/auth2-pubkey.c a/auth2-pubkey.c
--- a~/auth2-pubkey.c    1970-01-01 00:00:00
+++ a/auth2-pubkey.c    1970-01-01 00:00:00
@@ -23,6 +23,11 @@
@@ -52,7 +52,7 @@
 static int
 userauth_pubkey(struct ssh *ssh, const char *method)
 {
@@ -747,6 +763,124 @@ user_key_command_allowed2(struct passwd
@@ -745,6 +761,124 @@ user_key_command_allowed2(struct passwd
     return found_key;
 }
 
@@ -177,7 +177,7 @@
 /*
  * Check whether key authenticates and authorises the user.
  */
@@ -792,6 +926,10 @@ user_key_allowed(struct ssh *ssh, struct
@@ -796,6 +930,10 @@ user_key_allowed(struct ssh *ssh, struct
     sshauthopt_free(opts);
     opts = NULL;
 
@@ -186,12 +186,12 @@
+        return success;
+
     if ((success = user_key_command_allowed2(pw, key, remote_ip,
         remote_host, &opts)) != 0)
         remote_host, conn_id, rdomain, &opts)) != 0)
         goto out;
diff -wpruN '--exclude=*.orig' a~/servconf.c a/servconf.c
diff -wpruN --no-dereference '--exclude=*.orig' a~/servconf.c a/servconf.c
--- a~/servconf.c    1970-01-01 00:00:00
+++ a/servconf.c    1970-01-01 00:00:00
@@ -211,6 +211,7 @@ initialize_server_options(ServerOptions
@@ -209,6 +209,7 @@ initialize_server_options(ServerOptions
      */
     options->pam_service_per_authmethod = 1;
 #endif
@@ -199,7 +199,7 @@
 }
 
 /* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */
@@ -559,6 +560,7 @@ typedef enum {
@@ -557,6 +558,7 @@ typedef enum {
     sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding,
     sExposeAuthInfo, sRDomain, sPubkeyAuthOptions, sSecurityKeyProvider,
     sRequiredRSASize, sChannelTimeout, sUnusedConnectionTimeout,
@@ -207,7 +207,7 @@
     sDeprecated, sIgnore, sUnsupported
 } ServerOpCodes;
 
@@ -725,6 +727,7 @@ static struct {
@@ -723,6 +725,7 @@ static struct {
     { "exposeauthinfo", sExposeAuthInfo, SSHCFG_ALL },
     { "rdomain", sRDomain, SSHCFG_ALL },
     { "casignaturealgorithms", sCASignatureAlgorithms, SSHCFG_ALL },
@@ -215,7 +215,7 @@
     { "securitykeyprovider", sSecurityKeyProvider, SSHCFG_GLOBAL },
     { "requiredrsasize", sRequiredRSASize, SSHCFG_ALL },
     { "channeltimeout", sChannelTimeout, SSHCFG_ALL },
@@ -2626,6 +2629,18 @@ process_server_config_line_depth(ServerO
@@ -2631,6 +2634,18 @@ process_server_config_line_depth(ServerO
         }
         break;
 
@@ -234,7 +234,7 @@
     case sDeprecated:
     case sIgnore:
     case sUnsupported:
diff -wpruN '--exclude=*.orig' a~/servconf.h a/servconf.h
diff -wpruN --no-dereference '--exclude=*.orig' a~/servconf.h a/servconf.h
--- a~/servconf.h    1970-01-01 00:00:00
+++ a/servconf.h    1970-01-01 00:00:00
@@ -237,6 +237,7 @@ typedef struct {

 components/network/openssh/patches/1003-sk-dummy-openssl.patch

File was deleted

			@@ -31,14 +31,13 @@
			COMPONENT_NAME= openssh
			# OpenSSH <x>.<y>p<n> => IPS <x>.<y>.0.<n>
			# OpenSSH <x>.<y>.<z>p<n> => IPS <x>.<y>.<z>.<n>
			COMPONENT_VERSION= 9.3.0.2
			HUMAN_VERSION= 9.3p2
			COMPONENT_REVISION= 1
			COMPONENT_VERSION= 9.4.0.1
			HUMAN_VERSION= 9.4p1
			COMPONENT_SUMMARY= OpenSSH client and associated utilities
			COMPONENT_SRC= $(COMPONENT_NAME)-$(HUMAN_VERSION)
			COMPONENT_PROJECT_URL= https://www.openssh.org
			COMPONENT_ARCHIVE= $(COMPONENT_SRC).tar.gz
			COMPONENT_ARCHIVE_HASH= sha256:200ebe147f6cb3f101fd0cdf9e02442af7ddca298dffd9f456878e7ccac676e8
			COMPONENT_ARCHIVE_HASH= sha256:3608fd9088db2163ceb3e600c85ab79d0de3d221e59192ea1923e23263866a85
			COMPONENT_ARCHIVE_URL= https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/$(COMPONENT_ARCHIVE)
			COMPONENT_FMRI= network/ssh
			COMPONENT_LICENSE= BSD, BSD-like

			@@ -1,7 +1,7 @@
			diff -wpruN '--exclude=*.orig' a~/readconf.c a/readconf.c
			diff -wpruN --no-dereference '--exclude=*.orig' a~/readconf.c a/readconf.c
			--- a~/readconf.c 1970-01-01 00:00:00
			+++ a/readconf.c 1970-01-01 00:00:00
			@@ -164,6 +164,9 @@ typedef enum {
			@@ -167,6 +167,9 @@ typedef enum {
			oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
			oSendEnv, oSetEnv, oControlPath, oControlMaster, oControlPersist,
			oHashKnownHosts,
			@@ -11,7 +11,7 @@
			oTunnel, oTunnelDevice,
			oLocalCommand, oPermitLocalCommand, oRemoteCommand,
			oVisualHostKey,
			@@ -289,6 +292,9 @@ static struct {
			@@ -294,6 +297,9 @@ static struct {
			{ "controlpersist", oControlPersist },
			{ "hashknownhosts", oHashKnownHosts },
			{ "include", oInclude },
			@@ -21,7 +21,7 @@
			{ "tunnel", oTunnel },
			{ "tunneldevice", oTunnelDevice },
			{ "localcommand", oLocalCommand },
			@@ -921,6 +927,17 @@ parse_multistate_value(const char *arg,
			@@ -1005,6 +1011,17 @@ parse_multistate_value(const char *arg,
			return -1;
			}

			@@ -39,7 +39,7 @@
			/*
			* Processes a single option line as used in the configuration files. This
			* only sets those values that have not already been set.
			@@ -2181,6 +2198,13 @@ parse_pubkey_algos:
			@@ -2280,6 +2297,13 @@ parse_pubkey_algos:
			intptr = &options->required_rsa_size;
			goto parse_int;

			@@ -53,7 +53,7 @@
			case oDeprecated:
			debug("%s line %d: Deprecated option \"%s\"",
			filename, linenum, keyword);
			@@ -2416,6 +2440,9 @@ initialize_options(Options * options)
			@@ -2516,6 +2540,9 @@ initialize_options(Options * options)
			options->stdin_null = -1;
			options->fork_after_authentication = -1;
			options->proxy_use_fdpass = -1;
			@@ -63,7 +63,7 @@
			options->ignored_unknown = NULL;
			options->num_canonical_domains = 0;
			options->num_permitted_cnames = 0;
			@@ -2616,6 +2643,10 @@ fill_default_options(Options * options)
			@@ -2718,6 +2745,10 @@ fill_default_options(Options * options)
			options->canonicalize_fallback_local = 1;
			if (options->canonicalize_hostname == -1)
			options->canonicalize_hostname = SSH_CANONICALISE_NO;
			@@ -74,11 +74,11 @@
			if (options->fingerprint_hash == -1)
			options->fingerprint_hash = SSH_FP_HASH_DEFAULT;
			#ifdef ENABLE_SK_INTERNAL
			diff -wpruN '--exclude=*.orig' a~/readconf.h a/readconf.h
			diff -wpruN --no-dereference '--exclude=*.orig' a~/readconf.h a/readconf.h
			--- a~/readconf.h 1970-01-01 00:00:00
			+++ a/readconf.h 1970-01-01 00:00:00
			@@ -179,6 +179,9 @@ typedef struct {
			int required_rsa_size; /* minimum size of RSA keys */
			@@ -182,6 +182,9 @@ typedef struct {
			int enable_escape_commandline; /* ~C commandline */

			char ignored_unknown; / Pattern list of unknown tokens to ignore */
			+#ifdef DISABLE_BANNER
			@@ -87,7 +87,7 @@
			} Options;

			#define SSH_PUBKEY_AUTH_NO 0x00
			@@ -219,6 +222,12 @@ typedef struct {
			@@ -222,6 +225,12 @@ typedef struct {
			#define SSH_STRICT_HOSTKEY_YES 2
			#define SSH_STRICT_HOSTKEY_ASK 3

			@@ -100,10 +100,10 @@
			const char *kex_default_pk_alg(void);
			char ssh_connection_hash(const char thishost, const char *host,
			const char portstr, const char user);
			diff -wpruN '--exclude=*.orig' a~/ssh_config.5 a/ssh_config.5
			diff -wpruN --no-dereference '--exclude=*.orig' a~/ssh_config.5 a/ssh_config.5
			--- a~/ssh_config.5 1970-01-01 00:00:00
			+++ a/ssh_config.5 1970-01-01 00:00:00
			@@ -611,6 +611,14 @@ If set to a time in seconds, or a time i
			@@ -633,6 +633,14 @@ If set to a time in seconds, or a time i
			then the backgrounded master connection will automatically terminate
			after it has remained idle (with no client connections) for the
			specified time.
			@@ -118,10 +118,10 @@
			.It Cm DynamicForward
			Specifies that a TCP port on the local machine be forwarded
			over the secure channel, and the application
			diff -wpruN '--exclude=*.orig' a~/sshconnect2.c a/sshconnect2.c
			diff -wpruN --no-dereference '--exclude=*.orig' a~/sshconnect2.c a/sshconnect2.c
			--- a~/sshconnect2.c 1970-01-01 00:00:00
			+++ a/sshconnect2.c 1970-01-01 00:00:00
			@@ -85,6 +85,10 @@ extern char *client_version_string;
			@@ -84,6 +84,10 @@ extern char *client_version_string;
			extern char *server_version_string;
			extern Options options;

			@@ -132,7 +132,7 @@
			/*
			* SSH2 key exchange
			*/
			@@ -603,8 +607,28 @@ input_userauth_banner(int type, u_int32_
			@@ -585,8 +589,28 @@ input_userauth_banner(int type, u_int32_
			if ((r = sshpkt_get_cstring(ssh, &msg, &len)) != 0 \|\|
			(r = sshpkt_get_cstring(ssh, NULL, NULL)) != 0)
			goto out;

			@@ -7,7 +7,7 @@
			SunSSH, allowing an in-process shared library to be called
			into to check public keys for authentication.

			diff -wpruN '--exclude=*.orig' a~/auth2-pubkey.c a/auth2-pubkey.c
			diff -wpruN --no-dereference '--exclude=*.orig' a~/auth2-pubkey.c a/auth2-pubkey.c
			--- a~/auth2-pubkey.c 1970-01-01 00:00:00
			+++ a/auth2-pubkey.c 1970-01-01 00:00:00
			@@ -23,6 +23,11 @@
			@@ -52,7 +52,7 @@
			static int
			userauth_pubkey(struct ssh ssh, const char method)
			{
			@@ -747,6 +763,124 @@ user_key_command_allowed2(struct passwd
			@@ -745,6 +761,124 @@ user_key_command_allowed2(struct passwd
			return found_key;
			}

			@@ -177,7 +177,7 @@
			/*
			* Check whether key authenticates and authorises the user.
			*/
			@@ -792,6 +926,10 @@ user_key_allowed(struct ssh *ssh, struct
			@@ -796,6 +930,10 @@ user_key_allowed(struct ssh *ssh, struct
			sshauthopt_free(opts);
			opts = NULL;

			@@ -186,12 +186,12 @@
			+ return success;
			+
			if ((success = user_key_command_allowed2(pw, key, remote_ip,
			remote_host, &opts)) != 0)
			remote_host, conn_id, rdomain, &opts)) != 0)
			goto out;
			diff -wpruN '--exclude=*.orig' a~/servconf.c a/servconf.c
			diff -wpruN --no-dereference '--exclude=*.orig' a~/servconf.c a/servconf.c
			--- a~/servconf.c 1970-01-01 00:00:00
			+++ a/servconf.c 1970-01-01 00:00:00
			@@ -211,6 +211,7 @@ initialize_server_options(ServerOptions
			@@ -209,6 +209,7 @@ initialize_server_options(ServerOptions
			*/
			options->pam_service_per_authmethod = 1;
			#endif
			@@ -199,7 +199,7 @@
			}

			/* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */
			@@ -559,6 +560,7 @@ typedef enum {
			@@ -557,6 +558,7 @@ typedef enum {
			sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding,
			sExposeAuthInfo, sRDomain, sPubkeyAuthOptions, sSecurityKeyProvider,
			sRequiredRSASize, sChannelTimeout, sUnusedConnectionTimeout,
			@@ -207,7 +207,7 @@
			sDeprecated, sIgnore, sUnsupported
			} ServerOpCodes;

			@@ -725,6 +727,7 @@ static struct {
			@@ -723,6 +725,7 @@ static struct {
			{ "exposeauthinfo", sExposeAuthInfo, SSHCFG_ALL },
			{ "rdomain", sRDomain, SSHCFG_ALL },
			{ "casignaturealgorithms", sCASignatureAlgorithms, SSHCFG_ALL },
			@@ -215,7 +215,7 @@
			{ "securitykeyprovider", sSecurityKeyProvider, SSHCFG_GLOBAL },
			{ "requiredrsasize", sRequiredRSASize, SSHCFG_ALL },
			{ "channeltimeout", sChannelTimeout, SSHCFG_ALL },
			@@ -2626,6 +2629,18 @@ process_server_config_line_depth(ServerO
			@@ -2631,6 +2634,18 @@ process_server_config_line_depth(ServerO
			}
			break;

			@@ -234,7 +234,7 @@
			case sDeprecated:
			case sIgnore:
			case sUnsupported:
			diff -wpruN '--exclude=*.orig' a~/servconf.h a/servconf.h
			diff -wpruN --no-dereference '--exclude=*.orig' a~/servconf.h a/servconf.h
			--- a~/servconf.h 1970-01-01 00:00:00
			+++ a/servconf.h 1970-01-01 00:00:00
			@@ -237,6 +237,7 @@ typedef struct {