Update openssh to 7.9p1

6 files changed, 49 insertions, 49 deletions

diff --git a/data/openssh/_metadata/libssl1.0.dep b/data/openssh/_metadata/libssl1.0.dep
new file mode 120000
index 000000000..a501d00a8
--- /dev/null
+++ b/data/openssh/_metadata/libssl1.0.dep
@@ -0,0 +1 @@
+../../libssl1.0
\ No newline at end of file
diff --git a/data/openssh/_metadata/openssl.dep b/data/openssh/_metadata/openssl.dep
deleted file mode 120000
index 9b58fd56b..000000000
--- a/data/openssh/_metadata/openssl.dep
+++ /dev/null
@@ -1 +0,0 @@
-../../openssl
\ No newline at end of file
diff --git a/data/openssh/_metadata/version b/data/openssh/_metadata/version
index d4461db47..11ec65529 100644
--- a/data/openssh/_metadata/version
+++ b/data/openssh/_metadata/version
@@ -1 +1 @@
-7.7p1
+7.9p1
diff --git a/data/openssh/openssh-7.7p1.tar.gz b/data/openssh/openssh-7.7p1.tar.gz
deleted file mode 100644
index 776707ee5..000000000
--- a/data/openssh/openssh-7.7p1.tar.gz
+++ /dev/null
diff --git a/data/openssh/openssh-7.9p1.tar.gz b/data/openssh/openssh-7.9p1.tar.gz
new file mode 100644
index 000000000..38f492774
--- /dev/null
+++ b/data/openssh/openssh-7.9p1.tar.gz
diff --git a/data/openssh/privsep.diff b/data/openssh/privsep.diff
index 2f53b4da3..3f2b4d28b 100644
--- a/data/openssh/privsep.diff
+++ b/data/openssh/privsep.diff
@@ -1,8 +1,7 @@
-diff --git a/contrib/cygwin/ssh-host-config b/contrib/cygwin/ssh-host-config
-index db6aaa08..d934d09b 100644
---- a/contrib/cygwin/ssh-host-config
-+++ b/contrib/cygwin/ssh-host-config
-@@ -63,6 +63,7 @@ sshd_config_configured=no
+diff -ur openssh-7.9p1/contrib/cygwin/ssh-host-config openssh-7.9p1+iPhone/contrib/cygwin/ssh-host-config
+--- openssh-7.9p1/contrib/cygwin/ssh-host-config	2018-10-16 14:01:20.000000000 -1000
++++ openssh-7.9p1+iPhone/contrib/cygwin/ssh-host-config	2018-12-10 10:14:07.000000000 -1000
+@@ -63,6 +63,7 @@
  port_number=22
  service_name=sshd
  strictmodes=yes
@@ -10,7 +9,7 @@ index db6aaa08..d934d09b 100644
  cygwin_value=""
  user_account=
  password_value=
-@@ -139,21 +140,33 @@ sshd_strictmodes() {
+@@ -139,21 +140,33 @@
  
  # ======================================================================
  # Routine: sshd_privsep
@@ -23,6 +22,13 @@ index db6aaa08..d934d09b 100644
    if [ "${sshd_config_configured}" != "yes" ]
    then
 -    if ! csih_create_unprivileged_user sshd
+-    then
+-      csih_error_recoverable "Could not create user 'sshd'!"
+-      csih_error_recoverable "You will not be able to run an sshd service"
+-      csih_error_recoverable "under a privileged account successfully."
+-      csih_error_recoverable "Make sure to create a non-privileged user 'sshd'"
+-      csih_error_recoverable "manually before trying to run the service!"
+-      let ++ret
 +    echo
 +    csih_inform "Privilege separation is set to 'sandbox' by default since"
 +    csih_inform "OpenSSH 6.1.  This is unsupported by Cygwin and has to be set"
@@ -31,13 +37,7 @@ index db6aaa08..d934d09b 100644
 +    csih_inform "called 'sshd'."
 +    csih_inform "For more info on privilege separation read /usr/share/doc/openssh/README.privsep."
 +    if csih_request "Should privilege separation be used?"
-     then
--      csih_error_recoverable "Could not create user 'sshd'!"
--      csih_error_recoverable "You will not be able to run an sshd service"
--      csih_error_recoverable "under a privileged account successfully."
--      csih_error_recoverable "Make sure to create a non-privileged user 'sshd'"
--      csih_error_recoverable "manually before trying to run the service!"
--      let ++ret
++    then
 +      privsep_used=yes
 +      if ! csih_create_unprivileged_user sshd
 +      then
@@ -52,7 +52,7 @@ index db6aaa08..d934d09b 100644
      fi
    fi
    return $ret
-@@ -189,6 +202,18 @@ sshd_config_tweak() {
+@@ -189,6 +202,18 @@
        let ++ret
      fi
    fi
@@ -71,7 +71,7 @@ index db6aaa08..d934d09b 100644
    return $ret
  } # --- End of sshd_config_tweak --- #
  
-@@ -668,7 +693,7 @@ then
+@@ -668,7 +693,7 @@
    fi
  fi
  
@@ -80,20 +80,19 @@ index db6aaa08..d934d09b 100644
  csih_install_config "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults" || let ++warning_cnt
  if ! /usr/bin/cmp "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults/${SYSCONFDIR}/sshd_config" >/dev/null 2>&1
  then
-diff --git a/servconf.c b/servconf.c
-index 0f0d0906..a63cec91 100644
---- a/servconf.c
-+++ b/servconf.c
-@@ -590,7 +590,7 @@ static struct {
+diff -ur openssh-7.9p1/servconf.c openssh-7.9p1+iPhone/servconf.c
+--- openssh-7.9p1/servconf.c	2018-10-16 14:01:20.000000000 -1000
++++ openssh-7.9p1+iPhone/servconf.c	2018-12-10 10:14:07.000000000 -1000
+@@ -614,7 +614,7 @@
  	{ "clientalivecountmax", sClientAliveCountMax, SSHCFG_ALL },
  	{ "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL },
  	{ "authorizedkeysfile2", sDeprecated, SSHCFG_ALL },
 -	{ "useprivilegeseparation", sDeprecated, SSHCFG_GLOBAL},
 +	{ "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL},
  	{ "acceptenv", sAcceptEnv, SSHCFG_ALL },
+ 	{ "setenv", sSetEnv, SSHCFG_ALL },
  	{ "permittunnel", sPermitTunnel, SSHCFG_ALL },
- 	{ "permittty", sPermitTTY, SSHCFG_ALL },
-@@ -1130,6 +1130,13 @@ static const struct multistate multistate_gatewayports[] = {
+@@ -1187,6 +1187,13 @@
  	{ "no",				0 },
  	{ NULL, -1 }
  };
@@ -107,7 +106,7 @@ index 0f0d0906..a63cec91 100644
  static const struct multistate multistate_tcpfwd[] = {
  	{ "yes",			FORWARD_ALLOW },
  	{ "all",			FORWARD_ALLOW },
-@@ -1563,6 +1570,11 @@ process_server_config_line(ServerOptions *options, char *line,
+@@ -1646,6 +1653,11 @@
  		intptr = &options->disable_forwarding;
  		goto parse_flag;
  
@@ -119,7 +118,7 @@ index 0f0d0906..a63cec91 100644
  	case sAllowUsers:
  		while ((arg = strdelim(&cp)) && *arg != '\0') {
  			if (match_user(NULL, NULL, NULL, arg) == -1)
-@@ -2289,6 +2301,8 @@ fmt_intarg(ServerOpCodes code, int val)
+@@ -2407,6 +2419,8 @@
  		return fmt_multistate_int(val, multistate_gatewayports);
  	case sCompression:
  		return fmt_multistate_int(val, multistate_compression);
@@ -128,7 +127,7 @@ index 0f0d0906..a63cec91 100644
  	case sAllowTcpForwarding:
  		return fmt_multistate_int(val, multistate_tcpfwd);
  	case sAllowStreamLocalForwarding:
-@@ -2480,6 +2494,7 @@ dump_config(ServerOptions *o)
+@@ -2586,6 +2600,7 @@
  	dump_cfg_fmtint(sDisableForwarding, o->disable_forwarding);
  	dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding);
  	dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink);
@@ -136,11 +135,11 @@ index 0f0d0906..a63cec91 100644
  	dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash);
  	dump_cfg_fmtint(sExposeAuthInfo, o->expose_userauth_info);
  
-diff --git a/sshd.c b/sshd.c
-index fd95b681..697f5a8b 100644
---- a/sshd.c
-+++ b/sshd.c
-@@ -228,7 +228,6 @@ int startup_pipe;		/* in child */
+Only in openssh-7.9p1+iPhone: servconf.c.orig
+diff -ur openssh-7.9p1/sshd.c openssh-7.9p1+iPhone/sshd.c
+--- openssh-7.9p1/sshd.c	2018-10-16 14:01:20.000000000 -1000
++++ openssh-7.9p1+iPhone/sshd.c	2018-12-10 10:14:07.000000000 -1000
+@@ -228,7 +228,6 @@
  int use_privsep = -1;
  struct monitor *pmonitor = NULL;
  int privsep_is_preauth = 1;
@@ -148,7 +147,7 @@ index fd95b681..697f5a8b 100644
  
  /* global authentication context */
  Authctxt *the_authctxt = NULL;
-@@ -541,7 +540,7 @@ privsep_preauth_child(void)
+@@ -545,7 +544,7 @@
  	demote_sensitive_data();
  
  	/* Demote the child */
@@ -157,7 +156,7 @@ index fd95b681..697f5a8b 100644
  		/* Change our root directory */
  		if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)
  			fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR,
-@@ -1641,9 +1640,8 @@ main(int ac, char **av)
+@@ -1730,9 +1729,8 @@
  	);
  
  	/* Store privilege separation user for later use if required. */
@@ -168,8 +167,8 @@ index fd95b681..697f5a8b 100644
  			fatal("Privilege separation user %s does not exist",
  			    SSH_PRIVSEP_USER);
  	} else {
-@@ -1801,7 +1790,7 @@ main(int ac, char **av)
- 		    key_type(key));
+@@ -1858,7 +1856,7 @@
+ 		    sshkey_type(key));
  	}
  
 -	if (privsep_chroot) {
@@ -177,23 +176,22 @@ index fd95b681..697f5a8b 100644
  		struct stat st;
  
  		if ((stat(_PATH_PRIVSEP_CHROOT_DIR, &st) == -1) ||
-diff --git a/sshd_config b/sshd_config
-index 3109d5d7..018b5eb2 100644
---- a/sshd_config
-+++ b/sshd_config
-@@ -92,6 +92,7 @@ AuthorizedKeysFile	.ssh/authorized_keys
+Only in openssh-7.9p1+iPhone: sshd.c.orig
+diff -ur openssh-7.9p1/sshd_config openssh-7.9p1+iPhone/sshd_config
+--- openssh-7.9p1/sshd_config	2018-10-16 14:01:20.000000000 -1000
++++ openssh-7.9p1+iPhone/sshd_config	2018-12-10 10:14:59.000000000 -1000
+@@ -90,6 +90,7 @@
+ #PermitTTY yes
+ #PrintMotd yes
  #PrintLastLog yes
- #TCPKeepAlive yes
- #UseLogin no
 +#UsePrivilegeSeparation sandbox
+ #TCPKeepAlive yes
  #PermitUserEnvironment no
  #Compression delayed
- #ClientAliveInterval 0
-diff --git a/sshd_config.5 b/sshd_config.5
-index e3c7c393..20a185f0 100644
---- a/sshd_config.5
-+++ b/sshd_config.5
-@@ -1542,6 +1542,28 @@ is enabled, you will not be able to run
+diff -ur openssh-7.9p1/sshd_config.5 openssh-7.9p1+iPhone/sshd_config.5
+--- openssh-7.9p1/sshd_config.5	2018-10-16 14:01:20.000000000 -1000
++++ openssh-7.9p1+iPhone/sshd_config.5	2018-12-10 10:14:07.000000000 -1000
+@@ -1624,6 +1624,28 @@
  as a non-root user.
  The default is
  .Cm no .
@@ -222,3 +220,5 @@ index e3c7c393..20a185f0 100644
  .It Cm VersionAddendum
  Optionally specifies additional text to append to the SSH protocol banner
  sent by the server upon connection.
+Only in openssh-7.9p1+iPhone: sshd_config.5.orig
+Only in openssh-7.9p1+iPhone: sshd_config.orig