diff options
| author | Sam Bingner <sam@bingner.com> | 2020-07-17 00:01:03 -1000 |
|---|---|---|
| committer | Sam Bingner <sam@bingner.com> | 2020-08-04 12:40:38 -1000 |
| commit | 7ed1b50a007f659a16095c46d1ea1d6a26e47ba7 (patch) | |
| tree | 6c77eab83d8685f8f73f0017457894511514f105 | |
| parent | fc62968b1d6979799805dd8e55a4017c3a1e087c (diff) | |
Update openssh to 8.1p1
| -rw-r--r-- | data/openssh/_metadata/in.550.58 | 0 | ||||
| l--------- | data/openssh/_metadata/libssl1.0.dep | 1 | ||||
| l--------- | data/openssh/_metadata/libssl1.1.1.dep | 1 | ||||
| -rw-r--r-- | data/openssh/_metadata/version | 2 | ||||
| -rw-r--r-- | data/openssh/com.openssh.sshd.plist | 2 | ||||
| -rw-r--r-- | data/openssh/openssh-7.9p1.tar.gz | bin | 1565384 -> 0 bytes | |||
| -rw-r--r-- | data/openssh/openssh-8.1p1.tar.gz | bin | 0 -> 1625894 bytes | |||
| -rw-r--r-- | data/openssh/privsep.diff | 67 |
8 files changed, 31 insertions, 42 deletions
diff --git a/data/openssh/_metadata/in.550.58 b/data/openssh/_metadata/in.550.58 new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/data/openssh/_metadata/in.550.58 diff --git a/data/openssh/_metadata/libssl1.0.dep b/data/openssh/_metadata/libssl1.0.dep deleted file mode 120000 index a501d00a8..000000000 --- a/data/openssh/_metadata/libssl1.0.dep +++ /dev/null @@ -1 +0,0 @@ -../../libssl1.0
\ No newline at end of file diff --git a/data/openssh/_metadata/libssl1.1.1.dep b/data/openssh/_metadata/libssl1.1.1.dep new file mode 120000 index 000000000..254747b12 --- /dev/null +++ b/data/openssh/_metadata/libssl1.1.1.dep @@ -0,0 +1 @@ +../../libssl1.1.1
\ No newline at end of file diff --git a/data/openssh/_metadata/version b/data/openssh/_metadata/version index 11ec65529..b8eb02635 100644 --- a/data/openssh/_metadata/version +++ b/data/openssh/_metadata/version @@ -1 +1 @@ -7.9p1 +8.1 diff --git a/data/openssh/com.openssh.sshd.plist b/data/openssh/com.openssh.sshd.plist index eabe1b675..9cb4b70f5 100644 --- a/data/openssh/com.openssh.sshd.plist +++ b/data/openssh/com.openssh.sshd.plist @@ -36,6 +36,8 @@ <key>Wait</key> <false/> </dict> + <key>ExecuteAllowed</key> + <true/> </dict> </plist> diff --git a/data/openssh/openssh-7.9p1.tar.gz b/data/openssh/openssh-7.9p1.tar.gz Binary files differdeleted file mode 100644 index 38f492774..000000000 --- a/data/openssh/openssh-7.9p1.tar.gz +++ /dev/null diff --git a/data/openssh/openssh-8.1p1.tar.gz b/data/openssh/openssh-8.1p1.tar.gz Binary files differnew file mode 100644 index 000000000..359ecb978 --- /dev/null +++ b/data/openssh/openssh-8.1p1.tar.gz diff --git a/data/openssh/privsep.diff b/data/openssh/privsep.diff index 3f2b4d28b..1ded9e741 100644 --- a/data/openssh/privsep.diff +++ b/data/openssh/privsep.diff @@ -1,9 +1,9 @@ -diff -ur openssh-7.9p1/contrib/cygwin/ssh-host-config openssh-7.9p1+iPhone/contrib/cygwin/ssh-host-config ---- openssh-7.9p1/contrib/cygwin/ssh-host-config 2018-10-16 14:01:20.000000000 -1000 -+++ openssh-7.9p1+iPhone/contrib/cygwin/ssh-host-config 2018-12-10 10:14:07.000000000 -1000 +diff -ur openssh-8.1p1/contrib/cygwin/ssh-host-config openssh-8.1p1+iOS/contrib/cygwin/ssh-host-config +--- openssh-8.1p1/contrib/cygwin/ssh-host-config 2019-10-08 14:31:03.000000000 -1000 ++++ openssh-8.1p1+iOS/contrib/cygwin/ssh-host-config 2020-01-03 13:45:51.000000000 -1000 @@ -63,6 +63,7 @@ port_number=22 - service_name=sshd + service_name=cygsshd strictmodes=yes +privsep_used=yes cygwin_value="" @@ -71,19 +71,10 @@ diff -ur openssh-7.9p1/contrib/cygwin/ssh-host-config openssh-7.9p1+iPhone/contr return $ret } # --- End of sshd_config_tweak --- # -@@ -668,7 +693,7 @@ - fi - fi - --# handle sshd_config -+# handle sshd_config (and privsep) - csih_install_config "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults" || let ++warning_cnt - if ! /usr/bin/cmp "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults/${SYSCONFDIR}/sshd_config" >/dev/null 2>&1 - then -diff -ur openssh-7.9p1/servconf.c openssh-7.9p1+iPhone/servconf.c ---- openssh-7.9p1/servconf.c 2018-10-16 14:01:20.000000000 -1000 -+++ openssh-7.9p1+iPhone/servconf.c 2018-12-10 10:14:07.000000000 -1000 -@@ -614,7 +614,7 @@ +diff -ur openssh-8.1p1/servconf.c openssh-8.1p1+iOS/servconf.c +--- openssh-8.1p1/servconf.c 2019-10-08 14:31:03.000000000 -1000 ++++ openssh-8.1p1+iOS/servconf.c 2020-01-03 13:45:51.000000000 -1000 +@@ -627,7 +627,7 @@ { "clientalivecountmax", sClientAliveCountMax, SSHCFG_ALL }, { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL }, { "authorizedkeysfile2", sDeprecated, SSHCFG_ALL }, @@ -92,7 +83,7 @@ diff -ur openssh-7.9p1/servconf.c openssh-7.9p1+iPhone/servconf.c { "acceptenv", sAcceptEnv, SSHCFG_ALL }, { "setenv", sSetEnv, SSHCFG_ALL }, { "permittunnel", sPermitTunnel, SSHCFG_ALL }, -@@ -1187,6 +1187,13 @@ +@@ -1202,6 +1202,13 @@ { "no", 0 }, { NULL, -1 } }; @@ -106,7 +97,7 @@ diff -ur openssh-7.9p1/servconf.c openssh-7.9p1+iPhone/servconf.c static const struct multistate multistate_tcpfwd[] = { { "yes", FORWARD_ALLOW }, { "all", FORWARD_ALLOW }, -@@ -1646,6 +1653,11 @@ +@@ -1666,6 +1673,11 @@ intptr = &options->disable_forwarding; goto parse_flag; @@ -118,7 +109,7 @@ diff -ur openssh-7.9p1/servconf.c openssh-7.9p1+iPhone/servconf.c case sAllowUsers: while ((arg = strdelim(&cp)) && *arg != '\0') { if (match_user(NULL, NULL, NULL, arg) == -1) -@@ -2407,6 +2419,8 @@ +@@ -2431,6 +2443,8 @@ return fmt_multistate_int(val, multistate_gatewayports); case sCompression: return fmt_multistate_int(val, multistate_compression); @@ -127,7 +118,7 @@ diff -ur openssh-7.9p1/servconf.c openssh-7.9p1+iPhone/servconf.c case sAllowTcpForwarding: return fmt_multistate_int(val, multistate_tcpfwd); case sAllowStreamLocalForwarding: -@@ -2586,6 +2600,7 @@ +@@ -2610,6 +2624,7 @@ dump_cfg_fmtint(sDisableForwarding, o->disable_forwarding); dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding); dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink); @@ -135,19 +126,18 @@ diff -ur openssh-7.9p1/servconf.c openssh-7.9p1+iPhone/servconf.c dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash); dump_cfg_fmtint(sExposeAuthInfo, o->expose_userauth_info); -Only in openssh-7.9p1+iPhone: servconf.c.orig -diff -ur openssh-7.9p1/sshd.c openssh-7.9p1+iPhone/sshd.c ---- openssh-7.9p1/sshd.c 2018-10-16 14:01:20.000000000 -1000 -+++ openssh-7.9p1+iPhone/sshd.c 2018-12-10 10:14:07.000000000 -1000 -@@ -228,7 +228,6 @@ +diff -ur openssh-8.1p1/sshd.c openssh-8.1p1+iOS/sshd.c +--- openssh-8.1p1/sshd.c 2019-10-08 14:31:03.000000000 -1000 ++++ openssh-8.1p1+iOS/sshd.c 2020-01-03 13:45:51.000000000 -1000 +@@ -238,7 +238,6 @@ int use_privsep = -1; struct monitor *pmonitor = NULL; int privsep_is_preauth = 1; -static int privsep_chroot = 1; - /* global authentication context */ + /* global connection state and authentication contexts */ Authctxt *the_authctxt = NULL; -@@ -545,7 +544,7 @@ +@@ -456,7 +455,7 @@ demote_sensitive_data(); /* Demote the child */ @@ -156,7 +146,7 @@ diff -ur openssh-7.9p1/sshd.c openssh-7.9p1+iPhone/sshd.c /* Change our root directory */ if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1) fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR, -@@ -1730,9 +1729,8 @@ +@@ -1684,9 +1683,8 @@ ); /* Store privilege separation user for later use if required. */ @@ -167,7 +157,7 @@ diff -ur openssh-7.9p1/sshd.c openssh-7.9p1+iPhone/sshd.c fatal("Privilege separation user %s does not exist", SSH_PRIVSEP_USER); } else { -@@ -1858,7 +1856,7 @@ +@@ -1821,7 +1819,7 @@ sshkey_type(key)); } @@ -176,10 +166,9 @@ diff -ur openssh-7.9p1/sshd.c openssh-7.9p1+iPhone/sshd.c struct stat st; if ((stat(_PATH_PRIVSEP_CHROOT_DIR, &st) == -1) || -Only in openssh-7.9p1+iPhone: sshd.c.orig -diff -ur openssh-7.9p1/sshd_config openssh-7.9p1+iPhone/sshd_config ---- openssh-7.9p1/sshd_config 2018-10-16 14:01:20.000000000 -1000 -+++ openssh-7.9p1+iPhone/sshd_config 2018-12-10 10:14:59.000000000 -1000 +diff -ur openssh-8.1p1/sshd_config openssh-8.1p1+iOS/sshd_config +--- openssh-8.1p1/sshd_config 2019-10-08 14:31:03.000000000 -1000 ++++ openssh-8.1p1+iOS/sshd_config 2020-01-03 13:45:51.000000000 -1000 @@ -90,6 +90,7 @@ #PermitTTY yes #PrintMotd yes @@ -188,10 +177,10 @@ diff -ur openssh-7.9p1/sshd_config openssh-7.9p1+iPhone/sshd_config #TCPKeepAlive yes #PermitUserEnvironment no #Compression delayed -diff -ur openssh-7.9p1/sshd_config.5 openssh-7.9p1+iPhone/sshd_config.5 ---- openssh-7.9p1/sshd_config.5 2018-10-16 14:01:20.000000000 -1000 -+++ openssh-7.9p1+iPhone/sshd_config.5 2018-12-10 10:14:07.000000000 -1000 -@@ -1624,6 +1624,28 @@ +diff -ur openssh-8.1p1/sshd_config.5 openssh-8.1p1+iOS/sshd_config.5 +--- openssh-8.1p1/sshd_config.5 2019-10-08 14:31:03.000000000 -1000 ++++ openssh-8.1p1+iOS/sshd_config.5 2020-01-03 13:45:51.000000000 -1000 +@@ -1642,6 +1642,28 @@ as a non-root user. The default is .Cm no . @@ -220,5 +209,3 @@ diff -ur openssh-7.9p1/sshd_config.5 openssh-7.9p1+iPhone/sshd_config.5 .It Cm VersionAddendum Optionally specifies additional text to append to the SSH protocol banner sent by the server upon connection. -Only in openssh-7.9p1+iPhone: sshd_config.5.orig -Only in openssh-7.9p1+iPhone: sshd_config.orig |