13 files changed, 248 insertions, 34 deletions
diff --git a/data/openssh/_metadata/extrainst_ b/data/openssh/_metadata/extrainst_
index afdc6d157..007af8999 100755
--- a/data/openssh/_metadata/extrainst_
+++ b/data/openssh/_metadata/extrainst_
@@ -2,10 +2,11 @@
 
 if [[ $1 == upgrade ]]; then
     /bin/launchctl unload /Library/LaunchDaemons/com.openssh.sshd.plist
+    /bin/launchctl load /Library/LaunchDaemons/com.openssh.sshd.plist
 fi
 
-if [[ $1 == install || $1 == upgrade ]]; then
-    /bin/launchctl load /Library/LaunchDaemons/com.openssh.sshd.plist
+if [[ $1 == install ]]; then
+    /bin/launchctl load -w /Library/LaunchDaemons/com.openssh.sshd.plist
 fi
 
 exit 0
diff --git a/data/openssh/_metadata/in.1443.00 b/data/openssh/_metadata/in.1443.00
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/data/openssh/_metadata/in.1443.00
diff --git a/data/openssh/_metadata/libssl1.0.dep b/data/openssh/_metadata/libssl1.0.dep
new file mode 120000
index 000000000..a501d00a8
--- /dev/null
+++ b/data/openssh/_metadata/libssl1.0.dep
@@ -0,0 +1 @@
+../../libssl1.0
+\ No newline at end of file
diff --git a/data/openssh/_metadata/maintainer b/data/openssh/_metadata/maintainer
index 0fa66e077..573d7ebef 120000
--- a/data/openssh/_metadata/maintainer
+++ b/data/openssh/_metadata/maintainer
@@ -1 +1 @@
-../../../people/saurik
-\ No newline at end of file
+../../../people/sbingner
+\ No newline at end of file
diff --git a/data/openssh/_metadata/openssl.dep b/data/openssh/_metadata/openssl.dep
deleted file mode 120000
index 9b58fd56b..000000000
--- a/data/openssh/_metadata/openssl.dep
+++ /dev/null
@@ -1 +0,0 @@
-../../openssl
-\ No newline at end of file
diff --git a/data/openssh/_metadata/version b/data/openssh/_metadata/version
index 2ce383e8c..11ec65529 100644
--- a/data/openssh/_metadata/version
+++ b/data/openssh/_metadata/version
@@ -1 +1 @@
-6.7p1
+7.9p1
diff --git a/data/openssh/com.openssh.sshd.plist b/data/openssh/com.openssh.sshd.plist
index d9c86d972..eabe1b675 100644
--- a/data/openssh/com.openssh.sshd.plist
+++ b/data/openssh/com.openssh.sshd.plist
@@ -7,11 +7,12 @@
     <string>com.openssh.sshd</string>
 
     <key>Program</key>
-    <string>/usr/libexec/sshd-keygen-wrapper</string>
+    <string>/bin/sh</string>
 
     <key>ProgramArguments</key>
     <array>
-        <string>/usr/sbin/sshd</string>
+        <string>/bin/sh</string>
+        <string>/usr/libexec/sshd-keygen-wrapper</string>
         <string>-i</string>
     </array>
 
@@ -20,7 +21,7 @@
 
     <key>Sockets</key>
     <dict>
-        <key>Listeners</key>
+        <key>SSHListener</key>
         <dict>
             <key>SockServiceName</key>
             <string>ssh</string>
diff --git a/data/openssh/duplicate.diff b/data/openssh/duplicate.diff
index 6482334ac..108caf046 100644
--- a/data/openssh/duplicate.diff
+++ b/data/openssh/duplicate.diff
@@ -1,24 +1,12 @@
-diff -ru openssh-6.7p1/ge25519.h openssh-6.7p1+iPhone/ge25519.h
---- openssh-6.7p1/ge25519.h	2013-12-18 06:48:11.000000000 +0000
-+++ openssh-6.7p1+iPhone/ge25519.h	2014-12-03 07:58:12.000000000 +0000
-@@ -28,7 +28,7 @@
-   fe25519 t;
- } ge25519;
+diff -ur openssh-7.7p1/session.c openssh-7.7p1+iPhone/session.c
+--- openssh-7.7p1/session.c	2018-04-01 19:38:28.000000000 -1000
++++ openssh-7.7p1+iPhone/session.c	2018-07-24 12:09:29.000000000 -1000
+@@ -141,7 +141,7 @@
+ extern void destroy_sensitive_data(void);
+ extern Buffer loginmsg;
+ extern struct sshauthopt *auth_opts;
+-char *tun_fwd_ifnames; /* serverloop.c */
++extern char *tun_fwd_ifnames; /* serverloop.c */
  
--const ge25519 ge25519_base;
-+extern const ge25519 ge25519_base;
- 
- int ge25519_unpackneg_vartime(ge25519 *r, const unsigned char p[32]);
- 
-diff -ru openssh-6.7p1/umac.c openssh-6.7p1+iPhone/umac.c
---- openssh-6.7p1/umac.c	2014-07-22 23:43:42.000000000 +0000
-+++ openssh-6.7p1+iPhone/umac.c	2014-12-02 23:50:38.000000000 +0000
-@@ -1175,7 +1175,7 @@
-  * time. The all-at-once is more optimaized than the sequential version and
-  * should be preferred when the sequential interface is not required. 
-  */
--struct umac_ctx {
-+typedef struct umac_ctx {
-     uhash_ctx hash;          /* Hash function for message compression    */
-     pdf_ctx pdf;             /* PDF for hashed output                    */
-     void *free_ptr;          /* Address to free this struct via          */
+ /* original command from peer. */
+ const char *original_command = NULL;
diff --git a/data/openssh/make.sh b/data/openssh/make.sh
index 8b4fe0272..4896d9037 100644
--- a/data/openssh/make.sh
+++ b/data/openssh/make.sh
@@ -1,6 +1,6 @@
 pkg:setup
 autoconf
-pkg:configure --disable-strip --sysconfdir=/etc/ssh --disable-libutil --disable-utmp --disable-wtmp ac_cv_path_AR=arm-apple-darwin9-ar --
+pkg:configure --disable-strip --sysconfdir=/etc/ssh --disable-libutil --disable-utmp --disable-wtmp
 pkg:make
 pkg:install INSTALL_SSH_RAND_HELPER=yes
 pkg: cp -a %/sshd-keygen-wrapper /usr/libexec
diff --git a/data/openssh/openssh-6.7p1.tar.gz b/data/openssh/openssh-6.7p1.tar.gz
deleted file mode 100644
index b23e9969a..000000000
--- a/data/openssh/openssh-6.7p1.tar.gz
+++ /dev/null
diff --git a/data/openssh/openssh-7.9p1.tar.gz b/data/openssh/openssh-7.9p1.tar.gz
new file mode 100644
index 000000000..38f492774
--- /dev/null
+++ b/data/openssh/openssh-7.9p1.tar.gz
diff --git a/data/openssh/privsep.diff b/data/openssh/privsep.diff
new file mode 100644
index 000000000..3f2b4d28b
--- /dev/null
+++ b/data/openssh/privsep.diff
@@ -0,0 +1,224 @@
+diff -ur openssh-7.9p1/contrib/cygwin/ssh-host-config openssh-7.9p1+iPhone/contrib/cygwin/ssh-host-config
+--- openssh-7.9p1/contrib/cygwin/ssh-host-config	2018-10-16 14:01:20.000000000 -1000
++++ openssh-7.9p1+iPhone/contrib/cygwin/ssh-host-config	2018-12-10 10:14:07.000000000 -1000
+@@ -63,6 +63,7 @@
+ port_number=22
+ service_name=sshd
+ strictmodes=yes
++privsep_used=yes
+ cygwin_value=""
+ user_account=
+ password_value=
+@@ -139,21 +140,33 @@
+ 
+ # ======================================================================
+ # Routine: sshd_privsep
+-# Try to create ssshd user account
++#  MODIFIES: privsep_used
+ # ======================================================================
+ sshd_privsep() {
+   local ret=0
+ 
+   if [ "${sshd_config_configured}" != "yes" ]
+   then
+-    if ! csih_create_unprivileged_user sshd
+-    then
+-      csih_error_recoverable "Could not create user 'sshd'!"
+-      csih_error_recoverable "You will not be able to run an sshd service"
+-      csih_error_recoverable "under a privileged account successfully."
+-      csih_error_recoverable "Make sure to create a non-privileged user 'sshd'"
+-      csih_error_recoverable "manually before trying to run the service!"
+-      let ++ret
++    echo
++    csih_inform "Privilege separation is set to 'sandbox' by default since"
++    csih_inform "OpenSSH 6.1.  This is unsupported by Cygwin and has to be set"
++    csih_inform "to 'yes' or 'no'."
++    csih_inform "However, using privilege separation requires a non-privileged account"
++    csih_inform "called 'sshd'."
++    csih_inform "For more info on privilege separation read /usr/share/doc/openssh/README.privsep."
++    if csih_request "Should privilege separation be used?"
++    then
++      privsep_used=yes
++      if ! csih_create_unprivileged_user sshd
++      then
++	csih_error_recoverable "Couldn't create user 'sshd'!"
++	csih_error_recoverable "Privilege separation set to 'no' again!"
++	csih_error_recoverable "Check your ${SYSCONFDIR}/sshd_config file!"
++	let ++ret
++	privsep_used=no
++      fi
++    else
++      privsep_used=no
+     fi
+   fi
+   return $ret
+@@ -189,6 +202,18 @@
+       let ++ret
+     fi
+   fi
++  if [ "${sshd_config_configured}" != "yes" ]
++  then
++    /usr/bin/sed -i -e "
++      s/^#\?UsePrivilegeSeparation .*/UsePrivilegeSeparation ${privsep_used}/" \
++      ${SYSCONFDIR}/sshd_config
++    if [ $? -ne 0 ]
++    then
++      csih_warning "Setting privilege separation failed!"
++      csih_warning "Check your ${SYSCONFDIR}/sshd_config file!"
++      let ++ret
++    fi
++  fi
+   return $ret
+ } # --- End of sshd_config_tweak --- #
+ 
+@@ -668,7 +693,7 @@
+   fi
+ fi
+ 
+-# handle sshd_config
++# handle sshd_config (and privsep)
+ csih_install_config "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults" || let ++warning_cnt
+ if ! /usr/bin/cmp "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults/${SYSCONFDIR}/sshd_config" >/dev/null 2>&1
+ then
+diff -ur openssh-7.9p1/servconf.c openssh-7.9p1+iPhone/servconf.c
+--- openssh-7.9p1/servconf.c	2018-10-16 14:01:20.000000000 -1000
++++ openssh-7.9p1+iPhone/servconf.c	2018-12-10 10:14:07.000000000 -1000
+@@ -614,7 +614,7 @@
+ 	{ "clientalivecountmax", sClientAliveCountMax, SSHCFG_ALL },
+ 	{ "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL },
+ 	{ "authorizedkeysfile2", sDeprecated, SSHCFG_ALL },
+-	{ "useprivilegeseparation", sDeprecated, SSHCFG_GLOBAL},
++	{ "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL},
+ 	{ "acceptenv", sAcceptEnv, SSHCFG_ALL },
+ 	{ "setenv", sSetEnv, SSHCFG_ALL },
+ 	{ "permittunnel", sPermitTunnel, SSHCFG_ALL },
+@@ -1187,6 +1187,13 @@
+ 	{ "no",				0 },
+ 	{ NULL, -1 }
+ };
++static const struct multistate multistate_privsep[] = {
++	{ "yes",			PRIVSEP_NOSANDBOX },
++	{ "sandbox",			PRIVSEP_ON },
++	{ "nosandbox",			PRIVSEP_NOSANDBOX },
++	{ "no",				PRIVSEP_OFF },
++	{ NULL, -1 }
++};
+ static const struct multistate multistate_tcpfwd[] = {
+ 	{ "yes",			FORWARD_ALLOW },
+ 	{ "all",			FORWARD_ALLOW },
+@@ -1646,6 +1653,11 @@
+ 		intptr = &options->disable_forwarding;
+ 		goto parse_flag;
+ 
++	case sUsePrivilegeSeparation:
++		intptr = &use_privsep;
++		multistate_ptr = multistate_privsep;
++		goto parse_multistate;
++
+ 	case sAllowUsers:
+ 		while ((arg = strdelim(&cp)) && *arg != '\0') {
+ 			if (match_user(NULL, NULL, NULL, arg) == -1)
+@@ -2407,6 +2419,8 @@
+ 		return fmt_multistate_int(val, multistate_gatewayports);
+ 	case sCompression:
+ 		return fmt_multistate_int(val, multistate_compression);
++	case sUsePrivilegeSeparation:
++		return fmt_multistate_int(val, multistate_privsep);
+ 	case sAllowTcpForwarding:
+ 		return fmt_multistate_int(val, multistate_tcpfwd);
+ 	case sAllowStreamLocalForwarding:
+@@ -2586,6 +2600,7 @@
+ 	dump_cfg_fmtint(sDisableForwarding, o->disable_forwarding);
+ 	dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding);
+ 	dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink);
++	dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep);
+ 	dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash);
+ 	dump_cfg_fmtint(sExposeAuthInfo, o->expose_userauth_info);
+ 
+Only in openssh-7.9p1+iPhone: servconf.c.orig
+diff -ur openssh-7.9p1/sshd.c openssh-7.9p1+iPhone/sshd.c
+--- openssh-7.9p1/sshd.c	2018-10-16 14:01:20.000000000 -1000
++++ openssh-7.9p1+iPhone/sshd.c	2018-12-10 10:14:07.000000000 -1000
+@@ -228,7 +228,6 @@
+ int use_privsep = -1;
+ struct monitor *pmonitor = NULL;
+ int privsep_is_preauth = 1;
+-static int privsep_chroot = 1;
+ 
+ /* global authentication context */
+ Authctxt *the_authctxt = NULL;
+@@ -545,7 +544,7 @@
+ 	demote_sensitive_data();
+ 
+ 	/* Demote the child */
+-	if (privsep_chroot) {
++	if (getuid() == 0 || geteuid() == 0) {
+ 		/* Change our root directory */
+ 		if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)
+ 			fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR,
+@@ -1730,9 +1729,8 @@
+ 	);
+ 
+ 	/* Store privilege separation user for later use if required. */
+-	privsep_chroot = use_privsep && (getuid() == 0 || geteuid() == 0);
+ 	if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) {
+-		if (privsep_chroot || options.kerberos_authentication)
++		if (use_privsep || options.kerberos_authentication)
+ 			fatal("Privilege separation user %s does not exist",
+ 			    SSH_PRIVSEP_USER);
+ 	} else {
+@@ -1858,7 +1856,7 @@
+ 		    sshkey_type(key));
+ 	}
+ 
+-	if (privsep_chroot) {
++	if (use_privsep) {
+ 		struct stat st;
+ 
+ 		if ((stat(_PATH_PRIVSEP_CHROOT_DIR, &st) == -1) ||
+Only in openssh-7.9p1+iPhone: sshd.c.orig
+diff -ur openssh-7.9p1/sshd_config openssh-7.9p1+iPhone/sshd_config
+--- openssh-7.9p1/sshd_config	2018-10-16 14:01:20.000000000 -1000
++++ openssh-7.9p1+iPhone/sshd_config	2018-12-10 10:14:59.000000000 -1000
+@@ -90,6 +90,7 @@
+ #PermitTTY yes
+ #PrintMotd yes
+ #PrintLastLog yes
++#UsePrivilegeSeparation sandbox
+ #TCPKeepAlive yes
+ #PermitUserEnvironment no
+ #Compression delayed
+diff -ur openssh-7.9p1/sshd_config.5 openssh-7.9p1+iPhone/sshd_config.5
+--- openssh-7.9p1/sshd_config.5	2018-10-16 14:01:20.000000000 -1000
++++ openssh-7.9p1+iPhone/sshd_config.5	2018-12-10 10:14:07.000000000 -1000
+@@ -1624,6 +1624,28 @@
+ as a non-root user.
+ The default is
+ .Cm no .
++.It Cm UsePrivilegeSeparation
++Specifies whether
++.Xr sshd 8
++separates privileges by creating an unprivileged child process
++to deal with incoming network traffic.
++After successful authentication, another process will be created that has
++the privilege of the authenticated user.
++The goal of privilege separation is to prevent privilege
++escalation by containing any corruption within the unprivileged processes.
++The argument must be
++.Cm yes ,
++.Cm no ,
++or
++.Cm sandbox .
++If
++.Cm UsePrivilegeSeparation
++is set to
++.Cm sandbox
++then the pre-authentication unprivileged process is subject to additional
++restrictions.
++The default is
++.Cm sandbox .
+ .It Cm VersionAddendum
+ Optionally specifies additional text to append to the SSH protocol banner
+ sent by the server upon connection.
+Only in openssh-7.9p1+iPhone: sshd_config.5.orig
+Only in openssh-7.9p1+iPhone: sshd_config.orig
diff --git a/data/openssh/sshd_config b/data/openssh/sshd_config
index 41edb7d47..7276adf09 100644
--- a/data/openssh/sshd_config
+++ b/data/openssh/sshd_config
@@ -21,7 +21,7 @@
 Protocol 2
 
 # HostKey for protocol version 1
-HostKey /etc/ssh/ssh_host_key
+# HostKey /etc/ssh/ssh_host_key
 # HostKeys for protocol version 2
 HostKey /etc/ssh/ssh_host_rsa_key
 HostKey /etc/ssh/ssh_host_dsa_key
@@ -38,7 +38,7 @@ HostKey /etc/ssh/ssh_host_dsa_key
 # Authentication:
 
 #LoginGraceTime 2m
-#PermitRootLogin yes
+PermitRootLogin yes
 #StrictModes yes
 #MaxAuthTries 6