From 76a8eb1c6d6d806e50798d4d23c6891cf317f156 Mon Sep 17 00:00:00 2001 From: Sam Bingner Date: Tue, 2 Mar 2021 17:31:51 -1000 Subject: Split openssh and make listeners --- data/_openssh/_metadata/depiction | 1 + data/_openssh/_metadata/description | 1 + data/_openssh/_metadata/in.1200.00 | 0 data/_openssh/_metadata/in.1443.00 | 0 data/_openssh/_metadata/in.550.58 | 0 data/_openssh/_metadata/libssl1.1.1.dep | 1 + data/_openssh/_metadata/license | 338 +++++++++++++++++++++ data/_openssh/_metadata/maintainer | 1 + data/_openssh/_metadata/name | 1 + data/_openssh/_metadata/openssh-client/breaks | 1 + data/_openssh/_metadata/openssh-client/description | 8 + data/_openssh/_metadata/openssh-client/name | 1 + .../_metadata/openssh-global-listener/breaks | 1 + .../_metadata/openssh-global-listener/depends | 1 + .../_metadata/openssh-global-listener/description | 8 + .../_metadata/openssh-global-listener/extrainst_ | 12 + .../_metadata/openssh-global-listener/name | 1 + .../_metadata/openssh-global-listener/prerm | 7 + .../_metadata/openssh-local-listener/depends | 1 + .../_metadata/openssh-local-listener/description | 8 + .../_metadata/openssh-local-listener/extrainst_ | 12 + .../_openssh/_metadata/openssh-local-listener/name | 1 + .../_metadata/openssh-local-listener/prerm | 7 + data/_openssh/_metadata/openssh-server/breaks | 1 + data/_openssh/_metadata/openssh-server/depends | 1 + data/_openssh/_metadata/openssh-server/description | 8 + data/_openssh/_metadata/openssh-server/name | 1 + data/_openssh/_metadata/openssh/depends | 1 + data/_openssh/_metadata/openssh/description | 8 + data/_openssh/_metadata/priority | 1 + data/_openssh/_metadata/role | 1 + data/_openssh/_metadata/section | 1 + data/_openssh/_metadata/tags | 1 + data/_openssh/_metadata/version | 1 + data/_openssh/com.openssh.sshd-localhost.plist | 51 ++++ data/_openssh/com.openssh.sshd.plist | 39 +++ data/_openssh/dirent.diff | 14 + data/_openssh/install.diff | 12 + data/_openssh/make.sh | 11 + data/_openssh/openssh-8.4p1.tar.gz | Bin 0 -> 1742201 bytes data/_openssh/openssh-client.install | 5 + data/_openssh/openssh-global-listener.install | 1 + data/_openssh/openssh-local-listener.install | 1 + data/_openssh/openssh-server.install | 4 + data/_openssh/openssh.install | 0 data/_openssh/privsep.diff | 211 +++++++++++++ data/_openssh/ssh_config | 47 +++ data/_openssh/sshd-keygen-wrapper | 7 + data/_openssh/sshd_config | 116 +++++++ data/_openssh/utmp.diff | 41 +++ data/openssh/_metadata/depiction | 1 - data/openssh/_metadata/description | 1 - data/openssh/_metadata/extrainst_ | 12 - data/openssh/_metadata/in.1200.00 | 0 data/openssh/_metadata/in.1443.00 | 0 data/openssh/_metadata/in.550.58 | 0 data/openssh/_metadata/libssl1.1.1.dep | 1 - data/openssh/_metadata/license | 338 --------------------- data/openssh/_metadata/maintainer | 1 - data/openssh/_metadata/name | 1 - data/openssh/_metadata/prerm | 7 - data/openssh/_metadata/priority | 1 - data/openssh/_metadata/role | 1 - data/openssh/_metadata/section | 1 - data/openssh/_metadata/tags | 1 - data/openssh/_metadata/version | 1 - data/openssh/com.openssh.sshd.plist | 39 --- data/openssh/dirent.diff | 14 - data/openssh/install.diff | 12 - data/openssh/make.sh | 9 - data/openssh/openssh-8.4p1.tar.gz | Bin 1742201 -> 0 bytes data/openssh/privsep.diff | 211 ------------- data/openssh/ssh_config | 47 --- data/openssh/sshd-keygen-wrapper | 7 - data/openssh/sshd_config | 116 ------- data/openssh/utmp.diff | 41 --- 76 files changed, 997 insertions(+), 863 deletions(-) create mode 100644 data/_openssh/_metadata/depiction create mode 100644 data/_openssh/_metadata/description create mode 100644 data/_openssh/_metadata/in.1200.00 create mode 100644 data/_openssh/_metadata/in.1443.00 create mode 100644 data/_openssh/_metadata/in.550.58 create mode 120000 data/_openssh/_metadata/libssl1.1.1.dep create mode 100644 data/_openssh/_metadata/license create mode 120000 data/_openssh/_metadata/maintainer create mode 100644 data/_openssh/_metadata/name create mode 100644 data/_openssh/_metadata/openssh-client/breaks create mode 100644 data/_openssh/_metadata/openssh-client/description create mode 100644 data/_openssh/_metadata/openssh-client/name create mode 100644 data/_openssh/_metadata/openssh-global-listener/breaks create mode 100644 data/_openssh/_metadata/openssh-global-listener/depends create mode 100644 data/_openssh/_metadata/openssh-global-listener/description create mode 100755 data/_openssh/_metadata/openssh-global-listener/extrainst_ create mode 100644 data/_openssh/_metadata/openssh-global-listener/name create mode 100755 data/_openssh/_metadata/openssh-global-listener/prerm create mode 100644 data/_openssh/_metadata/openssh-local-listener/depends create mode 100644 data/_openssh/_metadata/openssh-local-listener/description create mode 100755 data/_openssh/_metadata/openssh-local-listener/extrainst_ create mode 100644 data/_openssh/_metadata/openssh-local-listener/name create mode 100755 data/_openssh/_metadata/openssh-local-listener/prerm create mode 100644 data/_openssh/_metadata/openssh-server/breaks create mode 100644 data/_openssh/_metadata/openssh-server/depends create mode 100644 data/_openssh/_metadata/openssh-server/description create mode 100644 data/_openssh/_metadata/openssh-server/name create mode 100644 data/_openssh/_metadata/openssh/depends create mode 100644 data/_openssh/_metadata/openssh/description create mode 100644 data/_openssh/_metadata/priority create mode 100644 data/_openssh/_metadata/role create mode 100644 data/_openssh/_metadata/section create mode 100644 data/_openssh/_metadata/tags create mode 100644 data/_openssh/_metadata/version create mode 100644 data/_openssh/com.openssh.sshd-localhost.plist create mode 100644 data/_openssh/com.openssh.sshd.plist create mode 100644 data/_openssh/dirent.diff create mode 100644 data/_openssh/install.diff create mode 100644 data/_openssh/make.sh create mode 100644 data/_openssh/openssh-8.4p1.tar.gz create mode 100644 data/_openssh/openssh-client.install create mode 100644 data/_openssh/openssh-global-listener.install create mode 100644 data/_openssh/openssh-local-listener.install create mode 100644 data/_openssh/openssh-server.install create mode 100644 data/_openssh/openssh.install create mode 100644 data/_openssh/privsep.diff create mode 100644 data/_openssh/ssh_config create mode 100755 data/_openssh/sshd-keygen-wrapper create mode 100644 data/_openssh/sshd_config create mode 100644 data/_openssh/utmp.diff delete mode 100644 data/openssh/_metadata/depiction delete mode 100644 data/openssh/_metadata/description delete mode 100755 data/openssh/_metadata/extrainst_ delete mode 100644 data/openssh/_metadata/in.1200.00 delete mode 100644 data/openssh/_metadata/in.1443.00 delete mode 100644 data/openssh/_metadata/in.550.58 delete mode 120000 data/openssh/_metadata/libssl1.1.1.dep delete mode 100644 data/openssh/_metadata/license delete mode 120000 data/openssh/_metadata/maintainer delete mode 100644 data/openssh/_metadata/name delete mode 100755 data/openssh/_metadata/prerm delete mode 100644 data/openssh/_metadata/priority delete mode 100644 data/openssh/_metadata/role delete mode 100644 data/openssh/_metadata/section delete mode 100644 data/openssh/_metadata/tags delete mode 100644 data/openssh/_metadata/version delete mode 100644 data/openssh/com.openssh.sshd.plist delete mode 100644 data/openssh/dirent.diff delete mode 100644 data/openssh/install.diff delete mode 100644 data/openssh/make.sh delete mode 100644 data/openssh/openssh-8.4p1.tar.gz delete mode 100644 data/openssh/privsep.diff delete mode 100644 data/openssh/ssh_config delete mode 100755 data/openssh/sshd-keygen-wrapper delete mode 100644 data/openssh/sshd_config delete mode 100644 data/openssh/utmp.diff diff --git a/data/_openssh/_metadata/depiction b/data/_openssh/_metadata/depiction new file mode 100644 index 000000000..6d11dd20b --- /dev/null +++ b/data/_openssh/_metadata/depiction @@ -0,0 +1 @@ +http://cydia.saurik.com/info/openssh/ diff --git a/data/_openssh/_metadata/description b/data/_openssh/_metadata/description new file mode 100644 index 000000000..8112506c5 --- /dev/null +++ b/data/_openssh/_metadata/description @@ -0,0 +1 @@ +secure remote access between machines diff --git a/data/_openssh/_metadata/in.1200.00 b/data/_openssh/_metadata/in.1200.00 new file mode 100644 index 000000000..e69de29bb diff --git a/data/_openssh/_metadata/in.1443.00 b/data/_openssh/_metadata/in.1443.00 new file mode 100644 index 000000000..e69de29bb diff --git a/data/_openssh/_metadata/in.550.58 b/data/_openssh/_metadata/in.550.58 new file mode 100644 index 000000000..e69de29bb diff --git a/data/_openssh/_metadata/libssl1.1.1.dep b/data/_openssh/_metadata/libssl1.1.1.dep new file mode 120000 index 000000000..254747b12 --- /dev/null +++ b/data/_openssh/_metadata/libssl1.1.1.dep @@ -0,0 +1 @@ +../../libssl1.1.1 \ No newline at end of file diff --git a/data/_openssh/_metadata/license b/data/_openssh/_metadata/license new file mode 100644 index 000000000..3964b1d77 --- /dev/null +++ b/data/_openssh/_metadata/license @@ -0,0 +1,338 @@ +This file is part of the OpenSSH software. + +The licences which components of this software fall under are as +follows. First, we will summarize and say that all components +are under a BSD licence, or a licence more free than that. + +OpenSSH contains no GPL code. + +1) + * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland + * All rights reserved + * + * As far as I am concerned, the code I have written for this software + * can be used freely for any purpose. Any derived versions of this + * software must be clearly marked as such, and if the derived work is + * incompatible with the protocol description in the RFC file, it must be + * called by a name other than "ssh" or "Secure Shell". + + [Tatu continues] + * However, I am not implying to give any licenses to any patents or + * copyrights held by third parties, and the software includes parts that + * are not under my direct control. As far as I know, all included + * source code is used in accordance with the relevant license agreements + * and can be used freely for any purpose (the GNU license being the most + * restrictive); see below for details. + + [However, none of that term is relevant at this point in time. All of + these restrictively licenced software components which he talks about + have been removed from OpenSSH, i.e., + + - RSA is no longer included, found in the OpenSSL library + - IDEA is no longer included, its use is deprecated + - DES is now external, in the OpenSSL library + - GMP is no longer used, and instead we call BN code from OpenSSL + - Zlib is now external, in a library + - The make-ssh-known-hosts script is no longer included + - TSS has been removed + - MD5 is now external, in the OpenSSL library + - RC4 support has been replaced with ARC4 support from OpenSSL + - Blowfish is now external, in the OpenSSL library + + [The licence continues] + + Note that any information and cryptographic algorithms used in this + software are publicly available on the Internet and at any major + bookstore, scientific library, and patent office worldwide. More + information can be found e.g. at "http://www.cs.hut.fi/crypto". + + The legal status of this program is some combination of all these + permissions and restrictions. Use only at your own responsibility. + You will be responsible for any legal consequences yourself; I am not + making any claims whether possessing or using this is legal or not in + your country, and I am not taking any responsibility on your behalf. + + + NO WARRANTY + + BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY + FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN + OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES + PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED + OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS + TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE + PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, + REPAIR OR CORRECTION. + + IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING + WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR + REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, + INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING + OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED + TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY + YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER + PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE + POSSIBILITY OF SUCH DAMAGES. + +2) + The 32-bit CRC compensation attack detector in deattack.c was + contributed by CORE SDI S.A. under a BSD-style license. + + * Cryptographic attack detector for ssh - source code + * + * Copyright (c) 1998 CORE SDI S.A., Buenos Aires, Argentina. + * + * All rights reserved. Redistribution and use in source and binary + * forms, with or without modification, are permitted provided that + * this copyright notice is retained. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES ARE DISCLAIMED. IN NO EVENT SHALL CORE SDI S.A. BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY OR + * CONSEQUENTIAL DAMAGES RESULTING FROM THE USE OR MISUSE OF THIS + * SOFTWARE. + * + * Ariel Futoransky + * + +3) + ssh-keyscan was contributed by David Mazieres under a BSD-style + license. + + * Copyright 1995, 1996 by David Mazieres . + * + * Modification and redistribution in source and binary forms is + * permitted provided that due credit is given to the author and the + * OpenBSD project by leaving this copyright notice intact. + +4) + The Rijndael implementation by Vincent Rijmen, Antoon Bosselaers + and Paulo Barreto is in the public domain and distributed + with the following license: + + * @version 3.0 (December 2000) + * + * Optimised ANSI C code for the Rijndael cipher (now AES) + * + * @author Vincent Rijmen + * @author Antoon Bosselaers + * @author Paulo Barreto + * + * This code is hereby placed in the public domain. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE + * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, + * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +5) + One component of the ssh source code is under a 3-clause BSD license, + held by the University of California, since we pulled these parts from + original Berkeley code. + + * Copyright (c) 1983, 1990, 1992, 1993, 1995 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + +6) + Remaining components of the software are provided under a standard + 2-term BSD licence with the following names as copyright holders: + + Markus Friedl + Theo de Raadt + Niels Provos + Dug Song + Aaron Campbell + Damien Miller + Kevin Steves + Daniel Kouril + Wesley Griffin + Per Allansson + Nils Nordman + Simon Wilkinson + + Portable OpenSSH additionally includes code from the following copyright + holders, also under the 2-term BSD license: + + Ben Lindstrom + Tim Rice + Andre Lucas + Chris Adams + Corinna Vinschen + Cray Inc. + Denis Parker + Gert Doering + Jakob Schlyter + Jason Downs + Juha Yrjölä + Michael Stone + Networks Associates Technology, Inc. + Solar Designer + Todd C. Miller + Wayne Schroeder + William Jones + Darren Tucker + Sun Microsystems + The SCO Group + Daniel Walsh + + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +8) Portable OpenSSH contains the following additional licenses: + + a) md5crypt.c, md5crypt.h + + * "THE BEER-WARE LICENSE" (Revision 42): + * wrote this file. As long as you retain this + * notice you can do whatever you want with this stuff. If we meet + * some day, and you think this stuff is worth it, you can buy me a + * beer in return. Poul-Henning Kamp + + b) snprintf replacement + + * Copyright Patrick Powell 1995 + * This code is based on code written by Patrick Powell + * (papowell@astart.com) It may be used for any purpose as long as this + * notice remains intact on all source code distributions + + c) Compatibility code (openbsd-compat) + + Apart from the previously mentioned licenses, various pieces of code + in the openbsd-compat/ subdirectory are licensed as follows: + + Some code is licensed under a 3-term BSD license, to the following + copyright holders: + + Todd C. Miller + Theo de Raadt + Damien Miller + Eric P. Allman + The Regents of the University of California + Constantin S. Svintsoff + + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + + Some code is licensed under an ISC-style license, to the following + copyright holders: + + Internet Software Consortium. + Todd C. Miller + Reyk Floeter + Chad Mynhier + + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND TODD C. MILLER DISCLAIMS ALL + * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL TODD C. MILLER BE LIABLE + * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + + Some code is licensed under a MIT-style license to the following + copyright holders: + + Free Software Foundation, Inc. + + * Permission is hereby granted, free of charge, to any person obtaining a * + * copy of this software and associated documentation files (the * + * "Software"), to deal in the Software without restriction, including * + * without limitation the rights to use, copy, modify, merge, publish, * + * distribute, distribute with modifications, sublicense, and/or sell * + * copies of the Software, and to permit persons to whom the Software is * + * furnished to do so, subject to the following conditions: * + * * + * The above copyright notice and this permission notice shall be included * + * in all copies or substantial portions of the Software. * + * * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS * + * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF * + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. * + * IN NO EVENT SHALL THE ABOVE COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, * + * DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR * + * OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR * + * THE USE OR OTHER DEALINGS IN THE SOFTWARE. * + * * + * Except as contained in this notice, the name(s) of the above copyright * + * holders shall not be used in advertising or otherwise to promote the * + * sale, use or other dealings in this Software without prior written * + * authorization. * + ****************************************************************************/ + + +------ +$OpenBSD: LICENCE,v 1.19 2004/08/30 09:18:08 markus Exp $ diff --git a/data/_openssh/_metadata/maintainer b/data/_openssh/_metadata/maintainer new file mode 120000 index 000000000..573d7ebef --- /dev/null +++ b/data/_openssh/_metadata/maintainer @@ -0,0 +1 @@ +../../../people/sbingner \ No newline at end of file diff --git a/data/_openssh/_metadata/name b/data/_openssh/_metadata/name new file mode 100644 index 000000000..721aee556 --- /dev/null +++ b/data/_openssh/_metadata/name @@ -0,0 +1 @@ +OpenSSH diff --git a/data/_openssh/_metadata/openssh-client/breaks b/data/_openssh/_metadata/openssh-client/breaks new file mode 100644 index 000000000..7437a6f3d --- /dev/null +++ b/data/_openssh/_metadata/openssh-client/breaks @@ -0,0 +1 @@ +openssh (<= 8.4-1) diff --git a/data/_openssh/_metadata/openssh-client/description b/data/_openssh/_metadata/openssh-client/description new file mode 100644 index 000000000..025130bda --- /dev/null +++ b/data/_openssh/_metadata/openssh-client/description @@ -0,0 +1,8 @@ +secure shell (SSH) client, for secure access to remote machines +This is the portable version of OpenSSH, a free implementation of the Secure Shell protocol as specified by the IETF secsh working group. +. +Ssh (Secure Shell) is a program for logging into a remote machine and for executing commands on a remote machine. It provides secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. It can be used to provide applications with a secure communication channel. +. +This package provides the client binaries. +. +In some countries it may be illegal to use any encryption at all without a special permit. diff --git a/data/_openssh/_metadata/openssh-client/name b/data/_openssh/_metadata/openssh-client/name new file mode 100644 index 000000000..6d03a7b74 --- /dev/null +++ b/data/_openssh/_metadata/openssh-client/name @@ -0,0 +1 @@ +OpenSSH Clients diff --git a/data/_openssh/_metadata/openssh-global-listener/breaks b/data/_openssh/_metadata/openssh-global-listener/breaks new file mode 100644 index 000000000..7437a6f3d --- /dev/null +++ b/data/_openssh/_metadata/openssh-global-listener/breaks @@ -0,0 +1 @@ +openssh (<= 8.4-1) diff --git a/data/_openssh/_metadata/openssh-global-listener/depends b/data/_openssh/_metadata/openssh-global-listener/depends new file mode 100644 index 000000000..9ceb541c6 --- /dev/null +++ b/data/_openssh/_metadata/openssh-global-listener/depends @@ -0,0 +1 @@ +openssh-server (>= %MYVERSION%) diff --git a/data/_openssh/_metadata/openssh-global-listener/description b/data/_openssh/_metadata/openssh-global-listener/description new file mode 100644 index 000000000..833ed8f3c --- /dev/null +++ b/data/_openssh/_metadata/openssh-global-listener/description @@ -0,0 +1,8 @@ +secure shell (SSH) server, for secure access from remote machines +This is the portable version of OpenSSH, a free implementation of the Secure Shell protocol as specified by the IETF secsh working group. +. +Ssh (Secure Shell) is a program for logging into a remote machine and for executing commands on a remote machine. It provides secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. It can be used to provide applications with a secure communication channel. +. +This package provides a global listener on port 22. +. +In some countries it may be illegal to use any encryption at all without a special permit. diff --git a/data/_openssh/_metadata/openssh-global-listener/extrainst_ b/data/_openssh/_metadata/openssh-global-listener/extrainst_ new file mode 100755 index 000000000..007af8999 --- /dev/null +++ b/data/_openssh/_metadata/openssh-global-listener/extrainst_ @@ -0,0 +1,12 @@ +#!/bin/sh + +if [[ $1 == upgrade ]]; then + /bin/launchctl unload /Library/LaunchDaemons/com.openssh.sshd.plist + /bin/launchctl load /Library/LaunchDaemons/com.openssh.sshd.plist +fi + +if [[ $1 == install ]]; then + /bin/launchctl load -w /Library/LaunchDaemons/com.openssh.sshd.plist +fi + +exit 0 diff --git a/data/_openssh/_metadata/openssh-global-listener/name b/data/_openssh/_metadata/openssh-global-listener/name new file mode 100644 index 000000000..3deddc21f --- /dev/null +++ b/data/_openssh/_metadata/openssh-global-listener/name @@ -0,0 +1 @@ +OpenSSH Global Listener diff --git a/data/_openssh/_metadata/openssh-global-listener/prerm b/data/_openssh/_metadata/openssh-global-listener/prerm new file mode 100755 index 000000000..71be0c498 --- /dev/null +++ b/data/_openssh/_metadata/openssh-global-listener/prerm @@ -0,0 +1,7 @@ +#!/bin/sh + +if [[ $1 == remove || $1 == purge ]]; then + /bin/launchctl unload /Library/LaunchDaemons/com.openssh.sshd.plist +fi + +exit 0 diff --git a/data/_openssh/_metadata/openssh-local-listener/depends b/data/_openssh/_metadata/openssh-local-listener/depends new file mode 100644 index 000000000..9ceb541c6 --- /dev/null +++ b/data/_openssh/_metadata/openssh-local-listener/depends @@ -0,0 +1 @@ +openssh-server (>= %MYVERSION%) diff --git a/data/_openssh/_metadata/openssh-local-listener/description b/data/_openssh/_metadata/openssh-local-listener/description new file mode 100644 index 000000000..555730edf --- /dev/null +++ b/data/_openssh/_metadata/openssh-local-listener/description @@ -0,0 +1,8 @@ +secure shell (SSH) server, for secure access from remote machines +This is the portable version of OpenSSH, a free implementation of the Secure Shell protocol as specified by the IETF secsh working group. +. +Ssh (Secure Shell) is a program for logging into a remote machine and for executing commands on a remote machine. It provides secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. It can be used to provide applications with a secure communication channel. +. +This package provides a listener for only localhost on port 22. +. +In some countries it may be illegal to use any encryption at all without a special permit. diff --git a/data/_openssh/_metadata/openssh-local-listener/extrainst_ b/data/_openssh/_metadata/openssh-local-listener/extrainst_ new file mode 100755 index 000000000..a90ba8854 --- /dev/null +++ b/data/_openssh/_metadata/openssh-local-listener/extrainst_ @@ -0,0 +1,12 @@ +#!/bin/sh + +if [[ $1 == upgrade ]]; then + /bin/launchctl unload /Library/LaunchDaemons/com.openssh.sshd-localhost.plist + /bin/launchctl load /Library/LaunchDaemons/com.openssh.sshd-localhost.plist +fi + +if [[ $1 == install ]]; then + /bin/launchctl load -w /Library/LaunchDaemons/com.openssh.sshd-localhost.plist +fi + +exit 0 diff --git a/data/_openssh/_metadata/openssh-local-listener/name b/data/_openssh/_metadata/openssh-local-listener/name new file mode 100644 index 000000000..23d81c442 --- /dev/null +++ b/data/_openssh/_metadata/openssh-local-listener/name @@ -0,0 +1 @@ +OpenSSH Localhost Listener diff --git a/data/_openssh/_metadata/openssh-local-listener/prerm b/data/_openssh/_metadata/openssh-local-listener/prerm new file mode 100755 index 000000000..7d5a11e55 --- /dev/null +++ b/data/_openssh/_metadata/openssh-local-listener/prerm @@ -0,0 +1,7 @@ +#!/bin/sh + +if [[ $1 == remove || $1 == purge ]]; then + /bin/launchctl unload /Library/LaunchDaemons/com.openssh.sshd-localhost.plist +fi + +exit 0 diff --git a/data/_openssh/_metadata/openssh-server/breaks b/data/_openssh/_metadata/openssh-server/breaks new file mode 100644 index 000000000..7437a6f3d --- /dev/null +++ b/data/_openssh/_metadata/openssh-server/breaks @@ -0,0 +1 @@ +openssh (<= 8.4-1) diff --git a/data/_openssh/_metadata/openssh-server/depends b/data/_openssh/_metadata/openssh-server/depends new file mode 100644 index 000000000..22aeda7ea --- /dev/null +++ b/data/_openssh/_metadata/openssh-server/depends @@ -0,0 +1 @@ +openssh-client (>= %MYVERSION%) diff --git a/data/_openssh/_metadata/openssh-server/description b/data/_openssh/_metadata/openssh-server/description new file mode 100644 index 000000000..3f610cca2 --- /dev/null +++ b/data/_openssh/_metadata/openssh-server/description @@ -0,0 +1,8 @@ +secure shell (SSH) server, for secure access from remote machines +This is the portable version of OpenSSH, a free implementation of the Secure Shell protocol as specified by the IETF secsh working group. +. +Ssh (Secure Shell) is a program for logging into a remote machine and for executing commands on a remote machine. It provides secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. It can be used to provide applications with a secure communication channel. +. +This package provides the sshd server. +. +In some countries it may be illegal to use any encryption at all without a special permit. diff --git a/data/_openssh/_metadata/openssh-server/name b/data/_openssh/_metadata/openssh-server/name new file mode 100644 index 000000000..1f0d9f0e6 --- /dev/null +++ b/data/_openssh/_metadata/openssh-server/name @@ -0,0 +1 @@ +OpenSSH Server Binaries diff --git a/data/_openssh/_metadata/openssh/depends b/data/_openssh/_metadata/openssh/depends new file mode 100644 index 000000000..eca877aaa --- /dev/null +++ b/data/_openssh/_metadata/openssh/depends @@ -0,0 +1 @@ +openssh-server, openssh-client, openssh-global-listener diff --git a/data/_openssh/_metadata/openssh/description b/data/_openssh/_metadata/openssh/description new file mode 100644 index 000000000..3f610cca2 --- /dev/null +++ b/data/_openssh/_metadata/openssh/description @@ -0,0 +1,8 @@ +secure shell (SSH) server, for secure access from remote machines +This is the portable version of OpenSSH, a free implementation of the Secure Shell protocol as specified by the IETF secsh working group. +. +Ssh (Secure Shell) is a program for logging into a remote machine and for executing commands on a remote machine. It provides secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. It can be used to provide applications with a secure communication channel. +. +This package provides the sshd server. +. +In some countries it may be illegal to use any encryption at all without a special permit. diff --git a/data/_openssh/_metadata/priority b/data/_openssh/_metadata/priority new file mode 100644 index 000000000..ea5b3d7ee --- /dev/null +++ b/data/_openssh/_metadata/priority @@ -0,0 +1 @@ +important diff --git a/data/_openssh/_metadata/role b/data/_openssh/_metadata/role new file mode 100644 index 000000000..762113e87 --- /dev/null +++ b/data/_openssh/_metadata/role @@ -0,0 +1 @@ +enduser diff --git a/data/_openssh/_metadata/section b/data/_openssh/_metadata/section new file mode 100644 index 000000000..8708e4b54 --- /dev/null +++ b/data/_openssh/_metadata/section @@ -0,0 +1 @@ +Networking diff --git a/data/_openssh/_metadata/tags b/data/_openssh/_metadata/tags new file mode 100644 index 000000000..6297beb06 --- /dev/null +++ b/data/_openssh/_metadata/tags @@ -0,0 +1 @@ +purpose::daemon, purpose::console diff --git a/data/_openssh/_metadata/version b/data/_openssh/_metadata/version new file mode 100644 index 000000000..c9dc04908 --- /dev/null +++ b/data/_openssh/_metadata/version @@ -0,0 +1 @@ +8.4 diff --git a/data/_openssh/com.openssh.sshd-localhost.plist b/data/_openssh/com.openssh.sshd-localhost.plist new file mode 100644 index 000000000..a4aa4ab94 --- /dev/null +++ b/data/_openssh/com.openssh.sshd-localhost.plist @@ -0,0 +1,51 @@ + + + + + Label + com.openssh.sshd-localhost + + Program + /bin/sh + + ProgramArguments + + /bin/sh + /usr/libexec/sshd-keygen-wrapper + -i + + + SessionCreate + + + Sockets + + SSHV6Listener + + SockNodeName + ::1 + SockServiceName + ssh + + SSHV4Listener + + SockNodeName + 127.0.0.1 + SockServiceName + ssh + + + + StandardErrorPath + /dev/null + + inetdCompatibility + + Wait + + + ExecuteAllowed + + + + diff --git a/data/_openssh/com.openssh.sshd.plist b/data/_openssh/com.openssh.sshd.plist new file mode 100644 index 000000000..450056bd6 --- /dev/null +++ b/data/_openssh/com.openssh.sshd.plist @@ -0,0 +1,39 @@ + + + + + ExecuteAllowed + + Label + com.openssh.sshd + POSIXSpawnType + Interactive + EnablePressuredExit + + Program + /bin/sh + ProgramArguments + + /bin/sh + /usr/libexec/sshd-keygen-wrapper + -i + + SessionCreate + + Sockets + + SSHListener + + SockServiceName + ssh + + + StandardErrorPath + /dev/null + inetdCompatibility + + Wait + + + + diff --git a/data/_openssh/dirent.diff b/data/_openssh/dirent.diff new file mode 100644 index 000000000..2d5238250 --- /dev/null +++ b/data/_openssh/dirent.diff @@ -0,0 +1,14 @@ +diff -ur openssh-8.4p1/configure.ac openssh-8.4p1+iOS/configure.ac +--- openssh-8.4p1/configure.ac 2021-01-26 23:09:30.000000000 -1000 ++++ openssh-8.4p1+iOS/configure.ac 2020-09-26 21:25:01.000000000 -1000 +@@ -1534,8 +1534,8 @@ + allocate extra space for d_name]) + ], + [ +- AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) +- AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME]) ++ AC_MSG_WARN([cross compiling: assuming yes]) ++ AC_MSG_RESULT([yes]) + ] + ) + diff --git a/data/_openssh/install.diff b/data/_openssh/install.diff new file mode 100644 index 000000000..88866e26b --- /dev/null +++ b/data/_openssh/install.diff @@ -0,0 +1,12 @@ +diff -ru openssh-6.7p1/Makefile.in openssh-6.7p1+iPhone/Makefile.in +--- openssh-6.7p1/Makefile.in 2014-08-30 06:23:07.000000000 +0000 ++++ openssh-6.7p1+iPhone/Makefile.in 2014-12-03 08:17:45.000000000 +0000 +@@ -270,7 +270,7 @@ + $(AUTORECONF) + -rm -rf autom4te.cache + +-install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf host-key check-config ++install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf + install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf + install-nosysconf: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files + diff --git a/data/_openssh/make.sh b/data/_openssh/make.sh new file mode 100644 index 000000000..cef4f65e0 --- /dev/null +++ b/data/_openssh/make.sh @@ -0,0 +1,11 @@ +pkg:setup +autoconf +pkg:configure --disable-strip --sysconfdir=/etc/ssh --disable-libutil --disable-utmp --disable-wtmp +pkg:make +pkg:install INSTALL_SSH_RAND_HELPER=yes +pkg: cp -a %/sshd-keygen-wrapper /usr/libexec +pkg: mkdir -p /Library/LaunchDaemons +pkg: cp -a %/com.openssh.sshd.plist /Library/LaunchDaemons +pkg: cp -a %/com.openssh.sshd-localhost.plist /Library/LaunchDaemons +pkg: cp -af %/ssh{d,}_config /etc/ssh +subpkg:stage diff --git a/data/_openssh/openssh-8.4p1.tar.gz b/data/_openssh/openssh-8.4p1.tar.gz new file mode 100644 index 000000000..ec913a33a Binary files /dev/null and b/data/_openssh/openssh-8.4p1.tar.gz differ diff --git a/data/_openssh/openssh-client.install b/data/_openssh/openssh-client.install new file mode 100644 index 000000000..9ded1dd17 --- /dev/null +++ b/data/_openssh/openssh-client.install @@ -0,0 +1,5 @@ +/etc/ssh/moduli +/etc/ssh/ssh_config +/usr/bin/* +/usr/libexec/ssh-* +/var/empty diff --git a/data/_openssh/openssh-global-listener.install b/data/_openssh/openssh-global-listener.install new file mode 100644 index 000000000..e592d2999 --- /dev/null +++ b/data/_openssh/openssh-global-listener.install @@ -0,0 +1 @@ +/Library/LaunchDaemons/com.openssh.sshd.plist diff --git a/data/_openssh/openssh-local-listener.install b/data/_openssh/openssh-local-listener.install new file mode 100644 index 000000000..2d7c6e206 --- /dev/null +++ b/data/_openssh/openssh-local-listener.install @@ -0,0 +1 @@ +/Library/LaunchDaemons/com.openssh.sshd-localhost.plist diff --git a/data/_openssh/openssh-server.install b/data/_openssh/openssh-server.install new file mode 100644 index 000000000..af73dc21f --- /dev/null +++ b/data/_openssh/openssh-server.install @@ -0,0 +1,4 @@ +/etc/ssh/sshd_config +/usr/libexec/sftp-server +/usr/libexec/sshd-keygen-wrapper +/usr/sbin/sshd diff --git a/data/_openssh/openssh.install b/data/_openssh/openssh.install new file mode 100644 index 000000000..e69de29bb diff --git a/data/_openssh/privsep.diff b/data/_openssh/privsep.diff new file mode 100644 index 000000000..1ded9e741 --- /dev/null +++ b/data/_openssh/privsep.diff @@ -0,0 +1,211 @@ +diff -ur openssh-8.1p1/contrib/cygwin/ssh-host-config openssh-8.1p1+iOS/contrib/cygwin/ssh-host-config +--- openssh-8.1p1/contrib/cygwin/ssh-host-config 2019-10-08 14:31:03.000000000 -1000 ++++ openssh-8.1p1+iOS/contrib/cygwin/ssh-host-config 2020-01-03 13:45:51.000000000 -1000 +@@ -63,6 +63,7 @@ + port_number=22 + service_name=cygsshd + strictmodes=yes ++privsep_used=yes + cygwin_value="" + user_account= + password_value= +@@ -139,21 +140,33 @@ + + # ====================================================================== + # Routine: sshd_privsep +-# Try to create ssshd user account ++# MODIFIES: privsep_used + # ====================================================================== + sshd_privsep() { + local ret=0 + + if [ "${sshd_config_configured}" != "yes" ] + then +- if ! csih_create_unprivileged_user sshd +- then +- csih_error_recoverable "Could not create user 'sshd'!" +- csih_error_recoverable "You will not be able to run an sshd service" +- csih_error_recoverable "under a privileged account successfully." +- csih_error_recoverable "Make sure to create a non-privileged user 'sshd'" +- csih_error_recoverable "manually before trying to run the service!" +- let ++ret ++ echo ++ csih_inform "Privilege separation is set to 'sandbox' by default since" ++ csih_inform "OpenSSH 6.1. This is unsupported by Cygwin and has to be set" ++ csih_inform "to 'yes' or 'no'." ++ csih_inform "However, using privilege separation requires a non-privileged account" ++ csih_inform "called 'sshd'." ++ csih_inform "For more info on privilege separation read /usr/share/doc/openssh/README.privsep." ++ if csih_request "Should privilege separation be used?" ++ then ++ privsep_used=yes ++ if ! csih_create_unprivileged_user sshd ++ then ++ csih_error_recoverable "Couldn't create user 'sshd'!" ++ csih_error_recoverable "Privilege separation set to 'no' again!" ++ csih_error_recoverable "Check your ${SYSCONFDIR}/sshd_config file!" ++ let ++ret ++ privsep_used=no ++ fi ++ else ++ privsep_used=no + fi + fi + return $ret +@@ -189,6 +202,18 @@ + let ++ret + fi + fi ++ if [ "${sshd_config_configured}" != "yes" ] ++ then ++ /usr/bin/sed -i -e " ++ s/^#\?UsePrivilegeSeparation .*/UsePrivilegeSeparation ${privsep_used}/" \ ++ ${SYSCONFDIR}/sshd_config ++ if [ $? -ne 0 ] ++ then ++ csih_warning "Setting privilege separation failed!" ++ csih_warning "Check your ${SYSCONFDIR}/sshd_config file!" ++ let ++ret ++ fi ++ fi + return $ret + } # --- End of sshd_config_tweak --- # + +diff -ur openssh-8.1p1/servconf.c openssh-8.1p1+iOS/servconf.c +--- openssh-8.1p1/servconf.c 2019-10-08 14:31:03.000000000 -1000 ++++ openssh-8.1p1+iOS/servconf.c 2020-01-03 13:45:51.000000000 -1000 +@@ -627,7 +627,7 @@ + { "clientalivecountmax", sClientAliveCountMax, SSHCFG_ALL }, + { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL }, + { "authorizedkeysfile2", sDeprecated, SSHCFG_ALL }, +- { "useprivilegeseparation", sDeprecated, SSHCFG_GLOBAL}, ++ { "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL}, + { "acceptenv", sAcceptEnv, SSHCFG_ALL }, + { "setenv", sSetEnv, SSHCFG_ALL }, + { "permittunnel", sPermitTunnel, SSHCFG_ALL }, +@@ -1202,6 +1202,13 @@ + { "no", 0 }, + { NULL, -1 } + }; ++static const struct multistate multistate_privsep[] = { ++ { "yes", PRIVSEP_NOSANDBOX }, ++ { "sandbox", PRIVSEP_ON }, ++ { "nosandbox", PRIVSEP_NOSANDBOX }, ++ { "no", PRIVSEP_OFF }, ++ { NULL, -1 } ++}; + static const struct multistate multistate_tcpfwd[] = { + { "yes", FORWARD_ALLOW }, + { "all", FORWARD_ALLOW }, +@@ -1666,6 +1673,11 @@ + intptr = &options->disable_forwarding; + goto parse_flag; + ++ case sUsePrivilegeSeparation: ++ intptr = &use_privsep; ++ multistate_ptr = multistate_privsep; ++ goto parse_multistate; ++ + case sAllowUsers: + while ((arg = strdelim(&cp)) && *arg != '\0') { + if (match_user(NULL, NULL, NULL, arg) == -1) +@@ -2431,6 +2443,8 @@ + return fmt_multistate_int(val, multistate_gatewayports); + case sCompression: + return fmt_multistate_int(val, multistate_compression); ++ case sUsePrivilegeSeparation: ++ return fmt_multistate_int(val, multistate_privsep); + case sAllowTcpForwarding: + return fmt_multistate_int(val, multistate_tcpfwd); + case sAllowStreamLocalForwarding: +@@ -2610,6 +2624,7 @@ + dump_cfg_fmtint(sDisableForwarding, o->disable_forwarding); + dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding); + dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink); ++ dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep); + dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash); + dump_cfg_fmtint(sExposeAuthInfo, o->expose_userauth_info); + +diff -ur openssh-8.1p1/sshd.c openssh-8.1p1+iOS/sshd.c +--- openssh-8.1p1/sshd.c 2019-10-08 14:31:03.000000000 -1000 ++++ openssh-8.1p1+iOS/sshd.c 2020-01-03 13:45:51.000000000 -1000 +@@ -238,7 +238,6 @@ + int use_privsep = -1; + struct monitor *pmonitor = NULL; + int privsep_is_preauth = 1; +-static int privsep_chroot = 1; + + /* global connection state and authentication contexts */ + Authctxt *the_authctxt = NULL; +@@ -456,7 +455,7 @@ + demote_sensitive_data(); + + /* Demote the child */ +- if (privsep_chroot) { ++ if (getuid() == 0 || geteuid() == 0) { + /* Change our root directory */ + if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1) + fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR, +@@ -1684,9 +1683,8 @@ + ); + + /* Store privilege separation user for later use if required. */ +- privsep_chroot = use_privsep && (getuid() == 0 || geteuid() == 0); + if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) { +- if (privsep_chroot || options.kerberos_authentication) ++ if (use_privsep || options.kerberos_authentication) + fatal("Privilege separation user %s does not exist", + SSH_PRIVSEP_USER); + } else { +@@ -1821,7 +1819,7 @@ + sshkey_type(key)); + } + +- if (privsep_chroot) { ++ if (use_privsep) { + struct stat st; + + if ((stat(_PATH_PRIVSEP_CHROOT_DIR, &st) == -1) || +diff -ur openssh-8.1p1/sshd_config openssh-8.1p1+iOS/sshd_config +--- openssh-8.1p1/sshd_config 2019-10-08 14:31:03.000000000 -1000 ++++ openssh-8.1p1+iOS/sshd_config 2020-01-03 13:45:51.000000000 -1000 +@@ -90,6 +90,7 @@ + #PermitTTY yes + #PrintMotd yes + #PrintLastLog yes ++#UsePrivilegeSeparation sandbox + #TCPKeepAlive yes + #PermitUserEnvironment no + #Compression delayed +diff -ur openssh-8.1p1/sshd_config.5 openssh-8.1p1+iOS/sshd_config.5 +--- openssh-8.1p1/sshd_config.5 2019-10-08 14:31:03.000000000 -1000 ++++ openssh-8.1p1+iOS/sshd_config.5 2020-01-03 13:45:51.000000000 -1000 +@@ -1642,6 +1642,28 @@ + as a non-root user. + The default is + .Cm no . ++.It Cm UsePrivilegeSeparation ++Specifies whether ++.Xr sshd 8 ++separates privileges by creating an unprivileged child process ++to deal with incoming network traffic. ++After successful authentication, another process will be created that has ++the privilege of the authenticated user. ++The goal of privilege separation is to prevent privilege ++escalation by containing any corruption within the unprivileged processes. ++The argument must be ++.Cm yes , ++.Cm no , ++or ++.Cm sandbox . ++If ++.Cm UsePrivilegeSeparation ++is set to ++.Cm sandbox ++then the pre-authentication unprivileged process is subject to additional ++restrictions. ++The default is ++.Cm sandbox . + .It Cm VersionAddendum + Optionally specifies additional text to append to the SSH protocol banner + sent by the server upon connection. diff --git a/data/_openssh/ssh_config b/data/_openssh/ssh_config new file mode 100644 index 000000000..2f22fc980 --- /dev/null +++ b/data/_openssh/ssh_config @@ -0,0 +1,47 @@ +# $OpenBSD: ssh_config,v 1.23 2007/06/08 04:40:40 pvalchev Exp $ + +# This is the ssh client system-wide configuration file. See +# ssh_config(5) for more information. This file provides defaults for +# users, and the values can be changed in per-user configuration files +# or on the command line. + +# Configuration data is parsed as follows: +# 1. command line options +# 2. user-specific file +# 3. system-wide file +# Any configuration value is only changed the first time it is set. +# Thus, host-specific definitions should be at the beginning of the +# configuration file, and defaults at the end. + +# Site-wide defaults for some commonly used options. For a comprehensive +# list of available options, their meanings and defaults, please see the +# ssh_config(5) man page. + +Host * +# ForwardAgent no + ForwardX11 yes +# RhostsRSAAuthentication no +# RSAAuthentication yes +# PasswordAuthentication yes +# HostbasedAuthentication no +# GSSAPIAuthentication no +# GSSAPIDelegateCredentials no +# BatchMode no +# CheckHostIP yes +# AddressFamily any +# ConnectTimeout 0 +# StrictHostKeyChecking ask +# IdentityFile ~/.ssh/identity +# IdentityFile ~/.ssh/id_rsa +# IdentityFile ~/.ssh/id_dsa +# Port 22 +# Protocol 2,1 +# Cipher 3des +# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc +# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160 +# EscapeChar ~ +# Tunnel no +# TunnelDevice any:any +# PermitLocalCommand no + SendEnv LANG LC_* + HashKnownHosts yes diff --git a/data/_openssh/sshd-keygen-wrapper b/data/_openssh/sshd-keygen-wrapper new file mode 100755 index 000000000..07f2631e3 --- /dev/null +++ b/data/_openssh/sshd-keygen-wrapper @@ -0,0 +1,7 @@ +#!/bin/sh + +[ ! -f /etc/ssh/ssh_host_key ] && ssh-keygen -q -t rsa1 -f /etc/ssh/ssh_host_key -N "" -C "" < /dev/null > /dev/null 2> /dev/null +[ ! -f /etc/ssh/ssh_host_rsa_key ] && ssh-keygen -q -t rsa -f /etc/ssh/ssh_host_rsa_key -N "" -C "" < /dev/null > /dev/null 2> /dev/null +[ ! -f /etc/ssh/ssh_host_dsa_key ] && ssh-keygen -q -t dsa -f /etc/ssh/ssh_host_dsa_key -N "" -C "" < /dev/null > /dev/null 2> /dev/null + +exec /usr/sbin/sshd $@ diff --git a/data/_openssh/sshd_config b/data/_openssh/sshd_config new file mode 100644 index 000000000..7276adf09 --- /dev/null +++ b/data/_openssh/sshd_config @@ -0,0 +1,116 @@ +# $OpenBSD: sshd_config,v 1.75 2007/03/19 01:01:29 djm Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options change a +# default value. + +#Port 22 +#AddressFamily any +#ListenAddress 0.0.0.0 +#ListenAddress :: + +# Disable legacy (protocol version 1) support in the server for new +# installations. In future the default will change to require explicit +# activation of protocol 1 +Protocol 2 + +# HostKey for protocol version 1 +# HostKey /etc/ssh/ssh_host_key +# HostKeys for protocol version 2 +HostKey /etc/ssh/ssh_host_rsa_key +HostKey /etc/ssh/ssh_host_dsa_key + +# Lifetime and size of ephemeral version 1 server key +#KeyRegenerationInterval 1h +#ServerKeyBits 768 + +# Logging +# obsoletes QuietMode and FascistLogging +#SyslogFacility AUTH +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 2m +PermitRootLogin yes +#StrictModes yes +#MaxAuthTries 6 + +#RSAAuthentication yes +#PubkeyAuthentication yes +#AuthorizedKeysFile .ssh/authorized_keys + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#RhostsRSAAuthentication no +# similar for protocol version 2 +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# RhostsRSAAuthentication and HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# To disable tunneled clear text passwords, change to no here! +#PasswordAuthentication yes +#PermitEmptyPasswords no + +# Change to no to disable s/key passwords +#ChallengeResponseAuthentication yes + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +#UsePAM no + +#AllowTcpForwarding yes +GatewayPorts clientspecified +X11Forwarding yes +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PrintMotd yes +#PrintLastLog yes +#TCPKeepAlive yes +#UseLogin no +UsePrivilegeSeparation no +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +UseDNS no +#PidFile /var/run/sshd.pid +#MaxStartups 10 +#PermitTunnel no + +# no default banner path +#Banner /some/path + +# override default of no subsystems +Subsystem sftp /usr/libexec/sftp-server + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# ForceCommand cvs server diff --git a/data/_openssh/utmp.diff b/data/_openssh/utmp.diff new file mode 100644 index 000000000..6a5cf8617 --- /dev/null +++ b/data/_openssh/utmp.diff @@ -0,0 +1,41 @@ +diff -ru openssh-6.7p1/includes.h openssh-6.7p1+iPhone/includes.h +--- openssh-6.7p1/includes.h 2013-03-22 01:51:09.000000000 +0000 ++++ openssh-6.7p1+iPhone/includes.h 2014-12-03 08:07:53.000000000 +0000 +@@ -18,6 +18,8 @@ + + #include "config.h" + ++#define _UTMPX_COMPAT ++ + #ifndef _GNU_SOURCE + #define _GNU_SOURCE /* activate extra prototypes for glibc */ + #endif +@@ -66,6 +68,10 @@ + # include + #endif + ++#ifdef HAVE_UTIL_H ++# include ++#endif ++ + #ifdef HAVE_UTMP_H + # include + #endif +diff -ru openssh-6.7p1/loginrec.c openssh-6.7p1+iPhone/loginrec.c +--- openssh-6.7p1/loginrec.c 2014-01-17 01:23:24.000000000 +0000 ++++ openssh-6.7p1+iPhone/loginrec.c 2014-12-03 08:07:53.000000000 +0000 +@@ -184,12 +184,12 @@ + ** prototypes for helper functions in this file + **/ + +-#if HAVE_UTMP_H ++#if defined(USE_UTMP) || defined (USE_WTMP) || defined (USE_LOGIN) + void set_utmp_time(struct logininfo *li, struct utmp *ut); + void construct_utmp(struct logininfo *li, struct utmp *ut); + #endif + +-#ifdef HAVE_UTMPX_H ++#if defined(USE_UTMPX) || defined (USE_WTMPX) + void set_utmpx_time(struct logininfo *li, struct utmpx *ut); + void construct_utmpx(struct logininfo *li, struct utmpx *ut); + #endif diff --git a/data/openssh/_metadata/depiction b/data/openssh/_metadata/depiction deleted file mode 100644 index 6d11dd20b..000000000 --- a/data/openssh/_metadata/depiction +++ /dev/null @@ -1 +0,0 @@ -http://cydia.saurik.com/info/openssh/ diff --git a/data/openssh/_metadata/description b/data/openssh/_metadata/description deleted file mode 100644 index 8112506c5..000000000 --- a/data/openssh/_metadata/description +++ /dev/null @@ -1 +0,0 @@ -secure remote access between machines diff --git a/data/openssh/_metadata/extrainst_ b/data/openssh/_metadata/extrainst_ deleted file mode 100755 index 007af8999..000000000 --- a/data/openssh/_metadata/extrainst_ +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/sh - -if [[ $1 == upgrade ]]; then - /bin/launchctl unload /Library/LaunchDaemons/com.openssh.sshd.plist - /bin/launchctl load /Library/LaunchDaemons/com.openssh.sshd.plist -fi - -if [[ $1 == install ]]; then - /bin/launchctl load -w /Library/LaunchDaemons/com.openssh.sshd.plist -fi - -exit 0 diff --git a/data/openssh/_metadata/in.1200.00 b/data/openssh/_metadata/in.1200.00 deleted file mode 100644 index e69de29bb..000000000 diff --git a/data/openssh/_metadata/in.1443.00 b/data/openssh/_metadata/in.1443.00 deleted file mode 100644 index e69de29bb..000000000 diff --git a/data/openssh/_metadata/in.550.58 b/data/openssh/_metadata/in.550.58 deleted file mode 100644 index e69de29bb..000000000 diff --git a/data/openssh/_metadata/libssl1.1.1.dep b/data/openssh/_metadata/libssl1.1.1.dep deleted file mode 120000 index 254747b12..000000000 --- a/data/openssh/_metadata/libssl1.1.1.dep +++ /dev/null @@ -1 +0,0 @@ -../../libssl1.1.1 \ No newline at end of file diff --git a/data/openssh/_metadata/license b/data/openssh/_metadata/license deleted file mode 100644 index 3964b1d77..000000000 --- a/data/openssh/_metadata/license +++ /dev/null @@ -1,338 +0,0 @@ -This file is part of the OpenSSH software. - -The licences which components of this software fall under are as -follows. First, we will summarize and say that all components -are under a BSD licence, or a licence more free than that. - -OpenSSH contains no GPL code. - -1) - * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland - * All rights reserved - * - * As far as I am concerned, the code I have written for this software - * can be used freely for any purpose. Any derived versions of this - * software must be clearly marked as such, and if the derived work is - * incompatible with the protocol description in the RFC file, it must be - * called by a name other than "ssh" or "Secure Shell". - - [Tatu continues] - * However, I am not implying to give any licenses to any patents or - * copyrights held by third parties, and the software includes parts that - * are not under my direct control. As far as I know, all included - * source code is used in accordance with the relevant license agreements - * and can be used freely for any purpose (the GNU license being the most - * restrictive); see below for details. - - [However, none of that term is relevant at this point in time. All of - these restrictively licenced software components which he talks about - have been removed from OpenSSH, i.e., - - - RSA is no longer included, found in the OpenSSL library - - IDEA is no longer included, its use is deprecated - - DES is now external, in the OpenSSL library - - GMP is no longer used, and instead we call BN code from OpenSSL - - Zlib is now external, in a library - - The make-ssh-known-hosts script is no longer included - - TSS has been removed - - MD5 is now external, in the OpenSSL library - - RC4 support has been replaced with ARC4 support from OpenSSL - - Blowfish is now external, in the OpenSSL library - - [The licence continues] - - Note that any information and cryptographic algorithms used in this - software are publicly available on the Internet and at any major - bookstore, scientific library, and patent office worldwide. More - information can be found e.g. at "http://www.cs.hut.fi/crypto". - - The legal status of this program is some combination of all these - permissions and restrictions. Use only at your own responsibility. - You will be responsible for any legal consequences yourself; I am not - making any claims whether possessing or using this is legal or not in - your country, and I am not taking any responsibility on your behalf. - - - NO WARRANTY - - BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY - FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN - OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES - PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED - OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS - TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE - PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, - REPAIR OR CORRECTION. - - IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING - WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR - REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, - INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING - OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED - TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY - YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER - PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE - POSSIBILITY OF SUCH DAMAGES. - -2) - The 32-bit CRC compensation attack detector in deattack.c was - contributed by CORE SDI S.A. under a BSD-style license. - - * Cryptographic attack detector for ssh - source code - * - * Copyright (c) 1998 CORE SDI S.A., Buenos Aires, Argentina. - * - * All rights reserved. Redistribution and use in source and binary - * forms, with or without modification, are permitted provided that - * this copyright notice is retained. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED - * WARRANTIES ARE DISCLAIMED. IN NO EVENT SHALL CORE SDI S.A. BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY OR - * CONSEQUENTIAL DAMAGES RESULTING FROM THE USE OR MISUSE OF THIS - * SOFTWARE. - * - * Ariel Futoransky - * - -3) - ssh-keyscan was contributed by David Mazieres under a BSD-style - license. - - * Copyright 1995, 1996 by David Mazieres . - * - * Modification and redistribution in source and binary forms is - * permitted provided that due credit is given to the author and the - * OpenBSD project by leaving this copyright notice intact. - -4) - The Rijndael implementation by Vincent Rijmen, Antoon Bosselaers - and Paulo Barreto is in the public domain and distributed - with the following license: - - * @version 3.0 (December 2000) - * - * Optimised ANSI C code for the Rijndael cipher (now AES) - * - * @author Vincent Rijmen - * @author Antoon Bosselaers - * @author Paulo Barreto - * - * This code is hereby placed in the public domain. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS - * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED - * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR - * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE - * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, - * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -5) - One component of the ssh source code is under a 3-clause BSD license, - held by the University of California, since we pulled these parts from - original Berkeley code. - - * Copyright (c) 1983, 1990, 1992, 1993, 1995 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - -6) - Remaining components of the software are provided under a standard - 2-term BSD licence with the following names as copyright holders: - - Markus Friedl - Theo de Raadt - Niels Provos - Dug Song - Aaron Campbell - Damien Miller - Kevin Steves - Daniel Kouril - Wesley Griffin - Per Allansson - Nils Nordman - Simon Wilkinson - - Portable OpenSSH additionally includes code from the following copyright - holders, also under the 2-term BSD license: - - Ben Lindstrom - Tim Rice - Andre Lucas - Chris Adams - Corinna Vinschen - Cray Inc. - Denis Parker - Gert Doering - Jakob Schlyter - Jason Downs - Juha Yrjölä - Michael Stone - Networks Associates Technology, Inc. - Solar Designer - Todd C. Miller - Wayne Schroeder - William Jones - Darren Tucker - Sun Microsystems - The SCO Group - Daniel Walsh - - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -8) Portable OpenSSH contains the following additional licenses: - - a) md5crypt.c, md5crypt.h - - * "THE BEER-WARE LICENSE" (Revision 42): - * wrote this file. As long as you retain this - * notice you can do whatever you want with this stuff. If we meet - * some day, and you think this stuff is worth it, you can buy me a - * beer in return. Poul-Henning Kamp - - b) snprintf replacement - - * Copyright Patrick Powell 1995 - * This code is based on code written by Patrick Powell - * (papowell@astart.com) It may be used for any purpose as long as this - * notice remains intact on all source code distributions - - c) Compatibility code (openbsd-compat) - - Apart from the previously mentioned licenses, various pieces of code - in the openbsd-compat/ subdirectory are licensed as follows: - - Some code is licensed under a 3-term BSD license, to the following - copyright holders: - - Todd C. Miller - Theo de Raadt - Damien Miller - Eric P. Allman - The Regents of the University of California - Constantin S. Svintsoff - - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - - Some code is licensed under an ISC-style license, to the following - copyright holders: - - Internet Software Consortium. - Todd C. Miller - Reyk Floeter - Chad Mynhier - - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND TODD C. MILLER DISCLAIMS ALL - * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL TODD C. MILLER BE LIABLE - * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - - Some code is licensed under a MIT-style license to the following - copyright holders: - - Free Software Foundation, Inc. - - * Permission is hereby granted, free of charge, to any person obtaining a * - * copy of this software and associated documentation files (the * - * "Software"), to deal in the Software without restriction, including * - * without limitation the rights to use, copy, modify, merge, publish, * - * distribute, distribute with modifications, sublicense, and/or sell * - * copies of the Software, and to permit persons to whom the Software is * - * furnished to do so, subject to the following conditions: * - * * - * The above copyright notice and this permission notice shall be included * - * in all copies or substantial portions of the Software. * - * * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS * - * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF * - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. * - * IN NO EVENT SHALL THE ABOVE COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, * - * DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR * - * OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR * - * THE USE OR OTHER DEALINGS IN THE SOFTWARE. * - * * - * Except as contained in this notice, the name(s) of the above copyright * - * holders shall not be used in advertising or otherwise to promote the * - * sale, use or other dealings in this Software without prior written * - * authorization. * - ****************************************************************************/ - - ------- -$OpenBSD: LICENCE,v 1.19 2004/08/30 09:18:08 markus Exp $ diff --git a/data/openssh/_metadata/maintainer b/data/openssh/_metadata/maintainer deleted file mode 120000 index 573d7ebef..000000000 --- a/data/openssh/_metadata/maintainer +++ /dev/null @@ -1 +0,0 @@ -../../../people/sbingner \ No newline at end of file diff --git a/data/openssh/_metadata/name b/data/openssh/_metadata/name deleted file mode 100644 index 721aee556..000000000 --- a/data/openssh/_metadata/name +++ /dev/null @@ -1 +0,0 @@ -OpenSSH diff --git a/data/openssh/_metadata/prerm b/data/openssh/_metadata/prerm deleted file mode 100755 index 71be0c498..000000000 --- a/data/openssh/_metadata/prerm +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh - -if [[ $1 == remove || $1 == purge ]]; then - /bin/launchctl unload /Library/LaunchDaemons/com.openssh.sshd.plist -fi - -exit 0 diff --git a/data/openssh/_metadata/priority b/data/openssh/_metadata/priority deleted file mode 100644 index ea5b3d7ee..000000000 --- a/data/openssh/_metadata/priority +++ /dev/null @@ -1 +0,0 @@ -important diff --git a/data/openssh/_metadata/role b/data/openssh/_metadata/role deleted file mode 100644 index 762113e87..000000000 --- a/data/openssh/_metadata/role +++ /dev/null @@ -1 +0,0 @@ -enduser diff --git a/data/openssh/_metadata/section b/data/openssh/_metadata/section deleted file mode 100644 index 8708e4b54..000000000 --- a/data/openssh/_metadata/section +++ /dev/null @@ -1 +0,0 @@ -Networking diff --git a/data/openssh/_metadata/tags b/data/openssh/_metadata/tags deleted file mode 100644 index 6297beb06..000000000 --- a/data/openssh/_metadata/tags +++ /dev/null @@ -1 +0,0 @@ -purpose::daemon, purpose::console diff --git a/data/openssh/_metadata/version b/data/openssh/_metadata/version deleted file mode 100644 index c9dc04908..000000000 --- a/data/openssh/_metadata/version +++ /dev/null @@ -1 +0,0 @@ -8.4 diff --git a/data/openssh/com.openssh.sshd.plist b/data/openssh/com.openssh.sshd.plist deleted file mode 100644 index 450056bd6..000000000 --- a/data/openssh/com.openssh.sshd.plist +++ /dev/null @@ -1,39 +0,0 @@ - - - - - ExecuteAllowed - - Label - com.openssh.sshd - POSIXSpawnType - Interactive - EnablePressuredExit - - Program - /bin/sh - ProgramArguments - - /bin/sh - /usr/libexec/sshd-keygen-wrapper - -i - - SessionCreate - - Sockets - - SSHListener - - SockServiceName - ssh - - - StandardErrorPath - /dev/null - inetdCompatibility - - Wait - - - - diff --git a/data/openssh/dirent.diff b/data/openssh/dirent.diff deleted file mode 100644 index 2d5238250..000000000 --- a/data/openssh/dirent.diff +++ /dev/null @@ -1,14 +0,0 @@ -diff -ur openssh-8.4p1/configure.ac openssh-8.4p1+iOS/configure.ac ---- openssh-8.4p1/configure.ac 2021-01-26 23:09:30.000000000 -1000 -+++ openssh-8.4p1+iOS/configure.ac 2020-09-26 21:25:01.000000000 -1000 -@@ -1534,8 +1534,8 @@ - allocate extra space for d_name]) - ], - [ -- AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) -- AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME]) -+ AC_MSG_WARN([cross compiling: assuming yes]) -+ AC_MSG_RESULT([yes]) - ] - ) - diff --git a/data/openssh/install.diff b/data/openssh/install.diff deleted file mode 100644 index 88866e26b..000000000 --- a/data/openssh/install.diff +++ /dev/null @@ -1,12 +0,0 @@ -diff -ru openssh-6.7p1/Makefile.in openssh-6.7p1+iPhone/Makefile.in ---- openssh-6.7p1/Makefile.in 2014-08-30 06:23:07.000000000 +0000 -+++ openssh-6.7p1+iPhone/Makefile.in 2014-12-03 08:17:45.000000000 +0000 -@@ -270,7 +270,7 @@ - $(AUTORECONF) - -rm -rf autom4te.cache - --install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf host-key check-config -+install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf - install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf - install-nosysconf: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files - diff --git a/data/openssh/make.sh b/data/openssh/make.sh deleted file mode 100644 index 4896d9037..000000000 --- a/data/openssh/make.sh +++ /dev/null @@ -1,9 +0,0 @@ -pkg:setup -autoconf -pkg:configure --disable-strip --sysconfdir=/etc/ssh --disable-libutil --disable-utmp --disable-wtmp -pkg:make -pkg:install INSTALL_SSH_RAND_HELPER=yes -pkg: cp -a %/sshd-keygen-wrapper /usr/libexec -pkg: mkdir -p /Library/LaunchDaemons -pkg: cp -a %/com.openssh.sshd.plist /Library/LaunchDaemons -pkg: cp -af %/ssh{d,}_config /etc/ssh diff --git a/data/openssh/openssh-8.4p1.tar.gz b/data/openssh/openssh-8.4p1.tar.gz deleted file mode 100644 index ec913a33a..000000000 Binary files a/data/openssh/openssh-8.4p1.tar.gz and /dev/null differ diff --git a/data/openssh/privsep.diff b/data/openssh/privsep.diff deleted file mode 100644 index 1ded9e741..000000000 --- a/data/openssh/privsep.diff +++ /dev/null @@ -1,211 +0,0 @@ -diff -ur openssh-8.1p1/contrib/cygwin/ssh-host-config openssh-8.1p1+iOS/contrib/cygwin/ssh-host-config ---- openssh-8.1p1/contrib/cygwin/ssh-host-config 2019-10-08 14:31:03.000000000 -1000 -+++ openssh-8.1p1+iOS/contrib/cygwin/ssh-host-config 2020-01-03 13:45:51.000000000 -1000 -@@ -63,6 +63,7 @@ - port_number=22 - service_name=cygsshd - strictmodes=yes -+privsep_used=yes - cygwin_value="" - user_account= - password_value= -@@ -139,21 +140,33 @@ - - # ====================================================================== - # Routine: sshd_privsep --# Try to create ssshd user account -+# MODIFIES: privsep_used - # ====================================================================== - sshd_privsep() { - local ret=0 - - if [ "${sshd_config_configured}" != "yes" ] - then -- if ! csih_create_unprivileged_user sshd -- then -- csih_error_recoverable "Could not create user 'sshd'!" -- csih_error_recoverable "You will not be able to run an sshd service" -- csih_error_recoverable "under a privileged account successfully." -- csih_error_recoverable "Make sure to create a non-privileged user 'sshd'" -- csih_error_recoverable "manually before trying to run the service!" -- let ++ret -+ echo -+ csih_inform "Privilege separation is set to 'sandbox' by default since" -+ csih_inform "OpenSSH 6.1. This is unsupported by Cygwin and has to be set" -+ csih_inform "to 'yes' or 'no'." -+ csih_inform "However, using privilege separation requires a non-privileged account" -+ csih_inform "called 'sshd'." -+ csih_inform "For more info on privilege separation read /usr/share/doc/openssh/README.privsep." -+ if csih_request "Should privilege separation be used?" -+ then -+ privsep_used=yes -+ if ! csih_create_unprivileged_user sshd -+ then -+ csih_error_recoverable "Couldn't create user 'sshd'!" -+ csih_error_recoverable "Privilege separation set to 'no' again!" -+ csih_error_recoverable "Check your ${SYSCONFDIR}/sshd_config file!" -+ let ++ret -+ privsep_used=no -+ fi -+ else -+ privsep_used=no - fi - fi - return $ret -@@ -189,6 +202,18 @@ - let ++ret - fi - fi -+ if [ "${sshd_config_configured}" != "yes" ] -+ then -+ /usr/bin/sed -i -e " -+ s/^#\?UsePrivilegeSeparation .*/UsePrivilegeSeparation ${privsep_used}/" \ -+ ${SYSCONFDIR}/sshd_config -+ if [ $? -ne 0 ] -+ then -+ csih_warning "Setting privilege separation failed!" -+ csih_warning "Check your ${SYSCONFDIR}/sshd_config file!" -+ let ++ret -+ fi -+ fi - return $ret - } # --- End of sshd_config_tweak --- # - -diff -ur openssh-8.1p1/servconf.c openssh-8.1p1+iOS/servconf.c ---- openssh-8.1p1/servconf.c 2019-10-08 14:31:03.000000000 -1000 -+++ openssh-8.1p1+iOS/servconf.c 2020-01-03 13:45:51.000000000 -1000 -@@ -627,7 +627,7 @@ - { "clientalivecountmax", sClientAliveCountMax, SSHCFG_ALL }, - { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL }, - { "authorizedkeysfile2", sDeprecated, SSHCFG_ALL }, -- { "useprivilegeseparation", sDeprecated, SSHCFG_GLOBAL}, -+ { "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL}, - { "acceptenv", sAcceptEnv, SSHCFG_ALL }, - { "setenv", sSetEnv, SSHCFG_ALL }, - { "permittunnel", sPermitTunnel, SSHCFG_ALL }, -@@ -1202,6 +1202,13 @@ - { "no", 0 }, - { NULL, -1 } - }; -+static const struct multistate multistate_privsep[] = { -+ { "yes", PRIVSEP_NOSANDBOX }, -+ { "sandbox", PRIVSEP_ON }, -+ { "nosandbox", PRIVSEP_NOSANDBOX }, -+ { "no", PRIVSEP_OFF }, -+ { NULL, -1 } -+}; - static const struct multistate multistate_tcpfwd[] = { - { "yes", FORWARD_ALLOW }, - { "all", FORWARD_ALLOW }, -@@ -1666,6 +1673,11 @@ - intptr = &options->disable_forwarding; - goto parse_flag; - -+ case sUsePrivilegeSeparation: -+ intptr = &use_privsep; -+ multistate_ptr = multistate_privsep; -+ goto parse_multistate; -+ - case sAllowUsers: - while ((arg = strdelim(&cp)) && *arg != '\0') { - if (match_user(NULL, NULL, NULL, arg) == -1) -@@ -2431,6 +2443,8 @@ - return fmt_multistate_int(val, multistate_gatewayports); - case sCompression: - return fmt_multistate_int(val, multistate_compression); -+ case sUsePrivilegeSeparation: -+ return fmt_multistate_int(val, multistate_privsep); - case sAllowTcpForwarding: - return fmt_multistate_int(val, multistate_tcpfwd); - case sAllowStreamLocalForwarding: -@@ -2610,6 +2624,7 @@ - dump_cfg_fmtint(sDisableForwarding, o->disable_forwarding); - dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding); - dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink); -+ dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep); - dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash); - dump_cfg_fmtint(sExposeAuthInfo, o->expose_userauth_info); - -diff -ur openssh-8.1p1/sshd.c openssh-8.1p1+iOS/sshd.c ---- openssh-8.1p1/sshd.c 2019-10-08 14:31:03.000000000 -1000 -+++ openssh-8.1p1+iOS/sshd.c 2020-01-03 13:45:51.000000000 -1000 -@@ -238,7 +238,6 @@ - int use_privsep = -1; - struct monitor *pmonitor = NULL; - int privsep_is_preauth = 1; --static int privsep_chroot = 1; - - /* global connection state and authentication contexts */ - Authctxt *the_authctxt = NULL; -@@ -456,7 +455,7 @@ - demote_sensitive_data(); - - /* Demote the child */ -- if (privsep_chroot) { -+ if (getuid() == 0 || geteuid() == 0) { - /* Change our root directory */ - if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1) - fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR, -@@ -1684,9 +1683,8 @@ - ); - - /* Store privilege separation user for later use if required. */ -- privsep_chroot = use_privsep && (getuid() == 0 || geteuid() == 0); - if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) { -- if (privsep_chroot || options.kerberos_authentication) -+ if (use_privsep || options.kerberos_authentication) - fatal("Privilege separation user %s does not exist", - SSH_PRIVSEP_USER); - } else { -@@ -1821,7 +1819,7 @@ - sshkey_type(key)); - } - -- if (privsep_chroot) { -+ if (use_privsep) { - struct stat st; - - if ((stat(_PATH_PRIVSEP_CHROOT_DIR, &st) == -1) || -diff -ur openssh-8.1p1/sshd_config openssh-8.1p1+iOS/sshd_config ---- openssh-8.1p1/sshd_config 2019-10-08 14:31:03.000000000 -1000 -+++ openssh-8.1p1+iOS/sshd_config 2020-01-03 13:45:51.000000000 -1000 -@@ -90,6 +90,7 @@ - #PermitTTY yes - #PrintMotd yes - #PrintLastLog yes -+#UsePrivilegeSeparation sandbox - #TCPKeepAlive yes - #PermitUserEnvironment no - #Compression delayed -diff -ur openssh-8.1p1/sshd_config.5 openssh-8.1p1+iOS/sshd_config.5 ---- openssh-8.1p1/sshd_config.5 2019-10-08 14:31:03.000000000 -1000 -+++ openssh-8.1p1+iOS/sshd_config.5 2020-01-03 13:45:51.000000000 -1000 -@@ -1642,6 +1642,28 @@ - as a non-root user. - The default is - .Cm no . -+.It Cm UsePrivilegeSeparation -+Specifies whether -+.Xr sshd 8 -+separates privileges by creating an unprivileged child process -+to deal with incoming network traffic. -+After successful authentication, another process will be created that has -+the privilege of the authenticated user. -+The goal of privilege separation is to prevent privilege -+escalation by containing any corruption within the unprivileged processes. -+The argument must be -+.Cm yes , -+.Cm no , -+or -+.Cm sandbox . -+If -+.Cm UsePrivilegeSeparation -+is set to -+.Cm sandbox -+then the pre-authentication unprivileged process is subject to additional -+restrictions. -+The default is -+.Cm sandbox . - .It Cm VersionAddendum - Optionally specifies additional text to append to the SSH protocol banner - sent by the server upon connection. diff --git a/data/openssh/ssh_config b/data/openssh/ssh_config deleted file mode 100644 index 2f22fc980..000000000 --- a/data/openssh/ssh_config +++ /dev/null @@ -1,47 +0,0 @@ -# $OpenBSD: ssh_config,v 1.23 2007/06/08 04:40:40 pvalchev Exp $ - -# This is the ssh client system-wide configuration file. See -# ssh_config(5) for more information. This file provides defaults for -# users, and the values can be changed in per-user configuration files -# or on the command line. - -# Configuration data is parsed as follows: -# 1. command line options -# 2. user-specific file -# 3. system-wide file -# Any configuration value is only changed the first time it is set. -# Thus, host-specific definitions should be at the beginning of the -# configuration file, and defaults at the end. - -# Site-wide defaults for some commonly used options. For a comprehensive -# list of available options, their meanings and defaults, please see the -# ssh_config(5) man page. - -Host * -# ForwardAgent no - ForwardX11 yes -# RhostsRSAAuthentication no -# RSAAuthentication yes -# PasswordAuthentication yes -# HostbasedAuthentication no -# GSSAPIAuthentication no -# GSSAPIDelegateCredentials no -# BatchMode no -# CheckHostIP yes -# AddressFamily any -# ConnectTimeout 0 -# StrictHostKeyChecking ask -# IdentityFile ~/.ssh/identity -# IdentityFile ~/.ssh/id_rsa -# IdentityFile ~/.ssh/id_dsa -# Port 22 -# Protocol 2,1 -# Cipher 3des -# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc -# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160 -# EscapeChar ~ -# Tunnel no -# TunnelDevice any:any -# PermitLocalCommand no - SendEnv LANG LC_* - HashKnownHosts yes diff --git a/data/openssh/sshd-keygen-wrapper b/data/openssh/sshd-keygen-wrapper deleted file mode 100755 index 07f2631e3..000000000 --- a/data/openssh/sshd-keygen-wrapper +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh - -[ ! -f /etc/ssh/ssh_host_key ] && ssh-keygen -q -t rsa1 -f /etc/ssh/ssh_host_key -N "" -C "" < /dev/null > /dev/null 2> /dev/null -[ ! -f /etc/ssh/ssh_host_rsa_key ] && ssh-keygen -q -t rsa -f /etc/ssh/ssh_host_rsa_key -N "" -C "" < /dev/null > /dev/null 2> /dev/null -[ ! -f /etc/ssh/ssh_host_dsa_key ] && ssh-keygen -q -t dsa -f /etc/ssh/ssh_host_dsa_key -N "" -C "" < /dev/null > /dev/null 2> /dev/null - -exec /usr/sbin/sshd $@ diff --git a/data/openssh/sshd_config b/data/openssh/sshd_config deleted file mode 100644 index 7276adf09..000000000 --- a/data/openssh/sshd_config +++ /dev/null @@ -1,116 +0,0 @@ -# $OpenBSD: sshd_config,v 1.75 2007/03/19 01:01:29 djm Exp $ - -# This is the sshd server system-wide configuration file. See -# sshd_config(5) for more information. - -# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin - -# The strategy used for options in the default sshd_config shipped with -# OpenSSH is to specify options with their default value where -# possible, but leave them commented. Uncommented options change a -# default value. - -#Port 22 -#AddressFamily any -#ListenAddress 0.0.0.0 -#ListenAddress :: - -# Disable legacy (protocol version 1) support in the server for new -# installations. In future the default will change to require explicit -# activation of protocol 1 -Protocol 2 - -# HostKey for protocol version 1 -# HostKey /etc/ssh/ssh_host_key -# HostKeys for protocol version 2 -HostKey /etc/ssh/ssh_host_rsa_key -HostKey /etc/ssh/ssh_host_dsa_key - -# Lifetime and size of ephemeral version 1 server key -#KeyRegenerationInterval 1h -#ServerKeyBits 768 - -# Logging -# obsoletes QuietMode and FascistLogging -#SyslogFacility AUTH -#LogLevel INFO - -# Authentication: - -#LoginGraceTime 2m -PermitRootLogin yes -#StrictModes yes -#MaxAuthTries 6 - -#RSAAuthentication yes -#PubkeyAuthentication yes -#AuthorizedKeysFile .ssh/authorized_keys - -# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts -#RhostsRSAAuthentication no -# similar for protocol version 2 -#HostbasedAuthentication no -# Change to yes if you don't trust ~/.ssh/known_hosts for -# RhostsRSAAuthentication and HostbasedAuthentication -#IgnoreUserKnownHosts no -# Don't read the user's ~/.rhosts and ~/.shosts files -#IgnoreRhosts yes - -# To disable tunneled clear text passwords, change to no here! -#PasswordAuthentication yes -#PermitEmptyPasswords no - -# Change to no to disable s/key passwords -#ChallengeResponseAuthentication yes - -# Kerberos options -#KerberosAuthentication no -#KerberosOrLocalPasswd yes -#KerberosTicketCleanup yes -#KerberosGetAFSToken no - -# GSSAPI options -#GSSAPIAuthentication no -#GSSAPICleanupCredentials yes - -# Set this to 'yes' to enable PAM authentication, account processing, -# and session processing. If this is enabled, PAM authentication will -# be allowed through the ChallengeResponseAuthentication and -# PasswordAuthentication. Depending on your PAM configuration, -# PAM authentication via ChallengeResponseAuthentication may bypass -# the setting of "PermitRootLogin without-password". -# If you just want the PAM account and session checks to run without -# PAM authentication, then enable this but set PasswordAuthentication -# and ChallengeResponseAuthentication to 'no'. -#UsePAM no - -#AllowTcpForwarding yes -GatewayPorts clientspecified -X11Forwarding yes -#X11DisplayOffset 10 -#X11UseLocalhost yes -#PrintMotd yes -#PrintLastLog yes -#TCPKeepAlive yes -#UseLogin no -UsePrivilegeSeparation no -#PermitUserEnvironment no -#Compression delayed -#ClientAliveInterval 0 -#ClientAliveCountMax 3 -UseDNS no -#PidFile /var/run/sshd.pid -#MaxStartups 10 -#PermitTunnel no - -# no default banner path -#Banner /some/path - -# override default of no subsystems -Subsystem sftp /usr/libexec/sftp-server - -# Example of overriding settings on a per-user basis -#Match User anoncvs -# X11Forwarding no -# AllowTcpForwarding no -# ForceCommand cvs server diff --git a/data/openssh/utmp.diff b/data/openssh/utmp.diff deleted file mode 100644 index 6a5cf8617..000000000 --- a/data/openssh/utmp.diff +++ /dev/null @@ -1,41 +0,0 @@ -diff -ru openssh-6.7p1/includes.h openssh-6.7p1+iPhone/includes.h ---- openssh-6.7p1/includes.h 2013-03-22 01:51:09.000000000 +0000 -+++ openssh-6.7p1+iPhone/includes.h 2014-12-03 08:07:53.000000000 +0000 -@@ -18,6 +18,8 @@ - - #include "config.h" - -+#define _UTMPX_COMPAT -+ - #ifndef _GNU_SOURCE - #define _GNU_SOURCE /* activate extra prototypes for glibc */ - #endif -@@ -66,6 +68,10 @@ - # include - #endif - -+#ifdef HAVE_UTIL_H -+# include -+#endif -+ - #ifdef HAVE_UTMP_H - # include - #endif -diff -ru openssh-6.7p1/loginrec.c openssh-6.7p1+iPhone/loginrec.c ---- openssh-6.7p1/loginrec.c 2014-01-17 01:23:24.000000000 +0000 -+++ openssh-6.7p1+iPhone/loginrec.c 2014-12-03 08:07:53.000000000 +0000 -@@ -184,12 +184,12 @@ - ** prototypes for helper functions in this file - **/ - --#if HAVE_UTMP_H -+#if defined(USE_UTMP) || defined (USE_WTMP) || defined (USE_LOGIN) - void set_utmp_time(struct logininfo *li, struct utmp *ut); - void construct_utmp(struct logininfo *li, struct utmp *ut); - #endif - --#ifdef HAVE_UTMPX_H -+#if defined(USE_UTMPX) || defined (USE_WTMPX) - void set_utmpx_time(struct logininfo *li, struct utmpx *ut); - void construct_utmpx(struct logininfo *li, struct utmpx *ut); - #endif -- cgit v1.2.3