From 193fb560bdb2efcc236ddc58675b952cc864888a Mon Sep 17 00:00:00 2001 From: Sam Bingner Date: Tue, 11 Dec 2018 15:57:02 -1000 Subject: Update openssh to 7.9p1 --- data/openssh/_metadata/libssl1.0.dep | 1 + data/openssh/_metadata/openssl.dep | 1 - data/openssh/_metadata/version | 2 +- data/openssh/openssh-7.7p1.tar.gz | Bin 1536900 -> 0 bytes data/openssh/openssh-7.9p1.tar.gz | Bin 0 -> 1565384 bytes data/openssh/privsep.diff | 94 +++++++++++++++++------------------ 6 files changed, 49 insertions(+), 49 deletions(-) create mode 120000 data/openssh/_metadata/libssl1.0.dep delete mode 120000 data/openssh/_metadata/openssl.dep delete mode 100644 data/openssh/openssh-7.7p1.tar.gz create mode 100644 data/openssh/openssh-7.9p1.tar.gz (limited to 'data/openssh') diff --git a/data/openssh/_metadata/libssl1.0.dep b/data/openssh/_metadata/libssl1.0.dep new file mode 120000 index 000000000..a501d00a8 --- /dev/null +++ b/data/openssh/_metadata/libssl1.0.dep @@ -0,0 +1 @@ +../../libssl1.0 \ No newline at end of file diff --git a/data/openssh/_metadata/openssl.dep b/data/openssh/_metadata/openssl.dep deleted file mode 120000 index 9b58fd56b..000000000 --- a/data/openssh/_metadata/openssl.dep +++ /dev/null @@ -1 +0,0 @@ -../../openssl \ No newline at end of file diff --git a/data/openssh/_metadata/version b/data/openssh/_metadata/version index d4461db47..11ec65529 100644 --- a/data/openssh/_metadata/version +++ b/data/openssh/_metadata/version @@ -1 +1 @@ -7.7p1 +7.9p1 diff --git a/data/openssh/openssh-7.7p1.tar.gz b/data/openssh/openssh-7.7p1.tar.gz deleted file mode 100644 index 776707ee5..000000000 Binary files a/data/openssh/openssh-7.7p1.tar.gz and /dev/null differ diff --git a/data/openssh/openssh-7.9p1.tar.gz b/data/openssh/openssh-7.9p1.tar.gz new file mode 100644 index 000000000..38f492774 Binary files /dev/null and b/data/openssh/openssh-7.9p1.tar.gz differ diff --git a/data/openssh/privsep.diff b/data/openssh/privsep.diff index 2f53b4da3..3f2b4d28b 100644 --- a/data/openssh/privsep.diff +++ b/data/openssh/privsep.diff @@ -1,8 +1,7 @@ -diff --git a/contrib/cygwin/ssh-host-config b/contrib/cygwin/ssh-host-config -index db6aaa08..d934d09b 100644 ---- a/contrib/cygwin/ssh-host-config -+++ b/contrib/cygwin/ssh-host-config -@@ -63,6 +63,7 @@ sshd_config_configured=no +diff -ur openssh-7.9p1/contrib/cygwin/ssh-host-config openssh-7.9p1+iPhone/contrib/cygwin/ssh-host-config +--- openssh-7.9p1/contrib/cygwin/ssh-host-config 2018-10-16 14:01:20.000000000 -1000 ++++ openssh-7.9p1+iPhone/contrib/cygwin/ssh-host-config 2018-12-10 10:14:07.000000000 -1000 +@@ -63,6 +63,7 @@ port_number=22 service_name=sshd strictmodes=yes @@ -10,7 +9,7 @@ index db6aaa08..d934d09b 100644 cygwin_value="" user_account= password_value= -@@ -139,21 +140,33 @@ sshd_strictmodes() { +@@ -139,21 +140,33 @@ # ====================================================================== # Routine: sshd_privsep @@ -23,6 +22,13 @@ index db6aaa08..d934d09b 100644 if [ "${sshd_config_configured}" != "yes" ] then - if ! csih_create_unprivileged_user sshd +- then +- csih_error_recoverable "Could not create user 'sshd'!" +- csih_error_recoverable "You will not be able to run an sshd service" +- csih_error_recoverable "under a privileged account successfully." +- csih_error_recoverable "Make sure to create a non-privileged user 'sshd'" +- csih_error_recoverable "manually before trying to run the service!" +- let ++ret + echo + csih_inform "Privilege separation is set to 'sandbox' by default since" + csih_inform "OpenSSH 6.1. This is unsupported by Cygwin and has to be set" @@ -31,13 +37,7 @@ index db6aaa08..d934d09b 100644 + csih_inform "called 'sshd'." + csih_inform "For more info on privilege separation read /usr/share/doc/openssh/README.privsep." + if csih_request "Should privilege separation be used?" - then -- csih_error_recoverable "Could not create user 'sshd'!" -- csih_error_recoverable "You will not be able to run an sshd service" -- csih_error_recoverable "under a privileged account successfully." -- csih_error_recoverable "Make sure to create a non-privileged user 'sshd'" -- csih_error_recoverable "manually before trying to run the service!" -- let ++ret ++ then + privsep_used=yes + if ! csih_create_unprivileged_user sshd + then @@ -52,7 +52,7 @@ index db6aaa08..d934d09b 100644 fi fi return $ret -@@ -189,6 +202,18 @@ sshd_config_tweak() { +@@ -189,6 +202,18 @@ let ++ret fi fi @@ -71,7 +71,7 @@ index db6aaa08..d934d09b 100644 return $ret } # --- End of sshd_config_tweak --- # -@@ -668,7 +693,7 @@ then +@@ -668,7 +693,7 @@ fi fi @@ -80,20 +80,19 @@ index db6aaa08..d934d09b 100644 csih_install_config "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults" || let ++warning_cnt if ! /usr/bin/cmp "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults/${SYSCONFDIR}/sshd_config" >/dev/null 2>&1 then -diff --git a/servconf.c b/servconf.c -index 0f0d0906..a63cec91 100644 ---- a/servconf.c -+++ b/servconf.c -@@ -590,7 +590,7 @@ static struct { +diff -ur openssh-7.9p1/servconf.c openssh-7.9p1+iPhone/servconf.c +--- openssh-7.9p1/servconf.c 2018-10-16 14:01:20.000000000 -1000 ++++ openssh-7.9p1+iPhone/servconf.c 2018-12-10 10:14:07.000000000 -1000 +@@ -614,7 +614,7 @@ { "clientalivecountmax", sClientAliveCountMax, SSHCFG_ALL }, { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL }, { "authorizedkeysfile2", sDeprecated, SSHCFG_ALL }, - { "useprivilegeseparation", sDeprecated, SSHCFG_GLOBAL}, + { "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL}, { "acceptenv", sAcceptEnv, SSHCFG_ALL }, + { "setenv", sSetEnv, SSHCFG_ALL }, { "permittunnel", sPermitTunnel, SSHCFG_ALL }, - { "permittty", sPermitTTY, SSHCFG_ALL }, -@@ -1130,6 +1130,13 @@ static const struct multistate multistate_gatewayports[] = { +@@ -1187,6 +1187,13 @@ { "no", 0 }, { NULL, -1 } }; @@ -107,7 +106,7 @@ index 0f0d0906..a63cec91 100644 static const struct multistate multistate_tcpfwd[] = { { "yes", FORWARD_ALLOW }, { "all", FORWARD_ALLOW }, -@@ -1563,6 +1570,11 @@ process_server_config_line(ServerOptions *options, char *line, +@@ -1646,6 +1653,11 @@ intptr = &options->disable_forwarding; goto parse_flag; @@ -119,7 +118,7 @@ index 0f0d0906..a63cec91 100644 case sAllowUsers: while ((arg = strdelim(&cp)) && *arg != '\0') { if (match_user(NULL, NULL, NULL, arg) == -1) -@@ -2289,6 +2301,8 @@ fmt_intarg(ServerOpCodes code, int val) +@@ -2407,6 +2419,8 @@ return fmt_multistate_int(val, multistate_gatewayports); case sCompression: return fmt_multistate_int(val, multistate_compression); @@ -128,7 +127,7 @@ index 0f0d0906..a63cec91 100644 case sAllowTcpForwarding: return fmt_multistate_int(val, multistate_tcpfwd); case sAllowStreamLocalForwarding: -@@ -2480,6 +2494,7 @@ dump_config(ServerOptions *o) +@@ -2586,6 +2600,7 @@ dump_cfg_fmtint(sDisableForwarding, o->disable_forwarding); dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding); dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink); @@ -136,11 +135,11 @@ index 0f0d0906..a63cec91 100644 dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash); dump_cfg_fmtint(sExposeAuthInfo, o->expose_userauth_info); -diff --git a/sshd.c b/sshd.c -index fd95b681..697f5a8b 100644 ---- a/sshd.c -+++ b/sshd.c -@@ -228,7 +228,6 @@ int startup_pipe; /* in child */ +Only in openssh-7.9p1+iPhone: servconf.c.orig +diff -ur openssh-7.9p1/sshd.c openssh-7.9p1+iPhone/sshd.c +--- openssh-7.9p1/sshd.c 2018-10-16 14:01:20.000000000 -1000 ++++ openssh-7.9p1+iPhone/sshd.c 2018-12-10 10:14:07.000000000 -1000 +@@ -228,7 +228,6 @@ int use_privsep = -1; struct monitor *pmonitor = NULL; int privsep_is_preauth = 1; @@ -148,7 +147,7 @@ index fd95b681..697f5a8b 100644 /* global authentication context */ Authctxt *the_authctxt = NULL; -@@ -541,7 +540,7 @@ privsep_preauth_child(void) +@@ -545,7 +544,7 @@ demote_sensitive_data(); /* Demote the child */ @@ -157,7 +156,7 @@ index fd95b681..697f5a8b 100644 /* Change our root directory */ if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1) fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR, -@@ -1641,9 +1640,8 @@ main(int ac, char **av) +@@ -1730,9 +1729,8 @@ ); /* Store privilege separation user for later use if required. */ @@ -168,8 +167,8 @@ index fd95b681..697f5a8b 100644 fatal("Privilege separation user %s does not exist", SSH_PRIVSEP_USER); } else { -@@ -1801,7 +1790,7 @@ main(int ac, char **av) - key_type(key)); +@@ -1858,7 +1856,7 @@ + sshkey_type(key)); } - if (privsep_chroot) { @@ -177,23 +176,22 @@ index fd95b681..697f5a8b 100644 struct stat st; if ((stat(_PATH_PRIVSEP_CHROOT_DIR, &st) == -1) || -diff --git a/sshd_config b/sshd_config -index 3109d5d7..018b5eb2 100644 ---- a/sshd_config -+++ b/sshd_config -@@ -92,6 +92,7 @@ AuthorizedKeysFile .ssh/authorized_keys +Only in openssh-7.9p1+iPhone: sshd.c.orig +diff -ur openssh-7.9p1/sshd_config openssh-7.9p1+iPhone/sshd_config +--- openssh-7.9p1/sshd_config 2018-10-16 14:01:20.000000000 -1000 ++++ openssh-7.9p1+iPhone/sshd_config 2018-12-10 10:14:59.000000000 -1000 +@@ -90,6 +90,7 @@ + #PermitTTY yes + #PrintMotd yes #PrintLastLog yes - #TCPKeepAlive yes - #UseLogin no +#UsePrivilegeSeparation sandbox + #TCPKeepAlive yes #PermitUserEnvironment no #Compression delayed - #ClientAliveInterval 0 -diff --git a/sshd_config.5 b/sshd_config.5 -index e3c7c393..20a185f0 100644 ---- a/sshd_config.5 -+++ b/sshd_config.5 -@@ -1542,6 +1542,28 @@ is enabled, you will not be able to run +diff -ur openssh-7.9p1/sshd_config.5 openssh-7.9p1+iPhone/sshd_config.5 +--- openssh-7.9p1/sshd_config.5 2018-10-16 14:01:20.000000000 -1000 ++++ openssh-7.9p1+iPhone/sshd_config.5 2018-12-10 10:14:07.000000000 -1000 +@@ -1624,6 +1624,28 @@ as a non-root user. The default is .Cm no . @@ -222,3 +220,5 @@ index e3c7c393..20a185f0 100644 .It Cm VersionAddendum Optionally specifies additional text to append to the SSH protocol banner sent by the server upon connection. +Only in openssh-7.9p1+iPhone: sshd_config.5.orig +Only in openssh-7.9p1+iPhone: sshd_config.orig -- cgit v1.2.3