Solaris/dbpware-for-solaris
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

openssh: update to 9.0p1

Browse Source
This commit is contained in:
Tom G. Christensen 2022-04-09 07:33:30 +02:00
parent 3dc6afc237
commit 34c5f7e5a8
9 changed files with 6 additions and 416 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
openssh/build.sh
View File

@ -6,17 +6,11 @@
###########################################################
# Check the following 4 variables before running the script
topdir=openssh
version=8.9p1
pkgver=2
version=9.0p1
pkgver=1
source[0]=https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/$topdir-$version.tar.gz
# If there are no patches, simply comment this
patch[0]=0001-upstream-free-3-wants-stdlib.h.patch
patch[1]=0002-Improve-detection-of-fzero-call-used-regs-all-suppor.patch
patch[2]=0003-Allow-ppoll_time64-in-seccomp-sandbox.patch
patch[3]=0004-upstream-pack-pollfd-array-before-server_accept_loop.patch
patch[4]=0005-Default-to-not-using-sandbox-when-cross-compiling.patch
patch[5]=0006-Resync-fmt_scaled.-with-OpenBSD.patch
patch[6]=0007-Fix-authopt-test-on-platforms-without-IPv6-support.patch
patch[0]=0007-Fix-authopt-test-on-platforms-without-IPv6-support.patch
# Source function library
. ${BUILDPKG_SCRIPTS}/buildpkg.functions

3
openssh/meta/ChangeLog
View File

@ -1,5 +1,8 @@
CHANGELOG
---------
* Fri Apr 08 2022 Tom G. Christensen <swpkg@jupiterrise.com> - 9.0p1-1
- Update to 9.0p1
* Fri Mar 11 2022 Tom G. Christensen <swpkg@jupiterrise.com> - 8.9p1-2
- Update to V_8_9_P1-6-g58802008

40
openssh/src/0001-upstream-free-3-wants-stdlib.h.patch
View File

@ -1,40 +0,0 @@
From 2ebf478107ecb3c554fceb26d01bca59c6d0ed1e Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Wed, 23 Feb 2022 21:21:49 +0000
Subject: [PATCH 1/7] upstream: free(3) wants stdlib.h
OpenBSD-Commit-ID: 227a8c70a95b4428c49e46863c9ef4bd318a3b8a
---
auth-rhosts.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/auth-rhosts.c b/auth-rhosts.c
index cac5cd84..4fc9252a 100644
--- a/auth-rhosts.c
+++ b/auth-rhosts.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-rhosts.c,v 1.55 2022/02/23 11:15:57 djm Exp $ */
+/* $OpenBSD: auth-rhosts.c,v 1.56 2022/02/23 21:21:49 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -19,6 +19,7 @@
#include <sys/types.h>
#include <sys/stat.h>
+#include <fcntl.h>
#ifdef HAVE_NETGROUP_H
# include <netgroup.h>
#endif
@@ -26,7 +27,7 @@
#include <stdio.h>
#include <string.h>
#include <stdarg.h>
-#include <fcntl.h>
+#include <stdlib.h>
#include <unistd.h>
#include "packet.h"
--
2.16.6

35
openssh/src/0002-Improve-detection-of-fzero-call-used-regs-all-suppor.patch
View File

@ -1,35 +0,0 @@
From 6c4a67ece33d9551429490898bb3c793a689e913 Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Thu, 24 Feb 2022 16:04:18 +0000
Subject: [PATCH 2/7] Improve detection of -fzero-call-used-regs=all support
GCC doesn't tell us whether this option is supported unless it runs into
the situation where it would need to emit corresponding code.
---
m4/openssh.m4 | 3 +++
1 file changed, 3 insertions(+)
diff --git a/m4/openssh.m4 b/m4/openssh.m4
index 4f9c3792..8c33c701 100644
--- a/m4/openssh.m4
+++ b/m4/openssh.m4
@@ -14,6 +14,8 @@ AC_DEFUN([OSSH_CHECK_CFLAG_COMPILE], [{
AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
#include <stdlib.h>
#include <stdio.h>
+/* Trivial function to help test for -fzero-call-used-regs */
+void f(int n) {}
int main(int argc, char **argv) {
(void)argv;
/* Some math to catch -ftrapv problems in the toolchain */
@@ -21,6 +23,7 @@ int main(int argc, char **argv) {
float l = i * 2.1;
double m = l / 0.5;
long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
+ f(0);
printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
/*
* Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does
--
2.16.6

29
openssh/src/0003-Allow-ppoll_time64-in-seccomp-sandbox.patch
View File

@ -1,29 +0,0 @@
From 995cf19fbef0b10dbcf1dd8d6382cec9194e08c5 Mon Sep 17 00:00:00 2001
From: Darren Tucker <dtucker@dtucker.net>
Date: Sat, 26 Feb 2022 14:06:14 +1100
Subject: [PATCH 3/7] Allow ppoll_time64 in seccomp sandbox.
Should fix sandbox violations on (some? at least i386 and armhf) 32bit
Linux platforms. Patch from chutzpahu at gentoo.org and cjwatson at
debian.org via bz#3396.
---
sandbox-seccomp-filter.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
index 2e065ba3..4ce80cb2 100644
--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
@@ -276,6 +276,9 @@ static const struct sock_filter preauth_insns[] = {
#ifdef __NR_ppoll
SC_ALLOW(__NR_ppoll),
#endif
+#ifdef __NR_ppoll_time64
+ SC_ALLOW(__NR_ppoll_time64),
+#endif
#ifdef __NR_poll
SC_ALLOW(__NR_poll),
#endif
--
2.16.6

98
openssh/src/0004-upstream-pack-pollfd-array-before-server_accept_loop.patch
View File

@ -1,98 +0,0 @@
From 238ac091dd57316bc9690d9cc42229fe21ce0def Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Tue, 1 Mar 2022 01:59:19 +0000
Subject: [PATCH 4/7] upstream: pack pollfd array before server_accept_loop()
ppoll()
call, and terminate sshd if ppoll() returns errno==EINVAL
avoids spin in ppoll when MaxStartups > RLIMIT_NOFILE, reported by
Daniel Micay
feedback/ok deraadt
OpenBSD-Commit-ID: dbab1c24993ac977ec24d83283b8b7528f7c2c15
---
sshd.c | 29 +++++++++++++++++++----------
1 file changed, 19 insertions(+), 10 deletions(-)
diff --git a/sshd.c b/sshd.c
index ef18ba46..30aeb806 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.583 2022/02/01 07:57:32 dtucker Exp $ */
+/* $OpenBSD: sshd.c,v 1.584 2022/03/01 01:59:19 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1129,9 +1129,9 @@ static void
server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
{
struct pollfd *pfd = NULL;
- int i, j, ret;
+ int i, j, ret, npfd;
int ostartups = -1, startups = 0, listening = 0, lameduck = 0;
- int startup_p[2] = { -1 , -1 };
+ int startup_p[2] = { -1 , -1 }, *startup_pollfd;
char c = 0;
struct sockaddr_storage from;
socklen_t fromlen;
@@ -1142,6 +1142,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
/* pipes connected to unauthenticated child sshd processes */
startup_pipes = xcalloc(options.max_startups, sizeof(int));
startup_flags = xcalloc(options.max_startups, sizeof(int));
+ startup_pollfd = xcalloc(options.max_startups, sizeof(int));
for (i = 0; i < options.max_startups; i++)
startup_pipes[i] = -1;
@@ -1157,6 +1158,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
sigaddset(&nsigset, SIGTERM);
sigaddset(&nsigset, SIGQUIT);
+ /* sized for worst-case */
pfd = xcalloc(num_listen_socks + options.max_startups,
sizeof(struct pollfd));
@@ -1196,24 +1198,31 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
pfd[i].fd = listen_socks[i];
pfd[i].events = POLLIN;
}
+ npfd = num_listen_socks;
for (i = 0; i < options.max_startups; i++) {
- pfd[num_listen_socks+i].fd = startup_pipes[i];
- if (startup_pipes[i] != -1)
- pfd[num_listen_socks+i].events = POLLIN;
+ startup_pollfd[i] = -1;
+ if (startup_pipes[i] != -1) {
+ pfd[npfd].fd = startup_pipes[i];
+ pfd[npfd].events = POLLIN;
+ startup_pollfd[i] = npfd++;
+ }
}
/* Wait until a connection arrives or a child exits. */
- ret = ppoll(pfd, num_listen_socks + options.max_startups,
- NULL, &osigset);
- if (ret == -1 && errno != EINTR)
+ ret = ppoll(pfd, npfd, NULL, &osigset);
+ if (ret == -1 && errno != EINTR) {
error("ppoll: %.100s", strerror(errno));
+ if (errno == EINVAL)
+ cleanup_exit(1); /* can't recover */
+ }
sigprocmask(SIG_SETMASK, &osigset, NULL);
if (ret == -1)
continue;
for (i = 0; i < options.max_startups; i++) {
if (startup_pipes[i] == -1 ||
- !(pfd[num_listen_socks+i].revents & (POLLIN|POLLHUP)))
+ startup_pollfd[i] == -1 ||
+ !(pfd[startup_pollfd[i]].revents & (POLLIN|POLLHUP)))
continue;
switch (read(startup_pipes[i], &c, sizeof(c))) {
case -1:
--
2.16.6

30
openssh/src/0005-Default-to-not-using-sandbox-when-cross-compiling.patch
View File

@ -1,30 +0,0 @@
From 244f64071150d8e78b114a32c0e5ca1a0d21d54c Mon Sep 17 00:00:00 2001
From: Darren Tucker <dtucker@dtucker.net>
Date: Tue, 8 Mar 2022 20:04:06 +1100
Subject: [PATCH 5/7] Default to not using sandbox when cross compiling.
On most systems poll(2) does not work when the number of FDs is reduced
with setrlimit, so assume it doesn't when cross compiling and we can't
run the test. bz#3398.
---
configure.ac | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/configure.ac b/configure.ac
index 17fb1e60..a165d087 100644
--- a/configure.ac
+++ b/configure.ac
@@ -3574,8 +3574,8 @@ AC_RUN_IFELSE(
select_works_with_rlimit=yes],
[AC_MSG_RESULT([no])
select_works_with_rlimit=no],
- [AC_MSG_WARN([cross compiling: assuming yes])
- select_works_with_rlimit=yes]
+ [AC_MSG_WARN([cross compiling: assuming no])
+ select_works_with_rlimit=no]
)
AC_CHECK_MEMBERS([struct pollfd.fd], [], [], [[
--
2.16.6

91
openssh/src/0006-Resync-fmt_scaled.-with-OpenBSD.patch
View File

@ -1,91 +0,0 @@
From 5880200867e440f8ab5fd893c93db86555990443 Mon Sep 17 00:00:00 2001
From: Darren Tucker <dtucker@dtucker.net>
Date: Fri, 11 Mar 2022 18:43:58 +1100
Subject: [PATCH 6/7] Resync fmt_scaled. with OpenBSD.
Fixes underflow reported in bz#3401.
---
openbsd-compat/fmt_scaled.c | 32 +++++++++++++++++++-------------
1 file changed, 19 insertions(+), 13 deletions(-)
diff --git a/openbsd-compat/fmt_scaled.c b/openbsd-compat/fmt_scaled.c
index 2f76ef93..87d40d2d 100644
--- a/openbsd-compat/fmt_scaled.c
+++ b/openbsd-compat/fmt_scaled.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: fmt_scaled.c,v 1.17 2018/05/14 04:39:04 djm Exp $ */
+/* $OpenBSD: fmt_scaled.c,v 1.21 2022/03/11 07:29:53 dtucker Exp $ */
/*
* Copyright (c) 2001, 2002, 2003 Ian F. Darwin. All rights reserved.
@@ -54,9 +54,9 @@ typedef enum {
} unit_type;
/* These three arrays MUST be in sync! XXX make a struct */
-static unit_type units[] = { NONE, KILO, MEGA, GIGA, TERA, PETA, EXA };
-static char scale_chars[] = "BKMGTPE";
-static long long scale_factors[] = {
+static const unit_type units[] = { NONE, KILO, MEGA, GIGA, TERA, PETA, EXA };
+static const char scale_chars[] = "BKMGTPE";
+static const long long scale_factors[] = {
1LL,
1024LL,
1024LL*1024,
@@ -153,10 +153,8 @@ scan_scaled(char *scaled, long long *result)
}
}
- if (sign) {
+ if (sign)
whole *= sign;
- fpart *= sign;
- }
/* If no scale factor given, we're done. fraction is discarded. */
if (!*p) {
@@ -191,7 +189,8 @@ scan_scaled(char *scaled, long long *result)
/* truncate fpart so it doesn't overflow.
* then scale fractional part.
*/
- while (fpart >= LLONG_MAX / scale_fact) {
+ while (fpart >= LLONG_MAX / scale_fact ||
+ fpart <= LLONG_MIN / scale_fact) {
fpart /= 10;
fract_digits--;
}
@@ -200,7 +199,10 @@ scan_scaled(char *scaled, long long *result)
for (i = 0; i < fract_digits -1; i++)
fpart /= 10;
}
- whole += fpart;
+ if (sign == -1)
+ whole -= fpart;
+ else
+ whole += fpart;
*result = whole;
return 0;
}
@@ -222,12 +224,16 @@ fmt_scaled(long long number, char *result)
unsigned int i;
unit_type unit = NONE;
+ /* Not every negative long long has a positive representation. */
+ if (number == LLONG_MIN) {
+ errno = ERANGE;
+ return -1;
+ }
+
abval = llabs(number);
- /* Not every negative long long has a positive representation.
- * Also check for numbers that are just too darned big to format
- */
- if (abval < 0 || abval / 1024 >= scale_factors[SCALE_LENGTH-1]) {
+ /* Also check for numbers that are just too darned big to format. */
+ if (abval / 1024 >= scale_factors[SCALE_LENGTH-1]) {
errno = ERANGE;
return -1;
}
--
2.16.6

84
openssh/src/openssh-8.6-no-stdint_h.patch
View File

@ -1,84 +0,0 @@
diff --git a/regress/unittests/authopt/tests.c b/regress/unittests/authopt/tests.c
index 8c51b380..1f0494f5 100644
--- a/regress/unittests/authopt/tests.c
+++ b/regress/unittests/authopt/tests.c
@@ -11,7 +11,9 @@
#include <sys/types.h>
#include <sys/param.h>
#include <stdio.h>
+#ifdef HAVE_STDINT_H
#include <stdint.h>
+#endif
#include <stdlib.h>
#include <string.h>
diff --git a/regress/unittests/misc/test_argv.c b/regress/unittests/misc/test_argv.c
index 7a28f64e..f0d7afe0 100644
--- a/regress/unittests/misc/test_argv.c
+++ b/regress/unittests/misc/test_argv.c
@@ -10,7 +10,9 @@
#include <sys/types.h>
#include <sys/param.h>
#include <stdio.h>
+#ifdef HAVE_STDINT_H
#include <stdint.h>
+#endif
#include <stdlib.h>
#include <string.h>
diff --git a/regress/unittests/misc/test_convtime.c b/regress/unittests/misc/test_convtime.c
index 5be3ee43..8f9be89f 100644
--- a/regress/unittests/misc/test_convtime.c
+++ b/regress/unittests/misc/test_convtime.c
@@ -10,7 +10,9 @@
#include <sys/types.h>
#include <sys/param.h>
#include <stdio.h>
+#ifdef HAVE_STDINT_H
#include <stdint.h>
+#endif
#include <stdlib.h>
#include <string.h>
diff --git a/regress/unittests/misc/test_expand.c b/regress/unittests/misc/test_expand.c
index c336fb0b..513c69bc 100644
--- a/regress/unittests/misc/test_expand.c
+++ b/regress/unittests/misc/test_expand.c
@@ -10,7 +10,9 @@
#include <sys/types.h>
#include <sys/param.h>
#include <stdio.h>
+#ifdef HAVE_STDINT_H
#include <stdint.h>
+#endif
#include <stdlib.h>
#include <string.h>
diff --git a/regress/unittests/misc/test_parse.c b/regress/unittests/misc/test_parse.c
index dd99068d..727ff3de 100644
--- a/regress/unittests/misc/test_parse.c
+++ b/regress/unittests/misc/test_parse.c
@@ -10,7 +10,9 @@
#include <sys/types.h>
#include <sys/param.h>
#include <stdio.h>
+#ifdef HAVE_STDINT_H
#include <stdint.h>
+#endif
#include <stdlib.h>
#include <string.h>
diff --git a/regress/unittests/misc/tests.c b/regress/unittests/misc/tests.c
index 75013f48..6bd8859b 100644
--- a/regress/unittests/misc/tests.c
+++ b/regress/unittests/misc/tests.c
@@ -10,7 +10,9 @@
#include <sys/types.h>
#include <sys/param.h>
#include <stdio.h>
+#ifdef HAVE_STDINT_H
#include <stdint.h>
+#endif
#include <stdlib.h>
#include <string.h>