From 34c5f7e5a82d9b2d348fecae02e3c30de4b10321 Mon Sep 17 00:00:00 2001 From: "Tom G. Christensen" Date: Sat, 9 Apr 2022 07:33:30 +0200 Subject: [PATCH] openssh: update to 9.0p1 --- openssh/build.sh | 12 +-- openssh/meta/ChangeLog | 3 + .../0001-upstream-free-3-wants-stdlib.h.patch | 40 -------- ...n-of-fzero-call-used-regs-all-suppor.patch | 35 ------- ...llow-ppoll_time64-in-seccomp-sandbox.patch | 29 ------ ...llfd-array-before-server_accept_loop.patch | 98 ------------------- ...t-using-sandbox-when-cross-compiling.patch | 30 ------ ...0006-Resync-fmt_scaled.-with-OpenBSD.patch | 91 ----------------- openssh/src/openssh-8.6-no-stdint_h.patch | 84 ---------------- 9 files changed, 6 insertions(+), 416 deletions(-) delete mode 100644 openssh/src/0001-upstream-free-3-wants-stdlib.h.patch delete mode 100644 openssh/src/0002-Improve-detection-of-fzero-call-used-regs-all-suppor.patch delete mode 100644 openssh/src/0003-Allow-ppoll_time64-in-seccomp-sandbox.patch delete mode 100644 openssh/src/0004-upstream-pack-pollfd-array-before-server_accept_loop.patch delete mode 100644 openssh/src/0005-Default-to-not-using-sandbox-when-cross-compiling.patch delete mode 100644 openssh/src/0006-Resync-fmt_scaled.-with-OpenBSD.patch delete mode 100644 openssh/src/openssh-8.6-no-stdint_h.patch diff --git a/openssh/build.sh b/openssh/build.sh index 34a49fd..d396579 100755 --- a/openssh/build.sh +++ b/openssh/build.sh @@ -6,17 +6,11 @@ ########################################################### # Check the following 4 variables before running the script topdir=openssh -version=8.9p1 -pkgver=2 +version=9.0p1 +pkgver=1 source[0]=https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/$topdir-$version.tar.gz # If there are no patches, simply comment this -patch[0]=0001-upstream-free-3-wants-stdlib.h.patch -patch[1]=0002-Improve-detection-of-fzero-call-used-regs-all-suppor.patch -patch[2]=0003-Allow-ppoll_time64-in-seccomp-sandbox.patch -patch[3]=0004-upstream-pack-pollfd-array-before-server_accept_loop.patch -patch[4]=0005-Default-to-not-using-sandbox-when-cross-compiling.patch -patch[5]=0006-Resync-fmt_scaled.-with-OpenBSD.patch -patch[6]=0007-Fix-authopt-test-on-platforms-without-IPv6-support.patch +patch[0]=0007-Fix-authopt-test-on-platforms-without-IPv6-support.patch # Source function library . ${BUILDPKG_SCRIPTS}/buildpkg.functions diff --git a/openssh/meta/ChangeLog b/openssh/meta/ChangeLog index 221e270..6f8564d 100644 --- a/openssh/meta/ChangeLog +++ b/openssh/meta/ChangeLog @@ -1,5 +1,8 @@ CHANGELOG --------- +* Fri Apr 08 2022 Tom G. Christensen - 9.0p1-1 +- Update to 9.0p1 + * Fri Mar 11 2022 Tom G. Christensen - 8.9p1-2 - Update to V_8_9_P1-6-g58802008 diff --git a/openssh/src/0001-upstream-free-3-wants-stdlib.h.patch b/openssh/src/0001-upstream-free-3-wants-stdlib.h.patch deleted file mode 100644 index d793899..0000000 --- a/openssh/src/0001-upstream-free-3-wants-stdlib.h.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 2ebf478107ecb3c554fceb26d01bca59c6d0ed1e Mon Sep 17 00:00:00 2001 -From: "djm@openbsd.org" -Date: Wed, 23 Feb 2022 21:21:49 +0000 -Subject: [PATCH 1/7] upstream: free(3) wants stdlib.h - -OpenBSD-Commit-ID: 227a8c70a95b4428c49e46863c9ef4bd318a3b8a ---- - auth-rhosts.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/auth-rhosts.c b/auth-rhosts.c -index cac5cd84..4fc9252a 100644 ---- a/auth-rhosts.c -+++ b/auth-rhosts.c -@@ -1,4 +1,4 @@ --/* $OpenBSD: auth-rhosts.c,v 1.55 2022/02/23 11:15:57 djm Exp $ */ -+/* $OpenBSD: auth-rhosts.c,v 1.56 2022/02/23 21:21:49 djm Exp $ */ - /* - * Author: Tatu Ylonen - * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland -@@ -19,6 +19,7 @@ - #include - #include - -+#include - #ifdef HAVE_NETGROUP_H - # include - #endif -@@ -26,7 +27,7 @@ - #include - #include - #include --#include -+#include - #include - - #include "packet.h" --- -2.16.6 - diff --git a/openssh/src/0002-Improve-detection-of-fzero-call-used-regs-all-suppor.patch b/openssh/src/0002-Improve-detection-of-fzero-call-used-regs-all-suppor.patch deleted file mode 100644 index 8c41ba5..0000000 --- a/openssh/src/0002-Improve-detection-of-fzero-call-used-regs-all-suppor.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 6c4a67ece33d9551429490898bb3c793a689e913 Mon Sep 17 00:00:00 2001 -From: Colin Watson -Date: Thu, 24 Feb 2022 16:04:18 +0000 -Subject: [PATCH 2/7] Improve detection of -fzero-call-used-regs=all support - -GCC doesn't tell us whether this option is supported unless it runs into -the situation where it would need to emit corresponding code. ---- - m4/openssh.m4 | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/m4/openssh.m4 b/m4/openssh.m4 -index 4f9c3792..8c33c701 100644 ---- a/m4/openssh.m4 -+++ b/m4/openssh.m4 -@@ -14,6 +14,8 @@ AC_DEFUN([OSSH_CHECK_CFLAG_COMPILE], [{ - AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ - #include - #include -+/* Trivial function to help test for -fzero-call-used-regs */ -+void f(int n) {} - int main(int argc, char **argv) { - (void)argv; - /* Some math to catch -ftrapv problems in the toolchain */ -@@ -21,6 +23,7 @@ int main(int argc, char **argv) { - float l = i * 2.1; - double m = l / 0.5; - long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; -+ f(0); - printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); - /* - * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does --- -2.16.6 - diff --git a/openssh/src/0003-Allow-ppoll_time64-in-seccomp-sandbox.patch b/openssh/src/0003-Allow-ppoll_time64-in-seccomp-sandbox.patch deleted file mode 100644 index 5fbcb22..0000000 --- a/openssh/src/0003-Allow-ppoll_time64-in-seccomp-sandbox.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 995cf19fbef0b10dbcf1dd8d6382cec9194e08c5 Mon Sep 17 00:00:00 2001 -From: Darren Tucker -Date: Sat, 26 Feb 2022 14:06:14 +1100 -Subject: [PATCH 3/7] Allow ppoll_time64 in seccomp sandbox. - -Should fix sandbox violations on (some? at least i386 and armhf) 32bit -Linux platforms. Patch from chutzpahu at gentoo.org and cjwatson at -debian.org via bz#3396. ---- - sandbox-seccomp-filter.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c -index 2e065ba3..4ce80cb2 100644 ---- a/sandbox-seccomp-filter.c -+++ b/sandbox-seccomp-filter.c -@@ -276,6 +276,9 @@ static const struct sock_filter preauth_insns[] = { - #ifdef __NR_ppoll - SC_ALLOW(__NR_ppoll), - #endif -+#ifdef __NR_ppoll_time64 -+ SC_ALLOW(__NR_ppoll_time64), -+#endif - #ifdef __NR_poll - SC_ALLOW(__NR_poll), - #endif --- -2.16.6 - diff --git a/openssh/src/0004-upstream-pack-pollfd-array-before-server_accept_loop.patch b/openssh/src/0004-upstream-pack-pollfd-array-before-server_accept_loop.patch deleted file mode 100644 index f3d204b..0000000 --- a/openssh/src/0004-upstream-pack-pollfd-array-before-server_accept_loop.patch +++ /dev/null @@ -1,98 +0,0 @@ -From 238ac091dd57316bc9690d9cc42229fe21ce0def Mon Sep 17 00:00:00 2001 -From: "djm@openbsd.org" -Date: Tue, 1 Mar 2022 01:59:19 +0000 -Subject: [PATCH 4/7] upstream: pack pollfd array before server_accept_loop() - ppoll() - -call, and terminate sshd if ppoll() returns errno==EINVAL - -avoids spin in ppoll when MaxStartups > RLIMIT_NOFILE, reported by -Daniel Micay - -feedback/ok deraadt - -OpenBSD-Commit-ID: dbab1c24993ac977ec24d83283b8b7528f7c2c15 ---- - sshd.c | 29 +++++++++++++++++++---------- - 1 file changed, 19 insertions(+), 10 deletions(-) - -diff --git a/sshd.c b/sshd.c -index ef18ba46..30aeb806 100644 ---- a/sshd.c -+++ b/sshd.c -@@ -1,4 +1,4 @@ --/* $OpenBSD: sshd.c,v 1.583 2022/02/01 07:57:32 dtucker Exp $ */ -+/* $OpenBSD: sshd.c,v 1.584 2022/03/01 01:59:19 djm Exp $ */ - /* - * Author: Tatu Ylonen - * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland -@@ -1129,9 +1129,9 @@ static void - server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) - { - struct pollfd *pfd = NULL; -- int i, j, ret; -+ int i, j, ret, npfd; - int ostartups = -1, startups = 0, listening = 0, lameduck = 0; -- int startup_p[2] = { -1 , -1 }; -+ int startup_p[2] = { -1 , -1 }, *startup_pollfd; - char c = 0; - struct sockaddr_storage from; - socklen_t fromlen; -@@ -1142,6 +1142,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) - /* pipes connected to unauthenticated child sshd processes */ - startup_pipes = xcalloc(options.max_startups, sizeof(int)); - startup_flags = xcalloc(options.max_startups, sizeof(int)); -+ startup_pollfd = xcalloc(options.max_startups, sizeof(int)); - for (i = 0; i < options.max_startups; i++) - startup_pipes[i] = -1; - -@@ -1157,6 +1158,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) - sigaddset(&nsigset, SIGTERM); - sigaddset(&nsigset, SIGQUIT); - -+ /* sized for worst-case */ - pfd = xcalloc(num_listen_socks + options.max_startups, - sizeof(struct pollfd)); - -@@ -1196,24 +1198,31 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) - pfd[i].fd = listen_socks[i]; - pfd[i].events = POLLIN; - } -+ npfd = num_listen_socks; - for (i = 0; i < options.max_startups; i++) { -- pfd[num_listen_socks+i].fd = startup_pipes[i]; -- if (startup_pipes[i] != -1) -- pfd[num_listen_socks+i].events = POLLIN; -+ startup_pollfd[i] = -1; -+ if (startup_pipes[i] != -1) { -+ pfd[npfd].fd = startup_pipes[i]; -+ pfd[npfd].events = POLLIN; -+ startup_pollfd[i] = npfd++; -+ } - } - - /* Wait until a connection arrives or a child exits. */ -- ret = ppoll(pfd, num_listen_socks + options.max_startups, -- NULL, &osigset); -- if (ret == -1 && errno != EINTR) -+ ret = ppoll(pfd, npfd, NULL, &osigset); -+ if (ret == -1 && errno != EINTR) { - error("ppoll: %.100s", strerror(errno)); -+ if (errno == EINVAL) -+ cleanup_exit(1); /* can't recover */ -+ } - sigprocmask(SIG_SETMASK, &osigset, NULL); - if (ret == -1) - continue; - - for (i = 0; i < options.max_startups; i++) { - if (startup_pipes[i] == -1 || -- !(pfd[num_listen_socks+i].revents & (POLLIN|POLLHUP))) -+ startup_pollfd[i] == -1 || -+ !(pfd[startup_pollfd[i]].revents & (POLLIN|POLLHUP))) - continue; - switch (read(startup_pipes[i], &c, sizeof(c))) { - case -1: --- -2.16.6 - diff --git a/openssh/src/0005-Default-to-not-using-sandbox-when-cross-compiling.patch b/openssh/src/0005-Default-to-not-using-sandbox-when-cross-compiling.patch deleted file mode 100644 index bc84d72..0000000 --- a/openssh/src/0005-Default-to-not-using-sandbox-when-cross-compiling.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 244f64071150d8e78b114a32c0e5ca1a0d21d54c Mon Sep 17 00:00:00 2001 -From: Darren Tucker -Date: Tue, 8 Mar 2022 20:04:06 +1100 -Subject: [PATCH 5/7] Default to not using sandbox when cross compiling. - -On most systems poll(2) does not work when the number of FDs is reduced -with setrlimit, so assume it doesn't when cross compiling and we can't -run the test. bz#3398. ---- - configure.ac | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 17fb1e60..a165d087 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -3574,8 +3574,8 @@ AC_RUN_IFELSE( - select_works_with_rlimit=yes], - [AC_MSG_RESULT([no]) - select_works_with_rlimit=no], -- [AC_MSG_WARN([cross compiling: assuming yes]) -- select_works_with_rlimit=yes] -+ [AC_MSG_WARN([cross compiling: assuming no]) -+ select_works_with_rlimit=no] - ) - - AC_CHECK_MEMBERS([struct pollfd.fd], [], [], [[ --- -2.16.6 - diff --git a/openssh/src/0006-Resync-fmt_scaled.-with-OpenBSD.patch b/openssh/src/0006-Resync-fmt_scaled.-with-OpenBSD.patch deleted file mode 100644 index 3e9da7f..0000000 --- a/openssh/src/0006-Resync-fmt_scaled.-with-OpenBSD.patch +++ /dev/null @@ -1,91 +0,0 @@ -From 5880200867e440f8ab5fd893c93db86555990443 Mon Sep 17 00:00:00 2001 -From: Darren Tucker -Date: Fri, 11 Mar 2022 18:43:58 +1100 -Subject: [PATCH 6/7] Resync fmt_scaled. with OpenBSD. - -Fixes underflow reported in bz#3401. ---- - openbsd-compat/fmt_scaled.c | 32 +++++++++++++++++++------------- - 1 file changed, 19 insertions(+), 13 deletions(-) - -diff --git a/openbsd-compat/fmt_scaled.c b/openbsd-compat/fmt_scaled.c -index 2f76ef93..87d40d2d 100644 ---- a/openbsd-compat/fmt_scaled.c -+++ b/openbsd-compat/fmt_scaled.c -@@ -1,4 +1,4 @@ --/* $OpenBSD: fmt_scaled.c,v 1.17 2018/05/14 04:39:04 djm Exp $ */ -+/* $OpenBSD: fmt_scaled.c,v 1.21 2022/03/11 07:29:53 dtucker Exp $ */ - - /* - * Copyright (c) 2001, 2002, 2003 Ian F. Darwin. All rights reserved. -@@ -54,9 +54,9 @@ typedef enum { - } unit_type; - - /* These three arrays MUST be in sync! XXX make a struct */ --static unit_type units[] = { NONE, KILO, MEGA, GIGA, TERA, PETA, EXA }; --static char scale_chars[] = "BKMGTPE"; --static long long scale_factors[] = { -+static const unit_type units[] = { NONE, KILO, MEGA, GIGA, TERA, PETA, EXA }; -+static const char scale_chars[] = "BKMGTPE"; -+static const long long scale_factors[] = { - 1LL, - 1024LL, - 1024LL*1024, -@@ -153,10 +153,8 @@ scan_scaled(char *scaled, long long *result) - } - } - -- if (sign) { -+ if (sign) - whole *= sign; -- fpart *= sign; -- } - - /* If no scale factor given, we're done. fraction is discarded. */ - if (!*p) { -@@ -191,7 +189,8 @@ scan_scaled(char *scaled, long long *result) - /* truncate fpart so it doesn't overflow. - * then scale fractional part. - */ -- while (fpart >= LLONG_MAX / scale_fact) { -+ while (fpart >= LLONG_MAX / scale_fact || -+ fpart <= LLONG_MIN / scale_fact) { - fpart /= 10; - fract_digits--; - } -@@ -200,7 +199,10 @@ scan_scaled(char *scaled, long long *result) - for (i = 0; i < fract_digits -1; i++) - fpart /= 10; - } -- whole += fpart; -+ if (sign == -1) -+ whole -= fpart; -+ else -+ whole += fpart; - *result = whole; - return 0; - } -@@ -222,12 +224,16 @@ fmt_scaled(long long number, char *result) - unsigned int i; - unit_type unit = NONE; - -+ /* Not every negative long long has a positive representation. */ -+ if (number == LLONG_MIN) { -+ errno = ERANGE; -+ return -1; -+ } -+ - abval = llabs(number); - -- /* Not every negative long long has a positive representation. -- * Also check for numbers that are just too darned big to format -- */ -- if (abval < 0 || abval / 1024 >= scale_factors[SCALE_LENGTH-1]) { -+ /* Also check for numbers that are just too darned big to format. */ -+ if (abval / 1024 >= scale_factors[SCALE_LENGTH-1]) { - errno = ERANGE; - return -1; - } --- -2.16.6 - diff --git a/openssh/src/openssh-8.6-no-stdint_h.patch b/openssh/src/openssh-8.6-no-stdint_h.patch deleted file mode 100644 index 6da9960..0000000 --- a/openssh/src/openssh-8.6-no-stdint_h.patch +++ /dev/null @@ -1,84 +0,0 @@ -diff --git a/regress/unittests/authopt/tests.c b/regress/unittests/authopt/tests.c -index 8c51b380..1f0494f5 100644 ---- a/regress/unittests/authopt/tests.c -+++ b/regress/unittests/authopt/tests.c -@@ -11,7 +11,9 @@ - #include - #include - #include -+#ifdef HAVE_STDINT_H - #include -+#endif - #include - #include - -diff --git a/regress/unittests/misc/test_argv.c b/regress/unittests/misc/test_argv.c -index 7a28f64e..f0d7afe0 100644 ---- a/regress/unittests/misc/test_argv.c -+++ b/regress/unittests/misc/test_argv.c -@@ -10,7 +10,9 @@ - #include - #include - #include -+#ifdef HAVE_STDINT_H - #include -+#endif - #include - #include - -diff --git a/regress/unittests/misc/test_convtime.c b/regress/unittests/misc/test_convtime.c -index 5be3ee43..8f9be89f 100644 ---- a/regress/unittests/misc/test_convtime.c -+++ b/regress/unittests/misc/test_convtime.c -@@ -10,7 +10,9 @@ - #include - #include - #include -+#ifdef HAVE_STDINT_H - #include -+#endif - #include - #include - -diff --git a/regress/unittests/misc/test_expand.c b/regress/unittests/misc/test_expand.c -index c336fb0b..513c69bc 100644 ---- a/regress/unittests/misc/test_expand.c -+++ b/regress/unittests/misc/test_expand.c -@@ -10,7 +10,9 @@ - #include - #include - #include -+#ifdef HAVE_STDINT_H - #include -+#endif - #include - #include - -diff --git a/regress/unittests/misc/test_parse.c b/regress/unittests/misc/test_parse.c -index dd99068d..727ff3de 100644 ---- a/regress/unittests/misc/test_parse.c -+++ b/regress/unittests/misc/test_parse.c -@@ -10,7 +10,9 @@ - #include - #include - #include -+#ifdef HAVE_STDINT_H - #include -+#endif - #include - #include - -diff --git a/regress/unittests/misc/tests.c b/regress/unittests/misc/tests.c -index 75013f48..6bd8859b 100644 ---- a/regress/unittests/misc/tests.c -+++ b/regress/unittests/misc/tests.c -@@ -10,7 +10,9 @@ - #include - #include - #include -+#ifdef HAVE_STDINT_H - #include -+#endif - #include - #include -