openssh: update to V_8_9_P1-6-g58802008

openssh/build.sh

@@ -7,10 +7,16 @@
 # Check the following 4 variables before running the script
 topdir=openssh
 version=8.9p1
-pkgver=1
+pkgver=2
 source[0]=https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/$topdir-$version.tar.gz
 # If there are no patches, simply comment this
-#patch[0]=
+patch[0]=0001-upstream-free-3-wants-stdlib.h.patch
+patch[1]=0002-Improve-detection-of-fzero-call-used-regs-all-suppor.patch
+patch[2]=0003-Allow-ppoll_time64-in-seccomp-sandbox.patch
+patch[3]=0004-upstream-pack-pollfd-array-before-server_accept_loop.patch
+patch[4]=0005-Default-to-not-using-sandbox-when-cross-compiling.patch
+patch[5]=0006-Resync-fmt_scaled.-with-OpenBSD.patch
+patch[6]=0007-Fix-authopt-test-on-platforms-without-IPv6-support.patch
 
 # Source function library
 . ${BUILDPKG_SCRIPTS}/buildpkg.functions
@@ -27,6 +33,8 @@ reg prep
 prep()
 {
     generic_prep
+    setdir source
+    autoreconf
 }
 
 reg build

openssh/meta/ChangeLog

@@ -1,5 +1,8 @@
 CHANGELOG
 ---------
+* Fri Mar 11 2022 Tom G. Christensen <swpkg@jupiterrise.com> - 8.9p1-2
+- Update to V_8_9_P1-6-g58802008
+
 * Thu Feb 24 2022 Tom G. Christensen <swpkg@jupiterrise.com> - 8.9p1-1
 - Update to 8.9p1
 

openssh/src/0001-upstream-free-3-wants-stdlib.h.patch

@@ -0,0 +1,40 @@
+From 2ebf478107ecb3c554fceb26d01bca59c6d0ed1e Mon Sep 17 00:00:00 2001
+From: "djm@openbsd.org" <djm@openbsd.org>
+Date: Wed, 23 Feb 2022 21:21:49 +0000
+Subject: [PATCH 1/7] upstream: free(3) wants stdlib.h
+
+OpenBSD-Commit-ID: 227a8c70a95b4428c49e46863c9ef4bd318a3b8a
+---
+ auth-rhosts.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/auth-rhosts.c b/auth-rhosts.c
+index cac5cd84..4fc9252a 100644
+--- a/auth-rhosts.c
++++ b/auth-rhosts.c
+@@ -1,4 +1,4 @@
+-/* $OpenBSD: auth-rhosts.c,v 1.55 2022/02/23 11:15:57 djm Exp $ */
++/* $OpenBSD: auth-rhosts.c,v 1.56 2022/02/23 21:21:49 djm Exp $ */
+ /*
+  * Author: Tatu Ylonen <ylo@cs.hut.fi>
+  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
+@@ -19,6 +19,7 @@
+ #include <sys/types.h>
+ #include <sys/stat.h>
+ 
++#include <fcntl.h>
+ #ifdef HAVE_NETGROUP_H
+ # include <netgroup.h>
+ #endif
+@@ -26,7 +27,7 @@
+ #include <stdio.h>
+ #include <string.h>
+ #include <stdarg.h>
+-#include <fcntl.h>
++#include <stdlib.h>
+ #include <unistd.h>
+ 
+ #include "packet.h"
+-- 
+2.16.6
+

openssh/src/0002-Improve-detection-of-fzero-call-used-regs-all-suppor.patch

@@ -0,0 +1,35 @@
+From 6c4a67ece33d9551429490898bb3c793a689e913 Mon Sep 17 00:00:00 2001
+From: Colin Watson <cjwatson@debian.org>
+Date: Thu, 24 Feb 2022 16:04:18 +0000
+Subject: [PATCH 2/7] Improve detection of -fzero-call-used-regs=all support
+
+GCC doesn't tell us whether this option is supported unless it runs into
+the situation where it would need to emit corresponding code.
+---
+ m4/openssh.m4 | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/m4/openssh.m4 b/m4/openssh.m4
+index 4f9c3792..8c33c701 100644
+--- a/m4/openssh.m4
++++ b/m4/openssh.m4
+@@ -14,6 +14,8 @@ AC_DEFUN([OSSH_CHECK_CFLAG_COMPILE], [{
+ 	AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
+ #include <stdlib.h>
+ #include <stdio.h>
++/* Trivial function to help test for -fzero-call-used-regs */
++void f(int n) {}
+ int main(int argc, char **argv) {
+ 	(void)argv;
+ 	/* Some math to catch -ftrapv problems in the toolchain */
+@@ -21,6 +23,7 @@ int main(int argc, char **argv) {
+ 	float l = i * 2.1;
+ 	double m = l / 0.5;
+ 	long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
++	f(0);
+ 	printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
+ 	/*
+ 	 * Test fallthrough behaviour.  clang 10's -Wimplicit-fallthrough does
+-- 
+2.16.6
+

openssh/src/0003-Allow-ppoll_time64-in-seccomp-sandbox.patch

@@ -0,0 +1,29 @@
+From 995cf19fbef0b10dbcf1dd8d6382cec9194e08c5 Mon Sep 17 00:00:00 2001
+From: Darren Tucker <dtucker@dtucker.net>
+Date: Sat, 26 Feb 2022 14:06:14 +1100
+Subject: [PATCH 3/7] Allow ppoll_time64 in seccomp sandbox.
+
+Should fix sandbox violations on (some? at least i386 and armhf) 32bit
+Linux platforms.  Patch from chutzpahu at gentoo.org and cjwatson at
+debian.org via bz#3396.
+---
+ sandbox-seccomp-filter.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
+index 2e065ba3..4ce80cb2 100644
+--- a/sandbox-seccomp-filter.c
++++ b/sandbox-seccomp-filter.c
+@@ -276,6 +276,9 @@ static const struct sock_filter preauth_insns[] = {
+ #ifdef __NR_ppoll
+ 	SC_ALLOW(__NR_ppoll),
+ #endif
++#ifdef __NR_ppoll_time64
++	SC_ALLOW(__NR_ppoll_time64),
++#endif
+ #ifdef __NR_poll
+ 	SC_ALLOW(__NR_poll),
+ #endif
+-- 
+2.16.6
+

openssh/src/0004-upstream-pack-pollfd-array-before-server_accept_loop.patch

@@ -0,0 +1,98 @@
+From 238ac091dd57316bc9690d9cc42229fe21ce0def Mon Sep 17 00:00:00 2001
+From: "djm@openbsd.org" <djm@openbsd.org>
+Date: Tue, 1 Mar 2022 01:59:19 +0000
+Subject: [PATCH 4/7] upstream: pack pollfd array before server_accept_loop()
+ ppoll()
+
+call, and terminate sshd if ppoll() returns errno==EINVAL
+
+avoids spin in ppoll when MaxStartups > RLIMIT_NOFILE, reported by
+Daniel Micay
+
+feedback/ok deraadt
+
+OpenBSD-Commit-ID: dbab1c24993ac977ec24d83283b8b7528f7c2c15
+---
+ sshd.c | 29 +++++++++++++++++++----------
+ 1 file changed, 19 insertions(+), 10 deletions(-)
+
+diff --git a/sshd.c b/sshd.c
+index ef18ba46..30aeb806 100644
+--- a/sshd.c
++++ b/sshd.c
+@@ -1,4 +1,4 @@
+-/* $OpenBSD: sshd.c,v 1.583 2022/02/01 07:57:32 dtucker Exp $ */
++/* $OpenBSD: sshd.c,v 1.584 2022/03/01 01:59:19 djm Exp $ */
+ /*
+  * Author: Tatu Ylonen <ylo@cs.hut.fi>
+  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
+@@ -1129,9 +1129,9 @@ static void
+ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
+ {
+ 	struct pollfd *pfd = NULL;
+-	int i, j, ret;
++	int i, j, ret, npfd;
+ 	int ostartups = -1, startups = 0, listening = 0, lameduck = 0;
+-	int startup_p[2] = { -1 , -1 };
++	int startup_p[2] = { -1 , -1 }, *startup_pollfd;
+ 	char c = 0;
+ 	struct sockaddr_storage from;
+ 	socklen_t fromlen;
+@@ -1142,6 +1142,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
+ 	/* pipes connected to unauthenticated child sshd processes */
+ 	startup_pipes = xcalloc(options.max_startups, sizeof(int));
+ 	startup_flags = xcalloc(options.max_startups, sizeof(int));
++	startup_pollfd = xcalloc(options.max_startups, sizeof(int));
+ 	for (i = 0; i < options.max_startups; i++)
+ 		startup_pipes[i] = -1;
+ 
+@@ -1157,6 +1158,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
+ 	sigaddset(&nsigset, SIGTERM);
+ 	sigaddset(&nsigset, SIGQUIT);
+ 
++	/* sized for worst-case */
+ 	pfd = xcalloc(num_listen_socks + options.max_startups,
+ 	    sizeof(struct pollfd));
+ 
+@@ -1196,24 +1198,31 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
+ 			pfd[i].fd = listen_socks[i];
+ 			pfd[i].events = POLLIN;
+ 		}
++		npfd = num_listen_socks;
+ 		for (i = 0; i < options.max_startups; i++) {
+-			pfd[num_listen_socks+i].fd = startup_pipes[i];
+-			if (startup_pipes[i] != -1)
+-				pfd[num_listen_socks+i].events = POLLIN;
++			startup_pollfd[i] = -1;
++			if (startup_pipes[i] != -1) {
++				pfd[npfd].fd = startup_pipes[i];
++				pfd[npfd].events = POLLIN;
++				startup_pollfd[i] = npfd++;
++			}
+ 		}
+ 
+ 		/* Wait until a connection arrives or a child exits. */
+-		ret = ppoll(pfd, num_listen_socks + options.max_startups,
+-		    NULL, &osigset);
+-		if (ret == -1 && errno != EINTR)
++		ret = ppoll(pfd, npfd, NULL, &osigset);
++		if (ret == -1 && errno != EINTR) {
+ 			error("ppoll: %.100s", strerror(errno));
++			if (errno == EINVAL)
++				cleanup_exit(1); /* can't recover */
++		}
+ 		sigprocmask(SIG_SETMASK, &osigset, NULL);
+ 		if (ret == -1)
+ 			continue;
+ 
+ 		for (i = 0; i < options.max_startups; i++) {
+ 			if (startup_pipes[i] == -1 ||
+-			    !(pfd[num_listen_socks+i].revents & (POLLIN|POLLHUP)))
++			    startup_pollfd[i] == -1 ||
++			    !(pfd[startup_pollfd[i]].revents & (POLLIN|POLLHUP)))
+ 				continue;
+ 			switch (read(startup_pipes[i], &c, sizeof(c))) {
+ 			case -1:
+-- 
+2.16.6
+

openssh/src/0005-Default-to-not-using-sandbox-when-cross-compiling.patch

@@ -0,0 +1,30 @@
+From 244f64071150d8e78b114a32c0e5ca1a0d21d54c Mon Sep 17 00:00:00 2001
+From: Darren Tucker <dtucker@dtucker.net>
+Date: Tue, 8 Mar 2022 20:04:06 +1100
+Subject: [PATCH 5/7] Default to not using sandbox when cross compiling.
+
+On most systems poll(2) does not work when the number of FDs is reduced
+with setrlimit, so assume it doesn't when cross compiling and we can't
+run the test.  bz#3398.
+---
+ configure.ac | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 17fb1e60..a165d087 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -3574,8 +3574,8 @@ AC_RUN_IFELSE(
+ 	 select_works_with_rlimit=yes],
+ 	[AC_MSG_RESULT([no])
+ 	 select_works_with_rlimit=no],
+-	[AC_MSG_WARN([cross compiling: assuming yes])
+-	 select_works_with_rlimit=yes]
++	[AC_MSG_WARN([cross compiling: assuming no])
++	 select_works_with_rlimit=no]
+ )
+ 
+ AC_CHECK_MEMBERS([struct pollfd.fd], [], [], [[
+-- 
+2.16.6
+

openssh/src/0006-Resync-fmt_scaled.-with-OpenBSD.patch

@@ -0,0 +1,91 @@
+From 5880200867e440f8ab5fd893c93db86555990443 Mon Sep 17 00:00:00 2001
+From: Darren Tucker <dtucker@dtucker.net>
+Date: Fri, 11 Mar 2022 18:43:58 +1100
+Subject: [PATCH 6/7] Resync fmt_scaled. with OpenBSD.
+
+Fixes underflow reported in bz#3401.
+---
+ openbsd-compat/fmt_scaled.c | 32 +++++++++++++++++++-------------
+ 1 file changed, 19 insertions(+), 13 deletions(-)
+
+diff --git a/openbsd-compat/fmt_scaled.c b/openbsd-compat/fmt_scaled.c
+index 2f76ef93..87d40d2d 100644
+--- a/openbsd-compat/fmt_scaled.c
++++ b/openbsd-compat/fmt_scaled.c
+@@ -1,4 +1,4 @@
+-/*	$OpenBSD: fmt_scaled.c,v 1.17 2018/05/14 04:39:04 djm Exp $	*/
++/*	$OpenBSD: fmt_scaled.c,v 1.21 2022/03/11 07:29:53 dtucker Exp $	*/
+ 
+ /*
+  * Copyright (c) 2001, 2002, 2003 Ian F. Darwin.  All rights reserved.
+@@ -54,9 +54,9 @@ typedef enum {
+ } unit_type;
+ 
+ /* These three arrays MUST be in sync!  XXX make a struct */
+-static unit_type units[] = { NONE, KILO, MEGA, GIGA, TERA, PETA, EXA };
+-static char scale_chars[] = "BKMGTPE";
+-static long long scale_factors[] = {
++static const unit_type units[] = { NONE, KILO, MEGA, GIGA, TERA, PETA, EXA };
++static const char scale_chars[] = "BKMGTPE";
++static const long long scale_factors[] = {
+ 	1LL,
+ 	1024LL,
+ 	1024LL*1024,
+@@ -153,10 +153,8 @@ scan_scaled(char *scaled, long long *result)
+ 		}
+ 	}
+ 
+-	if (sign) {
++	if (sign)
+ 		whole *= sign;
+-		fpart *= sign;
+-	}
+ 
+ 	/* If no scale factor given, we're done. fraction is discarded. */
+ 	if (!*p) {
+@@ -191,7 +189,8 @@ scan_scaled(char *scaled, long long *result)
+ 			/* truncate fpart so it doesn't overflow.
+ 			 * then scale fractional part.
+ 			 */
+-			while (fpart >= LLONG_MAX / scale_fact) {
++			while (fpart >= LLONG_MAX / scale_fact ||
++			    fpart <= LLONG_MIN / scale_fact) {
+ 				fpart /= 10;
+ 				fract_digits--;
+ 			}
+@@ -200,7 +199,10 @@ scan_scaled(char *scaled, long long *result)
+ 				for (i = 0; i < fract_digits -1; i++)
+ 					fpart /= 10;
+ 			}
+-			whole += fpart;
++			if (sign == -1)
++				whole -= fpart;
++			else
++				whole += fpart;
+ 			*result = whole;
+ 			return 0;
+ 		}
+@@ -222,12 +224,16 @@ fmt_scaled(long long number, char *result)
+ 	unsigned int i;
+ 	unit_type unit = NONE;
+ 
++	/* Not every negative long long has a positive representation. */
++	if (number == LLONG_MIN) {
++		errno = ERANGE;
++		return -1;
++	}
++
+ 	abval = llabs(number);
+ 
+-	/* Not every negative long long has a positive representation.
+-	 * Also check for numbers that are just too darned big to format
+-	 */
+-	if (abval < 0 || abval / 1024 >= scale_factors[SCALE_LENGTH-1]) {
++	/* Also check for numbers that are just too darned big to format. */
++	if (abval / 1024 >= scale_factors[SCALE_LENGTH-1]) {
+ 		errno = ERANGE;
+ 		return -1;
+ 	}
+-- 
+2.16.6
+

openssh/src/0007-Fix-authopt-test-on-platforms-without-IPv6-support.patch

@@ -0,0 +1,91 @@
+From 3908845fd109cc532e793473aa60a20bfa2e450f Mon Sep 17 00:00:00 2001
+From: "Tom G. Christensen" <tgc@jupiterrise.com>
+Date: Fri, 11 Mar 2022 17:00:40 +0100
+Subject: [PATCH 7/7] Fix authopt test on platforms without IPv6 support
+
+---
+ regress/unittests/authopt/testdata/mktestdata.sh   |  1 +
+ .../authopt/testdata/sourceaddr_ipv4only.cert      |  1 +
+ regress/unittests/authopt/tests.c                  | 22 ++++++++++++++++------
+ 3 files changed, 18 insertions(+), 6 deletions(-)
+ create mode 100644 regress/unittests/authopt/testdata/sourceaddr_ipv4only.cert
+
+diff --git a/regress/unittests/authopt/testdata/mktestdata.sh b/regress/unittests/authopt/testdata/mktestdata.sh
+index 06a24e39..0510163c 100644
+--- a/regress/unittests/authopt/testdata/mktestdata.sh
++++ b/regress/unittests/authopt/testdata/mktestdata.sh
+@@ -36,6 +36,7 @@ sign only_x11fwd.cert -Oclear -Opermit-X11-forwarding
+ 
+ sign force_command.cert -Oforce-command="foo"
+ sign sourceaddr.cert -Osource-address="127.0.0.1/32,::1/128"
++sign sourceaddr_ipv4only.cert -Osource-address="127.0.0.1/32"
+ 
+ # ssh-keygen won't permit generation of certs with invalid source-address
+ # values, so we do it as a custom extension.
+diff --git a/regress/unittests/authopt/testdata/sourceaddr_ipv4only.cert b/regress/unittests/authopt/testdata/sourceaddr_ipv4only.cert
+new file mode 100644
+index 00000000..ca756ca5
+--- /dev/null
++++ b/regress/unittests/authopt/testdata/sourceaddr_ipv4only.cert
+@@ -0,0 +1 @@
++ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIOjl/9se9GhdE8SARP9lHV9IVWeokGjUS1JVk+95JyztAAAAILsTBtFFO81VAwEYCCi+LGl5aa5b7UIrFIKD637xgvN9AAAAAAAAAAEAAAABAAAABHVzZXIAAAAIAAAABHVzZXIAAAAANowB8AAAAAA4a+PwAAAAJgAAAA5zb3VyY2UtYWRkcmVzcwAAABAAAAAMMTI3LjAuMC4xLzMyAAAAggAAABVwZXJtaXQtWDExLWZvcndhcmRpbmcAAAAAAAAAF3Blcm1pdC1hZ2VudC1mb3J3YXJkaW5nAAAAAAAAABZwZXJtaXQtcG9ydC1mb3J3YXJkaW5nAAAAAAAAAApwZXJtaXQtcHR5AAAAAAAAAA5wZXJtaXQtdXNlci1yYwAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACCzFxz+o7QkolOrc+Crw/t3wYPP82mX3vEYDRP+21UyCQAAAFMAAAALc3NoLWVkMjU1MTkAAABAlroivhFKt2b6GIX3IFjBOOD5kn6URV7HNbk4JRwZheujUIe0T7x/v3mN53dug0hbtl0M4jAxYhG+7Kq8RnMsDA== user key
+diff --git a/regress/unittests/authopt/tests.c b/regress/unittests/authopt/tests.c
+index d9e19030..25ba5f2d 100644
+--- a/regress/unittests/authopt/tests.c
++++ b/regress/unittests/authopt/tests.c
+@@ -24,6 +24,16 @@
+ #include "misc.h"
+ #include "log.h"
+ 
++#ifndef HAVE_STRUCT_IN6_ADDR
++# define SOURCEADDR_CERT_FILE "sourceaddr_ipv4only.cert"
++# define SOURCEADDR_CERT_NAME "sourceaddr_ipv4only"
++# define HOST_CERT_LOCALHOST "127.0.0.1/32"
++#else
++# define SOURCEADDR_CERT_FILE "sourceaddr.cert"
++# define SOURCEADDR_CERT_NAME "sourceaddr"
++# define HOST_CERT_LOCALHOST "127.0.0.1/32,::1/128"
++#endif
++
+ static struct sshkey *
+ load_key(const char *name)
+ {
+@@ -349,9 +359,9 @@ test_cert_parse(void)
+ 	TEST_DONE();
+ 
+ 	TEST_START("sshauthopt_from_cert source-address");
+-	cert = load_key("sourceaddr.cert");
++	cert = load_key(SOURCEADDR_CERT_FILE);
+ 	expected = default_authkey_opts();
+-	expected->required_from_host_cert = strdup("127.0.0.1/32,::1/128");
++	expected->required_from_host_cert = strdup(HOST_CERT_LOCALHOST);
+ 	ASSERT_PTR_NE(expected->required_from_host_cert, NULL);
+ 	opts = sshauthopt_from_cert(cert);
+ 	CHECK_SUCCESS_AND_CLEANUP();
+@@ -481,9 +491,9 @@ test_merge(void)
+ 	FLAG_TEST("x11fwd", "x11-forwarding", permit_x11_forwarding_flag);
+ #undef FLAG_TEST
+ 
+-	PREPARE("source-address both", "sourceaddr", "from=\"127.0.0.1\"");
++	PREPARE("source-address both", SOURCEADDR_CERT_NAME, "from=\"127.0.0.1\"");
+ 	expected = default_authkey_opts();
+-	expected->required_from_host_cert = strdup("127.0.0.1/32,::1/128");
++	expected->required_from_host_cert = strdup(HOST_CERT_LOCALHOST);
+ 	ASSERT_PTR_NE(expected->required_from_host_cert, NULL);
+ 	expected->required_from_host_keys = strdup("127.0.0.1");
+ 	ASSERT_PTR_NE(expected->required_from_host_keys, NULL);
+@@ -502,9 +512,9 @@ test_merge(void)
+ 	CHECK_SUCCESS_AND_CLEANUP();
+ 	TEST_DONE();
+ 
+-	PREPARE("source-address cert", "sourceaddr", "");
++	PREPARE("source-address cert", SOURCEADDR_CERT_NAME, "");
+ 	expected = default_authkey_opts();
+-	expected->required_from_host_cert = strdup("127.0.0.1/32,::1/128");
++	expected->required_from_host_cert = strdup(HOST_CERT_LOCALHOST);
+ 	ASSERT_PTR_NE(expected->required_from_host_cert, NULL);
+ 	CHECK_SUCCESS_AND_CLEANUP();
+ 	TEST_DONE();
+-- 
+2.16.6
+