openssh: rebuild with big-endian fixes

2024-10-30 17:14:28 +01:00 · 2024-10-30 17:14:28 +01:00 · e6c03913fb
commit e6c03913fb
parent 91eb6389d5
5 changed files with 258 additions and 9 deletions
--- a/openssh/build.sh
+++ b/openssh/build.sh
@ -7,13 +7,15 @@
 # Check the following 4 variables before running the script
 topdir=openssh
 version=9.9p1
-pkgver=1
+pkgver=2
 source[0]=https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/$topdir-$version.tar.gz
 # If there are no patches, simply comment this
 patch[0]=0007-Fix-authopt-test-on-platforms-without-IPv6-support.patch
 patch[1]=openssh-9.9-fixes.patch
 patch[2]=0001-regress-login-timeout.sh-increase-timeouts.patch
 patch[3]=0001-Revert-simplify-sshkey_prekey_alloc-always-use-mmap.patch
 patch[4]=0001-fix-uint64_t-types-reported-by-Tom-G.-Christensen.patch
 patch[5]=old-autoconf.patch
 # Source function library
 . ${BUILDPKG_SCRIPTS}/buildpkg.functions
@ -30,6 +32,8 @@ reg prep
 prep()
 {
    generic_prep
    setdir source
    autoreconf
 }
 reg build
--- a/openssh/meta/ChangeLog
+++ b/openssh/meta/ChangeLog
@ -1,5 +1,8 @@
 CHANGELOG
 --------
 * Tue Oct 29 2024 Tom G. Christensen <swpkg@jupiterrise.com> - 9.9p1-2
 - Add big-endian fixes from 9.9 branch
 * Sun Sep 22 2024 Tom G. Christensen <swpkg@jupiterrise.com> - 9.9p1-1
 - Update to 9.9p1
--- a/openssh/src/0001-fix-uint64_t-types-reported-by-Tom-G.-Christensen.patch
+++ b/openssh/src/0001-fix-uint64_t-types-reported-by-Tom-G.-Christensen.patch
@ -0,0 +1,39 @@
 From 88b35cbdc1500efece65cd6a9a20a72cf7e46eaa Mon Sep 17 00:00:00 2001
 From: Damien Miller <djm@mindrot.org>
 Date: Wed, 30 Oct 2024 14:25:14 +1100
 Subject: [PATCH] fix uint64_t types; reported by Tom G. Christensen
 ---
 defines.h | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)
 diff --git a/defines.h b/defines.h
 index b02f2942a..c1c21aba6 100644
 --- a/defines.h
 +++ b/defines.h
@@ -653,14 +653,14 @@ struct winsize {
 	((uint32_t)(v) & 0xff0000) >> 8 |			\
 	((uint32_t)(v) & 0xff000000) >> 24)
 # define openssh_swap64(v)					\
 -	(__uint64_t)((((__uint64_t)(v) & 0xff) << 56) |		\
 -	((__uint64_t)(v) & 0xff00ULL) << 40 |			\
 -	((__uint64_t)(v) & 0xff0000ULL) << 24 |			\
 -	((__uint64_t)(v) & 0xff000000ULL) << 8 |		\
 -	((__uint64_t)(v) & 0xff00000000ULL) >> 8 |		\
 -	((__uint64_t)(v) & 0xff0000000000ULL) >> 24 |		\
 -	((__uint64_t)(v) & 0xff000000000000ULL) >> 40 |		\
 -	((__uint64_t)(v) & 0xff00000000000000ULL) >> 56)
 +	(uint64_t)((((uint64_t)(v) & 0xff) << 56) |		\
 +	((uint64_t)(v) & 0xff00ULL) << 40 |			\
 +	((uint64_t)(v) & 0xff0000ULL) << 24 |			\
 +	((uint64_t)(v) & 0xff000000ULL) << 8 |		\
 +	((uint64_t)(v) & 0xff00000000ULL) >> 8 |		\
 +	((uint64_t)(v) & 0xff0000000000ULL) >> 24 |		\
 +	((uint64_t)(v) & 0xff000000000000ULL) >> 40 |		\
 +	((uint64_t)(v) & 0xff00000000000000ULL) >> 56)
 # ifdef WORDS_BIGENDIAN
 #  define le32toh(v) (openssh_swap32(v))
 #  define le64toh(v) (openssh_swap64(v))
 -- 
 2.36.6
--- a/openssh/src/old-autoconf.patch
+++ b/openssh/src/old-autoconf.patch
@ -0,0 +1,10 @@
 --- openssh-9.9p1/configure.ac.oldauto	2024-10-29 20:46:15.947704000 +0000
 +++ openssh-9.9p1/configure.ac	2024-10-30 13:44:37.092847000 +0000
@@ -28,6 +28,7 @@
 AC_CONFIG_HEADERS([config.h])
 AC_PROG_CC([cc gcc clang])
 +m4_version_prereq([2.70], [:], [AC_PROG_CC_C99])
 # XXX relax this after reimplementing logit() etc.
 AC_MSG_CHECKING([if $CC supports C99-style variadic macros])
--- a/openssh/src/openssh-9.9-fixes.patch
+++ b/openssh/src/openssh-9.9-fixes.patch
@ -1,7 +1,7 @@
 From 8513f4d30ae85d17b3b08da6bc3be76f8c73123c Mon Sep 17 00:00:00 2001
 From: Darren Tucker <dtucker@dtucker.net>
 Date: Mon, 23 Sep 2024 20:52:31 +1000
-Subject: [PATCH 1/7] Add 9.9 branch to CI status console.
+Subject: [PATCH 01/10] Add 9.9 branch to CI status console.
 ---
 .github/ci-status.md | 4 ++++
@ -29,7 +29,7 @@ index 4fa73894c..68275715d 100644
 From 7cf4dc414de689c467e58e49fb83f6609c3ed36b Mon Sep 17 00:00:00 2001
 From: Darren Tucker <dtucker@dtucker.net>
 Date: Mon, 23 Sep 2024 20:54:26 +1000
-Subject: [PATCH 2/7] Remove non-9.9 branch statuses.
+Subject: [PATCH 02/10] Remove non-9.9 branch statuses.
 ---
 .github/ci-status.md | 8 --------
@ -58,7 +58,7 @@ index 68275715d..17fa97bdc 100644
 From c7fda601186ff28128cfe3eab9c9c0622de096e1 Mon Sep 17 00:00:00 2001
 From: Christoph Ostarek <christoph@zededa.com>
 Date: Wed, 3 Jul 2024 12:46:59 +0200
-Subject: [PATCH 3/7] fix utmpx ifdef
+Subject: [PATCH 03/10] fix utmpx ifdef
 02e16ad95fb1f56ab004b01a10aab89f7103c55d did a copy-paste for
 utmpx, but forgot to change the ifdef appropriately
@ -95,7 +95,7 @@ index 7460bb2c0..45f13dee8 100644
 From 2c12ae8cf9b0b7549ae097c4123abeda0ee63e5b Mon Sep 17 00:00:00 2001
 From: Damien Miller <djm@mindrot.org>
 Date: Wed, 25 Sep 2024 11:13:05 +1000
-Subject: [PATCH 4/7] build construct_utmp() when USE_BTMP is set
+Subject: [PATCH 04/10] build construct_utmp() when USE_BTMP is set
 Fixes compile error on Void Linux/Musl
 ---
@ -131,7 +131,7 @@ index 45f13dee8..7b1818b86 100644
 From ff2cd1dd5711ff88efdf26662d6189d980439a1f Mon Sep 17 00:00:00 2001
 From: Damien Miller <djm@mindrot.org>
 Date: Wed, 25 Sep 2024 11:15:45 +1000
-Subject: [PATCH 5/7] gss-serv.c needs sys/param.h
+Subject: [PATCH 05/10] gss-serv.c needs sys/param.h
 From Void Linux
 ---
@ -157,7 +157,7 @@ index 00e3d118b..025a118f8 100644
 From 66878e12a207fa9746dee3e2bdcca29b704cf035 Mon Sep 17 00:00:00 2001
 From: "djm@openbsd.org" <djm@openbsd.org>
 Date: Wed, 25 Sep 2024 01:24:04 +0000
-Subject: [PATCH 6/7] upstream: fix regression introduced when I switched the
+Subject: [PATCH 06/10] upstream: fix regression introduced when I switched the
 "Match"
 criteria tokeniser to a more shell-like one. Apparently the old tokeniser
@ -450,8 +450,8 @@ index 89b8413e8..dd774f468 100644
 From 19bcb2d90c6caf14abf386b644fb24eb7afab889 Mon Sep 17 00:00:00 2001
 From: "djm@openbsd.org" <djm@openbsd.org>
 Date: Thu, 26 Sep 2024 23:55:08 +0000
-Subject: [PATCH 7/7] upstream: fix previous change to ssh_config Match, which
+Subject: [PATCH 07/10] upstream: fix previous change to ssh_config Match,
- broken on
+ which broken on
 negated Matches; spotted by phessler@ ok deraadt@
@ -513,3 +513,196 @@ index de42fb6ff..9f5592698 100644
 -- 
 2.36.6
 From 11f348196b3fb51c3d8d1f4f36db9d73f03149ed Mon Sep 17 00:00:00 2001
 From: "djm@openbsd.org" <djm@openbsd.org>
 Date: Sun, 27 Oct 2024 02:06:01 +0000
 Subject: [PATCH 08/10] upstream: fix ML-KEM768x25519 KEX on big-endian
 systems; spotted by
 jsg@ feedback/ok deraadt@
 OpenBSD-Commit-ID: 26d81a430811672bc762687166986cad40d28cc0
 ---
 libcrux_mlkem768_sha3.h |  8 +++++---
 mlkem768.sh             | 17 ++++++++++++-----
 2 files changed, 17 insertions(+), 8 deletions(-)
 diff --git a/libcrux_mlkem768_sha3.h b/libcrux_mlkem768_sha3.h
 index a82d60e83..b8ac1436f 100644
 --- a/libcrux_mlkem768_sha3.h
 +++ b/libcrux_mlkem768_sha3.h
@@ -1,4 +1,5 @@
 -/*  $OpenBSD: libcrux_mlkem768_sha3.h,v 1.1 2024/09/02 12:13:56 djm Exp $ */
 +/*  $OpenBSD: libcrux_mlkem768_sha3.h,v 1.2 2024/10/27 02:06:01 djm Exp $ */
 +
 /* Extracted from libcrux revision 84c5d87b3092c59294345aa269ceefe0eb97cc35 */
 /*
@@ -160,18 +161,19 @@ static inline void Eurydice_slice_to_array3(uint8_t *dst_tag, char *dst_ok,
 // CORE STUFF (conversions, endianness, ...)
 static inline void core_num__u64_9__to_le_bytes(uint64_t v, uint8_t buf[8]) {
 +  v = htole64(v);
   memcpy(buf, &v, sizeof(v));
 }
 static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t buf[8]) {
   uint64_t v;
   memcpy(&v, buf, sizeof(v));
 -  return v;
 +  return le64toh(v);
 }
 static inline uint32_t core_num__u32_8__from_le_bytes(uint8_t buf[4]) {
   uint32_t v;
   memcpy(&v, buf, sizeof(v));
 -  return v;
 +  return le32toh(v);
 }
 static inline uint32_t core_num__u8_6__count_ones(uint8_t x0) {
 diff --git a/mlkem768.sh b/mlkem768.sh
 index 2fdc28312..3d12b2ed8 100644
 --- a/mlkem768.sh
 +++ b/mlkem768.sh
@@ -1,9 +1,10 @@
 #!/bin/sh
 -#       $OpenBSD: mlkem768.sh,v 1.2 2024/09/04 05:11:33 djm Exp $
 +#       $OpenBSD: mlkem768.sh,v 1.3 2024/10/27 02:06:01 djm Exp $
 #       Placed in the Public Domain.
 #
 -WANT_LIBCRUX_REVISION="origin/main"
 +#WANT_LIBCRUX_REVISION="origin/main"
 +WANT_LIBCRUX_REVISION="84c5d87b3092c59294345aa269ceefe0eb97cc35"
 FILES="
 	libcrux/libcrux-ml-kem/cg/eurydice_glue.h
@@ -47,6 +48,7 @@ echo '#define KRML_NOINLINE __attribute__((noinline, unused))'
 echo '#define KRML_HOST_EPRINTF(...)'
 echo '#define KRML_HOST_EXIT(x) fatal_f("internal error")'
 echo
 +
 for i in $FILES; do
 	echo "/* from $i */"
 	# Changes to all files:
@@ -56,11 +58,16 @@ for i in $FILES; do
 	    -e 's/[	 ]*$//' \
 	    $i | \
 	case "$i" in
 -	# XXX per-file handling goes here.
 +	*/libcrux-ml-kem/cg/eurydice_glue.h)
 +		# Replace endian functions with versions that work.
 +		perl -0777 -pe 's/(static inline void core_num__u64_9__to_le_bytes.*\n)([^}]*\n)/\1  v = htole64(v);\n\2/' |
 +		perl -0777 -pe 's/(static inline uint64_t core_num__u64_9__from_le_bytes.*?)return v;/\1return le64toh(v);/s' |
 +		perl -0777 -pe 's/(static inline uint32_t core_num__u32_8__from_le_bytes.*?)return v;/\1return le32toh(v);/s'
 +		;;
 	# Default: pass through.
 	*)
 -	    cat
 -	    ;;
 +		cat
 +		;;
 	esac
 	echo
 done
 -- 
 2.36.6
 From fe8d28a7ebbaa35cfc04a21263627f05c237e460 Mon Sep 17 00:00:00 2001
 From: "djm@openbsd.org" <djm@openbsd.org>
 Date: Sun, 27 Oct 2024 02:06:59 +0000
 Subject: [PATCH 09/10] upstream: explicitly include endian.h
 OpenBSD-Commit-ID: 13511fdef7535bdbc35b644c90090013da43a318
 ---
 kexmlkem768x25519.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)
 diff --git a/kexmlkem768x25519.c b/kexmlkem768x25519.c
 index 679446e97..2b5d39608 100644
 --- a/kexmlkem768x25519.c
 +++ b/kexmlkem768x25519.c
@@ -1,4 +1,4 @@
 -/* $OpenBSD: kexmlkem768x25519.c,v 1.1 2024/09/02 12:13:56 djm Exp $ */
 +/* $OpenBSD: kexmlkem768x25519.c,v 1.2 2024/10/27 02:06:59 djm Exp $ */
 /*
  * Copyright (c) 2023 Markus Friedl.  All rights reserved.
  *
@@ -34,6 +34,9 @@
 #include <stdbool.h>
 #include <string.h>
 #include <signal.h>
 +#ifdef HAVE_ENDIAN_H
 +# include <endian.h>
 +#endif
 #include "sshkey.h"
 #include "kex.h"
 -- 
 2.36.6
 From 33c5f384ae03a5d1a0bd46ca0fac3c62e4eaf784 Mon Sep 17 00:00:00 2001
 From: Damien Miller <djm@mindrot.org>
 Date: Sun, 27 Oct 2024 13:28:11 +1100
 Subject: [PATCH 10/10] htole64() etc for systems without endian.h
 ---
 configure.ac |  1 -
 defines.h    | 26 ++++++++++++++++++++++++++
 2 files changed, 26 insertions(+), 1 deletion(-)
 diff --git a/configure.ac b/configure.ac
 index 591d5a388..9053a9a2b 100644
 --- a/configure.ac
 +++ b/configure.ac
@@ -2013,7 +2013,6 @@ AC_CHECK_FUNCS([ \
 	strtoll \
 	strtoul \
 	strtoull \
 -	swap32 \
 	sysconf \
 	tcgetpgrp \
 	timegm \
 diff --git a/defines.h b/defines.h
 index ed860e78b..b02f2942a 100644
 --- a/defines.h
 +++ b/defines.h
@@ -646,6 +646,32 @@ struct winsize {
 # endif /* WORDS_BIGENDIAN */
 #endif /* BYTE_ORDER */
 +#ifndef HAVE_ENDIAN_H
 +# define openssh_swap32(v)					\
 +	(uint32_t)(((uint32_t)(v) & 0xff) << 24 |		\
 +	((uint32_t)(v) & 0xff00) << 8 |				\
 +	((uint32_t)(v) & 0xff0000) >> 8 |			\
 +	((uint32_t)(v) & 0xff000000) >> 24)
 +# define openssh_swap64(v)					\
 +	(__uint64_t)((((__uint64_t)(v) & 0xff) << 56) |		\
 +	((__uint64_t)(v) & 0xff00ULL) << 40 |			\
 +	((__uint64_t)(v) & 0xff0000ULL) << 24 |			\
 +	((__uint64_t)(v) & 0xff000000ULL) << 8 |		\
 +	((__uint64_t)(v) & 0xff00000000ULL) >> 8 |		\
 +	((__uint64_t)(v) & 0xff0000000000ULL) >> 24 |		\
 +	((__uint64_t)(v) & 0xff000000000000ULL) >> 40 |		\
 +	((__uint64_t)(v) & 0xff00000000000000ULL) >> 56)
 +# ifdef WORDS_BIGENDIAN
 +#  define le32toh(v) (openssh_swap32(v))
 +#  define le64toh(v) (openssh_swap64(v))
 +#  define htole64(v) (openssh_swap64(v))
 +# else
 +#  define le32toh(v) ((uint32_t)v)
 +#  define le64toh(v) ((uint64_t)v)
 +#  define htole64(v) ((uint64_t)v)
 +# endif
 +#endif
 +
 /* Function replacement / compatibility hacks */
 #if !defined(HAVE_GETADDRINFO) && (defined(HAVE_OGETADDRINFO) || defined(HAVE_NGETADDRINFO))
 -- 
 2.36.6