- Update to 8.4p1 (skipped 8.3)
- https://www.openssh.com/txt/release-8.3 - https://www.openssh.com/txt/release-8.4 PR: 239807, 250319 Sponsored by: Dell EMC
This commit is contained in:
parent
4c20854241
commit
b773b7cade
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=555512
4 changed files with 52 additions and 52 deletions
|
@ -2,8 +2,8 @@
|
|||
# $FreeBSD$
|
||||
|
||||
PORTNAME= openssh
|
||||
DISTVERSION= 8.2p1
|
||||
PORTREVISION= 2
|
||||
DISTVERSION= 8.4p1
|
||||
PORTREVISION= 0
|
||||
PORTEPOCH= 1
|
||||
CATEGORIES= security
|
||||
MASTER_SITES= OPENBSD/OpenSSH/portable
|
||||
|
@ -99,12 +99,12 @@ EXTRA_PATCHES+= ${FILESDIR}/extra-patch-hpn-gss-glue
|
|||
. endif
|
||||
# - See https://sources.debian.org/data/main/o/openssh/ for which subdir to
|
||||
# pull from.
|
||||
GSSAPI_DEBIAN_SUBDIR= ${DISTVERSION}-4
|
||||
GSSAPI_DEBIAN_SUBDIR= ${DISTVERSION}-2
|
||||
# - Debian does not use a versioned filename so we trick fetch to make one for
|
||||
# us with the ?<anything>=/ trick.
|
||||
PATCH_SITES+= https://sources.debian.org/data/main/o/openssh/1:${GSSAPI_DEBIAN_SUBDIR}/debian/patches/gssapi.patch?dummy=/:gsskex
|
||||
# Bump this when updating the patch location
|
||||
GSSAPI_UPDATE_DATE= 20190719
|
||||
GSSAPI_UPDATE_DATE= 20200607
|
||||
PATCHFILES+= openssh-${DISTVERSION}-gsskex-all-20141021-debian-rh-${GSSAPI_UPDATE_DATE}.patch:-p1:gsskex
|
||||
.endif
|
||||
|
||||
|
@ -206,10 +206,11 @@ post-install:
|
|||
|
||||
test: build
|
||||
cd ${WRKSRC} && ${SETENV} -i \
|
||||
OBJ=${WRKDIR} ${MAKE_ENV} \
|
||||
OBJ=${WRKDIR} ${MAKE_ENV:NHOME=*} \
|
||||
TEST_SHELL=${SH} \
|
||||
SUDO="${SUDO}" \
|
||||
LOGNAME="${LOGNAME}" \
|
||||
HOME="${HOME}" \
|
||||
TEST_SSH_TRACE=yes \
|
||||
PATH=${WRKSRC}:${PREFIX}/bin:${PREFIX}/sbin:${PATH} \
|
||||
${MAKE_CMD} ${MAKE_FLAGS} ${MAKEFILE} ${MAKE_ARGS} tests
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
TIMESTAMP = 1584982081
|
||||
SHA256 (openssh-8.2p1.tar.gz) = 43925151e6cf6cee1450190c0e9af4dc36b41c12737619edff8bcebdff64e671
|
||||
SIZE (openssh-8.2p1.tar.gz) = 1701197
|
||||
SHA256 (openssh-8.2p1-gsskex-all-20141021-debian-rh-20190719.patch) = b035f62000190a2c77257db76b3751acf0e018dc20d55e07a8c3c9702de04989
|
||||
SIZE (openssh-8.2p1-gsskex-all-20141021-debian-rh-20190719.patch) = 125954
|
||||
TIMESTAMP = 1605552780
|
||||
SHA256 (openssh-8.4p1.tar.gz) = 5a01d22e407eb1c05ba8a8f7c654d388a13e9f226e4ed33bd38748dafa1d2b24
|
||||
SIZE (openssh-8.4p1.tar.gz) = 1742201
|
||||
SHA256 (openssh-8.4p1-gsskex-all-20141021-debian-rh-20200607.patch) = 15139c42894dd0ebd182608ecd7151a9eef6158aed30c676e7685e8407c6d1cb
|
||||
SIZE (openssh-8.4p1-gsskex-all-20141021-debian-rh-20200607.patch) = 126748
|
||||
|
|
|
@ -685,12 +685,12 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o
|
|||
int64_t rekey_limit;
|
||||
int rekey_interval;
|
||||
int no_host_authentication_for_localhost;
|
||||
--- work/openssh/scp.c.orig 2019-12-20 18:52:08.907088000 -0800
|
||||
+++ work/openssh-8.1p1/scp.c 2019-12-20 18:51:55.186005000 -0800
|
||||
@@ -1239,7 +1239,7 @@ sink(int argc, char **argv, const char *src)
|
||||
--- work/openssh/scp.c.orig 2020-09-27 00:25:01.000000000 -0700
|
||||
+++ work/openssh/scp.c 2020-11-10 10:31:03.060729000 -0800
|
||||
@@ -1246,7 +1246,7 @@ sink(int argc, char **argv, const char *src)
|
||||
off_t size, statbytes;
|
||||
unsigned long long ull;
|
||||
int setimes, targisdir, wrerrno = 0;
|
||||
int setimes, targisdir, wrerr;
|
||||
- char ch, *cp, *np, *targ, *why, *vect[1], buf[2048], visbuf[2048];
|
||||
+ char ch, *cp, *np, *targ, *why, *vect[1], buf[COPY_BUFLEN], visbuf[COPY_BUFLEN];
|
||||
char **patterns = NULL;
|
||||
|
@ -1079,9 +1079,9 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o
|
|||
#define SSHBUF_REFS_MAX 0x100000 /* Max child buffers */
|
||||
#define SSHBUF_MAX_BIGNUM (16384 / 8) /* Max bignum *bytes* */
|
||||
#define SSHBUF_MAX_ECPOINT ((528 * 2 / 8) + 1) /* Max EC point *bytes* */
|
||||
--- work/openssh/sshconnect.c.orig 2018-10-16 17:01:20.000000000 -0700
|
||||
+++ work/openssh/sshconnect.c 2018-11-12 09:04:24.340706000 -0800
|
||||
@@ -355,7 +355,32 @@ check_ifaddrs(const char *ifname, int af, const struct
|
||||
--- work/openssh/sshconnect.c.orig 2020-09-27 00:25:01.000000000 -0700
|
||||
+++ work/openssh/sshconnect.c 2020-11-10 21:35:40.945330000 -0800
|
||||
@@ -361,7 +361,32 @@ check_ifaddrs(const char *ifname, int af, const struct
|
||||
}
|
||||
#endif
|
||||
|
||||
|
@ -1114,7 +1114,7 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o
|
|||
* Creates a socket for use as the ssh connection.
|
||||
*/
|
||||
static int
|
||||
@@ -377,6 +402,11 @@ ssh_create_socket(struct addrinfo *ai)
|
||||
@@ -383,6 +408,11 @@ ssh_create_socket(struct addrinfo *ai)
|
||||
}
|
||||
fcntl(sock, F_SETFD, FD_CLOEXEC);
|
||||
|
||||
|
@ -1126,14 +1126,14 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o
|
|||
/* Bind the socket to an alternative local IP address */
|
||||
if (options.bind_address == NULL && options.bind_interface == NULL)
|
||||
return sock;
|
||||
@@ -1280,7 +1310,8 @@ ssh_login(struct ssh *ssh, Sensitive *sensitive, const
|
||||
@@ -1289,7 +1319,8 @@ ssh_login(struct ssh *ssh, Sensitive *sensitive, const
|
||||
lowercase(host);
|
||||
|
||||
/* Exchange protocol version identification strings with the server. */
|
||||
- if (kex_exchange_identification(ssh, timeout_ms, NULL) != 0)
|
||||
+ if (kex_exchange_identification(ssh, timeout_ms, NULL,
|
||||
+ options.hpn_disabled) != 0)
|
||||
cleanup_exit(255); /* error already logged */
|
||||
- if ((r = kex_exchange_identification(ssh, timeout_ms, NULL)) != 0)
|
||||
+ if ((r = kex_exchange_identification(ssh, timeout_ms, NULL,
|
||||
+ options.hpn_disabled)) != 0)
|
||||
sshpkt_fatal(ssh, r, "banner exchange");
|
||||
|
||||
/* Put the connection into non-blocking mode. */
|
||||
--- sshconnect2.c.orig 2020-02-13 16:40:54.000000000 -0800
|
||||
|
@ -1204,9 +1204,9 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o
|
|||
debug("Authentication succeeded (%s).", authctxt.method->name);
|
||||
}
|
||||
|
||||
--- work/openssh-7.7p1/sshd.c.orig 2018-04-01 22:38:28.000000000 -0700
|
||||
+++ work/openssh-7.7p1/sshd.c 2018-06-27 17:13:03.176633000 -0700
|
||||
@@ -957,6 +957,10 @@ listen_on_addrs(struct listenaddr *la)
|
||||
--- work/openssh/sshd.c.orig 2020-11-10 21:36:31.340159000 -0800
|
||||
+++ work/openssh/sshd.c 2020-11-10 21:37:10.097038000 -0800
|
||||
@@ -1065,6 +1065,10 @@ listen_on_addrs(struct listenaddr *la)
|
||||
int ret, listen_sock;
|
||||
struct addrinfo *ai;
|
||||
char ntop[NI_MAXHOST], strport[NI_MAXSERV];
|
||||
|
@ -1217,7 +1217,7 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o
|
|||
|
||||
for (ai = la->addrs; ai; ai = ai->ai_next) {
|
||||
if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
|
||||
@@ -1002,6 +1006,13 @@ listen_on_addrs(struct listenaddr *la)
|
||||
@@ -1110,6 +1114,13 @@ listen_on_addrs(struct listenaddr *la)
|
||||
|
||||
debug("Bind to port %s on %s.", strport, ntop);
|
||||
|
||||
|
@ -1229,9 +1229,9 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o
|
|||
+#endif
|
||||
+
|
||||
/* Bind the socket to the desired port. */
|
||||
if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) {
|
||||
if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) == -1) {
|
||||
error("Bind to port %s on %s failed: %.200s.",
|
||||
@@ -1645,6 +1656,15 @@ main(int ac, char **av)
|
||||
@@ -1753,6 +1764,15 @@ main(int ac, char **av)
|
||||
/* Fill in default values for those options not explicitly set. */
|
||||
fill_default_server_options(&options);
|
||||
|
||||
|
@ -1247,7 +1247,7 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o
|
|||
/* challenge-response is implemented via keyboard interactive */
|
||||
if (options.challenge_response_authentication)
|
||||
options.kbd_interactive_authentication = 1;
|
||||
@@ -2090,6 +2110,11 @@ main(int ac, char **av)
|
||||
@@ -2220,6 +2240,11 @@ main(int ac, char **av)
|
||||
rdomain == NULL ? "" : "\"");
|
||||
free(laddr);
|
||||
|
||||
|
@ -1259,17 +1259,16 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o
|
|||
/*
|
||||
* We don't want to listen forever unless the other side
|
||||
* successfully authenticates itself. So we set up an alarm which is
|
||||
@@ -2102,7 +2127,8 @@ main(int ac, char **av)
|
||||
if (!debug_flag)
|
||||
@@ -2233,7 +2258,7 @@ main(int ac, char **av)
|
||||
alarm(options.login_grace_time);
|
||||
|
||||
- if (kex_exchange_identification(ssh, -1, options.version_addendum) != 0)
|
||||
+ if (kex_exchange_identification(ssh, -1, options.version_addendum,
|
||||
+ options.hpn_disabled) != 0)
|
||||
cleanup_exit(255); /* error already logged */
|
||||
if ((r = kex_exchange_identification(ssh, -1,
|
||||
- options.version_addendum)) != 0)
|
||||
+ options.version_addendum, options.hpn_disabled)) != 0)
|
||||
sshpkt_fatal(ssh, r, "banner exchange");
|
||||
|
||||
ssh_packet_set_nonblocking(ssh);
|
||||
@@ -2264,6 +2290,11 @@ do_ssh2_kex(struct ssh *ssh)
|
||||
@@ -2397,6 +2422,11 @@ do_ssh2_kex(struct ssh *ssh)
|
||||
char *myproposal[PROPOSAL_MAX] = { KEX_SERVER };
|
||||
struct kex *kex;
|
||||
int r;
|
||||
|
|
|
@ -8,11 +8,11 @@ r226103 | des | 2011-10-07 08:10:16 -0500 (Fri, 07 Oct 2011) | 5 lines
|
|||
Add a -x option that causes ssh-agent(1) to exit when all clients have
|
||||
disconnected.
|
||||
|
||||
--- ssh-agent.c.orig 2020-02-13 16:40:54.000000000 -0800
|
||||
+++ ssh-agent.c 2020-03-21 17:04:44.305866000 -0700
|
||||
@@ -167,15 +167,34 @@ static long lifetime = 0;
|
||||
|
||||
static int fingerprint_hash = SSH_FP_HASH_DEFAULT;
|
||||
--- ssh-agent.c.orig 2020-09-27 00:25:01.000000000 -0700
|
||||
+++ ssh-agent.c 2020-11-09 09:07:10.924940000 -0800
|
||||
@@ -171,15 +171,34 @@ static int fingerprint_hash = SSH_FP_HASH_DEFAULT;
|
||||
/* Refuse signing of non-SSH messages for web-origin FIDO keys */
|
||||
static int restrict_websafe = 1;
|
||||
|
||||
+/*
|
||||
+ * Client connection count; incremented in new_socket() and decremented in
|
||||
|
@ -45,7 +45,7 @@ disconnected.
|
|||
}
|
||||
|
||||
static void
|
||||
@@ -875,6 +894,10 @@ new_socket(sock_type type, int fd)
|
||||
@@ -961,6 +980,10 @@ new_socket(sock_type type, int fd)
|
||||
{
|
||||
u_int i, old_alloc, new_alloc;
|
||||
|
||||
|
@ -56,16 +56,16 @@ disconnected.
|
|||
set_nonblock(fd);
|
||||
|
||||
if (fd > max_fd)
|
||||
@@ -1170,7 +1193,7 @@ static void
|
||||
@@ -1261,7 +1284,7 @@ static void
|
||||
usage(void)
|
||||
{
|
||||
fprintf(stderr,
|
||||
- "usage: ssh-agent [-c | -s] [-Dd] [-a bind_address] [-E fingerprint_hash]\n"
|
||||
+ "usage: ssh-agent [-c | -s] [-Ddx] [-a bind_address] [-E fingerprint_hash]\n"
|
||||
" [-P provider_whitelist] [-t life] [command [arg ...]]\n"
|
||||
" ssh-agent [-c | -s] -k\n");
|
||||
exit(1);
|
||||
@@ -1202,6 +1225,7 @@ main(int ac, char **av)
|
||||
" [-P allowed_providers] [-t life]\n"
|
||||
" ssh-agent [-a bind_address] [-E fingerprint_hash] [-P allowed_providers]\n"
|
||||
" [-t life] command [arg ...]\n"
|
||||
@@ -1295,6 +1318,7 @@ main(int ac, char **av)
|
||||
/* drop */
|
||||
setegid(getgid());
|
||||
setgid(getgid());
|
||||
|
@ -73,16 +73,16 @@ disconnected.
|
|||
|
||||
platform_disable_tracing(0); /* strict=no */
|
||||
|
||||
@@ -1213,7 +1237,7 @@ main(int ac, char **av)
|
||||
@@ -1306,7 +1330,7 @@ main(int ac, char **av)
|
||||
__progname = ssh_get_progname(av[0]);
|
||||
seed_rng();
|
||||
|
||||
- while ((ch = getopt(ac, av, "cDdksE:a:P:t:")) != -1) {
|
||||
+ while ((ch = getopt(ac, av, "cDdksE:a:P:t:x")) != -1) {
|
||||
- while ((ch = getopt(ac, av, "cDdksE:a:O:P:t:")) != -1) {
|
||||
+ while ((ch = getopt(ac, av, "cDdksE:a:O:P:t:x")) != -1) {
|
||||
switch (ch) {
|
||||
case 'E':
|
||||
fingerprint_hash = ssh_digest_alg_by_name(optarg);
|
||||
@@ -1256,6 +1280,9 @@ main(int ac, char **av)
|
||||
@@ -1355,6 +1379,9 @@ main(int ac, char **av)
|
||||
fprintf(stderr, "Invalid lifetime\n");
|
||||
usage();
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue