openssh: update to 8.0p1

Update provided by Aleksej Lebedev in pkgsrc-wip. I removed Interix support. We've been moving the patches for a while, without a real test on Interix. the support for interix is quite invasive and makes updating this package difficult. Will reconsider re-adding if I knew we had actual users on Interix (I strongly suspect we don't). OpenSSH 8.0 was released on 2019-04-17. It is available from the mirrors listed at https://www.openssh.com/. OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches, reported bugs, tested snapshots or donated to the project. More information on donations may be found at: http://www.openssh.com/donations.html Security ======== This release contains mitigation for a weakness in the scp(1) tool and protocol (CVE-2019-6111): when copying files from a remote system to a local directory, scp(1) did not verify that the filenames that the server sent matched those requested by the client. This could allow a hostile server to create or clobber unexpected local files with attacker-controlled content. This release adds client-side checking that the filenames sent from the server match the command-line request, The scp protocol is outdated, inflexible and not readily fixed. We recommend the use of more modern protocols like sftp and rsync for file transfer instead. Potentially-incompatible changes ================================ This release includes a number of changes that may affect existing configurations: * scp(1): Relating to the above changes to scp(1); the scp protocol relies on the remote shell for wildcard expansion, so there is no infallible way for the client's wildcard matching to perfectly reflect the server's. If there is a difference between client and server wildcard expansion, the client may refuse files from the server. For this reason, we have provided a new "-T" flag to scp that disables these client-side checks at the risk of reintroducing the attack described above. * sshd(8): Remove support for obsolete "host/port" syntax. Slash- separated host/port was added in 2001 as an alternative to host:port syntax for the benefit of IPv6 users. These days there are establised standards for this like [::1]:22 and the slash syntax is easily mistaken for CIDR notation, which OpenSSH supports for some things. Remove the slash notation from ListenAddress and PermitOpen; bz#2335 Changes since OpenSSH 7.9 ========================= This release is focused on new features and internal refactoring. New Features ------------ * ssh(1), ssh-agent(1), ssh-add(1): Add support for ECDSA keys in PKCS#11 tokens. * ssh(1), sshd(8): Add experimental quantum-computing resistant key exchange method, based on a combination of Streamlined NTRU Prime 4591^761 and X25519. * ssh-keygen(1): Increase the default RSA key size to 3072 bits, following NIST Special Publication 800-57's guidance for a 128-bit equivalent symmetric security level. * ssh(1): Allow "PKCS11Provider=none" to override later instances of the PKCS11Provider directive in ssh_config; bz#2974 * sshd(8): Add a log message for situations where a connection is dropped for attempting to run a command but a sshd_config ForceCommand=internal-sftp restriction is in effect; bz#2960 * ssh(1): When prompting whether to record a new host key, accept the key fingerprint as a synonym for "yes". This allows the user to paste a fingerprint obtained out of band at the prompt and have the client do the comparison for you. * ssh-keygen(1): When signing multiple certificates on a single command-line invocation, allow automatically incrementing the certificate serial number. * scp(1), sftp(1): Accept -J option as an alias to ProxyJump on the scp and sftp command-lines. * ssh-agent(1), ssh-pkcs11-helper(8), ssh-add(1): Accept "-v" command-line flags to increase the verbosity of output; pass verbose flags though to subprocesses, such as ssh-pkcs11-helper started from ssh-agent. * ssh-add(1): Add a "-T" option to allowing testing whether keys in an agent are usable by performing a signature and a verification. * sftp-server(8): Add a "lsetstat@openssh.com" protocol extension that replicates the functionality of the existing SSH2_FXP_SETSTAT operation but does not follow symlinks. bz#2067 * sftp(1): Add "-h" flag to chown/chgrp/chmod commands to request they do not follow symlinks. * sshd(8): Expose $SSH_CONNECTION in the PAM environment. This makes the connection 4-tuple available to PAM modules that wish to use it in decision-making. bz#2741 * sshd(8): Add a ssh_config "Match final" predicate Matches in same pass as "Match canonical" but doesn't require hostname canonicalisation be enabled. bz#2906 * sftp(1): Support a prefix of '@' to suppress echo of sftp batch commands; bz#2926 * ssh-keygen(1): When printing certificate contents using "ssh-keygen -Lf /path/certificate", include the algorithm that the CA used to sign the cert. Bugfixes -------- * sshd(8): Fix authentication failures when sshd_config contains "AuthenticationMethods any" inside a Match block that overrides a more restrictive default. * sshd(8): Avoid sending duplicate keepalives when ClientAliveCount is enabled. * sshd(8): Fix two race conditions related to SIGHUP daemon restart. Remnant file descriptors in recently-forked child processes could block the parent sshd's attempt to listen(2) to the configured addresses. Also, the restarting parent sshd could exit before any child processes that were awaiting their re-execution state had completed reading it, leaving them in a fallback path. * ssh(1): Fix stdout potentially being redirected to /dev/null when ProxyCommand=- was in use. * sshd(8): Avoid sending SIGPIPE to child processes if they attempt to write to stderr after their parent processes have exited; bz#2071 * ssh(1): Fix bad interaction between the ssh_config ConnectTimeout and ConnectionAttempts directives - connection attempts after the first were ignoring the requested timeout; bz#2918 * ssh-keyscan(1): Return a non-zero exit status if no keys were found; bz#2903 * scp(1): Sanitize scp filenames to allow UTF-8 characters without terminal control sequences; bz#2434 * sshd(8): Fix confusion between ClientAliveInterval and time-based RekeyLimit that could cause connections to be incorrectly closed. bz#2757 * ssh(1), ssh-add(1): Correct some bugs in PKCS#11 token PIN handling at initial token login. The attempt to read the PIN could be skipped in some cases, particularly on devices with integrated PIN readers. This would lead to an inability to retrieve keys from these tokens. bz#2652 * ssh(1), ssh-add(1): Support keys on PKCS#11 tokens that set the CKA_ALWAYS_AUTHENTICATE flag by requring a fresh login after the C_SignInit operation. bz#2638 * ssh(1): Improve documentation for ProxyJump/-J, clarifying that local configuration does not apply to jump hosts. * ssh-keygen(1): Clarify manual - ssh-keygen -e only writes public keys, not private. * ssh(1), sshd(8): be more strict in processing protocol banners, allowing \r characters only immediately before \n. * Various: fix a number of memory leaks, including bz#2942 and bz#2938 * scp(1), sftp(1): fix calculation of initial bandwidth limits. Account for bytes written before the timer starts and adjust the schedule on which recalculations are performed. Avoids an initial burst of traffic and yields more accurate bandwidth limits; bz#2927 * sshd(8): Only consider the ext-info-c extension during the initial key eschange. It shouldn't be sent in subsequent ones, but if it is present we should ignore it. This prevents sshd from sending a SSH_MSG_EXT_INFO for REKEX for buggy these clients. bz#2929 * ssh-keygen(1): Clarify manual that ssh-keygen -F (find host in authorized_keys) and -R (remove host from authorized_keys) options may accept either a bare hostname or a [hostname]:port combo. bz#2935 * ssh(1): Don't attempt to connect to empty SSH_AUTH_SOCK; bz#2936 * sshd(8): Silence error messages when sshd fails to load some of the default host keys. Failure to load an explicitly-configured hostkey is still an error, and failure to load any host key is still fatal. pr/103 * ssh(1): Redirect stderr of ProxyCommands to /dev/null when ssh is started with ControlPersist; prevents random ProxyCommand output from interfering with session output. * ssh(1): The ssh client was keeping a redundant ssh-agent socket (leftover from authentication) around for the life of the connection; bz#2912 * sshd(8): Fix bug in HostbasedAcceptedKeyTypes and PubkeyAcceptedKeyTypes options. If only RSA-SHA2 siganture types were specified, then authentication would always fail for RSA keys as the monitor checks only the base key (not the signature algorithm) type against *AcceptedKeyTypes. bz#2746 * ssh(1): Request correct signature types from ssh-agent when certificate keys and RSA-SHA2 signatures are in use. Portability ----------- * sshd(8): On Cygwin, run as SYSTEM where possible, using S4U for token creation if it supports MsV1_0 S4U Logon. * sshd(8): On Cygwin, use custom user/group matching code that respects the OS' behaviour of case-insensitive matching. * sshd(8): Don't set $MAIL if UsePAM=yes as PAM typically specifies the user environment if it's enabled; bz#2937 * sshd(8) Cygwin: Change service name to cygsshd to avoid collision with Microsoft's OpenSSH port. * Allow building against OpenSSL -dev (3.x) * Fix a number of build problems against version configurations and versions of OpenSSL. Including bz#2931 and bz#2921 * Improve warnings in cygwin service setup. bz#2922 * Remove hardcoded service name in cygwin setup. bz#2922
author: maya <maya@pkgsrc.org> 2019-05-01 17:59:56 +0000
committer: maya <maya@pkgsrc.org> 2019-05-01 17:59:56 +0000
commit: bf19fe005d452cdf6b36ad5760a5cfb36e44fffa (patch)
tree: e9a17b83feb56052b880fa42cb7770916fee03b8 /security/openssh
parent: 2908e8a65a8129199353de90efe57bb5c24cb8b9 (diff)
download: pkgsrc-bf19fe005d452cdf6b36ad5760a5cfb36e44fffa.tar.gz
19 files changed, 37 insertions, 570 deletions
diff --git a/security/openssh/MESSAGE.Interix b/security/openssh/MESSAGE.Interix
deleted file mode 100644
index ee57d65d24d..00000000000
--- a/security/openssh/MESSAGE.Interix
+++ /dev/null
@@ -1,20 +0,0 @@
-===========================================================================
-$NetBSD: MESSAGE.Interix,v 1.1 2005/03/07 23:29:49 tv Exp $
-
-OpenSSH on Interix has some important caveats:
-
-* Hostname resolution uses the BIND resolver library rather than Windows
-  native lookup services.  This requires that /etc/resolv.conf be set up
-  properly with a "nameserver" line; see resolv.conf(5).  In most
-  installations, this was generated automatically when Services for UNIX
-  was installed (based on the name server in use at that time).
-
-* Currently, UsePrivilegeSeparation does not work properly, so it defaults
-  to "no" on Interix.
-
-* Network drives and encrypted local files may not be accessible after
-  logging in through sshd thanks to the way the Windows security API works.
-  A workaround is to "exec su USERNAME" after logging in, which will use
-  the password to create a proper Windows access credential key.
-
-===========================================================================
diff --git a/security/openssh/Makefile b/security/openssh/Makefile
index 97ace9773d6..d5a1e32e31e 100644
--- a/security/openssh/Makefile
+++ b/security/openssh/Makefile
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.258 2019/04/25 14:55:04 tron Exp $
+# $NetBSD: Makefile,v 1.259 2019/05/01 17:59:56 maya Exp $
 
-DISTNAME=		openssh-7.9p1
+DISTNAME=		openssh-8.0p1
 PKGNAME=		${DISTNAME:S/p1/.1/}
 PKGREVISION=		1
 CATEGORIES=		security
@@ -36,33 +36,12 @@ INSTALL_TARGET=		install-nokeys
 # fixes: dyld: Symbol not found: _allow_severity
 CONFIGURE_ARGS.Darwin+=	--disable-strip
 
-# OpenSSH on Interix has some important caveats
-.if ${OPSYS} == "Interix"
-MESSAGE_SRC=		${.CURDIR}/MESSAGE.Interix
-BUILDLINK_PASSTHRU_DIRS+= /usr/local/lib/bind
-CONFIGURE_ENV+=		ac_cv_func_openpty=no
-CONFIGURE_ENV+=		ac_cv_type_struct_timespec=yes
-CPPFLAGS+=		-DIOV_MAX=16 # default is INT_MAX, way too large
-.  if exists(/usr/local/include/bind/resolv.h)
-CPPFLAGS+=		-I/usr/local/include/bind
-BUILDLINK_PASSTHRU_DIRS+= /usr/local/include/bind
-.  elif exists(/usr/local/bind/include/resolv.h)
-CPPFLAGS+=		-I/usr/local/bind/include
-BUILDLINK_PASSTHRU_DIRS+= /usr/local/bind/include
-.  endif
-LDFLAGS+=		-L/usr/local/lib/bind
-LIBS+=			-lbind -ldb -lcrypt
-
-.else # not Interix
-
 PKG_GROUPS=		${OPENSSH_GROUP}
 PKG_USERS=		${OPENSSH_USER}:${OPENSSH_GROUP}
 
 PKG_GECOS.${OPENSSH_USER}=	sshd privsep pseudo-user
 PKG_HOME.${OPENSSH_USER}=	${OPENSSH_CHROOT}
 
-.endif
-
 SSH_PID_DIR=		${VARBASE}/run	# default directory for PID files
 
 PKG_SYSCONFSUBDIR=	ssh
@@ -73,10 +52,8 @@ CONFIGURE_ARGS+=	--sysconfdir=${PKG_SYSCONFDIR}
 CONFIGURE_ARGS+=	--with-pid-dir=${SSH_PID_DIR}
 CONFIGURE_ARGS+=	--with-tcp-wrappers=${BUILDLINK_PREFIX.tcp_wrappers}
 
-.if ${OPSYS} != "Interix"
 CONFIGURE_ARGS+=	--with-privsep-path=${OPENSSH_CHROOT:Q}
 CONFIGURE_ARGS+=	--with-privsep-user=${OPENSSH_USER}
-.endif
 
 # pkgsrc already enforces a "secure" version of zlib via dependencies,
 # so skip this bogus version check.
diff --git a/security/openssh/distinfo b/security/openssh/distinfo
index 7353855e2e4..237d2fd6bc4 100644
--- a/security/openssh/distinfo
+++ b/security/openssh/distinfo
@@ -1,29 +1,18 @@
-$NetBSD: distinfo,v 1.106 2019/01/18 20:13:36 tnn Exp $
+$NetBSD: distinfo,v 1.107 2019/05/01 17:59:56 maya Exp $
 
-SHA1 (openssh-7.9p1.tar.gz) = 993aceedea8ecabb1d0dd7293508a361891c4eaa
-RMD160 (openssh-7.9p1.tar.gz) = 236617fb9c04dcca12f9d56b5975efda4e798f53
-SHA512 (openssh-7.9p1.tar.gz) = 0412c9c429c9287f0794023951469c8e6ec833cdb55821bfa0300dd90d0879ff60484f620cffd93372641ab69bf0b032c2d700ccc680950892725fb631b7708e
-Size (openssh-7.9p1.tar.gz) = 1565384 bytes
+SHA1 (openssh-8.0p1.tar.gz) = 756dbb99193f9541c9206a667eaa27b0fa184a4f
+RMD160 (openssh-8.0p1.tar.gz) = 9c0d0d97a5f9f97329bf334725dfbad53576d612
+SHA512 (openssh-8.0p1.tar.gz) = e280fa2d56f550efd37c5d2477670326261aa8b94d991f9eb17aad90e0c6c9c939efa90fe87d33260d0f709485cb05c379f0fd1bd44fc0d5190298b6398c9982
+Size (openssh-8.0p1.tar.gz) = 1597697 bytes
 SHA1 (patch-Makefile.in) = 13502b825c13c98b2ba3b84ff4bae9aa664b76b1
-SHA1 (patch-auth-passwd.c) = f2906091185c84d0dbb26e6b8fa0de30934816bd
-SHA1 (patch-auth-rhosts.c) = a5e6131e63b83a7e8a06cd80f22def449d6bc2c4
-SHA1 (patch-auth.c) = cd13f8b31b45d668c5e09eca098b17ec8a7c1039
-SHA1 (patch-auth2.c) = c57e5fe3d6fed73e6b26a8e4e4c63f36d8e20535
+SHA1 (patch-auth.c) = 194e3293fdc18b93014041d379d57df172716e1c
 SHA1 (patch-clientloop.c) = 4e88fbd14db33f003eb93c30c682a017e102196e
-SHA1 (patch-config.h.in) = 926507ea281568e06385e16cbd3c8b907f2baa3f
-SHA1 (patch-configure.ac) = c8ee9d49a4989c5dfe02a89e0d3a8a4e16c32b9d
+SHA1 (patch-config.h.in) = 7d1050743da7264763254b57938775c546c3baa5
+SHA1 (patch-configure.ac) = 321ef5ed83abe7e07d38026e096a10700b010ac8
 SHA1 (patch-defines.h) = bd8687a9a2857f3b8d15ae94095f27f9344003c4
-SHA1 (patch-includes.h) = c4a7622af6fbcd098d18d257724dca6aaeea4fda
-SHA1 (patch-loginrec.c) = 28082deb14258fe63cbecad8ac96afc016de439c
-SHA1 (patch-openbsd-compat_bsd-openpty.c) = 80e076a18a0f9ba211ecd4bc5853ce01899568ae
+SHA1 (patch-loginrec.c) = 76f1e03182cbd18dd9ac0bdfcb6502eec7eb56a9
 SHA1 (patch-openbsd-compat_openbsd-compat.h) = bedbede16ab2fe918419c994ba15a20167b411b4
 SHA1 (patch-openbsd-compat_port-tun.c) = 4b1b55b7fdc319e011d249ee336301b17a589228
-SHA1 (patch-platform.c) = f8f211dbc5e596c0f82eb86324d18a84c6151ec5
 SHA1 (patch-sandbox-darwin.c) = c9a1fe2e4dbf98e929d983b4206a244e0e354b75
-SHA1 (patch-scp.c) = 9c2317b0f796641903a826db355ba06595a26ea1
-SHA1 (patch-session.c) = 2538d6f825bff1be325207285cdfac89f73ff264
-SHA1 (patch-sftp-common.c) = 6819aa040c8f1caa30a704cf6f0588e498df8778
 SHA1 (patch-sshd.8) = 5bf48cd27cef8e8810b9dc7115f5180102a345d1
-SHA1 (patch-sshd.c) = 1944283a09772f767044e46acf5329bfad5dae3c
-SHA1 (patch-sshpty.c) = cb691d4fbde808927f2fbcc12b87ad983cf21938
-SHA1 (patch-uidswap.c) = 6c68624cfd6ff3c2386008ff336c4d7da78195f4
+SHA1 (patch-sshd.c) = 825eeec13608859852f4cfdeaceedce21bd2f164
diff --git a/security/openssh/patches/patch-auth-passwd.c b/security/openssh/patches/patch-auth-passwd.c
deleted file mode 100644
index 68ed2fc1ec0..00000000000
--- a/security/openssh/patches/patch-auth-passwd.c
+++ /dev/null
@@ -1,27 +0,0 @@
-$NetBSD: patch-auth-passwd.c,v 1.5 2019/01/18 20:13:37 tnn Exp $
-
-Replace uid 0 with ROOTUID macro
-
---- auth-passwd.c.orig	2018-10-17 00:01:20.000000000 +0000
-+++ auth-passwd.c
-@@ -87,7 +87,7 @@ auth_password(struct ssh *ssh, const cha
- 		return 0;
- 
- #ifndef HAVE_CYGWIN
--	if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES)
-+	if (pw->pw_uid == ROOTUID && options.permit_root_login != PERMIT_YES)
- 		ok = 0;
- #endif
- 	if (*password == '\0' && options.permit_empty_passwd == 0)
-@@ -122,7 +122,11 @@ auth_password(struct ssh *ssh, const cha
- 			authctxt->force_pwchange = 1;
- 	}
- #endif
-+#ifdef HAVE_INTERIX
-+	result = (!setuser(pw->pw_name, password, SU_CHECK));
-+#else
- 	result = sys_auth_passwd(ssh, password);
-+#endif
- 	if (authctxt->force_pwchange)
- 		auth_restrict_session(ssh);
- 	return (result && ok);
diff --git a/security/openssh/patches/patch-auth-rhosts.c b/security/openssh/patches/patch-auth-rhosts.c
deleted file mode 100644
index fef060635c4..00000000000
--- a/security/openssh/patches/patch-auth-rhosts.c
+++ /dev/null
@@ -1,33 +0,0 @@
-$NetBSD: patch-auth-rhosts.c,v 1.3 2016/01/18 12:53:26 jperkin Exp $
-
-Replace uid 0 with ROOTUID macro
-
---- auth-rhosts.c.orig	2015-08-21 04:49:03.000000000 +0000
-+++ auth-rhosts.c
-@@ -242,7 +242,7 @@ auth_rhosts2_raw(struct passwd *pw, cons
- 	 * If not logging in as superuser, try /etc/hosts.equiv and
- 	 * shosts.equiv.
- 	 */
--	if (pw->pw_uid == 0)
-+	if (pw->pw_uid == ROOTUID)
- 		debug3("%s: root user, ignoring system hosts files", __func__);
- 	else {
- 		if (check_rhosts_file(_PATH_RHOSTS_EQUIV, hostname, ipaddr,
-@@ -271,7 +271,7 @@ auth_rhosts2_raw(struct passwd *pw, cons
- 		return 0;
- 	}
- 	if (options.strict_modes &&
--	    ((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
-+	    ((st.st_uid != ROOTUID && st.st_uid != pw->pw_uid) ||
- 	    (st.st_mode & 022) != 0)) {
- 		logit("Rhosts authentication refused for %.100s: "
- 		    "bad ownership or modes for home directory.", pw->pw_name);
-@@ -298,7 +298,7 @@ auth_rhosts2_raw(struct passwd *pw, cons
- 		 * allowing access to their account by anyone.
- 		 */
- 		if (options.strict_modes &&
--		    ((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
-+		    ((st.st_uid != ROOTUID && st.st_uid != pw->pw_uid) ||
- 		    (st.st_mode & 022) != 0)) {
- 			logit("Rhosts authentication refused for %.100s: bad modes for %.200s",
- 			    pw->pw_name, buf);
diff --git a/security/openssh/patches/patch-auth.c b/security/openssh/patches/patch-auth.c
index 80ad49e22ae..4d8145b4053 100644
--- a/security/openssh/patches/patch-auth.c
+++ b/security/openssh/patches/patch-auth.c
@@ -1,27 +1,17 @@
-$NetBSD: patch-auth.c,v 1.4 2016/01/18 12:53:26 jperkin Exp $
+$NetBSD: patch-auth.c,v 1.5 2019/05/01 17:59:56 maya Exp $
 
-* Replace uid 0 with ROOTUID macro.
 * Use login_getpwclass() instead of login_getclass() so that the root
   vs. default login class distinction is made correctly, from FrrrBSD's
   ports.
 
---- auth.c.orig	2015-08-21 04:49:03.000000000 +0000
+--- auth.c.orig	2019-05-01 11:28:52.028281617 +0000
 +++ auth.c
-@@ -424,7 +424,7 @@ check_key_in_hostfiles(struct passwd *pw
- 		user_hostfile = tilde_expand_filename(userfile, pw->pw_uid);
- 		if (options.strict_modes &&
- 		    (stat(user_hostfile, &st) == 0) &&
--		    ((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
-+		    ((st.st_uid != ROOTUID && st.st_uid != pw->pw_uid) ||
- 		    (st.st_mode & 022) != 0)) {
- 			logit("Authentication refused for %.100s: "
- 			    "bad owner or modes for %.200s",
-@@ -653,7 +653,7 @@ getpwnamallow(const char *user)
- 	if (!allowed_user(pw))
+@@ -599,7 +599,7 @@ getpwnamallow(struct ssh *ssh, const cha
+ 	if (!allowed_user(ssh, pw))
  		return (NULL);
  #ifdef HAVE_LOGIN_CAP
 -	if ((lc = login_getclass(pw->pw_class)) == NULL) {
-+	if ((lc = login_getpwclass(pw)) == NULL) {
++	if ((lc = login_getpwclass(pw->pw_class)) == NULL) {
  		debug("unable to get login class: %s", user);
  		return (NULL);
  	}
diff --git a/security/openssh/patches/patch-auth2.c b/security/openssh/patches/patch-auth2.c
deleted file mode 100644
index 2182d4afc75..00000000000
--- a/security/openssh/patches/patch-auth2.c
+++ /dev/null
@@ -1,15 +0,0 @@
-$NetBSD: patch-auth2.c,v 1.7 2019/01/18 20:13:37 tnn Exp $
-
-Replace uid 0 with ROOTUID macro
-
---- auth2.c.orig	2018-10-17 00:01:20.000000000 +0000
-+++ auth2.c
-@@ -352,7 +352,7 @@ userauth_finish(struct ssh *ssh, int aut
- 		fatal("INTERNAL ERROR: authenticated and postponed");
- 
- 	/* Special handling for root */
--	if (authenticated && authctxt->pw->pw_uid == 0 &&
-+	if (authenticated && authctxt->pw->pw_uid == ROOTUID &&
- 	    !auth_root_allowed(ssh, method)) {
- 		authenticated = 0;
- #ifdef SSH_AUDIT_EVENTS
diff --git a/security/openssh/patches/patch-config.h.in b/security/openssh/patches/patch-config.h.in
index c1bb668067d..84eb5a027f4 100644
--- a/security/openssh/patches/patch-config.h.in
+++ b/security/openssh/patches/patch-config.h.in
@@ -1,20 +1,10 @@
-$NetBSD: patch-config.h.in,v 1.6 2019/01/18 20:13:37 tnn Exp $
+$NetBSD: patch-config.h.in,v 1.7 2019/05/01 17:59:56 maya Exp $
 
-* Added Interix and define new path to if_tun.h.
+* define new path to if_tun.h.
 * Revive tcp_wrappers support.
 
 --- config.h.in.orig	2018-10-19 01:06:33.000000000 +0000
 +++ config.h.in
-@@ -741,6 +741,9 @@
- /* define if you have int64_t data type */
- #undef HAVE_INT64_T
- 
-+/* Define if you are on Interix */
-+#undef HAVE_INTERIX
-+
- /* Define to 1 if the system has the type `intmax_t'. */
- #undef HAVE_INTMAX_T
- 
 @@ -910,6 +913,9 @@
  /* Define to 1 if you have the <net/route.h> header file. */
  #undef HAVE_NET_ROUTE_H
diff --git a/security/openssh/patches/patch-configure.ac b/security/openssh/patches/patch-configure.ac
index 922f7686cd1..8b6fbc3059c 100644
--- a/security/openssh/patches/patch-configure.ac
+++ b/security/openssh/patches/patch-configure.ac
@@ -1,11 +1,8 @@
-$NetBSD: patch-configure.ac,v 1.7 2019/01/18 20:13:37 tnn Exp $
+$NetBSD: patch-configure.ac,v 1.8 2019/05/01 17:59:56 maya Exp $
 
-* Various fixes regarding portability
-* Revive tcp_wrappers support.
-
---- configure.ac.orig	2018-10-17 00:01:20.000000000 +0000
+--- configure.ac.orig	2019-04-17 22:52:57.000000000 +0000
 +++ configure.ac
-@@ -293,6 +293,9 @@ AC_ARG_WITH([rpath],
+@@ -294,6 +294,9 @@ AC_ARG_WITH([rpath],
  	]
  )
  
@@ -15,7 +12,7 @@ $NetBSD: patch-configure.ac,v 1.7 2019/01/18 20:13:37 tnn Exp $
  # Allow user to specify flags
  AC_ARG_WITH([cflags],
  	[  --with-cflags           Specify additional flags to pass to compiler],
-@@ -386,6 +389,7 @@ AC_CHECK_HEADERS([ \
+@@ -387,6 +390,7 @@ AC_CHECK_HEADERS([ \
  	maillock.h \
  	ndir.h \
  	net/if_tun.h \
@@ -23,23 +20,7 @@ $NetBSD: patch-configure.ac,v 1.7 2019/01/18 20:13:37 tnn Exp $
  	netdb.h \
  	netgroup.h \
  	pam/pam_appl.h \
-@@ -736,6 +740,15 @@ main() { if (NSVersionOfRunTimeLibrary("
- 		;;
- 	esac
- 	;;
-+*-*-interix*)
-+        AC_DEFINE(HAVE_INTERIX)
-+        AC_DEFINE(DISABLE_FD_PASSING)
-+        AC_DEFINE(DISABLE_SHADOW)
-+        AC_DEFINE(IP_TOS_IS_BROKEN)
-+        AC_DEFINE(MISSING_HOWMANY)
-+        AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT)
-+        AC_DEFINE(USE_PIPES)
-+        ;;
- *-*-irix5*)
- 	PATH="$PATH:/usr/etc"
- 	AC_DEFINE([BROKEN_INET_NTOA], [1],
-@@ -1493,6 +1506,62 @@ else
+@@ -1494,6 +1507,62 @@ else
  	AC_MSG_RESULT([no])
  fi
  
@@ -102,7 +83,7 @@ $NetBSD: patch-configure.ac,v 1.7 2019/01/18 20:13:37 tnn Exp $
  # Check whether user wants to use ldns
  LDNS_MSG="no"
  AC_ARG_WITH(ldns,
-@@ -5189,9 +5258,17 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+@@ -5129,9 +5198,17 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
  ])
  if test -z "$conf_wtmpx_location"; then
  	if test x"$system_wtmpx_path" = x"no" ; then
@@ -122,7 +103,7 @@ $NetBSD: patch-configure.ac,v 1.7 2019/01/18 20:13:37 tnn Exp $
  	AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"],
  		[Define if you want to specify the path to your wtmpx file])
  fi
-@@ -5283,7 +5360,7 @@ echo "OpenSSH has been configured with t
+@@ -5223,7 +5300,7 @@ echo "OpenSSH has been configured with t
  echo "                     User binaries: $B"
  echo "                   System binaries: $C"
  echo "               Configuration files: $D"
@@ -131,7 +112,7 @@ $NetBSD: patch-configure.ac,v 1.7 2019/01/18 20:13:37 tnn Exp $
  echo "                      Manual pages: $F"
  echo "                          PID file: $G"
  echo "  Privilege separation chroot path: $H"
-@@ -5305,6 +5382,7 @@ echo "                       PAM support
+@@ -5245,6 +5322,7 @@ echo "                       PAM support
  echo "                   OSF SIA support: $SIA_MSG"
  echo "                 KerberosV support: $KRB5_MSG"
  echo "                   SELinux support: $SELINUX_MSG"
diff --git a/security/openssh/patches/patch-includes.h b/security/openssh/patches/patch-includes.h
deleted file mode 100644
index 5e54a9dcd86..00000000000
--- a/security/openssh/patches/patch-includes.h
+++ /dev/null
@@ -1,17 +0,0 @@
-$NetBSD: patch-includes.h,v 1.4 2016/01/18 12:53:26 jperkin Exp $
-
-Interix support
-
---- includes.h.orig	2015-08-21 04:49:03.000000000 +0000
-+++ includes.h
-@@ -127,6 +127,10 @@
- #ifdef HAVE_READPASSPHRASE_H
- # include <readpassphrase.h>
- #endif
-+#ifdef HAVE_INTERIX
-+# include <interix/env.h>
-+# include <interix/security.h>
-+#endif
- 
- #ifdef HAVE_IA_H
- # include <ia.h>
diff --git a/security/openssh/patches/patch-loginrec.c b/security/openssh/patches/patch-loginrec.c
index fa56d5a158f..c0afc4e0235 100644
--- a/security/openssh/patches/patch-loginrec.c
+++ b/security/openssh/patches/patch-loginrec.c
@@ -1,20 +1,12 @@
-$NetBSD: patch-loginrec.c,v 1.5 2016/01/18 12:53:26 jperkin Exp $
+$NetBSD: patch-loginrec.c,v 1.6 2019/05/01 17:59:56 maya Exp $
 
-Interix support and related fixes. Fix build on FreeBSD.
+Interix support and related fixes.
+Fix build on FreeBSD.
+
+XXX remove interix once we figure out which one's which
 
 --- loginrec.c.orig	2015-08-21 04:49:03.000000000 +0000
 +++ loginrec.c
-@@ -432,8 +432,8 @@ login_set_addr(struct logininfo *li, con
- int
- login_write(struct logininfo *li)
- {
--#ifndef HAVE_CYGWIN
--	if (geteuid() != 0) {
-+#if !defined(HAVE_CYGWIN) && !defined(HAVE_INTERIX)
-+        if (geteuid() != ROOTUID) {
- 		logit("Attempt to write login records by non-root user (aborting)");
- 		return (1);
- 	}
 @@ -441,7 +441,7 @@ login_write(struct logininfo *li)
  
  	/* set the timestamp */
diff --git a/security/openssh/patches/patch-openbsd-compat_bsd-openpty.c b/security/openssh/patches/patch-openbsd-compat_bsd-openpty.c
deleted file mode 100644
index adbacbee3a9..00000000000
--- a/security/openssh/patches/patch-openbsd-compat_bsd-openpty.c
+++ /dev/null
@@ -1,22 +0,0 @@
-$NetBSD: patch-openbsd-compat_bsd-openpty.c,v 1.4 2016/12/30 04:43:16 taca Exp $
-
-Interix support
-
---- openbsd-compat/bsd-openpty.c.orig	2016-12-19 04:59:41.000000000 +0000
-+++ openbsd-compat/bsd-openpty.c
-@@ -121,6 +121,7 @@ openpty(int *amaster, int *aslave, char 
- 		return (-1);
- 	}
- 
-+#if !defined(HAVE_INTERIX)
- 	/*
- 	 * Try to push the appropriate streams modules, as described
- 	 * in Solaris pts(7).
-@@ -130,6 +131,7 @@ openpty(int *amaster, int *aslave, char 
- # ifndef __hpux
- 	ioctl(*aslave, I_PUSH, "ttcompat");
- # endif /* __hpux */
-+#endif /* !HAVE_INTERIX */
- 
- 	return (0);
- 
diff --git a/security/openssh/patches/patch-platform.c b/security/openssh/patches/patch-platform.c
deleted file mode 100644
index fe837c1b5a8..00000000000
--- a/security/openssh/patches/patch-platform.c
+++ /dev/null
@@ -1,16 +0,0 @@
-$NetBSD: patch-platform.c,v 1.5 2016/01/18 12:53:26 jperkin Exp $
-
-Interix support
-
---- platform.c.orig	2015-08-21 04:49:03.000000000 +0000
-+++ platform.c
-@@ -90,7 +90,9 @@ platform_privileged_uidswap(void)
- 	/* uid 0 is not special on Cygwin so always try */
- 	return 1;
- #else
-+#if !defined(HAVE_INTERIX)
- 	return (getuid() == 0 || geteuid() == 0);
-+#endif /* !HAVE_INTERIX */
- #endif
- }
- 
diff --git a/security/openssh/patches/patch-scp.c b/security/openssh/patches/patch-scp.c
deleted file mode 100644
index 415ddfbc2bf..00000000000
--- a/security/openssh/patches/patch-scp.c
+++ /dev/null
@@ -1,39 +0,0 @@
-$NetBSD: patch-scp.c,v 1.4 2016/01/18 12:53:26 jperkin Exp $
-
-Interix support
-
---- scp.c.orig	2015-08-21 04:49:03.000000000 +0000
-+++ scp.c
-@@ -478,7 +478,11 @@ main(int argc, char **argv)
- 	argc -= optind;
- 	argv += optind;
- 
-+#ifdef HAVE_INTERIX
-+	if ((pwd = getpwuid_ex(userid = getuid(), PW_FULLNAME)) == NULL)
-+#else
- 	if ((pwd = getpwuid(userid = getuid())) == NULL)
-+#endif
- 		fatal("unknown user %u", (u_int) userid);
- 
- 	if (!isatty(STDOUT_FILENO))
-@@ -886,8 +890,10 @@ rsource(char *name, struct stat *statp)
- 		return;
- 	}
- 	while ((dp = readdir(dirp)) != NULL) {
-+#ifndef HAVE_INTERIX
- 		if (dp->d_ino == 0)
- 			continue;
-+#endif
- 		if (!strcmp(dp->d_name, ".") || !strcmp(dp->d_name, ".."))
- 			continue;
- 		if (strlen(name) + 1 + strlen(dp->d_name) >= sizeof(path) - 1) {
-@@ -1297,7 +1303,9 @@ okname(char *cp0)
- 			case '\'':
- 			case '"':
- 			case '`':
-+#ifndef HAVE_INTERIX
- 			case ' ':
-+#endif
- 			case '#':
- 				goto bad;
- 			default:
diff --git a/security/openssh/patches/patch-session.c b/security/openssh/patches/patch-session.c
deleted file mode 100644
index d0b9df8d7dc..00000000000
--- a/security/openssh/patches/patch-session.c
+++ /dev/null
@@ -1,65 +0,0 @@
-$NetBSD: patch-session.c,v 1.9 2019/01/18 20:13:37 tnn Exp $
-
-* Interix support.
-
---- session.c.orig	2018-10-17 00:01:20.000000000 +0000
-+++ session.c
-@@ -959,7 +959,7 @@ read_etc_default_login(char ***env, u_in
- 	if (tmpenv == NULL)
- 		return;
- 
--	if (uid == 0)
-+	if (uid == ROOTUID)
- 		var = child_get_env(tmpenv, "SUPATH");
- 	else
- 		var = child_get_env(tmpenv, "PATH");
-@@ -1077,7 +1077,7 @@ do_setup_env(struct ssh *ssh, Session *s
- #  endif /* HAVE_ETC_DEFAULT_LOGIN */
- 	if (path == NULL || *path == '\0') {
- 		child_set_env(&env, &envsize, "PATH",
--		    s->pw->pw_uid == 0 ?  SUPERUSER_PATH : _PATH_STDPATH);
-+		    s->pw->pw_uid == ROOTUID ?  SUPERUSER_PATH : _PATH_STDPATH);
- 	}
- # endif /* HAVE_CYGWIN */
- #endif /* HAVE_LOGIN_CAP */
-@@ -1209,6 +1209,17 @@ do_setup_env(struct ssh *ssh, Session *s
- 		child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND",
- 		    original_command);
- 
-+#ifdef HAVE_INTERIX
-+	{
-+		/* copy standard Windows environment, then apply changes */
-+		env_t *winenv = env_login(pw);
-+		env_putarray(winenv, env, ENV_OVERRIDE);
-+
-+		/* swap over to altered environment as a traditional array */
-+		env = env_array(winenv);
-+	}
-+#endif
-+
- 	if (debug_flag) {
- 		/* dump the environment */
- 		fprintf(stderr, "Environment:\n");
-@@ -1400,11 +1411,13 @@ do_setusercontext(struct passwd *pw)
- 			perror("setgid");
- 			exit(1);
- 		}
-+# if !defined(HAVE_INTERIX)
- 		/* Initialize the group list. */
- 		if (initgroups(pw->pw_name, pw->pw_gid) < 0) {
- 			perror("initgroups");
- 			exit(1);
- 		}
-+# endif /* !HAVE_INTERIX */
- 		endgrent();
- #endif
- 
-@@ -2275,7 +2288,7 @@ session_pty_cleanup2(Session *s)
- 		record_logout(s->pid, s->tty, s->pw->pw_name);
- 
- 	/* Release the pseudo-tty. */
--	if (getuid() == 0)
-+	if (getuid() == ROOTUID)
- 		pty_release(s->tty);
- 
- 	/*
diff --git a/security/openssh/patches/patch-sftp-common.c b/security/openssh/patches/patch-sftp-common.c
deleted file mode 100644
index 4bf2960569c..00000000000
--- a/security/openssh/patches/patch-sftp-common.c
+++ /dev/null
@@ -1,16 +0,0 @@
-$NetBSD: patch-sftp-common.c,v 1.4 2016/01/18 12:53:26 jperkin Exp $
-
-Include <unistd.h> for strmode(3).
-
---- sftp-common.c.orig	2015-08-21 04:49:03.000000000 +0000
-+++ sftp-common.c
-@@ -37,6 +37,9 @@
- #include <string.h>
- #include <time.h>
- #include <stdarg.h>
-+#ifdef HAVE_UNISTD_H
-+#include <unistd.h>
-+#endif
- #ifdef HAVE_UTIL_H
- #include <util.h>
- #endif
diff --git a/security/openssh/patches/patch-sshd.c b/security/openssh/patches/patch-sshd.c
index 3c9e812fa62..27dd83f95ff 100644
--- a/security/openssh/patches/patch-sshd.c
+++ b/security/openssh/patches/patch-sshd.c
@@ -1,9 +1,6 @@
-$NetBSD: patch-sshd.c,v 1.10 2019/01/18 20:13:37 tnn Exp $
+$NetBSD: patch-sshd.c,v 1.11 2019/05/01 17:59:56 maya Exp $
 
-* Interix support
-* Revive tcp_wrappers support.
-
---- sshd.c.orig	2018-10-17 00:01:20.000000000 +0000
+--- sshd.c.orig	2019-04-17 22:52:57.000000000 +0000
 +++ sshd.c
 @@ -123,6 +123,13 @@
  #include "version.h"
@@ -19,35 +16,7 @@ $NetBSD: patch-sshd.c,v 1.10 2019/01/18 20:13:37 tnn Exp $
  /* Re-exec fds */
  #define REEXEC_DEVCRYPTO_RESERVED_FD	(STDERR_FILENO + 1)
  #define REEXEC_STARTUP_PIPE_FD		(STDERR_FILENO + 2)
-@@ -225,7 +232,11 @@ int *startup_pipes = NULL;
- int startup_pipe;		/* in child */
- 
- /* variables used for privilege separation */
-+#ifdef HAVE_INTERIX
-+int use_privsep = 0;
-+#else
- int use_privsep = -1;
-+#endif
- struct monitor *pmonitor = NULL;
- int privsep_is_preauth = 1;
- static int privsep_chroot = 1;
-@@ -556,10 +567,15 @@ privsep_preauth_child(void)
- 		/* Drop our privileges */
- 		debug3("privsep user:group %u:%u", (u_int)privsep_pw->pw_uid,
- 		    (u_int)privsep_pw->pw_gid);
-+#ifdef HAVE_INTERIX
-+	if (setuser(privsep_pw->pw_name, NULL, SU_COMPLETE))
-+		fatal("setuser: %.100s", strerror(errno));
-+#else
- 		gidset[0] = privsep_pw->pw_gid;
- 		if (setgroups(1, gidset) < 0)
- 			fatal("setgroups: %.100s", strerror(errno));
- 		permanently_set_uid(privsep_pw);
-+#endif /* HAVE_INTERIX */
- 	}
- }
- 
-@@ -623,10 +639,17 @@ privsep_preauth(Authctxt *authctxt)
+@@ -534,10 +541,17 @@ privsep_preauth(struct ssh *ssh)
  		/* Arrange for logging to be sent to the monitor */
  		set_log_handler(mm_log_handler, pmonitor);
  
@@ -65,57 +34,7 @@ $NetBSD: patch-sshd.c,v 1.10 2019/01/18 20:13:37 tnn Exp $
  
  		return 0;
  	}
-@@ -638,7 +661,7 @@ privsep_postauth(Authctxt *authctxt)
- #ifdef DISABLE_FD_PASSING
- 	if (1) {
- #else
--	if (authctxt->pw->pw_uid == 0) {
-+	if (authctxt->pw->pw_uid == ROOTUID) {
- #endif
- 		/* File descriptor passing is broken or root login */
- 		use_privsep = 0;
-@@ -1504,8 +1527,10 @@ main(int ac, char **av)
- 	av = saved_argv;
- #endif
- 
--	if (geteuid() == 0 && setgroups(0, NULL) == -1)
-+#ifndef HAVE_INTERIX
-+	if (geteuid() == ROOTUID && setgroups(0, NULL) == -1)
- 		debug("setgroups(): %.200s", strerror(errno));
-+#endif
- 
- 	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
- 	sanitise_stdfd();
-@@ -1730,7 +1755,7 @@ main(int ac, char **av)
- 	);
- 
- 	/* Store privilege separation user for later use if required. */
--	privsep_chroot = use_privsep && (getuid() == 0 || geteuid() == 0);
-+	privsep_chroot = use_privsep && (getuid() == ROOTUID || geteuid() == ROOTUID);
- 	if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) {
- 		if (privsep_chroot || options.kerberos_authentication)
- 			fatal("Privilege separation user %s does not exist",
-@@ -1871,7 +1896,7 @@ main(int ac, char **av)
- 		    (st.st_uid != getuid () ||
- 		    (st.st_mode & (S_IWGRP|S_IWOTH)) != 0))
- #else
--		if (st.st_uid != 0 || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)
-+		if (st.st_uid != ROOTUID || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)
- #endif
- 			fatal("%s must be owned by root and not group or "
- 			    "world-writable.", _PATH_PRIVSEP_CHROOT_DIR);
-@@ -1899,8 +1924,10 @@ main(int ac, char **av)
- 	 * to create a file, and we can't control the code in every
- 	 * module which might be used).
- 	 */
-+#ifndef HAVE_INTERIX
- 	if (setgroups(0, NULL) < 0)
- 		debug("setgroups() failed: %.200s", strerror(errno));
-+#endif
- 
- 	if (rexec_flag) {
- 		if (rexec_argc < 0)
-@@ -2093,6 +2120,25 @@ main(int ac, char **av)
+@@ -2053,6 +2067,25 @@ main(int ac, char **av)
  	audit_connection_from(remote_ip, remote_port);
  #endif
  
@@ -123,7 +42,7 @@ $NetBSD: patch-sshd.c,v 1.10 2019/01/18 20:13:37 tnn Exp $
 +	allow_severity = options.log_facility|LOG_INFO;
 +	deny_severity = options.log_facility|LOG_WARNING;
 +	/* Check whether logins are denied from this host. */
-+	if (packet_connection_is_on_socket()) {
++	if (ssh_packet_connection_is_on_socket(ssh)) {
 +		struct request_info req;
 +
 +		request_init(&req, RQ_DAEMON, __progname, RQ_FILE, sock_in, 0);
diff --git a/security/openssh/patches/patch-sshpty.c b/security/openssh/patches/patch-sshpty.c
deleted file mode 100644
index c96ba181fe2..00000000000
--- a/security/openssh/patches/patch-sshpty.c
+++ /dev/null
@@ -1,24 +0,0 @@
-$NetBSD: patch-sshpty.c,v 1.3 2016/01/18 12:53:26 jperkin Exp $
-
-Replace uid 0 with ROOTUID macro
-
---- sshpty.c.orig	2015-08-21 04:49:03.000000000 +0000
-+++ sshpty.c
-@@ -86,7 +86,7 @@ void
- pty_release(const char *tty)
- {
- #if !defined(__APPLE_PRIVPTY__) && !defined(HAVE_OPENPTY)
--	if (chown(tty, (uid_t) 0, (gid_t) 0) < 0)
-+	if (chown(tty, (uid_t) ROOTUID, (gid_t) ROOTGID) < 0)
- 		error("chown %.100s 0 0 failed: %.100s", tty, strerror(errno));
- 	if (chmod(tty, (mode_t) 0666) < 0)
- 		error("chmod %.100s 0666 failed: %.100s", tty, strerror(errno));
-@@ -215,7 +215,7 @@ pty_setowner(struct passwd *pw, const ch
- 	if (st.st_uid != pw->pw_uid || st.st_gid != gid) {
- 		if (chown(tty, pw->pw_uid, gid) < 0) {
- 			if (errno == EROFS &&
--			    (st.st_uid == pw->pw_uid || st.st_uid == 0))
-+			    (st.st_uid == pw->pw_uid || st.st_uid == ROOTUID))
- 				debug("chown(%.100s, %u, %u) failed: %.100s",
- 				    tty, (u_int)pw->pw_uid, (u_int)gid,
- 				    strerror(errno));
diff --git a/security/openssh/patches/patch-uidswap.c b/security/openssh/patches/patch-uidswap.c
deleted file mode 100644
index 32a76c6922b..00000000000
--- a/security/openssh/patches/patch-uidswap.c
+++ /dev/null
@@ -1,77 +0,0 @@
-$NetBSD: patch-uidswap.c,v 1.6 2019/01/18 20:13:37 tnn Exp $
-
-Interix support
-
---- uidswap.c.orig	2018-10-17 00:01:20.000000000 +0000
-+++ uidswap.c
-@@ -68,13 +68,13 @@ temporarily_use_uid(struct passwd *pw)
- 	    (u_int)pw->pw_uid, (u_int)pw->pw_gid,
- 	    (u_int)saved_euid, (u_int)saved_egid);
- #ifndef HAVE_CYGWIN
--	if (saved_euid != 0) {
-+	if (saved_euid != ROOTUID) {
- 		privileged = 0;
- 		return;
- 	}
- #endif
- #else
--	if (geteuid() != 0) {
-+	if (geteuid() != ROOTUID) {
- 		privileged = 0;
- 		return;
- 	}
-@@ -98,10 +98,11 @@ temporarily_use_uid(struct passwd *pw)
- 
- 	/* set and save the user's groups */
- 	if (user_groupslen == -1 || user_groups_uid != pw->pw_uid) {
-+#ifndef HAVE_INTERIX
- 		if (initgroups(pw->pw_name, pw->pw_gid) < 0)
- 			fatal("initgroups: %s: %.100s", pw->pw_name,
- 			    strerror(errno));
--
-+#endif
- 		user_groupslen = getgroups(0, NULL);
- 		if (user_groupslen < 0)
- 			fatal("getgroups: %.100s", strerror(errno));
-@@ -116,9 +117,11 @@ temporarily_use_uid(struct passwd *pw)
- 		}
- 		user_groups_uid = pw->pw_uid;
- 	}
-+#ifndef HAVE_INTERIX
- 	/* Set the effective uid to the given (unprivileged) uid. */
- 	if (setgroups(user_groupslen, user_groups) < 0)
- 		fatal("setgroups: %.100s", strerror(errno));
-+#endif
- #ifndef SAVED_IDS_WORK_WITH_SETEUID
- 	/* Propagate the privileged gid to all of our gids. */
- 	if (setgid(getegid()) < 0)
-@@ -166,8 +169,10 @@ restore_uid(void)
- 	setgid(getgid());
- #endif /* SAVED_IDS_WORK_WITH_SETEUID */
- 
-+#ifndef HAVE_INTERIX
- 	if (setgroups(saved_egroupslen, saved_egroups) < 0)
- 		fatal("setgroups: %.100s", strerror(errno));
-+#endif
- 	temporarily_use_uid_effective = 0;
- }
- 
-@@ -190,6 +195,10 @@ permanently_set_uid(struct passwd *pw)
- 	debug("permanently_set_uid: %u/%u", (u_int)pw->pw_uid,
- 	    (u_int)pw->pw_gid);
- 
-+#if defined(HAVE_INTERIX)
-+	if (setuser(pw->pw_name, NULL, SU_COMPLETE))
-+		fatal("setuser %u: %.100s", (u_int)pw->pw_gid, strerror(errno));
-+#else
- 	if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) < 0)
- 		fatal("setresgid %u: %.100s", (u_int)pw->pw_gid, strerror(errno));
- 
-@@ -226,6 +235,7 @@ permanently_set_uid(struct passwd *pw)
- 	    (setuid(old_uid) != -1 || seteuid(old_uid) != -1))
- 		fatal("%s: was able to restore old [e]uid", __func__);
- #endif
-+#endif /* HAVE_INTERIX */
- 
- 	/* Verify UID drop was successful */
- 	if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) {
author	maya <maya@pkgsrc.org>	2019-05-01 17:59:56 +0000
committer	maya <maya@pkgsrc.org>	2019-05-01 17:59:56 +0000
commit	bf19fe005d452cdf6b36ad5760a5cfb36e44fffa (patch)
tree	e9a17b83feb56052b880fa42cb7770916fee03b8 /security/openssh
parent	2908e8a65a8129199353de90efe57bb5c24cb8b9 (diff)
download	pkgsrc-bf19fe005d452cdf6b36ad5760a5cfb36e44fffa.tar.gz