summaryrefslogtreecommitdiff
path: root/security/openssh
diff options
context:
space:
mode:
Diffstat (limited to 'security/openssh')
-rw-r--r--security/openssh/Makefile5
-rw-r--r--security/openssh/distinfo12
-rw-r--r--security/openssh/patches/patch-sshd.c42
3 files changed, 29 insertions, 30 deletions
diff --git a/security/openssh/Makefile b/security/openssh/Makefile
index fe04938d06f..85194ed7b44 100644
--- a/security/openssh/Makefile
+++ b/security/openssh/Makefile
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.253 2017/07/24 16:33:22 he Exp $
+# $NetBSD: Makefile,v 1.253.4.1 2017/11/25 08:49:32 bsiegert Exp $
-DISTNAME= openssh-7.5p1
+DISTNAME= openssh-7.6p1
PKGNAME= ${DISTNAME:S/p1/.1/}
-PKGREVISION= 1
CATEGORIES= security
MASTER_SITES= ${MASTER_SITE_OPENBSD:=OpenSSH/portable/}
diff --git a/security/openssh/distinfo b/security/openssh/distinfo
index 95acaedf14e..4ad08bbfd97 100644
--- a/security/openssh/distinfo
+++ b/security/openssh/distinfo
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.104 2017/05/31 09:30:21 jperkin Exp $
+$NetBSD: distinfo,v 1.104.6.1 2017/11/25 08:49:32 bsiegert Exp $
-SHA1 (openssh-7.5p1.tar.gz) = 5e8f185d00afb4f4f89801e9b0f8b9cee9d87ebd
-RMD160 (openssh-7.5p1.tar.gz) = c1b176a1fe92495d056edda0c5db54efcfb8764a
-SHA512 (openssh-7.5p1.tar.gz) = 58c542e8a110fb4316a68db94abb663fa1c810becd0638d45281df8aeca62c1f705090437a80e788e6c29121769b72a505feced537d3118c933fde01b5285c81
-Size (openssh-7.5p1.tar.gz) = 1510857 bytes
+SHA1 (openssh-7.6p1.tar.gz) = a6984bc2c72192bed015c8b879b35dd9f5350b3b
+RMD160 (openssh-7.6p1.tar.gz) = 486ae743f51ffbf8197d564aab9ae54f9e2ac9da
+SHA512 (openssh-7.6p1.tar.gz) = de17fdcb8239401f76740c8d689a8761802f6df94e68d953f3c70b9f4f8bdb403617c48c1d01cc8c368d88e9d50aee540bf03d5a36687dfb39dfd28d73029d72
+Size (openssh-7.6p1.tar.gz) = 1489788 bytes
SHA1 (patch-Makefile.in) = 98960119bda68a663214c8880484552f1207bcfc
SHA1 (patch-auth-passwd.c) = 5205ca4d15dbcd3f4c574f0a2fb7713ae69af5f7
SHA1 (patch-auth-rhosts.c) = a5e6131e63b83a7e8a06cd80f22def449d6bc2c4
@@ -25,6 +25,6 @@ SHA1 (patch-session.c) = c67d649dc66a65ff39d701135a2f2dab6ba2fb93
SHA1 (patch-sftp-common.c) = 6819aa040c8f1caa30a704cf6f0588e498df8778
SHA1 (patch-ssh.c) = 6877d8205d999906c14240d4d112b084609927ca
SHA1 (patch-sshd.8) = 5bf48cd27cef8e8810b9dc7115f5180102a345d1
-SHA1 (patch-sshd.c) = a1ccf7e54275629965d80d9cf7cd8669d9f1f4cf
+SHA1 (patch-sshd.c) = 040ac961247fdd55bd09b85e65b905b63bc24f7d
SHA1 (patch-sshpty.c) = cb691d4fbde808927f2fbcc12b87ad983cf21938
SHA1 (patch-uidswap.c) = 68c4f5ffab7f4c5c9c00b7443a74b2da52809b7e
diff --git a/security/openssh/patches/patch-sshd.c b/security/openssh/patches/patch-sshd.c
index e21d7700b8f..3da0d391364 100644
--- a/security/openssh/patches/patch-sshd.c
+++ b/security/openssh/patches/patch-sshd.c
@@ -1,11 +1,11 @@
-$NetBSD: patch-sshd.c,v 1.8 2016/12/30 04:43:16 taca Exp $
+$NetBSD: patch-sshd.c,v 1.8.8.1 2017/11/25 08:49:32 bsiegert Exp $
* Interix support
* Revive tcp_wrappers support.
---- sshd.c.orig 2016-12-19 04:59:41.000000000 +0000
+--- sshd.c.orig 2017-10-02 19:34:26.000000000 +0000
+++ sshd.c
-@@ -123,6 +123,13 @@
+@@ -122,6 +122,13 @@
#include "version.h"
#include "ssherr.h"
@@ -19,7 +19,7 @@ $NetBSD: patch-sshd.c,v 1.8 2016/12/30 04:43:16 taca Exp $
/* Re-exec fds */
#define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1)
#define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2)
-@@ -220,7 +227,11 @@ int *startup_pipes = NULL;
+@@ -219,7 +226,11 @@ int *startup_pipes = NULL;
int startup_pipe; /* in child */
/* variables used for privilege separation */
@@ -30,17 +30,8 @@ $NetBSD: patch-sshd.c,v 1.8 2016/12/30 04:43:16 taca Exp $
+#endif
struct monitor *pmonitor = NULL;
int privsep_is_preauth = 1;
-
-@@ -541,7 +552,7 @@ privsep_preauth_child(void)
- demote_sensitive_data();
-
- /* Demote the child */
-- if (getuid() == 0 || geteuid() == 0) {
-+ if (getuid() == ROOTUID || geteuid() == ROOTUID) {
- /* Change our root directory */
- if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)
- fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR,
-@@ -552,10 +563,15 @@ privsep_preauth_child(void)
+ static int privsep_chroot = 1;
+@@ -550,10 +561,15 @@ privsep_preauth_child(void)
/* Drop our privileges */
debug3("privsep user:group %u:%u", (u_int)privsep_pw->pw_uid,
(u_int)privsep_pw->pw_gid);
@@ -56,7 +47,7 @@ $NetBSD: patch-sshd.c,v 1.8 2016/12/30 04:43:16 taca Exp $
}
}
-@@ -619,10 +635,17 @@ privsep_preauth(Authctxt *authctxt)
+@@ -617,10 +633,17 @@ privsep_preauth(Authctxt *authctxt)
/* Arrange for logging to be sent to the monitor */
set_log_handler(mm_log_handler, pmonitor);
@@ -74,7 +65,7 @@ $NetBSD: patch-sshd.c,v 1.8 2016/12/30 04:43:16 taca Exp $
return 0;
}
-@@ -634,7 +657,7 @@ privsep_postauth(Authctxt *authctxt)
+@@ -632,7 +655,7 @@ privsep_postauth(Authctxt *authctxt)
#ifdef DISABLE_FD_PASSING
if (1) {
#else
@@ -83,7 +74,7 @@ $NetBSD: patch-sshd.c,v 1.8 2016/12/30 04:43:16 taca Exp $
#endif
/* File descriptor passing is broken or root login */
use_privsep = 0;
-@@ -1389,8 +1412,10 @@ main(int ac, char **av)
+@@ -1393,8 +1416,10 @@ main(int ac, char **av)
av = saved_argv;
#endif
@@ -95,7 +86,16 @@ $NetBSD: patch-sshd.c,v 1.8 2016/12/30 04:43:16 taca Exp $
/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
sanitise_stdfd();
-@@ -1766,7 +1791,7 @@ main(int ac, char **av)
+@@ -1636,7 +1661,7 @@ main(int ac, char **av)
+ );
+
+ /* Store privilege separation user for later use if required. */
+- privsep_chroot = use_privsep && (getuid() == 0 || geteuid() == 0);
++ privsep_chroot = use_privsep && (getuid() == ROOTUID || geteuid() == ROOTUID);
+ if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) {
+ if (privsep_chroot || options.kerberos_authentication)
+ fatal("Privilege separation user %s does not exist",
+@@ -1769,7 +1794,7 @@ main(int ac, char **av)
(st.st_uid != getuid () ||
(st.st_mode & (S_IWGRP|S_IWOTH)) != 0))
#else
@@ -104,7 +104,7 @@ $NetBSD: patch-sshd.c,v 1.8 2016/12/30 04:43:16 taca Exp $
#endif
fatal("%s must be owned by root and not group or "
"world-writable.", _PATH_PRIVSEP_CHROOT_DIR);
-@@ -1789,8 +1814,10 @@ main(int ac, char **av)
+@@ -1792,8 +1817,10 @@ main(int ac, char **av)
* to create a file, and we can't control the code in every
* module which might be used).
*/
@@ -115,7 +115,7 @@ $NetBSD: patch-sshd.c,v 1.8 2016/12/30 04:43:16 taca Exp $
if (rexec_flag) {
rexec_argv = xcalloc(rexec_argc + 2, sizeof(char *));
-@@ -1972,6 +1999,25 @@ main(int ac, char **av)
+@@ -1981,6 +2008,25 @@ main(int ac, char **av)
audit_connection_from(remote_ip, remote_port);
#endif
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-02 12:07:33 +0000