haikuprojects/haikuports
1
0
Fork 0
mirror of https://github.com/yann64/haikuports.git synced 2026-04-09 05:10:05 +02:00
Code Issues Packages Projects Releases Wiki Activity

openssh: bump version

Browse Source 
* remove dsa und rsa1 checks when generating.
* remove patch for explicit_zero, --with-md5-passwords is removed
This commit is contained in:
Jerome Duval
2023-05-25 18:06:09 +02:00
parent 112001fbdf
commit 15380ca2d9
3 changed files with 135 additions and 197 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
net-misc/openssh/additional-files/sshd_keymaker.sh
View File

@@ -16,23 +16,13 @@ mkdir -p ${SETTINGSSSHDIR}
hostKeyDir=${SETTINGSSSHDIR}
if [ ! -f "$hostKeyDir/ssh_host_key" ] ; then
_progress 0.2 "rsa1"
ssh-keygen -t rsa1 -f "$hostKeyDir/ssh_host_key" -N ""
fi
if [ ! -f "$hostKeyDir/ssh_host_dsa_key" ] ; then
_progress 0.4 "dsa"
ssh-keygen -t dsa -f "$hostKeyDir/ssh_host_dsa_key" -N ""
fi
if [ ! -f "$hostKeyDir/ssh_host_ecdsa_key" ] ; then
_progress 0.5 "ecdsa"
_progress 0.2 "ecdsa"
ssh-keygen -t ecdsa -f "$hostKeyDir/ssh_host_ecdsa_key" -N ""
fi
if [ ! -f "$hostKeyDir/ssh_host_rsa_key" ] ; then
_progress 0.7 "rsa"
_progress 0.5 "rsa"
ssh-keygen -t rsa -f "$hostKeyDir/ssh_host_rsa_key" -N ""
fi

23
net-misc/openssh/openssh-8.8p1.recipe → net-misc/openssh/openssh-9.3p1.recipe
View File

@@ -18,7 +18,7 @@ COPYRIGHT="2005-2020 Tatu Ylonen et al."
LICENSE="OpenSSH"
REVISION="1"
SOURCE_URI="https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-$portVersion.tar.gz"
CHECKSUM_SHA256="4590890ea9bb9ace4f71ae331785a3a5823232435161960ed5fc86588f331fe9"
CHECKSUM_SHA256="e9baba7701a76a51f3d85a62c383a3c9dcd97fa900b859bc7db114c1868af8a8"
PATCHES="openssh-$portVersion.patchset"
ADDITIONAL_FILES="
sshd_keymaker.sh
@@ -51,15 +51,12 @@ PROVIDES="
openssh = $portVersion compat >= 5
cmd:scp = $portVersion compat >= 5
cmd:sftp = $portVersion compat >= 5
cmd:sftp_server = $portVersion compat >= 5
cmd:ssh = $portVersion compat >= 5
cmd:ssh_add = $portVersion compat >= 5
cmd:ssh_agent = $portVersion compat >= 5
cmd:ssh_copy_id = $portVersion compat >= 5
cmd:ssh_keygen = $portVersion compat >= 5
cmd:ssh_keyscan = $portVersion compat >= 5
cmd:ssh_keysign = $portVersion compat >= 5
cmd:ssh_pkcs11_helper = $portVersion compat >= 5
cmd:sshd = $portVersion compat >= 5
"
REQUIRES="
@@ -84,9 +81,6 @@ BUILD_REQUIRES="
devel:libz
"
BUILD_PREREQUIRES="
cmd:aclocal
cmd:autoconf
cmd:automake
cmd:gcc
cmd:ld
cmd:libtoolize
@@ -94,18 +88,9 @@ BUILD_PREREQUIRES="
cmd:pkg_config
"
PATCH()
{
echo 'AC_CONFIG_MACRO_DIR([m4])' >> configure.ac
}
BUILD()
{
mkdir -p m4
aclocal --install -I m4
libtoolize --force --copy
aclocal -I m4
autoconf
touch configure
defaultPath=".:/boot/home/config/non-packaged/bin:/boot/home/config/bin"
defaultPath+=":/boot/system/non-packaged/bin:/boot/system/bin:/bin"
defaultPath+=":/boot/system/apps:/boot/system/preferences"
@@ -120,10 +105,8 @@ BUILD()
--with-privsep-path=$dataDir/openssh/empty \
--with-pid-dir=$prefix/var/run \
--with-default-path="$defaultPath" \
--with-md5-passwords \
--disable-utmpx \
--with-libedit \
--with-stackprotect=no
--with-libedit
make $jobArgs
}

295
net-misc/openssh/patches/openssh-8.8p1.patchset → net-misc/openssh/patches/openssh-9.3p1.patchset
View File

@@ -1,11 +1,11 @@
From 46915de10e3c246f048e26aaf5648206928bfc38 Mon Sep 17 00:00:00 2001
From d72aa2c359b14bf29f4b84e6a41ea55a2224b5fa Mon Sep 17 00:00:00 2001
From: Adrien Destugues <pulkomandy@pulkomandy.tk>
Date: Thu, 16 Jul 2020 17:57:38 +0200
Subject: applying patch sshd_config.patch
diff --git a/sshd_config b/sshd_config
index c423eba..d1fd881 100644
index 36894ac..c783c84 100644
--- a/sshd_config
+++ b/sshd_config
@@ -38,7 +38,7 @@
@@ -18,10 +18,10 @@ index c423eba..d1fd881 100644
#AuthorizedPrincipalsFile none
--
2.30.2
2.37.3
From 427a97a45b7e0e6fe9fb0c6f6c91da7ffd5ac498 Mon Sep 17 00:00:00 2001
From f3271e55e745a03f6dd87799f8a2ddc1153ddd76 Mon Sep 17 00:00:00 2001
From: Adrien Destugues <pulkomandy@pulkomandy.tk>
Date: Thu, 16 Jul 2020 17:57:38 +0200
Subject: applying patch pathnames.patch
@@ -41,58 +41,10 @@ index f7ca5a7..828e43e 100644
/*
* Per-user file containing host keys of known hosts. This file need not be
--
2.30.2
2.37.3
From d223b7eaffa27233846f6a92dec9c7ba66aafd9d Mon Sep 17 00:00:00 2001
From: Adrien Destugues <pulkomandy@pulkomandy.tk>
Date: Thu, 16 Jul 2020 17:57:38 +0200
Subject: applying patch bzero.patch
diff --git a/openbsd-compat/explicit_bzero.c b/openbsd-compat/explicit_bzero.c
index 68cd2c1..7f746e2 100644
--- a/openbsd-compat/explicit_bzero.c
+++ b/openbsd-compat/explicit_bzero.c
@@ -35,6 +35,24 @@ explicit_bzero(void *p, size_t n)
#else /* HAVE_MEMSET_S */
+#ifdef __HAIKU__
+/* Haiku defines bzero(x, y) but not bzero */
+
+/*
+ * Indirect memset through a volatile pointer to hopefully avoid
+ * dead-store optimisation eliminating the call.
+ */
+static void (* volatile ssh_memset)(void *, int, size_t) = memset;
+
+void
+explicit_bzero(void *p, size_t n)
+{
+ ssh_memset(p, 0, n);
+}
+
+
+#else
+
/*
* Indirect bzero through a volatile pointer to hopefully avoid
* dead-store optimisation eliminating the call.
@@ -60,6 +78,8 @@ explicit_bzero(void *p, size_t n)
ssh_bzero(p, n);
}
+#endif
+
#endif /* HAVE_MEMSET_S */
#endif /* HAVE_EXPLICIT_BZERO */
--
2.30.2
From e577a38f6e070c1b0f0f81804f6f6636b2a07ce9 Mon Sep 17 00:00:00 2001
From 0c0df46eaec3fd088704cc191b81c693245e8174 Mon Sep 17 00:00:00 2001
From: Adrien Destugues <pulkomandy@pulkomandy.tk>
Date: Thu, 16 Jul 2020 17:57:38 +0200
Subject: applying patch ssh-copy-id.patch
@@ -123,10 +75,10 @@ index cd122de..e5a320c
then
chmod 0700 "$SCRATCH_DIR"
--
2.30.2
2.37.3
From 1c1afde767b7eb55247d2a6ae20aeb063ce4733b Mon Sep 17 00:00:00 2001
From 2a28504d2bb6f43d31200b2b3546e2334237816b Mon Sep 17 00:00:00 2001
From: Adrien Destugues <pulkomandy@pulkomandy.tk>
Date: Thu, 16 Jul 2020 17:57:38 +0200
Subject: applying patch sha2-gcc2-build-fix.patch
@@ -179,24 +131,24 @@ index 4f2ad8f..8946d87 100644
memcpy(digest, context->state.st64, SHA384_DIGEST_LENGTH);
#endif
--
2.30.2
2.37.3
From acca4d10250a91add4e5fd650e4de30a3dc7209f Mon Sep 17 00:00:00 2001
From 2364d47154217df24ec1474099a87cf58a57621b Mon Sep 17 00:00:00 2001
From: Adrien Destugues <pulkomandy@pulkomandy.tk>
Date: Thu, 16 Jul 2020 17:57:38 +0200
Subject: applying patch pkcs11-gcc2-build-fix.patch
diff --git a/ssh-pkcs11-client.c b/ssh-pkcs11-client.c
index e724736..5a94d56 100644
index cfd833d..9def20d 100644
--- a/ssh-pkcs11-client.c
+++ b/ssh-pkcs11-client.c
@@ -248,6 +248,7 @@ pkcs11_start_helper_methods(void)
return (0);
#ifdef HAVE_EC_KEY_METHOD_NEW
+ {
#if defined(OPENSSL_HAS_ECC) && defined(HAVE_EC_KEY_METHOD_NEW)
+{
int (*orig_sign)(int, const unsigned char *, int, unsigned char *,
unsigned int *, const BIGNUM *, const BIGNUM *, EC_KEY *) = NULL;
if (helper_ecdsa != NULL)
@@ -204,15 +156,15 @@ index e724736..5a94d56 100644
return (-1);
EC_KEY_METHOD_get_sign(helper_ecdsa, &orig_sign, NULL, NULL);
EC_KEY_METHOD_set_sign(helper_ecdsa, orig_sign, NULL, ecdsa_do_sign);
+ }
#endif /* HAVE_EC_KEY_METHOD_NEW */
+}
#endif /* OPENSSL_HAS_ECC && HAVE_EC_KEY_METHOD_NEW */
if ((helper_rsa = RSA_meth_dup(RSA_get_default_method())) == NULL)
--
2.30.2
2.37.3
From f084fc80a1a00b8024cd59134b055d6393e259b4 Mon Sep 17 00:00:00 2001
From ee7e0513d2facdae338b96786b68e500ee298e53 Mon Sep 17 00:00:00 2001
From: Adrien Destugues <pulkomandy@pulkomandy.tk>
Date: Thu, 16 Jul 2020 18:08:27 +0200
Subject: Fix configuration path in manpages
@@ -244,21 +196,32 @@ index c141a29..fd27f1d 100644
.Nm
to use, just use
diff --git a/ssh-add.0 b/ssh-add.0
index d955d32..a2ae8fa 100644
index ac7d079..8c0ea35 100644
--- a/ssh-add.0
+++ b/ssh-add.0
@@ -13,8 +13,8 @@ SYNOPSIS
DESCRIPTION
ssh-add adds private key identities to the authentication agent,
ssh-agent(1). When run without arguments, it adds the files
- ~/.ssh/id_rsa, ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ecdsa_sk,
- ~/.ssh/id_ed25519, and ~/.ssh/id_ed25519_sk. After loading a private
+ ~/config/settings/settings/ssh/id_rsa, ~/config/settings/settings/ssh/id_dsa, ~/config/settings/settings/ssh/id_ecdsa, ~/config/settings/settings/ssh/id_ecdsa_sk,
+ ~/config/settings/settings/ssh/id_ed25519, and ~/config/settings/settings/ssh/id_ed25519_sk. After loading a private
key, ssh-add will try to load corresponding certificate information from
the filename obtained by appending -cert.pub to the name of the private
key file. Alternative file names can be given on the command line.
@@ -122,12 +122,12 @@ ENVIRONMENT
- ~/.ssh/id_rsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ecdsa_sk, ~/.ssh/id_ed25519,
- ~/.ssh/id_ed25519_sk, and ~/.ssh/id_dsa. After loading a private key,
+ ~/config/settings/settings/ssh/id_rsa, ~/config/settings/settings/ssh/id_ecdsa, ~/config/settings/settings/ssh/id_ecdsa_sk, ~/config/settings/settings/ssh/id_ed25519,
+ ~/config/settings/settings/ssh/id_ed25519_sk, and ~/config/settings/settings/ssh/id_dsa. After loading a private key,
ssh-add will try to load corresponding certificate information from the
filename obtained by appending -cert.pub to the name of the private key
file. Alternative file names can be given on the command line.
@@ -60,8 +60,8 @@ DESCRIPTION
destination-constrained keys via the -h flag. This option may be
specified multiple times to allow multiple files to be searched.
If no files are specified, ssh-add will use the default
- ssh_config(5) known hosts files: ~/.ssh/known_hosts,
- ~/.ssh/known_hosts2, /etc/ssh/ssh_known_hosts, and
+ ssh_config(5) known hosts files: ~/config/settings/settings/ssh/known_hosts,
+ ~/config/settings/settings/ssh/known_hosts2, /etc/ssh/ssh_known_hosts, and
/etc/ssh/ssh_known_hosts2.
-h destination_constraint
@@ -173,12 +173,12 @@ ENVIRONMENT
the built-in USB HID support.
FILES
@@ -278,30 +241,41 @@ index d955d32..a2ae8fa 100644
authenticator-hosted Ed25519 or RSA authentication identity of
the user.
diff --git a/ssh-add.1 b/ssh-add.1
index 2786df5..7eaef93 100644
index 4601f59..2a4bf73 100644
--- a/ssh-add.1
+++ b/ssh-add.1
@@ -60,13 +60,13 @@
@@ -62,13 +62,13 @@
adds private key identities to the authentication agent,
.Xr ssh-agent 1 .
When run without arguments, it adds the files
-.Pa ~/.ssh/id_rsa ,
-.Pa ~/.ssh/id_dsa ,
-.Pa ~/.ssh/id_ecdsa ,
-.Pa ~/.ssh/id_ecdsa_sk ,
-.Pa ~/.ssh/id_ed25519 ,
-.Pa ~/.ssh/id_ed25519_sk ,
+.Pa ~/config/settings/settings/ssh/id_rsa ,
+.Pa ~/config/settings/settings/ssh/id_dsa ,
+.Pa ~/config/settings/settings/ssh/id_ecdsa ,
+.Pa ~/config/settings/settings/ssh/id_ecdsa_sk ,
+.Pa ~/config/settings/settings/ssh/id_ed25519 ,
+.Pa ~/config/settings/settings/ssh/id_ed25519_sk ,
and
-.Pa ~/.ssh/id_ed25519_sk .
+.Pa ~/config/settings/settings/ssh/id_ed25519_sk .
-.Pa ~/.ssh/id_dsa .
+.Pa ~/config/settings/settings/ssh/id_dsa .
After loading a private key,
.Nm
will try to load corresponding certificate information from the
@@ -226,12 +226,12 @@ the built-in USB HID support.
@@ -143,8 +143,8 @@ If no files are specified,
will use the default
.Xr ssh_config 5
known hosts files:
-.Pa ~/.ssh/known_hosts ,
-.Pa ~/.ssh/known_hosts2 ,
+.Pa ~/config/settings/settings/ssh/known_hosts ,
+.Pa ~/config/settings/settings/ssh/known_hosts2 ,
.Pa /etc/ssh/ssh_known_hosts ,
and
.Pa /etc/ssh/ssh_known_hosts2 .
@@ -306,12 +306,12 @@ the built-in USB HID support.
.El
.Sh FILES
.Bl -tag -width Ds -compact
@@ -321,10 +295,10 @@ index 2786df5..7eaef93 100644
authenticator-hosted Ed25519 or RSA authentication identity of the user.
.El
diff --git a/ssh-keygen.0 b/ssh-keygen.0
index 2027bdf..77fd8db 100644
index 86cb91b..7d70666 100644
--- a/ssh-keygen.0
+++ b/ssh-keygen.0
@@ -55,9 +55,9 @@ DESCRIPTION
@@ -56,9 +56,9 @@ DESCRIPTION
KEY REVOCATION LISTS section for details.
Normally each user wishing to use SSH with public key authentication runs
@@ -337,7 +311,7 @@ index 2027bdf..77fd8db 100644
administrator may use this to generate host keys, as seen in /etc/rc.
Normally this program generates the key and asks for a file in which to
@@ -617,7 +617,7 @@ CERTIFICATES
@@ -622,7 +622,7 @@ CERTIFICATES
no-pty Disable PTY allocation (permitted by default).
no-user-rc
@@ -346,7 +320,7 @@ index 2027bdf..77fd8db 100644
no-x11-forwarding
Disable X11 forwarding (permitted by default).
@@ -632,7 +632,7 @@ CERTIFICATES
@@ -637,7 +637,7 @@ CERTIFICATES
Allows PTY allocation.
permit-user-rc
@@ -355,7 +329,7 @@ index 2027bdf..77fd8db 100644
permit-X11-forwarding
Allows X11 forwarding.
@@ -790,12 +790,12 @@ ENVIRONMENT
@@ -862,12 +862,12 @@ ENVIRONMENT
the built-in USB HID support.
FILES
@@ -374,7 +348,7 @@ index 2027bdf..77fd8db 100644
Contains the DSA, ECDSA, authenticator-hosted ECDSA, Ed25519,
authenticator-hosted Ed25519 or RSA authentication identity of
the user. This file should not be readable by anyone but the
@@ -806,16 +806,16 @@ FILES
@@ -878,16 +878,16 @@ FILES
the private key. ssh(1) will read this file when a login attempt
is made.
@@ -399,10 +373,10 @@ index 2027bdf..77fd8db 100644
the contents of this file secret.
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index f83f515..aede975 100644
index 1be0822..9b37d22 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -200,13 +200,13 @@ section for details.
@@ -205,13 +205,13 @@ section for details.
Normally each user wishing to use SSH
with public key authentication runs this once to create the authentication
key in
@@ -422,7 +396,7 @@ index f83f515..aede975 100644
Additionally, the system administrator may use this to generate host keys,
as seen in
.Pa /etc/rc .
@@ -967,7 +967,7 @@ Disable PTY allocation (permitted by default).
@@ -1000,7 +1000,7 @@ Disable PTY allocation (permitted by default).
.Pp
.It Ic no-user-rc
Disable execution of
@@ -431,7 +405,7 @@ index f83f515..aede975 100644
by
.Xr sshd 8
(permitted by default).
@@ -988,7 +988,7 @@ Allows PTY allocation.
@@ -1021,7 +1021,7 @@ Allows PTY allocation.
.Pp
.It Ic permit-user-rc
Allows execution of
@@ -440,7 +414,7 @@ index f83f515..aede975 100644
by
.Xr sshd 8 .
.Pp
@@ -1184,12 +1184,12 @@ the built-in USB HID support.
@@ -1290,12 +1290,12 @@ the built-in USB HID support.
.El
.Sh FILES
.Bl -tag -width Ds -compact
@@ -459,7 +433,7 @@ index f83f515..aede975 100644
Contains the DSA, ECDSA, authenticator-hosted ECDSA, Ed25519,
authenticator-hosted Ed25519 or RSA authentication identity of the user.
This file should not be readable by anyone but the user.
@@ -1202,16 +1202,16 @@ but it is offered as the default file for the private key.
@@ -1308,16 +1308,16 @@ but it is offered as the default file for the private key.
.Xr ssh 1
will read this file when a login attempt is made.
.Pp
@@ -484,7 +458,7 @@ index f83f515..aede975 100644
where the user wishes to log in using public key authentication.
There is no need to keep the contents of this file secret.
diff --git a/ssh.0 b/ssh.0
index 055bad3..c7df3ea 100644
index 94a98ae..cc630d6 100644
--- a/ssh.0
+++ b/ssh.0
@@ -112,7 +112,7 @@ DESCRIPTION
@@ -500,12 +474,12 @@ index 055bad3..c7df3ea 100644
key authentication is read. You can also specify a public key
file to use the corresponding private key that is loaded in
ssh-agent(1) when the private key file is not present locally.
- The default is ~/.ssh/id_dsa, ~/.ssh/id_ecdsa,
- The default is ~/.ssh/id_rsa, ~/.ssh/id_ecdsa,
- ~/.ssh/id_ecdsa_sk, ~/.ssh/id_ed25519, ~/.ssh/id_ed25519_sk and
- ~/.ssh/id_rsa. Identity files may also be specified on a per-
+ The default is ~/config/settings/ssh/id_dsa, ~/config/settings/ssh/id_ecdsa,
+ ~/config/settings/ssh/id_ecdsa_sk, ~/config/settings/ssh/id_ed25519, ~/config/settings/ssh/id_ed25519_sk and
+ ~/config/settings/ssh/id_rsa. Identity files may also be specified on a per-
- ~/.ssh/id_dsa. Identity files may also be specified on a per-
+ The default is ~/config/settings/settings/ssh/id_rsa, ~/config/settings/settings/ssh/id_ecdsa,
+ ~/config/settings/settings/ssh/id_ecdsa_sk, ~/config/settings/settings/ssh/id_ed25519, ~/config/settings/settings/ssh/id_ed25519_sk and
+ ~/config/settings/settings/ssh/id_dsa. Identity files may also be specified on a per-
host basis in the configuration file. It is possible to have
multiple -i options (and multiple identities specified in
configuration files). If no certificates have been explicitly
@@ -518,7 +492,7 @@ index 055bad3..c7df3ea 100644
hosts.
-K Enables GSSAPI-based authentication and forwarding (delegation)
@@ -481,7 +481,7 @@ AUTHENTICATION
@@ -483,7 +483,7 @@ AUTHENTICATION
the client machine and the name of the user on that machine, the user is
considered for login. Additionally, the server must be able to verify
the client's host key (see the description of /etc/ssh/ssh_known_hosts
@@ -527,7 +501,7 @@ index 055bad3..c7df3ea 100644
authentication method closes security holes due to IP spoofing, DNS
spoofing, and routing spoofing. [Note to the administrator:
/etc/hosts.equiv, ~/.rhosts, and the rlogin/rsh protocol in general, are
@@ -497,7 +497,7 @@ AUTHENTICATION
@@ -499,7 +499,7 @@ AUTHENTICATION
one of the DSA, ECDSA, Ed25519 or RSA algorithms. The HISTORY section of
ssl(8) contains a brief discussion of the DSA and RSA algorithms.
@@ -536,7 +510,7 @@ index 055bad3..c7df3ea 100644
for logging in. When the user logs in, the ssh program tells the server
which key pair it would like to use for authentication. The client
proves that it has access to the private key and the server checks that
@@ -509,15 +509,15 @@ AUTHENTICATION
@@ -511,15 +511,15 @@ AUTHENTICATION
DEBUG or higher (e.g. by using the -v flag).
The user creates their key pair by running ssh-keygen(1). This stores
@@ -560,7 +534,7 @@ index 055bad3..c7df3ea 100644
The authorized_keys file corresponds to the conventional ~/.rhosts file,
and has one key per line, though the lines can be very long. After this,
the user can log in without giving the password.
@@ -545,7 +545,7 @@ AUTHENTICATION
@@ -547,7 +547,7 @@ AUTHENTICATION
ssh automatically maintains and checks a database containing
identification for all hosts it has ever been used with. Host keys are
@@ -569,7 +543,7 @@ index 055bad3..c7df3ea 100644
the file /etc/ssh/ssh_known_hosts is automatically checked for known
hosts. Any new hosts are automatically added to the user's file. If a
host's identification ever changes, ssh warns about this and disables
@@ -700,7 +700,7 @@ VERIFYING HOST KEYS
@@ -702,7 +702,7 @@ VERIFYING HOST KEYS
To get a listing of the fingerprints along with their random art for all
known hosts, the following command line can be used:
@@ -578,7 +552,7 @@ index 055bad3..c7df3ea 100644
If the fingerprint is unknown, an alternative method of verification is
available: SSH fingerprints verified by DNS. An additional resource
@@ -844,7 +844,7 @@ ENVIRONMENT
@@ -846,7 +846,7 @@ ENVIRONMENT
USER Set to the name of the user logging in.
@@ -587,7 +561,7 @@ index 055bad3..c7df3ea 100644
M-bM-^@M-^\VARNAME=valueM-bM-^@M-^] to the environment if the file exists and users are
allowed to change their environment. For more information, see the
PermitUserEnvironment option in sshd_config(5).
@@ -864,36 +864,36 @@ FILES
@@ -866,36 +866,36 @@ FILES
host-based authentication without permitting login with
rlogin/rsh.
@@ -634,7 +608,7 @@ index 055bad3..c7df3ea 100644
Contains the private key for authentication. These files contain
sensitive data and should be readable by the user but not
accessible by others (read/write/execute). ssh will simply
@@ -902,22 +902,22 @@ FILES
@@ -904,22 +904,22 @@ FILES
will be used to encrypt the sensitive part of this file using
AES-128.
@@ -666,10 +640,10 @@ index 055bad3..c7df3ea 100644
just before the user's shell (or command) is started. See the
sshd(8) manual page for more information.
diff --git a/sshd.0 b/sshd.0
index 16e3105..57067f8 100644
index 00d6081..289345a 100644
--- a/sshd.0
+++ b/sshd.0
@@ -184,13 +184,13 @@ LOGIN PROCESS
@@ -194,13 +194,13 @@ LOGIN PROCESS
5. Sets up basic environment.
@@ -685,7 +659,7 @@ index 16e3105..57067f8 100644
is set, runs it; else if /etc/ssh/sshrc exists, runs it;
otherwise runs xauth(1). The M-bM-^@M-^\rcM-bM-^@M-^] files are given the X11
authentication protocol and cookie in standard input. See
@@ -201,7 +201,7 @@ LOGIN PROCESS
@@ -211,7 +211,7 @@ LOGIN PROCESS
database.
SSHRC
@@ -694,7 +668,7 @@ index 16e3105..57067f8 100644
files but before starting the user's shell or command. It must not
produce any output on stdout; stderr must be used instead. If X11
forwarding is in use, it will receive the "proto cookie" pair in its
@@ -233,7 +233,7 @@ SSHRC
@@ -243,7 +243,7 @@ SSHRC
AUTHORIZED_KEYS FILE FORMAT
AuthorizedKeysFile specifies the files containing public keys for public
key authentication; if this option is not specified, the default is
@@ -703,7 +677,7 @@ index 16e3105..57067f8 100644
file contains one key (empty lines and lines starting with a M-bM-^@M-^X#M-bM-^@M-^Y are
ignored as comments). Public keys consist of the following space-
separated fields: options, keytype, base64-encoded key, comment. The
@@ -344,7 +344,7 @@ AUTHORIZED_KEYS FILE FORMAT
@@ -356,7 +356,7 @@ AUTHORIZED_KEYS FILE FORMAT
no-pty Prevents tty allocation (a request to allocate a pty will fail).
no-user-rc
@@ -712,16 +686,7 @@ index 16e3105..57067f8 100644
no-X11-forwarding
Forbids X11 forwarding when this key is used for authentication.
@@ -401,7 +401,7 @@ AUTHORIZED_KEYS FILE FORMAT
restrict
Enable all restrictions, i.e. disable port, agent and X11
forwarding, as well as disabling PTY allocation and execution of
- ~/.ssh/rc. If any future restriction capabilities are added to
+ ~/config/settings/settings/ssh/rc. If any future restriction capabilities are added to
authorized_keys files they will be included in this set.
tunnel="n"
@@ -410,7 +410,7 @@ AUTHORIZED_KEYS FILE FORMAT
@@ -422,7 +422,7 @@ AUTHORIZED_KEYS FILE FORMAT
tunnel.
user-rc
@@ -730,7 +695,7 @@ index 16e3105..57067f8 100644
restrict option.
X11-forwarding
@@ -440,7 +440,7 @@ AUTHORIZED_KEYS FILE FORMAT
@@ -452,7 +452,7 @@ AUTHORIZED_KEYS FILE FORMAT
cert-authority,no-touch-required,principals="user_a" ssh-rsa ...
SSH_KNOWN_HOSTS FILE FORMAT
@@ -739,7 +704,7 @@ index 16e3105..57067f8 100644
public keys for all known hosts. The global file should be prepared by
the administrator (optional), and the per-user file is maintained
automatically: whenever the user connects to an unknown host, its key is
@@ -510,7 +510,7 @@ SSH_KNOWN_HOSTS FILE FORMAT
@@ -522,7 +522,7 @@ SSH_KNOWN_HOSTS FILE FORMAT
Rather, generate them by a script, ssh-keyscan(1) or by taking, for
example, /etc/ssh/ssh_host_rsa_key.pub and adding the host names at the
front. ssh-keygen(1) also offers some basic automated editing for
@@ -748,7 +713,7 @@ index 16e3105..57067f8 100644
converting all host names to their hashed representations.
An example ssh_known_hosts file:
@@ -548,27 +548,27 @@ FILES
@@ -559,27 +559,27 @@ FILES
host-based authentication without permitting login with
rlogin/rsh.
@@ -780,7 +745,7 @@ index 16e3105..57067f8 100644
This file is read into the environment at login (if it exists).
It can only contain empty lines, comment lines (that start with
M-bM-^@M-^X#M-bM-^@M-^Y), and assignment lines of the form name=value. The file
@@ -576,14 +576,14 @@ FILES
@@ -587,14 +587,14 @@ FILES
anyone else. Environment processing is disabled by default and
is controlled via the PermitUserEnvironment option.
@@ -797,7 +762,7 @@ index 16e3105..57067f8 100644
Contains initialization routines to be run before the user's home
directory becomes accessible. This file should be writable only
by the user, and need not be readable by anyone else.
@@ -642,7 +642,7 @@ FILES
@@ -653,7 +653,7 @@ FILES
configuration options are described in sshd_config(5).
/etc/ssh/sshrc
@@ -807,10 +772,10 @@ index 16e3105..57067f8 100644
writable only by root, and should be world-readable.
diff --git a/sshd.8 b/sshd.8
index ef38949..a1fc677 100644
index 9c8f2fc..cc33f4e 100644
--- a/sshd.8
+++ b/sshd.8
@@ -344,7 +344,7 @@ Changes to run with normal user privileges.
@@ -360,7 +360,7 @@ Changes to run with normal user privileges.
Sets up basic environment.
.It
Reads the file
@@ -819,7 +784,7 @@ index ef38949..a1fc677 100644
if it exists, and users are allowed to change their environment.
See the
.Cm PermitUserEnvironment
@@ -354,7 +354,7 @@ option in
@@ -370,7 +370,7 @@ option in
Changes to user's home directory.
.It
If
@@ -828,7 +793,7 @@ index ef38949..a1fc677 100644
exists and the
.Xr sshd_config 5
.Cm PermitUserRC
@@ -377,7 +377,7 @@ system password database.
@@ -393,7 +393,7 @@ system password database.
.El
.Sh SSHRC
If the file
@@ -837,7 +802,7 @@ index ef38949..a1fc677 100644
exists,
.Xr sh 1
runs it after reading the
@@ -422,9 +422,9 @@ does not exist either, xauth is used to add the cookie.
@@ -438,9 +438,9 @@ does not exist either, xauth is used to add the cookie.
specifies the files containing public keys for
public key authentication;
if this option is not specified, the default is
@@ -849,7 +814,7 @@ index ef38949..a1fc677 100644
Each line of the file contains one
key (empty lines and lines starting with a
.Ql #
@@ -568,7 +568,7 @@ option.
@@ -585,7 +585,7 @@ option.
Prevents tty allocation (a request to allocate a pty will fail).
.It Cm no-user-rc
Disables execution of
@@ -858,16 +823,16 @@ index ef38949..a1fc677 100644
.It Cm no-X11-forwarding
Forbids X11 forwarding when this key is used for authentication.
Any X11 forward requests by the client will return an error.
@@ -649,7 +649,7 @@ and
@@ -666,7 +666,7 @@ and
Enable all restrictions, i.e. disable port, agent and X11 forwarding,
as well as disabling PTY allocation
and execution of
-.Pa ~/.ssh/rc .
+.Pa ~/config/settings/settings/ssh/rc .
If any future restriction capabilities are added to authorized_keys files
If any future restriction capabilities are added to authorized_keys files,
they will be included in this set.
.It Cm tunnel="n"
@@ -660,7 +660,7 @@ Without this option, the next available device will be used if
@@ -677,7 +677,7 @@ Without this option, the next available device will be used if
the client requests a tunnel.
.It Cm user-rc
Enables execution of
@@ -876,7 +841,7 @@ index ef38949..a1fc677 100644
previously disabled by the
.Cm restrict
option.
@@ -696,7 +696,7 @@ cert-authority,no-touch-required,principals="user_a" ssh-rsa ...
@@ -713,7 +713,7 @@ cert-authority,no-touch-required,principals="user_a" ssh-rsa ...
The
.Pa /etc/ssh/ssh_known_hosts
and
@@ -885,7 +850,7 @@ index ef38949..a1fc677 100644
files contain host public keys for all known hosts.
The global file should
be prepared by the administrator (optional), and the per-user file is
@@ -805,7 +805,7 @@ or by taking, for example,
@@ -822,7 +822,7 @@ or by taking, for example,
and adding the host names at the front.
.Xr ssh-keygen 1
also offers some basic automated editing for
@@ -894,7 +859,7 @@ index ef38949..a1fc677 100644
including removing hosts matching a host name and converting all host
names to their hashed representations.
.Pp
@@ -857,14 +857,14 @@ This file is used in exactly the same way as
@@ -873,14 +873,14 @@ This file is used in exactly the same way as
but allows host-based authentication without permitting login with
rlogin/rsh.
.Pp
@@ -911,7 +876,7 @@ index ef38949..a1fc677 100644
Lists the public keys (DSA, ECDSA, Ed25519, RSA)
that can be used for logging in as this user.
The format of this file is described above.
@@ -872,7 +872,7 @@ The content of the file is not highly sensitive, but the recommended
@@ -888,7 +888,7 @@ The content of the file is not highly sensitive, but the recommended
permissions are read/write for the user, and not accessible by others.
.Pp
If this file, the
@@ -920,7 +885,7 @@ index ef38949..a1fc677 100644
directory, or the user's home directory are writable
by other users, then the file could be modified or replaced by unauthorized
users.
@@ -883,7 +883,7 @@ will not allow it to be used unless the
@@ -899,7 +899,7 @@ will not allow it to be used unless the
option has been set to
.Dq no .
.Pp
@@ -929,7 +894,7 @@ index ef38949..a1fc677 100644
This file is read into the environment at login (if it exists).
It can only contain empty lines, comment lines (that start with
.Ql # ) ,
@@ -895,14 +895,14 @@ controlled via the
@@ -911,14 +911,14 @@ controlled via the
.Cm PermitUserEnvironment
option.
.Pp
@@ -946,7 +911,7 @@ index ef38949..a1fc677 100644
Contains initialization routines to be run before
the user's home directory becomes accessible.
This file should be writable only by the user, and need not be
@@ -980,7 +980,7 @@ The file format and configuration options are described in
@@ -996,7 +996,7 @@ The file format and configuration options are described in
.Pp
.It Pa /etc/ssh/sshrc
Similar to
@@ -956,10 +921,10 @@ index ef38949..a1fc677 100644
machine-specific login-time initializations globally.
This file should be writable only by root, and should be world-readable.
diff --git a/sshd_config.5 b/sshd_config.5
index a8d0545..ebb1dba 100644
index 9a1578f..d40d609 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -359,7 +359,7 @@ Note that
@@ -365,7 +365,7 @@ Note that
is only used when authentication proceeds using a CA listed in
.Cm TrustedUserCAKeys
and is not consulted for certification authorities trusted via
@@ -968,7 +933,7 @@ index a8d0545..ebb1dba 100644
though the
.Cm principals=
key option offers a similar facility (see
@@ -604,7 +604,7 @@ The default is
@@ -685,7 +685,7 @@ The default is
Forces the execution of the command specified by
.Cm ForceCommand ,
ignoring any command supplied by the client and
@@ -977,7 +942,7 @@ index a8d0545..ebb1dba 100644
if present.
The command is invoked by using the user's login shell with the -c option.
This applies to shell, command, or subsystem execution.
@@ -815,7 +815,7 @@ and
@@ -894,7 +894,7 @@ and
Specifies whether
.Xr sshd 8
should ignore the user's
@@ -986,7 +951,7 @@ index a8d0545..ebb1dba 100644
during
.Cm HostbasedAuthentication
and use only the system-wide known hosts file
@@ -1422,11 +1422,11 @@ Independent of this setting, the permissions of the selected
@@ -1507,11 +1507,11 @@ Independent of this setting, the permissions of the selected
device must allow access to the user.
.It Cm PermitUserEnvironment
Specifies whether
@@ -1000,7 +965,7 @@ index a8d0545..ebb1dba 100644
are processed by
.Xr sshd 8 .
Valid options are
@@ -1442,7 +1442,7 @@ restrictions in some configurations using mechanisms such as
@@ -1527,7 +1527,7 @@ restrictions in some configurations using mechanisms such as
.Ev LD_PRELOAD .
.It Cm PermitUserRC
Specifies whether any
@@ -1009,7 +974,7 @@ index a8d0545..ebb1dba 100644
file is executed.
The default is
.Cm yes .
@@ -1744,7 +1744,7 @@ very same IP address.
@@ -1865,7 +1865,7 @@ very same IP address.
If this option is set to
.Cm no
(the default) then only addresses and not host names may be used in
@@ -1019,20 +984,20 @@ index a8d0545..ebb1dba 100644
and
.Nm
--
2.30.2
2.37.3
From acebb4fd788c795133f2a07509e8ee78dc6b81c7 Mon Sep 17 00:00:00 2001
From 7b823b2992244fa3b96601518e82c8df53117b75 Mon Sep 17 00:00:00 2001
From: Zach Dykstra <dykstra.zachary@gmail.com>
Date: Sun, 27 Dec 2020 21:38:07 -0600
Subject: mux.c: use rename instead of unsupported hard link
diff --git a/mux.c b/mux.c
index 4c0eb42..b458b23 100644
index b3ffde9..cd87d71 100644
--- a/mux.c
+++ b/mux.c
@@ -1310,9 +1310,9 @@ muxserver_listen(struct ssh *ssh)
@@ -1309,9 +1309,9 @@ muxserver_listen(struct ssh *ssh)
}
/* Now atomically "move" the mux socket into position */
@@ -1044,7 +1009,7 @@ index 4c0eb42..b458b23 100644
options.control_path, orig_control_path,
strerror(errno));
}
@@ -1321,7 +1321,6 @@ muxserver_listen(struct ssh *ssh)
@@ -1320,7 +1320,6 @@ muxserver_listen(struct ssh *ssh)
unlink(options.control_path);
goto disable_mux_master;
}
@@ -1053,17 +1018,17 @@ index 4c0eb42..b458b23 100644
options.control_path = orig_control_path;
--
2.30.2
2.37.3
From 2d9e4b14b761ffa931dbd560009426b7851ad48d Mon Sep 17 00:00:00 2001
From 7534d916c83b13f3b40d59e9386be21c70cebc4f Mon Sep 17 00:00:00 2001
From: Jerome Duval <jerome.duval@gmail.com>
Date: Tue, 8 Jun 2021 14:25:15 +0200
Subject: gcc2 patch sntrup761.c
diff --git a/sntrup761.c b/sntrup761.c
index c63e600..d75e701 100644
index 57368bd..1fe66d0 100644
--- a/sntrup761.c
+++ b/sntrup761.c
@@ -63,6 +63,7 @@ static void crypto_sort_int32(void *array,long long n)
@@ -1083,10 +1048,10 @@ index c63e600..d75e701 100644
while (i + p <= n - q) {
for (j = i;j < i + p;++j) {
--
2.30.2
2.37.3
From b53c690bfa43bc294c3f333a0c96f1d85c1bce95 Mon Sep 17 00:00:00 2001
From 8d952a08372ad3678dcc4130c26d1a607c41ab6c Mon Sep 17 00:00:00 2001
From: Sergei Reznikov <diver@gelios.net>
Date: Wed, 20 Oct 2021 16:57:50 +0300
Subject: Use a link to take a backup while replacing the known_hosts file
@@ -1094,10 +1059,10 @@ Subject: Use a link to take a backup while replacing the known_hosts file
Based on https://github.com/termux/termux-packages/commit/e696010d8907854dd194311ce8a02da0ca77a121
diff --git a/hostfile.c b/hostfile.c
index ce00cd7..d929537 100644
index c5669c7..7fa07ba 100644
--- a/hostfile.c
+++ b/hostfile.c
@@ -691,7 +691,11 @@ hostfile_replace_entries(const char *filename, const char *host, const char *ip,
@@ -700,7 +700,11 @@ hostfile_replace_entries(const char *filename, const char *host, const char *ip,
r = SSH_ERR_SYSTEM_ERROR;
goto fail;
}
@@ -1110,10 +1075,10 @@ index ce00cd7..d929537 100644
error_f("link %.100s to %.100s: %s", filename,
back, strerror(errno));
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 4b40768..e85fd13 100644
index 2c0c9cd..42c13e1 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1366,7 +1366,11 @@ do_known_hosts(struct passwd *pw, const char *name, int find_host,
@@ -1372,7 +1372,11 @@ do_known_hosts(struct passwd *pw, const char *name, int find_host,
/* Backup existing file */
if (unlink(old) == -1 && errno != ENOENT)
fatal("unlink %.100s: %s", old, strerror(errno));
@@ -1126,5 +1091,5 @@ index 4b40768..e85fd13 100644
strerror(errno));
/* Move new one into place */
--
2.30.2
2.37.3