haikuprojects/haikuports
1
0
Fork 0
mirror of https://github.com/yann64/haikuports.git synced 2026-04-22 03:30:05 +02:00
Code Issues Packages Projects Releases Wiki Activity

openssh, bump version (#10029)

Browse Source
This commit is contained in:
Schrijvers Luc
2024-02-01 08:16:40 +01:00
committed by GitHub
parent fcae451c06
commit 438c6835a6
2 changed files with 59 additions and 91 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
net-misc/openssh/openssh-9.3p1.recipe → net-misc/openssh/openssh-9.6p1.recipe
View File

@@ -18,7 +18,7 @@ COPYRIGHT="2005-2020 Tatu Ylonen et al."
LICENSE="OpenSSH"
REVISION="1"
SOURCE_URI="https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-$portVersion.tar.gz"
CHECKSUM_SHA256="e9baba7701a76a51f3d85a62c383a3c9dcd97fa900b859bc7db114c1868af8a8"
CHECKSUM_SHA256="910211c07255a8c5ad654391b40ee59800710dd8119dd5362de09385aa7a777c"
PATCHES="openssh-$portVersion.patchset"
ADDITIONAL_FILES="
sshd_keymaker.sh

148
net-misc/openssh/patches/openssh-9.3p1.patchset → net-misc/openssh/patches/openssh-9.6p1.patchset
View File

@@ -1,4 +1,4 @@
From d72aa2c359b14bf29f4b84e6a41ea55a2224b5fa Mon Sep 17 00:00:00 2001
From 757c8db8e07aeaec1826a5644d3930c4def405e9 Mon Sep 17 00:00:00 2001
From: Adrien Destugues <pulkomandy@pulkomandy.tk>
Date: Thu, 16 Jul 2020 17:57:38 +0200
Subject: applying patch sshd_config.patch
@@ -18,10 +18,10 @@ index 36894ac..c783c84 100644
#AuthorizedPrincipalsFile none
--
2.37.3
2.42.1
From f3271e55e745a03f6dd87799f8a2ddc1153ddd76 Mon Sep 17 00:00:00 2001
From 67cdb7ddfaebf71b6ee6e460c7aba3d63317b23e Mon Sep 17 00:00:00 2001
From: Adrien Destugues <pulkomandy@pulkomandy.tk>
Date: Thu, 16 Jul 2020 17:57:38 +0200
Subject: applying patch pathnames.patch
@@ -41,31 +41,29 @@ index f7ca5a7..828e43e 100644
/*
* Per-user file containing host keys of known hosts. This file need not be
--
2.37.3
2.42.1
From 0c0df46eaec3fd088704cc191b81c693245e8174 Mon Sep 17 00:00:00 2001
From 3105ff59ea826b1fb34b4bf297dc301556914d59 Mon Sep 17 00:00:00 2001
From: Adrien Destugues <pulkomandy@pulkomandy.tk>
Date: Thu, 16 Jul 2020 17:57:38 +0200
Subject: applying patch ssh-copy-id.patch
diff --git a/contrib/ssh-copy-id b/contrib/ssh-copy-id
old mode 100644
new mode 100755
index cd122de..e5a320c
index da6bd18..866f467 100644
--- a/contrib/ssh-copy-id
+++ b/contrib/ssh-copy-id
@@ -61,7 +61,7 @@ then
@@ -62,7 +62,7 @@ then
fi
# shellcheck disable=SC2010
-DEFAULT_PUB_ID_FILE=$(ls -t "${HOME}"/.ssh/id*.pub 2>/dev/null | grep -v -- '-cert.pub$' | head -n 1)
+DEFAULT_PUB_ID_FILE=$(ls -t `finddir B_USER_SETTINGS_DIRECTORY`/ssh/id*.pub 2>/dev/null | grep -v -- '-cert.pub$' | head -n 1)
SSH="ssh -a -x"
TARGET_PATH=".ssh/authorized_keys"
umask 0177
@@ -296,7 +296,7 @@ installkeys_via_sftp() {
@@ -313,7 +313,7 @@ installkeys_via_sftp() {
# create a scratch dir for any temporary files needed
@@ -75,10 +73,10 @@ index cd122de..e5a320c
then
chmod 0700 "$SCRATCH_DIR"
--
2.37.3
2.42.1
From 2a28504d2bb6f43d31200b2b3546e2334237816b Mon Sep 17 00:00:00 2001
From 8866fd05b3498493e69936540c0ce5e876bf4f8b Mon Sep 17 00:00:00 2001
From: Adrien Destugues <pulkomandy@pulkomandy.tk>
Date: Thu, 16 Jul 2020 17:57:38 +0200
Subject: applying patch sha2-gcc2-build-fix.patch
@@ -131,59 +129,29 @@ index 4f2ad8f..8946d87 100644
memcpy(digest, context->state.st64, SHA384_DIGEST_LENGTH);
#endif
--
2.37.3
2.42.1
From 2364d47154217df24ec1474099a87cf58a57621b Mon Sep 17 00:00:00 2001
From: Adrien Destugues <pulkomandy@pulkomandy.tk>
Date: Thu, 16 Jul 2020 17:57:38 +0200
Subject: applying patch pkcs11-gcc2-build-fix.patch
diff --git a/ssh-pkcs11-client.c b/ssh-pkcs11-client.c
index cfd833d..9def20d 100644
--- a/ssh-pkcs11-client.c
+++ b/ssh-pkcs11-client.c
@@ -248,6 +248,7 @@ pkcs11_start_helper_methods(void)
return (0);
#if defined(OPENSSL_HAS_ECC) && defined(HAVE_EC_KEY_METHOD_NEW)
+{
int (*orig_sign)(int, const unsigned char *, int, unsigned char *,
unsigned int *, const BIGNUM *, const BIGNUM *, EC_KEY *) = NULL;
if (helper_ecdsa != NULL)
@@ -257,6 +258,7 @@ pkcs11_start_helper_methods(void)
return (-1);
EC_KEY_METHOD_get_sign(helper_ecdsa, &orig_sign, NULL, NULL);
EC_KEY_METHOD_set_sign(helper_ecdsa, orig_sign, NULL, ecdsa_do_sign);
+}
#endif /* OPENSSL_HAS_ECC && HAVE_EC_KEY_METHOD_NEW */
if ((helper_rsa = RSA_meth_dup(RSA_get_default_method())) == NULL)
--
2.37.3
From ee7e0513d2facdae338b96786b68e500ee298e53 Mon Sep 17 00:00:00 2001
From 1544b1f2ae8a746f475b82c5b16377fed23f386c Mon Sep 17 00:00:00 2001
From: Adrien Destugues <pulkomandy@pulkomandy.tk>
Date: Thu, 16 Jul 2020 18:08:27 +0200
Subject: Fix configuration path in manpages
diff --git a/contrib/ssh-copy-id.1 b/contrib/ssh-copy-id.1
index c141a29..fd27f1d 100644
index 74eec2f..35a6cc4 100644
--- a/contrib/ssh-copy-id.1
+++ b/contrib/ssh-copy-id.1
@@ -54,7 +54,7 @@ this may result in you being repeatedly prompted for pass-phrases).
It then assembles a list of those that failed to log in, and using ssh,
enables logins with those keys on the remote server. By default it adds
the keys by appending them to the remote user's
@@ -58,7 +58,7 @@ It then assembles a list of those that failed to log in and, using
.Xr ssh 1 ,
enables logins with those keys on the remote server.
By default it adds the keys by appending them to the remote user's
-.Pa ~/.ssh/authorized_keys
+.Pa ~/config/settings/settings/ssh/authorized_keys
(creating the file, and directory, if necessary). It is also capable
of detecting if the remote system is a NetScreen, and using its
.Ql set ssh pka-dsa key ...
@@ -124,9 +124,9 @@ will be used.
(creating the file, and directory, if necessary).
It is also capable of detecting if the remote system is a NetScreen,
and using its
@@ -144,9 +144,9 @@ will be used.
The
.Ic default_ID_file
is the most recent file that matches:
@@ -196,7 +164,7 @@ index c141a29..fd27f1d 100644
.Nm
to use, just use
diff --git a/ssh-add.0 b/ssh-add.0
index ac7d079..8c0ea35 100644
index fed9969..8b1e554 100644
--- a/ssh-add.0
+++ b/ssh-add.0
@@ -13,8 +13,8 @@ SYNOPSIS
@@ -210,7 +178,7 @@ index ac7d079..8c0ea35 100644
ssh-add will try to load corresponding certificate information from the
filename obtained by appending -cert.pub to the name of the private key
file. Alternative file names can be given on the command line.
@@ -60,8 +60,8 @@ DESCRIPTION
@@ -63,8 +63,8 @@ DESCRIPTION
destination-constrained keys via the -h flag. This option may be
specified multiple times to allow multiple files to be searched.
If no files are specified, ssh-add will use the default
@@ -221,7 +189,7 @@ index ac7d079..8c0ea35 100644
/etc/ssh/ssh_known_hosts2.
-h destination_constraint
@@ -173,12 +173,12 @@ ENVIRONMENT
@@ -180,12 +180,12 @@ ENVIRONMENT
the built-in USB HID support.
FILES
@@ -241,10 +209,10 @@ index ac7d079..8c0ea35 100644
authenticator-hosted Ed25519 or RSA authentication identity of
the user.
diff --git a/ssh-add.1 b/ssh-add.1
index 4601f59..2a4bf73 100644
index f0186cd..b7f704f 100644
--- a/ssh-add.1
+++ b/ssh-add.1
@@ -62,13 +62,13 @@
@@ -64,13 +64,13 @@
adds private key identities to the authentication agent,
.Xr ssh-agent 1 .
When run without arguments, it adds the files
@@ -264,7 +232,7 @@ index 4601f59..2a4bf73 100644
After loading a private key,
.Nm
will try to load corresponding certificate information from the
@@ -143,8 +143,8 @@ If no files are specified,
@@ -148,8 +148,8 @@ If no files are specified,
will use the default
.Xr ssh_config 5
known hosts files:
@@ -275,7 +243,7 @@ index 4601f59..2a4bf73 100644
.Pa /etc/ssh/ssh_known_hosts ,
and
.Pa /etc/ssh/ssh_known_hosts2 .
@@ -306,12 +306,12 @@ the built-in USB HID support.
@@ -314,12 +314,12 @@ the built-in USB HID support.
.El
.Sh FILES
.Bl -tag -width Ds -compact
@@ -295,7 +263,7 @@ index 4601f59..2a4bf73 100644
authenticator-hosted Ed25519 or RSA authentication identity of the user.
.El
diff --git a/ssh-keygen.0 b/ssh-keygen.0
index 86cb91b..7d70666 100644
index 95e4aa3..b8ece71 100644
--- a/ssh-keygen.0
+++ b/ssh-keygen.0
@@ -56,9 +56,9 @@ DESCRIPTION
@@ -373,7 +341,7 @@ index 86cb91b..7d70666 100644
the contents of this file secret.
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index 1be0822..9b37d22 100644
index c392141..8038472 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -205,13 +205,13 @@ section for details.
@@ -458,10 +426,10 @@ index 1be0822..9b37d22 100644
where the user wishes to log in using public key authentication.
There is no need to keep the contents of this file secret.
diff --git a/ssh.0 b/ssh.0
index 94a98ae..cc630d6 100644
index 5b5e2ad..fd78948 100644
--- a/ssh.0
+++ b/ssh.0
@@ -112,7 +112,7 @@ DESCRIPTION
@@ -113,7 +113,7 @@ DESCRIPTION
Specifies an alternative per-user configuration file. If a
configuration file is given on the command line, the system-wide
configuration file (/etc/ssh/ssh_config) will be ignored. The
@@ -470,7 +438,7 @@ index 94a98ae..cc630d6 100644
set to M-bM-^@M-^\noneM-bM-^@M-^], no configuration files will be read.
-f Requests ssh to go to background just before command execution.
@@ -143,9 +143,9 @@ DESCRIPTION
@@ -144,9 +144,9 @@ DESCRIPTION
key authentication is read. You can also specify a public key
file to use the corresponding private key that is loaded in
ssh-agent(1) when the private key file is not present locally.
@@ -483,7 +451,7 @@ index 94a98ae..cc630d6 100644
host basis in the configuration file. It is possible to have
multiple -i options (and multiple identities specified in
configuration files). If no certificates have been explicitly
@@ -161,7 +161,7 @@ DESCRIPTION
@@ -162,7 +162,7 @@ DESCRIPTION
is a shortcut to specify a ProxyJump configuration directive.
Note that configuration directives supplied on the command-line
generally apply to the destination host and not any specified
@@ -492,7 +460,7 @@ index 94a98ae..cc630d6 100644
hosts.
-K Enables GSSAPI-based authentication and forwarding (delegation)
@@ -483,7 +483,7 @@ AUTHENTICATION
@@ -488,7 +488,7 @@ AUTHENTICATION
the client machine and the name of the user on that machine, the user is
considered for login. Additionally, the server must be able to verify
the client's host key (see the description of /etc/ssh/ssh_known_hosts
@@ -501,7 +469,7 @@ index 94a98ae..cc630d6 100644
authentication method closes security holes due to IP spoofing, DNS
spoofing, and routing spoofing. [Note to the administrator:
/etc/hosts.equiv, ~/.rhosts, and the rlogin/rsh protocol in general, are
@@ -499,7 +499,7 @@ AUTHENTICATION
@@ -504,7 +504,7 @@ AUTHENTICATION
one of the DSA, ECDSA, Ed25519 or RSA algorithms. The HISTORY section of
ssl(8) contains a brief discussion of the DSA and RSA algorithms.
@@ -510,7 +478,7 @@ index 94a98ae..cc630d6 100644
for logging in. When the user logs in, the ssh program tells the server
which key pair it would like to use for authentication. The client
proves that it has access to the private key and the server checks that
@@ -511,15 +511,15 @@ AUTHENTICATION
@@ -516,15 +516,15 @@ AUTHENTICATION
DEBUG or higher (e.g. by using the -v flag).
The user creates their key pair by running ssh-keygen(1). This stores
@@ -534,7 +502,7 @@ index 94a98ae..cc630d6 100644
The authorized_keys file corresponds to the conventional ~/.rhosts file,
and has one key per line, though the lines can be very long. After this,
the user can log in without giving the password.
@@ -547,7 +547,7 @@ AUTHENTICATION
@@ -552,7 +552,7 @@ AUTHENTICATION
ssh automatically maintains and checks a database containing
identification for all hosts it has ever been used with. Host keys are
@@ -543,7 +511,7 @@ index 94a98ae..cc630d6 100644
the file /etc/ssh/ssh_known_hosts is automatically checked for known
hosts. Any new hosts are automatically added to the user's file. If a
host's identification ever changes, ssh warns about this and disables
@@ -702,7 +702,7 @@ VERIFYING HOST KEYS
@@ -707,7 +707,7 @@ VERIFYING HOST KEYS
To get a listing of the fingerprints along with their random art for all
known hosts, the following command line can be used:
@@ -552,7 +520,7 @@ index 94a98ae..cc630d6 100644
If the fingerprint is unknown, an alternative method of verification is
available: SSH fingerprints verified by DNS. An additional resource
@@ -846,7 +846,7 @@ ENVIRONMENT
@@ -851,7 +851,7 @@ ENVIRONMENT
USER Set to the name of the user logging in.
@@ -561,7 +529,7 @@ index 94a98ae..cc630d6 100644
M-bM-^@M-^\VARNAME=valueM-bM-^@M-^] to the environment if the file exists and users are
allowed to change their environment. For more information, see the
PermitUserEnvironment option in sshd_config(5).
@@ -866,36 +866,36 @@ FILES
@@ -871,36 +871,36 @@ FILES
host-based authentication without permitting login with
rlogin/rsh.
@@ -608,7 +576,7 @@ index 94a98ae..cc630d6 100644
Contains the private key for authentication. These files contain
sensitive data and should be readable by the user but not
accessible by others (read/write/execute). ssh will simply
@@ -904,22 +904,22 @@ FILES
@@ -909,22 +909,22 @@ FILES
will be used to encrypt the sensitive part of this file using
AES-128.
@@ -640,7 +608,7 @@ index 94a98ae..cc630d6 100644
just before the user's shell (or command) is started. See the
sshd(8) manual page for more information.
diff --git a/sshd.0 b/sshd.0
index 00d6081..289345a 100644
index 98855e8..80ff7b9 100644
--- a/sshd.0
+++ b/sshd.0
@@ -194,13 +194,13 @@ LOGIN PROCESS
@@ -772,7 +740,7 @@ index 00d6081..289345a 100644
writable only by root, and should be world-readable.
diff --git a/sshd.8 b/sshd.8
index 9c8f2fc..cc33f4e 100644
index 73d5e92..747ac84 100644
--- a/sshd.8
+++ b/sshd.8
@@ -360,7 +360,7 @@ Changes to run with normal user privileges.
@@ -921,7 +889,7 @@ index 9c8f2fc..cc33f4e 100644
machine-specific login-time initializations globally.
This file should be writable only by root, and should be world-readable.
diff --git a/sshd_config.5 b/sshd_config.5
index 9a1578f..d40d609 100644
index 7e1a56c..c00127a 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -365,7 +365,7 @@ Note that
@@ -984,20 +952,20 @@ index 9a1578f..d40d609 100644
and
.Nm
--
2.37.3
2.42.1
From 7b823b2992244fa3b96601518e82c8df53117b75 Mon Sep 17 00:00:00 2001
From c8ee4d0b0cb156f606599899460244d1a9cf1172 Mon Sep 17 00:00:00 2001
From: Zach Dykstra <dykstra.zachary@gmail.com>
Date: Sun, 27 Dec 2020 21:38:07 -0600
Subject: mux.c: use rename instead of unsupported hard link
diff --git a/mux.c b/mux.c
index b3ffde9..cd87d71 100644
index d598a17..651e920 100644
--- a/mux.c
+++ b/mux.c
@@ -1309,9 +1309,9 @@ muxserver_listen(struct ssh *ssh)
@@ -1325,9 +1325,9 @@ muxserver_listen(struct ssh *ssh)
}
/* Now atomically "move" the mux socket into position */
@@ -1009,7 +977,7 @@ index b3ffde9..cd87d71 100644
options.control_path, orig_control_path,
strerror(errno));
}
@@ -1320,7 +1320,6 @@ muxserver_listen(struct ssh *ssh)
@@ -1336,7 +1336,6 @@ muxserver_listen(struct ssh *ssh)
unlink(options.control_path);
goto disable_mux_master;
}
@@ -1018,10 +986,10 @@ index b3ffde9..cd87d71 100644
options.control_path = orig_control_path;
--
2.37.3
2.42.1
From 7534d916c83b13f3b40d59e9386be21c70cebc4f Mon Sep 17 00:00:00 2001
From a9429ac035afe9f14a7db9e56e333b742e326ea4 Mon Sep 17 00:00:00 2001
From: Jerome Duval <jerome.duval@gmail.com>
Date: Tue, 8 Jun 2021 14:25:15 +0200
Subject: gcc2 patch sntrup761.c
@@ -1048,10 +1016,10 @@ index 57368bd..1fe66d0 100644
while (i + p <= n - q) {
for (j = i;j < i + p;++j) {
--
2.37.3
2.42.1
From 8d952a08372ad3678dcc4130c26d1a607c41ab6c Mon Sep 17 00:00:00 2001
From d9d29a3defce982d6878938b808c0ab4e92c75c8 Mon Sep 17 00:00:00 2001
From: Sergei Reznikov <diver@gelios.net>
Date: Wed, 20 Oct 2021 16:57:50 +0300
Subject: Use a link to take a backup while replacing the known_hosts file
@@ -1075,10 +1043,10 @@ index c5669c7..7fa07ba 100644
error_f("link %.100s to %.100s: %s", filename,
back, strerror(errno));
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 2c0c9cd..42c13e1 100644
index 5b945a8..e41fd04 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1372,7 +1372,11 @@ do_known_hosts(struct passwd *pw, const char *name, int find_host,
@@ -1369,7 +1369,11 @@ do_known_hosts(struct passwd *pw, const char *name, int find_host,
/* Backup existing file */
if (unlink(old) == -1 && errno != ENOENT)
fatal("unlink %.100s: %s", old, strerror(errno));
@@ -1091,5 +1059,5 @@ index 2c0c9cd..42c13e1 100644
strerror(errno));
/* Move new one into place */
--
2.37.3
2.42.1