haikuprojects/haikuports
1
0
Fork 0
mirror of https://github.com/yann64/haikuports.git synced 2026-04-09 05:10:05 +02:00
Code Issues Packages Projects Releases Wiki Activity

openssh: bump version

Browse Source
This commit is contained in:
Jérôme Duval
2025-09-23 17:29:41 +02:00
parent 052a68616f
commit df5c820695
2 changed files with 86 additions and 86 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
net-misc/openssh/openssh-9.8p1.recipe → net-misc/openssh/openssh-10.0p1.recipe
View File

@@ -16,9 +16,9 @@ ssh-keyscan, ssh-keygen and sftp-server."
HOMEPAGE="http://www.openssh.com/"
COPYRIGHT="2005-2020 Tatu Ylonen et al."
LICENSE="OpenSSH"
REVISION="2"
REVISION="1"
SOURCE_URI="https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-$portVersion.tar.gz"
CHECKSUM_SHA256="dd8bd002a379b5d499dfb050dd1fa9af8029e80461f4bb6c523c49973f5a39f3"
CHECKSUM_SHA256="021a2e709a0edf4250b1256bd5a9e500411a90dddabea830ed59cef90eb9d85c"
PATCHES="openssh-$portVersion.patchset"
ADDITIONAL_FILES="
sshd_keymaker.sh

168
net-misc/openssh/patches/openssh-9.8p1.patchset → net-misc/openssh/patches/openssh-10.0p1.patchset
View File

@@ -1,11 +1,11 @@
From c927d5db34599663bf24c2e7033411ccde159f8e Mon Sep 17 00:00:00 2001
From 3e582cb958455372b6ebc0a54303dde47c7c5eb7 Mon Sep 17 00:00:00 2001
From: Adrien Destugues <pulkomandy@pulkomandy.tk>
Date: Thu, 16 Jul 2020 17:57:38 +0200
Subject: applying patch sshd_config.patch
diff --git a/sshd_config b/sshd_config
index 36894ac..c783c84 100644
index 0f4a3a7..c986fcf 100644
--- a/sshd_config
+++ b/sshd_config
@@ -38,7 +38,7 @@
@@ -18,20 +18,20 @@ index 36894ac..c783c84 100644
#AuthorizedPrincipalsFile none
--
2.45.2
2.48.1
From 1695c92f7ba1c8d7ba99b07a4e22713a0ffc50cc Mon Sep 17 00:00:00 2001
From e47c43c7e9b972668706eb78dd582052ec6b4c04 Mon Sep 17 00:00:00 2001
From: Adrien Destugues <pulkomandy@pulkomandy.tk>
Date: Thu, 16 Jul 2020 17:57:38 +0200
Subject: applying patch pathnames.patch
diff --git a/pathnames.h b/pathnames.h
index 61c5f84..e322c12 100644
index 1158bec..75819c1 100644
--- a/pathnames.h
+++ b/pathnames.h
@@ -62,7 +62,7 @@
@@ -65,7 +65,7 @@
* The directory in user's home directory in which the files reside. The
* directory should be world-readable (though not all files are).
*/
@@ -41,29 +41,29 @@ index 61c5f84..e322c12 100644
/*
* Per-user file containing host keys of known hosts. This file need not be
--
2.45.2
2.48.1
From c386c16a8d1e94531db3213acef0892c61dee35a Mon Sep 17 00:00:00 2001
From 13d1f8a64f336947c7d24c02e63c539ba9036ca1 Mon Sep 17 00:00:00 2001
From: Adrien Destugues <pulkomandy@pulkomandy.tk>
Date: Thu, 16 Jul 2020 17:57:38 +0200
Subject: applying patch ssh-copy-id.patch
diff --git a/contrib/ssh-copy-id b/contrib/ssh-copy-id
index da6bd18..866f467 100644
index dcf5798..b698ccf 100644
--- a/contrib/ssh-copy-id
+++ b/contrib/ssh-copy-id
@@ -62,7 +62,7 @@ then
fi
# shellcheck disable=SC2010
-DEFAULT_PUB_ID_FILE=$(ls -t "${HOME}"/.ssh/id*.pub 2>/dev/null | grep -v -- '-cert.pub$' | head -n 1)
+DEFAULT_PUB_ID_FILE=$(ls -t `finddir B_USER_SETTINGS_DIRECTORY`/ssh/id*.pub 2>/dev/null | grep -v -- '-cert.pub$' | head -n 1)
-DEFAULT_PUB_ID_FILE=$(ls -dt "${HOME}"/.ssh/id*.pub 2>/dev/null | grep -v -- '-cert.pub$' | head -n 1)
+DEFAULT_PUB_ID_FILE=$(ls -dt `finddir B_USER_SETTINGS_DIRECTORY`/ssh/id*.pub 2>/dev/null | grep -v -- '-cert.pub$' | head -n 1)
SSH="ssh -a -x"
TARGET_PATH=".ssh/authorized_keys"
umask 0177
@@ -313,7 +313,7 @@ installkeys_via_sftp() {
@@ -341,7 +341,7 @@ installkeys_via_sftp() {
# create a scratch dir for any temporary files needed
@@ -73,10 +73,10 @@ index da6bd18..866f467 100644
then
chmod 0700 "$SCRATCH_DIR"
--
2.45.2
2.48.1
From ab2399c753597302a99cb98fdd8041bda4751aa4 Mon Sep 17 00:00:00 2001
From 432bc00970255e6af4a111b478b624b19aaa1f55 Mon Sep 17 00:00:00 2001
From: Adrien Destugues <pulkomandy@pulkomandy.tk>
Date: Thu, 16 Jul 2020 17:57:38 +0200
Subject: applying patch sha2-gcc2-build-fix.patch
@@ -129,20 +129,20 @@ index 4f2ad8f..8946d87 100644
memcpy(digest, context->state.st64, SHA384_DIGEST_LENGTH);
#endif
--
2.45.2
2.48.1
From a5becac58159b52f71d2f54032497f70fbc8a87b Mon Sep 17 00:00:00 2001
From 0e2d55e3a410ca47d3d65583561344f42a84e313 Mon Sep 17 00:00:00 2001
From: Adrien Destugues <pulkomandy@pulkomandy.tk>
Date: Thu, 16 Jul 2020 18:08:27 +0200
Subject: Fix configuration path in manpages
diff --git a/contrib/ssh-copy-id.1 b/contrib/ssh-copy-id.1
index 74eec2f..5d7b5de 100644
index dbdb45a..95750b1 100644
--- a/contrib/ssh-copy-id.1
+++ b/contrib/ssh-copy-id.1
@@ -58,7 +58,7 @@ It then assembles a list of those that failed to log in and, using
@@ -59,7 +59,7 @@ It then assembles a list of those that failed to log in and, using
.Xr ssh 1 ,
enables logins with those keys on the remote server.
By default it adds the keys by appending them to the remote user's
@@ -151,7 +151,7 @@ index 74eec2f..5d7b5de 100644
(creating the file, and directory, if necessary).
It is also capable of detecting if the remote system is a NetScreen,
and using its
@@ -144,9 +144,9 @@ will be used.
@@ -147,9 +147,9 @@ will be used.
The
.Ic default_ID_file
is the most recent file that matches:
@@ -164,7 +164,7 @@ index 74eec2f..5d7b5de 100644
.Nm
to use, just use
diff --git a/ssh-add.0 b/ssh-add.0
index 30eed66..0e0b400 100644
index af99011..8d4e44e 100644
--- a/ssh-add.0
+++ b/ssh-add.0
@@ -13,11 +13,12 @@ SYNOPSIS
@@ -261,7 +261,7 @@ index c31de4d..67772eb 100644
authenticator-hosted Ed25519 or RSA authentication identity of the user.
.El
diff --git a/ssh-keygen.0 b/ssh-keygen.0
index a731a7f..bc9139d 100644
index 799f323..b8eae04 100644
--- a/ssh-keygen.0
+++ b/ssh-keygen.0
@@ -56,10 +56,11 @@ DESCRIPTION
@@ -280,7 +280,7 @@ index a731a7f..bc9139d 100644
Normally this program generates the key and asks for a file in which to
store the private key. The public key is stored in a file with the same
@@ -621,7 +622,8 @@ CERTIFICATES
@@ -623,7 +624,8 @@ CERTIFICATES
no-pty Disable PTY allocation (permitted by default).
no-user-rc
@@ -290,7 +290,7 @@ index a731a7f..bc9139d 100644
no-x11-forwarding
Disable X11 forwarding (permitted by default).
@@ -636,7 +638,7 @@ CERTIFICATES
@@ -638,7 +640,7 @@ CERTIFICATES
Allows PTY allocation.
permit-user-rc
@@ -299,7 +299,7 @@ index a731a7f..bc9139d 100644
permit-X11-forwarding
Allows X11 forwarding.
@@ -861,11 +863,11 @@ ENVIRONMENT
@@ -862,11 +864,11 @@ ENVIRONMENT
the built-in USB HID support.
FILES
@@ -316,7 +316,7 @@ index a731a7f..bc9139d 100644
Contains the ECDSA, authenticator-hosted ECDSA, Ed25519,
authenticator-hosted Ed25519 or RSA authentication identity of
the user. This file should not be readable by anyone but the
@@ -876,17 +878,17 @@ FILES
@@ -877,17 +879,17 @@ FILES
the private key. ssh(1) will read this file when a login attempt
is made.
@@ -343,7 +343,7 @@ index a731a7f..bc9139d 100644
/etc/moduli
Contains Diffie-Hellman groups used for DH-GEX. The file format
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index df6803f..9581edd 100644
index 00246a8..f053212 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -205,12 +205,12 @@ section for details.
@@ -382,7 +382,7 @@ index df6803f..9581edd 100644
by
.Xr sshd 8 .
.Pp
@@ -1286,11 +1286,11 @@ the built-in USB HID support.
@@ -1284,11 +1284,11 @@ the built-in USB HID support.
.El
.Sh FILES
.Bl -tag -width Ds -compact
@@ -399,7 +399,7 @@ index df6803f..9581edd 100644
Contains the ECDSA, authenticator-hosted ECDSA, Ed25519,
authenticator-hosted Ed25519 or RSA authentication identity of the user.
This file should not be readable by anyone but the user.
@@ -1303,15 +1303,15 @@ but it is offered as the default file for the private key.
@@ -1301,15 +1301,15 @@ but it is offered as the default file for the private key.
.Xr ssh 1
will read this file when a login attempt is made.
.Pp
@@ -422,7 +422,7 @@ index df6803f..9581edd 100644
where the user wishes to log in using public key authentication.
There is no need to keep the contents of this file secret.
diff --git a/ssh.0 b/ssh.0
index 78863b1..ecfa44e 100644
index 7c8cf82..42a5dbb 100644
--- a/ssh.0
+++ b/ssh.0
@@ -113,7 +113,7 @@ DESCRIPTION
@@ -460,7 +460,7 @@ index 78863b1..ecfa44e 100644
-K Enables GSSAPI-based authentication and forwarding (delegation)
of GSSAPI credentials to the server.
@@ -489,7 +493,7 @@ AUTHENTICATION
@@ -500,7 +504,7 @@ AUTHENTICATION
the client machine and the name of the user on that machine, the user is
considered for login. Additionally, the server must be able to verify
the client's host key (see the description of /etc/ssh/ssh_known_hosts
@@ -469,7 +469,7 @@ index 78863b1..ecfa44e 100644
authentication method closes security holes due to IP spoofing, DNS
spoofing, and routing spoofing. [Note to the administrator:
/etc/hosts.equiv, ~/.rhosts, and the rlogin/rsh protocol in general, are
@@ -504,7 +508,7 @@ AUTHENTICATION
@@ -515,7 +519,7 @@ AUTHENTICATION
ssh implements public key authentication protocol automatically, using
one of the ECDSA, Ed25519 or RSA algorithms.
@@ -478,7 +478,7 @@ index 78863b1..ecfa44e 100644
for logging in. When the user logs in, the ssh program tells the server
which key pair it would like to use for authentication. The client
proves that it has access to the private key and the server checks that
@@ -516,14 +520,14 @@ AUTHENTICATION
@@ -527,14 +531,14 @@ AUTHENTICATION
DEBUG or higher (e.g. by using the -v flag).
The user creates their key pair by running ssh-keygen(1). This stores
@@ -501,7 +501,7 @@ index 78863b1..ecfa44e 100644
their home directory on the remote machine. The authorized_keys file
corresponds to the conventional ~/.rhosts file, and has one key per line,
though the lines can be very long. After this, the user can log in
@@ -552,7 +556,7 @@ AUTHENTICATION
@@ -563,7 +567,7 @@ AUTHENTICATION
ssh automatically maintains and checks a database containing
identification for all hosts it has ever been used with. Host keys are
@@ -510,7 +510,7 @@ index 78863b1..ecfa44e 100644
the file /etc/ssh/ssh_known_hosts is automatically checked for known
hosts. Any new hosts are automatically added to the user's file. If a
host's identification ever changes, ssh warns about this and disables
@@ -707,7 +711,7 @@ VERIFYING HOST KEYS
@@ -718,7 +722,7 @@ VERIFYING HOST KEYS
To get a listing of the fingerprints along with their random art for all
known hosts, the following command line can be used:
@@ -519,7 +519,7 @@ index 78863b1..ecfa44e 100644
If the fingerprint is unknown, an alternative method of verification is
available: SSH fingerprints verified by DNS. An additional resource
@@ -851,7 +855,7 @@ ENVIRONMENT
@@ -862,7 +866,7 @@ ENVIRONMENT
USER Set to the name of the user logging in.
@@ -528,7 +528,7 @@ index 78863b1..ecfa44e 100644
M-bM-^@M-^\VARNAME=valueM-bM-^@M-^] to the environment if the file exists and users are
allowed to change their environment. For more information, see the
PermitUserEnvironment option in sshd_config(5).
@@ -871,35 +875,35 @@ FILES
@@ -882,35 +886,35 @@ FILES
host-based authentication without permitting login with
rlogin/rsh.
@@ -573,7 +573,7 @@ index 78863b1..ecfa44e 100644
Contains the private key for authentication. These files contain
sensitive data and should be readable by the user but not
accessible by others (read/write/execute). ssh will simply
@@ -908,21 +912,21 @@ FILES
@@ -919,21 +923,21 @@ FILES
will be used to encrypt the sensitive part of this file using
AES-128.
@@ -603,10 +603,10 @@ index 78863b1..ecfa44e 100644
just before the user's shell (or command) is started. See the
sshd(8) manual page for more information.
diff --git a/sshd.0 b/sshd.0
index c7de2d3..6d1f898 100644
index 23e28be..921c088 100644
--- a/sshd.0
+++ b/sshd.0
@@ -194,13 +194,13 @@ LOGIN PROCESS
@@ -196,13 +196,13 @@ LOGIN PROCESS
5. Sets up basic environment.
@@ -622,7 +622,7 @@ index c7de2d3..6d1f898 100644
is set, runs it; else if /etc/ssh/sshrc exists, runs it;
otherwise runs xauth(1). The M-bM-^@M-^\rcM-bM-^@M-^] files are given the X11
authentication protocol and cookie in standard input. See
@@ -211,7 +211,7 @@ LOGIN PROCESS
@@ -213,7 +213,7 @@ LOGIN PROCESS
database.
SSHRC
@@ -631,7 +631,7 @@ index c7de2d3..6d1f898 100644
files but before starting the user's shell or command. It must not
produce any output on stdout; stderr must be used instead. If X11
forwarding is in use, it will receive the "proto cookie" pair in its
@@ -243,7 +243,7 @@ SSHRC
@@ -245,7 +245,7 @@ SSHRC
AUTHORIZED_KEYS FILE FORMAT
AuthorizedKeysFile specifies the files containing public keys for public
key authentication; if this option is not specified, the default is
@@ -640,7 +640,7 @@ index c7de2d3..6d1f898 100644
file contains one key (empty lines and lines starting with a M-bM-^@M-^X#M-bM-^@M-^Y are
ignored as comments). Public keys consist of the following space-
separated fields: options, keytype, base64-encoded key, comment. The
@@ -355,7 +355,7 @@ AUTHORIZED_KEYS FILE FORMAT
@@ -357,7 +357,7 @@ AUTHORIZED_KEYS FILE FORMAT
no-pty Prevents tty allocation (a request to allocate a pty will fail).
no-user-rc
@@ -649,7 +649,7 @@ index c7de2d3..6d1f898 100644
no-X11-forwarding
Forbids X11 forwarding when this key is used for authentication.
@@ -412,7 +412,7 @@ AUTHORIZED_KEYS FILE FORMAT
@@ -414,7 +414,7 @@ AUTHORIZED_KEYS FILE FORMAT
restrict
Enable all restrictions, i.e. disable port, agent and X11
forwarding, as well as disabling PTY allocation and execution of
@@ -658,7 +658,7 @@ index c7de2d3..6d1f898 100644
authorized_keys files, they will be included in this set.
tunnel="n"
@@ -421,7 +421,7 @@ AUTHORIZED_KEYS FILE FORMAT
@@ -423,7 +423,7 @@ AUTHORIZED_KEYS FILE FORMAT
tunnel.
user-rc
@@ -667,7 +667,7 @@ index c7de2d3..6d1f898 100644
restrict option.
X11-forwarding
@@ -451,7 +451,7 @@ AUTHORIZED_KEYS FILE FORMAT
@@ -453,7 +453,7 @@ AUTHORIZED_KEYS FILE FORMAT
cert-authority,no-touch-required,principals="user_a" ssh-rsa ...
SSH_KNOWN_HOSTS FILE FORMAT
@@ -676,7 +676,7 @@ index c7de2d3..6d1f898 100644
public keys for all known hosts. The global file should be prepared by
the administrator (optional), and the per-user file is maintained
automatically: whenever the user connects to an unknown host, its key is
@@ -521,7 +521,7 @@ SSH_KNOWN_HOSTS FILE FORMAT
@@ -523,7 +523,7 @@ SSH_KNOWN_HOSTS FILE FORMAT
Rather, generate them by a script, ssh-keyscan(1) or by taking, for
example, /etc/ssh/ssh_host_rsa_key.pub and adding the host names at the
front. ssh-keygen(1) also offers some basic automated editing for
@@ -685,7 +685,7 @@ index c7de2d3..6d1f898 100644
converting all host names to their hashed representations.
An example ssh_known_hosts file:
@@ -558,14 +558,14 @@ FILES
@@ -560,14 +560,14 @@ FILES
host-based authentication without permitting login with
rlogin/rsh.
@@ -702,7 +702,7 @@ index c7de2d3..6d1f898 100644
Lists the public keys (ECDSA, Ed25519, RSA) that can be used for
logging in as this user. The format of this file is described
above. The content of the file is not highly sensitive, but the
@@ -578,7 +578,7 @@ FILES
@@ -580,7 +580,7 @@ FILES
allow it to be used unless the StrictModes option has been set to
M-bM-^@M-^\noM-bM-^@M-^].
@@ -711,7 +711,7 @@ index c7de2d3..6d1f898 100644
This file is read into the environment at login (if it exists).
It can only contain empty lines, comment lines (that start with
M-bM-^@M-^X#M-bM-^@M-^Y), and assignment lines of the form name=value. The file
@@ -586,14 +586,14 @@ FILES
@@ -588,14 +588,14 @@ FILES
anyone else. Environment processing is disabled by default and
is controlled via the PermitUserEnvironment option.
@@ -728,7 +728,7 @@ index c7de2d3..6d1f898 100644
Contains initialization routines to be run before the user's home
directory becomes accessible. This file should be writable only
by the user, and need not be readable by anyone else.
@@ -652,7 +652,7 @@ FILES
@@ -654,7 +654,7 @@ FILES
configuration options are described in sshd_config(5).
/etc/ssh/sshrc
@@ -738,10 +738,10 @@ index c7de2d3..6d1f898 100644
writable only by root, and should be world-readable.
diff --git a/sshd.8 b/sshd.8
index c0f095c..fb8b4fb 100644
index 08ebf53..922f9ac 100644
--- a/sshd.8
+++ b/sshd.8
@@ -360,7 +360,7 @@ Changes to run with normal user privileges.
@@ -364,7 +364,7 @@ Changes to run with normal user privileges.
Sets up basic environment.
.It
Reads the file
@@ -750,7 +750,7 @@ index c0f095c..fb8b4fb 100644
if it exists, and users are allowed to change their environment.
See the
.Cm PermitUserEnvironment
@@ -370,7 +370,7 @@ option in
@@ -374,7 +374,7 @@ option in
Changes to user's home directory.
.It
If
@@ -759,7 +759,7 @@ index c0f095c..fb8b4fb 100644
exists and the
.Xr sshd_config 5
.Cm PermitUserRC
@@ -393,7 +393,7 @@ system password database.
@@ -397,7 +397,7 @@ system password database.
.El
.Sh SSHRC
If the file
@@ -768,7 +768,7 @@ index c0f095c..fb8b4fb 100644
exists,
.Xr sh 1
runs it after reading the
@@ -438,9 +438,9 @@ does not exist either, xauth is used to add the cookie.
@@ -442,9 +442,9 @@ does not exist either, xauth is used to add the cookie.
specifies the files containing public keys for
public key authentication;
if this option is not specified, the default is
@@ -780,7 +780,7 @@ index c0f095c..fb8b4fb 100644
Each line of the file contains one
key (empty lines and lines starting with a
.Ql #
@@ -582,7 +582,7 @@ option.
@@ -586,7 +586,7 @@ option.
Prevents tty allocation (a request to allocate a pty will fail).
.It Cm no-user-rc
Disables execution of
@@ -789,7 +789,7 @@ index c0f095c..fb8b4fb 100644
.It Cm no-X11-forwarding
Forbids X11 forwarding when this key is used for authentication.
Any X11 forward requests by the client will return an error.
@@ -663,7 +663,7 @@ and
@@ -667,7 +667,7 @@ and
Enable all restrictions, i.e. disable port, agent and X11 forwarding,
as well as disabling PTY allocation
and execution of
@@ -798,7 +798,7 @@ index c0f095c..fb8b4fb 100644
If any future restriction capabilities are added to authorized_keys files,
they will be included in this set.
.It Cm tunnel="n"
@@ -674,7 +674,7 @@ Without this option, the next available device will be used if
@@ -678,7 +678,7 @@ Without this option, the next available device will be used if
the client requests a tunnel.
.It Cm user-rc
Enables execution of
@@ -807,7 +807,7 @@ index c0f095c..fb8b4fb 100644
previously disabled by the
.Cm restrict
option.
@@ -710,7 +710,7 @@ cert-authority,no-touch-required,principals="user_a" ssh-rsa ...
@@ -714,7 +714,7 @@ cert-authority,no-touch-required,principals="user_a" ssh-rsa ...
The
.Pa /etc/ssh/ssh_known_hosts
and
@@ -816,7 +816,7 @@ index c0f095c..fb8b4fb 100644
files contain host public keys for all known hosts.
The global file should
be prepared by the administrator (optional), and the per-user file is
@@ -819,7 +819,7 @@ or by taking, for example,
@@ -823,7 +823,7 @@ or by taking, for example,
and adding the host names at the front.
.Xr ssh-keygen 1
also offers some basic automated editing for
@@ -825,7 +825,7 @@ index c0f095c..fb8b4fb 100644
including removing hosts matching a host name and converting all host
names to their hashed representations.
.Pp
@@ -870,14 +870,14 @@ This file is used in exactly the same way as
@@ -874,14 +874,14 @@ This file is used in exactly the same way as
but allows host-based authentication without permitting login with
rlogin/rsh.
.Pp
@@ -842,7 +842,7 @@ index c0f095c..fb8b4fb 100644
Lists the public keys (ECDSA, Ed25519, RSA)
that can be used for logging in as this user.
The format of this file is described above.
@@ -885,7 +885,7 @@ The content of the file is not highly sensitive, but the recommended
@@ -889,7 +889,7 @@ The content of the file is not highly sensitive, but the recommended
permissions are read/write for the user, and not accessible by others.
.Pp
If this file, the
@@ -851,7 +851,7 @@ index c0f095c..fb8b4fb 100644
directory, or the user's home directory are writable
by other users, then the file could be modified or replaced by unauthorized
users.
@@ -896,7 +896,7 @@ will not allow it to be used unless the
@@ -900,7 +900,7 @@ will not allow it to be used unless the
option has been set to
.Dq no .
.Pp
@@ -860,7 +860,7 @@ index c0f095c..fb8b4fb 100644
This file is read into the environment at login (if it exists).
It can only contain empty lines, comment lines (that start with
.Ql # ) ,
@@ -908,14 +908,14 @@ controlled via the
@@ -912,14 +912,14 @@ controlled via the
.Cm PermitUserEnvironment
option.
.Pp
@@ -877,7 +877,7 @@ index c0f095c..fb8b4fb 100644
Contains initialization routines to be run before
the user's home directory becomes accessible.
This file should be writable only by the user, and need not be
@@ -993,7 +993,7 @@ The file format and configuration options are described in
@@ -997,7 +997,7 @@ The file format and configuration options are described in
.Pp
.It Pa /etc/ssh/sshrc
Similar to
@@ -887,7 +887,7 @@ index c0f095c..fb8b4fb 100644
machine-specific login-time initializations globally.
This file should be writable only by root, and should be world-readable.
diff --git a/sshd_config.5 b/sshd_config.5
index 1ab0f41..cdcd5fb 100644
index c077173..da23840 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -365,7 +365,7 @@ Note that
@@ -917,7 +917,7 @@ index 1ab0f41..cdcd5fb 100644
during
.Cm HostbasedAuthentication
and use only the system-wide known hosts file
@@ -1529,11 +1529,11 @@ Independent of this setting, the permissions of the selected
@@ -1542,11 +1542,11 @@ Independent of this setting, the permissions of the selected
device must allow access to the user.
.It Cm PermitUserEnvironment
Specifies whether
@@ -931,7 +931,7 @@ index 1ab0f41..cdcd5fb 100644
are processed by
.Xr sshd 8 .
Valid options are
@@ -1549,7 +1549,7 @@ restrictions in some configurations using mechanisms such as
@@ -1562,7 +1562,7 @@ restrictions in some configurations using mechanisms such as
.Ev LD_PRELOAD .
.It Cm PermitUserRC
Specifies whether any
@@ -940,7 +940,7 @@ index 1ab0f41..cdcd5fb 100644
file is executed.
The default is
.Cm yes .
@@ -1982,7 +1982,7 @@ very same IP address.
@@ -2019,7 +2019,7 @@ very same IP address.
If this option is set to
.Cm no
(the default) then only addresses and not host names may be used in
@@ -950,20 +950,20 @@ index 1ab0f41..cdcd5fb 100644
and
.Nm
--
2.45.2
2.48.1
From f3b2aa8efe2b24a59b6fc57e1cb6d6859e596e6d Mon Sep 17 00:00:00 2001
From 2391cabaa5b2c0ec7934c7067f70a9aa816ad1cd Mon Sep 17 00:00:00 2001
From: Zach Dykstra <dykstra.zachary@gmail.com>
Date: Sun, 27 Dec 2020 21:38:07 -0600
Subject: mux.c: use rename instead of unsupported hard link
diff --git a/mux.c b/mux.c
index d598a17..651e920 100644
index 415024f..1fc6fc7 100644
--- a/mux.c
+++ b/mux.c
@@ -1325,9 +1325,9 @@ muxserver_listen(struct ssh *ssh)
@@ -1324,9 +1324,9 @@ muxserver_listen(struct ssh *ssh)
}
/* Now atomically "move" the mux socket into position */
@@ -975,7 +975,7 @@ index d598a17..651e920 100644
options.control_path, orig_control_path,
strerror(errno));
}
@@ -1336,7 +1336,6 @@ muxserver_listen(struct ssh *ssh)
@@ -1335,7 +1335,6 @@ muxserver_listen(struct ssh *ssh)
unlink(options.control_path);
goto disable_mux_master;
}
@@ -984,20 +984,20 @@ index d598a17..651e920 100644
options.control_path = orig_control_path;
--
2.45.2
2.48.1
From ba2547d439b95a56968ab8511192a931fbdf2e42 Mon Sep 17 00:00:00 2001
From ef42308ce8685eaae30977ba8fe5408250c87a29 Mon Sep 17 00:00:00 2001
From: Jerome Duval <jerome.duval@gmail.com>
Date: Tue, 8 Jun 2021 14:25:15 +0200
Subject: gcc2 patch sntrup761.c
diff --git a/sntrup761.c b/sntrup761.c
index 57368bd..1fe66d0 100644
index 123d013..722b63b 100644
--- a/sntrup761.c
+++ b/sntrup761.c
@@ -63,6 +63,7 @@ static void crypto_sort_int32(void *array,long long n)
@@ -1641,6 +1641,7 @@ static void crypto_sort_int32(void *array,long long n)
for (q = top;q > p;q >>= 1) {
if (j != i) for (;;) {
if (j == n - q) goto done;
@@ -1005,7 +1005,7 @@ index 57368bd..1fe66d0 100644
int32 a = x[j + p];
for (r = q;r > p;r >>= 1)
int32_MINMAX(a,x[j + r]);
@@ -72,6 +73,7 @@ static void crypto_sort_int32(void *array,long long n)
@@ -1650,6 +1651,7 @@ static void crypto_sort_int32(void *array,long long n)
i += 2 * p;
break;
}
@@ -1014,10 +1014,10 @@ index 57368bd..1fe66d0 100644
while (i + p <= n - q) {
for (j = i;j < i + p;++j) {
--
2.45.2
2.48.1
From e8037654776f51f929b359b163edd08ab83f92a7 Mon Sep 17 00:00:00 2001
From 24d6f3d3da6fbc79d0bcb00986ca6025d24bb305 Mon Sep 17 00:00:00 2001
From: Sergei Reznikov <diver@gelios.net>
Date: Wed, 20 Oct 2021 16:57:50 +0300
Subject: Use a link to take a backup while replacing the known_hosts file
@@ -1041,10 +1041,10 @@ index c5669c7..7fa07ba 100644
error_f("link %.100s to %.100s: %s", filename,
back, strerror(errno));
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 97c6d13..65e70f9 100644
index 89c3ed2..0b6649e 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1385,7 +1385,11 @@ do_known_hosts(struct passwd *pw, const char *name, int find_host,
@@ -1413,7 +1413,11 @@ do_known_hosts(struct passwd *pw, const char *name, int find_host,
/* Backup existing file */
if (unlink(old) == -1 && errno != ENOENT)
fatal("unlink %.100s: %s", old, strerror(errno));
@@ -1057,5 +1057,5 @@ index 97c6d13..65e70f9 100644
strerror(errno));
/* Move new one into place */
--
2.45.2
2.48.1