diff --git a/net-misc/openssh/openssh-9.8p1.recipe b/net-misc/openssh/openssh-10.0p1.recipe similarity index 97% rename from net-misc/openssh/openssh-9.8p1.recipe rename to net-misc/openssh/openssh-10.0p1.recipe index 55ff62495..95b6cc054 100644 --- a/net-misc/openssh/openssh-9.8p1.recipe +++ b/net-misc/openssh/openssh-10.0p1.recipe @@ -16,9 +16,9 @@ ssh-keyscan, ssh-keygen and sftp-server." HOMEPAGE="http://www.openssh.com/" COPYRIGHT="2005-2020 Tatu Ylonen et al." LICENSE="OpenSSH" -REVISION="2" +REVISION="1" SOURCE_URI="https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-$portVersion.tar.gz" -CHECKSUM_SHA256="dd8bd002a379b5d499dfb050dd1fa9af8029e80461f4bb6c523c49973f5a39f3" +CHECKSUM_SHA256="021a2e709a0edf4250b1256bd5a9e500411a90dddabea830ed59cef90eb9d85c" PATCHES="openssh-$portVersion.patchset" ADDITIONAL_FILES=" sshd_keymaker.sh diff --git a/net-misc/openssh/patches/openssh-9.8p1.patchset b/net-misc/openssh/patches/openssh-10.0p1.patchset similarity index 91% rename from net-misc/openssh/patches/openssh-9.8p1.patchset rename to net-misc/openssh/patches/openssh-10.0p1.patchset index 59fe299f0..f280f8b54 100644 --- a/net-misc/openssh/patches/openssh-9.8p1.patchset +++ b/net-misc/openssh/patches/openssh-10.0p1.patchset @@ -1,11 +1,11 @@ -From c927d5db34599663bf24c2e7033411ccde159f8e Mon Sep 17 00:00:00 2001 +From 3e582cb958455372b6ebc0a54303dde47c7c5eb7 Mon Sep 17 00:00:00 2001 From: Adrien Destugues Date: Thu, 16 Jul 2020 17:57:38 +0200 Subject: applying patch sshd_config.patch diff --git a/sshd_config b/sshd_config -index 36894ac..c783c84 100644 +index 0f4a3a7..c986fcf 100644 --- a/sshd_config +++ b/sshd_config @@ -38,7 +38,7 @@ @@ -18,20 +18,20 @@ index 36894ac..c783c84 100644 #AuthorizedPrincipalsFile none -- -2.45.2 +2.48.1 -From 1695c92f7ba1c8d7ba99b07a4e22713a0ffc50cc Mon Sep 17 00:00:00 2001 +From e47c43c7e9b972668706eb78dd582052ec6b4c04 Mon Sep 17 00:00:00 2001 From: Adrien Destugues Date: Thu, 16 Jul 2020 17:57:38 +0200 Subject: applying patch pathnames.patch diff --git a/pathnames.h b/pathnames.h -index 61c5f84..e322c12 100644 +index 1158bec..75819c1 100644 --- a/pathnames.h +++ b/pathnames.h -@@ -62,7 +62,7 @@ +@@ -65,7 +65,7 @@ * The directory in user's home directory in which the files reside. The * directory should be world-readable (though not all files are). */ @@ -41,29 +41,29 @@ index 61c5f84..e322c12 100644 /* * Per-user file containing host keys of known hosts. This file need not be -- -2.45.2 +2.48.1 -From c386c16a8d1e94531db3213acef0892c61dee35a Mon Sep 17 00:00:00 2001 +From 13d1f8a64f336947c7d24c02e63c539ba9036ca1 Mon Sep 17 00:00:00 2001 From: Adrien Destugues Date: Thu, 16 Jul 2020 17:57:38 +0200 Subject: applying patch ssh-copy-id.patch diff --git a/contrib/ssh-copy-id b/contrib/ssh-copy-id -index da6bd18..866f467 100644 +index dcf5798..b698ccf 100644 --- a/contrib/ssh-copy-id +++ b/contrib/ssh-copy-id @@ -62,7 +62,7 @@ then fi # shellcheck disable=SC2010 --DEFAULT_PUB_ID_FILE=$(ls -t "${HOME}"/.ssh/id*.pub 2>/dev/null | grep -v -- '-cert.pub$' | head -n 1) -+DEFAULT_PUB_ID_FILE=$(ls -t `finddir B_USER_SETTINGS_DIRECTORY`/ssh/id*.pub 2>/dev/null | grep -v -- '-cert.pub$' | head -n 1) +-DEFAULT_PUB_ID_FILE=$(ls -dt "${HOME}"/.ssh/id*.pub 2>/dev/null | grep -v -- '-cert.pub$' | head -n 1) ++DEFAULT_PUB_ID_FILE=$(ls -dt `finddir B_USER_SETTINGS_DIRECTORY`/ssh/id*.pub 2>/dev/null | grep -v -- '-cert.pub$' | head -n 1) SSH="ssh -a -x" TARGET_PATH=".ssh/authorized_keys" umask 0177 -@@ -313,7 +313,7 @@ installkeys_via_sftp() { +@@ -341,7 +341,7 @@ installkeys_via_sftp() { # create a scratch dir for any temporary files needed @@ -73,10 +73,10 @@ index da6bd18..866f467 100644 then chmod 0700 "$SCRATCH_DIR" -- -2.45.2 +2.48.1 -From ab2399c753597302a99cb98fdd8041bda4751aa4 Mon Sep 17 00:00:00 2001 +From 432bc00970255e6af4a111b478b624b19aaa1f55 Mon Sep 17 00:00:00 2001 From: Adrien Destugues Date: Thu, 16 Jul 2020 17:57:38 +0200 Subject: applying patch sha2-gcc2-build-fix.patch @@ -129,20 +129,20 @@ index 4f2ad8f..8946d87 100644 memcpy(digest, context->state.st64, SHA384_DIGEST_LENGTH); #endif -- -2.45.2 +2.48.1 -From a5becac58159b52f71d2f54032497f70fbc8a87b Mon Sep 17 00:00:00 2001 +From 0e2d55e3a410ca47d3d65583561344f42a84e313 Mon Sep 17 00:00:00 2001 From: Adrien Destugues Date: Thu, 16 Jul 2020 18:08:27 +0200 Subject: Fix configuration path in manpages diff --git a/contrib/ssh-copy-id.1 b/contrib/ssh-copy-id.1 -index 74eec2f..5d7b5de 100644 +index dbdb45a..95750b1 100644 --- a/contrib/ssh-copy-id.1 +++ b/contrib/ssh-copy-id.1 -@@ -58,7 +58,7 @@ It then assembles a list of those that failed to log in and, using +@@ -59,7 +59,7 @@ It then assembles a list of those that failed to log in and, using .Xr ssh 1 , enables logins with those keys on the remote server. By default it adds the keys by appending them to the remote user's @@ -151,7 +151,7 @@ index 74eec2f..5d7b5de 100644 (creating the file, and directory, if necessary). It is also capable of detecting if the remote system is a NetScreen, and using its -@@ -144,9 +144,9 @@ will be used. +@@ -147,9 +147,9 @@ will be used. The .Ic default_ID_file is the most recent file that matches: @@ -164,7 +164,7 @@ index 74eec2f..5d7b5de 100644 .Nm to use, just use diff --git a/ssh-add.0 b/ssh-add.0 -index 30eed66..0e0b400 100644 +index af99011..8d4e44e 100644 --- a/ssh-add.0 +++ b/ssh-add.0 @@ -13,11 +13,12 @@ SYNOPSIS @@ -261,7 +261,7 @@ index c31de4d..67772eb 100644 authenticator-hosted Ed25519 or RSA authentication identity of the user. .El diff --git a/ssh-keygen.0 b/ssh-keygen.0 -index a731a7f..bc9139d 100644 +index 799f323..b8eae04 100644 --- a/ssh-keygen.0 +++ b/ssh-keygen.0 @@ -56,10 +56,11 @@ DESCRIPTION @@ -280,7 +280,7 @@ index a731a7f..bc9139d 100644 Normally this program generates the key and asks for a file in which to store the private key. The public key is stored in a file with the same -@@ -621,7 +622,8 @@ CERTIFICATES +@@ -623,7 +624,8 @@ CERTIFICATES no-pty Disable PTY allocation (permitted by default). no-user-rc @@ -290,7 +290,7 @@ index a731a7f..bc9139d 100644 no-x11-forwarding Disable X11 forwarding (permitted by default). -@@ -636,7 +638,7 @@ CERTIFICATES +@@ -638,7 +640,7 @@ CERTIFICATES Allows PTY allocation. permit-user-rc @@ -299,7 +299,7 @@ index a731a7f..bc9139d 100644 permit-X11-forwarding Allows X11 forwarding. -@@ -861,11 +863,11 @@ ENVIRONMENT +@@ -862,11 +864,11 @@ ENVIRONMENT the built-in USB HID support. FILES @@ -316,7 +316,7 @@ index a731a7f..bc9139d 100644 Contains the ECDSA, authenticator-hosted ECDSA, Ed25519, authenticator-hosted Ed25519 or RSA authentication identity of the user. This file should not be readable by anyone but the -@@ -876,17 +878,17 @@ FILES +@@ -877,17 +879,17 @@ FILES the private key. ssh(1) will read this file when a login attempt is made. @@ -343,7 +343,7 @@ index a731a7f..bc9139d 100644 /etc/moduli Contains Diffie-Hellman groups used for DH-GEX. The file format diff --git a/ssh-keygen.1 b/ssh-keygen.1 -index df6803f..9581edd 100644 +index 00246a8..f053212 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 @@ -205,12 +205,12 @@ section for details. @@ -382,7 +382,7 @@ index df6803f..9581edd 100644 by .Xr sshd 8 . .Pp -@@ -1286,11 +1286,11 @@ the built-in USB HID support. +@@ -1284,11 +1284,11 @@ the built-in USB HID support. .El .Sh FILES .Bl -tag -width Ds -compact @@ -399,7 +399,7 @@ index df6803f..9581edd 100644 Contains the ECDSA, authenticator-hosted ECDSA, Ed25519, authenticator-hosted Ed25519 or RSA authentication identity of the user. This file should not be readable by anyone but the user. -@@ -1303,15 +1303,15 @@ but it is offered as the default file for the private key. +@@ -1301,15 +1301,15 @@ but it is offered as the default file for the private key. .Xr ssh 1 will read this file when a login attempt is made. .Pp @@ -422,7 +422,7 @@ index df6803f..9581edd 100644 where the user wishes to log in using public key authentication. There is no need to keep the contents of this file secret. diff --git a/ssh.0 b/ssh.0 -index 78863b1..ecfa44e 100644 +index 7c8cf82..42a5dbb 100644 --- a/ssh.0 +++ b/ssh.0 @@ -113,7 +113,7 @@ DESCRIPTION @@ -460,7 +460,7 @@ index 78863b1..ecfa44e 100644 -K Enables GSSAPI-based authentication and forwarding (delegation) of GSSAPI credentials to the server. -@@ -489,7 +493,7 @@ AUTHENTICATION +@@ -500,7 +504,7 @@ AUTHENTICATION the client machine and the name of the user on that machine, the user is considered for login. Additionally, the server must be able to verify the client's host key (see the description of /etc/ssh/ssh_known_hosts @@ -469,7 +469,7 @@ index 78863b1..ecfa44e 100644 authentication method closes security holes due to IP spoofing, DNS spoofing, and routing spoofing. [Note to the administrator: /etc/hosts.equiv, ~/.rhosts, and the rlogin/rsh protocol in general, are -@@ -504,7 +508,7 @@ AUTHENTICATION +@@ -515,7 +519,7 @@ AUTHENTICATION ssh implements public key authentication protocol automatically, using one of the ECDSA, Ed25519 or RSA algorithms. @@ -478,7 +478,7 @@ index 78863b1..ecfa44e 100644 for logging in. When the user logs in, the ssh program tells the server which key pair it would like to use for authentication. The client proves that it has access to the private key and the server checks that -@@ -516,14 +520,14 @@ AUTHENTICATION +@@ -527,14 +531,14 @@ AUTHENTICATION DEBUG or higher (e.g. by using the -v flag). The user creates their key pair by running ssh-keygen(1). This stores @@ -501,7 +501,7 @@ index 78863b1..ecfa44e 100644 their home directory on the remote machine. The authorized_keys file corresponds to the conventional ~/.rhosts file, and has one key per line, though the lines can be very long. After this, the user can log in -@@ -552,7 +556,7 @@ AUTHENTICATION +@@ -563,7 +567,7 @@ AUTHENTICATION ssh automatically maintains and checks a database containing identification for all hosts it has ever been used with. Host keys are @@ -510,7 +510,7 @@ index 78863b1..ecfa44e 100644 the file /etc/ssh/ssh_known_hosts is automatically checked for known hosts. Any new hosts are automatically added to the user's file. If a host's identification ever changes, ssh warns about this and disables -@@ -707,7 +711,7 @@ VERIFYING HOST KEYS +@@ -718,7 +722,7 @@ VERIFYING HOST KEYS To get a listing of the fingerprints along with their random art for all known hosts, the following command line can be used: @@ -519,7 +519,7 @@ index 78863b1..ecfa44e 100644 If the fingerprint is unknown, an alternative method of verification is available: SSH fingerprints verified by DNS. An additional resource -@@ -851,7 +855,7 @@ ENVIRONMENT +@@ -862,7 +866,7 @@ ENVIRONMENT USER Set to the name of the user logging in. @@ -528,7 +528,7 @@ index 78863b1..ecfa44e 100644 M-bM-^@M-^\VARNAME=valueM-bM-^@M-^] to the environment if the file exists and users are allowed to change their environment. For more information, see the PermitUserEnvironment option in sshd_config(5). -@@ -871,35 +875,35 @@ FILES +@@ -882,35 +886,35 @@ FILES host-based authentication without permitting login with rlogin/rsh. @@ -573,7 +573,7 @@ index 78863b1..ecfa44e 100644 Contains the private key for authentication. These files contain sensitive data and should be readable by the user but not accessible by others (read/write/execute). ssh will simply -@@ -908,21 +912,21 @@ FILES +@@ -919,21 +923,21 @@ FILES will be used to encrypt the sensitive part of this file using AES-128. @@ -603,10 +603,10 @@ index 78863b1..ecfa44e 100644 just before the user's shell (or command) is started. See the sshd(8) manual page for more information. diff --git a/sshd.0 b/sshd.0 -index c7de2d3..6d1f898 100644 +index 23e28be..921c088 100644 --- a/sshd.0 +++ b/sshd.0 -@@ -194,13 +194,13 @@ LOGIN PROCESS +@@ -196,13 +196,13 @@ LOGIN PROCESS 5. Sets up basic environment. @@ -622,7 +622,7 @@ index c7de2d3..6d1f898 100644 is set, runs it; else if /etc/ssh/sshrc exists, runs it; otherwise runs xauth(1). The M-bM-^@M-^\rcM-bM-^@M-^] files are given the X11 authentication protocol and cookie in standard input. See -@@ -211,7 +211,7 @@ LOGIN PROCESS +@@ -213,7 +213,7 @@ LOGIN PROCESS database. SSHRC @@ -631,7 +631,7 @@ index c7de2d3..6d1f898 100644 files but before starting the user's shell or command. It must not produce any output on stdout; stderr must be used instead. If X11 forwarding is in use, it will receive the "proto cookie" pair in its -@@ -243,7 +243,7 @@ SSHRC +@@ -245,7 +245,7 @@ SSHRC AUTHORIZED_KEYS FILE FORMAT AuthorizedKeysFile specifies the files containing public keys for public key authentication; if this option is not specified, the default is @@ -640,7 +640,7 @@ index c7de2d3..6d1f898 100644 file contains one key (empty lines and lines starting with a M-bM-^@M-^X#M-bM-^@M-^Y are ignored as comments). Public keys consist of the following space- separated fields: options, keytype, base64-encoded key, comment. The -@@ -355,7 +355,7 @@ AUTHORIZED_KEYS FILE FORMAT +@@ -357,7 +357,7 @@ AUTHORIZED_KEYS FILE FORMAT no-pty Prevents tty allocation (a request to allocate a pty will fail). no-user-rc @@ -649,7 +649,7 @@ index c7de2d3..6d1f898 100644 no-X11-forwarding Forbids X11 forwarding when this key is used for authentication. -@@ -412,7 +412,7 @@ AUTHORIZED_KEYS FILE FORMAT +@@ -414,7 +414,7 @@ AUTHORIZED_KEYS FILE FORMAT restrict Enable all restrictions, i.e. disable port, agent and X11 forwarding, as well as disabling PTY allocation and execution of @@ -658,7 +658,7 @@ index c7de2d3..6d1f898 100644 authorized_keys files, they will be included in this set. tunnel="n" -@@ -421,7 +421,7 @@ AUTHORIZED_KEYS FILE FORMAT +@@ -423,7 +423,7 @@ AUTHORIZED_KEYS FILE FORMAT tunnel. user-rc @@ -667,7 +667,7 @@ index c7de2d3..6d1f898 100644 restrict option. X11-forwarding -@@ -451,7 +451,7 @@ AUTHORIZED_KEYS FILE FORMAT +@@ -453,7 +453,7 @@ AUTHORIZED_KEYS FILE FORMAT cert-authority,no-touch-required,principals="user_a" ssh-rsa ... SSH_KNOWN_HOSTS FILE FORMAT @@ -676,7 +676,7 @@ index c7de2d3..6d1f898 100644 public keys for all known hosts. The global file should be prepared by the administrator (optional), and the per-user file is maintained automatically: whenever the user connects to an unknown host, its key is -@@ -521,7 +521,7 @@ SSH_KNOWN_HOSTS FILE FORMAT +@@ -523,7 +523,7 @@ SSH_KNOWN_HOSTS FILE FORMAT Rather, generate them by a script, ssh-keyscan(1) or by taking, for example, /etc/ssh/ssh_host_rsa_key.pub and adding the host names at the front. ssh-keygen(1) also offers some basic automated editing for @@ -685,7 +685,7 @@ index c7de2d3..6d1f898 100644 converting all host names to their hashed representations. An example ssh_known_hosts file: -@@ -558,14 +558,14 @@ FILES +@@ -560,14 +560,14 @@ FILES host-based authentication without permitting login with rlogin/rsh. @@ -702,7 +702,7 @@ index c7de2d3..6d1f898 100644 Lists the public keys (ECDSA, Ed25519, RSA) that can be used for logging in as this user. The format of this file is described above. The content of the file is not highly sensitive, but the -@@ -578,7 +578,7 @@ FILES +@@ -580,7 +580,7 @@ FILES allow it to be used unless the StrictModes option has been set to M-bM-^@M-^\noM-bM-^@M-^]. @@ -711,7 +711,7 @@ index c7de2d3..6d1f898 100644 This file is read into the environment at login (if it exists). It can only contain empty lines, comment lines (that start with M-bM-^@M-^X#M-bM-^@M-^Y), and assignment lines of the form name=value. The file -@@ -586,14 +586,14 @@ FILES +@@ -588,14 +588,14 @@ FILES anyone else. Environment processing is disabled by default and is controlled via the PermitUserEnvironment option. @@ -728,7 +728,7 @@ index c7de2d3..6d1f898 100644 Contains initialization routines to be run before the user's home directory becomes accessible. This file should be writable only by the user, and need not be readable by anyone else. -@@ -652,7 +652,7 @@ FILES +@@ -654,7 +654,7 @@ FILES configuration options are described in sshd_config(5). /etc/ssh/sshrc @@ -738,10 +738,10 @@ index c7de2d3..6d1f898 100644 writable only by root, and should be world-readable. diff --git a/sshd.8 b/sshd.8 -index c0f095c..fb8b4fb 100644 +index 08ebf53..922f9ac 100644 --- a/sshd.8 +++ b/sshd.8 -@@ -360,7 +360,7 @@ Changes to run with normal user privileges. +@@ -364,7 +364,7 @@ Changes to run with normal user privileges. Sets up basic environment. .It Reads the file @@ -750,7 +750,7 @@ index c0f095c..fb8b4fb 100644 if it exists, and users are allowed to change their environment. See the .Cm PermitUserEnvironment -@@ -370,7 +370,7 @@ option in +@@ -374,7 +374,7 @@ option in Changes to user's home directory. .It If @@ -759,7 +759,7 @@ index c0f095c..fb8b4fb 100644 exists and the .Xr sshd_config 5 .Cm PermitUserRC -@@ -393,7 +393,7 @@ system password database. +@@ -397,7 +397,7 @@ system password database. .El .Sh SSHRC If the file @@ -768,7 +768,7 @@ index c0f095c..fb8b4fb 100644 exists, .Xr sh 1 runs it after reading the -@@ -438,9 +438,9 @@ does not exist either, xauth is used to add the cookie. +@@ -442,9 +442,9 @@ does not exist either, xauth is used to add the cookie. specifies the files containing public keys for public key authentication; if this option is not specified, the default is @@ -780,7 +780,7 @@ index c0f095c..fb8b4fb 100644 Each line of the file contains one key (empty lines and lines starting with a .Ql # -@@ -582,7 +582,7 @@ option. +@@ -586,7 +586,7 @@ option. Prevents tty allocation (a request to allocate a pty will fail). .It Cm no-user-rc Disables execution of @@ -789,7 +789,7 @@ index c0f095c..fb8b4fb 100644 .It Cm no-X11-forwarding Forbids X11 forwarding when this key is used for authentication. Any X11 forward requests by the client will return an error. -@@ -663,7 +663,7 @@ and +@@ -667,7 +667,7 @@ and Enable all restrictions, i.e. disable port, agent and X11 forwarding, as well as disabling PTY allocation and execution of @@ -798,7 +798,7 @@ index c0f095c..fb8b4fb 100644 If any future restriction capabilities are added to authorized_keys files, they will be included in this set. .It Cm tunnel="n" -@@ -674,7 +674,7 @@ Without this option, the next available device will be used if +@@ -678,7 +678,7 @@ Without this option, the next available device will be used if the client requests a tunnel. .It Cm user-rc Enables execution of @@ -807,7 +807,7 @@ index c0f095c..fb8b4fb 100644 previously disabled by the .Cm restrict option. -@@ -710,7 +710,7 @@ cert-authority,no-touch-required,principals="user_a" ssh-rsa ... +@@ -714,7 +714,7 @@ cert-authority,no-touch-required,principals="user_a" ssh-rsa ... The .Pa /etc/ssh/ssh_known_hosts and @@ -816,7 +816,7 @@ index c0f095c..fb8b4fb 100644 files contain host public keys for all known hosts. The global file should be prepared by the administrator (optional), and the per-user file is -@@ -819,7 +819,7 @@ or by taking, for example, +@@ -823,7 +823,7 @@ or by taking, for example, and adding the host names at the front. .Xr ssh-keygen 1 also offers some basic automated editing for @@ -825,7 +825,7 @@ index c0f095c..fb8b4fb 100644 including removing hosts matching a host name and converting all host names to their hashed representations. .Pp -@@ -870,14 +870,14 @@ This file is used in exactly the same way as +@@ -874,14 +874,14 @@ This file is used in exactly the same way as but allows host-based authentication without permitting login with rlogin/rsh. .Pp @@ -842,7 +842,7 @@ index c0f095c..fb8b4fb 100644 Lists the public keys (ECDSA, Ed25519, RSA) that can be used for logging in as this user. The format of this file is described above. -@@ -885,7 +885,7 @@ The content of the file is not highly sensitive, but the recommended +@@ -889,7 +889,7 @@ The content of the file is not highly sensitive, but the recommended permissions are read/write for the user, and not accessible by others. .Pp If this file, the @@ -851,7 +851,7 @@ index c0f095c..fb8b4fb 100644 directory, or the user's home directory are writable by other users, then the file could be modified or replaced by unauthorized users. -@@ -896,7 +896,7 @@ will not allow it to be used unless the +@@ -900,7 +900,7 @@ will not allow it to be used unless the option has been set to .Dq no . .Pp @@ -860,7 +860,7 @@ index c0f095c..fb8b4fb 100644 This file is read into the environment at login (if it exists). It can only contain empty lines, comment lines (that start with .Ql # ) , -@@ -908,14 +908,14 @@ controlled via the +@@ -912,14 +912,14 @@ controlled via the .Cm PermitUserEnvironment option. .Pp @@ -877,7 +877,7 @@ index c0f095c..fb8b4fb 100644 Contains initialization routines to be run before the user's home directory becomes accessible. This file should be writable only by the user, and need not be -@@ -993,7 +993,7 @@ The file format and configuration options are described in +@@ -997,7 +997,7 @@ The file format and configuration options are described in .Pp .It Pa /etc/ssh/sshrc Similar to @@ -887,7 +887,7 @@ index c0f095c..fb8b4fb 100644 machine-specific login-time initializations globally. This file should be writable only by root, and should be world-readable. diff --git a/sshd_config.5 b/sshd_config.5 -index 1ab0f41..cdcd5fb 100644 +index c077173..da23840 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -365,7 +365,7 @@ Note that @@ -917,7 +917,7 @@ index 1ab0f41..cdcd5fb 100644 during .Cm HostbasedAuthentication and use only the system-wide known hosts file -@@ -1529,11 +1529,11 @@ Independent of this setting, the permissions of the selected +@@ -1542,11 +1542,11 @@ Independent of this setting, the permissions of the selected device must allow access to the user. .It Cm PermitUserEnvironment Specifies whether @@ -931,7 +931,7 @@ index 1ab0f41..cdcd5fb 100644 are processed by .Xr sshd 8 . Valid options are -@@ -1549,7 +1549,7 @@ restrictions in some configurations using mechanisms such as +@@ -1562,7 +1562,7 @@ restrictions in some configurations using mechanisms such as .Ev LD_PRELOAD . .It Cm PermitUserRC Specifies whether any @@ -940,7 +940,7 @@ index 1ab0f41..cdcd5fb 100644 file is executed. The default is .Cm yes . -@@ -1982,7 +1982,7 @@ very same IP address. +@@ -2019,7 +2019,7 @@ very same IP address. If this option is set to .Cm no (the default) then only addresses and not host names may be used in @@ -950,20 +950,20 @@ index 1ab0f41..cdcd5fb 100644 and .Nm -- -2.45.2 +2.48.1 -From f3b2aa8efe2b24a59b6fc57e1cb6d6859e596e6d Mon Sep 17 00:00:00 2001 +From 2391cabaa5b2c0ec7934c7067f70a9aa816ad1cd Mon Sep 17 00:00:00 2001 From: Zach Dykstra Date: Sun, 27 Dec 2020 21:38:07 -0600 Subject: mux.c: use rename instead of unsupported hard link diff --git a/mux.c b/mux.c -index d598a17..651e920 100644 +index 415024f..1fc6fc7 100644 --- a/mux.c +++ b/mux.c -@@ -1325,9 +1325,9 @@ muxserver_listen(struct ssh *ssh) +@@ -1324,9 +1324,9 @@ muxserver_listen(struct ssh *ssh) } /* Now atomically "move" the mux socket into position */ @@ -975,7 +975,7 @@ index d598a17..651e920 100644 options.control_path, orig_control_path, strerror(errno)); } -@@ -1336,7 +1336,6 @@ muxserver_listen(struct ssh *ssh) +@@ -1335,7 +1335,6 @@ muxserver_listen(struct ssh *ssh) unlink(options.control_path); goto disable_mux_master; } @@ -984,20 +984,20 @@ index d598a17..651e920 100644 options.control_path = orig_control_path; -- -2.45.2 +2.48.1 -From ba2547d439b95a56968ab8511192a931fbdf2e42 Mon Sep 17 00:00:00 2001 +From ef42308ce8685eaae30977ba8fe5408250c87a29 Mon Sep 17 00:00:00 2001 From: Jerome Duval Date: Tue, 8 Jun 2021 14:25:15 +0200 Subject: gcc2 patch sntrup761.c diff --git a/sntrup761.c b/sntrup761.c -index 57368bd..1fe66d0 100644 +index 123d013..722b63b 100644 --- a/sntrup761.c +++ b/sntrup761.c -@@ -63,6 +63,7 @@ static void crypto_sort_int32(void *array,long long n) +@@ -1641,6 +1641,7 @@ static void crypto_sort_int32(void *array,long long n) for (q = top;q > p;q >>= 1) { if (j != i) for (;;) { if (j == n - q) goto done; @@ -1005,7 +1005,7 @@ index 57368bd..1fe66d0 100644 int32 a = x[j + p]; for (r = q;r > p;r >>= 1) int32_MINMAX(a,x[j + r]); -@@ -72,6 +73,7 @@ static void crypto_sort_int32(void *array,long long n) +@@ -1650,6 +1651,7 @@ static void crypto_sort_int32(void *array,long long n) i += 2 * p; break; } @@ -1014,10 +1014,10 @@ index 57368bd..1fe66d0 100644 while (i + p <= n - q) { for (j = i;j < i + p;++j) { -- -2.45.2 +2.48.1 -From e8037654776f51f929b359b163edd08ab83f92a7 Mon Sep 17 00:00:00 2001 +From 24d6f3d3da6fbc79d0bcb00986ca6025d24bb305 Mon Sep 17 00:00:00 2001 From: Sergei Reznikov Date: Wed, 20 Oct 2021 16:57:50 +0300 Subject: Use a link to take a backup while replacing the known_hosts file @@ -1041,10 +1041,10 @@ index c5669c7..7fa07ba 100644 error_f("link %.100s to %.100s: %s", filename, back, strerror(errno)); diff --git a/ssh-keygen.c b/ssh-keygen.c -index 97c6d13..65e70f9 100644 +index 89c3ed2..0b6649e 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c -@@ -1385,7 +1385,11 @@ do_known_hosts(struct passwd *pw, const char *name, int find_host, +@@ -1413,7 +1413,11 @@ do_known_hosts(struct passwd *pw, const char *name, int find_host, /* Backup existing file */ if (unlink(old) == -1 && errno != ENOENT) fatal("unlink %.100s: %s", old, strerror(errno)); @@ -1057,5 +1057,5 @@ index 97c6d13..65e70f9 100644 strerror(errno)); /* Move new one into place */ -- -2.45.2 +2.48.1