Ports: Update openssh to 9.0

author: Patrick Meyer <git@the-space.agency> 2022-04-30 10:58:10 +0000
committer: Brian Gianforcaro <b.gianfo@gmail.com> 2022-05-02 17:12:51 -0700
commit: 7b76bc2b4983b5fc0c648c5ae0bd9e3f402518fc (patch)
tree: a7aeeb1d9e3f6bf76ac63491a858016623d4db77 /Ports/openssh
parent: 60203644766360ca04ac8a6c94b725bb2eaebc7e (diff)
download: serenity-7b76bc2b4983b5fc0c648c5ae0bd9e3f402518fc.zip
7 files changed, 128 insertions, 126 deletions
diff --git a/Ports/openssh/package.sh b/Ports/openssh/package.sh
index b40278d4c9..a47a2d8ac6 100755
--- a/Ports/openssh/package.sh
+++ b/Ports/openssh/package.sh
@@ -1,8 +1,8 @@
 #!/usr/bin/env -S bash ../.port_include.sh
 port=openssh
-workdir=openssh-portable-9ca7e9c861775dd6c6312bc8aaab687403d24676
-version=8.3-9ca7e9c
-files="https://github.com/openssh/openssh-portable/archive/9ca7e9c861775dd6c6312bc8aaab687403d24676.tar.gz openssh-8.3-9ca7e9c.tar.gz 78e3051cd76e505b1c9ea4fdcc108f47c64d4db058dad4f776908ed0229f6234"
+workdir=openssh-portable-94eb6858efecc1b4f02d8a6bd35e149f55c814c8
+version=9.0-94eb685
+files="https://github.com/openssh/openssh-portable/archive/94eb6858efecc1b4f02d8a6bd35e149f55c814c8.tar.gz openssh-9.0-94eb685.tar.gz 8a6bfb4c21d32f4e82d6d7734cd68585337cdd57428a2799295e1b1e72c332b5"
 auth_type=sha256
 depends=("zlib" "openssl")
 useconfigure=true
diff --git a/Ports/openssh/patches/missing_functionality.patch b/Ports/openssh/patches/missing_functionality.patch
index a364830c0f..70b1e77044 100644
--- a/Ports/openssh/patches/missing_functionality.patch
+++ b/Ports/openssh/patches/missing_functionality.patch
@@ -1,9 +1,9 @@
-08ba07f3ef1eb9cc40204cda0af3886ee071fd47 Ifdef out unimplemented functionality
+Ifdef out unimplemented functionality
 diff --git a/atomicio.c b/atomicio.c
-index e00c9f0d..e51a9999 100644
+index 7650733..7a195f5 100644
 --- a/atomicio.c
 +++ b/atomicio.c
-@@ -120,7 +120,7 @@ atomiciov6(ssize_t (*f) (int, const struct iovec *, int), int fd,
+@@ -119,7 +119,7 @@ atomiciov6(ssize_t (*f) (int, const struct iovec *, int), int fd,
  	memcpy(iov, _iov, (size_t)iovcnt * sizeof(*_iov));
  
  	pfd.fd = fd;
@@ -13,7 +13,7 @@ index e00c9f0d..e51a9999 100644
  #else
  	pfd.events = POLLIN|POLLOUT;
 diff --git a/defines.h b/defines.h
-index b8ea88b2..1089ee18 100644
+index 279e509..5fb970a 100644
 --- a/defines.h
 +++ b/defines.h
 @@ -55,8 +55,13 @@ enum
@@ -31,7 +31,7 @@ index b8ea88b2..1089ee18 100644
  # define IPTOS_LOWDELAY          0x10
  # define IPTOS_THROUGHPUT        0x08
 diff --git a/dns.c b/dns.c
-index e4f9bf83..779886fa 100644
+index f2310be..f39db58 100644
 --- a/dns.c
 +++ b/dns.c
 @@ -25,6 +25,8 @@
@@ -43,14 +43,14 @@ index e4f9bf83..779886fa 100644
  #include "includes.h"
  
  #include <sys/types.h>
-@@ -353,3 +355,5 @@ export_dns_rr(const char *hostname, struct sshkey *key, FILE *f, int generic)
+@@ -338,3 +340,5 @@ export_dns_rr(const char *hostname, struct sshkey *key, FILE *f, int generic)
  
  	return success;
  }
 +
 +#endif
 diff --git a/dns.h b/dns.h
-index 91f3c632..0de0a81b 100644
+index c9b61c4..2b9f153 100644
 --- a/dns.h
 +++ b/dns.h
 @@ -25,6 +25,8 @@
@@ -62,14 +62,14 @@ index 91f3c632..0de0a81b 100644
  #ifndef DNS_H
  #define DNS_H
  
-@@ -56,3 +58,5 @@ int	verify_host_key_dns(const char *, struct sockaddr *,
+@@ -57,3 +59,5 @@ int	verify_host_key_dns(const char *, struct sockaddr *,
  int	export_dns_rr(const char *, struct sshkey *, FILE *, int);
  
  #endif /* DNS_H */
 +
 +#endif
 diff --git a/hostfile.c b/hostfile.c
-index a4a35597..699d7f2c 100644
+index bd49e3a..34030f1 100644
 --- a/hostfile.c
 +++ b/hostfile.c
 @@ -44,7 +44,9 @@
@@ -83,10 +83,10 @@ index a4a35597..699d7f2c 100644
  #include <stdio.h>
  #include <stdlib.h>
 diff --git a/includes.h b/includes.h
-index 0fd71792..405d3aa2 100644
+index 6d17ef6..eef913a 100644
 --- a/includes.h
 +++ b/includes.h
-@@ -110,7 +110,9 @@
+@@ -109,7 +109,9 @@
  #endif
  
  #include <netinet/in.h>
@@ -97,10 +97,10 @@ index 0fd71792..405d3aa2 100644
  # include <rpc/types.h> /* For INADDR_LOOPBACK */
  #endif
 diff --git a/loginrec.c b/loginrec.c
-index e5289deb..c670f0be 100644
+index 4f21499..574e3a1 100644
 --- a/loginrec.c
 +++ b/loginrec.c
-@@ -460,7 +460,7 @@ login_write(struct logininfo *li)
+@@ -461,7 +461,7 @@ login_write(struct logininfo *li)
  #ifdef USE_WTMP
  	wtmp_write_entry(li);
  #endif
@@ -109,7 +109,7 @@ index e5289deb..c670f0be 100644
  	utmpx_write_entry(li);
  #endif
  #ifdef USE_WTMPX
-@@ -493,7 +493,7 @@ login_utmp_only(struct logininfo *li)
+@@ -494,7 +494,7 @@ login_utmp_only(struct logininfo *li)
  # ifdef USE_WTMP
  	wtmp_write_entry(li);
  # endif
@@ -118,7 +118,7 @@ index e5289deb..c670f0be 100644
  	utmpx_write_entry(li);
  # endif
  # ifdef USE_WTMPX
-@@ -724,7 +724,7 @@ construct_utmp(struct logininfo *li,
+@@ -725,7 +725,7 @@ construct_utmp(struct logininfo *li,
   ** variations.
   **/
  
@@ -127,7 +127,7 @@ index e5289deb..c670f0be 100644
  /* build the utmpx structure */
  void
  set_utmpx_time(struct logininfo *li, struct utmpx *utx)
-@@ -983,7 +983,7 @@ utmp_write_entry(struct logininfo *li)
+@@ -987,7 +987,7 @@ utmp_write_entry(struct logininfo *li)
   **/
  
  /* not much point if we don't want utmpx entries */
@@ -137,10 +137,10 @@ index e5289deb..c670f0be 100644
  /* if we have the wherewithall, use pututxline etc. */
  # if !defined(DISABLE_PUTUTXLINE) && defined(HAVE_SETUTXENT) && \
 diff --git a/misc.c b/misc.c
-index 554ceb0b..67464ef2 100644
+index 85d2236..bc06094 100644
 --- a/misc.c
 +++ b/misc.c
-@@ -50,7 +50,9 @@
+@@ -44,7 +44,9 @@
  #include <unistd.h>
  
  #include <netinet/in.h>
@@ -151,7 +151,7 @@ index 554ceb0b..67464ef2 100644
  #include <netinet/tcp.h>
  #include <arpa/inet.h>
 diff --git a/openbsd-compat/getrrsetbyname-ldns.c b/openbsd-compat/getrrsetbyname-ldns.c
-index 4647b623..d684f6fb 100644
+index 4647b62..d684f6f 100644
 --- a/openbsd-compat/getrrsetbyname-ldns.c
 +++ b/openbsd-compat/getrrsetbyname-ldns.c
 @@ -43,6 +43,8 @@
@@ -170,7 +170,7 @@ index 4647b623..d684f6fb 100644
 +
 +#endif
 diff --git a/openbsd-compat/getrrsetbyname.c b/openbsd-compat/getrrsetbyname.c
-index dc6fe053..9e7fefd0 100644
+index cc1f8ae..57999ed 100644
 --- a/openbsd-compat/getrrsetbyname.c
 +++ b/openbsd-compat/getrrsetbyname.c
 @@ -45,6 +45,8 @@
@@ -182,14 +182,14 @@ index dc6fe053..9e7fefd0 100644
  #include "includes.h"
  
  #if !defined (HAVE_GETRRSETBYNAME) && !defined (HAVE_LDNS)
-@@ -608,3 +610,5 @@ count_dns_rr(struct dns_rr *p, u_int16_t class, u_int16_t type)
+@@ -607,3 +609,5 @@ count_dns_rr(struct dns_rr *p, u_int16_t class, u_int16_t type)
  }
  
  #endif /*  !defined (HAVE_GETRRSETBYNAME) && !defined (HAVE_LDNS) */
 +
 +#endif
 diff --git a/openbsd-compat/getrrsetbyname.h b/openbsd-compat/getrrsetbyname.h
-index 1283f550..0b33705e 100644
+index 1283f55..0b33705 100644
 --- a/openbsd-compat/getrrsetbyname.h
 +++ b/openbsd-compat/getrrsetbyname.h
 @@ -45,6 +45,8 @@
@@ -208,20 +208,20 @@ index 1283f550..0b33705e 100644
 +
 +#endif
 diff --git a/openbsd-compat/mktemp.c b/openbsd-compat/mktemp.c
-index 4eb52f42..50e1bb12 100644
+index ac922c1..1ebb975 100644
 --- a/openbsd-compat/mktemp.c
 +++ b/openbsd-compat/mktemp.c
 @@ -34,7 +34,7 @@
  #include <ctype.h>
  #include <unistd.h>
  
--#if !defined(HAVE_MKDTEMP) || defined(HAVE_STRICT_MKSTEMP)
-+#if !defined(HAVE_MKDTEMP) || defined(HAVE_STRICT_MKSTEMP) && !defined(__serenity__)
+-#if !defined(HAVE_MKDTEMP)
++#if !defined(HAVE_MKDTEMP) || !defined(__serenity__)
  
  #define MKTEMP_NAME	0
  #define MKTEMP_FILE	1
 diff --git a/readconf.c b/readconf.c
-index 2afcbaec..034ad492 100644
+index f26faba..56122d8 100644
 --- a/readconf.c
 +++ b/readconf.c
 @@ -21,7 +21,9 @@
@@ -234,7 +234,7 @@ index 2afcbaec..034ad492 100644
  #include <netinet/ip.h>
  #include <arpa/inet.h>
  
-@@ -1064,11 +1066,12 @@ parse_time:
+@@ -1134,11 +1136,12 @@ parse_time:
  	case oCheckHostIP:
  		intptr = &options->check_host_ip;
  		goto parse_flag;
@@ -249,10 +249,10 @@ index 2afcbaec..034ad492 100644
  	case oStrictHostKeyChecking:
  		intptr = &options->strict_host_key_checking;
 diff --git a/regress/netcat.c b/regress/netcat.c
-index fe94dd90..57c52d3b 100644
+index 20ec3f5..55e087e 100644
 --- a/regress/netcat.c
 +++ b/regress/netcat.c
-@@ -1369,7 +1369,9 @@ usage(int ret)
+@@ -1384,7 +1384,9 @@ usage(int ret)
  #include <stdlib.h>
  #include <string.h>
  #include <unistd.h>
@@ -263,7 +263,7 @@ index fe94dd90..57c52d3b 100644
  #define SOCKS_PORT	"1080"
  #define HTTP_PROXY_PORT	"3128"
 diff --git a/sandbox-pledge.c b/sandbox-pledge.c
-index d28fc272..a244241c 100644
+index 302f1cf..693a443 100644
 --- a/sandbox-pledge.c
 +++ b/sandbox-pledge.c
 @@ -21,7 +21,9 @@
@@ -277,10 +277,10 @@ index d28fc272..a244241c 100644
  #include <sys/wait.h>
  
 diff --git a/servconf.c b/servconf.c
-index ba0a92c7..02b68a9a 100644
+index 9d9681f..c418509 100644
 --- a/servconf.c
 +++ b/servconf.c
-@@ -20,7 +20,9 @@
+@@ -21,7 +21,9 @@
  #endif
  
  #include <netinet/in.h>
@@ -291,18 +291,18 @@ index ba0a92c7..02b68a9a 100644
  #ifdef HAVE_NET_ROUTE_H
  #include <net/route.h>
 diff --git a/ssh-add.c b/ssh-add.c
-index a40198ab..e218270b 100644
+index 7555477..ea8e27c 100644
 --- a/ssh-add.c
 +++ b/ssh-add.c
-@@ -535,6 +535,7 @@ lock_agent(int agent_fd, int lock)
+@@ -577,6 +577,7 @@ lock_agent(int agent_fd, int lock)
  	return (ret);
  }
  
 +#ifndef __serenity__
  static int
- load_resident_keys(int agent_fd, const char *skprovider, int qflag)
- {
-@@ -583,6 +584,7 @@ load_resident_keys(int agent_fd, const char *skprovider, int qflag)
+ load_resident_keys(int agent_fd, const char *skprovider, int qflag,
+     struct dest_constraint **dest_constraints, size_t ndest_constraints)
+@@ -628,6 +629,7 @@ load_resident_keys(int agent_fd, const char *skprovider, int qflag,
  		return SSH_ERR_KEY_NOT_FOUND;
  	return ok == 1 ? 0 : ok;
  }
@@ -310,7 +310,7 @@ index a40198ab..e218270b 100644
  
  static int
  do_file(int agent_fd, int deleting, int key_only, char *file, int qflag,
-@@ -775,6 +777,7 @@ main(int argc, char **argv)
+@@ -964,6 +966,7 @@ main(int argc, char **argv)
  			ret = 1;
  		goto done;
  	}
@@ -318,7 +318,7 @@ index a40198ab..e218270b 100644
  	if (do_download) {
  		if (skprovider == NULL)
  			fatal("Cannot download keys without provider");
-@@ -782,6 +785,7 @@ main(int argc, char **argv)
+@@ -972,6 +975,7 @@ main(int argc, char **argv)
  			ret = 1;
  		goto done;
  	}
@@ -327,10 +327,10 @@ index a40198ab..e218270b 100644
  		char buf[PATH_MAX];
  		struct passwd *pw;
 diff --git a/ssh-agent.c b/ssh-agent.c
-index e081413b..811dc115 100644
+index 03ae2b0..c1b6350 100644
 --- a/ssh-agent.c
 +++ b/ssh-agent.c
-@@ -1308,10 +1308,12 @@ main(int ac, char **av)
+@@ -2146,10 +2146,12 @@ main(int ac, char **av)
  	 * a few spare for libc / stack protectors / sanitisers, etc.
  	 */
  #define SSH_AGENT_MIN_FDS (3+1+1+1+4)
@@ -344,10 +344,10 @@ index e081413b..811dc115 100644
  	parent_pid = getpid();
  
 diff --git a/ssh-keygen.c b/ssh-keygen.c
-index 2c5c75db..85e8a9e2 100644
+index d62fab3..1443c9c 100644
 --- a/ssh-keygen.c
 +++ b/ssh-keygen.c
-@@ -1464,6 +1464,7 @@ do_change_passphrase(struct passwd *pw)
+@@ -1471,6 +1471,7 @@ do_change_passphrase(struct passwd *pw)
  	exit(0);
  }
  
@@ -355,7 +355,7 @@ index 2c5c75db..85e8a9e2 100644
  /*
   * Print the SSHFP RR.
   */
-@@ -1491,6 +1492,7 @@ do_print_resource_record(struct passwd *pw, char *fname, char *hname,
+@@ -1497,6 +1498,7 @@ do_print_resource_record(struct passwd *pw, char *fname, char *hname,
  	free(comment);
  	return 1;
  }
@@ -363,23 +363,23 @@ index 2c5c75db..85e8a9e2 100644
  
  /*
   * Change the comment of a private key file.
-@@ -2929,6 +2931,7 @@ skip_ssh_url_preamble(const char *s)
- 	return s;
+@@ -3075,6 +3077,7 @@ sk_suffix(const char *application, const uint8_t *user, size_t userlen)
+ 	return ret;
  }
  
 +#ifndef __serenity__
  static int
  do_download_sk(const char *skprovider, const char *device)
  {
-@@ -3026,6 +3029,7 @@ do_download_sk(const char *skprovider, const char *device)
- 	free(keys);
- 	return ok ? 0 : -1;
+@@ -3185,6 +3188,7 @@ save_attestation(struct sshbuf *attest, const char *path)
+ 		printf("Your FIDO attestation certificate has been saved in "
+ 		    "%s\n", path);
  }
 +#endif
  
  static void
  usage(void)
-@@ -3437,6 +3441,7 @@ main(int argc, char **argv)
+@@ -3627,6 +3631,7 @@ main(int argc, char **argv)
  	}
  	if (pkcs11provider != NULL)
  		do_download(pw);
@@ -387,7 +387,7 @@ index 2c5c75db..85e8a9e2 100644
  	if (download_sk) {
  		for (i = 0; i < nopts; i++) {
  			if (strncasecmp(opts[i], "device=", 7) == 0) {
-@@ -3448,6 +3453,7 @@ main(int argc, char **argv)
+@@ -3638,6 +3643,7 @@ main(int argc, char **argv)
  		}
  		return do_download_sk(sk_provider, sk_device);
  	}
@@ -395,7 +395,7 @@ index 2c5c75db..85e8a9e2 100644
  	if (print_fingerprint || print_bubblebabble)
  		do_fingerprint(pw);
  	if (change_passphrase)
-@@ -3465,6 +3471,8 @@ main(int argc, char **argv)
+@@ -3655,6 +3661,8 @@ main(int argc, char **argv)
  #endif /* WITH_OPENSSL */
  	if (print_public)
  		do_print_public(pw);
@@ -404,7 +404,7 @@ index 2c5c75db..85e8a9e2 100644
  	if (rr_hostname != NULL) {
  		unsigned int n = 0;
  
-@@ -3496,6 +3504,7 @@ main(int argc, char **argv)
+@@ -3686,6 +3694,7 @@ main(int argc, char **argv)
  			exit(0);
  		}
  	}
@@ -412,7 +412,7 @@ index 2c5c75db..85e8a9e2 100644
  
  	if (do_gen_candidates || do_screen_candidates) {
  		if (argc <= 0)
-@@ -3527,6 +3536,7 @@ main(int argc, char **argv)
+@@ -3717,6 +3726,7 @@ main(int argc, char **argv)
  		printf("Generating public/private %s key pair.\n",
  		    key_type_name);
  	switch (type) {
@@ -420,7 +420,7 @@ index 2c5c75db..85e8a9e2 100644
  	case KEY_ECDSA_SK:
  	case KEY_ED25519_SK:
  		for (i = 0; i < nopts; i++) {
-@@ -3593,6 +3603,7 @@ main(int argc, char **argv)
+@@ -3795,6 +3805,7 @@ main(int argc, char **argv)
  			passphrase = NULL;
  		}
  		break;
@@ -429,10 +429,10 @@ index 2c5c75db..85e8a9e2 100644
  		if ((r = sshkey_generate(type, bits, &private)) != 0)
  			fatal("sshkey_generate failed");
 diff --git a/ssh-keyscan.c b/ssh-keyscan.c
-index a5e64407..c7964ae9 100644
+index d29a03b..e6aac3d 100644
 --- a/ssh-keyscan.c
 +++ b/ssh-keyscan.c
-@@ -311,7 +311,9 @@ keyprint_one(const char *host, struct sshkey *key)
+@@ -313,7 +313,9 @@ keyprint_one(const char *host, struct sshkey *key)
  	found_one = 1;
  
  	if (print_sshfp) {
@@ -443,11 +443,11 @@ index a5e64407..c7964ae9 100644
  	}
  
 diff --git a/ssh-pkcs11-client.c b/ssh-pkcs11-client.c
-index 8a0ffef5..12d05317 100644
+index cfd833d..de8fb90 100644
 --- a/ssh-pkcs11-client.c
 +++ b/ssh-pkcs11-client.c
 @@ -241,6 +241,7 @@ wrap_key(struct sshkey *k)
- 		fatal("%s: unknown key type", __func__);
+ 		fatal_f("unknown key type");
  }
  
 +#ifndef __serenity__
@@ -467,7 +467,7 @@ index 8a0ffef5..12d05317 100644
  	struct sshbuf *msg;
  
 -	if (fd < 0 && pkcs11_start_helper() < 0)
-+	if (fd < 0 
++	if (fd < 0
 +#ifndef __serenity__
 +		&& pkcs11_start_helper() < 0
 +#endif
@@ -476,7 +476,7 @@ index 8a0ffef5..12d05317 100644
  
  	if ((msg = sshbuf_new()) == NULL)
 diff --git a/ssh-sk-client.c b/ssh-sk-client.c
-index 8d7e6c30..21b3ab39 100644
+index 321fe53..984aa6a 100644
 --- a/ssh-sk-client.c
 +++ b/ssh-sk-client.c
 @@ -15,6 +15,8 @@
@@ -488,14 +488,14 @@ index 8d7e6c30..21b3ab39 100644
  #include "includes.h"
  
  #include <sys/types.h>
-@@ -447,3 +449,5 @@ sshsk_load_resident(const char *provider_path, const char *device,
+@@ -478,3 +480,5 @@ sshsk_load_resident(const char *provider_path, const char *device,
  	errno = oerrno;
  	return r;
  }
 +
 +#endif
 diff --git a/sshbuf-misc.c b/sshbuf-misc.c
-index 9b5aa208..20c526b1 100644
+index 9c5c42b..1759ed2 100644
 --- a/sshbuf-misc.c
 +++ b/sshbuf-misc.c
 @@ -28,7 +28,9 @@
@@ -506,21 +506,21 @@ index 9b5aa208..20c526b1 100644
  #include <resolv.h>
 +#endif
  #include <ctype.h>
+ #include <unistd.h>
  
- #include "ssherr.h"
 diff --git a/sshconnect.c b/sshconnect.c
-index af08be41..9e748a23 100644
+index ebecc83..81df612 100644
 --- a/sshconnect.c
 +++ b/sshconnect.c
-@@ -120,6 +120,7 @@ stderr_null(void)
- 		close(devnull);
+@@ -106,6 +106,7 @@ expand_proxy_command(const char *proxy_command, const char *user,
+ 	return ret;
  }
  
 +#ifndef __serenity__
  /*
   * Connect to the given ssh server using a proxy command that passes a
   * a connected fd back to us.
-@@ -202,6 +203,7 @@ ssh_proxy_fdpass_connect(struct ssh *ssh, const char *host,
+@@ -188,6 +189,7 @@ ssh_proxy_fdpass_connect(struct ssh *ssh, const char *host,
  
  	return 0;
  }
@@ -528,12 +528,12 @@ index af08be41..9e748a23 100644
  
  /*
   * Connect to the given ssh server using a proxy command.
-@@ -566,10 +568,13 @@ ssh_connect(struct ssh *ssh, const char *host, const char *host_arg,
+@@ -555,10 +557,13 @@ ssh_connect(struct ssh *ssh, const char *host, const char *host_arg,
  		if ((ssh_packet_set_connection(ssh, in, out)) == NULL)
  			return -1; /* ssh_packet_set_connection logs error */
  		return 0;
 -	} else if (options.proxy_use_fdpass) {
-+	} 
++	}
 +	#ifndef __serenity__
 +	else if (options.proxy_use_fdpass) {
  		return ssh_proxy_fdpass_connect(ssh, host, host_arg, port,
@@ -543,7 +543,7 @@ index af08be41..9e748a23 100644
  	return ssh_proxy_connect(ssh, host, host_arg, port,
  	    options.proxy_command);
  }
-@@ -1218,7 +1223,7 @@ verify_host_key(char *host, struct sockaddr *hostaddr, struct sshkey *host_key)
+@@ -1483,7 +1488,7 @@ verify_host_key(char *host, struct sockaddr *hostaddr, struct sshkey *host_key,
  			goto out;
  		}
  	}
@@ -552,16 +552,16 @@ index af08be41..9e748a23 100644
  	if (options.verify_host_key_dns) {
  		/*
  		 * XXX certs are not yet supported for DNS, so downgrade
-@@ -1247,6 +1252,7 @@ verify_host_key(char *host, struct sockaddr *hostaddr, struct sshkey *host_key)
+@@ -1512,6 +1517,7 @@ verify_host_key(char *host, struct sockaddr *hostaddr, struct sshkey *host_key,
  			}
  		}
  	}
 +#endif
- 	r = check_host_key(host, hostaddr, options.port, host_key, RDRW,
- 	    options.user_hostfiles, options.num_user_hostfiles,
- 	    options.system_hostfiles, options.num_system_hostfiles);
+ 	r = check_host_key(host, cinfo, hostaddr, options.port, host_key,
+ 	    RDRW, 0, options.user_hostfiles, options.num_user_hostfiles,
+ 	    options.system_hostfiles, options.num_system_hostfiles,
 diff --git a/sshkey.c b/sshkey.c
-index 1571e3d9..2b5c611c 100644
+index f1e9200..564ff40 100644
 --- a/sshkey.c
 +++ b/sshkey.c
 @@ -42,7 +42,9 @@
@@ -574,19 +574,19 @@ index 1571e3d9..2b5c611c 100644
  #include <time.h>
  #ifdef HAVE_UTIL_H
  #include <util.h>
-@@ -2759,6 +2761,7 @@ sshkey_sign(struct sshkey *key,
+@@ -2790,6 +2792,7 @@ sshkey_sign(struct sshkey *key,
  	case KEY_ED25519_CERT:
  		r = ssh_ed25519_sign(key, sigp, lenp, data, datalen, compat);
  		break;
-+		#ifndef __serenity__
++#ifndef __serenity__
  	case KEY_ED25519_SK:
  	case KEY_ED25519_SK_CERT:
  	case KEY_ECDSA_SK_CERT:
-@@ -2766,6 +2769,7 @@ sshkey_sign(struct sshkey *key,
+@@ -2797,6 +2800,7 @@ sshkey_sign(struct sshkey *key,
  		r = sshsk_sign(sk_provider, key, sigp, lenp, data,
- 		    datalen, compat, /* XXX PIN */ NULL);
+ 		    datalen, compat, sk_pin);
  		break;
-+		#endif
++#endif
  #ifdef WITH_XMSS
  	case KEY_XMSS:
  	case KEY_XMSS_CERT:
diff --git a/Ports/openssh/patches/pledge.patch b/Ports/openssh/patches/pledge.patch
index f9959ea3f1..0818c54499 100644
--- a/Ports/openssh/patches/pledge.patch
+++ b/Ports/openssh/patches/pledge.patch
@@ -1,50 +1,51 @@
-f524cc245e63092372d78c3d80959b589aeebcc2 Add missing sigaction pledges and remove dns
+Add missing sigaction pledges and remove dns
 diff --git a/clientloop.c b/clientloop.c
-index da396c72..3ff4ea89 100644
+index f8350e6..00bf4b6 100644
 --- a/clientloop.c
 +++ b/clientloop.c
-@@ -1239,31 +1239,31 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg,
+@@ -1227,31 +1227,31 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg,
  	if (options.control_master &&
  	    !option_clear_or_none(options.control_path)) {
  		debug("pledge: id");
 -		if (pledge("stdio rpath wpath cpath unix inet dns recvfd sendfd proc exec id tty",
 +		if (pledge("stdio rpath wpath cpath unix inet recvfd sendfd proc exec id tty sigaction",
  		    NULL) == -1)
- 			fatal("%s pledge(): %s", __func__, strerror(errno));
+ 			fatal_f("pledge(): %s", strerror(errno));
  
  	} else if (options.forward_x11 || options.permit_local_command) {
  		debug("pledge: exec");
 -		if (pledge("stdio rpath wpath cpath unix inet dns proc exec tty",
 +		if (pledge("stdio rpath wpath cpath unix inet proc exec tty sigaction",
  		    NULL) == -1)
- 			fatal("%s pledge(): %s", __func__, strerror(errno));
+ 			fatal_f("pledge(): %s", strerror(errno));
  
  	} else if (options.update_hostkeys) {
- 		debug("pledge: filesystem full");
+ 		debug("pledge: filesystem");
 -		if (pledge("stdio rpath wpath cpath unix inet dns proc tty",
 +		if (pledge("stdio rpath wpath cpath unix inet proc tty sigaction",
  		    NULL) == -1)
- 			fatal("%s pledge(): %s", __func__, strerror(errno));
+ 			fatal_f("pledge(): %s", strerror(errno));
  
  	} else if (!option_clear_or_none(options.proxy_command) ||
- 	    fork_after_authentication_flag) {
+ 	    options.fork_after_authentication) {
  		debug("pledge: proc");
 -		if (pledge("stdio cpath unix inet dns proc tty", NULL) == -1)
 +		if (pledge("stdio cpath unix inet proc tty sigaction", NULL) == -1)
- 			fatal("%s pledge(): %s", __func__, strerror(errno));
+ 			fatal_f("pledge(): %s", strerror(errno));
  
  	} else {
  		debug("pledge: network");
 -		if (pledge("stdio unix inet dns proc tty", NULL) == -1)
 +		if (pledge("stdio unix inet proc tty sigaction", NULL) == -1)
- 			fatal("%s pledge(): %s", __func__, strerror(errno));
+ 			fatal_f("pledge(): %s", strerror(errno));
  	}
  
-diff -Naur openssh-portable-9ca7e9c861775dd6c6312bc8aaab687403d24676/ssh-keysign.c openssh-portable-9ca7e9c861775dd6c6312bc8aaab687403d24676.serenity/ssh-keysign.c
---- openssh-portable-9ca7e9c861775dd6c6312bc8aaab687403d24676/ssh-keysign.c	2020-05-27 02:38:00.000000000 +0200
-+++ openssh-portable-9ca7e9c861775dd6c6312bc8aaab687403d24676.serenity/ssh-keysign.c	2021-05-18 00:09:01.831610440 +0200
-@@ -173,7 +173,7 @@
- 	char *host, *fp;
+diff --git a/ssh-keysign.c b/ssh-keysign.c
+index c52321e..9ae4dbf 100644
+--- a/ssh-keysign.c
++++ b/ssh-keysign.c
+@@ -187,7 +187,7 @@ main(int argc, char **argv)
+ 	char *host, *fp, *pkalg;
  	size_t slen, dlen;
  
 -	if (pledge("stdio rpath getpw dns id", NULL) != 0)
@@ -52,12 +53,12 @@ diff -Naur openssh-portable-9ca7e9c861775dd6c6312bc8aaab687403d24676/ssh-keysign
  		fatal("%s: pledge: %s", __progname, strerror(errno));
  
  	/* Ensure that stdin and stdout are connected */
-@@ -237,7 +237,7 @@
- 	if (!found)
- 		fatal("no hostkey found");
+@@ -226,7 +226,7 @@ main(int argc, char **argv)
+ 		fatal("ssh-keysign not enabled in %s",
+ 		    _PATH_HOST_CONFIG_FILE);
  
 -	if (pledge("stdio dns", NULL) != 0)
 +	if (pledge("stdio", NULL) != 0)
  		fatal("%s: pledge: %s", __progname, strerror(errno));
  
- 	if ((b = sshbuf_new()) == NULL)
+ 	for (i = found = 0; i < NUM_KEYTYPES; i++) {
diff --git a/Ports/openssh/patches/remove_inet_aton_redef.patch b/Ports/openssh/patches/remove_inet_aton_redef.patch
index 2d5cfd01f2..7a09f0d134 100644
--- a/Ports/openssh/patches/remove_inet_aton_redef.patch
+++ b/Ports/openssh/patches/remove_inet_aton_redef.patch
@@ -1,6 +1,6 @@
-bf47ca1400b0548fdabff37c797c6afe89c2ce60 Remove inet_aton redefinition
+Remove inet_aton redefinition
 diff --git a/openbsd-compat/inet_aton.c b/openbsd-compat/inet_aton.c
-index 093a1720..8b0a0c5d 100644
+index 5efcc5f..14aa47b 100644
 --- a/openbsd-compat/inet_aton.c
 +++ b/openbsd-compat/inet_aton.c
 @@ -53,7 +53,7 @@
@@ -11,8 +11,8 @@ index 093a1720..8b0a0c5d 100644
 +#if !defined(__serenity__)
  
  #include <sys/types.h>
- #include <sys/param.h>
-@@ -84,96 +84,96 @@ inet_addr(const char *cp)
+ #include <netinet/in.h>
+@@ -83,96 +83,96 @@ inet_addr(const char *cp)
   * This replaces inet_addr, the return value from which
   * cannot distinguish between failure and a local broadcast address.
   */
@@ -195,10 +195,10 @@ index 093a1720..8b0a0c5d 100644
  
  #endif /* !defined(HAVE_INET_ATON) */
 diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h
-index e5fd6f5b..cb9e1aa0 100644
+index 4316ab8..1c5c338 100644
 --- a/openbsd-compat/openbsd-compat.h
 +++ b/openbsd-compat/openbsd-compat.h
-@@ -153,7 +153,7 @@ char *inet_ntoa(struct in_addr in);
+@@ -166,7 +166,7 @@ char *inet_ntoa(struct in_addr in);
  const char *inet_ntop(int af, const void *src, char *dst, socklen_t size);
  #endif
  
diff --git a/Ports/openssh/patches/scanf_assume_ssh20.patch b/Ports/openssh/patches/scanf_assume_ssh20.patch
index e50bf742c8..ebcdf33510 100644
--- a/Ports/openssh/patches/scanf_assume_ssh20.patch
+++ b/Ports/openssh/patches/scanf_assume_ssh20.patch
@@ -1,18 +1,18 @@
-05b4800c752f5c57deec758118b28fc329a226e8 %.100s and sscanf doesn't do as expected
+%.100s and sscanf doesn't work as expected
 diff --git a/kex.c b/kex.c
-index 09c7258e..4c670986 100644
+index 0bcd27d..2539cc2 100644
 --- a/kex.c
 +++ b/kex.c
-@@ -1182,7 +1182,7 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
+@@ -1229,7 +1229,7 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
  	sshbuf_reset(our_version);
  	if (version_addendum != NULL && *version_addendum == '\0')
  		version_addendum = NULL;
 -	if ((r = sshbuf_putf(our_version, "SSH-%d.%d-%.100s%s%s\r\n",
 +	if ((r = sshbuf_putf(our_version, "SSH-%d.%d-%s%s%s\r\n",
- 	   PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION,
+ 	    PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION,
  	    version_addendum == NULL ? "" : " ",
  	    version_addendum == NULL ? "" : version_addendum)) != 0) {
-@@ -1210,7 +1210,7 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
+@@ -1257,7 +1257,7 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
  		r = SSH_ERR_ALLOC_FAIL;
  		goto out;
  	}
@@ -21,7 +21,7 @@ index 09c7258e..4c670986 100644
  
  	/* Read other side's version identification. */
  	for (n = 0; ; n++) {
-@@ -1310,6 +1310,7 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
+@@ -1353,6 +1353,7 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
  		goto out;
  	}
  
@@ -29,7 +29,7 @@ index 09c7258e..4c670986 100644
  	/*
  	 * Check that the versions match.  In future this might accept
  	 * several versions and set appropriate flags to handle them.
-@@ -1318,11 +1319,19 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
+@@ -1361,11 +1362,19 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms,
  	    &remote_major, &remote_minor, remote_version) != 3) {
  		error("Bad remote protocol version identification: '%.100s'",
  		    peer_version_string);
@@ -48,4 +48,4 @@ index 09c7258e..4c670986 100644
 +#endif
  	debug("Remote protocol version %d.%d, remote software version %.100s",
  	    remote_major, remote_minor, remote_version);
- 	ssh->compat = compat_datafellows(remote_version);
+ 	compat_banner(ssh, remote_version);
diff --git a/Ports/openssh/patches/scm-rights.patch b/Ports/openssh/patches/scm-rights.patch
index cfbea83712..47728f4eaf 100644
--- a/Ports/openssh/patches/scm-rights.patch
+++ b/Ports/openssh/patches/scm-rights.patch
@@ -1,6 +1,7 @@
-diff -Naur openssh-portable-9ca7e9c861775dd6c6312bc8aaab687403d24676/monitor_fdpass.c openssh-portable-9ca7e9c861775dd6c6312bc8aaab687403d24676.serenity/monitor_fdpass.c
---- openssh-portable-9ca7e9c861775dd6c6312bc8aaab687403d24676/monitor_fdpass.c	2020-05-27 02:38:00.000000000 +0200
-+++ openssh-portable-9ca7e9c861775dd6c6312bc8aaab687403d24676.serenity/monitor_fdpass.c	2021-05-01 12:32:21.145854477 +0200
+diff --git a/monitor_fdpass.c b/monitor_fdpass.c
+index a07727a..0a9fe75 100644
+--- a/monitor_fdpass.c
++++ b/monitor_fdpass.c
 @@ -51,6 +51,7 @@
  int
  mm_send_fd(int sock, int fd)
@@ -9,7 +10,7 @@ diff -Naur openssh-portable-9ca7e9c861775dd6c6312bc8aaab687403d24676/monitor_fdp
  #if defined(HAVE_SENDMSG) && (defined(HAVE_ACCRIGHTS_IN_MSGHDR) || defined(HAVE_CONTROL_IN_MSGHDR))
  	struct msghdr msg;
  #ifndef HAVE_ACCRIGHTS_IN_MSGHDR
-@@ -107,11 +108,15 @@
+@@ -106,11 +107,15 @@ mm_send_fd(int sock, int fd)
  	error("%s: file descriptor passing not supported", __func__);
  	return -1;
  #endif
@@ -25,8 +26,8 @@ diff -Naur openssh-portable-9ca7e9c861775dd6c6312bc8aaab687403d24676/monitor_fdp
  #if defined(HAVE_RECVMSG) && (defined(HAVE_ACCRIGHTS_IN_MSGHDR) || defined(HAVE_CONTROL_IN_MSGHDR))
  	struct msghdr msg;
  #ifndef HAVE_ACCRIGHTS_IN_MSGHDR
-@@ -184,4 +189,7 @@
- 	error("%s: file descriptor passing not supported", __func__);
+@@ -182,4 +187,7 @@ mm_receive_fd(int sock)
+ 	error_f("file descriptor passing not supported");
  	return -1;
  #endif
 +#else
diff --git a/Ports/openssh/patches/unveil_privsep.patch b/Ports/openssh/patches/unveil_privsep.patch
index 31cda9a4ae..675f6c5f69 100644
--- a/Ports/openssh/patches/unveil_privsep.patch
+++ b/Ports/openssh/patches/unveil_privsep.patch
@@ -1,8 +1,8 @@
 diff --git a/sshd.c b/sshd.c
-index 6f8f11a..cdbc003 100644
+index 0ee65b5..e2f84de 100644
 --- a/sshd.c
 +++ b/sshd.c
-@@ -461,12 +461,9 @@ privsep_preauth_child(void)
+@@ -452,12 +452,9 @@ privsep_preauth_child(void)
  
  	/* Demote the child */
  	if (privsep_chroot) {
@@ -18,7 +18,7 @@ index 6f8f11a..cdbc003 100644
  
  		/* Drop our privileges */
  		debug3("privsep user:group %u:%u", (u_int)privsep_pw->pw_uid,
-@@ -1899,25 +1896,6 @@ main(int ac, char **av)
+@@ -1952,25 +1949,6 @@ main(int ac, char **av)
  		    sshkey_type(key));
  	}
author	Patrick Meyer <git@the-space.agency>	2022-04-30 10:58:10 +0000
committer	Brian Gianforcaro <b.gianfo@gmail.com>	2022-05-02 17:12:51 -0700
commit	7b76bc2b4983b5fc0c648c5ae0bd9e3f402518fc (patch)
tree	a7aeeb1d9e3f6bf76ac63491a858016623d4db77 /Ports/openssh
parent	60203644766360ca04ac8a6c94b725bb2eaebc7e (diff)
download	serenity-7b76bc2b4983b5fc0c648c5ae0bd9e3f402518fc.zip