From 0f5214447790afa11907f57a2dcac70cb64655a7 Mon Sep 17 00:00:00 2001 From: Luke Date: Sat, 26 Sep 2020 08:12:27 -0700 Subject: Ports: Add OpenSSH port --- Ports/openssh/patches/config.sub.patch | 13 + Ports/openssh/patches/limits.patch | 300 ++++++++++ Ports/openssh/patches/missing_functionality.patch | 641 +++++++++++++++++++++ Ports/openssh/patches/missing_stdio.patch | 16 + Ports/openssh/patches/pledge_sigaction.patch | 42 ++ .../patches/reimplement_read_passphrase.patch | 99 ++++ Ports/openssh/patches/remove_inet_aton_redef.patch | 209 +++++++ Ports/openssh/patches/scanf_assume_ssh20.patch | 51 ++ Ports/openssh/patches/sftp_pipes.patch | 16 + 9 files changed, 1387 insertions(+) create mode 100644 Ports/openssh/patches/config.sub.patch create mode 100644 Ports/openssh/patches/limits.patch create mode 100644 Ports/openssh/patches/missing_functionality.patch create mode 100644 Ports/openssh/patches/missing_stdio.patch create mode 100644 Ports/openssh/patches/pledge_sigaction.patch create mode 100644 Ports/openssh/patches/reimplement_read_passphrase.patch create mode 100644 Ports/openssh/patches/remove_inet_aton_redef.patch create mode 100644 Ports/openssh/patches/scanf_assume_ssh20.patch create mode 100644 Ports/openssh/patches/sftp_pipes.patch (limited to 'Ports/openssh/patches') diff --git a/Ports/openssh/patches/config.sub.patch b/Ports/openssh/patches/config.sub.patch new file mode 100644 index 0000000000..999839c90a --- /dev/null +++ b/Ports/openssh/patches/config.sub.patch @@ -0,0 +1,13 @@ +cd1bd18834e519c4787a4e3672fa0afdf1b22da7 Add Serenity to config.sub +diff --git a/config.sub b/config.sub +index 973a2980..cf386e5c 100755 +--- a/config.sub ++++ b/config.sub +@@ -1339,6 +1339,7 @@ case $os in + # Each alternative MUST end in a * to match a version number. + # sysv* is not here because it comes later, after sysvr4. + gnu* | bsd* | mach* | minix* | genix* | ultrix* | irix* \ ++ | serenity* \ + | *vms* | esix* | aix* | cnk* | sunos | sunos[34]*\ + | hpux* | unos* | osf* | luna* | dgux* | auroraux* | solaris* \ + | sym* | kopensolaris* | plan9* \ diff --git a/Ports/openssh/patches/limits.patch b/Ports/openssh/patches/limits.patch new file mode 100644 index 0000000000..54413ad584 --- /dev/null +++ b/Ports/openssh/patches/limits.patch @@ -0,0 +1,300 @@ +90d6ca5fd87f81c62f3cdde73d4366cfccbab846 Add serenity_limits.h as a slight replacement of limits.h +diff --git a/auth.c b/auth.c +index 086b8ebb..494bb824 100644 +--- a/auth.c ++++ b/auth.c +@@ -77,6 +77,10 @@ + #include "compat.h" + #include "channels.h" + ++#ifdef __serenity__ ++#include "serenity_limits.h" ++#endif ++ + /* import */ + extern ServerOptions options; + extern struct include_list includes; +diff --git a/clientloop.c b/clientloop.c +index 3ff4ea89..80fd49fa 100644 +--- a/clientloop.c ++++ b/clientloop.c +@@ -112,6 +112,10 @@ + #include "ssherr.h" + #include "hostfile.h" + ++#ifdef __serenity__ ++#include "serenity_limits.h" ++#endif ++ + /* import options */ + extern Options options; + +diff --git a/misc.c b/misc.c +index 67464ef2..2442c744 100644 +--- a/misc.c ++++ b/misc.c +@@ -77,6 +77,10 @@ + #include "ssherr.h" + #include "platform.h" + ++#ifdef __serenity__ ++#include "serenity_limits.h" ++#endif ++ + /* remove newline at end of string */ + char * + chop(char *s) +diff --git a/moduli.c b/moduli.c +index 8dd36b1c..afee5a25 100644 +--- a/moduli.c ++++ b/moduli.c +@@ -62,6 +62,10 @@ + + #include "openbsd-compat/openssl-compat.h" + ++#ifdef __serenity__ ++#include "serenity_limits.h" ++#endif ++ + /* + * File output defines + */ +diff --git a/openbsd-compat/bsd-closefrom.c b/openbsd-compat/bsd-closefrom.c +index 8fadca2d..d645c4c7 100644 +--- a/openbsd-compat/bsd-closefrom.c ++++ b/openbsd-compat/bsd-closefrom.c +@@ -50,6 +50,10 @@ + # include + #endif + ++#ifdef __serenity__ ++#include "serenity_limits.h" ++#endif ++ + #ifndef OPEN_MAX + # define OPEN_MAX 256 + #endif +diff --git a/openbsd-compat/glob.c b/openbsd-compat/glob.c +index e8915178..0d3ee0b2 100644 +--- a/openbsd-compat/glob.c ++++ b/openbsd-compat/glob.c +@@ -76,6 +76,10 @@ + #include + #include + ++#ifdef __serenity__ ++#include "serenity_limits.h" ++#endif ++ + #if !defined(HAVE_GLOB) || !defined(GLOB_HAS_ALTDIRFUNC) || \ + !defined(GLOB_HAS_GL_MATCHC) || !defined(GLOB_HAS_GL_STATV) || \ + !defined(HAVE_DECL_GLOB_NOMATCH) || HAVE_DECL_GLOB_NOMATCH == 0 || \ +diff --git a/readconf.c b/readconf.c +index 034ad492..8ecaf697 100644 +--- a/readconf.c ++++ b/readconf.c +@@ -70,6 +70,10 @@ + #include "myproposal.h" + #include "digest.h" + ++#ifdef __serenity__ ++#include "serenity_limits.h" ++#endif ++ + /* Format of the configuration file: + + # Configuration data is parsed as follows: +diff --git a/scp.c b/scp.c +index b4492a06..155029aa 100644 +--- a/scp.c ++++ b/scp.c +@@ -123,6 +123,10 @@ + #include "progressmeter.h" + #include "utf8.h" + ++#ifdef __serenity__ ++#include "serenity_limits.h" ++#endif ++ + extern char *__progname; + + #define COPY_BUFLEN 16384 +diff --git a/serenity_limits.h b/serenity_limits.h +new file mode 100644 +index 00000000..8ee56cc2 +--- /dev/null ++++ b/serenity_limits.h +@@ -0,0 +1,38 @@ ++/* ++ * Copyright (c) 2020, The SerenityOS developers. ++ * All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright notice, this ++ * list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright notice, ++ * this list of conditions and the following disclaimer in the documentation ++ * and/or other materials provided with the distribution. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" ++ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE ++ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR ++ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER ++ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, ++ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE ++ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++ */ ++ ++/* ++ * This header exists because limits.h just straight up does not work. ++ * OpenSSH requires PATH_MAX and SSIZE_MAX and while all the files that require it do include limits.h, it just does not work. ++ * For example: ++ * auth.c:430:30: error: 'PATH_MAX' undeclared (first use in this function) ++ * 430 | char *file, uidstr[32], ret[PATH_MAX]; ++ * | ++ * But, defining them here does work? No idea why any of this happens. ++ */ ++ ++#define PATH_MAX 4096 ++#define SSIZE_MAX 2147483647 +diff --git a/servconf.c b/servconf.c +index 02b68a9a..dddf1b3c 100644 +--- a/servconf.c ++++ b/servconf.c +@@ -72,6 +72,10 @@ + #include "myproposal.h" + #include "digest.h" + ++#ifdef __serenity__ ++#include "serenity_limits.h" ++#endif ++ + static void add_listen_addr(ServerOptions *, const char *, + const char *, int); + static void add_one_listen_addr(ServerOptions *, const char *, +diff --git a/session.c b/session.c +index 18cdfa8c..ca1f0c8b 100644 +--- a/session.c ++++ b/session.c +@@ -105,6 +105,10 @@ + #include + #endif + ++#ifdef __serenity__ ++#include "serenity_limits.h" ++#endif ++ + #define IS_INTERNAL_SFTP(c) \ + (!strncmp(c, INTERNAL_SFTP_NAME, sizeof(INTERNAL_SFTP_NAME) - 1) && \ + (c[sizeof(INTERNAL_SFTP_NAME) - 1] == '\0' || \ +diff --git a/sftp-realpath.c b/sftp-realpath.c +index 9ac40181..d3c71ecd 100644 +--- a/sftp-realpath.c ++++ b/sftp-realpath.c +@@ -44,6 +44,10 @@ + # define SYMLOOP_MAX 32 + #endif + ++#ifdef __serenity__ ++#include "serenity_limits.h" ++#endif ++ + /* XXX rewrite sftp-server to use POSIX realpath and remove this hack */ + + char *sftp_realpath(const char *path, char *resolved); +diff --git a/sftp-server.c b/sftp-server.c +index 359204fa..36c2f263 100644 +--- a/sftp-server.c ++++ b/sftp-server.c +@@ -51,6 +51,10 @@ + #include "sftp.h" + #include "sftp-common.h" + ++#ifdef __serenity__ ++#include "serenity_limits.h" ++#endif ++ + char *sftp_realpath(const char *, char *); /* sftp-realpath.c */ + + /* Our verbosity */ +diff --git a/sftp.c b/sftp.c +index 9ce7055a..a5cb9cee 100644 +--- a/sftp.c ++++ b/sftp.c +@@ -70,6 +70,10 @@ typedef void EditLine; + #include "sftp-common.h" + #include "sftp-client.h" + ++#ifdef __serenity__ ++#include "serenity_limits.h" ++#endif ++ + #define DEFAULT_COPY_BUFLEN 32768 /* Size of buffer for up/download */ + #define DEFAULT_NUM_REQUESTS 64 /* # concurrent outstanding requests */ + +diff --git a/ssh-add.c b/ssh-add.c +index e218270b..ad2fbf44 100644 +--- a/ssh-add.c ++++ b/ssh-add.c +@@ -68,6 +68,10 @@ + #include "digest.h" + #include "ssh-sk.h" + ++#ifdef __serenity__ ++#include "serenity_limits.h" ++#endif ++ + /* argv0 */ + extern char *__progname; + +diff --git a/ssh-agent.c b/ssh-agent.c +index 811dc115..22d0fbe5 100644 +--- a/ssh-agent.c ++++ b/ssh-agent.c +@@ -92,6 +92,10 @@ + #include "ssh-pkcs11.h" + #include "sk-api.h" + ++#ifdef __serenity__ ++#include "serenity_limits.h" ++#endif ++ + #ifndef DEFAULT_PROVIDER_WHITELIST + # define DEFAULT_PROVIDER_WHITELIST "/usr/lib*/*,/usr/local/lib*/*" + #endif +diff --git a/ssh-keygen.c b/ssh-keygen.c +index 85e8a9e2..129d3276 100644 +--- a/ssh-keygen.c ++++ b/ssh-keygen.c +@@ -66,6 +66,10 @@ + #include "ssh-sk.h" + #include "sk-api.h" /* XXX for SSH_SK_USER_PRESENCE_REQD; remove */ + ++#ifdef __serenity__ ++#include "serenity_limits.h" ++#endif ++ + #ifdef WITH_OPENSSL + # define DEFAULT_KEY_TYPE_NAME "rsa" + #else +diff --git a/ssh.c b/ssh.c +index 98b6ce78..5e559a5c 100644 +--- a/ssh.c ++++ b/ssh.c +@@ -113,6 +113,10 @@ + #include "ssh-pkcs11.h" + #endif + ++#ifdef __serenity__ ++#include "serenity_limits.h" ++#endif ++ + extern char *__progname; + + /* Saves a copy of argv for setproctitle emulation */ diff --git a/Ports/openssh/patches/missing_functionality.patch b/Ports/openssh/patches/missing_functionality.patch new file mode 100644 index 0000000000..e4ba95fe6d --- /dev/null +++ b/Ports/openssh/patches/missing_functionality.patch @@ -0,0 +1,641 @@ +08ba07f3ef1eb9cc40204cda0af3886ee071fd47 Ifdef out unimplemented functionality +diff --git a/atomicio.c b/atomicio.c +index e00c9f0d..e51a9999 100644 +--- a/atomicio.c ++++ b/atomicio.c +@@ -120,7 +120,7 @@ atomiciov6(ssize_t (*f) (int, const struct iovec *, int), int fd, + memcpy(iov, _iov, (size_t)iovcnt * sizeof(*_iov)); + + pfd.fd = fd; +-#ifndef BROKEN_READV_COMPARISON ++#if !defined(BROKEN_READV_COMPARISON) && !defined(__serenity__) + pfd.events = f == readv ? POLLIN : POLLOUT; + #else + pfd.events = POLLIN|POLLOUT; +diff --git a/defines.h b/defines.h +index b8ea88b2..1089ee18 100644 +--- a/defines.h ++++ b/defines.h +@@ -55,8 +55,13 @@ enum + /* + * Definitions for IP type of service (ip_tos) + */ ++#ifndef __serenity__ + #include ++#endif + #include ++#ifdef __serenity__ ++#include ++#endif + #ifndef IPTOS_LOWDELAY + # define IPTOS_LOWDELAY 0x10 + # define IPTOS_THROUGHPUT 0x08 +diff --git a/dns.c b/dns.c +index e4f9bf83..779886fa 100644 +--- a/dns.c ++++ b/dns.c +@@ -25,6 +25,8 @@ + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + ++#ifndef __serenity__ ++ + #include "includes.h" + + #include +@@ -353,3 +355,5 @@ export_dns_rr(const char *hostname, struct sshkey *key, FILE *f, int generic) + + return success; + } ++ ++#endif +diff --git a/dns.h b/dns.h +index 91f3c632..0de0a81b 100644 +--- a/dns.h ++++ b/dns.h +@@ -25,6 +25,8 @@ + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + ++#ifndef __serenity__ ++ + #ifndef DNS_H + #define DNS_H + +@@ -56,3 +58,5 @@ int verify_host_key_dns(const char *, struct sockaddr *, + int export_dns_rr(const char *, struct sshkey *, FILE *, int); + + #endif /* DNS_H */ ++ ++#endif +diff --git a/hostfile.c b/hostfile.c +index a4a35597..699d7f2c 100644 +--- a/hostfile.c ++++ b/hostfile.c +@@ -44,7 +44,9 @@ + #include + + #include ++#ifndef __serenity__ + #include ++#endif + #include + #include + #include +diff --git a/includes.h b/includes.h +index 0fd71792..405d3aa2 100644 +--- a/includes.h ++++ b/includes.h +@@ -110,7 +110,9 @@ + #endif + + #include ++#ifndef __serenity__ + #include /* For typedefs */ ++#endif + #ifdef HAVE_RPC_TYPES_H + # include /* For INADDR_LOOPBACK */ + #endif +diff --git a/loginrec.c b/loginrec.c +index e5289deb..c670f0be 100644 +--- a/loginrec.c ++++ b/loginrec.c +@@ -460,7 +460,7 @@ login_write(struct logininfo *li) + #ifdef USE_WTMP + wtmp_write_entry(li); + #endif +-#ifdef USE_UTMPX ++#ifndef __serenity__ + utmpx_write_entry(li); + #endif + #ifdef USE_WTMPX +@@ -493,7 +493,7 @@ login_utmp_only(struct logininfo *li) + # ifdef USE_WTMP + wtmp_write_entry(li); + # endif +-# ifdef USE_UTMPX ++# ifndef __serenity__ + utmpx_write_entry(li); + # endif + # ifdef USE_WTMPX +@@ -724,7 +724,7 @@ construct_utmp(struct logininfo *li, + ** variations. + **/ + +-#if defined(USE_UTMPX) || defined (USE_WTMPX) ++#if !defined(__serenity__) + /* build the utmpx structure */ + void + set_utmpx_time(struct logininfo *li, struct utmpx *utx) +@@ -983,7 +983,7 @@ utmp_write_entry(struct logininfo *li) + **/ + + /* not much point if we don't want utmpx entries */ +-#ifdef USE_UTMPX ++#ifndef __serenity__ + + /* if we have the wherewithall, use pututxline etc. */ + # if !defined(DISABLE_PUTUTXLINE) && defined(HAVE_SETUTXENT) && \ +diff --git a/misc.c b/misc.c +index 554ceb0b..67464ef2 100644 +--- a/misc.c ++++ b/misc.c +@@ -50,7 +50,9 @@ + #include + + #include ++#ifndef __serenity__ + #include ++#endif + #include + #include + #include +diff --git a/monitor.c b/monitor.c +index b6e855d5..bde8f383 100644 +--- a/monitor.c ++++ b/monitor.c +@@ -1752,8 +1752,10 @@ monitor_openfds(struct monitor *mon, int do_logfds) + int on = 1; + #endif + ++#ifndef __serenity__ + if (socketpair(AF_UNIX, SOCK_STREAM, 0, pair) == -1) + fatal("%s: socketpair: %s", __func__, strerror(errno)); ++#endif + #ifdef SO_ZEROIZE + if (setsockopt(pair[0], SOL_SOCKET, SO_ZEROIZE, &on, sizeof(on)) == -1) + error("setsockopt SO_ZEROIZE(0): %.100s", strerror(errno)); +diff --git a/openbsd-compat/bsd-misc.c b/openbsd-compat/bsd-misc.c +index 059b6d3b..2a248c81 100644 +--- a/openbsd-compat/bsd-misc.c ++++ b/openbsd-compat/bsd-misc.c +@@ -362,7 +362,7 @@ pledge(const char *promises, const char *paths[]) + } + #endif + +-#ifndef HAVE_MBTOWC ++#if !defined(HAVE_MBTOWC) && !defined(__serenity__) + /* a mbtowc that only supports ASCII */ + int + mbtowc(wchar_t *pwc, const char *s, size_t n) +diff --git a/openbsd-compat/getrrsetbyname-ldns.c b/openbsd-compat/getrrsetbyname-ldns.c +index 4647b623..d684f6fb 100644 +--- a/openbsd-compat/getrrsetbyname-ldns.c ++++ b/openbsd-compat/getrrsetbyname-ldns.c +@@ -43,6 +43,8 @@ + * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + ++#ifndef __serenity__ ++ + #include "includes.h" + + #if !defined (HAVE_GETRRSETBYNAME) && defined (HAVE_LDNS) +@@ -282,3 +284,5 @@ freerrset(struct rrsetinfo *rrset) + + + #endif /* !defined (HAVE_GETRRSETBYNAME) && defined (HAVE_LDNS) */ ++ ++#endif +diff --git a/openbsd-compat/getrrsetbyname.c b/openbsd-compat/getrrsetbyname.c +index dc6fe053..9e7fefd0 100644 +--- a/openbsd-compat/getrrsetbyname.c ++++ b/openbsd-compat/getrrsetbyname.c +@@ -45,6 +45,8 @@ + + /* OPENBSD ORIGINAL: lib/libc/net/getrrsetbyname.c */ + ++#ifndef __serenity__ ++ + #include "includes.h" + + #if !defined (HAVE_GETRRSETBYNAME) && !defined (HAVE_LDNS) +@@ -608,3 +610,5 @@ count_dns_rr(struct dns_rr *p, u_int16_t class, u_int16_t type) + } + + #endif /* !defined (HAVE_GETRRSETBYNAME) && !defined (HAVE_LDNS) */ ++ ++#endif +diff --git a/openbsd-compat/getrrsetbyname.h b/openbsd-compat/getrrsetbyname.h +index 1283f550..0b33705e 100644 +--- a/openbsd-compat/getrrsetbyname.h ++++ b/openbsd-compat/getrrsetbyname.h +@@ -45,6 +45,8 @@ + * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + ++#ifndef __serenity__ ++ + #ifndef _GETRRSETBYNAME_H + #define _GETRRSETBYNAME_H + +@@ -108,3 +110,5 @@ void freerrset(struct rrsetinfo *); + #endif /* !defined(HAVE_GETRRSETBYNAME) */ + + #endif /* _GETRRSETBYNAME_H */ ++ ++#endif +diff --git a/openbsd-compat/mktemp.c b/openbsd-compat/mktemp.c +index 4eb52f42..50e1bb12 100644 +--- a/openbsd-compat/mktemp.c ++++ b/openbsd-compat/mktemp.c +@@ -34,7 +34,7 @@ + #include + #include + +-#if !defined(HAVE_MKDTEMP) || defined(HAVE_STRICT_MKSTEMP) ++#if !defined(HAVE_MKDTEMP) || defined(HAVE_STRICT_MKSTEMP) && !defined(__serenity__) + + #define MKTEMP_NAME 0 + #define MKTEMP_FILE 1 +diff --git a/readconf.c b/readconf.c +index 2afcbaec..034ad492 100644 +--- a/readconf.c ++++ b/readconf.c +@@ -21,7 +21,9 @@ + #include + + #include ++#ifndef __serenity__ + #include ++#endif + #include + #include + +@@ -1064,11 +1066,12 @@ parse_time: + case oCheckHostIP: + intptr = &options->check_host_ip; + goto parse_flag; +- ++#ifndef __serenity__ + case oVerifyHostKeyDNS: + intptr = &options->verify_host_key_dns; + multistate_ptr = multistate_yesnoask; + goto parse_multistate; ++ #endif + + case oStrictHostKeyChecking: + intptr = &options->strict_host_key_checking; +diff --git a/regress/netcat.c b/regress/netcat.c +index fe94dd90..57c52d3b 100644 +--- a/regress/netcat.c ++++ b/regress/netcat.c +@@ -1369,7 +1369,9 @@ usage(int ret) + #include + #include + #include ++#ifndef __serenity__ + #include ++#endif + + #define SOCKS_PORT "1080" + #define HTTP_PROXY_PORT "3128" +diff --git a/sandbox-pledge.c b/sandbox-pledge.c +index d28fc272..a244241c 100644 +--- a/sandbox-pledge.c ++++ b/sandbox-pledge.c +@@ -21,7 +21,9 @@ + + #include + #include ++#ifndef __serenity__ + #include ++#endif + #include + #include + +diff --git a/servconf.c b/servconf.c +index ba0a92c7..02b68a9a 100644 +--- a/servconf.c ++++ b/servconf.c +@@ -20,7 +20,9 @@ + #endif + + #include ++#ifndef __serenity__ + #include ++#endif + #include + #ifdef HAVE_NET_ROUTE_H + #include +diff --git a/ssh-add.c b/ssh-add.c +index a40198ab..e218270b 100644 +--- a/ssh-add.c ++++ b/ssh-add.c +@@ -535,6 +535,7 @@ lock_agent(int agent_fd, int lock) + return (ret); + } + ++#ifndef __serenity__ + static int + load_resident_keys(int agent_fd, const char *skprovider, int qflag) + { +@@ -583,6 +584,7 @@ load_resident_keys(int agent_fd, const char *skprovider, int qflag) + return SSH_ERR_KEY_NOT_FOUND; + return ok == 1 ? 0 : ok; + } ++#endif + + static int + do_file(int agent_fd, int deleting, int key_only, char *file, int qflag, +@@ -775,6 +777,7 @@ main(int argc, char **argv) + ret = 1; + goto done; + } ++ #ifndef __serenity__ + if (do_download) { + if (skprovider == NULL) + fatal("Cannot download keys without provider"); +@@ -782,6 +785,7 @@ main(int argc, char **argv) + ret = 1; + goto done; + } ++ #endif + if (argc == 0) { + char buf[PATH_MAX]; + struct passwd *pw; +diff --git a/ssh-agent.c b/ssh-agent.c +index e081413b..811dc115 100644 +--- a/ssh-agent.c ++++ b/ssh-agent.c +@@ -1308,10 +1308,12 @@ main(int ac, char **av) + * a few spare for libc / stack protectors / sanitisers, etc. + */ + #define SSH_AGENT_MIN_FDS (3+1+1+1+4) ++#ifndef __serenity__ + if (rlim.rlim_cur < SSH_AGENT_MIN_FDS) + fatal("%s: file descriptor rlimit %lld too low (minimum %u)", + __progname, (long long)rlim.rlim_cur, SSH_AGENT_MIN_FDS); + maxfds = rlim.rlim_cur - SSH_AGENT_MIN_FDS; ++#endif + + parent_pid = getpid(); + +diff --git a/ssh-keygen.c b/ssh-keygen.c +index 2c5c75db..85e8a9e2 100644 +--- a/ssh-keygen.c ++++ b/ssh-keygen.c +@@ -1464,6 +1464,7 @@ do_change_passphrase(struct passwd *pw) + exit(0); + } + ++#ifndef __serenity__ + /* + * Print the SSHFP RR. + */ +@@ -1491,6 +1492,7 @@ do_print_resource_record(struct passwd *pw, char *fname, char *hname, + free(comment); + return 1; + } ++#endif + + /* + * Change the comment of a private key file. +@@ -2929,6 +2931,7 @@ skip_ssh_url_preamble(const char *s) + return s; + } + ++#ifndef __serenity__ + static int + do_download_sk(const char *skprovider, const char *device) + { +@@ -3026,6 +3029,7 @@ do_download_sk(const char *skprovider, const char *device) + free(keys); + return ok ? 0 : -1; + } ++#endif + + static void + usage(void) +@@ -3437,6 +3441,7 @@ main(int argc, char **argv) + } + if (pkcs11provider != NULL) + do_download(pw); ++#ifndef __serenity__ + if (download_sk) { + for (i = 0; i < nopts; i++) { + if (strncasecmp(opts[i], "device=", 7) == 0) { +@@ -3448,6 +3453,7 @@ main(int argc, char **argv) + } + return do_download_sk(sk_provider, sk_device); + } ++#endif + if (print_fingerprint || print_bubblebabble) + do_fingerprint(pw); + if (change_passphrase) +@@ -3465,6 +3471,8 @@ main(int argc, char **argv) + #endif /* WITH_OPENSSL */ + if (print_public) + do_print_public(pw); ++ ++#ifndef __serenity__ + if (rr_hostname != NULL) { + unsigned int n = 0; + +@@ -3496,6 +3504,7 @@ main(int argc, char **argv) + exit(0); + } + } ++#endif + + if (do_gen_candidates || do_screen_candidates) { + if (argc <= 0) +@@ -3527,6 +3536,7 @@ main(int argc, char **argv) + printf("Generating public/private %s key pair.\n", + key_type_name); + switch (type) { ++#ifndef __serenity__ + case KEY_ECDSA_SK: + case KEY_ED25519_SK: + for (i = 0; i < nopts; i++) { +@@ -3593,6 +3603,7 @@ main(int argc, char **argv) + passphrase = NULL; + } + break; ++#endif + default: + if ((r = sshkey_generate(type, bits, &private)) != 0) + fatal("sshkey_generate failed"); +diff --git a/ssh-keyscan.c b/ssh-keyscan.c +index a5e64407..c7964ae9 100644 +--- a/ssh-keyscan.c ++++ b/ssh-keyscan.c +@@ -311,7 +311,9 @@ keyprint_one(const char *host, struct sshkey *key) + found_one = 1; + + if (print_sshfp) { ++#ifndef __serenity__ + export_dns_rr(host, key, stdout, 0); ++#endif + return; + } + +diff --git a/ssh-pkcs11-client.c b/ssh-pkcs11-client.c +index 8a0ffef5..12d05317 100644 +--- a/ssh-pkcs11-client.c ++++ b/ssh-pkcs11-client.c +@@ -241,6 +241,7 @@ wrap_key(struct sshkey *k) + fatal("%s: unknown key type", __func__); + } + ++#ifndef __serenity__ + static int + pkcs11_start_helper_methods(void) + { +@@ -310,6 +311,7 @@ pkcs11_start_helper(void) + fd = pair[0]; + return (0); + } ++#endif + + int + pkcs11_add_provider(char *name, char *pin, struct sshkey ***keysp, +@@ -323,7 +325,11 @@ pkcs11_add_provider(char *name, char *pin, struct sshkey ***keysp, + u_int nkeys, i; + struct sshbuf *msg; + +- if (fd < 0 && pkcs11_start_helper() < 0) ++ if (fd < 0 ++#ifndef __serenity__ ++ && pkcs11_start_helper() < 0 ++#endif ++ ) + return (-1); + + if ((msg = sshbuf_new()) == NULL) +diff --git a/ssh-sk-client.c b/ssh-sk-client.c +index 8d7e6c30..21b3ab39 100644 +--- a/ssh-sk-client.c ++++ b/ssh-sk-client.c +@@ -15,6 +15,8 @@ + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + ++#ifndef __serenity__ ++ + #include "includes.h" + + #include +@@ -447,3 +449,5 @@ sshsk_load_resident(const char *provider_path, const char *device, + errno = oerrno; + return r; + } ++ ++#endif +diff --git a/sshbuf-misc.c b/sshbuf-misc.c +index 9b5aa208..20c526b1 100644 +--- a/sshbuf-misc.c ++++ b/sshbuf-misc.c +@@ -28,7 +28,9 @@ + #include + #include + #include ++#ifndef __serenity__ + #include ++#endif + #include + + #include "ssherr.h" +diff --git a/sshconnect.c b/sshconnect.c +index af08be41..9e748a23 100644 +--- a/sshconnect.c ++++ b/sshconnect.c +@@ -120,6 +120,7 @@ stderr_null(void) + close(devnull); + } + ++#ifndef __serenity__ + /* + * Connect to the given ssh server using a proxy command that passes a + * a connected fd back to us. +@@ -202,6 +203,7 @@ ssh_proxy_fdpass_connect(struct ssh *ssh, const char *host, + + return 0; + } ++#endif + + /* + * Connect to the given ssh server using a proxy command. +@@ -566,10 +568,13 @@ ssh_connect(struct ssh *ssh, const char *host, const char *host_arg, + if ((ssh_packet_set_connection(ssh, in, out)) == NULL) + return -1; /* ssh_packet_set_connection logs error */ + return 0; +- } else if (options.proxy_use_fdpass) { ++ } ++ #ifndef __serenity__ ++ else if (options.proxy_use_fdpass) { + return ssh_proxy_fdpass_connect(ssh, host, host_arg, port, + options.proxy_command); + } ++ #endif + return ssh_proxy_connect(ssh, host, host_arg, port, + options.proxy_command); + } +@@ -1218,7 +1223,7 @@ verify_host_key(char *host, struct sockaddr *hostaddr, struct sshkey *host_key) + goto out; + } + } +- ++#ifndef __serenity__ + if (options.verify_host_key_dns) { + /* + * XXX certs are not yet supported for DNS, so downgrade +@@ -1247,6 +1252,7 @@ verify_host_key(char *host, struct sockaddr *hostaddr, struct sshkey *host_key) + } + } + } ++#endif + r = check_host_key(host, hostaddr, options.port, host_key, RDRW, + options.user_hostfiles, options.num_user_hostfiles, + options.system_hostfiles, options.num_system_hostfiles); +diff --git a/sshd.c b/sshd.c +index 6f8f11a3..1ecf3e32 100644 +--- a/sshd.c ++++ b/sshd.c +@@ -1231,6 +1231,8 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) + continue; + } + ++// FIXME: socketpair is seemingly required for SSHD to work, but doesn't current exist. ++#ifndef __serenity__ + if (rexec_flag && socketpair(AF_UNIX, + SOCK_STREAM, 0, config_s) == -1) { + error("reexec socketpair: %s", +@@ -1240,6 +1242,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) + close(startup_p[1]); + continue; + } ++#endif + + for (j = 0; j < options.max_startups; j++) + if (startup_pipes[j] == -1) { +diff --git a/sshkey.c b/sshkey.c +index 1571e3d9..2b5c611c 100644 +--- a/sshkey.c ++++ b/sshkey.c +@@ -42,7 +42,9 @@ + #include + #include + #include ++#ifndef __serenity__ + #include ++#endif + #include + #ifdef HAVE_UTIL_H + #include +@@ -2759,6 +2761,7 @@ sshkey_sign(struct sshkey *key, + case KEY_ED25519_CERT: + r = ssh_ed25519_sign(key, sigp, lenp, data, datalen, compat); + break; ++ #ifndef __serenity__ + case KEY_ED25519_SK: + case KEY_ED25519_SK_CERT: + case KEY_ECDSA_SK_CERT: +@@ -2766,6 +2769,7 @@ sshkey_sign(struct sshkey *key, + r = sshsk_sign(sk_provider, key, sigp, lenp, data, + datalen, compat, /* XXX PIN */ NULL); + break; ++ #endif + #ifdef WITH_XMSS + case KEY_XMSS: + case KEY_XMSS_CERT: diff --git a/Ports/openssh/patches/missing_stdio.patch b/Ports/openssh/patches/missing_stdio.patch new file mode 100644 index 0000000000..7a2ca5a618 --- /dev/null +++ b/Ports/openssh/patches/missing_stdio.patch @@ -0,0 +1,16 @@ +87fc789d2db19db2a65cbf45b53afde5722ad1af Add missing stdio include in bsd-flock +diff --git a/openbsd-compat/bsd-flock.c b/openbsd-compat/bsd-flock.c +index 9b15d1ea..bf57389a 100644 +--- a/openbsd-compat/bsd-flock.c ++++ b/openbsd-compat/bsd-flock.c +@@ -40,6 +40,10 @@ + #include + #include + ++#ifdef __serenity__ ++#include ++#endif ++ + int + flock(int fd, int op) + { diff --git a/Ports/openssh/patches/pledge_sigaction.patch b/Ports/openssh/patches/pledge_sigaction.patch new file mode 100644 index 0000000000..d1f7e8a558 --- /dev/null +++ b/Ports/openssh/patches/pledge_sigaction.patch @@ -0,0 +1,42 @@ +f524cc245e63092372d78c3d80959b589aeebcc2 Add missing sigaction pledges +diff --git a/clientloop.c b/clientloop.c +index da396c72..3ff4ea89 100644 +--- a/clientloop.c ++++ b/clientloop.c +@@ -1239,31 +1239,31 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg, + if (options.control_master && + !option_clear_or_none(options.control_path)) { + debug("pledge: id"); +- if (pledge("stdio rpath wpath cpath unix inet dns recvfd sendfd proc exec id tty", ++ if (pledge("stdio rpath wpath cpath unix inet dns recvfd sendfd proc exec id tty sigaction", + NULL) == -1) + fatal("%s pledge(): %s", __func__, strerror(errno)); + + } else if (options.forward_x11 || options.permit_local_command) { + debug("pledge: exec"); +- if (pledge("stdio rpath wpath cpath unix inet dns proc exec tty", ++ if (pledge("stdio rpath wpath cpath unix inet dns proc exec tty sigaction", + NULL) == -1) + fatal("%s pledge(): %s", __func__, strerror(errno)); + + } else if (options.update_hostkeys) { + debug("pledge: filesystem full"); +- if (pledge("stdio rpath wpath cpath unix inet dns proc tty", ++ if (pledge("stdio rpath wpath cpath unix inet dns proc tty sigaction", + NULL) == -1) + fatal("%s pledge(): %s", __func__, strerror(errno)); + + } else if (!option_clear_or_none(options.proxy_command) || + fork_after_authentication_flag) { + debug("pledge: proc"); +- if (pledge("stdio cpath unix inet dns proc tty", NULL) == -1) ++ if (pledge("stdio cpath unix inet dns proc tty sigaction", NULL) == -1) + fatal("%s pledge(): %s", __func__, strerror(errno)); + + } else { + debug("pledge: network"); +- if (pledge("stdio unix inet dns proc tty", NULL) == -1) ++ if (pledge("stdio unix inet dns proc tty sigaction", NULL) == -1) + fatal("%s pledge(): %s", __func__, strerror(errno)); + } + diff --git a/Ports/openssh/patches/reimplement_read_passphrase.patch b/Ports/openssh/patches/reimplement_read_passphrase.patch new file mode 100644 index 0000000000..d3eaf65213 --- /dev/null +++ b/Ports/openssh/patches/reimplement_read_passphrase.patch @@ -0,0 +1,99 @@ +81548c85897681d42968dd7ca228c6b128ac39f1 Reimplement read_passphrase as a C version of Core::get_password +diff --git a/readpass.c b/readpass.c +index 974d67f0..3496eebe 100644 +--- a/readpass.c ++++ b/readpass.c +@@ -47,6 +47,10 @@ + #include "ssh.h" + #include "uidswap.h" + ++#ifdef __serenity__ ++#include ++#endif ++ + static char * + ssh_askpass(char *askpass, const char *msg, const char *env_hint) + { +@@ -122,62 +126,33 @@ ssh_askpass(char *askpass, const char *msg, const char *env_hint) + char * + read_passphrase(const char *prompt, int flags) + { +- char cr = '\r', *askpass = NULL, *ret, buf[1024]; +- int rppflags, use_askpass = 0, ttyfd; +- const char *askpass_hint = NULL; ++ // Reimplementation of Core::get_password ++ fwrite(prompt, sizeof(char), strlen(prompt), stdout); ++ fflush(stdout); ++ ++ struct termios original; ++ tcgetattr(STDIN_FILENO, &original); + +- rppflags = (flags & RP_ECHO) ? RPP_ECHO_ON : RPP_ECHO_OFF; +- if (flags & RP_USE_ASKPASS) +- use_askpass = 1; +- else if (flags & RP_ALLOW_STDIN) { +- if (!isatty(STDIN_FILENO)) { +- debug("read_passphrase: stdin is not a tty"); +- use_askpass = 1; +- } +- } else { +- rppflags |= RPP_REQUIRE_TTY; +- ttyfd = open(_PATH_TTY, O_RDWR); +- if (ttyfd >= 0) { +- /* +- * If we're on a tty, ensure that show the prompt at +- * the beginning of the line. This will hopefully +- * clobber any password characters the user has +- * optimistically typed before echo is disabled. +- */ +- (void)write(ttyfd, &cr, 1); +- close(ttyfd); +- } else { +- debug("read_passphrase: can't open %s: %s", _PATH_TTY, +- strerror(errno)); +- use_askpass = 1; +- } ++ struct termios no_echo = original; ++ no_echo.c_lflag &= ~ECHO; ++ if (tcsetattr(STDIN_FILENO, TCSAFLUSH, &no_echo) < 0) { ++ return errno; + } + +- if ((flags & RP_USE_ASKPASS) && getenv("DISPLAY") == NULL) +- return (flags & RP_ALLOW_EOF) ? NULL : xstrdup(""); ++ char* password = NULL; ++ size_t n = 0; + +- if (use_askpass && getenv("DISPLAY")) { +- if (getenv(SSH_ASKPASS_ENV)) +- askpass = getenv(SSH_ASKPASS_ENV); +- else +- askpass = _PATH_SSH_ASKPASS_DEFAULT; +- if ((flags & RP_ASK_PERMISSION) != 0) +- askpass_hint = "confirm"; +- if ((ret = ssh_askpass(askpass, prompt, askpass_hint)) == NULL) +- if (!(flags & RP_ALLOW_EOF)) +- return xstrdup(""); +- return ret; ++ int ret = getline(&password, &n, stdin); ++ tcsetattr(STDIN_FILENO, TCSAFLUSH, &original); ++ putchar('\n'); ++ if (ret < 0) { ++ return errno; + } + +- if (readpassphrase(prompt, buf, sizeof buf, rppflags) == NULL) { +- if (flags & RP_ALLOW_EOF) +- return NULL; +- return xstrdup(""); +- } ++ // Bit of a dirty way of removing the newline in password ++ password[strcspn(password, "\n")] = '\0'; + +- ret = xstrdup(buf); +- explicit_bzero(buf, sizeof(buf)); +- return ret; ++ return password; + } + + int diff --git a/Ports/openssh/patches/remove_inet_aton_redef.patch b/Ports/openssh/patches/remove_inet_aton_redef.patch new file mode 100644 index 0000000000..2d5cfd01f2 --- /dev/null +++ b/Ports/openssh/patches/remove_inet_aton_redef.patch @@ -0,0 +1,209 @@ +bf47ca1400b0548fdabff37c797c6afe89c2ce60 Remove inet_aton redefinition +diff --git a/openbsd-compat/inet_aton.c b/openbsd-compat/inet_aton.c +index 093a1720..8b0a0c5d 100644 +--- a/openbsd-compat/inet_aton.c ++++ b/openbsd-compat/inet_aton.c +@@ -53,7 +53,7 @@ + + #include "includes.h" + +-#if !defined(HAVE_INET_ATON) ++#if !defined(__serenity__) + + #include + #include +@@ -84,96 +84,96 @@ inet_addr(const char *cp) + * This replaces inet_addr, the return value from which + * cannot distinguish between failure and a local broadcast address. + */ +-int +-inet_aton(const char *cp, struct in_addr *addr) +-{ +- u_int32_t val; +- int base, n; +- char c; +- u_int parts[4]; +- u_int *pp = parts; ++// int ++// inet_aton(const char *cp, struct in_addr *addr) ++// { ++// u_int32_t val; ++// int base, n; ++// char c; ++// u_int parts[4]; ++// u_int *pp = parts; + +- c = *cp; +- for (;;) { +- /* +- * Collect number up to ``.''. +- * Values are specified as for C: +- * 0x=hex, 0=octal, isdigit=decimal. +- */ +- if (!isdigit(c)) +- return (0); +- val = 0; base = 10; +- if (c == '0') { +- c = *++cp; +- if (c == 'x' || c == 'X') +- base = 16, c = *++cp; +- else +- base = 8; +- } +- for (;;) { +- if (isascii(c) && isdigit(c)) { +- val = (val * base) + (c - '0'); +- c = *++cp; +- } else if (base == 16 && isascii(c) && isxdigit(c)) { +- val = (val << 4) | +- (c + 10 - (islower(c) ? 'a' : 'A')); +- c = *++cp; +- } else +- break; +- } +- if (c == '.') { +- /* +- * Internet format: +- * a.b.c.d +- * a.b.c (with c treated as 16 bits) +- * a.b (with b treated as 24 bits) +- */ +- if (pp >= parts + 3) +- return (0); +- *pp++ = val; +- c = *++cp; +- } else +- break; +- } +- /* +- * Check for trailing characters. +- */ +- if (c != '\0' && (!isascii(c) || !isspace(c))) +- return (0); +- /* +- * Concoct the address according to +- * the number of parts specified. +- */ +- n = pp - parts + 1; +- switch (n) { ++// c = *cp; ++// for (;;) { ++// /* ++// * Collect number up to ``.''. ++// * Values are specified as for C: ++// * 0x=hex, 0=octal, isdigit=decimal. ++// */ ++// if (!isdigit(c)) ++// return (0); ++// val = 0; base = 10; ++// if (c == '0') { ++// c = *++cp; ++// if (c == 'x' || c == 'X') ++// base = 16, c = *++cp; ++// else ++// base = 8; ++// } ++// for (;;) { ++// if (isascii(c) && isdigit(c)) { ++// val = (val * base) + (c - '0'); ++// c = *++cp; ++// } else if (base == 16 && isascii(c) && isxdigit(c)) { ++// val = (val << 4) | ++// (c + 10 - (islower(c) ? 'a' : 'A')); ++// c = *++cp; ++// } else ++// break; ++// } ++// if (c == '.') { ++// /* ++// * Internet format: ++// * a.b.c.d ++// * a.b.c (with c treated as 16 bits) ++// * a.b (with b treated as 24 bits) ++// */ ++// if (pp >= parts + 3) ++// return (0); ++// *pp++ = val; ++// c = *++cp; ++// } else ++// break; ++// } ++// /* ++// * Check for trailing characters. ++// */ ++// if (c != '\0' && (!isascii(c) || !isspace(c))) ++// return (0); ++// /* ++// * Concoct the address according to ++// * the number of parts specified. ++// */ ++// n = pp - parts + 1; ++// switch (n) { + +- case 0: +- return (0); /* initial nondigit */ ++// case 0: ++// return (0); /* initial nondigit */ + +- case 1: /* a -- 32 bits */ +- break; ++// case 1: /* a -- 32 bits */ ++// break; + +- case 2: /* a.b -- 8.24 bits */ +- if ((val > 0xffffff) || (parts[0] > 0xff)) +- return (0); +- val |= parts[0] << 24; +- break; ++// case 2: /* a.b -- 8.24 bits */ ++// if ((val > 0xffffff) || (parts[0] > 0xff)) ++// return (0); ++// val |= parts[0] << 24; ++// break; + +- case 3: /* a.b.c -- 8.8.16 bits */ +- if ((val > 0xffff) || (parts[0] > 0xff) || (parts[1] > 0xff)) +- return (0); +- val |= (parts[0] << 24) | (parts[1] << 16); +- break; ++// case 3: /* a.b.c -- 8.8.16 bits */ ++// if ((val > 0xffff) || (parts[0] > 0xff) || (parts[1] > 0xff)) ++// return (0); ++// val |= (parts[0] << 24) | (parts[1] << 16); ++// break; + +- case 4: /* a.b.c.d -- 8.8.8.8 bits */ +- if ((val > 0xff) || (parts[0] > 0xff) || (parts[1] > 0xff) || (parts[2] > 0xff)) +- return (0); +- val |= (parts[0] << 24) | (parts[1] << 16) | (parts[2] << 8); +- break; +- } +- if (addr) +- addr->s_addr = htonl(val); +- return (1); +-} ++// case 4: /* a.b.c.d -- 8.8.8.8 bits */ ++// if ((val > 0xff) || (parts[0] > 0xff) || (parts[1] > 0xff) || (parts[2] > 0xff)) ++// return (0); ++// val |= (parts[0] << 24) | (parts[1] << 16) | (parts[2] << 8); ++// break; ++// } ++// if (addr) ++// addr->s_addr = htonl(val); ++// return (1); ++// } + + #endif /* !defined(HAVE_INET_ATON) */ +diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h +index e5fd6f5b..cb9e1aa0 100644 +--- a/openbsd-compat/openbsd-compat.h ++++ b/openbsd-compat/openbsd-compat.h +@@ -153,7 +153,7 @@ char *inet_ntoa(struct in_addr in); + const char *inet_ntop(int af, const void *src, char *dst, socklen_t size); + #endif + +-#ifndef HAVE_INET_ATON ++#if !defined(HAVE_INET_ATON) && !defined(__serenity__) + int inet_aton(const char *cp, struct in_addr *addr); + #endif + diff --git a/Ports/openssh/patches/scanf_assume_ssh20.patch b/Ports/openssh/patches/scanf_assume_ssh20.patch new file mode 100644 index 0000000000..e50bf742c8 --- /dev/null +++ b/Ports/openssh/patches/scanf_assume_ssh20.patch @@ -0,0 +1,51 @@ +05b4800c752f5c57deec758118b28fc329a226e8 %.100s and sscanf doesn't do as expected +diff --git a/kex.c b/kex.c +index 09c7258e..4c670986 100644 +--- a/kex.c ++++ b/kex.c +@@ -1182,7 +1182,7 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms, + sshbuf_reset(our_version); + if (version_addendum != NULL && *version_addendum == '\0') + version_addendum = NULL; +- if ((r = sshbuf_putf(our_version, "SSH-%d.%d-%.100s%s%s\r\n", ++ if ((r = sshbuf_putf(our_version, "SSH-%d.%d-%s%s%s\r\n", + PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION, + version_addendum == NULL ? "" : " ", + version_addendum == NULL ? "" : version_addendum)) != 0) { +@@ -1210,7 +1210,7 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms, + r = SSH_ERR_ALLOC_FAIL; + goto out; + } +- debug("Local version string %.100s", our_version_string); ++ debug("Local version string %s", our_version_string); + + /* Read other side's version identification. */ + for (n = 0; ; n++) { +@@ -1310,6 +1310,7 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms, + goto out; + } + ++#ifndef __serenity__ + /* + * Check that the versions match. In future this might accept + * several versions and set appropriate flags to handle them. +@@ -1318,11 +1319,19 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms, + &remote_major, &remote_minor, remote_version) != 3) { + error("Bad remote protocol version identification: '%.100s'", + peer_version_string); ++#else ++ // Assume SSH2.0 for now ++ remote_major = 2; ++ remote_minor = 0; ++ // Don't want this executing with other paths but we still need the invalid label. ++ if (0) ++ { + invalid: + send_error(ssh, "Invalid SSH identification string."); + r = SSH_ERR_INVALID_FORMAT; + goto out; + } ++#endif + debug("Remote protocol version %d.%d, remote software version %.100s", + remote_major, remote_minor, remote_version); + ssh->compat = compat_datafellows(remote_version); diff --git a/Ports/openssh/patches/sftp_pipes.patch b/Ports/openssh/patches/sftp_pipes.patch new file mode 100644 index 0000000000..10838cdc9d --- /dev/null +++ b/Ports/openssh/patches/sftp_pipes.patch @@ -0,0 +1,16 @@ +e5a0b5cc530260b1ee94105e8c989ba21856b4a2 Use pipes instead of socketpair in SFTP +diff --git a/sftp.c b/sftp.c +index 2799e4a1..9ce7055a 100644 +--- a/sftp.c ++++ b/sftp.c +@@ -2296,6 +2296,10 @@ interactive_loop(struct sftp_conn *conn, char *file1, char *file2) + return (err >= 0 ? 0 : -1); + } + ++#ifdef __serenity__ ++#define USE_PIPES 1 ++#endif ++ + static void + connect_to_server(char *path, char **args, int *in, int *out) + { -- cgit v1.2.3