From f8e317988518bf984d5600b69d6befafcd7235a9 Mon Sep 17 00:00:00 2001 From: Fredrik Fornwall Date: Thu, 18 Apr 2019 09:02:44 +0200 Subject: [PATCH] openssh: Update from 7.9p1 to 8.0p1 --- packages/openssh/build.sh | 5 ++--- packages/openssh/session.c.patch | 37 +++++++++++++++++--------------- packages/openssh/sshd.c.patch | 24 +++++++++++---------- 3 files changed, 35 insertions(+), 31 deletions(-) diff --git a/packages/openssh/build.sh b/packages/openssh/build.sh index 6c113966c..0380eaa66 100644 --- a/packages/openssh/build.sh +++ b/packages/openssh/build.sh @@ -1,9 +1,8 @@ TERMUX_PKG_HOMEPAGE=https://www.openssh.com/ TERMUX_PKG_DESCRIPTION="Secure shell for logging into a remote machine" TERMUX_PKG_LICENSE="BSD" -TERMUX_PKG_VERSION=7.9p1 -TERMUX_PKG_REVISION=5 -TERMUX_PKG_SHA256=6b4b3ba2253d84ed3771c8050728d597c91cfce898713beb7b64a305b6f11aad +TERMUX_PKG_VERSION=8.0p1 +TERMUX_PKG_SHA256=bd943879e69498e8031eb6b7f44d08cdc37d59a7ab689aa0b437320c3481fd68 TERMUX_PKG_SRCURL=https://fastly.cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${TERMUX_PKG_VERSION}.tar.gz TERMUX_PKG_DEPENDS="libandroid-support, ldns, openssl, libedit, libutil, termux-auth, krb5" TERMUX_PKG_CONFLICTS="dropbear" diff --git a/packages/openssh/session.c.patch b/packages/openssh/session.c.patch index aaa006fda..c6838b98b 100644 --- a/packages/openssh/session.c.patch +++ b/packages/openssh/session.c.patch @@ -1,25 +1,25 @@ -diff -uNr openssh-7.9p1/session.c openssh-7.9p1.mod/session.c ---- openssh-7.9p1/session.c 2018-10-17 03:01:20.000000000 +0300 -+++ openssh-7.9p1.mod/session.c 2019-03-01 23:13:36.360949253 +0200 -@@ -200,7 +200,7 @@ +diff -u -r ../openssh-8.0p1/session.c ./session.c +--- ../openssh-8.0p1/session.c 2019-04-17 22:52:57.000000000 +0000 ++++ ./session.c 2019-04-18 06:48:19.351575794 +0000 +@@ -197,7 +197,7 @@ temporarily_use_uid(pw); - + /* Allocate a buffer for the socket name, and format the name. */ - auth_sock_dir = xstrdup("/tmp/ssh-XXXXXXXXXX"); + auth_sock_dir = xstrdup("@TERMUX_PREFIX@/tmp/ssh-XXXXXXXXXX"); - + /* Create private directory for socket */ if (mkdtemp(auth_sock_dir) == NULL) { -@@ -268,7 +268,7 @@ +@@ -267,7 +267,7 @@ return; - + temporarily_use_uid(pw); - auth_info_file = xstrdup("/tmp/sshauth.XXXXXXXXXXXXXXX"); + auth_info_file = xstrdup("@TERMUX_PREFIX@/tmp/sshauth.XXXXXXXXXXXXXXX"); if ((fd = mkstemp(auth_info_file)) == -1) { error("%s: mkstemp: %s", __func__, strerror(errno)); goto out; -@@ -833,7 +833,7 @@ +@@ -803,7 +803,7 @@ f = fopen(login_getcapstr(lc, "welcome", "/etc/motd", "/etc/motd"), "r"); #else @@ -28,21 +28,24 @@ diff -uNr openssh-7.9p1/session.c openssh-7.9p1.mod/session.c #endif if (f) { while (fgets(buf, sizeof(buf), f)) -@@ -1082,8 +1082,10 @@ +@@ -1052,11 +1052,13 @@ # endif /* HAVE_CYGWIN */ #endif /* HAVE_LOGIN_CAP */ - + +#ifdef _PATH_MAILDIR - snprintf(buf, sizeof buf, "%.200s/%.50s", _PATH_MAILDIR, pw->pw_name); - child_set_env(&env, &envsize, "MAIL", buf); + if (!options.use_pam) { + snprintf(buf, sizeof buf, "%.200s/%.50s", + _PATH_MAILDIR, pw->pw_name); + child_set_env(&env, &envsize, "MAIL", buf); + } +#endif - + /* Normal systems set SHELL by default. */ child_set_env(&env, &envsize, "SHELL", shell); -@@ -1127,6 +1129,15 @@ +@@ -1100,6 +1102,15 @@ auth_sock_name); - - + + +#ifdef __ANDROID__ + char const* envs_to_keep[] = {"LD_LIBRARY_PATH", "PATH", "ANDROID_ROOT", "ANDROID_DATA", "EXTERNAL_STORAGE", "LANG", "PREFIX", "TMPDIR"}; + for (i = 0; i < (sizeof(envs_to_keep) / sizeof(envs_to_keep[0])); i++) { diff --git a/packages/openssh/sshd.c.patch b/packages/openssh/sshd.c.patch index af7e5f28b..7313723e4 100644 --- a/packages/openssh/sshd.c.patch +++ b/packages/openssh/sshd.c.patch @@ -1,7 +1,7 @@ -diff -u -r ../openssh-7.7p1/sshd.c ./sshd.c ---- ../openssh-7.7p1/sshd.c 2018-04-02 07:38:28.000000000 +0200 -+++ ./sshd.c 2018-04-03 23:48:49.605335389 +0200 -@@ -553,8 +553,10 @@ +diff -u -r ../openssh-8.0p1/sshd.c ./sshd.c +--- ../openssh-8.0p1/sshd.c 2019-04-17 22:52:57.000000000 +0000 ++++ ./sshd.c 2019-04-18 06:50:06.774278599 +0000 +@@ -468,8 +468,10 @@ debug3("privsep user:group %u:%u", (u_int)privsep_pw->pw_uid, (u_int)privsep_pw->pw_gid); gidset[0] = privsep_pw->pw_gid; @@ -12,7 +12,7 @@ diff -u -r ../openssh-7.7p1/sshd.c ./sshd.c permanently_set_uid(privsep_pw); } } -@@ -1447,7 +1449,8 @@ +@@ -1444,7 +1446,8 @@ saved_argc = ac; rexec_argc = ac; saved_argv = xcalloc(ac + 1, sizeof(*saved_argv)); @@ -22,7 +22,7 @@ diff -u -r ../openssh-7.7p1/sshd.c ./sshd.c saved_argv[i] = xstrdup(av[i]); saved_argv[i] = NULL; -@@ -1457,8 +1460,10 @@ +@@ -1454,8 +1457,10 @@ av = saved_argv; #endif @@ -33,16 +33,18 @@ diff -u -r ../openssh-7.7p1/sshd.c ./sshd.c /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); -@@ -1577,8 +1582,6 @@ +@@ -1576,8 +1581,10 @@ } if (rexeced_flag || inetd_flag) rexec_flag = 0; -- if (!test_flag && (rexec_flag && (av[0] == NULL || *av[0] != '/'))) -- fatal("sshd re-exec requires execution with an absolute path"); ++#ifndef __ANDROID__ + if (!test_flag && rexec_flag && !path_absolute(av[0])) + fatal("sshd re-exec requires execution with an absolute path"); ++#endif if (rexeced_flag) closefrom(REEXEC_MIN_FREE_FD); else -@@ -1692,7 +1695,9 @@ +@@ -1696,7 +1703,9 @@ freezero(privsep_pw->pw_passwd, strlen(privsep_pw->pw_passwd)); privsep_pw->pw_passwd = xstrdup("*"); } @@ -52,7 +54,7 @@ diff -u -r ../openssh-7.7p1/sshd.c ./sshd.c /* load host keys */ sensitive_data.host_keys = xcalloc(options.num_host_key_files, -@@ -1842,8 +1847,10 @@ +@@ -1858,8 +1867,10 @@ * to create a file, and we can't control the code in every * module which might be used). */