openssh: Update to 8.1p1

pkg/openssh/config.h

@@ -24,7 +24,6 @@
 /* #undef BROKEN_ONE_BYTE_DIRENT_D_NAME */
 /* #undef BROKEN_READV_COMPARISON */
 /* #undef BROKEN_READ_COMPARISON */
-#define BROKEN_REALPATH 1
 /* #undef BROKEN_SAVED_UIDS */
 /* #undef BROKEN_SETREGID */
 /* #undef BROKEN_SETRESGID */
@@ -175,6 +174,8 @@
 #define HAVE_EVP_PKEY_GET0_RSA 1
 #define HAVE_EVP_RIPEMD160 1
 #define HAVE_EVP_SHA256 1
+#define HAVE_EVP_SHA384 1
+#define HAVE_EVP_SHA512 1
 #define HAVE_EXIT_IN_UTMP 1
 #define HAVE_EXPLICIT_BZERO 1
 #define HAVE_FCHMOD 1
@@ -273,6 +274,7 @@
 /* #undef HAVE_LIBIAF */
 /* #undef HAVE_LIBNETWORK */
 /* #undef HAVE_LIBPAM */
+/* #undef HAVE_LIBPROC_H */
 /* #undef HAVE_LIBSOCKET */
 /* #undef HAVE_LIBUTIL_H */
 /* #undef HAVE_LIBXNET */
@@ -298,6 +300,7 @@
 #define HAVE_MBTOWC 1
 /* #undef HAVE_MD5_CRYPT */
 /* #undef HAVE_MD5_PASSWORDS */
+#define HAVE_MEMMEM 1
 #define HAVE_MEMMOVE 1
 #define HAVE_MEMORY_H 1
 /* #undef HAVE_MEMSET_S */
@@ -335,6 +338,7 @@
 /* #undef HAVE_PRIV_BASICSET */
 /* #undef HAVE_PRIV_H */
 #define HAVE_PROC_PID 1
+/* #undef HAVE_PROC_PIDINFO */
 /* #undef HAVE_PSTAT */
 #define HAVE_PTY_H 1
 #define HAVE_PUTUTLINE 1
@@ -344,7 +348,6 @@
 #define HAVE_READPASSPHRASE_H 1
 #define HAVE_REALLOC 1
 #define HAVE_REALLOCARRAY 1
-#define HAVE_REALPATH 1
 #define HAVE_RECALLOCARRAY 1
 #define HAVE_RECVMSG 1
 #define HAVE_RLIMIT_NPROC /**/
@@ -398,8 +401,10 @@
 #define HAVE_SETUTXENT 1
 #define HAVE_SETVBUF 1
 /* #undef HAVE_SET_ID */
-#define HAVE_SHA256_UPDATE 1
+/* #undef HAVE_SHA256UPDATE */
 /* #undef HAVE_SHA2_H */
+/* #undef HAVE_SHA384UPDATE */
+/* #undef HAVE_SHA512UPDATE */
 #define HAVE_SHADOW_H 1
 #define HAVE_SIGACTION 1
 /* #undef HAVE_SIGVEC */
@@ -614,7 +619,7 @@
 #define STDC_HEADERS 1
 /* #undef SUPERUSER_PATH */
 /* #undef SYSLOG_R_SAFE_IN_SIGHAND */
-/* #undef SYS_RDOMAIN_LINUX */
+#define SYS_RDOMAIN_LINUX 1
 /* #undef UNIXWARE_LONG_PASSWORDS */
 #define USER_PATH "/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin"
 /* #undef USE_AFS */

pkg/openssh/gen.lua

@@ -24,11 +24,11 @@ lib('libopenbsd-compat.a', [[openbsd-compat/(
 	base64.c basename.c bcrypt_pbkdf.c bindresvport.c blowfish.c daemon.c
 	dirname.c explicit_bzero.c fmt_scaled.c freezero.c getcwd.c
 	getgrouplist.c getopt_long.c getrrsetbyname.c glob.c inet_aton.c
-	inet_ntoa.c inet_ntop.c md5.c mktemp.c pwcache.c readpassphrase.c
-	reallocarray.c realpath.c recallocarray.c rmd160.c rresvport.c setenv.c
-	setproctitle.c sha1.c sha2.c sigact.c strcasestr.c strlcat.c strlcpy.c
-	strmode.c strndup.c strnlen.c strptime.c strsep.c strtoll.c strtonum.c
-	strtoull.c strtoul.c timingsafe_bcmp.c vis.c
+	inet_ntoa.c inet_ntop.c md5.c memmem.c mktemp.c pwcache.c
+	readpassphrase.c reallocarray.c recallocarray.c rmd160.c rresvport.c
+	setenv.c setproctitle.c sha1.c sha2.c sigact.c strcasestr.c strlcat.c
+	strlcpy.c strmode.c strndup.c strnlen.c strptime.c strsep.c strtoll.c
+	strtonum.c strtoull.c strtoul.c timingsafe_bcmp.c vis.c
 
 	arc4random.c bsd-asprintf.c bsd-closefrom.c bsd-cygwin_util.c bsd-err.c
 	bsd-flock.c bsd-getpagesize.c bsd-getpeereid.c bsd-malloc.c bsd-misc.c
@@ -64,10 +64,10 @@ lib('libssh.a', [[
 	authfd.c authfile.c
 	canohost.c channels.c cipher.c cipher-aes.c cipher-aesctr.c
 	cipher-ctr.c cleanup.c
-	compat.c crc32.c fatal.c hostfile.c
+	compat.c fatal.c hostfile.c
 	log.c match.c moduli.c nchan.c packet.c
 	readpass.c ttymodes.c xmalloc.c addrmatch.c
-	atomicio.c dispatch.c mac.c uuencode.c misc.c utf8.c
+	atomicio.c dispatch.c mac.c misc.c utf8.c
 	monitor_fdpass.c rijndael.c ssh-dss.c ssh-ecdsa.c ssh-rsa.c dh.c
 	msg.c progressmeter.c dns.c entropy.c gss-genr.c umac.c umac128.c
 	ssh-pkcs11.c smult_curve25519_ref.c
@@ -91,6 +91,7 @@ file('bin/ssh', '755', '$outdir/ssh')
 
 cc('sftp-server.c')
 cc('sftp-common.c')
+cc('sftp-realpath.c')
 
 exe('sshd', [[
 	sshd.c auth-rhosts.c auth-passwd.c
@@ -103,7 +104,7 @@ exe('sshd', [[
 	monitor.c monitor_wrap.c auth-krb5.c
 	auth2-gss.c gss-serv.c gss-serv-krb5.c
 	loginrec.c auth-pam.c auth-shadow.c auth-sia.c md5crypt.c
-	sftp-server.c.o sftp-common.c.o
+	sftp-server.c.o sftp-common.c.o sftp-realpath.c.o
 	sandbox-null.c sandbox-rlimit.c sandbox-systrace.c sandbox-darwin.c
 	sandbox-seccomp-filter.c sandbox-capsicum.c sandbox-pledge.c
 	sandbox-solaris.c uidswap.c
@@ -120,10 +121,10 @@ file('bin/ssh-add', '755', '$outdir/ssh-add')
 exe('ssh-agent', {'ssh-agent.c', 'ssh-pkcs11-client.c', 'libssh.a.d'})
 file('bin/ssh-agent', '755', '$outdir/ssh-agent')
 
-exe('ssh-keygen', {'ssh-keygen.c', 'libssh.a.d'})
+exe('ssh-keygen', {'ssh-keygen.c', 'sshsig.c', 'libssh.a.d'})
 file('bin/ssh-keygen', '755', '$outdir/ssh-keygen')
 
-exe('sftp-server', {'sftp-common.c.o', 'sftp-server.c.o', 'sftp-server-main.c', 'libssh.a.d'})
+exe('sftp-server', {'sftp-common.c.o', 'sftp-server.c.o', 'sftp-realpath.c.o', 'sftp-server-main.c', 'libssh.a.d'})
 file('libexec/sftp-server', '755', '$outdir/sftp-server')
 
 exe('sftp', {'sftp.c', 'sftp-client.c', 'sftp-common.c.o', 'sftp-glob.c', 'libssh.a.d'})

pkg/openssh/patch/0001-Include-stdio.h-for-vsnprintf.patch

@@ -1,25 +0,0 @@
-From 0584947cce192034cbbaea92db1a628a5496a51a Mon Sep 17 00:00:00 2001
-From: Darren Tucker <dtucker@dtucker.net>
-Date: Sun, 16 Jun 2019 12:55:27 +1000
-Subject: [PATCH] Include stdio.h for vsnprintf.
-
-Patch from mforney at mforney.org.
----
- openbsd-compat/setproctitle.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/openbsd-compat/setproctitle.c b/openbsd-compat/setproctitle.c
-index dbd1a95a..e4064323 100644
---- a/openbsd-compat/setproctitle.c
-+++ b/openbsd-compat/setproctitle.c
-@@ -36,6 +36,7 @@
- #ifndef HAVE_SETPROCTITLE
- 
- #include <stdarg.h>
-+#include <stdio.h>
- #include <stdlib.h>
- #include <unistd.h>
- #ifdef HAVE_SYS_PSTAT_H
--- 
-2.20.1
-

pkg/openssh/patch/0002-Always-replace-realpath.patch

@@ -1,120 +0,0 @@
-From f16d8ca1735373b9da42f15955a50c2cfff4e6e3 Mon Sep 17 00:00:00 2001
-From: Michael Forney <mforney@mforney.org>
-Date: Wed, 19 Jun 2019 19:32:01 -0700
-Subject: [PATCH] Always replace realpath
-
----
- misc.c                          |  4 ++--
- openbsd-compat/openbsd-compat.h | 12 +-----------
- openbsd-compat/realpath.c       |  5 +----
- sftp-server.c                   |  2 +-
- ssh-agent.c                     |  4 ++--
- 5 files changed, 7 insertions(+), 20 deletions(-)
-
-diff --git a/misc.c b/misc.c
-index 009e02bc..8669e7d0 100644
---- a/misc.c
-+++ b/misc.c
-@@ -1848,12 +1848,12 @@ safe_path(const char *name, struct stat *stp, const char *pw_dir,
- 	int comparehome = 0;
- 	struct stat st;
- 
--	if (realpath(name, buf) == NULL) {
-+	if (_ssh_compat_realpath(name, buf) == NULL) {
- 		snprintf(err, errlen, "realpath %s failed: %s", name,
- 		    strerror(errno));
- 		return -1;
- 	}
--	if (pw_dir != NULL && realpath(pw_dir, homedir) != NULL)
-+	if (pw_dir != NULL && _ssh_compat_realpath(pw_dir, homedir) != NULL)
- 		comparehome = 1;
- 
- 	if (!S_ISREG(stp->st_mode)) {
-diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h
-index 865aaee5..4a5fd8cb 100644
---- a/openbsd-compat/openbsd-compat.h
-+++ b/openbsd-compat/openbsd-compat.h
-@@ -81,17 +81,7 @@ void *reallocarray(void *, size_t, size_t);
- void *recallocarray(void *, size_t, size_t, size_t);
- #endif
- 
--#if !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH)
--/*
-- * glibc's FORTIFY_SOURCE can redefine this and prevent us picking up the
-- * compat version.
-- */
--# ifdef BROKEN_REALPATH
--#  define realpath(x, y) _ssh_compat_realpath(x, y)
--# endif
--
--char *realpath(const char *path, char *resolved);
--#endif
-+char *_ssh_compat_realpath(const char *path, char *resolved);
- 
- #ifndef HAVE_RRESVPORT_AF
- int rresvport_af(int *alport, sa_family_t af);
-diff --git a/openbsd-compat/realpath.c b/openbsd-compat/realpath.c
-index a2f090e5..0f0cea78 100644
---- a/openbsd-compat/realpath.c
-+++ b/openbsd-compat/realpath.c
-@@ -31,8 +31,6 @@
- 
- #include "includes.h"
- 
--#if !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH)
--
- #include <sys/types.h>
- #include <sys/param.h>
- #include <sys/stat.h>
-@@ -58,7 +56,7 @@
-  * in which case the path which caused trouble is left in (resolved).
-  */
- char *
--realpath(const char *path, char *resolved)
-+_ssh_compat_realpath(const char *path, char *resolved)
- {
- 	struct stat sb;
- 	char *p, *q, *s;
-@@ -226,4 +224,3 @@ err:
- 		free(resolved);
- 	return (NULL);
- }
--#endif /* !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH) */
-diff --git a/sftp-server.c b/sftp-server.c
-index 19a132bd..bc0257af 100644
---- a/sftp-server.c
-+++ b/sftp-server.c
-@@ -1174,7 +1174,7 @@ process_realpath(u_int32_t id)
- 	}
- 	debug3("request %u: realpath", id);
- 	verbose("realpath \"%s\"", path);
--	if (realpath(path, resolvedname) == NULL) {
-+	if (_ssh_compat_realpath(path, resolvedname) == NULL) {
- 		send_status(id, errno_to_portable(errno));
- 	} else {
- 		Stat s;
-diff --git a/ssh-agent.c b/ssh-agent.c
-index d06ecfd9..04a684de 100644
---- a/ssh-agent.c
-+++ b/ssh-agent.c
-@@ -587,7 +587,7 @@ process_add_smartcard_key(SocketEntry *e)
- 			goto send;
- 		}
- 	}
--	if (realpath(provider, canonical_provider) == NULL) {
-+	if (_ssh_compat_realpath(provider, canonical_provider) == NULL) {
- 		verbose("failed PKCS#11 add of \"%.100s\": realpath: %s",
- 		    provider, strerror(errno));
- 		goto send;
-@@ -640,7 +640,7 @@ process_remove_smartcard_key(SocketEntry *e)
- 	}
- 	free(pin);
- 
--	if (realpath(provider, canonical_provider) == NULL) {
-+	if (_ssh_compat_realpath(provider, canonical_provider) == NULL) {
- 		verbose("failed PKCS#11 add of \"%.100s\": realpath: %s",
- 		    provider, strerror(errno));
- 		goto send;
--- 
-2.20.1
-

pkg/openssh/patch/0003-Remove-some-empty-top-level-declarations.patch

@@ -1,132 +0,0 @@
-From a98535df996adc9e1028760b699b38bdb417a638 Mon Sep 17 00:00:00 2001
-From: Michael Forney <mforney@mforney.org>
-Date: Wed, 19 Jun 2019 20:00:52 -0700
-Subject: [PATCH] Remove some empty top-level declarations
-
----
- defines.h                       | 7 -------
- krl.c                           | 6 +++---
- openbsd-compat/readpassphrase.c | 1 -
- openbsd-compat/recallocarray.c  | 1 -
- openbsd-compat/strcasestr.c     | 1 -
- openbsd-compat/strndup.c        | 2 +-
- openbsd-compat/vis.c            | 2 --
- 7 files changed, 4 insertions(+), 16 deletions(-)
-
-diff --git a/defines.h b/defines.h
-index 8f421306..7a54ee2e 100644
---- a/defines.h
-+++ b/defines.h
-@@ -831,13 +831,6 @@ struct winsize {
- # define SSH_IOBUFSZ 8192
- #endif
- 
--/*
-- * We want functions in openbsd-compat, if enabled, to override system ones.
-- * We no-op out the weak symbol definition rather than remove it to reduce
-- * future sync problems.
-- */
--#define DEF_WEAK(x)
--
- /*
-  * Platforms that have arc4random_uniform() and not arc4random_stir()
-  * shouldn't need the latter.
-diff --git a/krl.c b/krl.c
-index 8e2d5d5d..65f40205 100644
---- a/krl.c
-+++ b/krl.c
-@@ -59,7 +59,7 @@ struct revoked_serial {
- };
- static int serial_cmp(struct revoked_serial *a, struct revoked_serial *b);
- RB_HEAD(revoked_serial_tree, revoked_serial);
--RB_GENERATE_STATIC(revoked_serial_tree, revoked_serial, tree_entry, serial_cmp);
-+RB_GENERATE_STATIC(revoked_serial_tree, revoked_serial, tree_entry, serial_cmp)
- 
- /* Tree of key IDs */
- struct revoked_key_id {
-@@ -68,7 +68,7 @@ struct revoked_key_id {
- };
- static int key_id_cmp(struct revoked_key_id *a, struct revoked_key_id *b);
- RB_HEAD(revoked_key_id_tree, revoked_key_id);
--RB_GENERATE_STATIC(revoked_key_id_tree, revoked_key_id, tree_entry, key_id_cmp);
-+RB_GENERATE_STATIC(revoked_key_id_tree, revoked_key_id, tree_entry, key_id_cmp)
- 
- /* Tree of blobs (used for keys and fingerprints) */
- struct revoked_blob {
-@@ -78,7 +78,7 @@ struct revoked_blob {
- };
- static int blob_cmp(struct revoked_blob *a, struct revoked_blob *b);
- RB_HEAD(revoked_blob_tree, revoked_blob);
--RB_GENERATE_STATIC(revoked_blob_tree, revoked_blob, tree_entry, blob_cmp);
-+RB_GENERATE_STATIC(revoked_blob_tree, revoked_blob, tree_entry, blob_cmp)
- 
- /* Tracks revoked certs for a single CA */
- struct revoked_certs {
-diff --git a/openbsd-compat/readpassphrase.c b/openbsd-compat/readpassphrase.c
-index ff8ff3de..6862a5e9 100644
---- a/openbsd-compat/readpassphrase.c
-+++ b/openbsd-compat/readpassphrase.c
-@@ -191,7 +191,6 @@ restart:
- 		errno = save_errno;
- 	return(nr == -1 ? NULL : buf);
- }
--DEF_WEAK(readpassphrase);
- 
- #if 0
- char *
-diff --git a/openbsd-compat/recallocarray.c b/openbsd-compat/recallocarray.c
-index 3e1156ce..e391b979 100644
---- a/openbsd-compat/recallocarray.c
-+++ b/openbsd-compat/recallocarray.c
-@@ -85,6 +85,5 @@ recallocarray(void *ptr, size_t oldnmemb, size_t newnmemb, size_t size)
- 
- 	return newptr;
- }
--/* DEF_WEAK(recallocarray); */
- 
- #endif /* HAVE_RECALLOCARRAY */
-diff --git a/openbsd-compat/strcasestr.c b/openbsd-compat/strcasestr.c
-index 4c4d1475..020f3475 100644
---- a/openbsd-compat/strcasestr.c
-+++ b/openbsd-compat/strcasestr.c
-@@ -64,6 +64,5 @@ strcasestr(const char *s, const char *find)
- 	}
- 	return ((char *)s);
- }
--DEF_WEAK(strcasestr);
- 
- #endif
-diff --git a/openbsd-compat/strndup.c b/openbsd-compat/strndup.c
-index 30ac6f04..30e47544 100644
---- a/openbsd-compat/strndup.c
-+++ b/openbsd-compat/strndup.c
-@@ -39,5 +39,5 @@ strndup(const char *str, size_t maxlen)
- 
- 	return copy;
- }
--DEF_WEAK(strndup);
-+
- #endif  /* HAVE_STRNDUP */
-diff --git a/openbsd-compat/vis.c b/openbsd-compat/vis.c
-index 0e04ed02..a5a05b1b 100644
---- a/openbsd-compat/vis.c
-+++ b/openbsd-compat/vis.c
-@@ -142,7 +142,6 @@ done:
- 	*dst = '\0';
- 	return (dst);
- }
--DEF_WEAK(vis);
- 
- /*
-  * strvis, strnvis, strvisx - visually encode characters from src into dst
-@@ -168,7 +167,6 @@ strvis(char *dst, const char *src, int flag)
- 	*dst = '\0';
- 	return (dst - start);
- }
--DEF_WEAK(strvis);
- 
- int
- strnvis(char *dst, const char *src, size_t siz, int flag)
--- 
-2.20.1
-