From cf41b13a30e37968932e6b4dba3621b93ee2aca1 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Arkadiusz=20Mi=C5=9Bkiewicz?= Date: Wed, 3 Mar 2021 22:13:59 +0100 Subject: [PATCH] - up to 8.5p1 --- allow_pselect6_time64.patch | 30 ------------------------------ openssh-bind.patch | 13 ++++++------- openssh-bug-2905.patch | 13 ------------- openssh-chroot.patch | 2 +- openssh.spec | 15 ++++++--------- x32.patch | 34 ---------------------------------- 6 files changed, 13 insertions(+), 94 deletions(-) delete mode 100644 allow_pselect6_time64.patch delete mode 100644 openssh-bug-2905.patch delete mode 100644 x32.patch diff --git a/allow_pselect6_time64.patch b/allow_pselect6_time64.patch deleted file mode 100644 index 046e030..0000000 --- a/allow_pselect6_time64.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 0f90440ca70abab947acbd77795e9f130967956c Mon Sep 17 00:00:00 2001 -From: Darren Tucker -Date: Fri, 20 Nov 2020 13:37:54 +1100 -Subject: Add new pselect6_time64 syscall on ARM. - -This is apparently needed on armhfp/armv7hl. bz#3232, patch from -jjelen at redhat.com. ---- - sandbox-seccomp-filter.c | 3 +++ - 1 file changed, 3 insertions(+) - -(limited to 'sandbox-seccomp-filter.c') - -diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c -index e0768c06..5065ae7e 100644 ---- a/sandbox-seccomp-filter.c -+++ b/sandbox-seccomp-filter.c -@@ -267,6 +267,9 @@ static const struct sock_filter preauth_insns[] = { - #ifdef __NR_pselect6 - SC_ALLOW(__NR_pselect6), - #endif -+#ifdef __NR_pselect6_time64 -+ SC_ALLOW(__NR_pselect6_time64), -+#endif - #ifdef __NR_read - SC_ALLOW(__NR_read), - #endif --- -cgit v1.2.3 - diff --git a/openssh-bind.patch b/openssh-bind.patch index ba77d7e..029e8ec 100644 --- a/openssh-bind.patch +++ b/openssh-bind.patch @@ -1,13 +1,12 @@ ---- a/channels.c~ 2017-10-02 21:34:26.000000000 +0200 -+++ b/channels.c 2017-10-06 08:39:25.072904075 +0200 -@@ -4444,6 +4444,9 @@ x11_create_display_inet(struct ssh *ssh, - debug2("%s: bind port %d: %.100s", __func__, - port, strerror(errno)); +--- openssh-8.5p1/channels.c~ 2021-03-02 11:31:47.000000000 +0100 ++++ openssh-8.5p1/channels.c 2021-03-03 21:43:11.034054979 +0100 +@@ -4579,6 +4579,9 @@ x11_create_display_inet(struct ssh *ssh, + debug2_f("bind port %d: %.100s", port, + strerror(errno)); close(sock); + // vserver hack + if (errno == EADDRNOTAVAIL) -+ continue; ++ continue; for (n = 0; n < num_socks; n++) close(socks[n]); num_socks = 0; - diff --git a/openssh-bug-2905.patch b/openssh-bug-2905.patch deleted file mode 100644 index 31150e9..0000000 --- a/openssh-bug-2905.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff -urNp -x '*.orig' openssh-8.4p1.org/sandbox-seccomp-filter.c openssh-8.4p1/sandbox-seccomp-filter.c ---- openssh-8.4p1.org/sandbox-seccomp-filter.c 2020-09-27 09:25:01.000000000 +0200 -+++ openssh-8.4p1/sandbox-seccomp-filter.c 2021-03-01 11:30:52.381809172 +0100 -@@ -204,6 +204,9 @@ static const struct sock_filter preauth_ - #ifdef __NR_futex - SC_ALLOW(__NR_futex), - #endif -+#ifdef __NR_futex -+ SC_ALLOW(__NR_futex), -+#endif - #ifdef __NR_geteuid - SC_ALLOW(__NR_geteuid), - #endif diff --git a/openssh-chroot.patch b/openssh-chroot.patch index 30e3339..b6a1ebb 100644 --- a/openssh-chroot.patch +++ b/openssh-chroot.patch @@ -29,7 +29,7 @@ diff -urNp -x '*.orig' openssh-8.4p1.org/servconf.c openssh-8.4p1/servconf.c + sUseChroot, /* Standard Options */ sPort, sHostKeyFile, sLoginGraceTime, - sPermitRootLogin, sLogFacility, sLogLevel, + sPermitRootLogin, sLogFacility, sLogLevel, sLogVerbose, @@ -556,6 +562,11 @@ static struct { #else { "usepam", sUnsupported, SSHCFG_GLOBAL }, diff --git a/openssh.spec b/openssh.spec index 77674c5..8a41599 100644 --- a/openssh.spec +++ b/openssh.spec @@ -36,13 +36,13 @@ Summary(pt_BR.UTF-8): Implementação livre do SSH Summary(ru.UTF-8): OpenSSH - свободная реализация протокола Secure Shell (SSH) Summary(uk.UTF-8): OpenSSH - вільна реалізація протоколу Secure Shell (SSH) Name: openssh -Version: 8.4p1 -Release: 5 +Version: 8.5p1 +Release: 1 Epoch: 2 License: BSD Group: Applications/Networking Source0: https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{version}.tar.gz -# Source0-md5: 8f897870404c088e4aa7d1c1c58b526b +# Source0-md5: 9eb9420cf587edc26f8998ab679ad390 Source1: http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-non-english-man-pages.tar.bz2 # Source1-md5: 66943d481cc422512b537bcc2c7400d1 Source2: %{name}d.init @@ -68,13 +68,12 @@ Patch8: ldap-helper-sigpipe.patch # High Performance SSH/SCP - HPN-SSH - http://www.psc.edu/networking/projects/hpn-ssh/ # http://www.psc.edu/networking/projects/hpn-ssh/openssh-5.2p1-hpn13v6.diff.gz Patch9: %{name}-5.2p1-hpn13v6.diff -Patch10: x32.patch + Patch11: %{name}-chroot.patch -Patch12: openssh-bug-2905.patch + Patch13: %{name}-skip-interop-tests.patch Patch14: %{name}-bind.patch Patch15: %{name}-disable_ldap.patch -Patch16: allow_pselect6_time64.patch URL: http://www.openssh.com/portable.html BuildRequires: %{__perl} %{?with_audit:BuildRequires: audit-libs-devel} @@ -552,14 +551,12 @@ openldap-a. %{?with_hpn:%patch9 -p1} -%patch10 -p1 %patch11 -p1 -%patch12 -p1 + %patch13 -p1 %patch14 -p1 %{!?with_ldap:%patch15 -p1} -%patch16 -p1 %if "%{pld_release}" == "ac" # fix for missing x11.pc diff --git a/x32.patch b/x32.patch deleted file mode 100644 index 534596a..0000000 --- a/x32.patch +++ /dev/null @@ -1,34 +0,0 @@ -commit e3f27006f15abacb7e89fda3f5e9a0bd420b7e38 -Author: Damien Miller -Date: Fri Nov 13 14:20:43 2020 +1100 - - Revert "detect Linux/X32 systems" - - This reverts commit 5b56bd0affea7b02b540bdbc4d1d271b0e4fc885. - - The approach used was incorrect; discussion in bz#3085 - -diff --git a/configure.ac b/configure.ac -index d3f4f570..842c255e 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -532,8 +532,6 @@ SPP_MSG="no" - # the --with-solaris-privs option and --with-sandbox=solaris). - SOLARIS_PRIVS="no" - --AC_CHECK_SIZEOF([size_t]) -- - # Check for some target-specific stuff - case "$host" in - *-*-aix*) -@@ -878,10 +876,6 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) - case "$host" in - x86_64-*) - seccomp_audit_arch=AUDIT_ARCH_X86_64 -- # X32: AMD64 instructions in 32bit address space. -- if test "x$ac_cv_sizeof_size_t" = "x4" ; then -- seccomp_audit_arch=AUDIT_ARCH_I386 -- fi - ;; - i*86-*) - seccomp_audit_arch=AUDIT_ARCH_I386 -- 2.44.0