diff options
author | tqre | 2020-10-05 19:56:53 +0300 |
---|---|---|
committer | tqre | 2020-10-05 19:56:53 +0300 |
commit | 8427a4427d8e3e405e09029c1a217ba2f83cb9e6 (patch) | |
tree | 840f7bdc5f40443a99fedb7d460a73947ad62eff | |
parent | 48dddc8831e454b8437bcbaa5ac806a9f2c05c71 (diff) | |
download | aur-8427a4427d8e3e405e09029c1a217ba2f83cb9e6.tar.gz |
openssh-selinux 8.4p1-1 update
-rw-r--r-- | .SRCINFO | 18 | ||||
-rw-r--r-- | 3122.patch | 98 | ||||
-rw-r--r-- | 67290.patch | 49 | ||||
-rw-r--r-- | PKGBUILD | 18 |
4 files changed, 10 insertions, 173 deletions
@@ -1,7 +1,7 @@ pkgbase = openssh-selinux pkgdesc = Premier connectivity tool for remote login with the SSH protocol, with SELinux support - pkgver = 8.3p1 - pkgrel = 4 + pkgver = 8.4p1 + pkgrel = 1 url = https://www.openssh.com/portable.html install = install arch = x86_64 @@ -19,27 +19,23 @@ pkgbase = openssh-selinux optdepends = xorg-xauth: X11 forwarding optdepends = x11-ssh-askpass: input passphrase in X optdepends = libfido2: FIDO/U2F support - provides = openssh=8.3p1-4 - provides = selinux-openssh=8.3p1-4 + provides = openssh=8.4p1-1 + provides = selinux-openssh=8.4p1-1 conflicts = openssh conflicts = selinux-openssh backup = etc/ssh/ssh_config backup = etc/ssh/sshd_config backup = etc/pam.d/sshd - source = https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.3p1.tar.gz - source = https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.3p1.tar.gz.asc - source = 67290.patch - source = 3122.patch + source = https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.4p1.tar.gz + source = https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.4p1.tar.gz.asc source = sshdgenkeys.service source = sshd.service source = sshd.conf source = sshd.pam source = glibc-2.31.patch validpgpkeys = 59C2118ED206D927E667EBE3D3E5F56B6D920D30 - sha256sums = f2befbe0472fe7eb75d23340eb17531cb6b3aac24075e2066b41f814e12387b2 + sha256sums = 5a01d22e407eb1c05ba8a8f7c654d388a13e9f226e4ed33bd38748dafa1d2b24 sha256sums = SKIP - sha256sums = 3ccc1c6672521782c154c89607d2c2d7a67e0f66a349260e00e28ae999ea54f5 - sha256sums = a13330ca7560b25e4defcd4bdecf28ed37b416362e13aebcb0e57164e575e659 sha256sums = 4031577db6416fcbaacf8a26a024ecd3939e5c10fe6a86ee3f0eea5093d533b7 sha256sums = e40f8b7c8e5e2ecf3084b3511a6c36d5b5c9f9e61f2bb13e3726c71dc7d4fbc7 sha256sums = 4effac1186cc62617f44385415103021f72f674f8b8e26447fc1139c670090f6 diff --git a/3122.patch b/3122.patch deleted file mode 100644 index 0a66daddb9ff..000000000000 --- a/3122.patch +++ /dev/null @@ -1,98 +0,0 @@ -diff -Naur old/servconf.c new/servconf.c ---- old/servconf.c 2020-05-26 14:38:00.000000000 -1000 -+++ new/servconf.c 2020-07-16 10:14:14.076284901 -1000 -@@ -550,6 +550,7 @@ - #define SSHCFG_MATCH 0x02 /* allowed inside a Match section */ - #define SSHCFG_ALL (SSHCFG_GLOBAL|SSHCFG_MATCH) - #define SSHCFG_NEVERMATCH 0x04 /* Match never matches; internal only */ -+#define SSHCFG_MATCH_ONLY 0x08 /* Match only in conditional blocks; internal only */ - - /* Textual representation of the tokens. */ - static struct { -@@ -1259,7 +1260,7 @@ - static int - process_server_config_line_depth(ServerOptions *options, char *line, - const char *filename, int linenum, int *activep, -- struct connection_info *connectinfo, int inc_flags, int depth, -+ struct connection_info *connectinfo, int *inc_flags, int depth, - struct include_list *includes) - { - char ch, *cp, ***chararrayptr, **charptr, *arg, *arg2, *p; -@@ -2002,7 +2003,9 @@ - parse_server_config_depth(options, - item->filename, item->contents, - includes, connectinfo, -- (oactive ? 0 : SSHCFG_NEVERMATCH), -+ (*inc_flags & SSHCFG_MATCH_ONLY -+ ? SSHCFG_MATCH_ONLY : (oactive -+ ? 0 : SSHCFG_NEVERMATCH)), - activep, depth + 1); - } - found = 1; -@@ -2050,7 +2053,9 @@ - parse_server_config_depth(options, - item->filename, item->contents, - includes, connectinfo, -- (oactive ? 0 : SSHCFG_NEVERMATCH), -+ (*inc_flags & SSHCFG_MATCH_ONLY -+ ? SSHCFG_MATCH_ONLY : (oactive -+ ? 0 : SSHCFG_NEVERMATCH)), - activep, depth + 1); - *activep = oactive; - TAILQ_INSERT_TAIL(includes, item, entry); -@@ -2068,11 +2073,14 @@ - if (cmdline) - fatal("Match directive not supported as a command-line " - "option"); -- value = match_cfg_line(&cp, linenum, connectinfo); -+ value = match_cfg_line(&cp, linenum, -+ (*inc_flags & SSHCFG_NEVERMATCH ? NULL : connectinfo)); - if (value < 0) - fatal("%s line %d: Bad Match condition", filename, - linenum); -- *activep = (inc_flags & SSHCFG_NEVERMATCH) ? 0 : value; -+ *activep = (*inc_flags & SSHCFG_NEVERMATCH) ? 0 : value; -+ /* The MATCH_ONLY is applicable only until the first match block */ -+ *inc_flags &= ~SSHCFG_MATCH_ONLY; - break; - - case sPermitListen: -@@ -2375,8 +2383,10 @@ - const char *filename, int linenum, int *activep, - struct connection_info *connectinfo, struct include_list *includes) - { -+ int inc_flags = 0; -+ - return process_server_config_line_depth(options, line, filename, -- linenum, activep, connectinfo, 0, 0, includes); -+ linenum, activep, connectinfo, &inc_flags, 0, includes); - } - - -@@ -2581,14 +2591,15 @@ - if (depth < 0 || depth > SERVCONF_MAX_DEPTH) - fatal("Too many recursive configuration includes"); - -- debug2("%s: config %s len %zu", __func__, filename, sshbuf_len(conf)); -+ debug2("%s: config %s len %zu%s", __func__, filename, sshbuf_len(conf), -+ (flags & SSHCFG_NEVERMATCH ? " [checking syntax only]" : "")); - - if ((obuf = cbuf = sshbuf_dup_string(conf)) == NULL) - fatal("%s: sshbuf_dup_string failed", __func__); - linenum = 1; - while ((cp = strsep(&cbuf, "\n")) != NULL) { - if (process_server_config_line_depth(options, cp, -- filename, linenum++, activep, connectinfo, flags, -+ filename, linenum++, activep, connectinfo, &flags, - depth, includes) != 0) - bad_options++; - } -@@ -2606,7 +2617,7 @@ - { - int active = connectinfo ? 0 : 1; - parse_server_config_depth(options, filename, conf, includes, -- connectinfo, 0, &active, 0); -+ connectinfo, (connectinfo ? SSHCFG_MATCH_ONLY : 0), &active, 0); - } - - static const char * diff --git a/67290.patch b/67290.patch deleted file mode 100644 index 15ee45eb377b..000000000000 --- a/67290.patch +++ /dev/null @@ -1,49 +0,0 @@ -From c514f3c0522855b4d548286eaa113e209051a6d2 Mon Sep 17 00:00:00 2001 -From: "djm@openbsd.org" <djm@openbsd.org> -Date: Thu, 18 Jun 2020 23:33:38 +0000 -Subject: upstream: avoid spurious "Unable to load host key" message when - -sshd can load a private key but no public counterpart; with & ok markus@ - -OpenBSD-Commit-ID: 0713cbdf9aa1ff8ac7b1f78b09ac911af510f81b ---- - authfile.c | 10 ++++++++-- - 1 file changed, 8 insertions(+), 2 deletions(-) - -diff --git a/authfile.c b/authfile.c -index 35ccf576..946f50ca 100644 ---- a/authfile.c -+++ b/authfile.c -@@ -1,4 +1,4 @@ --/* $OpenBSD: authfile.c,v 1.140 2020/04/17 07:15:11 djm Exp $ */ -+/* $OpenBSD: authfile.c,v 1.141 2020/06/18 23:33:38 djm Exp $ */ - /* - * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved. - * -@@ -263,7 +263,7 @@ int - sshkey_load_public(const char *filename, struct sshkey **keyp, char **commentp) - { - char *pubfile = NULL; -- int r; -+ int r, oerrno; - - if (keyp != NULL) - *keyp = NULL; -@@ -283,8 +283,14 @@ sshkey_load_public(const char *filename, struct sshkey **keyp, char **commentp) - if ((r = sshkey_load_pubkey_from_private(filename, keyp)) == 0) - goto out; - -+ /* Pretend we couldn't find the key */ -+ r = SSH_ERR_SYSTEM_ERROR; -+ errno = ENOENT; -+ - out: -+ oerrno = errno; - free(pubfile); -+ errno = oerrno; - return r; - } - --- -cgit v1.2.3 - @@ -9,8 +9,8 @@ # If you want to help keep it up to date, please open a Pull Request there. pkgname=openssh-selinux -pkgver=8.3p1 -pkgrel=4 +pkgver=8.4p1 +pkgrel=1 pkgdesc='Premier connectivity tool for remote login with the SSH protocol, with SELinux support' url='https://www.openssh.com/portable.html' license=('custom:BSD') @@ -28,17 +28,13 @@ groups=('selinux') validpgpkeys=('59C2118ED206D927E667EBE3D3E5F56B6D920D30') #source=("git://anongit.mindrot.org/openssh.git?signed#tag=V_8_2_P1" source=("https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/${pkgname/-selinux}-${pkgver}.tar.gz"{,.asc} - '67290.patch' - '3122.patch' 'sshdgenkeys.service' 'sshd.service' 'sshd.conf' 'sshd.pam' 'glibc-2.31.patch') -sha256sums=('f2befbe0472fe7eb75d23340eb17531cb6b3aac24075e2066b41f814e12387b2' +sha256sums=('5a01d22e407eb1c05ba8a8f7c654d388a13e9f226e4ed33bd38748dafa1d2b24' 'SKIP' - '3ccc1c6672521782c154c89607d2c2d7a67e0f66a349260e00e28ae999ea54f5' - 'a13330ca7560b25e4defcd4bdecf28ed37b416362e13aebcb0e57164e575e659' '4031577db6416fcbaacf8a26a024ecd3939e5c10fe6a86ee3f0eea5093d533b7' 'e40f8b7c8e5e2ecf3084b3511a6c36d5b5c9f9e61f2bb13e3726c71dc7d4fbc7' '4effac1186cc62617f44385415103021f72f674f8b8e26447fc1139c670090f6' @@ -52,14 +48,6 @@ install=install prepare() { cd "${srcdir}/${pkgname/-selinux}-${pkgver}" - # Fix FS#67290 - # From https://anongit.mindrot.org/openssh.git/patch/?id=c514f3c0522855b4d548286eaa113e209051a6d2 - patch -p1 -i ../67290.patch - - # Fix https://bugzilla.mindrot.org/show_bug.cgi?id=3122 - # Backported from https://anongit.mindrot.org/openssh.git/patch/?id=7af1e92cd289b7eaa9a683e9a6f2fddd98f37a01' - patch -p1 -i ../3122.patch - patch -p1 -i ../glibc-2.31.patch autoreconf } |