pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: [pkgsrc-2016Q4] pkgsrc/security/openssh



Module Name:    pkgsrc
Committed By:   bsiegert
Date:           Sun Jan  8 11:05:07 UTC 2017

Modified Files:
        pkgsrc/security/openssh [pkgsrc-2016Q4]: Makefile distinfo options.mk
        pkgsrc/security/openssh/patches [pkgsrc-2016Q4]: patch-clientloop.c
            patch-openbsd-compat_bsd-openpty.c patch-session.c patch-sshd.c
Removed Files:
        pkgsrc/security/openssh/patches [pkgsrc-2016Q4]: patch-auth1.c

Log Message:
Pullup ticket #5178 - requested by taca
security/openssh: security fix

Revisions pulled up:
- security/openssh/Makefile                                     1.250
- security/openssh/distinfo                                     1.103
- security/openssh/options.mk                                   1.34
- security/openssh/patches/patch-auth1.c                        deleted
- security/openssh/patches/patch-clientloop.c                   1.5
- security/openssh/patches/patch-openbsd-compat_bsd-openpty.c   1.4
- security/openssh/patches/patch-session.c                      1.8
- security/openssh/patches/patch-sshd.c                         1.8

---
   Module Name: pkgsrc
   Committed By:        taca
   Date:                Fri Dec 30 04:43:16 UTC 2016

   Modified Files:
        pkgsrc/security/openssh: Makefile distinfo options.mk
        pkgsrc/security/openssh/patches: patch-clientloop.c
            patch-openbsd-compat_bsd-openpty.c patch-session.c patch-sshd.c
   Removed Files:
        pkgsrc/security/openssh/patches: patch-auth1.c

   Log Message:
   Update openssh to 7.4.1 (7.4p1), including security fixes.

   For full changes, please refer ChangeLog file.

   Future deprecation notice
   =========================

   We plan on retiring more legacy cryptography in future releases,
   specifically:

    * In approximately August 2017, removing remaining support for the
      SSH v.1 protocol (client-only and currently compile-time disabled).

    * In the same release, removing support for Blowfish and RC4 ciphers
      and the RIPE-MD160 HMAC. (These are currently run-time disabled).

    * Refusing all RSA keys smaller than 1024 bits (the current minimum
      is 768 bits)

    * The next release of OpenSSH will remove support for running sshd(8)
      with privilege separation disabled.

    * The next release of portable OpenSSH will remove support for
      OpenSSL version prior to 1.0.1.

   This list reflects our current intentions, but please check the final
   release notes for future releases.

   Potentially-incompatible changes
   ================================

   This release includes a number of changes that may affect existing
   configurations:

    * This release removes server support for the SSH v.1 protocol.

    * ssh(1): Remove 3des-cbc from the client's default proposal. 64-bit
      block ciphers are not safe in 2016 and we don't want to wait until
      attacks like SWEET32 are extended to SSH. As 3des-cbc was the
      only mandatory cipher in the SSH RFCs, this may cause problems
      connecting to older devices using the default configuration,
      but it's highly likely that such devices already need explicit
      configuration for key exchange and hostkey algorithms already
      anyway.

    * sshd(8): Remove support for pre-authentication compression.
      Doing compression early in the protocol probably seemed reasonable
      in the 1990s, but today it's clearly a bad idea in terms of both
      cryptography (cf. multiple compression oracle attacks in TLS) and
      attack surface. Pre-auth compression support has been disabled by
      default for >10 years. Support remains in the client.

    * ssh-agent will refuse to load PKCS#11 modules outside a whitelist
      of trusted paths by default. The path whitelist may be specified
      at run-time.

    * sshd(8): When a forced-command appears in both a certificate and
      an authorized keys/principals command= restriction, sshd will now
      refuse to accept the certificate unless they are identical.
      The previous (documented) behaviour of having the certificate
      forced-command override the other could be a bit confusing and
      error-prone.

    * sshd(8): Remove the UseLogin configuration directive and support
      for having /bin/login manage login sessions.

   Changes since OpenSSH 7.3
   =========================

   This is primarily a bugfix release.

   Security
   --------

    * ssh-agent(1): Will now refuse to load PKCS#11 modules from paths
      outside a trusted whitelist (run-time configurable). Requests to
      load modules could be passed via agent forwarding and an attacker
      could attempt to load a hostile PKCS#11 module across the forwarded
      agent channel: PKCS#11 modules are shared libraries, so this would
      result in code execution on the system running the ssh-agent if the
      attacker has control of the forwarded agent-socket (on the host
      running the sshd server) and the ability to write to the filesystem
      of the host running ssh-agent (usually the host running the ssh
      client). Reported by Jann Horn of Project Zero.

    * sshd(8): When privilege separation is disabled, forwarded Unix-
      domain sockets would be created by sshd(8) with the privileges of
      'root' instead of the authenticated user. This release refuses
      Unix-domain socket forwarding when privilege separation is disabled
      (Privilege separation has been enabled by default for 14 years).
      Reported by Jann Horn of Project Zero.

    * sshd(8): Avoid theoretical leak of host private key material to
      privilege-separated child processes via realloc() when reading
      keys. No such leak was observed in practice for normal-sized keys,
      nor does a leak to the child processes directly expose key material
      to unprivileged users. Reported by Jann Horn of Project Zero.

    * sshd(8): The shared memory manager used by pre-authentication
      compression support had a bounds checks that could be elided by
      some optimising compilers. Additionally, this memory manager was
      incorrectly accessible when pre-authentication compression was
      disabled. This could potentially allow attacks against the
      privileged monitor process from the sandboxed privilege-separation
      process (a compromise of the latter would be required first).
      This release removes support for pre-authentication compression
      from sshd(8). Reported by Guido Vranken using the Stack unstable
      optimisation identification tool (http://css.csail.mit.edu/stack/)

    * sshd(8): Fix denial-of-service condition where an attacker who
      sends multiple KEXINIT messages may consume up to 128MB per
      connection. Reported by Shi Lei of Gear Team, Qihoo 360.

    * sshd(8): Validate address ranges for AllowUser and DenyUsers
      directives at configuration load time and refuse to accept invalid
      ones. It was previously possible to specify invalid CIDR address
      ranges (e.g. user@127.1.2.3/55) and these would always match,
      possibly resulting in granting access where it was not intended.
      Reported by Laurence Parry.


To generate a diff of this commit:
cvs rdiff -u -r1.249 -r1.249.4.1 pkgsrc/security/openssh/Makefile
cvs rdiff -u -r1.102 -r1.102.4.1 pkgsrc/security/openssh/distinfo
cvs rdiff -u -r1.33 -r1.33.4.1 pkgsrc/security/openssh/options.mk
cvs rdiff -u -r1.4 -r0 pkgsrc/security/openssh/patches/patch-auth1.c
cvs rdiff -u -r1.4 -r1.4.8.1 \
    pkgsrc/security/openssh/patches/patch-clientloop.c
cvs rdiff -u -r1.3 -r1.3.8.1 \
    pkgsrc/security/openssh/patches/patch-openbsd-compat_bsd-openpty.c
cvs rdiff -u -r1.7 -r1.7.4.1 pkgsrc/security/openssh/patches/patch-session.c
cvs rdiff -u -r1.7 -r1.7.8.1 pkgsrc/security/openssh/patches/patch-sshd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/security/openssh/Makefile
diff -u pkgsrc/security/openssh/Makefile:1.249 pkgsrc/security/openssh/Makefile:1.249.4.1
--- pkgsrc/security/openssh/Makefile:1.249      Sun Sep 18 17:30:10 2016
+++ pkgsrc/security/openssh/Makefile    Sun Jan  8 11:05:07 2017
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.249 2016/09/18 17:30:10 taca Exp $
+# $NetBSD: Makefile,v 1.249.4.1 2017/01/08 11:05:07 bsiegert Exp $
 
-DISTNAME=              openssh-7.3p1
+DISTNAME=              openssh-7.4p1
 PKGNAME=               ${DISTNAME:S/p1/.1/}
 CATEGORIES=            security
 MASTER_SITES=          ${MASTER_SITE_OPENBSD:=OpenSSH/portable/}

Index: pkgsrc/security/openssh/distinfo
diff -u pkgsrc/security/openssh/distinfo:1.102 pkgsrc/security/openssh/distinfo:1.102.4.1
--- pkgsrc/security/openssh/distinfo:1.102      Sun Sep 18 17:30:10 2016
+++ pkgsrc/security/openssh/distinfo    Sun Jan  8 11:05:07 2017
@@ -1,32 +1,31 @@
-$NetBSD: distinfo,v 1.102 2016/09/18 17:30:10 taca Exp $
+$NetBSD: distinfo,v 1.102.4.1 2017/01/08 11:05:07 bsiegert Exp $
 
-SHA1 (openssh-7.3p1.tar.gz) = bfade84283fcba885e2084343ab19a08c7d123a5
-RMD160 (openssh-7.3p1.tar.gz) = 823fc1e16c5d27a2361ed0b22f5ee24be11d2c13
-SHA512 (openssh-7.3p1.tar.gz) = 7ba2d6140f38bd359ebf32ef17626e0ae1c00c3a38c01877b7c6b0317d030f10a8f82a0a51fc3b6273619de9ed73e24b8cf107b1e968f927053a3bedf97ff801
-Size (openssh-7.3p1.tar.gz) = 1522617 bytes
+SHA1 (openssh-7.4p1.tar.gz) = 2330bbf82ed08cf3ac70e0acf00186ef3eeb97e0
+RMD160 (openssh-7.4p1.tar.gz) = dff996c9f7ab697a04968fbd8924642253bc0e06
+SHA512 (openssh-7.4p1.tar.gz) = 4f3256f461f01366c5d5e0e45285eec65016e2643b3284b407f48f53d81087bf2c1caf7d5f7530d307a15c91c64de91446e1cba948e8fc68f82098290fe3b292
+Size (openssh-7.4p1.tar.gz) = 1511780 bytes
 SHA1 (patch-Makefile.in) = 98960119bda68a663214c8880484552f1207bcfc
 SHA1 (patch-auth-passwd.c) = 5205ca4d15dbcd3f4c574f0a2fb7713ae69af5f7
 SHA1 (patch-auth-rhosts.c) = a5e6131e63b83a7e8a06cd80f22def449d6bc2c4
 SHA1 (patch-auth.c) = cd13f8b31b45d668c5e09eca098b17ec8a7c1039
-SHA1 (patch-auth1.c) = cdac14ffa4008e62926526e66316b0a553435374
 SHA1 (patch-auth2.c) = efc1eb6d28cb6ec2bd87723943f3e36c612d93aa
 SHA1 (patch-channels.c) = edcce67664bbbc30a8d10ed2fe58dcece944726c
-SHA1 (patch-clientloop.c) = 9b2db181d964b7720e1dc12724a9b9033f28d0e7
+SHA1 (patch-clientloop.c) = 4e88fbd14db33f003eb93c30c682a017e102196e
 SHA1 (patch-config.h.in) = 7406f10b568d2b8237ee575922ce712658d90d59
 SHA1 (patch-configure.ac) = d7ba54f34e03fd204eb1a9804fcae7fd16e285e2
 SHA1 (patch-defines.h) = bd8687a9a2857f3b8d15ae94095f27f9344003c4
 SHA1 (patch-includes.h) = c4a7622af6fbcd098d18d257724dca6aaeea4fda
 SHA1 (patch-loginrec.c) = 28082deb14258fe63cbecad8ac96afc016de439c
-SHA1 (patch-openbsd-compat_bsd-openpty.c) = eaac72830e36e307c19a7b679e6018ece9aebaac
+SHA1 (patch-openbsd-compat_bsd-openpty.c) = 80e076a18a0f9ba211ecd4bc5853ce01899568ae
 SHA1 (patch-openbsd-compat_openbsd-compat.h) = bedbede16ab2fe918419c994ba15a20167b411b4
 SHA1 (patch-openbsd-compat_port-tun.c) = 690dfb1f945d186dd3de5bea70ed8fab86e590ee
 SHA1 (patch-platform.c) = f8f211dbc5e596c0f82eb86324d18a84c6151ec5
 SHA1 (patch-sandbox-darwin.c) = c9a1fe2e4dbf98e929d983b4206a244e0e354b75
 SHA1 (patch-scp.c) = 9c2317b0f796641903a826db355ba06595a26ea1
-SHA1 (patch-session.c) = 850cef27299cf8af6a19987d5e070bf501cd57fb
+SHA1 (patch-session.c) = c67d649dc66a65ff39d701135a2f2dab6ba2fb93
 SHA1 (patch-sftp-common.c) = 6819aa040c8f1caa30a704cf6f0588e498df8778
 SHA1 (patch-ssh.c) = 6877d8205d999906c14240d4d112b084609927ca
 SHA1 (patch-sshd.8) = 5bf48cd27cef8e8810b9dc7115f5180102a345d1
-SHA1 (patch-sshd.c) = cd23ce269bfb48b0caa901e62fc01d35ef0618ac
+SHA1 (patch-sshd.c) = a1ccf7e54275629965d80d9cf7cd8669d9f1f4cf
 SHA1 (patch-sshpty.c) = cb691d4fbde808927f2fbcc12b87ad983cf21938
 SHA1 (patch-uidswap.c) = 68c4f5ffab7f4c5c9c00b7443a74b2da52809b7e

Index: pkgsrc/security/openssh/options.mk
diff -u pkgsrc/security/openssh/options.mk:1.33 pkgsrc/security/openssh/options.mk:1.33.4.1
--- pkgsrc/security/openssh/options.mk:1.33     Sun Jul 10 10:41:38 2016
+++ pkgsrc/security/openssh/options.mk  Sun Jan  8 11:05:07 2017
@@ -1,9 +1,9 @@
-# $NetBSD: options.mk,v 1.33 2016/07/10 10:41:38 rillig Exp $
+# $NetBSD: options.mk,v 1.33.4.1 2017/01/08 11:05:07 bsiegert Exp $
 
 .include "../../mk/bsd.prefs.mk"
 
 PKG_OPTIONS_VAR=       PKG_OPTIONS.openssh
-PKG_SUPPORTED_OPTIONS= hpn-patch kerberos openssl pam
+PKG_SUPPORTED_OPTIONS= kerberos openssl pam
 PKG_SUGGESTED_OPTIONS= openssl
 
 .include "../../mk/bsd.options.mk"
@@ -23,11 +23,11 @@ CONFIGURE_ENV+=             ac_cv_search_k_hasafs=n
 .  endif
 .endif
 
-.if !empty(PKG_OPTIONS:Mhpn-patch)
-PATCHFILES=            openssh-7.1p1-hpn-20150822.diff.bz2
-PATCH_SITES=           ftp://ftp.NetBSD.org/pub/NetBSD/misc/openssh/
-PATCH_DIST_STRIP=      -p1
-.endif
+#.if !empty(PKG_OPTIONS:Mhpn-patch)
+#PATCHFILES=           openssh-7.1p1-hpn-20150822.diff.bz2
+#PATCH_SITES=          ftp://ftp.NetBSD.org/pub/NetBSD/misc/openssh/
+#PATCH_DIST_STRIP=     -p1
+#.endif
 
 PLIST_VARS+=   pam
 

Index: pkgsrc/security/openssh/patches/patch-clientloop.c
diff -u pkgsrc/security/openssh/patches/patch-clientloop.c:1.4 pkgsrc/security/openssh/patches/patch-clientloop.c:1.4.8.1
--- pkgsrc/security/openssh/patches/patch-clientloop.c:1.4      Tue Mar 15 20:54:07 2016
+++ pkgsrc/security/openssh/patches/patch-clientloop.c  Sun Jan  8 11:05:07 2017
@@ -1,12 +1,12 @@
-$NetBSD: patch-clientloop.c,v 1.4 2016/03/15 20:54:07 bsiegert Exp $
+$NetBSD: patch-clientloop.c,v 1.4.8.1 2017/01/08 11:05:07 bsiegert Exp $
 
 Fix X11 forwarding under Mac OS X Yosemite. Patch taken from MacPorts.
 
 https://trac.macports.org/browser/trunk/dports/net/openssh/files/launchd.patch?rev=121205
 
---- clientloop.c.orig  2016-03-09 18:04:48.000000000 +0000
+--- clientloop.c.orig  2016-12-19 04:59:41.000000000 +0000
 +++ clientloop.c
-@@ -313,6 +313,10 @@ client_x11_get_proto(const char *display
+@@ -315,6 +315,10 @@ client_x11_get_proto(const char *display
        struct stat st;
        u_int now, x11_timeout_real;
  
@@ -17,7 +17,7 @@ https://trac.macports.org/browser/trunk/
        *_proto = proto;
        *_data = data;
        proto[0] = data[0] = xauthfile[0] = xauthdir[0] = '\0';
-@@ -329,6 +333,33 @@ client_x11_get_proto(const char *display
+@@ -331,6 +335,33 @@ client_x11_get_proto(const char *display
        }
  
        if (xauth_path != NULL) {
@@ -51,9 +51,9 @@ https://trac.macports.org/browser/trunk/
                /*
                 * Handle FamilyLocal case where $DISPLAY does
                 * not match an authorization entry.  For this we
-@@ -438,6 +469,9 @@ client_x11_get_proto(const char *display
-       if (!got_data) {
-               u_int32_t rnd = 0;
+@@ -441,6 +472,9 @@ client_x11_get_proto(const char *display
+               u_int8_t rnd[16];
+               u_int i;
  
 +#if __APPLE__
 +              if (!is_path_to_socket)

Index: pkgsrc/security/openssh/patches/patch-openbsd-compat_bsd-openpty.c
diff -u pkgsrc/security/openssh/patches/patch-openbsd-compat_bsd-openpty.c:1.3 pkgsrc/security/openssh/patches/patch-openbsd-compat_bsd-openpty.c:1.3.8.1
--- pkgsrc/security/openssh/patches/patch-openbsd-compat_bsd-openpty.c:1.3      Mon Jan 18 12:53:26 2016
+++ pkgsrc/security/openssh/patches/patch-openbsd-compat_bsd-openpty.c  Sun Jan  8 11:05:07 2017
@@ -1,25 +1,21 @@
-$NetBSD: patch-openbsd-compat_bsd-openpty.c,v 1.3 2016/01/18 12:53:26 jperkin Exp $
+$NetBSD: patch-openbsd-compat_bsd-openpty.c,v 1.3.8.1 2017/01/08 11:05:07 bsiegert Exp $
 
 Interix support
 
---- openbsd-compat/bsd-openpty.c.orig  2015-08-21 04:49:03.000000000 +0000
+--- openbsd-compat/bsd-openpty.c.orig  2016-12-19 04:59:41.000000000 +0000
 +++ openbsd-compat/bsd-openpty.c
-@@ -121,15 +121,17 @@ openpty(int *amaster, int *aslave, char 
+@@ -121,6 +121,7 @@ openpty(int *amaster, int *aslave, char 
                return (-1);
        }
  
 +#if !defined(HAVE_INTERIX)
        /*
-        * Try to push the appropriate streams modules, as described 
+        * Try to push the appropriate streams modules, as described
         * in Solaris pts(7).
-        */
-       ioctl(*aslave, I_PUSH, "ptem");
-       ioctl(*aslave, I_PUSH, "ldterm");
--# ifndef __hpux
-+  # ifndef __hpux
+@@ -130,6 +131,7 @@ openpty(int *amaster, int *aslave, char 
+ # ifndef __hpux
        ioctl(*aslave, I_PUSH, "ttcompat");
--# endif /* __hpux */
-+  # endif /* __hpux */
+ # endif /* __hpux */
 +#endif /* !HAVE_INTERIX */
  
        return (0);

Index: pkgsrc/security/openssh/patches/patch-session.c
diff -u pkgsrc/security/openssh/patches/patch-session.c:1.7 pkgsrc/security/openssh/patches/patch-session.c:1.7.4.1
--- pkgsrc/security/openssh/patches/patch-session.c:1.7 Sun Sep 18 17:30:11 2016
+++ pkgsrc/security/openssh/patches/patch-session.c     Sun Jan  8 11:05:07 2017
@@ -1,10 +1,10 @@
-$NetBSD: patch-session.c,v 1.7 2016/09/18 17:30:11 taca Exp $
+$NetBSD: patch-session.c,v 1.7.4.1 2017/01/08 11:05:07 bsiegert Exp $
 
 * Interix support.
 
---- session.c.orig     2016-07-27 22:54:27.000000000 +0000
+--- session.c.orig     2016-12-19 04:59:41.000000000 +0000
 +++ session.c
-@@ -1120,7 +1120,7 @@ read_etc_default_login(char ***env, u_in
+@@ -934,7 +934,7 @@ read_etc_default_login(char ***env, u_in
        if (tmpenv == NULL)
                return;
  
@@ -13,16 +13,16 @@ $NetBSD: patch-session.c,v 1.7 2016/09/1
                var = child_get_env(tmpenv, "SUPATH");
        else
                var = child_get_env(tmpenv, "PATH");
-@@ -1230,7 +1230,7 @@ do_setup_env(Session *s, const char *she
+@@ -1042,7 +1042,7 @@ do_setup_env(Session *s, const char *she
  #  endif /* HAVE_ETC_DEFAULT_LOGIN */
-               if (path == NULL || *path == '\0') {
-                       child_set_env(&env, &envsize, "PATH",
--                          s->pw->pw_uid == 0 ?
-+                          s->pw->pw_uid == ROOTUID ?
-                               SUPERUSER_PATH : _PATH_STDPATH);
-               }
+       if (path == NULL || *path == '\0') {
+               child_set_env(&env, &envsize, "PATH",
+-                  s->pw->pw_uid == 0 ?  SUPERUSER_PATH : _PATH_STDPATH);
++                  s->pw->pw_uid == ROOTUID ?  SUPERUSER_PATH : _PATH_STDPATH);
+       }
  # endif /* HAVE_CYGWIN */
-@@ -1346,6 +1346,18 @@ do_setup_env(Session *s, const char *she
+ #endif /* HAVE_LOGIN_CAP */
+@@ -1154,6 +1154,18 @@ do_setup_env(Session *s, const char *she
                    strcmp(pw->pw_dir, "/") ? pw->pw_dir : "");
                read_environment_file(&env, &envsize, buf);
        }
@@ -41,7 +41,7 @@ $NetBSD: patch-session.c,v 1.7 2016/09/1
        if (debug_flag) {
                /* dump the environment */
                fprintf(stderr, "Environment:\n");
-@@ -1537,11 +1549,13 @@ do_setusercontext(struct passwd *pw)
+@@ -1345,11 +1357,13 @@ do_setusercontext(struct passwd *pw)
                        perror("setgid");
                        exit(1);
                }
@@ -55,7 +55,7 @@ $NetBSD: patch-session.c,v 1.7 2016/09/1
                endgrent();
  #endif
  
-@@ -2388,7 +2402,7 @@ session_pty_cleanup2(Session *s)
+@@ -2148,7 +2162,7 @@ session_pty_cleanup2(Session *s)
                record_logout(s->pid, s->tty, s->pw->pw_name);
  
        /* Release the pseudo-tty. */

Index: pkgsrc/security/openssh/patches/patch-sshd.c
diff -u pkgsrc/security/openssh/patches/patch-sshd.c:1.7 pkgsrc/security/openssh/patches/patch-sshd.c:1.7.8.1
--- pkgsrc/security/openssh/patches/patch-sshd.c:1.7    Tue Mar 15 20:54:07 2016
+++ pkgsrc/security/openssh/patches/patch-sshd.c        Sun Jan  8 11:05:07 2017
@@ -1,11 +1,11 @@
-$NetBSD: patch-sshd.c,v 1.7 2016/03/15 20:54:07 bsiegert Exp $
+$NetBSD: patch-sshd.c,v 1.7.8.1 2017/01/08 11:05:07 bsiegert Exp $
 
 * Interix support
 * Revive tcp_wrappers support.
 
---- sshd.c.orig        2016-03-09 18:04:48.000000000 +0000
+--- sshd.c.orig        2016-12-19 04:59:41.000000000 +0000
 +++ sshd.c
-@@ -125,6 +125,13 @@
+@@ -123,6 +123,13 @@
  #include "version.h"
  #include "ssherr.h"
  
@@ -16,10 +16,10 @@ $NetBSD: patch-sshd.c,v 1.7 2016/03/15 2
 +int deny_severity;
 +#endif /* LIBWRAP */
 +
- #ifndef O_NOCTTY
- #define O_NOCTTY      0
- #endif
-@@ -236,7 +243,11 @@ int *startup_pipes = NULL;
+ /* Re-exec fds */
+ #define REEXEC_DEVCRYPTO_RESERVED_FD  (STDERR_FILENO + 1)
+ #define REEXEC_STARTUP_PIPE_FD                (STDERR_FILENO + 2)
+@@ -220,7 +227,11 @@ int *startup_pipes = NULL;
  int startup_pipe;             /* in child */
  
  /* variables used for privilege separation */
@@ -31,7 +31,7 @@ $NetBSD: patch-sshd.c,v 1.7 2016/03/15 2
  struct monitor *pmonitor = NULL;
  int privsep_is_preauth = 1;
  
-@@ -632,7 +643,7 @@ privsep_preauth_child(void)
+@@ -541,7 +552,7 @@ privsep_preauth_child(void)
        demote_sensitive_data();
  
        /* Demote the child */
@@ -40,7 +40,7 @@ $NetBSD: patch-sshd.c,v 1.7 2016/03/15 2
                /* Change our root directory */
                if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)
                        fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR,
-@@ -643,10 +654,15 @@ privsep_preauth_child(void)
+@@ -552,10 +563,15 @@ privsep_preauth_child(void)
                /* Drop our privileges */
                debug3("privsep user:group %u:%u", (u_int)privsep_pw->pw_uid,
                    (u_int)privsep_pw->pw_gid);
@@ -56,7 +56,7 @@ $NetBSD: patch-sshd.c,v 1.7 2016/03/15 2
        }
  }
  
-@@ -713,10 +729,17 @@ privsep_preauth(Authctxt *authctxt)
+@@ -619,10 +635,17 @@ privsep_preauth(Authctxt *authctxt)
                /* Arrange for logging to be sent to the monitor */
                set_log_handler(mm_log_handler, pmonitor);
  
@@ -74,16 +74,16 @@ $NetBSD: patch-sshd.c,v 1.7 2016/03/15 2
  
                return 0;
        }
-@@ -730,7 +753,7 @@ privsep_postauth(Authctxt *authctxt)
+@@ -634,7 +657,7 @@ privsep_postauth(Authctxt *authctxt)
  #ifdef DISABLE_FD_PASSING
        if (1) {
  #else
--      if (authctxt->pw->pw_uid == 0 || options.use_login) {
-+      if (authctxt->pw->pw_uid == ROOTUID || options.use_login) {
+-      if (authctxt->pw->pw_uid == 0) {
++      if (authctxt->pw->pw_uid == ROOTUID) {
  #endif
                /* File descriptor passing is broken or root login */
                use_privsep = 0;
-@@ -1497,8 +1520,10 @@ main(int ac, char **av)
+@@ -1389,8 +1412,10 @@ main(int ac, char **av)
        av = saved_argv;
  #endif
  
@@ -95,7 +95,7 @@ $NetBSD: patch-sshd.c,v 1.7 2016/03/15 2
  
        /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
        sanitise_stdfd();
-@@ -1925,7 +1950,7 @@ main(int ac, char **av)
+@@ -1766,7 +1791,7 @@ main(int ac, char **av)
                    (st.st_uid != getuid () ||
                    (st.st_mode & (S_IWGRP|S_IWOTH)) != 0))
  #else
@@ -104,7 +104,7 @@ $NetBSD: patch-sshd.c,v 1.7 2016/03/15 2
  #endif
                        fatal("%s must be owned by root and not group or "
                            "world-writable.", _PATH_PRIVSEP_CHROOT_DIR);
-@@ -1948,8 +1973,10 @@ main(int ac, char **av)
+@@ -1789,8 +1814,10 @@ main(int ac, char **av)
         * to create a file, and we can't control the code in every
         * module which might be used).
         */
@@ -115,7 +115,7 @@ $NetBSD: patch-sshd.c,v 1.7 2016/03/15 2
  
        if (rexec_flag) {
                rexec_argv = xcalloc(rexec_argc + 2, sizeof(char *));
-@@ -2145,6 +2172,25 @@ main(int ac, char **av)
+@@ -1972,6 +1999,25 @@ main(int ac, char **av)
        audit_connection_from(remote_ip, remote_port);
  #endif
  



Home | Main Index | Thread Index | Old Index