openssh: Update to 9.1p1

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/openssh/openssh.nm b/openssh/openssh.nm
index 0cb49bcbf6404a09c0d96171ec570f335e07f0e9..6df5d41fa10c02e443444e81f178e98392a16be7 100644 (file)
--- a/openssh/openssh.nm
+++ b/openssh/openssh.nm
@@ -4,11 +4,11 @@
 ###############################################################################
 
 name       = openssh
-version    = 8.0p1
+version    = 9.1p1
 release    = 1
 
 groups     = Application/Internet
-url        = http://www.openssh.com/portable.html
+url        = https://www.openssh.com/portable.html
 license    = MIT
 summary    = An open source implementation of SSH protocol versions 1 and 2.
 
@@ -19,7 +19,7 @@ description
        untrusted hosts over an insecure network.
 end
 
-source_dl  = http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/
+source_dl  = https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/
 
 build
        requires

diff --git a/openssh/patches/openssh-6.6p1-keyperm.patch b/openssh/patches/openssh-6.6p1-keyperm.patch
deleted file mode 100644 (file)
index fbe33b0..0000000
--- a/openssh/patches/openssh-6.6p1-keyperm.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff --git a/authfile.c b/authfile.c
-index e93d867..4fc5b3d 100644
---- a/authfile.c
-+++ b/authfile.c
-@@ -32,6 +32,7 @@
- 
- #include <errno.h>
- #include <fcntl.h>
-+#include <grp.h>
- #include <stdio.h>
- #include <stdarg.h>
- #include <stdlib.h>
-@@ -207,6 +208,13 @@ sshkey_perm_ok(int fd, const char *filename)
- #ifdef HAVE_CYGWIN
-       if (check_ntsec(filename))
- #endif
-+      if (st.st_mode & 040) {
-+              struct group *gr;
-+
-+              if ((gr = getgrnam("ssh_keys")) && (st.st_gid == gr->gr_gid))
-+                      st.st_mode &= ~040;
-+      }
-+
-       if ((st.st_uid == getuid()) && (st.st_mode & 077) != 0) {
-               error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
-               error("@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @");

diff --git a/openssh/patches/openssh-6.7p1-sftp-force-permission.patch b/openssh/patches/openssh-6.7p1-sftp-force-permission.patch
deleted file mode 100644 (file)
index 1a88e50..0000000
--- a/openssh/patches/openssh-6.7p1-sftp-force-permission.patch
+++ /dev/null
@@ -1,81 +0,0 @@
-diff -up openssh-6.8p1/sftp-server.8.sftp-force-mode openssh-6.8p1/sftp-server.8
---- openssh-6.8p1/sftp-server.8.sftp-force-mode        2015-03-17 06:49:20.000000000 +0100
-+++ openssh-6.8p1/sftp-server.8        2015-03-18 13:18:05.898306477 +0100
-@@ -38,6 +38,7 @@
- .Op Fl P Ar blacklisted_requests
- .Op Fl p Ar whitelisted_requests
- .Op Fl u Ar umask
-+.Op Fl m Ar force_file_perms
- .Ek
- .Nm
- .Fl Q Ar protocol_feature
-@@ -138,6 +139,10 @@ Sets an explicit
- .Xr umask 2
- to be applied to newly-created files and directories, instead of the
- user's default mask.
-+.It Fl m Ar force_file_perms
-+Sets explicit file permissions to be applied to newly-created files instead
-+of the default or client requested mode.  Numeric values include:
-+777, 755, 750, 666, 644, 640, etc.  Option -u is ineffective if -m is set.
- .El
- .Pp
- On some systems,
-diff -up openssh-6.8p1/sftp-server.c.sftp-force-mode openssh-6.8p1/sftp-server.c
---- openssh-6.8p1/sftp-server.c.sftp-force-mode        2015-03-18 13:18:05.883306513 +0100
-+++ openssh-6.8p1/sftp-server.c        2015-03-18 13:18:36.697232193 +0100
-@@ -70,6 +70,10 @@ struct sshbuf *oqueue;
- /* Version of client */
- static u_int version;
- 
-+/* Force file permissions */
-+int permforce = 0;
-+long permforcemode;
-+
- /* SSH2_FXP_INIT received */
- static int init_done;
- 
-@@ -693,6 +697,10 @@ process_open(u_int32_t id)
-       debug3("request %u: open flags %d", id, pflags);
-       flags = flags_from_portable(pflags);
-       mode = (a.flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? a.perm : 0666;
-+      if (permforce == 1) {   /* Force perm if -m is set */
-+              mode = permforcemode;
-+              (void)umask(0); /* so umask does not interfere           */
-+      }       
-       logit("open \"%s\" flags %s mode 0%o",
-           name, string_from_portable(pflags), mode);
-       if (readonly &&
-@@ -1495,7 +1503,7 @@ sftp_server_usage(void)
-       fprintf(stderr,
-           "usage: %s [-ehR] [-d start_directory] [-f log_facility] "
-           "[-l log_level]\n\t[-P blacklisted_requests] "
--          "[-p whitelisted_requests] [-u umask]\n"
-+          "[-p whitelisted_requests] [-u umask] [-m force_file_perms]\n"
-           "       %s -Q protocol_feature\n",
-           __progname, __progname);
-       exit(1);
-@@ -1520,7 +1528,7 @@ sftp_server_main(int argc, char **argv,
-       pw = pwcopy(user_pw);
- 
-       while (!skipargs && (ch = getopt(argc, argv,
--          "d:f:l:P:p:Q:u:cehR")) != -1) {
-+          "d:f:l:P:p:Q:u:m:cehR")) != -1) {
-               switch (ch) {
-               case 'Q':
-                       if (strcasecmp(optarg, "requests") != 0) {
-@@ -1580,6 +1588,15 @@ sftp_server_main(int argc, char **argv,
-                               fatal("Invalid umask \"%s\"", optarg);
-                       (void)umask((mode_t)mask);
-                       break;
-+              case 'm':
-+                      /* Force permissions on file received via sftp */
-+                      permforce = 1;
-+                      permforcemode = strtol(optarg, &cp, 8);
-+                      if (permforcemode < 0 || permforcemode > 0777 ||
-+                          *cp != '\0' || (permforcemode == 0 &&
-+                          errno != 0))
-+                              fatal("Invalid file mode \"%s\"", optarg);
-+                      break;
-               case 'h':
-               default:
-                       sftp_server_usage();