From: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu, 24 Nov 2022 18:00:15 +0000 (+0000)
Subject: openssh: Update to 9.1p1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=32c9022c8dfba8790e419828fbc0290bcf8bc149;p=ipfire-3.x.git

openssh: Update to 9.1p1

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/openssh/openssh.nm b/openssh/openssh.nm
index 0cb49bcbf..6df5d41fa 100644
--- a/openssh/openssh.nm
+++ b/openssh/openssh.nm
@@ -4,11 +4,11 @@
 ###############################################################################
 
 name       = openssh
-version    = 8.0p1
+version    = 9.1p1
 release    = 1
 
 groups     = Application/Internet
-url        = http://www.openssh.com/portable.html
+url        = https://www.openssh.com/portable.html
 license    = MIT
 summary    = An open source implementation of SSH protocol versions 1 and 2.
 
@@ -19,7 +19,7 @@ description
 	untrusted hosts over an insecure network.
 end
 
-source_dl  = http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/
+source_dl  = https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/
 
 build
 	requires
diff --git a/openssh/patches/openssh-6.6p1-keyperm.patch b/openssh/patches/openssh-6.6p1-keyperm.patch
deleted file mode 100644
index fbe33b0e1..000000000
--- a/openssh/patches/openssh-6.6p1-keyperm.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff --git a/authfile.c b/authfile.c
-index e93d867..4fc5b3d 100644
---- a/authfile.c
-+++ b/authfile.c
-@@ -32,6 +32,7 @@
- 
- #include <errno.h>
- #include <fcntl.h>
-+#include <grp.h>
- #include <stdio.h>
- #include <stdarg.h>
- #include <stdlib.h>
-@@ -207,6 +208,13 @@ sshkey_perm_ok(int fd, const char *filename)
- #ifdef HAVE_CYGWIN
- 	if (check_ntsec(filename))
- #endif
-+	if (st.st_mode & 040) {
-+		struct group *gr;
-+
-+		if ((gr = getgrnam("ssh_keys")) && (st.st_gid == gr->gr_gid))
-+			st.st_mode &= ~040;
-+	}
-+
- 	if ((st.st_uid == getuid()) && (st.st_mode & 077) != 0) {
- 		error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
- 		error("@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @");
diff --git a/openssh/patches/openssh-6.7p1-sftp-force-permission.patch b/openssh/patches/openssh-6.7p1-sftp-force-permission.patch
deleted file mode 100644
index 1a88e50e1..000000000
--- a/openssh/patches/openssh-6.7p1-sftp-force-permission.patch
+++ /dev/null
@@ -1,81 +0,0 @@
-diff -up openssh-6.8p1/sftp-server.8.sftp-force-mode openssh-6.8p1/sftp-server.8
---- openssh-6.8p1/sftp-server.8.sftp-force-mode	2015-03-17 06:49:20.000000000 +0100
-+++ openssh-6.8p1/sftp-server.8	2015-03-18 13:18:05.898306477 +0100
-@@ -38,6 +38,7 @@
- .Op Fl P Ar blacklisted_requests
- .Op Fl p Ar whitelisted_requests
- .Op Fl u Ar umask
-+.Op Fl m Ar force_file_perms
- .Ek
- .Nm
- .Fl Q Ar protocol_feature
-@@ -138,6 +139,10 @@ Sets an explicit
- .Xr umask 2
- to be applied to newly-created files and directories, instead of the
- user's default mask.
-+.It Fl m Ar force_file_perms
-+Sets explicit file permissions to be applied to newly-created files instead
-+of the default or client requested mode.  Numeric values include:
-+777, 755, 750, 666, 644, 640, etc.  Option -u is ineffective if -m is set.
- .El
- .Pp
- On some systems,
-diff -up openssh-6.8p1/sftp-server.c.sftp-force-mode openssh-6.8p1/sftp-server.c
---- openssh-6.8p1/sftp-server.c.sftp-force-mode	2015-03-18 13:18:05.883306513 +0100
-+++ openssh-6.8p1/sftp-server.c	2015-03-18 13:18:36.697232193 +0100
-@@ -70,6 +70,10 @@ struct sshbuf *oqueue;
- /* Version of client */
- static u_int version;
- 
-+/* Force file permissions */
-+int permforce = 0;
-+long permforcemode;
-+
- /* SSH2_FXP_INIT received */
- static int init_done;
- 
-@@ -693,6 +697,10 @@ process_open(u_int32_t id)
- 	debug3("request %u: open flags %d", id, pflags);
- 	flags = flags_from_portable(pflags);
- 	mode = (a.flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? a.perm : 0666;
-+	if (permforce == 1) {   /* Force perm if -m is set */
-+		mode = permforcemode;
-+		(void)umask(0); /* so umask does not interfere		 */
-+	}	
- 	logit("open \"%s\" flags %s mode 0%o",
- 	    name, string_from_portable(pflags), mode);
- 	if (readonly &&
-@@ -1495,7 +1503,7 @@ sftp_server_usage(void)
- 	fprintf(stderr,
- 	    "usage: %s [-ehR] [-d start_directory] [-f log_facility] "
- 	    "[-l log_level]\n\t[-P blacklisted_requests] "
--	    "[-p whitelisted_requests] [-u umask]\n"
-+	    "[-p whitelisted_requests] [-u umask] [-m force_file_perms]\n"
- 	    "       %s -Q protocol_feature\n",
- 	    __progname, __progname);
- 	exit(1);
-@@ -1520,7 +1528,7 @@ sftp_server_main(int argc, char **argv,
- 	pw = pwcopy(user_pw);
- 
- 	while (!skipargs && (ch = getopt(argc, argv,
--	    "d:f:l:P:p:Q:u:cehR")) != -1) {
-+	    "d:f:l:P:p:Q:u:m:cehR")) != -1) {
- 		switch (ch) {
- 		case 'Q':
- 			if (strcasecmp(optarg, "requests") != 0) {
-@@ -1580,6 +1588,15 @@ sftp_server_main(int argc, char **argv,
- 				fatal("Invalid umask \"%s\"", optarg);
- 			(void)umask((mode_t)mask);
- 			break;
-+		case 'm':
-+			/* Force permissions on file received via sftp */
-+			permforce = 1;
-+			permforcemode = strtol(optarg, &cp, 8);
-+			if (permforcemode < 0 || permforcemode > 0777 ||
-+			    *cp != '\0' || (permforcemode == 0 &&
-+			    errno != 0))
-+				fatal("Invalid file mode \"%s\"", optarg);
-+			break;
- 		case 'h':
- 		default:
- 			sftp_server_usage();