openssh: Update to latest git

author: Michael Forney <mforney@mforney.org> 2020-02-05 18:08:40 -0800
committer: Michael Forney <mforney@mforney.org> 2020-02-05 18:08:40 -0800
commit: 1e081a9e9c25e96a44c49a08148833495f2f9a24 (patch)
tree: ef6d0168061343b61f2079af65ff34f95da3e07d /pkg
parent: 6dc989bb98ed7c9348ebb5934ba6387a8651ac8b (diff)
10 files changed, 26 insertions, 91 deletions
diff --git a/pkg/libfido2/gen.lua b/pkg/libfido2/gen.lua
index d1ecf459..2d65b8fe 100644
--- a/pkg/libfido2/gen.lua
+++ b/pkg/libfido2/gen.lua
@@ -11,6 +11,7 @@ cflags{
 
 pkg.hdrs = copy('$outdir/include', '$srcdir/src', {
 	'fido.h',
+	'fido/credman.h',
 	'fido/err.h',
 	'fido/param.h',
 })
diff --git a/pkg/openssh/README.md b/pkg/openssh/README.md
index 7ce33b98..a24f6071 100644
--- a/pkg/openssh/README.md
+++ b/pkg/openssh/README.md
@@ -8,6 +8,7 @@ Generated with
 		--disable-wtmp \
 		--enable-security-key \
 		--without-pie \
+		--with-security-key-builtin \
 		CPPFLAGS='-I/src/oasis/pkg/openbsd/include -I/src/oasis/out/pkg/libfido2/include -I/src/oasis/out/pkg/zlib/include' \
 		LDFLAGS='-L/src/oasis/out/pkg/libressl -L/src/oasis/out/pkg/openbsd -L/src/oasis/out/pkg/libfido2 -L/src/oasis/out/pkg/libcbor -L/src/oasis/out/pkg/zlib' \
 		LIBS='-lcrypto -lbsd'
diff --git a/pkg/openssh/config.h b/pkg/openssh/config.h
index 955f996c..646af9de 100644
--- a/pkg/openssh/config.h
+++ b/pkg/openssh/config.h
@@ -122,6 +122,7 @@
 /* #undef HAVE_DECL_LOGINRESTRICTIONS */
 /* #undef HAVE_DECL_LOGINSUCCESS */
 #define HAVE_DECL_MAXSYMLINKS 1
+#define HAVE_DECL_MEMMEM 0
 #define HAVE_DECL_NFDBITS 1
 #define HAVE_DECL_OFFSETOF 1
 #define HAVE_DECL_O_NONBLOCK 1
@@ -177,7 +178,6 @@
 #define HAVE_EVP_MD_CTX_INIT 1
 #define HAVE_EVP_MD_CTX_NEW 1
 #define HAVE_EVP_PKEY_GET0_RSA 1
-#define HAVE_EVP_RIPEMD160 1
 #define HAVE_EVP_SHA256 1
 #define HAVE_EVP_SHA384 1
 #define HAVE_EVP_SHA512 1
@@ -630,6 +630,7 @@
 /* #undef SUPERUSER_PATH */
 /* #undef SYSLOG_R_SAFE_IN_SIGHAND */
 #define SYS_RDOMAIN_LINUX 1
+#define TIME_WITH_SYS_TIME 1
 /* #undef UNIXWARE_LONG_PASSWORDS */
 #define USER_PATH "/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin"
 /* #undef USE_AFS */
@@ -651,6 +652,7 @@
 /* #undef WITH_IRIX_PROJECT */
 #define WITH_OPENSSL 1
 /* #undef WITH_SELINUX */
+#define WITH_ZLIB 1
 #if defined AC_APPLE_UNIVERSAL_BUILD
 # if defined __BIG_ENDIAN__
 #  define WORDS_BIGENDIAN 1
diff --git a/pkg/openssh/gen.lua b/pkg/openssh/gen.lua
index db2d399e..a8f33c99 100644
--- a/pkg/openssh/gen.lua
+++ b/pkg/openssh/gen.lua
@@ -27,10 +27,10 @@ lib('libopenbsd-compat.a', [[openbsd-compat/(
 	dirname.c explicit_bzero.c fmt_scaled.c freezero.c getcwd.c
 	getgrouplist.c getopt_long.c getrrsetbyname.c glob.c inet_aton.c
 	inet_ntoa.c inet_ntop.c md5.c memmem.c mktemp.c pwcache.c
-	readpassphrase.c reallocarray.c recallocarray.c rmd160.c rresvport.c
-	setenv.c setproctitle.c sha1.c sha2.c sigact.c strcasestr.c strlcat.c
-	strlcpy.c strmode.c strndup.c strnlen.c strptime.c strsep.c strtoll.c
-	strtonum.c strtoull.c strtoul.c timingsafe_bcmp.c vis.c
+	readpassphrase.c reallocarray.c recallocarray.c rresvport.c setenv.c
+	setproctitle.c sha1.c sha2.c sigact.c strcasestr.c strlcat.c strlcpy.c
+	strmode.c strndup.c strnlen.c strptime.c strsep.c strtoll.c strtonum.c
+	strtoull.c strtoul.c timingsafe_bcmp.c vis.c
 
 	arc4random.c bsd-asprintf.c bsd-closefrom.c bsd-cygwin_util.c bsd-err.c
 	bsd-flock.c bsd-getpagesize.c bsd-getpeereid.c bsd-malloc.c bsd-misc.c
@@ -75,12 +75,16 @@ lib('libssh.a', [[
 	msg.c progressmeter.c dns.c entropy.c gss-genr.c umac.c umac128.c
 	ssh-pkcs11.c smult_curve25519_ref.c
 	poly1305.c chacha.c cipher-chachapoly.c
-	ssh-ed25519.c ssh-sk.c sk-usbhid.c digest-openssl.c digest-libc.c
+	ssh-ed25519.c digest-openssl.c digest-libc.c
 	hmac.c sc25519.c ge25519.c fe25519.c ed25519.c verify.c hash.c
 	kex.c kexdh.c kexgex.c kexecdh.c kexc25519.c
 	kexgexc.c kexgexs.c
 	sntrup4591761.c kexsntrup4591761x25519.c kexgen.c
 	sftp-realpath.c platform-pledge.c platform-tracing.c platform-misc.c
+	sshbuf-io.c
+
+	ssh-sk-client.c
+
 	libopenbsd-compat.a
 	$builddir/pkg/(libressl/libcrypto.a.d zlib/libz.a)
 	$builddir/pkg/(libfido2/libfido2.a.d)
@@ -127,7 +131,7 @@ file('bin/ssh-agent', '755', '$outdir/ssh-agent')
 exe('ssh-keygen', {'ssh-keygen.c', 'sshsig.c', 'libssh.a.d'})
 file('bin/ssh-keygen', '755', '$outdir/ssh-keygen')
 
-exe('ssh-sk-helper', {'ssh-sk-helper.c', 'libssh.a.d'})
+exe('ssh-sk-helper', {'ssh-sk-helper.c', 'ssh-sk.c', 'sk-usbhid.c', 'libssh.a.d'})
 file('libexec/ssh-sk-helper', '755', '$outdir/ssh-sk-helper')
 
 exe('sftp-server', {'sftp-common.c.o', 'sftp-server.c.o', 'sftp-server-main.c', 'libssh.a.d'})
diff --git a/pkg/openssh/patch/0002-printf-p-specifier-requires-void-argument.patch b/pkg/openssh/patch/0002-printf-p-specifier-requires-void-argument.patch
index fb1ddc52..bf7cda22 100644
--- a/pkg/openssh/patch/0002-printf-p-specifier-requires-void-argument.patch
+++ b/pkg/openssh/patch/0002-printf-p-specifier-requires-void-argument.patch
@@ -1,4 +1,4 @@
-From 7e5f0db8d1f2c7a3da682c716e85430d2d2b4358 Mon Sep 17 00:00:00 2001
+From de0c266e353663043097e1a8bc3a8959f1ee2bcd Mon Sep 17 00:00:00 2001
 From: Michael Forney <mforney@mforney.org>
 Date: Wed, 27 Nov 2019 19:16:26 -0800
 Subject: [PATCH] printf %p specifier requires `void *` argument
@@ -12,7 +12,7 @@ Subject: [PATCH] printf %p specifier requires `void *` argument
  5 files changed, 14 insertions(+), 12 deletions(-)
 
 diff --git a/monitor.c b/monitor.c
-index 64eca98d..e021c81c 100644
+index dc6d78d3..d5c91465 100644
 --- a/monitor.c
 +++ b/monitor.c
 @@ -1166,7 +1166,7 @@ mm_answer_keyallowed(struct ssh *ssh, int sock, struct sshbuf *m)
@@ -34,10 +34,10 @@ index 64eca98d..e021c81c 100644
  	    (ret != 0) ? ": " : "", (ret != 0) ? ssh_err(ret) : "");
  
 diff --git a/session.c b/session.c
-index 80738b92..2b1a5d4e 100644
+index 8c0e54f7..86e02fb0 100644
 --- a/session.c
 +++ b/session.c
-@@ -1787,7 +1787,7 @@ session_dump(void)
+@@ -1791,7 +1791,7 @@ session_dump(void)
  		    s->used,
  		    s->next_unused,
  		    s->self,
@@ -47,20 +47,20 @@ index 80738b92..2b1a5d4e 100644
  		    (long)s->pid);
  	}
 diff --git a/ssh-pkcs11-helper.c b/ssh-pkcs11-helper.c
-index 219ce9b5..1131832c 100644
+index 17220d62..9269cc25 100644
 --- a/ssh-pkcs11-helper.c
 +++ b/ssh-pkcs11-helper.c
-@@ -96,7 +96,7 @@ lookup_key(struct sshkey *k)
+@@ -98,7 +98,7 @@ lookup_key(struct sshkey *k)
  	struct pkcs11_keyinfo *ki;
  
  	TAILQ_FOREACH(ki, &pkcs11_keylist, next) {
--		debug("check %p %s", ki, ki->providername);
-+		debug("check %p %s", (void *)ki, ki->providername);
+-		debug("check %p %s %s", ki, ki->providername, ki->label);
++		debug("check %p %s %s", (void *)ki, ki->providername, ki->label);
  		if (sshkey_equal(k, ki->key))
  			return (ki->key);
  	}
 diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c
-index 09f1ea34..89a83b39 100644
+index a302c79c..255534ba 100644
 --- a/ssh-pkcs11.c
 +++ b/ssh-pkcs11.c
 @@ -112,7 +112,7 @@ pkcs11_provider_finalize(struct pkcs11_provider *p)
@@ -116,7 +116,7 @@ index 09f1ea34..89a83b39 100644
  	}
  
 diff --git a/sshbuf-misc.c b/sshbuf-misc.c
-index a73f008b..d4714ee1 100644
+index c0336e86..a0e01a80 100644
 --- a/sshbuf-misc.c
 +++ b/sshbuf-misc.c
 @@ -65,7 +65,7 @@ sshbuf_dump_data(const void *s, size_t len, FILE *f)
diff --git a/pkg/openssh/patch/0003-Fix-sha2-MAKE_CLONE-no-op-definition.patch b/pkg/openssh/patch/0003-Fix-sha2-MAKE_CLONE-no-op-definition.patch
deleted file mode 100644
index de297577..00000000
--- a/pkg/openssh/patch/0003-Fix-sha2-MAKE_CLONE-no-op-definition.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From 57cf02e5159e39a013a67042a9740d5a13187fb3 Mon Sep 17 00:00:00 2001
-From: Michael Forney <mforney@mforney.org>
-Date: Wed, 27 Nov 2019 19:17:26 -0800
-Subject: [PATCH] Fix sha2 MAKE_CLONE no-op definition
-
-The point of the dummy declaration is so that MAKE_CLONE(...) can have
-a trailing semicolon without introducing an empty declaration. So,
-the macro replacement text should *not* have a trailing semicolon,
-just like DEF_WEAK.
----
- openbsd-compat/sha2.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/openbsd-compat/sha2.c b/openbsd-compat/sha2.c
-index e63324c9..e36cc24e 100644
---- a/openbsd-compat/sha2.c
-+++ b/openbsd-compat/sha2.c
-@@ -42,7 +42,7 @@
-     !defined(HAVE_SHA512UPDATE)
- 
- /* no-op out, similar to DEF_WEAK but only needed here */
--#define MAKE_CLONE(x, y)	void __ssh_compat_make_clone_##x_##y(void);
-+#define MAKE_CLONE(x, y)	void __ssh_compat_make_clone_##x_##y(void)
- 
- #include <string.h>
- #include <sha2.h>
--- 
-2.25.0
-
diff --git a/pkg/openssh/patch/0004-Remove-trailing-semicolon-after-RB_GENERATE_STATIC.patch b/pkg/openssh/patch/0003-Remove-trailing-semicolon-after-RB_GENERATE_STATIC.patch
index 98d41cec..98d41cec 100644
--- a/pkg/openssh/patch/0004-Remove-trailing-semicolon-after-RB_GENERATE_STATIC.patch
+++ b/pkg/openssh/patch/0003-Remove-trailing-semicolon-after-RB_GENERATE_STATIC.patch
diff --git a/pkg/openssh/patch/0005-upstream-remove-stray-semicolon-after-closing-brace-.patch b/pkg/openssh/patch/0005-upstream-remove-stray-semicolon-after-closing-brace-.patch
deleted file mode 100644
index 8bd073b7..00000000
--- a/pkg/openssh/patch/0005-upstream-remove-stray-semicolon-after-closing-brace-.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From 0bf705b94187d72f8964083039fcc24cfa197a83 Mon Sep 17 00:00:00 2001
-From: "djm@openbsd.org" <djm@openbsd.org>
-Date: Wed, 27 Nov 2019 22:32:11 +0000
-Subject: [PATCH] upstream: remove stray semicolon after closing brace of
- function;
-
-from Michael Forney
-
-OpenBSD-Commit-ID: fda95acb799bb160d15e205ee126117cf33da3a7
----
- ssh-sk.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/ssh-sk.c b/ssh-sk.c
-index 2b25c42f..7c63536e 100644
---- a/ssh-sk.c
-+++ b/ssh-sk.c
-@@ -1,4 +1,4 @@
--/* $OpenBSD: ssh-sk.c,v 1.16 2019/11/19 22:23:19 djm Exp $ */
-+/* $OpenBSD: ssh-sk.c,v 1.17 2019/11/27 22:32:11 djm Exp $ */
- /*
-  * Copyright (c) 2019 Google LLC
-  *
-@@ -153,7 +153,7 @@ sshsk_free_enroll_response(struct sk_enroll_response *r)
- 	freezero(r->signature, r->signature_len);
- 	freezero(r->attestation_cert, r->attestation_cert_len);
- 	freezero(r, sizeof(*r));
--};
-+}
- 
- static void
- sshsk_free_sign_response(struct sk_sign_response *r)
-@@ -163,7 +163,7 @@ sshsk_free_sign_response(struct sk_sign_response *r)
- 	freezero(r->sig_r, r->sig_r_len);
- 	freezero(r->sig_s, r->sig_s_len);
- 	freezero(r, sizeof(*r));
--};
-+}
- 
- #ifdef WITH_OPENSSL
- /* Assemble key from response */
--- 
-2.25.0
-
diff --git a/pkg/openssh/src b/pkg/openssh/src
-Subproject ad44ca81bea83657d558aaef5a1d789a9032bac
+Subproject 849a9b87144f8a5b1771de6c85e44bfeb86be9a
diff --git a/pkg/openssh/ver b/pkg/openssh/ver
index c57542a4..e57ffbdf 100644
--- a/pkg/openssh/ver
+++ b/pkg/openssh/ver
@@ -1 +1 @@
-8.1p1-168-gad44ca81 r1
+8.1p1-397-g849a9b87 r0
author	Michael Forney <mforney@mforney.org>	2020-02-05 18:08:40 -0800
committer	Michael Forney <mforney@mforney.org>	2020-02-05 18:08:40 -0800
commit	1e081a9e9c25e96a44c49a08148833495f2f9a24 (patch)
tree	ef6d0168061343b61f2079af65ff34f95da3e07d /pkg
parent	6dc989bb98ed7c9348ebb5934ba6387a8651ac8b (diff)