[arch-commits] Commit in openssh/trunk (3122.patch 67290.patch PKGBUILD)

Gaëtan Bisson bisson at archlinux.org
Thu Jul 16 20:23:26 UTC 2020


    Date: Thursday, July 16, 2020 @ 20:23:25
  Author: bisson
Revision: 391977

fix match/include interaction in ssh_config

Added:
  openssh/trunk/3122.patch
  openssh/trunk/67290.patch
Modified:
  openssh/trunk/PKGBUILD

-------------+
 3122.patch  |   98 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 67290.patch |   49 +++++++++++++++++++++++++++++
 PKGBUILD    |   16 +++++++--
 3 files changed, 160 insertions(+), 3 deletions(-)

Added: 3122.patch
===================================================================
--- 3122.patch	                        (rev 0)
+++ 3122.patch	2020-07-16 20:23:25 UTC (rev 391977)
@@ -0,0 +1,98 @@
+diff -Naur old/servconf.c new/servconf.c
+--- old/servconf.c	2020-05-26 14:38:00.000000000 -1000
++++ new/servconf.c	2020-07-16 10:14:14.076284901 -1000
+@@ -550,6 +550,7 @@
+ #define SSHCFG_MATCH		0x02	/* allowed inside a Match section */
+ #define SSHCFG_ALL		(SSHCFG_GLOBAL|SSHCFG_MATCH)
+ #define SSHCFG_NEVERMATCH	0x04  /* Match never matches; internal only */
++#define SSHCFG_MATCH_ONLY	0x08  /* Match only in conditional blocks; internal only */
+ 
+ /* Textual representation of the tokens. */
+ static struct {
+@@ -1259,7 +1260,7 @@
+ static int
+ process_server_config_line_depth(ServerOptions *options, char *line,
+     const char *filename, int linenum, int *activep,
+-    struct connection_info *connectinfo, int inc_flags, int depth,
++    struct connection_info *connectinfo, int *inc_flags, int depth,
+     struct include_list *includes)
+ {
+ 	char ch, *cp, ***chararrayptr, **charptr, *arg, *arg2, *p;
+@@ -2002,7 +2003,9 @@
+ 					parse_server_config_depth(options,
+ 					    item->filename, item->contents,
+ 					    includes, connectinfo,
+-					    (oactive ? 0 : SSHCFG_NEVERMATCH),
++					    (*inc_flags & SSHCFG_MATCH_ONLY
++					        ? SSHCFG_MATCH_ONLY : (oactive
++					            ? 0 : SSHCFG_NEVERMATCH)),
+ 					    activep, depth + 1);
+ 				}
+ 				found = 1;
+@@ -2050,7 +2053,9 @@
+ 				parse_server_config_depth(options,
+ 				    item->filename, item->contents,
+ 				    includes, connectinfo,
+-				    (oactive ? 0 : SSHCFG_NEVERMATCH),
++				    (*inc_flags & SSHCFG_MATCH_ONLY
++				        ? SSHCFG_MATCH_ONLY : (oactive
++				            ? 0 : SSHCFG_NEVERMATCH)),
+ 				    activep, depth + 1);
+ 				*activep = oactive;
+ 				TAILQ_INSERT_TAIL(includes, item, entry);
+@@ -2068,11 +2073,14 @@
+ 		if (cmdline)
+ 			fatal("Match directive not supported as a command-line "
+ 			   "option");
+-		value = match_cfg_line(&cp, linenum, connectinfo);
++		value = match_cfg_line(&cp, linenum,
++		    (*inc_flags & SSHCFG_NEVERMATCH ? NULL : connectinfo));
+ 		if (value < 0)
+ 			fatal("%s line %d: Bad Match condition", filename,
+ 			    linenum);
+-		*activep = (inc_flags & SSHCFG_NEVERMATCH) ? 0 : value;
++		*activep = (*inc_flags & SSHCFG_NEVERMATCH) ? 0 : value;
++		/* The MATCH_ONLY is applicable only until the first match block */
++		*inc_flags &= ~SSHCFG_MATCH_ONLY;
+ 		break;
+ 
+ 	case sPermitListen:
+@@ -2375,8 +2383,10 @@
+     const char *filename, int linenum, int *activep,
+     struct connection_info *connectinfo, struct include_list *includes)
+ {
++	int inc_flags = 0;
++
+ 	return process_server_config_line_depth(options, line, filename,
+-	    linenum, activep, connectinfo, 0, 0, includes);
++	    linenum, activep, connectinfo, &inc_flags, 0, includes);
+ }
+ 
+ 
+@@ -2581,14 +2591,15 @@
+ 	if (depth < 0 || depth > SERVCONF_MAX_DEPTH)
+ 		fatal("Too many recursive configuration includes");
+ 
+-	debug2("%s: config %s len %zu", __func__, filename, sshbuf_len(conf));
++	debug2("%s: config %s len %zu%s", __func__, filename, sshbuf_len(conf),
++	    (flags & SSHCFG_NEVERMATCH ? " [checking syntax only]" : ""));
+ 
+ 	if ((obuf = cbuf = sshbuf_dup_string(conf)) == NULL)
+ 		fatal("%s: sshbuf_dup_string failed", __func__);
+ 	linenum = 1;
+ 	while ((cp = strsep(&cbuf, "\n")) != NULL) {
+ 		if (process_server_config_line_depth(options, cp,
+-		    filename, linenum++, activep, connectinfo, flags,
++		    filename, linenum++, activep, connectinfo, &flags,
+ 		    depth, includes) != 0)
+ 			bad_options++;
+ 	}
+@@ -2606,7 +2617,7 @@
+ {
+ 	int active = connectinfo ? 0 : 1;
+ 	parse_server_config_depth(options, filename, conf, includes,
+-	    connectinfo, 0, &active, 0);
++	    connectinfo, (connectinfo ? SSHCFG_MATCH_ONLY : 0), &active, 0);
+ }
+ 
+ static const char *

Added: 67290.patch
===================================================================
--- 67290.patch	                        (rev 0)
+++ 67290.patch	2020-07-16 20:23:25 UTC (rev 391977)
@@ -0,0 +1,49 @@
+From c514f3c0522855b4d548286eaa113e209051a6d2 Mon Sep 17 00:00:00 2001
+From: "djm at openbsd.org" <djm at openbsd.org>
+Date: Thu, 18 Jun 2020 23:33:38 +0000
+Subject: upstream: avoid spurious "Unable to load host key" message when
+
+sshd can load a private key but no public counterpart; with & ok markus@
+
+OpenBSD-Commit-ID: 0713cbdf9aa1ff8ac7b1f78b09ac911af510f81b
+---
+ authfile.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/authfile.c b/authfile.c
+index 35ccf576..946f50ca 100644
+--- a/authfile.c
++++ b/authfile.c
+@@ -1,4 +1,4 @@
+-/* $OpenBSD: authfile.c,v 1.140 2020/04/17 07:15:11 djm Exp $ */
++/* $OpenBSD: authfile.c,v 1.141 2020/06/18 23:33:38 djm Exp $ */
+ /*
+  * Copyright (c) 2000, 2013 Markus Friedl.  All rights reserved.
+  *
+@@ -263,7 +263,7 @@ int
+ sshkey_load_public(const char *filename, struct sshkey **keyp, char **commentp)
+ {
+ 	char *pubfile = NULL;
+-	int r;
++	int r, oerrno;
+ 
+ 	if (keyp != NULL)
+ 		*keyp = NULL;
+@@ -283,8 +283,14 @@ sshkey_load_public(const char *filename, struct sshkey **keyp, char **commentp)
+ 	if ((r = sshkey_load_pubkey_from_private(filename, keyp)) == 0)
+ 		goto out;
+ 
++	/* Pretend we couldn't find the key */
++	r = SSH_ERR_SYSTEM_ERROR;
++	errno = ENOENT;
++
+  out:
++	oerrno = errno;
+ 	free(pubfile);
++	errno = oerrno;
+ 	return r;
+ }
+ 
+-- 
+cgit v1.2.3
+

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2020-07-16 19:59:21 UTC (rev 391976)
+++ PKGBUILD	2020-07-16 20:23:25 UTC (rev 391977)
@@ -4,7 +4,7 @@
 
 pkgname=openssh
 pkgver=8.3p1
-pkgrel=2
+pkgrel=3
 pkgdesc='Premier connectivity tool for remote login with the SSH protocol'
 url='https://www.openssh.com/portable.html'
 license=('custom:BSD')
@@ -18,7 +18,8 @@
 validpgpkeys=('59C2118ED206D927E667EBE3D3E5F56B6D920D30')
 #source=("git://anongit.mindrot.org/openssh.git?signed#tag=V_8_2_P1"
 source=("https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/${pkgname}-${pkgver}.tar.gz"{,.asc}
-        '67290.patch::https://anongit.mindrot.org/openssh.git/patch/?id=c514f3c0522855b4d548286eaa113e209051a6d2'
+        '67290.patch'
+        '3122.patch'
         'sshdgenkeys.service'
         'sshd.service'
         'sshd.conf'
@@ -27,6 +28,7 @@
 sha256sums=('f2befbe0472fe7eb75d23340eb17531cb6b3aac24075e2066b41f814e12387b2'
             'SKIP'
             '3ccc1c6672521782c154c89607d2c2d7a67e0f66a349260e00e28ae999ea54f5'
+            'a13330ca7560b25e4defcd4bdecf28ed37b416362e13aebcb0e57164e575e659'
             '4031577db6416fcbaacf8a26a024ecd3939e5c10fe6a86ee3f0eea5093d533b7'
             'e40f8b7c8e5e2ecf3084b3511a6c36d5b5c9f9e61f2bb13e3726c71dc7d4fbc7'
             '4effac1186cc62617f44385415103021f72f674f8b8e26447fc1139c670090f6'
@@ -39,7 +41,15 @@
 
 prepare() {
 	cd "${srcdir}/${pkgname}-${pkgver}"
-	patch -p1 -i ../67290.patch # FS#67290
+
+	# Fix FS#67290
+	# From https://anongit.mindrot.org/openssh.git/patch/?id=c514f3c0522855b4d548286eaa113e209051a6d2
+	patch -p1 -i ../67290.patch
+
+	# Fix https://bugzilla.mindrot.org/show_bug.cgi?id=3122
+	# Backported from https://anongit.mindrot.org/openssh.git/patch/?id=7af1e92cd289b7eaa9a683e9a6f2fddd98f37a01'
+	patch -p1 -i ../3122.patch
+
 	patch -p1 -i ../glibc-2.31.patch
 	autoreconf
 }


More information about the arch-commits mailing list