Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK)) by mollari.NetBSD.org (Postfix) with ESMTPS id 472867A227 for ; Fri, 30 Dec 2016 04:43:19 +0000 (UTC) Received: by mail.netbsd.org (Postfix, from userid 605) id AFEB1856B1; Fri, 30 Dec 2016 04:43:18 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 410C485634 for ; Fri, 30 Dec 2016 04:43:18 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([IPv6:::1]) by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025) with ESMTP id SxS6dJApfCkX for ; Fri, 30 Dec 2016 04:43:16 +0000 (UTC) Received: from cvs.NetBSD.org (unknown [IPv6:2001:470:a085:999:28c:faff:fe03:5984]) by mail.netbsd.org (Postfix) with ESMTP id CFF038559C for ; Fri, 30 Dec 2016 04:43:16 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id C6421FBA6; Fri, 30 Dec 2016 04:43:16 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_1483072996288930" MIME-Version: 1.0 Date: Fri, 30 Dec 2016 04:43:16 +0000 From: "Takahiro Kambe" Subject: CVS commit: pkgsrc/security/openssh To: pkgsrc-changes@NetBSD.org Reply-To: taca@netbsd.org X-Mailer: log_accum Message-Id: <20161230044316.C6421FBA6@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk This is a multi-part message in MIME format. --_----------=_1483072996288930 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: taca Date: Fri Dec 30 04:43:16 UTC 2016 Modified Files: pkgsrc/security/openssh: Makefile distinfo options.mk pkgsrc/security/openssh/patches: patch-clientloop.c patch-openbsd-compat_bsd-openpty.c patch-session.c patch-sshd.c Removed Files: pkgsrc/security/openssh/patches: patch-auth1.c Log Message: Update openssh to 7.4.1 (7.4p1), including security fixes. For full changes, please refer ChangeLog file. Future deprecation notice ========================= We plan on retiring more legacy cryptography in future releases, specifically: * In approximately August 2017, removing remaining support for the SSH v.1 protocol (client-only and currently compile-time disabled). * In the same release, removing support for Blowfish and RC4 ciphers and the RIPE-MD160 HMAC. (These are currently run-time disabled). * Refusing all RSA keys smaller than 1024 bits (the current minimum is 768 bits) * The next release of OpenSSH will remove support for running sshd(8) with privilege separation disabled. * The next release of portable OpenSSH will remove support for OpenSSL version prior to 1.0.1. This list reflects our current intentions, but please check the final release notes for future releases. Potentially-incompatible changes ================================ This release includes a number of changes that may affect existing configurations: * This release removes server support for the SSH v.1 protocol. * ssh(1): Remove 3des-cbc from the client's default proposal. 64-bit block ciphers are not safe in 2016 and we don't want to wait until attacks like SWEET32 are extended to SSH. As 3des-cbc was the only mandatory cipher in the SSH RFCs, this may cause problems connecting to older devices using the default configuration, but it's highly likely that such devices already need explicit configuration for key exchange and hostkey algorithms already anyway. * sshd(8): Remove support for pre-authentication compression. Doing compression early in the protocol probably seemed reasonable in the 1990s, but today it's clearly a bad idea in terms of both cryptography (cf. multiple compression oracle attacks in TLS) and attack surface. Pre-auth compression support has been disabled by default for >10 years. Support remains in the client. * ssh-agent will refuse to load PKCS#11 modules outside a whitelist of trusted paths by default. The path whitelist may be specified at run-time. * sshd(8): When a forced-command appears in both a certificate and an authorized keys/principals command= restriction, sshd will now refuse to accept the certificate unless they are identical. The previous (documented) behaviour of having the certificate forced-command override the other could be a bit confusing and error-prone. * sshd(8): Remove the UseLogin configuration directive and support for having /bin/login manage login sessions. Changes since OpenSSH 7.3 ========================= This is primarily a bugfix release. Security -------- * ssh-agent(1): Will now refuse to load PKCS#11 modules from paths outside a trusted whitelist (run-time configurable). Requests to load modules could be passed via agent forwarding and an attacker could attempt to load a hostile PKCS#11 module across the forwarded agent channel: PKCS#11 modules are shared libraries, so this would result in code execution on the system running the ssh-agent if the attacker has control of the forwarded agent-socket (on the host running the sshd server) and the ability to write to the filesystem of the host running ssh-agent (usually the host running the ssh client). Reported by Jann Horn of Project Zero. * sshd(8): When privilege separation is disabled, forwarded Unix- domain sockets would be created by sshd(8) with the privileges of 'root' instead of the authenticated user. This release refuses Unix-domain socket forwarding when privilege separation is disabled (Privilege separation has been enabled by default for 14 years). Reported by Jann Horn of Project Zero. * sshd(8): Avoid theoretical leak of host private key material to privilege-separated child processes via realloc() when reading keys. No such leak was observed in practice for normal-sized keys, nor does a leak to the child processes directly expose key material to unprivileged users. Reported by Jann Horn of Project Zero. * sshd(8): The shared memory manager used by pre-authentication compression support had a bounds checks that could be elided by some optimising compilers. Additionally, this memory manager was incorrectly accessible when pre-authentication compression was disabled. This could potentially allow attacks against the privileged monitor process from the sandboxed privilege-separation process (a compromise of the latter would be required first). This release removes support for pre-authentication compression from sshd(8). Reported by Guido Vranken using the Stack unstable optimisation identification tool (http://css.csail.mit.edu/stack/) * sshd(8): Fix denial-of-service condition where an attacker who sends multiple KEXINIT messages may consume up to 128MB per connection. Reported by Shi Lei of Gear Team, Qihoo 360. * sshd(8): Validate address ranges for AllowUser and DenyUsers directives at configuration load time and refuse to accept invalid ones. It was previously possible to specify invalid CIDR address ranges (e.g. user@127.1.2.3/55) and these would always match, possibly resulting in granting access where it was not intended. Reported by Laurence Parry. To generate a diff of this commit: cvs rdiff -u -r1.249 -r1.250 pkgsrc/security/openssh/Makefile cvs rdiff -u -r1.102 -r1.103 pkgsrc/security/openssh/distinfo cvs rdiff -u -r1.33 -r1.34 pkgsrc/security/openssh/options.mk cvs rdiff -u -r1.4 -r0 pkgsrc/security/openssh/patches/patch-auth1.c cvs rdiff -u -r1.4 -r1.5 pkgsrc/security/openssh/patches/patch-clientloop.c cvs rdiff -u -r1.3 -r1.4 \ pkgsrc/security/openssh/patches/patch-openbsd-compat_bsd-openpty.c cvs rdiff -u -r1.7 -r1.8 pkgsrc/security/openssh/patches/patch-session.c \ pkgsrc/security/openssh/patches/patch-sshd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_1483072996288930 Content-Disposition: inline Content-Length: 14414 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/security/openssh/Makefile diff -u pkgsrc/security/openssh/Makefile:1.249 pkgsrc/security/openssh/Makefile:1.250 --- pkgsrc/security/openssh/Makefile:1.249 Sun Sep 18 17:30:10 2016 +++ pkgsrc/security/openssh/Makefile Fri Dec 30 04:43:16 2016 @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.249 2016/09/18 17:30:10 taca Exp $ +# $NetBSD: Makefile,v 1.250 2016/12/30 04:43:16 taca Exp $ -DISTNAME= openssh-7.3p1 +DISTNAME= openssh-7.4p1 PKGNAME= ${DISTNAME:S/p1/.1/} CATEGORIES= security MASTER_SITES= ${MASTER_SITE_OPENBSD:=OpenSSH/portable/} Index: pkgsrc/security/openssh/distinfo diff -u pkgsrc/security/openssh/distinfo:1.102 pkgsrc/security/openssh/distinfo:1.103 --- pkgsrc/security/openssh/distinfo:1.102 Sun Sep 18 17:30:10 2016 +++ pkgsrc/security/openssh/distinfo Fri Dec 30 04:43:16 2016 @@ -1,32 +1,31 @@ -$NetBSD: distinfo,v 1.102 2016/09/18 17:30:10 taca Exp $ +$NetBSD: distinfo,v 1.103 2016/12/30 04:43:16 taca Exp $ -SHA1 (openssh-7.3p1.tar.gz) = bfade84283fcba885e2084343ab19a08c7d123a5 -RMD160 (openssh-7.3p1.tar.gz) = 823fc1e16c5d27a2361ed0b22f5ee24be11d2c13 -SHA512 (openssh-7.3p1.tar.gz) = 7ba2d6140f38bd359ebf32ef17626e0ae1c00c3a38c01877b7c6b0317d030f10a8f82a0a51fc3b6273619de9ed73e24b8cf107b1e968f927053a3bedf97ff801 -Size (openssh-7.3p1.tar.gz) = 1522617 bytes +SHA1 (openssh-7.4p1.tar.gz) = 2330bbf82ed08cf3ac70e0acf00186ef3eeb97e0 +RMD160 (openssh-7.4p1.tar.gz) = dff996c9f7ab697a04968fbd8924642253bc0e06 +SHA512 (openssh-7.4p1.tar.gz) = 4f3256f461f01366c5d5e0e45285eec65016e2643b3284b407f48f53d81087bf2c1caf7d5f7530d307a15c91c64de91446e1cba948e8fc68f82098290fe3b292 +Size (openssh-7.4p1.tar.gz) = 1511780 bytes SHA1 (patch-Makefile.in) = 98960119bda68a663214c8880484552f1207bcfc SHA1 (patch-auth-passwd.c) = 5205ca4d15dbcd3f4c574f0a2fb7713ae69af5f7 SHA1 (patch-auth-rhosts.c) = a5e6131e63b83a7e8a06cd80f22def449d6bc2c4 SHA1 (patch-auth.c) = cd13f8b31b45d668c5e09eca098b17ec8a7c1039 -SHA1 (patch-auth1.c) = cdac14ffa4008e62926526e66316b0a553435374 SHA1 (patch-auth2.c) = efc1eb6d28cb6ec2bd87723943f3e36c612d93aa SHA1 (patch-channels.c) = edcce67664bbbc30a8d10ed2fe58dcece944726c -SHA1 (patch-clientloop.c) = 9b2db181d964b7720e1dc12724a9b9033f28d0e7 +SHA1 (patch-clientloop.c) = 4e88fbd14db33f003eb93c30c682a017e102196e SHA1 (patch-config.h.in) = 7406f10b568d2b8237ee575922ce712658d90d59 SHA1 (patch-configure.ac) = d7ba54f34e03fd204eb1a9804fcae7fd16e285e2 SHA1 (patch-defines.h) = bd8687a9a2857f3b8d15ae94095f27f9344003c4 SHA1 (patch-includes.h) = c4a7622af6fbcd098d18d257724dca6aaeea4fda SHA1 (patch-loginrec.c) = 28082deb14258fe63cbecad8ac96afc016de439c -SHA1 (patch-openbsd-compat_bsd-openpty.c) = eaac72830e36e307c19a7b679e6018ece9aebaac +SHA1 (patch-openbsd-compat_bsd-openpty.c) = 80e076a18a0f9ba211ecd4bc5853ce01899568ae SHA1 (patch-openbsd-compat_openbsd-compat.h) = bedbede16ab2fe918419c994ba15a20167b411b4 SHA1 (patch-openbsd-compat_port-tun.c) = 690dfb1f945d186dd3de5bea70ed8fab86e590ee SHA1 (patch-platform.c) = f8f211dbc5e596c0f82eb86324d18a84c6151ec5 SHA1 (patch-sandbox-darwin.c) = c9a1fe2e4dbf98e929d983b4206a244e0e354b75 SHA1 (patch-scp.c) = 9c2317b0f796641903a826db355ba06595a26ea1 -SHA1 (patch-session.c) = 850cef27299cf8af6a19987d5e070bf501cd57fb +SHA1 (patch-session.c) = c67d649dc66a65ff39d701135a2f2dab6ba2fb93 SHA1 (patch-sftp-common.c) = 6819aa040c8f1caa30a704cf6f0588e498df8778 SHA1 (patch-ssh.c) = 6877d8205d999906c14240d4d112b084609927ca SHA1 (patch-sshd.8) = 5bf48cd27cef8e8810b9dc7115f5180102a345d1 -SHA1 (patch-sshd.c) = cd23ce269bfb48b0caa901e62fc01d35ef0618ac +SHA1 (patch-sshd.c) = a1ccf7e54275629965d80d9cf7cd8669d9f1f4cf SHA1 (patch-sshpty.c) = cb691d4fbde808927f2fbcc12b87ad983cf21938 SHA1 (patch-uidswap.c) = 68c4f5ffab7f4c5c9c00b7443a74b2da52809b7e Index: pkgsrc/security/openssh/options.mk diff -u pkgsrc/security/openssh/options.mk:1.33 pkgsrc/security/openssh/options.mk:1.34 --- pkgsrc/security/openssh/options.mk:1.33 Sun Jul 10 10:41:38 2016 +++ pkgsrc/security/openssh/options.mk Fri Dec 30 04:43:16 2016 @@ -1,9 +1,9 @@ -# $NetBSD: options.mk,v 1.33 2016/07/10 10:41:38 rillig Exp $ +# $NetBSD: options.mk,v 1.34 2016/12/30 04:43:16 taca Exp $ .include "../../mk/bsd.prefs.mk" PKG_OPTIONS_VAR= PKG_OPTIONS.openssh -PKG_SUPPORTED_OPTIONS= hpn-patch kerberos openssl pam +PKG_SUPPORTED_OPTIONS= kerberos openssl pam PKG_SUGGESTED_OPTIONS= openssl .include "../../mk/bsd.options.mk" @@ -23,11 +23,11 @@ CONFIGURE_ENV+= ac_cv_search_k_hasafs=n . endif .endif -.if !empty(PKG_OPTIONS:Mhpn-patch) -PATCHFILES= openssh-7.1p1-hpn-20150822.diff.bz2 -PATCH_SITES= ftp://ftp.NetBSD.org/pub/NetBSD/misc/openssh/ -PATCH_DIST_STRIP= -p1 -.endif +#.if !empty(PKG_OPTIONS:Mhpn-patch) +#PATCHFILES= openssh-7.1p1-hpn-20150822.diff.bz2 +#PATCH_SITES= ftp://ftp.NetBSD.org/pub/NetBSD/misc/openssh/ +#PATCH_DIST_STRIP= -p1 +#.endif PLIST_VARS+= pam Index: pkgsrc/security/openssh/patches/patch-clientloop.c diff -u pkgsrc/security/openssh/patches/patch-clientloop.c:1.4 pkgsrc/security/openssh/patches/patch-clientloop.c:1.5 --- pkgsrc/security/openssh/patches/patch-clientloop.c:1.4 Tue Mar 15 20:54:07 2016 +++ pkgsrc/security/openssh/patches/patch-clientloop.c Fri Dec 30 04:43:16 2016 @@ -1,12 +1,12 @@ -$NetBSD: patch-clientloop.c,v 1.4 2016/03/15 20:54:07 bsiegert Exp $ +$NetBSD: patch-clientloop.c,v 1.5 2016/12/30 04:43:16 taca Exp $ Fix X11 forwarding under Mac OS X Yosemite. Patch taken from MacPorts. https://trac.macports.org/browser/trunk/dports/net/openssh/files/launchd.patch?rev=121205 ---- clientloop.c.orig 2016-03-09 18:04:48.000000000 +0000 +--- clientloop.c.orig 2016-12-19 04:59:41.000000000 +0000 +++ clientloop.c -@@ -313,6 +313,10 @@ client_x11_get_proto(const char *display +@@ -315,6 +315,10 @@ client_x11_get_proto(const char *display struct stat st; u_int now, x11_timeout_real; @@ -17,7 +17,7 @@ https://trac.macports.org/browser/trunk/ *_proto = proto; *_data = data; proto[0] = data[0] = xauthfile[0] = xauthdir[0] = '\0'; -@@ -329,6 +333,33 @@ client_x11_get_proto(const char *display +@@ -331,6 +335,33 @@ client_x11_get_proto(const char *display } if (xauth_path != NULL) { @@ -51,9 +51,9 @@ https://trac.macports.org/browser/trunk/ /* * Handle FamilyLocal case where $DISPLAY does * not match an authorization entry. For this we -@@ -438,6 +469,9 @@ client_x11_get_proto(const char *display - if (!got_data) { - u_int32_t rnd = 0; +@@ -441,6 +472,9 @@ client_x11_get_proto(const char *display + u_int8_t rnd[16]; + u_int i; +#if __APPLE__ + if (!is_path_to_socket) Index: pkgsrc/security/openssh/patches/patch-openbsd-compat_bsd-openpty.c diff -u pkgsrc/security/openssh/patches/patch-openbsd-compat_bsd-openpty.c:1.3 pkgsrc/security/openssh/patches/patch-openbsd-compat_bsd-openpty.c:1.4 --- pkgsrc/security/openssh/patches/patch-openbsd-compat_bsd-openpty.c:1.3 Mon Jan 18 12:53:26 2016 +++ pkgsrc/security/openssh/patches/patch-openbsd-compat_bsd-openpty.c Fri Dec 30 04:43:16 2016 @@ -1,25 +1,21 @@ -$NetBSD: patch-openbsd-compat_bsd-openpty.c,v 1.3 2016/01/18 12:53:26 jperkin Exp $ +$NetBSD: patch-openbsd-compat_bsd-openpty.c,v 1.4 2016/12/30 04:43:16 taca Exp $ Interix support ---- openbsd-compat/bsd-openpty.c.orig 2015-08-21 04:49:03.000000000 +0000 +--- openbsd-compat/bsd-openpty.c.orig 2016-12-19 04:59:41.000000000 +0000 +++ openbsd-compat/bsd-openpty.c -@@ -121,15 +121,17 @@ openpty(int *amaster, int *aslave, char +@@ -121,6 +121,7 @@ openpty(int *amaster, int *aslave, char return (-1); } +#if !defined(HAVE_INTERIX) /* - * Try to push the appropriate streams modules, as described + * Try to push the appropriate streams modules, as described * in Solaris pts(7). - */ - ioctl(*aslave, I_PUSH, "ptem"); - ioctl(*aslave, I_PUSH, "ldterm"); --# ifndef __hpux -+ # ifndef __hpux +@@ -130,6 +131,7 @@ openpty(int *amaster, int *aslave, char + # ifndef __hpux ioctl(*aslave, I_PUSH, "ttcompat"); --# endif /* __hpux */ -+ # endif /* __hpux */ + # endif /* __hpux */ +#endif /* !HAVE_INTERIX */ return (0); Index: pkgsrc/security/openssh/patches/patch-session.c diff -u pkgsrc/security/openssh/patches/patch-session.c:1.7 pkgsrc/security/openssh/patches/patch-session.c:1.8 --- pkgsrc/security/openssh/patches/patch-session.c:1.7 Sun Sep 18 17:30:11 2016 +++ pkgsrc/security/openssh/patches/patch-session.c Fri Dec 30 04:43:16 2016 @@ -1,10 +1,10 @@ -$NetBSD: patch-session.c,v 1.7 2016/09/18 17:30:11 taca Exp $ +$NetBSD: patch-session.c,v 1.8 2016/12/30 04:43:16 taca Exp $ * Interix support. ---- session.c.orig 2016-07-27 22:54:27.000000000 +0000 +--- session.c.orig 2016-12-19 04:59:41.000000000 +0000 +++ session.c -@@ -1120,7 +1120,7 @@ read_etc_default_login(char ***env, u_in +@@ -934,7 +934,7 @@ read_etc_default_login(char ***env, u_in if (tmpenv == NULL) return; @@ -13,16 +13,16 @@ $NetBSD: patch-session.c,v 1.7 2016/09/1 var = child_get_env(tmpenv, "SUPATH"); else var = child_get_env(tmpenv, "PATH"); -@@ -1230,7 +1230,7 @@ do_setup_env(Session *s, const char *she +@@ -1042,7 +1042,7 @@ do_setup_env(Session *s, const char *she # endif /* HAVE_ETC_DEFAULT_LOGIN */ - if (path == NULL || *path == '\0') { - child_set_env(&env, &envsize, "PATH", -- s->pw->pw_uid == 0 ? -+ s->pw->pw_uid == ROOTUID ? - SUPERUSER_PATH : _PATH_STDPATH); - } + if (path == NULL || *path == '\0') { + child_set_env(&env, &envsize, "PATH", +- s->pw->pw_uid == 0 ? SUPERUSER_PATH : _PATH_STDPATH); ++ s->pw->pw_uid == ROOTUID ? SUPERUSER_PATH : _PATH_STDPATH); + } # endif /* HAVE_CYGWIN */ -@@ -1346,6 +1346,18 @@ do_setup_env(Session *s, const char *she + #endif /* HAVE_LOGIN_CAP */ +@@ -1154,6 +1154,18 @@ do_setup_env(Session *s, const char *she strcmp(pw->pw_dir, "/") ? pw->pw_dir : ""); read_environment_file(&env, &envsize, buf); } @@ -41,7 +41,7 @@ $NetBSD: patch-session.c,v 1.7 2016/09/1 if (debug_flag) { /* dump the environment */ fprintf(stderr, "Environment:\n"); -@@ -1537,11 +1549,13 @@ do_setusercontext(struct passwd *pw) +@@ -1345,11 +1357,13 @@ do_setusercontext(struct passwd *pw) perror("setgid"); exit(1); } @@ -55,7 +55,7 @@ $NetBSD: patch-session.c,v 1.7 2016/09/1 endgrent(); #endif -@@ -2388,7 +2402,7 @@ session_pty_cleanup2(Session *s) +@@ -2148,7 +2162,7 @@ session_pty_cleanup2(Session *s) record_logout(s->pid, s->tty, s->pw->pw_name); /* Release the pseudo-tty. */ Index: pkgsrc/security/openssh/patches/patch-sshd.c diff -u pkgsrc/security/openssh/patches/patch-sshd.c:1.7 pkgsrc/security/openssh/patches/patch-sshd.c:1.8 --- pkgsrc/security/openssh/patches/patch-sshd.c:1.7 Tue Mar 15 20:54:07 2016 +++ pkgsrc/security/openssh/patches/patch-sshd.c Fri Dec 30 04:43:16 2016 @@ -1,11 +1,11 @@ -$NetBSD: patch-sshd.c,v 1.7 2016/03/15 20:54:07 bsiegert Exp $ +$NetBSD: patch-sshd.c,v 1.8 2016/12/30 04:43:16 taca Exp $ * Interix support * Revive tcp_wrappers support. ---- sshd.c.orig 2016-03-09 18:04:48.000000000 +0000 +--- sshd.c.orig 2016-12-19 04:59:41.000000000 +0000 +++ sshd.c -@@ -125,6 +125,13 @@ +@@ -123,6 +123,13 @@ #include "version.h" #include "ssherr.h" @@ -16,10 +16,10 @@ $NetBSD: patch-sshd.c,v 1.7 2016/03/15 2 +int deny_severity; +#endif /* LIBWRAP */ + - #ifndef O_NOCTTY - #define O_NOCTTY 0 - #endif -@@ -236,7 +243,11 @@ int *startup_pipes = NULL; + /* Re-exec fds */ + #define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1) + #define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2) +@@ -220,7 +227,11 @@ int *startup_pipes = NULL; int startup_pipe; /* in child */ /* variables used for privilege separation */ @@ -31,7 +31,7 @@ $NetBSD: patch-sshd.c,v 1.7 2016/03/15 2 struct monitor *pmonitor = NULL; int privsep_is_preauth = 1; -@@ -632,7 +643,7 @@ privsep_preauth_child(void) +@@ -541,7 +552,7 @@ privsep_preauth_child(void) demote_sensitive_data(); /* Demote the child */ @@ -40,7 +40,7 @@ $NetBSD: patch-sshd.c,v 1.7 2016/03/15 2 /* Change our root directory */ if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1) fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR, -@@ -643,10 +654,15 @@ privsep_preauth_child(void) +@@ -552,10 +563,15 @@ privsep_preauth_child(void) /* Drop our privileges */ debug3("privsep user:group %u:%u", (u_int)privsep_pw->pw_uid, (u_int)privsep_pw->pw_gid); @@ -56,7 +56,7 @@ $NetBSD: patch-sshd.c,v 1.7 2016/03/15 2 } } -@@ -713,10 +729,17 @@ privsep_preauth(Authctxt *authctxt) +@@ -619,10 +635,17 @@ privsep_preauth(Authctxt *authctxt) /* Arrange for logging to be sent to the monitor */ set_log_handler(mm_log_handler, pmonitor); @@ -74,16 +74,16 @@ $NetBSD: patch-sshd.c,v 1.7 2016/03/15 2 return 0; } -@@ -730,7 +753,7 @@ privsep_postauth(Authctxt *authctxt) +@@ -634,7 +657,7 @@ privsep_postauth(Authctxt *authctxt) #ifdef DISABLE_FD_PASSING if (1) { #else -- if (authctxt->pw->pw_uid == 0 || options.use_login) { -+ if (authctxt->pw->pw_uid == ROOTUID || options.use_login) { +- if (authctxt->pw->pw_uid == 0) { ++ if (authctxt->pw->pw_uid == ROOTUID) { #endif /* File descriptor passing is broken or root login */ use_privsep = 0; -@@ -1497,8 +1520,10 @@ main(int ac, char **av) +@@ -1389,8 +1412,10 @@ main(int ac, char **av) av = saved_argv; #endif @@ -95,7 +95,7 @@ $NetBSD: patch-sshd.c,v 1.7 2016/03/15 2 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); -@@ -1925,7 +1950,7 @@ main(int ac, char **av) +@@ -1766,7 +1791,7 @@ main(int ac, char **av) (st.st_uid != getuid () || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)) #else @@ -104,7 +104,7 @@ $NetBSD: patch-sshd.c,v 1.7 2016/03/15 2 #endif fatal("%s must be owned by root and not group or " "world-writable.", _PATH_PRIVSEP_CHROOT_DIR); -@@ -1948,8 +1973,10 @@ main(int ac, char **av) +@@ -1789,8 +1814,10 @@ main(int ac, char **av) * to create a file, and we can't control the code in every * module which might be used). */ @@ -115,7 +115,7 @@ $NetBSD: patch-sshd.c,v 1.7 2016/03/15 2 if (rexec_flag) { rexec_argv = xcalloc(rexec_argc + 2, sizeof(char *)); -@@ -2145,6 +2172,25 @@ main(int ac, char **av) +@@ -1972,6 +1999,25 @@ main(int ac, char **av) audit_connection_from(remote_ip, remote_port); #endif --_----------=_1483072996288930--