Tue Mar 15 20:54:07 2016 UTC ()
Update openssh to 7.2.2 (7.2p2).

Changes since OpenSSH 7.2p1
===========================

This release fixes a security bug:

 * sshd(8): sanitise X11 authentication credentials to avoid xauth
   command injection when X11Forwarding is enabled.

   Full details of the vulnerability are available at:
   http://www.openssh.com/txt/x11fwd.adv


(bsiegert)
diff -r1.242 -r1.243 pkgsrc/security/openssh/Makefile
diff -r1.17 -r1.18 pkgsrc/security/openssh/PLIST
diff -r1.99 -r1.100 pkgsrc/security/openssh/distinfo
diff -r1.3 -r1.4 pkgsrc/security/openssh/patches/patch-clientloop.c
diff -r1.1 -r0 pkgsrc/security/openssh/patches/patch-packet.c
diff -r1.1 -r0 pkgsrc/security/openssh/patches/patch-readconf.c
diff -r1.5 -r1.6 pkgsrc/security/openssh/patches/patch-ssh.c
diff -r1.6 -r1.7 pkgsrc/security/openssh/patches/patch-sshd.c
cvs diff -r1.242 -r1.243 pkgsrc/security/openssh/Makefile (expand / switch to unified diff)

--- pkgsrc/security/openssh/Makefile 2016/03/05 11:29:23 1.242
+++ pkgsrc/security/openssh/Makefile 2016/03/15 20:54:07 1.243
@@ -1,18 +1,17 @@ @@ -1,18 +1,17 @@
1# $NetBSD: Makefile,v 1.242 2016/03/05 11:29:23 jperkin Exp $ 1# $NetBSD: Makefile,v 1.243 2016/03/15 20:54:07 bsiegert Exp $
2 2
3DISTNAME= openssh-7.1p1 3DISTNAME= openssh-7.2p2
4PKGNAME= ${DISTNAME:S/p1/.1/} 4PKGNAME= ${DISTNAME:S/p2/.2/}
5PKGREVISION= 4 
6CATEGORIES= security 5CATEGORIES= security
7MASTER_SITES= ${MASTER_SITE_OPENBSD:=OpenSSH/portable/} 6MASTER_SITES= ${MASTER_SITE_OPENBSD:=OpenSSH/portable/}
8 7
9MAINTAINER= pkgsrc-users@NetBSD.org 8MAINTAINER= pkgsrc-users@NetBSD.org
10HOMEPAGE= http://www.openssh.com/ 9HOMEPAGE= http://www.openssh.com/
11COMMENT= Open Source Secure shell client and server (remote login program) 10COMMENT= Open Source Secure shell client and server (remote login program)
12 11
13CONFLICTS= sftp-[0-9]* 12CONFLICTS= sftp-[0-9]*
14CONFLICTS+= ssh-[0-9]* ssh6-[0-9]* 13CONFLICTS+= ssh-[0-9]* ssh6-[0-9]*
15CONFLICTS+= ssh2-[0-9]* ssh2-nox11-[0-9]* 14CONFLICTS+= ssh2-[0-9]* ssh2-nox11-[0-9]*
16CONFLICTS+= openssh+gssapi-[0-9]* 15CONFLICTS+= openssh+gssapi-[0-9]*
17CONFLICTS+= lsh>2.0 16CONFLICTS+= lsh>2.0
18BROKEN_FOR_PLATFORM+= OpenBSD-*-* 17BROKEN_FOR_PLATFORM+= OpenBSD-*-*
cvs diff -r1.17 -r1.18 pkgsrc/security/openssh/PLIST (expand / switch to unified diff)

--- pkgsrc/security/openssh/PLIST 2015/08/14 08:57:00 1.17
+++ pkgsrc/security/openssh/PLIST 2016/03/15 20:54:07 1.18
@@ -1,29 +1,27 @@ @@ -1,29 +1,27 @@
1@comment $NetBSD: PLIST,v 1.17 2015/08/14 08:57:00 jperkin Exp $ 1@comment $NetBSD: PLIST,v 1.18 2016/03/15 20:54:07 bsiegert Exp $
2bin/scp 2bin/scp
3bin/sftp 3bin/sftp
4bin/slogin 
5bin/ssh 4bin/ssh
6bin/ssh-add 5bin/ssh-add
7bin/ssh-agent 6bin/ssh-agent
8bin/ssh-keygen 7bin/ssh-keygen
9bin/ssh-keyscan 8bin/ssh-keyscan
10libexec/sftp-server 9libexec/sftp-server
11libexec/ssh-keysign 10libexec/ssh-keysign
12libexec/ssh-pkcs11-helper 11libexec/ssh-pkcs11-helper
13${PLIST.prng}libexec/ssh-rand-helper 12${PLIST.prng}libexec/ssh-rand-helper
14man/man1/scp.1 13man/man1/scp.1
15man/man1/sftp.1 14man/man1/sftp.1
16man/man1/slogin.1 
17man/man1/ssh-add.1 15man/man1/ssh-add.1
18man/man1/ssh-agent.1 16man/man1/ssh-agent.1
19man/man1/ssh-keygen.1 17man/man1/ssh-keygen.1
20man/man1/ssh-keyscan.1 18man/man1/ssh-keyscan.1
21man/man1/ssh.1 19man/man1/ssh.1
22man/man5/moduli.5 20man/man5/moduli.5
23man/man5/ssh_config.5 21man/man5/ssh_config.5
24man/man5/sshd_config.5 22man/man5/sshd_config.5
25man/man8/sftp-server.8 23man/man8/sftp-server.8
26man/man8/ssh-keysign.8 24man/man8/ssh-keysign.8
27man/man8/ssh-pkcs11-helper.8 25man/man8/ssh-pkcs11-helper.8
28man/man8/sshd.8 26man/man8/sshd.8
29sbin/sshd 27sbin/sshd
cvs diff -r1.99 -r1.100 pkgsrc/security/openssh/distinfo (expand / switch to unified diff)

--- pkgsrc/security/openssh/distinfo 2016/02/26 21:06:38 1.99
+++ pkgsrc/security/openssh/distinfo 2016/03/15 20:54:07 1.100
@@ -1,37 +1,32 @@ @@ -1,37 +1,32 @@
1$NetBSD: distinfo,v 1.99 2016/02/26 21:06:38 tez Exp $ 1$NetBSD: distinfo,v 1.100 2016/03/15 20:54:07 bsiegert Exp $
2 2
3SHA1 (openssh-7.1p1-hpn-20150822.diff.bz2) = 444a2fbd80d57ff93b53ade84ec162e2a2f3aa67 3SHA1 (openssh-7.2p2.tar.gz) = 70e35d7d6386fe08abbd823b3a12a3ca44ac6d38
4RMD160 (openssh-7.1p1-hpn-20150822.diff.bz2) = 87fb6887d9ccb4b305ff3c25fd5f67847d9996d1 4RMD160 (openssh-7.2p2.tar.gz) = d18d73719ceeefa5116b5b741124f3604d7ddb99
5Size (openssh-7.1p1-hpn-20150822.diff.bz2) = 12173 bytes 5SHA512 (openssh-7.2p2.tar.gz) = 44f62b3a7bc50a0735d496a5aedeefb71550d8c10ad8f22b94e29fcc8084842db96e8c4ca41fced17af69e1aab09ed1182a12ad8650d9a46fd8743a0344df95b
6SHA1 (openssh-7.1p1.tar.gz) = ed22af19f962262c493fcc6ed8c8826b2761d9b6 6Size (openssh-7.2p2.tar.gz) = 1499808 bytes
7RMD160 (openssh-7.1p1.tar.gz) = 2c97ea10099fa8658156c0351d60d715655b9b07 
8SHA512 (openssh-7.1p1.tar.gz) = f1491ca5a0a733eb27ede966590642a412cb7be7178dcb7b9e5844bbdc8383032f4b00435192b95fc0365b6fe74d6c5ac8d6facbe9d51e1532d049e2f784e8f7 
9Size (openssh-7.1p1.tar.gz) = 1493170 bytes 
10SHA1 (patch-Makefile.in) = 98960119bda68a663214c8880484552f1207bcfc 7SHA1 (patch-Makefile.in) = 98960119bda68a663214c8880484552f1207bcfc
11SHA1 (patch-auth-passwd.c) = 92c487cc3c092efb56f8b4ac4ca08ccd67803a83 8SHA1 (patch-auth-passwd.c) = 92c487cc3c092efb56f8b4ac4ca08ccd67803a83
12SHA1 (patch-auth-rhosts.c) = a5e6131e63b83a7e8a06cd80f22def449d6bc2c4 9SHA1 (patch-auth-rhosts.c) = a5e6131e63b83a7e8a06cd80f22def449d6bc2c4
13SHA1 (patch-auth.c) = cd13f8b31b45d668c5e09eca098b17ec8a7c1039 10SHA1 (patch-auth.c) = cd13f8b31b45d668c5e09eca098b17ec8a7c1039
14SHA1 (patch-auth1.c) = cdac14ffa4008e62926526e66316b0a553435374 11SHA1 (patch-auth1.c) = cdac14ffa4008e62926526e66316b0a553435374
15SHA1 (patch-auth2.c) = efc1eb6d28cb6ec2bd87723943f3e36c612d93aa 12SHA1 (patch-auth2.c) = efc1eb6d28cb6ec2bd87723943f3e36c612d93aa
16SHA1 (patch-channels.c) = edcce67664bbbc30a8d10ed2fe58dcece944726c 13SHA1 (patch-channels.c) = edcce67664bbbc30a8d10ed2fe58dcece944726c
17SHA1 (patch-clientloop.c) = a99fa9ff36e0068c059ee9daa392d06c01d1761c 14SHA1 (patch-clientloop.c) = 9b2db181d964b7720e1dc12724a9b9033f28d0e7
18SHA1 (patch-config.h.in) = 7406f10b568d2b8237ee575922ce712658d90d59 15SHA1 (patch-config.h.in) = 7406f10b568d2b8237ee575922ce712658d90d59
19SHA1 (patch-configure.ac) = d7ba54f34e03fd204eb1a9804fcae7fd16e285e2 16SHA1 (patch-configure.ac) = d7ba54f34e03fd204eb1a9804fcae7fd16e285e2
20SHA1 (patch-defines.h) = bd8687a9a2857f3b8d15ae94095f27f9344003c4 17SHA1 (patch-defines.h) = bd8687a9a2857f3b8d15ae94095f27f9344003c4
21SHA1 (patch-includes.h) = c4a7622af6fbcd098d18d257724dca6aaeea4fda 18SHA1 (patch-includes.h) = c4a7622af6fbcd098d18d257724dca6aaeea4fda
22SHA1 (patch-loginrec.c) = 28082deb14258fe63cbecad8ac96afc016de439c 19SHA1 (patch-loginrec.c) = 28082deb14258fe63cbecad8ac96afc016de439c
23SHA1 (patch-openbsd-compat_bsd-openpty.c) = eaac72830e36e307c19a7b679e6018ece9aebaac 20SHA1 (patch-openbsd-compat_bsd-openpty.c) = eaac72830e36e307c19a7b679e6018ece9aebaac
24SHA1 (patch-openbsd-compat_openbsd-compat.h) = bedbede16ab2fe918419c994ba15a20167b411b4 21SHA1 (patch-openbsd-compat_openbsd-compat.h) = bedbede16ab2fe918419c994ba15a20167b411b4
25SHA1 (patch-openbsd-compat_port-tun.c) = 690dfb1f945d186dd3de5bea70ed8fab86e590ee 22SHA1 (patch-openbsd-compat_port-tun.c) = 690dfb1f945d186dd3de5bea70ed8fab86e590ee
26SHA1 (patch-packet.c) = d302a0802861287e9a5230bbe2a1018c5dc17d28 
27SHA1 (patch-platform.c) = f8f211dbc5e596c0f82eb86324d18a84c6151ec5 23SHA1 (patch-platform.c) = f8f211dbc5e596c0f82eb86324d18a84c6151ec5
28SHA1 (patch-readconf.c) = e1663d4d9a7ca8de8f87ba42d7b764923cdcc5db 
29SHA1 (patch-sandbox-darwin.c) = c9a1fe2e4dbf98e929d983b4206a244e0e354b75 24SHA1 (patch-sandbox-darwin.c) = c9a1fe2e4dbf98e929d983b4206a244e0e354b75
30SHA1 (patch-scp.c) = 9c2317b0f796641903a826db355ba06595a26ea1 25SHA1 (patch-scp.c) = 9c2317b0f796641903a826db355ba06595a26ea1
31SHA1 (patch-session.c) = 2aa1d95a35b52519c4921494855f861dc1380f3b 26SHA1 (patch-session.c) = 2aa1d95a35b52519c4921494855f861dc1380f3b
32SHA1 (patch-sftp-common.c) = 6819aa040c8f1caa30a704cf6f0588e498df8778 27SHA1 (patch-sftp-common.c) = 6819aa040c8f1caa30a704cf6f0588e498df8778
33SHA1 (patch-ssh.c) = 00897c09b7d3037713c579cbc41301623d4c2ebf 28SHA1 (patch-ssh.c) = 6877d8205d999906c14240d4d112b084609927ca
34SHA1 (patch-sshd.8) = 5bf48cd27cef8e8810b9dc7115f5180102a345d1 29SHA1 (patch-sshd.8) = 5bf48cd27cef8e8810b9dc7115f5180102a345d1
35SHA1 (patch-sshd.c) = 85a9f50c8b1bdcc44156e2b457a583ccdbc5821b 30SHA1 (patch-sshd.c) = cd23ce269bfb48b0caa901e62fc01d35ef0618ac
36SHA1 (patch-sshpty.c) = cb691d4fbde808927f2fbcc12b87ad983cf21938 31SHA1 (patch-sshpty.c) = cb691d4fbde808927f2fbcc12b87ad983cf21938
37SHA1 (patch-uidswap.c) = 68c4f5ffab7f4c5c9c00b7443a74b2da52809b7e 32SHA1 (patch-uidswap.c) = 68c4f5ffab7f4c5c9c00b7443a74b2da52809b7e
cvs diff -r1.3 -r1.4 pkgsrc/security/openssh/patches/patch-clientloop.c (expand / switch to unified diff)

--- pkgsrc/security/openssh/patches/patch-clientloop.c 2016/01/18 12:53:26 1.3
+++ pkgsrc/security/openssh/patches/patch-clientloop.c 2016/03/15 20:54:07 1.4
@@ -1,36 +1,36 @@ @@ -1,36 +1,36 @@
1$NetBSD: patch-clientloop.c,v 1.3 2016/01/18 12:53:26 jperkin Exp $ 1$NetBSD: patch-clientloop.c,v 1.4 2016/03/15 20:54:07 bsiegert Exp $
2 2
3Fix X11 forwarding under Mac OS X Yosemite. Patch taken from MacPorts. 3Fix X11 forwarding under Mac OS X Yosemite. Patch taken from MacPorts.
4 4
5https://trac.macports.org/browser/trunk/dports/net/openssh/files/launchd.patch?rev=121205 5https://trac.macports.org/browser/trunk/dports/net/openssh/files/launchd.patch?rev=121205
6 6
7--- clientloop.c.orig 2015-08-21 04:49:03.000000000 +0000 7--- clientloop.c.orig 2016-03-09 18:04:48.000000000 +0000
8+++ clientloop.c 8+++ clientloop.c
9@@ -315,6 +315,10 @@ client_x11_get_proto(const char *display 9@@ -313,6 +313,10 @@ client_x11_get_proto(const char *display
10 struct stat st; 10 struct stat st;
11 u_int now, x11_timeout_real; 11 u_int now, x11_timeout_real;
12  12
13+#if __APPLE__ 13+#if __APPLE__
14+ int is_path_to_socket = 0; 14+ int is_path_to_socket = 0;
15+#endif /* __APPLE__ */ 15+#endif /* __APPLE__ */
16+ 16+
17 xauthdir = xauthfile = NULL; 
18 *_proto = proto; 17 *_proto = proto;
19 *_data = data; 18 *_data = data;
20@@ -330,6 +334,33 @@ client_x11_get_proto(const char *display 19 proto[0] = data[0] = xauthfile[0] = xauthdir[0] = '\0';
21 debug("x11_get_proto: DISPLAY not set"); 20@@ -329,6 +333,33 @@ client_x11_get_proto(const char *display
22 return; 21 }
23 } 22
 23 if (xauth_path != NULL) {
24+#if __APPLE__ 24+#if __APPLE__
25+ { 25+ {
26+ /* 26+ /*
27+ * If using launchd socket, remove the screen number from the end 27+ * If using launchd socket, remove the screen number from the end
28+ * of $DISPLAY. is_path_to_socket is used later in this function 28+ * of $DISPLAY. is_path_to_socket is used later in this function
29+ * to determine if an error should be displayed. 29+ * to determine if an error should be displayed.
30+ */ 30+ */
31+ char path[PATH_MAX]; 31+ char path[PATH_MAX];
32+ struct stat sbuf; 32+ struct stat sbuf;
33+ 33+
34+ strlcpy(path, display, sizeof(path)); 34+ strlcpy(path, display, sizeof(path));
35+ if (0 == stat(path, &sbuf)) { 35+ if (0 == stat(path, &sbuf)) {
36+ is_path_to_socket = 1; 36+ is_path_to_socket = 1;
@@ -41,23 +41,23 @@ https://trac.macports.org/browser/trunk/ @@ -41,23 +41,23 @@ https://trac.macports.org/browser/trunk/
41+ /* screen = atoi(dot + 1); */ 41+ /* screen = atoi(dot + 1); */
42+ if (0 == stat(path, &sbuf)) { 42+ if (0 == stat(path, &sbuf)) {
43+ is_path_to_socket = 1; 43+ is_path_to_socket = 1;
44+ debug("x11_get_proto: $DISPLAY is launchd, removing screennum"); 44+ debug("x11_get_proto: $DISPLAY is launchd, removing screennum");
45+ setenv("DISPLAY", path, 1); 45+ setenv("DISPLAY", path, 1);
46+ } 46+ }
47+ } 47+ }
48+ } 48+ }
49+ } 49+ }
50+#endif /* __APPLE__ */ 50+#endif /* __APPLE__ */
51 /* 51 /*
52 * Handle FamilyLocal case where $DISPLAY does 52 * Handle FamilyLocal case where $DISPLAY does
53 * not match an authorization entry. For this we 53 * not match an authorization entry. For this we
54@@ -421,6 +452,9 @@ client_x11_get_proto(const char *display 54@@ -438,6 +469,9 @@ client_x11_get_proto(const char *display
55 if (!got_data) { 55 if (!got_data) {
56 u_int32_t rnd = 0; 56 u_int32_t rnd = 0;
57  57
58+#if __APPLE__ 58+#if __APPLE__
59+ if (!is_path_to_socket) 59+ if (!is_path_to_socket)
60+#endif /* __APPLE__ */ 60+#endif /* __APPLE__ */
61 logit("Warning: No xauth data; " 61 logit("Warning: No xauth data; "
62 "using fake authentication data for X11 forwarding."); 62 "using fake authentication data for X11 forwarding.");
63 strlcpy(proto, SSH_X11_PROTO, sizeof proto); 63 strlcpy(proto, SSH_X11_PROTO, sizeof proto);
File Deleted: pkgsrc/security/openssh/patches/Attic/patch-packet.c
File Deleted: pkgsrc/security/openssh/patches/Attic/patch-readconf.c
cvs diff -r1.5 -r1.6 pkgsrc/security/openssh/patches/Attic/patch-ssh.c (expand / switch to unified diff)

--- pkgsrc/security/openssh/patches/Attic/patch-ssh.c 2016/01/18 12:53:26 1.5
+++ pkgsrc/security/openssh/patches/Attic/patch-ssh.c 2016/03/15 20:54:07 1.6
@@ -1,26 +1,15 @@ @@ -1,26 +1,15 @@
1$NetBSD: patch-ssh.c,v 1.5 2016/01/18 12:53:26 jperkin Exp $ 1$NetBSD: patch-ssh.c,v 1.6 2016/03/15 20:54:07 bsiegert Exp $
2 2
3Interix support 3Interix support
4Disable roaming 
5 4
6--- ssh.c.orig 2015-08-21 04:49:03.000000000 +0000 5--- ssh.c.orig 2016-03-09 18:04:48.000000000 +0000
7+++ ssh.c 6+++ ssh.c
8@@ -1084,7 +1084,7 @@ main(int ac, char **av) 7@@ -1097,7 +1097,7 @@ main(int ac, char **av)
9 "disabling"); 
10 options.update_hostkeys = 0; 
11 } 8 }
 9 if (options.connection_attempts <= 0)
 10 fatal("Invalid number of ConnectionAttempts");
12-#ifndef HAVE_CYGWIN 11-#ifndef HAVE_CYGWIN
13+#if defined(HAVE_CYGWIN) || defined(HAVE_INTERIX) 12+#if !defined(HAVE_CYGWIN) && !defined(HAVE_INTERIX)
14 if (original_effective_uid != 0) 13 if (original_effective_uid != 0)
15 options.use_privileged_port = 0; 14 options.use_privileged_port = 0;
16 #endif 15 #endif
17@@ -1932,9 +1932,6 @@ ssh_session2(void) 
18 fork_postauth(); 
19 } 
20  
21- if (options.use_roaming) 
22- request_roaming(); 
23- 
24 return client_loop(tty_flag, tty_flag ? 
25 options.escape_char : SSH_ESCAPECHAR_NONE, id); 
26 } 
cvs diff -r1.6 -r1.7 pkgsrc/security/openssh/patches/patch-sshd.c (expand / switch to unified diff)

--- pkgsrc/security/openssh/patches/patch-sshd.c 2016/01/18 12:53:26 1.6
+++ pkgsrc/security/openssh/patches/patch-sshd.c 2016/03/15 20:54:07 1.7
@@ -1,124 +1,131 @@ @@ -1,124 +1,131 @@
1$NetBSD: patch-sshd.c,v 1.6 2016/01/18 12:53:26 jperkin Exp $ 1$NetBSD: patch-sshd.c,v 1.7 2016/03/15 20:54:07 bsiegert Exp $
2 2
3* Interix support 3* Interix support
4* Revive tcp_wrappers support. 4* Revive tcp_wrappers support.
5 5
6--- sshd.c.orig 2015-08-21 04:49:03.000000000 +0000 6--- sshd.c.orig 2016-03-09 18:04:48.000000000 +0000
7+++ sshd.c 7+++ sshd.c
8@@ -126,6 +126,13 @@ 8@@ -125,6 +125,13 @@
9 #include "version.h" 9 #include "version.h"
10 #include "ssherr.h" 10 #include "ssherr.h"
11  11
12+#ifdef LIBWRAP 12+#ifdef LIBWRAP
13+#include <tcpd.h> 13+#include <tcpd.h>
14+#include <syslog.h> 14+#include <syslog.h>
15+int allow_severity; 15+int allow_severity;
16+int deny_severity; 16+int deny_severity;
17+#endif /* LIBWRAP */ 17+#endif /* LIBWRAP */
18+ 18+
19 #ifndef O_NOCTTY 19 #ifndef O_NOCTTY
20 #define O_NOCTTY 0 20 #define O_NOCTTY 0
21 #endif 21 #endif
22@@ -237,7 +244,11 @@ int *startup_pipes = NULL; 22@@ -236,7 +243,11 @@ int *startup_pipes = NULL;
23 int startup_pipe; /* in child */ 23 int startup_pipe; /* in child */
24  24
25 /* variables used for privilege separation */ 25 /* variables used for privilege separation */
26+#ifdef HAVE_INTERIX 26+#ifdef HAVE_INTERIX
27+int use_privsep = 0; 27+int use_privsep = 0;
28+#else 28+#else
29 int use_privsep = -1; 29 int use_privsep = -1;
30+#endif 30+#endif
31 struct monitor *pmonitor = NULL; 31 struct monitor *pmonitor = NULL;
32 int privsep_is_preauth = 1; 32 int privsep_is_preauth = 1;
33  33
34@@ -644,10 +655,15 @@ privsep_preauth_child(void) 34@@ -632,7 +643,7 @@ privsep_preauth_child(void)
35 /* XXX not ready, too heavy after chroot */ 35 demote_sensitive_data();
36 do_setusercontext(privsep_pw); 36
37 #else 37 /* Demote the child */
 38- if (getuid() == 0 || geteuid() == 0) {
 39+ if (getuid() == ROOTUID || geteuid() == ROOTUID) {
 40 /* Change our root directory */
 41 if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)
 42 fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR,
 43@@ -643,10 +654,15 @@ privsep_preauth_child(void)
 44 /* Drop our privileges */
 45 debug3("privsep user:group %u:%u", (u_int)privsep_pw->pw_uid,
 46 (u_int)privsep_pw->pw_gid);
38+#ifdef HAVE_INTERIX 47+#ifdef HAVE_INTERIX
39+ if (setuser(privsep_pw->pw_name, NULL, SU_COMPLETE)) 48+ if (setuser(privsep_pw->pw_name, NULL, SU_COMPLETE))
40+ fatal("setuser: %.100s", strerror(errno)); 49+ fatal("setuser: %.100s", strerror(errno));
41+#else 50+#else
42 gidset[0] = privsep_pw->pw_gid; 51 gidset[0] = privsep_pw->pw_gid;
43 if (setgroups(1, gidset) < 0) 52 if (setgroups(1, gidset) < 0)
44 fatal("setgroups: %.100s", strerror(errno)); 53 fatal("setgroups: %.100s", strerror(errno));
45 permanently_set_uid(privsep_pw); 54 permanently_set_uid(privsep_pw);
46+#endif /* HAVE_INTERIX */ 55+#endif /* HAVE_INTERIX */
47 #endif 56 }
48 } 57 }
49  58
50@@ -715,11 +731,18 @@ privsep_preauth(Authctxt *authctxt) 59@@ -713,10 +729,17 @@ privsep_preauth(Authctxt *authctxt)
 60 /* Arrange for logging to be sent to the monitor */
51 set_log_handler(mm_log_handler, pmonitor); 61 set_log_handler(mm_log_handler, pmonitor);
52  62
53 /* Demote the child */ 
54- if (getuid() == 0 || geteuid() == 0) 
55+#ifdef __APPLE_SANDBOX_NAMED_EXTERNAL__ 63+#ifdef __APPLE_SANDBOX_NAMED_EXTERNAL__
56+ /* We need to do this before we chroot() so we can read sshd.sb */ 64+ /* We need to do this before we chroot() so we can read sshd.sb */
57+ if (box != NULL) 65+ if (box != NULL)
58+ ssh_sandbox_child(box); 66+ ssh_sandbox_child(box);
59+#endif 67+#endif
60+ if (getuid() == ROOTUID || geteuid() == ROOTUID) 68 privsep_preauth_child();
61 privsep_preauth_child(); 
62 setproctitle("%s", "[net]"); 69 setproctitle("%s", "[net]");
63+#ifndef __APPLE_SANDBOX_NAMED_EXTERNAL__ 70+#ifndef __APPLE_SANDBOX_NAMED_EXTERNAL__
64 if (box != NULL) 71 if (box != NULL)
65 ssh_sandbox_child(box); 72 ssh_sandbox_child(box);
66+#endif 73+#endif
67  74
68 return 0; 75 return 0;
69 } 76 }
70@@ -733,7 +756,7 @@ privsep_postauth(Authctxt *authctxt) 77@@ -730,7 +753,7 @@ privsep_postauth(Authctxt *authctxt)
71 #ifdef DISABLE_FD_PASSING 78 #ifdef DISABLE_FD_PASSING
72 if (1) { 79 if (1) {
73 #else 80 #else
74- if (authctxt->pw->pw_uid == 0 || options.use_login) { 81- if (authctxt->pw->pw_uid == 0 || options.use_login) {
75+ if (authctxt->pw->pw_uid == ROOTUID || options.use_login) { 82+ if (authctxt->pw->pw_uid == ROOTUID || options.use_login) {
76 #endif 83 #endif
77 /* File descriptor passing is broken or root login */ 84 /* File descriptor passing is broken or root login */
78 use_privsep = 0; 85 use_privsep = 0;
79@@ -1489,8 +1512,10 @@ main(int ac, char **av) 86@@ -1497,8 +1520,10 @@ main(int ac, char **av)
80 av = saved_argv; 87 av = saved_argv;
81 #endif 88 #endif
82  89
83- if (geteuid() == 0 && setgroups(0, NULL) == -1) 90- if (geteuid() == 0 && setgroups(0, NULL) == -1)
84+#ifndef HAVE_INTERIX 91+#ifndef HAVE_INTERIX
85+ if (geteuid() == ROOTUID && setgroups(0, NULL) == -1) 92+ if (geteuid() == ROOTUID && setgroups(0, NULL) == -1)
86 debug("setgroups(): %.200s", strerror(errno)); 93 debug("setgroups(): %.200s", strerror(errno));
87+#endif 94+#endif
88  95
89 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ 96 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
90 sanitise_stdfd(); 97 sanitise_stdfd();
91@@ -1919,7 +1944,7 @@ main(int ac, char **av) 98@@ -1925,7 +1950,7 @@ main(int ac, char **av)
92 (st.st_uid != getuid () || 99 (st.st_uid != getuid () ||
93 (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)) 100 (st.st_mode & (S_IWGRP|S_IWOTH)) != 0))
94 #else 101 #else
95- if (st.st_uid != 0 || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0) 102- if (st.st_uid != 0 || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)
96+ if (st.st_uid != ROOTUID || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0) 103+ if (st.st_uid != ROOTUID || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)
97 #endif 104 #endif
98 fatal("%s must be owned by root and not group or " 105 fatal("%s must be owned by root and not group or "
99 "world-writable.", _PATH_PRIVSEP_CHROOT_DIR); 106 "world-writable.", _PATH_PRIVSEP_CHROOT_DIR);
100@@ -1942,8 +1967,10 @@ main(int ac, char **av) 107@@ -1948,8 +1973,10 @@ main(int ac, char **av)
101 * to create a file, and we can't control the code in every 108 * to create a file, and we can't control the code in every
102 * module which might be used). 109 * module which might be used).
103 */ 110 */
104+#ifndef HAVE_INTERIX 111+#ifndef HAVE_INTERIX
105 if (setgroups(0, NULL) < 0) 112 if (setgroups(0, NULL) < 0)
106 debug("setgroups() failed: %.200s", strerror(errno)); 113 debug("setgroups() failed: %.200s", strerror(errno));
107+#endif 114+#endif
108  115
109 if (rexec_flag) { 116 if (rexec_flag) {
110 rexec_argv = xcalloc(rexec_argc + 2, sizeof(char *)); 117 rexec_argv = xcalloc(rexec_argc + 2, sizeof(char *));
111@@ -2139,6 +2166,25 @@ main(int ac, char **av) 118@@ -2145,6 +2172,25 @@ main(int ac, char **av)
112 audit_connection_from(remote_ip, remote_port); 119 audit_connection_from(remote_ip, remote_port);
113 #endif 120 #endif
114  121
115+#ifdef LIBWRAP 122+#ifdef LIBWRAP
116+ allow_severity = options.log_facility|LOG_INFO; 123+ allow_severity = options.log_facility|LOG_INFO;
117+ deny_severity = options.log_facility|LOG_WARNING; 124+ deny_severity = options.log_facility|LOG_WARNING;
118+ /* Check whether logins are denied from this host. */ 125+ /* Check whether logins are denied from this host. */
119+ if (packet_connection_is_on_socket()) { 126+ if (packet_connection_is_on_socket()) {
120+ struct request_info req; 127+ struct request_info req;
121+ 128+
122+ request_init(&req, RQ_DAEMON, __progname, RQ_FILE, sock_in, 0); 129+ request_init(&req, RQ_DAEMON, __progname, RQ_FILE, sock_in, 0);
123+ fromhost(&req); 130+ fromhost(&req);
124+ 131+