[gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/files/, net-misc/openssh/ - gentoo-commits

From:	Patrick McLean <chutzpah@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/files/, net-misc/openssh/
Date:	Sat, 26 Feb 2022 01:38:04
Message-Id:	`1645839471.126e92820579e58d391f55fdfefe425a685fc217.chutzpah@gentoo`

1

commit:     126e92820579e58d391f55fdfefe425a685fc217

2

Author:     Patrick McLean <chutzpah <AT> gentoo <DOT> org>

3

AuthorDate: Sat Feb 26 01:37:51 2022 +0000

4

Commit:     Patrick McLean <chutzpah <AT> gentoo <DOT> org>

5

CommitDate: Sat Feb 26 01:37:51 2022 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=126e9282

7

8

net-misc/openssh: Add patch to fix #834044

9

10

I can't reproduce this locally, however this should be a fairly simple

11

fix.

12

Closes: https://bugs.gentoo.org/834044

13

Package-Manager: Portage-3.0.30, Repoman-3.0.3

14

Signed-off-by: Patrick McLean <chutzpah <AT> gentoo.org>

15

16

 .../files/openssh-8.9_p1-X509-glue-13.3.patch      | 13 ++++++++++-

17

 .../openssh-8.9_p1-gss-use-HOST_NAME_MAX.patch     | 27 ++++++++++++++++++++++

18

 net-misc/openssh/openssh-8.9_p1.ebuild             |  1 +

19

 3 files changed, 40 insertions(+), 1 deletion(-)

20

21

diff --git a/net-misc/openssh/files/openssh-8.9_p1-X509-glue-13.3.patch b/net-misc/openssh/files/openssh-8.9_p1-X509-glue-13.3.patch

22

index 66617a17af2a..7c7767109dd5 100644

23

--- a/net-misc/openssh/files/openssh-8.9_p1-X509-glue-13.3.patch

24

+++ b/net-misc/openssh/files/openssh-8.9_p1-X509-glue-13.3.patch

25

@@ -1,6 +1,6 @@

26

 diff -ur '--exclude=.*.un~' a/openssh-8.9p1+x509-13.3.diff b/openssh-8.9p1+x509-13.3.diff

27

 --- a/openssh-8.9p1+x509-13.3.diff	2022-02-24 17:19:30.830285922 -0800

28

-+++ b/openssh-8.9p1+x509-13.3.diff	2022-02-25 16:56:00.750829460 -0800

29

++++ b/openssh-8.9p1+x509-13.3.diff	2022-02-25 17:35:40.885492007 -0800

30

 @@ -993,15 +993,16 @@

31

   	char b[512];

32

  -	size_t len = ssh_digest_bytes(SSH_DIGEST_SHA512);

33

@@ -21,6 +21,17 @@ diff -ur '--exclude=.*.un~' a/openssh-8.9p1+x509-13.3.diff b/openssh-8.9p1+x509-

34

   	(void)snprintf(b, sizeof b, "%llu%s",

35

   	    (unsigned long long)options.timing_secret, user);

36

  -	if (ssh_digest_memory(SSH_DIGEST_SHA512, b, strlen(b), hash, len) != 0)

37

+@@ -44573,8 +44574,8 @@

38

+  		gss_create_empty_oid_set(&status, &oidset);

39

+  		gss_add_oid_set_member(&status, ctx->oid, &oidset);

40

+

41

+--		if (gethostname(lname, MAXHOSTNAMELEN)) {

42

+-+		if (gethostname(lname, MAXHOSTNAMELEN) == -1) {

43

++-		if (gethostname(lname, HOST_NAME_MAX)) {

44

+++		if (gethostname(lname, HOST_NAME_MAX) == -1) {

45

+  			gss_release_oid_set(&status, &oidset);

46

+  			return (-1);

47

+  		}

48

 @@ -51970,7 +51971,7 @@

49

  diff -ruN openssh-8.9p1/m4/openssh.m4 openssh-8.9p1+x509-13.3/m4/openssh.m4

50

  --- openssh-8.9p1/m4/openssh.m4	2022-02-23 13:31:11.000000000 +0200

51

52

diff --git a/net-misc/openssh/files/openssh-8.9_p1-gss-use-HOST_NAME_MAX.patch b/net-misc/openssh/files/openssh-8.9_p1-gss-use-HOST_NAME_MAX.patch

53

new file mode 100644

54

index 000000000000..98c87ecf5f47

55

--- /dev/null

56

+++ b/net-misc/openssh/files/openssh-8.9_p1-gss-use-HOST_NAME_MAX.patch

57

@@ -0,0 +1,27 @@

58

+diff --git a/gss-serv.c b/gss-serv.c

59

+index b5d4bb2d..00e3d118 100644

60

+--- a/gss-serv.c

61

++++ b/gss-serv.c

62

+@@ -105,7 +105,7 @@ ssh_gssapi_acquire_cred(Gssctxt *ctx)

63

+ 		gss_create_empty_oid_set(&status, &oidset);

64

+ 		gss_add_oid_set_member(&status, ctx->oid, &oidset);

65

+

66

+-		if (gethostname(lname, MAXHOSTNAMELEN)) {

67

++		if (gethostname(lname, HOST_NAME_MAX)) {

68

+ 			gss_release_oid_set(&status, &oidset);

69

+ 			return (-1);

70

+ 		}

71

+diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c

72

+index 2e065ba3..4ce80cb2 100644

73

+--- a/sandbox-seccomp-filter.c

74

++++ b/sandbox-seccomp-filter.c

75

+@@ -276,6 +276,9 @@ static const struct sock_filter preauth_insns[] = {

76

+ #ifdef __NR_ppoll

77

+ 	SC_ALLOW(__NR_ppoll),

78

+ #endif

79

++#ifdef __NR_ppoll_time64

80

++	SC_ALLOW(__NR_ppoll_time64),

81

++#endif

82

+ #ifdef __NR_poll

83

+ 	SC_ALLOW(__NR_poll),

84

+ #endif

85

86

diff --git a/net-misc/openssh/openssh-8.9_p1.ebuild b/net-misc/openssh/openssh-8.9_p1.ebuild

87

index bb334274000e..562d5b5a4914 100644

88

--- a/net-misc/openssh/openssh-8.9_p1.ebuild

89

+++ b/net-misc/openssh/openssh-8.9_p1.ebuild

90

@@ -128,6 +128,7 @@ src_prepare() {

91

 	eapply "${FILESDIR}"/${PN}-8.0_p1-deny-shmget-shmat-shmdt-in-preauth-privsep-child.patch

92

 	eapply "${FILESDIR}"/${PN}-8.9_p1-allow-ppoll_time64.patch #834019

93

 	eapply "${FILESDIR}"/${PN}-8.9_p1-fzero-call-used-regs.patch #834037

94

+	eapply "${FILESDIR}"/${PN}-8.9_p1-gss-use-HOST_NAME_MAX.patch #834044

95

96

 	[[ -d ${WORKDIR}/patches ]] && eapply "${WORKDIR}"/patches

1	commit: 126e92820579e58d391f55fdfefe425a685fc217
2	Author: Patrick McLean <chutzpah <AT> gentoo <DOT> org>
3	AuthorDate: Sat Feb 26 01:37:51 2022 +0000
4	Commit: Patrick McLean <chutzpah <AT> gentoo <DOT> org>
5	CommitDate: Sat Feb 26 01:37:51 2022 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=126e9282
7
8	net-misc/openssh: Add patch to fix #834044
9
10	I can't reproduce this locally, however this should be a fairly simple
11	fix.
12	Closes: https://bugs.gentoo.org/834044
13	Package-Manager: Portage-3.0.30, Repoman-3.0.3
14	Signed-off-by: Patrick McLean <chutzpah <AT> gentoo.org>
15
16	.../files/openssh-8.9_p1-X509-glue-13.3.patch \| 13 ++++++++++-
17	.../openssh-8.9_p1-gss-use-HOST_NAME_MAX.patch \| 27 ++++++++++++++++++++++
18	net-misc/openssh/openssh-8.9_p1.ebuild \| 1 +
19	3 files changed, 40 insertions(+), 1 deletion(-)
20
21	diff --git a/net-misc/openssh/files/openssh-8.9_p1-X509-glue-13.3.patch b/net-misc/openssh/files/openssh-8.9_p1-X509-glue-13.3.patch
22	index 66617a17af2a..7c7767109dd5 100644
23	--- a/net-misc/openssh/files/openssh-8.9_p1-X509-glue-13.3.patch
24	+++ b/net-misc/openssh/files/openssh-8.9_p1-X509-glue-13.3.patch
25	@@ -1,6 +1,6 @@
26	diff -ur '--exclude=.*.un~' a/openssh-8.9p1+x509-13.3.diff b/openssh-8.9p1+x509-13.3.diff
27	--- a/openssh-8.9p1+x509-13.3.diff 2022-02-24 17:19:30.830285922 -0800
28	-+++ b/openssh-8.9p1+x509-13.3.diff 2022-02-25 16:56:00.750829460 -0800
29	++++ b/openssh-8.9p1+x509-13.3.diff 2022-02-25 17:35:40.885492007 -0800
30	@@ -993,15 +993,16 @@
31	char b[512];
32	- size_t len = ssh_digest_bytes(SSH_DIGEST_SHA512);
33	@@ -21,6 +21,17 @@ diff -ur '--exclude=.*.un~' a/openssh-8.9p1+x509-13.3.diff b/openssh-8.9p1+x509-
34	(void)snprintf(b, sizeof b, "%llu%s",
35	(unsigned long long)options.timing_secret, user);
36	- if (ssh_digest_memory(SSH_DIGEST_SHA512, b, strlen(b), hash, len) != 0)
37	+@@ -44573,8 +44574,8 @@
38	+ gss_create_empty_oid_set(&status, &oidset);
39	+ gss_add_oid_set_member(&status, ctx->oid, &oidset);
40	+
41	+-- if (gethostname(lname, MAXHOSTNAMELEN)) {
42	+-+ if (gethostname(lname, MAXHOSTNAMELEN) == -1) {
43	++- if (gethostname(lname, HOST_NAME_MAX)) {
44	+++ if (gethostname(lname, HOST_NAME_MAX) == -1) {
45	+ gss_release_oid_set(&status, &oidset);
46	+ return (-1);
47	+ }
48	@@ -51970,7 +51971,7 @@
49	diff -ruN openssh-8.9p1/m4/openssh.m4 openssh-8.9p1+x509-13.3/m4/openssh.m4
50	--- openssh-8.9p1/m4/openssh.m4 2022-02-23 13:31:11.000000000 +0200
51
52	diff --git a/net-misc/openssh/files/openssh-8.9_p1-gss-use-HOST_NAME_MAX.patch b/net-misc/openssh/files/openssh-8.9_p1-gss-use-HOST_NAME_MAX.patch
53	new file mode 100644
54	index 000000000000..98c87ecf5f47
55	--- /dev/null
56	+++ b/net-misc/openssh/files/openssh-8.9_p1-gss-use-HOST_NAME_MAX.patch
57	@@ -0,0 +1,27 @@
58	+diff --git a/gss-serv.c b/gss-serv.c
59	+index b5d4bb2d..00e3d118 100644
60	+--- a/gss-serv.c
61	++++ b/gss-serv.c
62	+@@ -105,7 +105,7 @@ ssh_gssapi_acquire_cred(Gssctxt *ctx)
63	+ gss_create_empty_oid_set(&status, &oidset);
64	+ gss_add_oid_set_member(&status, ctx->oid, &oidset);
65	+
66	+- if (gethostname(lname, MAXHOSTNAMELEN)) {
67	++ if (gethostname(lname, HOST_NAME_MAX)) {
68	+ gss_release_oid_set(&status, &oidset);
69	+ return (-1);
70	+ }
71	+diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
72	+index 2e065ba3..4ce80cb2 100644
73	+--- a/sandbox-seccomp-filter.c
74	++++ b/sandbox-seccomp-filter.c
75	+@@ -276,6 +276,9 @@ static const struct sock_filter preauth_insns[] = {
76	+ #ifdef __NR_ppoll
77	+ SC_ALLOW(__NR_ppoll),
78	+ #endif
79	++#ifdef __NR_ppoll_time64
80	++ SC_ALLOW(__NR_ppoll_time64),
81	++#endif
82	+ #ifdef __NR_poll
83	+ SC_ALLOW(__NR_poll),
84	+ #endif
85
86	diff --git a/net-misc/openssh/openssh-8.9_p1.ebuild b/net-misc/openssh/openssh-8.9_p1.ebuild
87	index bb334274000e..562d5b5a4914 100644
88	--- a/net-misc/openssh/openssh-8.9_p1.ebuild
89	+++ b/net-misc/openssh/openssh-8.9_p1.ebuild
90	@@ -128,6 +128,7 @@ src_prepare() {
91	eapply "${FILESDIR}"/${PN}-8.0_p1-deny-shmget-shmat-shmdt-in-preauth-privsep-child.patch
92	eapply "${FILESDIR}"/${PN}-8.9_p1-allow-ppoll_time64.patch #834019
93	eapply "${FILESDIR}"/${PN}-8.9_p1-fzero-call-used-regs.patch #834037
94	+ eapply "${FILESDIR}"/${PN}-8.9_p1-gss-use-HOST_NAME_MAX.patch #834044
95
96	[[ -d ${WORKDIR}/patches ]] && eapply "${WORKDIR}"/patches

Gentoo Archives: gentoo-commits