* New upstream release (http://www.openssh.com/txt/release-6.1).

  - Enable pre-auth sandboxing by default for new installs.
  - Allow "PermitOpen none" to refuse all port-forwarding requests
    (closes: #543683).

1 files changed, 177 insertions, 28 deletions

diff --git a/configure b/configure
index dc98069c8..5e473371d 100755
--- a/configure
+++ b/configure
@@ -1,5 +1,5 @@
 #! /bin/sh
-# From configure.ac Revision: 1.489 .
+# From configure.ac Revision: 1.496 .
 # Guess values for system-dependent variables and create Makefiles.
 # Generated by GNU Autoconf 2.68 for OpenSSH Portable.
 #
@@ -5598,6 +5598,48 @@ if test "x$ac_cv_have_decl_SECCOMP_MODE_FILTER" = xyes; then :
 fi
 
 fi
+if test "x$have_seccomp_filter" = "x1" ; then
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking kernel for seccomp_filter support" >&5
+$as_echo_n "checking kernel for seccomp_filter support... " >&6; }
+if test "$cross_compiling" = yes; then :
+   { $as_echo "$as_me:${as_lineno-$LINENO}: result: cross-compiling, assuming yes" >&5
+$as_echo "cross-compiling, assuming yes" >&6; }
+
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+                #include <errno.h>
+                #include <linux/seccomp.h>
+                #include <stdlib.h>
+                #include <sys/prctl.h>
+
+int
+main ()
+{
+ errno = 0;
+           prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0);
+           exit(errno == EFAULT ? 0 : 1);
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+   { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+
+                { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+                # Disable seccomp filter as a target
+                have_seccomp_filter=0
+
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+fi
 
 use_stack_protector=1
 
@@ -6942,7 +6984,8 @@ $as_echo "#define SSH_TUN_PREPEND_AF 1" >>confdefs.h
         for ac_header in linux/seccomp.h linux/filter.h linux/audit.h
 do :
   as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
-ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
+ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "#include <linux/types.h>
+"
 if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
   cat >>confdefs.h <<_ACEOF
 #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
@@ -9571,6 +9614,7 @@ for ac_func in  \
         seteuid \
         setgroupent \
         setgroups \
+        setlinebuf \
         setlogin \
         setpassent\
         setpcred \
@@ -11856,28 +11900,128 @@ if test "${with_sandbox+set}" = set; then :
 
 fi
 
-SANDBOX_STYLE=""
+
+# Some platforms (seems to be the ones that have a kernel poll(2)-type
+# function with which they implement select(2)) use an extra file descriptor
+# when calling select(2), which means we can't use the rlimit sandbox.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if select works with descriptor rlimit" >&5
+$as_echo_n "checking if select works with descriptor rlimit... " >&6; }
+if test "$cross_compiling" = yes; then :
+  { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming yes" >&5
+$as_echo "$as_me: WARNING: cross compiling: assuming yes" >&2;}
+
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+#include <sys/types.h>
+#ifdef HAVE_SYS_TIME_H
+# include <sys/time.h>
+#endif
+#include <sys/resource.h>
+#ifdef HAVE_SYS_SELECT_H
+# include <sys/select.h>
+#endif
+#include <errno.h>
+#include <fcntl.h>
+#include <stdlib.h>
+
+int
+main ()
+{
+
+        struct rlimit rl_zero;
+        int fd, r;
+        fd_set fds;
+
+        fd = open("/dev/null", O_RDONLY);
+        FD_ZERO(&fds);
+        FD_SET(fd, &fds);
+        rl_zero.rlim_cur = rl_zero.rlim_max = 0;
+        setrlimit(RLIMIT_FSIZE, &rl_zero);
+        setrlimit(RLIMIT_NOFILE, &rl_zero);
+        r = select(fd+1, &fds, NULL, NULL, NULL);
+        exit (r == -1 ? 1 : 0);
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+         select_works_with_rlimit=yes
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+         select_works_with_rlimit=no
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if setrlimit RLIMIT_FSIZE works" >&5
+$as_echo_n "checking if setrlimit RLIMIT_FSIZE works... " >&6; }
+if test "$cross_compiling" = yes; then :
+  { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming yes" >&5
+$as_echo "$as_me: WARNING: cross compiling: assuming yes" >&2;}
+
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+#include <sys/types.h>
+#include <sys/resource.h>
+#include <stdlib.h>
+
+int
+main ()
+{
+
+                struct rlimit rl_zero;
+
+                rl_zero.rlim_cur = rl_zero.rlim_max = 0;
+                exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0);
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+$as_echo "#define SANDBOX_SKIP_RLIMIT_FSIZE 1" >>confdefs.h
+
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+
 if test "x$sandbox_arg" = "xsystrace" || \
    ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then
         test "x$have_systr_policy_kill" != "x1" && \
                 as_fn_error $? "systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support" "$LINENO" 5
-        SANDBOX_STYLE="$SANDBOX_STYLE systrace"
+        SANDBOX_STYLE="systrace"
 
 $as_echo "#define SANDBOX_SYSTRACE 1" >>confdefs.h
 
-fi
-if test "x$sandbox_arg" = "xdarwin" || \
+elif test "x$sandbox_arg" = "xdarwin" || \
      ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \
        test "x$ac_cv_header_sandbox_h" = "xyes") ; then
         test "x$ac_cv_func_sandbox_init" != "xyes" -o \
              "x$ac_cv_header_sandbox_h" != "xyes" && \
                 as_fn_error $? "Darwin seatbelt sandbox requires sandbox.h and sandbox_init function" "$LINENO" 5
-        SANDBOX_STYLE="$SANDBOX_STYLE darwin"
+        SANDBOX_STYLE="darwin"
 
 $as_echo "#define SANDBOX_DARWIN 1" >>confdefs.h
 
-fi
-if test "x$sandbox_arg" = "xseccomp_filter" || \
+elif test "x$sandbox_arg" = "xseccomp_filter" || \
      ( test -z "$sandbox_arg" && \
        test "x$have_seccomp_filter" = "x1" && \
        test "x$ac_cv_header_linux_audit_h" = "xyes" && \
@@ -11892,28 +12036,30 @@ if test "x$sandbox_arg" = "xseccomp_filter" || \
                 as_fn_error $? "seccomp_filter sandbox requires seccomp headers" "$LINENO" 5
         test "x$ac_cv_func_prctl" != "xyes" && \
                 as_fn_error $? "seccomp_filter sandbox requires prctl function" "$LINENO" 5
-        SANDBOX_STYLE="$SANDBOX_STYLE seccomp_filter"
+        SANDBOX_STYLE="seccomp_filter"
 
 $as_echo "#define SANDBOX_SECCOMP_FILTER 1" >>confdefs.h
 
-fi
-if test "x$sandbox_arg" = "xrlimit" || \
-     ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" ) ; then
+elif test "x$sandbox_arg" = "xrlimit" || \
+     ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \
+       test "x$select_works_with_rlimit" == "xyes" ) ; then
         test "x$ac_cv_func_setrlimit" != "xyes" && \
                 as_fn_error $? "rlimit sandbox requires setrlimit function" "$LINENO" 5
-        SANDBOX_STYLE="$SANDBOX_STYLE rlimit"
+        test "x$select_works_with_rlimit" != "xyes" && \
+                as_fn_error $? "rlimit sandbox requires select to work with rlimit" "$LINENO" 5
+        SANDBOX_STYLE="rlimit"
 
 $as_echo "#define SANDBOX_RLIMIT 1" >>confdefs.h
 
-fi
-if test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \
+elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \
      test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then
-        SANDBOX_STYLE="$SANDBOX_STYLE none"
-fi
-if test -z "$SANDBOX_STYLE" ; then
+        SANDBOX_STYLE="none"
+
+$as_echo "#define SANDBOX_NULL 1" >>confdefs.h
+
+else
         as_fn_error $? "unsupported --with-sandbox" "$LINENO" 5
 fi
-SANDBOX_STYLE="${SANDBOX_STYLE# }"
 
 # Cheap hack to ensure NEWS-OS libraries are arranged right.
 if test ! -z "$SONY" ; then
@@ -14194,7 +14340,7 @@ $as_echo_n "checking if struct statvfs.f_fsid is integral type... " >&6; }
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
-#include <sys/types.h>
+#include <sys/param.h>
 #include <sys/stat.h>
 #ifdef HAVE_SYS_TIME_H
 # include <sys/time.h>
@@ -16153,13 +16299,16 @@ rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
 fi
 
 # make sure $bindir is in USER_PATH so scp will work
-                t_bindir=`eval echo ${bindir}`
-                case $t_bindir in
-                        NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
-                esac
-                case $t_bindir in
-                        NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
-                esac
+                t_bindir="${bindir}"
+                while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do
+                        t_bindir=`eval echo ${t_bindir}`
+                        case $t_bindir in
+                                NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
+                        esac
+                        case $t_bindir in
+                                NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
+                        esac
+                done
                 echo $user_path | grep ":$t_bindir"  > /dev/null 2>&1
                 if test $? -ne 0  ; then
                         echo $user_path | grep "^$t_bindir"  > /dev/null 2>&1